Trusted Connectivity Alliance (TCA), formerly SIMalliance, has published a white paper outlining the clear benefits of 5G SIM capabilities to protect the most prominent personal data involved in mobile communications — the International Mobile Subscriber Identity (IMSI).
The IMSI, known as a Subscription Permanent Identifier (SUPI) in 5G, is the unique identifier allocated to an individual SIM by an MNO. Despite representing highly personal information, the IMSI is exposed to significant security vulnerabilities as it is sent unencrypted over-the-air in 2G, 3G and 4G technologies. Most notably, ‘IMSI catchers’ are readily and inexpensively available and can be used to illegally monitor a subscriber’s location, calls and messages.
“To address the significant privacy risks posed by IMSI catchers, the 5G standards introduced the possibility for MNOs to encrypt the IMSI before it is sent over-the-air,” comments Claus Dietze, Chair of Trusted Connectivity Alliance said in a press release. “But as the standards state that encryption can be performed either by the SIM or by the device, and even be deactivated, there is potential for significant variability in terms of implementation. This creates scenarios where the IMSI is not sufficiently protected and the subscriber’s personal data is potentially exposed.”
Given these scenarios, the white paper recommends that MNOs consider limiting the available implementation options to rely on proven, certified solutions. Of the available options, executing IMSI encryption within the 5G SIM, which refers to both the SIM or eSIM as defined by Trusted Connectivity Alliance as the Recommended 5G SIM, emerges as a comprehensive solution when examined against a range of key criteria. This includes ownership and control, the security of the SIM and its production process, and certification and interoperability.
Claus concludes: “Managing IMSI encryption within the 5G SIM delivers control, best-in-class security and interoperability to prevent malicious and unlawful interception. And with 5G creating a vast array of new use-cases, SIM-based encryption is the only viable way to establish interoperability across emerging consumer and industrial IoT use-cases and, ultimately, enable a secure connected future.”
Protecting Subscriber Privacy in 5G is available for free download from the Trusted Connectivity Alliance website.