Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST CSWP 36C (Initial Public Draft)

Reallocation of Temporary Identities: Applying 5G Cybersecurity and Privacy Capabilities

Date Published: November 6, 2024
Comments Due: December 6, 2024
Email Comments to: 5g-security@nist.gov

Author(s)

Michael Bartock (NIST), Jeffrey Cichonski (NIST), Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity), Parisa Grayeli (MITRE), Sanjeev Sharma (MITRE)

Announcement

5G technology for broadband cellular networks will significantly improve how humans and machines communicate, operate, and interact in the physical and virtual world. 5G provides increased bandwidth and capacity, and low latency. However, professionals in fields like technology, cybersecurity, and privacy are faced with safeguarding this technology while its development, deployment, and usage are still evolving.

To help, the NIST National Cybersecurity Center of Excellence (NCCoE) has launched the Applying 5G Cybersecurity and Privacy Capabilities white paper series. The series targets technology, cybersecurity, and privacy program managers within commercial mobile network operators, potential private 5G network operators, and organizations using and managing 5G-enabled technology who are concerned with how to identify, understand, assess, and mitigate risk for 5G networks. In the series we provide recommended practices and illustrate how to implement them. All of the capabilities featured in the white papers have been demonstrated on the NCCoE testbed on commercial-grade 5G equipment.

We are pleased to announce the availability of the fourth white paper in the series: 

Reallocation of Temporary Identities This publication provides additional details regarding how 5G protects subscriber identities (IDs). It focuses on how the network reallocates temporary IDs to protect users from being identified and located by an attacker. Unlike previous generations of cellular systems, new requirements in 5G explicitly define when the temporary ID must be reallocated (refreshed), which is explained in the document.

Abstract

Keywords

3GPP; 5G; cybersecurity; privacy; reallocation of temporary identities (IDs); Subscription Concealed Identifier (SUCI); Subscription Permanent Identifier (SUPI); Globally Unique Temporary user equipment Identity (GUTI)
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.CSWP.36C.ipd
Download URL

Supplemental Material:
Project homepage

Publication Parts:
CSWP 36
CSWP 36A
CSWP 36B

Document History:
11/06/24: CSWP 36C (Draft)

Topics

Security and Privacy

risk management

Technologies

mobile, networks

Applications

communications & wireless

Sectors

telecommunications