9/22/2017 LTE: User Identifiers - IMSI and GUTI | NETMANIAS

Login | Register FREE! | English | Korean | About Us

  Home | Reports | Technical Documents | Tech-Blog | One-Shot Gallery | Korea ICT News | About Us | List of Contributors | Become a Contributor |
 
  KT SK Telecom LG U+ Korean Vendors Network Architectures  
 
Sec on 5G 4G LTE C-RAN/Fronthaul Gigabit Internet IPTV/Video Streaming IoT SDN/NFV Wi-Fi KT SK Telecom LG U+ Network Protocol Samsung
 
CHANNELS HFRFRONTHAUL NetvisionMPTCP Springwave1588 PTP   Korea Communica on Review      

What is Latency; A User’s Perspective

NETMANIAS TECH-BLOG

LTE: User Iden fiers - IMSI and GUTI

July 10, 2013 | By Dr. Michelle M. Do (tech@netmanias.com)

Online viewer: HTML PDF Viewer (paper file)

Today's topic is IMSI (International Mobile Subscriber Identity) and GUTI (Globally Unique Temporary
Download
Identifier). These two are parameters (identifiers) used in identifying UEs in LTE networks.
PDF File

What is IMSI?
Comments (3)
IMSI is a unique ID that globally identifies a mobile subscriber. It is composed of two parts, PLMN ID and
10 MSIN, as shown in Figure below. A PLMN ID is an ID that globally identifies a mobile operator (e.g.
combination of MCC (450) and MNC (05) for SK Telecom in Korea). MSIN is a unique ID that identifies a
Share
mobile subscriber within a mobile operator.
Tweet Then, why do mobile operators need to identify its mobile subscribers?
Like
First because that way the operators can tell whether to allow a subscriber attempting to access their
network (LTE network) or not. Second they need to identify their subscribers to decide which QoS policy
(bandwidth, priority, etc.) to apply to each of them, and finally to charge for the services rendered to each
subscriber.

When a user subscribes to a mobile network, the user gets a device and a USIM card (SIM card) that has
an IMSI in it.
By then, the LTE network should already have the same IMSI registered as well. IMSIs are stored in an HSS
and an SPR, the LTE entities. In the HSS, a key to be used along with an IMSI in authenticating subscribers,
and QoS profile to be used by the user are stored. So, when users attempt to access (i.e. who send Attach
Request message), the HSS (the MME on behalf of the HSS, to be accurate. See LTE Authentication for
further explanation) denies the users with an unregistered IMSI, but allows ones with a valid registered
IMSI by delivering authentication information and QoS profile to the MME. An SPR works with an PCRF to
apply a policy to a subscriber. We will revisit SPRs and PCRFs later sometime.

Subscribe FREE
Currently, 47,000+ subscribe
• You can get Netmanias Ne
(New contents, Korea ICT
• You can view all netmanias
• You can download all netm
contents in pdf file

What is GUTI?

Now, we know what IMSI is. But, what is GUTI then?

https://www.netmanias.com/en/post/blog/5929/lte/lte-user-identifiers-imsi-and-guti 1/3
9/22/2017 LTE: User Identifiers - IMSI and GUTI | NETMANIAS
KOREA ICT RESEARCH REPOR
As mentioned above, IMSI is one of the most important parameters that identify a subscriber. So, if it is SK Telecom's Massive I
exposed over radio link, serious security problem can be caused. Let's say, a hacker somehow finds out
through LoRa for Small
your IMSI over the radio link and uses the IMSI in his device. He can disguise himself as you and use LTE
services without paying a penny. Then, you will end up paying for the services that you don't use. (Of
course, you can fix this problem through device authentication (using the unique serial number). We will
not talk about how you fix it now, though.

So, to keep an IMSI secure, an alternate value that a subscriber (UE) can use instead of the IMSI
(whenever possible) to access the LTE network was needed. That is why GUTI is used. Unlike an IMSI, a
GUTI is not permanent and is changed into a new value whenever generated.

When a UE initially attaches to an LTE network (e.g. turning on the UE), it sends its IMSI to the network for
authentication to have itself identified. In other words, it uses the IMSI as its ID. Once connection is
established (i.e. once successfully authenticated), the network (MME) delivers a GUTI value through Attach
Accept message to the UE, which then remembers the value to use it as its ID instead of the IMSI when it
re-attaches to the network (i.e. when it is turned off and then on again later).

The network (MME) can also allocate a GUTI to a UE during TAU process. That is, the GUTI, the temporary SK Telecom commercialized
ID that identifies the UE, can be changed into a new value even while the UE stays attached to the network. nationwide LoRa-based, IoT
The network also remembers the GUTI value it allocated to the UE, and thus can recognize the UE even the end of June. This report w
when it requests access using the GUTI, not the IMSI. SK Telecom is poised for the
sector, and where it is headin
As such, since "GUTIs that are temporary values and can be changed as needed" are used as IDs for UEs,
they have a greater chance of staying secure even when exposed frequently over the radio link.
The format of a GUTI is illustrated in the lower part of the following figure. Since a GUTI is allocated by an
MME, it contains an MME identifier (MMEI) that shows which MME allocates the GUTI and an M-TMSI, a
temporary value that uniquely identifies a subscriber in that particular MME.
How to contribute articl
We always welcome contribu
your expertise and inspire oth

View All (690)

4.5G (1) 5G (62) AI

Authentication (4) Big Data

CDN (4) CPRI (4) Carrier Ethernet
CoMP (6) Connected Car
(6) GSLB (1) GiGAtopia (2)
Google (7) Google Global Cache
HTTP Adaptive Streaming
IEEE 802.1 (1) IP Routing

IoT (46) KT (40)

Market (1) Korea ICT Service
LG U+ (18) LTE
LTE-H (2) LTE-M (3) LTE-U

2015 (8) NB-IoT (6) Netflix

Protocol (18) Network Slicin
OTT (3) PCRF (1) QoS (3) RCS

jagadish 2015-05-06 20:31:14 SDN/NFV (51)

Cant we use the same IP address allocated for a UE to connect multiple PDNs? Why different IPs for each PDN?
Telecom (33) Samsung
Driving (1) Small Cell (2) Spectrum Sh

TAU (2) UHD (5) VR (2) Video S

Brian Lee 2015-05-10 03:27:19
VoLTE (8) VoWiFi (2) Wi-Fi
No, IP address shall be different for each PDN connection because there should be ONLY ONE default bearer per PDN. (1) eMBMS (1)

TS 23.401
5.3.1 IP address allocation
The IP address allocated for the default bearer shall also be used for the dedicated bearers within the same PDN connection. IP address allocation for
PDN connections, which are activated by the UE requested PDN connectivity procedure, is handled with the same set of mechanisms as those used
within the Attach procedure.

* Default Bearer: The EPS bearer which is first established for a new PDN connection and remains established throughout the lifetime of the PDN
connection.

https://www.netmanias.com/en/post/blog/5929/lte/lte-user-identifiers-imsi-and-guti 2/3
9/22/2017 LTE: User Identifiers - IMSI and GUTI | NETMANIAS
George Nicolaides 2015-05-09 02:41:33

I hope this will be helpful for you. (source: http://lteuniversity.com/ask_the_expert/f/59/t/2435.aspx)

Why multiple IP addresses are needed, if at all. This is more of a practical implementation discussion. IF the UE asks to be connected to two different
APNs (Access Point Name) (please note the emphasis on the If) AND IF the Service Provider has implemented the APNs on two different PGWs then
the UE will be setup with two PDN Connections and each of the PGWs will give the UE a different IP address. Remember, as far as the external
routers are concerned the packets are coming from a PGW and the IP addresses are at the PGW and the packets destined for the UE must be sent to
the PGW. It is the PGW that knows which EPS bearer to tunnel these packets through. Does the Service Provider have to configure the APNs in two
separate PGWs - NO. But, for larger networks and as an example networks who serve multiple end user clients the Service Providers are almost
required through their Service Level Agreements (SLAs) to take this approach.

Thank you for visiting Netmanias! Please leave your comment if you have a question or suggestion.

Characters: 0, Words: 0

Comment

 
       
Register | About Us | Sponsor Channel Service (Korean Market) | Advertise | Contact Us | LinkedIn |
   
 
 
HQ: 201, Hanho Building 33, Nonhyeon-ro 64-gil, Gangnam-gu, Seoul, 06228, Rep. of KOREA
Netmanias USA: 5214 36th Ave. NE Seattle, WA 98105 USA
 
  Netmanias was founded in year 2002, and provides in-depth analysis and overview of 4G & 5G mobile,
IoT, SDN/NFV, Gigabit Internet and video streaming technologies as well as trends in the evolution
of Korean operators’ networks and services
Copyright ⓒ 2002-2017 NMC Consulting Group. All rights reserved.
       

https://www.netmanias.com/en/post/blog/5929/lte/lte-user-identifiers-imsi-and-guti 3/3