What? You need to change your SIM card to use 5G?!

Since 5G was officially put into commercial use last year, the three major operators have unanimously announced that to use 5G services, there is no need to change SIM cards or numbers. Even if you continue to use 4G packages, it is fine as long as you have a 5G mobile phone.

However, the "China Telecom 5G SA Security Enhanced SIM Card White Paper" recently released by China Telecom clearly states (excerpt):

"At this stage, users access the 5G network by using 4G cards issued by operators..., which can no longer meet the information and security requirements of the 5G network..., and users cannot enjoy the new experience and business services brought by the 5G network."

What is going on?

As we all know, the domestic 5G network construction started with the NSA (Non-Stand Alone) mode, which requires the 4G network as an anchor point for access. There is of course no problem using the SIM card currently used for 4G.

At present, the cumulative shipments of 5G mobile phones in China have reached nearly 30 million units. Everyone is using 5G well, and the measured speed can even reach over 1Gbps. I have never seen anyone talk about changing the SIM card.

According to the plan, 5G construction this year will switch from NSA to SA (Stand Alone) mode. In this way, the network can support all 5G services such as high speed, large connection, high reliability, low latency, and network slicing, becoming "real 5G."

At this juncture, the title of the white paper released by China Telecom also mentions the keyword "SA". Could it be that after the SA mode 5G is launched, all users will have to change to this "security enhanced SIM" to use it?

To answer this question, let’s first look at what the SIM card does.

The full name of SIM card is Subscriber Identity Module, also called user identification module. It is installed on the mobile phone to identify the user, just like the mobile phone’s ID card.

The network needs to rely on the information stored in the SIM card to determine whether the user is a legitimate user who has paid money. Only after the authentication is passed will the mobile phone be allowed to access. This process is called "authentication".

The figure below describes the authentication workflow of 2G GSM.

2G SIM authentication process

The specific details of the authentication principle are too complicated to be described in detail. The core idea is that the SIM card and the core network both store the same key (which can be considered a virtual key). During authentication, the SIM card first sends its ID card (IMSI in the figure above) to the core network, and then the core network sends a locked box to the SIM card. If the SIM card can be opened successfully with its own key, it means that the user is an authorized user and can access the network.

This process has an obvious loophole, that is, only the network can judge whether the user represented by the SIM card is legitimate, and the SIM card does not judge whether the network is legitimate. This gives fake base stations an opportunity to exploit.

Fake base stations will not actually perform any authentication work and will directly pass authentication unconditionally. Real users do not have the ability to identify whether the other party is a real base station or a fake one, so they can only hand over their ID cards and fall into the trap and be slaughtered.

[[326153]]

In the 3G era, in order to improve the security level, a two-way authentication mechanism was introduced. That is, not only does the network authenticate the user, but the user also authenticates the network. Communication will only take place after both parties confirm that the other party is legitimate.

In order to support two-way authentication, the SIM card has also been upgraded to a USIM (Universal Subscriber Identity Module) card. Considering that everyone is used to calling it a SIM card, the term "SIM card" will continue to be used to refer to the USIM card.

The figure below describes the authentication workflow of 3G UMTS.

3G authentication process using USIM

The specific details of the authentication principle are more complicated than 2G, so they will not be described in detail.

The core idea is: the SIM card and the core network both store the same key. During authentication, the SIM card first sends its ID card (IMSI in the picture above) to the core network, and then the core network sends a locked box with its own identity tag to the SIM card. The SIM card first determines whether there is any problem with the tag. If it is determined that the other party is the right person and the key can be used to open the box successfully, it means that everyone is a family and can contact each other.

This authentication process solves the problem of two-way authentication, greatly improves security, and makes it impossible for fake base stations to interfere. Therefore, 4G still uses this process.

However, even the wisest are cautious and can make mistakes. Although the mobile phone and the base station, the communicating parties, have gone through several authentication processes and exchanged glances to confirm that they are the right people, when they start the authentication, the ID card (IMSI) sent by the SIM card is sent in plain text, which leads to the risk of privacy leakage.

If this unprotected identity information floating in the air is intercepted by people or organizations with bad intentions, the user can be tracked and combined with other information for big data analysis, from points to lines and then to surfaces, personal privacy can be exposed.

Just imagine that in smart medical systems and smart transportation, business information such as patient medical records, prescriptions and treatment plans, vehicle location and driving trajectory are high-security data involving human safety. In 4G networks, hackers may track and lock user identities and then attack this part of user privacy data for profit, forming a black industrial chain.

The 5G security enhanced SIM card mentioned in this white paper completely solves the security risks of the above-mentioned ordinary SIM card. It can encrypt the user's identity information during authentication, which is more secure and reliable.

In addition, industry applications can be built in and unified user security authentication services can be provided for these applications, avoiding duplication of industry authentication capabilities, saving construction and operating costs, and allowing industry partners to invest more resources in their own business development.

Since the 5G security enhanced SIM card is so powerful, do ordinary users have to switch to this advanced SIM card to use the 5G network?

China Telecom also gave a clear response:

"Existing 4G users do not need to change their cards. As long as they switch to 5G phones, they can use 5G services in areas covered by 5G signals. The 5G security enhancement card will mainly be used for application scenarios with higher security requirements, such as smart manufacturing, Internet of Vehicles, telemedicine, and smart cities."

Now everything is clear: ordinary users do not have high security requirements, so there is no problem using the previous SIM card and there is no need to change it; but for various IoT services supported by 5G SA networking, due to higher security requirements, new "security enhanced SIM cards" are needed.

Well, that’s all for this issue. I hope it will be helpful to you.