Method and apparatus for secure transmission of medium access control control element in wireless communication

By employing ciphering and integrity protection techniques with a feedback mechanism, the solution addresses vulnerabilities in 5G MAC control elements, ensuring secure and reliable transmission and acknowledgement, thereby enhancing network performance.

WO2026135341A1PCT designated stage Publication Date: 2026-06-25SAMSUNG ELECTRONICS CO LTD

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
SAMSUNG ELECTRONICS CO LTD
Filing Date
2025-12-18
Publication Date
2026-06-25

AI Technical Summary

Technical Problem

Current 5G wireless communication systems lack robust security measures for Medium Access Control (MAC) control elements, making them vulnerable to attacks and leading to service degradation and synchronization issues due to the lack of encryption and acknowledgment mechanisms.

Method used

Implementing a method and system for secure transmission and acknowledgement of MAC control elements using ciphering and integrity protection techniques, along with a feedback mechanism to verify correct application, thereby enhancing security and reliability.

Benefits of technology

The proposed solution provides enhanced security and reliability for MAC control elements by preventing unauthorized access and ensuring correct application, optimizing resource utilization, and improving network performance.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure KR2025022247_25062026_PF_FP_ABST
    Figure KR2025022247_25062026_PF_FP_ABST
Patent Text Reader

Abstract

The disclosure relates to a 5G or 6G communication system for supporting a higher data transmission rate. The present disclosure discloses a method for secure transmission of critical or major lower layer control information or media access control (MAC) control elements (CEs) in a wireless communication. The method includes receiving, from a radio resource control (RRC) layer, a configuration message. The configuration message includes a list of critical or major lower layer control information or MAC CEs to be protected. The method includes identifying at least one MAC CE from the list of MAC CEs based on at least one parameter associated with the at least one MAC CE, during a transmission of the configuration message to a receiver. The at least one parameter includes a threat level associated with the MAC CE. The method includes protecting the identified at least one MAC CE to be transmitted to the receiver based on one or more of ciphering technique and an integrity protection technique. The method includes transmitting, to the receiver, the at least one protected MAC CE.
Need to check novelty before this filing date? Find Prior Art

Description

METHOD AND APPARATUS FOR SECURE TRANSMISSION OF MEDIUM ACCESS CONTROL CONTROL ELEMENT IN WIRELESS COMMUNICATION

[0001] The present disclosure, in general, relates to wireless communication systems. In particular, the present disclosure relates to methods for securing critical or major lower layer control information or MAC control elements and subheaders in a 5thGeneration (5G) network and systems thereof.

[0002] 5G mobile communication technologies define broad frequency bands such that high transmission rates and new services are possible, and can be implemented not only in "Sub 6GHz" bands such as 3.5GHz, but also in "Above 6GHz" bands referred to as mmWave including 28GHz and 39GHz. In addition, it has been considered to implement 6G mobile communication technologies (referred to as Beyond 5G systems) in terahertz bands (for example, 95GHz to 3THz bands) in order to accomplish transmission rates fifty times faster than 5G mobile communication technologies and ultra-low latencies one-tenth of 5G mobile communication technologies.

[0003] At the beginning of the development of 5G mobile communication technologies, in order to support services and to satisfy performance requirements in connection with enhanced Mobile BroadBand (eMBB), Ultra Reliable Low Latency Communications (URLLC), and massive Machine-Type Communications (mMTC), there has been ongoing standardization regarding beamforming and massive MIMO for mitigating radio-wave path loss and increasing radio-wave transmission distances in mmWave, supporting numerologies (for example, operating multiple subcarrier spacings) for efficiently utilizing mmWave resources and dynamic operation of slot formats, initial access technologies for supporting multi-beam transmission and broadbands, definition and operation of BWP (BandWidth Part), new channel coding methods such as a LDPC (Low Density Parity Check) code for large amount of data transmission and a polar code for highly reliable transmission of control information, L2 pre-processing, and network slicing for providing a dedicated network specialized to a specific service.

[0004] Currently, there are ongoing discussions regarding improvement and performance enhancement of initial 5G mobile communication technologies in view of services to be supported by 5G mobile communication technologies, and there has been physical layer standardization regarding technologies such as V2X (Vehicle-to-everything) for aiding driving determination by autonomous vehicles based on information regarding positions and states of vehicles transmitted by the vehicles and for enhancing user convenience, NR-U (New Radio Unlicensed) aimed at system operations conforming to various regulation-related requirements in unlicensed bands, NR UE Power Saving, Non-Terrestrial Network (NTN) which is UE-satellite direct communication for providing coverage in an area in which communication with terrestrial networks is unavailable, and positioning.

[0005] Moreover, there has been ongoing standardization in air interface architecture / protocol regarding technologies such as Industrial Internet of Things (IIoT) for supporting new services through interworking and convergence with other industries, IAB (Integrated Access and Backhaul) for providing a node for network service area expansion by supporting a wireless backhaul link and an access link in an integrated manner, mobility enhancement including conditional handover and DAPS (Dual Active Protocol Stack) handover, and two-step random access for simplifying random access procedures (2-step RACH for NR). There also has been ongoing standardization in system architecture / service regarding a 5G baseline architecture (for example, service based architecture or service based interface) for combining Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) technologies, and Mobile Edge Computing (MEC) for receiving services based on UE positions.

[0006] As 5G mobile communication systems are commercialized, connected devices that have been exponentially increasing will be connected to communication networks, and it is accordingly expected that enhanced functions and performances of 5G mobile communication systems and integrated operations of connected devices will be necessary. To this end, new research is scheduled in connection with eXtended Reality (XR) for efficiently supporting AR (Augmented Reality), VR (Virtual Reality), MR (Mixed Reality) and the like, 5G performance improvement and complexity reduction by utilizing Artificial Intelligence (AI) and Machine Learning (ML), AI service support, metaverse service support, and drone communication.

[0007] Furthermore, such development of 5G mobile communication systems will serve as a basis for developing not only new waveforms for providing coverage in terahertz bands of 6G mobile communication technologies, multi-antenna transmission technologies such as Full Dimensional MIMO (FD-MIMO), array antennas and large-scale antennas, metamaterial-based lenses and antennas for improving coverage of terahertz band signals, high-dimensional space multiplexing technology using OAM (Orbital Angular Momentum), and RIS (Reconfigurable Intelligent Surface), but also full-duplex technology for increasing frequency efficiency of 6G mobile communication technologies and improving system networks, AI-based communication technology for implementing system optimization by utilizing satellites and AI (Artificial Intelligence) from the design stage and internalizing end-to-end AI support functions, and next-generation distributed computing technology for implementing services at levels of complexity exceeding the limit of UE operation capability by utilizing ultra-high-performance communication and computing resources.

[0008] Nowadays, several broadband wireless technologies have been developed to meet the growing number of broadband subscribers by providing better applications and services. Second-generation wireless communication systems have been developed to provide voice services while ensuring the mobility of users. Third-generation wireless communication systems not only support voice services but also support data services. In recent years, a fourth wireless communication system has been utilized to provide high-speed data service. However, currently, the fourth generation (4G), also known as a Long-Term Evolution (LTE) wireless communication system, suffers from a lack of resources to meet the growing demand for high-speed data services. This problem is solved by the deployment of a fifth generation wireless communication system to meet the ever-growing demand for high-speed data services. Further, the fifth generation (5G), also known as a New Radio (NR) wireless communication system, provides ultra-reliability and supports low-latency applications.

[0009] This summary is provided to introduce a selection of concepts, in a simplified format, that are further described in the detailed description of the invention. This summary is neither intended to identify key or essential inventive concepts of the invention and nor is it intended for determining the scope of the invention.

[0010] The present disclosure discloses a method for secure transmission of critical or major lower layer control information or medium access control (MAC) control elements (CEs) in a wireless communication. The method includes receiving, from a radio resource control (RRC) layer, a configuration message. The configuration message includes a list of critical or major lower layer control information or MAC CEs to be protected. The method includes identifying at least one MAC CE from the list of MAC CEs based on at least one parameter associated with the at least one MAC CE, during a transmission of the configuration message to a receiver. The at least one parameter includes a threat level associated with the MAC CE. The method includes protecting the identified at least one MAC CE to be transmitted to the receiver based on one or more of a ciphering technique and an integrity protection technique. The method includes transmitting, to the receiver, the at least one protected MAC CE.

[0011] In another embodiment, a method for secure acknowledgement of medium access control (MAC) control elements in a wireless communication is disclosed. The method includes receiving, from a transmitter, at least one protected MAC CE. The method includes upon receiving the at least one protected MAC CE, decrypting the at least one protected MAC CE. The method includes generating an acknowledgement indicating application of the at least one protected MAC CE, upon decrypting the at least one protected MAC CE. The method includes transmitting, to the transmitter, the generated acknowledgment to enable verification of a correct application of the at least one protected MAC CE, and to implement a plurality of consecutive measures corresponding to at least one of an incorrect application of the at least one protected MAC CE, or lack of the generated acknowledgement of the at least one protected MAC CE.

[0012] In yet another embodiment, a system for secure transmission of critical or major lower layer control information or medium access control (MAC) control elements (CEs) in a wireless communication is disclosed. The system includes a memory and at least one processor in communication with the memory. The at least one processor is configured to receive, from a radio resource control (RRC) layer, a configuration message. The configuration message includes a list of critical or major lower layer control information or MAC CEs to be protected. The at least one processor is configured to identify at least one MAC CE from the list of MAC CEs based on at least one parameter associated with the at least one MAC CE, during a transmission of the configuration message to a receiver. The at least one parameter includes a threat level associated with the MAC CE. The at least one processor is configured to protect the identified at least one MAC CE to be transmitted to the receiver based on one or more of a ciphering technique and an integrity protection technique. The at least one processor is configured to transmit, to the receiver, the at least one protected MAC CE.

[0013] In yet another embodiment, a system for secure acknowledgement of medium access control (MAC) control elements in a wireless communication is disclosed. The system includes a memory and at least one processor in communication with the memory. The at least one processor is configured to receive, from a transmitter, at least one protected MAC CE. Upon receiving the at least one protected MAC CE, the at least one processor is configured to decrypt the at least one protected MAC CE. The at least one processor is configured to generate an acknowledgement indicating application of the at least one protected MAC CE, upon decrypting the at least one protected MAC CE. The at least one processor is configured to transmit, to the transmitter, the generated acknowledgment to enable verification of a correct application of the at least one protected MAC CE, and implement a plurality of consecutive measures corresponding to at least one of an incorrect application of the at least one protected MAC CE, or lack of the generated acknowledgement of the at least one protected MAC CE.

[0014] To further clarify the advantages and features of the present invention, a more particular description of the invention will be rendered by reference to specific embodiments thereof, which is illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail with the accompanying drawings.

[0015] These and other features, aspects, and advantages of the present invention will become better understood when the following detailed description is read with reference to the accompanying drawings in which like characters represent like parts throughout the drawings, wherein:

[0016] Figure 1 illustrates an existing MAC frame structure based on TS 38.321, in accordance with a related art;

[0017] Figure 2 illustrates a security measure in Packet Data Convergence Protocol (PDCP), Radio Link Control (RLC), and MAC layers, in accordance with a related art;

[0018] Figure 3 illustrates MAC CE usage for downlink (DL) and uplink (UL), in accordance with a related art;

[0019] Figure 4 illustrates an example of MiTM performing MAC-CE update, in accordance with a related art;

[0020] Figure 5 illustrates an example of Radio Resource Configuration, in accordance with a related art;

[0021] Figure 6 illustrates an environment for transmission and acknowledgment of the MAC CEs, in accordance with an embodiment of the present disclosure;

[0022] Figure 7 illustrates an exemplary environment including systems for transmission and secure acknowledgement of the MAC CEs, in accordance with an embodiment of the present disclosure;

[0023] Figure 8A illustrates an operation performed by a system to securely transmit the at least one MAC CE to a receiver, in accordance with an embodiment of the present disclosure;

[0024] Figure 8B illustrates a plurality of corrective measures to be implemented by the system, in accordance with an embodiment of the present disclosure;

[0025] Figure 9 illustrates an operation performed by a system to securely acknowledge the at least one MAC CE, in accordance with an embodiment of the present disclosure;

[0026] Figure 10 illustrates a call flow diagram for transmitting the generated acknowledgement to the transmitter, in accordance with an embodiment of the present disclosure;

[0027] Figure 11 illustrates a call flow diagram for transmitting the generated acknowledgement to the transmitter and detecting tampering, in accordance with an embodiment of the present disclosure;

[0028] Figure 12 illustartes a flow chart indicating a method performed by the system to securely transmit the at least one MAC CE to the receiver, in accordance with an embodiment of the present disclosure; and

[0029] Figure 13 illustartes a flow chart indicating a method performed by the system to securely acknowledge the at least one MAC CE, in accordance with an embodiment of the present disclosure.

[0030] Further, skilled artisans will appreciate that elements in the drawings are illustrated for simplicity and may not have necessarily been drawn to scale. For example, the flow charts illustrate the method in terms of the most prominent steps involved to help to improve understanding of aspects of the present invention. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the drawings by conventional symbols, and the drawings may show only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the drawings with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.

[0031] With an increase in data demand, high bandwidth, and processing capability, a plurality of next-generation wireless communication systems, i.e., beyond the 5G and sixth generation (6G) wireless communications, are capable of meeting such ever-increasing requirements. For doing so, a communication protocol is provided processing high-speed data. In LTE and NR, protocols that currently exist for the user plane include a Packet Data Convergence Protocol (PDCP), a Radio Link Control (RLC), a Medium Access Control (MAC), and a Physical Layer (PHY). A control plane stack includes a radio resource control (RRC) and a non-access stratum (NAS). An important aspect of the PDCP layer is ciphering (encryption) and deciphering (decryption) of the user plane and the control plane data. Along with the encryption of packets, the PDCP layer also supports integrity protection and integrity verification for the user plane and the control plane data. The user plane data belongs to all user application traffic, while the control plane data is related to signaling messages originating within a Random Access Network (RAN) for the RRC and the NAS messages shared between a Base Station (gNodeB / gNB) and a User Equipment (UE).

[0032] However, there are multiple other information packets exchanged in real time over wireless networks, which are not ciphered. A few of those are the Control Elements shared over the lower layer for quick information sharing and configuration control at the Medium Access Control (MAC) layer. Control Elements (CEs) are introduced at the Medium Access Control (MAC) layer so that time-sensitive controls can be applied immediately, for example, for activation / deactivation of secondary cells. This is just one of the features that are executed dynamically and signaled between the gNB and the UE. However, these messages are not ciphered and sent as plain text in the header format as per the 3GPP specification. Thus, MAC CE in a Fifth Generation (5G) network is essential for ensuring the privacy, reliability, and accessibility of communication services. The MAC layer in the 5G network is responsible for controlling the transmission of data over a physical layer, for example, scheduling and resource allocation. The MAC layer also deals with other important functions like error correction and data encryption. As 5G networks handle a diverse range of use cases, from mobile broadband to Internet-of-things (IoT), securing MAC control elements is becoming essential to protect against potential threats and attacks.

[0033] Figure 1 illustrates an existing MAC frame structure based on TS 38.321, in accordance with a related art.

[0034] MAC Control Elements (MAC-CEs) are specialized structures embedded within the Medium Access Control (MAC) layer to facilitate the transmission of control information. Serving as in-band signaling mechanisms, the MAC layer enables efficient communication of control messages between the base station / network and user equipment (UE). The Control Elements are introduced at the MAC layer for executing time-sensitive operations, such as the activation or deactivation of secondary cells, with minimal delay. The MAC layer handles data transfer through MAC Protocol Data Units (PDUs), which may include MAC-CEs carrying vital control instructions. Each MAC PDU is delivered to the physical layer through transport blocks, basic units of data transmission in the physical layer. Further, to maintain data integrity, Cyclic Redundancy Checks (CRC) are appended to MAC PDUs, utilizing a unique Cell Radio Network Temporary Identifier (C-RNTI) to detect and mitigate transmission errors. However, the existing MAC frame structure has some limitations, that is, the transport blocks are scrambled using the Cell Radio Network Temporary Identifier (C-RNTI), which offers a basic level of security. However, this process does not constitute true encryption and therefore does not guarantee robust protection. Implementing encryption at the lower layers introduces significant overhead, as these layers are highly time-sensitive. The additional processing required for encryption and decryption at the sender and receiver ends can lead to undesirable delays.

[0035] Figure 2 illustrates a security measure in Packet Data Convergence Protocol (PDCP), Radio Link Control (RLC), and MAC layers, in accordance with a related art.

[0036] Herein, during Layer 2 PDU handling in NR, only the Packet Data Convergence Protocol (PDCP) Service Data Unit (SDU) payload can be ciphered for integrity protection ensuring that the actual user data or application data is protected from unauthorized access and eavesdropping. Further, the PDCP SDU payload and the PDCP header are included in integrity protection, ensuring that the data has not been altered or tampered with during the transmission. Additionally, the RLC headers are not subjected to any security measures. Further, the MAC subheaders contain information such as the length of the RLC PDU as well as the Logical Channel ID (LCID) on which it is being transmitted and which indicates a channel on which the data is being communicated. The MAC CEs carry control information for managing the MAC later such as scheduling and resource application. The format and specific values of LCID may vary depending on the type of logical channel and the corresponding transport block size. Further, different LCID values are assigned to different logical channels to enable proper processing and mapping of the data within the MAC layer.

[0037] It has also been observed that all RLC Headers, MAC subheaders, and the MAC CE may not have security protection. Additionally, at the MAC, the PDCPs 202 may be deciphered independently. Further, at the receiver side, when the PDCP segment, as shown with 204 may be combined, then the particular PDCP SDU may be deciphered completely. Therefore, the lack of security protection for the RLC headers, MAC CEs, and the MAC subheaders increases the possibility of attacks such as message forgery, tampering, etc.

[0038] Figure 3 illustrates MAC CE usage for downlink (DL) and uplink (UL), in accordance with a related art. As shown, an RRC transmitter component 302a of a network / Base Station (gNB) 302 transmits a configuration to an RRC receiver component 304a of a User Equipment (UE) 304. Similarly, an update component 302b of the gNB 302 transmits a MAC CE update to a MAC receiver 304b of the UE 304.

[0039] During downlink (DL), the MAC CEs convey information related to secondary cell (sCell) activation / deactivation, discontinuous reception (DRX), timing advance, and other aspects. However, for many other MAC CE configurations, no acknowledgment (ACK / NACK) is sent in response to the gNB from the UE 304. This indicates that the gNB 302 cannot confirm whether the UE 304 has successfully received and processed the MAC CE. This lack of response leads to increased uncertainty about the status of MAC CE configurations, potentially impacting network performance and reliability.

[0040] Similarly, during uplink (UL), the MAC CEs are used for reporting a Buffer Status Report (BSR) and a Power Headroom Report (PHR), along with additional information. The BSR procedure is used for providing the serving gNB with information about UL data volume in the MAC entity, whereas the power headroom indicates how much transmission power is left for the UE to use in addition to the power being used by the current transmission. Herein, like Downlink (DL) MAC Control Elements (CEs), the Uplink (UL) MAC CEs do not trigger any confirmation from the gNB 302 to the UE 304. As a result, the UE 304 has no way to confirm whether its transmitted reports have been received and acted upon by the gNB 302. This absence of acknowledgment (ACK) or negative acknowledgment (NACK) for both DL and UL MAC CEs introduces synchronization issues between the gNB 302 and UE 304, potentially leading to misalignment in network settings and resource distribution.

[0041] Figure 4 illustrates an example of Man-in-the Middle (MiTM) performing MAC-CE update, in accordance with a related art. As shown, a fake base station 402 injects a faulty message to downgrade the performance during the communication between the gNB 302 and the UE 304. Herein, the fake base station 402 intercepts communication between the base station 302 and the UE 304. For example, a faulty MAC CE update message is injected by the fake base station 402 to the MAC receiver 304b of the UE 304 through MAC CE update to deactivate the secondary cell (sCell), thereby causing degradation of the network performance, leading to service disruption. Particularly, the fake base station 402 constructs a malicious MAC-CE update message that directs the UE 304 to deactivate the secondary cell (sCell). This forged message is carefully crafted to mimic a legitimate message, using correct formatting and valid parameters. Further, the fake base station (BS) 402 injects the malicious MAC-CE update into the communication channel, transmitting it to the UE 302 same as it originated from the gNB 302. As MAC-CE updates do not include an acknowledgment mechanism, the gNB 302 receives no confirmation that the UE 304 has processed the update. Consequently, it remains unaware that the secondary cell has been deactivated. This configuration leads to interception of the communication link between the gNB 302 and the UE 304, allowing it to monitor and alter the transmitted data.

[0042] Furthermore, although MAC CEs have been introduced and expanded across multiple generations and release versions, their primary role remains to quickly inform the UE 304 about configuration updates from the base station 302 or to send configuration information from the UE 304 to the BS 302 that is useful for scheduling. The first LTE release in 2008 included 7 MAC CEs, while the first 5G release in 2018 introduced 19 MAC CEs. As of the latest 2023 release, the number has grown to over 50. The Carrier Aggregation (CA) can be managed through MAC CEs, and the physical layer includes several control mechanisms, such as beam reporting for beamforming, Physical Downlink Control Channel (PDCCH) order to trigger UE re-synchronization, and channel state reports. However, not all MAC CEs are equally important, and some may have a greater impact if tampered with. Therefore, it is essential to prioritize or selectively verify MAC CEs for enhanced security and efficiency. Tables 1 and 2 provide a list of the MAC CEs used in 5G (Rel 16 TS 38.321):

[0043] IndexLCID values000000CCCH000001-100000Identity of the logical channel100001-110111Reserved111000Duplication Activation / Deactivation111001SCell Activation / Deactivation (4 octet)111010SCell Activation / Deactivation (1 octet)111011Long DRX Command111100DRX Command111101Timing Advance Command111110UE Contention Resolution Identity111111Padding

[0044] IndexLCID values000000CCCH000001-100000Identity of the logical channel100001-110110Reserved110111Configured Grant Confirmation111000Multiple Entry PHR111001Single Entry PHR111010C-RNTI111011Short Truncated BSR111100Long Truncated BSR111101Short BSR111110Long BSR111111Padding

[0045] Thus, based on the above discussion, the problem may be summarized as follows:

[0046] a.MAC control elements currently are not encrypted. The attacker with the fake base station can inject fake MAC CE update message towards the UE 304, manipulating the UE 304 to believe that the message was sent by the genuine Base Station (BS) leading to the service degradation and adversarial impacts.

[0047] b.Further, the breaching of the MAC CE or sub-header leads to the service degradation and adversarial impacts.

[0048] Therefore, there is a need for a framework that overcomes or, at the least, mitigates the above-mentioned and other related deficiencies.

[0049] For the purpose of promoting an understanding of the principles of the invention, reference will now be made to the various embodiments and specific language will be used to describe the same. It will nevertheless be understood that no limitation of the scope of the invention is thereby intended, such alterations and further modifications in the illustrated system, and such further applications of the principles of the invention as illustrated therein being contemplated as would normally occur to one skilled in the art to which the invention relates.

[0050] It will be understood by those skilled in the art that the foregoing general description and the following detailed description are explanatory of the invention and are not intended to be restrictive thereof.

[0051] Whether or not a certain feature or element was limited to being used only once, it may still be referred to as "one or more features" or "one or more elements" or "at least one feature" or "at least one element." Furthermore, the use of the terms "one or more" or "at least one" feature or element does not preclude there being none of that feature or element, unless otherwise specified by limiting language including, but not limited to, "there needs to be one or more..." or "one or more elements is required."

[0052] Reference is made herein to some "embodiments." It should be understood that an embodiment is an example of a possible implementation of any features and / or elements of the present disclosure. Some embodiments have been described for the purpose of explaining one or more of the potential ways in which the specific features and / or elements of the proposed disclosure fulfill the requirements of uniqueness, utility, and non-obviousness.

[0053] Use of the phrases and / or terms including, but not limited to, "a first embodiment," "a further embodiment," "an alternate embodiment," "one embodiment," "an embodiment," "multiple embodiments," "some embodiments," "other embodiments," "further embodiment", "furthermore embodiment", "additional embodiment" or other variants thereof do not necessarily refer to the same embodiments. Unless otherwise specified, one or more particular features and / or elements described in connection with one or more embodiments may be found in one embodiment, or may be found in more than one embodiment, or may be found in all embodiments, or may be found in no embodiments. Although one or more features and / or elements may be described herein in the context of only a single embodiment, or in the context of more than one embodiment, or in the context of all embodiments, the features and / or elements may instead be provided separately or in any appropriate combination or not at all. Conversely, any features and / or elements described in the context of separate embodiments may alternatively be realized as existing together in the context of a single embodiment.

[0054] Any particular and all details set forth herein are used in the context of some embodiments and therefore should not necessarily be taken as limiting factors to the proposed disclosure.

[0055] All the procedures defined here are for the Third Generation Partnership Project (3GPP) standard and may impact the 3GPP standards but not limited to - 38.331, 33.501, 38.321 and similar impact for 6G.

[0056] The terms "comprises", "comprising", or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such process or method. Similarly, one or more devices or sub-systems or elements or structures or components proceeded by "comprises... a" does not, without more constraints, preclude the existence of other devices or other sub-systems or other elements or other structures or other components or additional devices or additional sub-systems or additional elements or additional structures or additional components.

[0057] The term "couple" and the derivatives thereof refer to any direct or indirect communication between two or more elements, whether or not those elements are in physical contact with each other. The terms "transmit", "receive", and "communicate" as well as the derivatives thereof encompass both direct and indirect communication. The term "or" is an inclusive term meaning "and / or". The phrase "associated with," as well as derivatives thereof, refer to include, be included within, interconnect with, contain, be contained within, connect to or with, couple to or with, be communicable with, cooperate with, interleave, juxtapose, be proximate to, be bound to or with, have, have a property of, have a relationship to or with, or the like. The term "controller" refers to any device, system, or part thereof that controls at least one operation. The functionality associated with any particular controller may be centralized or distributed, whether locally or remotely. The phrase "at least one of," when used with a list of items, means that different combinations of one or more of the listed items may be used, and only one item in the list may be needed. For example, "at least one of A, B, and C" includes any of the following combinations: A, B, C, A and B, A and C, B and C, and A and B and C, and any variations thereof. As an additional example, the expression "at least one of a, b, or c" may indicate only a, only b, only c, both a and b, both a and c, both b and c, all of a, b, and c, or variations thereof. Similarly, the term "set" means one or more. Accordingly, the set of items may be a single item or a collection of two or more items.

[0058] Moreover, multiple functions described below may be implemented or supported by one or more computer programs, each of which is formed from computer readable program code and embodied in a computer readable medium. The terms "application" and "program" refer to one or more computer programs, software components, sets of instructions, procedures, functions, objects, classes, instances, related data, or a portion thereof adapted for implementation in a suitable computer readable program code. The phrase "computer readable program code" includes any type of computer code, including source code, object code, and executable code. The phrase "computer readable medium" includes any type of medium capable of being accessed by a computer, such as Read Only Memory (ROM), Random Access Memory (RAM), a hard disk drive, a Compact Disc (CD), a Digital Video Disc (DVD), or any other type of memory. A "non-transitory" computer readable medium excludes wired, wireless, optical, or other communication links that transport transitory electrical or other signals. A non-transitory computer readable medium includes media where data may be permanently stored and media where data may be stored and later overwritten, such as a rewritable optical disc or an erasable memory device.

[0059] Embodiments of the present disclosure will be described below in detail with reference to the accompanying drawings.

[0060] Figure 5 illustrates an example of Radio Resource Configuration, in accordance with a related art.

[0061] Herein, at step 506, a gNB RRC 502 transmits a RRC connection request to a user Equipment (UE) RRC 504. Further, at step 508, the UE RRC 504 applies a configuration, upon receiving the RRC connection request. Further, at step 510, the UE RRC 506 transmits a RRC setup complete message.

[0062] Figure 6 illustrates an environment for transmission and acknowledgment of the MAC CEs, in accordance with an embodiment of the present disclosure.

[0063] In an embodiment, a transmitter 602 may be configured to transmit a Medium Access Control-Control Element (MAC CE), which involves the exchange of control information between the transmitter 602 and a receiver 604. The MAC CEs carry critical control information between the transmitter 602 and the receiver 604. Thus, to securely transmit and acknowledge the MAC CEs, the tramsmitter 602 and the receiver 604 may be configured to perform a plurality of operations as explained in the subsequent paragraphs. Herein, the transmitter 602 may correspond to one of a base station 302 or a user equipment (UE) 304. Further, the receiver 604 may correspond to one of the UE 304 and the base station 302.

[0064] Herein, the transmitter 602 may be configured to receive a configuration message from a radio resource control (RRC) layer. The configuration message may include a list of critical or major lower layer control information or MAC CEs to be protected. The transmitter 602 may be configured to identify at least one MAC CE from the list of MAC CEs based on at least one parameter associated with the at least one MAC CE, during a transmission of the configuration message to the receiver 604. The at least one parameter may include a threat level associated with the MAC CE. The transmitter 602 may be configured to protect the identified at least one MAC CE to be transmitted to the receiver 604 based on one or more of ciphering technique and an integrity protection technique. The ciphering technique is a method of encrypting the at least one MAC CE to protect it from unauthorized access during transmission. Herein, the ciphering technique may include symmetric ciphering technique, and asymmetric ciphering technique. The symmetric ciphering technique may include, but is not limited to, SNOW 3G, Advanced Encryption Standard (AES), Authenticated Encryption with Associated Data (AEAD) or ZUC algorithm. Further, the asymmetric ciphering technique may include, but is not limited to, elliptical curve cryptography using Diffie-hellman key exchange, Rivest-Shamir-Adleman (RSA) technique, or any post-quantum cryptographic techniques, for example, ML-DSA, ML-KEM, SLH-DSA, FN-DSA, HQC.

[0065] In another embodiment, the transmitter 602 may be configured to protect the identified at least one MAC CE to be transmitted to the receiver 604 using a hybrid cryptographic technique. Herein, the hybrid cryptographic technique may indicate a combination of post-quantum cryptographic and elliptical / RSA cryptographic technique. Further, the hybrid cryptographic technique prevents unauthorized access to data, and integrity protection by offering integrity codes, for example, Message Authentication Codes - Integrity, (MAC-Is), to verify the authenticity of the at least one MAC CE.

[0066] The integrity protection technique ensures that the at least one MAC CE as received may be exactly the same as the at least one MAC CE that may be transmitted by the transmitter 602. The transmitter 602 may be configured to transmit the at least one protected MAC CE to the receiver 604.

[0067] Further, the receiver 604 may be configured to receive the at least one protected MAC CE from the transmitter 602. Upon receiving the at least one protected MAC CE, the receiver 604 may be configured to decrypt the at least one protected MAC CE. The receiver 604 may be configured to generate an acknowledgement indicating application of the at least one protected MAC CE, upon decrypting the at least one protected MAC CE. Further, the receiver 604 may be configured to transmit the generated acknowledgement to enable verification of a correct application of the at least one protected MAC CE and to implement a plurality of corrective measures corresponding to at least one of an incorrect application of the at least one protected MAC CE, or lack of the generated acknowledgment of the at least one protected MAC CE.

[0068] The operation as performed by the transmitter 602 and the receiver 604 ensures enhanced efficiency and robustness to MAC layer control operations. By prioritizing the at least one MAC CE and selectively applying security to the at least one MAC CE, the transmitter 602 and the received 604 optimizes resource utilization. Introducing a dedicated signaling mechanism for MAC CE security in 5G and 6G networks, along with a defined feedback process through MAC or RRC, ensures better reliability and traceability of control messages. Additionally, implementing selective security measures and tampering detection through RRC provides a balanced approach, that is, offering both performance optimization and improved resilience against malicious interference.

[0069] Figure 7 illustrates an exemplary environment 700 including systems 710 and 728 for transmission and secure acknowledgement of the MAC CEs, in accordance with an embodiment of the present disclosure. As shown, the environment 700 may include the system 710 implemented in the transmitter 602. The system 710 is connected to the system 728 corresponding to the receiver 604.

[0070] The system 710 may include one or more processors 702 (hereinafter referred to as the processor 702), a memory 704, one or more modules 706 (referred to herein as the modules), and an interface 708. In an exemplary embodiment, the one or more processors 702 may be in communication with the memory 704, the modules 706, and the interface 708.

[0071] In one embodiment, the processor 702 may include at least one data processor for executing processes in Virtual Storage Area Network. The processor 702 may include specialized processing units such as integrated system (bus) controllers, memory management control units, floating point units, graphics processing units, digital signal processing units, etc. In one embodiment, the processor 702 may include a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), or both. The processor 702 may be one or more general processors, Digital Signal Processors (DSPs), application-specific integrated circuits, Field-Programmable Gate Arrays (FPGAs), servers, networks, digital circuits, analog circuits, combinations thereof, or other now known or later developed devices for analyzing and processing data. The processor 702 may execute a software program, such as code generated manually (i.e., programmed) to perform the desired operation. The processor 702 may implement various techniques such as, but not limited to, image processing, data extraction, Artificial Intelligence (AI), Machine Learning (ML), Deep Learning (DL), and so forth to achieve the desired objective.

[0072] In one embodiment, the processor 702 may be configured to perform the functions of the system 710 and / or the transmitter 602.

[0073] The processor 702 may be disposed in communication with one or more Input / Output (I / O) devices, such as the system 728, through the interface 708. The interface 708 may employ communication Code-Division Multiple Access (CDMA), High-Speed Packet Access (HSPA+), Global System For Mobile Communications (GSM), Long-Term Evolution (LTE), WiMax, or the like, etc. The interface 708 may include a transmitter, a receiver, or a transceiver. The transceiver may be configured to transmit and receive signals. The processor 702 may be coupled to the transceiver and may be configured (e.g., to control the transceiver) to perform methods in the wireless communication system according to embodiments of the present disclosure.

[0074] In an embodiment, the processor 702 may be disposed in communication with a communication network througha network interface. In an embodiment, the network interface may be the interface 708. The network interface may connect to the communication network to enable connection of the system 710 with the outside environment and / or device / system. The network interface may employ connection protocols including, without limitation, direct connect, Ethernet (e.g., twisted pair 10 / 100 / 1000 Base T), Transmission Control Protocol / Internet Protocol (TCP / IP), token ring, IEEE 802.11 / b / g / n / x, etc. The communication network may include, without limitation, a direct interconnection, Local Area Network (LAN), Wide Area Network (WAN), wireless network (e.g., using Wireless Application Protocol (WAP)), the Internet, etc. Using the network interface and the communication network, the system 710 may communicate with other devices. The network interface may employ connection protocols including, but not limited to, direct connect, Ethernet (e.g., twisted pair 10 / 100 / 1000 Base T), TCP / IP, token ring, IEEE 802.11 / b / g / n / x, etc.

[0075] The memory 704 may be communicatively coupled to the processor 702. The memory 704 may be configured to store data and instructions executable by the processor 702. In one embodiment, the memory 704 may communicate through a bus within the system 710. The memory 704 may include, but is not limited to, a non-transitory computer-readable storage media, such as various types of volatile and non-volatile storage media including, but not limited to, random access memory, read-only memory, programmable read-only memory, electrically programmable read-only memory, electrically erasable read-only memory, flash memory, magnetic tape or disk, optical media and the like. In one example, the memory 704 may include a cache or random-access memory for the processor 702. In alternative examples, the memory 704 is separate from the processor 702, such as a cache memory of a processor, the system memory, or other memory. The memory 704 may be an external storage device or database for storing data. The memory 704 may be operable to store instructions executable by the processor 702. The functions, acts, or tasks illustrated in the figures or described may be performed by the programmed processor 702 for executing the instructions stored in the memory 704. The functions, acts, or tasks are independent of the particular type of instruction set, storage media, processor, or processing strategy and may be performed by software, hardware, integrated circuits, firmware, micro-code, and the like, operating alone or in combination. Likewise, processing strategies may include multiprocessing, multitasking, parallel processing, and the like. The memory 704 may further include a database to store the data. Further, the memory 704 may include an operating system for performing one or more tasks of the system 710, as performed by a generic operating system in the communications domain.

[0076] For the sake of brevity, the architecture, and standard operations of the processor 702 and the memory 704 are not discussed in detail. In one embodiment, the memory 704 may be configured to store the information as required by the processor 702 to perform the methods described herein.

[0077] The modules 706 include, amongst other things, routines, programs, objects, components, data structures, etc., which perform particular tasks or implement data types. The modules 706 may also be implemented as, signal processor(s), state machine(s), logic circuitries, and / or any other device or component that manipulates signals based on operational instructions. The modules 706 may be configured to one or more operations of the system 710 and / or the processor 702.

[0078] Further, the modules 706 may be implemented in hardware, instructions executed by a processing unit, or by a combination thereof. The processing unit may comprise a computer, the processor 702, a state machine, a logic array, or any other suitable devices capable of processing instructions. The processing unit may be a general-purpose processor which executes instructions to cause the general-purpose processor to perform the required tasks, or the processing unit may be dedicated to performing the required functions. In another embodiment of the present disclosure, the modules 706 may be machine-readable instructions (software) that, when executed by a processor / processing unit, perform any of the described functionalities. Furthermore, the database serves, amongst other things, as a repository for storing data processed, received, and generated by one or more of the modules. The modules 706 may include a receiving module 712, an establishing module 714, an identifying module 716, a waiting module 718, a verifying module 720, an implementing module 722, a protecting module 724, and a transmitting module 726.

[0079] Additionally, the system 728 may be implemented within the receiver 604. The system 728 may include a processor 730, a memory 732, one or more modules 734 (referred to herein as the modules), and an interface 744. The processor 730 may be in communication with the memory 732, modules 734, and the interface 744. The constructional and operational features of the processor 730, a memory 732, modules 734, and the interface 744 may be the same as the processor 702, a memory 704, modules 706, and the interface 708. Thus, the same has not been explained for the sake of brevity. Herein, the modules 734 may include a receiving module 736, a decrypting module 738, a generating module 740, and a transmitting module 742. The interface 708 may include a transmitter, a receiver, or a transceiver. The transceiver may be configured to transmit and receive signals. The processor 702 may be coupled to the transceiver and may be configured (e.g., to control the transceiver) to perform methods in the wireless communication system according to embodiments of the present disclosure.

[0080] Herein, each module may be in communication with one another. Each module may execute an operation, which may be explained with reference to Figures 8A to 9 in the subsequent paragraphs.

[0081] Figure 8A illustrates an operation performed by the system 710 to securely transmit the at least one MAC CE to the receiver 604, in accordance with an embodiment of the present disclosure.

[0082] In an embodiment, at block 802, the receiving module 712 may be configured to receive the configuration message from the RRC layer. The configuration message may include the list of MAC CEs to be protected. Additionally, the configuration message may include the list of critical or major lower layer control information to be protected. In an alternate embodiment, the configuration message may include a list of MAC subheaders, without departing from the scope of the present disclosure.

[0083] Herein, the message related to MAC-CellGroupConfig for various configurations, from the RRC layer may be as follows:

[0084] MAC-CellGroupConfig ::= SEQUENCE {drx-Config SetupRelease { DRX-Config }OPTIONAL, -- Need MschedulingRequestConfig SchedulingRequestConfig OPTIONAL, --Need Mbsr-Config BSR-ConfigOPTIONAL, -- Need Mtag-Config TAG-ConfigOPTIONAL, -- Need Mphr-Config SetupRelease { PHR-Config }OPTIONAL, -- Need MmacCE-SecurityConfig SecurityList [[ ]] OPTIONAL,skipUplinkTxDynamic BOOLEAN,...,[[csi-Mask-v1530 BOOLEANOPTIONAL, -- Need MdataInactivityTimer-v1530 SetupRelease { DataInactivityTimer } OPTIONAL --Cond MCG-Only]]}

[0085] Herein, the list of MAC CE elements may be added as an option for providing MAC CE security.

[0086] After receiving the configuration message, at block 804, the establishing module 714 may be configured to establish a setup of the RRC layer between the transmitter 602 and the receiver 604.

[0087] In an embodiment, at block 806, the identifying module 716 may be configured to identify the at least one MAC CE from the list of MAC CEs based on the at least one parameter associated with the at least one MAC CE. The identifying module 716 may be configured to identify the at least one MAC CE during the transmission of the configuration message to the receiver 604. The at least one parameter may include the threat level associated with the MAC CE. Herein, the threat level indicates that damage or disruption may occur if the MAC CE is tampered, forged, replayed, or dropped.

[0088] In such an embodiment, the identifying module 716 may be configured to identify the at least one MAC CE based on a type of the at least one MAC CE. Further, the identifying module 716 may be configured to identify a group of MAC CEs from the list of MAC CEs to be protected. Herein, the type of the at least one MAC CE, the group of the MAC CEs may be informed by the RRC layer. Further, the type, the group of the MAC CEs may be known to both the transmitter 602 and the receiver 604 during establishing the setup of the RRC layer between the transmitter 602 and the receiver 604. Thereafter, the identifying module 716 may be configured to identify the at least one MAC CE or the group of the MAC CEs.

[0089] In an embodiment, at block 808, the protecting module 724 may be configured to protect the identified at least one MAC CE to be transmitted to the receiver 604 based on one or more of the ciphering technique and the integrity protection technique.

[0090] Herein, initially, the protecting module 724 may be configured to inform the at least one MAC CE about the one or more of the ciphering technique and the integrity protection technique, and a plurality of inputs associated with the at least one MAC CE to be used for protecting the at least one MAC CE. The protecting module 724 may be configured to inform based on the RRC layer, upon establishing the setup of RRC layer and identifying the at least one MAC CE.

[0091] Further, the protecting module 724 may be configured to protect the identified at least one MAC CE based on one or more of the ciphering technique and the integrity protection technique using the plurality of inputs. Herein, the plurality of inputs may be, but is not limited to, ciphering or integrity key associated with the at least one MAC CE, a length of the message associated with the at least one MAC CE, and a transmission direction of the at least one MAC CE.

[0092] Additionally, the protecting module 724 may be configured to use a COUNT value associated with one of the data packets or signalling packets as an input to protect the identified at least one MAC CE based on one or more of the ciphering technique and the integrity protection technique. Herein, when applying security procedures to data or signaling packets at the PDCP layer, the PDCP Sequence Number (SN) may be used to determine the COUNT value of the data or signaling packets. This COUNT value is then further considered by the protecting module 724 to protect the identified at least one MAC CE based on one or more of the ciphering technique and the integrity protection technique. In a scenario, when the SN may not exist, and if the same technique, defined for the PDCP in the 3GPP specification, may be applied, in that case, the at least one MAC CE may be assigned a unique identifier to substitute the Count and another unique identifier to substitute a Bearer ID of the data or signaling packets.

[0093] Further, the protecting module 724 may be configured to protect the identified at least one MAC CE to be transmitted to the receiver 604 based on, specifically, the integrity protection technique. In such an embodiment, an additional Message Authentication Code for Integrity (MAC-I) may be included for the at least one MAC CE, which may be protected.

[0094] Further, a plurality of MAC CEs may be protected based on one or more of the ciphering technique and integrity-protection technique as a group. Furthermore, there may be a possibility that the 3GPP specification may fix the location where these protected MAC CEs may be located within a Packet Data Unit. Consequently, the length of the ciphered MAC CE may be defined and communicated to both the transmitter 602 and the receiver 604, respectively.

[0095] In an embodiment, at block 810, the transmitting module 726 may be configured to transmit the at least one protected MAC CE to the receiver 604.

[0096] After transmitting the at least one protected MAC CE, at block 812, the waiting module 718 may be configured to wait to receive an acknowledgement corresponding to an application of the at least one protected MAC CE in the receiver 604, within a predefined time period. The waiting module 718 may be configured to wait to receive the acknowledgement from the receiver 604.

[0097] In an embodiment, upon receiving the acknowledgement corresponding to the application within the predefined time period, at block 814, the verifying module 720 may be configured to verify a correct application of the at least one protected MAC CE.

[0098] In an embodiment, the acknowledgement corresponding to the application may not be received within the predefined time period, and in that case, at block 816, the implementing module 722 may be configured to implement a plurality of corrective measures, corresponding to at least one of an incorrect application of the at least one protected MAC CE, or lack of the generated acknowledgement of the at least one protected MAC CE. Herein, implementing the corrective measure may include one or more of releasing existing configurations, initiating a new connection between the transmitter 602 and the receiver 604. changing the security key associated with the MAC CE, or changing the MAC CE security selection. For example, the implementing module 722 may reset the existing MAC configuration between the transmitter 602 and the receiver 604. Further, the implementing module 722 may provide the new encryption / security key associated with the MAC CE. Furthermore, the implementing module 722 may switch the security mode used for protecting the MAC CEs.

[0099] The operation performed by the implementing module 722 may be explained in detail with reference to Figure 8B.

[0100] Figure 8B illustrates a plurality of corrective measures to be implemented by the system 710, in accordance with an embodiment of the present disclosure.

[0101] In an embodiment, an RRC transmitter component 602a of the transmitter 602 transmits a configuration to an RRC receiver component 604a of the receiver 604. Similarly, an update component 602b of the transmitter 602 transmits a MAC CE update to a MAC receiver 604b of the receiver 604.

[0102] Now, a fake base station 818 injects a faulty message to downgrade the performance during the communication between the transmitter 602 and the receiver 604. The fake base station 818 may correspond to the fake base station 402 as disclosed with reference to Figure 4. The fake base station 818 intercepts communication between the transmitter 602 and the receiver 604. For example, a faulty MAC CE update message is injected by the fake base station 818 to a MAC receiver 604b of the receiver 604 through the faulty MAC CE update message to deactivate the secondary cell (sCell). Further, the receiver 604 may generate the acknowledgement indicating the application of the at least one protected MAC CE. Herein, the at least one protected MAC CE may be the faulty MAC CE update message. Thereafter, the receiver 604 may transmit the generated acknowledgement to enable the verification of the correct application of the at least one protected MAC CE and to implement the plurality of corrective measures corresponding to at least one of the incorrect application of the at least one protected MAC CE, or lack of the generated acknowledgment of the at least one protected MAC CE.

[0103] The implementing module 722 may be configured to implement the plurality of corrective measures, when the acknowledgement corresponding to the application is not received within the predefined time period. Herein, the implementing module 722 may be configured to implement the plurality of corrective measures corresponding to the at least one of the incorrect application of the at least one protected MAC CE, or the lack of the generated acknowledgment of the at least one protected MAC CE. The implementing module 722 may be configured to implement the plurality of corrective measures corresponding to the at least one of the incorrect application of the at least one protected MAC CE, based on the acknowledgement, or the lack of the generated acknowledgment of the at least one protected MAC CE

[0104] Figure 9 illustrates an operation performed by the system 728 to securely acknowledge the at least one MAC CE, in accordance with an embodiment of the present disclosure.

[0105] In an embodiment, at block 902, the receiving module 736 may be configured to receive the at least one protected MAC CE from the transmitter 602.

[0106] In an embodiment, at block 904, the decrypting module 738 may be configured to decrypt the at least one protected MAC CE. The decrypting module 738 may be configured to decrypt the at least one protected MAC CE, upon receiving the at least one protected MAC CE. Herein, the decrypting module 738 may be configured to decrypt the at least one MAC CE based on the plurality of inputs.

[0107] In an embodiment, at block 906, the generating module 740 may be configured to generate an acknowledgement indicating application of the at least protected MAC CE. The generating module 740 may be configured to generate the acknowledgement upon decrypting the at least one protected MAC CE.

[0108] In an embodiment, at block 908, the transmitting module 742 may be configured to transmit the generated acknowledgement to the transmitter 604 to enable verification of the correct application of the at least one protected MAC CE. Herein, the transmitting module 742 may be configured to transmit the generated acknowledgment within the predefined time period. The generated acknowledgement may indicate a configuration of security lists applied by the receiver 604.

[0109] Herein, the generated acknowledgement may be transmitted to the transmitter 602 through the at least one protected MAC CE. Further, the list of MAC CE elements may be added in an uplink for generating and transmitting the acknowledgement which may be provided as below:

[0110] MAC-CellGroupConfig ::= SEQUENCE {drx-Config SetupRelease { DRX-Config }OPTIONAL, -- Need MschedulingRequestConfig SchedulingRequestConfigOPTIONAL, -- Need Mbsr-Config BSR-ConfigOPTIONAL, -- Need Mtag-Config TAG-ConfigOPTIONAL, -- Need Mphr-Config SetupRelease { PHR-Config }OPTIONAL, -- Need MmacCE-SecurityConfig Encrypted_SecurityList [[ ]] OPTIONAL,skipUplinkTxDynamic BOOLEAN,...,[[csi-Mask-v1530 BOOLEANOPTIONAL, -- Need MdataInactivityTimer-v1530 SetupRelease { DataInactivityTimer }OPTIONAL -- Cond MCG-Only]]}

[0111] Additionally, the generated acknowledgement may be transmitted to the transmitter through the RRC message. Thus, the transmission of the acknowledgement by the RRC message ensures that the transmitter 602 may verify the correct configuration and also, in case of any wrong update, the transmitter 602 may implement the corrective measures.

[0112] Further, the transmitting module 742 may be configured to transmit, to the transmitter 602, the generated acknowledgement to implement the plurality of corrective measures (as explained in the earlier paragraphs with reference to Figure 8B) corresponding to at least one of the incorrect application of the at least one protected MAC CE, or lack of the generated acknowledgement of the at least one protected MAC CE. Herein, when the transmitting module 742 transmits the generated acknowledgement such that the generated acknowledgement is received by the transmitter 602 after the predefined time period, then in that case, the transmitter 602 may be configured to implement the plurality of corrective measures. Further, the new messages and information element may be provided as below:

[0113] MAC to RRC:MAC CE Security update information ::= SEQUENCE {macCE-SecurityConfigACK SecurityList_ACK [[ ]] M (Mandatory),}RRC to RRC:MAC CE Security ACK update ::= SEQUENCE {macCE-SecurityConfigACK SecurityList_ACK [[ ]] M (Mandatory),}RRC to MAC:MAC CE Security Ack Update::= SEQUENCE {macCE-SecurityConfigACK SecurityList_ACK [[ ]] M (Mandatory),}

[0114] The operation as performed by the transmitter 602 and the receiver 604 ensures the secure transmission of the at least one MAC CE, the correct application of the at least one MAC CE, and also informs the configuration selected as part of the acknowledgment.

[0115] Figure 10 illustrates a call flow diagram for transmitting the generated acknowledgement to the transmitter 602, in accordance with an embodiment of the present disclosure.

[0116] In an embodiment, at operation 1010, a gNB RRC 1002 may be configured to transmit a RRC connection request message to the UE RRC 1008. Herein, the RRC connection request may include the list of MAC CEs.

[0117] Further, at operation 1012, the UE RRC 1008 may be configured to transmit a RRC setup complete message to the gNB RRC 1002, thereby establishing the setup of the RRC layer.

[0118] At operation 1014, the gNB MAC 1004 may be configured to transmit the MAC CE update message to a UE MAC 1006.

[0119] At operation 1016, the gNB MAC 1004 may be configured to add MAC CE with security.

[0120] At operation 1018, the UE MAC 1006 may be configured to check MAC CE security.

[0121] At operation 1020, the UE MAC 1006 may be configured to transmit a MAC security update information to the UE RRC 1008.

[0122] At operation 1022, the UE RRC 1008 may be configured to transmit a MAC CE security acknowledgement update (New RRC message) to the gNB RRC 1002.

[0123] At operation 1024, the gNB RRC 1002 may be configured to transmit the MAC CE security acknowledgment update to the gNB MAC 1004.

[0124] Figure 11 illustrates a call flow diagram for transmitting the generated acknowledgement to the transmitter 602 and detecting tampering, in accordance with an embodiment of the present disclosure.

[0125] In an embodiment, at operation 1110, the gNB RRC 1002 may be configured to transmit the RRC connection request message to the UE RRC 1008. Herein, the RRC connection request may include the list of MAC CEs.

[0126] Further, at operation 1112, the UE RRC 1008 may be configured to transmit the RRC setup complete message to the gNB RRC 1002.

[0127] At operation 1114, the gNB MAC 1004 may be configured to transmit the MAC CE update message to the UE MAC 1006. Herein, the MAC CE update message may indicate a tampered MAC CE.

[0128] At operation 1116, the UE MAC 1006 may be configured to check MAC CE security.

[0129] At operation 1118, the UE MAC 1006 may be configured to transmit the MAC security update information to the UE RRC 1008.

[0130] At operation 1120, the UE RRC 1008 may be configured to transmit the MAC CE security acknowledgement update (New RRC message) to the gNB RRC 1002.

[0131] At operation 1122, the gNB RRC 1002 may be configured to transmit the MAC CE security acknowledgment update to the gNB MAC 1004.

[0132] The method 1200 includes a series of operations shown at step 1202 through step 1208 ofFigure 12. The method 1200 may be performed by the system 710 in conjunction with modules 706, the details of which are explained with rerference to Figures 7 to 8B, and the same are not repeated here for the sake of brevity of the present disclosure. The method 1200 begins at step 1202.

[0133] At step 1202, the method 1200 includes receiving the configuration message from the radio resource control (RRC) layer. The configuration message may include the list of MAC CEs to be protected.

[0134] The method 1200 includes establishing the setup of the RRC layer between the transmitter and the receiver.

[0135] At step 1204, the method 1200 includes identifying the at least one MAC CE from the list of MAC CEs based on the at least one parameter associated with the at least one MAC CE, during the transmission of the configuration message to the receiver 604. The at least one parameter may include the threat level associated with the MAC CE.

[0136] The method 1200 includes identifying the at least one MAC CE based on the type of the at least one MAC CE, and identifying the group of MAC CEs from the list of MAC CEs to be protected.

[0137] At step 1206, the method 1200 includes, protecting the identified at least one MAC CE to be transmitted to the receiver 604 based on the one or more of ciphering technique and the integrity protection technique.

[0138] At step 1208, the method 1200 includes transmitting, to the receiver, the at least one protected MAC CE.

[0139] The method 1200 includes waiting to receive the acknowledgement corresponding to the application of the at least one protected MAC CE in the receiver 604, within the predefined time period, from the receiver 604.

[0140] Upon receiving the acknowledgement corresponding to the application within the predefined time period, the method 1200 includes verifying the correct application of the at least one protected MAC CE.

[0141] When the acknowledgement corresponding to the application is not received within the predefined time period, the method 1200 includes implementing the plurality of corrective measures, corresponding to at least one of the incorrect application of the at least one protected MAC CE or the lack of the generated acknowledgment of the at least one protected MAC CE.

[0142] Further, implementing the plurality of corrective measures may include one or more of releasing existing configurations, initiating the new connection between the transmitter 602 and the receiver 604, changing the security key associated with the MAC CE, and changing the MAC CE security selection.

[0143] The method 1300 includes a series of operations shown at step 1302 through step 1308 of Figure 13. The method 1300 may be performed by the system 728 through modules 734, the details of which are explained with reference to Figures 7 and 9, and the same are not repeated here for the sake of brevity of the present disclosure. The method 1300 begins at step 1302.

[0144] At step 1302, the method 1300 includes receiving the at least one protected MAC CE from the transmitter 602.

[0145] Upon receiving the at least one protected MAC CE, at step 1304, the method 1300 includes decrypting the at least one protected MAC CE.

[0146] At step 1306, the method 1300 includes generating the acknowledgement indicating application of the at least one protected MAC CE, upon decrypting the at least one protected MAC CE.

[0147] At step 1308, the method 1300 includes transmitting, to the transmitter 602, the generated acknowledgement to enable verification of the correct application of the at least one protected MAC CE, and implementing the plurality of corrective measures corresponding to at least one of the incorrect application of the at least one protected MAC CE or lack of the generated acknowledgment of the at least one protected MAC CE. The method 1200 includes transmitting, to the transmitter 602, the generated acknowledgement within the predefined time period.

[0148] Herein, the generated acknowledgment may be transmitted to the transmitter 602 through the at least one protected MAC CE. Alternatively, the generated acknowledgement may be transmitted to the transmitter 602 through the RRC message.

[0149] As would be gathered, the operation as performed by the transmitter 602 and the receiver 604 ensures enhanced efficiency and robustness of the MAC layer control operations. By prioritizing the at least one MAC CE and selectively applying security to the at least one MAC CE, the transmitter 602 and the receiver 604 optimize resource utilization. Introducing a dedicated signaling mechanism for MAC CE security in 5G and 6G networks, along with a defined feedback process through MAC or RRC, ensures better reliability and traceability of control messages. Additionally, implementing selective security measures and tampering detection through RRC provides a balanced approach, that is, offering both performance optimization and improved resilience against malicious interference.

[0150] While specific language has been used to describe the present subject matter, any limitations arising on account thereto, are not intended. As would be apparent to a person in the art, various working modifications may be made to the method in order to implement the inventive concept as taught herein. The drawings and the foregoing description give examples of embodiments. Those skilled in the art will appreciate that one or more of the described elements may well be combined into a single functional element. Alternatively, certain elements may be split into multiple functional elements. Elements from one embodiment may be added to another embodiment.

Claims

1.A method for secure transmission of critical or major lower layer control information or medium access control (MAC) control elements (CEs) in a wireless communication, the method comprising:receiving, from a radio resource control (RRC) layer, a configuration message, wherein the configuration message includes a list of critical or major lower layer control information or MAC CEs to be protected;identifying at least one MAC CE from the list of MAC CEs based on at least one parameter associated with the at least one MAC CE, during a transmission of the configuration message to a receiver, wherein the at least one parameter includes a threat level associated with the MAC CE;protecting the identified at least one MAC CE to be transmitted to the receiver based on one or more of a ciphering technique and an integrity protection technique; andtransmitting, to the receiver, the at least one protected MAC CE.2.The method of claim 1, wherein after receiving the configuration message from the radio resource control (RRC) layer, the method comprises:establishing a setup of the RRC layer between the transmitter and the receiver.3.The method of claim 1, wherein identifying the at least one MAC CE comprises:identifying the at least one MAC CE based on a type of the at least one MAC CE, andidentifying a group of MAC CEs from the list of MAC CEs to be protected.4.The method of claim 1, wherein after transmitting the at least one protected MAC CE to the receiver, the method comprises:waiting to receive, from the receiver, an acknowledgement corresponding to an application of the at least one protected MAC CE in the receiver, within a predefined time period.5.The method of claim 4, further comprising:verifying a correct application of the at least one protected MAC CE.6.The method of claim 4, further comprising:implementing a plurality of corrective measures, corresponding to at least one of:an incorrect application of the at least one protected MAC CE, orlack of the generated acknowledgment of the at least one protected MAC CE.7.The method of claim 6, wherein implementing the plurality of corrective measures includes:one or more of releasing existing configurations, initiating a new connection between the transmitter and the receiver, changing a security key associated with the MAC CE, or changing a MAC CE security selection.8.The method of claim 1, wherein the transmitter corresponds to one of a base station and a user equipment.9.The method of claim 1, wherein the receiver corresponds to one of a user equipment and a base station.10.A method for secure acknowledgment of medium access control (MAC) control elements (CEs) in a wireless communication, comprising:receiving, from a transmitter, at least one protected MAC CE;upon receiving the at least one protected MAC CE, decrypting the at least one protected MAC CE;generating an acknowledgement indicating application of the at least one protected MAC CE, upon decrypting the at least one protected MAC CE; andtransmitting, to the transmitter, the generated acknowledgement to enable verification of a correct application of the at least one protected MAC CE, and to implement a plurality of corrective measures corresponding to at least one of an incorrect application of the at least one protected MAC CE, or lack of the generated acknowledgment of the at least one protected MAC CE.11.The method of claim 10, wherein the generated acknowledgment is transmitted to the transmitter through the at least one protected MAC CE.12.The method of claim 10, wherein the generated acknowledgement is transmitted to the transmitter through a RRC message.13.The method of claim 10, wherein transmitting, to the transmitter, the generated acknowledgement, comprises:transmitting, to the transmitter, the generated acknowledgement within a predefined time period.14.A transmitter for secure transmission of critical or major lower layer control information or medium access control (MAC) control elements (CEs) in a wireless communication, the system comprising:memory;at least one processor in communication with the memory, the at least one processor configured to:receive, from a radio resource control (RRC) layer, a configuration message, wherein the configuration message includes a list of critical or major lower layer control information or MAC CEs to be protected;identify at least one MAC CE from the list of MAC CEs based on at least one parameter associated with the at least one MAC CE, during a transmission of the configuration message to a receiver, wherein the at least one parameter includes a threat level associated with the MAC CE;protect the identified at least one MAC CE to be transmitted to the receiver based on one or more of a ciphering technique and an integrity protection technique; andtransmit, to the receiver, the at least one protected MAC CE.15.A receiver for secure acknowledgment of medium access control (MAC) control elements (CEs) in a wireless communication, comprising:memory;at least one processor in communication with the memory, wherein the at least one processor configured to:receive, from a transmitter, at least one protected MAC CE;upon receiving the at least one protected MAC CE, decrypt the at least one protected MAC CE;generate an acknowledgement indicating application of the at least one protected MAC CE, upon decrypting the at least one protected MAC CE; andtransmit, to the transmitter, the generated acknowledgement to enable verification of a correct application of the at least one protected MAC CE, and to implement a plurality of corrective measures corresponding to at least one of an incorrect application of the at least one protected MAC CE, or lack of the generated acknowledgment of the at least one protected MAC CE.