Search

EP-4324240-B1 - REPORTING OF SYSTEM INFORMATION (SI) HASH VALUES

EP4324240B1EP 4324240 B1EP4324240 B1EP 4324240B1EP-4324240-B1

Inventors

  • BERGSTRÖM, Mattias
  • OHLSSON, OSCAR
  • RAMACHANDRA, PRADEEPA

Dates

Publication Date
20260506
Application Date
20220310

Claims (15)

  1. A method for a user equipment, UE, operating in a wireless network, the method characterised by : while operating in a non-connected state in the wireless network, obtaining (1210) system information, SI, broadcast in each of a plurality of cells visited by the UE; for each of the visited cells, determining (1240) a single SI hash value for all SI broadcast in the visited cell; and sending (1270), to a network node in the wireless network, at least a portion of the determined SI hash values as mobility history information, MHI, wherein the MHI includes, for each visited cell: an identifier of the visited cell; a duration of time spent by the UE in the visited cell; and the single hash value for all SI broadcast in the visited cell.
  2. The method of claim 1, wherein the MHI also includes an indication of a hash algorithm used by the UE to determine the SI hash value.
  3. The method of any of claims 1-2, further comprising receiving (1230), from the network node, a first indication of whether the UE should report available SI hash values, wherein the MHI is sent to the network node in response to the first indication indicating that the UE should report available SI hash values.
  4. The method of claim 3, wherein when the first indication indicates that the UE should report available SI hash values, the first indication is received together with further indications of one of the following: a maximum number of SI hash values to report; a maximum total size of SI hash values to report; and a hash algorithm to be used for determining SI hash values to be reported.
  5. The method of any of claims 1-4, further comprising selecting (1250) a subset of the determined single SI hash values to be sent to the network node, based on one or more of the following criteria: randomly, respective sizes of the determined single SI hash value, and chronological order in which the plurality of cells were visited by the UE.
  6. A method for a network node of a wireless network, the method characterised by : receiving (1330), from a user equipment, UE, as mobility history information, MHI, system information, SI, hash value for all SI broadcast in each one or more cells visited by the UE while the UE was operating in a non-connected state in the wireless network, wherein the MHI includes, for each visited cell: an identifier of the visited cell; a duration of time spent by the UE in the visited cell; and a single SI hash value for all SI broadcast in the visited cell.
  7. The method of claim 6, wherein the MHI also includes an indication of a hash algorithm used by the UE to determine the SI hash values.
  8. The method of any of claims 6-7, further comprising transmitting (1320) a first indication of whether the UE should report available SI hash values, wherein the MHI is received from the UE in response to the first indication indicating that the UE should report available SI hash values.
  9. The method of claim 8, wherein when the first indication indicates that the UE should report available SI hash values, the first indication is transmitted together with further indications of one of the following: a maximum number of SI hash values to report; a maximum total size of SI hash values to report; and a hash algorithm to be used for determining SI hash values to be reported.
  10. The method of any of claims 6-9, wherein the received SI hash values are a subset of all SI hash values available from the UE, the subset being based on one or more of the following criteria: random selection, respective sizes of the determined SI hash values, and chronological order in which the plurality of cells were visited by the UE.
  11. The method of any of claims 6-10, further comprising: obtaining (1340), from one or more network nodes serving the one or more cells, SI hash values corresponding to the SI hash values received from the UE; comparing (1350) the SI hash values received from the UE to the respective corresponding SI hash values; and when an SI hash value does not match a corresponding SI hash value, detecting (1360) a network security problem associated with a network node that broadcasts the SI associated with the non-matching SI hash values.
  12. A user equipment, UE (120, 405, 1400, 1610) configured for operation in a wireless network (100, 399, 499, 1630), the UE being characterised to: while operating in a non-connected state in the wireless network, obtain system information, SI, broadcast in each of a plurality of cells visited by the UE; for each of the visited cells, determine one or more SI hash values for the SI broadcast in the visited cell; and send, to a network node in the wireless network, at least a portion of the determined SI hash values as mobility history information, MHI, wherein the MHI includes, for each visited cell: an identifier of the visited cell; a duration of time spent by the UE in the visited cell; and the single hash value for all SI broadcast in the visited cell.
  13. The UE of claim 12, being further configured to perform operations corresponding to any of the methods of claims 2-5.
  14. A network node (105, 110, 115, 300, 350, 410, 420, 1500) configured for operation in a wireless network (100, 399, 499, 1630), the network node being characterised to: receive, from a user equipment, UE, as mobility history information, MHI, one or more system information, SI, hash values for SI broadcast in one or more cells visited by the UE while the UE was operating in a non-connected state in the wireless network, wherein the MHI includes, for each visited cell: an identifier of the visited cell; a duration of time spent by the UE in the visited cell; and a single SI hash value for all SI broadcast in the visited cell.
  15. The network node of claim 14, being further configured to perform operations corresponding to any of the methods of claims 7-11.

Description

TECHNICAL FIELD The present disclosure relates generally to wireless networks, and more specifically to techniques for detection of false base stations and other security risks in wireless networks, e.g., based on hashes of system information (SI) broadcast in cells of a wireless network. BACKGROUND Long-Term Evolution (LTE) is an umbrella term for so-called fourth-generation (4G) radio access technologies developed within the Third-Generation Partnership Project (3GPP) and initially standardized in Release 8 (Rel-8) and Release 9 (Rel-9), also known as Evolved UTRAN (E-UTRAN). LTE is targeted at various licensed frequency bands and is accompanied by improvements to non-radio aspects commonly referred to as System Architecture Evolution (SAE), which includes Evolved Packet Core (EPC) network. LTE continues to evolve through subsequent releases. An overall exemplary architecture of a network comprising LTE and SAE is shown in Figure 1. E-UTRAN 100 includes one or more evolved Node B's (eNB), such as eNBs 105, 110, and 115, and one or more user equipment (UE), such as UE 120. As used within the 3GPP standards, "user equipment" or "UE" means any wireless communication device (e.g., smartphone or computing device) that can communicate with 3GPP-standard-compliant network equipment, including E-UTRAN as well as UTRAN and/or GERAN, as the third-generation ("3G") and second-generation ("2G") 3GPP RANs are commonly known. As specified by 3GPP, E-UTRAN 100 is responsible for all radio-related functions in the network, including radio bearer control, radio admission control, radio mobility control, scheduling, and dynamic allocation of resources to UEs in uplink and downlink, as well as security of the communications with the UE. These functions reside in the eNBs, such as eNBs 105, 110, and 115. Each of the eNBs can serve a geographic coverage area including one more cells, including cells 106, 111, and 115 served by eNBs 105, 110, and 115, respectively. The eNBs in the E-UTRAN communicate with each other via the X2 interface, as shown in Figure 1. The eNBs also are responsible for the E-UTRAN interface to the EPC 130, specifically the S1 interface to the Mobility Management Entity (MME) and the Serving Gateway (SGW), shown collectively as MME/S-GWs 134 and 138 in Figure 1. In general, the MME/S-GW handles both the overall control of the UE and data flow between the UE and the rest of the EPC. More specifically, the MME processes the signaling (e.g., control plane) protocols between the UE and the EPC, which are known as the Non-Access Stratum (NAS) protocols. The S-GW handles all Internet Protocol (IP) data packets (e.g., data or user plane) between the UE and the EPC and serves as the local mobility anchor for the data bearers when the UE moves between eNBs, such as eNBs 105, 110, and 115. EPC 130 can also include a Home Subscriber Server (HSS) 131, which manages user- and subscriber-related information. HSS 131 can also provide support functions in mobility management, call and session setup, user authentication and access authorization. The functions of HSS 131 can be related to the functions of legacy Home Location Register (HLR) and Authentication Centre (AuC) functions or operations. HSS 131 can also communicate with MMEs 134 and 138 via respective S6a interfaces. In some embodiments, HSS 131 can communicate with a user data repository (UDR) - labelled EPC-UDR 135 in Figure 1 - via a Ud interface. EPC-UDR 135 can store user credentials after they have been encrypted by AuC algorithms. These algorithms are not standardized (i.e., vendor-specific), such that encrypted credentials stored in EPC-UDR 135 are inaccessible by any other vendor than the vendor of HSS 131. Figure 2 illustrates a block diagram of an exemplary control plane (CP) protocol stack between a UE, an eNB, and an MME. The exemplary protocol stack includes Physical (PHY), Medium Access Control (MAC), Radio Link Control (RLC), Packet Data Convergence Protocol (PDCP), and Radio Resource Control (RRC) layers between the UE and eNB. The PHY layer is concerned with how and what characteristics are used to transfer data over transport channels on the LTE radio interface. The MAC layer provides data transfer services on logical channels, maps logical channels to PHY transport channels, and reallocates PHY resources to support these services. The RLC layer provides error detection and/or correction, concatenation, segmentation, and reassembly, reordering of data transferred to or from the upper layers. The PDCP layer provides ciphering/deciphering and integrity protection for both CP and user plane (UP), as well as other UP functions such as header compression. The exemplary protocol stack also includes non-access stratum (NAS) signaling between the UE and the MME. The RRC layer controls communications between a UE and an eNB at the radio interface, as well as the mobility of a UE between cells in the E-UTRAN. After a UE is powered ON it will be in the R