Enterprise AI Analysis
Strongly unforgeable and lightweight identity privacy scheme for the IoT-enabled 3GPP mobile networks
Authors: M. M. Modiri, M. Salmasizadeh, J. Mohajeri, B. H. Khalaj
Received: November 21, 2024 / Accepted: January 16, 2026 / Published: May 11, 2026
Executive Impact Summary
The paper addresses critical identity privacy threats in IoT-enabled 3GPP cellular networks, where the current Subscriber Concealed Identifier (SUCI) mechanism is vulnerable to forgery due to its reliance on public-key encryption. This vulnerability enables identity-catching attacks and compromises user privacy. The authors propose an improved identity privacy scheme that ensures strong unforgeability under adaptive chosen-ciphertext attacks (CCA2) and is compatible with the 3GPP security architecture. The scheme assigns temporary SUCIs and is proven to achieve anonymity, unforgeability, secure identifier sharing, one-wayness, unlinkability, and dependability. It also demonstrates immunity against various advanced attacks (MitM, impersonation, replay, ML/AI, quantum, identity-catching). Furthermore, the improved scheme boasts low communication, computational, and energy overheads, making it lightweight and suitable for resource-constrained IoT environments.
19600x
More energy-efficient than ECIES (3GPP scheme) per operation, enabling over a decade of equivalent workload on a single charge.
0
Communication Overhead Reduction
0
Computational Overhead Reduction
0
Persistent Storage Required
Deep Analysis & Enterprise Applications
Select a topic to dive deeper, then explore the specific findings from the research, rebuilt as interactive, enterprise-focused modules.
Identity Privacy
The core of the research focuses on safeguarding user and device identities in IoT-enabled 3GPP networks, specifically addressing the vulnerabilities of the Subscriber Concealed Identifier (SUCI) to forgery and privacy breaches. The proposed scheme ensures strong unforgeability, anonymity, and unlinkability.
The scheme introduces a novel fixed-length identifier-generating construction proven to be strongly unforgeable under adaptive chosen-ciphertext attacks (CCA2). This directly addresses the critical flaw in existing 3GPP SUCI mechanisms, which rely on public-key encryption susceptible to forgery. The approach ensures that adversaries cannot feasibly forge valid SUCIs or derive underlying parameters like SUPI, session keys, or cryptographic seeds, maintaining anonymity and unlinkability across sessions.
Research Methodology Flow
Identity problem: SUCI forgery in 3GPP networks
→
Propose improved scheme
→
Formally verification using AVISPA tool
→
CCA2 unforgeability
→
Evaluate performance metrics
| Identity privacy schemes | SP1 | SP2 | SP3 | SP4 | SP5 | SP6 | SP7 | SP8 | SP9 | SP10 | SP11 | SP12 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 3GPP SUCI-Generating Scheme < null scheme > | ✓ | X | X | X | X | X | X | X | X | X | X | X |
| 3GPP SUCI-Generating Scheme < Profile A and B > | ✓ | ✓ | X | X | X | X | X | X | X | X | X | X |
| Scheme presented in [25] | X | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | X | ✓ | X | - |
| Scheme presented in [37] | X | ✓ | ✓ | X | ✓ | ✓ | ✓ | ✓ | ✓ | X | X | - |
| Scheme presented in [38] | X | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | X | X | - |
| Scheme presented in [39] | X | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | X |
| Our Improved SUCI-Generating Scheme | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| SP1: Compatibility with the 3GPP security architecture; SP2: Anonymity; SP3: Unforgeability; SP4: Secure identifier sharing; SP5: One-wayness; SP6: Unlinkability; SP7: Dependable in untrusted serving network; SP8: Resistance against MitM and impersonation attacks; SP9: Resistance against replay attack; SP10: Resistance against identity-catching attack; SP11: Using AI/ML attack-resistant primitives; SP12: Using quantum attack-resistant primitives. ✓: Achieved the property; X: Not achieved the property; -: This property was not mentioned in this identity privacy scheme. | ||||||||||||
Security Architecture
The proposed scheme ensures full compatibility with the IoT-enabled 3GPP security architecture, leveraging standardized parameters like SHA-256 for key derivation and AES-CTR for encryption. It integrates seamlessly into 5G AKA protocols without requiring modifications to existing infrastructure.
The design aligns with 3GPP Technical Specification (TS 33.501) and adheres to the 5G AKA key hierarchy. It avoids non-standardized constructs (like timestamps or ECC, which are incompatible with 3GPP's 5G security framework) and operates within SIM card constraints by exclusively using symmetric-key operations. Formal verification using the AVISPA tool confirms SUPI confidentiality and SUCI unforgeability under the Dolev-Yao threat model, proving resilience against MitM, impersonation, replay, ML/AI, and quantum attacks.
Securing IoMT Data in Smart Hospitals
A major challenge in smart hospitals is protecting sensitive patient data transmitted by IoT medical devices over 5G networks. Existing 3GPP SUCI schemes are vulnerable to identity-catching attacks, allowing malicious actors to forge device identifiers and potentially falsify patient vitals, leading to severe health risks. Our improved scheme provides strong unforgeability, ensuring that only authorized devices can generate valid SUCIs. This prevents impersonation and data manipulation, safeguarding the integrity of real-time health monitoring systems. By adopting our lightweight and 3GPP-compatible solution, smart hospitals can enhance the privacy and reliability of their IoMT infrastructure, protecting patient confidentiality and ensuring accurate data for critical care decisions.
Resource Efficiency
Optimized for resource-constrained IoT devices, the scheme significantly reduces communication, computational, and energy overheads compared to traditional public-key-based solutions like ECIES. This makes it highly suitable for widespread IoT deployment.
The scheme utilizes SHA-256 for key derivation and encryption, replacing computationally intensive ECIES operations. This results in an 82% reduction in communication overhead and a 99.3% reduction in computational overhead. Energy consumption is dramatically reduced by 19600x per operation, consuming only 0.2 mJ on ESP32 microcontrollers, which enables devices to operate for over a decade on a single charge. Minimal persistent storage (16 bytes) further enhances its lightweight nature, ensuring deployability across legacy and next-generation SIM cards without hardware upgrades.
Calculate Your Potential AI Impact
Estimate the annual savings and reclaimed human hours your enterprise could achieve by implementing optimized AI solutions.
Annual Cost Savings
$0
Human Hours Reclaimed
0
Your AI Implementation Roadmap
A structured approach to integrating cutting-edge AI, from initial assessment to full-scale deployment and continuous optimization.
Discovery & Strategy (Weeks 1-4)
Comprehensive assessment of current infrastructure, data landscape, and business objectives. Development of a tailored AI strategy and technology roadmap.
Pilot Program & Prototyping (Months 2-3)
Design and implement a proof-of-concept for key use cases, demonstrating tangible value and refining the solution based on initial feedback.
Full-Scale Integration (Months 4-6)
Seamless deployment of AI solutions across relevant departments, including data migration, system integrations, and rigorous testing.
Training & Adoption (Months 7-8)
Comprehensive training programs for your team to ensure proficient use and maximum adoption of the new AI-powered workflows.
Optimization & Scaling (Ongoing)
Continuous monitoring, performance tuning, and identification of new opportunities to expand AI capabilities and deliver sustained value.
Ready to Transform Your Enterprise with AI?
Our experts are here to help you navigate the complexities of AI integration and unlock unprecedented efficiency and innovation. Book a complimentary consultation to begin your AI journey.
Ready to Get Started?
Book Your Free Consultation.
Let's Discuss Your AI Strategy!
Lets Discuss Your Needs
Select a Date
Sun
Mon
Tue
Wed
Thu
Fri
Sat