Abstract: Certain aspects of the present disclosure relate to methods and apparatus for updating a routing ID associated with a user equipment in a wireless network. An exemplary method generally includes receiving a downlink control plane message including updated configuration information for a Unified Data Management (UDM) entity in the network; determining whether a universal subscriber identification module (USIM) of the UE supports one or more parameters stored in the USIM to be updated; based on the determination, storing the received configuration information in at least one of: the USIM if the USIM supports the one or more parameters to be updated; or memory of the UE if the USIM does not support the one or more parameters to be updated; generating an identifier for the UE based on the stored updated configuration information; and transmitting at least one message using the generated identifier.

Abstract: Methods, devices, non-transitory processor-readable media of various embodiments provide for routing Misbehavior Detection Reports from vehicle-to-everything (V2X) onboard equipment to an associated entity.

Abstract: Methods, systems, and devices for wireless communications are described. In some systems, devices may use information protection to detect fake base stations. A base station verified by a network may transmit first information to a user equipment (UE) in an unprotected message. If a fake base station intercepts and modifies the message before relaying the message to the UE, the UE may receive different information than the transmitted first information. The UE may then transmit an indication of the received information to the verified base station in a protected message. In some cases, based on the indication, the verified base station may re-transmit the first information to the UE in a message protected against modification by the fake base station. If the UE determines that the initially received information is different from the information received in the protected retransmission, the UE identifies message modification by the fake base station.

Abstract: Methods, systems, and devices for wireless communication are described that support security key derivation for handover. A network entity (e.g., an access and mobility function (AMF)) may establish an access stratum (AS) key to ensure secure communications between a user equipment (UE) and a base station. If the UE relocates to a new network entity (e.g., target network entity), the initial network entity (e.g., source network entity) may perform a handover procedure to the target network entity. In some aspects, the network entities may derive a unified AS key for the handover procedure. Additionally, the network entities may utilize one or more intermediate keys (e.g., refreshed intermediate keys) derived from, in part, respective freshness parameters for the handover procedure. The target network entity may then utilize the derived intermediate keys to derive the AS key for the handover procedure and establish communications with the UE.

Abstract: Some aspects described herein relate to provisioning aerial vehicles with identifiers, certificates, or other credentials for communicating based on a mobile network. The UAV can transmit a request to register with the mobile network, where the request includes at least a hardware identifier of the UAV. The UAV may receive, from a component of the mobile network, a response to the request, where the response includes a unique UAV identifier, a UAV certificate, and a network certificate generated by at least one of the component of the mobile network or a unmanned aircraft system service supplier (USS).

Abstract: Aspects of the present disclosure describe authentication of a user equipment (UE) in a network. It can be determined, by the UE, to access a discovered network for wireless communications, and based on a service provider associated with the discovered network, to use a modified universal subscriber identity module (USIM) subscription stored in the UE for authentication with the discovered network. The UE can obtain a subscriber identifier for authenticating on the discovered network via the authentication, where the subscriber identifier is generated based at least in part on a service provider identifier associated with the service provider and a modified mobile subscriber identity associated with the service provider. The UE can send the subscriber identifier to a node of the discovered network for the authentication.

Abstract: Methods, systems, and devices for wireless communications are described. A first parent node of a wireless backhaul network may receive, from a donor node of the wireless backhaul network, a token for a child node of the wireless backhaul network, the token being unique to a first wireless link between the first parent node and the child node. The first parent node may determine that a triggering event has occurred for a second wireless link between the first parent node and a second parent node. The first parent node may transmit, in response to determining that the triggering event has occurred, the token to the child node over the first wireless link to indicate for the child node to select a third parent node of the wireless backhaul network.

Abstract: Aspects relate to security mechanisms for protecting transmissions in wireless communication systems. Various examples provide and enable techniques for protecting transmissions of user equipment (UE) radio capability information. A UE may transmit a hash of its UE radio capability information to a network. The network can then utilize the hash to verify the integrity of the UE's radio capability information upon acquiring the full UE radio capability information during a UE Capability Enquiry procedure. Other aspects, embodiments, and features are also claimed and described.

Abstract: Wireless communications systems and methods related to globally unique temporary identity (GUTI) reallocation for cellular-Internet of thing (CIoT) are provided. A user equipment (UE) receives, from a network, a paging associated with a mobile-terminated early data transmission (MT-EDT). The UE transmits, by the UE to the network, a data request in response to the paging. The UE receives, from the network in response to the data request, a message including a global unique temporary identifier (GUTI) and at least one of data associated with the paging or a connection release indication.

Abstract: Methods, systems, and devices are provided for supporting user plane integrity protection (UP IP) for communications with a radio access network (RAN). Various embodiments may include indicating whether or not a wireless device supports UP IP over Evolved Universal Mobile Telecommunications System (UMTS) Terrestrial Radio Access (eUTRA) by including UP IP support indications in user equipment (UE) security capability information elements (IEs).

Abstract: Certain aspects provide a method for wireless communication. The method generally includes deriving a network specific identifier (NSI) in a network access identifier (NAI) format, the NSI including a network identifier (NID) stored at the UE, generating a subscription concealed identifier (SUCI) based on the NSI for authentication of the UE with a non-public network (NPN), and sending the SUCI to a network entity for the authentication of the UE with the NPN.

Abstract: One feature pertains to a method that includes establishing a radio communication connection with a first radio access node (RAN) that uses control plane signaling connections to carry user plane data. The method also includes determining that the wireless communication device is experiencing radio link failure (RLF) with the first RAN and that the radio communication connection should be reestablished with a second RAN. A reestablishment request message is transmitted to the second RAN that includes parameters that enable a core network node communicatively coupled to the second RAN to authenticate the wireless communication device and allow or reject reestablishment of the radio communication connection. The parameters include at least a message authentication code (MAC) based in part on one or more bits of a non-access stratum (NAS) COUNT value maintained at the wireless communication device.

Abstract: Embodiments include devices and methods for providing secure communications between a first computing device and a second computing device are disclosed. A processor of the first computing device may determine in a first application software first security key establishment information. The processor may provide the first security key establishment information to a communication layer of the first computing device for transmission to the second computing device. The processor may receive, in the first application software from the communication layer of the first computing device, second security key establishment information received from the second computing device. The processor may determine a first security key by the first application software based at least in part on the second security key establishment information. The processor may provide the first security key to the communication layer for protecting messages from the first application software to the second computing device.

Abstract: One feature pertains to a method that includes establishing a radio communication connection with a first radio access node (RAN) that uses control plane signaling connections to carry user plane data. The method also includes determining that the wireless communication device is experiencing radio link failure (RLF) with the first RAN and that the radio communication connection should be reestablished with a second RAN. A reestablishment request message is transmitted to the second RAN that includes parameters that enable a core network node communicatively coupled to the second RAN to authenticate the wireless communication device and allow or reject reestablishment of the radio communication connection. The parameters include at least a message authentication code (MAC) based in part on one or more bits of a non-access stratum (NAS) COUNT value maintained at the wireless communication device.

Abstract: In an aspect, the present disclosure includes a method, apparatus, and computer readable medium for wireless communications for configuring of a NAS COUNT value of a mapped EPS security context associated with an intersystem change of a UE from a 5G system to an EPS. The aspect may include generating, by a UE, a mapped EPS security context associated with an intersystem change of the UE from a 5G system to an EPS, wherein the mapped EPS security context comprises security parameters created based a 5G security context used for the 5G system, the security parameters enabling security-related communications between the UE and a network entity; determining an UL NAS COUNT value and the DL NAS COUNT value for the mapped EPS security context; and transmitting, by the UE, a NAS message to the network entity, the NAS message including the UL NAS COUNT value of the mapped EPS security context.

Abstract: Techniques are described that provide a session management authorization token by receiving a session request message to establish a protocol data unit (PDU) session for a logical data network associated with a user equipment (UE), the session request message may include one or more session parameters; verifying that the UE is authorized to establish the PDU session for the logical data network; receiving a key associated with the PDU session; generating an authorization token based on the received key and the session parameters; and transmitting a session response message including the generated authorization token to the UE.

Abstract: Certain aspects of the present disclosure provide techniques for managing security keys for enciphering and deciphering packets transmitted in a wireless communications system. According to certain aspects, a method of wireless communication by a user equipment (UE) is provided. The method generally includes obtaining an indication of a key area identifier (ID) of a first cell node, wherein the key area ID identifies a set of cell nodes that are associated with a network node that uses a first key for enciphering or deciphering messages and communicating a first set of messages with the first cell node using the first key for enciphering or deciphering the first set of messages.

Abstract: A user equipment (UE) may receive system information from a base station and may calculate a hash value using the system information as input to a hashing function. Similarly, prior to transmitting the system information, a valid base station may calculate a hash value using the system information as input to a hashing function. The base station may transmit the calculated hash value (e.g., which represent or be included in a set of hash values) to the UE in an access stratum (AS) security mode command (SMC) message. The UE may determine whether the received system information was modified based on the hash value (e.g., by comparing the UE calculated hash value and the set of hash values received from the base station in the AS SMC). If the UE indicates a mismatch of hash information, the base station may re-transmit the system information (e.g., in an integrity protected message).

Abstract: A network entity may provision a UE and a base station with parameters for securing network communications. The network entity may send a system parameter to a UE and a private security key to a base station. Additionally, the UE and the base station may each receive synchronization information from the network which may be used to create a randomness parameter. The base station may create a signature based on the private security key, a cell identifier, and the randomness parameter and include the signature in a system information message that is to be broadcasted to one or more UEs. A UE connecting to the base station may receive the system information message from the base station, determine the cell identifier, and verify the system information message based on one or more of the cell identifier, the system parameter, or the randomness parameter.

Abstract: Certain aspects of the present disclosure provide techniques for managing security keys for enciphering and deciphering packets transmitted in a wireless communications system. According to certain aspects, a method of wireless communication by a user equipment (UE) is provided. The method generally includes obtaining an indication of a key area identifier (ID) of a first cell node, wherein the key area ID identifies a set of cell nodes that are associated with a network node that uses a first key for enciphering or deciphering messages and communicating a first set of messages with the first cell node using the first key for enciphering or deciphering the first set of messages.