Which Element Should Calculate SUCI: 5G SIM or Mobile Device?

Short Answer… 5G SIM

Protecting subscriber identity and privacy is one of the most hot topics in today’s connected world. For telecom domain, mnos has used IMSI to uniquely define each subscriber identity inside network. However, IMSI used to be hacked over the air when transmit its value in clear format in all previous G (2G, 3G, 4G) networks.

In 5G standard, 3gpp introduced SUCI which basically hides the IMSI over-the-air. However, calculating such encrypted IMSI requires some new parameters like public key of the HPLMN, scheme identifier, and routing indicator, and advanced operating system calculation capabilities. Regarding parameters, it will be part of profile inside SIM. So, no problem. Main challenge is related to calculations. What is best element to do these calculations ? SIM card itself or offloading to mobile device ?

As per Trusted Connectivity Alliance (TCA), the recommended way to enforce privacy is to manage this IMSI encryption within the 5G SIM only rather than the device. Let see the differences in below table.

It is worth to mention that SIM Giant suppliers (Thales, Giesecke+Devrient, IDEMIA, …etc) issued their 5G SIM with SUCI calculation capability as built-in feature.

Credits: :point_down:

1 Like

Can SUCI change over life time of SIM?

SUCI is a temporary thing generated which expires upon a timer. Once the P-TMSI is assigned there is no need for SUCI