Enhanced user equipment security against attacks in 4G or 5G networks
By discarding authentication request messages with non-integrity protection and maintaining AUTN and RAND lists in 4G or 5G networks, the problem of UE tracking and resource corruption is prevented, thus solving the problems of MiTM and DoS attacks and improving the security and reliability of network communication.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- APPLE INC
- Filing Date
- 2022-08-04
- Publication Date
- 2026-07-03
AI Technical Summary
In 4G or 5G networks, user equipment (UE) faces man-in-the-middle (MiTM) attacks and denial-of-service (DoS) attacks, leading to security issues, including message theft or deletion, UE resource corruption, and difficulty in preventing malicious tracking and undesirable behavior.
The security of the UE is enhanced by measures such as discarding authentication request messages with non-integrity protection when the service request has been initiated, maintaining lists of network authentication tokens (AUTN) and random values (RAND), not processing the same AUTN and RAND when synchronization fails, and triggering the mobility registration procedure immediately after connection mode to prevent GUTI reallocation and removal.
It reduces potential security vulnerabilities from MiTM and DoS attacks, prevents UE from being tracked and resources from being destroyed, and improves the security and reliability of network communication.
Smart Images

Figure CN115915129B_ABST
Abstract
Description
[0001] This divisional application is a divisional application of Chinese patent application 202210931221.5 entitled "Enhanced user equipment security against attacks in 4G or 5G networks", filed on August 4, 2022. Technical Field
[0002] This invention relates generally to wireless technology, and more specifically to enhanced user equipment (UE) security for wireless networks such as 4G or 5G. Background Technology
[0003] Fourth-generation (4G) broadband cellular network technology is a wireless standard with a variety of applications, such as mobile network access, telephone, gaming services, high-definition mobile TV, video conferencing, and 3D television. Fifth-generation (5G) mobile network is a wireless standard designed to improve data transmission speed, reliability, and availability. User equipment (UE) and the network can transmit various messages back and forth over 4G or 5G networks, which may make the UE vulnerable to malicious attacks. Enhanced security is also possible. Summary of the Invention
[0004] Various aspects of this disclosure relate to security enhancements for 4G and / or 5G New Radio (NR).
[0005] In some respects, when received in the Service-Request-Initiated state, the UE may discard a Plain Authentication Request message or a Plain Identity Request message. In this way, the UE will not respond to non-integrity-protected Authentication Request messages or non-integrity-protected Identity Request messages as part of the integrity-protected Service Request Procedure (NR and LTE), Tracking Area Update Procedure (LTE), or Registration Request Procedure (NR). Therefore, a malicious attacker could potentially use the captured Authentication Request or Identity Request messages to track a victim UE in the network.
[0006] In some respects, when the authentication process is not in progress, the UE can discard authentication rejection messages from the 5G network. Whether such a process is in progress can be derived based on the last NAS message sent by the UE, such as an authentication response or authentication failure message, and / or based on one or more timers of current activity at the 5GMM / EMM. In this way, UE behavior can reduce potential security vulnerabilities that could be exploited by rogue entities.
[0007] In some respects, the UE can maintain a list of Network Authentication Tokens (AUTN) and Random Value (RAND) pairs, where synchronization failures have already been declared by the UE. If an authentication request with an AUTN and RAND pair that is on the list is received, the UE can simply discard the message (e.g., it will not forward the message to the UE's SIM). In this way, an attacker's network cannot use the same authentication request to keep tracking the UE at various times because the UE will not process the same AUTN and RAND when it has already declared the same synchronization failure.
[0008] In some respects, after the UE has transitioned to connected mode in response to a paging, the UE may recall that it was required to receive a new GUTI while in connected mode. If this does not occur and if the UE ends up moving to an idle mode with the previous GUTI, the UE may immediately trigger a mobility registration procedure to obtain a new GUTI reassigned to the UE. In some respects, the UE may start a short timer after entering connected mode. If no GUTI reassignment occurs before the short timer expires, the UE may initiate a mobility registration update.
[0009] In some respects, the network may send GUTI reallocation communication to the UE. The network may not receive a response from the UE (e.g., GUTI reallocation completed), but the UE remains connected. In response, the network may treat the use case as anomalous and release the NAS signaling connection used to instruct the UE to initiate the registration procedure.
[0010] The above overview does not constitute an exhaustive list of all aspects of this disclosure. It is contemplated that this disclosure encompasses all systems and methods that can be practiced by all suitable combinations of the aspects outlined above and those disclosed in the detailed descriptions below and specifically pointed out in the claims section. Such combinations may have specific advantages not specifically set forth in the foregoing summary. Attached Figure Description
[0011] The invention is illustrated by way of example and is not limited to the figures in the accompanying drawings, in which similar reference numerals indicate similar elements.
[0012] Figure 1 An exemplary wireless communication system is shown according to some aspects.
[0013] Figure 2 This illustrates uplink and downlink communication based on several aspects.
[0014] Figure 3 An exemplary block diagram of a UE is shown, based on some aspects.
[0015] Figure 4 An exemplary block diagram of a BS is shown, based on some aspects.
[0016] Figure 5 An exemplary block diagram of a cellular communication circuit is shown, according to some aspects.
[0017] Figure 6 This illustrates a man-in-the-middle (MiTM) attack scenario based on several aspects.
[0018] Figure 7 This diagram illustrates a flowchart for a UE to process authentication requests in a service request state, based on several aspects.
[0019] Figure 8 This diagram illustrates a flowchart for the UE to process authentication rejection messages, based on several aspects.
[0020] Figure 9 The flowchart illustrates a process for the UE to handle authentication requests to prevent repeated synchronization failures, based on several aspects.
[0021] Figure 10 This illustrates an exemplary attack scenario for preventing repeated synchronization failures using a UE, based on several aspects.
[0022] Figure 11 A flowchart is shown to prevent GUTI reallocation elimination performed by the UE, based on several aspects.
[0023] Figure 12 The flowchart illustrates a method for preventing GUTI redistribution and removal performed by the network, based on several aspects.
[0024] Figure 13 This illustrates an exemplary attack scenario in which GUTI-redistributed messages are selectively removed based on certain aspects. Detailed Implementation
[0025] As described, the methods and apparatus of the device can perform operations to enhance the security between the UE and the network. Numerous specific details are set forth in the following description to provide a thorough explanation of aspects of the invention. However, it will be apparent to those skilled in the art that aspects of the invention can be practiced without these specific details. In other instances, well-known components, structures, and techniques have not been shown in detail so as not to obscure the understanding of this description.
[0026] In this specification, the phrase "some aspects" or "aspect" means that a particular feature, structure, or characteristic described in connection with that aspect may be included in at least one aspect of the invention. The phrase "some aspects" appearing in various places throughout this specification does not necessarily refer to the same aspect.
[0027] In the following description and claims, the terms “coupled” and “connected” and their derivatives may be used. It should be understood that these terms are not intended to be synonymous with each other. “Coupled” is used to mean that two or more elements may or may not be in direct physical or electrical contact with each other, and cooperate or interact with each other. “Connected” is used to mean the establishment of communication between two or more elements that are coupled to each other.
[0028] The processes illustrated in the following figures are executed by processing logic, which includes hardware (e.g., circuitry, special-purpose logic, etc.), software (such as software running on a general-purpose computer system or a special-purpose machine), or a combination of both. While these processes are described below in a certain order, it should be understood that some of the operations may be performed in a different order. Furthermore, some operations may be performed in parallel rather than sequentially.
[0029] The terms “server,” “client,” and “device” are intended to refer generally to a data processing system, rather than to specific form elements of a server, client, and / or device.
[0030] In some respects, the device is a user equipment (UE) device with a radio link to a base station. In some respects, the device is a base station or a broadband processor of a base station. In some respects, the radio link is a third-generation (3G), fourth-generation (4G), or fifth-generation (5G) link. The device further selects component carriers (CCs) from the radio link, groups them, and determines virtual CCs from a set of selected CCs. The device may also perform physical downlink resource mapping based on an aggregation resource matching pattern for the CC groups.
[0031] Figure 1 A simplified exemplary wireless communication system is shown, based on some aspects. It should be noted that... Figure 1 The system described herein is merely one example of a possible system, and the features of this disclosure can be implemented in any of a variety of systems as needed.
[0032] As shown in the figure, the exemplary wireless communication system includes a base station 102A, which communicates with one or more user equipments 106A, 106B to 106N, etc., via a transmission medium. Each user equipment may be referred to herein as a "user equipment" (UE). Therefore, user equipment 106 is referred to as a UE or UE device.
[0033] Base station (BS) 102A may be a transceiver base station (BTS) or a cell site (“cellular base station”), and may include hardware that enables wireless communication with UE 106A to UE 106N.
[0034] The communication area (or coverage area) of a base station can be referred to as a "cell". Base station 102A and UE 106 can be configured to communicate via a transmission medium using any of a variety of Radio Access Technologies (RATs), also known as wireless communication technologies or telecommunications standards, such as GSM, UMTS (associated with air interfaces such as WCDMA or TD-SCDMA), LTE, LTE-A Advanced, 5G New Radio (5G-NR), HSPA, 3GPP2 CDMA2000 (e.g., 1xRTT, 1xEV-DO, HRPD, eHRPD), etc. Note that if base station 102A is implemented in an LTE environment, its alternative location can be referred to as an "eNodeB" or "eNB". Note that if base station 102A is implemented in a 5G NR environment, its alternative location can be referred to as a "gNodeB" or "gNB".
[0035] As shown in the figure, base station 102A can also be configured to communicate with network 100 (e.g., in various possibilities, the core network of a cellular service provider, telecommunications networks such as the Public Switched Telephone Network (PSTN), and / or the Internet). Therefore, base station 102A can facilitate communication between user equipments and / or between user equipments and network 100. Specifically, cellular base station 102A can provide UE 106 with various communication capabilities such as voice, SMS, and / or data services.
[0036] Base station 102A and other similar base stations (such as base station 102B...102N) operating under the same or different cellular communication standards can thus provide a network as a cell that can provide continuous or near-continuous overlapping services over a geographical area to UE 106A to UE 106N and similar devices via one or more cellular communication standards.
[0037] Therefore, although base station 102A can act as such Figure 1The diagram shows the "serving cells" of UEs 106A to UE 106N, but each UE 106 may also be able to receive signals (and possibly within its communication range) from one or more other cells (which may be provided by base stations 102B-N and / or any other base stations), which may be referred to as "neighboring cells". Such cells may also facilitate communication between user equipments and / or between user equipments and network 100. These cells may include "macro" cells, "micro" cells, "pecimen" cells, and / or any other cells of various other granularities providing service area size. For example, in Figure 1 Base stations 102A to 102B shown can be macro cells, while base station 102N can be a micro cell. Other configurations are also possible.
[0038] In some respects, base station 102A can be a next-generation base station, such as a 5G New Radio (5G NR) base station or a "gNB". In some respects, the gNB can connect to a legacy evolved packet core (EPC) network and / or to an NR core (NRC) network. Furthermore, a gNB cell can include one or more transition and receive points (TRPs). Additionally, a UE capable of operating according to 5G NR can connect to one or more TRPs within one or more gNBs.
[0039] It should be noted that UE 106 can communicate using multiple wireless communication standards. For example, in addition to at least one cellular communication protocol (e.g., GSM, UMTS (associated with, for example, WCDMA or TD-SCDMA air interfaces), LTE, LTE-A, 5G NR, HSPA, 3GPP2 CDMA2000 (e.g., 1xRTT, 1xEV-DO, HRPD, eHRPD, etc.), UE 106 can be configured to communicate using wireless networking (e.g., Wi-Fi) and / or peer-to-peer wireless communication protocols (e.g., Bluetooth, Wi-Fi peer-to-peer, etc.). If desired, UE 106 can also or alternatively be configured to communicate using one or more Global Navigation Satellite Systems (GNSS, such as GPS or GLONASS), one or more mobile television broadcasting standards (e.g., ATSC-M / H or DVB-H), and / or any other wireless communication protocol. Other combinations of wireless communication standards (including more than two wireless communication standards) are also possible.
[0040] The network may include one or more base stations, one or more cells, hardware (e.g., transceivers, broadband processors, etc.), and software components (e.g., network entities) for supporting communication with the UE. The broadband processor may be configured to execute program instructions stored in memory to perform the described operations.
[0041] Figure 2The illustration shows a UE106A that can communicate with base station 102 via uplink and downlink communication, according to some aspects. Each UE can be a cellular communication-capable device, such as a mobile phone, handheld device, computer, tablet computer, or virtually any type of wireless device.
[0042] The UE may include a processor (e.g., a wideband processor) configured to execute program instructions stored in memory. The UE may perform any of the aspects of the methods described herein by executing such stored instructions. Alternatively or additionally, the UE may include programmable hardware elements, such as an FPGA (Field Programmable Gate Array) configured to perform any of the aspects of the methods described herein or any portion thereof.
[0043] The UE may include one or more antennas for communicating using one or more wireless communication protocols or technologies. In some aspects, the UE may be configured to communicate using, for example, CDMA2000 (1xRTT / 1xEV-DO / HRPD / eHRPD) or LTE using a single shared radio component and / or GSM or LTE using a single shared radio component. The shared radio may be coupled to a single antenna or to multiple antennas (e.g., for MIMO) for performing wireless communication. Typically, the radio component may include any combination of baseband processor, analog radio frequency (RF) signal processing circuitry (e.g., including filters, mixers, oscillators, amplifiers, etc.) or digital processing circuitry (e.g., for digital modulation and other digital processing). Similarly, the radio component may use the aforementioned hardware to implement one or more receive chains and transmit chains. For example, UE 106 may share one or more portions of the receive chain and / or transmit chain among various wireless communication technologies such as those discussed above.
[0044] In some aspects, the UE may include separate transmit and / or receive chains (e.g., including separate antennas and other radio components) for each wireless communication protocol configured to communicate with it. As another possibility, the UE may include one or more radio components shared among multiple wireless communication protocols, as well as one or more radio components used uniquely by a single wireless communication protocol. For example, the UE may include shared radio components for communication using either LTE or 5G NR (or LTE or 1xRTT, or LTE or GSM), and separate radio components for communication using each of Wi-Fi and Bluetooth. Other configurations are also possible.
[0045] Figure 3 An exemplary simplified block diagram of a communication device 106 according to some aspects is shown. It should be noted that... Figure 3The block diagram of the communication device is merely one example of possible communication devices. Depending on the aspects, among other devices, the communication device 106 may be a UE device, a mobile device or mobile station, a wireless device or wireless station, a desktop computer or computing device, a mobile computing device (e.g., a laptop, notebook, or portable computing device), a tablet computer, and / or a combination of devices. As shown, the communication device 106 may include a set of components 300 configured to perform core functions. For example, this set of components may be implemented as a system-on-a-chip (SOC), which may include portions for various purposes. Alternatively, the set of components 300 may be implemented as individual components or groups of components for various purposes. This set of components 300 may be (e.g., communicatively; directly or indirectly) coupled to various other circuits of the communication device 106.
[0046] For example, communication device 106 may include various types of memory (e.g., including NAND flash memory 310), input / output interfaces such as connector I / F 320 (e.g., for connection to a computer system; docking station; charging station; input devices such as microphone, camera, keyboard; output devices such as speaker; etc.), a display 360 that may be integrated with or external to communication device 106, and cellular communication circuitry 330 such as for 5G NR, LTE, GSM, etc., and short- to medium-range wireless communication circuitry 329 (e.g., Bluetooth). TM (and WLAN circuitry). In some aspects, the communication device 106 may include wired communication circuitry (not shown), such as, for example, a network interface card for Ethernet.
[0047] Cellular communication circuitry 330 may be coupled (e.g., communicatively grounded; directly or indirectly) to one or more antennas, such as antennas 335 and 336 shown. Short-to-medium-range wireless communication circuitry 329 may also be coupled (e.g., communicatively grounded; directly or indirectly) to one or more antennas, such as antennas 337 and 338 shown. Alternatively, short-to-medium-range wireless communication circuitry 329 may be coupled (e.g., communicatively grounded; directly or indirectly) to antennas 337 and 338, or as an alternative, to antennas 335 and 336. Short-to-medium-range wireless communication circuitry 329 and / or cellular communication circuitry 330 may include multiple receive chains and / or multiple transmit chains for receiving and / or transmitting multiple spatial streams, such as in a multiple-input multiple-output (MIMO) configuration.
[0048] In some aspects, as further described below, the cellular communication circuit 330 may include dedicated receive chains for multiple radio access technologies (RATs) (including and / or coupled to (e.g., communication ground; directly or indirectly) dedicated processors and / or radio components) (e.g., a first receive chain for LTE and a second receive chain for 5G-NR). Furthermore, in some aspects, the cellular communication circuit 330 may include a single transmit chain that can be switched between radio components dedicated to a particular RAT. For example, a first radio component may be dedicated to a first RAT, such as LTE, and can communicate with a dedicated receive chain and a transmit chain shared with additional radio components, such as a second radio component that may be dedicated to a second RAT (e.g., 5G NR) and can communicate with a dedicated receive chain and a shared transmit chain.
[0049] The communication device 106 may also include one or more user interface elements and / or be configured to be used with one or more user interface elements. User interface elements may include any of a variety of components such as a display 360 (which may be a touch screen display), a keyboard (which may be a separate keyboard or may be implemented as part of the touch screen display), a mouse, a microphone and / or a speaker, one or more cameras, one or more buttons, and / or any of a variety of other components capable of providing information to the user and / or receiving or interpreting user input.
[0050] The communication device 106 may also include one or more smart cards 345 with SIM (Subscriber Identity Module) functionality, such as one or more UICC cards (one or more general purpose integrated circuit cards) 345.
[0051] As shown, the SOC 300 may include a processor 302 and a display circuit 304. The processor executes program instructions for the communication device 106, and the display circuit performs graphics processing and provides display signals to the display 360. The processor 302 may also be coupled to a memory management unit (MMU) 340 (which may be configured to receive addresses from the processor 302 and translate those addresses into locations in memory (e.g., memory 306, read-only memory (ROM) 350, NAND flash memory 310)) and / or coupled to other circuitry or devices (such as the display circuit 304, short-range wireless communication circuitry 229, cellular communication circuitry 330, connector I / F 320, and / or display 360). The MMU 340 may be configured to perform memory protection and page table translation or setup. In some aspects, the MMU 340 may be included as part of the processor 302.
[0052] As described above, communication device 106 can be configured to communicate using wireless and / or wired communication circuits. Communication device 106 can also be configured to determine physical downlink shared channel scheduling resources for user equipment and base stations. Furthermore, communication device 106 can be configured to select and group CCs from the wireless link, and determine virtual CCs from the selected CC groups. The wireless device can also be configured to perform physical downlink resource mapping based on an aggregation resource matching mode for CC groups.
[0053] As described herein, communication device 106 may include hardware and software components for implementing the aforementioned features for determining physical downlink shared channel scheduling resources for communication device 106 and a base station. For example, by executing program instructions stored on a memory medium (e.g., a non-transitory computer-readable memory medium), processor 302 of communication device 106 may be configured to implement some or all of the features described herein. Alternatively (or otherwise), processor 302 may be configured as a programmable hardware element, such as an FPGA (Field-Programmable Gate Array) or ASIC (Application-Specific Integrated Circuit). Alternatively (or otherwise), in conjunction with one or more of other components 300, 304, 306, 310, 320, 329, 330, 340, 345, 350, 360, processor 302 of communication device 106 may be configured to implement some or all of the features described herein.
[0054] Furthermore, as described in this invention, processor 302 may include one or more processing elements. Therefore, processor 302 may include one or more integrated circuits (ICs) configured to perform the functions of processor 302. Additionally, each integrated circuit may include circuitry (e.g., a first circuit, a second circuit, etc.) configured to perform the functions of one or more processors 302.
[0055] Furthermore, as described herein, both the cellular communication circuit 330 and the short-range wireless communication circuit 329 may include one or more processing elements. In other words, one or more processing elements may be included in the cellular communication circuit 330, and similarly, one or more processing elements may be included in the short-range wireless communication circuit 329. Therefore, the cellular communication circuit 330 may include one or more integrated circuits (ICs) configured to perform the functions of the cellular communication circuit 330. Furthermore, each integrated circuit may include circuitry (e.g., a first circuit, a second circuit, etc.) configured to perform the functions of the cellular communication circuit 330. Similarly, the short-range wireless communication circuit 329 may include one or more ICs configured to perform the functions of the short-range wireless communication circuit 329. Furthermore, each integrated circuit may include circuitry (e.g., a first circuit, a second circuit, etc.) configured to perform the functions of the short-range wireless communication circuit 329.
[0056] Figure 4 An exemplary block diagram of base station 102 is shown according to some aspects. It should be noted that... Figure 4 The base station shown is merely one example of a possible base station. As illustrated, base station 102 may include a processor 404 (which may include a broadband processor) capable of executing program instructions for base station 102. Processor 404 may also be coupled to memory management unit (MMU) 440 or other circuitry or devices, which may be configured to receive addresses from processor 404 and translate those addresses into locations in memory (e.g., memory 460 and read-only memory (ROM) 450).
[0057] Base station 102 may include at least one network port 470. Network port 470 may be configured to be coupled to a telephone network and provide access rights as described above. Figure 1 and Figure 2 The telephone network described herein includes multiple devices such as UE device 106.
[0058] Network port 470 (or an additional network port) may also be configured, or alternatively configured, to be coupled to a cellular network, such as the core network of a cellular service provider. The core network may provide mobility-related services and / or other services to multiple devices, such as UE device 106. In some cases, network port 470 may be coupled to a telephone network via the core network, and / or the core network may provide the telephone network (e.g., in other UE devices served by the cellular service provider).
[0059] In some respects, base station 102 may be a next-generation base station, such as a 5G New Radio (5G NR) base station or a “gNB”. In such respects, base station 102 may connect to a legacy evolved packet core (EPC) network and / or to an NR core (NRC) network. Furthermore, base station 102 may be considered a 5G NR cell and may include one or more transition and receive points (TRPs). Additionally, UEs capable of operating according to 5G NR may connect to one or more TRPs within one or more gNBs. In some respects, the base station may operate in 5G NR-U mode.
[0060] Base station 102 may include at least one antenna 434 and possibly multiple antennas. The at least one antenna 434 may be configured to function as a wireless transceiver and may be further configured to communicate with UE device 106 via radio component 430. Antenna 434 communicates with radio component 430 via communication link 432. Communication link 432 may be a receive link, a transmit link, or both. Radio component 430 may be configured to communicate via various wireless communication standards, including but not limited to 5G NR, 5G NR-U, LTE, LTE-A, GSM, UMTS, CDMA2000, Wi-Fi, etc.
[0061] Base station 102 can be configured to perform wireless communication using multiple wireless communication standards. In some cases, base station 102 may include multiple radios that enable base station 102 to communicate according to multiple wireless communication technologies. For example, as one possibility, base station 102 may include an LTE radio component for performing communication according to LTE and a 5G NR radio component for performing communication according to 5G NR and 5G NR-U. In this case, base station 102 may be able to operate as both an LTE base station and a 5G NR base station. As another possibility, base station 102 may include a multimode radio component capable of performing communication according to any of multiple wireless communication technologies (e.g., 5G NR and Wi-Fi, LTE and Wi-Fi, LTE and UMTS, LTE and CDMA2000, UMTS and GSM, etc.).
[0062] As further described herein, BS 102 may include hardware and software components for implementing or supporting specific implementations of the features described herein. The processor 404 of base station 102 may be configured to implement or support some or all of the methods described herein, for example, by executing program instructions stored on a memory medium (e.g., a non-transitory computer-readable memory medium). Alternatively, processor 404 may be configured as a programmable hardware element such as a FPGA (Field-Programmable Gate Array), or as an ASIC (Application-Specific Integrated Circuit), or a combination thereof. Alternatively (or in addition), in conjunction with one or more of other components 430, 432, 434, 440, 450, 460, 470, the processor 404 of base station 102 may be configured to implement or support some or all of the features described herein.
[0063] Furthermore, as described herein, processor 404 may comprise one or more processing elements. In other words, one or more processing elements may be included in processor 404. Therefore, processor 404 may include one or more integrated circuits (ICs) configured to perform the functions of processor 404. Additionally, each integrated circuit may include circuitry (e.g., a first circuit, a second circuit, etc.) configured to perform the functions of one or more processors 404.
[0064] Additionally, as described herein, the radio component 430 may comprise one or more processing elements. In other words, one or more processing elements may be included in the radio component 430. Therefore, the radio component 430 may include one or more integrated circuits (ICs) configured to perform the functions of the radio component 430. Furthermore, each integrated circuit may include circuitry (e.g., a first circuit, a second circuit, etc.) configured to perform the functions of the radio component 430.
[0065] Figure 5 An exemplary simplified block diagram of a cellular communication circuit according to some aspects is shown. It should be noted that... Figure 5 The block diagram of the cellular communication circuit is merely one example of a possible cellular communication circuit. Depending on the aspects, the cellular communication circuit 330 may be included in a communication device such as the communication device 106 described above. As mentioned above, among other devices, the communication device 106 may be a user equipment (UE) device, a mobile device or mobile station, a wireless device or wireless station, a desktop computer or computing device, a mobile computing device (e.g., a laptop, notebook, or portable computing device), a tablet computer, and / or a combination of devices.
[0066] Cellular communication circuit 330 may (e.g., communicatively; directly or indirectly) be coupled to one or more antennas, such as ( Figure 3 Antennas 335a-b and 336 are shown in the diagram. In some aspects, the cellular communication circuitry 330 may include dedicated receive chains for multiple RATs (including and / or coupled to (e.g., communication ground; directly or indirectly) dedicated processors and / or radio components) (e.g., a first receive chain for LTE and a second receive chain for 5G-NR). For example, as... Figure 5 As shown, the cellular communication circuit 330 may include a modem 510 and a modem 520. The modem 510 may be configured for communication according to a first RAT, such as LTE or LTE-A, and the modem 520 may be configured for communication according to a second RAT, such as 5G NR.
[0067] As shown, modem 510 may include one or more processors 512 and memory 516 communicating with processors 512. Modem 510 may communicate with radio frequency (RF) front end 530. RF front end 530 may include circuitry for transmitting and receiving radio signals. For example, RF front end 530 may include receiver circuitry (RX) 532 and transmitter circuitry (TX) 534. In some aspects, receiver circuitry 532 may communicate with downlink (DL) front end 550, which may include circuitry for receiving radio signals via antenna 335a.
[0068] Similarly, modem 520 may include one or more processors 522 and memory 526 communicating with processor 522. Modem 520 may communicate with RF front end 540. RF front end 540 may include circuitry for transmitting and receiving radio signals. For example, RF front end 540 may include receiving circuitry 542 and transmitting circuitry 544. In some aspects, receiving circuitry 542 may communicate with DL front end 560, which may include circuitry for receiving radio signals via antenna 335b.
[0069] In some aspects, switch 570 can couple transmitting circuitry 534 to uplink (UL) front-end 572. Additionally, switch 570 can couple transmitting circuitry 544 to UL front-end 572. UL front-end 572 may include circuitry for transmitting radio signals via antenna 336. Therefore, when cellular communication circuitry 330 receives an instruction to transmit according to a first RAT (e.g., supported by modem 510), switch 570 can be switched to a first state allowing modem 510 to transmit signals according to the first RAT (e.g., via a transmission chain including transmitting circuitry 534 and UL front-end 572). Similarly, when cellular communication circuitry 330 receives an instruction to transmit according to a second RAT (e.g., supported by modem 520), switch 570 can be switched to a second state allowing modem 520 to transmit signals according to the second RAT (e.g., via a transmission chain including transmitting circuitry 544 and UL front-end 572).
[0070] As described herein, modem 510 may include hardware and software components for implementing the features described above or for determining a physical downlink shared channel for user equipment and base stations, as well as for various other technologies described herein. For example, processor 512 may be configured to implement some or all of the features described herein by executing program instructions stored on a memory medium (e.g., a non-transitory computer-readable memory medium). Alternatively (or otherwise), processor 512 may be configured as a programmable hardware element, such as an FPGA (Field-Programmable Gate Array) or as an ASIC (Application-Specific Integrated Circuit). Alternatively (or otherwise), processor 512 may be configured to implement some or all of the features described herein by combining with one or more of other components 530, 532, 534, 550, 570, 572, 335, and 336.
[0071] Furthermore, as described herein, processor 512 may include one or more processing elements. Therefore, processor 512 may include one or more integrated circuits (ICs) configured to perform the functions of processor 512. Additionally, each integrated circuit may include circuitry (e.g., a first circuit, a second circuit, etc.) configured to perform the functions of processor 512.
[0072] As described herein, modem 520 may include hardware and software components for implementing the features described above to determine physical downlink shared channel scheduling resources for user equipment equipment and base stations, as well as for various other technologies described herein. For example, processor 522 may be configured to implement some or all of the features described herein by executing program instructions stored on a memory medium (e.g., a non-transitory computer-readable storage medium). Alternatively (or otherwise), processor 522 may be configured as a programmable hardware element, such as an FPGA (Field-Programmable Gate Array) or an ASIC (Application-Specific Integrated Circuit). Alternatively (or additionally), processor 522 may be configured to implement some or all of the features described herein in conjunction with one or more of other components 540, 542, 544, 550, 570, 572, 335, and 336.
[0073] Furthermore, as described herein, processor 522 may include one or more processing elements. Therefore, processor 522 may include one or more integrated circuits (ICs) configured to perform the functions of processor 522. Additionally, each integrated circuit may include circuitry (e.g., a first circuit, a second circuit, etc.) configured to perform the functions of processor 522.
[0074] In real-time networks used for 4G and 5G, security issues may arise between the UE and the network. Some of these issues are discussed in the paper by Karim et al., titled "ProChecker: An Automated Security and Privacy Analysis Framework for 4G LTE Protocol Implementations." Security issues may involve man-in-the-middle (MiTM) attacks that can steal or eliminate messages between the network and the UE. In some cases, denial-of-service (DoS) attacks may seek to compromise UE resources or render it unusable for the user. Attacks can have various outcomes; for example, an attacker may be able to track the UE or cause the UE to behave in an unexpected manner. UE and / or network behaviors can be implemented to prevent some attack scenarios.
[0075] Figure 6This illustrates a Man-in-the-Middle (MiTM) attack scenario based on several aspects. A fake cell 603 does not perform typical cell operations; instead, it abruptly inserts itself into the network to attack the UE, thus acting as a MiTM. For example, fake cell 603 can replay messages from victim UE 604 to real cell 601 while presenting itself as a real cell to the victim UE. The victim UE has difficulty distinguishing between real cell 601 and fake cell 603. Mechanisms involved in detecting MiTMs, such as those defined in TS 33.501 Annex E based on the signal strength received by the UE, neighboring cell information, and the cell's operating frequency, may not prevent such MiTM scenarios.
[0076] In some aspects, a scenario is identified where a fake UE 605 can capture authentication request messages sent by a real network (e.g., cell 601) to UE 604. The fake UE 605 can forward this authentication request to a fake cell 603, which can then transmit the same authentication request to one or more victim UEs 604 within the coverage area of the fake cell 603. The victim UE 604 can respond with an authentication failure as a reason for synchronization failure or with an authentication response. Only the victim UE 604, and not any other victim UE, can respond with either a SYNCH failure or an authentication response. The fake cell can track the victim UE based on these specific responses.
[0077] To prevent such attacks, when the UE is in a service request initiated state and before a secure connection has been established, it may be prevented from responding to non-integrity-protected authentication request messages as part of a service request procedure initiated under security protection in NR or LTE. Alternatively, the UE may suppress responses as part of a Tracking Area Update (LTE) or Registration Request (NR) procedure.
[0078] In another scenario, a MiTM attack can be launched against victim UE 604, where a fake cell 603 selectively removes important messages that can be transmitted to the UE from a real cell (e.g., cell 601 or 602). For example, the fake cell can selectively remove GUTI Reallocation Commands or Configuration Update Commands (CUCs) after paging is performed by a real cell in the network for use in a mobile termination session.
[0079] The UE can implement various solutions to prevent such scenarios by detecting whether the MiTM entity filters CUC commands after receiving a paging message. In other words, MiTM can pass all other messages from the real cell to the UE, but selectively discard GUTI reallocation commands. Similarly, this solution can be extended to other messages that the UE is expected to receive from the network after the procedure is initiated.
[0080] In some scenarios, when the authentication process is not in progress, fake cell 603 may send an authentication rejection message without any integrity protection to victim UE 604. Current UE behavior (e.g., as defined by 3GPP specifications) may not delegate the UE to discard the authentication rejection message when the authentication process is not in progress. Therefore, the UE may receive and process authentication rejection messages without integrity protection, treating the tracking area as prohibited where there is specific processing for non-integrity-protected rejection messages, or possibly immediately invalidating the USIM where there is no specific processing for non-integrity-protected rejection messages.
[0081] If a UE receives a threshold number of such authentication rejection messages while camped on different cells, the current UE behavior may render the SIM invalid for both CS and PS services. Therefore, a false cell could cause the UE to invalidate its SIM, potentially requiring the user to reset the UE device.
[0082] The operations described in this disclosure can be performed by the UE and / or the network, making the 4G or 5G ecosystem more secure relative to attackers. Such operations can help the UE identify vulnerabilities and take proactive steps to mitigate unforeseen problems arising from these vulnerabilities.
[0083] Currently, UEs are allowed to process ordinary authentication request messages or ordinary identity request messages in the EMM / 5GMM state "Service Request Initiated". However, the real network will not send ordinary authentication request messages or identity requests. This is because a UE that has already initiated a service request procedure is expected to move to the "Service Request Initiated" state. A UE can only initiate a service request procedure if it is registered in the current tracking area and its update status is set to update. Furthermore, the service request includes the S-TMSI as its identity. Therefore, it should be understood that the network will know the UE's context to be able to process the UE's service request messages.
[0084] If a UE receives and processes a standard authentication request or a standard identity request while in the Service Request Initiated state, this opens the possibility of a "user tracking attack." The UE could be paged and a previously captured standard authentication request message could be sent; only the specific UE in question would send a "synchronization failure" message to that message, and every other UE would declare a MAC failure. Similarly, a rogue network could send a standard identity request message querying the UE's permanent identity, such as IMSI or IMEI / IMEISV, thereby allowing the UE to be easily tracked. To prevent such behavior, the UE can discard standard authentication request messages or standard identity request messages when they are received in the Service Request Initiated state.
[0085] Figure 7 A flowchart is shown illustrating a method 700 for a UE to process an authentication request in a service request state, based on several aspects. This method can be executed by the UE, which can also be understood as being executed by the UE's broadband processor.
[0086] This method, as well as other methods described in this disclosure, can be performed in the context of a UE communicating with a network in a 5G or 4G environment. In the case of 5G, the UE can use a Non-Access Stratum (NAS) protocol for 5G Systems (5GS) to communicate with the network. In the case of 4G, the UE can use a Non-Access Stratum (NAS) protocol for Evolved Packet Systems (EPS) to communicate with the network.
[0087] NAS can be understood as a protocol or set of protocols that transmits non-radio signaling between User Equipment (UE) and core nodes such as the Mobility Management Entity (MME) in a 4G environment or the 5G Core Access and Mobility Management Function (AMF) in a 5G environment. NAS is a functional layer in the radio protocol stack between the core network and the UE, where management communication sessions are established. NAS maintains continuous communication with the UE while on the move.
[0088] At box 701, the UE can set its state to "Service Request Initiated". In a 5G environment, the UE state can be set to "5GMM Service Request Initiated". In a 4G environment, the UE state can be set to "EMM Service Request Initiated". Here, the UE state can be understood as a Mobility Management state.
[0089] For example, in a 4G environment, a UE can transition between various EMM states, primarily EMM-Registered and EMM-Deregistered. A UE can transition from the EMM-Registered state to the EMM-Service Request Initiated state after initiating a service request procedure. In the EMM-Service Request Initiated state, the UE awaits a response from the network (e.g., from the Mobility Management Entity (MME)), such as a service acceptance or service rejection message. The EMM state machine can be further characterized by subsection 5.1.3 of TS 24.301.
[0090] Similarly, in a 5G environment, the UE can transition between various 5GMM states, primarily 5GMM-Registered and 5GMM-Deregistered. The UE can transition from the 5GMM-Registered state to the 5GMM-Service Request Initiated state after initiating a service request procedure. In this state, the UE awaits a response from the network (e.g., from the 5G Core Access and Mobility Management Function (AMF)), such as a service acceptance or service rejection message. The 5GMM state machine can be further characterized by subsection 5.1.3 of 3GPP TS 24.501.
[0091] Therefore, in a 4G or 5G environment, the UE can change its state (e.g., from registered state) to service request initiated state in response to the UE sending a service request message to the network.
[0092] At box 702, the UE may receive an authentication request message or an identity request message from the network. As discussed, the UE may receive authentication request messages or identity request messages, as defined by the NAS protocol for 5GS or EPS, and other messages from the network. The authentication request message is sent by the network (e.g., AMF or MME) to the UE to initiate authentication of the UE's identity.
[0093] At box 703, the UE may discard the authentication request message or the identity request message at least in response to the UE being in the service request initiated state. When the UE is in a different state than the service request initiated state, the UE may process the authentication request message or the identity request message, or may ignore the message based on other logic.
[0094] In some cases, authentication request messages or identity request messages are discarded by the UE's baseband processor in response to the UE being in a service request initiated state and not having integrity protection.
[0095] In 5G, control plane (CP) integrity protection can exist between the device and the MME / AMF, and between the device and the eNB / gNB. Integrity protection ensures that intruders cannot replay or modify signaling messages exchanged between the mobile device and the network. It protects the system from problems such as man-in-the-middle attacks, where an intruder intercepts a sequence of signaling messages and modifies and retransmits them in an attempt to control the mobile device. Therefore, if an authentication request message includes integrity protection and the integrity check passes, the UE can process the authentication request message, assuming the message originates from a genuine cell. However, if the authentication request message lacks integrity protection and the UE is in a service request initiated state, the UE can reject the received message.
[0096] Similarly, an authentication request message or an identity request message may be discarded by the UE if the UE is in a service request initiated state and the authentication request message or identity request message is a normal message.
[0097] Regular NAS messages (e.g., regular authentication requests or identity requests) have headers that do not include a message authentication code or a sequence number. Therefore, when the UE is in a service request initiated state, the UE can discard messages such as these to protect against potential attackers in that state.
[0098] In this way, the UE can prevent attackers from paging the UE and attempting to identify the UE based on the UE's response to previously stored normal authentication requests.
[0099] The above operations can be characterized by the following change described in quotation marks in specification 3GPP TS 24.501, which states the integrity check of NAS signaling messages in the UE in section 4.4.4.2:
[0100] Apart from the messages listed below, no NAS signaling message should be processed by the receiving 5GMM entity in the UE or forwarded to the 5GSM entity unless the network has established a secure exchange of 5GS NAS messages for the NAS signaling connection: a) IDENTITY REQUEST (if the requested identification parameter is SUCI and the UE is not in the 5GMM-SERVICE-REQUEST-INITIATED state); b) AUTHENTICATION REQUEST (if the UE is not in the 5GMM-SERVICE-REQUEST-INITIATED state).
[0101] Once a secure exchange of NAS messages has been established, the receiving 5GMM entity in the UE should not process any NAS signaling messages unless they have been successfully integrity-checked by the NAS. If a NAS signaling message that has not successfully passed an integrity check is received, the NAS in the UE should discard the message. The handling of security mode command messages that have not successfully passed integrity checks is specified in sub-clause 5.4.2.5. If any NAS signaling message is received as being unprotected even though a secure exchange of NAS messages has been established by the network, the NAS should discard the message. "If an authentication request message or identity request message without integrity protection is received in the 5GMM service request initiated sub-state, the UE should discard the message."
[0102] Similarly, the above operations can be characterized by the following change described in quotation marks in specification 3GPP TS 24.301, which states the integrity check of NAS signaling messages in the UE in section 4.4.4.2:
[0103] Apart from the messages listed below, no NAS signaling message should be processed by the receiving EMM entity in the UE or forwarded to the ESM entity unless the network has established a secure exchange of NAS messages for the NAS signaling connection:
[0104] -EMM Information: -Identity Request (if the requested identification parameter is IMSI "and not in the EMM Service Request Initiated (EMM-SERVICE-REQUEST-INITIATED) state"); -Authentication Request "(when not in the EMM Service Request Initiated state)";
[0105] Once a secure exchange of NAS messages has been established, the receiving EMM or ESM entity in the UE should not process any NAS signaling messages unless they have been successfully integrity-checked by the NAS. If a NAS signaling message that has not successfully passed an integrity check is received, the NAS in the UE should discard the message. The handling of security mode command messages that have not successfully passed integrity checks is specified in sub-clause 5.4.3.5. If any NAS signaling message is received as being unprotected even though a secure exchange of NAS messages has been established by the network, the NAS should discard the message. "If an authentication request message without integrity protection is received in the EMM service request initiated substate, the UE should discard the message."
[0106] Currently, as permitted by the specification, UEs will end up processing a standalone authentication rejection message even if the network has not yet initiated the authentication process. This opens up the possibility that rogue network entities can send standalone authentication rejections (e.g., without integrity protection), and the UE will treat it as a denial-of-service (DoS) attack if the authentication process is not in progress.
[0107] In some respects, to prevent this problem, the UE can discard authentication rejection messages when the authentication process is not in progress. Whether the authentication process is in progress can be determined based on the last NAS message sent by the UE (e.g., an authentication response / failure message) or based on a timer for the current activity of 5GMM / EMM. In this way, the UE can only process authentication rejection messages while the authentication process is in progress, thereby reducing potential security vulnerabilities that can be exploited by attackers.
[0108] Figure 8 A flowchart is shown of a method 800 for a UE to process an authentication rejection message, according to some aspects. This method can be executed by the UE, which can also be understood as being executed by the UE's broadband processor.
[0109] At box 801, the UE can receive an authentication rejection message from the network. The authentication rejection message can be sent to the UE from the AMF in the 5G network or from the MME in the 4G network. The authentication rejection message is a message sent from the network to the UE to indicate that the authentication process has failed and the UE should abort all activities. The authentication process includes a series of operations performed by the UE and the network to provide mutual authentication between the UE and the network. Mutual authentication is the mechanism by which the UE and the network verify each other's authenticity. This can be accomplished via EPS AKA in 4G and 5G and 5G AKA, respectively. (3GPP TS 24501) Figure 5 4.1.2.1.1: An example of an authentication procedure is shown.
[0110] At box 802, the UE can determine that the authentication process between the UE and the network is not in progress. The UE can use various criteria to determine that the authentication process is not in progress.
[0111] In some examples, a UE may determine that the authentication process is not in progress if it has not sent an authentication response message or authentication failure message to the network before receiving the authentication rejection message. For example, if the most recent message sent by the UE to the network before receiving the authentication rejection message was not an authentication response message or authentication failure message, this could indicate to the UE that the authentication process is not in progress and the network should not send an authentication rejection message to the UE.
[0112] In some implementations, the UE may determine that the authentication process is not in progress based on one or more timers. For example, in a 5G environment, the UE may determine that the authentication process is not in progress in response to timers T3516 and T3520 being inactive. A timer can be interpreted as active when it has started and has not yet stopped or expired. Active timers count toward expiration or until they stop.
[0113] When storing RAND and RES as the result of a 5G authentication challenge, the UE can initiate timer T3516. Timer T3516 can be stopped when one or more of the following occur: when the UE enters the 5GMM-Revoke Registration, 5GMM-NULL, or 5GMM-IDLE state and receives a security mode command, receives a service rejection, receives a registration acceptance, receives an authentication rejection, or sends an authentication failure message.
[0114] Upon detecting an error, the UE may initiate T3520 as described in subclause 5.4.1.2.2.4 of 3GPP TS 24501 upon transmitting an authentication failure message with any of the 5GMM reasons #20, #21, #26, or #71, or upon transmitting an authentication response message with an EAP response message. The UE may stop T3520 as described in 3GPP TS 24501 in response to receiving an authentication request message or authentication rejection message, or for other reasons.
[0115] Therefore, if timer T3516 or T3520 is enabled, this indicates that the authentication process is in progress. If it is not enabled, the UE can operate under the assumption that the authentication process is not in progress.
[0116] In a 4G environment, the UE can determine that the authentication process is not in progress in response to timers T3416, T3418, and T3420 being inactive. The UE can initiate T3416 because RAND and RES are stored as the results of the EPS authentication challenge. For example, T3416 can be stopped when the UE receives an authentication rejection or sends an authentication failure, or for another reason as stated in TS 24301. T3418 can be initiated when the UE sends an authentication failure with EMM reason #20 or #26. The UE can stop T3418 from receiving the received authentication request or the received authentication rejection, or for another reason as stated in TS 24.301. T3420 can be initiated when the UE sends an authentication failure with EMM reason #21. The UE can stop T3420 from receiving the received authentication request or the received authentication rejection, or for another reason as stated in TS 24.301.
[0117] In this way, the UE can determine that the authentication process is in progress based on the last NAS message sent by the UE (e.g., an authentication response or authentication failure message) and / or based on the UE timer used for the activity 5GMM / EMM.
[0118] At box 803, in response to the authentication process not being in progress, the UE can discard authentication rejection messages. Therefore, the UE can identify and discard independent authentication rejection messages sent to the UE from malicious network entities, rather than processing these messages based on denial-of-service (DoS) handling.
[0119] In some respects, the UE may start timer T3247 in response to an authentication rejection message lacking integrity protection and the UE having already sent an authentication response message or authentication failure message to the network before receiving the authentication rejection message. In some respects, the UE may start T3247 in response to an authentication rejection message lacking integrity protection and at least one of timers T3416, T3418, and T3420 being active. In some respects, the UE may start timer T3247 in response to an authentication rejection message lacking integrity protection and at least one of timers T3516 and T3520 being active. Upon expiration of T3247, the UE may perform the actions described regarding the expiration of T3247, as described in 5.3.7b of TS 24.301.
[0120] In some respects, the UE may process an authentication rejection message in response to determining that an authentication process is in progress between the UE and the network or if the authentication rejection message has integrity protection.
[0121] In a 5G environment, the UE can receive authentication rejection messages as part of the Non-Access Stratum (NAS) protocol of the 5G System (5GS). In a 4G environment, authentication rejection messages can be received as part of the Non-Access Stratum (NAS) protocol of the Evolved Packet System (EPS).
[0122] Some of the features mentioned above can be characterized by the following changes described in quotation marks in specification 3GPP TS 24.501, which states in section 5.4.1.3.6, "Authentication Not Accepted by UE": "m) When an authentication rejection is received while no authentication procedure is in progress, the UE shall discard any authentication rejection message received from the network before it has sent an authentication response or authentication failure message to the network" [or] "m) When an authentication rejection is received while neither timers T3516 nor T3520 are running, the UE shall discard any authentication rejection message received from the network."
[0123] Similarly, some of the features described above can be characterized by the following changes, described in quotation marks in specification 3GPP TS 24.301, which states in section 5.4.2.7 Abnormal Cases: "l) When an authentication rejection is received while no authentication procedure is in progress, the UE shall discard any authentication rejection message received from the network before it has sent an authentication response or authentication failure message to the network"[or] "l) When an authentication rejection is received while timers T3416, T3418, or T3420 are not running, the UE shall discard any authentication rejection message received from the network."
[0124] Similarly, some of the features mentioned above can be characterized by the following changes described in quotation marks in specification 3GPP TS 24.501, which states in section 5.4.1.3.5 that authentication is not accepted by the network:
[0125] 2) If an authentication rejection message without integrity protection is received “and either timer T3516 or T3420 is running,” the UE shall start timer T3247 with a random value uniformly obtained from a range between 30 and 60 minutes, if that timer is not running (see sub-clause 5.3.20). [or]
[0126] 2) If an authentication rejection message without integrity protection is received, and if the UE has previously sent an authentication response or authentication failure to the network, the UE shall start timer T3247 with a random value uniformly obtained between 30 minutes and 60 minutes, if the timer is not running (see sub-clause 5.3.20).
[0127] Similarly, some of the features mentioned above can be characterized by the following changes described in quotation marks in specification 3GPP TS 24.301, which states in section 5.4.2.5 that authentication is not accepted by the network:
[0128] Upon receiving an authentication rejection message, b) if the message without integrity protection is received "and any of timers T3416, T3418 or T3420 is running", then the UE shall start timer T3247 with a random value uniformly obtained from the range of 30 minutes to 60 minutes (see 3GPP TS 24.008
[13] ) if the timer is not running (see sub-clause 5.3.7b). [or] b) if the message without integrity protection is received "and if the UE has previously sent an authentication response or authentication failure to the network", then the UE shall start timer T3247 with a random value uniformly obtained from the range of 30 minutes to 60 minutes (see 3GPP TS 24.008
[13] ) if the timer is not running (see sub-clause 5.3.7b).
[0129] If the network uses an already used SQN, certain current UE behaviors can cause the UE to declare a "synchronization failure" in its authentication failure message. The UE can then send the AUTS parameter, allowing the network to resynchronize the SQN value. Therefore, it is unpredictable that the real network will retransmit the synchronization failure already for the AUTN it declared. However, current UE behavior does not include the reuse of the synchronization failure already for the AUTN it declared, thus allowing an attacker to exploit this vulnerability. If the UE responds to each reused AUTN by declaring a synchronization failure, an attacker's network can randomly use the same authentication request at various times to elicit synchronization failures from the UE, and thus track the UE when needed.
[0130] In some respects, the UE can maintain a list (e.g., an array of size "N") of AUTN and RAND pairs that have already declared synchronization failure. If an authentication request with the same AUTN and RAND is received again, the UE can simply discard the message without forwarding it to the SIM. In this way, an attacker's network cannot use the same authentication request to track the UE at various times because the UE will not process the same AUTN and RAND when it has already declared synchronization failure with the same AUTN and RAND.
[0131] Figure 9 A flowchart illustrating a method 900 for a UE to process authentication requests with re-circulating AUTN and RAND pairs to prevent repeated synchronization failures, based on several aspects. Method 900 can be performed by a UE, which can also be understood as being performed by the UE's broadband processor. The method may include messages communicated between the UE and the network, which are part of a NAS protocol used for EPS or NAS protocols in 5GS.
[0132] At box 901, the UE may receive a first authentication request from the network containing a network authentication token (AUTN) and a random value (RAND). As described, the authentication request may be a message sent from the network (e.g., an MME in a 4G environment or an AMR in a 5G environment) to initiate an authentication procedure for mutual authentication. The authentication procedure may use an Authentication and Key Agreement (AKA) protocol and procedure that supports entity authentication, message integrity, and message confidentiality, as well as other security attributes such as 4G EPS-AKA or 5G AKA. The AKA procedure may be used to derive an encryption key for use by the UE or the network to protect signaling and user plane data. The AUTN is the network authentication token and may be used by the UE to verify the authenticity of the network. The RAND is a randomly generated value that may be used by the UE to calculate a result (RES), which may be sent back to the network so that the network can verify the authenticity of the UE. The 4G or 5G network sends the AUTN and RAND to the UE in the authentication request.
[0133] At box 902, the UE may send an authentication failure message to the network, which includes synchronization failure as the reason for the authentication failure. The authentication failure message is typically sent by the UE to the network (e.g., MME or AMF) to indicate that authentication to the network has failed. This message may include a reason (e.g., a 5GMM reason or an EMM reason), one of which may be 'synchronization failure'. The UE declares synchronization failure when the number of SQNs included in the AUTN exceeds an acceptable range.
[0134] The AUTN includes the MAC address and the sequence number (SQN). The MAC address is used by the UE to verify the authenticity of the network, and the SQN is used by the UE to verify that the authentication vector is novel. The UE retrieves the MAC address from the AUTN and also calculates the MAC address locally based on certain defined parameters (including RAND). The UE compares the MAC address received from the AUTN with the locally calculated expected MAC address (XMAC). If they match, the UE considers the network to have passed one of the authenticity checks. If the MAC verification fails, the UE declares a MAC failure. If an authentication vector generated for one UE is sent to another UE, the MAC check itself will fail. After successfully verifying the MAC address, the UE checks whether the SQN value included in the AUTN is within an acceptable range. If the SQN is within an acceptable range, the UE performs the authentication procedure and calculates the necessary keys (e.g., CK, IK). If the SQN is not within an acceptable range, indicating that the SQN is not novel, the UE declares a synchronization failure and sends an authentication failure message to the network. This message can be sent along with the resynchronization parameters (AUTS) so that the network can synchronize the SQN parameters at its ends and send a novel authentication vector with novel AUTN and RAND.
[0135] Each authentication vector sent from the network to a UE can be uniquely generated for that UE. Therefore, the sequence of first checking MAC authenticity and then verifying SQN allows a UE that generates only an authentication vector (AV) to declare synchronization failure, while other UEs can declare MAC failure to the same message. An attacker can use this AV to uniquely identify the same UE by repeatedly sending the stale AV to a group of UEs on the network, eliciting responses from unsuspecting UEs. The AV initially responds with synchronization failure as the reason for authentication failure for the UE it generates, while other UEs will respond with MAC failure. Therefore, an attacker can use the AUTN and RAND of the stale AV to track one of the UEs on the network.
[0136] At box 903, the UE can store the AUTN and RAND pairs associated with authentication failure. For example, whenever a synchronization failure is declared, the UE can store the AUTN and RAND pairs in a dedicated data structure, such as an array of size 'N' or other suitable data structure. Therefore, the UE can maintain a list of AUTN and RAND pairs, which it can use as a reference for receiving future messages.
[0137] At box 904, in response to receiving a second authentication request from a network with AUTN and RAND pairs, the UE may discard the second authentication request. The UE may refer to a list of AUTN and RAND pairs to determine whether it has already received the AUTN and RAND pair from the second authentication request, triggering a synchronization failure, and storing it in the list. If so, the UE may discard the message instead of responding with another authentication failure message with synchronization failure as the reason. When discarding the second authentication request, the UE may also avoid forwarding the second authentication request to the UE's User Identity Module (SIM).
[0138] However, if at box 904, the second authentication request includes a second AUTN and a second RAND value that is different from or not in a list of AUTN and RAND pairs maintained by the UE, the UE may process the second authentication request according to other UE protocols and procedures defined, for example, in 3GPP TS 24.301 or TS24.501.
[0139] Figure 10 This illustrates an exemplary attack scenario for preventing repeated synchronization failures using a UE, based on several aspects. A real cell 1006, a fake cell 1004, and a UE 1002 are shown. At operation 1008, the real cell 1006 may send an authentication request message to the UE 1002. This message may not include integrity protection or encryption, or it may only have integrity protection. At operation 1010, the fake cell 1004 may capture this authentication request message. At operation 1012, the UE 1002 may send an authentication response without integrity or encryption. At operation 1014, the real cell 1006 may send a security mode command with integrity protection. At operation 1016, the UE may respond by sending a security mode completion message with both integrity protection and encryption. At operation 1018, the UE may enter an idle mode, such as 5GMM-IDLE-MODE in a 5G environment or EMM-IDLE-MODE in a 4G environment.
[0140] At operations 1020 and 1022, dummy cell 1004 can resend the captured authorization request to the UE without integrity protection or encryption. At operations 1024 and 1025, the UE sends an authentication failure message to the network (e.g., the dummy cell) with the cause of synchronization failure. However, the UE can maintain a list of AUTN and RAND pairs used for each authentication request message that announces synchronization failure. The UE can use this list as a reference for future authentication request messages. Therefore, when a subsequent authentication request message with the same stale AUTN and RAND pair is resent at operation 1027, the UE can ignore that subsequent authentication request message, as well as those messages with the same AUTN and RAND pair that occur after that subsequent authentication request message.
[0141] When a UE is initially attached to a network (e.g., when the UE is activated), the UE may send its IMSI (International Mobile Subscriber Identity) or SUPI (Subscription Permanent Identifier) to the network for authentication purposes. Once a connection is established (e.g., the UE and network authenticate each other), the network (MME or AMF) delivers a GUTI value to the UE to be used as an ID for future network re-identification. The network may also assign a GUTI to the UE during the TAU process. That is, even while the UE remains attached to the network, the GUTI (temporary ID identifying the UE) can be changed to a new value. The network remembers the GUTI value it assigned to the UE for network use to identify the UE. Therefore, the GUTI is a temporary value that can be changed as needed and serves as the UE's ID. In a 4G environment, the GUTI may include: an MME identifier (MMEI) indicating which MME assigned the GUTI; and an M-TMSI, a temporary value that uniquely identifies the user in that particular MME. The GUTI may also include a Public Land Mobile Network (PLMN) ID. Similarly, in a 5G environment, GUTI can include PLMN ID, AMF ID, and 5G TMSI.
[0142] Some current network and UE behaviors can delegate the network to assign a new GUTI to the UE whenever the UE moves to connected mode due to paging. This is to ensure privacy protection, whereby the UE cannot be tracked by attackers by previously reading paging messages sent on public channels.
[0143] GUTI reallocation implies that the S-TMSI will be used for paging changes, and therefore the identity used in subsequent paging messages will differ from the identity used in the UE's current paging message. Although GUTI allocation is delegated at the network, no recovery procedure is defined on the UE or network side in the event that GUTI allocation does not occur or fails. An attacker could exploit this lack of recovery mechanism for GUTI allocation. For example, an attacker could insert themselves between the UE and the network. An attacker could selectively discard packets so that an unsuspecting UE does not receive a separate GUTI reallocation message and thus continues to reuse the same GUTI / S-TMSI across connections. Therefore, the UE may be vulnerable to tracking. To prevent this vulnerability, various solutions, which can be used together or individually, are described below.
[0144] In a mobile network, when a UE has no ongoing data transmission, it can enter an idle mode to conserve battery. If new data arrives at the UE, the network can detect an idle UE by sending one or more paging messages in response. During this paging procedure, the UE can monitor paging messages at certain times. The device-specific time (when the device switches on its receiver and checks for paging messages) is determined by a paging frame (PF) and a paging point (PO). A PF is a radio frame that may contain one or more POs for a group of devices. A PO is a specific point in time where the network can transmit paging messages for a subset of devices corresponding to the same PF. The UE can conserve battery by applying "discontinuous reception" or DRX, meaning the UE can disconnect its receiver at other times. The paging procedure can be controlled by the core network and can be implemented for various mobile networks, including 4G and 5G.
[0145] When the UE is in idle mode, the network does not control the UE's movement; instead, the UE automatically selects a new cell as it moves. If the UE enters a new location area based on reception information from the base station, the UE notifies the network of the new tracking area it has entered. In this state, the UE does not transmit or receive data; it only monitors paging and broadcast channels to maintain connectivity. When the UE is in idle mode on a cell and is ready to initiate a potential dedicated service or receive an ongoing broadcast service, the UE is considered to be 'camping' on the cell. The UE may camp on the cell to receive system information from the camped cell, initiate RRC connection establishment on the camped cell, or for other reasons. The UE can use a service request procedure to change the transition from 5GMM-Idle to 5GMM-CONNECTED mode, in which the UE can receive data.
[0146] In a 5G environment, new GUTIs can be assigned to UEs via different messaging methods. For example, a UE can send a registration request message to the network with either type initial registration or type mobility registration update. In response, the network (e.g., AMF) should send a new 5G-GUTI to the UE in a registration acceptance message. A UE can also send a registration request message to the network with type periodic registration update. In response, the network should send a new 5G-GUTI to the UE in a registration acceptance message. A UE can also send a service request message to the network in response to a network paging message. The network should respond by sending a new 5G-GUTI to the UE using a UE configuration update procedure. 5G-GUTI reallocation can be part of a registration procedure for mobility registration updates. During a registration procedure for mobility registration updates, if the network (e.g., AMF) has not yet allocated a new 5G-GUTI via a general UE configuration update procedure, the network can include the newly allocated 5G-GUTI in the registration acceptance message. The network can initiate a registration procedure by instructing the UE via an RRC connection release message (e.g., with a specified reason) or via a CUC message, thereby ensuring that the GUTI is reallocated during the registration procedure.
[0147] Figure 11 A flowchart illustrating a method 1100 for preventing GUTI reallocation rejection performed by a UE, based on several aspects. Method 1100 can be performed by a UE, which can also be understood as being performed by the UE's broadband processor. The method may include messages communicated between the UE and the network, which are part of a NAS protocol for 5GS EPS or NAS protocols.
[0148] At block 1101, the UE may receive a first GUTI from the network (e.g., MME or AMF). The GUTI may be assigned to the UE as described. At block 1102, the UE may set its mode to connected mode in response to a paging procedure with the network. As mentioned above, in this case, the UE should obtain a second GUTI. However, if GUTI assignment does not occur or continues to fail, the UE may be vulnerable to attack.
[0149] At box 1103, the UE can obtain a second GUTI from the network to replace the first GUTI. Therefore, the first GUTI can be understood as the old GUTI, and the second GUTI as the new GUTI replacing the old GUTI. Even if an attacker suddenly inserts themselves between the UE and the network to eliminate GUTI reallocation, the UE can still perform the operation to obtain the second GUTI. The second GUTI can be obtained based on UE mode transition at sub-box 1104 or based on one or more timers at sub-box 1105.
[0150] For example, at subframe 1104, obtaining a second GUTI may include: the UE triggering a mobility registration procedure to obtain a second GUTI in response to the UE transitioning to connected mode due to a paging procedure and in response to the UE transitioning from connected mode to idle mode. In this way, a UE that moves to connected mode in response to a paging can remember that it would receive a new GUTI when it was in connected mode. If this does not happen and if the UE ends up moving to idle mode with the old GUTI, the UE can immediately trigger a mobility registration procedure to obtain a new GUTI.
[0151] At subframe 1105, obtaining the second GUTI may include starting a timer in response to setting the UE mode to connected mode (e.g., due to paging). In response to the timer's expiration, the UE may, for example, initiate a mobility registration update via the network to obtain the second GUTI if a new GUTI has not yet been assigned to the UE. If a new GUTI is obtained while the timer is running, the UE should stop the timer, as the second GUTI is no longer needed.
[0152] Alternatively, at subframe 1105, obtaining the second GUTI may include starting a timer in response to each of one or more paging requests received from the network; and transitioning to a different cell within the same PLMN in response to the timer's expiration exceeding a threshold. The timer may be configured to stop in response to receiving a Configuration Update Command (CUC) message from the network, which will contain the new GUTI. In this way, the UE can limit the number of paging requests it receives from the network while camped on a cell without a new GUTI being allocated. If the number of paging requests exceeds the threshold, the UE may assume it is an incorrect cell and disable that cell. The UE can then camp on another cell within the same PLMN.
[0153] Alternatively, at subframe 1105, obtaining the second GUTI may include starting a timer in response to each of one or more paging requests received from the network; and in response to the expiration of the timer, triggering a registration request including type mobility (e.g., mobility registration update) to obtain the second GUTI. The network responds by sending the second GUTI in a registration accept message. The timer may be configured to stop in response to receiving a configuration update command message from the network, which also provides the second GUTI. In this way, the UE can take action to see that it has received a new GUTI.
[0154] As a supplement to or alternative to the above operations, the network may also perform operations to see if the UE receives a new GUTI after paging. Figure 12A flowchart illustrating a method 1200 for preventing GUTI reallocation removal performed by the network, based on several aspects, is shown. This method may include messages communicated between the UE and the network, which are part of the NAS protocol for 5GS EPS or NAS protocols.
[0155] At box 1201, the network may transmit a Globally Unique Temporary Identifier (GUTI) reallocation command message to the UE. The reallocation command may be part of a registration procedure for mobility registration updates or periodic registration updates, as described in other sections.
[0156] At box 1203, the network can detect whether it has received the complete GUTI reallocation message. For example, the network can monitor whether the UE acknowledges the GUTI reallocation command or whether the UE simply ignores the command and remains in connected mode.
[0157] At box 1204, the network may release a Non-Access Stratum (NAS) signaling connection in response to not receiving a GUTI reallocation completion message from the UE and / or if the UE simply remains in connected mode. In some examples, releasing a NAS signaling connection includes sending an RRC connection release message to the UE with a reason indicating that the UE is initiating a registration procedure. In some examples, releasing a NAS signaling connection includes sending a Configuration Update Command (CUC) to the UE, causing the UE to initiate a registration procedure.
[0158] In this way, GUTI reassignment does not result in a response from the network (GUTI reassignment complete) and the UE remains connected. Then the network should treat the use case as abnormal and release the NAS connection with the indication used for the UE to initiate the registration procedure.
[0159] Alternatively, the network may determine whether multiple GUTI reassignment failures have occurred. The network may set a threshold for the number of consecutive GUTI reassignment failures and / or the rate of GUTI reassignment failures. In response to multiple GUTI reassignment failures meeting this threshold, the network may send a subsequent GUTI reassignment command message or CUC message including one or more optional information elements (IEs), such that the subsequent GUTI reassignment command message or CUC message has a varying message size. An information element is a set of information that can be included in a signaling message or data stream sent across interfaces. The variation in message size makes it difficult for an attacker to identify a reassignment command originating from the genuine network, thus making it harder for an attacker to eliminate.
[0160] Figure 13 This illustrates an exemplary attack scenario in which GUTI-redistributed messages are selectively removed based on certain aspects.
[0161] At operation 1308, UE 1302 is registered on the network. True network cell 1306 can send a paging request to the registered UE at operation 1310. At operation 1312, the UE responds with a service request. At block 1311, the UE transitions to the service request initiated state. At block 1312, true cell 1306 can send a service request accepted message to the UE, thereby causing UE 1302 to transition to the registered state at operation 1314.
[0162] At operation 1316, the real network cell 1306 may attempt to send a GUTI reallocation request to UE 1302, however, and have the attacker 1304, who has suddenly inserted itself into the network, reject these requests. Therefore, the UE does not receive these reallocation requests and remains in connected mode, where the UE can perform data transfer with the real cell at operation 1318.
[0163] As described above, the network can detect that the UE is still connected and has not yet acknowledged the reassignment request and is still in connected mode. Therefore, the network can send a NAS signaling connection release at operation 1320 and also send a signal to the UE to initiate an RRC connection release procedure that can be used to reassign a new GUTI.
[0164] Alternatively, the UE can determine at operation 1322 whether it has received a new GUTI, as described above. Therefore, the UE can request the updated GUTI at operation 1324 using a tracking area update or registration request. At box 1326, the network can accept the request. Thus, the network and / or the UE can take security measures to prevent attackers from suddenly inserting themselves into the network and eliminating GUTI redistribution messages.
[0165] It should be understood that the aspects of this disclosure can be combined by those skilled in the art. For example, the described non-conflicting aspects can be combined such that the UE can perform one or more of the described operations. Such combinations may vary depending on the application.
[0166] Parts of the content described above can be implemented using logic circuits such as dedicated logic circuits or using microcontrollers or other forms of processing cores that execute program code instructions. Thus, the processes taught in the above discussion can be executed using program code such as machine-executable instructions, which cause the machine to execute these instructions to perform certain functions. In this context, "machine" can be a machine that translates intermediate (or "abstract") instructions into processor-specific instructions (e.g., abstract execution environments such as "virtual machines" (e.g., Java Virtual Machines), interpreters, Common Language Runtimes, high-level language virtual machines, etc.), and / or electronic circuits disposed on semiconductor chips (e.g., "logic circuits" implemented using transistors) designed to execute instructions, such as general-purpose processors and / or dedicated processors. The processes taught in the above discussion can also be executed (as an alternative to or in conjunction with a machine) by electronic circuits designed to execute processes (or parts thereof) without executing program code.
[0167] The present invention also relates to an apparatus for performing the operations described herein. This apparatus may be specifically configured for a desired purpose, or may comprise a general-purpose computer selectively activated or reconfigured by a computer program stored in a computer. Such a computer program may be stored in a computer-readable storage medium, such as, but not limited to, any type of disk, including floppy disks, optical disks, CD-ROMs and magneto-optical disks, read-only memory (ROM), RAM, EPROM, EEPROM, magnetic cards or optical cards, or any type of medium suitable for storing electronic instructions, and each of which is coupled to a computer system bus.
[0168] Machine-readable media include any mechanism that stores or transmits information in a machine-readable (e.g., computer) form. For example, machine-readable media include read-only memory (“ROM”); random access memory (“RAM”); magnetic disk storage media; optical storage media; flash memory devices; and so on.
[0169] A baseband processor (also known as a baseband radio processor, BP, or BBP) is a device (a chip or part of a chip) in a network interface that manages radio functions such as communication over the antenna (e.g., TX and RX).
[0170] The article of manufacture can be used to store program code. The article of manufacture storing program code can be implemented as, but is not limited to, one or more memories (e.g., one or more flash memories, random access memories (static, dynamic, or other)), optical discs, CD-ROMs, DVD-ROMs, EPROMs, EEPROMs, magnetic cards or optical cards, or other types of machine-readable media suitable for storing electronic instructions. Program code can also be downloaded from a remote computer (e.g., a server) to a requesting computer (e.g., a client) by means of data signals contained in a transmission medium (e.g., via a communication link (e.g., a network connection)).
[0171] The foregoing detailed description has been presented according to the algorithms and symbolic representations used to manipulate data bits within computer memory. These algorithmic descriptions and representations are tools used by those skilled in the art of data processing, and these tools are also the most effective means of communicating the essence of their work to others skilled in the art. An algorithm here and generally refers to a self-consistent sequence of operations that leads to a desired result. These operations are those that require physical manipulation of physical quantities. Often, but not necessarily, these quantities take the form of electrical or magnetic signals that can be stored, transmitted, combined, compared, and otherwise manipulated. It has proven convenient to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, etc., primarily for general reasons.
[0172] However, it should be remembered that all these and similar terms are associated with appropriate physical quantities and are merely convenient labels applied to these quantities. Unless otherwise specifically stated, it is evident from the foregoing discussion that throughout this specification, the use of terms such as “select,” “set,” “acquire,” “communication,” “detect,” “release,” “discard,” “send,” “confirm,” “receive,” “form,” “group,” “aggregate,” “generate,” “remove,” etc., refers to the actions and processing of computer systems or similar electronic computing devices that can manipulate data represented as physical (electronic) quantities in the registers and memories of the computer system and convert them into other data similarly represented as physical quantities in the computer system's memory or registers or other such information storage, transmission, or display devices.
[0173] The processes and displays presented herein are not inherently related to any particular computer or other device. Various general-purpose systems can be used with programs based on the teachings herein, or can prove convenient for constructing more specialized devices to perform the operations described herein. The necessary structures for various such systems will be apparent from the description below. Furthermore, the invention is not described with reference to any particular programming language. It should be understood that various programming languages can be used to implement the teachings of the invention as described herein.
[0174] As is widely recognized, the use of personally identifiable information should comply with privacy policies and practices that are generally accepted to meet or exceed industry or governmental requirements for protecting user privacy. Specifically, personally identifiable information data should be managed and processed to minimize the risk of unintentional or unauthorized access or use, and the nature of authorized use should be clearly explained to users.
[0175] The foregoing discussion has described only some exemplary aspects of the invention. Those skilled in the art will readily recognize from these discussions, drawings, and claims that various modifications can be made without departing from the spirit and scope of the invention.
Claims
1. A baseband processor for a user equipment (UE), the baseband processor being configured to perform operations including: Receive authentication rejection message from the network; Based on the fact that timers T3416, T3418, and T3420 are not running, it is determined that the authentication process between the UE and the network is not in progress. as well as In response to the authentication process not being in progress, the authentication rejection message is discarded.
2. The baseband processor of the UE according to claim 1, wherein the baseband processor of the UE determines that the authentication procedure is not in progress in response to the following: the UE has not sent an authentication response message or an authentication failure message to the network before receiving the authentication rejection message.
3. The baseband processor of the UE according to claim 1, wherein the baseband processor of the UE determines that the authentication procedure is not in progress in response to timer T3516 and timer T3520 not running.
4. The baseband processor of the UE according to claim 1, further comprising: In response to the authentication rejection message not having integrity protection, and the UE having already sent an authentication response message or authentication failure message to the network before receiving the authentication rejection message, the UE's baseband processor starts timer T3247.
5. The baseband processor of the UE according to claim 1, further comprising: In response to the authentication rejection message not having integrity protection, and at least one of timer T3516 or timer T3520 being running, timer T3247 is started by the baseband processor of the UE.
6. The baseband processor of the UE according to claim 1, further comprising: In response to the authentication rejection message not having integrity protection, and at least one of the timers T3416, T3418, or T3420 being running, the baseband processor of the UE starts timer T3247.
7. The baseband processor of the UE according to claim 1, further comprising: In response to determining that the authentication process is in progress between the UE and the network, the authentication rejection message is processed by the UE's baseband processor.
8. The baseband processor of the UE according to claim 1, wherein the authentication rejection message is received as part of a non-access stratum (NAS) protocol for 5G systems (5GS) or as part of a non-access stratum (NAS) protocol for evolved packet systems (EPS).
9. The baseband processor of the UE according to claim 1, further comprising: Set the UE's status to "service request initiated"; Receive authentication request messages or identity request messages from the network; as well as The authentication request message or the identity request message may be discarded at least in response to the UE being in the state where the service request has been initiated.
10. The baseband processor of the UE according to claim 9, wherein the service request initiated state is a 5GMM service request initiated state or an EMM service request initiated state.
11. The baseband processor of the UE according to claim 9, wherein the baseband processor of the UE discards the authentication request message or the identity request message in response to the UE being in the state of the service request initiated and the authentication request message or the identity request message not including integrity protection.