So they'll just fall back to 4G then, which always sends the IMSI in the clear on initial attach?

5G Standalone networks don’t have 4G to fall back to. 5G Non-standalone networks are essentially 4G networks with a 5G RAN, so SUCI remains optional and most core vendors don’t support it.

That's not what 5G standalone means, as far as I understand.

The network I'm using supports 5G SA in some cells, but my phone definitely still falls back to both 4G and 5G non-SA in some areas where it's not yet available.

And even if 5G SA were available everywhere, there's the concern of roaming.

Correct, your phone needs to actually re-connect between the two networks. It's a whole new session and you can't handover between 5G SA and 5G NSA/LTE networks. There are some configurations that make this not much of an issue, but technically they are totally different networks.

You can definitely hand over sessions between 5G and 4G (and by extension 5G NSA, which essentially is 4G from a signaling point of view).

It's not a handover in the sense that you're actually creating a second connection to a different network. It's more akin to roaming than a handover.

I don't know if you're implying that the iPhone behaviour is bad but I hope not. It's obviously better.

Source?

> 5G Standalone security and privacy requirements

> To help ensure compatibility of iPhone and cellular iPad devices on private 5G SA networks, infrastructure vendors must adhere to the following security and privacy requirements:

> Privacy concealment: The Subscription Concealed Identifier (SUCI) must use a non-null protection scheme. This can be achieved through either an on-SIM SUCI calculation or an ME SUCI calculation, as outlined in TCA 2.3.1 and 3.1 specifications. For detailed information, refer to the 3GPP Technical Specification 33.501.

(From https://support.apple.com/en-gb/guide/deployment/depac674731...)

This pertains to private networks rather than public operator networks, but it certainly seems to imply that use of SUCI is an expectation on 5G SA networks (private in this context).

In the US, the T-Mobile 5G SA eSIM and SIM cards all have SUCI at least. I don’t have any idea about other networks.

One thing I've always wondered is if you need a R15 sim card for it to use SUCI or if the old cards can receive provisioning to do it. I know for a fact you can use any USIM on t-mobile (so it had to support at least 3G) and it will work in the latest 5G devices without issue on SA.

You need a SIM card (ideally) with support for elliptic curve crypto, and some additional fields added in the profile (SIM services 124 and 125). You can then, once those services are enabled, place network public keys on the SIM itself.

There are 2 ways to do SUCI calculation - both require SIM support to hold public keys. SUCI-on-SIM requires a SIM that can do the encryption to the public key on the SIM itself, and issue that in response to the IDENTITY command; SUCI-on-phone requires a SIM that "just" has the public key fields present, and the handset can do the SUCI calculation and encrypt the SUPI for the public key stored on the SIM.

Either way, your scenario isn't using SUCI concealment by my understanding, unless you got a new SIM card, or it was reprogrammed somehow to support the SIM service fields needed (but I'm not aware of operators doing that).

No. The SIM is specifically programmed with SUCI from the factory. The GSMA has a whole process around it.