REPORTING MONITORED PARAMETER INFORMATION
Apparatuses, methods, and systems are disclosed for reporting monitored parameter information. One method includes receiving an indication to monitor parameters in an idle mode. The method includes monitoring the parameters in the idle mode. The method includes transmitting a request to a first base station. The method includes, in response to not receiving a correct response from the first base station: performing a cell reselection resulting in selection of a second base station; and transmitting a failure report to the second base station. The failure report includes information corresponding to the parameters monitored in the idle mode.
This application is a continuation of patent application Ser. No. 17/205,994 entitled “REPORTING MONITORED PARAMETER INFORMATION” filed on Mar. 18, 2021, which is a continuation of patent application Ser. No. 16/010,912 entitled “REPORTING MONITORED PARAMETER INFORMATION” filed on June 18, 2018, which claims priority to U.S. Patent application Ser. No. 62/521,266 entitled “REPORTING OF ROGUE BASE STATION DETECTION” and filed on Jun. 16, 2017 for Andreas Kunz which is incorporated herein by reference in its entirety.
FIELDThe subject matter disclosed herein relates generally to wireless communications and more particularly relates to reporting monitored parameter information.
BACKGROUNDThe following abbreviations are herewith defined, at least some of which are referred to within the following description: Third Generation Partnership Project (“3GPP”), Fifth Generation (“5G”), Authentication Authorization and Accounting (“AAA”), Positive-Acknowledgment (“ACK”), Acknowledged Mode (“AM”), Access and Mobility Management Function (“AMF”), Access Server (“AS”), Access Point (“AP”), Authentication Center (“AuC”), Authentication Server Function (“AUSF”), Authentication Token (“AUTN”), Base Station (“B S”), Bandwidth (“BW”), Cell Group (“CG”), Cipher Key (“CK”), Cell Radio Network Temporary Identifier (“C-RNTI”), Common Physical Downlink Control Channel (“C-PDCCH”), Dedicated Control Channel (“DCCH”), Downlink (“DL”), Demodulation Reference Signal (“DMRS”), Domain Name System (“DNS”), Enhanced Mobile Broadband (“eMBB”), Evolved Node B (“eNB”), Enhanced Subscriber Identification Module (“eSIM”), Equipment Identity Register (“EIR”), Evolved Packet Core (“EPC”), European Telecommunications Standards Institute (“ETSI”), E-UTRAN Radio Access Bearer (“E-RAB”), Evolved-Universal Terrestrial Radio Access Network (“E-UTRAN”), Frequency Division Duplex (“FDD”), Frequency Division Multiple Access (“FDMA”), Fully Qualified Domain Name (“FQDN”), 5G Node B (“gNB”), General Packet Radio Service (“GPRS”), Global System For Mobile Communications “GSM”, Global System For Mobile Communications Association (“GSMA”), Hybrid Automatic Repeat Request (“HARQ”), Home Policy Control Function (“H-PCF”), Home Public Land Mobile Network (“HPLMN”), Home Subscriber Server (“HSS”), Identity or Identifier or Identification (“ID”), Information Element (“IE”), Integrity Key (“IK”), International Mobile Equipment Identity (“MEI”), International Mobile Subscriber Identity (“IMSI”), Internet-of-Things (“IoT”), Key Derivation Function (“KDF”), Layer 2 (“L2”), Logical Channel Identifier (“LCID”), Logical Channel Prioritization (“LCP”), Long Term Evolution (“LTE”), Multiple Access (“MA”), Medium Access Control (“MAC”), Master Cell Group (“MCG”), Modulation Coding Scheme (“MCS”), Mobile Country Code (“MCC”), Mobile Network Code (“MNC”), Machine Type Communication (“MTC”), Master Information Block (“MIB), Mobility Management (“MM”), Mobility Management Entity (“MME”), Non-Access Stratum (“NAS”), Narrowband (“NB”), Negative-Acknowledgment (“NACK”) or (“NAK”), Network Entity (“NE”), Next Generation Node B (“gNB”), New Radio (“NR”), Operation and Maintenance Center (“OAM”), Open Mobile Alliance Device Management (“OMA DM”), Orthogonal Frequency Division Multiplexing (“OFDM”), Over-the-Air (“OTA”), Physical Broadcast Channel (“PBCH”), Policy Control Function (“PCF”), Packet Data Convergence Protocol (“PDCP”), Protocol Data Unit (“PDU”), Public Land Mobile Network (“PLMN”), Primary Synchronization Signal (“PSS”), Pointer (“PTR”), Quality of Service (“QoS”), Random Access Channel (“RACH”), Radio Access Technology (“RAT”), Resource Block (“RB”), Radio Link Control (“RLC”), Radio Link Failure (“RLF”), Radio Network Layer (“RNL”), Radio Resource Control (“RRC”), Radio Resource Management (“RRM”), Radio Access Network (“RAN”), Reference Signal Received Power (“RSRP”), Reference Signal Received Quality (“RSRQ”), Receive (“RX”), Secondary Cell Group (“SCG”), Secondary Synchronization Signal (“SSS”), Service Data Unit (“SDU”), Sequence Number (“SN”), Single Carrier Frequency Division Multiple Access (“SC-FDMA”), Subscriber Management Function (“SMF”), Signal-to-Noise Ratio (“SNR”), Subscriber Identity Module (“SIM”), System Information Block (“SIB”), Sidelink (“SL”), Shared Channel (“SCH”), Synchronization Signal (“SS”), Subscription Concealed Identifier (“SUCI”), Subscription Permanent Identifier (“SUPI”), Timing Advance Group (“TAG”), Tracking Area (“TA”), Time Division Duplex (“TDD”), Transport Network Layer (“TNL”), Transmission Time Interval (“TTI”), Transmit (“TX”), Unified Data Management (“UDM”), User Data Repository (“UDR”), User Entity/Equipment (Mobile Terminal) (“UE”), Universal Integrated Circuit Card (“UICC”), Uplink (“UL”), Universal Mobile Telecommunications System (“UMTS”), User Plane Function (“UPF”), Ultra-Reliable Low-Latency Communication (“URLLC”), Universal Subscriber Identity Module (“USIM”), Universal Time Coordinated (“UTC”), Visited Policy Control Function (“V-PCF”), Visited Public Land Mobile Network (“VPLMN”), and Worldwide Interoperability for Microwave Access (“WiMAX”). As used herein, “HARQ-ACK” may represent collectively the Positive Acknowledge (“ACK”) and the Negative Acknowledge (“NAK”). ACK means that a TB is correctly received while NAK means a TB is erroneously received.
In certain wireless communications networks, there may be a rogue base station that imitates a real base station by faking being a real base station. In such networks, detecting the rogue base station may be difficult.
BRIEF SUMMARYMethods for reporting monitored parameter information are disclosed. Apparatuses and systems also perform the functions of the apparatus. In one embodiment, the method includes receiving an indication to monitor parameters in an idle mode. In certain embodiments, the method includes monitoring the parameters in the idle mode. In various embodiments, the method includes transmitting a request to a first base station. In some embodiments, the method includes, in response to not receiving a correct response from the first base station: performing a cell reselection resulting in selection of a second base station; and transmitting a failure report to the second base station. In such embodiments, the failure report includes information corresponding to the parameters monitored in the idle mode.
In one embodiment, the indication to monitor parameters in the idle mode is received in response to a likelihood of a rogue base station being in an area. In a further embodiment, the parameters monitored in the idle mode include a time in the idle mode during communication with the first base station. In certain embodiments, the parameters monitored in the idle mode include a time taken to enter a connected mode during communication with the first base station. In various embodiments, the parameters monitored in the idle mode include a number of attempts to send a connected mode setup during communication with the first base station. In some embodiments, the method includes determining whether the number of attempts passes a predetermined threshold, and, in response to the number of attempts passing the predetermined threshold, determining that a correct response from the first base station is not received. In certain embodiments, the parameters monitored in the idle mode include a number of connection mode setup messages that fail due to timeout.
In various embodiments, the parameters monitored in the idle mode include a number of identity requests from the first base station requesting an international mobile subscriber identity. In some embodiments, the parameters monitored in the idle mode include a computed confidence level that the first base station is a rogue base station. In certain embodiments, the method includes ignoring broadcasted system information from the first base station during performing the cell reselection. In various embodiments, not receiving a correct response from the first base station includes determining a security key mismatch, a certificate failure, an authentication failure, and/or a connection setup failure.
An apparatus for reporting monitored parameter information, in one embodiment, includes a receiver that receives an indication to monitor parameters in an idle mode. In some embodiments, the apparatus includes a processor that monitors the parameters in the idle mode. In various embodiments, the apparatus includes a transmitter that transmits a request to a first base station. In certain embodiments, in response to not receiving a correct response from the first base station: the processor performs a cell reselection resulting in selection of a second base station; and the transmitter transmits a failure report to the second base station. In such embodiments, the failure report includes information corresponding to the parameters monitored in the idle mode.
A method for receiving monitored parameter information, in one embodiment, includes transmitting an indication to a remote unit for the remote unit to monitor parameters in an idle mode. In certain embodiments, the method includes receiving a failure report from the remote unit. In such embodiments, the failure report includes information corresponding to the parameters monitored in the idle mode. In various embodiments, the method includes identifying a rogue base station from the failure report. In some embodiments, the method includes transmitting an alarm identifying the rogue base station.
In one embodiment, the alarm includes an identifier of the rogue base station. In a further embodiment, the indication to monitor parameters in the idle mode is transmitted in response to a likelihood of the rogue base station being in an area used by the remote unit. In certain embodiments, the parameters monitored in the idle mode include a time in the idle mode during communication with the rogue base station. In various embodiments, the parameters monitored in the idle mode include a time taken to enter a connected mode during communication with the rogue base station. In some embodiments, the parameters monitored in the idle mode include a number of attempts to send a connected mode setup during communication with the rogue base station. In certain embodiments, the parameters monitored in the idle mode include a number of connection mode setup messages that fail due to timeout.
In various embodiments, the parameters monitored in the idle mode include a number of identity requests from the rogue base station requesting an international mobile subscriber identity of the remote unit. In some embodiments, the parameters monitored in the idle mode include a computed confidence level corresponding to the rogue base station.
An apparatus for receiving monitored parameter information, in one embodiment, includes a transmitter that transmits an indication to a remote unit for the remote unit to monitor parameters in an idle mode. In some embodiments, the apparatus includes a receiver that receives a failure report from the remote unit. In such embodiments, the failure report includes information corresponding to the parameters monitored in the idle mode. In various embodiments, the apparatus includes a processor that identifies a rogue base station from the failure report. In certain embodiments, the transmitter transmits an alarm identifying the rogue base station.
A more particular description of the embodiments briefly described above will be rendered by reference to specific embodiments that are illustrated in the appended drawings. Understanding that these drawings depict only some embodiments and are not therefore to be considered to be limiting of scope, the embodiments will be described and explained with additional specificity and detail through the use of the accompanying drawings, in which:
As will be appreciated by one skilled in the art, aspects of the embodiments may be embodied as a system, apparatus, method, or program product. Accordingly, embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, embodiments may take the form of a program product embodied in one or more computer readable storage devices storing machine readable code, computer readable code, and/or program code, referred hereafter as code. The storage devices may be tangible, non-transitory, and/or non-transmission. The storage devices may not embody signals. In a certain embodiment, the storage devices only employ signals for accessing code.
Certain of the functional units described in this specification may be labeled as modules, in order to more particularly emphasize their implementation independence. For example, a module may be implemented as a hardware circuit comprising custom very-large-scale integration (“VLSI”) circuits or gate arrays, off-the-shelf semiconductors such as logic chips, transistors, or other discrete components. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.
Modules may also be implemented in code and/or software for execution by various types of processors. An identified module of code may, for instance, include one or more physical or logical blocks of executable code which may, for instance, be organized as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may include disparate instructions stored in different locations which, when joined logically together, include the module and achieve the stated purpose for the module.
Indeed, a module of code may be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Similarly, operational data may be identified and illustrated herein within modules, and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different computer readable storage devices. Where a module or portions of a module are implemented in software, the software portions are stored on one or more computer readable storage devices.
Any combination of one or more computer readable medium may be utilized. The computer readable medium may be a computer readable storage medium. The computer readable storage medium may be a storage device storing the code. The storage device may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, holographic, micromechanical, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing.
More specific examples (a non-exhaustive list) of the storage device would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (“RAM”), a read-only memory (“ROM”), an erasable programmable read-only memory (“EPROM” or Flash memory), a portable compact disc read-only memory (“CD-ROM”), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Code for carrying out operations for embodiments may be any number of lines and may be written in any combination of one or more programming languages including an object oriented programming language such as Python, Ruby, Java, Smalltalk, C++, or the like, and conventional procedural programming languages, such as the “C” programming language, or the like, and/or machine languages such as assembly languages. The code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (“LAN”) or a wide area network (“WAN”), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
Reference throughout this specification to “one embodiment,” “an embodiment,” or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. Thus, appearances of the phrases “in one embodiment,” “in an embodiment,” and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment, but mean “one or more but not all embodiments” unless expressly specified otherwise. The terms “including,” “comprising,” “having,” and variations thereof mean “including but not limited to,” unless expressly specified otherwise. An enumerated listing of items does not imply that any or all of the items are mutually exclusive, unless expressly specified otherwise. The terms “a,” “an,” and “the” also refer to “one or more” unless expressly specified otherwise.
Furthermore, the described features, structures, or characteristics of the embodiments may be combined in any suitable manner. In the following description, numerous specific details are provided, such as examples of programming, software modules, user selections, network transactions, database queries, database structures, hardware modules, hardware circuits, hardware chips, etc., to provide a thorough understanding of embodiments. One skilled in the relevant art will recognize, however, that embodiments may be practiced without one or more of the specific details, or with other methods, components, materials, and so forth. In other instances, well-known structures, materials, or operations are not shown or described in detail to avoid obscuring aspects of an embodiment.
Aspects of the embodiments are described below with reference to schematic flowchart diagrams and/or schematic block diagrams of methods, apparatuses, systems, and program products according to embodiments. It will be understood that each block of the schematic flowchart diagrams and/or schematic block diagrams, and combinations of blocks in the schematic flowchart diagrams and/or schematic block diagrams, can be implemented by code. The code may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the schematic flowchart diagrams and/or schematic block diagrams block or blocks.
The code may also be stored in a storage device that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the storage device produce an article of manufacture including instructions which implement the function/act specified in the schematic flowchart diagrams and/or schematic block diagrams block or blocks.
The code may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the code which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
The schematic flowchart diagrams and/or schematic block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of apparatuses, systems, methods and program products according to various embodiments. In this regard, each block in the schematic flowchart diagrams and/or schematic block diagrams may represent a module, segment, or portion of code, which includes one or more executable instructions of the code for implementing the specified logical function(s).
It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the Figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. Other steps and methods may be conceived that are equivalent in function, logic, or effect to one or more blocks, or portions thereof, of the illustrated Figures.
Although various arrow types and line types may be employed in the flowchart and/or block diagrams, they are understood not to limit the scope of the corresponding embodiments. Indeed, some arrows or other connectors may be used to indicate only the logical flow of the depicted embodiment. For instance, an arrow may indicate a waiting or monitoring period of unspecified duration between enumerated steps of the depicted embodiment. It will also be noted that each block of the block diagrams and/or flowchart diagrams, and combinations of blocks in the block diagrams and/or flowchart diagrams, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and code.
The description of elements in each figure may refer to elements of proceeding figures. Like numbers refer to like elements in all figures, including alternate embodiments of like elements.
In one embodiment, the remote units 102 may include computing devices, such as desktop computers, laptop computers, personal digital assistants (“PDAs”), tablet computers, smart phones, smart televisions (e.g., televisions connected to the Internet), set-top boxes, game consoles, security systems (including security cameras), vehicle on-board computers, network devices (e.g., routers, switches, modems), IoT devices, or the like. In some embodiments, the remote units 102 include wearable devices, such as smart watches, fitness bands, optical head-mounted displays, or the like. Moreover, the remote units 102 may be referred to as subscriber units, mobiles, mobile stations, users, terminals, mobile terminals, fixed terminals, subscriber stations, UE, user terminals, a device, or by other terminology used in the art. The remote units 102 may communicate directly with one or more of the network units 104 via UL communication signals.
The network units 104 may be distributed over a geographic region. In certain embodiments, a network unit 104 may also be referred to as an access point, an access terminal, a base, a base unit, a base station, a Node-B, an eNB, a gNB, a Home Node-B, a relay node, a device, a network device, an infrastructure device, or by any other terminology used in the art. The network units 104 are generally part of a radio access network that includes one or more controllers communicably coupled to one or more corresponding network units 104. The radio access network is generally communicably coupled to one or more core networks, which may be coupled to other networks, like the Internet and public switched telephone networks, among other networks. These and other elements of radio access and core networks are not illustrated but are well known generally by those having ordinary skill in the art. In some embodiments, a network unit 104 may include one or more of the following network components an eNB, a gNB, an AMF, a DB, an MME, a PCF, a UDR, a UPF, a serving gateway, and/or a UDM.
In one implementation, the wireless communication system 100 is compliant with the NR/5G protocols or LTE protocols specified by 3GPP, wherein the network unit 104 transmits using an OFDM modulation scheme on the DL and the remote units 102 transmit on the UL using a SC-FDMA scheme or an OFDM scheme. More generally, however, the wireless communication system 100 may implement some other open or proprietary communication protocol, for example, WiMAX, among other protocols. The present disclosure is not intended to be limited to the implementation of any particular wireless communication system architecture or protocol.
The network units 104 may serve a number of remote units 102 within a serving area, for example, a cell or a cell sector via a wireless communication link. The network units 104 transmit DL communication signals to serve the remote units 102 in the time, frequency, and/or spatial domain.
In certain embodiments, a remote unit 102 may be used to receive an indication to monitor parameters in an idle mode. In some embodiments, the remote unit 102 may be used to monitor the parameters in the idle mode. In various embodiments, the remote unit 102 may be used to transmit a request to a first base station. In some embodiments, the remote unit 102 may be used to, in response to not receiving a correct response from the first base station: perform a cell reselection resulting in selection of a second base station; and transmit a failure report to the second base station. In such embodiments, the failure report may include information corresponding to the parameters monitored in the idle mode. Accordingly, a remote unit 102 may be used for reporting monitored parameter information.
In certain embodiments, a network unit 104 may be used to transmit an indication to a remote unit 102 for the remote unit 102 to monitor parameters in an idle mode. In certain embodiments, the network unit 104 may be used to receive a failure report from the remote unit 102. In such embodiments, the failure report may include information corresponding to the parameters monitored in the idle mode. In various embodiments, the network unit 104 may be used to identify a rogue base station from the failure report. In some embodiments, the network unit 104 may be used to transmit an alarm identifying the rogue base station. Accordingly, a network unit 104 may be used for receiving monitored parameter information.
The processor 202, in one embodiment, may include any known controller capable of executing computer-readable instructions and/or capable of performing logical operations. For example, the processor 202 may be a microcontroller, a microprocessor, a central processing unit (“CPU”), a graphics processing unit (“GPU”), an auxiliary processing unit, a field programmable gate array (“FPGA”), or similar programmable controller. In some embodiments, the processor 202 executes instructions stored in the memory 204 to perform the methods and routines described herein. In certain embodiments, the processor 202 may monitor parameters in an idle mode. The processor 202 is communicatively coupled to the memory 204, the input device 206, the display 208, the transmitter 210, and the receiver 212.
The memory 204, in one embodiment, is a computer readable storage medium. In some embodiments, the memory 204 includes volatile computer storage media. For example, the memory 204 may include a RAM, including dynamic RAM (“DRAM”), synchronous dynamic RAM (“SDRAM”), and/or static RAM (“SRAM”). In some embodiments, the memory 204 includes non-volatile computer storage media. For example, the memory 204 may include a hard disk drive, a flash memory, or any other suitable non-volatile computer storage device. In some embodiments, the memory 204 includes both volatile and non-volatile computer storage media. In some embodiments, the memory 204 also stores program code and related data, such as an operating system or other controller algorithms operating on the remote unit 102.
The input device 206, in one embodiment, may include any known computer input device including a touch panel, a button, a keyboard, a stylus, a microphone, or the like. In some embodiments, the input device 206 may be integrated with the display 208, for example, as a touchscreen or similar touch-sensitive display. In some embodiments, the input device 206 includes a touchscreen such that text may be input using a virtual keyboard displayed on the touchscreen and/or by handwriting on the touchscreen. In some embodiments, the input device 206 includes two or more different devices, such as a keyboard and a touch panel.
The display 208, in one embodiment, may include any known electronically controllable display or display device. The display 208 may be designed to output visual, audible, and/or haptic signals. In some embodiments, the display 208 includes an electronic display capable of outputting visual data to a user. For example, the display 208 may include, but is not limited to, an LCD display, an LED display, an OLED display, a projector, or similar display device capable of outputting images, text, or the like to a user. As another, non-limiting, example, the display 208 may include a wearable display such as a smart watch, smart glasses, a heads-up display, or the like. Further, the display 208 may be a component of a smart phone, a personal digital assistant, a television, a table computer, a notebook (laptop) computer, a personal computer, a vehicle dashboard, or the like.
In certain embodiments, the display 208 includes one or more speakers for producing sound. For example, the display 208 may produce an audible alert or notification (e.g., a beep or chime). In some embodiments, the display 208 includes one or more haptic devices for producing vibrations, motion, or other haptic feedback. In some embodiments, all or portions of the display 208 may be integrated with the input device 206. For example, the input device 206 and display 208 may form a touchscreen or similar touch-sensitive display. In other embodiments, the display 208 may be located near the input device 206.
The transmitter 210 is used to provide UL communication signals to the network unit 104 and the receiver 212 is used to receive DL communication signals from the network unit 104. In some embodiments, the receiver 212 may receive an indication to monitor parameters in an idle mode. In certain embodiments, the transmitter 210 may transmit a request to a first base station. In certain embodiments, in response to not receiving a correct response from the first base station: the processor 202 may perform a cell reselection resulting in selection of a second base station; and the transmitter 210 may transmit a failure report to the second base station. In such embodiments, the failure report may include information corresponding to the parameters monitored in the idle mode. Although only one transmitter 210 and one receiver 212 are illustrated, the remote unit 102 may have any suitable number of transmitters 210 and receivers 212. The transmitter 210 and the receiver 212 may be any suitable type of transmitters and receivers. In one embodiment, the transmitter 210 and the receiver 212 may be part of a transceiver.
In various embodiments, the transmitter 310 may transmit an indication to a remote unit 102 for the remote unit 102 to monitor parameters in an idle mode. In some embodiments, the receiver 312 may receive a failure report from the remote unit 102. In such embodiments, the failure report may include information corresponding to the parameters monitored in the idle mode. In various embodiments, the processor 302 may identify a rogue base station from the failure report. In certain embodiments, the transmitter 310 may transmit an alarm identifying the rogue base station. Although only one transmitter 310 and one receiver 312 are illustrated, the network unit 104 may have any suitable number of transmitters 310 and receivers 312. The transmitter 310 and the receiver 312 may be any suitable type of transmitters and receivers. In one embodiment, the transmitter 310 and the receiver 312 may be part of a transceiver.
In some embodiments, a remote unit 102 may desire to send a service request for mobile originated data during a time in which the remote unit 102 is communicating with a fake base station (e.g., a rogue base station). In such embodiments, the service request may fail at the remote unit 102 because an authentication vector may not authenticate the fake base station and/or a connection setup (e.g., RRC connection setup) may fail (e.g., due to a timeout).
In certain embodiments, the remote unit 102 may collect relevant information in a VarConnEstFailReport at a time of a connection setup timeout (e.g., such information may include plmn-Identity, failedCellld, measResultFailedCell, measResultNeighCells, locationInfo, and so forth). In some embodiments, a fake base station may broadcast a very high connEstFailCount value. Accordingly, a number of times that the remote unit 102 detects a connection setup timer expiring on a same cell before applying connEstFailOffset may be high. In various embodiments, because connection setup timer may be in a timeframe of approximately 2 seconds, a remote unit 102 may keep trying connection requests for up to the timer timeframe of approximately 2 seconds. In such embodiments, the remote unit 102 may record and/or report a value for connEstFailCount that is higher than 4. In some embodiments, a failure report may be deleted by a remote unit 102 at any time.
In various embodiments, in response to a fake base station may not send response messages (e.g., NAS response messages). Accordingly, in such embodiments, a remote unit 102 may detect (e.g., based on an AUTN parameter) that the base station is fake. In certain embodiments, the only response message (e.g., NAS message) a fake base station may send is an identity request that requests an IMSI from the remote unit 102. In some embodiments, the remote unit 102 may record whether it is asked to send the IMSI in circumstances in which a connection (e.g., RRC Connection) has timed out.
In various embodiments, a remote unit 102 may perform a cell reselection in response to detecting a fake base station and/or may send a measurement report and/or a failure report with a cause value to a new base station (e.g., genuine base station, not fake base station) using a VarConnEstFailReport format. In such embodiments, the remote unit 102 may add information in addition that includes a connEstFailCount, whether IMSI was requested, and/or other information.
In certain embodiments, a genuine base station may identify a fake base station based on information in a failure report from a remote unit 102 and/or may support an operator (e.g., especially in circumstances in which a fake base station is moving to different locations over time).
In various embodiments, a genuine base station may configure an extended failure report to be recorded in a remote unit 102 during a time in which the remote unit 102 is in a connected mode and/or in an idle mode. In embodiments in which a remote unit 102 is instructed to perform extended failure reporting, the remote unit 102 may not delete the failure report and/or may store the failure report in a secure and/or permanent manner so that the failure report is not deleted (e.g., not deleted in response to a user changing the battery) until the failure report is submitted to a genuine base station. As may be appreciated, extended failure reporting may be reporting that includes more information than standard failure reporting.
In one embodiment, a first communication 410 is transmitted from the base station 402 to the UE in the connected state 404. In various embodiments, the first communication 410 includes one or more messages having instructions from the base station 402 for the UE in the connected state 404 to perform measurements (e.g., monitor parameters) in an idle mode (e.g., RRC IDLE mode) and/or to log the measurements (e.g., log measurements corresponding to monitored parameters). In some embodiments, the UE in the connected state 404 may be configured for extended failure reporting. In such embodiments, the base station 402 may add a parameter with extFailureReporting=True in the request.
In various embodiments, the UE in the connected state 404 may transition 412 to the UE in the idle state 406 and perform measurements as instructed. The UE in the idle state 406 may move around and perform cell reselection with a cell having the best signal.
In certain embodiments, while performing cell reselection, in a second communication 414, the UE in the idle state 406 may transmit one or more messages to the rogue base station 408. Moreover, the UE in the idles state 406 may be unaware that it is camping at a fake base station.
In some embodiments, a third communication 416 is transmitted between the UE in the idle state 406 and the rogue base station 408. In such embodiments, the third communication 416 may include one or more messages. While transmitting and/or receiving the third communication 416, the UE in the idle state 406 may recognize (e.g., determine) that it is communicating with a fake base station. In various embodiments, the UE in the idle state 406 may send a service request as part of the third communication 416 to perform a mobile oriented session setup. Moreover, as part of the third communication 416, the rogue base station 408 may attempt to keep a connection (e.g., RRC connection) alive; however, the UE in the idle state 406 may not be able to authenticate the rogue base station 408 with a fake authentication vector provided from the rogue base station 408 to the UE in the idle state 406 and/or the connection setup (e.g., RRC connection setup) may time out. In certain embodiments, as part of the third communication 416, the rogue base station 408 may request that the UE in the idle state 406 send its IMSI to the rogue base station 408. In some embodiments, in response to the UE in the idle state 406 being configured for extended failure reporting, the UE in the idle state 406 may record a number of connection setup time outs and/or whether an IMSI was requested in addition to normal failure reporting that occurs as a result of a connection setup timeout.
In various embodiments, a fourth communication 418 is transmitted from the UE in the idle state 406 to the base station 402. In such embodiments, the fourth communication 418 may include one or more messages. As may be appreciated, based on information recorded by the UE in the idle state 406, the UE in the idle state 406 may determine that the currently attached base station (e.g., the rogue base station 408) is believed to be a fake base station. Accordingly, the UE in the idle state 406 may performs cell reselection as part of the fourth communication 418 to select a next best signal. In some embodiments, the UE in the idle state 406 may measure a time that it has camped at the rogue base station 408 in the idle mode and/or a time it has spent trying to get into a connected state. In certain embodiments, the UE in the idle state 406 may compute (e.g., determine) a confidence level corresponding to the rogue base station 408 (e.g., how confident the UE in the idle state 406 is that the rogue base station 408 to which the UE in the idle state 406 is attached is actually a fake base station—the confidence level may be based on the an idle mode time, a connected mode time, a number of failed connection setups, a broadcasted connection retry count, whether IMSI was requested while being in the same PLMN, and so forth). In various embodiments, with a high enough confidence level, the UE in the idle state 406 may ignore broadcast information transmitted from the rogue base station 408 during a time in which the UE in the idle state 406 performs cell reselection. In some embodiments, as part of the fourth communication 418, the UE in the idle state 406 may transmit a failure report and, in response to being instructed to perform extended failure reporting, information that includes connection setup failure counts, an IMSI requested flag that indicates IMSI has been requested, a number of IMSI requests, a length of time in an idle mode, and/or a length of time spent trying to get in a connected mode. In certain embodiments, portions of the failure report and/or portions of the extended failure report may be transmitted from the UE in the idle state 406 in a service request NAS message to a control plane entity (e.g., MME, AMF, etc.). In various embodiments, the UE in the idle state 406 may include its calculated confidence level about the rogue base station 408 in the failure report.
In certain embodiments, the base station 402 may detect 420 that the rogue base station 408 is a fake base station and/or may start an alarm in an OAM system of an operator. Moreover, the base station 402 (e.g., genuine base station) may immediate change the SIB and include an ID corresponding to the rogue base station 408 in a black list for camping. As may be appreciated, the rogue base station 408 may change its cell ID frequently; however, including the ID corresponding to the rogue base station 408 in a black list for camping may inhibit another UE from camping on the rogue base station 408 before the rogue base station 408 changes its cell id.
In certain embodiments, a remote unit 102 may become aware of a fake base station in a variety of different ways. For example, a remote unit 102 may become aware of a fake base station by detecting invalid certificates, using UL monitoring, by checking signed system information in any SIBs, by monitoring connection setup, by monitoring connection failures, and so forth.
In one embodiment, a first communication 510 is transmitted from the base station 502 to the UE in the connected state 504. In various embodiments, the first communication 510 includes one or more messages having instructions from the base station 502 for the UE in the connected state 504 to perform measurements (e.g., monitor parameters) in an idle mode (e.g., RRC IDLE mode) and/or to log the measurements (e.g., log measurements corresponding to monitored parameters). In some embodiments, the UE in the connected state 504 may be configured for extended failure reporting. In such embodiments, the base station 502 may add a parameter with extFailureReporting=True in the request.
In various embodiments, the UE in the connected state 504 may transition 512 to the UE in the idle state 506 and perform measurements as instructed. The UE in the idle state 506 may move around and perform cell reselection with a cell having the best signal.
In certain embodiments, while performing cell reselection, in a second communication 514, the UE in the idle state 506 may transmit one or more messages to the rogue base station 508. Moreover, the UE in the idles state 506 may be unaware that it is camping at a fake base station.
In some embodiments, a third communication 516 is transmitted between the UE in the idle state 506 and the rogue base station 508. In such embodiments, the third communication 516 may include one or more messages. While transmitting and/or receiving the third communication 516, the UE in the idle state 506 may recognize (e.g., determine) that it is communicating with a fake base station. In various embodiments, the UE in the idle state 506 may transmit messages similar to the third communication 416 described in relation to
In various embodiments, a fourth communication 518 is transmitted from the UE in the idle state 506 to the base station 502. In such embodiments, the fourth communication 518 may include one or more messages. As may be appreciated, based on information recorded by the UE in the idle state 506, the UE in the idle state 506 may determine that the currently attached base station (e.g., the rogue base station 508) is believed to be a fake base station. Accordingly, the UE in the idle state 506 may performs cell reselection as part of the fourth communication 518 to select a next best signal. In some embodiments, the UE in the idle state 506 may, if instructed, creates an extended failure report that includes a cause value pointing to the reason: certificate failure, wrong signature, authentication failure, connection failure, connection setup failure counts, an IMSI requested flag that indicates IMSI has been requested, a number of IMSI requests, a length of time in an idle mode, a length of time spent trying to get in a connected mode, and/or a computed confidence level that the rogue base station 508 is a fake base station.
In some embodiments, the UE in the idle state 506 may perform cell reselection with a next best signal and/or try to perform a connection setup. In such embodiments, the UE in the idle state 506 may ignore broadcast system information from the rogue base station 508. In certain embodiments, portions of the failure report and/or portions of the extended failure report may be transmitted from the UE in the idle state 506 in a service request NAS message to a control plane entity (e.g., MME, AMF, etc.).
In certain embodiments, the base station 502 may detect 520 that the rogue base station 508 is a fake base station and/or may start an alarm in an OAM system of an operator. Moreover, the base station 502 (e.g., genuine base station) may immediate change the SIB and include an ID corresponding to the rogue base station 508 in a black list for camping. As may be appreciated, the rogue base station 508 may change its cell ID frequently; however, including the ID corresponding to the rogue base station 508 in a black list for camping may inhibit another UE from camping on the rogue base station 508 before the rogue base station 508 changes its cell id.
The method 600 may include receiving 602 an indication to monitor parameters in an idle mode. In certain embodiments, the method 600 includes monitoring 604 the parameters in the idle mode. In various embodiments, the method 600 includes transmitting 606 a request to a first base station. In some embodiments, the method 600 includes, in response to not receiving a correct response from the first base station: performing 608 a cell reselection resulting in selection of a second base station; and transmitting a failure report to the second base station. In such embodiments, the failure report includes information corresponding to the parameters monitored in the idle mode.
In one embodiment, the indication to monitor parameters in the idle mode is received in response to a likelihood of a rogue base station being in an area. In a further embodiment, the parameters monitored in the idle mode include a time in the idle mode during communication with the first base station. In certain embodiments, the parameters monitored in the idle mode include a time taken to enter a connected mode during communication with the first base station. In various embodiments, the parameters monitored in the idle mode include a number of attempts to send a connected mode setup during communication with the first base station. In some embodiments, the method 600 includes determining whether the number of attempts passes a predetermined threshold, and, in response to the number of attempts passing the predetermined threshold, determining that a correct response from the first base station is not received. In certain embodiments, the parameters monitored in the idle mode include a number of connection mode setup messages that fail due to timeout.
In various embodiments, the parameters monitored in the idle mode include a number of identity requests from the first base station requesting an international mobile subscriber identity. In some embodiments, the parameters monitored in the idle mode include a computed confidence level that the first base station is a rogue base station. In certain embodiments, the method 600 includes ignoring broadcasted system information from the first base station during performing the cell reselection. In various embodiments, not receiving a correct response from the first base station includes determining a security key mismatch, a certificate failure, an authentication failure, and/or a connection setup failure.
The method 700 may include transmitting 702 an indication to a remote unit 102 for the remote unit 102 to monitor parameters in an idle mode. In certain embodiments, the method 700 includes receiving 704 a failure report from the remote unit 102. In such embodiments, the failure report includes information corresponding to the parameters monitored in the idle mode. In various embodiments, the method 700 includes identifying 706 a rogue base station from the failure report. In some embodiments, the method 700 includes transmitting 708 an alarm identifying the rogue base station.
In one embodiment, the alarm includes an identifier of the rogue base station. In a further embodiment, the indication to monitor parameters in the idle mode is transmitted in response to a likelihood of the rogue base station being in an area used by the remote unit 102. In certain embodiments, the parameters monitored in the idle mode include a time in the idle mode during communication with the rogue base station. In various embodiments, the parameters monitored in the idle mode include a time taken to enter a connected mode during communication with the rogue base station. In some embodiments, the parameters monitored in the idle mode include a number of attempts to send a connected mode setup during communication with the rogue base station. In certain embodiments, the parameters monitored in the idle mode include a number of connection mode setup messages that fail due to timeout.
In various embodiments, the parameters monitored in the idle mode include a number of identity requests from the rogue base station requesting an international mobile subscriber identity of the remote unit 102. In some embodiments, the parameters monitored in the idle mode include a computed confidence level corresponding to the rogue base station.
Embodiments may be practiced in other specific forms. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing description. All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.
Claims
1. An apparatus comprising:
- a processor; and
- a memory coupled to the processor, the processor configured to cause the apparatus to: receive a configuration for cell measurement in an idle mode; perform a set of cell measurements in the idle mode in response to the received configuration; log a set of parameters associated with a set of base stations based at least in part on the set of cell measurements in the idle mode, wherein the set of parameters comprises a respective identity associated with each base station of the set of base stations, a respective location associated with each base station of the set of base stations, or both; transmit a report comprising the logged set of parameters associated with the set of base stations during the idle mode, wherein one or more of the logged set of parameters are indicative of a false base station.
2. The apparatus of claim 1, wherein the apparatus comprises a user equipment (UE).
3. The apparatus of claim 1, wherein each base station of the set of base stations is associated with a cell of a set of cells.
4. The apparatus of claim 1, wherein, to perform the set of cell measurements in the idle mode, the processor is configured to cause the apparatus to:
- measure, in the idle mode, a respective signal strength associated with each base station of the set of base stations.
5. The apparatus of claim 1, wherein the processor is configured to cause the apparatus to switch from a connected mode to the idle mode in response to the received configuration.
6. The apparatus of claim 5, wherein the connected mode comprises a radio resource control (RRC) connected mode.
7. The apparatus of claim 5, wherein the idle mode comprises a radio resource control (RRC) idle mode.
8. An apparatus comprising:
- a processor; and
- a memory coupled to the processor, the processor configured to cause the apparatus to: transmit, to a user equipment (UE), a configuration for cell measurement in an idle mode; and receive a report comprising a set of parameters associated with a set of base stations, wherein the set of parameters comprises a respective identity associated with each base station of a set of base stations, a respective location associated with each base station of the set of base stations, or both, wherein the set of parameters are in accordance with the configuration for the cell measurement in the idle mode, and wherein one or more of the set of parameters are indicative of a false base station.
9. A method at a user equipment (UE), the method comprising:
- receiving a configuration for cell measurement in an idle mode;
- performing a set of cell measurements in the idle mode in response to the received configuration;
- logging a set of parameters associated with a set of base stations based at least in part on the set of cell measurements in the idle mode, wherein the set of parameters comprises a respective identity associated with each base station of the set of base stations, a respective location associated with each base station of the set of base stations, or both;
- transmitting a report comprising the logged set of parameters associated with the set of base stations during the idle mode, wherein one or more of the logged set of parameters are indicative of a false base station.
10. The method of claim 9, wherein each base station of the set of base stations is associated with a cell of a set of cells.
11. The method of claim 9, wherein performing the set of cell measurements in the idle mode comprises:
- measuring, in the idle mode, a respective signal strength associated with each base station of the set of base stations.
12. The method of claim 9, further comprising:
- switching from a connected mode to the idle mode in response to the received configuration.
13. The method of claim 12, wherein the connected mode comprises a radio resource control (RRC) connected mode.
14. The method of claim 9, wherein the idle mode comprises a radio resource control (RRC) idle mode.
Type: Application
Filed: Apr 14, 2023
Publication Date: Aug 10, 2023
Inventors: Andreas Kunz (Ladenburg), Prateek Basu Mallick (Dreieich), Joachim Loehr (Wiesbaden), Genadi Velev (Darmstadt), Ravi Kuchibhotla (Chicago, IL)
Application Number: 18/301,116