Security News > 2020 > September > Recommendations to enhance subscriber privacy in 5G
"To address the significant privacy risks posed by IMSI catchers, the 5G standards introduced the possibility for MNOs to encrypt the IMSI before it is sent over-the-air," comments Claus Dietze, Chair of Trusted Connectivity Alliance.
Of the available options, executing IMSI encryption within the 5G SIM, which refers to both the SIM or eSIM as defined by Trusted Connectivity Alliance as the Recommended 5G SIM, emerges as a comprehensive solution when examined against a range of key criteria.
"Eurosmart fully supports the Trusted Connectivity Alliance position on subscriber privacy encryption, and agrees it should be managed within the 5G SIM. If we consider the direct impact on the security and resilience of critical infrastructures and essential services, and the requirements of the NIS directives, it is also apparent that a robust regulatory response is warranted to support these recommendations," adds Philippe Proust, President of Eurosmart.
"We therefore contend that regulatory measures should be implemented to define an ad hoc security certification scheme addressing IMSI encryption within the 5G SIM under the EU Cybersecurity Act. In addition, it should be a requirement for the IMSI to be encrypted within the 5G SIM, and for the 5G SIM to be mandatorily security certified to demonstrate its capabilities."
Claus concludes: "Managing IMSI encryption within the 5G SIM delivers control, best-in-class security and interoperability to prevent malicious and unlawful interception. And with 5G creating a vast array of new use-cases, SIM-based encryption is the only viable way to establish interoperability across emerging consumer and industrial IoT use-cases and, ultimately, enable a secure connected future."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/mveGr7DsDbg/