Date Published: March 2026
Author(s)
Michael Bartock (NIST), Jeffrey Cichonski (NIST), Murugiah Souppaya (NIST), Karen Kent (Trusted Cyber Annex), Parisa Grayeli (MITRE), Sanjeev Sharma (MITRE)
This white paper provides an overview of “no Subscription Permanent Identifier (SUPI) based paging,” a 5G capability for protecting users from being identified and located by an attacker. Unlike previous generations of cellular systems, new requirements in 5G standards protect subscriber confidentiality by using a temporary identity (ID) instead of SUPI for the paging protocol, and explicitly define when the temporary ID must be reallocated (refreshed). 5G network operators and organizations using 5G technologies are encouraged to verify that the paging is happening as described in the 5G standards. This white paper is part of a series called Applying 5G Cybersecurity and Privacy Capabilities, which covers 5G cybersecurity- and privacy-supporting capabilities that were implemented as part of the 5G Cybersecurity project at the National Cybersecurity Center of Excellence (NCCoE).
This white paper provides an overview of “no Subscription Permanent Identifier (SUPI) based paging,” a 5G capability for protecting users from being identified and located by an attacker. Unlike previous generations of cellular systems, new requirements in 5G standards protect subscriber...
See full abstract
This white paper provides an overview of “no Subscription Permanent Identifier (SUPI) based paging,” a 5G capability for protecting users from being identified and located by an attacker. Unlike previous generations of cellular systems, new requirements in 5G standards protect subscriber confidentiality by using a temporary identity (ID) instead of SUPI for the paging protocol, and explicitly define when the temporary ID must be reallocated (refreshed). 5G network operators and organizations using 5G technologies are encouraged to verify that the paging is happening as described in the 5G standards. This white paper is part of a series called Applying 5G Cybersecurity and Privacy Capabilities, which covers 5G cybersecurity- and privacy-supporting capabilities that were implemented as part of the 5G Cybersecurity project at the National Cybersecurity Center of Excellence (NCCoE).
Hide full abstract
Keywords
3GPP; 5G; cybersecurity; paging; privacy; Subscription Concealed Identifier (SUCI); Subscription Permanent Identifier (SUPI)
Control Families
None selected
