Search

US-12621341-B2 - Concurrent flooding and cloning attack mitigation

US12621341B2US 12621341 B2US12621341 B2US 12621341B2US-12621341-B2

Abstract

A wireless communication process can include obtaining a wireless communication message associated with a source identifier (ID); determining that the source ID is associated with a flooding attack. The process can include filtering, based on determining that the source ID is associated with a flooding attack, wireless communication messages associated with the source ID. Filtering the wireless communication messages includes alternating between a first filtering state and a second filtering state. The first filtering state and the second filtering state are associated with different amounts of filtering.

Inventors

  • Mohammad Nekoui
  • Soumya Das

Assignees

  • QUALCOMM INCORPORATED

Dates

Publication Date
20260505
Application Date
20231128

Claims (20)

  1. 1 . A method of wireless communication, the method comprising: obtaining a wireless communication message associated with a source identifier (ID); determining that the source ID is associated with a flooding attack; and filtering, based on determining that the source ID is associated with a flooding attack, wireless communication messages associated with the source ID, wherein filtering the wireless communication messages comprises alternating between a first filtering state and a second filtering state, wherein the first filtering state and the second filtering state are associated with different amounts of filtering, wherein the first filtering state comprises enabling filtering for a first portion of the first filtering state, disabling filtering for a second portion of the first filtering state, and enabling filtering for a third portion of the first filtering state, wherein the second portion of the first filtering state occurs between the first portion of the first filtering state and the third portion of the first filtering state.
  2. 2 . The method of claim 1 , further comprising: transitioning, based on determining that a message load indicator associated with the flooding attack exceeds a message load threshold, from a first filtering state to a second filtering state.
  3. 3 . The method of claim 2 , wherein transitioning, based on determining that the message load indicator associated with the flooding attack exceeds the message load threshold, comprises changing operation of a message handling component from the first filtering state to the second filtering state.
  4. 4 . The method of claim 3 , wherein the message load threshold is associated with the second filtering state, and wherein the message load threshold is greater than an additional message load threshold associated with the first filtering state.
  5. 5 . The method of claim 2 , wherein the first filtering state is associated with filtering with a first duty cycle and the second filtering state is associated with filtering with a second duty cycle, the second duty cycle being greater than the first duty cycle.
  6. 6 . The method of claim 2 , wherein determining that the message load indicator associated with the flooding attack exceeds the message load threshold comprises determining that at least one of a utilization of a message handling module exceeds a utilization threshold or an operating temperature of the message handling module exceeds an operating temperature threshold.
  7. 7 . The method of claim 6 , wherein the operating temperature of the message handling module comprises a junction temperature of the message handling module, and wherein the operating temperature threshold comprises a predetermined junction temperature.
  8. 8 . The method of claim 6 , wherein the utilization of the message handling module comprises a numerical correspondence between a verification rate of the message handling module and a verification capacity of the message handling module.
  9. 9 . The method of claim 6 , wherein the utilization of the message handling module is evaluated during listening to messages from the source ID.
  10. 10 . The method of claim 6 , further comprising normalizing the utilization of the message handling module to a total duration of listening to messages from the source ID during an evaluation interval.
  11. 11 . The method of claim 2 , further comprising, prior to determining that the message load indicator associated with the flooding attack exceeds the message load threshold, determining, based on determining that a cumulative messaging rate of a plurality of wireless communication messages comprising the wireless communication message exceeds a cumulative message rate threshold, that the flooding attack is occurring.
  12. 12 . The method of claim 2 , further comprising generating, based on determining that a source-specific message rate associated with the source ID exceeds a source-specific message rate threshold, a filtering list comprising the source ID.
  13. 13 . The method of claim 2 , wherein determining that the message load indicator associated with the flooding attack originating from one or more flooding source IDs of one or more flooding UEs exceeds the message load threshold comprises evaluating the message load indicator over an evaluation interval.
  14. 14 . The method of claim 13 , wherein the evaluation interval comprises a plurality of command intervals.
  15. 15 . The method of claim 14 , wherein enabling filtering comprises ignoring messages from the one or more flooding source IDs and disabling filtering comprises listening to messages from the one or more flooding source IDs, wherein the first filtering state comprises applying different timing offsets to intervals of ignoring messages from the one or more flooding source IDs within individual command intervals of the evaluation interval.
  16. 16 . The method of claim 15 , wherein applying different timing offsets to the intervals of listening to messages from the one or more flooding source IDs within individual command intervals of the evaluation interval comprises listening to messages from the one or more flooding source IDs during different portions of individual command intervals.
  17. 17 . The method of claim 16 , wherein applying different timing offsets to the intervals of ignoring messages from the one or more flooding source IDs within individual command intervals of the evaluation interval comprises cumulatively listening to messages during every timing offset associated with command intervals of the evaluation interval.
  18. 18 . The method of claim 1 , further comprising determining, during intervals of listening to messages from the source ID, that the source ID comprises a cloned source ID.
  19. 19 . The method of claim 18 , further comprising, based on determining that the source ID comprises a cloned source ID, removing the source ID from a filtering list.
  20. 20 . The method of claim 18 , wherein determining that the source ID comprises a cloned source ID comprises identifying that the cloned source ID is associated with a UE based on one or more of historical data, location information, speed, heading, a local database, or crowdsourced information.

Description

FIELD The present disclosure generally relates to mitigation of attacks in wireless communication. For example, aspects of the present disclosure relate to mitigation of concurrent flooding and cloning attacks. BACKGROUND Wireless communication systems are widely deployed to provide various telecommunication services such as telephony, video, data, messaging, and broadcasts. Typical wireless communication systems may employ multiple-access technologies capable of supporting communication with multiple users by sharing available system resources. Examples of such multiple-access technologies include code division multiple access (CDMA) systems, time division multiple access (TDMA) systems, frequency division multiple access (FDMA) systems, orthogonal frequency division multiple access (OFDMA) systems, single-carrier frequency division multiple access (SC-FDMA) systems, and time division synchronous code division multiple access (TD-SCDMA) systems. These multiple access technologies have been adopted in various telecommunication standards to provide a common protocol that enables different wireless devices to communicate on a municipal, national, regional, and even global level. An example telecommunication standard is 5G New Radio (NR). 5G NR is part of a continuous mobile broadband evolution promulgated by Third Generation Partnership Project (3GPP) to meet new requirements associated with latency, reliability, security, scalability (e.g., with Internet of Things (IoT)), and other requirements. 5G NR includes services associated with enhanced mobile broadband (eMBB), massive machine type communications (mMTC), and ultra-reliable low latency communications (URLLC). Some aspects of 5G NR may be based on the 4G Long Term Evolution (LTE) standard. Aspects of wireless communication may comprise direct communication between devices, such as in V2X, vehicle-to-vehicle (V2V), and/or device-to-device (D2D) communication. There exists a need for further improvements in V2X, V2V, and/or D2D technology. These improvements may also be applicable to other multi-access technologies and the telecommunication standards that employ these technologies. SUMMARY The following presents a simplified summary relating to one or more aspects disclosed herein. Thus, the following summary should not be considered an extensive overview relating to all contemplated aspects, nor should the following summary be considered to identify key or critical elements relating to all contemplated aspects or to delineate the scope associated with any particular aspect. Accordingly, the following summary has the sole purpose to present certain concepts relating to one or more aspects relating to the mechanisms disclosed herein in a simplified form to precede the detailed description presented below. Disclosed are systems, apparatuses, methods, and computer-readable media for wireless communication. According to at least one example, a method is provided for wireless communication. The method includes: obtaining a wireless communication message associated with a source identifier (ID); determining that the source ID is associated with a flooding attack; and filtering, based on determining that the source ID is associated with a flooding attack, wireless communication messages associated with the source ID, wherein filtering the wireless communication messages comprises alternating between a first filtering state and a second filtering state, wherein the first filtering state and the second filtering state are associated with different amounts of filtering. In another example, an apparatus for wireless communication is provided that includes at least one memory and at least one processor coupled to the at least one memory. The at least one processor is configured to: obtain a wireless communication message associated with a source identifier (ID); determine that the source ID is associated with a flooding attack; and filter, based on determining that the source ID is associated with a flooding attack, wireless communication messages associated with the source ID, wherein filtering the wireless communication messages comprises alternating between a first filtering state and a second filtering state, wherein the first filtering state and the second filtering state are associated with different amounts of filtering. In another example, a non-transitory computer-readable medium is provided that has stored thereon instructions that, when executed by one or more processors, cause the one or more processors to: obtain a wireless communication message associated with a source identifier (ID); determine that the source ID is associated with a flooding attack; and filter, based on determining that the source ID is associated with a flooding attack, wireless communication messages associated with the source ID, wherein filtering the wireless communication messages comprises alternating between a first filtering state and a second filtering state, wherein the firs