Abstract: Methods, systems, and devices for wireless communications are described. Aspects include a device generating data to be sent to a receiving device and determining to provide provenance for the data. The device may generate a data identifier based on an identifier generation key and encrypt the data using an encryption key generated from a key associated with an owner of the device. The device may sign they encrypted data transmission using a signing key where the signing key is based on the encrypted data and the data identifier. In some cases, the device may send the data to a receiving device via one or more proxy devices. In some cases, multiple device may send signed data transmissions to a proxy device and the proxy device may process the multiple data transmission and send the processed data to the receiving device. The receiving device may verify provenance of the data.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may monitor a reception occasion for a short message that includes a system information change notification or a public warning system notification. The UE may initiate a mitigation action related to a radio link with a network based at least in part on non-reception by the UE of the short message in the reception occasion, failure of the short message to pass an integrity check, and/or the like. Numerous other aspects are provided.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a relay user equipment (UE) may establish a sidelink unicast link with a remote UE via a sidelink signaling interface. The relay UE may identify configuration information for an adaptation layer of the sidelink signaling interface, the configuration information including at least one of a remote UE identifier associated with the sidelink unicast link for a relay service, bearer identifier information identifying one or more bearers between the remote UE and a network entity for the relay service, a radio link control (RLC) channel mapping between a bearer identifier and one or more RLC channels, or data routing information associated with the relay service. The relay UE may relay communications between the remote UE and the network entity based at least in part on the configuration information. Numerous other aspects are described.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may identify a frequency associated with a synchronization signal block (SSB) associated with a base station. The UE may generate a security key associated with a handover of the UE based at least in part on the frequency associated with the SSB. Numerous other aspects are provided.

Abstract: Certain aspects of the present disclosure provide techniques for managing security keys for enciphering and deciphering packets transmitted in a wireless communications system. According to certain aspects, a method of wireless communication by a user equipment (UE) is provided. The method generally includes obtaining an indication of a key area identifier (ID) of a first cell node, wherein the key area ID identifies a set of cell nodes that are associated with a network node that uses a first key for enciphering or deciphering messages and communicating a first set of messages with the first cell node using the first key for enciphering or deciphering the first set of messages.

Abstract: Methods, systems, and devices for wireless communications are described. A user equipment (UE) may receive a system parameter identified by a network entity (e.g., a public key generator (PKG)), and receive a cell identifier during a connection procedure between the UE and a base station in wireless communication with the UE. The cell identifier may be associated with the base station. The UE may encrypt at least a portion of a message associated with the connection procedure using the cell identifier and the system parameter. In some examples, the portion of the message may include private information. The UE may transmit the message to the base station as part of the connection procedure.

Abstract: Methods, systems, and devices for communications are described. A device or a group of devices may generate data. The group of devices may receive a group profile from a node that identifies the devices to be included, and the group profile may include a function to be evaluated at each of the devices. The node may also provision evaluation parameters which may allow the device to provide authenticated aggregate data to a requesting third party, without sharing the data between the devices and without sharing the data with the node, thus concurrently maintaining individual data privacy and data provenance.

Abstract: Techniques for refreshing security keys for enciphering and deciphering packets in a wireless communications system are provided. An exemplary method generally includes transmitting, while in a state with no dedicated resources allocated to the UE, a first message to request resumption of a radio resource control (RRC) connection, the first message encrypted using a first set of one or more keys, receiving, in response to the first message, a second message encrypted using the first set of one or more keys or a second set of one or more keys, determining, based on an indication in the second message or received prior to the second message, whether portions of the second message are encrypted using the second set of one or more keys, and processing the second message using the first set of one or more keys or the second set of one or more keys, based on the determination.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a first wireless communication device may receive, from a second wireless communication device, a discovery message that includes a service code. The first wireless communication device may verify the service code. The first wireless communication device may transmit, to the second wireless communication device, a connection message that includes a protected service code that is derived from the service code. Numerous other aspects are described.

Abstract: Systems and techniques are disclosed to protect a user equipment's international mobile subscriber identity by providing a privacy mobile subscriber identity instead. In an attach attempt to a serving network, the UE provides the PMSI instead of IMSI, protecting the IMSI from exposure. The PMSI is determined between a home network server and the UE so that intermediate node elements in the serving network do not have knowledge of the relationship between the PMSI and the IMSI. Upon receipt of the PMSI in the attach request, the server generates a next PMSI to be used in a subsequent attach request and sends the next PMSI to the UE for confirmation. The UE confirms the next PMSI to synchronize between the UE and server and sends an acknowledgment token to the server. The UE and the server then each update local copies of the current and next PMSI values.

Abstract: A method, operational at a device, includes receiving at least one packet belonging to a first set of packets of a packet flow marked with an identification value, determining that the at least one packet is marked with the identification value, determining to change a quality of service (QoS) treatment of packets belonging to the first set of packets marked with the identification value that are yet to be received, and sending a request to change the QoS treatment of packets belonging to the first set of packets marked with the identification value that are yet to be received to trigger a different QoS treatment of packets within the packet flow, responsive to determining to change the QoS treatment. Other aspects, embodiments, and features are also claimed and described.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a device may transmit, via a broadcast, a first frame that indicates one or more of a device credential or a payload. The device may receive, from the access point, a second frame that indicates one or more of the payload or an access point credential. The device may associate with the access point based at least in part on the access point credential. The device may perform a communication, to a cloud computing system via the access point, after the device has been associated with the access point. Numerous other aspects are described.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may transmit to a base station (BS), information indicating a medium access control (MAC) security capability of the UE. The UE may receive from the BS, a communication that includes an indication of a MAC security configuration for communications between the UE and the BS. The indication of the MAC security configuration may be based at least in part on the MAC security capability of the UE. Numerous other aspects are provided.

Abstract: A user equipment (UE) may experience poor communication with a network access device, and the network access device may configure the UE to connect to, and route communications through, one or more relay nodes (e.g., which may be another UE, a network operator-deployed relay, etc.). Techniques are described whereby these relay nodes may autonomously form a wireless backhaul network. Sequential implementations are considered such that the size of the wireless backhaul network may scale efficiently. In some examples, the wireless backhaul network may form by reusing existing connectivity establishment procedures. Importantly, the proposed techniques enable a relay to possess (e.g., be configured with) functionality that may traditionally be associated with a UE, base station, and gateway. Such multi-faceted functionality may enable the described sequential formation of wireless backhaul networks with tree topology.

Abstract: A user equipment (UE) may receive system information from a base station and may calculate a hash value using the system information as input to a hashing function. Similarly, prior to transmitting the system information, a valid base station may calculate a hash value using the system information as input to a hashing function. The base station may transmit the calculated hash value (e.g., which represent or be included in a set of hash values) to the UE in an access stratum (AS) security mode command (SMC) message. The UE may determine whether the received system information was modified based on the hash value (e.g., by comparing the UE calculated hash value and the set of hash values received from the base station in the AS SMC). If the UE indicates a mismatch of hash information, the base station may re-transmit the system information (e.g., in an integrity protected message).

Abstract: Techniques are described for wireless communication. A method for wireless communication at a user equipment (UE) includes performing an extensible authentication protocol (EAP) procedure with an authentication server via an authenticator. The EAP procedure is based at least in part on a set of authentication credentials exchanged between the UE and the authentication server. The method also includes deriving, as part of performing the EAP procedure, a master session key (MSK) and an extended master session key (EMSK) that are based at least in part on the authentication credentials and a first set of parameters; determining a network type associated with the authenticator; and performing, based at least in part on the determined network type, at least one authentication procedure with the authenticator. The at least one authentication procedure is based on an association of the MSK or the EMSK with the determined network type.

Abstract: Techniques are described for wireless communication. A method of wireless communication at a transmitting wireless device includes generating a first Message Authentication Code for a data packet based at least in part on a first security key used to communicate with a receiving wireless device; generating a second message authentication code for the data packet based at least in part on a second security key used to communicate with a relay user equipment (UE), in which the relay UE is included in a data routing path between the transmitting wireless device and the receiving wireless device; and transmitting the data packet to the relay UE with at least the first message authentication code and the second message authentication code.

Abstract: Certain aspects of the present disclosure provide techniques for detecting false base stations and transmissions therefrom based on silent periods during which legitimate base stations are to refrain from transmitting at least certain downlink transmissions on at least some downlink resources.

Abstract: This disclosure provides systems, methods and apparatus, including computer programs encoded on computer storage media, for encrypting paging information transmitted to a user equipment (UE) in a paging message. In one aspect, a base station (BS) encrypts paging information and transmits a paging message to one of a UE or another BS for transmission to the UE. The paging message includes the encrypted paging information. A UE receives the paging message from a BS including the encrypted paging information. The UE decrypts the encrypted paging information to identify paging information, and determines whether to communicate with the BS based on the paging information. The paging information may be encrypted and the encrypted paging information decrypted based on information configured or obtained during at least one of a registration procedure or a radio access network (RAN)-based Notification Area Update (RNAU). Confidentiality of paging information in paging messages may thereby be improved.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may transmit, to a relay UE, a first message comprising a first freshness parameter, an identity of the UE, and authentication information, where the authentication information is used by a network node to authenticate the UE with security context information of the UE. The UE may derive a relay key for security establishment between the UE and the relay UE based on the first freshness parameter, a set of key generation parameters, and a shared key with the network node. The UE may derive a relay session key for security establishment between the UE and the relay UE based on the relay key, a first nonce of the UE, and a second nonce of the relay UE. Numerous other aspects are described.