Effective Subscriber Identity Privacy Protections Within 5G Core Networks Through Ephemeral Identifiers

Authors

Paul V. Scalise, University of Nebraska-LincolnFollow

First Advisor

Hamid R. Sharif-Kashani

Committee Members

Juan Lopez, Jr., Jon Youn

Date of this Version

5-2025

Document Type

Thesis

Citation

A thesis presented to the faculty of the Graduate College at the University of Nebraska in partial fulfillment of requirements for the degree of Master of Science

Major: Telecommunications Engineering

Under the supervision of Professor Hamid R. Sharif-Kashani

Lincoln, Nebraska, May 2025

Comments

Copyright 2025, Paul V. Scalise. Used by permission

Abstract

Inside a 5G Core Network, individual subscriber’s SUPIs (Subscriber Permanent Identi- fier) are utilized extensively throughout internal network calls, linking subscribers to their activities on the network. The use of linked identifiers can allow for tracking of subscriber location and behavior, creating significant challenges for protecting user identities and ensuring privacy. This becomes especially apparent in sensitive sectors such as military, government, and healthcare operations over public 5G networks. Relying on these personal identifiers threatens individual privacy rights, which highlights the urgent need for effective safeguards in both current and future cellular network technologies.

This thesis introduces an effective privacy protection scheme, replacing SUPIs with ephemeral IDs; specifically the SUEI (Subscriber Ephemeral Identifier) within Core Net- works. The application of the SUEI into existing 5G infrastructure requires an additional Virtual Network Function (VNF) — the IDPF (Identity Privacy Function) — is also intro- duced in this thesis. Tests of the IDPF are conducted using free5GC, an open-source 5G Core Network along with a simulated Radio Access Network (RAN) and User Equipment (UE) realized in the UERANSIM utility. Results from integration tests demonstrate that the effectively masks SUPIs within the Core Network using ephemeral IDs. While its integration fully adheres to the 5G protocol, it does necessitate a few targeted code migrations from the UDM and AMF to the IDPF in order to support specific key derivations aligned with the identifier stored in the UE. Packet captures which are presented show how the IDPF masks the SUPI in network calls. Further discussions are presented on the structural and trust changes, which are necessary within the Core Network to achieve this implementation.

Advisor: Hamid R. Sharif-Kashani