Description
The 5G-GUTI is a fundamental identifier in 5G system architecture, designed to uniquely and temporarily identify a User Equipment (UE) within the network. It serves as a privacy-preserving alias for the permanent Subscription Permanent Identifier (SUPI), ensuring that the user's long-term identity is not exposed during radio communication, which mitigates tracking and eavesdropping risks. The identifier is structured to support efficient network operations, including registration, service requests, and mobility management, by allowing the network to correlate sessions and context without repeatedly querying the SUPI.
Architecturally, the 5G-GUTI is assigned by the Access and Mobility Management Function (AMF) during initial registration procedures. It consists of two main components: the GUAMI (Globally Unique AMF Identifier) and the 5G-TMSI (5G Temporary Mobile Subscriber Identity). The GUAMI uniquely identifies the AMF that allocated the 5G-GUTI, comprising a Mobile Country Code (MCC), Mobile Network Code (MNC), and an AMF Region ID, AMF Set ID, and AMF Pointer. The 5G-TMSI is a unique identifier within that AMF, used to distinguish the UE locally. This hierarchical structure allows for scalable routing and management, as the network can determine the serving AMF from the GUAMI and then use the 5G-TMSI to locate the specific UE context.
In operation, the UE includes the 5G-GUTI in signaling messages, such as Registration Requests or Service Requests, to identify itself to the network. The AMF validates the 5G-GUTI to retrieve the UE's security context and subscription data from its local storage or the Unified Data Management (UDM). If the 5G-GUTI is invalid or expired, the network may initiate a re-authentication procedure, potentially requesting the SUPI securely. The identifier can be reallocated or updated during mobility events, like handovers or inter-AMF transfers, to reflect changes in the serving network entity. This dynamic assignment supports seamless mobility across different AMFs and network slices.
The role of the 5G-GUTI extends beyond identity protection; it is integral to network efficiency and scalability. By using a temporary identifier, the network reduces signaling overhead, as the AMF can quickly resolve the UE context without extensive database queries. It also facilitates paging and notification procedures, where the 5G-TMSI is used to page the UE within a specific area. In scenarios involving network slicing, the 5G-GUTI helps associate the UE with the appropriate slice instance, ensuring that mobility and service continuity are maintained across slice boundaries. Overall, the 5G-GUTI is a cornerstone of 5G security and operational design, balancing privacy, performance, and flexibility.
Purpose & Motivation
The 5G-GUTI was created to address critical privacy and security vulnerabilities present in previous mobile generations, such as 4G/LTE, where temporary identifiers like the GUTI could still be linked to permanent identities over time, enabling potential tracking. In 5G, enhanced privacy is a core requirement, driven by regulations like GDPR and increased user awareness. The 5G-GUTI solves this by providing a robust mechanism to obscure the SUPI during radio transmissions, preventing passive attackers from correlating user activities or locations with their permanent identity. This separation ensures that even if temporary identifiers are intercepted, they cannot be easily mapped to the user's long-term subscription.
Historically, identifiers in 2G/3G/4G networks, such as the IMSI or 4G-GUTI, had limitations in privacy protection and scalability. The 4G-GUTI, for example, could be used to track users if not frequently refreshed, and its structure was less optimized for distributed architectures like 5G's service-based interface. The 5G-GUTI introduces a more hierarchical and globally unique design, aligning with 5G's cloud-native and sliced network environments. It supports efficient mobility management across diverse deployment scenarios, including non-public networks and edge computing, by enabling clear routing to the correct AMF instance.
Furthermore, the 5G-GUTI addresses operational challenges in large-scale networks by reducing dependency on central databases for every UE interaction. By allowing the AMF to manage temporary identifiers locally, it decreases latency and signaling load, which is crucial for 5G's low-latency use cases like URLLC. The identifier also facilitates network slicing by embedding AMF-specific information, ensuring that UE contexts are handled within the appropriate slice. Overall, the 5G-GUTI embodies 5G's principles of enhanced security, privacy by design, and scalable architecture, solving legacy issues while enabling future innovations.
Key Features
- Globally unique structure with GUAMI and 5G-TMSI components
- Privacy protection by hiding the SUPI during radio transmission
- Hierarchical design for efficient AMF routing and scalability
- Support for dynamic reallocation during mobility and handovers
- Integration with network slicing for slice-specific UE management
- Reduced signaling overhead through local context resolution
Evolution Across Releases
Introduced the 5G-GUTI as a new temporary identifier for 5G systems, defining its structure with GUAMI (including MCC, MNC, AMF Region ID, Set ID, and Pointer) and 5G-TMSI. It established initial procedures for allocation during registration, use in service requests, and reallocation for privacy, replacing the 4G-GUTI to enhance security and support 5G's service-based architecture.
Enhanced 5G-GUTI usage for integrated access and backhaul (IAB) and non-public networks (NPN), ensuring proper identifier handling in isolated deployments. Added support for mobility between 5G and LTE networks, with mapping procedures to/from 4G-GUTI for seamless interworking and continuity.
Extended 5G-GUTI applications to support edge computing and network automation, enabling efficient UE context management in distributed environments. Introduced optimizations for frequent small data transmissions in IoT scenarios, reducing signaling overhead associated with identifier updates.
Further refined 5G-GUTI mechanisms for enhanced network slicing, allowing more granular AMF pointer assignments to improve slice isolation and resource allocation. Added support for AI/ML-driven mobility predictions, optimizing 5G-GUTI reallocation strategies for predictive handovers.
Introduced enhancements for 5G-Advanced networks, including support for reduced capability (RedCap) UEs with simplified 5G-GUTI handling to conserve device resources. Improved security features with optional encryption of 5G-TMSI components to prevent tracking in high-risk scenarios.
Added support for 6G preparatory studies, exploring extended 5G-GUTI formats for future network architectures. Enhanced interoperability with non-3GPP access (e.g., Wi-Fi 7) and satellite networks, ensuring consistent identifier management across heterogeneous environments.
Defining Specifications
| Specification | Title |
|---|---|
| TS 23.003 | 3GPP TS 23.003 |
| TS 23.501 | 3GPP TS 23.501 |
| TS 24.301 | 3GPP TS 24.301 |
| TS 24.501 | 3GPP TS 24.501 |
| TS 24.890 | 3GPP TS 24.890 |
| TS 29.518 | 3GPP TS 29.518 |