Abstract
Security and privacy concerns are crucial for the success of any new technology. With the global rollout of 5G networks, new use cases are continually emerging. The 3GPP consortium mentioned the authentication and key agreement protocol for the 5th generation (5G) mobile communication system (i.e., 5G-AKA) in the technical specification (TS) 33.501. It introduces public key encryption to conceal the so-called Subscription Permanent Identifier (SUPI) to enhance mobile users’ privacy. However, the user’s permanent identity i.e., SUPI is available in cleartext to the Serving Network (SN) after the successful primary authentication. SUPI availability is required for the operational and regulatory perspective of SUPI usage. In 5G-AKA, the SUPI is available in cleartext to the Serving Network (SN). Since the SNs are considered semi-trusted because the long-term secret key and the sequence numbers are not revealed with SNs, only SUPI is provided in cleartext for proper billing. Hence, SUPI availability in cleartext under a zero-trust, multi-tenant-based 5G network compromises the user’s privacy. This work provides a way to enhance privacy and security during communication between the Home Network (HN) and the SN without compromising the original SUPI. Furthermore, the proposed solutions (termed collectively as SUPI-Rear) are also applicable to various use cases where SUPI privacy is required, like Public Land Mobile Network (PLMN) hosting Non-Public Network (NPN) scenario. Moreover, it abides by the lawful requirements and 5G AKA authentication procedure.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
3GPP TS 33.501: Security architecture and procedures for 5G system, V18.0.0 (2022)
3GPP TS 22.261: Service requirements for the 5G system, Release 18
3GPP TR 33.894: Study on applicability of the Zero Trust Security principles in mobile networks, Release 18
NIST Special Publication 800-207: Zero Trust Architecture, Zero Trust Architecture (nist.gov)
3GPP TS 23.501: System architecture for the 5G System (5GS), v18.1.0 (2023)
Khan, M., Ginzboorg, P., Järvinen, K., Niemi, V.: Defeating the downgrade attack on identity privacy in 5G. In: Fourth International Conference on Research in Security Standardisation, pp. 95–119. Springer (2018)
Broek, F.V.D., Verdult, R., Ruiter J.: Defeating IMSI catchers. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 340–351 (2015)
Borgaonkar, R., Hirschi, L., Park, S., Shaik, A.: New privacy threat on 3G, 4G, and upcoming 5G AKA protocols. In: Proceedings on Privacy Enhancing Technologies, IACR Cryptology ePrint Archive, p. 1175 (2018)
Ouaissa, M., Ouaissa, M.: An improved privacy authentication protocol for 5G mobile networks. In: IEEE International Conference on Advances in Computing, Communication & Materials (ICACCM), pp. 136–143 (2020)
Braeken, A.: Symmetric key based 5G AKA authentication protocol satisfying anonymity and unlinkability, Comput. Netw. 181, 107424 (2020)
Liu, F., Su, L., Yang, B., Du, H., Qi, M., He, S.: Security enhancements to subscriber privacy protection scheme in 5G systems. In: IEEE International Wireless Communications and Mobile Computing (IWCMC), pp. 451–456 (2021)
Wang, Y., Zhang, Z., Xie, Y.: Privacy-preserving and standard-compatible AKA protocol for 5G. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 3595–3612 (2021)
Khan, H., Martin, K.M.: A survey of subscription privacy on the 5G radio interface—the past, present and future. J. Inf. Secur. Appl. 53, 102537 (2020)
3GPP TS 23.503: Policy and charging control framework for the 5G System (5GS), V18.4.0, Release 18
3GPP TS 23.003: Numbering, addressing and identification, V18.4.0, Release 18
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Sowjanya, K. et al. (2025). SUPI-Rear: Privacy-Preserving Subscription Permanent Identification Strategy in 5G-AKA. In: Masuzawa, T., Katayama, Y., Kakugawa, H., Nakamura, J., Kim, Y. (eds) Stabilization, Safety, and Security of Distributed Systems. SSS 2024. Lecture Notes in Computer Science, vol 14931. Springer, Cham. https://doi.org/10.1007/978-3-031-74498-3_22
Download citation
DOI: https://doi.org/10.1007/978-3-031-74498-3_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-74497-6
Online ISBN: 978-3-031-74498-3
eBook Packages: Computer ScienceComputer Science (R0)