Currently, I see some confusion regarding 5G identification and the purpose of each one, such as which network node generates them and the subscriber’s role. I summarized the 3 identifications in one page, and here is the summary:
What is SUPI?
The Subscription Permanent Identifier (SUPI) is stored within the SIM. The SUPI is the 5G alternative to the 4G International Mobile Subscriber Identity (IMSI). Without protections, the SUPI will transmit clear text from the device to the cell tower, enabling eavesdroppers to intercept it and potentially track the subscriber’s location. This poses cybersecurity and privacy risks. In 5G, the SUPI is concealed when transmitted, using a mechanism called SUCI (Subscription Concealed Identifier).
What is SUCI?
5G standards include a feature that encrypts the SUPI using the home operator’s public key to generate the Subscription Concealed Identifier (SUCI). The SUCI is a #ciphered version of the subscriber’s identity, which is always unique; when this ciphered identity is utilised, an attacker cannot correlate it to the subscriber. The mobile device or SIM card calculates the SUCI utilizing elliptic curve cryptography. The SUCI is transmitted wirelessly instead of the SUPI, thereby permitting only the UDM system of the subscriber’s network operator—who keeps the corresponding private key—to decrypt the identifier and ascertain the subscriber’s identity. Without this optional 5G feature, the SUPI is sent in clear text.
What is 5G-GUTI?
When a mobile device connects to a 5G network for the first time, it uses its SUPI to establish the connection. During registration, the network calculates a temporary identifier, the 5G Globally Unique Temporary UE Identity (5G-GUTI), associated with and stored within UE. All subsequent signalling communication between the network and the device leverages the 5G-GUTI instead of the SUPI.
Note: Beginning with release 15 in 2019, the 5G standards mandate frequent reallocation of 5G-GUTIs across all 5G networks.