SUPI-Rear: Privacy-Preserving Subscription Permanent Identification Strategy in 5G-AKA

SUPI-Rear: Privacy-Preserving Subscription Permanent Identification Strategy in 5G-AKA

연구 분야: Networking

학회: International Symposium on Stabilizing, Safety, and Security of Distributed Systems

Security and privacy concerns are crucial for the success of any new technology. With the global rollout of 5G networks, new use cases are continually emerging. The 3GPP consortium mentioned the authentication and key agreement protocol for the 5th generation (5G) mobile communication system (i.e., 5G-AKA) in the technical specification (TS) 33.501. It introduces public key encryption to conceal the so-called Subscription Permanent Identifier (SUPI) to enhance mobile users’ privacy. However, the user’s permanent identity i.e., SUPI is available in cleartext to the Serving Network (SN) after the successful primary authentication. SUPI availability is required for the operational and regulatory perspective of SUPI usage. In 5G-AKA, the SUPI is available in cleartext to the Serving Network (SN). Since the SNs are considered semi-trusted because the long-term secret key and the sequence numbers are not revealed with SNs, only SUPI is provided in cleartext for proper billing. Hence, SUPI availability in cleartext under a zero-trust, multi-tenant-based 5G network compromises the user’s privacy. This work provides a way to enhance privacy and security during communication between the Home Network (HN) and the SN without compromising the original SUPI. Furthermore, the proposed solutions (termed collectively as SUPI-Rear) are also applicable to various use cases where SUPI privacy is required, like Public Land Mobile Network (PLMN) hosting Non-Public Network (NPN) scenario. Moreover, it abides by the lawful requirements and 5G AKA authentication procedure.