6.12 Subscription identifier privacy
33.5013GPPRelease 18Security architecture and procedures for 5G SystemTS
6.12.1 Subscription permanent identifier
In the 5G system, the globally unique 5G subscription permanent identifier is called SUPI as defined in 3GPP TS 23.501 [2]. The SUCI is a privacy preserving identifier containing the concealed SUPI.
The SUPI is privacy protected over-the-air by using the SUCI which is described in clause 6.12.2. Handling of SUPI and privacy provisioning related to concealing the SUPI shall be done according to the requirements specified in clause 5 and details provided in clause 6.12.2.
6.12.2 Subscription concealed identifier
The SUbscription Concealed Identifier, called SUCI, is a privacy preserving identifier containing the concealed SUPI.
The UE shall generate a SUCI using a protection scheme with the raw public key, i.e. the Home Network Public Key, that was securely provisioned in control of the home network. The protection schemes shall be the ones specified in Annex C of this document or the ones specified by the HPLMN.
The UE shall construct a scheme-input from the subscription identifier part of the SUPI as follows:
- For SUPIs containing IMSI, the subscription identifier part of the SUPI includes the MSIN of the IMSI as defined in TS 23.003 [19].
- For SUPIs taking the form of a NAI, the subscription identifier part of the SUPI includes the "username" portion of the NAI as defined in NAI RFC 7542 [57].
The UE shall execute the protection scheme with the constructed scheme-input as input and take the output as the Scheme Output.
The UE shall not conceal the Home Network Identifier and the Routing Indicator.
For SUPIs containing IMSI, the UE shall construct the SUCI with the following data fields:
– The SUPI Type as defined in TS 23.003 [19] identifies the type of the SUPI concealed in the SUCI.
– The Home Network Identifier is set to the MCC and MNC of the IMSI as specified in 23.003 [19].
– The Routing Indicator as specified in TS 23.003 [19].
– The Protection Scheme Identifier as specified in Annex C of this specification.
– The Home Network Public Key Identifier as specified in this document and detailed in TS 23.003 [19].
– The Scheme Output as specified in this document and detailed in TS 23.003 [19].
For SUPIs containing Network Specific Identifier, the UE shall construct the SUCI in NAI format with the following data fields:
– realm part of the SUCI is set to the realm part of the SUPI.
– username part of the SUCI is formatted as specified in TS 23.003 [19] using the SUPI Type, Routing Indicator, the Protection Scheme Identifier, the Home Network Public Key Identifier and the Scheme Output.
NOTE 1: The format of the SUPI protection scheme identifiers is defined in Annex C.
NOTE 2: The identifier and the format of the Scheme Output are defined by the protection schemes in Annex C. In case of non-null-schemes, the freshness and randomness of the SUCI will be taken care of by the corresponding SUPI protection schemes.
NOTE 2a: In case of null-scheme being used, the Home Network Public Key Identifier is set to a default value as described in TS 23.003 [19].
The UE shall include a SUCI only in the following 5G NAS messages:
– if the UE is sending a Registration Request message of type "initial registration" to a PLMN for which the UE does not already have a 5G-GUTI, the UE shall include a SUCI to the Registration Request message, or
– if the UE responds to an Identity Request message by which the network requests the UE to provide its permanent identifier, the UE includes a SUCI in the Identity Response message as specified in clause 6.12.4.
– if the UE is sending a De-Registration Request message to a PLMN during an initial registration procedure for which the UE did not receive the registration accept message with 5G-GUTI, the UE shall include the SUCI used in the initial registration to the De-Registration Request message.
NOTE 3: In response to the Identity Request message, the UE never sends the SUPI.
The UE shall generate a SUCI using "null-scheme" only in the following cases:
– if the UE is making an unauthenticated emergency session and it does not have a 5G-GUTI to the chosen PLMN, or
– if the home network has configured "null-scheme" to be used, or
– if the home network has not provisioned the public key needed to generate a SUCI.
If the operator’s decision, indicated by the USIM, is that the USIM shall calculate the SUCI, then the USIM shall not give the ME any parameter for the calculation of the SUCI including the Home Network Public Key Identifier, the Home Network Public Key, and the Protection Scheme Identifier. If the ME determines that the calculation of the SUCI, indicated by the USIM, shall be performed by the USIM, the ME shall delete any previously received or locally cached parameters for the calculation of the SUCI including the SUPI Type, the Routing Indicator, the Home Network Public Key Identifier, the Home Network Public Key and the Protection Scheme Identifier. The operator should use proprietary identifier for protection schemes if the operator chooses that the calculation of the SUCI shall be done in USIM.
If the operator’s decision is that ME shall calculate the SUCI, the home network operator shall provision in the USIM an ordered priority list of the protection scheme identifiers that the operator allows. The priority list of protection scheme identifiers in the USIM shall only contain protection scheme identifiers specified in Annex C, and the list may contain one or more protection schemes identifiers. The ME shall read the SUCI calculation information from the USIM, including the SUPI, the SUPI Type, the Routing Indicator, the Home Network Public Key Identifier, the Home Network Public Key and the list of protection scheme identifiers. The ME shall select the protection scheme from its supported schemes that has the highest priority in the list are obtained from the USIM.
The ME shall calculate the SUCI using the null-scheme if the Home Network Public Key or the priority list are not provisioned in the USIM.
NOTE 4: The above feature is introduced since additional protection schemes could be specified in the future for a release newer than the ME release. In this case, the protection scheme selected by older MEs may not be the protection scheme with the highest priority in the list of the USIM.
6.12.3 Subscription temporary identifier
A new 5G-GUTI shall be sent to a UE only after a successful activation of NAS security. The 5G-GUTI is defined in TS 23.003 [19].
Upon receiving Registration Request message of type "initial registration" or "mobility registration update" from a UE, the AMF shall send a new 5G-GUTI to the UE in the registration procedure.
Upon receiving Registration Request message of type "periodic registration update" from a UE, the AMF should send a new 5G-GUTI to the UE in the registration procedure.
Upon receiving Service Request message sent by the UE in response to a Paging message, the AMF shall send a new 5G-GUTI to the UE. This new 5G-GUTI shall be sent before the current NAS signalling connection is released or the N1 NAS signalling connection is suspended.
Upon receiving an indication from the lower layers that the RRC connection has been resumed for a UE in 5GMM-IDLE mode with suspend indication in response to a Paging message, the AMF shall send a new 5G-GUTI to the UE. This new 5G-GUTI shall be sent before the current NAS signalling connection is released or the suspension of the N1 NAS signalling connection.
NOTE 1: It is left to implementation to re-assign 5G-GUTI more frequently than in cases mentioned above, for example after a Service Request message from the UE not triggered by the network.
NOTE 2: It is left to implementation to generate 5G-GUTI containing 5G-TMSI that uniquely identifies the UE within the AMF.
5G-TMSI generation should be following the best practices of unpredictable identifier generation.
A new I-RNTI shall be sent to a UE only after a successful activation of AS security.
On transition of UE to RRC INACTIVE state requested by gNB during RRC Resume procedure or RNAU procedure, the gNB shall assign a new I-RNTI to the UE.
6.12.4 Subscription identification procedure
The subscriber identification mechanism may be invoked by the serving network when the UE cannot be identified by means of a temporary identity (5G-GUTI). In particular, it should be used when the serving network cannot retrieve the SUPI based on the 5G-GUTI by which the subscriber identifies itself on the radio path.
The mechanism described in figure 6.12.4-1 allows the identification of a UE on the radio path by means of the SUCI.
Figure 6.12.4-1: Subscription identifier query
The mechanism is initiated by the AMF that requests the UE to send its SUCI.
The UE shall calculate a fresh SUCI from SUPI using the Home Network Public Key, and respond with Identity Response carrying the SUCI. The UE shall implement a mechanism to limit the frequency at which the UE responds with a fresh SUCI to an Identity Request for a given 5G-GUTI.
NOTE 1: If the UE is using any other scheme than the null-scheme, the SUCI does not reveal the SUPI.
AMF may initiate authentication with AUSF to receive SUPI as specified in clause 6.1.3.
In case the UE registers for Emergency Services and receives an Identity Request, the UE shall use the null-scheme for generating the SUCI in the Identity Response.
NOTE 2: Registration for Emergency does not provide subscription identifier confidentiality.
6.12.5 Subscription identifier de-concealing function (SIDF)
SIDF is responsible for de-concealing the SUPI from the SUCI. When the Home Network Public Key is used for encryption of SUPI, the SIDF shall use the Home Network Private Key that is securely stored in the home operator’s network to decrypt the SUCI. The de-concealment shall take place at the UDM. Access rights to the SIDF shall be defined, such that only a network element of the home network is allowed to request SIDF.
NOTE: One UDM can comprise several UDM instances. The Routing Indicator in the SUCI can be used to identify the right UDM instance that is capable of serving a subscriber.