Does the switch to 5G security require a new SIM card?

0. Does the switch to 5G security require a new SIM card?

切换到 5G 安全是否需要新的 SIM 卡？

导读：作为智能卡行业的从业人员，其实我们的运营商客户也经常问我们：如果我要部署5G，到底需不需要换5G USIM卡？在这里，我们听听爱立信是怎么说的。

文章来源：https://www.ericsson.com/en/blog/2020/1/5g-security-sim-card 照旧，翻译采用Google，针对性做了些字词调整

One of the most frequent questions we receive from various stakeholders is if the new security and privacy features of 5G require a new SIM card. The simple answer, under certain assumptions, is no. However, a complete answer is nevertheless trickier than just a yes or a no.

This post was originally published in January 2020 and updated in August 2021 to reflect new developments in standardization.

To understand the context behind this question, let’s briefly discuss different types of SIM cards. By “SIM cards”, we mean those smart cards that are used in mobile networks. In 2G, the smart card is called the subscriber identity module (SIM) that represents hardware and software together. Even though these SIMs can also be used in 3G systems, for enhanced security, 3G systems use a newer smart card with software and hardware separated. The universal subscriber identity module (USIM) is one of several software applications that resides in the hardware part, called the universal integrated circuit card (UICC).

In this post, we refer to these newer smart cards as Rel 99+ USIM which are compatible with 3GPP Release 1999 (first 3G specifications) and afterwards. These Rel 99+ USIMs can be used to access every generation of mobile networks, including 5G. Such backward and forward compatibility is achieved by the carefully designed offloading of some computations and storage to mobile phones.

While accessing the 5G system is one thing, the question we have is whether using the “new” security and privacy features of 5G requires a new kind of USIM other than Rel 99+ USIMs which could be used for 4G security. This is a valid question and something which we address below. For the sake of brevity, in this post, we do not touch upon other new features in 5G that do not concern USIM.

我们从各个利益相关者那里收到的最常见问题之一是，5G 的新安全和隐私功能是否需要新的 SIM 卡。在某些假设下，简单的答案是否定的。然而，一个完整的答案仍然比是或否更棘手。

这篇文章最初发表于 2020 年 1 月，并于 2021 年 8 月更新，以反映标准化的新发展。

为了理解这个问题背后的背景，让我们简要讨论一下不同类型的 SIM 卡。 “SIM 卡”是指在移动网络中使用的智能卡。在 2G 中，智能卡被称为用户身份模块 (SIM)，它同时代表硬件和软件。尽管这些 SIM 卡也可用于 3G 系统，但为了增强安全性，3G 系统使用较新的软件和硬件分离的智能卡。通用用户身份模块 (USIM) 是驻留在被称之为通用集成电路卡 (UICC) 的硬件部分的多个软件应用程序之一。

在这篇文章中，我们将这些较新的智能卡称为 Rel 99+ USIM，它们与 3GPP Release 1999（第一个 3G 规范）及更高版本兼容。这些 Rel 99+ USIM 可用于访问包括 5G 在内的每一代移动网络。这种向后和向前兼容性是通过精心设计的将一些计算和存储功能转移到手机来实现的。

虽然访问 5G 系统是一回事，但我们面临的问题是，使用 5G 的“新”安全和隐私功能是否需要除可用于 4G 安全的 Rel 99+ USIM 之外的新型 USIM。这是一个有效的问题，我们将在下面讨论。为简洁起见，在本文中，我们不会涉及 5G 中与 USIM 无关的其他新功能。

1. Identity and access management (IdAM)

身份和访问管理 (IdAM)

In 5G, subscription permanent identifier (SUPI) could be in two formats, one is the legacy format called international mobile subscriber identity (IMSI) and another is the format newly adopted in 5G called network access identifier (NAI). SUPIs in the NAI format allow the use of 3GPP 5G technology in the context of private networks and wireless-wireline convergence. Furthermore, 5G provides at least two methods of authentication and key agreement (AKA) for accessing the network. One such method, 5G AKA, is an evolution of the authentication method in 4G. Another, called EAP-AKA’, is a method now widely adopted in 5G for broader use of the Extensible Authentication Protocol (EAP) framework.

In any case, from the IdAM viewpoint, the Rel 99+ USIMs that could be used in 4G are still compatible with 5G, in the sense that they can be used to authenticate and gain access to the 5G system. The main reason for this forward compatibility is the fact that there is no need for a new permanent security key shared between USIMs and the network. Another reason is that newer storage and computations required for new security features can be offloaded to mobile phones, like the calculation of a new type of AKA response and new session keys.

The adoption of the EAP framework in 5G and the definition of SUPIs in NAI format, means that it is possible for other methods than EAP-AKA’, such as Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), to be used for isolated deployments. In those cases, it could be such that the USIM’s role is skipped. It is also worth noting that, just as with 4G networks, any smart cards older than Rel 99+ USIM (which may be called Rel 98- SIM) cannot be used to access 5G.

在 5G 中，订阅永久标识符 (SUPI) 可以有两种格式，一种是称为国际移动用户身份 (IMSI) 的传统格式，另一种是 5G 中新采用的格式，称为网络访问标识符 (NAI)。 NAI 格式的 SUPI 允许在专用网络和无线有线融合的环境中使用 3GPP 5G 技术。此外，5G 提供至少两种用于访问网络的身份验证和密钥协商 (AKA) 方法。一种即 5G AKA，是 4G 中身份验证方法的演进。另一种称为 EAP-AKA’ 的方法现在在 5G 中被广泛采用，用于更广泛地使用可扩展身份验证协议 (EAP) 框架。

无论如何，从 IdAM 的角度来看，可用于 4G 的 Rel 99+ USIM 仍然与 5G 兼容，因为它们可用于验证和访问 5G 系统。这种向前兼容性的主要原因是不需要在 USIM 和网络之间共享新的永久安全密钥。另一个原因是，可以将新安全功能所需的更新存储和计算转移到移动电话上，例如计算新型 AKA 响应和新会话密钥。

5G 中 EAP 框架的采用和 NAI 格式中 SUPI 的定义，意味着可以使用 EAP-AKA 之外的其他方法，例如可扩展身份验证协议 - 传输层安全 (EAP-TLS)，用于隔离部署。在这些情况下，可能会跳过 USIM 的角色。还值得注意的是，与4G网络一样，任何早于Rel 99+ USIM（可能称为Rel 98-SIM）的智能卡都不能用于访问5G。

2. Privacy

隐私

5G has introduced significant privacy enhancements in terms of how permanent and temporary identifiers are used.

Let’s first discuss the most important one which is the use of subscription concealed identifier (SUCI). The SUCI, which basically hides the SUPI over-the-air, can be calculated using standardized schemes like so-called Profile A and Profile B. It also requires some new parameters like public key of the home network, scheme identifier, and routing indicator. While SUCI calculations using Profile A/B can be offloaded to mobile phones, the standards only permit the storage of the new parameters in the USIM. For brevity, in this post we will not discuss the proprietary option where SUCI calculation can be done in USIMs using non-standardized schemes.

Therefore, Rel 99+ USIMs can be used to store the parameters required for SUCI calculation with Profile A/B given that they support creating the necessary files (DF5GS/EFSUCI_Calc_Info/EFRouting_Indicator). This is also true for Rel 99+ USIMs already in the field, i.e., if they support some mechanisms like remote file management over-the-air (OTA), then they could be used for storing the parameters required for SUCI calculation with Profile A/B. Otherwise, SUCI will be calculated by mobile phones using the so-called “null-scheme” which is a dummy scheme and does not hide SUPI. In other words, Rel 99+ USIMs that cannot store new parameters required for SUCI calculation could still be used to get access to the 5G system but without the ability to hide the SUPI over-the-air.

Note that there are also other privacy enhancements in 5G like the strict refreshment of temporary identifiers, decoupling of permanent identifiers from paging procedures, and partial confidentiality protection of initial messages. For these features, the USIM’s role is not required in the standards.

5G 在如何使用永久和临时标识符方面引入了显着的隐私增强。

我们首先讨论最重要的一个，即订阅隐藏标识符（SUCI）的使用。 SUCI 基本上在空中隐藏 SUPI，可以使用标准化方案（如所谓的 Profile A 和 Profile B）计算。它还需要一些新参数，如归属网络的公钥、方案标识符和路由指示符。虽然使用 Profile A/B 计算 SUCI 可以转移到移动电话，但标准只允许在 USIM 中存储新参数。为简洁起见，在这篇文章中，我们不会讨论可以使用非标准化方案在 USIM 中进行 SUCI 计算的专有选项。

因此，如果 Rel 99+ USIM 支持创建必要的文件 (DF_5GS/EF_SUCI_Calc_Info/EF_Routing_Indicator)，则可以使用配置文件 A/B 存储 SUCI 计算所需的参数。对于已经部署的 Rel 99+ USIM 也是如此，即，如果它们支持一些机制，如通过OTA远程管理文件，那么它们可以用于存储使用 Profile A/B 进行 SUCI 计算所需的参数。否则，手机将使用所谓的“null-scheme”计算SUCI，这是一种虚拟方案，不会隐藏SUPI。换句话说，无法存储 SUCI 计算所需的新参数的 Rel 99+ USIM 仍可用于访问 5G 系统，但无法在空口隐藏 SUPI。

请注意，5G 中还有其他隐私增强功能，例如临时标识符的严格更新、永久标识符与寻呼程序的分离以及初始消息的部分机密性保护。对于这些功能，标准中不需要 USIM 角色。

3. Steering of roaming (SoR) and UE parameter update (UPU)

漫游指引 (SoR) 和 UE 参数更新 (UPU)

SoR and UPU are two new procedures in 5G between mobile phones and the home network. These new procedures enable the home network to update configuration parameters in mobile phones and/or USIM using control plane signaling. It means that in 5G, the home network has an alternative to existing mechanisms like over-the-air (OTA) updates that use SMS as transport.

Besides the handling of the so-called “secured packet” that mobile phones can basically relay to the USIM, the scope of SoR and UPU procedures include parameters like operator controlled PLMN selector with access technology, default configured network slice selection assistance information (NSSAI), and routing indicator.

The handling of new control plane signaling including security, like calculation and verification of new security tokens, are offloaded to mobile phones. Furthermore, in some cases, storage of parameters is also offloaded to mobile phones like default configured NSSAI and mobile phone’s copy of operator controlled PLMN selector with access technology. Therefore, in such cases, special support from the USIM is not required for SoR and UPU in 5G, which means that Rel 99+ USIMs can be used.

However, there are other cases when the storage of the new/updated parameters is still done in USIM, like routing indicator (EFRouting_Indicator), USIM’s copy of operator controlled PLMN selector with access technology (EFOPLMNwACT), and any file handling done by the “secured packet”. Even then, Rel 99+ USIMs are still compatible with SoR and UPU in 5G given that they support the necessary file management operations.

SoR 和 UPU 是 5G 中手机和归属网络之间的两个新流程。这些新流程使归属网络能够使用控制平面信令更新移动电话和/或 USIM 中的配置参数。这意味着在 5G 中，归属网络可以有方法替代现有机制（例如使用 SMS 作为传输方式的的 OTA 更新）。

除了处理手机基本上可以中继到 USIM 的所谓“安全数据包”之外，SoR 和 UPU 流程的范围还包括诸如具有接入技术的运营商控制的 PLMN 选择器、默认配置的网络切片选择辅助信息 (NSSAI) 等参数，和路由指示器。

包括安全性在内的新控制平面信令的处理，例如新安全令牌的计算和验证，被转移到移动电话上。此外，在某些情况下，参数的存储也被转移到移动电话，如默认配置的 NSSAI 和具有接入技术的运营商控制的 PLMN 选择器的移动电话副本。因此，在这种情况下，5G 中的 SoR 和 UPU 不需要 USIM 的特殊支持，这意味着可以使用 Rel 99+ USIM。

但是，在其他情况下，新/更新参数的存储仍然在 USIM 中完成，例如路由指示符 (EF_Routing_Indicator)、USIM 的具有访问技术的运营商控制的 PLMN 选择器的副本 (EF_OPLMNwACT)，以及由“安全数据包”控制的任意文件。即便如此，Rel 99+ USIM 仍然与 5G 中的 SoR 和 UPU 兼容，假设它们支持必要的文件管理操作。

4. Long-term key update process (LTKUP)

长期密钥更新过程 (LTKUP)

Security in 3GPP (2G-5G) ultimately relies on the so-called long-term key (Ki or K) securely stored in the SIM cards. This long-term key enables AKA-based authentication, and is the root key for the derivation of session keys. There are also other long-term keys used for the secure management of SIM cards, called over the air (OTA) keys, which are also securely stored in the SIM cards.

If these long-term keys (Ki or K, and OTA keys) leak due to any reason (for example, an accidental exposure or factory compromise), the impact on security would be devastating.

Earlier, the only way of handling such a leak was replacing the SIM cards. Now, 3GPP has recommended two standardized ways for securely and quickly replacing the long-term keys using OTA: one using a Diffie-Hellman based key agreement, and another activating one among multiple sets of keys on the USIM.

If the service provider chooses to use LTKUP, then new SIM cards are indeed required. But LTKUP is specified as informational, i.e., not mandatory, and it is not specific to 5G by any means (it applies from 2G to 5G).

Therefore, LTKUP does not mandate new SIM cards for accessing 5G or enabling any 5G security and privacy features.

3GPP (2G-5G) 中的安全性最终依赖于安全存储在 SIM 卡中的所谓的长期密钥（Ki 或 K）。此长期密钥启用基于 AKA 的身份验证，并且是导出会话密钥的根密钥。还有其他长期密钥用于 SIM 卡的安全管理，称为无线 (OTA) 密钥，它们也安全地存储在 SIM 卡中。

如果这些长期密钥（Ki 或 K 以及 OTA 密钥）因任何原因（例如意外暴露或工厂泄露）而泄漏，对安全性的影响将是毁灭性的。

早些时候，处理此类泄漏的唯一方法是更换 SIM 卡。现在，3GPP 推荐了两种使用 OTA 安全快速地替换长期密钥的标准化方法：一种使用基于 Diffie-Hellman 的密钥协议，另一种在 USIM 上激活多组密钥中的一个。

如果服务提供商选择使用 LTKUP，那么确实需要新的 SIM 卡。但是 LTKUP 被指定为信息性的，即不是强制性的，并且它绝不是特定于 5G 的（它适用于 2G 到 5G）。

因此，LTKUP 不强制要求使用新的 SIM 卡来访问 5G 或启用任何 5G 安全和隐私功能。

5. Non-public network (NPN)

非公网（NPN）

3GPP recently specified native support for NPNs in 5G. Not only can these NPNs be deployed with support from a public network, called Public Network Integrated NPN (PNI-NPN), but also separately on their own, called Stand-alone NPN (SNPN).

In PNI-NPN, a PLMN subscription is mandatory. This includes a SUPI and credentials securely stored at the device, for example, in the SIM card in case of AKA long-term keys. The PNI-NPN may use Closed Access Groups (CAG) so that only authorized PNI-NPN devices can access the PNI-NPN. In this case, devices may be configured with the list of CAG cells the devices are allowed to access and/or whether the devices are only allowed to access 5GS via CAG cells (for example, a robot within a factory) or if they may also access 5GS via non-CAG cells (for example, a factory worker’s mobile phone that can also connect to the PLMN when outside the factory premises).

Storage of NPN related settings can be offloaded to the NPN device, so NPN itself does not mandate new SIM cards for accessing the NPN.

In SNPN, although a subscriber can be identified and authenticated by an IMSI based SUPI and AKA long term keys, a PLMN subscription is not strictly required. In fact, no SIM card would be required for SNPNs that use authentication EAP methods other than EAP-AKA (EAP-TLS, for example) as explained earlier.

In any case, when it comes to NPN, and specially to SNPN, the assumption is that most of the devices and subscriptions will be new, and in case of requiring the support of a SIM, corresponding SIMs could be appropriately configured to enable all security, privacy and NPN specific settings required from start as required by the NPN.

3GPP 最近指定了对 5G 中 NPN 的原生支持。这些 NPN 不仅可以在公共网络的支持下部署，称为公共网络集成 NPN (PNI-NPN)，而且还可以单独部署，称为独立 NPN (SNPN)。

在 PNI-NPN 中，PLMN 订阅是强制性的。这包括安全存储在设备中的 SUPI 和凭证，例如，如果是 AKA 长期密钥，则存储在 SIM 卡中。 PNI-NPN 可以使用封闭访问组 (CAG)，以便只有经过授权的 PNI-NPN 设备才能访问 PNI-NPN。在这种情况下，设备可以配置允许设备访问的 CAG 单元列表和/或是否仅允许设备通过 CAG 单元（例如，工厂内的机器人）访问 5GS，或者它们是否也可以通过非 CAG 小区访问 5GS（例如，工厂工人的移动电话在工厂外也可以连接到 PLMN）。

NPN 相关设置的存储可以转移到 NPN 设备，因此 NPN 本身并不强制要求使用新的 SIM 卡来访问 NPN。

在 SNPN 中，虽然可以通过基于 IMSI 的 SUPI 和 AKA 长期密钥来识别和验证订户，但并不严格要求订阅 PLMN。 事实上，如前所述，使用 EAP-AKA（例如 EAP-TLS）以外的身份验证 EAP 方法的 SNPN 不需要 SIM 卡。

在任何情况下，当涉及到 NPN，特别是 SNPN 时，假设大多数设备和订阅都是新的，并且在需要 SIM 支持的情况下，可以适当配置相应的 SIM 以启用所有安全性 根据 NPN 的要求，从一开始就需要隐私和 NPN 特定设置。

6. Summary

To summarize, we discussed impacts on USIMs by relevant security and privacy features that are new in 5G.

Firstly, from an IdAM viewpoint, Rel 99+ USIMs, which could be used for 4G, are still compatible to get access to 5G.

Secondly, regarding SUPI privacy, Rel 99+ USIMs can be used to enable SUCI calculation with Profile A/B as long as they support the necessary file management operations. Regarding other privacy features, Rel 99+ USIMs are fully compatible in their current form.

From the perspective of SoR/UPU procedures, Rel 99+ USIMs are compatible in their current form only in some cases, while compatibility in other cases will depend on them supporting the necessary file management operations.

Next, LTKUP is neither a mandatory feature nor specific to 5G.

Finally, NPNs by themselves do not require new SIM cards, although the assumption is that most NPN users will be connected using new subscriptions for which fresh SIM cards could be appropriately configured from the start.

It is pertinent to mention that ultimately, whether or how the above-mentioned new security and privacy features are used is in the remit of the service provider and therefore, even in the worst-case scenario, they will not prohibit access to the plethora of other basic 5G features.

If you’re a subscriber, you don’t need to concern yourself with what version of SIM card is in your mobile phone and whether or not your service provider swapped an old SIM card; you should rather be interested in the particular features you care about, for example, whether SUPI privacy is enabled or not.

总而言之，我们讨论了 5G 中新增的相关安全和隐私功能对 USIM 的影响。

首先，从 IdAM 的角度来看，可用于 4G 的 Rel 99+ USIM 仍然兼容以访问 5G。

其次，关于 SUPI 隐私，只要支持必要的文件管理操作，Rel 99+ USIM 就可以用于启用 Profile A/B 的 SUCI 计算。关于其他隐私功能，Rel 99+ USIM 完全兼容其当前形式。

再次，从 SoR/UPU 程序的角度来看，Rel 99+ USIM 仅在某些情况下以其当前形式兼容，而在其他情况下的兼容性将取决于它们支持必要的文件管理操作。

其次，LTKUP 既不是强制性功能，也不是 5G 特有的。

最后，NPN 本身不需要新的 SIM 卡，尽管假设大多数 NPN 用户将使用新的订阅连接，新的 SIM 卡可以从一开始就进行适当的配置。

值得一提的是，最终，是否或如何使用上述新的安全和隐私功能是服务提供商的职权范围，因此，即使在最坏的情况下，他们也不会禁止访问过多的其他基本 5G 功能。

如果您是用户，您无需担心手机中的SIM卡版本以及您的服务提供商是否更换了旧SIM卡；您应该对您关心的特定功能感兴趣，例如，是否启用了 SUPI 隐私。

7. Technical notes

技术说明

• IdAM part – The formats of SUPI (IMSI and NAI) are defined in 3GPP TS 23.003, see clauses 2.2A, 2.2, and 28.7.2. The new type of AKA response is called RES* and new session keys are called KAUSF and KSEAF. See clauses 6.1 in 3GPP TS 33.501 for details. In Annex B of that TS, you will also find details of using EAP-TLS.

• Privacy part – The formats of SUCI are defined in clauses 2.2B and 28.7.3 in 3GPP TS 23.003. Clause 6.12 and Annex C in 3GPP TS 33.501 contain main details of subscription identifier privacy. Clause 4.4.11 in 3GPP TS 31.102 specifies USIM files specific to 5G.

• SoR/UPU part – The new security tokens are called SoR-MAC-IAUSF, UPU-MAC-IAUSF, SoR-MAC-IUE, and UPU-MAC-IUE. See the main details of SoR and UPU can be found in clauses 6.14 and 6.15 in 3GPP TS 33.501, Annex C in TS 23.112, and Clause 4.20 in TS 23.502.

• LTKUP part – Details of LTKUP are specified in an information series report 3GPP TR 33.935.

• NPN part – General description of NPNs can be found in TS 23.501 and 23.502. Security of NPN is specified in TS 33.501.

• IdAM 部分——SUPI 的格式（IMSI 和 NAI）在 3GPP TS 23.003 中定义，见条款 2.2A、2.2 和 28.7.2。新型 AKA 响应称为 RES*，新会话密钥称为 KAUSF 和 KSEAF。有关详细信息，请参阅 3GPP TS 33.501 中的第 6.1 条。在该 TS 的附件 B 中，您还将找到使用 EAP-TLS 的详细信息。

• 隐私部分 - SUCI 的格式在 3GPP TS 23.003 中的条款 2.2B 和 28.7.3 中定义。 3GPP TS 33.501 中的条款 6.12 和附件 C 包含订阅标识符隐私的主要细节。 3GPP TS 31.102 中的条款 4.4.11 指定了特定于 5G 的 USIM 文件。

• SoR/UPU 部分——新的安全令牌称为 SoR-MAC-IAUSF、UPU-MAC-IAUSF、SoR-MAC-IUE 和 UPU-MAC-IUE。 SoR 和 UPU 的主要细节可以在 3GPP TS 33.501 中的第 6.14 和 6.15 条、TS 23.112 中的附件 C 和 TS 23.502 中的第 4.20 条中找到。

• LTKUP 部分 – LTKUP 的详细信息在信息系列报告 3GPP TR 33.935 中指定。

• NPN 部分 – NPN 的一般描述可以在 TS 23.501 和 23.502 中找到。 NPN 的安全性在 TS 33.501 中有规定。

We want to thank our wonderful colleagues for their valuable inputs: Vesa Torvinen, Noamen Ben Henda, Christine Jost, Monica Wifvesson, Peter Hedman, Ivo Sedlacek, Eva Fogelström.

我们要感谢我们出色的同事提供的宝贵意见：Vesa Torvinen、Noamen Ben Henda、Christine Jost、Monica Wifvesson、Peter Hedman、Ivo Sedlacek、Eva Fogelström。

彩蛋：既然都看到这里了，说明上面的内容虽然枯燥，应该也已经看完了。简单来说，这篇文章的意思就是如果USIM卡支持通过OTA创建和更新文件，那么基本所有的计算工作都可以交给终端负责。至于实际执行情况如何，需要综合考虑运营商的需求定义和终端的真实能力。