LIMA 5G Identity Lookup Architecture

In 2G, 3G, and 4G networks, law enforcement agencies (LEAs) have relied on the use of so-called IMSI catchers to assist in search-and-rescue operations and to track persons of interest. An IMSI (International Mobile Subscriber Identity) is associated with the SIM in a mobile phone and uniquely identifies that SIM. Whereas this IMSI could be observed in the mobile air traffic in 2G, 3G and 4G networks, this is no longer the case in 5G networks: the IMSI is never transferred in plain text over the air, instead a locally unique temporary identity is chosen by the network for each registered SIM that is changed periodically. From an IMSI catcher point of view, the observed identities cannot be directly associated to the IMSI’s they represent.

The 3GPP SA3-LI subgroup has recognized the need of LEAs to use IMSI catchers and has defined an identity association and reporting function to address this issue. This function is defined in releases 17 and 18, defines components and interfaces between a 5G core and an LEA, and provides under a warrant the possibility to request the IMSI (a permanent identity) of an observed temporary identity, or to report the generated temporary identities of a specific permanent identity. This identity association and reporting function recognizes an Identity Event Function (IEF; part of the 5G core that reports the association between temporary and permanent identities), an Identity Caching Function (ICF; storing these associations for a certain time), and the Identity Query Function (IQF; implements the LI_HIQR interface; handling request from and responses to LEAs). The LI_HIQR interface is based on the electronic LI interface for warrants as defined by ETSI.

The LIMA 5G Identity lookup provides an implementation for the IQF and ICF functions and associated interfaces. The IQF is usually provided as part of the LIMA Management System, e.g. for validation of warrants of the incoming LI-HIQR requests. The ICF supports an in-memory cache, which can eventually be scaled to e.g. support larger networks and larger cache sizes.