5G Identifiers

Article by Abhijeet Kumar

What is an Identifier?

An identifier in the context of mobile networks is a unique tag that is used to recognize and manage an entity, such as a user, device, service, or network component. Identifiers ensure that the system can accurately and securely distinguish between different users and devices, manage services, and maintain data privacy.

Role of Identifiers in 5G Core

In the 5G Core network, identifiers play several critical roles:

1. User and Device Authentication: Identifiers are essential for authenticating user devices onto the network to ensure that access is granted only to valid and authorized subscribers.
2. Service Provisioning and Management: They enable the network to manage and deliver services tailored to specific users or devices, based on their unique identifiers.
3. Mobility Management: Identifiers are used to track the location of devices, manage handovers between different network cells, and ensure seamless service as users move geographically.
4. Security and Privacy: Certain identifiers, especially temporary ones, are vital in protecting user privacy by preventing tracking of individual users’ locations and service usage over time.

Why We Need Different Types of Identifiers

The need for different types of identifiers arises from various requirements:

1. Privacy Protection: To protect user privacy, networks use temporary identifiers that can be frequently changed and are not directly linked to the user's identity.
2. Functional Segregation: Different identifiers allow the network to manage different aspects separately, such as user identity, device identity, and session management.
3. Efficiency and Performance: Specific identifiers help optimize network performance and resource management by appropriately routing signals and managing network load.
4. Compatibility and Flexibility: Different identifiers support various network functions and services, providing flexibility in handling diverse devices and service requirements.

How 5G Identifiers Differ from 4G Identifiers

1. Increased Security and Privacy: 5G introduces more robust privacy measures, such as SUCI, which enhances the security of the user’s permanent identifier (SUPI) compared to 4G’s use of IMSI (International Mobile Subscriber Identity).
2. Greater Variety and Specialization: 5G networks use a broader range of identifiers, such as PEI and 5G-GUTI, each specifically designed for different tasks like device identification and user confidentiality.
3. Dynamic and Flexible Management: 5G identifiers like 5G-GUTI are designed to be more dynamically managed, with more frequent updates and changes to enhance security and service continuity.
4. Network Function-Specific Identifiers: 5G introduces identifiers linked to specific network functions, like the AMF Name, which are part of the network’s service-based architecture, unlike the more rigid architecture of 4G.

SUPI (Subscription Permanent Identifier)

Function of SUPI

The SUPI (Subscription Permanent Identifier) is a crucial element in 5G networks that serves as a globally unique identifier allocated to each subscriber. It's used internally within the 3GPP (3rd Generation Partnership Project) system to identify a subscriber across various network functions. Here are the key functions of SUPI:

1. Subscriber Identification: SUPI is used to uniquely identify each subscriber within the 5G network. This allows the network to manage and authenticate subscriber sessions accurately.
2. Service Provisioning: By uniquely identifying subscribers, SUPI enables the network to provision services and manage subscriber-specific data across network sessions.
3. Privacy Protection: SUPI is crucial in maintaining subscriber privacy. It is typically not transmitted openly across the network. Instead, a concealed form of SUPI, known as SUCI (Subscription Concealed Identifier), is used for interactions that might compromise privacy.
4. Roaming Support: SUPI includes information such as the home network identifier (e.g., MCC and MNC in the case of an IMSI-based SUPI), which is essential for supporting international roaming by ensuring that users can access services when connected to foreign networks.
5. Interworking and Compatibility: For scenarios involving both 5G and legacy networks like 4G, SUPI, when based on an IMSI, ensures compatibility and seamless service continuity across different network generations.

SUPI in 4G

In the context of 4G networks, the equivalent of SUPI is the IMSI (International Mobile Subscriber Identity). The IMSI is a unique number associated with all cellular networks. It is used to identify the subscriber in various network and billing processes and is provisioned directly in the SIM card of a mobile device.

Differences Between SUPI and IMSI

1. Flexibility and Privacy: While both SUPI and IMSI serve similar fundamental purposes of subscriber identification, SUPI in 5G is designed with enhanced privacy features. Unlike IMSI, which is often transmitted directly, SUPI is usually concealed using SUCI for transmission to protect subscriber privacy.
2. Format Variability: SUPI offers more flexibility in terms of formats. It can be based on an IMSI or take other forms, such as a network-specific identifier or a Network Access Identifier (NAI). This flexibility is beneficial for private networks and specialized applications within 5G.
3. Support for Advanced Features: SUPI supports more complex network features specific to 5G, such as support for Fixed Network Broadband Group (FN-BRGs) and Fixed Network and Converged Resource Groups (FN-CRGs and 5G-CRG), enhancing its utility for a broader range of network functions compared to the more straightforward IMSI used in 4G.

Enjoy here one short video to understand identifiers.

https://youtu.be/l62BBRnIESY

Subscription Concealed Identifier (SUCI)

Function of SUCI

The Subscription Concealed Identifier (SUCI) is a privacy-preserving identifier used in 5G networks. Its primary function is to protect the privacy of the Subscription Permanent Identifier (SUPI) during transmission across network interfaces. The use of SUCI is crucial for safeguarding user identity in various network interactions. Here’s a breakdown of its core functions:

1. Privacy Enhancement: SUCI is generated by encrypting the SUPI using public key cryptography. This ensures that the SUPI cannot be intercepted and misused by unauthorized parties during communication between the user equipment (UE) and the network.
2. Authentication and Security: While concealing the subscriber's identity, SUCI still allows the network to authenticate the user securely. The network uses the concealed identifier to reference the subscriber without exposing their real identity.
3. Compatibility and Flexibility: SUCI supports various encryption schemes and can adapt to different security requirements and policies of mobile network operators, ensuring flexibility across different regions and networks.

Equivalent of SUCI in 4G

In 4G networks, there is no direct equivalent of SUCI. The closest concept is the use of Temporary Mobile Subscriber Identity (TMSI), which serves a slightly different purpose:

• TMSI (Temporary Mobile Subscriber Identity): This is a temporary identifier that replaces the IMSI (International Mobile Subscriber Identity) in communications between the mobile station and the network to protect user identity. However, unlike SUCI, TMSI is not an encrypted form of the IMSI but a completely new temporary identifier assigned and managed by the network.

Differences Between SUCI and TMSI

1. Privacy Method: SUCI involves the encryption of the permanent identifier (SUPI), providing a robust method of concealing the user’s identity. TMSI, on the other hand, does not encrypt the IMSI but instead replaces it temporarily without encryption.
2. Scope and Use: SUCI is used specifically to conceal the SUPI as part of the initial registration and subsequent communications in a 5G network. TMSI is used more generally in 4G for various network interactions to prevent tracking and interception by concealing the IMSI.
3. Security Protocols: The generation and management of SUCI are governed by more advanced cryptographic methods compared to the simpler random assignment and periodic change of TMSI in 4G. This provides a higher level of security and privacy in 5G networks.

Permanent Equipment Identifier (PEI)

Role and Function of Permanent Equipment Identifier (PEI)

The Permanent Equipment Identifier (PEI) in the 5G system is a crucial component for uniquely identifying user equipment (UE) that accesses the network. The PEI ensures that each device connected to the network can be individually recognized and managed, contributing to both the operational integrity and security of the network. Here’s a detailed breakdown of the roles and functions of the PEI:

1. Device Identification: The primary function of the PEI is to uniquely identify each device within the 5G network. This is similar to a serial number that helps the network distinguish between different devices.
2. Security and Fraud Prevention: By uniquely identifying devices, the PEI helps in enhancing security measures, preventing unauthorized access, and reducing the chances of fraud. It ensures that only registered and verified devices can access network services.
3. Network Management and Troubleshooting: The PEI aids network operators in managing the network more efficiently. It helps in diagnosing issues related to specific devices, tracking device performance, and ensuring proper service delivery to the authenticated devices.
4. Regulatory Compliance: The PEI helps in complying with various regulatory requirements, such as those related to device tracking and security.

Formats of PEI

The PEI can take different formats depending on the type of UE and its supported access technologies:

• IMEI (International Mobile Equipment Identity): This is the standard identifier for devices that support 3GPP access technologies like NG-RAN, E-UTRAN, UTRAN, or GERAN. It is a unique number associated with all cellular networks.
• IMEISV (International Mobile Equipment Identity Software Version): This includes the standard IMEI number along with an additional software version number which can be used to track the firmware version on the device.
• EUI-64 (Extended Unique Identifier): For devices that do not support any 3GPP access technologies but connect to the 5G Core (5GC) using other technologies, the IEEE standard EUI-64 identifier is used.

Device Registration and Subscription Management

Once a device is registered with a network using a network subscription linked to a PEI, the device must maintain the use of that specific PEI with the associated subscription. This ensures consistency in device identification across network sessions and prevents the misuse of identifiers. Changing the PEI during an active network registration can lead to authentication issues and potential security vulnerabilities.

How these identifier interacts with Core network functions.

1. SUPI (Subscription Permanent Identifier)

• Storage: SUPI is primarily stored in the UDM (Unified Data Management), which acts like a central database for user data.
• Network Functions:AMF (Access and Mobility Management Function): The AMF uses the SUPI for initial registration and authentication purposes. It retrieves the SUPI from the UDM for these processes.SMF (Session Management Function): While the SMF primarily deals with session management, it may access SUPI for specific services that require user identification.AUSF (Authentication Server Function): SUPI is essential for AUSF as it uses this identifier to authenticate the user, verifying their identity in conjunction with the SEAF (Security Anchor Function).

2. SUCI (Subscription Concealed Identifier)

• Storage: SUCI isn't stored permanently in the network; instead, it is generated by the user’s device and sent to the network where it is decrypted to reveal the SUPI.
• Network Functions:AMF: Receives the SUCI from the user’s device, decrypts it to retrieve the SUPI, and forwards it to AUSF for authentication.AUSF: Utilizes the decrypted SUPI from the SUCI for authentication processes.

3. PEI (Permanent Equipment Identifier)

• Storage: The PEI is typically stored in the UDR (Unified Data Repository) along with the UE’s (User Equipment) profile which can be accessed by other network functions.
• Network Functions:AMF: Uses the PEI to ensure that the device is recognized and tracked within the network for mobility and session management.NEF (Network Exposure Function): NEF may use PEI for exposing capabilities of specific devices to network applications or third-party services.NSSF (Network Slice Selection Function): Might utilize PEI to determine the appropriate network slice based on the device capabilities.

How These Identifiers Relate Across Network Functions:

• Registration and Authentication: During initial registration, the UE sends its SUCI to the AMF, which decrypts it to retrieve the SUPI and forwards it along with PEI to the AUSF for authentication. The AUSF verifies the SUPI and communicates back to the AMF to proceed with the registration.
• Session Management: Post-authentication, the AMF uses both SUPI (for subscriber identification) and PEI (for equipment identification) in communicating with the SMF to establish and manage sessions.
• Mobility Management: The AMF uses the PEI to manage and track device movements across the network, ensuring seamless service continuity as the UE moves.