Scribd Logo
Upload

Welcome to Scribd!

  • 171 views

    5G Identifiers SUPI and SUCI

    Uploaded by

    Oscar Daza
    The document discusses 5G identifiers SUPI and SUCI. SUPI is a globally unique identifier allocated to each subscriber, similar to IMSI in 4G. To prevent privacy issues like IMSI catching, SUCI is used - a privacy-preserving identifier generated by encrypting the SUPI. The SUCI contains concealed SUPI and other fields. During initial registration, the UE sends SUCI instead of plain SUPI to the network, which uses it to retrieve the actual SUPI from the home network.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    5G Identifiers SUPI and SUCI

    Uploaded by

    Oscar Daza
    171 views8 pages
    The document discusses 5G identifiers SUPI and SUCI. SUPI is a globally unique identifier allocated to each subscriber, similar to IMSI in 4G. To prevent privacy issues like IMSI catching, SUCI is used - a privacy-preserving identifier generated by encrypting the SUPI. The SUCI contains concealed SUPI and other fields. During initial registration, the UE sends SUCI instead of plain SUPI to the network, which uses it to retrieve the actual SUPI from the home network.

    Original Description:

    5G ids

    Original Title

    5G_identifiers_SUPI_and_SUCI

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses 5G identifiers SUPI and SUCI. SUPI is a globally unique identifier allocated to each subscriber, similar to IMSI in 4G. To prevent privacy issues like IMSI catching, SUCI is used - a privacy-preserving identifier generated by encrypting the SUPI. The SUCI contains concealed SUPI and other fields. During initial registration, the UE sends SUCI instead of plain SUPI to the network, which uses it to retrieve the actual SUPI from the home network.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    171 views8 pages

    5G Identifiers SUPI and SUCI

    Uploaded by

    Oscar Daza
    The document discusses 5G identifiers SUPI and SUCI. SUPI is a globally unique identifier allocated to each subscriber, similar to IMSI in 4G. To prevent privacy issues like IMSI catching, SUCI is used - a privacy-preserving identifier generated by encrypting the SUPI. The SUCI contains concealed SUPI and other fields. During initial registration, the UE sends SUCI instead of plain SUPI to the network, which uses it to retrieve the actual SUPI from the home network.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 8

    5G Identifiers SUPI and SUCI - Techplayon NAS Signalling http://www.techplayon.

    com/5g-identifiers-supi-and-suci/

    (http://www.techplayon.com/)

    WANT TO PUBLISH YOUR ARTICLE WITH US SUBMIT AT “TECHPLAYON AT


    GMAIL.COM”

    HOME (HTTP://WWW.TECHPLAYON.COM/) Search …

    PRODUCTS (HTTP://WWW.TECHPLAYON.COM/INTERVIEWS/)

    5G/NR (HTTP://WWW.TECHPLAYON.COM/5GNR/)

    LTE (HTTP://WWW.TECHPLAYON.COM/LTE-A-LTE/)

    RF DESIGN & TEST (HTTP://WWW.TECHPLAYON.COM/RF-DESIGN/)

    IOT (HTTP://WWW.TECHPLAYON.COM/INTERNET-OF-THING-IOT/)

    WIRELESS TESTING (HTTP://WWW.TECHPLAYON.COM/WHITE-PAPERS/)

    TELCO CLOUD (HTTP://WWW.TECHPLAYON.COM/TELCO-CLOUD/)

    5G Identifiers SUPI and SUCI


    November 6, 2019 (http://www.techplayon.com/5g-identifiers-supi-and-suci/)
    admin (http://www.techplayon.com/author/admin/)
    5G (http://www.techplayon.com/category/5g/),
    5G Network Architectures (http://www.techplayon.com/category/5g-network-architectures/),
    Call Flow (http://www.techplayon.com/category/call-flow/),
    Interviews (http://www.techplayon.com/category/interviews/),
    NAS Signalling (http://www.techplayon.com/category/nas-signalling/),
    New Radio (http://www.techplayon.com/category/new-radio/), NR (http://www.techplayon.com/category/nr/),
    RRC Signalling (http://www.techplayon.com/category/rrc-signalling/),
    Security (http://www.techplayon.com/category/security/),
    Signaling (http://www.techplayon.com/category/signaling/),
    Tech Fundas (http://www.techplayon.com/category/tech-fundas/)

    In telecommunication systems, network operator allocate to each SIM card a unique identifier,

    1 de 8 06/08/2020 10:46 a. m.
    5G Identifiers SUPI and SUCI - Techplayon NAS Signalling http://www.techplayon.com/5g-identifiers-supi-and-suci/

    known up to the 4G as an IMSI (International Mobile Subscriber Identity) and for the 5G as a
    SUPI (Subscription Permanent Identifier). As authentication between a user and its network
    provider is based on a shared symmetric key, it can only take place after user identification.
    However, if the IMSI/SUPI values are sent in plaintext over the radio access link, then users can
    be identified, located and tracked using these permanent identifiers.

    To avoid this privacy breach, the SIM card is assigned temporary identifiers (called Temporary
    Mobile Subscriber Identity (TMSI) until 3G systems and GUTI for 4G and 5G systems) by the
    visited network. These frequently-changing temporary identifiers are then used for identification
    purposes over the radio access link. However, there are certain situations where authentication
    through the use of temporary identifiers is not possible e.g. when a user registers with a network
    for the first time and is not yet assigned a temporary identifier, another case is when the visited
    network is unable to resolve the IMSI/SUPI. from the presented TMSI/GUTI.

    An active man-in-the-middle adversary can intentionally simulate this scenario to force an


    unsuspecting user to reveal its long-term identity. These attacks are known as “IMSI catching”
    attacks and persist in today’s mobile networks including the 4G LTE/LTE-Adv.

    Solution to IMSI Catchers in 5G

    IMSI – catching attacks have threatened all generations (2G/3G/4G) of mobile telecommunication
    for decades. As a result of facilitating backwards compatibility for legacy reasons, this privacy
    problem appears to have persisted. However, the 3GPP has now decided to address this issue,
    albeit at the cost of backward compatibility. In case of identification failure via a 5G-GUTI, unlike
    earlier generations, 5G security specifications do not allow plain-text transmissions of the SUPI
    over the radio interface. Instead, an Elliptic Curve Integrated Encryption Scheme (ECIES) –
    based privacy-preserving identifier containing the concealed SUPI is transmitted. This concealed
    SUPI is known as SUCI (Subscription Concealed Identifier )

    Subscription Permanent Identifier (SUPI)

    A SUPI is a 5G globally unique Subscription Permanent Identifier (SUPI) allocated to each


    subscriber and defined in 3GPP specification TS 23.501. The SUPI value is provisioned in USIM
    and UDM/UDR function in 5G Core.

    A Valid SUPI can be either of following

    An IMSI (International Mobile Subscriber Identifier) as defined in TS 23.503 for 3GPP RAT
    NAI (Network Access Identifier) as defined in RFC 4282 based user identification as
    defined in TS 23.003 for non-3GPP RAT

    A SUPI is usually a string of 15 decimal digits. The first three digits represent the Mobile Country
    Code (MCC) while the next two or three form the Mobile Network Code (MNC) identifying the
    network operator. The remaining (nine or ten) digits are known as Mobile Subscriber Identification
    Number (MSIN) and represent the individual user of that particular operator. SUPI is equivalent
    to IMSI which uniquely identifies the ME, is also a string of 15 digits.

    2 de 8 06/08/2020 10:46 a. m.
    5G Identifiers SUPI and SUCI - Techplayon NAS Signalling http://www.techplayon.com/5g-identifiers-supi-and-suci/

    Subscription Concealed Identifier (SUCI)

    Subscription Concealed Identier (SUCI) is a privacy preserving identifier containing the


    concealed SUPI. The UE generates a SUCI using a ECIES-based protection scheme with the
    public key of the Home Network that was securely provisioned to the USIM during the USIM
    registration.

    Only the MSIN part of the SUPI gets concealed by the protection scheme while the home
    network identifier i.e. MCC/MNC gets transmitted in plain-text. The data fields constituting the
    SUCI are following

    SUPI Type: consisting in a value in the range 0 to 7. It identifies the type of the SUPI
    concealed in the SUCI. The following values are defined
    0: IMSI
    1: Network Access Identifier (NAI)
    2 to 7: spare values for future use.
    Home Network Identifier: identifying the home network of the subscriber. When the SUPI
    Type is an IMSI, the Home Network Identifier is composed of MCC and MNC. When the
    SUPI type is a Network Access Identifier, the Home Network Identifier consists of a string of
    characters with a variable length representing a domain name. e.g. [email protected]
    Routing Indicator: It is consist of 1 to 4 decimal digits assigned by the home network
    operator and provisioned within the USIM.
    Protection Scheme Identifier: It is consist of a value in the range of 0 to 15 and
    represented with 4 bits
    null-scheme 0x0
    Profile <A> 0x1
    Profile <B> 0x2
    Home Network Public Key Identifier: It is consist of a value in the range 0 to 255. It
    represents a public key provisioned by the HPLMN and it is used to identify the key used for
    SUPI protection. In case of null-scheme being used, this data field shall be set to the value
    as 0
    Protection Scheme Output : It is consist of a string of characters with a variable length or
    hexadecimal digits, dependent on the used protection scheme

    5G Identity Exchange between UE and Network

    The subscriber identification mechanism allows the identification of a UE on the over the air radio
    interface by means of the SUCI. The Identify exchange between UE and Network is shown in
    following figure.

    When UEs tries to register first time, UE encrypt SUPI into SUCI and send a Initial Registration
    Requested with SUCI. AMF forward this SUCI to AUSF & UDM to retrieve the SUPI with
    Authentication Request. AUSF shall reply with Authentication Response with SUPI information.
    Further AMF generates a GUTI for this SUPI and keeps the GUTI to SUPI mapping for further
    registrations or PDU session requests.

    3 de 8 06/08/2020 10:46 a. m.
    5G Identifiers SUPI and SUCI - Techplayon NAS Signalling http://www.techplayon.com/5g-identifiers-supi-and-suci/

    In subsequent Registration request UE send registration request with GUTI. Now there can be
    two possible scenarios.

    1. AMF able to generate SUPI using GUTI and SUPI mapping


    2. AMF not able to generate SUPI

    In first case, AMF generate SUPI using GUTI and authentication with AUSF can be completed
    using SUPI. In second case when the UE is not identifiable using GUTI at AMF, AMF request UE
    for identity request and UE then may respond with the Identity Response, containing the SUCI.

    References:

    3GPP TS 23.501 5G;. System Architecture for the 5G System


    The Evolution of security in 5G – 5G America Whitepaper
    Identity Confidentiality in 5GMobile Telephony Systems -Whitepaper

    Related Posts:

    5G System Connection Management: CM-Idle and CM-Connected


    (http://www.techplayon.com/5g-system-connection-management-cm-idle-and-cm-
    connected/)

    4 de 8 06/08/2020 10:46 a. m.
    5G Identifiers SUPI and SUCI - Techplayon NAS Signalling http://www.techplayon.com/5g-identifiers-supi-and-suci/

    5G NR Global Unique Temporary Identifier (GUTI) (http://www.techplayon.com/5g-nr-


    global-unique-temporary-identifier-guti/)

    Tagged 5G (http://www.techplayon.com/tag/5g/)

    5G Core (http://www.techplayon.com/tag/5g-core/)

    5G NR (http://www.techplayon.com/tag/5g-nr/)

    5G Security (http://www.techplayon.com/tag/5g-security/)

    NAS Signalling (http://www.techplayon.com/tag/nas-signalling/)

    SUCI (http://www.techplayon.com/tag/suci/) SUPI (http://www.techplayon.com/tag/supi/)

    5G NR System Information What is eCPRI, how it contributes to 5G and


    (http://www.techplayon.com/5g-nr-system- Open RAN?
    information/)

    HIT COUNTER

    5 de 8 06/08/2020 10:46 a. m.
    5G Identifiers SUPI and SUCI - Techplayon NAS Signalling http://www.techplayon.com/5g-identifiers-supi-and-suci/

    (//livetrafficfeed.com/live/techplayon.com)

    FOLLOW US ON LINKEDIN

    Seguir

    LIVE TRAFFIC

    Live Tr affic Feed


    A visitor from Naperville,
    (https:/ /livetrafficfeed.com
    Illinois viewed '5G Abbreviations
    (Top 300) - Techplayon
    )
    (http://www.techplayon.com/5g-
    abbreviations-top-300/)' 28 secs ago
    A visitor from Cota,
    Cundinamarca viewed '5G NR
    Radio Network Temporary Identifier
    (RNTI) - (http://www.techplayon.com
    /5g-nr-radio-network-temporary-
    identifier-rnti/)' 1 min ago
    A visitor from Ashburn,
    Virginia viewed '5G NR Total
    Transmit Power | Maximum Cell
    Transmit (http://www.techplayon.com
    /5g-nr-total-transmit-power-
    maximum-cell-transmit-power-
    reference-signal-power/)' 1 min ago
    A visitor from Naperville,
    Illinois viewed '5G Absolute Radio
    Frequency Channel Number (NR-
    ARF (http://www.techplayon.com/5g-
    absolute-radio-frequency-channel-
    number-nr-arfcn/)' 1 min ago
    A visitor from Guildford,
    England viewed '5G NR Sounding
    Reference Signal (NR-SRS) -
    Techpla (http://www.techplayon.com
    /nr-sound-reference-signal-nr-srs/)' 2
    mins ago
    A visitor from Bengaluru,
    Karnataka viewed 'Hybrid Automatic
    Repeat Request (HARQ) in LTE
    FDD (http://www.techplayon.com
    /hybrid-automatic-repeat-request-
    harq-in-lte-fdd/)' 2 mins ago
    A visitor from Alagapuram,
    Tamil nadu viewed '5G Reference
    Network Architecture - Techplayon
    (http://www.techplayon.com/5g-
    reference-network-architecture/)' 3
    mins ago
    A visitor from San diego,
    R e a l - ti m e ( h t t p s :/ / l i ve t r a ff i c f e e d . c o m
    |

    6 de 8 06/08/2020 10:46 a. m.
    5G Identifiers SUPI and SUCI - Techplayon NAS Signalling http://www.techplayon.com/5g-identifiers-supi-and-suci/

    OTHER POST

    5G NG Identities (UE and Network Identifiers) (http://www.techplayon.com/5g-nr-identifier/)


    Vector Network Analyzer (http://www.techplayon.com/vector-network-analyzer/)
    eLoc! “Your Digital Address” Made In and For Digital India (http://www.techplayon.com/eloc-
    digital-address-made-digital-india/)
    LoRa – Device Activation Call Flow (Join Procedure) using OTAA and ABP
    (http://www.techplayon.com/lora-device-activation-call-flow-join-procedure-using-otaa-and-
    abp/)
    5G NR CORESET – Control Resource Set (http://www.techplayon.com/5g-nr-coreset-control-
    resource-set/)
    Broadcom’s Ultra accurate location Hub: Tech Talks with Manuel Del Castillo
    (http://www.techplayon.com/broadcoms-ultra-accurate-location-hub-tech-talks-manuel-del-
    castill/)
    RIP Telecom Vendors and Operators (http://www.techplayon.com/rip-telecom-vendors-
    operators/)
    IoT Device Battery Life 10 Years !!! How is it possible? (http://www.techplayon.com/iot-device-
    battery-life-10-years-how-it-is-possible-battery-life-calculation-for-nb-iot-device/)
    Techplayon Talks About Hybrid Cable Solution with Mr Manoj Gurnani
    (http://www.techplayon.com/techplayon-talk-about-hybrid-cable-solution-with-mr-manoj-
    gurnani/)
    3GPP Release 11 (http://www.techplayon.com/3gpp-release-11/)

    Proudly powered by WordPress (http://wordpress.org/) | Theme: NewsAnchor (http://athemes.com/theme

    7 de 8 06/08/2020 10:46 a. m.
    5G Identifiers SUPI and SUCI - Techplayon NAS Signalling http://www.techplayon.com/5g-identifiers-supi-and-suci/

    /newsanchor) by aThemes.

    8 de 8 06/08/2020 10:46 a. m.

    You might also like