Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, a method comprises provisioning at least a given one of the first and second security edge protection proxy elements with configuration information that enables the given security edge protection proxy element to identify at least one security operation to be applied to at least one information element in a received message before sending the message to the other one of the first and second security edge protection proxy elements.

Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network, a method comprises configuring at least a given one of the first and second security edge protection proxy elements to determine whether to apply at least one security operation at the transport level for incoming packets based at least in part on source and destination networks for the incoming packets.

Abstract: Embodiments provide a user equipment (UE) device that includes a memory and a processor configured to execute instructions stored in said memory. The processor is configured by the instructions to receive a first evolved packet system (EPS) mobility management (EMM) attach reject message in response to an attempt to attach to a first eNode B (eNB) of a radio access network (RAN). If the attach reject message includes an Evolved Packet System mobility management (EMM) error code, the processor directs an attach request to a second, confirming eNB. The processor may be further configured by the instructions to receive a second attach reject message from the second eNB and enter a lock state only the condition that the second attach reject message also includes an EMM error code, optionally the same EMM error code received in the first attach reject message.

Abstract: In accordance with the occurrence of a mobility event whereby user equipment moves from accessing a source network to accessing a target network in a communication system environment, the user equipment sends a control plane message to the target network comprising an integrity verification parameter associated with the source network and an integrity verification parameter associated with the target network. By providing integrity verification parameters for both the source network and the target network in an initial message sent by the user equipment to the mobility management element of the target network, the mobility management element of the target network can verify the user equipment on its own or seek the assistance of the source network.

Abstract: User equipment (UE) and a network node may establish data radio bearers (DRBs) for wireless communication of user plane data. For each DRB, the UE and network node may signal static integrity protection for the user plane data during set-up of the DRB. When the DRB has static integrity protection, integrity protection is applied to the user plane data for a duration of the DRB.

Abstract: We disclose various embodiments that enable a mobile terminal to confirm authenticity of a base station before the mobile terminal proceeds to camp on the corresponding cell. In an example embodiment, the authentication processing includes the mobile terminal tuning to a selected control channel of the base station to monitor RF signals transmitted thereon. The base station is deemed to be authentic if the monitored RF signals indicate the presence of live traffic between the base station and one or more other mobile terminals. The control channel can be selected from a fixed set of uplink and/or downlink control channels that are typically used by a legitimate base station. The presence of live traffic on the selected control channel can be detected by detecting certain control messages that are typically transmitted on that control channel between the base station and one or more mobile terminals served by that base station.

Abstract: We disclose various embodiments that enable a mobile terminal to authenticate a base station before the mobile terminal proceeds to attach to the corresponding network and/or camp on the corresponding cell, e.g., during the initial network selection and attachment or during an idle mode. In an example embodiment, the authentication processing includes the mobile terminal generating and sending to a candidate base station a system query with a nonce. The candidate base station is deemed to be authentic only if the acknowledgement generated and transmitted in response to the system query includes a copy of the nonce properly signed by a digital signature generated using one or more security keys. In some embodiments, the system query may also include a request for GPS coordinates and/or selected system information signed using a digital signature, which the mobile terminal may beneficially use to further strengthen the protection against a spoofing attack.

Abstract: Privacy management techniques for communication systems are provided. In one or more methods, one or more cryptographic key pairs are provisioned in a home network of a communication system for utilization by subscribers of the home network to conceal subscriber identifiers provided to access points in the communication system. The cryptographic key pairs are managed utilizing an element or function in the home network of the communication system. In one or more other methods, one or more public keys associated with one or more cryptographic key pairs are stored in user equipment, the cryptographic key pairs being provisioned by a home network of a communication system for use by subscribers of the home network to conceal subscriber identifiers provided to access points in the communication network. An element or function of the home network of the communication system is interfaced for management of the public keys stored in the user equipment.

Abstract: Techniques are provided for protecting the privacy of user equipment during identity request operations in a communication system. In one example, a method includes receiving a current identity request at given user equipment of a communication system. The method further includes making a determination at the given user equipment whether or not to respond to the current identity request in a manner requested based on a count of previous identity requests received by the given user equipment.

Abstract: Techniques are provided for protecting the privacy of user equipment during paging operations in a communication system. In one example, a method includes determining at a mobility management element of a communication system that a paging operation is to be initiated for given user equipment. The method further includes restricting the paging operation between the mobility management element and the given user equipment to use of a temporary identifier for the given user equipment. By not using a permanent identifier of the given user equipment during paging operations, the given user equipment is effectively non-trackable by malicious base stations and active/passive listeners.

Abstract: Key identification techniques for determination of appropriate keys for processing messages in communication systems are provided. In one or more methods, an indicator is assigned to each key pair provisioned in a communication system. The indicator is then sent to one or more network elements or functions in the communication system with a message encrypted with a first part of the key pair corresponding to the indicator. A network element or function receiving the encrypted message determines, based on the indicator, a corresponding second part of the key pair to use to process the encrypted message.

Abstract: Techniques for providing privacy features in communication systems are provided. For example, a message may be provided from user equipment to an element or function in a communication network that comprises one or more privacy indicators, where privacy features for processing the message are determined based on the privacy indicators. The message may comprise an attach request comprising a subscription identifier for a subscriber associated with the user equipment, with the privacy indicators comprising a flag indicating whether the subscription identifier in the attach request is privacy-protected. As another example, the element of function in the communication network may determine privacy features supported by the communication network and generate and send a message to user equipment comprising one or more privacy indicators selected based on the determined privacy features.

Abstract: Techniques are provided for protecting the privacy of user equipment during identity request operations in a communication system. In one example, a method includes receiving a current identity request at given user equipment of a communication system. The method further includes making a determination at the given user equipment whether or not to respond to the current identity request in a manner requested based on a count of previous identity requests received by the given user equipment.

Abstract: User equipment (UE) and a network node may establish data radio bearers (DRBs) for wireless communication of user plane data. For each DRB, the UE and network node may signal static or dynamic integrity protection for the user plane data during set-up of the DRB. When the DRB has static integrity protection, integrity protection is applied to the user plane data for a duration of the DRB. When the DRB has dynamic integrity protection, the UE and network node establish one or more trigger conditions for dynamic integrity protection of the DRB. The integrity protection may be enabled upon detection of one or more trigger conditions and disabled when the one or more trigger conditions subside after a predetermined period of time.

Abstract: In response to a radio link failure between given user equipment and a source access node of a communication system during a data transfer operation over a control plane, a method is provided for recovering the radio link for the given user equipment through a target access node of the communication system. The radio link recovery is enabled via a mobility management node of the communication system using a non-access stratum security context previously established between the given user equipment and the mobility management node.

Abstract: Techniques are provided for protecting the privacy of user equipment during paging operations in a communication system. In one example, a method includes determining at a mobility management element of a communication system that a paging operation is to be initiated for given user equipment. The method further includes restricting the paging operation between the mobility management element and the given user equipment to use of a temporary identifier for the given user equipment. By not using a permanent identifier of the given user equipment during paging operations, the given user equipment is effectively non-trackable by malicious base stations and active/passive listeners.

Abstract: User equipment (UE) and a network node may establish data radio bearers (DRBs) for wireless communication of user plane data. For each DRB, the UE and network node may signal static or dynamic integrity protection for the user plane data during set-up of the DRB. When the DRB has static integrity protection, integrity protection is applied to the user plane data for a duration of the DRB. When the DRB has dynamic integrity protection, the UE and network node establish one or more trigger conditions for dynamic integrity protection of the DRB. The integrity protection may be enabled upon detection of one or more trigger conditions and disabled when the one or more trigger conditions subside after a predetermined period of time.

Abstract: An example method includes receiving at a User Equipment (UE) a value for an Access Mode identifier and a value for a Closed Subscriber Group (CSG) identifier in one or more cell advertisements, selecting a cell based on the or more cell advertisements, and reporting in a message the value of the Access Mode identifier and the value CSG identifier for the cell advertisement of the cell selected. A core network element receives a first Access Mode identifier value and a first CSG identifier value, these first values associated with a cell advertisement of a cell selected by a UE; receives a second Access Mode identifier value and a second CSG identifier value, these second values reported by the cell selected by the UE; performs a comparison of first and second Access Mode identifier value and/or first and second CSG identifier values; and takes action based on the comparison.

Abstract: We disclose various embodiments that enable a mobile terminal to confirm authenticity of a base station before the mobile terminal proceeds to camp on the corresponding cell, e.g., during an idle mode. In an example embodiment, the authentication processing includes the mobile terminal validating a digital signature included in an information block received from a candidate base station, the digital signature having been generated by the base station using an extended time stamp that indicates the calendar year, month, and/or day in addition to the UTC time-counter value. The information block typically includes a truncated time stamp, which the mobile terminal uses to reconstruct the extended time stamp, the reconstruction being performed using a system time stamp that was previously broadcast by the base station. The reconstructed time stamp is then fed, together with other relevant data, into a security algorithm that can confirm the validity of the digital signature.

Abstract: We disclose various embodiments that enable a mobile terminal to authenticate a base station before the mobile terminal proceeds to attach to the corresponding network and/or camp on the corresponding cell, e.g., during the initial network selection and attachment or during an idle mode. In an example embodiment, the authentication processing includes the mobile terminal generating and sending to a candidate base station a system query with a nonce. The candidate base station is deemed to be authentic only if the acknowledgement generated and transmitted in response to the system query includes a copy of the nonce properly signed by a digital signature generated using one or more security keys. In some embodiments, the system query may also include a request for GPS coordinates and/or selected system information signed using a digital signature, which the mobile terminal may beneficially use to further strengthen the protection against a spoofing attack.