Subscription Concealed Identifier

Description

The Subscription Concealed Identifier (SUCI) is a fundamental security and privacy feature introduced in 5G, defined in 3GPP Release 15. It is a one-time-use identifier transmitted by the User Equipment (UE) in place of the permanent Subscription Permanent Identifier (SUPI) during the initial registration procedure, specifically in the Registration Request message. The SUCI is generated by the UE itself using a standardized scheme called ECIES (Elliptic Curve Integrated Encryption Scheme) profile A. The UE encrypts the SUPI using the public key of the home network's Subscription Identifier De-concealing Function (SIDF), which is securely provisioned in the UE (e.g., in the Universal Integrated Circuit Card (UICC)). The output is a string that includes the Home Network Public Key Identifier, the ECIES scheme identifier, the ciphertext, and the MAC tag.

Upon receiving the SUCI, the serving network (e.g., the Visited Public Land Mobile Network (VPLMN)) forwards it to the home network (HPLMN) as part of the authentication procedure. The home network's SIDF, which holds the corresponding private key, is the only entity capable of decrypting the SUCI to retrieve the plaintext SUPI. This decryption occurs within the home network's Unified Data Management (UDM) or Authentication Server Function (AUSF). The SUPI is then used for subscriber authentication and to derive the 5G Globally Unique Temporary Identifier (5G-GUTI) for subsequent signaling. Crucially, the serving network never sees the SUPI in clear text, protecting the subscriber's permanent identity from the visited operator and any passive eavesdroppers on the radio link.

The architecture for SUCI involves several network functions. The UE contains the USIM application which stores the home network public key and performs the encryption. The Access and Mobility Management Function (AMF) in the serving network receives the SUCI and routes it to the appropriate home network. The SIDF, typically collocated with the UDM/AUSF, performs the de-concealment. SUCI is mandatory for 5G initial registration when the UE does not have a valid 5G-GUTI, making it a cornerstone of 5G's enhanced subscriber privacy. Its use is governed by the subscriber's privacy settings, but the default and encouraged mode is to always use SUCI for initial registration, marking a significant shift from 4G where the permanent International Mobile Subscriber Identity (IMSI) was often sent in clear text during initial attach.

Purpose & Motivation

SUCI was created to solve a critical and long-standing privacy vulnerability in cellular networks: the exposure of the user's permanent subscriber identity (IMSI in 2G/3G/4G) over the radio interface. In previous generations, the IMSI was often transmitted in clear text during initial network attachment or in certain failure scenarios. This allowed passive eavesdroppers with inexpensive equipment (IMSI catchers or stingrays) to track individuals' locations and movements, conduct targeted attacks, or perform identity mapping. This vulnerability was a major privacy concern and eroded user trust.

The motivation for SUCI stemmed from regulatory pressures (e.g., GDPR), heightened societal awareness of digital privacy, and the technical opportunity presented by the clean-slate design of the 5G core network (5GC). 3GPP designed SUCI as a key component of 5G's enhanced subscriber privacy architecture. It addresses the limitation of previous temporary identifiers (like TMSI/GUTI) which could not always be used—if a UE entered a new area without a valid temporary ID, it had to fall back to sending the IMSI in clear text. SUCI eliminates this fallback vulnerability by ensuring the permanent identity is never exposed, even on the first contact.

Furthermore, SUCI supports the separation of the serving network from the home network in terms of identity knowledge. This aligns with the network slicing and service-based architecture principles of 5G, where a serving network should provide connectivity without necessarily knowing the subscriber's true identity. By solving the pervasive tracking problem, SUCI enables more secure and privacy-respecting use cases, including critical IoT and government services, where anonymity of the device is paramount until authenticated by the home domain.

Key Features

• Cryptographic concealment of SUPI using public key encryption (ECIES)
• Generated by the UE using the home network's public key
• Decrypted only by the home network's SIDF using a private key
• Prevents passive eavesdropping and IMSI catcher attacks
• Eliminates clear-text transmission of permanent subscriber identity
• Integral part of the 5G primary authentication and key agreement (5G-AKA) procedure

Evolution Across Releases

Defining Specifications