Search

US-12621658-B2 - Security improvements in SL unicast

US12621658B2US 12621658 B2US12621658 B2US 12621658B2US-12621658-B2

Abstract

The exemplary embodiments relate to a computer-readable storage medium, a device, an integrated circuit and a method that perform operations related to a first user equipment (UE) configured with a sidelink (SL) connection with a second UE. The operations include generating an SL counter check request including at least a first count for data transmissions from the first UE to the second UE as determined by the first UE. The operations further include transmitting the request to the second UE and receiving a counter check response to the request, the response comprising at least a second count for data transmissions from the first UE to the second UE as determined by the second UE. The operations further include determining a first difference between the first count and the second count and, when the first difference exceeds a threshold, releasing the SL connection with the second UE.

Inventors

  • Yuqin Chen
  • Srirang A. Lovlekar
  • Zhibin Wu
  • Birgit Breining
  • Dawei Zhang
  • Fangli XU
  • Haijing Hu
  • Longda Xing
  • Rama Diwakara Rao Noolu
  • Sethuraman Gurumoorthy
  • Shu Guo

Assignees

  • APPLE INC.

Dates

Publication Date
20260505
Application Date
20200408

Claims (17)

  1. 1 . A non-transitory computer readable storage medium comprising a set of instructions, wherein the set of instructions when executed by a processor cause the processor to perform operations, comprising: at a first user equipment (UE) configured with a sidelink (SL) connection with a second UE: generating an SL counter check request comprising at least a first count for data transmissions from the first UE to the second UE as determined by the first UE; transmitting the request to the second UE; receiving a counter check response to the request, the response comprising at least a second count for data transmissions from the first UE to the second UE as determined by the second UE; determining a first difference between the first count and the second count; and when the first difference exceeds a threshold, releasing the SL connection with the second UE, wherein the threshold is based on at least a data rate on the SL connection, wherein releasing the SL connection with the second UE comprises sending the second UE a RRCReleaseSidelink message indicating a cause of the release.
  2. 2 . The non-transitory computer readable storage medium of claim 1 , wherein the request comprises a third count for data transmissions from the second UE to the first UE as determined by the first UE and the response comprises a fourth count for data transmissions from the second UE to the first UE as determined by the second UE, the operations further comprising: determining a second difference between the third count and the fourth count; and when the second difference exceeds the threshold, releasing the SL connection with the second UE.
  3. 3 . The non-transitory computer readable storage medium of claim 1 , wherein the request comprises one of a first radio bearer identifier (RB ID) or a first logical channel ID, the first count corresponding to data transmissions over the one of the first RB ID or the first logical channel ID.
  4. 4 . The non-transitory computer readable storage medium of claim 3 , wherein the request comprises one of a second RB ID or a second logical channel ID, wherein the request comprises a fifth count for data transmissions over the one of the second RB ID or the second logical channel.
  5. 5 . The non-transitory computer readable storage medium of claim 1 , wherein the operations further comprise: when the first UE releases the SL connection with the second UE and is in an RRC connected state with a cellular network, reporting the release of the SL connection to the cellular network.
  6. 6 . The non-transitory computer readable storage medium of claim 1 , wherein the threshold is one of (i) configured by a cellular network, (ii) preconfigured or (iii) determined by the first UE based on a characteristic of the first UE or an application executing on the first UE.
  7. 7 . The non-transitory computer readable storage medium of claim 2 , wherein, when an SL connection is uni-directional, one of the first count or the third count is set to 0.
  8. 8 . The non-transitory computer readable storage medium of claim 1 , wherein the first count and the second count comprise at least one most significant bit and at least one bit of lesser significance.
  9. 9 . A non-transitory computer readable storage medium comprising a set of instructions, wherein the set of instructions when executed by a processor cause the processor to perform operations, comprising: at a first user equipment (UE) configured with a sidelink (SL) connection with a second UE: performing, for sidelink acknowledged (AM) data radio bearers (DRBs), header decompression for all stored packet data convergence protocol data units (PDUs); applying a new ciphering algorithm and a new integrity protection algorithm to the DRBs; resetting, for the AM DRBs, the header compression protocol; and starting, for the AM DRBs, NC state in U-mode.
  10. 10 . The non-transitory computer readable storage medium of claim 9 , wherein the new ciphering algorithm and the new integrity protection algorithm are provided by upper layers during the upper layer rekeying.
  11. 11 . The non-transitory computer readable storage medium of claim 9 , wherein a header compression protocol is reset for the AM DRBs and unacknowledged (UM) DRBs.
  12. 12 . The non-transitory computer readable storage medium of claim 11 , wherein, for the UM DRBs, the applying, generating and submitting are performed for each PDCP SDU associated with a PDCP Sequence Number (SN) for which a corresponding PDU has not been submitted to the lower layers.
  13. 13 . The non-transitory computer readable storage medium of claim 11 , wherein, for the AM DRBs, the applying, generating and submitting are performed for each PDCP SDU for which a successful delivery of a corresponding PDCP data PDU has not been confirmed by the lower layers.
  14. 14 . The non-transitory computer readable storage medium of claim 9 , wherein the operations are performed prior to a counter for a PDCP bearer repeats with current keys.
  15. 15 . A non-transitory computer readable storage medium comprising a set of instructions, wherein the set of instructions when executed by a processor cause the processor to perform operations, comprising: at a first user equipment (UE) configured with a sidelink (SL) connection with a second UE and operating with packet data convergence protocol (PDCP) duplication, where multiple logical channels are used: determining a primary SL RLC entity corresponding to a primary logical channel, the primary SL RLC entity having a primary SL RLC identifier (ID) and the primary logical channel having a primary logical channel ID; and transmitting to the second UE an indication that PDCP duplication is in use and the primary SL RLC ID, wherein the second UE uses the primary logical channel ID corresponding to the primary SL RLC ID to decipher transmissions from the first UE.
  16. 16 . The non-transitory computer readable storage medium of claim 15 , wherein the PDCP duplication is based on first UE operating in a carrier aggregation (CA) state.
  17. 17 . The non-transitory computer readable storage medium of claim 15 , wherein the PDCP duplication is based on first UE operating in a dual connectivity (DC) state.

Description

BACKGROUND INFORMATION A user equipment (UE) may be configured with multiple communication links. For example, the UE may receive a signal from a cell of a corresponding network over a downlink and may transmit a signal to the cell of the corresponding network over an uplink. The UE may also be configured to communicate with a further UE via a sidelink (SL). The term sidelink refers to a communication link that may be utilized for device-to-device (D2D) communication. Thus, the SL may facilitate communication between the UE and the further UE without the use of a cell. Various security-related issues may arise in SL communications. SUMMARY In some exemplary embodiments, a computer readable storage medium comprises a set of instructions that when executed by a processor cause the processor to perform operations. The computer readable storage medium may be embodied in a first user equipment (UE) configured with a sidelink (SL) connection with a second UE. The operations include generating an SL counter check request comprising at least a first count for data transmissions from the first UE to the second UE as determined by the first UE The operations further comprise transmitting the request to the second UE and receiving a counter check response to the request, the response comprising at least a second count for data transmissions from the first UE to the second UE as determined by the second UE. The operations further comprising determining a first difference between the first count and the second count and, when the first difference exceeds a threshold, releasing the SL connection with the second UE. In further exemplary embodiments, a computer readable storage medium comprises a set of instructions that when executed by a processor cause the processor to perform operations. The computer readable storage medium may be embodied in a first user equipment (UE) configured with a sidelink (SL) connection with a second UE. The operations include initiating an upper layer rekeying. The operations further comprising resetting a header compression protocol for the SL connection for data radio bearers (DRBs) used in the SL connection and discarding all stored packet data convergence protocol (PDCP) protocol data units (PDUs) and service data units (SDUs). The operations further comprising applying a new ciphering algorithm and a new integrity protection algorithm to the DRBs, generating updated PDCP PDUs using the new ciphering and integrity protection algorithms, and submitting the updated PDCP PDUs to lower layers. In still further exemplary embodiments, a computer readable storage medium comprises a set of instructions that when executed by a processor cause the processor to perform operations. The computer readable storage medium may be embodied in a first user equipment (UE) configured with a sidelink (SL) connection with a second UE and operates with packet data convergence protocol (PDCP) duplication, where multiple logical channels are used, determining a primary SL RLC entity corresponding to a primary logical channel, the primary SL RLC entity having a primary SL RLC identifier (ID) and the primary logical channel having a primary logical channel ID. The operations include transmitting to the second UE an indication that PDCP duplication is in use and the primary SL RLC ID, wherein the second UE uses the primary logical channel ID corresponding to the primary SL RLC ID to decipher transmissions from the first UE. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 shows an exemplary network arrangement according to various exemplary embodiments. FIG. 2 shows an exemplary UE according to various exemplary embodiments. FIG. 3 shows a method for implementing a count check procedure in SL unicast communication between a first UE and a second UE according to various exemplary embodiments. FIG. 4 shows a method for PDCP re-establishment at a first, transmitting UE in SL communication with a second, receiving UE according to various exemplary embodiments. FIG. 5 shows a method for PDCP re-establishment at the second UE of FIG. 4 according to various exemplary embodiments. FIG. 6 shows a method for configuring a primary SL RLC entity for use as a security algorithm in the PDCP layer when PDCP duplication is in use according to various exemplary embodiments. DETAILED DESCRIPTION The exemplary embodiments may be further understood with reference to the following description and the related appended drawings, wherein like elements are provided with the same reference numerals. The exemplary embodiments relate to mechanisms performed at one or more user equipment (UEs) for addressing security-related issues for sidelink (SL) unicast communications. As will be described in detail below, various issues may arise in current SL unicast communications, including a potential for “man-in-the-middle” attacks, failures to properly re-key, and difficulties in determining a correct input for security algorithms. The exemplary embodiments a