WO2019063087A1 - Integrity protection report generation in a wireless communication system - Google Patents

Integrity protection report generation in a wireless communication system Download PDF

Info

Publication number
WO2019063087A1
WO2019063087A1 PCT/EP2017/074702 EP2017074702W WO2019063087A1 WO 2019063087 A1 WO2019063087 A1 WO 2019063087A1 EP 2017074702 W EP2017074702 W EP 2017074702W WO 2019063087 A1 WO2019063087 A1 WO 2019063087A1
Authority
WO
WIPO (PCT)
Prior art keywords
failure
user device
base station
cause
integrity protection
Prior art date
Application number
PCT/EP2017/074702
Other languages
French (fr)
Inventor
Guillaume DECARREAU
Original Assignee
Nokia Technologies Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Technologies Oy filed Critical Nokia Technologies Oy
Priority to PCT/EP2017/074702 priority Critical patent/WO2019063087A1/en
Publication of WO2019063087A1 publication Critical patent/WO2019063087A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Definitions

  • This description relates to communications, and in particular, to generation of integrity protection failure information in response to detection of an integrity protection failure.
  • a communication system may be a facility that enables communication between two or more nodes or devices, such as fixed or mobile communication devices. Signals can be carried on wired or wireless carriers.
  • An example of a cellular communication system is an architecture that is being standardized by the 3 rd Generation Partnership Project (3GPP).
  • 3GPP 3 rd Generation Partnership Project
  • LTE long-term evolution
  • UMTS Universal Mobile Telecommunications System
  • E-UTRA evolved UMTS Terrestrial Radio Access
  • LTE Long Term Evolution
  • LTE base stations or access points (APs), which are referred to as enhanced Node AP (eNBs), provide wireless access within a coverage area or cell.
  • APs base stations or access points
  • eNBs enhanced Node AP
  • UE user equipments
  • LTE has included a number of improvements or developments.
  • 5G (or 5 th generation) wireless networks are also being developed.
  • integrity protection can be used to protect one or more signaling radio bearers (SRBs), and, in 5G, integrity protection can be used for the SRBs as well as data radio bearers (DRBs).
  • SRBs signaling radio bearers
  • DRBs data radio bearers
  • the UE may perform a Radio Resource Control (RRC) reestablishment procedure.
  • RRC Radio Resource Control
  • the UE's RRC reestablishment procedure may not indicate that the cause of the RRC reestablishment procedure is due to the integrity protection failure.
  • an RRC reestablishment procedure may be initiated for other reasons besides an integrity protection failure such as radio link failure, handover failure, mobility from E-UTRA failure, etc.
  • the base station when the base station receives an RRC connection reestablishment request from the UE, the base station does not necessarily know that it is in response to an integrity protection failure.
  • handover failure may be indicated in the re-establishment cause.
  • radio link failure and integrity failure may be indicated within a catchall reason (e.g., "other failure").
  • the base station does not receive detailed information about what caused the integrity protection failure. In these situations, the base station may miss an opportunity to identify a potential attack on the system, and then properly address the attack. In other situations, the integrity protection failure may not stem from an attack on the system, but rather from a configuration or scheduling condition of the system. In these situations, having more detailed information about the underlying integrity protection failure may allow the base station to take corrective action(s) to minimize the chance that an integrity protection failure will reoccur in the future.
  • a base station comprising at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause the base station to receive, from a user device in a wireless network, integrity protection (IP) failure information about an IP failure on one or more radio bearers at the user device, determine a cause of the IP failure based on the IP failure information, and perform at least one action based on the determined cause.
  • IP integrity protection
  • the base station may include any one of more of the following features (or any combination thereof).
  • the IP failure information may include a plurality of IP failure elements.
  • the plurality of IP failure elements includes two or more of (or any combination thereof): a first element including a type of radio bearer that trigged the integrity protection failure, a second element including a bearer identifier on which the integrity protection failure was detected, a third element including a sequence number and count of a protocol data unit (PDU), a fourth element including time of the integrity protection failure and location of the user device, a fifth element including a physical cell identifier (PCI) and frequency of a cell, and a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC.
  • PCI physical cell identifier
  • MAC-I received message authentication code-integrity
  • the base station is configured to determine that the cause is a Hyper Frame Number (HFN) de- synchronization condition using at least one of the third element, the fourth element, and the sixth element, and the base station is configured to increase a size of a reordering window of Packet Data Convergence Protocol (PDCP) in response to the cause being determined as the HFN de- synchronization condition.
  • the base station is configured to determine that the cause is a potential attack on the wireless network using at least one of the first element, the second element, and the third element, and the base station is configured to generate and send an attack report in response to the cause being determined as the potential attack, the attack report identifying which protocol data unit (PDU) was altered.
  • HFN Hyper Frame Number
  • PDCP Packet Data Convergence Protocol
  • the base station is configured to determine that the cause is a potential attack on the user device using at least one of the fifth element and the sixth element, and the base station is configured to stop communication with the user device in response to the cause being determined as the potential attack on the user device.
  • the one or more radio bearers include a signaling radio bearer (SRB).
  • the one or more radio bearers include a data radio bearer (DRB).
  • a method may include receiving, by a base station from a user device in a wireless network, integrity protection (IP) failure information about an IP failure on one or more radio bearers at the user device, determining, by the base station, a cause of the IP failure based on the IP failure information, and performing, by the base station, at least one action based on the determined cause.
  • IP integrity protection
  • the method may include any one of more of the following features (or any combination thereof).
  • the IP failure information may include a plurality of IP failure elements.
  • the plurality of IP failure elements may include two or more of (any combination thereof): a first element including a type of radio bearer that trigged the integrity protection failure, a second element including a bearer identifier on which the integrity protection failure was detected, a third element including a sequence number and count of a protocol data unit (PDU), a fourth element including time of the integrity protection failure and location of the user device, a fifth element including a physical cell identifier (PCI) and frequency of a cell, and a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC.
  • PDU protocol data unit
  • PCI physical cell identifier
  • MAC-I received message authentication code-integrity
  • the determining the cause of the IP failure based on the IP failure information may include determining that the cause is a Hyper Frame Number (HFN) de- synchronization condition using at least one of the third element, the fourth element, and the sixth element, and the performing at least one action based on the determined cause may include increasing a size of a reordering window of Packet Data Convergence Protocol (PDCP).
  • the determining the cause of the IP failure based on the IP failure information may include determining that the cause is a potential attack on the wireless network using at least one of the first element, the second element, and the third element, and the performing at least one action based on the determined cause may include generating and sending an attack report, where the attack report identifies which protocol data unit (PDU) was altered.
  • PDU protocol data unit
  • a computer program product includes a computer-readable storage medium and storing executable code that, when executed by at least one processor, is configured to cause the at least one processor to execute any the operations of the method and/or operations performed by the base station.
  • an apparatus may include a means for receiving, by a base station from a user device in a wireless network, integrity protection (IP) failure information about an IP failure on one or more radio bearers at the user device, means for determining, by the base station, a cause of the IP failure based on the IP failure information, and means for performing, by the base station, at least one action based on the determined cause.
  • the means for receiving may include receiving a plurality of IP failure elements (some or all of them).
  • the means for determining may include means for determining that the cause is a Hyper Frame Number (HFN) de- synchronization condition using at least one of the third element, the fourth element, and the sixth element, and the means for performing at least one action based on the determined cause may include means for increasing a size of a reordering window of Packet Data Convergence Protocol (PDCP).
  • the means for determining the cause of the IP failure based on the IP failure information may include means for determining that the cause is a potential attack on the wireless network using at least one of the first element, the second element, and the third element, and the means for performing at least one action based on the determined cause may include means for generating and sending an attack report, where the attack report identifies which protocol data unit (PDU) was altered.
  • PDU protocol data unit
  • a user device comprises at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause the user device to detect an integrity protection (IP) failure on one or more radio bearers, store IP failure information about the IP failure, and transmit, to a base station in a wireless network, at least one message having at least a portion of the IP failure information.
  • IP integrity protection
  • the user device may include one or more of the following features (or any combination thereof).
  • the user device is configured to store the IP failure information as a plurality of IP failure elements.
  • the plurality of IP failure elements may include two or more of (or any combination thereof): a first element including a type of radio bearer that trigged the integrity protection failure, a second element including a bearer identifier on which the integrity protection failure was detected, a third element including a sequence number and count of a protocol data unit (PDU), a fourth element including time of the integrity protection failure and location of the user device, a fifth element including a physical cell identifier (PCI) and frequency of a cell, and a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC.
  • PCI physical cell identifier
  • MAC-I received message authentication code-integrity
  • the user device is configured to initiate a Radio Resource Control (RRC) reestablishment procedure in response to detecting the IP failure, and transmit at least a portion of the IP failure information in a message during or after the RRC reestablishment procedure.
  • RRC Radio Resource Control
  • the user device is configured to transmit, to the base station, a RRC reestablishment request, where the RRC reestablishment request includes an indication that the initiation of the RRC reestablishment procedure is due to the integrity protection failure, receive, from the base station, a RRC connection reestablishment message, transmit, to the base station, a RRC connection reestablishment complete message, where the RRC connection reestablishment complete message includes an indication that the user device has the IP failure information, receive, from the base station, an information request to provide the IP failure information, and transmit, from the base station, at least a portion of the IP failure information.
  • the user device is configured to transmit, to the base station, a
  • a method includes detecting, by a user device in a wireless network, an integrity protection (IP) failure on one or more radio bearers, storing, by the user device, IP failure information about the IP failure, and transmitting, by the user device to a base station in the wireless network, at least one message having at least a portion of the IP failure information.
  • IP integrity protection
  • the method may include any one or more of the following features (or any combination thereof).
  • the storing includes storing the IP failure information as a plurality of IP failure elements.
  • the plurality of IP failure elements may include two or more of (or any combination thereof): a first element including a type of radio bearer that trigged the integrity protection failure, a second element including a bearer identifier on which the integrity protection failure was detected, a third element including a sequence number and count of a protocol data unit (PDU), a fourth element including time of the integrity protection failure and location of the user device, a fifth element including a physical cell identifier (PCI) and frequency of a cell, and a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC.
  • PDU protocol data unit
  • PCI physical cell identifier
  • MAC-I received message authentication code-integrity
  • the transmitting the at least one message having the IP failure information may include initiating, by the user device, a Radio Resource Control (RRC) reestablishment procedure in response to detecting the IP failure, and transmitting, by the user device, the IP failure information in a message during or after the RRC reestablishment procedure.
  • RRC Radio Resource Control
  • the RRC reestablishment procedure may include transmitting, by the user device to the base station, a RRC reestablishment request, where the RRC reestablishment request includes an indication that the initiation of the RRC reestablishment procedure is due to the integrity protection failure, receiving, by the user device from the base station, a RRC connection reestablishment message, transmitting, by the user device to the base station, a RRC connection reestablishment complete message, where the RRC connection reestablishment complete message includes an indication that the user device has the IP failure information, receiving, by the user device from the base station, an information request to provide the IP failure information, and transmitting, by the user device from the base station, the IP failure information.
  • the transmitting the at least one message having the IP failure information may include transmitting, by the user device to the base station, a message including the IP failure information, and initiating a Radio Resource Control (RRC) reestablishment procedure after the IP failure information has been transmitted.
  • RRC Radio Resource Control
  • a computer program product includes a computer-readable storage medium and storing executable code that, when executed by at least one processor, is configured to cause the at least one processor to execute any the operations of the method and/or performed by the user device.
  • an apparatus may include a means for detecting, by a user device in a wireless network, an integrity protection (IP) failure on one or more radio bearers, a means for storing, by the user device, IP failure information about the IP failure, and a means for transmitting, by the user device to a base station in the wireless network, at least one message having the IP failure information.
  • IP integrity protection
  • FIG. 1 is a block diagram of a wireless network according to an example implementation.
  • FIG. 2 is a block diagram of a user device that sends integrity protection (IP) failure elements to a base station in response to detection of an integrity protection failure on the user device according to an example implementation.
  • FIG. 3 illustrates an example of a communication diagram between the user device and the base station for transmitting the IP failure elements according to an example implementation.
  • IP integrity protection
  • FIG. 4 illustrates an example of a communication diagram between the user device and the base station during an RRC reestablishment procedure according to an example implementation.
  • FIG. 5 illustrates an example of a communication diagram between the user device and the base station for transmitting the IP failure elements according to another example implementation.
  • FIG. 6 is a flow chart illustrating operations of the user device according to an example implementation.
  • FIG. 7 is as flow chart illustrating operations of the base station according to an example implementation.
  • FIG. 8 is a block diagram of a wireless station according to an example implementation.
  • the UE may obtain and store IP failure information about the IP failure.
  • IP integrity protection
  • the IP failure information may include two or more of the following elements: 1) type of bearer (e.g., control, data) that triggered the IP failure, 2) bearer identifier (e.g., bearer ID) on which the IP failure was detected, 3) sequence number (SN) and Count of the faulty protocol data unit (PDU), 4) time that the IP failure was detected and location of the UE, 5) physical cell identifier (PCI) and frequency of the cell from which the UE received the PDU that caused the IP failure, and 6) a received Message Authentication Code-Integrity (MAC-I) of the faulty PDU and the UE- computed X-MAC of the faulty packet (e.g., IP fails when the MAC-I is different than the MAC-X).
  • type of bearer e.g., control, data
  • bearer identifier e.g., bearer ID
  • SN sequence number
  • Count Count of the faulty protocol data unit
  • PCI physical cell
  • the exact faulty PDU or packet can be identified.
  • UE Identity in the RRC Connection Reestablishment Request message a specific UE can be identified, and if the UE has several IP failures for the same reason, it may be determined that the UE was subjected to a targeted attack, and the network may stop communication with that UE.
  • the UE in response to a particular IP failure, obtains and stores two or more of these elements as an IP failure report stored at the UE. In some examples, in response to a particular IP failure, the UE obtains and stores all of these elements (e.g., all of elements 1 through 6) as an IP failure report stored at the UE. In some examples, the UE generates and stores a separate IP failure report for each IP failure. In some examples, if multiple PDUs in a row fail the integrity check, the UE generates a single report having these elements for each of the multiple PDUs.
  • the UE notifies the base station about the IP failure via a message, and includes the stored elements within the message. In some examples, the UE notifies the base station about the IP failure via a first message, and the base station may respond with a message requesting more information about the underlying IP failure. Then, the UE may respond with a second message that includes the stored elements. In some examples, in response to the IP failure, the UE initiates a Radio Resource Control (RRC) reestablishment procedure, and, as part of the RRC reestablishment procedure, the UE indicates that the cause of the RRC reestablishment procedure is due to the IP failure.
  • RRC Radio Resource Control
  • the UE in response to the IP failure, the UE initiates the RRC reestablishment procedure, and, as part of the RRC reestablishment procedure, the UE indicates that the cause of the RRC reestablishment procedure is due to the IP failure and includes the stored elements about the IP failure. In some examples, in response to the IP failure, the UE initiates the RRC reestablishment procedure, and, as part of the RRC reestablishment procedure, the UE indicates the presence of the stored elements, and the base station may subsequently request the UE to send the stored elements.
  • the way the UE transmits the stored elements is dependent upon if the IP failure occurs on the Signaling Radio Bearer (SRB) or the Data (or user) Radio Bearer (DRB).
  • SRB Signaling Radio Bearer
  • DRB Data (or user) Radio Bearer
  • IP is used to protect the SRB (not the DRB).
  • DRB Data (or user) Radio Bearer
  • IP is used to protect the SRB and the DRB.
  • the UE performs RRC reestablishment in response to an IP failure.
  • the UE may initiate the RRC reestablishment procedure in response to the IP failure, and, as part of the RRC reestablishment procedure, the UE may indicate that the reason for the RRC reestablishment procedure is due to the IP failure and include the stored element for transmission to the base station or include an indication that it has stored elements about the IP failure.
  • the UE in response to the IP failure, the UE may transmit the stored elements as part of a message transmitted from the UE to the base station, and possibly then subsequently initiate the RRC reestablishment procedure.
  • the UE may initiate the RRC reestablishment procedure in response to the IP failure, and, as part of the RRC reestablishment procedure, the UE may send an indication that the reason for the RRC reestablishment procedure is due to the IP failure and include the stored elements for transmission to the base station.
  • the base station may determine the cause of the IP failure. In some examples, based on the elements received from the UE about the IP failure, the base station may determine whether the cause of the IP failure is due to an attack on the network, a Hyper Frame Number (HFN) de- synchronization condition, Layer 1 transmission, or some other condition.
  • HFN Hyper Frame Number
  • the base station may disable communication with the affected UE, automatically send an alert to appropriate personal, automatically take corrective action by modifying or disabling a part of the network, and/or provide an attack report that can locate the attack, detect which message was targeted, which Protocol Data Unit (PDU) was altered, and/or the type of PDU (e.g., (e.g., if it was a Control Plane (CP) or User Plane (UP) PDU), which can possibly disclose a weakness in the protocol.
  • PDU Protocol Data Unit
  • the base station may create a larger window in the Packet Data Convergence Protocol (PDCP) or provide less aggressive scheduling.
  • PDCP Packet Data Convergence Protocol
  • FIG. 1 is a block diagram of a wireless network 130 according to an example implementation.
  • user devices 131, 132, 133 and 135, which may also be referred to as mobile stations (MSs) or user equipment (UEs) may be connected (and in communication) with a base station (BS) 134, which may also be referred to as an access point (AP), an enhanced Node B (eNB) or a network node.
  • AP access point
  • eNB enhanced Node B
  • At least part of the functionalities of an access point (AP), base station (BS) or (e)Node B (eNB) may be also be carried out by any node, server or host which may be operably coupled to a transceiver, such as a remote radio head.
  • BS (or AP) 134 provides wireless coverage within a cell 136, including to user devices 131, 132, 133 and 135. Although only four user devices are shown as being connected or attached to BS 134, any number of user devices may be provided. BS 134 is also connected to a core network 150 via a SI interface 151. This is merely one simple example of a wireless network, and others may be used.
  • a user device may refer to a portable computing device that includes wireless mobile communication devices operating with or without a subscriber identification module (SIM), including, but not limited to, the following types of devices: a mobile station (MS), a mobile phone, a cell phone, a smartphone, a personal digital assistant (PDA), a handset, a device using a wireless modem (alarm or measurement device, etc.), a laptop and/or touch screen computer, a tablet, a phablet, a game console, a notebook, and a multimedia device, as examples.
  • SIM subscriber identification module
  • a user device may also be a nearly exclusive uplink only device, of which an example is a camera or video camera loading images or video clips to a network.
  • a user device (or UE) may also include an Internet of Things (IoT) user device/UE, such as for example, a narrowband Internet of Things (NB-IoT) user device/UE.
  • IoT Internet of Things
  • NB-IoT narrowband Internet of Things
  • the core network 150 may be referred to as Evolved Packet Core (EPC), which may include a mobility management entity (MME) which may handle or assist with mobility/handover of user devices between BSs, one or more gateways that may forward data and control signals between the BSs and packet data networks or the Internet, and other control functions or blocks.
  • EPC Evolved Packet Core
  • MME mobility management entity
  • gateways may forward data and control signals between the BSs and packet data networks or the Internet, and other control functions or blocks.
  • FIG. 2 is a block diagram of an UE 131 that is configured to send integrity protection (IP) failure elements 105 to a BS 134 in response to detection of an IP failure according to an example implementation.
  • IP integrity protection
  • the UE 131 includes an IP failure detector 101 configured to perform an integrity check according to an integrity protection algorithm, and detect an IP failure for Packet Data Convergence Protocol (PDCP) entities associated with SRBs in the case of LTE and detect an IP failure for PDCP entities associated with SRBs and DRBs in the case of 5G.
  • PDCP Packet Data Convergence Protocol
  • the PDCP entities are located in the PDCP sublayer. Each PDCP entity carries data of one radio bearer (e.g., SRB or DRB). A PDCP entity is associated with either the control plane (e.g., in the case of SRB) or the user plane (e.g., the case of DRB).
  • the PDCP provides a numbers of services (e.g., transfer of user plane data, transfer of control plane data, header compression, ciphering, and IP) to the RRC and the user plane upper layers at the UE 131.
  • the format of the PDCP PDU carrying control plane SRBs includes a PDCP sequence number (SN), data (e.g., control plane data), and MAC-I (which may contain a message authentication code).
  • the format of the PDCP PDU carrying user data DRBs include a PDCP SN, data (e.g., user plane data), and a MAC-I (which may contain a message authentication code).
  • IP may be utilized for protecting RRC messages transmitted on SRBs.
  • Radio Bearers are logical data communication exchange channels, and are used for providing data transmission exchange to the user or for providing RRC layer control signal transmission exchange.
  • SRBs are the RBs specifically used for transmitting RRC messages, and utilized for completing various RRC control processes.
  • the UE 131 When the UE 131 transmits a message, the UE 131 computes the value of the MAC-I field and inserts the value into the MAC-I field of PDPCH PDU. When the UE 131 receives a message, the UE 131 verifies the integrity of the PDCP PDU by calculating the X-MAC based on the input parameters (e.g., Bearer ID, Direction, AS Key, Message itself etc.). If the calculated X-MAC corresponds to the received MAC-I, IP is verified successfully. However, if the calculated X-MAC does not correspond (e.g., match) to the received MAC-I, IP fails.
  • the input parameters e.g., Bearer ID, Direction, AS Key, Message itself etc.
  • the UE 131 or the BS 134 can authenticate the accuracy of the MAC-I, and thereby accept the received signaling message when the expected MAC-I and the received MAC-I are the same or act as if the message was not received when the calculated expected MAC-I and the received MAC-I different, i.e., when the IP check fails.
  • the UE 131 may obtain and store IP failure information about the IP failure.
  • the UE 131 includes an IP element creator 103 configured to obtain and store detailed information about the IP failure within an IP failure report stored at the UE 131.
  • the IP element creator 103 obtains IP failure information from the IP process performed by the IP failure detector 101, and stores IP failure elements 105 at the UE 131.
  • the IP failure elements 105 are stored as the IP failure report for a particular instance of an IP failure.
  • the IP failure detector 101 may detect a first IP failure on a first PDU at a first time, and in response to the detection of the first IP failure, the IP element creator 103 may obtain and store the IP failure elements 105 associated with the first PDU as a first IP failure report. Then, the IP failure detector 101 may detect a second IP failure on a second PDU at a second time, and in response to the detection of the second IP failure, the IP element creator 103 may obtain and store the IP failure elements 105 associated with the second PDU as a second IP failure report.
  • the IP failure elements 105 may include two or more of the following elements: a first element 106 that includes the type of bearer (e.g., control, data) that triggered the IP failure, a second element 107 that includes bearer identifier (e.g., bearer ID) on which the IP failure was detected, a third element 108 that includes the sequence number (SN) and Count (e.g., the Count may be the HFN and the PDCP SN) of the faulty PDU, and a fourth element 109 that includes the time that the IP failure was detected and the location of the UE 131, a fifth element 110 that includes a physical cell identifier (PCI) and frequency of the cell 136 from which the UE 131 received the PDU that caused the IP failure, and a sixth element 111 that includes a received MAC-I of the faulty PDU and the UE-computed X-MAC of the faulty packet.
  • the term element may refer to a component of the IP failure report
  • the type of bearer included within the first element 106 may indicate whether the bearer is an SRB or a DRB. In other words, the type of bearer included within the first element 106 may indicate whether the fault is associated with the control plane (in the case of SRB) or associated with the user plane (in the case of DRB).
  • the bearer ID included within the second element 107 may indicate the type of service carried by the radio bearer, e.g., data, voice, video.
  • the SN included within the third element 108 may indicate the sequence number of the PDU, and the Count is the HFN + the PDCP SN.
  • the Count may be considered the PDCP Data PDU counter, where the value of the count is incremented for each PDCP PDU data during a RRC connection (which may have a length of 32 bits). There is one Count per Radio Bearer (SRB or DRB).
  • SRB Radio Bearer
  • the time included within the fourth element 109 may include the time that the IP failure was detected, and the location indicates where the UE 131 was located when the IP failure has occurred (e.g., GPS coordinates or other types of location data).
  • the PCI included within the fifth element 110 may indicate a pseudo-unique value for identifying the BS 134, and the frequency may indicate a frequency value or range established between the UE 131 and the BS 134 within the cell 136 from which the UE 131 received the PDU that caused the IP failure.
  • the sixth element 111 as indicated above, if the calculated X-MAC corresponds to the received MAC-I, IP is verified successfully. However, if the calculated X-MAC does not correspond (e.g., match) to the received MAC-I, IP fails.
  • the BS 134 can use the MAC- I and the X-MAC to determine (or provided an indication) that the IP failure is caused by the HFN desynchronization condition.
  • FIG. 3 illustrates an example of a communication diagram 300 between the UE 131 and the BS 134 for transmitting the IP failure elements 105 according to an example implementation.
  • the communication diagram 300 is applicable to a 5G communication network.
  • the communication diagram 300 is applicable for IP failures occurring on the DRBs.
  • the UE 131 detects IP failure on one or more of the bearers in PDCP, and notifies higher layers about the IP failure.
  • the UE 131 may store the IP failure elements 105 at the UE 131.
  • the UE 131 may send an IP failure message to the BS 134, where the IP failure message includes the IP failure elements 105 (e.g., two or more of the elements 105 or all of them).
  • the UE 131 may initiate an RRC reestablishment procedure.
  • the RRC reestablishment procedure re-establishes the RRC connected between the UE 131 and the BS 134 from various failures on the radio interface.
  • FIG. 4 illustrates an example of a communication diagram 400 between the UE 131 and the BS 134 during an RRC reestablishment procedure according to an example implementation.
  • the UE 131 After the RRC reestablishment procedure is initiated, the UE 131 performs a cell selection procedure where the UE 131 searches for a suitable cell and accordingly acquires the Master Information Block (MIB) and System Information Block (SIB) of cells that are broadcasted by the BS 134.
  • MIB Master Information Block
  • SIB System Information Block
  • the UE 131 sends a RRC Connection Reestablishment Request message to the BS 134.
  • the UE 131 submits the RRC Connection Reestablishment Request message, which includes Cell-Radio Network Temporary Identifier (C-RNTI), physical cell identifier (PCI), shortMAC-1 and re-establishment clause to low layers for transmission.
  • C-RNTI Cell-Radio Network Temporary Identifier
  • PCI physical cell identifier
  • shortMAC-1 shortMAC-1
  • the BS 134 sends a RRC Connection Reestablishment message to the UE 131.
  • the UE 131 stops timer T301, re-establishes PDCP and Radio Link Control (RLC) for SRB 1, performs the radio resource configuration procedure, resumes SRB1, configures low layers to activate IP and ciphering and re-activates the AS security without changing algorithm.
  • the UE 131 sends a RRC Connection Reestablishment Complete message to the BS 134.
  • the RRC connection reestablishment procedure is successfully finished by sending the RRC Connection Reestablishment Complete message to the BS 134.
  • FIG. 5 illustrates an example of a communication diagram 500 between the UE 131 and the BS 134 for transmitting the IP failure elements 105 according to another example implementation.
  • the communication diagram 500 is applicable to an LTE communication network.
  • the communication diagram 500 is applicable for IP failures occurring on the SRBs.
  • the RRC connection re-establishment procedure initiates when one or more of the following conditions is met: upon detecting radio link failure, upon handover failure, upon mobility from E-UTRA failure, upon integrity check failure indication from lower layers, upon an RRC connection reconfiguration failure.
  • the UE 131 may an initiate transmission of an RRC connection reestablishment request message.
  • messages exchanged during the RRC connection reestablishment procedure do not indicate the cause of why the RRC re-establishment procedure was initiated when the cause is IP failure (e.g., it could be radio link failure or integrity check failure).
  • the BS 134 when the BS 134 receives the RRC connection reestablishment request message from the UE 131, the BS 134 does not necessarily know that it is in response to an IP failure (e.g., it could be because of Radio Link Failure).
  • the UE 131 transmits an indication that initiation of the RRC connection reestablishment procedure is due to the IP failure and possibly information about the IP failure (e.g., the IP failure elements 105).
  • the UE 131 detects IP failure on one or more of the bearers in PDCP, and notifies higher layers about the IP failure.
  • the UE 131 may store the IP failure elements 105 at the UE 131.
  • the UE 131 sends the RRC Connection Reestablishment Request message to the BS 134.
  • the UE 131 submits the RRC Connection Reestablishment Request message, which includes C-RNTI, PCI, shortMAC- 1 and re-establishment clause to low layers for transmission.
  • the RRC Connection Reestablishment Request message includes an indication that the RRC Reconnection Procedure is due to the IP failure.
  • a new cause of RRC Reconnection failure is added in the existing list.
  • a specific flag is used.
  • the specific flag may be set to 1 in the message in case the cause of RRC Reconnection Procedure is due to IP Failure, and 0 for other causes (or vice versa).
  • the RRC Connection Reestablishment Request message also includes an indication that the RRC Reconnection Procedure is due to the IP failure.
  • the UE 131 receives the RRC Connection Reestablishment message, and in operation 508, the UE sends the RRC Connection Reestablishment Complete message to the BS 134.
  • the RRC Connection Reestablishment Complete message also includes an indication that the UE 131 has information about the IP failure.
  • the indication may include a single dedicated bit within the RRC Connection Reestablishment Complete message, where a first value indicates that the UE 131 has information about the IP failure, and a second value indicates that the UE 131 does not have information about the IP failure.
  • the BS 134 When the BS 134 receives the RRC Connection Reestablishment Complete message with the indication that the UE 131 has information about the IP failure, in operation 510, the BS 134 sends a UE information request that requests for the information about the IP failure. In response, in operation 512, the UE 131 sends a UE information response that includes the IP failure elements 105 (e.g., two more of the elements 105 or all of them).
  • the BS 134 may receive the IP failure elements (e.g., according to any of the methods discussed herein), and become aware that there is an IP verification failure (and possibly liked with an attack).
  • the current specification for the wireless network 130 does not provide a mechanism to specify that the cause of the RRC Reconfiguration procedure is due to IP failure. Integrity protection failure may occur due to one of several causes.
  • the BS 134 may evaluate and determine a potential cause about the IP failure based on the IP failure elements 105 received from the UE 131 (according to any of the methods discussed herein).
  • the BS 134 may include an IP cause classifier 112 configured to programmatically determine (or classify) the cause of the IP failure.
  • the IP cause classifier 112 may determine whether the cause of the IP failure is due to an attack on the wireless network 130, a Hyper Frame Number (HFN) de- synchronization condition, or some other reason.
  • the IP cause classifier 112 is configured to use the Count and the time to determine if the BS 134 has sent a PDU with the same assumed Count. If so, the IP cause classifier 112 may determine that the IP failure is due to the HFN de-synchronization condition.
  • HFN Hyper Frame Number
  • the IP cause classifier 112 may determine whether or not a sent PDU with the same SN but with a different assumed HFN has been sent. If so (e.g., the IP cause classifier 112 determines that there is a match), the IP cause classifier 112 may determine that the IP failure is due to the HFN de- synchronization condition. If some examples, if the UE 131 has included the X-MAC of the faulty PDU, the IP cause classifier 112 may calculate the MAC-I of PDUs sent with the same SN but different assumed HFN. If the IP cause classifier 112 can locate a PDU for each the MAC-I corresponds to the X-MAC-I, this may indicate that the cause of the IP failure is the HFN de- synchronization condition.
  • the BS 134 may include a task implementer 113 configured to perform at least one action based on the determined cause of the IP failure.
  • the task implementer 113 may disable communication with the UE 131, generate an attack report, send one or more alerts, and/or automatically take corrective action on the network (e.g., adjust window and/or scheduling).
  • the BS 134 may disable communication with the affected UE 131, automatically send an alert to appropriate personal, automatically take corrective action by modifying or disabling a part of the wireless network 130, and/or provide an attack report that can locate the attack, detect which message was targeted, which PDU was altered, and/or the type of PDU (e.g., (e.g., if it was a Control Plane (CP) or User Plane (UP) PDU).
  • CP Control Plane
  • UP User Plane
  • the BS 134 may identity which UE was affected by the IP failure based on the physical cell identifier (PCI) and frequency included within the fifth element 110 and the C-RNTI included in the message from the UE in case of RRC connection reestablishment.
  • the UE 131 can be identified by its identifier and the cell identifier (PCI) of the cell 123 in which the IP failure occurred (e.g., that information can be mapped to the IMSI and CN identifiers of the UE 131). If the same UE 131 is affected repeatedly, the BS 134 may determine that that the UE 131 is a victim of a targeted attack and stop communication with the UE 131.
  • PCI physical cell identifier
  • the BS 134 may determine that that the UE 131 is a victim of a targeted attack and stop communication with the UE 131.
  • the base station may use a larger reordering window in the PDCP or provide less aggressive scheduling.
  • the size of the reordering window may be defined as half of (Maximum_PDCP_SN +1).
  • the reordering window may correspond to the window in which the PDU are expected to be received and re- ordered at the reception PDCP entity. It is expected that the PDCP transmitter does not send (over the air) more PDUs than the size of the reordering window PDUs to avoid a HFN de- synchronization condition.
  • the transmitting entity may not know which packet has been received, and, as a consequence, may not know exactly which PDU (and which SN) are still being transmitted. This allows some freedom in the way the transmitter schedules the packets.
  • An aggressive scheduling could be defined as a scheduling that may lead to transmit more consecutive PDU that suggested the above, in order to achieve more throughput.
  • the IP failure due to HFN de- synchronization may be an indication that the window is too small or the scheduling too aggressive.
  • the BS 134 may adjust the window in the PDCP to be larger than what was previously provided, and/or decrease the level of aggressive of scheduling.
  • the IP failure may occur if the PDU has been altered during transmission. This may not happen with the protection in place in lower layers, but if it happens, it may be an indication that higher protection is needed to ensure the integrity of the packet.
  • FIG. 6 is a flow chart 600 illustrating operation of a user device/user equipment (UE) according to an example implementation.
  • UE user device/user equipment
  • Operation 602 includes detecting, by a user device in a wireless network, an integrity protection (IP) failure on one or more radio bearers.
  • Operation 604 includes storing, by the user device, IP failure information about the IP failure.
  • Operation 606 includes transmitting, by the user device to a base station in the wireless network, at least one message having the IP failure information.
  • IP integrity protection
  • the storing may include storing the IP failure information as a plurality of IP failure elements, where the plurality of IP failure elements include two or more of: a first element including a type of radio bearer that trigged the integrity protection failure, a second element including a bearer identifier on which the integrity protection failure was detected, a third element including a sequence number and count of a protocol data unit (PDU), a fourth element including time of the integrity protection failure and location of the user device, a fifth element including a physical cell identifier (PCI) and frequency of a cell, and a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC.
  • PDU protocol data unit
  • PCI physical cell identifier
  • MAC-I received message authentication code-integrity
  • the plurality of IP failure elements may include the first element, the second element, the third element, the fourth element, the fifth element, and the sixth element.
  • the one or more radio bearers may include a signaling radio bearer (SRB) or a data radio bearer (DRB).
  • SRB signaling radio bearer
  • DRB data radio bearer
  • the transmitting the at least one message having the IP failure information may include initiating, by the user device, a Radio Resource Control (RRC) reestablishment procedure in response to detecting the IP failure, and transmitting, by the user device, the IP failure information in a message during or after the RRC reestablishment procedure.
  • RRC Radio Resource Control
  • the RRC reestablishment procedure may include transmitting, by the user device to the base station, a RRC reestablishment request, where the RRC reestablishment request includes an indication that the initiation of the RRC reestablishment procedure is due to the integrity protection failure, receiving, by the user device from the base station, a RRC connection reestablishment message, transmitting, by the user device to the base station, a RRC connection reestablishment complete message, where the RRC connection reestablishment complete message includes an indication that the user device has the IP failure information, receiving, by the user device from the base station, an information request to provide the IP failure information, and transmitting, by the user device from the base station, the IP failure information.
  • the transmitting the at least one message having the IP failure information may include transmitting, by the user device to the base station, a message including the IP failure information, and initiating a Radio Resource Control (RRC) reestablishment procedure after the IP failure information has been transmitted.
  • RRC Radio Resource Control
  • an apparatus comprising at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause the apparatus to execute the method of FIG. 6 (and/or any combination of operations/features discussed throughout the entire disclosure).
  • a computer program product comprising a computer-readable storage medium and storing executable code that, when executed by at least one processor, is configured to cause the at least one processor to execute the method of FIG. 6 (and/or any combination of operations/features discussed throughout the entire disclosure).
  • FIG. 7 is as flow chart 700 illustrating operation of a base station (BS)/eNB according to an example implementation.
  • Operation 702 includes receiving, by a base station from a user device in a wireless network, integrity protection (IP) failure information about an IP failure on one or more radio bearers at the user device.
  • Operation 704 includes determining, by the base station, a cause of the IP failure based on the IP failure information.
  • Operation 706 includes performing, by the base station, at least one action based on the determined cause.
  • the IP failure information may include a plurality of IP failure elements, where the plurality of IP failure elements includes two or more of: a first element including a type of radio bearer that trigged the integrity protection failure, a second element including a bearer identifier on which the integrity protection failure was detected, a third element including a sequence number and count of a protocol data unit (PDU), a fourth element including time of the integrity protection failure and location of the user device, a fifth element including a physical cell identifier (PCI) and frequency of a cell, and a sixth element including a received message authentication code-integrity (MAC-I) and a computed X- MAC.
  • PDU protocol data unit
  • PCI physical cell identifier
  • MAC-I received message authentication code-integrity
  • the plurality of IP failure elements may include the first element, the second element, the third element, the fourth element, the fifth element, and the sixth element.
  • the one or more radio bearers may include a signaling radio bearer (SRB) or a data radio bearer (DRB).
  • SRB signaling radio bearer
  • DRB data radio bearer
  • the determining the cause of the IP failure based on the IP failure information may include determining that the cause is a Hyper Frame Number (HFN) de- synchronization condition, and the performing at least one action based on the determined cause may include increasing a size of a reordering window of Packet Data Convergence Protocol (PDCP).
  • HFN Hyper Frame Number
  • PDCP Packet Data Convergence Protocol
  • the determining the cause of the IP failure based on the IP failure information may include determining that the cause is a potential attack on the wireless network, and the performing at least one action based on the determined cause may include generating and sending an attack report, where the attack report identifies which protocol data unit (PDU) was altered.
  • PDU protocol data unit
  • the determining the cause of the IP failure based on the IP failure information may include determining that the cause is a potential attack on the user device, and the performing at least one action based on the determined cause may include stopping communication with the user device.
  • an apparatus comprising at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause the apparatus to execute the method of FIG. 7 (and/or any combination of operations/features discussed throughout the entire disclosure).
  • a computer program product comprising a computer-readable storage medium and storing executable code that, when executed by at least one processor, is configured to cause the at least one processor to execute the method of FIG. 7 (and/or any combination of operations/features discussed throughout the entire disclosure).
  • FIG. 8 is a block diagram of a wireless station (e.g., AP or user device) 800 according to an example implementation.
  • the wireless station 800 may include, for example, one or two RF (radio frequency) or wireless transceivers 802A, 802B, where each wireless transceiver includes a transmitter to transmit signals and a receiver to receive signals.
  • the wireless station also includes a processor or control unit/entity (controller) 804 to execute instructions or software and control transmission and receptions of signals, and a memory 806 to store data and/or instructions.
  • Processor 804 may also make decisions or determinations, generate frames, packets or messages for transmission, decode received frames or messages for further processing, and other tasks or functions described herein.
  • Processor 804 which may be a baseband processor, for example, may generate messages, packets, frames or other signals for transmission via wireless transceiver 802A or 802B.
  • Processor 804 may control transmission of signals or messages over a wireless network, and may control the reception of signals or messages, etc., via a wireless network (e.g., after being down- converted by wireless transceiver 802, for example).
  • Processor 804 may be programmable and capable of executing software or other instructions stored in memory or on other computer media to perform the various tasks and functions described above, such as one or more of the tasks or methods described above (e.g., any of the operations of the timing diagrams and flowcharts of the figures).
  • Processor 804 may be (or may include), for example, hardware, programmable logic, a programmable processor that executes software or firmware, and/or any combination of these.
  • the processor 804 may include one or more processors coupled to a substrate. Using other terminology, processor 804 and transceiver 802 together may be considered as a wireless transmitter/receiver system, for example.
  • a controller (or processor) 808 may execute software and instructions, and may provide overall control for the station 800, and may provide control for other systems not shown in FIG. 8, such as controlling input/output devices (e.g., display, keypad), and/or may execute software for one or more applications that may be provided on wireless station 800, such as, for example, an email program, audio/video applications, a word processor, a Voice over IP application, or other application or software.
  • a storage medium may be provided that includes stored instructions, which when executed by a controller or processor may result in the processor 804, or other controller or processor, performing one or more of the functions or tasks described above.
  • RF or wireless transceiver(s) 802A/802B may receive signals or data and/or transmit or send signals or data.
  • Processor 804 (and possibly transceivers 802A/802B) may control the RF or wireless transceiver 802A or 802B to receive, send, broadcast or transmit signals or data.
  • the embodiments are not, however, restricted to the system that is given as an example, but a person skilled in the art may apply the solution to other communication systems.
  • Another example of a suitable communications system is the 5G concept. It is assumed that network architecture in 5G will be quite similar to that of the LTE-advanced. 5G is likely to use multiple input - multiple output (MIMO) antennas, many more base stations or nodes than the LTE (a so-called small cell concept), including macro sites operating in co-operation with smaller stations and perhaps also employing a variety of radio technologies for better coverage and enhanced data rates.
  • MIMO multiple input - multiple output
  • NFV network functions virtualization
  • a virtualized network function may comprise one or more virtual machines running computer program codes using standard or general type servers instead of customized hardware. Cloud computing or data storage may also be utilized.
  • radio communications this may mean node operations may be carried out, at least partly, in a server, host or node operationally coupled to a remote radio head. It is also possible that node operations will be distributed among a plurality of servers, nodes or hosts. It should also be understood that the distribution of labour between core network operations and base station operations may differ from that of the LTE or even be non-existent.
  • Implementations of the various techniques described herein may be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them. Implementations may implemented as a computer program product, i.e., a computer program tangibly embodied in an information carrier, e.g., in a machine-readable storage device or in a propagated signal, for execution by, or to control the operation of, a data processing apparatus, e.g., a programmable processor (e.g., a processor coupled to a substrate), a computer, or multiple computers. Implementations may also be provided on a computer readable medium or computer readable storage medium, which may be a non-transitory medium.
  • Implementations of the various techniques may also include implementations provided via transitory signals or media, and/or programs and/or software implementations that are downloadable via the Internet or other network(s), either wired networks and/or wireless networks.
  • implementations may be provided via machine type communications (MTC), and also via an Internet of Things (IOT).
  • MTC machine type communications
  • IOT Internet of Things
  • the computer program may be in source code form, object code form, or in some intermediate form, and it may be stored in some sort of carrier, distribution medium, or computer readable medium, which may be any entity or device capable of carrying the program.
  • Such carriers include a record medium, computer memory, readonly memory, photoelectrical and/or electrical carrier signal, telecommunications signal, and software distribution package, for example.
  • the computer program may be executed in a single electronic digital computer or it may be distributed amongst a number of computers.
  • implementations of the various techniques described herein may use a cyber-physical system (CPS) (a system of collaborating computational elements controlling physical entities).
  • CPS cyber-physical system
  • CPS may enable the implementation and exploitation of massive amounts of interconnected ICT devices (sensors, actuators, processors microcontrollers, etc embedded in physical objects at different locations.
  • ICT devices sensors, actuators, processors microcontrollers, etc.
  • Mobile cyber physical systems in which the physical system in question has inherent mobility, are a subcategory of cyber-physical systems. Examples of mobile physical systems include mobile robotics and electronics transported by humans or animals. The rise in popularity of smartphones has increased interest in the area of mobile cyber- physical systems. Therefore, various implementations of techniques described herein may be provided via one or more of these technologies.
  • a computer program such as the computer program(s) described above, can be written in any form of programming language, including compiled or interpreted languages, and can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit or part of it suitable for use in a computing environment.
  • a computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network.
  • Method steps may be performed by one or more programmable processors (e.g., one or more processors coupled to a substrate) executing a computer program or computer program portions to perform functions by operating on input data and generating output. Method steps also may be performed by, and an apparatus may be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application- specific integrated circuit).
  • programmable processors e.g., one or more processors coupled to a substrate
  • Method steps also may be performed by, and an apparatus may be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application- specific integrated circuit).
  • FPGA field programmable gate array
  • ASIC application-specific integrated circuit
  • processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer, chip or chipset.
  • a processor will receive instructions and data from a read-only memory or a random access memory or both.
  • Elements of a computer may include at least one processor for executing instructions and one or more memory devices for storing instructions and data.
  • a computer also may include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto-optical disks, or optical disks.
  • Information carriers suitable for embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks, e.g., internal hard disks or removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks.
  • semiconductor memory devices e.g., EPROM, EEPROM, and flash memory devices
  • magnetic disks e.g., internal hard disks or removable disks
  • magneto-optical disks e.g., CD-ROM and DVD-ROM disks.
  • the processor and the memory may be supplemented by, or incorporated in, special purpose logic circuitry.
  • implementations may be implemented on a computer having a display device, e.g., a cathode ray tube (CRT) or liquid crystal display (LCD) monitor, for displaying information to the user and a user interface, such as a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer.
  • a display device e.g., a cathode ray tube (CRT) or liquid crystal display (LCD) monitor
  • a user interface such as a keyboard and a pointing device, e.g., a mouse or a trackball
  • Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback, e.g., visual feedback, auditory feedback, or tactile feedback; and input from the user can be received in any form, including acoustic, speech, or tactile input.
  • Implementations may be implemented in a computing system that includes a back-end component, e.g., as a data server, or that includes a middleware component, e.g., an application server, or that includes a front-end component, e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation, or any combination of such back-end, middleware, or front-end components.
  • Components may be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (LAN) and a wide area network (WAN), e.g., the Internet.
  • LAN local area network
  • WAN wide area network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

According to an example implementation, a base station comprising at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause the base station to receive, from a user device in a wireless network, integrity protection (IP) failure information about an IP failure on one or more radio bearers at the user device, determine a cause of the IP failure based on the IP failure information, and perform at least one action based on the determined cause.

Description

INTEGRITY PROTECTION REPORT GENERATION IN A WIRELESS
COMMUNICATION SYSTEM
Inventor:
Guillaume Decarreau
TECHNICAL FIELD
[0001 ] This description relates to communications, and in particular, to generation of integrity protection failure information in response to detection of an integrity protection failure.
BACKGROUND
[0002] A communication system may be a facility that enables communication between two or more nodes or devices, such as fixed or mobile communication devices. Signals can be carried on wired or wireless carriers. An example of a cellular communication system is an architecture that is being standardized by the 3rd Generation Partnership Project (3GPP). A recent development in this field is often referred to as the long-term evolution (LTE) of the Universal Mobile Telecommunications System (UMTS) radio-access technology. E-UTRA (evolved UMTS Terrestrial Radio Access) is the air interface of 3GPP's Long Term Evolution (LTE) upgrade path for mobile networks. In LTE, base stations or access points (APs), which are referred to as enhanced Node AP (eNBs), provide wireless access within a coverage area or cell. In LTE, mobile devices, or mobile stations are referred to as user equipments (UE). LTE has included a number of improvements or developments. 5G (or 5th generation) wireless networks are also being developed.
[0003] In LTE, integrity protection can be used to protect one or more signaling radio bearers (SRBs), and, in 5G, integrity protection can be used for the SRBs as well as data radio bearers (DRBs). In LTE, when the UE detects an integrity protection failure, the UE may perform a Radio Resource Control (RRC) reestablishment procedure. However, in some conventional approaches, the UE's RRC reestablishment procedure may not indicate that the cause of the RRC reestablishment procedure is due to the integrity protection failure. For instance, an RRC reestablishment procedure may be initiated for other reasons besides an integrity protection failure such as radio link failure, handover failure, mobility from E-UTRA failure, etc. As such, when the base station receives an RRC connection reestablishment request from the UE, the base station does not necessarily know that it is in response to an integrity protection failure. In some conventional approaches, handover failure may be indicated in the re-establishment cause. However, radio link failure and integrity failure may be indicated within a catchall reason (e.g., "other failure").
[0004] In addition, if the underlying cause of the RRC re-establishment procedure is the integrity protection failure, in some conventional approaches, the base station does not receive detailed information about what caused the integrity protection failure. In these situations, the base station may miss an opportunity to identify a potential attack on the system, and then properly address the attack. In other situations, the integrity protection failure may not stem from an attack on the system, but rather from a configuration or scheduling condition of the system. In these situations, having more detailed information about the underlying integrity protection failure may allow the base station to take corrective action(s) to minimize the chance that an integrity protection failure will reoccur in the future.
SUMMARY
[0005] According to an example implementation, a base station comprising at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause the base station to receive, from a user device in a wireless network, integrity protection (IP) failure information about an IP failure on one or more radio bearers at the user device, determine a cause of the IP failure based on the IP failure information, and perform at least one action based on the determined cause.
[0006] The base station may include any one of more of the following features (or any combination thereof). The IP failure information may include a plurality of IP failure elements. The plurality of IP failure elements includes two or more of (or any combination thereof): a first element including a type of radio bearer that trigged the integrity protection failure, a second element including a bearer identifier on which the integrity protection failure was detected, a third element including a sequence number and count of a protocol data unit (PDU), a fourth element including time of the integrity protection failure and location of the user device, a fifth element including a physical cell identifier (PCI) and frequency of a cell, and a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC. The base station is configured to determine that the cause is a Hyper Frame Number (HFN) de- synchronization condition using at least one of the third element, the fourth element, and the sixth element, and the base station is configured to increase a size of a reordering window of Packet Data Convergence Protocol (PDCP) in response to the cause being determined as the HFN de- synchronization condition. The base station is configured to determine that the cause is a potential attack on the wireless network using at least one of the first element, the second element, and the third element, and the base station is configured to generate and send an attack report in response to the cause being determined as the potential attack, the attack report identifying which protocol data unit (PDU) was altered. The base station is configured to determine that the cause is a potential attack on the user device using at least one of the fifth element and the sixth element, and the base station is configured to stop communication with the user device in response to the cause being determined as the potential attack on the user device. In some examples, the one or more radio bearers include a signaling radio bearer (SRB). In some examples, the one or more radio bearers include a data radio bearer (DRB).
[0007] According to an example implementation, a method may include receiving, by a base station from a user device in a wireless network, integrity protection (IP) failure information about an IP failure on one or more radio bearers at the user device, determining, by the base station, a cause of the IP failure based on the IP failure information, and performing, by the base station, at least one action based on the determined cause.
[0008] The method may include any one of more of the following features (or any combination thereof). The IP failure information may include a plurality of IP failure elements. The plurality of IP failure elements may include two or more of (any combination thereof): a first element including a type of radio bearer that trigged the integrity protection failure, a second element including a bearer identifier on which the integrity protection failure was detected, a third element including a sequence number and count of a protocol data unit (PDU), a fourth element including time of the integrity protection failure and location of the user device, a fifth element including a physical cell identifier (PCI) and frequency of a cell, and a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC. The determining the cause of the IP failure based on the IP failure information may include determining that the cause is a Hyper Frame Number (HFN) de- synchronization condition using at least one of the third element, the fourth element, and the sixth element, and the performing at least one action based on the determined cause may include increasing a size of a reordering window of Packet Data Convergence Protocol (PDCP). The determining the cause of the IP failure based on the IP failure information may include determining that the cause is a potential attack on the wireless network using at least one of the first element, the second element, and the third element, and the performing at least one action based on the determined cause may include generating and sending an attack report, where the attack report identifies which protocol data unit (PDU) was altered.
[0009] According to an example implementation, a computer program product includes a computer-readable storage medium and storing executable code that, when executed by at least one processor, is configured to cause the at least one processor to execute any the operations of the method and/or operations performed by the base station.
[0010] According to an example implementation, an apparatus may include a means for receiving, by a base station from a user device in a wireless network, integrity protection (IP) failure information about an IP failure on one or more radio bearers at the user device, means for determining, by the base station, a cause of the IP failure based on the IP failure information, and means for performing, by the base station, at least one action based on the determined cause. The means for receiving may include receiving a plurality of IP failure elements (some or all of them). The means for determining may include means for determining that the cause is a Hyper Frame Number (HFN) de- synchronization condition using at least one of the third element, the fourth element, and the sixth element, and the means for performing at least one action based on the determined cause may include means for increasing a size of a reordering window of Packet Data Convergence Protocol (PDCP). The means for determining the cause of the IP failure based on the IP failure information may include means for determining that the cause is a potential attack on the wireless network using at least one of the first element, the second element, and the third element, and the means for performing at least one action based on the determined cause may include means for generating and sending an attack report, where the attack report identifies which protocol data unit (PDU) was altered.
[0011 ] According to an example implementation, a user device comprises at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause the user device to detect an integrity protection (IP) failure on one or more radio bearers, store IP failure information about the IP failure, and transmit, to a base station in a wireless network, at least one message having at least a portion of the IP failure information.
[0012] The user device may include one or more of the following features (or any combination thereof). The user device is configured to store the IP failure information as a plurality of IP failure elements. The plurality of IP failure elements may include two or more of (or any combination thereof): a first element including a type of radio bearer that trigged the integrity protection failure, a second element including a bearer identifier on which the integrity protection failure was detected, a third element including a sequence number and count of a protocol data unit (PDU), a fourth element including time of the integrity protection failure and location of the user device, a fifth element including a physical cell identifier (PCI) and frequency of a cell, and a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC. The user device is configured to initiate a Radio Resource Control (RRC) reestablishment procedure in response to detecting the IP failure, and transmit at least a portion of the IP failure information in a message during or after the RRC reestablishment procedure. During the RRC reestablishment procedure, the user device is configured to transmit, to the base station, a RRC reestablishment request, where the RRC reestablishment request includes an indication that the initiation of the RRC reestablishment procedure is due to the integrity protection failure, receive, from the base station, a RRC connection reestablishment message, transmit, to the base station, a RRC connection reestablishment complete message, where the RRC connection reestablishment complete message includes an indication that the user device has the IP failure information, receive, from the base station, an information request to provide the IP failure information, and transmit, from the base station, at least a portion of the IP failure information. The user device is configured to transmit, to the base station, a message including the IP failure information, and initiate a Radio Resource Control (RRC) reestablishment procedure after the IP failure information has been transmitted.
[0013] According to an example implementation, a method includes detecting, by a user device in a wireless network, an integrity protection (IP) failure on one or more radio bearers, storing, by the user device, IP failure information about the IP failure, and transmitting, by the user device to a base station in the wireless network, at least one message having at least a portion of the IP failure information.
[0014] The method may include any one or more of the following features (or any combination thereof). The storing includes storing the IP failure information as a plurality of IP failure elements. The plurality of IP failure elements may include two or more of (or any combination thereof): a first element including a type of radio bearer that trigged the integrity protection failure, a second element including a bearer identifier on which the integrity protection failure was detected, a third element including a sequence number and count of a protocol data unit (PDU), a fourth element including time of the integrity protection failure and location of the user device, a fifth element including a physical cell identifier (PCI) and frequency of a cell, and a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC. The transmitting the at least one message having the IP failure information may include initiating, by the user device, a Radio Resource Control (RRC) reestablishment procedure in response to detecting the IP failure, and transmitting, by the user device, the IP failure information in a message during or after the RRC reestablishment procedure. The RRC reestablishment procedure may include transmitting, by the user device to the base station, a RRC reestablishment request, where the RRC reestablishment request includes an indication that the initiation of the RRC reestablishment procedure is due to the integrity protection failure, receiving, by the user device from the base station, a RRC connection reestablishment message, transmitting, by the user device to the base station, a RRC connection reestablishment complete message, where the RRC connection reestablishment complete message includes an indication that the user device has the IP failure information, receiving, by the user device from the base station, an information request to provide the IP failure information, and transmitting, by the user device from the base station, the IP failure information. The transmitting the at least one message having the IP failure information may include transmitting, by the user device to the base station, a message including the IP failure information, and initiating a Radio Resource Control (RRC) reestablishment procedure after the IP failure information has been transmitted.
[0015] According to an example implementation, a computer program product includes a computer-readable storage medium and storing executable code that, when executed by at least one processor, is configured to cause the at least one processor to execute any the operations of the method and/or performed by the user device.
[0016] According to an example implementation, an apparatus may include a means for detecting, by a user device in a wireless network, an integrity protection (IP) failure on one or more radio bearers, a means for storing, by the user device, IP failure information about the IP failure, and a means for transmitting, by the user device to a base station in the wireless network, at least one message having the IP failure information.
[0017] The details of one or more examples of implementations are set forth in the accompanying drawings and the description below. Other features will be apparent from the description and drawings, and from the claims.
BRIEF DESCRIPTION OF THE DRAWINGS
[0018] FIG. 1 is a block diagram of a wireless network according to an example implementation.
[0019] FIG. 2 is a block diagram of a user device that sends integrity protection (IP) failure elements to a base station in response to detection of an integrity protection failure on the user device according to an example implementation. [0020] FIG. 3 illustrates an example of a communication diagram between the user device and the base station for transmitting the IP failure elements according to an example implementation.
[0021 ] FIG. 4 illustrates an example of a communication diagram between the user device and the base station during an RRC reestablishment procedure according to an example implementation.
[0022] FIG. 5 illustrates an example of a communication diagram between the user device and the base station for transmitting the IP failure elements according to another example implementation.
[0023] FIG. 6 is a flow chart illustrating operations of the user device according to an example implementation.
[0024] FIG. 7 is as flow chart illustrating operations of the base station according to an example implementation.
[0025] FIG. 8 is a block diagram of a wireless station according to an example implementation.
DETAILED DESCRIPTION
[0026] According to example implementations, upon the detection of an integrity protection (IP) failure on a radio bearer (RB) (e.g., signaling radio bearer (SRB) or data radio bearer (DRB)), the UE may obtain and store IP failure information about the IP failure. In some examples, the IP failure information may include two or more of the following elements: 1) type of bearer (e.g., control, data) that triggered the IP failure, 2) bearer identifier (e.g., bearer ID) on which the IP failure was detected, 3) sequence number (SN) and Count of the faulty protocol data unit (PDU), 4) time that the IP failure was detected and location of the UE, 5) physical cell identifier (PCI) and frequency of the cell from which the UE received the PDU that caused the IP failure, and 6) a received Message Authentication Code-Integrity (MAC-I) of the faulty PDU and the UE- computed X-MAC of the faulty packet (e.g., IP fails when the MAC-I is different than the MAC-X). By obtaining the type of bearer, the bearer ID, and the SN and Count, the exact faulty PDU or packet can be identified. In addition, by obtaining UE Identity in the RRC Connection Reestablishment Request message, a specific UE can be identified, and if the UE has several IP failures for the same reason, it may be determined that the UE was subjected to a targeted attack, and the network may stop communication with that UE.
[0027] In some examples, in response to a particular IP failure, the UE obtains and stores two or more of these elements as an IP failure report stored at the UE. In some examples, in response to a particular IP failure, the UE obtains and stores all of these elements (e.g., all of elements 1 through 6) as an IP failure report stored at the UE. In some examples, the UE generates and stores a separate IP failure report for each IP failure. In some examples, if multiple PDUs in a row fail the integrity check, the UE generates a single report having these elements for each of the multiple PDUs.
[0028] In some examples, the UE notifies the base station about the IP failure via a message, and includes the stored elements within the message. In some examples, the UE notifies the base station about the IP failure via a first message, and the base station may respond with a message requesting more information about the underlying IP failure. Then, the UE may respond with a second message that includes the stored elements. In some examples, in response to the IP failure, the UE initiates a Radio Resource Control (RRC) reestablishment procedure, and, as part of the RRC reestablishment procedure, the UE indicates that the cause of the RRC reestablishment procedure is due to the IP failure. In some examples, in response to the IP failure, the UE initiates the RRC reestablishment procedure, and, as part of the RRC reestablishment procedure, the UE indicates that the cause of the RRC reestablishment procedure is due to the IP failure and includes the stored elements about the IP failure. In some examples, in response to the IP failure, the UE initiates the RRC reestablishment procedure, and, as part of the RRC reestablishment procedure, the UE indicates the presence of the stored elements, and the base station may subsequently request the UE to send the stored elements.
[0029] In some examples, the way the UE transmits the stored elements is dependent upon if the IP failure occurs on the Signaling Radio Bearer (SRB) or the Data (or user) Radio Bearer (DRB). In some examples, in LTE, IP is used to protect the SRB (not the DRB). In some examples, in 5G, IP is used to protect the SRB and the DRB. In LTE, the UE performs RRC reestablishment in response to an IP failure. In some examples, in the case of LTE, the UE may initiate the RRC reestablishment procedure in response to the IP failure, and, as part of the RRC reestablishment procedure, the UE may indicate that the reason for the RRC reestablishment procedure is due to the IP failure and include the stored element for transmission to the base station or include an indication that it has stored elements about the IP failure. In some examples, in the case of 5G, in response to the IP failure, the UE may transmit the stored elements as part of a message transmitted from the UE to the base station, and possibly then subsequently initiate the RRC reestablishment procedure. In other examples, in 5G, the UE may initiate the RRC reestablishment procedure in response to the IP failure, and, as part of the RRC reestablishment procedure, the UE may send an indication that the reason for the RRC reestablishment procedure is due to the IP failure and include the stored elements for transmission to the base station.
[0030] Based on elements received from the UE about the IP failure, the base station may determine the cause of the IP failure. In some examples, based on the elements received from the UE about the IP failure, the base station may determine whether the cause of the IP failure is due to an attack on the network, a Hyper Frame Number (HFN) de- synchronization condition, Layer 1 transmission, or some other condition. In response to the determination that the cause of the IP failure is an attack, the base station may disable communication with the affected UE, automatically send an alert to appropriate personal, automatically take corrective action by modifying or disabling a part of the network, and/or provide an attack report that can locate the attack, detect which message was targeted, which Protocol Data Unit (PDU) was altered, and/or the type of PDU (e.g., (e.g., if it was a Control Plane (CP) or User Plane (UP) PDU), which can possibly disclose a weakness in the protocol. In response to the determination that the cause of the IP failure is an HFN de-synchronization condition (which can happen in the case of aggressive scheduling by the base station), the base station may create a larger window in the Packet Data Convergence Protocol (PDCP) or provide less aggressive scheduling.
[0031 ] FIG. 1 is a block diagram of a wireless network 130 according to an example implementation. In the wireless network 130 of FIG. 1, user devices 131, 132, 133 and 135, which may also be referred to as mobile stations (MSs) or user equipment (UEs), may be connected (and in communication) with a base station (BS) 134, which may also be referred to as an access point (AP), an enhanced Node B (eNB) or a network node. At least part of the functionalities of an access point (AP), base station (BS) or (e)Node B (eNB) may be also be carried out by any node, server or host which may be operably coupled to a transceiver, such as a remote radio head. BS (or AP) 134 provides wireless coverage within a cell 136, including to user devices 131, 132, 133 and 135. Although only four user devices are shown as being connected or attached to BS 134, any number of user devices may be provided. BS 134 is also connected to a core network 150 via a SI interface 151. This is merely one simple example of a wireless network, and others may be used.
[0032] A user device (user terminal, user equipment (UE)) may refer to a portable computing device that includes wireless mobile communication devices operating with or without a subscriber identification module (SIM), including, but not limited to, the following types of devices: a mobile station (MS), a mobile phone, a cell phone, a smartphone, a personal digital assistant (PDA), a handset, a device using a wireless modem (alarm or measurement device, etc.), a laptop and/or touch screen computer, a tablet, a phablet, a game console, a notebook, and a multimedia device, as examples. It should be appreciated that a user device may also be a nearly exclusive uplink only device, of which an example is a camera or video camera loading images or video clips to a network. A user device (or UE) may also include an Internet of Things (IoT) user device/UE, such as for example, a narrowband Internet of Things (NB-IoT) user device/UE.
[0033] In LTE (as an example), the core network 150 may be referred to as Evolved Packet Core (EPC), which may include a mobility management entity (MME) which may handle or assist with mobility/handover of user devices between BSs, one or more gateways that may forward data and control signals between the BSs and packet data networks or the Internet, and other control functions or blocks.
[0034] The various example implementations may be applied to a wide variety of wireless technologies or wireless networks, such as LTE, LTE-A, 5G, cmWave, and/or mmWave band networks, or any other wireless network. LTE, 5G, cmWave and mmWave band networks are provided only as illustrative examples, and the various example implementations may be applied to any wireless technology/wireless network. [0035] FIG. 2 is a block diagram of an UE 131 that is configured to send integrity protection (IP) failure elements 105 to a BS 134 in response to detection of an IP failure according to an example implementation.
[0036] The UE 131 includes an IP failure detector 101 configured to perform an integrity check according to an integrity protection algorithm, and detect an IP failure for Packet Data Convergence Protocol (PDCP) entities associated with SRBs in the case of LTE and detect an IP failure for PDCP entities associated with SRBs and DRBs in the case of 5G.
[0037] The PDCP entities are located in the PDCP sublayer. Each PDCP entity carries data of one radio bearer (e.g., SRB or DRB). A PDCP entity is associated with either the control plane (e.g., in the case of SRB) or the user plane (e.g., the case of DRB). The PDCP provides a numbers of services (e.g., transfer of user plane data, transfer of control plane data, header compression, ciphering, and IP) to the RRC and the user plane upper layers at the UE 131. In some examples, the format of the PDCP PDU carrying control plane SRBs includes a PDCP sequence number (SN), data (e.g., control plane data), and MAC-I (which may contain a message authentication code). In some examples, the format of the PDCP PDU carrying user data DRBs include a PDCP SN, data (e.g., user plane data), and a MAC-I (which may contain a message authentication code).
[0038] In order to protect user data and signaling information from being intercepted by unauthorized devices, IP may be utilized for protecting RRC messages transmitted on SRBs. Radio Bearers (RBs) are logical data communication exchange channels, and are used for providing data transmission exchange to the user or for providing RRC layer control signal transmission exchange. SRBs are the RBs specifically used for transmitting RRC messages, and utilized for completing various RRC control processes. After the IP procedure is activated, every time the UE 131 or the BS 134 transmits signaling message, the UE 131 or the BS 134 may add a MAC-I, whose content is different for each signaling message. When the UE 131 transmits a message, the UE 131 computes the value of the MAC-I field and inserts the value into the MAC-I field of PDPCH PDU. When the UE 131 receives a message, the UE 131 verifies the integrity of the PDCP PDU by calculating the X-MAC based on the input parameters (e.g., Bearer ID, Direction, AS Key, Message itself etc.). If the calculated X-MAC corresponds to the received MAC-I, IP is verified successfully. However, if the calculated X-MAC does not correspond (e.g., match) to the received MAC-I, IP fails.
[0039] The UE 131 or the BS 134 can authenticate the accuracy of the MAC-I, and thereby accept the received signaling message when the expected MAC-I and the received MAC-I are the same or act as if the message was not received when the calculated expected MAC-I and the received MAC-I different, i.e., when the IP check fails.
[0040] Upon detection of a failure of the IP, the UE 131 may obtain and store IP failure information about the IP failure. For example, the UE 131 includes an IP element creator 103 configured to obtain and store detailed information about the IP failure within an IP failure report stored at the UE 131. In some examples, the IP element creator 103 obtains IP failure information from the IP process performed by the IP failure detector 101, and stores IP failure elements 105 at the UE 131. In some examples, the IP failure elements 105 are stored as the IP failure report for a particular instance of an IP failure. For example, the IP failure detector 101 may detect a first IP failure on a first PDU at a first time, and in response to the detection of the first IP failure, the IP element creator 103 may obtain and store the IP failure elements 105 associated with the first PDU as a first IP failure report. Then, the IP failure detector 101 may detect a second IP failure on a second PDU at a second time, and in response to the detection of the second IP failure, the IP element creator 103 may obtain and store the IP failure elements 105 associated with the second PDU as a second IP failure report.
[0041 ] In some examples, the IP failure elements 105 may include two or more of the following elements: a first element 106 that includes the type of bearer (e.g., control, data) that triggered the IP failure, a second element 107 that includes bearer identifier (e.g., bearer ID) on which the IP failure was detected, a third element 108 that includes the sequence number (SN) and Count (e.g., the Count may be the HFN and the PDCP SN) of the faulty PDU, and a fourth element 109 that includes the time that the IP failure was detected and the location of the UE 131, a fifth element 110 that includes a physical cell identifier (PCI) and frequency of the cell 136 from which the UE 131 received the PDU that caused the IP failure, and a sixth element 111 that includes a received MAC-I of the faulty PDU and the UE-computed X-MAC of the faulty packet. The term element may refer to a component of the IP failure report, and the IP failure report may include any number of elements (e.g., including two of more of the above elements, or all of them).
[0042] The type of bearer included within the first element 106 may indicate whether the bearer is an SRB or a DRB. In other words, the type of bearer included within the first element 106 may indicate whether the fault is associated with the control plane (in the case of SRB) or associated with the user plane (in the case of DRB). The bearer ID included within the second element 107 may indicate the type of service carried by the radio bearer, e.g., data, voice, video. The SN included within the third element 108 may indicate the sequence number of the PDU, and the Count is the HFN + the PDCP SN. In some examples, the Count may be considered the PDCP Data PDU counter, where the value of the count is incremented for each PDCP PDU data during a RRC connection (which may have a length of 32 bits). There is one Count per Radio Bearer (SRB or DRB). The time included within the fourth element 109 may include the time that the IP failure was detected, and the location indicates where the UE 131 was located when the IP failure has occurred (e.g., GPS coordinates or other types of location data). The PCI included within the fifth element 110 may indicate a pseudo-unique value for identifying the BS 134, and the frequency may indicate a frequency value or range established between the UE 131 and the BS 134 within the cell 136 from which the UE 131 received the PDU that caused the IP failure. With respect to the sixth element 111, as indicated above, if the calculated X-MAC corresponds to the received MAC-I, IP is verified successfully. However, if the calculated X-MAC does not correspond (e.g., match) to the received MAC-I, IP fails. In some examples, the BS 134 can use the MAC- I and the X-MAC to determine (or provided an indication) that the IP failure is caused by the HFN desynchronization condition.
[0043] The UE 131 notifies the BS 134 about the IP failure and the IP failure elements 105. FIG. 3 illustrates an example of a communication diagram 300 between the UE 131 and the BS 134 for transmitting the IP failure elements 105 according to an example implementation. In some examples, the communication diagram 300 is applicable to a 5G communication network. In some examples, the communication diagram 300 is applicable for IP failures occurring on the DRBs.
[0044] In operation 302, the UE 131 detects IP failure on one or more of the bearers in PDCP, and notifies higher layers about the IP failure. The UE 131 may store the IP failure elements 105 at the UE 131. In operation 304, the UE 131 may send an IP failure message to the BS 134, where the IP failure message includes the IP failure elements 105 (e.g., two or more of the elements 105 or all of them). In operation 306, after the transmission of the IP failure elements 105, the UE 131 may initiate an RRC reestablishment procedure. The RRC reestablishment procedure re-establishes the RRC connected between the UE 131 and the BS 134 from various failures on the radio interface.
[0045] FIG. 4 illustrates an example of a communication diagram 400 between the UE 131 and the BS 134 during an RRC reestablishment procedure according to an example implementation. After the RRC reestablishment procedure is initiated, the UE 131 performs a cell selection procedure where the UE 131 searches for a suitable cell and accordingly acquires the Master Information Block (MIB) and System Information Block (SIB) of cells that are broadcasted by the BS 134. In operation 402, the UE 131 sends a RRC Connection Reestablishment Request message to the BS 134. For example, after the cell selection procedure is successfully finished and MIB/SIB information is also successfully received, the UE 131 submits the RRC Connection Reestablishment Request message, which includes Cell-Radio Network Temporary Identifier (C-RNTI), physical cell identifier (PCI), shortMAC-1 and re-establishment clause to low layers for transmission. Around this time, the lower layers perform the random access procedure in which the network may know that the UE 131 is trying to get access.
[0046] In operation 404, the BS 134 sends a RRC Connection Reestablishment message to the UE 131. For example, when the UE 131 receives the RRC Connection Reestablishment message, the UE 131 stops timer T301, re-establishes PDCP and Radio Link Control (RLC) for SRB 1, performs the radio resource configuration procedure, resumes SRB1, configures low layers to activate IP and ciphering and re-activates the AS security without changing algorithm. In operation 406, the UE 131 sends a RRC Connection Reestablishment Complete message to the BS 134. For example, when the UE receives the RRC Connection Reestablishment from the BS 134, the RRC connection reestablishment procedure is successfully finished by sending the RRC Connection Reestablishment Complete message to the BS 134.
[0047] FIG. 5 illustrates an example of a communication diagram 500 between the UE 131 and the BS 134 for transmitting the IP failure elements 105 according to another example implementation. In some examples, the communication diagram 500 is applicable to an LTE communication network. In some examples, the communication diagram 500 is applicable for IP failures occurring on the SRBs. In some examples, the RRC connection re-establishment procedure initiates when one or more of the following conditions is met: upon detecting radio link failure, upon handover failure, upon mobility from E-UTRA failure, upon integrity check failure indication from lower layers, upon an RRC connection reconfiguration failure.
[0048] As indicated above, in response to the IP failure, the UE 131 may an initiate transmission of an RRC connection reestablishment request message. However, in conventional approaches, messages exchanged during the RRC connection reestablishment procedure do not indicate the cause of why the RRC re-establishment procedure was initiated when the cause is IP failure (e.g., it could be radio link failure or integrity check failure). As such, in conventional approaches, when the BS 134 receives the RRC connection reestablishment request message from the UE 131, the BS 134 does not necessarily know that it is in response to an IP failure (e.g., it could be because of Radio Link Failure). However, according to the example embodiment of FIG. 5, in the case that the initiation of the RRC connection re-establishment procedure is due to the IP failure, the UE 131 transmits an indication that initiation of the RRC connection reestablishment procedure is due to the IP failure and possibly information about the IP failure (e.g., the IP failure elements 105).
[0049] In operation 502, the UE 131 detects IP failure on one or more of the bearers in PDCP, and notifies higher layers about the IP failure. The UE 131 may store the IP failure elements 105 at the UE 131. In operation 504, the UE 131 sends the RRC Connection Reestablishment Request message to the BS 134. For example, after the cell selection procedure is successfully finished and MIB/SIB information is also successfully received, the UE 131 submits the RRC Connection Reestablishment Request message, which includes C-RNTI, PCI, shortMAC- 1 and re-establishment clause to low layers for transmission. In addition, according to the example embodiment, the RRC Connection Reestablishment Request message includes an indication that the RRC Reconnection Procedure is due to the IP failure. In some examples, a new cause of RRC Reconnection failure is added in the existing list. In some examples, a specific flag is used. For example, the specific flag may be set to 1 in the message in case the cause of RRC Reconnection Procedure is due to IP Failure, and 0 for other causes (or vice versa). As such, besides the normal information that is included as part of the RRC Connection Reestablishment Request message, the RRC Connection Reestablishment Request message also includes an indication that the RRC Reconnection Procedure is due to the IP failure.
[0050] In operation 506, the UE 131 receives the RRC Connection Reestablishment message, and in operation 508, the UE sends the RRC Connection Reestablishment Complete message to the BS 134. However, according to an example embodiment, the RRC Connection Reestablishment Complete message also includes an indication that the UE 131 has information about the IP failure. In some examples, the indication may include a single dedicated bit within the RRC Connection Reestablishment Complete message, where a first value indicates that the UE 131 has information about the IP failure, and a second value indicates that the UE 131 does not have information about the IP failure. When the BS 134 receives the RRC Connection Reestablishment Complete message with the indication that the UE 131 has information about the IP failure, in operation 510, the BS 134 sends a UE information request that requests for the information about the IP failure. In response, in operation 512, the UE 131 sends a UE information response that includes the IP failure elements 105 (e.g., two more of the elements 105 or all of them).
[0051 ] Referring back to FIG. 2, the BS 134 may receive the IP failure elements (e.g., according to any of the methods discussed herein), and become aware that there is an IP verification failure (and possibly liked with an attack). In some conventional approaches, the current specification for the wireless network 130 does not provide a mechanism to specify that the cause of the RRC Reconfiguration procedure is due to IP failure. Integrity protection failure may occur due to one of several causes. In some examples, the BS 134 may evaluate and determine a potential cause about the IP failure based on the IP failure elements 105 received from the UE 131 (according to any of the methods discussed herein). In some examples, the BS 134 may include an IP cause classifier 112 configured to programmatically determine (or classify) the cause of the IP failure. In some examples, based on the IP failure elements 105 received from the UE 131 about the IP failure, the IP cause classifier 112 may determine whether the cause of the IP failure is due to an attack on the wireless network 130, a Hyper Frame Number (HFN) de- synchronization condition, or some other reason. In some examples, the IP cause classifier 112 is configured to use the Count and the time to determine if the BS 134 has sent a PDU with the same assumed Count. If so, the IP cause classifier 112 may determine that the IP failure is due to the HFN de-synchronization condition. In some examples, if the UE 131 has included the MAC-I of the faulty PDU, the IP cause classifier 112 may determine whether or not a sent PDU with the same SN but with a different assumed HFN has been sent. If so (e.g., the IP cause classifier 112 determines that there is a match), the IP cause classifier 112 may determine that the IP failure is due to the HFN de- synchronization condition. If some examples, if the UE 131 has included the X-MAC of the faulty PDU, the IP cause classifier 112 may calculate the MAC-I of PDUs sent with the same SN but different assumed HFN. If the IP cause classifier 112 can locate a PDU for each the MAC-I corresponds to the X-MAC-I, this may indicate that the cause of the IP failure is the HFN de- synchronization condition.
[0052] The BS 134 may include a task implementer 113 configured to perform at least one action based on the determined cause of the IP failure. In some examples, the task implementer 113 may disable communication with the UE 131, generate an attack report, send one or more alerts, and/or automatically take corrective action on the network (e.g., adjust window and/or scheduling). For example, In response to the determination that the cause of the IP failure is an attack, the BS 134 may disable communication with the affected UE 131, automatically send an alert to appropriate personal, automatically take corrective action by modifying or disabling a part of the wireless network 130, and/or provide an attack report that can locate the attack, detect which message was targeted, which PDU was altered, and/or the type of PDU (e.g., (e.g., if it was a Control Plane (CP) or User Plane (UP) PDU). In other words, by using the type of bearer, the bearer ID, and the SN and Count, the exact faulty PDU or packet can be identified.
[0053] In addition, the BS 134 may identity which UE was affected by the IP failure based on the physical cell identifier (PCI) and frequency included within the fifth element 110 and the C-RNTI included in the message from the UE in case of RRC connection reestablishment. The UE 131 can be identified by its identifier and the cell identifier (PCI) of the cell 123 in which the IP failure occurred (e.g., that information can be mapped to the IMSI and CN identifiers of the UE 131). If the same UE 131 is affected repeatedly, the BS 134 may determine that that the UE 131 is a victim of a targeted attack and stop communication with the UE 131.
[0054] In response to the determination that the cause of the IP failure is an HFN de- synchronization condition (which can happen in the case of aggressive scheduling by the BS 134), the base station may use a larger reordering window in the PDCP or provide less aggressive scheduling. In some examples, the size of the reordering window may be defined as half of (Maximum_PDCP_SN +1). The reordering window may correspond to the window in which the PDU are expected to be received and re- ordered at the reception PDCP entity. It is expected that the PDCP transmitter does not send (over the air) more PDUs than the size of the reordering window PDUs to avoid a HFN de- synchronization condition. If more packets are sent, a late packet can be confused by a newly transmitted packet. In case of UM mode, the transmitting entity may not know which packet has been received, and, as a consequence, may not know exactly which PDU (and which SN) are still being transmitted. This allows some freedom in the way the transmitter schedules the packets. An aggressive scheduling could be defined as a scheduling that may lead to transmit more consecutive PDU that suggested the above, in order to achieve more throughput. In some examples, the IP failure due to HFN de- synchronization may be an indication that the window is too small or the scheduling too aggressive. In this case, the BS 134 may adjust the window in the PDCP to be larger than what was previously provided, and/or decrease the level of aggressive of scheduling. In addition, in some examples, the IP failure may occur if the PDU has been altered during transmission. This may not happen with the protection in place in lower layers, but if it happens, it may be an indication that higher protection is needed to ensure the integrity of the packet.
[0055] FIG. 6 is a flow chart 600 illustrating operation of a user device/user equipment (UE) according to an example implementation.
[0056] Operation 602 includes detecting, by a user device in a wireless network, an integrity protection (IP) failure on one or more radio bearers. Operation 604 includes storing, by the user device, IP failure information about the IP failure. Operation 606 includes transmitting, by the user device to a base station in the wireless network, at least one message having the IP failure information.
[0057] According to an example implementation of the method of FIG. 6, the storing may include storing the IP failure information as a plurality of IP failure elements, where the plurality of IP failure elements include two or more of: a first element including a type of radio bearer that trigged the integrity protection failure, a second element including a bearer identifier on which the integrity protection failure was detected, a third element including a sequence number and count of a protocol data unit (PDU), a fourth element including time of the integrity protection failure and location of the user device, a fifth element including a physical cell identifier (PCI) and frequency of a cell, and a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC.
[0058] According to an example implementation of the method of FIG. 6, the plurality of IP failure elements may include the first element, the second element, the third element, the fourth element, the fifth element, and the sixth element.
[0059] According to an example implementation of the method of FIG. 6, the one or more radio bearers may include a signaling radio bearer (SRB) or a data radio bearer (DRB).
[0060] According to an example implementation of the method of FIG. 6, the transmitting the at least one message having the IP failure information may include initiating, by the user device, a Radio Resource Control (RRC) reestablishment procedure in response to detecting the IP failure, and transmitting, by the user device, the IP failure information in a message during or after the RRC reestablishment procedure.
[0061 ] According to an example implementation of the method of FIG. 6, the RRC reestablishment procedure may include transmitting, by the user device to the base station, a RRC reestablishment request, where the RRC reestablishment request includes an indication that the initiation of the RRC reestablishment procedure is due to the integrity protection failure, receiving, by the user device from the base station, a RRC connection reestablishment message, transmitting, by the user device to the base station, a RRC connection reestablishment complete message, where the RRC connection reestablishment complete message includes an indication that the user device has the IP failure information, receiving, by the user device from the base station, an information request to provide the IP failure information, and transmitting, by the user device from the base station, the IP failure information.
[0062] According to an example implementation of the method of FIG. 6, the transmitting the at least one message having the IP failure information may include transmitting, by the user device to the base station, a message including the IP failure information, and initiating a Radio Resource Control (RRC) reestablishment procedure after the IP failure information has been transmitted.
[0063] According to an example implementation, an apparatus comprising at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause the apparatus to execute the method of FIG. 6 (and/or any combination of operations/features discussed throughout the entire disclosure).
According to an example implementation, a computer program product comprising a computer-readable storage medium and storing executable code that, when executed by at least one processor, is configured to cause the at least one processor to execute the method of FIG. 6 (and/or any combination of operations/features discussed throughout the entire disclosure).
[0064] FIG. 7 is as flow chart 700 illustrating operation of a base station (BS)/eNB according to an example implementation.
[0065] Operation 702 includes receiving, by a base station from a user device in a wireless network, integrity protection (IP) failure information about an IP failure on one or more radio bearers at the user device. Operation 704 includes determining, by the base station, a cause of the IP failure based on the IP failure information. Operation 706 includes performing, by the base station, at least one action based on the determined cause. [0066] According to an example implementation of the method of FIG. 7, the IP failure information may include a plurality of IP failure elements, where the plurality of IP failure elements includes two or more of: a first element including a type of radio bearer that trigged the integrity protection failure, a second element including a bearer identifier on which the integrity protection failure was detected, a third element including a sequence number and count of a protocol data unit (PDU), a fourth element including time of the integrity protection failure and location of the user device, a fifth element including a physical cell identifier (PCI) and frequency of a cell, and a sixth element including a received message authentication code-integrity (MAC-I) and a computed X- MAC.
[0067] According to an example implementation of the method of FIG. 7, the plurality of IP failure elements may include the first element, the second element, the third element, the fourth element, the fifth element, and the sixth element.
[0068] According to an example implementation of the method of FIG. 7, the one or more radio bearers may include a signaling radio bearer (SRB) or a data radio bearer (DRB).
[0069] According to an example implementation of the method of FIG. 7, the determining the cause of the IP failure based on the IP failure information may include determining that the cause is a Hyper Frame Number (HFN) de- synchronization condition, and the performing at least one action based on the determined cause may include increasing a size of a reordering window of Packet Data Convergence Protocol (PDCP).
[0070] According to an example implementation of the method of FIG. 7, the determining the cause of the IP failure based on the IP failure information may include determining that the cause is a potential attack on the wireless network, and the performing at least one action based on the determined cause may include generating and sending an attack report, where the attack report identifies which protocol data unit (PDU) was altered.
[0071 ] According to an example implementation of the method of FIG. 7, the determining the cause of the IP failure based on the IP failure information may include determining that the cause is a potential attack on the user device, and the performing at least one action based on the determined cause may include stopping communication with the user device.
[0072] According to an example implementation, an apparatus comprising at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause the apparatus to execute the method of FIG. 7 (and/or any combination of operations/features discussed throughout the entire disclosure).
[0073] According to an example implementation, a computer program product comprising a computer-readable storage medium and storing executable code that, when executed by at least one processor, is configured to cause the at least one processor to execute the method of FIG. 7 (and/or any combination of operations/features discussed throughout the entire disclosure).
[0074] FIG. 8 is a block diagram of a wireless station (e.g., AP or user device) 800 according to an example implementation. The wireless station 800 may include, for example, one or two RF (radio frequency) or wireless transceivers 802A, 802B, where each wireless transceiver includes a transmitter to transmit signals and a receiver to receive signals. The wireless station also includes a processor or control unit/entity (controller) 804 to execute instructions or software and control transmission and receptions of signals, and a memory 806 to store data and/or instructions.
[0075] Processor 804 may also make decisions or determinations, generate frames, packets or messages for transmission, decode received frames or messages for further processing, and other tasks or functions described herein. Processor 804, which may be a baseband processor, for example, may generate messages, packets, frames or other signals for transmission via wireless transceiver 802A or 802B. Processor 804 may control transmission of signals or messages over a wireless network, and may control the reception of signals or messages, etc., via a wireless network (e.g., after being down- converted by wireless transceiver 802, for example). Processor 804 may be programmable and capable of executing software or other instructions stored in memory or on other computer media to perform the various tasks and functions described above, such as one or more of the tasks or methods described above (e.g., any of the operations of the timing diagrams and flowcharts of the figures). Processor 804 may be (or may include), for example, hardware, programmable logic, a programmable processor that executes software or firmware, and/or any combination of these. The processor 804 may include one or more processors coupled to a substrate. Using other terminology, processor 804 and transceiver 802 together may be considered as a wireless transmitter/receiver system, for example.
[0076] In addition, referring to FIG. 8, a controller (or processor) 808 may execute software and instructions, and may provide overall control for the station 800, and may provide control for other systems not shown in FIG. 8, such as controlling input/output devices (e.g., display, keypad), and/or may execute software for one or more applications that may be provided on wireless station 800, such as, for example, an email program, audio/video applications, a word processor, a Voice over IP application, or other application or software.
[0077] In addition, a storage medium may be provided that includes stored instructions, which when executed by a controller or processor may result in the processor 804, or other controller or processor, performing one or more of the functions or tasks described above.
[0078] According to another example implementation, RF or wireless transceiver(s) 802A/802B may receive signals or data and/or transmit or send signals or data. Processor 804 (and possibly transceivers 802A/802B) may control the RF or wireless transceiver 802A or 802B to receive, send, broadcast or transmit signals or data.
[0079] The embodiments are not, however, restricted to the system that is given as an example, but a person skilled in the art may apply the solution to other communication systems. Another example of a suitable communications system is the 5G concept. It is assumed that network architecture in 5G will be quite similar to that of the LTE-advanced. 5G is likely to use multiple input - multiple output (MIMO) antennas, many more base stations or nodes than the LTE (a so-called small cell concept), including macro sites operating in co-operation with smaller stations and perhaps also employing a variety of radio technologies for better coverage and enhanced data rates.
[0080] It should be appreciated that future networks will most probably utilise network functions virtualization (NFV) which is a network architecture concept that proposes virtualizing network node functions into "building blocks" or entities that may be operationally connected or linked together to provide services. A virtualized network function (VNF) may comprise one or more virtual machines running computer program codes using standard or general type servers instead of customized hardware. Cloud computing or data storage may also be utilized. In radio communications this may mean node operations may be carried out, at least partly, in a server, host or node operationally coupled to a remote radio head. It is also possible that node operations will be distributed among a plurality of servers, nodes or hosts. It should also be understood that the distribution of labour between core network operations and base station operations may differ from that of the LTE or even be non-existent.
[0081 ] Implementations of the various techniques described herein may be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them. Implementations may implemented as a computer program product, i.e., a computer program tangibly embodied in an information carrier, e.g., in a machine-readable storage device or in a propagated signal, for execution by, or to control the operation of, a data processing apparatus, e.g., a programmable processor (e.g., a processor coupled to a substrate), a computer, or multiple computers. Implementations may also be provided on a computer readable medium or computer readable storage medium, which may be a non-transitory medium. Implementations of the various techniques may also include implementations provided via transitory signals or media, and/or programs and/or software implementations that are downloadable via the Internet or other network(s), either wired networks and/or wireless networks. In addition, implementations may be provided via machine type communications (MTC), and also via an Internet of Things (IOT).
[0082] The computer program may be in source code form, object code form, or in some intermediate form, and it may be stored in some sort of carrier, distribution medium, or computer readable medium, which may be any entity or device capable of carrying the program. Such carriers include a record medium, computer memory, readonly memory, photoelectrical and/or electrical carrier signal, telecommunications signal, and software distribution package, for example. Depending on the processing power needed, the computer program may be executed in a single electronic digital computer or it may be distributed amongst a number of computers. [0083] Furthermore, implementations of the various techniques described herein may use a cyber-physical system (CPS) (a system of collaborating computational elements controlling physical entities). CPS may enable the implementation and exploitation of massive amounts of interconnected ICT devices (sensors, actuators, processors microcontrollers,...) embedded in physical objects at different locations. Mobile cyber physical systems, in which the physical system in question has inherent mobility, are a subcategory of cyber-physical systems. Examples of mobile physical systems include mobile robotics and electronics transported by humans or animals. The rise in popularity of smartphones has increased interest in the area of mobile cyber- physical systems. Therefore, various implementations of techniques described herein may be provided via one or more of these technologies.
[0084] A computer program, such as the computer program(s) described above, can be written in any form of programming language, including compiled or interpreted languages, and can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit or part of it suitable for use in a computing environment. A computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network.
[0085] Method steps may be performed by one or more programmable processors (e.g., one or more processors coupled to a substrate) executing a computer program or computer program portions to perform functions by operating on input data and generating output. Method steps also may be performed by, and an apparatus may be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application- specific integrated circuit).
[0086] Processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer, chip or chipset. Generally, a processor will receive instructions and data from a read-only memory or a random access memory or both. Elements of a computer may include at least one processor for executing instructions and one or more memory devices for storing instructions and data. Generally, a computer also may include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto-optical disks, or optical disks. Information carriers suitable for embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks, e.g., internal hard disks or removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks. The processor and the memory may be supplemented by, or incorporated in, special purpose logic circuitry.
[0087] To provide for interaction with a user, implementations may be implemented on a computer having a display device, e.g., a cathode ray tube (CRT) or liquid crystal display (LCD) monitor, for displaying information to the user and a user interface, such as a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer. Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback, e.g., visual feedback, auditory feedback, or tactile feedback; and input from the user can be received in any form, including acoustic, speech, or tactile input.
[0088] Implementations may be implemented in a computing system that includes a back-end component, e.g., as a data server, or that includes a middleware component, e.g., an application server, or that includes a front-end component, e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation, or any combination of such back-end, middleware, or front-end components. Components may be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (LAN) and a wide area network (WAN), e.g., the Internet.
[0089] While certain features of the described implementations have been illustrated as described herein, many modifications, substitutions, changes and equivalents will now occur to those skilled in the art. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the various embodiments.

Claims

WHAT IS CLAIMED IS:
1. A base station comprising at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause the base station to:
receive, from a user device in a wireless network, integrity protection (IP) failure information about an IP failure on one or more radio bearers at the user device;
determine a cause of the IP failure based on the IP failure information; and perform at least one action based on the determined cause.
2. The base station of claim 1, wherein the IP failure information includes a plurality of IP failure elements, the plurality of IP failure elements including two or more of:
a first element including a type of radio bearer that trigged the integrity protection failure;
a second element including a bearer identifier on which the integrity protection failure was detected;
a third element including a sequence number and count of a protocol data unit
(PDU);
a fourth element including time of the integrity protection failure and location of the user device;
a fifth element including a physical cell identifier (PCI) and frequency of a cell; and
a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC.
3. The base station of claim 2, wherein the base station is configured to determine that the cause is a Hyper Frame Number (HFN) de- synchronization condition using at least one of the third element, the fourth element, and the sixth element, and the base station is configured to increase a size of a reordering window of Packet Data Convergence Protocol (PDCP) in response to the cause being determined as the HFN de- synchronization condition.
4. The base station of claim 2, wherein the base station is configured to determine that the cause is a potential attack on the wireless network using at least one of the first element, the second element, and the third element, and the base station is configured to generate and send an attack report in response to the cause being determined as the potential attack, the attack report identifying which protocol data unit (PDU) was altered.
5. The base station of claim 2, wherein the base station is configured to determine that the cause is a potential attack on the user device using at least one of the fifth element and the sixth element, and the base station is configured to stop communication with the user device in response to the cause being determined as the potential attack on the user device.
6. The base station of any one of the preceding claims, wherein the one or more radio bearers include a signaling radio bearer (SRB).
7. The base station of any one of the preceding claims, wherein the one or more radio bearers include a data radio bearer (DRB).
8. A method comprising:
receiving, by a base station from a user device in a wireless network, integrity protection (IP) failure information about an IP failure on one or more radio bearers at the user device;
determining, by the base station, a cause of the IP failure based on the IP failure information; and
performing, by the base station, at least one action based on the determined cause.
9. The method of claim 8, wherein the IP failure information includes a plurality of IP failure elements, the plurality of IP failure elements including two or more of:
a first element including a type of radio bearer that trigged the integrity protection failure; a second element including a bearer identifier on which the integrity protection failure was detected;
a third element including a sequence number and count of a protocol data unit
(PDU);
a fourth element including time of the integrity protection failure and location of the user device;
a fifth element including a physical cell identifier (PCI) and frequency of a cell; and
a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC.
10. The method of claim 9, wherein the determining the cause of the IP failure based on the IP failure information includes determining that the cause is a Hyper Frame Number (HFN) de- synchronization condition using at least one of the third element, the fourth element, and the sixth element, wherein the performing at least one action based on the determined cause includes increasing a size of a reordering window of Packet Data Convergence Protocol (PDCP).
11. The method of claim 9, wherein the determining the cause of the IP failure based on the IP failure information includes determining that the cause is a potential attack on the wireless network using at least one of the first element, the second element, and the third element, wherein the performing at least one action based on the determined cause includes generating and sending an attack report, the attack report identifying which protocol data unit (PDU) was altered.
12. A computer program product, the computer program product comprising a computer- readable storage medium and storing executable code that, when executed by at least one processor, is configured to cause the at least one processor to execute the method of claim 9.
13. A user device comprising at least one processor and at least one memory including computer instructions, when executed by the at least one processor, cause the user device to:
detect an integrity protection (IP) failure on one or more radio bearers;
store IP failure information about the IP failure; and
transmit, to a base station in a wireless network, at least one message having at least a portion of the IP failure information.
14. The user device of claim 13, wherein the user device is configured to store the IP failure information as a plurality of IP failure elements, the plurality of IP failure elements including two or more of:
a first element including a type of radio bearer that trigged the integrity protection failure;
a second element including a bearer identifier on which the integrity protection failure was detected;
a third element including a sequence number and count of a protocol data unit
(PDU);
a fourth element including time of the integrity protection failure and location of the user device;
a fifth element including a physical cell identifier (PCI) and frequency of a cell; and
a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC.
15. The user device of claim 13, wherein the user device is configured to:
initiate a Radio Resource Control (RRC) reestablishment procedure in response to detecting the IP failure; and
transmit at least the portion of the IP failure information in a message during or after the RRC reestablishment procedure.
16. The user device of claim 15, wherein, during the RRC reestablishment procedure, the user device is configured to:
transmit, to the base station, a RRC reestablishment request, the RRC reestablishment request including an indication that the initiation of the RRC reestablishment procedure is due to the integrity protection failure;
receive, from the base station, a RRC connection reestablishment message;
transmit, to the base station, a RRC connection reestablishment complete message, the RRC connection reestablishment complete message including an indication that the user device has at least the portion of the IP failure information;
receive, from the base station, an information request to provide the IP failure information; and
transmit, from the base station, at least the portion of the IP failure information.
17. The user device of claim 13, wherein the user device is configured to:
transmit, to the base station, a message including at least the portion of the IP failure information; and
initiate a Radio Resource Control (RRC) reestablishment procedure after the IP failure information has been transmitted.
18. A method comprising:
detecting, by a user device in a wireless network, an integrity protection (IP) failure on one or more radio bearers;
storing, by the user device, IP failure information about the IP failure; and transmitting, by the user device to a base station in the wireless network, at least one message having at least a portion of the IP failure information.
19. The method of claim 18, wherein the storing includes storing the IP failure information as a plurality of IP failure elements, the plurality of IP failure elements including two or more of:
a first element including a type of radio bearer that trigged the integrity protection failure; a second element including a bearer identifier on which the integrity protection failure was detected;
a third element including a sequence number and count of a protocol data unit
(PDU);
a fourth element including time of the integrity protection failure and location of the user device;
a fifth element including a physical cell identifier (PCI) and frequency of a cell; and
a sixth element including a received message authentication code-integrity (MAC-I) and a computed X-MAC.
20. The method of claim 18, wherein the transmitting the at least one message having at least the portion of the IP failure information includes:
initiating, by the user device, a Radio Resource Control (RRC) reestablishment procedure in response to detecting the IP failure; and
transmitting, by the user device, at least the portion of the IP failure information in a message during or after the RRC reestablishment procedure.
21. The method of claim 20, wherein the RRC reestablishment procedure includes:
transmitting, by the user device to the base station, a RRC reestablishment request, the RRC reestablishment request including an indication that the initiation of the RRC reestablishment procedure is due to the integrity protection failure;
receiving, by the user device from the base station, a RRC connection reestablishment message;
transmitting, by the user device to the base station, a RRC connection reestablishment complete message, the RRC connection reestablishment complete message including an indication that the user device has at least the portion of the IP failure information;
receiving, by the user device from the base station, an information request to provide the IP failure information; and transmitting, by the user device from the base station, at least the portion of the IP failure information.
22. The method of claim 18, wherein the transmitting the at least one message having the IP failure information includes:
transmitting, by the user device to the base station, a message including at least the portion of the IP failure information; and
initiating a Radio Resource Control (RRC) reestablishment procedure after the IP failure information has been transmitted.
23. A computer program product, the computer program product comprising a computer- readable storage medium and storing executable code that, when executed by at least one processor, is configured to cause the at least one processor to execute the method of claim 18.
PCT/EP2017/074702 2017-09-28 2017-09-28 Integrity protection report generation in a wireless communication system WO2019063087A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2017/074702 WO2019063087A1 (en) 2017-09-28 2017-09-28 Integrity protection report generation in a wireless communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2017/074702 WO2019063087A1 (en) 2017-09-28 2017-09-28 Integrity protection report generation in a wireless communication system

Publications (1)

Publication Number Publication Date
WO2019063087A1 true WO2019063087A1 (en) 2019-04-04

Family

ID=60083942

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2017/074702 WO2019063087A1 (en) 2017-09-28 2017-09-28 Integrity protection report generation in a wireless communication system

Country Status (1)

Country Link
WO (1) WO2019063087A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112312583A (en) * 2019-07-29 2021-02-02 大唐移动通信设备有限公司 Information receiving and sending method, terminal and network equipment
CN113315778A (en) * 2021-06-04 2021-08-27 绍兴建元电力集团有限公司 Double-encryption information security transmission method applied to hidden danger positioning
WO2021189175A1 (en) * 2020-03-23 2021-09-30 Qualcomm Incorporated Base station reselection in response to detection of a mac-i mismatch condition
CN113891374A (en) * 2021-10-12 2022-01-04 中国联合网络通信集团有限公司 Method, device and equipment for identifying fault network element

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090320100A1 (en) * 2008-06-20 2009-12-24 Qualcomm Incorporated Handling of integrity check failure in a wireless communication system
US20130148490A1 (en) * 2010-11-04 2013-06-13 Lg Electronics Inc. Method and apparatus for reconfiguring connection to base station at relay node in a wireless communication system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090320100A1 (en) * 2008-06-20 2009-12-24 Qualcomm Incorporated Handling of integrity check failure in a wireless communication system
US20130148490A1 (en) * 2010-11-04 2013-06-13 Lg Electronics Inc. Method and apparatus for reconfiguring connection to base station at relay node in a wireless communication system

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
3RD GENERATION PARTNERSHIP PROJECT (3GPP): "3 Generation Partnership Project; Technical Specification Group Radio Access Network; Evolved Universal Terrestrial Radio Access (E-UTRA); Packet Data Convergence Protocol (PDCP) specification (Release 14)", 3GPP TS 36.323 V14.4.0, 25 September 2017 (2017-09-25), XP051337315 *
3RD GENERATION PARTNERSHIP PROJECT (3GPP): "3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE); Security architecture (Release 15)", 3GPP TS 33.401 V15.1.0, 21 September 2017 (2017-09-21), XP051337096 *
INTEL CORPORATION: "UE behaviour on Integrity check failure for DRBs", vol. RAN WG2, no. Qingdao, China; 20170627 - 20170629, 26 June 2017 (2017-06-26), XP051301528, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/Meetings_3GPP_SYNC/RAN2/Docs/> [retrieved on 20170626] *
ZTE CORPORATION: "Consideration on the remaining security issues", vol. RAN WG2, no. Berlin, Germany; 20170821 - 20170825, 20 August 2017 (2017-08-20), XP051318037, Retrieved from the Internet <URL:http://www.3gpp.org/ftp/Meetings_3GPP_SYNC/RAN2/Docs/> [retrieved on 20170820] *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112312583A (en) * 2019-07-29 2021-02-02 大唐移动通信设备有限公司 Information receiving and sending method, terminal and network equipment
WO2021189175A1 (en) * 2020-03-23 2021-09-30 Qualcomm Incorporated Base station reselection in response to detection of a mac-i mismatch condition
CN113315778A (en) * 2021-06-04 2021-08-27 绍兴建元电力集团有限公司 Double-encryption information security transmission method applied to hidden danger positioning
CN113891374A (en) * 2021-10-12 2022-01-04 中国联合网络通信集团有限公司 Method, device and equipment for identifying fault network element
CN113891374B (en) * 2021-10-12 2023-07-18 中国联合网络通信集团有限公司 Fault network element identification method, device and equipment

Similar Documents

Publication Publication Date Title
CN109479336B (en) System and method for connection management
CN107683617B (en) System and method for pseudo base station detection
US20220279341A1 (en) Radio resource control procedures for machine learning
US20190174368A1 (en) Security handling for network slices in cellular networks
US10979159B2 (en) Radio link monitoring test procedures for wireless devices
US11071088B2 (en) Network slice-specific paging for wireless networks
US10165504B2 (en) Distributed implementation of self-organizing tracking areas
US20170251512A1 (en) Configured condition for radio resource control connection re-establishment procedure
CN113132334B (en) Authorization result determination method and device
WO2019063087A1 (en) Integrity protection report generation in a wireless communication system
KR102594392B1 (en) Downlink signal monitoring and transmission method, and parameter configuration method and device
CN117596719A (en) PDCP COUNT handling in RRC connection recovery
US20230247672A1 (en) Random access report in mixed network types
US11234185B2 (en) Cell identifier format per area in wireless network
US20240023186A1 (en) Network method for small data transmission termination and signaling
JP6651613B2 (en) Wireless communication
EP3354110B1 (en) Network node and method for avoiding drop of a connection due to rtp timeout
WO2018224545A1 (en) Use of handover measurements for wireless networks based on signal blocking condition
EP4335171A1 (en) Bi-layered mobility for ng-ran
EP3169097B1 (en) Wireless resource reconstruction method, device and system and storage medium
CN117999850A (en) Parameter update for connection recovery attempts
WO2023046585A1 (en) Scg-maintained conditional handover in dual connectivity with scg failure
WO2023066807A1 (en) Enhanced signalling procedure for scg mobility in deactivated state using conditional configuration
WO2022233545A1 (en) Physical cell identity collision resolution for wireless networks
WO2023083691A1 (en) Generating an authentication token

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17784215

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17784215

Country of ref document: EP

Kind code of ref document: A1