Every device on a cellular network needs a permanent identity so the network knows whose account to bill and which keys to use. In 2G, 3G, and 4G that identity is the IMSI, the International Mobile Subscriber Identity, a number stored on your SIM. The problem was never the existence of the IMSI. The problem was when and how the network asked for it.
When a phone first attaches to a network, or when the network loses track of it, the network can request the permanent identity directly. On older generations the phone answered with its IMSI in plaintext over the air. Anyone who could pose as a tower could ask the question and collect the answer. That is the entire trick behind an IMSI-catcher.
The Old Attack: Identity in the Clear
An IMSI-catcher, sometimes called a Stingray, is a fake base station. It broadcasts a strong signal that nearby phones prefer, persuades them to attach, and then triggers an identity request. Because the phone would surrender its IMSI before any mutual authentication had taken place, the catcher learned the permanent identity of every device in range. From there it could track who was present at a protest, follow a specific person across the city, or downgrade the connection to intercept traffic.
The root cause is a sequencing failure. The phone proved nothing about who it was talking to before revealing who it was. 4G added mutual authentication for the session, but the initial identity request still leaked the IMSI in the gap before that authentication completed. The fix had to move the protection earlier, to the identity itself.
The vulnerability was not weak encryption of traffic. It was that the long-term identifier was sent before the device could verify it was talking to a legitimate network. 5G closes the gap by never sending that identifier in the clear at all.
SUPI and SUCI: Splitting Identity From Its Wire Form
5G renames and restructures the identity model. The permanent identifier is now the SUPI, the Subscription Permanent Identifier. It plays the role the IMSI used to play, but the standard adds a strict rule: the SUPI must not be transmitted over the radio in the clear.
Instead the device sends the SUCI, the Subscription Concealed Identifier. The SUCI is an encrypted form of the SUPI. The phone encrypts its permanent identity before sending it, so what travels over the air is ciphertext that only the home network can turn back into the real SUPI. A fake base station can collect SUCIs all day and learn nothing durable, because the value is freshly encrypted each time.
How the Concealment Actually Works
The scheme is a textbook use of elliptic-curve public-key cryptography, defined by 3GPP using the ECIES framework. The home network operator has a public and private key pair. The public key is provisioned onto the SIM. The flow looks like this:
- The device generates a fresh ephemeral key pair for this one concealment.
- It performs an elliptic-curve Diffie-Hellman exchange between its ephemeral private key and the operator's public key to derive a shared secret.
- From that secret it derives an encryption key and a MAC key, then encrypts the part of the SUPI that identifies the subscriber and authenticates the result.
- It sends the ciphertext together with its ephemeral public key as the SUCI.
Only the home network holds the private key, so only the home network can run the matching exchange, recover the shared secret, and decrypt the SUPI. Because a new ephemeral key is used each time, two SUCIs generated from the same SUPI look unrelated to an eavesdropper. That unlinkability is the property that defeats passive tracking. The standard specifies elliptic-curve profiles for this, and the always-available choice for any future-proofing discussion is to treat the operator key as a rotating, upgradable credential.
The genius of the design is modest and practical: it does not reinvent cellular security, it just moves one encryption step to before the moment the identity leaves the device. Ephemeral keys make every concealed identity look new.
What 5G Fixes, and What It Does Not
SUCI concealment is a meaningful win against the classic passive IMSI-catcher. But honesty about the threat model requires naming the limits, several of which are significant.
| Concern | Status under 5G SUCI |
|---|---|
| Passive IMSI harvesting | Addressed. The permanent identity is never sent in the clear; ephemeral keys make captures unlinkable. |
| Non-standalone 5G | Often unprotected. Many early 5G deployments run on a 4G core. The SUCI protection depends on the standalone 5G core being in use. |
| Downgrade attacks | Partly open. An attacker can still try to force a phone down to 4G or 2G, where the old IMSI exposure returns. |
| The temporary identifier (5G-GUTI) | Depends on the operator. If a network reallocates the temporary ID too rarely, it can become a tracking handle on its own. |
| Radio-layer fingerprinting | Out of scope. Identity concealment does nothing about device-level radio fingerprints or signal-based location. |
The downgrade gap is the one most worth internalizing. As long as your phone will fall back to 2G or 4G, an attacker who can jam or out-broadcast the 5G signal can drag the connection to a generation where the old exposure applies. This is why some hardened phone configurations let you disable legacy radio access technologies entirely, accepting reduced coverage in exchange for closing the fallback.
Where This Sits in Your Threat Model
Cellular identity privacy is a layer below anything an application can touch. Your messaging app cannot influence whether your SUPI is concealed; that is a property of your carrier, your phone's modem, and the network you are standing in. What the 5G design demonstrates is a principle worth carrying everywhere: do not reveal a long-lived identifier before you have verified who is asking, and rotate the wire form so observations cannot be linked.
That same principle shapes how we think about metadata at Haven. The network operator can see that your phone is online and roughly where it is; that is physics we do not pretend to solve. What we control is the layer above, where the goal is to generate as little linkable identifying data as possible and to keep what we must store encrypted. 5G fixed one old leak by encrypting an identity that used to travel in the open. The broader job, at every layer, is to keep doing exactly that.