One of the nice things of the 5G Core Network architecture is that it allows the concealment, i.e .the encryption of the user’s identifier. While in previous network generations, this ID is referred to as the IMSI (International Mobile Subscriber Identity), it has been renamed to SUPI (Subscription Permanent Identity) in 5G. Under normal circumstances, even 2G, 3G and 4G conceal the user’s identity with a temporary ID that changes frequently. Under some circumstances, however, e.g. when connecting to a roaming network for the first time, or when the home network has forgotten the temporary identifier, which can happen for a number of reasons, the network has to ask for the IMSI. Unfortunately, this loophole can be used by malicious base stations and other equipment to get to the real identities of devices and their users. The good news: The 5G core has a fix for this!
The 5G core network closes this loophole by encrypting the user’s identity before it leaves the device. This is optional, however, so not all network operators might use it in the future. If used, a public key connected to a mobile network operator is used as an input to an encryption algorithm to conceal, i.e. encrypt the IMSI/SUPI. The result is referred to as the SUCI (the Subscription Concealed Identifier).
From a conceptual point of view, this is very similar to how web pages are encrypted. The web browser gets the public key of the web site owner, which is then used to encrypt all outgoing data packets in the reverse direction to the web server. There, the private key is used to reverse the process. For private/public keys used on the web, a chain of trust exists that the web browser uses to verify that the public key it has received during the connection establishment actually belongs to that website. But how can the mobile device verify that the public key it was given to encrypt the IMSI/SUPI into the SUCI is actually from the network operator? And how is the public key given to it in the first place?
Instead of using a chain of trust, the public key of the network operator is stored on the SIM card. And as only the network operator can put this value on the SIM card (e.g. via an Over the Air update), no chain of trust is needed. So far so good, but that leads right to the next question: Where is the public key actually stored on the SIM card?
The place to look for the details is 3GPP TS 31.102: On the SIM card, there is a file referred to as USIM Service Table – EF(UST) with file ID 0x6F38. This file contains a bitmap, and each bit represents a service that can be activated or deactivated. To enable SUCI calculation, Service 124 (Subscription identifier privacy support) must be active.
Further, there are two ways to calculate the SUCI: On the device or on the SIM card. If Service 125 (SUCI calculation by the USIM) is active, the SIM does all the work and the device can just request the SUCI from the SIM card. If Service 125 is not active, the device has to calculate the SUCI on its own. For this, it requires two pieces of information:
The first parameter that is required is the public key of the network operator. It is stored in file EF(SUCI_Calc_Info) with ID 4F07, which resides in a dedicated 5G directory on the SIM, referred to as 5GS with file ID 0x5FC0. This directory can be found inside the USIM directory. As there can be more than one public key and more than one algorithm, the file contains the following content as per TS 31.102, 184.108.40.206:
- First byte set to: A0
- Length indicator
- A list of Protection Scheme Identifiers (1..N) with an index to the public key used for each
- The list of public keys that are referenced from the list above.
And that’s almost it. The only other info required is a ‘routing indicator’ that will be included in the SUCI, which gives the home network operator further info where to find the user’s database record. The routing indicator is quite short and is stored in EF(Routing_Indicator) with file ID 4F0A.
Quite a lot of flexibility for the future to update/change/use the public key to generate the SUCI. But it has to last for a while and nobody knows today what the future will bring. So better save than sorry.