Search

KR-20260064426-A - METHOD AND APPARATUS FOR SELECTIVELY PROTECTING NETWORK SLICE IDENTIFIER BASED ON QUANTUM SECURITY

KR20260064426AKR 20260064426 AKR20260064426 AKR 20260064426AKR-20260064426-A

Abstract

The present disclosure relates to a wireless communication system, and more specifically, to a method and apparatus for selectively protecting a network slice identifier based on quantum security. Specifically, the present disclosure relates to a method and apparatus comprising the steps of: identifying whether a network slice identifier includes first information indicating that Post Quantum Cryptography (PQC)-based encryption is performed on the network slice identifier; if the network slice identifier includes the first information, performing the PQC-based encryption on the network slice identifier to obtain a protected network slice identifier; and transmitting a message containing the protected network slice identifier to a network entity. According to the present disclosure, a network slice identifier can be effectively protected from attacks using a quantum computer.

Inventors

  • 김성환
  • 제동현

Assignees

  • 삼성전자주식회사

Dates

Publication Date
20260507
Application Date
20241231
Priority Date
20241031

Claims (17)

  1. As a method performed by a User Equipment (UE) in a wireless communication system, A step of identifying whether a network slice identifier includes first information indicating that Post Quantum Cryptography (PQC)-based encryption is performed on the network slice identifier; If the network slice identifier includes the first information, the step of obtaining a protected network slice identifier by performing PQC-based encryption on the network slice identifier; and A method comprising the step of transmitting a message containing the above-mentioned protected network slice identifier to a network entity.
  2. In claim 1, A method in which the above message further includes second information indicating the profile of the algorithm for the PQC-based encryption and third information indicating the shared key generation method and the encryption method for the PQC-based encryption.
  3. In claim 1, A method in which the above message further includes fourth information indicating the profile of the algorithm for the above PQC-based encryption and the shared key generation method and encryption method for the above PQC-based encryption.
  4. In claim 1, The above PQC-based encryption is, Generating a first shared key based on the public key of the above network entity and the private key of the above UE, and Generating a second shared key based on the PQC-based public key of the above network entity, and Generating a third shared key based on the first shared key and the second shared key, and A method comprising encrypting the network slice identifier based on the third shared key.
  5. In claim 4, Generating the first shared key includes generating the first shared key using asymmetric key consensus based on the public key of the network entity and the private key of the UE, and Generating the second shared key includes generating the second shared key using PQC key encapsulation based on the PQC-based public key of the network entity, and A method for generating the third shared key, comprising generating the third shared key by performing an XOR (Exclusive OR) operation on the first shared key and the second shared key.
  6. In claim 1, The above PQC-based encryption is, Generating a ciphertext by performing encryption on the network slice identifier based on the public key of the network entity, and A method comprising performing a PQC algorithm on the ciphertext based on the PQC-based public key of the network entity.
  7. In claim 6, Generating the above ciphertext is, Generating a key pair of the public and private keys of the above UE, and Generating a shared key based on the public key of the above network entity and the private key of the above UE, and A method comprising generating the ciphertext by encrypting the network slice identifier based on the shared key.
  8. In claim 1, The above message is an initial registration request message, The above method is, A method further comprising the step of receiving a registration acceptance message from the network entity, which includes an allowed network slice identifier, in response to the initial registration request message.
  9. In claim 1, A method wherein the network slice identifier is S-NSSAI (Single Network Slice Assistance Information), and the S-NSSAI includes the first information, information regarding SST (Slice/Service Type), and information regarding SD (Service Differentiator).
  10. In a method performed by a network entity in a wireless communication system, A step of receiving a message containing an encrypted network slice identifier from a User Equipment (UE), wherein the encrypted network slice identifier includes information regarding a protected network slice identifier and a protection method for the protected network slice identifier; and A method comprising the step of obtaining a network slice identifier by performing Post Quantum Cryptography (PQC) based decryption on the protected network slice identifier based on information regarding the protection method.
  11. In claim 10, The above PQC-based decoding is, Obtaining a first shared key based on the public key of the above UE and the private key of the above network entity, and Generating a second shared key based on the PQC-based public key of the above network entity, and Generating a third shared key based on the first shared key and the second shared key, and A method comprising decrypting the protected network slice identifier based on the third shared key.
  12. In claim 11, Generating the first shared key includes generating the first shared key using asymmetric key consensus based on the public key of the UE and the private key of the network entity, and Generating the second shared key includes generating the second shared key using PQC key encapsulation based on the PQC-based public key of the network entity, and A method for generating the third shared key, comprising generating the third shared key by performing an XOR (Exclusive OR) operation on the first shared key and the second shared key.
  13. In claim 10, The above PQC-based decoding is, Generating an intermediate ciphertext by performing a PQC algorithm on the protected network slice identifier based on the PQC-based private key of the above network entity, and A method comprising performing decryption on the intermediate ciphertext based on the private key of the network entity.
  14. In claim 13, Performing decryption on the above intermediate ciphertext is, Generating a shared key based on the public key of the above UE and the private key of the above network entity, and A method comprising performing decryption on the intermediate ciphertext based on the shared key.
  15. In claim 10, The above message is an initial registration request message, The above method is, A step of selecting an Access and Mobility Management Function (AMF) or a Session Management Function (SMF) based on the above network slice identifier; and A method further comprising the step of sending a registration request message to the selected AMF or SMF.
  16. In a User Equipment (UE) for a wireless communication system, Transmitter/receiver; and It includes a processor connected to the above-mentioned transceiver, and the processor, Identifying whether the network slice identifier includes first information indicating that Post Quantum Cryptography (PQC)-based encryption is performed on the network slice identifier, and If the above network slice identifier includes the above first information, the above PQC-based encryption is performed on the above network slice identifier to obtain a protected network slice identifier, and A UE configured to control the above transceiver to transmit a message containing the above protected network slice identifier to a network entity.
  17. In a network entity for a wireless communication system, Transmitter/receiver; and It includes a processor connected to the above-mentioned transceiver, and the processor, A message containing an encrypted network slice identifier is received from a User Equipment (UE), wherein the encrypted network slice identifier includes information regarding a protected network slice identifier and a protection method for the protected network slice identifier, and A network entity configured to obtain a network slice identifier by performing Post Quantum Cryptography (PQC)-based decryption on the protected network slice identifier based on information regarding the above protection method.

Description

Method and apparatus for selectively protecting network slice identifier based on quantum security The present disclosure relates to a wireless communication system, and more specifically, to a method and apparatus for selectively protecting a network slice identifier based on quantum security. 5G wireless communication technology defines a wide frequency band to enable fast transmission speeds and new services, and can be implemented not only in frequency bands below 6 GHz ('Sub 6 GHz'), such as 3.5 gigahertz (3.5 GHz), but also in ultra-high frequency bands called millimeter waves (mmWave), such as 28 GHz and 39 GHz ('Above 6 GHz'). In addition, for 6G wireless communication technology, which is referred to as a system beyond 5G communication, implementation in the terahertz band (e.g., the 3 terahertz (3 THz) band at 95 GHz) is being considered to achieve transmission speeds 50 times faster and ultra-low latency reduced to one-tenth compared to 5G wireless communication technology. In the early stages of 5G wireless communication technology, aiming to satisfy service support and performance requirements for enhanced Mobile BroadBand (eMBB), Ultra-Reliable Low-Latency Communications (URLLC), and Massive Machine-Type Communications (mMTC), technologies included beamforming and Massive MIMO to mitigate path loss and increase transmission distance in ultra-high frequency bands; support for various numerologies (such as operating multiple subcarrier spacings) and dynamic operation of slot formats for the efficient utilization of ultra-high frequency resources; initial access techniques to support multi-beam transmission and broadband; the definition and operation of Band-Width Parts (BWP); Low Density Parity Check (LDPC) codes for high-volume data transmission; new channel coding methods such as Polar Codes for the reliable transmission of control information; and L2 pre-processing (L2 Standardization has been carried out for pre-processing, network slicing which provides a dedicated network specialized for specific services, and other methods. Currently, discussions are underway to improve and enhance the performance of the initial 5G wireless communication technology, taking into account the services that the 5G wireless communication technology was intended to support. Additionally, standardization of the physical layer is in progress for technologies such as V2X (Vehicle-to-Everything), which helps autonomous vehicles make driving decisions and enhance user convenience based on their own location and status information transmitted by the vehicle; NR-U (New Radio Unlicensed), which aims for system operation in unlicensed bands that meets various regulatory requirements; NR terminal low power consumption technology (UE Power Saving); Non-Terrestrial Network (NTN), which is direct terminal-satellite communication for securing coverage in areas where communication with the terrestrial network is impossible; and positioning. In addition, standardization is underway in the field of wireless interface architecture/protocols for technologies such as the Industrial Internet of Things (IIoT) for supporting new services through linkage and convergence with other industries, Integrated Access and Backhaul (IAB) which provides nodes for expanding network service areas by integrating wireless backhaul links and access links, Mobility Enhancement including Conditional Handover and Dual Active Protocol Stack (DAPS) Handover, and 2-step Random Access (2-step RACH for NR) which simplifies random access procedures. Standardization is also underway in the field of system architecture/services for 5G baseline architectures (e.g., Service based Architecture, Service based Interface) for incorporating Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) technologies, and Mobile Edge Computing (MEC), which provides services based on the location of the terminal. When such 5G wireless communication systems are commercialized, connected devices, which are increasing explosively, will be connected to communication networks. Accordingly, it is expected that there will be a need to enhance the functionality and performance of 5G wireless communication systems and to integrate the operation of connected devices. To this end, new research is planned to be conducted on 5G performance improvement and complexity reduction, support for AI services, support for metaverse services, and drone communication using eXtended Reality (XR), Artificial Intelligence (AI), and Machine Learning (ML) to efficiently support Augmented Reality (AR), Virtual Reality (VR), and Mixed Reality (MR). Furthermore, the advancement of these 5G wireless communication systems encompasses multi-antenna transmission technologies such as new waveforms, Full Dimensional MIMO (FD-MIMO), array antennas, and large-scale antennas to guarantee coverage in the terahertz band of 6G wireless communication technology; metamaterial-based lenses and antennas