Current 5G core networks expose user identities after authentication, allowing tracking and session correlation across home and roaming networks. Prior works to reduce this exposure are impractical as they require mobile device modifications, roaming-partner coordination, or break support for lawful interception. We present PECA, a Privacy-Enhanced Core Architecture that decouples permanent identities from location management using a novel temporary identifier, the Anonymized Mobile Subscriber Identity (AMSI). PECA maintains full compatibility with existing infrastructures, user devices, legacy SIM cards, and network components, enabling seamless integration without requiring standardization or broad ecosystem support. A prototype deployment as part of a 5G testbed demonstrates that a single operator can deploy our system to protect users locally and while roaming with minimal overhead: less than 1% increased session-setup latency, 41~bytes of extra per-subscriber storage, and no impact on data-plane and handover performance. These results establish PECA as a practical, independently deployable solution for stronger privacy in 5G and future generation mobile networks.
Diepen et al. (Mon,) studied this question.