TelcomIQ

Overview

The AMF — Access and Mobility Management Function — is the first network function a UE encounters when attaching to a 5G Standalone core. It terminates the Non-Access Stratum (NAS) signalling from the UE over the N1 interface and the NGAP control plane from the gNB over the N2 interface. Every subscriber registration, authentication handshake, and mobility event flows through the AMF.

The AMF replaced the MME from 4G EPC, but with a deliberately narrower scope. In EPC, the MME handled both mobility and session management, creating a single large function with broad responsibilities. In 5G SA, session management was cleanly separated into the SMF. The AMF handles registration state, mobility state, authentication coordination, and paging — then delegates PDU session requests to an SMF it selects via the NRF. This separation allows each function to scale independently.

The 5G Service Based Architecture (SBA) means the AMF exposes its capabilities as RESTful HTTP/2 APIs (the Namf service) and consumes APIs from UDM, AUSF, PCF, and NRF. This is a fundamental departure from 4G, where bilateral Diameter interfaces tied specific nodes together. In the SBA, the AMF discovers its peers dynamically at runtime through NRF registration and queries.

Despite the architectural modernisation, the AMF remains the most sensitive control plane node in the network. Its compromise directly affects every connected subscriber. Its attack surface spans the RAN-facing N2 interface, the UE-facing NAS protocol, and the SBI APIs it exposes to peer NFs.

How it works

Initial registration

When a UE powers on and establishes a radio connection, the gNB reads the Requested NSSAI (network slice selection assistance information) from the UE's NAS Registration Request and selects an AMF from the available pool for the matching PLMN and slices.

The UE sends a NAS Registration Request over the air interface, carrying its SUCI (Subscription Concealed Identifier) or 5G-GUTI if it has one.
The gNB encapsulates the NAS PDU in an NGAP Initial UE Message and forwards it to the selected AMF on the N2 interface.
The AMF decrypts the SUCI (if present) by invoking the UDM on the N8 interface — the UDM returns the SUPI (Subscription Permanent Identifier).
The AMF initiates authentication by sending a Nausf_UEAuthentication_Authenticate request to the AUSF on N12, passing the SUPI.
The AUSF retrieves authentication vectors from the UDM on N13 and runs the 5G-AKA or EAP-AKA' procedure. The AMF exchanges AUTH_REQ / AUTH_RES with the UE over N1.
After successful authentication, the AMF retrieves the full subscriber profile from the UDM on N8 (Nudm_SDM_Get).
The AMF contacts the PCF on N15 for access and mobility policy — RFSP index, service area restrictions, and slice-specific parameters.
The AMF allocates a new 5G-GUTI, stores the UE context, and returns a NAS Registration Accept to the UE via the gNB.

PDU session establishment

The AMF does not manage user plane sessions directly — this is deliberately out of scope. When the UE sends a PDU Session Establishment Request embedded in a NAS UL NAS Transport message:

The AMF extracts the SM container from the NAS message.
The AMF selects an appropriate SMF by querying the NRF (Nnrf_NFDiscovery) for an SMF supporting the requested DNN and S-NSSAI.
The AMF creates an SM context on the selected SMF via the N11 interface (Nsmf_PDUSession_CreateSMContext), forwarding the SM container from the UE.
The SMF handles all subsequent session management — the AMF acts only as a relay for NAS SM messages between the UE and the SMF.

N2-based handover

When a UE moves between gNBs and the Xn interface is not available, the handover requires AMF involvement.

The source gNB sends a Handover Required NGAP message to the source AMF.
The source AMF determines the target AMF (if different) and sends a Namf_Communication_CreateUEContext request on N14.
The target AMF reserves resources at the target gNB via N2 (Handover Request).
The target gNB confirms resource allocation; the target AMF returns a Namf_Communication_CreateUEContext response to the source AMF.
The source AMF signals Handover Command to the source gNB, which triggers the UE to execute the handover.
After the UE connects to the target gNB, the target AMF sends a Path Switch Request via N11 to update the UPF anchor if needed.

Architecture role

The AMF sits at the intersection of the RAN and the 5G core. It is the only core network function with a direct interface to the gNB. Every NAS message — registration, authentication, mobility, paging, SMS — enters the core through the AMF first. This makes it the most well-connected node in the control plane.

In a production 5G SA deployment, AMFs are deployed as cloud-native microservices in an AMF pool. gNBs connect to the pool via NGAP and individual UE contexts are distributed across AMF instances. The pool model provides horizontal scaling and redundancy without requiring gNB reconfiguration — a gNB connects to the pool, and any AMF instance can serve any UE after context retrieval.

In 5G SA: The AMF is the sole control plane anchor for the UE. All NAS signalling, authentication, and mobility events terminate here before being forwarded to the appropriate NF — SMF, AUSF, UDM, or PCF.

In 5G NSA (Option 3x): There is no AMF. The UE's control plane is handled by the 4G MME; the 5G NR leg carries only user plane traffic via the master eNB. The AMF is exclusively a 5G SA function.

For roaming, the visited PLMN's AMF communicates with the home PLMN's UDM and AUSF indirectly — all inter-PLMN SBI signalling flows through the SEPP pair on the N32 interface.

Key interfaces

Interface	Between	Direction	Purpose
N1	AMF ↔ UE	Bidirectional	NAS signalling — registration, auth, SM delegation
N2	AMF ↔ gNB	Bidirectional	NGAP — RAN-CN control plane, paging, handover
N8	AMF ↔ UDM	Request/response	Subscriber data retrieval and deregistration notify
N11	AMF ↔ SMF	Bidirectional	PDU session management — create, update, release
N12	AMF ↔ AUSF	Request/response	Authentication service invocation
N14	AMF ↔ AMF	Bidirectional	Inter-AMF UE context transfer for N2 handover
N15	AMF ↔ PCF	Bidirectional	Access and mobility policy — RFSP, area restrictions
N17	AMF ↔ 5G-EIR	Request/response	IMEI equipment identity check
N20	AMF ↔ SMSF	Bidirectional	SMS over NAS routing
N22	AMF ↔ NSSF	Request/response	Network slice selection assistance

Security posture

The AMF is the most sensitive control plane node in a 5G SA network. Its compromise affects every connected subscriber simultaneously — registration state can be manipulated, authentication flows can be intercepted, and sessions can be redirected to rogue SMFs. It inherits all the risk of the 4G MME but gains additional SBI API exposure that has no direct precedent.

The 5G NAS protocol significantly improved the air interface security model compared to 4G. NAS integrity protection is mandatory from the first message, SUPI concealment via SUCI prevents over-the-air IMSI catching, and explicit 5G-AKA bidirectional authentication removes the false-base-station trivially impersonation class that plagued 2G/3G. These are real improvements.

However, the SBA introduces a new threat class: inter-NF API abuse. The AMF exposes event subscription APIs that allow peer NFs to receive real-time updates on subscriber registration state, location, and reachability. These APIs are access-controlled by OAuth2 tokens issued by the NRF, but their security depends entirely on correct scope enforcement. The pattern — "any credentialed internal NF can query subscriber location" — is structurally similar to the SS7 ATI abuse that has plagued 2G/3G for decades.

Attack surface

NAS downgrade to legacy generation

If the AMF permits fallback to 4G or 3G, a rogue base station within radio range can prevent the UE from ever reaching a 5G gNB by broadcasting a stronger LTE or UMTS signal. The UE falls back to the legacy generation and its MME, exposing the subscriber to SS7 or Diameter attack surfaces. This is most relevant in dense urban deployments where 5G coverage gaps exist.

Impact: Subscriber loses 5G NAS protections — SUCI, bidirectional auth, and NAS integrity are replaced by weaker 4G or 3G equivalents.
Difficulty: Medium. Requires a software-defined radio capable of emitting LTE or UMTS signals. Commercial hardware (USRP, LimeSDR) is sufficient.

5G-GUTI tracking

The 5G-GUTI is a temporary identifier that replaces the SUPI/IMSI on the air interface. If an AMF reuses the same GUTI across multiple registration periods — which can happen due to misconfiguration or vendor defaults — a passive observer monitoring NAS traffic can use the static GUTI as a persistent pseudonym to track a subscriber's movement between registration areas without ever decrypting the NAS payload.

Impact: Subscriber location tracking without active interception or decryption.
Difficulty: Low. Passive observation of NAS Registration Request messages is sufficient. No active attack required.

Namf_EventExposure API abuse

The AMF's Namf_EventExposure service allows NFs to subscribe to UE-level events: registration state changes, reachability updates, and location area changes. These are legitimate capabilities used by SMF, SMSF, and NEF. If the AMF fails to enforce OAuth2 token scope — accepting tokens with broad scopes rather than requiring operation-specific narrow scopes — any NF on the SBA fabric can subscribe to location events for all subscribers.

Impact: Mass subscriber location and reachability exposure across the entire subscriber base. Operationally equivalent to the SS7 ATI attack class.
Difficulty: Low if token scope enforcement is absent. The exploit requires only a valid NF certificate — no cryptographic attack.

Rogue gNB via N2 injection

The N2 interface uses SCTP over IP, protected by IPsec between each gNB and the AMF. A rogue gNB with a valid X.509 certificate — obtained by compromising a small-cell controller or a neutral host operator — can present itself to the AMF as a legitimate base station. From there, it can register phantom UEs, trigger paging storms by sending large batches of NGAP Paging messages, or inject false Handover Required messages to disrupt live sessions.

Impact: Phantom UE contexts consuming AMF resources; paging amplification DoS affecting battery life and radio capacity; session disruption via false handover.
Difficulty: High. Requires a valid gNB certificate from a trusted PKI.

Mitigations

The AMF's defences span the RAN interface, the NAS protocol, and the SBI layer.

5G-only NAS enforcement: Disable EPC and UMTS fallback in AMF configuration where it is not operationally required. Configure the USIM Preferred Network Mode to 5G-only for subscribers on 5G-capable devices. This removes the downgrade attack surface entirely.
GUTI refresh policy: Refresh the 5G-GUTI at every Periodic Registration Update and after every mobility event that changes the Registration Area. Do not reuse GUTIs. Some vendors default to lazy GUTI refresh for performance — override this in the AMF configuration.
OAuth2 scope enforcement on SBI: Validate the scope claim in every incoming OAuth2 access token against the specific Namf operation being invoked. A token authorised for Namf_Communication should not be accepted for Namf_EventExposure. Reject over-privileged tokens at the AMF API layer, not just at the NRF during issuance.
Namf_EventExposure access control: Restrict event subscription access to explicitly authorised NF types and NF instances. Apply per-subscriber filtering — a subscribing NF should only receive events for UEs it has a legitimate relationship with (e.g., an SMF receiving events for UEs with active sessions it manages).
N2 IPsec mutual authentication: Require certificate-based mutual authentication on all N2 SCTP/IPsec tunnels. Implement a strict CRL or OCSP revocation process so decommissioned or compromised gNB certificates are invalidated within minutes.
Conformance testing: Validate the AMF implementation against 3GPP TS 33.512 (Security Assurance Specification for AMF) before production deployment. SCAS testing covers NAS integrity, GUTI behaviour, and SBI access control.

Spec references

3GPP TS 23.501 — The normative 5G system architecture specification. Section 6.2.1 defines the AMF's role, Section 6.3.1 defines the SBA principles that govern all NF interactions.
3GPP TS 29.518 — The Namf service specification. Defines all AMF REST API endpoints, OpenAPI schemas, and the Namf_Communication, Namf_EventExposure, Namf_MT, and Namf_Location services.
3GPP TS 38.413 — NGAP, the N2 interface protocol between AMF and gNB. Covers registration, handover, paging, and UE context management procedures.
3GPP TS 24.501 — The NAS protocol for 5G. Section 5 defines registration procedures; Section 6 defines session management delegation. This is the protocol the UE speaks directly to the AMF on N1.
3GPP TS 33.501 — 5G security architecture. Section 6.7 covers AMF security requirements including GUTI handling; Section 6.9 covers NAS security mode procedures.

The AMF is the direct successor to the MME in 4G, taking the mobility and registration functions while ceding session management to the SMF. The split was intentional — it enables both functions to scale independently in cloud-native deployments.

Authentication is a three-way coordination: the AMF invokes the AUSF on N12, which retrieves credentials from the UDM on N13. The AMF never touches the raw keying material — it only receives the final authentication result and the KSEAF anchor key.

The NRF is a silent but critical dependency: the AMF uses it to discover which SMF instances exist, what slices they serve, and which UDM holds a given subscriber's profile. Without NRF, dynamic NF selection is impossible.

The SEPP protects all inter-PLMN signalling that the AMF generates toward the home network during roaming — UDM subscriber retrieval and AUSF authentication both traverse the N32 interface in the roaming case.

For the full 5G SA architecture context, including how AMF fits alongside SMF, UPF, and the SBA mesh, see the generation overview.

Specifications

Relationships