Encrypted IMSIs in 5G

So far I was really wondering why the industry is doing 5G in the first place for frequency bands below 5 GHz and why a new core network architecture is required and useful!? At last I have now found one interesting answer for the core network side: Let’s revamp security and privacy and make it much better!

Here’s a link to an interesting Ericsson post which really is just a small teaser for the substantial amount of work that is going on in 3GPP in the 5G security area judging by the size of relevant TR (see below). In their post they hint that in 5G core networks the security architecture that was already enhanced in LTE compared to 2G and 3G will once again be improved, probably even more radically than in the previous step.

One thing that plagues 2G, 3G and to a certain degree also LTE are IMSI catchers used by intelligence agencies and in 2G networks in some countries to send spam SMS messages. IMSI catchers can be used to track users and intercept calls because under certain circumstances, the subscribers identity, the IMSI (International Mobile Subscriber Identity) is transmitted in the clear.

In 5G, as suggested in the Ericsson post, the IMSI, or whatever the subscriber’s permanent ID will be called there, will always be encrypted with the public key of the home network operator stored on the SIM card. Only the home network operator has the private key to decrypt the message to get to the subscriber’s identity. Public/private key pairs have been in use in many areas for decades and are a great help to encrypt confidential information that has to be sent over an insecure channel. So it’s great to see that the 5G security architecture will (probably) make use of this method as well even though it radically breaks with 2G/3G/LTE security protocols.

In case you’d like to know more, have a look at TR 33.899 which discusses all security/privacy problems and potential solutions investigated for the 5G core nework. But beware it’s a 500+ page document which in shows impressively how much work is done in this area by companies in 3GPP working on the 5G core network specifications.