The 3GPP has defined a nice subscriber’s identity protection scheme for 5G networks. This is a way for 5G handsets and terminals (or UE, in the 3GPP terminology) to encrypt the subscriber’s identity before sending it over-the-air. In this way, 5G radio sniffers, 5G IMSI-catchers, and more widely 5G networks without roaming agreement with the subscriber’s home-network, are not able to retrieve the entire subscriber’s permanent identity (i.e its IMSI).
In 5G, a new format has been defined for the subscriber identity: the SUPI (Subscriber Permanent Identity), which is a container for an IMSI, or any other kind of network access identifier. We can illustrate such a format by using pycrate within an IPython interpreter:
When the UE needs to send its SUPI over-the-air, in an encrypted form, an Elliptic-Curve public key of the subscriber’s home-network must be set in its SIM card. This public key is used together with an ECIES algorithm to encrypt the MSIN part of the subscriber’s IMSI (i.e. the Output part of the SUPI, as shown above), in order to form a SUCI (pronounced “sushi”, not kidding :). In order to exhibit the SUPI encryption and decryption steps, we need to use the CryptoMobile library. This is one of the open-source Python libraries maintained by P1 Security ; it implements Python wrappers for all the cellular encryption, integrity protection and authentication algorithms, allowing these to be readily available for pedagogic and prototyping purposes.
Back to our SUPI encryption, the first step is to create what will be considered here as the home-network public and private key-pair:
The second step is to use the home-network public key, together with an ephemeral … Read More