Abstract: Aspects relate to user equipment (UE) to user equipment (UE-to-UE) relaying in a communication system. At least two remote UEs and a UE-to-UE relay receive provisioned security information from the wireless communication network, where the security information includes discovery parameters and relay security information. The security information provisioned by the wireless communication network is used to establish a connection between the two UEs and the UE-to-UE relay device including discovery of the UE-to-UE relay by the remote UEs. Furthermore, the provisioned security information is used to establish a secure connection between the two remote UEs via the UE-to-UE relay device.

Abstract: A method of wireless communication performed by a user equipment comprises receiving, from a location management function (LMF), a user plane connection establishment command message comprising an identifier for associating the UE with a location services (LCS) secured user plane connection, establishing the LCS secured user plane connection between the UE and the LMF in response to the user plane connection establishment command message, transmitting, to the LMF via the LCS secured user plane connection, an LCS user plane connection binding request message comprising the identifier for associating the UE with the LCS secured user plane connection, transmitting, to the LMF, a user plane connection establishment complete message after successful LCS user plane connection binding procedure, and communicating uplink user plane transport-layer data, downlink user plane transport-layer data, or both, to or from the LMF via the LCS secured user plane connection.

Abstract: Disclosed are wireless communications systems and techniques. For example, a wireless communication device (e.g., a user equipment (UE)) compares a first key identifier (generated from a key stored in a first storage unit, such as a universal subscriber identity module) to a second key identifier (stored in a second storage unit, such as non-volatile memory) to identify a mismatch between the key identifiers. Based on the mismatch, the device replaces, in the second storage unit, the second key identifier. In some examples, the device verifies integrity of a message using the key, replaces the second key identifier with the first key identifier, and updates a counter based on the message. In a second illustrative example, the device replaces the key with a replacement key, replaces the second key identifier with the third key identifier based on the replacement key, and resets a counter.

Abstract: The present disclosure provides techniques that may be applied, for example, for providing network policy information in a secure manner. In some cases, a UE may receive a first message for establishing a secure connection with a network, wherein the first message comprises network policy information, generate a first key based in part on the network policy information, and use the first key to verify the network policy information.

Abstract: Methods, systems, and devices are provided for supporting user plane integrity protection (UP IP) for communications with a radio access network (RAN). Various embodiments may include indicating whether or not a wireless device supports UP IP over Evolved Universal Mobile Telecommunications System (UMTS) Terrestrial Radio Access (eUTRA) by including UP IP support indications in user equipment (UE) security capability information elements (IEs).

Abstract: Techniques and apparatus for protecting sequence numbers used in authentication procedures are described. One technique includes receiving, from a network, an authentication request comprising at least a random challenge. After receipt of the authentication request, a synchronization parameter is generated based at least in part on a key shared by the network and the UE, the random challenge, and a first message authentication code (MAC). The synchronization parameter and the first MAC are transmitted to the network in response to the authentication request.

Abstract: Methods, systems, and devices are provided for supporting user plane integrity protection (UP IP) for communications with a radio access network (RAN). Various embodiments may include indicating whether or not a wireless device supports UP IP over Evolved Universal Mobile Telecommunications System (UMTS) Terrestrial Radio Access (eUTRA) by including UP IP support indications in user equipment (UE) security capability information elements (IEs).

Abstract: Aspects directed towards steering of roaming (SoR) are disclosed. In one example, a communication from a public land mobile network (PLMN) is received by a user equipment (UE) in which the communication indicates an acceptance of a UE registration with the PLMN. This example further includes performing a determination of whether an SoR indicator associated with a home PLMN (HPLMN) is embedded within the communication. The UE then manages PLMN selection according to the determination. In another example, a UE is configured to operate according to an SoR configuration in which the UE is configured to ascertain whether an SoR indicator is embedded within a communication from a PLMN. An SoR indicator associated with an HPLMN is then generated and subsequently transmitted from the HPLMN to the UE via the PLMN.

Abstract: Techniques and apparatus for protecting sequence numbers used in authentication procedures are described. One technique includes receiving, from a network, an authentication request comprising at least a random challenge. After receipt of the authentication request, a synchronization parameter is generated based at least in part on a key shared by the network and the UE, the random challenge, and a first message authentication code (MAC). The synchronization parameter and the first MAC are transmitted to the network in response to the authentication request.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may transmit, to a relay UE, a first message comprising a first freshness parameter, an identity of the UE, and authentication information, where the authentication information is used by a network node to authenticate the UE with security context information of the UE. The UE may derive a relay key for security establishment between the UE and the relay UE based on the first freshness parameter, a set of key generation parameters, and a shared key with the network node. The UE may derive a relay session key for security establishment between the UE and the relay UE based on the relay key, a first nonce of the UE, and a second nonce of the relay UE. Numerous other aspects are described.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a relay user equipment may establish a sidelink unicast link with a remote UE via a sidelink signaling interface; receive, from a network entity, configuration information comprising at least one of: remote UE link identifier information associated with the sidelink unicast link for a relay service, an RLC channel mapping between the one or more RLC channels of the sidelink unicast link and the link with the network entity, or data routing information associated with the relay service; configure the one or more RLC channels for the sidelink unicast link and the link with the network entity based at least in part on the configuration information; and relay communications between the remote UE and the network entity based at least in part on the configuration information. Numerous other aspects are provided.

Abstract: In an aspect, the present disclosure includes a method, apparatus, and computer readable medium for wireless communications for configuring of a NAS COUNT value of a mapped EPS security context associated with an intersystem change of a UE from a 5G system to an EPS. The aspect includes generating, by a UE, a mapped EPS security context associated with an intersystem change of the UE from a 5G system to an EPS, wherein the mapped EPS security context comprises security parameters created based a 5G security context used for the 5G system, the security parameters enabling security-related communications between the UE and a network entity; determining an UL NAS COUNT value and the DL NAS COUNT value for the mapped EPS security context; and transmitting, by the UE, a NAS message to the network entity, the NAS message including the UL NAS COUNT value of the mapped EPS security context.

Abstract: A user device having a security context with a first network based on a first key may establish a security context with a second network. In a method, the user device may generate a key identifier based on the first key and a network identifier of the second network. The user device may forward the key identifier to the second network for forwarding to the first network by the second network to enable the first network to identify the first key at the first network. The user device may receive a key count from the second network. The key count may be associated with a second key forwarded to the second network from the first network. The user device may generate the second key based on the first key and the received key count thereby establishing a security context between the second network and the user device.

Abstract: The present disclosure provides techniques that may be applied, for example, in a multi-slice network for maintaining privacy when attempting to access the network. An exemplary method generally includes transmitting a registration request message to a serving network to register with the serving network; receiving a first confirmation message indicating a secure connection with the serving network has been established; transmitting, after receiving the first confirmation message, a secure message to the serving network comprising an indication of at least one configured network slice that the UE wants to communicate over, wherein the at least one configured network slice is associated with a privacy flag that is set; and receiving a second confirmation message from the serving network indicating that the UE is permitted to communicate over the at least one configured network slice.

Abstract: Techniques are described for wireless communication. A method for wireless communication at a user equipment (UE) includes performing an extensible authentication protocol (EAP) procedure with an authentication server via an authenticator. The EAP procedure is based at least in part on a set of authentication credentials exchanged between the UE and the authentication server. The method also includes deriving, as part of performing the EAP procedure, a master session key (MSK) and an extended master session key (EMSK) that are based at least in part on the authentication credentials and a first set of parameters; determining a network type associated with the authenticator; and performing, based at least in part on the determined network type, at least one authentication procedure with the authenticator. The at least one authentication procedure is based on an association of the MSK or the EMSK with the determined network type.

Abstract: Various aspects pertain to ways to securing a peer-to-peer communication link that serves to relay transmissions to/from a managed mobile network node. A first user equipment may identify a second user equipment that can communicate via a peer-to-peer wireless interface and serve as a relay between the first user equipment and a managed mobile network node. A relay session key material may be obtained from the managed mobile network node. A peer-to-peer communication link between the first user equipment and the second user equipment may be established or modified by, for example, securing the peer-to-peer communication link based on the relay session key material. A protocol data unit session may be established, over the peer-to-peer communication link, between the first user equipment and the managed mobile network node for secured transmissions there between.

Abstract: Disclosed are systems and techniques for wireless communications. For example, a network entity (e.g., a Unified Data Management (UDM) network entity) can generate a user equipment (UE) parameters update (UPU) container. The UPU container includes a UE parameters update header information element (IE) and a UE parameters update list IE. The UE parameters update header IE includes UE parameters update header information. The UE parameters update list IE includes the UE parameters update header information of the UE parameters update header IE. The network entity can transmit the UPU container to a network device (e.g., a UE). The network device can generate, based on the UE parameters update list IE, a UPU message authentication code (MAC) for verifying integrity of the UPU container.

Abstract: Disclosed are systems and techniques for wireless communications. For instance, a process may include generating an anchor key based on an authentication server function key; associating a count value with the anchor key; generating a temporary device identifier based on the authentication server function key; generating an enhanced key identifier based on the count value, wherein the enhanced key identifier includes a portion of the temporary device identifier, wherein the portion of the temporary device identifier is less in size than an entire temporary device identifier; and transmitting the enhanced key identifier to a remote application.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may perform a registration procedure with a mobility function of a 5G core network. Accordingly, the UE may derive a main key, associated with a trusted network gateway function, based on the registration procedure. The UE may further determine a root key based on the main key. The UE may derive a first pairwise master key (PMK), associated with a trusted network, from the root key. The UE may communicate with a first access point (AP) for the trusted network. The UE may further derive a second PMK, associated with the second AP, from the first PMK. Numerous other aspects are described.

Abstract: Disclosed are systems and techniques for wireless communications. For instance, a process may include transmitting a first radio resource control (RRC) message, the first RRC message including a first establishment cause value indicating that an apparatus does not have priority access. The process may also include determining that priority access may be used by the apparatus, transmitting a second RRC message, the second RRC message including a second establishment cause value indicating that the apparatus has priority access, and accessing a wireless network using the priority access.