A Survey of 5G Core Network User Identity Protections, Concerns, and Proposed Enhancements for Future 6G Technologies

Fifth-Generation (5G) cellular networks extensively utilize subscriber identifiers throughout the protocol stack, thereby linking subscribers to their activities on the network. With the inherent use of linked identifiers comes the potential capability to track subscribers’ location and behavior, which poses critical challenges for user identity protections and privacy in sensitive applications like military or healthcare operating over public 5G infrastructure. The reliance on such personal identifiers threatens a user’s right to privacy and brings to light the importance of proper mechanisms to mitigate these risks for current and future cellular network technologies. In this paper, we explore the 5G specifications to understand the most important list of identifiers and their use across Virtual Network Functions (VNF), and points of exposure within the Core Network (CN). We also examine the existing literature regarding identity protections and efforts to mitigate privacy concerns targeted in the CN. Findings include the need for a trust relationship between users and their network providers to protect and safeguard their identity. While 5G technology has greater user identity protections compared to previous cellular generations, our analysis shows that several areas of concern remain, particularly in the exchange of subscriber metadata. This work also finds that new technologies adopted in 5G networks add further complexity to maintaining a strict posture for safeguarding user identity and privacy protections. This paper also reviews the scientific community’s proposed enhancements for future 6G networks’ user identity and privacy protections, with a focus on emerging Artificial Intelligence (AI) and Machine Learning (ML) applications. The ethical implications of private or anonymous communications are also carefully weighed and examined to understand the multifaceted nature of this topic. Our work is concluded by proposing important further research to reduce the prevalence and reliance on personal identifiers such as the SUPI (Subscription Permanent Identifier) within 5G Core operations to help better protect user identity. We also propose replacing the widespread use of the SUPI between VNFs with ephemeral identifiers, building upon efforts by 3GPP aiming for 5G to protect the SUPI from eavesdroppers.