What is SUCI (subscription concealed identifier)

Demystifying SUCI: Subscription Concealed Identifier

SUCI (Subscription Concealed Identifier) is a privacy-preserving mechanism introduced in 5G networks. It safeguards the subscriber's permanent identifier (SUPI) by concealing it during network communication. Here's a technical breakdown:

Core Function:

• SUCI acts as a temporary, encrypted identifier used to represent the subscriber's SUPI during registration and other network signaling procedures.
• This encryption protects the subscriber's privacy by preventing the exposure of their SUPI in plain text.

Generation of SUCI:

1. SUPI as the Core: The SUCI construction starts with the subscriber's permanent identifier (SUPI), a unique identifier assigned to the subscriber by their home network provider.
2. Encryption with Public Key: The UE (User Equipment, e.g., phone) encrypts the SUPI using the public key of the Home Network Public Land Mobile Network (HPLMN). This public key is securely provisioned on the UE's USIM (Universal Subscriber Identity Module), similar to a SIM card.
3. Additional Information: Besides the encrypted SUPI, the SUCI also includes:
   • Routing Indicator (RI): A numerical value used for routing network signaling with SUCI.
   • Protection Scheme Identifier: Identifies the specific encryption scheme employed.
   • Home Network Public Key Identifier: Identifies the public key used for encryption.
   • Scheme Output: The variable-length output generated by the encryption scheme.

Network Processing:

1. Transmission: The UE transmits the SUCI to the AMF (Access and Mobility Function) during the registration process.
2. Decryption: The AMF retrieves the HPLMN's public key and uses it to decrypt the SUCI (except for the RI). This reveals the SUPI and allows the AMF to identify the subscriber's home network.
3. Routing: The AMF leverages the Routing Indicator (RI) to route subsequent network signaling involving the subscriber.

Benefits of SUCI:

• Enhanced Privacy: By concealing the SUPI, SUCI prevents unauthorized parties from readily tracking or identifying subscribers based on their network identifiers.
• Improved Security: Encryption adds an extra layer of security, making it more difficult for attackers to intercept and exploit subscriber information.

Deployment Considerations:

• Network Infrastructure: The 5G core network needs to be equipped to handle SUCI processing, including decryption capabilities using the appropriate public keys.
• UE Compatibility: The UE (phone or device) must have the necessary hardware and software to generate and process SUCI messages.

Conclusion

SUCI plays a crucial role in safeguarding subscriber privacy in 5G networks. By concealing the SUPI, it mitigates the risks associated with exposing permanent identifiers and fosters a more secure and privacy-conscious network environment. As 5G technology continues to evolve, SUCI is expected to remain a cornerstone for protecting user identities.