Eurosmart | The voice of the Digital Security Industry | Leveraging the 5G SIM for enhanced subscriber privacy

20 Jul 2020 Leveraging the 5G SIM for enhanced subscriber privacy

Posted at 16:10h in CDI, News, Position Papers byadmin8520

Eurosmart welcomes the initiative of Trusted Connectivity Alliance (TCA) to leverage the capabilities of the 5G SIM / eSIM to enhance subscriber privacy. In previous network generations (2G, 3G, 4G), the identifier of the subscriber, aka IMSI, is transmitted in clear text over the air interface and hence is subject to certain threats.

In 5G, this security weakness is addressed. The 5G successor of the IMSI, the Subscriber Permanent Identifier (SUPI), can be encrypted and transmitted over air as a Subscriber Concealed Identifier (SUCI). The key used to encrypt the SUPI is securely stored within the 5G SIM / eSIM. According to the 3GPP specifications, the encryption procedure as such can either be performed within the device or within the 5G SIM / eSIM.

TCA created a whitepaper stating that there are certain scenarios where SUPI encryption is not activated – either on the network side or within the device.

Eurosmart echoes TCA’s position that (1) protection of the 5G subscriber permanent identifier (SUPI) shall be made mandatory and (2) performing the subscriber privacy related encryption (SUCI calculation) shall be done within the 5G SIM / eSIM.

Eurosmart also highlights that these issues have direct consequences on the cybersecurity and resilience of critical infrastructures and Operator of Essential Services (OES), and as such shall also be considered in the light of cybersecurity legislation (NIS Directive).

In addition, Eurosmart believes that respective regulatory measures should be put in place to:

define an ad hoc security certification scheme covering SUPI encryption within 5G SIM / eSIM under the Cybersecurity Act (CSA), taking into consideration the constraints of the market;
require (1) SUPI to be encrypted within the 5G SIM / eSIM, and (2) 5G SIM / eSIM to be mandatorily security certified, to demonstrate its security capabilities.

Please find below Eurosmart’s full position paper on this topic.

Eurosmart_positionpaper_5G_Subscriber_Privacy

Print page

Eurosmart welcomes the recent adoption of the Cyber Resilience Act and the Artificial Intelligence Act by the European Parliament

Eurosmart Unveils Ground-breaking PP-0117 V2 Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile

Eurosmart Welcomes Adoption of the EUCC Scheme, Advocates Collaborative Approach for Sustainable Implementation

Eurosmart welcomes the recent adoption of the Cyber Resilience Act and the Artificial Intelligence Act by the European Parliament

Eurosmart Unveils Ground-breaking PP-0117 V2 Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile

Eurosmart Welcomes Adoption of the EUCC Scheme, Advocates Collaborative Approach for Sustainable Implementation

Revision of the Cybersecurity Act (CSA) – The importance of maintaining efficient governance

Eurosmart’s priorities for the Cyber Resilience Act

Eurosmart’s Comments on the Cyber Resilience Act (CRA) proposal.

EU Common Criteria (EUCC) Certification Scheme

Revision of the Directive on Driving Licences – Eurosmart’s Answer to Public Consultation

European Digital Identity Wallet: Why do we need level “high” (eIDAS) & level “high” (Cybersecurity Act)?

Leveraging the 5G SIM for enhanced subscriber privacy

20 Jul 2020 Leveraging the 5G SIM for enhanced subscriber privacy

Recent news

Follow us on X