UE in 5G network will have many identifiers to identify itself uniquely over the network. Below are some of them.
In the next series of post, we shall discuss more on other identifiers.
Brief of Identities present in 5G
1. SUPI – Subscription Permanent Identifier
2. SUCI – Subscription Concealed Identifier
3. 5G GUTI – 5G Globally Temporary Identifier
4. 5G S TMSI – It is a shorter version of 5G GUTI. 5G S Temporary Mobile Subscriber Identity
5. IMEI – International Mobile Equipment Identity
6. IMEISV – International Mobile Equipment Identity Software Version
7. PEI – Permanent Equipment Identifier
8. IP Address
9. RNTI – Radio Network Temporary Identifier
10. UE Radio Capability
Let us discuss SUPI and SUCI in detail.
On a high level,
SUPI: It is allocated to every subscriber and it is provisioned in USIM and UDM/UDR according to 3GPP spec TS 23 501
SUCI: It is encrypted for of SUPI. UE will generate SUCI using a protection scheme. It is used to solve the security issue of IMSI by using encrypted value of SUPI instead of plane text that was there in 2G, 3G, 4G.
How are mobile subscribers identified?
The subscriber information will be present in SIM card.
The PEI is of the mobile phone (UE) and will be identified by IMEI number.
Each 5G subscriber is allocated one SUPI to be used in 3GPP system.
The SUPI will not be transmitted over AIR interface. But instead it will be concealed and will be transmitted as SUCI.
SUCI will be used for initial registration. After that GUTI will be allocated to that subscriber and it will be used through out the session.
MSISDN: It is your 10 digit mobile number,
SUPI in detail
SUPI is the identifier for a subscriber. In 4G it was IMSI and in 5G it is SUPI.
A SUPI can be:
1. An IMSI (to inter-work with 4G, 3G, 2G networks)
2. NAI – Network Access Identifier. It is a network specific identifier. DEfined in TS 23.003 Section 28.7
3. GCI – Global Cable Identifier.
4. GLI – Global Line Identifier.
IMSI in detail
As one of the SUIP type is IMSI, below is the structure of IMSI
IMSI = MCC + MNC + MSIN = 15 digits.
MCC = Mobile Country Code (3 digits)
MNC = Mobile Network Code (2 or 3 digits)
MSIN = Mobile Subscriber Identification Number(upto 10 digits) this is not your mobile number.
To inter-work with EPC, the SUPI allocated to the 3GPP UE shall always be based on IMSI.
NAI in detail
NAI = Network Access Identifier.
NAI format for SUPI
username@realm
It is used to assist in the routing of the authentication request to the user authentication server.
Here “realm” is the domain.
NAI format for SUCI
When the SUPI is defined as an IMSI, the SUCI in NAI format shall have the form username without a realm part.
SUCI in detail
SUCI – Subscription Concealed Identifier
One of the major problem in LTE was, the IMSI is sent as a plain text over the air interface. This was a major privacy concern.
This is solved by using SUCI in 5G.
It is a privacy preserving identifier that has concealed SUPI.
UE will generate SUCI by encrypting SUPI with public key of home network.
Public Key will be stored in USIM.
SUPI Type can be 0 or 1. 0: IMSI, 1: Network Specific Identifier (NSI)
Home Network Identifier: Can be either MCC+MNC or NAI
Routing Indicator, consisting of 1 to 4 decimal digits assigned by the home network operator and provisioned in the USIM, that allow together with the Home Network Identifier to route network signalling with SUCI to AUSF and UDM instances capable to serve the subscribe
Protection Scheme Identifier, consisting in a value in the range of 0 to 15.
Home Network Public Key Identifier, consisting in a value in the range 0 to 255. It represents a public key provisioned by the HPLMN
Scheme Output, consisting of a string of characters with a variable length or hexadecimal digits, dependent on the used protection scheme.
NAI format for SUCI
Assuming the IMSI 234150999999999, where MCC=234, MNC=15 and MSISN=0999999999, the Routing Indicator 678, and a Home Network Public Key Identifier of 27, the NAI format for the SUCI takes the form:
for the null-scheme:
type0.rid678.schid0.userid0999999999
If we decompose from above image:
type = type0
routing ID: rid678
Scheme ID [as it is NULL scheme it is 0]: schid0
User ID: userid0999999999
for the Profile <A> protection scheme:
type0.rid678.schid1.hnkey27.ecckey<ECC ephemeral public key>.cip< encryption of 0999999999>.mac<MAC tag value>
For more detailed information, visit TS 23 003
