The 5G
networks are commercially available now and secure transmission is of utmost
important and required like never before as this generation of
telecommunication system aims to deliver
· Enhanced mobile broadband,
· Massive machine-type communications,
· Ultra-reliable and low latency communications.
Today we are going to discuss an important and hot topic related to 5G & security, How 5G technology ensures security better than previous generations of mobile communication.
The 2G era
The authentication process of subscribers was carried in GSM System (2G) for the first time. The mobile was assigned a temporary identifier after the authentication so that it does not have to send the mobile subscriber's permanent identity 'IMSI' on the air interface. And the voice was encrypted.
Issues with 2G
However, 2G systems suffered from two major flaws:
1. IMSI hacking
The IMSI was sent over the air interface, the first time mobile connects with the network after power-up. And as a result, this IMSI could be hacked using an IMSI catcher.
2. Fake BTS
A fake BTS could pose as a genuine 2G base station and fool the mobile in revealing its information.
An active man-in-the-middle adversary can intentionally simulate this scenario to force an unsuspecting user to reveal its long-term identity. These attacks are known as “IMSI catching” attacks and persist in today’s mobile networks including the 4G LTE/LTE-Adv.
Workaround in 3G/4G
By introducing bidirectional authentication (two-way) in the 3G and LTE (4G) technologies, resolved the second problem and network needed to authenticate itself with the mobile unit (UE). So a fake BTS would fail its authentication with the mobile (UE).
However, the first problem still remained and IMSI (International Mobile Subscriber Identity) catcher could still hack the permanent subscriber identity.
The solution to IMSI Catchers in 5G
5G tried to address this first problem, the IMSI in 5G is called SUPI (Subscription Permanent Identifier) a globally unique ID, and it is never sent over the air interface unencrypted, first, it is encrypted using the public key as SUCI (Subscription Concealed Identifier) and then sent over the air interface.
The network can decrypt it using its private key that is never known to the UEs, once a UE is registered after authentication, it is assigned a temporary identifier called 5G GUTI and which is often changed.
Let’s elaborate SUPI & SUCI as well.
SUPI
A SUPI is usually a string of 15 decimal digits. The first three digits represent the Mobile Country Code (MCC) while the next two or three form the Mobile Network Code (MNC) identifying the network operator. The remaining (nine or ten) digits are known as Mobile Subscriber Identification Number (MSIN) and represent the individual user of that particular operator. SUPI is equivalent to IMSI which uniquely identifies the ME, is also a string of 15 digits.
SUPI Packet
SUCI
Subscription Concealed The identifier is a privacy-preserving identifier containing the concealed SUPI. The UE generates a SUCI using an ECIES-based protection scheme with the public key of the Home Network that was securely provisioned to the USIM during the USIM registration.
Only the MSIN part of the SUPI gets concealed by the protection scheme while the home network identifier i.e. MCC/MNC gets transmitted in plain text. The data fields constituting the SUCI are following
SUCI Packet
End Remark
The goal of 5G is to open up the network to a wider variety of services and allow mobile operators to support them. It's an opportunity to secure services and customers against many of today's dangers. By design, 5G also has plenty of built-in security features designed to safeguard both individual customers and mobile networks.
