[go: up one dir, main page]

WO2019158117A1 - System and method for providing security in a wireless communications system with user plane separation - Google Patents

System and method for providing security in a wireless communications system with user plane separation Download PDF

Info

Publication number
WO2019158117A1
WO2019158117A1 PCT/CN2019/075142 CN2019075142W WO2019158117A1 WO 2019158117 A1 WO2019158117 A1 WO 2019158117A1 CN 2019075142 W CN2019075142 W CN 2019075142W WO 2019158117 A1 WO2019158117 A1 WO 2019158117A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
access node
ran
entity
cryptographic keys
Prior art date
Application number
PCT/CN2019/075142
Other languages
French (fr)
Inventor
Ahmad Shawky MUHANNA
William Anthony Gage
Marcus Wong
Xiaochun Xiong
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2019158117A1 publication Critical patent/WO2019158117A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present disclosure relates generally to a system and method for digital communications, and, in particular embodiments, to a system and method for providing security in a wireless communications system with user plane separation.
  • a security key is used to secure communications on a per-user equipment (UE) basis.
  • UE per-user equipment
  • a UE has a single encryption key for user plane (UP) traffic that is used to encrypt all UP traffic between the UE and a serving radio access network (RAN) node such as an evolved NodeB (eNB) .
  • RAN radio access network
  • eNB evolved NodeB
  • the same per-UE granularity is also used for other keys associated with the UE.
  • a Next Generation (NG) RAN node such as a New Radio (NR) NodeB (commonly referred to as a gNB or a next generation eNB (ng-eNB) ) one or more distributed units (DUs) may reside in a physically different location from a central unit (CU) .
  • the NG RAN node is referred to as having a split architecture.
  • the split architecture RAN node may also support the control plane (CP) and UP split with an option of the CU-CP being split from the CU-UP, with each potentially being in different security domains.
  • CP control plane
  • UP split with an option of the CU-CP being split from the CU-UP, with each potentially being in different security domains.
  • CP control plane
  • UP split with an option of the CU-CP being split from the CU-UP, with each potentially being in different security domains.
  • Having the same key (or keys) at different entities providing UP connectivity at different physical locations may pose a security
  • Example embodiments provide a system and method for providing security in a wireless communications system with user plane separation.
  • a computer-implemented method for operating a network node in a radio access network includes determining, by the network node, a user plane (UP) resource of the RAN anchored at a UP entity of the RAN, generating, by the network node, a UP key set identifier to be associated with a set of UP cryptographic keys, where the set of UP cryptographic keys are to be associated with the UP resource, sending, by the network node, to a user equipment (UE) , a control plane (CP) message including the UP key set identifier and an identifier associated with the UP resource, generating, by the network node, the set of UP cryptographic keys in accordance with the UP key set identifier, and sending, by the network node, to the UP entity of the RAN, the set of UP cryptographic keys and the identifier associated with the UP resource, wherein the UP entity of the RAN cryptographical
  • generating the set of UP cryptographic keys comprises providing at least the UP key set identifier and a security key associated with the network node to a key derivation function used to derive the set of UP cryptographic keys.
  • UP key set identifier is a number or counter maintained by the network node.
  • UP key set identifier has one of a numerical value, an alphanumeric value, or a bit string value.
  • UP key set identifier is randomly generated, and wherein the UP key set identifier is monotonically increasing or monotonically decreasing with respect to a previously generated UP key set identifier associated with the UP resource of the RAN.
  • UP key set identifier is sequentially incremented or decremented with respect to a previously generated UP key set identifier associated with the UP resource of the RAN.
  • the UP key set identifier comprises an index to a set of randomly generated numbers, and wherein the set of UP cryptographic keys is generated in accordance with the randomly generated number associated with the index.
  • CP message comprises a radio resource control (RRC) message.
  • RRC radio resource control
  • the UP resource of the RAN comprises one of: the UE, a data radio bearer (DRB) associated with the UE, a group of one or more DRBs associated with the UE, a protocol data unit (PDU) session associated with the UE, a group of one or more PDU sessions associated with the UE, a quality of service (QoS) flow associated with the UE, a group of one or more QoS flows associated with the UE, a packet flow associated with the UE, a group of one or more packet flows associated with the UE, or the UP entity of the RAN.
  • DRB data radio bearer
  • PDU protocol data unit
  • QoS quality of service
  • the UP key set identifier is any one of: a numerical value, an alphanumeric value, a bit string value, or an index to a set of randomly generated numbers, wherein the set of UP cryptographic keys is generated in accordance with the randomly generated number associated with the index.
  • a computer-implemented method for operating a network node in a RAN includes determining, by the network node, that a first DRB of a UE is anchored at a first UP entity of the RAN, and based thereon, generating, by the network node, a first UP key set identifier associated with the first UP entity of the RAN, sending, by the network node, to the UE, a first CP message including the first UP key set identifier and an identifier associated with the first DRB, generating, by the network node, a first set of UP cryptographic keys, the generating in accordance with the first UP key set identifier, and sending, by the network node, to the first UP entity of the RAN, the first UP key set identifier, the first set of UP cryptographic keys and the identifier associated with the first DRB, wherein the first UP entity of the RAN cryptographically protects
  • a first implementation form of the computer-implemented method according to the second aspect as such further comprising determining, by the network node, that a second DRB of the UE is anchored at a second UP entity of the RAN, and based thereon, generating, by the network node, a second UP key set identifier associated with the second UP entity of the RAN, sending, by the network node, to the UE, a second CP message including the second UP key set identifier and an identifier associated with the second DRB, generating, by the network node, a second set of UP cryptographic keys, the generating in accordance with the second UP key set identifier, and sending, by the network node, to the second UP entity of the RAN, the second UP key set identifier, the second set of UP cryptographic keys and the identifier associated with the second DRB, wherein the second UP entity of the RAN cryptographically protects UP traffic conveyed over the second DRB using the second
  • a second implementation form of the computer-implemented method according to the second aspect as such or any preceding implementation form of the second aspect further comprising determining, by the network node, that a third DRB of the UE is anchored at the first UP entity of the RAN, and based thereon, sending, by the network node, to the UE, a third CP message including the first UP key set identifier and an identifier associated with the third DRB, and sending, by the network node, to the first UP entity of the RAN, the first UP key set identifier and the identifier associated with the third DRB, wherein the first UP entity of the RAN cryptographically protects UP traffic conveyed over the third DRB using the first set of UP cryptographic keys.
  • a computer-implemented method for operating a network node in a RAN includes determining, by the network node, that a second network node of the RAN is a target for a handover of a UE, sending, by the network node, a network control plane (NCP) request message to the second network node, the NCP request message comprising a first set of UP resources of the RAN that are associated with the UE, receiving, by the network node, an NCP response message from the second network node, the NCP response message comprising a second set of UP resources of the RAN that are to be associated with the UE and, for each UP resource in the second set of UP resources, a corresponding UP key set identifier, and sending, by the network node, a CP message to the UE, the CP message comprising the second set of UP resources and, for each UP resource in the second set of UP resources, the corresponding UP
  • NCP network control plane
  • the NCP request message further comprises a corresponding UP key set identifier for each UP resource in the first set of UP resources.
  • a computer-implemented method for operating a UE in a RAN includes receiving, by the UE, a CP message, the CP message comprising identities of multiple UP resources of the RAN and multiple UP key set identifiers with each UP resource associated with one of the UP key set identifiers, generating, by the UE, a set of UP cryptographic keys for each one of the UP key set identifiers, the generating in accordance with the UP key set identifier, and using, by the UE, the set of UP cryptographic keys corresponding to the UP key set identifier associated with a UP resource to cryptographically protect UP traffic conveyed over the UP resource.
  • the CP message comprises a handover command and the UP resources comprise UP resources of the RAN associated with a handover target RAN node.
  • a network node in a RAN includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage.
  • the one or more processors execute the instructions to determine a UP resource of the RAN anchored at a UP entity of the RAN, generate a UP key set identifier to be associated with a set of UP cryptographic keys, where the set of UP cryptographic keys are to be associated with the UP resource, send to a UE, a CP message including the UP key set identifier and an identifier associated with the UP resource, generate the set of UP cryptographic keys in accordance with the UP key set identifier, and send to the UP entity of the RAN, the set of UP cryptographic keys and the identifier associated with the UP resource, wherein the UP entity of the RAN cryptographically protects UP traffic conveyed over the UP resource using the set of UP cryptographic keys.
  • the one or more processors further execute the instructions to provide at least the UP key set identifier and a security key associated with the network node to a key derivation function used to derive the set of UP cryptographic keys.
  • the UP key set identifier is a number or counter maintained by the network node.
  • UP key set identifier has one of a numerical value, an alphanumeric value, or a bit string value.
  • UP key set identifier is randomly generated, and wherein the UP key set identifier is monotonically increasing or monotonically decreasing with respect to a previously generated UP key set identifier associated with the UP resource of the RAN.
  • UP key set identifier is sequentially incremented or decremented with respect to a previously generated UP key set identifier associated with the UP resource of the RAN.
  • the UP key set identifier comprises an index to a set of randomly generated numbers, and wherein the set of UP cryptographic keys is generated in accordance with the randomly generated number associated with the index.
  • CP message comprises a RRC message.
  • the UP resource of the RAN comprises one of: the UE, a DRB associated with the UE, a group of one or more DRBs associated with the UE, a PDU session associated with the UE, a group of one or more PDU sessions associated with the UE, a QoS flow associated with the UE, a group of one or more QoS flows associated with the UE, a packet flow associated with the UE, a group of one or more packet flows associated with the UE, or the UP entity of the RAN.
  • the set of UP cryptographic keys comprises one or both of: an integrity protection key or an encryption key.
  • a network node in a RAN includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage.
  • the one or more processors execute the instructions to determine that a first DRB of a UE is anchored at a first UP entity of the RAN, and based thereon, generate a first UP key set identifier associated with the first UP entity of the RAN, send to the UE, a first CP message including the first UP key set identifier and an identifier associated with the first DRB, generate a first set of UP cryptographic keys in accordance with the first UP key set identifier, and send to the first UP entity of the RAN, the first UP key set identifier, the first set of UP cryptographic keys and the identifier associated with the first DRB, wherein the first UP entity of the RAN cryptographically protects UP traffic conveyed over the first DRB using the first set of UP crypto
  • the one or more processors further execute the instructions to determine that a second DRB of the UE is anchored at a second UP entity of the RAN, and based thereon, generate a second UP key set identifier associated with the second UP entity of the RAN, send to the UE, a second CP message including the second UP key set identifier and an identifier associated with the second DRB, generate a second set of UP cryptographic keys in accordance with the second UP key set identifier, and send to the second UP entity of the RAN, the second UP key set identifier, the second set of UP cryptographic keys and the identifier associated with the second DRB, wherein the second UP entity of the RAN cryptographically protects UP traffic conveyed over the second DRB using the second set of UP cryptographic keys.
  • the one or more processors further execute the instructions to determine that a third DRB of the UE is anchored at the first UP entity of the RAN, and based thereon, send to the UE, a third CP message including the first UP key set identifier and an identifier associated with the third DRB, and send to the first UP entity of the RAN, the first UP key set identifier and the identifier associated with the third DRB, wherein the first UP entity of the RAN cryptographically protects UP traffic conveyed over the third DRB using the first set of UP cryptographic keys.
  • a network node in a RAN includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage.
  • the one or more processors execute the instructions to determine that a second network node of the RAN is a target for a handover of a UE, send a NCP request message to the second network node, the NCP request message comprising a first set of UP resources of the RAN that are associated with the UE, receive an NCP response message from the second network node, the NCP response message comprising a second set of UP resources of the RAN that are to be associated with the UE and, for each UP resource in the second set of UP resources, a corresponding UP key set identifier, and send a CP message to the UE, the CP message comprising the second set of UP resources and, for each UP resource in the second set of UP resources, the corresponding UP key set identifier.
  • the NCP request message further comprises a corresponding UP key set identifier for each UP resource in the first set of UP resources.
  • a UE in a RAN includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage.
  • the one or more processors execute the instructions to receive a CP message, the CP message comprising identities of multiple UP resources of the RAN and multiple UP key set identifiers with each UP resource associated with one of the UP key set identifiers, generate a set of UP cryptographic keys for each one of the UP key set identifiers in accordance with the UP key set identifier, and use the set of UP cryptographic keys corresponding to the UP key set identifier associated with a UP resource to cryptographically protect UP traffic conveyed over the UP resource.
  • the CP message comprises a handover command and the UP resources comprise UP resources of the RAN associated with a handover target RAN node.
  • a computer-implemented method for operating an access node includes determining, by the access node, a UP resource of the access node anchored at a UP entity of the access node to be associated with a set of UP cryptographic keys, generating, by the access node, a UP key value associated with the UP resource, sending, by the access node, to a UE, a CP message including the UP key value, generating, by the access node, a local version of UP cryptographic keys in accordance with the UP key value, and sending, by the access node, to the UP entity of the access node, the local version of UP cryptographic keys.
  • the UP key value is a global number or counter maintained by the access node.
  • generating the local version of UP cryptographic keys comprises providing the UP key value and a security key associated with the access node to a key derivation function used to generate the local version of UP cryptographic keys.
  • UP key value has one of a numerical value, or an alphanumeric value.
  • UP key value is randomly generated, and wherein the UP key value is monotonically increasing or monotonically decreasing with respect to a previously generated UP key value associated with the UP resource of the access node anchored at the UP entity of the access node.
  • UP key value is sequentially incremented or decremented with respect to a previously generated UP key value associated with the UP resource of the access node anchored at the UP entity of the access node.
  • the CP message further comprises an identifier of the UP resource of the access node anchored at the UP entity of the access node.
  • CP message comprises a radio resource control connection reconfiguration (RRCConnectionReconfiguration) message.
  • RRCConnectionReconfiguration radio resource control connection reconfiguration
  • the UP key value comprises an index to a randomly generated number
  • the local version of UP cryptographic keys is also generated in accordance with the randomly generated number
  • the UP resource comprises one of a DRB, a PDU session, a UE, or a UP entity of the access node.
  • the local version of UP cryptographic keys comprises an integrity key associated with the UP resource of the access node and an encryption key associated with the UP resource of the access node.
  • a computer-implemented method for operating a first access node includes determining, by the first access node, that a DRB of a UE is anchored at a UP entity of a second access node, and based thereon, generating, by the first access node, a UP key value associated with the DRB anchored at the UP entity of the second access node, sending, by the first access node, to the UE, a first CP message including the UP key value, generating, by the first access node, a first local version of UP cryptographic keys associated with the DRB anchored at the UP entity of the second access node, the generating in accordance with the UP key value, and sending, by the first access node, to the UP entity of the second access node, the first local version of UP cryptographic keys.
  • a first implementation form of the computer-implemented method according to the tenth aspect as such further comprising determining, by the first access node, that no DRB is anchored at any UP entity of the second access node, and based thereon, sending, by the first access node, to the UE, a second CP message not including the UP key value, generating, by the first access node, a second local version of UP cryptographic keys without the UP key value, and sending, by the first access node, to UP entities of the second access node, the second local version of UP cryptographic keys.
  • generating the first local version of UP cryptographic keys comprises providing, by the first access node, the UP key value and a security key associated with the second access node to a key derivation function used to generate UP cryptographic keys.
  • the first access node comprises a source access node
  • the second access node comprises a target access node
  • a computer-implemented method for operating a UE includes determining, by the UE, that a CP message includes a UP key value associated with a UP resource of a first access node, and based thereon, generating, by the UE, first UP cryptographic keys associated with the UP resource in accordance with the UP key value and a security key associated with the first access node, and securing, by the UE, UP traffic with the first UP cryptographic keys prior to sending the UP traffic to the first access node.
  • a first implementation form of the computer-implemented method according to the eleventh aspect as such further comprising determining, by the UE, that the CP message does not include the UP key value, and based thereon, generating, by the UE, second UP cryptographic keys in accordance with the security key associated with the first access node, and securing, by the UE, UP traffic with the second UP cryptographic keys prior to sending the UP traffic to the first access node.
  • the UP key value is associated with a UP resource of a second access node, and wherein the UP key value is forwarded to the UE from the second access node through the first access node.
  • a third implementation form of the computer-implemented method according to the eleventh aspect as such or any preceding implementation form of the eleventh aspect further includes generating, by the UE, third UP cryptographic keys associated with the UP resource in the second access node in accordance with the UP key value and a security key associated with the second access node, and securing, by the UE, UP traffic with the third UP cryptographic keys prior to sending the UP traffic to the second access node.
  • an access node includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage.
  • the one or more processors execute the instructions to determine a UP resource of the access node anchored at a UP entity of the access node to be associated with a set of UP cryptographic keys, generate a UP key value associated with the UP resource, send to a UE, a CP message including the UP key value, generate a local version of UP cryptographic keys in accordance with the UP key value, and send to the UP entity of the access node, the local version of UP cryptographic keys.
  • the UP key value is a global number or counter maintained by the access node.
  • the one or more processors further execute the instructions to providing the UP key value and a security key associated with the access node to a key derivation function used to generate the local version of UP cryptographic keys.
  • UP key value is randomly generated, and wherein the UP key value is monotonically increasing or monotonically decreasing with respect to a previously generated UP key value associated with the UP resource of the access node anchored at the UP entity of the access node.
  • UP key value is sequentially incremented or decremented with respect to a previously generated UP key value associated with the UP resource of the access node anchored at the UP entity of the access node.
  • the UP resource comprises one of a DRB, a PDU session, a UE, or a UP entity of the access node.
  • a first access node includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage.
  • the one or more processors execute the instructions to determine that a DRB of a UE is anchored at a UP entity of a second access node, and based thereon, generate a UP key value associated with the DRB anchored at the UP entity of the second access node, send to the UE, a first CP message including the UP key value, generate a first local version of UP cryptographic keys associated with the DRB anchored at the UP entity of the second access node in accordance with the UP key value, and send to the UP entity of the second access node, the first local version of UP cryptographic keys.
  • the one or more processors further execute the instructions to determine that no DRB is anchored at any UP entity of the second access node, and based thereon, send to the UE, a second CP message not including the UP key value, generate a second local version of UP cryptographic keys without the UP key value, and send to UP entities of the second access node, the second local version of UP cryptographic keys.
  • the one or more processors further execute the instructions to provide the UP key value and a security key associated with the second access node to a key derivation function used to generate UP cryptographic keys.
  • first access node comprises a source access node
  • second access node comprises a target access node
  • a UE includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage.
  • the one or more processors execute the instructions to determine that a CP message includes a UP key value associated with a UP resource of a first access node, and based thereon, generate first UP cryptographic keys associated with the UP resource in accordance with the UP key value and a security key associated with the first access node, and secure UP traffic with the first UP cryptographic keys prior to sending the UP traffic to the first access node.
  • the one or more processors further execute the instructions to determine that the CP message does not include the UP key value, and based thereon, generate second UP cryptographic keys in accordance with the security key associated with the first access node, and secure UP traffic with the second UP cryptographic keys prior to sending the UP traffic to the first access node.
  • the UP key value is associated with a UP resource of a second access node, and wherein the UP key value is forwarded to the UE from the second access node through the first access node.
  • the one or more processors further execute the instructions to generate third UP cryptographic keys associated with the UP resource in the second access node in accordance with the UP key value and a security key associated with the second access node, and secure UP traffic with the third UP cryptographic keys prior to sending the UP traffic to the second access node.
  • FIG. 1 illustrates an example communications system according to example embodiments described herein;
  • Figure 2 illustrates an example NG RAN node according to example embodiments described herein;
  • Figures 3A-3C illustrate example NG RAN node CP-UP separation scenarios according to example embodiments described herein;
  • Figure 4 illustrates an example NG RAN node CP-UP separation scenario highlighting UP separation with a per-PDU session granularity according to example embodiments described herein;
  • Figure 5 illustrates a diagram of communications exchanged and processing performed by devices or entities participating in the establishment of PDU sessions that are secured at two different CU-UP entities according to example embodiments described herein;
  • Figure 6A illustrates a diagram of communications exchanged and processing performed by devices or entities participating in a HO procedure, where the target RAN node does not support anchoring the UP traffic of a UE at multiple CU-UP entities and user plane key number (UPKN) values are communicated in the HO procedure according to example embodiments described herein;
  • UPKN user plane key number
  • Figure 6B illustrates a diagram of communications exchanged and processing performed by devices or entities participating in a HO procedure, where the target RAN node does not support anchoring the UP traffic of a UE at multiple CU-UP entities and UPKN values are not communicated in the HO procedure according to example embodiments described herein;
  • Figure 7 illustrates a diagram of communications exchanged and processing performed by devices or entities participating in a HO procedure, where the target RAN node does not support anchoring the UP traffic of a UE at multiple CU-UP entities and UPKN values are not communicated between source and target RAN nodes in the HO procedure according to example embodiments described herein;
  • Figure 8 illustrates a flow diagram of example operations occurring in a CU-CP entity configuring security keys for CU-UP entities for a RAN node allowing the anchoring of UP traffic of a UE at multiple CU-UP entities according to example embodiments described herein;
  • Figure 9 illustrates a flow diagram of example operations occurring in a CU-CP entity configuring security keys for CU-UP entities for a RAN node allowing the anchoring of UP traffic of a UE at multiple CU-UP entities with DRB granularity scope according to example embodiments described herein;
  • Figure 10 illustrates a flow diagram of example operations occurring in a UE participating in DRB configuration according to example embodiments described herein;
  • Figure 11 illustrates a flow diagram of example operations occurring in a source CU-CP entity participating in a HO procedure according to example embodiments described herein;
  • Figure 12 illustrates an example key hierarchy, highlighting additions incorporated in the key hierarchy according to example embodiments described herein;
  • Figure 13 illustrates an example communication system according to example embodiments described herein;
  • FIGS 14A and 14B illustrate example devices that may implement the methods and teachings according to this disclosure.
  • Figure 15 is a block diagram of a computing system that may be used for implementing the devices and methods disclosed herein.
  • FIG. 1 shows an example communications system 100 employing next generation (NG) radio access network (RAN) nodes.
  • Communications system 100 includes a plurality of user equipment (UE) , such as UE 105, UE 107, and UE 109.
  • UE user equipment
  • Communications system 100 also includes a disaggregated RAN node 150 with distributed units (DUs) , such as DU 110 and DU 112.
  • DUs distributed units
  • Communications system 100 also includes an aggregated RAN node 115 that serves UE 109, for example, without utilizing the split CU-DU design.
  • Disaggregated RAN node 150 also includes a centralized unit (CU) 120, which includes a user plane (UP) protocol stack component 122 and a control plane (CP) protocol stack component 124.
  • CU 120 is connected to the DUs, as well as other RAN nodes 115 and core network (CN) 125.
  • UP user plane
  • CP control plane
  • RAN nodes may also be referred to as access nodes, network controllers, control nodes, base stations, access points, transmission points (TPs) , transmission-reception points (TRPs) , cells, carriers, macro cells, femtocells, pico cells, and so on, while UEs may also be commonly referred to as mobile stations, mobiles, terminals, users, subscribers, stations, and the like.
  • TPs transmission points
  • TRPs transmission-reception points
  • UEs may also be commonly referred to as mobile stations, mobiles, terminals, users, subscribers, stations, and the like.
  • communications systems may employ multiple network entities capable of communicating with a number of UEs, one disaggregated RAN node with only one CU, two DUs, one aggregated RAN node, and three UEs are illustrated for simplicity.
  • the network topology in Figure 1 is exemplary, and particular networks may embody different topologies.
  • the DUs of a communications system might not connect directly to a neighboring RAN node (interface R3 in the figure) , and some cellular systems could operate in a so-called “standalone” mode without interworking with any neighboring system. Therefore, the communications system shown in Figure 1 should not be construed as being limiting to either the scope or spirit of the example embodiments.
  • DUs implement a portion of the protocol stack.
  • the DUs include physical (PHY) sublayer, media access control (MAC) sublayer, and radio link control (RLC) sublayer entities.
  • DU 110 includes PHY sublayer entity 130, MAC sublayer entity 132, and RLC sublayer entity 134.
  • the CUs also implement a portion of the protocol stack.
  • the CUs implement service data adaptation protocol (SDAP) and packet data convergence protocol (PDCP) layer or sublayer entities in the user plane, and radio resource control (RRC) and PDCP layer or sublayer entities in the control plane.
  • SDAP service data adaptation protocol
  • PDCP packet data convergence protocol
  • RRC radio resource control
  • the control plane protocol stack component 124 of CU 120 includes RRC and PDCP sublayer entities 135.
  • RRC and PDCP sublayer entities are shown as a combined entity 135, they may be implemented as a single entity or as separate entities, depending on the implementation of the CU.
  • Cryptographic operations such as encryption or decryption and message integrity protection are performed by the PDCP sublayer entity in both the control plane and the user plane.
  • Communications system 100 illustrates a hierarchical model of the NG RAN design, with one CU managing many DUs (e.g., CU 120 managing DUs 110 and 112) .
  • the hierarchical model shown in Figure 1 illustrates a centralized CU and distributed DUs.
  • Figure 1 focusses on the portion of an NG RAN under the management of one CU. In general, a UE is served by one DU, and as a UE moves around, the link between UE and DU is relocated or switched to different DUs.
  • a RAN node may be an NR RAN node (gNB) , an LTE RAN node (eNB) or an evolved next generation eNB (ng-eNB) connected either to a 4G evolved packet core (EPC) CN or to a 5G CN (5GC) .
  • gNB NR RAN node
  • eNB LTE RAN node
  • ng-eNB evolved next generation eNB
  • EPC 4G evolved packet core
  • 5GC 5G CN
  • - CU a central entity for both CP and UP.
  • - DU a distributed entity for radio deployment.
  • One DU may be responsible for one or more cells.
  • - cell a cell provides radio connectivity to one or more UEs.
  • the identity of a cell e.g., a physical cell identity (PCI)
  • PCI physical cell identity
  • Figure 2 illustrates an example NG RAN node 200.
  • NG RAN node 200 includes a CU 210 controlling a plurality of DUs, such as DU 220, DU 222, and DU 224.
  • the DUs shown in Figure 2 may be located at a single physical location (in a single entity, in multiple entities, or a combination of single and multiple entities) or at multiple physical locations (in multiple entities, or a combination of single and multiple entities) .
  • a security key hierarchy is defined based on the following:
  • EPS-AKA Evolved Packet System Authentication and Key Agreement
  • HSS Home Subscriber Server
  • USIM Universal Subscriber Identity Module
  • a main master session key K ASME resides in the Mobile Equipment (ME) and the Mobility Management Entity (MME) .
  • KeNB A RAN master session key KeNB is derived for use between the UE and the eNB, with RRC and UP cryptographic keys derived from KeNB.
  • KgNB 3GPP Fifth Generation (5G) systems in 3GPP Technical Standard (TS) 33.501 where a RAN master session key KgNB is derived for use between the UE and the gNB, with RRC and UP cryptographic keys derived from KgNB.
  • KgNB a RAN master session key
  • RRC and UP cryptographic keys derived from KgNB.
  • NH Next Hop
  • NCC Next Chain Counter
  • the different NCC conveys to the UE an indication to generate a new NH key corresponding to the different NCC and to use the new NH key to derive a new master session key KgNB. This is referred to as vertical key derivation.
  • the conventional security key hierarchy has the main principle that any derived key is a per-UE granularity key.
  • the UE has a single encryption key (Kupenc) for UP traffic that is used to encrypt all UP traffic between the UE and the RAN node.
  • Kupenc UP integrity protection key
  • Krrcint RRC control plane integrity protection key
  • Krrcenc RRC control plane encryption key
  • a RAN node supports a split CU-DU architecture where one or more DUs may reside at physically different locations from the CU controlling them.
  • a RAN node also supports the CU-CP and CU-UP split with CU-CP and CU-UP potentially residing in different physical locations, i.e., different security domains.
  • the UP traffic of the UE may no longer be anchored at a single CU-UP entity. This means that, for a particular UE, some UP traffic could be anchored at a first entity (e.g., CU-UP entity 1) and some UP traffic can be anchored at a second entity (e.g., CU-UP entity 2) .
  • a first entity e.g., CU-UP entity 1
  • a second entity e.g., CU-UP entity 2
  • the conventional UP cryptographic key hierarchy which assumes there is a single UP cryptographic key set (Kupint and Kupenc) used between the UE and the RAN node, is no longer secure because the same Kupint and Kupenc key set will be distributed to multiple CU-UP entities, thereby creating a security risk –i.e., if one CU-UP entity is compromised, then a door is opened for compromising the UE UP traffic at other CU-UP entities.
  • CU-UP entity 1 and CU-UP entity 2 the example embodiments presented herein are operable with any plurality of entities.
  • the NG RAN architecture supports a virtualized slice-based architecture.
  • a UE may be connected to more than one slice.
  • the possibility of each one of two (or more) slices being anchored at two (or more) different CU-UP entities is valid.
  • systems and methods for supporting UP cryptographic key separation where a single UP cryptographic key is not shared between multiple CU-UP entities are also needed.
  • each slice may reside on a different virtual machine, and thus, UP cryptographic key separation between the slices is also required.
  • Figure 3A illustrates a first example CP-UP separation scenario 300.
  • a RAN node 305 includes a central CP entity 307 and a distributed entity 309.
  • Central CP entity 307 includes a CU-CP 311, while distributed entity 309 includes a DU 313 and a CU-UP 315.
  • the R1-C interface between the CU-CP 311 and DU 313 may, for example, be a 3GPP F1-C or V1-C interface.
  • the R1-U interface between the CU-UP 315 and DU 313 may, for example, be a 3GPP F1-U or V1-U interface.
  • the R2-C interface between the CU-CP 311 and CU-UP 315 may, for example, be a 3GPP E1 interface.
  • Figure 3B illustrates a second example CP-UP separation scenario 320.
  • a RAN node 325 includes a central UP entity 327 and a distributed entity 329.
  • Central UP entity 327 includes a CU-UP 331
  • distributed entity 329 includes a CU-CP 333 and a DU 335.
  • Figure 3C illustrates a third example CP-UP separation scenario 340.
  • a RAN node 345 includes a central UP entity 347, a central CP entity 349, and a distributed entity 351.
  • Central UP entity 347 includes a CU-UP 353
  • central CP entity 349 includes a CU-CP 355, while distributed entity 351 includes a DU 357.
  • a UE may establish multiple protocol data unit (PDU) sessions with the core network. Over the Uu interface between a UE and RAN, UP traffic for a particular PDU session is conveyed over one or more data radio bearers (DRBs) dedicated to that session. Depending on UP traffic requirements, different PDU sessions may be assigned to different CU-UP entities. For example, a PDU session requiring a low latency connection to an external network may use CP-UP separation scenario 300 ( Figure 3A) where the CU-UP 315 is connected via NG-U to a local break-out function.
  • DRBs data radio bearers
  • a PDU session requiring higher security for user plane connections may use CP-UP separation scenario 340 ( Figure 3C) where the CU-UP 331 housing the PDCP entity responsible for UP cryptographic functions is located in a secure data center.
  • Scenario 320 ( Figure 3B) may be used, for example, to protect UP traffic over a backhaul network between the CU-UP 331 and DU 335 using the PDCP cryptographic functions located in the CU-UP 331.
  • a valid master key KgNB that may correspond to information pair ⁇ NH and NCC ⁇ .
  • Other security keys such as RRC and UP encryption and integrity protection keys, are derivatives of the master key KgNB and may, therefore, be referenced by the same information pair ⁇ NH and NCC ⁇ .
  • RRC and UP encryption and integrity protection keys are derivatives of the master key KgNB and may, therefore, be referenced by the same information pair ⁇ NH and NCC ⁇ .
  • RRC keys Krrcent and Krrcint
  • the security for UE UP traffic may no longer be uniquely identified using the same information pair ⁇ NH and NCC ⁇ . Instead the information pair may be used to reference a group of UP security keys between the UE and the RAN.
  • a new dimension (or variable) is provided that is applicable to UP security keys is associated with specific UE traffic that is terminated at a specific CU-UP entity.
  • the new dimension does not reveal any information that may be used to identify the network topology.
  • the new dimension is a key set identifier referred to as a user plane key number (UPKN) .
  • UPKN user plane key number
  • UPKN user plane key number
  • a secure mechanism that enables UP cryptographic key separation between different UP traffic of a UE while the UE is connected to a RAN node. All options provide full network control, flexibility, and granularity of the UP cryptographic key may be as fine as on a per-DRB basis. However other granularities of the UP cryptographic key (such as per-UE, per group of DRBs, per-PDU session, per group of PDU sessions, per-UP entity, per-Quality of Service (QoS) flow, per group of QoS flows, per-packet flow, per group of packet flows, and so on) are possible.
  • QoS Quality of Service
  • a UPKN is an identifier assigned by the RAN node to a UP cryptographic key set and is communicated to the UE.
  • a UPKN value may be an arbitrary identifier and may, for example, be a random number. The UPKN values do not need to be sequential.
  • the UPKN value is used as an input to a key derivation function (KDF) ; other parameters that are required inputs to the KDF are also provided, including KgNB.
  • KDF key derivation function
  • Both the UE and the RAN node derive the same keys (Kupint and Kupenc) with the same granularity of the UP cryptographic key, e.g., per-DRB, per-PDU session, per RAN node CU-UP entity, per UE, and so on.
  • the KDF may be a conventional 3GPP key derivation function; example inputs to the KDF may include:
  • - P0 algorithm type distinguisher (e.g., 0x00, 0x01, and so on) ,
  • - P1 algorithm identity (e.g., 0x00, 0x01, and so on) ,
  • the RAN node may assign the same UPKN value to all DRBs that associated with the UE.
  • the RAN node if the RAN node supports multiple CU-UP entities and the UE does not support the use of the UPKN, the RAN node does not send the UPKN value to the UE and thus the UE and RAN node follow the conventional UP cryptographic key derivation without the split functionality. In this instance, all UE UP traffic is handled by a single CU-UP entity.
  • the RAN node can reserve the UPKN value of zero (although other values are possible) to indicate to the UE that UP cryptographic key separation is not needed. In other words, the UPKN value of zero (or some other reserved value) can have a special meaning.
  • a secure mechanism that enables UP cryptographic key separation between different UP traffic of a UE while the UE is connected to a RAN node. All options provide full network control, flexibility, and UP cryptographic key granularity as fine as on a per-DRB basis. However, other UP cryptographic key granularities (such as per-UE, per-PDU session, per-UP entity, and so on) are possible.
  • a UPKN is an identifier assigned by the RAN node to a UP cryptographic key set and is communicated to the UE.
  • the UPKN may be used as a counter. It may be sequential, e.g., 0, 1, 2, 3, and so on; 255, 254, 253, and so on; A, B, C, and so on; A1, A2, A3, and so on; or Z, Y, X, and so on (other values may be possible) .
  • the UPKN may be used as a counter to point to a random number generation scheme that is systematically and sequentially generates the same random number per UPKN at the UE and the RAN node.
  • a User Next PDU (UND) key which is generated by a random number generating scheme associated with the specific UPKN, may be used as an additional input to the KDF that is used to generate keys Kupint and Kupenc.
  • Example inputs to the KDF may include:
  • - P0 algorithm type distinguisher (e.g., 0x00, 0x01, and so on) ,
  • - P1 algorithm identity (e.g., 0x00, 0x01, and so on) ,
  • the RAN node may assign the same UPKN to all DRBs that belong to the UE.
  • An example UND key generation technique comprises:
  • An initial UND0 key is generated by having an initial KgNB and an initial RRC session identifier as input to the KDF, thereby generating UND0 for UPKN value of zero,
  • - UND1 is derived by having the current KgNB and UND0 as input to the KDF, thereby generating a key that maps to UPKN value of one,
  • - UND2 is derived by having the current KgnB, UND0, and UND1 as input to the KDF, thereby generating a key that maps to UPKN value of two,
  • - UND3 is derived by having the current KgnB, UND0, UND1, and UND2 as input to the KDF, thereby generating a key that maps to UPKN value of three, and so on.
  • the UND that maps to the UPKN is used as an additional input to the KDF to generate keys Kupint and Kupenc.
  • a secure mechanism that enables UP cryptographic key separation between different UP traffic of a UE while the UE is connected to a RAN node, with a per-RAN node CU-UP entity granularity.
  • a UPKN is assigned by the CU-CP for each CU-UP entity.
  • a KgNB for a first CU-UP entity, CU-UP (1) is derived from KgNB and a first UPKN, UPKN (1) ;
  • a KgNB for a second CU-UP entity, CU-UP (2) is derived from KgNB and a second UPKN, UPKN (2) ; and so on.
  • Kupint is derived from KgNB for CU-UP (1) and parameters for integrity check algorithm identity and integrity check algorithm length for CU-UP (1)
  • Kupenc is derived from KgNB for CU-UP (1) and parameters for encryption algorithm identity and encryption algorithm length.
  • Kupint is derived from KgNB for CU-UP (2) and parameters for integrity check algorithm identity and integrity check algorithm length for CU-UP (2)
  • Kupenc is derived from KgNB for CU-UP (2) and parameters for encryption algorithm identity and encryption algorithm length.
  • the CU-CP entity assigns a unique UPKN to each CU-UP entity, denoted UPKN (i) for CU-UP (i) , which is also provided to the UE.
  • UPKN (i) for CU-UP (i)
  • a Kupint is derived in accordance with the KgNB for the CU-UP (i) and the UPKN (i) , as well as parameters for the integrity check algorithm identity and integrity check algorithm length for the CU-UP (i)
  • a Kupenc is derived in accordance with the KgNB CU-UP (i) and the UPKN (i) , as well as parameters for the encryption algorithm identity and the encryption algorithm length.
  • the UE can also derive Kupint and Kupenc for the respective CU-UP (i) and the communications are secured on the per-CU-UP entity basis.
  • the description of the third example embodiment focuses on per-CU-UP entity granularity, the third example embodiment is also operable at other granularities.
  • FIG. 4 illustrates an example CP-UP separation scenario 400 highlighting UP separation with a per-PDU session UP cryptographic key granularity.
  • CP-UP separation scenario 400 includes a RAN node 405 with a central CP entity 407, a first distributed entity 409, and a second distributed entity 411.
  • RRC CP keys 420 are derived from information pair ⁇ NH1 and NCC1 ⁇
  • UP keys 431 for PDU session 1 are derived from information triplet ⁇ NH1, NCC1, and UPKN1 ⁇
  • UP keys 432 for PDU session 2 are derived from information triplet ⁇ NH1, NCC1, and UPKN2 ⁇
  • keys for corresponding PDU sessions would be similarly derived, e.g., keys for PDU session n would be derived from information triplet ⁇ NH1, NCC1, and UPKNn ⁇ .
  • the CU-CP entity keeps track of the UP cryptographic keys (identified by UPKN) assigned for each CU-UP entity, which maps to the UE PDU sessions that are anchored at each CU-UP.
  • the CU-CP entity communicates the UPKN to the UE, either during the PDU session setup or during DRB configuration.
  • a source RAN node does not need to communicate the UPKN values but the currently attached PDU sessions, and a target RAN node, based on its policy and deployment options, can specify whether one UPKN is needed for all PDU sessions or DRBs or multiple UPKNs are needed.
  • each active DRB configuration will include a corresponding UPKN.
  • DC dual connectivity
  • the RAN node tracks the UPKN assignments.
  • the derived KgNB is associated with information pair ⁇ NH and NCC ⁇ .
  • the UP cryptographic keys (Kupint and Kupenc) for the PDU session may be derived based on the initial KgNB with an initial value for UPKN of '01', for example.
  • the RAN node allocates a new UPKN and communicates the UPKN using RRC signalling, for example, for the RRC reconfiguration of a DRB. The value of the new UPKN does not have to be sequential with respect to the initial UPKN value.
  • the value may be monotonic, allowing the RAN node to maintain only the last allocated UPKN value per UE. Furthermore, the RAN node may maintain the mapping between the UE PDU sessions and respective UPKN values for the HO case. Hence, the UPKN values may be random.
  • the UE and the RAN node may use the UPKN value and the UPKN length fields in the derivation of the security keys for the UP of each of the PDU sessions. In this manner, each PDU session will end up with separate UP cryptographic keys. If the RAN node knows that it does not support the anchoring of UE traffic at different CU-UP entities, the RAN node may assign the same UPKN value to multiple PDU sessions or all PDU sessions of the UE. In such a situation, UP security key separation is not required. It is noted that the discussion presented herein focusses on UPKN and UPKN values that are assigned on a per CU-UP basis.
  • UPKN and UPKN values are also operable with UPKN and UPKN values that are assigned on a per UE, DRB or PDU session basis. Therefore, the discussion of UPKN and UPKN values should not be construed as being limiting to either the scope or spirit of the example embodiments.
  • Figure 5 illustrates a diagram 500 of communications exchanged and processing performed by devices or entities participating in the establishment of PDU sessions that are secured at two different CU-UP entities.
  • the devices or entities include a UE 505, a DU 507, a CU-CP entity 509, a first CU-UP (CU-UP1) entity 511, and a second CU-UP (CU-UP2) entity 513.
  • CU-UP1 first CU-UP
  • CU-UP2 CU-UP2
  • UE 505 and DU 507 exchange messages to perform a random access procedure and establish a connection (event 520) .
  • CU-CP 509 sends a CP reconfiguration message, such as a RRCConnectionReconfiguration or RRCReconfiguration message, to UE 505 to configure a first DRB of a first PDU session for UE 505 (event 522) .
  • the CP reconfiguration message includes values for DRB1 (the first DRB) and UPKN1, as well as potentially other information.
  • UE 505 uses KgNB and UPKN1 value to derive UP cryptographic keys Kupint1 and Kupenc1 (block 524) .
  • UE 505 sends a CP reconfiguration acknowledgement message, such as a RRCConnectionReconfigurationComplete or RRCReconfigurationComplete message, to CU-CP 509 (event 526) .
  • CU-CP 509 also uses KgNB and UPKN1 value to derive a local copy of UP cryptographic keys Kupint1 and Kupenc1 (event 528) .
  • CU-CP 509 sends a CP message (e.g., a DRB setup message) including the local copy of UP cryptographic keys Kupint1 and Kupenc1 to CU-UP1 511 to establish the first DRB for UE 505 (event 530) .
  • the first DRB is established between CU-UP1 511 and UE 505.
  • CU-UP1 511 sends an acknowledgement back to CU-CP 509 (event 532) .
  • CU-UP1 511 and UE 505 exchange UP messages using the first DRB (event 534) where each UP message is cryptographically protected using the UP keys Kupint1 and Kupenc1.
  • CU-CP 509 sends a CP reconfiguration message, such as a RRCConnectionReconfiguration or RRCReconfiguration message, to UE 505 to configure a second DRB of a second PDU session for UE 505 (event 536) .
  • the CP reconfiguration message includes values for DRB2 (the second DRB) and UPKN2, as well as potentially other information.
  • UE 505 uses KgNB and UPKN2 value to derive UP cryptographic keys Kupint2 and Kupenc2 (block 538) .
  • UE 505 sends a reconfiguration acknowledgement, such as a RRCConnectionReconfigurationComplete or RRCReconfigurationComplete message, to CU-CP 509 (event 540) .
  • CU-CP 509 also uses KgNB and UPKN2 value to derive a local copy of UP cryptographic keys Kupint2 and Kupenc2 (event 542) .
  • CU-CP 509 sends a CP message (e.g., a DRB setup message) including the local copy of UP cryptographic keys Kupint2 and Kupenc2 to CU-UP2 513 to establish the DRB for UE 505 (event 544) .
  • the second DRB is established between CU-UP2 513 and UE 505.
  • CU-UP2 513 sends an acknowledgement back to CU-CP 509 (event 546) .
  • the CU-UP2 513 and UE 505 exchange UP messages using the second DRB (event 548) where each UP message is cryptographically protected using the UP keys Kupint2 and Kupenc2.
  • the configuration of DRB2 may be transmitted by the CU-CP 509 to the UE 505 along with the configuration of DRB1 in a single CP configuration message (event 522) .
  • a new KgNB is derived (either horizontally or vertically)
  • new UP cryptographic keys are derived for all active PDU sessions.
  • the new UP cryptographic keys are derived from the new KgNB and existing UPKN value (s) .
  • a target RAN node may communicate the new UPKN value (s) for each PDU session to the UE by way of a source RAN node or directly to the UE during the HO procedure.
  • This technique also enables the HO of an active UE from a source RAN node that supports UE traffic anchored at multiple CU-UP entities to a target RAN node that supports only one CU-UP entity.
  • the target RAN node may continue to use the same UP cryptographic keys for the active PDU sessions at the UE, as well as the same UPKN values as those assigned by the source RAN node.
  • Figure 6A illustrates a diagram 600 of communications exchanged and processing performed by devices or entities participating in a HO procedure, where the target RAN node does not support anchoring the UP traffic of a UE at multiple CU-UP entities and UPKN values are communicated between source and target RAN nodes in the HO procedure.
  • the devices or entities include a UE 605, a source CU-CP and CU-UP entity 1 (source CU-CP/UP1) 607, a source CU-UP entity 2 (source CU-UP2) 609, a target CU-CP 611, and a target CU-UP 613.
  • the granularity of a UP cryptographic key is on a per-PDU session basis. However other granularities of the UP cryptographic key are possible as previously indicated.
  • source CU-CP/UP1 607 has a first PDU session (PDU1) and source CU-UP2 609 has a second PDU session (PDU2) configured (blocks 620 and 622) .
  • source CU-CP/UP1 607 determines that a HO is in order and sends a handover request to target CU-CP 611 (event 624) .
  • the handover request may include a set of UP resources associated with PDU1, a UPKN associated with PDU1 (UPKN1) , a set of UP resources associated with PDU2, and a UPKN associated with PDU2 (UPKN2) .
  • target CU-CP 611 supports only one CU-UP entity and assigns a third UPKN (UPKN3) to both PDU1 and PDU2 (block 626) .
  • Target CU-CP 611 sends a handover request acknowledgment to source CU-CP/UP1 607 (event 628) .
  • the handover request acknowledgement may include a set of target UP resources associated with PDU1, a set of target UP resources associated with PDU2, and the UPKN associated with PDU1 and PDU2 (UPKN3) .
  • Source CU-CP/UP1 607 sends a CP handover command, such as an RRCConnectionReconfiguration or RRCReconfiguration message, to UE 605 (event 630) .
  • the handover command may include an identifier of a target cell associated with the target RAN node, the set of target UP resources associated with PDU1, the set of target UP resources associated with PDU2, and the UPKN to be associated with PDU1 and PDU2 (UPKN3) .
  • UE 605 and target CU-CP 611 exchange messages to perform a random access procedure to establish a connection (event 632) .
  • Target CU-CP 611 derives UP cryptographic keys for UE 605 (block 634) .
  • UE 605 derives UP cryptographic keys for the target cell associated with the target RAN node (block 635) .
  • the UP cryptographic keys may be derived from KgNB and UPKN3, for example.
  • Target CU-CP 611 sends to target CU-CP 611 a handover complete message, such as a RRCConnectionReconfigurationComplete or RRCReconfigurationComplete message (event 636) .
  • Target CU-CP 611 configures the PDU sessions at target CU-UP 613 (event 638) .
  • Target CU-CP 611 may configure the PDU sessions by sending the UP cryptographic keys derived from KgNB and UPKN3 to target CU-UP 613.
  • Target CU-UP 613 has both sessions PDU1 and PDU2 configured (block 640) .
  • Figure 6B illustrates a diagram 650 of communications exchanged and processing performed by devices or entities participating in a HO procedure, where the target RAN node does not support anchoring the UP traffic of a UE at multiple CU-UP entities and UPKN values are not communicated between source and target RAN nodes in the HO procedure.
  • the devices or entities include a UE 605, a source CU-CP and first CU-UP entity 1 (source CU-CP/UP1) 607, a second source CU-UP entity 2 (source CU-UP2) 609, a target CU-CP 611, and a target CU-UP 613.
  • the granularity of a UP cryptographic key is on a per-PDU session basis. However other granularities of the UP cryptographic key are possible as previously indicated.
  • source CU-CP/UP1 607 has a first PDU session (PDU1) and source CU-UP2 609 has a second PDU session (PDU2) configured (blocks 660 and 662) .
  • source CU-CP/UP1 607 determines that a HO is in order and sends a handover request to target CU-CP 611 (event 664) .
  • the handover request may include a set of UP resources associated with PDU1, and a set of UP resources associated with PDU2 but does not include the UPKNs associated with PDU1 and PDU2.
  • Target CU-CP 611 supports only one CU-UP entity and assigns a UPKN (UPKN3) to both PDU1 and PDU2 (block 666) .
  • Target CU-CP 611 sends a handover request acknowledgment to source CU-CP/UP1 607 (event 668) .
  • the handover request acknowledgement may include a set of target UP resources associated with PDU1, a set of target UP resources associated with PDU2, and the UPKN associated with PDU1 and PDU2 (UPKN3) .
  • Source CU-CP/UP1 607 sends a CP handover command, such as a RRCConnectionReconfiguration or RRCReconfiguration message, to UE 605 (event 670) .
  • the handover command may include an identifier of a target cell associated with the target RAN node, the set of target UP resources associated with PDU1, the set of target UP resources associated with PDU2, and the UPKN associated with PDU1 and PDU2 (UPKN3) .
  • UE 605 and target CU-CP 611 exchange messages to perform a random access procedure to establish a connection (event 672) .
  • Target CU-CP 611 derives UP cryptographic keys for UE 605 (block 674) .
  • UE 605 derives UP cryptographic keys for the target cell associated with the target RAN node (block 675) .
  • the UP cryptographic keys may be derived from KgNB and UPKN3, for example.
  • Target CU-CP 611 sends to target CU-CP 611 a handover complete message, such as a RRCConnectionReconfigurationComplete or RRCReconfigurationComplete message (event 676) .
  • Target CU-CP 611 configures the PDU sessions at target CU-UP 613 (event 678) .
  • Target CU-CP 611 may configure the PDU sessions by sending the UP cryptographic keys derived from KgNB and UPKN3 to target CU-UP 613.
  • Target CU-UP 613 has both sessions PDU1 and PDU2 configured (block 680) .
  • Figure 7 illustrates a diagram 700 of communications exchanged and processing performed by devices or entities participating in a HO procedure, where the target RAN node does not support anchoring the UP traffic of a UE at multiple CU-UP entities and UPKN values are not communicated between source and target RAN nodes in the HO procedure.
  • This may, for example, be used for backward compatibility when the target RAN node is an aggregated RAN node or a disaggregated RAN node that does not support derivation of UP keys using UPKN as an input to the KDF.
  • the devices or entities include a UE 705, a source CU-CP and first CU-UP entity 1 (source CU-CP/UP1) 707, a second source CU-UP entity 2 (source CU-UP2) 709, a target CU-CP 711, and a target CU-UP 713. If the target RAN node is an aggregated RAN node, target CU-CP 711, and target CU-UP 713 may be co-located.
  • the granularity of a UP cryptographic key is on a per-PDU session basis. However other granularities of the UP cryptographic key are possible as previously indicated.
  • source CU-CP/UP1 707 has a first PDU session (PDU1) and source CU-UP2 709 has a second PDU session (PDU2) configured (blocks 720 and 722) .
  • source CU-CP/UP1 707 determines that a HO is in order and sends a handover request to target CU-CP 711 (event 724) .
  • the handover request may include a set of UP resources associated with PDU1, and a set of UP resources associated with PDU2, and the UPKNs associated with PDU1 and PDU2.
  • the UPKNs associated with PDU1 and PDU2 are not included in the handover request.
  • Target CU-CP 711 may be a conventional RAN node that supports only one CU-UP entity per UE (block 726) .
  • Target CU-CP 711 sends a handover request acknowledgment to source CU-CP/UP1 707 (event 728) .
  • the handover request acknowledgement may include a set of target UP resources associated with PDU1 and a set of target UP resources associated with PDU2 but does not include any UPKNs.
  • Source CU-CP/UP1 707 sends a CP handover command, such as a RRCConnectionReconfiguration or RRCReconfiguration message, to UE 705 (event 730) .
  • the handover command may include an identifier of a target cell associated with the target RAN node, the set of target UP resources associated with PDU1 and the set of target UP resources associated with PDU2, but does not include any UPKNs.
  • UE 705 and target CU-CP 711 exchange messages to perform a random access procedure to establish a connection (event 732) .
  • Target CU-CP 711 derives UP cryptographic keys for UE 705 using conventional inputs to the KDF (block 734) .
  • UE 705 derives UP cryptographic keys for the target cell associated with the target RAN node using conventional inputs to the KDF (block 735) .
  • Target CU-CP 711 may configure the target CU-UP 713 by sending the conventionally derived UP cryptographic keys for the UE 705 to target CU-UP 713.
  • Target CU-CP 711 also configures the PDU sessions at target CU-UP 713 (event 738) .
  • Target CU-UP 713 has both sessions PDU1 and PDU2 configured to use the same set of per-UE UP keys (block 740) .
  • Figure 8 illustrates a flow diagram of example operations 800 occurring in a CU-CP entity configuring security keys for CU-UP entities for a RAN node allowing the anchoring of UP traffic of a UE at multiple CU-UP entities.
  • Operations 800 may be indicative of operations occurring in a CU-CP entity as the CU-CP entity configures security keys for a RAN node that allows the anchoring of UP traffic of a UE at multiple CU-UP entities.
  • Operations 800 begin with the CU-CP entity determining a UP resource and a granularity of UP cryptographic keys (block 805) to be associated with a UE.
  • the UP resource may have the granularity of the UE, a DRB associated with the UE, one or more DRBs associated with the UE, a PDU session associated with the UE, one or more PDU sessions associated with the UE, a quality of service (QoS) flow associated with the UE, a group of one or more QoS flows associated with the UE, a packet flow associated with the UE, a group of one or more packet flows associated with the UE, a CU-UP entity of the RAN node, and so on.
  • QoS quality of service
  • the granularity of UP cryptographic keys encompasses a smallest UP resource with unique UP cryptographic keys.
  • Example granularity of UP cryptographic keys includes CU-UP entity, UE, PDU session, DRB, and so on.
  • the granularity of UP cryptographic keys comprises CU-UP entity
  • each CU-UP entity of a RAN node associated with a particular UE is a UP resource and will have an associated UPKN.
  • the granularity of UP cryptographic keys comprises PDU session
  • each PDU session established for a particular UE at the RAN node is a UP resource and will have an associated UPKN.
  • each DRB established for a particular UE at the RAN node is a UP resource and will have an associated UPKN.
  • Each UP resource should have a UPKN that is unique within the context of a particular UE to ensure integrity and encryption protection for each of the UP resources.
  • the CU-CP entity generates a UPKN value for a UP resource based on the granularity of UP cryptographic keys (block 807) .
  • the CU-CP entity may increment or decrement the current UPKN value to generate the new UPKN value.
  • the CU-CP entity may randomly select a new UPKN value.
  • the sequence of UPKN values may be monotonic to simplify the maintenance of the UPKN values.
  • the new UPKN value is associated with the UP resource (e.g., a CU-UP entity, UE, a PDU session, a DRB, and so on) .
  • the CU-CP entity sends a reconfiguration message with the new UPKN value to the UE (block 809) .
  • the reconfiguration message may be a RRCConnectionReconfiguration or RRCReconfiguration message, for example.
  • the CU-CP entity generates local UP cryptographic keys (block 811) .
  • the local UP cryptographic keys may be generated in accordance with KgNB and the new UPKN value.
  • the CU-CP entity sends the local UP cryptographic keys to the CU-UP entity (block 813) .
  • the local UP cryptographic keys may be sent to the UP entity that is anchoring the UP resource for which the UPKN value was generated, for example a CU-UP entity.
  • the local UP cryptographic keys may be used to secure communications involving the UP entity, for example communications over a DRB.
  • Figure 9 illustrates a flow diagram of example operations 900 occurring in a CU-CP entity configuring security keys for CU-UP entities for a RAN node allowing the anchoring of UP traffic of a UE at multiple CU-UP entities with DRB granularity of UP cryptographic keys.
  • Operations 900 may be indicative of operations occurring in a CU-CP entity as the CU-CP entity configures security keys for a RAN node that allows the anchoring of UP traffic of a UE at multiple CU-UP entities with DRB granularity of UP cryptographic keys.
  • Operations 900 begin with the CU-CP entity initializing a counter i (block 905) .
  • Counter i may be initialized to 1, for example. However, other values are possible.
  • the counter i may be used to index CU-UP entities.
  • the CU-CP entity performs a check to determine if the RAN node supports CP-UP splitting (block 907) . If the RAN node does support CP-UP splitting, the CU-CP entity performs a check to determine if a DRB associated with a particular UE is anchored at CU-UP entity i (block 909) .
  • the CU-CP entity If a DRB is anchored at the CU-UP entity i, then the CU-CP entity generates a UPKN (i) , which is a new UPKN for CU-UP entity i (block 911) .
  • the CU-CP entity also sends a reconfiguration message with the UPKN (i) to the UE (block 911) .
  • the CU-CP entity generates a local version of the UP cryptographic keys for the CU-UP entity i (block 913) .
  • the local version of the UP cryptographic keys may be generated using a KDF with KgNB and UPKN (i) as inputs, for example.
  • the CU-CP entity sends the local version of the UP cryptographic keys to the CU-UP entity i (block 915) . Operations 900 continue at block 917.
  • operations 900 continue at block 917.
  • the CU-CP entity increments the counter i to identify another CU-UP entity associated with the RAN node (block 917) .
  • the counter i may also be decremented in other example embodiments.
  • the CU-CP entity performs a check to determine if the counter i exceeds the number of CU-UP entities associated with the RAN node (block 919) .
  • the CU-CP entity performs a check to determine if the counter i is smaller than a specified number, e.g., 0 or 1. In other words, the CU-CP entity checks to determine if it has checked all of the CU-UP entities for DRBs associated with a particular UE. If the counter i does not exceed the number of CU-UP entities, the CU-CP entity returns to block 909 to check if a DRB is anchored at CU-UP entity i. If the counter i exceeds the number of CU-UP entities, then the CU-CP entity has checked all CU-UP entities. Operations 900 terminates.
  • a specified number e.g., 0 or 1.
  • the CU-CP entity sends a reconfiguration message without a UPKN value to the UE (block 921) .
  • the reconfiguration message without a UPKN value results in UP cryptographic keys being generated on a per-UE granularity.
  • the CU-CP entity generates a local version of the UP cryptographic keys (block 923) .
  • the local version of the UP cryptographic keys may be generated using a KDF with KgNB as an input value and without a UPKN value.
  • the CU-CP entity sends the local version of the UP cryptographic keys to the CU-UP entity (or entities) (block 925) . Operations 900 terminates.
  • Figure 10 illustrates a flow diagram of example operations 1000 occurring in a UE participating in DRB configuration.
  • Operations 1000 may be indicative of operations occurring in a UE as the UE participates in DRB configuration.
  • Operations 1000 begin with the UE receiving a reconfiguration request, such as a RRCConnectionReconfiguration or RRCReconfiguration message (block 1005) .
  • the UE performs a check to determine if the reconfiguration request includes a UPKN value (block 1007) . If the reconfiguration request includes a UPKN value, then the UE includes the UPKN value in the input to a KDF used to derive UP cryptographic keys (block 1009) .
  • the UE uses the UP cryptographic keys to protect UP traffic for a DRB prior to sending the UP traffic to a RAN node or after receiving the UP traffic from a RAN node (block 1011) .
  • the UE derives UP cryptographic keys without including a UPKN value in the input to a KDF used to derive the UP cryptographic keys (block 1013) .
  • the UE uses the UP cryptographic keys to protect UP traffic conveyed over a DRB between the UE and a RAN node (block 1011) .
  • Figure 11 illustrates a flow diagram of example operations 1100 occurring in a source CU-CP participating in a HO procedure.
  • Source CU-CP has one or more PDU sessions associated with a UE.
  • Source CU-CP determines that a HO is in order and identifies a target RAN node for the UE (block 1105) .
  • Source CU-CP sends a request message (e.g., a handover request) to the target RAN node (block 1107) .
  • the request message may include a set of UP resources associated with each of the PDU sessions.
  • the request message may also include a source UPKN for each of the UP resources or PDU sessions.
  • Source CU-CP receives a response message (e.g., a handover acknowledgement) from the target RAN node (block 1109) .
  • the response message may include a set of target UP resources associated with each of the PDU sessions.
  • the response message may include a target UPKN to be associated with each of the target UP resources or PDU sessions.
  • Source CU-CP sends a message (e.g., a handover command) to the UE (block 1111) .
  • the message to the UE may include the set of target UP resources associated with each of the PDU sessions and the target UPKN associated with each of the target UP resources or PDU sessions.
  • the example embodiments include the following aspects: 1.
  • the CP/UP separation does not impact the non-access stratum (NAS) security solutions; 2.
  • the CU-CP selects which security algorithms should be used by the CU-UP; 3.
  • the CU-CP is responsible for all security signaling towards UE and CN and for key derivation.
  • the CU-CP provides the UP security keys (i.e., Kupenc, Kupint) to the CU-UP during DRB setup and during key refresh.
  • the CU-CP ensures that the same UP security keys are not reused in different UP security domains; and 4.
  • the CU-CP is able to trigger Counter Check and trigger action to prevent PDCP COUNT wrap around.
  • the UE UP traffic can be anchored at different CU-UP entities where these CU-UP entities under the control of the same CU-CP.
  • these CU-UP entities may be located in different physical locations with different security risks.
  • the CU-CP may be in control of multiple CU-UP entities where different CU-UP entities are in different security domains.
  • the UP keys used to protect the UE UP traffic at one CU-UP entity must be different from the UP keys used at the other CU-UP entity.
  • the RAN node and the UE always generate a UP integrity protection and encryption keys that are per-UE. This means that the UE uses the same UP integrity protection key for all the UE UP traffic. Similarly, the UE uses the same UP encryption key to encrypt all UE UP traffic. Therefore a mechanism is required to define the input for the KDF function used for UP keys derivation with the CU-UP and CU-UP split in mind.
  • Option 1 Using DRB identifier.
  • the utilization of the DRB ID recognizes that a DRB is anchored at one CU-UP –i.e. UP traffic carried over a DRB is not split across multiple CU-UPs.
  • using DRB ID has some disadvantages, including: 1. The same UE will end up with multiple UP security keys for traffic that is anchored at one CU-UP entity. That is not needed to address the CU-CP/UP split. 2. The number of UP security keys per UE may be large and that may impact the UE performance related to derivation and storage of numerous keys. 3. Informing the UE whether to derive a new key or which key to use may increase signaling and the processing overheads within the RAN node and the UE.
  • Option 2 Using PDU session identifier.
  • the utilization of the PDU session identifier is an option that is not as fine-grained as the DRB identifier.
  • PDU session identifier still has some disadvantages, including: 1. It assumes that all DRBs associated with a given PDU session are handled by the same CU-UP. In some scenarios, different DRBs of a PDU session may have different QoS requirements which may require handling by different CU-UPs. 2.
  • the same UE may end up with multiple UP keys per CU-UP, i.e., the separation of UP keys is not directly related to the CU-CP/UP split. 3.
  • Item (2) may result in the derivation and maintenance of unnecessary keys which can thus impact the UE performance. 4. Informing the UE whether to derive a new key or which key to use may increase signaling and the processing overheads within the RAN node and the UE.
  • the CU-CP uses a value controlled by the CU-CP ensures that UP keys are only derived when required to accommodate a CU-CP/UP split. Because the CU-CP is in control of all the CU-UP entities and aware of which UE PDU session is anchored at which CU-UP entity, then the CU-CP can track a key identifier (e.g., a UPKN) that maps to the UE and all of the UE traffic that is anchored at each CU-UP entity. The CU-CP uses the specific key identifier in addition to KgNB and other parameters to derive the corresponding UP cryptographic key set (Kupint and Kupenc) and then deliver these keys to the appropriate CU-UP entity. The UE derives similar key sets based on the key identifiers (UPKNs) signaled to the UE by the CU-CP.
  • UPKNs key identifiers
  • UPKN-based solution includes: 1. It allows the CU-CP to have full control over when different UP key sets must be derived and minimizes the number of distinct key sets required to ensure one key per-UE per-CU-UP entity. 2. It is not tightly coupled with a physical connection identifier.
  • the key set identifier (UPKN) included in the RRC signaling for DRB configuration immediately indicates to the UE whether to generate a new key (i.e., if the UPKN is new value) or to use an existing key that has been derived for other DRBs (i.e., if the UPKN is not new value) .
  • UPKN key set identifier
  • the RAN node uses a UPKN per-UE and per-CU-UP entity to control UP key separation and provides the UPKN to the UE using RRC signaling for DRB configuration.
  • the UPKN is used by the UE and the RAN node as an additional input to the KDF used for deriving the UP key set (i.e., the Kupint and Kupenc keys) .
  • the CU-CP can track a key set identifier (e.g., the UPKN) that maps to the UE and all of the UE traffic that is anchored at each CU-UP resource.
  • the CU-CP uses the specific UPKN in addition to KgNB and other parameters to derive the Kupint and Kupenc and then deliver these keys to the CU-UP resource.
  • the UE derives similar key sets based on the key identifiers (UPKNs) signaled to the UE by the CU-CP.
  • UPKNs key identifiers
  • the CU-CP associates a UPKN with all UE DRBs that are anchored at the same CU-UP entity.
  • Each UPKN number is associated with the UE AS security context.
  • the CU-CP When the CU-CP configures a UE DRB, the CU-CP indicates which UPKN is to be associated with this DRB and indicates the same UPKN for all of the UE DRBs that are anchored at the same CU-UP entity.
  • the CU-CP uses the UPKN as an additional input to the Kupint and Kupenc derivation.
  • the CU-CP communicates the UPKN to the UE during the DRB configuration using a CP reconfiguration message such as an RRCConnectionReconfiguration or RRCReconfiguration message.
  • the UPKN is secure against any man-in-the-middle (MiTM) attack as it is communicated to the UE in a CP reconfiguration message which is encrypted and integrity protected using the CP key set (Krrcenc and Krrcint) .
  • MiTM man-in-the-middle
  • the UE uses the UPKN as an additional input to the Kupint and Kupenc derivation and uses the same key set (Kupint and Kupenc) for all DRBs that are assigned the same UPKN.
  • the UE is only required to record the set of UPKNs that are currently in use and assumes that the CU-CP will always provide a fresh (i.e., unused) UPKN for each new UPKN value.
  • the CU-CP maintains a UPKN per-UE per-CU-UP entity during the duration of the current AS security context between the UE and the CU-CP. If the RAN node architecture does not support a CU-CP and CU-UP split or the CU-CP controls a single CU-UP entity, the CU-CP sets the UPKN to '0' (or some other agreed upon value) for all the UE DRBs. Alternatively, the CU-CP does not send the UPKN during all of the UE DRB configurations and a default value of the UPKN may be assumed by both the UE and the CU-CP. Alternatively, the UPKN is not used, whether or not the CU-CP sends the UPKN.
  • the UE and CU-CP derive the UP security keys, i.e., Kupint and Kupenc, for the CU-UP entity using a standardized KDF.
  • Figure 12 illustrates an example key derivation procedure 1200, highlighting additions incorporated in the UP key hierarchy.
  • UPKN 1205 is added to the inputs to the KDF.
  • a value of UPKN (i) produces the UP key set Kupint (i) (1210) and Kupenc (i) (1212) that may be used by the UE and a CU-UP (i) .
  • a different value of UPKN (i+1) produces a different UP key set Kupint (i+1) (1220) and Kupenc (i+1) (1222) that may be used by the UE and a CU-UP (i+1) .
  • Figure 13 illustrates an example communication system 1300.
  • the system 1300 enables multiple wireless or wired users to transmit and receive data and other content.
  • the system 1300 may implement one or more channel access methods, such as code division multiple access (CDMA) , time division multiple access (TDMA) , frequency division multiple access (FDMA) , orthogonal FDMA (OFDMA) , single-carrier FDMA (SC-FDMA) , or non-orthogonal multiple access (NOMA) .
  • CDMA code division multiple access
  • TDMA time division multiple access
  • FDMA frequency division multiple access
  • OFDMA orthogonal FDMA
  • SC-FDMA single-carrier FDMA
  • NOMA non-orthogonal multiple access
  • the communication system 1300 includes electronic devices (ED) 1310a-1310c, radio access networks (RANs) 1320a-1320b, a core network 1330, a public switched telephone network (PSTN) 1340, the Internet 1350, and other networks 1360. While certain numbers of these components or elements are shown in Figure 13, any number of these components or elements may be included in the system 1300.
  • ED electronic devices
  • RANs radio access networks
  • PSTN public switched telephone network
  • the EDs 1310a-1310c are configured to operate or communicate in the system 1300.
  • the EDs 1310a-1310c are configured to transmit or receive via wireless or wired communication channels.
  • Each ED 1310a-1310c represents any suitable end user device and may include such devices (or may be referred to) as a user equipment or device (UE) , wireless transmit or receive unit (WTRU) , mobile station, fixed or mobile subscriber unit, cellular telephone, personal digital assistant (PDA) , smartphone, laptop, computer, touchpad, wireless sensor, or consumer electronics device.
  • UE user equipment or device
  • WTRU wireless transmit or receive unit
  • mobile station fixed or mobile subscriber unit
  • cellular telephone personal digital assistant
  • PDA personal digital assistant
  • smartphone laptop, computer, touchpad, wireless sensor, or consumer electronics device.
  • the RANs 1320a-1320b here include base stations 1370a-1370b, respectively.
  • Each base station 1370a-1370b is configured to wirelessly interface with one or more of the EDs 1310a-1310c to enable access to the core network 1330, the PSTN 1340, the Internet 1350, or the other networks 1360.
  • the base stations 1370a-1370b may include (or be) one or more of several well-known devices, such as a base transceiver station (BTS) , a Node-B (NodeB) , an evolved NodeB (eNB) , a Next Generation (NG) eNB (ng-eNB) , a New Radio (NR) NodeB (gNB) , a Home NodeB, a Home eNB, a site controller, an access point (AP) , or a wireless router.
  • the EDs 1310a-1310c are configured to interface and communicate with the Internet 1350 and may access the core network 1330, the PSTN 1340, or the other networks 1360.
  • the base station 1370a forms part of the RAN 1320a, which may include other base stations, elements, or devices.
  • the base station 1370b forms part of the RAN 1320b, which may include other base stations, elements, or devices.
  • Each base station 1370a-1370b operates to transmit or receive wireless signals within a particular geographic region or area, sometimes referred to as a “cell. ”
  • multiple-input multiple-output (MIMO) technology may be employed having multiple transceivers for each cell.
  • the base stations 1370a-1370b communicate with one or more of the EDs 1310a-1310c over one or more air interfaces 1390 using wireless communication links.
  • the air interfaces 1390 may utilize any suitable radio access technology.
  • the system 1300 may use multiple channel access functionality, including such schemes as described above.
  • the base stations and EDs implement New Radio (NR) , LTE, LTE-A, or LTE-B.
  • NR New Radio
  • LTE Long Term Evolution
  • LTE-A Long Term Evolution
  • LTE-B Long Term Evolution-B
  • the RANs 1320a-1320b are in communication with the core network 1330 to provide the EDs 1310a-1310c with voice, data, application, Voice over Internet Protocol (VoIP) , or other services. Understandably, the RANs 1320a-1320b or the core network 1330 may be in direct or indirect communication with one or more other RANs (not shown) .
  • the core network 1330 may also serve as a gateway access for other networks (such as the PSTN 1340, the Internet 1350, and the other networks 1360) .
  • some or all of the EDs 1310a-1310c may include functionality for communicating with different wireless networks over different wireless links using different wireless technologies or protocols. Instead of wireless communication (or in addition thereto) , the EDs may communicate via wired communication channels to a service provider or switch (not shown) , and to the Internet 1350.
  • Figure 13 illustrates one example of a communication system
  • the communication system 1300 could include any number of EDs, base stations, networks, or other components in any suitable configuration.
  • Figures 14A and 14B illustrate example devices that may implement the methods and teachings according to this disclosure.
  • Figure 14A illustrates an example ED 1410
  • Figure 14B illustrates an example base station 1470. These components could be used in the system 1300 or in any other suitable system.
  • the ED 1410 includes at least one processing unit 1400.
  • the processing unit 1400 implements various processing operations of the ED 1410.
  • the processing unit 1400 could perform signal coding, data processing, power control, input/output processing, or any other functionality enabling the ED 1410 to operate in the system 1300.
  • the processing unit 1400 also supports the methods and teachings described in more detail above.
  • Each processing unit 1400 includes any suitable processing or computing device configured to perform one or more operations.
  • Each processing unit 1400 could, for example, include a microprocessor, microcontroller, digital signal processor, field programmable gate array, or application specific integrated circuit.
  • the ED 1410 also includes at least one transceiver 1402.
  • the transceiver 1402 is configured to modulate data or other content for transmission by at least one antenna or NIC (Network Interface Controller) 1404.
  • the transceiver 1402 is also configured to demodulate data or other content received by the at least one antenna 1404.
  • Each transceiver 1402 includes any suitable structure for generating signals for wireless or wired transmission or processing signals received wirelessly or by wire.
  • Each antenna 1404 includes any suitable structure for transmitting or receiving wireless or wired signals.
  • One or multiple transceivers 1402 could be used in the ED 1410, and one or multiple antennas 1404 could be used in the ED 1410.
  • a transceiver 1402 could also be implemented using at least one transmitter and at least one separate receiver.
  • the ED 1410 further includes one or more input/output devices 1406 or interfaces (such as a wired interface to the Internet 1350) .
  • the input/output devices 1406 facilitate interaction with a user or other devices (network communications) in the network.
  • Each input/output device 1406 includes any suitable structure for providing information to or receiving information from a user, such as a speaker, microphone, keypad, keyboard, display, or touch screen, including network interface communications.
  • the ED 1410 includes at least one memory 1408.
  • the memory 1408 stores instructions and data used, generated, or collected by the ED 1410.
  • the memory 1408 could store software or firmware instructions executed by the processing unit (s) 1400 and data used to reduce or eliminate interference in incoming signals.
  • Each memory 1408 includes any suitable volatile or non-volatile storage and retrieval device (s) . Any suitable type of memory may be used, such as random access memory (RAM) , read only memory (ROM) , hard disk, optical disc, subscriber identity module (SIM) card, memory stick, secure digital (SD) memory card, and the like.
  • RAM random access memory
  • ROM read only memory
  • SIM subscriber identity module
  • SD secure digital
  • the base station 1470 includes at least one processing unit 1450, at least one transceiver 1452, which includes functionality for a transmitter and a receiver, one or more antennas 1456, at least one memory 1458, and one or more input/output devices or interfaces 1466.
  • a scheduler which would be understood by one skilled in the art, is coupled to the processing unit 1450. The scheduler could be included within or operated separately from the base station 1470.
  • the processing unit 1450 implements various processing operations of the base station 1470, such as signal coding, data processing, power control, input/output processing, or any other functionality.
  • the processing unit 1450 can also support the methods and teachings described in more detail above.
  • Each processing unit 1450 includes any suitable processing or computing device configured to perform one or more operations.
  • Each processing unit 1450 could, for example, include a microprocessor, microcontroller, digital signal processor, field programmable gate array, or application specific integrated circuit.
  • Each transceiver 1452 includes any suitable structure for generating signals for wireless or wired transmission to one or more EDs or other devices. Each transceiver 1452 further includes any suitable structure for processing signals received wirelessly or by wire from one or more EDs or other devices. Although shown combined as a transceiver 1452, a transmitter and a receiver could be separate components. Each antenna 1456 includes any suitable structure for transmitting or receiving wireless or wired signals. While a common antenna 1456 is shown here as being coupled to the transceiver 1452, one or more antennas 1456 could be coupled to the transceiver (s) 1452, allowing separate antennas 1456 to be coupled to the transmitter and the receiver if equipped as separate components.
  • Each memory 1458 includes any suitable volatile or non-volatile storage and retrieval device (s) .
  • Each input/output device 1466 facilitates interaction with a user or other devices (network communications) in the network.
  • Each input/output device 1466 includes any suitable structure for providing information to or receiving/providing information from a user, including network interface communications.
  • FIG. 15 is a block diagram of a computing system 1500 that may be used for implementing the devices and methods disclosed herein.
  • the computing system can be any entity of UE, access network (AN) , mobility management (MM) , session management (SM) , user plane gateway (UPGW) , or access stratum (AS) .
  • Specific devices may utilize all of the components shown or only a subset of the components, and levels of integration may vary from device to device.
  • a device may contain multiple instances of a component, such as multiple processing units, processors, memories, transmitters, receivers, etc.
  • the computing system 1500 includes a processing unit 1502.
  • the processing unit includes a central processing unit (CPU) 1514, memory 1508, and may further include a mass storage device 1504, a video adapter 1510, and an I/O interface 1512 connected to a bus 1520.
  • the bus 1520 may be one or more of any type of several bus architectures including a memory bus or memory controller, a peripheral bus, or a video bus.
  • the CPU 1514 may comprise any type of electronic data processor.
  • the memory 1508 may comprise any type of non-transitory system memory such as static random access memory (SRAM) , dynamic random access memory (DRAM) , synchronous DRAM (SDRAM) , read-only memory (ROM) , or a combination thereof.
  • the memory 1508 may include ROM for use at boot-up, and DRAM for program and data storage for use while executing programs.
  • the mass storage 1504 may comprise any type of non-transitory storage device configured to store data, programs, and other information and to make the data, programs, and other information accessible via the bus 1520.
  • the mass storage 1504 may comprise, for example, one or more of a solid state drive, hard disk drive, a magnetic disk drive, or an optical disk drive.
  • the video adapter 1510 and the I/O interface 1512 provide interfaces to couple external input and output devices to the processing unit 1502.
  • input and output devices include a display 1518 coupled to the video adapter 1510 and a mouse, keyboard, or printer 1516 coupled to the I/O interface 1512.
  • Other devices may be coupled to the processing unit 1502, and additional or fewer interface cards may be utilized.
  • a serial interface such as Universal Serial Bus (USB) (not shown) may be used to provide an interface for an external device.
  • USB Universal Serial Bus
  • the processing unit 1502 also includes one or more network interfaces 1506, which may comprise wired links, such as an Ethernet cable, or wireless links to access nodes or different networks.
  • the network interfaces 1506 allow the processing unit 1502 to communicate with remote units via the networks.
  • the network interfaces 1506 may provide wireless communication via one or more transmitters/transmit antennas and one or more receivers/receive antennas.
  • the processing unit 1502 is coupled to a local-area network 1522 or a wide-area network for data processing and communications with remote devices, such as other processing units, the Internet, or remote storage facilities.
  • a signal may be transmitted by a transmitting unit or a transmitting module.
  • a signal may be received by a receiving unit or a receiving module.
  • a signal may be processed by a processing unit or a processing module.
  • Other steps may be performed by a generating unit or module, a providing unit or module, a determining unit or module, a participating unit or module, or a securing unit or module.
  • the respective units or modules may be hardware, software, or a combination thereof.
  • one or more of the units or modules may be an integrated circuit, such as field programmable gate arrays (FPGAs) or application-specific integrated circuits (ASICs) .
  • FPGAs field programmable gate arrays
  • ASICs application-specific integrated circuits

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A computer-implemented method for operating a network node in a radio access network (RAN) includes determining a user plane (UP) resource of the RAN anchored at a UP entity of the RAN to be associated with a set of UP cryptographic keys, generating a UP key set identifier associated with the UP resource, sending to a user equipment a control plane message including the UP key set identifier, generating a local version of UP cryptographic keys in accordance with the UP key set identifier, and sending to the UP entity of the RAN, the local version of UP cryptographic keys.

Description

SYSTEM AND METHOD FOR PROVIDING SECURITY IN A WIRELESS COMMUNICATIONS SYSTEM WITH USER PLANE SEPARATION
This application claims the benefit of U.S. Provisional Application No. 62/631,238, filed on February 15, 2018, entitled "System and Method for Providing Security in a Communications System with User Plane Separation" and U.S. Provisional Application No. 62/796,979, filed on January 25, 2019, entitled "System and Method for Providing Security in a Communications System with User Plane Separation, " which applications are hereby incorporated herein by reference in its entirety.
TECHNICAL FIELD
The present disclosure relates generally to a system and method for digital communications, and, in particular embodiments, to a system and method for providing security in a wireless communications system with user plane separation.
BACKGROUND
In conventional Third Generation Partnership Project (3GPP) technical specifications, a security key is used to secure communications on a per-user equipment (UE) basis. For example, a UE has a single encryption key for user plane (UP) traffic that is used to encrypt all UP traffic between the UE and a serving radio access network (RAN) node such as an evolved NodeB (eNB) . The same per-UE granularity is also used for other keys associated with the UE.
In a Next Generation (NG) RAN node, such as a New Radio (NR) NodeB (commonly referred to as a gNB or a next generation eNB (ng-eNB) ) one or more distributed units (DUs) may reside in a physically different location from a central unit (CU) . The NG RAN node is referred to as having a split architecture. The split architecture RAN node may also support the control plane (CP) and UP split with an option of the CU-CP being split from the CU-UP, with each potentially being in different security domains. Having the same key (or keys) at different entities providing UP connectivity at different physical locations may pose a security risk, i.e., if one entity providing UP connectivity is compromised, the UE traffic at other entities providing UP connectivity is also compromised.
Therefore, there is a need for systems and methods for providing security in a communications system with user plane separation.
SUMMARY
Example embodiments provide a system and method for providing security in a wireless communications system with user plane separation.
According to a first aspect, a computer-implemented method for operating a network node in a radio access network (RAN) is provided. The computer-implemented method includes determining, by the network node, a user plane (UP) resource of the RAN anchored at a UP entity of the RAN, generating, by the network node, a UP key set identifier to be associated with a set of UP cryptographic keys, where the set of UP cryptographic keys are to be associated with the UP resource, sending, by the network node, to a user equipment (UE) , a control plane (CP) message including the UP key set identifier and an identifier associated with the UP resource, generating, by the network node, the set of UP cryptographic keys in accordance with the UP key set identifier, and sending, by the network node, to the UP entity of the RAN, the set of UP cryptographic keys and the identifier associated with the UP resource, wherein the UP entity of the RAN cryptographically protects UP traffic conveyed over the UP resource using the set of UP cryptographic keys.
In a first implementation form of the computer-implemented method according to the first aspect as such, wherein generating the set of UP cryptographic keys comprises providing at least the UP key set identifier and a security key associated with the network node to a key derivation function used to derive the set of UP cryptographic keys.
In a second implementation form of the computer-implemented method according to the first aspect as such or any preceding implementation form of the first aspect, wherein the UP key set identifier is a number or counter maintained by the network node.
In a third implementation form of the computer-implemented method according to the first aspect as such or any preceding implementation form of the first aspect, wherein the UP key set identifier has one of a numerical value, an alphanumeric value, or a bit string value.
In a fourth implementation form of the computer-implemented method according to the first aspect as such or any preceding implementation form of the first aspect, wherein the UP key set identifier is randomly generated, and wherein the UP key set identifier is monotonically increasing or monotonically decreasing with respect to a previously generated UP key set identifier associated with the UP resource of the RAN.
In a fifth implementation form of the computer-implemented method according to the first aspect as such or any preceding implementation form of the first aspect, wherein the UP key set identifier is sequentially incremented or decremented with respect to a previously generated UP key set identifier associated with the UP resource of the RAN.
In a sixth implementation form of the computer-implemented method according to the first aspect as such or any preceding implementation form of the first aspect, wherein the UP key set identifier comprises an index to a set of randomly generated numbers, and  wherein the set of UP cryptographic keys is generated in accordance with the randomly generated number associated with the index.
In a seventh implementation form of the computer-implemented method according to the first aspect as such or any preceding implementation form of the first aspect, wherein the CP message comprises a radio resource control (RRC) message.
In an eighth implementation form of the computer-implemented method according to the first aspect as such or any preceding implementation form of the first aspect, wherein the UP resource of the RAN comprises one of: the UE, a data radio bearer (DRB) associated with the UE, a group of one or more DRBs associated with the UE, a protocol data unit (PDU) session associated with the UE, a group of one or more PDU sessions associated with the UE, a quality of service (QoS) flow associated with the UE, a group of one or more QoS flows associated with the UE, a packet flow associated with the UE, a group of one or more packet flows associated with the UE, or the UP entity of the RAN.
In a ninth implementation form of the computer-implemented method according to the first aspect as such or any preceding implementation form of the first aspect, wherein the UP key set identifier is any one of: a numerical value, an alphanumeric value, a bit string value, or an index to a set of randomly generated numbers, wherein the set of UP cryptographic keys is generated in accordance with the randomly generated number associated with the index.
According to a second aspect, a computer-implemented method for operating a network node in a RAN is provided. The computer-implemented method includes determining, by the network node, that a first DRB of a UE is anchored at a first UP entity of the RAN, and based thereon, generating, by the network node, a first UP key set identifier associated with the first UP entity of the RAN, sending, by the network node, to the UE, a first CP message including the first UP key set identifier and an identifier associated with the first DRB, generating, by the network node, a first set of UP cryptographic keys, the generating in accordance with the first UP key set identifier, and sending, by the network node, to the first UP entity of the RAN, the first UP key set identifier, the first set of UP cryptographic keys and the identifier associated with the first DRB, wherein the first UP entity of the RAN cryptographically protects UP traffic conveyed over the first DRB using the first set of UP cryptographic keys.
In a first implementation form of the computer-implemented method according to the second aspect as such, further comprising determining, by the network node, that a second DRB of the UE is anchored at a second UP entity of the RAN, and based thereon, generating, by the network node, a second UP key set identifier associated with the second  UP entity of the RAN, sending, by the network node, to the UE, a second CP message including the second UP key set identifier and an identifier associated with the second DRB, generating, by the network node, a second set of UP cryptographic keys, the generating in accordance with the second UP key set identifier, and sending, by the network node, to the second UP entity of the RAN, the second UP key set identifier, the second set of UP cryptographic keys and the identifier associated with the second DRB, wherein the second UP entity of the RAN cryptographically protects UP traffic conveyed over the second DRB using the second set of UP cryptographic keys.
In a second implementation form of the computer-implemented method according to the second aspect as such or any preceding implementation form of the second aspect, further comprising determining, by the network node, that a third DRB of the UE is anchored at the first UP entity of the RAN, and based thereon, sending, by the network node, to the UE, a third CP message including the first UP key set identifier and an identifier associated with the third DRB, and sending, by the network node, to the first UP entity of the RAN, the first UP key set identifier and the identifier associated with the third DRB, wherein the first UP entity of the RAN cryptographically protects UP traffic conveyed over the third DRB using the first set of UP cryptographic keys.
According to a third aspect, a computer-implemented method for operating a network node in a RAN is provided. The computer-implemented method includes determining, by the network node, that a second network node of the RAN is a target for a handover of a UE, sending, by the network node, a network control plane (NCP) request message to the second network node, the NCP request message comprising a first set of UP resources of the RAN that are associated with the UE, receiving, by the network node, an NCP response message from the second network node, the NCP response message comprising a second set of UP resources of the RAN that are to be associated with the UE and, for each UP resource in the second set of UP resources, a corresponding UP key set identifier, and sending, by the network node, a CP message to the UE, the CP message comprising the second set of UP resources and, for each UP resource in the second set of UP resources, the corresponding UP key set identifier.
In a first implementation form of the computer-implemented method according to the third aspect as such, wherein the NCP request message further comprises a corresponding UP key set identifier for each UP resource in the first set of UP resources.
According to a fourth aspect, a computer-implemented method for operating a UE in a RAN is provided. The computer-implemented method includes receiving, by the UE, a CP message, the CP message comprising identities of multiple UP resources of the RAN and multiple UP key set identifiers with each UP resource associated with one of the UP key  set identifiers, generating, by the UE, a set of UP cryptographic keys for each one of the UP key set identifiers, the generating in accordance with the UP key set identifier, and using, by the UE, the set of UP cryptographic keys corresponding to the UP key set identifier associated with a UP resource to cryptographically protect UP traffic conveyed over the UP resource.
In a first implementation form of the computer-implemented method according to the fourth aspect as such, wherein the CP message comprises a handover command and the UP resources comprise UP resources of the RAN associated with a handover target RAN node.
According to a fifth aspect, a network node in a RAN is provided. The network node includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage. The one or more processors execute the instructions to determine a UP resource of the RAN anchored at a UP entity of the RAN, generate a UP key set identifier to be associated with a set of UP cryptographic keys, where the set of UP cryptographic keys are to be associated with the UP resource, send to a UE, a CP message including the UP key set identifier and an identifier associated with the UP resource, generate the set of UP cryptographic keys in accordance with the UP key set identifier, and send to the UP entity of the RAN, the set of UP cryptographic keys and the identifier associated with the UP resource, wherein the UP entity of the RAN cryptographically protects UP traffic conveyed over the UP resource using the set of UP cryptographic keys.
In a first implementation form of the network node according to the fifth aspect as such, wherein the one or more processors further execute the instructions to provide at least the UP key set identifier and a security key associated with the network node to a key derivation function used to derive the set of UP cryptographic keys.
In a second implementation form of the network node according to the fifth aspect as such or any preceding implementation form of the fifth aspect, wherein the UP key set identifier is a number or counter maintained by the network node.
In a third implementation form of the network node according to the fifth aspect as such or any preceding implementation form of the fifth aspect, wherein the UP key set identifier has one of a numerical value, an alphanumeric value, or a bit string value.
In a fourth implementation form of the network node according to the fifth aspect as such or any preceding implementation form of the fifth aspect, wherein the UP key set identifier is randomly generated, and wherein the UP key set identifier is monotonically  increasing or monotonically decreasing with respect to a previously generated UP key set identifier associated with the UP resource of the RAN.
In a fifth implementation form of the network node according to the fifth aspect as such or any preceding implementation form of the fifth aspect, wherein the UP key set identifier is sequentially incremented or decremented with respect to a previously generated UP key set identifier associated with the UP resource of the RAN.
In a sixth implementation form of the network node according to the fifth aspect as such or any preceding implementation form of the fifth aspect, wherein the UP key set identifier comprises an index to a set of randomly generated numbers, and wherein the set of UP cryptographic keys is generated in accordance with the randomly generated number associated with the index.
In a seventh implementation form of the network node according to the fifth aspect as such or any preceding implementation form of the fifth aspect, wherein the CP message comprises a RRC message.
In an eighth implementation form of the network node according to the fifth aspect as such or any preceding implementation form of the fifth aspect, wherein the UP resource of the RAN comprises one of: the UE, a DRB associated with the UE, a group of one or more DRBs associated with the UE, a PDU session associated with the UE, a group of one or more PDU sessions associated with the UE, a QoS flow associated with the UE, a group of one or more QoS flows associated with the UE, a packet flow associated with the UE, a group of one or more packet flows associated with the UE, or the UP entity of the RAN.
In a ninth implementation form of the network node according to the fifth aspect as such or any preceding implementation form of the fifth aspect, wherein the set of UP cryptographic keys comprises one or both of: an integrity protection key or an encryption key.
According to a sixth aspect, a network node in a RAN is provided. The network node includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage. The one or more processors execute the instructions to determine that a first DRB of a UE is anchored at a first UP entity of the RAN, and based thereon, generate a first UP key set identifier associated with the first UP entity of the RAN, send to the UE, a first CP message including the first UP key set identifier and an identifier associated with the first DRB, generate a first set of UP cryptographic keys in accordance with the first UP key set identifier, and send to the first UP entity of the RAN, the first UP key set identifier, the first set of UP cryptographic keys and the identifier associated with the first DRB, wherein the first UP entity of the RAN cryptographically protects UP traffic conveyed over the first DRB using the first set of UP cryptographic keys.
In a first implementation form of the network node according to the sixth aspect as such, wherein the one or more processors further execute the instructions to determine that a second DRB of the UE is anchored at a second UP entity of the RAN, and based thereon, generate a second UP key set identifier associated with the second UP entity of the RAN, send to the UE, a second CP message including the second UP key set identifier and an identifier associated with the second DRB, generate a second set of UP cryptographic keys in accordance with the second UP key set identifier, and send to the second UP entity of the RAN, the second UP key set identifier, the second set of UP cryptographic keys and the identifier associated with the second DRB, wherein the second UP entity of the RAN cryptographically protects UP traffic conveyed over the second DRB using the second set of UP cryptographic keys.
In a second implementation form of the network node according to the sixth aspect as such or any preceding implementation form of the sixth aspect, wherein the one or more processors further execute the instructions to determine that a third DRB of the UE is anchored at the first UP entity of the RAN, and based thereon, send to the UE, a third CP message including the first UP key set identifier and an identifier associated with the third DRB, and send to the first UP entity of the RAN, the first UP key set identifier and the identifier associated with the third DRB, wherein the first UP entity of the RAN cryptographically protects UP traffic conveyed over the third DRB using the first set of UP cryptographic keys.
According to a seventh aspect, a network node in a RAN includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage. The one or more processors execute the instructions to determine that a second network node of the RAN is a target for a handover of a UE, send a NCP request message to the second network node, the NCP request message comprising a first set of UP resources of the RAN that are associated with the UE, receive an NCP response message from the second network node, the NCP response message comprising a second set of UP resources of the RAN that are to be associated with the UE and, for each UP resource in the second set of UP resources, a corresponding UP key set identifier, and send a CP message to the UE, the CP message comprising the second set of UP resources and, for each UP resource in the second set of UP resources, the corresponding UP key set identifier.
In a first implementation form of the network node according to the seventh aspect as such, wherein the NCP request message further comprises a corresponding UP key set identifier for each UP resource in the first set of UP resources.
According to an eighth aspect, a UE in a RAN is provided. The UE includes a non-transitory memory storage comprising instructions, and one or more processors in  communication with the memory storage. The one or more processors execute the instructions to receive a CP message, the CP message comprising identities of multiple UP resources of the RAN and multiple UP key set identifiers with each UP resource associated with one of the UP key set identifiers, generate a set of UP cryptographic keys for each one of the UP key set identifiers in accordance with the UP key set identifier, and use the set of UP cryptographic keys corresponding to the UP key set identifier associated with a UP resource to cryptographically protect UP traffic conveyed over the UP resource.
In a first implementation form of the network node according to the eighth aspect as such, wherein the CP message comprises a handover command and the UP resources comprise UP resources of the RAN associated with a handover target RAN node.
According to a ninth aspect, a computer-implemented method for operating an access node is provided. The computer-implemented method includes determining, by the access node, a UP resource of the access node anchored at a UP entity of the access node to be associated with a set of UP cryptographic keys, generating, by the access node, a UP key value associated with the UP resource, sending, by the access node, to a UE, a CP message including the UP key value, generating, by the access node, a local version of UP cryptographic keys in accordance with the UP key value, and sending, by the access node, to the UP entity of the access node, the local version of UP cryptographic keys.
In a first implementation form of the computer-implemented method according to the ninth aspect as such, wherein the UP key value is a global number or counter maintained by the access node.
In a second implementation form of the computer-implemented method according to the ninth aspect as such or any preceding implementation form of the ninth aspect, wherein generating the local version of UP cryptographic keys comprises providing the UP key value and a security key associated with the access node to a key derivation function used to generate the local version of UP cryptographic keys.
In a third implementation form of the computer-implemented method according to the ninth aspect as such or any preceding implementation form of the ninth aspect, wherein the UP key value has one of a numerical value, or an alphanumeric value.
In a fourth implementation form of the computer-implemented method according to the ninth aspect as such or any preceding implementation form of the ninth aspect, wherein the UP key value is randomly generated, and wherein the UP key value is monotonically increasing or monotonically decreasing with respect to a previously generated UP key value associated with the UP resource of the access node anchored at the UP entity of the access node.
In a fifth implementation form of the computer-implemented method according to the ninth aspect as such or any preceding implementation form of the ninth aspect, wherein the UP key value is sequentially incremented or decremented with respect to a previously generated UP key value associated with the UP resource of the access node anchored at the UP entity of the access node.
In a sixth implementation form of the computer-implemented method according to the ninth aspect as such or any preceding implementation form of the ninth aspect, wherein the CP message further comprises an identifier of the UP resource of the access node anchored at the UP entity of the access node.
In a seventh implementation form of the computer-implemented method according to the ninth aspect as such or any preceding implementation form of the ninth aspect, wherein the CP message comprises a radio resource control connection reconfiguration (RRCConnectionReconfiguration) message.
In an eighth implementation form of the computer-implemented method according to the ninth aspect as such or any preceding implementation form of the ninth aspect, wherein the UP key value comprises an index to a randomly generated number, and wherein the local version of UP cryptographic keys is also generated in accordance with the randomly generated number.
In a ninth implementation form of the computer-implemented method according to the ninth aspect as such or any preceding implementation form of the ninth aspect, wherein the UP resource comprises one of a DRB, a PDU session, a UE, or a UP entity of the access node.
In a tenth implementation form of the computer-implemented method according to the ninth aspect as such or any preceding implementation form of the ninth aspect, wherein the local version of UP cryptographic keys comprises an integrity key associated with the UP resource of the access node and an encryption key associated with the UP resource of the access node.
According to a tenth aspect, a computer-implemented method for operating a first access node is provided. The computer-implemented method includes determining, by the first access node, that a DRB of a UE is anchored at a UP entity of a second access node, and based thereon, generating, by the first access node, a UP key value associated with the DRB anchored at the UP entity of the second access node, sending, by the first access node, to the UE, a first CP message including the UP key value, generating, by the first access node, a first local version of UP cryptographic keys associated with the DRB anchored at the UP entity of the second access node, the generating in accordance with the UP key value, and  sending, by the first access node, to the UP entity of the second access node, the first local version of UP cryptographic keys.
In a first implementation form of the computer-implemented method according to the tenth aspect as such, further comprising determining, by the first access node, that no DRB is anchored at any UP entity of the second access node, and based thereon, sending, by the first access node, to the UE, a second CP message not including the UP key value, generating, by the first access node, a second local version of UP cryptographic keys without the UP key value, and sending, by the first access node, to UP entities of the second access node, the second local version of UP cryptographic keys.
In a second implementation form of the computer-implemented method according to the tenth aspect as such or any preceding implementation form of the tenth aspect, wherein generating the first local version of UP cryptographic keys comprises providing, by the first access node, the UP key value and a security key associated with the second access node to a key derivation function used to generate UP cryptographic keys.
In a third implementation form of the computer-implemented method according to the tenth aspect as such or any preceding implementation form of the tenth aspect, wherein the first access node comprises a source access node, and the second access node comprises a target access node.
According to an eleventh aspect, a computer-implemented method for operating a UE is provided. The computer-implemented method includes determining, by the UE, that a CP message includes a UP key value associated with a UP resource of a first access node, and based thereon, generating, by the UE, first UP cryptographic keys associated with the UP resource in accordance with the UP key value and a security key associated with the first access node, and securing, by the UE, UP traffic with the first UP cryptographic keys prior to sending the UP traffic to the first access node.
In a first implementation form of the computer-implemented method according to the eleventh aspect as such, further comprising determining, by the UE, that the CP message does not include the UP key value, and based thereon, generating, by the UE, second UP cryptographic keys in accordance with the security key associated with the first access node, and securing, by the UE, UP traffic with the second UP cryptographic keys prior to sending the UP traffic to the first access node.
In a second implementation form of the computer-implemented method according to the eleventh aspect as such or any preceding implementation form of the eleventh aspect, wherein the UP key value is associated with a UP resource of a second access  node, and wherein the UP key value is forwarded to the UE from the second access node through the first access node.
In a third implementation form of the computer-implemented method according to the eleventh aspect as such or any preceding implementation form of the eleventh aspect, further includes generating, by the UE, third UP cryptographic keys associated with the UP resource in the second access node in accordance with the UP key value and a security key associated with the second access node, and securing, by the UE, UP traffic with the third UP cryptographic keys prior to sending the UP traffic to the second access node.
According to a twelfth aspect, an access node is provided. The access node includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage. The one or more processors execute the instructions to determine a UP resource of the access node anchored at a UP entity of the access node to be associated with a set of UP cryptographic keys, generate a UP key value associated with the UP resource, send to a UE, a CP message including the UP key value, generate a local version of UP cryptographic keys in accordance with the UP key value, and send to the UP entity of the access node, the local version of UP cryptographic keys.
In a first implementation form of the access node according to the twelfth aspect as such, wherein the UP key value is a global number or counter maintained by the access node.
In a second implementation form of the access node according to the twelfth aspect as such or any preceding implementation form of the twelfth aspect, wherein the one or more processors further execute the instructions to providing the UP key value and a security key associated with the access node to a key derivation function used to generate the local version of UP cryptographic keys.
In a third implementation form of the access node according to the twelfth aspect as such or any preceding implementation form of the twelfth aspect, wherein the UP key value is randomly generated, and wherein the UP key value is monotonically increasing or monotonically decreasing with respect to a previously generated UP key value associated with the UP resource of the access node anchored at the UP entity of the access node.
In a fifth implementation form of the access node according to the twelfth aspect as such or any preceding implementation form of the twelfth aspect, wherein the UP key value is sequentially incremented or decremented with respect to a previously generated UP key value associated with the UP resource of the access node anchored at the UP entity of the access node.
In a sixth implementation form of the access node according to the twelfth aspect as such or any preceding implementation form of the twelfth aspect, wherein the UP resource comprises one of a DRB, a PDU session, a UE, or a UP entity of the access node.
According to a thirteenth aspect, a first access node is provided. The first access node includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage. The one or more processors execute the instructions to determine that a DRB of a UE is anchored at a UP entity of a second access node, and based thereon, generate a UP key value associated with the DRB anchored at the UP entity of the second access node, send to the UE, a first CP message including the UP key value, generate a first local version of UP cryptographic keys associated with the DRB anchored at the UP entity of the second access node in accordance with the UP key value, and send to the UP entity of the second access node, the first local version of UP cryptographic keys.
In a first implementation form of the first access node according to the thirteenth aspect as such, wherein the one or more processors further execute the instructions to determine that no DRB is anchored at any UP entity of the second access node, and based thereon, send to the UE, a second CP message not including the UP key value, generate a second local version of UP cryptographic keys without the UP key value, and send to UP entities of the second access node, the second local version of UP cryptographic keys.
In a second implementation form of the first access node according to the thirteenth aspect as such or any preceding implementation form of the thirteenth aspect, wherein the one or more processors further execute the instructions to provide the UP key value and a security key associated with the second access node to a key derivation function used to generate UP cryptographic keys.
In a third implementation form of the first access node according to the thirteenth aspect as such or any preceding implementation form of the thirteenth aspect, wherein the first access node comprises a source access node, and the second access node comprises a target access node.
According to a fourteenth aspect, a UE is provided. The UE includes a non-transitory memory storage comprising instructions, and one or more processors in communication with the memory storage. The one or more processors execute the instructions to determine that a CP message includes a UP key value associated with a UP resource of a first access node, and based thereon, generate first UP cryptographic keys associated with the UP resource in accordance with the UP key value and a security key  associated with the first access node, and secure UP traffic with the first UP cryptographic keys prior to sending the UP traffic to the first access node.
In a first implementation form of the UE according to the fourteenth aspect as such, wherein the one or more processors further execute the instructions to determine that the CP message does not include the UP key value, and based thereon, generate second UP cryptographic keys in accordance with the security key associated with the first access node, and secure UP traffic with the second UP cryptographic keys prior to sending the UP traffic to the first access node.
In a second implementation form of the UE according to the fourteenth aspect as such or any preceding implementation form of the fourteenth aspect, wherein the UP key value is associated with a UP resource of a second access node, and wherein the UP key value is forwarded to the UE from the second access node through the first access node.
In a third implementation form of the UE according to the fourteenth aspect as such or any preceding implementation form of the fourteenth aspect, wherein the one or more processors further execute the instructions to generate third UP cryptographic keys associated with the UP resource in the second access node in accordance with the UP key value and a security key associated with the second access node, and secure UP traffic with the third UP cryptographic keys prior to sending the UP traffic to the second access node.
Practice of the foregoing embodiments enables the securing of user plane communications in a communications system that supports user plane separation.
Practice of the foregoing embodiments enables the securing of user plane communications as a variety of different granularities.
BRIEF DESCRIPTION OF THE DRAWINGS
For a more complete understanding of the present disclosure, and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
Figure 1 illustrates an example communications system according to example embodiments described herein;
Figure 2 illustrates an example NG RAN node according to example embodiments described herein;
Figures 3A-3C illustrate example NG RAN node CP-UP separation scenarios according to example embodiments described herein;
Figure 4 illustrates an example NG RAN node CP-UP separation scenario highlighting UP separation with a per-PDU session granularity according to example embodiments described herein;
Figure 5 illustrates a diagram of communications exchanged and processing performed by devices or entities participating in the establishment of PDU sessions that are secured at two different CU-UP entities according to example embodiments described herein;
Figure 6A illustrates a diagram of communications exchanged and processing performed by devices or entities participating in a HO procedure, where the target RAN node does not support anchoring the UP traffic of a UE at multiple CU-UP entities and user plane key number (UPKN) values are communicated in the HO procedure according to example embodiments described herein;
Figure 6B illustrates a diagram of communications exchanged and processing performed by devices or entities participating in a HO procedure, where the target RAN node does not support anchoring the UP traffic of a UE at multiple CU-UP entities and UPKN values are not communicated in the HO procedure according to example embodiments described herein;
Figure 7 illustrates a diagram of communications exchanged and processing performed by devices or entities participating in a HO procedure, where the target RAN node does not support anchoring the UP traffic of a UE at multiple CU-UP entities and UPKN values are not communicated between source and target RAN nodes in the HO procedure according to example embodiments described herein;
Figure 8 illustrates a flow diagram of example operations occurring in a CU-CP entity configuring security keys for CU-UP entities for a RAN node allowing the anchoring of UP traffic of a UE at multiple CU-UP entities according to example embodiments described herein;
Figure 9 illustrates a flow diagram of example operations occurring in a CU-CP entity configuring security keys for CU-UP entities for a RAN node allowing the anchoring of UP traffic of a UE at multiple CU-UP entities with DRB granularity scope according to example embodiments described herein;
Figure 10 illustrates a flow diagram of example operations occurring in a UE participating in DRB configuration according to example embodiments described herein;
Figure 11 illustrates a flow diagram of example operations occurring in a source CU-CP entity participating in a HO procedure according to example embodiments described herein;
Figure 12 illustrates an example key hierarchy, highlighting additions incorporated in the key hierarchy according to example embodiments described herein;
Figure 13 illustrates an example communication system according to example embodiments described herein;
Figures 14A and 14B illustrate example devices that may implement the methods and teachings according to this disclosure; and
Figure 15 is a block diagram of a computing system that may be used for implementing the devices and methods disclosed herein.
DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS
The making and using of the disclosed embodiments are discussed in detail below. It should be appreciated, however, that the present disclosure provides many applicable inventive concepts that can be embodied in a wide variety of specific contexts. The specific embodiments discussed are merely illustrative of specific ways to make and use the embodiments, and do not limit the scope of the disclosure.
Figure 1 shows an example communications system 100 employing next generation (NG) radio access network (RAN) nodes. Communications system 100 includes a plurality of user equipment (UE) , such as UE 105, UE 107, and UE 109. Communications system 100 also includes a disaggregated RAN node 150 with distributed units (DUs) , such as DU 110 and DU 112. Communications system 100 also includes an aggregated RAN node 115 that serves UE 109, for example, without utilizing the split CU-DU design. Disaggregated RAN node 150 also includes a centralized unit (CU) 120, which includes a user plane (UP) protocol stack component 122 and a control plane (CP) protocol stack component 124. CU 120 is connected to the DUs, as well as other RAN nodes 115 and core network (CN) 125.
RAN nodes may also be referred to as access nodes, network controllers, control nodes, base stations, access points, transmission points (TPs) , transmission-reception points (TRPs) , cells, carriers, macro cells, femtocells, pico cells, and so on, while UEs may also be commonly referred to as mobile stations, mobiles, terminals, users, subscribers, stations, and the like.
While it is understood that communications systems may employ multiple network entities capable of communicating with a number of UEs, one disaggregated RAN node with only one CU, two DUs, one aggregated RAN node, and three UEs are illustrated for simplicity. In addition, it should be understood that the network topology in Figure 1 is exemplary, and particular networks may embody different topologies. For instance, the DUs of a communications system might not connect directly to a neighboring RAN node (interface R3 in the figure) , and some cellular systems could operate in a so-called  “standalone” mode without interworking with any neighboring system. Therefore, the communications system shown in Figure 1 should not be construed as being limiting to either the scope or spirit of the example embodiments.
As discussed previously, DUs implement a portion of the protocol stack. As shown in Figure 1, the DUs include physical (PHY) sublayer, media access control (MAC) sublayer, and radio link control (RLC) sublayer entities. As an illustrative example, DU 110 includes PHY sublayer entity 130, MAC sublayer entity 132, and RLC sublayer entity 134. The CUs also implement a portion of the protocol stack. As shown in Figure 1, the CUs implement service data adaptation protocol (SDAP) and packet data convergence protocol (PDCP) layer or sublayer entities in the user plane, and radio resource control (RRC) and PDCP layer or sublayer entities in the control plane. As an illustrative example, the control plane protocol stack component 124 of CU 120 includes RRC and PDCP sublayer entities 135. Although the RRC and PDCP sublayer entities are shown as a combined entity 135, they may be implemented as a single entity or as separate entities, depending on the implementation of the CU. Cryptographic operations such as encryption or decryption and message integrity protection are performed by the PDCP sublayer entity in both the control plane and the user plane.
Communications system 100, as shown in Figure 1, illustrates a hierarchical model of the NG RAN design, with one CU managing many DUs (e.g., CU 120 managing DUs 110 and 112) . The hierarchical model shown in Figure 1 illustrates a centralized CU and distributed DUs. Although the NG RAN design may be extended to situations with more than one CU, Figure 1 focusses on the portion of an NG RAN under the management of one CU. In general, a UE is served by one DU, and as a UE moves around, the link between UE and DU is relocated or switched to different DUs.
The discussion presented herein utilizes the following terms:
- RAN node: a radio access network entity providing connectivity between one or more UEs and a core network (CN) . A RAN node may be an NR RAN node (gNB) , an LTE RAN node (eNB) or an evolved next generation eNB (ng-eNB) connected either to a 4G evolved packet core (EPC) CN or to a 5G CN (5GC) . Throughout this document, discussions referring to "gNB" are also applicable to eNB and ng-eNB.
- CU: a central entity for both CP and UP.
- DU: a distributed entity for radio deployment. One DU may be responsible for one or more cells.
- cell: a cell provides radio connectivity to one or more UEs. The identity of a cell, e.g., a physical cell identity (PCI) , is unique in a limited coverage area.
Figure 2 illustrates an example NG RAN node 200. NG RAN node 200 includes a CU 210 controlling a plurality of DUs, such as DU 220, DU 222, and DU 224. The DUs shown in Figure 2 may be located at a single physical location (in a single entity, in multiple entities, or a combination of single and multiple entities) or at multiple physical locations (in multiple entities, or a combination of single and multiple entities) .
According to The Third Generation Partnership Project (3GPP) Fourth Generation (4G) system architecture specifications, such as in 3GPP Technical Standard (TS) 33.401, a security key hierarchy is defined based on the following:
- Security is established between a UE and the RAN after a successful Evolved Packet System Authentication and Key Agreement (EPS-AKA) authentication.
- Fundamentals of the authentication and key hierarchy uses long-term symmetric keying technology based on a K key that resides in the Home Subscriber Server (HSS) and the Universal Subscriber Identity Module (USIM) .
- A main master session key K ASME resides in the Mobile Equipment (ME) and the Mobility Management Entity (MME) .
- A RAN master session key KeNB is derived for use between the UE and the eNB, with RRC and UP cryptographic keys derived from KeNB.
A similar security key hierarchy is defined for 3GPP Fifth Generation (5G) systems in 3GPP Technical Standard (TS) 33.501 where a RAN master session key KgNB is derived for use between the UE and the gNB, with RRC and UP cryptographic keys derived from KgNB. Throughout this document, discussions referring to "KgNB" are also applicable to KeNB and to any intermediate key such as K NG-RAN*used during handover between NG RAN nodes.
There are two main two-dimensional keying materials that are used to guarantee synchronization of key derivation at the RAN node and the UE while maintaining secrecy: a Next Hop (NH) key that offers forward security and a Next Chain Counter (NCC) that is used to identify which NH key is used for the derivation of the current KgNB. When the UE receives the same NCC that the UE is using to reference the current KgNB, the current KgNB is used to derive a new master session key, KgNB*. This is referred to as horizontal key derivation. If the UE receives a different NCC, the different NCC conveys to the UE an indication to generate a new NH key corresponding to the different NCC and to use the new NH key to derive a new master session key KgNB. This is referred to as vertical key derivation.
Hence, the conventional security key hierarchy has the main principle that any derived key is a per-UE granularity key. As an example, the UE has a single encryption key (Kupenc) for UP traffic that is used to encrypt all UP traffic between the UE and the RAN  node. A similar situation exists for other security keys, such as UP integrity protection key (Kupint) , RRC control plane integrity protection key (Krrcint) , and RRC control plane encryption key (Krrcenc) .
As discussed previously, in the NG RAN architecture, two new aspects are permitted:
- a RAN node supports a split CU-DU architecture where one or more DUs may reside at physically different locations from the CU controlling them.
- a RAN node also supports the CU-CP and CU-UP split with CU-CP and CU-UP potentially residing in different physical locations, i.e., different security domains.
In some deployments, the UP traffic of the UE may no longer be anchored at a single CU-UP entity. This means that, for a particular UE, some UP traffic could be anchored at a first entity (e.g., CU-UP entity 1) and some UP traffic can be anchored at a second entity (e.g., CU-UP entity 2) . Therefore, the conventional UP cryptographic key hierarchy, which assumes there is a single UP cryptographic key set (Kupint and Kupenc) used between the UE and the RAN node, is no longer secure because the same Kupint and Kupenc key set will be distributed to multiple CU-UP entities, thereby creating a security risk –i.e., if one CU-UP entity is compromised, then a door is opened for compromising the UE UP traffic at other CU-UP entities. It is noted that although the discussion focusses on two entities (e.g., CU-UP entity 1 and CU-UP entity 2) , the example embodiments presented herein are operable with any plurality of entities.
Therefore, there is a need for systems and methods for supporting UP cryptographic key separation where a UP cryptographic key is not shared between multiple CU-UP entities.
Additionally, the NG RAN architecture supports a virtualized slice-based architecture. In such a virtualized environment, a UE may be connected to more than one slice. The possibility of each one of two (or more) slices being anchored at two (or more) different CU-UP entities is valid. In such a deployment, systems and methods for supporting UP cryptographic key separation where a single UP cryptographic key is not shared between multiple CU-UP entities are also needed. Furthermore, in a virtualized RAN environment, each slice may reside on a different virtual machine, and thus, UP cryptographic key separation between the slices is also required.
Figure 3A illustrates a first example CP-UP separation scenario 300. In scenario 300, a RAN node 305 includes a central CP entity 307 and a distributed entity 309. Central CP entity 307 includes a CU-CP 311, while distributed entity 309 includes a DU 313 and a CU-UP 315. The R1-C interface between the CU-CP 311 and DU 313 may, for example, be a  3GPP F1-C or V1-C interface. The R1-U interface between the CU-UP 315 and DU 313 may, for example, be a 3GPP F1-U or V1-U interface. The R2-C interface between the CU-CP 311 and CU-UP 315 may, for example, be a 3GPP E1 interface.
Figure 3B illustrates a second example CP-UP separation scenario 320. In scenario 320, a RAN node 325 includes a central UP entity 327 and a distributed entity 329. Central UP entity 327 includes a CU-UP 331, while distributed entity 329 includes a CU-CP 333 and a DU 335.
Figure 3C illustrates a third example CP-UP separation scenario 340. In scenario 340, a RAN node 345 includes a central UP entity 347, a central CP entity 349, and a distributed entity 351. Central UP entity 347 includes a CU-UP 353, central CP entity 349 includes a CU-CP 355, while distributed entity 351 includes a DU 357.
A UE may establish multiple protocol data unit (PDU) sessions with the core network. Over the Uu interface between a UE and RAN, UP traffic for a particular PDU session is conveyed over one or more data radio bearers (DRBs) dedicated to that session. Depending on UP traffic requirements, different PDU sessions may be assigned to different CU-UP entities. For example, a PDU session requiring a low latency connection to an external network may use CP-UP separation scenario 300 (Figure 3A) where the CU-UP 315 is connected via NG-U to a local break-out function. In another example, a PDU session requiring higher security for user plane connections may use CP-UP separation scenario 340 (Figure 3C) where the CU-UP 331 housing the PDCP entity responsible for UP cryptographic functions is located in a secure data center. Scenario 320 (Figure 3B) may be used, for example, to protect UP traffic over a backhaul network between the CU-UP 331 and DU 335 using the PDCP cryptographic functions located in the CU-UP 331.
At any point in time where a UE and a RAN node have a valid Access Stratum (AS) security association, there is a valid master key KgNB that may correspond to information pair {NH and NCC} . Other security keys, such as RRC and UP encryption and integrity protection keys, are derivatives of the master key KgNB and may, therefore, be referenced by the same information pair {NH and NCC} . Conventionally, CP traffic is conveyed over a single RRC connection between a UE and a single CU-CP entity, therefore the RRC keys (Krrcent and Krrcint) may continue to be referenced by the same information pair {NH and NCC} .
However, when different UP key sets are used in different CU-UP entities, the security for UE UP traffic may no longer be uniquely identified using the same information pair {NH and NCC} . Instead the information pair may be used to reference a group of UP security keys between the UE and the RAN.
According to an example embodiment, a new dimension (or variable) is provided that is applicable to UP security keys is associated with specific UE traffic that is terminated at a specific CU-UP entity. The new dimension does not reveal any information that may be used to identify the network topology. The new dimension is a key set identifier referred to as a user plane key number (UPKN) . It is noted that although the discussion of UPKN refers to it having a numerical value, the example embodiments are operable with any value of UPKN as long as the conditions for the UPKN are met. Therefore, the discussion of numerical values should not be construed as being limiting to either the scope or the spirit of the example embodiments. As an example, UPKN may have alphanumeric values, bit-string values, and so on.
In a first example embodiment, a secure mechanism is provided that enables UP cryptographic key separation between different UP traffic of a UE while the UE is connected to a RAN node. All options provide full network control, flexibility, and granularity of the UP cryptographic key may be as fine as on a per-DRB basis. However other granularities of the UP cryptographic key (such as per-UE, per group of DRBs, per-PDU session, per group of PDU sessions, per-UP entity, per-Quality of Service (QoS) flow, per group of QoS flows, per-packet flow, per group of packet flows, and so on) are possible.
A UPKN is an identifier assigned by the RAN node to a UP cryptographic key set and is communicated to the UE. A UPKN value may be an arbitrary identifier and may, for example, be a random number. The UPKN values do not need to be sequential. The UPKN value is used as an input to a key derivation function (KDF) ; other parameters that are required inputs to the KDF are also provided, including KgNB. Both the UE and the RAN node derive the same keys (Kupint and Kupenc) with the same granularity of the UP cryptographic key, e.g., per-DRB, per-PDU session, per RAN node CU-UP entity, per UE, and so on. The KDF may be a conventional 3GPP key derivation function; example inputs to the KDF may include:
- FC = distinguishing value (e.g. 0x15) ,
- P0 = algorithm type distinguisher (e.g., 0x00, 0x01, and so on) ,
- L0 = length of algorithm type distinguisher,
- P1 = algorithm identity (e.g., 0x00, 0x01, and so on) ,
- L1 = length of algorithm identity,
- P2 = UPKN value, and
- L2 = length of UPKN.
In a situation where per-UE granularity is desired, the RAN node may assign the same UPKN value to all DRBs that associated with the UE. In an embodiment, if the RAN node supports multiple CU-UP entities and the UE does not support the use of the UPKN,  the RAN node does not send the UPKN value to the UE and thus the UE and RAN node follow the conventional UP cryptographic key derivation without the split functionality. In this instance, all UE UP traffic is handled by a single CU-UP entity. In another embodiment, the RAN node can reserve the UPKN value of zero (although other values are possible) to indicate to the UE that UP cryptographic key separation is not needed. In other words, the UPKN value of zero (or some other reserved value) can have a special meaning.
In a second example embodiment, a secure mechanism is provided that enables UP cryptographic key separation between different UP traffic of a UE while the UE is connected to a RAN node. All options provide full network control, flexibility, and UP cryptographic key granularity as fine as on a per-DRB basis. However, other UP cryptographic key granularities (such as per-UE, per-PDU session, per-UP entity, and so on) are possible.
A UPKN is an identifier assigned by the RAN node to a UP cryptographic key set and is communicated to the UE. The UPKN may be used as a counter. It may be sequential, e.g., 0, 1, 2, 3, and so on; 255, 254, 253, and so on; A, B, C, and so on; A1, A2, A3, and so on; or Z, Y, X, and so on (other values may be possible) . The UPKN may be used as a counter to point to a random number generation scheme that is systematically and sequentially generates the same random number per UPKN at the UE and the RAN node. A User Next PDU (UND) key, which is generated by a random number generating scheme associated with the specific UPKN, may be used as an additional input to the KDF that is used to generate keys Kupint and Kupenc. Example inputs to the KDF may include:
- FC = distinguishing value (e.g., 0x15) ,
- P0 = algorithm type distinguisher (e.g., 0x00, 0x01, and so on) ,
- L0 = length of algorithm type distinguisher,
- P1 = algorithm identity (e.g., 0x00, 0x01, and so on) ,
- L1 = length of algorithm identity,
- P2 = UND value, and
- L2 = length of UND.
In a situation where per-UE granularity is desired, the RAN node may assign the same UPKN to all DRBs that belong to the UE. An example UND key generation technique comprises:
- An initial UND0 key is generated by having an initial KgNB and an initial RRC session identifier as input to the KDF, thereby generating UND0 for UPKN value of zero,
- UND1 is derived by having the current KgNB and UND0 as input to the KDF, thereby generating a key that maps to UPKN value of one,
- UND2 is derived by having the current KgnB, UND0, and UND1 as input to  the KDF, thereby generating a key that maps to UPKN value of two,
- UND3 is derived by having the current KgnB, UND0, UND1, and UND2 as input to the KDF, thereby generating a key that maps to UPKN value of three, and so on.
- The UND that maps to the UPKN is used as an additional input to the KDF to generate keys Kupint and Kupenc.
In a third example embodiment, a secure mechanism is provided that enables UP cryptographic key separation between different UP traffic of a UE while the UE is connected to a RAN node, with a per-RAN node CU-UP entity granularity.
A UPKN is assigned by the CU-CP for each CU-UP entity. At the CU-CP, a KgNB for a first CU-UP entity, CU-UP (1) , is derived from KgNB and a first UPKN, UPKN (1) ; a KgNB for a second CU-UP entity, CU-UP (2) , is derived from KgNB and a second UPKN, UPKN (2) ; and so on. At the CU-UP (1) , Kupint is derived from KgNB for CU-UP (1) and parameters for integrity check algorithm identity and integrity check algorithm length for CU-UP (1) , and Kupenc is derived from KgNB for CU-UP (1) and parameters for encryption algorithm identity and encryption algorithm length. At the CU-UP (2) , Kupint is derived from KgNB for CU-UP (2) and parameters for integrity check algorithm identity and integrity check algorithm length for CU-UP (2) , and Kupenc is derived from KgNB for CU-UP (2) and parameters for encryption algorithm identity and encryption algorithm length.
In other words, the CU-CP entity assigns a unique UPKN to each CU-UP entity, denoted UPKN (i) for CU-UP (i) , which is also provided to the UE. At a particular CU-UP (i) , a Kupint is derived in accordance with the KgNB for the CU-UP (i) and the UPKN (i) , as well as parameters for the integrity check algorithm identity and integrity check algorithm length for the CU-UP (i) , while a Kupenc is derived in accordance with the KgNB CU-UP (i) and the UPKN (i) , as well as parameters for the encryption algorithm identity and the encryption algorithm length. Because the UE also knows these values, the UE can also derive Kupint and Kupenc for the respective CU-UP (i) and the communications are secured on the per-CU-UP entity basis. Although the description of the third example embodiment focuses on per-CU-UP entity granularity, the third example embodiment is also operable at other granularities.
Figure 4 illustrates an example CP-UP separation scenario 400 highlighting UP separation with a per-PDU session UP cryptographic key granularity. CP-UP separation scenario 400 includes a RAN node 405 with a central CP entity 407, a first distributed entity 409, and a second distributed entity 411. For a UE 410, RRC CP keys 420 (such as Krrcint and Krrcenc) are derived from information pair {NH1 and NCC1} , while UP keys 431 for PDU session 1 (such as Kupint1 and Kupenc1) are derived from information triplet {NH1, NCC1, and UPKN1} and UP keys 432 for PDU session 2 (such as Kupint2 and Kupenc2) are derived from information triplet {NH1, NCC1, and UPKN2} . If RAN node 405 includes additional  distributed UP entities, keys for corresponding PDU sessions would be similarly derived, e.g., keys for PDU session n would be derived from information triplet {NH1, NCC1, and UPKNn} .
The CU-CP entity keeps track of the UP cryptographic keys (identified by UPKN) assigned for each CU-UP entity, which maps to the UE PDU sessions that are anchored at each CU-UP. The CU-CP entity communicates the UPKN to the UE, either during the PDU session setup or during DRB configuration. During a handover (HO) , a source RAN node does not need to communicate the UPKN values but the currently attached PDU sessions, and a target RAN node, based on its policy and deployment options, can specify whether one UPKN is needed for all PDU sessions or DRBs or multiple UPKNs are needed. Eventually, each active DRB configuration will include a corresponding UPKN. In the case of HO with dual connectivity (DC) , if the source RAN node UP traffic does not move to the target RAN node (s) , the operations in DC may be simplified.
According to an example embodiment, the RAN node tracks the UPKN assignments. During an initial attachment, the derived KgNB is associated with information pair {NH and NCC} . When the UE establishes a first PDU session after the initial attachment, the UP cryptographic keys (Kupint and Kupenc) for the PDU session may be derived based on the initial KgNB with an initial value for UPKN of '01', for example. When a second PDU session is established for the same UE, the RAN node allocates a new UPKN and communicates the UPKN using RRC signalling, for example, for the RRC reconfiguration of a DRB. The value of the new UPKN does not have to be sequential with respect to the initial UPKN value. However, the value may be monotonic, allowing the RAN node to maintain only the last allocated UPKN value per UE. Furthermore, the RAN node may maintain the mapping between the UE PDU sessions and respective UPKN values for the HO case. Hence, the UPKN values may be random.
Therefore, the UE and the RAN node may use the UPKN value and the UPKN length fields in the derivation of the security keys for the UP of each of the PDU sessions. In this manner, each PDU session will end up with separate UP cryptographic keys. If the RAN node knows that it does not support the anchoring of UE traffic at different CU-UP entities, the RAN node may assign the same UPKN value to multiple PDU sessions or all PDU sessions of the UE. In such a situation, UP security key separation is not required. It is noted that the discussion presented herein focusses on UPKN and UPKN values that are assigned on a per CU-UP basis. However, the example embodiments presented herein are also operable with UPKN and UPKN values that are assigned on a per UE, DRB or PDU session basis. Therefore, the discussion of UPKN and UPKN values should not be construed as being limiting to either the scope or spirit of the example embodiments.
Figure 5 illustrates a diagram 500 of communications exchanged and processing performed by devices or entities participating in the establishment of PDU sessions that are secured at two different CU-UP entities. The devices or entities include a UE 505, a DU 507, a CU-CP entity 509, a first CU-UP (CU-UP1) entity 511, and a second CU-UP (CU-UP2) entity 513.
UE 505 and DU 507 exchange messages to perform a random access procedure and establish a connection (event 520) . CU-CP 509 sends a CP reconfiguration message, such as a RRCConnectionReconfiguration or RRCReconfiguration message, to UE 505 to configure a first DRB of a first PDU session for UE 505 (event 522) . The CP reconfiguration message includes values for DRB1 (the first DRB) and UPKN1, as well as potentially other information. UE 505 uses KgNB and UPKN1 value to derive UP cryptographic keys Kupint1 and Kupenc1 (block 524) . UE 505 sends a CP reconfiguration acknowledgement message, such as a RRCConnectionReconfigurationComplete or RRCReconfigurationComplete message, to CU-CP 509 (event 526) . CU-CP 509 also uses KgNB and UPKN1 value to derive a local copy of UP cryptographic keys Kupint1 and Kupenc1 (event 528) . CU-CP 509 sends a CP message (e.g., a DRB setup message) including the local copy of UP cryptographic keys Kupint1 and Kupenc1 to CU-UP1 511 to establish the first DRB for UE 505 (event 530) . The first DRB is established between CU-UP1 511 and UE 505. CU-UP1 511 sends an acknowledgement back to CU-CP 509 (event 532) . CU-UP1 511 and UE 505 exchange UP messages using the first DRB (event 534) where each UP message is cryptographically protected using the UP keys Kupint1 and Kupenc1.
CU-CP 509 sends a CP reconfiguration message, such as a RRCConnectionReconfiguration or RRCReconfiguration message, to UE 505 to configure a second DRB of a second PDU session for UE 505 (event 536) . The CP reconfiguration message includes values for DRB2 (the second DRB) and UPKN2, as well as potentially other information. UE 505 uses KgNB and UPKN2 value to derive UP cryptographic keys Kupint2 and Kupenc2 (block 538) . UE 505 sends a reconfiguration acknowledgement, such as a RRCConnectionReconfigurationComplete or RRCReconfigurationComplete message, to CU-CP 509 (event 540) . CU-CP 509 also uses KgNB and UPKN2 value to derive a local copy of UP cryptographic keys Kupint2 and Kupenc2 (event 542) . CU-CP 509 sends a CP message (e.g., a DRB setup message) including the local copy of UP cryptographic keys Kupint2 and Kupenc2 to CU-UP2 513 to establish the DRB for UE 505 (event 544) . The second DRB is established between CU-UP2 513 and UE 505. CU-UP2 513 sends an acknowledgement back to CU-CP 509 (event 546) . CU-UP2 513 and UE 505 exchange UP messages using the second DRB (event 548) where each UP message is cryptographically protected using the UP keys Kupint2 and Kupenc2. In some embodiments, the configuration of DRB2 may be  transmitted by the CU-CP 509 to the UE 505 along with the configuration of DRB1 in a single CP configuration message (event 522) .
According to an example embodiment, in the situation of a HO, if a new KgNB is derived (either horizontally or vertically) , then new UP cryptographic keys are derived for all active PDU sessions. The new UP cryptographic keys are derived from the new KgNB and existing UPKN value (s) . In an embodiment, a target RAN node may communicate the new UPKN value (s) for each PDU session to the UE by way of a source RAN node or directly to the UE during the HO procedure. This technique also enables the HO of an active UE from a source RAN node that supports UE traffic anchored at multiple CU-UP entities to a target RAN node that supports only one CU-UP entity. In other words, when a NCC is communicated to the UE, the respective UPKN and PDU session identifiers also need to be communicated to the UE. However, if during a HO an existing KgNB continues to be used at the target RAN node, then the target RAN node may continue to use the same UP cryptographic keys for the active PDU sessions at the UE, as well as the same UPKN values as those assigned by the source RAN node.
Figure 6A illustrates a diagram 600 of communications exchanged and processing performed by devices or entities participating in a HO procedure, where the target RAN node does not support anchoring the UP traffic of a UE at multiple CU-UP entities and UPKN values are communicated between source and target RAN nodes in the HO procedure. The devices or entities include a UE 605, a source CU-CP and CU-UP entity 1 (source CU-CP/UP1) 607, a source CU-UP entity 2 (source CU-UP2) 609, a target CU-CP 611, and a target CU-UP 613. In diagram 600, the granularity of a UP cryptographic key is on a per-PDU session basis. However other granularities of the UP cryptographic key are possible as previously indicated.
Initially, source CU-CP/UP1 607 has a first PDU session (PDU1) and source CU-UP2 609 has a second PDU session (PDU2) configured (blocks 620 and 622) . However, due to signal conditions, for example, source CU-CP/UP1 607 determines that a HO is in order and sends a handover request to target CU-CP 611 (event 624) . The handover request may include a set of UP resources associated with PDU1, a UPKN associated with PDU1 (UPKN1) , a set of UP resources associated with PDU2, and a UPKN associated with PDU2 (UPKN2) . However, target CU-CP 611 supports only one CU-UP entity and assigns a third UPKN (UPKN3) to both PDU1 and PDU2 (block 626) . Target CU-CP 611 sends a handover request acknowledgment to source CU-CP/UP1 607 (event 628) . The handover request acknowledgement may include a set of target UP resources associated with PDU1, a set of target UP resources associated with PDU2, and the UPKN associated with PDU1 and PDU2 (UPKN3) . Source CU-CP/UP1 607 sends a CP handover command, such as an  RRCConnectionReconfiguration or RRCReconfiguration message, to UE 605 (event 630) . The handover command may include an identifier of a target cell associated with the target RAN node, the set of target UP resources associated with PDU1, the set of target UP resources associated with PDU2, and the UPKN to be associated with PDU1 and PDU2 (UPKN3) . UE 605 and target CU-CP 611 exchange messages to perform a random access procedure to establish a connection (event 632) . Target CU-CP 611 derives UP cryptographic keys for UE 605 (block 634) . Similarly, UE 605 derives UP cryptographic keys for the target cell associated with the target RAN node (block 635) . The UP cryptographic keys may be derived from KgNB and UPKN3, for example. UE 605 sends to target CU-CP 611 a handover complete message, such as a RRCConnectionReconfigurationComplete or RRCReconfigurationComplete message (event 636) . Target CU-CP 611 configures the PDU sessions at target CU-UP 613 (event 638) . Target CU-CP 611 may configure the PDU sessions by sending the UP cryptographic keys derived from KgNB and UPKN3 to target CU-UP 613. Target CU-UP 613 has both sessions PDU1 and PDU2 configured (block 640) .
Figure 6B illustrates a diagram 650 of communications exchanged and processing performed by devices or entities participating in a HO procedure, where the target RAN node does not support anchoring the UP traffic of a UE at multiple CU-UP entities and UPKN values are not communicated between source and target RAN nodes in the HO procedure. The devices or entities include a UE 605, a source CU-CP and first CU-UP entity 1 (source CU-CP/UP1) 607, a second source CU-UP entity 2 (source CU-UP2) 609, a target CU-CP 611, and a target CU-UP 613. In diagram 650, the granularity of a UP cryptographic key is on a per-PDU session basis. However other granularities of the UP cryptographic key are possible as previously indicated.
Initially, source CU-CP/UP1 607 has a first PDU session (PDU1) and source CU-UP2 609 has a second PDU session (PDU2) configured (blocks 660 and 662) . However, due to signal conditions, for example, source CU-CP/UP1 607 determines that a HO is in order and sends a handover request to target CU-CP 611 (event 664) . The handover request may include a set of UP resources associated with PDU1, and a set of UP resources associated with PDU2 but does not include the UPKNs associated with PDU1 and PDU2. Target CU-CP 611 supports only one CU-UP entity and assigns a UPKN (UPKN3) to both PDU1 and PDU2 (block 666) . Target CU-CP 611 sends a handover request acknowledgment to source CU-CP/UP1 607 (event 668) . The handover request acknowledgement may include a set of target UP resources associated with PDU1, a set of target UP resources associated with PDU2, and the UPKN associated with PDU1 and PDU2 (UPKN3) . Source CU-CP/UP1 607 sends a CP handover command, such as a RRCConnectionReconfiguration or RRCReconfiguration message, to UE 605 (event 670) . The handover command may include an identifier of a  target cell associated with the target RAN node, the set of target UP resources associated with PDU1, the set of target UP resources associated with PDU2, and the UPKN associated with PDU1 and PDU2 (UPKN3) . UE 605 and target CU-CP 611 exchange messages to perform a random access procedure to establish a connection (event 672) . Target CU-CP 611 derives UP cryptographic keys for UE 605 (block 674) . Similarly, UE 605 derives UP cryptographic keys for the target cell associated with the target RAN node (block 675) . The UP cryptographic keys may be derived from KgNB and UPKN3, for example. UE 605 sends to target CU-CP 611 a handover complete message, such as a RRCConnectionReconfigurationComplete or RRCReconfigurationComplete message (event 676) . Target CU-CP 611 configures the PDU sessions at target CU-UP 613 (event 678) . Target CU-CP 611 may configure the PDU sessions by sending the UP cryptographic keys derived from KgNB and UPKN3 to target CU-UP 613. Target CU-UP 613 has both sessions PDU1 and PDU2 configured (block 680) .
Figure 7 illustrates a diagram 700 of communications exchanged and processing performed by devices or entities participating in a HO procedure, where the target RAN node does not support anchoring the UP traffic of a UE at multiple CU-UP entities and UPKN values are not communicated between source and target RAN nodes in the HO procedure. This may, for example, be used for backward compatibility when the target RAN node is an aggregated RAN node or a disaggregated RAN node that does not support derivation of UP keys using UPKN as an input to the KDF. The devices or entities include a UE 705, a source CU-CP and first CU-UP entity 1 (source CU-CP/UP1) 707, a second source CU-UP entity 2 (source CU-UP2) 709, a target CU-CP 711, and a target CU-UP 713. If the target RAN node is an aggregated RAN node, target CU-CP 711, and target CU-UP 713 may be co-located. In diagram 700, the granularity of a UP cryptographic key is on a per-PDU session basis. However other granularities of the UP cryptographic key are possible as previously indicated.
Initially, source CU-CP/UP1 707 has a first PDU session (PDU1) and source CU-UP2 709 has a second PDU session (PDU2) configured (blocks 720 and 722) . However, due to signal conditions, for example, source CU-CP/UP1 707 determines that a HO is in order and sends a handover request to target CU-CP 711 (event 724) . The handover request may include a set of UP resources associated with PDU1, and a set of UP resources associated with PDU2, and the UPKNs associated with PDU1 and PDU2. In an alternative embodiment, the UPKNs associated with PDU1 and PDU2 are not included in the handover request. Target CU-CP 711 may be a conventional RAN node that supports only one CU-UP entity per UE (block 726) . Target CU-CP 711 sends a handover request acknowledgment to source CU-CP/UP1 707 (event 728) . The handover request acknowledgement may include a set of target UP resources associated with PDU1 and a set of target UP resources associated with PDU2  but does not include any UPKNs. Source CU-CP/UP1 707 sends a CP handover command, such as a RRCConnectionReconfiguration or RRCReconfiguration message, to UE 705 (event 730) . The handover command may include an identifier of a target cell associated with the target RAN node, the set of target UP resources associated with PDU1 and the set of target UP resources associated with PDU2, but does not include any UPKNs. UE 705 and target CU-CP 711 exchange messages to perform a random access procedure to establish a connection (event 732) . Target CU-CP 711 derives UP cryptographic keys for UE 705 using conventional inputs to the KDF (block 734) . Similarly, UE 705 derives UP cryptographic keys for the target cell associated with the target RAN node using conventional inputs to the KDF (block 735) . UE 705 sends to target CU-CP 711 a handover complete message, such as a RRCConnectionReconfigurationComplete or RRCReconfigurationComplete message (event 736) . Target CU-CP 711 may configure the target CU-UP 713 by sending the conventionally derived UP cryptographic keys for the UE 705 to target CU-UP 713. Target CU-CP 711 also configures the PDU sessions at target CU-UP 713 (event 738) . Target CU-UP 713 has both sessions PDU1 and PDU2 configured to use the same set of per-UE UP keys (block 740) .
Figure 8 illustrates a flow diagram of example operations 800 occurring in a CU-CP entity configuring security keys for CU-UP entities for a RAN node allowing the anchoring of UP traffic of a UE at multiple CU-UP entities. Operations 800 may be indicative of operations occurring in a CU-CP entity as the CU-CP entity configures security keys for a RAN node that allows the anchoring of UP traffic of a UE at multiple CU-UP entities.
Operations 800 begin with the CU-CP entity determining a UP resource and a granularity of UP cryptographic keys (block 805) to be associated with a UE. The UP resource may have the granularity of the UE, a DRB associated with the UE, one or more DRBs associated with the UE, a PDU session associated with the UE, one or more PDU sessions associated with the UE, a quality of service (QoS) flow associated with the UE, a group of one or more QoS flows associated with the UE, a packet flow associated with the UE, a group of one or more packet flows associated with the UE, a CU-UP entity of the RAN node, and so on. The granularity of UP cryptographic keys encompasses a smallest UP resource with unique UP cryptographic keys. Example granularity of UP cryptographic keys includes CU-UP entity, UE, PDU session, DRB, and so on. As an example, if the granularity of UP cryptographic keys comprises CU-UP entity, then each CU-UP entity of a RAN node associated with a particular UE is a UP resource and will have an associated UPKN. As another example, if the granularity of UP cryptographic keys comprises PDU session, then each PDU session established for a particular UE at the RAN node is a UP resource and will have an associated UPKN. As yet another example, if the granularity of UP cryptographic keys comprises DRB, then each DRB established for a particular UE at the RAN node is a UP  resource and will have an associated UPKN. Each UP resource should have a UPKN that is unique within the context of a particular UE to ensure integrity and encryption protection for each of the UP resources. The CU-CP entity generates a UPKN value for a UP resource based on the granularity of UP cryptographic keys (block 807) . As an example, the CU-CP entity may increment or decrement the current UPKN value to generate the new UPKN value. As another example, the CU-CP entity may randomly select a new UPKN value. The sequence of UPKN values may be monotonic to simplify the maintenance of the UPKN values. The new UPKN value is associated with the UP resource (e.g., a CU-UP entity, UE, a PDU session, a DRB, and so on) . The CU-CP entity sends a reconfiguration message with the new UPKN value to the UE (block 809) . The reconfiguration message may be a RRCConnectionReconfiguration or RRCReconfiguration message, for example. The CU-CP entity generates local UP cryptographic keys (block 811) . The local UP cryptographic keys may be generated in accordance with KgNB and the new UPKN value. The CU-CP entity sends the local UP cryptographic keys to the CU-UP entity (block 813) . The local UP cryptographic keys may be sent to the UP entity that is anchoring the UP resource for which the UPKN value was generated, for example a CU-UP entity. The local UP cryptographic keys may be used to secure communications involving the UP entity, for example communications over a DRB.
Figure 9 illustrates a flow diagram of example operations 900 occurring in a CU-CP entity configuring security keys for CU-UP entities for a RAN node allowing the anchoring of UP traffic of a UE at multiple CU-UP entities with DRB granularity of UP cryptographic keys. Operations 900 may be indicative of operations occurring in a CU-CP entity as the CU-CP entity configures security keys for a RAN node that allows the anchoring of UP traffic of a UE at multiple CU-UP entities with DRB granularity of UP cryptographic keys. Although the discussion focuses on the DRB granularity of UP cryptographic keys, other granularities are also supported. Therefore, the discussion of DRB granularity should not be construed as being limiting to the scope or spirit of the example embodiments.
Operations 900 begin with the CU-CP entity initializing a counter i (block 905) . Counter i may be initialized to 1, for example. However, other values are possible. The counter i may be used to index CU-UP entities. The CU-CP entity performs a check to determine if the RAN node supports CP-UP splitting (block 907) . If the RAN node does support CP-UP splitting, the CU-CP entity performs a check to determine if a DRB associated with a particular UE is anchored at CU-UP entity i (block 909) . If a DRB is anchored at the CU-UP entity i, then the CU-CP entity generates a UPKN (i) , which is a new UPKN for CU-UP entity i (block 911) . The CU-CP entity also sends a reconfiguration message with the UPKN (i) to the UE (block 911) . The CU-CP entity generates a local version of the UP cryptographic  keys for the CU-UP entity i (block 913) . The local version of the UP cryptographic keys may be generated using a KDF with KgNB and UPKN (i) as inputs, for example. The CU-CP entity sends the local version of the UP cryptographic keys to the CU-UP entity i (block 915) . Operations 900 continue at block 917.
If a DRB is not anchored at the CU-UP entity i (block 909) , then operations 900 continue at block 917. The CU-CP entity increments the counter i to identify another CU-UP entity associated with the RAN node (block 917) . Although the discussion of the example embodiment presents the incrementing of the counter i, the counter i may also be decremented in other example embodiments. The CU-CP entity performs a check to determine if the counter i exceeds the number of CU-UP entities associated with the RAN node (block 919) . In another embodiment where the counter i is decremented, the CU-CP entity performs a check to determine if the counter i is smaller than a specified number, e.g., 0 or 1. In other words, the CU-CP entity checks to determine if it has checked all of the CU-UP entities for DRBs associated with a particular UE. If the counter i does not exceed the number of CU-UP entities, the CU-CP entity returns to block 909 to check if a DRB is anchored at CU-UP entity i. If the counter i exceeds the number of CU-UP entities, then the CU-CP entity has checked all CU-UP entities. Operations 900 terminates.
If the RAN node does not support CP-UP splitting (block 907) , the CU-CP entity sends a reconfiguration message without a UPKN value to the UE (block 921) . The reconfiguration message without a UPKN value results in UP cryptographic keys being generated on a per-UE granularity. The CU-CP entity generates a local version of the UP cryptographic keys (block 923) . The local version of the UP cryptographic keys may be generated using a KDF with KgNB as an input value and without a UPKN value. The CU-CP entity sends the local version of the UP cryptographic keys to the CU-UP entity (or entities) (block 925) . Operations 900 terminates.
Figure 10 illustrates a flow diagram of example operations 1000 occurring in a UE participating in DRB configuration. Operations 1000 may be indicative of operations occurring in a UE as the UE participates in DRB configuration.
Operations 1000 begin with the UE receiving a reconfiguration request, such as a RRCConnectionReconfiguration or RRCReconfiguration message (block 1005) . The UE performs a check to determine if the reconfiguration request includes a UPKN value (block 1007) . If the reconfiguration request includes a UPKN value, then the UE includes the UPKN value in the input to a KDF used to derive UP cryptographic keys (block 1009) . The UE uses the UP cryptographic keys to protect UP traffic for a DRB prior to sending the UP traffic to a RAN node or after receiving the UP traffic from a RAN node (block 1011) . If the reconfiguration request does not include a UPKN value, then the UE derives UP  cryptographic keys without including a UPKN value in the input to a KDF used to derive the UP cryptographic keys (block 1013) . The UE uses the UP cryptographic keys to protect UP traffic conveyed over a DRB between the UE and a RAN node (block 1011) .
Figure 11 illustrates a flow diagram of example operations 1100 occurring in a source CU-CP participating in a HO procedure. Source CU-CP has one or more PDU sessions associated with a UE. Source CU-CP determines that a HO is in order and identifies a target RAN node for the UE (block 1105) . Source CU-CP sends a request message (e.g., a handover request) to the target RAN node (block 1107) . The request message may include a set of UP resources associated with each of the PDU sessions. The request message may also include a source UPKN for each of the UP resources or PDU sessions. Source CU-CP receives a response message (e.g., a handover acknowledgement) from the target RAN node (block 1109) . The response message may include a set of target UP resources associated with each of the PDU sessions. The response message may include a target UPKN to be associated with each of the target UP resources or PDU sessions. Source CU-CP sends a message (e.g., a handover command) to the UE (block 1111) . The message to the UE may include the set of target UP resources associated with each of the PDU sessions and the target UPKN associated with each of the target UP resources or PDU sessions.
The example embodiments include the following aspects: 1. The CP/UP separation does not impact the non-access stratum (NAS) security solutions; 2. The CU-CP selects which security algorithms should be used by the CU-UP; 3. The CU-CP is responsible for all security signaling towards UE and CN and for key derivation. The CU-CP provides the UP security keys (i.e., Kupenc, Kupint) to the CU-UP during DRB setup and during key refresh. The CU-CP ensures that the same UP security keys are not reused in different UP security domains; and 4. The CU-CP is able to trigger Counter Check and trigger action to prevent PDCP COUNT wrap around.
The UE UP traffic can be anchored at different CU-UP entities where these CU-UP entities under the control of the same CU-CP. In these CU-UP entities may be located in different physical locations with different security risks. In other words, the CU-CP may be in control of multiple CU-UP entities where different CU-UP entities are in different security domains. In this case, the UP keys used to protect the UE UP traffic at one CU-UP entity must be different from the UP keys used at the other CU-UP entity.
Conventionally, the RAN node and the UE always generate a UP integrity protection and encryption keys that are per-UE. This means that the UE uses the same UP integrity protection key for all the UE UP traffic. Similarly, the UE uses the same UP encryption key to encrypt all UE UP traffic. Therefore a mechanism is required to define the  input for the KDF function used for UP keys derivation with the CU-UP and CU-UP split in mind.
There may be multiple inputs to the KDF that could be used to ensure that the UP integrity and encryption keys used to protect the UE UP traffic that is anchored at a first CU-UP entity is different than the UP keys that are used to protect the UE traffic that is anchored at a second CU-UP entity:
Option 1: Using DRB identifier. The utilization of the DRB ID recognizes that a DRB is anchored at one CU-UP –i.e. UP traffic carried over a DRB is not split across multiple CU-UPs. However, using DRB ID has some disadvantages, including: 1. The same UE will end up with multiple UP security keys for traffic that is anchored at one CU-UP entity. That is not needed to address the CU-CP/UP split. 2. The number of UP security keys per UE may be large and that may impact the UE performance related to derivation and storage of numerous keys. 3. Informing the UE whether to derive a new key or which key to use may increase signaling and the processing overheads within the RAN node and the UE.
Option 2: Using PDU session identifier. The utilization of the PDU session identifier is an option that is not as fine-grained as the DRB identifier. However, using PDU session identifier still has some disadvantages, including: 1. It assumes that all DRBs associated with a given PDU session are handled by the same CU-UP. In some scenarios, different DRBs of a PDU session may have different QoS requirements which may require handling by different CU-UPs. 2. The same UE may end up with multiple UP keys per CU-UP, i.e., the separation of UP keys is not directly related to the CU-CP/UP split. 3. Item (2) may result in the derivation and maintenance of unnecessary keys which can thus impact the UE performance. 4. Informing the UE whether to derive a new key or which key to use may increase signaling and the processing overheads within the RAN node and the UE.
By contrast, using a value controlled by the CU-CP ensures that UP keys are only derived when required to accommodate a CU-CP/UP split. Because the CU-CP is in control of all the CU-UP entities and aware of which UE PDU session is anchored at which CU-UP entity, then the CU-CP can track a key identifier (e.g., a UPKN) that maps to the UE and all of the UE traffic that is anchored at each CU-UP entity. The CU-CP uses the specific key identifier in addition to KgNB and other parameters to derive the corresponding UP cryptographic key set (Kupint and Kupenc) and then deliver these keys to the appropriate CU-UP entity. The UE derives similar key sets based on the key identifiers (UPKNs) signaled to the UE by the CU-CP.
Advantages of the UPKN-based solution include: 1. It allows the CU-CP to have full control over when different UP key sets must be derived and minimizes the number of  distinct key sets required to ensure one key per-UE per-CU-UP entity. 2. It is not tightly coupled with a physical connection identifier. The key set identifier (UPKN) included in the RRC signaling for DRB configuration immediately indicates to the UE whether to generate a new key (i.e., if the UPKN is new value) or to use an existing key that has been derived for other DRBs (i.e., if the UPKN is not new value) . 3. It does not expose network topology to the UE –i.e. the UE does not need to know how a RAN node is implemented (aggregated node, CU/DU split, CU-CP/UP split) .
In order to achieve UP security key separation for the CU-CP and CU-UP separation architecture, the RAN node uses a UPKN per-UE and per-CU-UP entity to control UP key separation and provides the UPKN to the UE using RRC signaling for DRB configuration. The UPKN is used by the UE and the RAN node as an additional input to the KDF used for deriving the UP key set (i.e., the Kupint and Kupenc keys) .
Because the CU-CP is in control of all the CU-UP entities and aware of which UE’s PDU session is anchored at which CU-UP resource, then the CU-CP can track a key set identifier (e.g., the UPKN) that maps to the UE and all of the UE traffic that is anchored at each CU-UP resource. The CU-CP uses the specific UPKN in addition to KgNB and other parameters to derive the Kupint and Kupenc and then deliver these keys to the CU-UP resource. The UE derives similar key sets based on the key identifiers (UPKNs) signaled to the UE by the CU-CP.
When the RAN node architecture supports a CU-CP and CU-UP split and the same CU-CP controls multiple CU-UP entities, the CU-CP associates a UPKN with all UE DRBs that are anchored at the same CU-UP entity. Each UPKN number is associated with the UE AS security context.
When the CU-CP configures a UE DRB, the CU-CP indicates which UPKN is to be associated with this DRB and indicates the same UPKN for all of the UE DRBs that are anchored at the same CU-UP entity. The CU-CP uses the UPKN as an additional input to the Kupint and Kupenc derivation. The CU-CP communicates the UPKN to the UE during the DRB configuration using a CP reconfiguration message such as an RRCConnectionReconfiguration or RRCReconfiguration message. The UPKN is secure against any man-in-the-middle (MiTM) attack as it is communicated to the UE in a CP reconfiguration message which is encrypted and integrity protected using the CP key set (Krrcenc and Krrcint) .
The UE uses the UPKN as an additional input to the Kupint and Kupenc derivation and uses the same key set (Kupint and Kupenc) for all DRBs that are assigned the same UPKN. The UE is only required to record the set of UPKNs that are currently in use  and assumes that the CU-CP will always provide a fresh (i.e., unused) UPKN for each new UPKN value.
The CU-CP maintains a UPKN per-UE per-CU-UP entity during the duration of the current AS security context between the UE and the CU-CP. If the RAN node architecture does not support a CU-CP and CU-UP split or the CU-CP controls a single CU-UP entity, the CU-CP sets the UPKN to '0' (or some other agreed upon value) for all the UE DRBs. Alternatively, the CU-CP does not send the UPKN during all of the UE DRB configurations and a default value of the UPKN may be assumed by both the UE and the CU-CP. Alternatively, the UPKN is not used, whether or not the CU-CP sends the UPKN.
The UE and CU-CP derive the UP security keys, i.e., Kupint and Kupenc, for the CU-UP entity using a standardized KDF. Figure 12 illustrates an example key derivation procedure 1200, highlighting additions incorporated in the UP key hierarchy. As shown in Figure 12, UPKN 1205 is added to the inputs to the KDF. A value of UPKN (i) produces the UP key set Kupint (i) (1210) and Kupenc (i) (1212) that may be used by the UE and a CU-UP (i) . A different value of UPKN (i+1) produces a different UP key set Kupint (i+1) (1220) and Kupenc (i+1) (1222) that may be used by the UE and a CU-UP (i+1) .
Figure 13 illustrates an example communication system 1300. In general, the system 1300 enables multiple wireless or wired users to transmit and receive data and other content. The system 1300 may implement one or more channel access methods, such as code division multiple access (CDMA) , time division multiple access (TDMA) , frequency division multiple access (FDMA) , orthogonal FDMA (OFDMA) , single-carrier FDMA (SC-FDMA) , or non-orthogonal multiple access (NOMA) .
In this example, the communication system 1300 includes electronic devices (ED) 1310a-1310c, radio access networks (RANs) 1320a-1320b, a core network 1330, a public switched telephone network (PSTN) 1340, the Internet 1350, and other networks 1360. While certain numbers of these components or elements are shown in Figure 13, any number of these components or elements may be included in the system 1300.
The EDs 1310a-1310c are configured to operate or communicate in the system 1300. For example, the EDs 1310a-1310c are configured to transmit or receive via wireless or wired communication channels. Each ED 1310a-1310c represents any suitable end user device and may include such devices (or may be referred to) as a user equipment or device (UE) , wireless transmit or receive unit (WTRU) , mobile station, fixed or mobile subscriber unit, cellular telephone, personal digital assistant (PDA) , smartphone, laptop, computer, touchpad, wireless sensor, or consumer electronics device.
The RANs 1320a-1320b here include base stations 1370a-1370b, respectively. Each base station 1370a-1370b is configured to wirelessly interface with one or more of the EDs 1310a-1310c to enable access to the core network 1330, the PSTN 1340, the Internet 1350, or the other networks 1360. For example, the base stations 1370a-1370b may include (or be) one or more of several well-known devices, such as a base transceiver station (BTS) , a Node-B (NodeB) , an evolved NodeB (eNB) , a Next Generation (NG) eNB (ng-eNB) , a New Radio (NR) NodeB (gNB) , a Home NodeB, a Home eNB, a site controller, an access point (AP) , or a wireless router. The EDs 1310a-1310c are configured to interface and communicate with the Internet 1350 and may access the core network 1330, the PSTN 1340, or the other networks 1360.
In the embodiment shown in Figure 13, the base station 1370a forms part of the RAN 1320a, which may include other base stations, elements, or devices. Also, the base station 1370b forms part of the RAN 1320b, which may include other base stations, elements, or devices. Each base station 1370a-1370b operates to transmit or receive wireless signals within a particular geographic region or area, sometimes referred to as a “cell. ” In some embodiments, multiple-input multiple-output (MIMO) technology may be employed having multiple transceivers for each cell.
The base stations 1370a-1370b communicate with one or more of the EDs 1310a-1310c over one or more air interfaces 1390 using wireless communication links. The air interfaces 1390 may utilize any suitable radio access technology.
It is contemplated that the system 1300 may use multiple channel access functionality, including such schemes as described above. In particular embodiments, the base stations and EDs implement New Radio (NR) , LTE, LTE-A, or LTE-B. Of course, other multiple access schemes and wireless protocols may be utilized.
The RANs 1320a-1320b are in communication with the core network 1330 to provide the EDs 1310a-1310c with voice, data, application, Voice over Internet Protocol (VoIP) , or other services. Understandably, the RANs 1320a-1320b or the core network 1330 may be in direct or indirect communication with one or more other RANs (not shown) . The core network 1330 may also serve as a gateway access for other networks (such as the PSTN 1340, the Internet 1350, and the other networks 1360) . In addition, some or all of the EDs 1310a-1310c may include functionality for communicating with different wireless networks over different wireless links using different wireless technologies or protocols. Instead of wireless communication (or in addition thereto) , the EDs may communicate via wired communication channels to a service provider or switch (not shown) , and to the Internet 1350.
Although Figure 13 illustrates one example of a communication system, various changes may be made to Figure 13. For example, the communication system 1300 could include any number of EDs, base stations, networks, or other components in any suitable configuration.
Figures 14A and 14B illustrate example devices that may implement the methods and teachings according to this disclosure. In particular, Figure 14A illustrates an example ED 1410, and Figure 14B illustrates an example base station 1470. These components could be used in the system 1300 or in any other suitable system.
As shown in Figure 14A, the ED 1410 includes at least one processing unit 1400. The processing unit 1400 implements various processing operations of the ED 1410. For example, the processing unit 1400 could perform signal coding, data processing, power control, input/output processing, or any other functionality enabling the ED 1410 to operate in the system 1300. The processing unit 1400 also supports the methods and teachings described in more detail above. Each processing unit 1400 includes any suitable processing or computing device configured to perform one or more operations. Each processing unit 1400 could, for example, include a microprocessor, microcontroller, digital signal processor, field programmable gate array, or application specific integrated circuit.
The ED 1410 also includes at least one transceiver 1402. The transceiver 1402 is configured to modulate data or other content for transmission by at least one antenna or NIC (Network Interface Controller) 1404. The transceiver 1402 is also configured to demodulate data or other content received by the at least one antenna 1404. Each transceiver 1402 includes any suitable structure for generating signals for wireless or wired transmission or processing signals received wirelessly or by wire. Each antenna 1404 includes any suitable structure for transmitting or receiving wireless or wired signals. One or multiple transceivers 1402 could be used in the ED 1410, and one or multiple antennas 1404 could be used in the ED 1410. Although shown as a single functional unit, a transceiver 1402 could also be implemented using at least one transmitter and at least one separate receiver.
The ED 1410 further includes one or more input/output devices 1406 or interfaces (such as a wired interface to the Internet 1350) . The input/output devices 1406 facilitate interaction with a user or other devices (network communications) in the network. Each input/output device 1406 includes any suitable structure for providing information to or receiving information from a user, such as a speaker, microphone, keypad, keyboard, display, or touch screen, including network interface communications.
In addition, the ED 1410 includes at least one memory 1408. The memory 1408 stores instructions and data used, generated, or collected by the ED 1410. For example, the  memory 1408 could store software or firmware instructions executed by the processing unit (s) 1400 and data used to reduce or eliminate interference in incoming signals. Each memory 1408 includes any suitable volatile or non-volatile storage and retrieval device (s) . Any suitable type of memory may be used, such as random access memory (RAM) , read only memory (ROM) , hard disk, optical disc, subscriber identity module (SIM) card, memory stick, secure digital (SD) memory card, and the like.
As shown in Figure 14B, the base station 1470 includes at least one processing unit 1450, at least one transceiver 1452, which includes functionality for a transmitter and a receiver, one or more antennas 1456, at least one memory 1458, and one or more input/output devices or interfaces 1466. A scheduler, which would be understood by one skilled in the art, is coupled to the processing unit 1450. The scheduler could be included within or operated separately from the base station 1470. The processing unit 1450 implements various processing operations of the base station 1470, such as signal coding, data processing, power control, input/output processing, or any other functionality. The processing unit 1450 can also support the methods and teachings described in more detail above. Each processing unit 1450 includes any suitable processing or computing device configured to perform one or more operations. Each processing unit 1450 could, for example, include a microprocessor, microcontroller, digital signal processor, field programmable gate array, or application specific integrated circuit.
Each transceiver 1452 includes any suitable structure for generating signals for wireless or wired transmission to one or more EDs or other devices. Each transceiver 1452 further includes any suitable structure for processing signals received wirelessly or by wire from one or more EDs or other devices. Although shown combined as a transceiver 1452, a transmitter and a receiver could be separate components. Each antenna 1456 includes any suitable structure for transmitting or receiving wireless or wired signals. While a common antenna 1456 is shown here as being coupled to the transceiver 1452, one or more antennas 1456 could be coupled to the transceiver (s) 1452, allowing separate antennas 1456 to be coupled to the transmitter and the receiver if equipped as separate components. Each memory 1458 includes any suitable volatile or non-volatile storage and retrieval device (s) . Each input/output device 1466 facilitates interaction with a user or other devices (network communications) in the network. Each input/output device 1466 includes any suitable structure for providing information to or receiving/providing information from a user, including network interface communications.
Figure 15 is a block diagram of a computing system 1500 that may be used for implementing the devices and methods disclosed herein. For example, the computing system can be any entity of UE, access network (AN) , mobility management (MM) , session  management (SM) , user plane gateway (UPGW) , or access stratum (AS) . Specific devices may utilize all of the components shown or only a subset of the components, and levels of integration may vary from device to device. Furthermore, a device may contain multiple instances of a component, such as multiple processing units, processors, memories, transmitters, receivers, etc. The computing system 1500 includes a processing unit 1502. The processing unit includes a central processing unit (CPU) 1514, memory 1508, and may further include a mass storage device 1504, a video adapter 1510, and an I/O interface 1512 connected to a bus 1520.
The bus 1520 may be one or more of any type of several bus architectures including a memory bus or memory controller, a peripheral bus, or a video bus. The CPU 1514 may comprise any type of electronic data processor. The memory 1508 may comprise any type of non-transitory system memory such as static random access memory (SRAM) , dynamic random access memory (DRAM) , synchronous DRAM (SDRAM) , read-only memory (ROM) , or a combination thereof. In an embodiment, the memory 1508 may include ROM for use at boot-up, and DRAM for program and data storage for use while executing programs.
The mass storage 1504 may comprise any type of non-transitory storage device configured to store data, programs, and other information and to make the data, programs, and other information accessible via the bus 1520. The mass storage 1504 may comprise, for example, one or more of a solid state drive, hard disk drive, a magnetic disk drive, or an optical disk drive.
The video adapter 1510 and the I/O interface 1512 provide interfaces to couple external input and output devices to the processing unit 1502. As illustrated, examples of input and output devices include a display 1518 coupled to the video adapter 1510 and a mouse, keyboard, or printer 1516 coupled to the I/O interface 1512. Other devices may be coupled to the processing unit 1502, and additional or fewer interface cards may be utilized. For example, a serial interface such as Universal Serial Bus (USB) (not shown) may be used to provide an interface for an external device.
The processing unit 1502 also includes one or more network interfaces 1506, which may comprise wired links, such as an Ethernet cable, or wireless links to access nodes or different networks. The network interfaces 1506 allow the processing unit 1502 to communicate with remote units via the networks. For example, the network interfaces 1506 may provide wireless communication via one or more transmitters/transmit antennas and one or more receivers/receive antennas. In an embodiment, the processing unit 1502 is coupled to a local-area network 1522 or a wide-area network for data processing and  communications with remote devices, such as other processing units, the Internet, or remote storage facilities.
It should be appreciated that one or more steps of the embodiment methods provided herein may be performed by corresponding units or modules. For example, a signal may be transmitted by a transmitting unit or a transmitting module. A signal may be received by a receiving unit or a receiving module. A signal may be processed by a processing unit or a processing module. Other steps may be performed by a generating unit or module, a providing unit or module, a determining unit or module, a participating unit or module, or a securing unit or module. The respective units or modules may be hardware, software, or a combination thereof. For instance, one or more of the units or modules may be an integrated circuit, such as field programmable gate arrays (FPGAs) or application-specific integrated circuits (ASICs) .
Although the present disclosure and its advantages have been described in detail, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the disclosure as defined by the appended claims.

Claims (67)

  1. A computer-implemented method for operating a network node in a radio access network (RAN) , the computer-implemented method comprising:
    determining, by the network node, a user plane (UP) resource of the RAN anchored at a UP entity of the RAN;
    generating, by the network node, a UP key set identifier to be associated with a set of UP cryptographic keys, where the set of UP cryptographic keys are to be associated with the UP resource;
    sending, by the network node, to a user equipment (UE) , a control plane (CP) message including the UP key set identifier and an identifier associated with the UP resource;
    generating, by the network node, the set of UP cryptographic keys in accordance with the UP key set identifier; and
    sending, by the network node, to the UP entity of the RAN, the set of UP cryptographic keys and the identifier associated with the UP resource, wherein the UP entity of the RAN cryptographically protects UP traffic conveyed over the UP resource using the set of UP cryptographic keys.
  2. The computer-implemented method of any preceding claim, wherein generating the set of UP cryptographic keys comprises providing at least the UP key set identifier and a security key associated with the network node to a key derivation function used to derive the set of UP cryptographic keys.
  3. The computer-implemented method of any preceding claim, wherein the UP key set identifier is a number or counter maintained by the network node.
  4. The computer-implemented method of claims 1 or 2, wherein the UP key set identifier has one of a numerical value, an alphanumeric value, or a bit string value.
  5. The computer-implemented method of claims 1 or 2, wherein the UP key set identifier is randomly generated, and wherein the UP key set identifier is monotonically increasing or monotonically decreasing with respect to a previously generated UP key set identifier associated with the UP resource of the RAN.
  6. The computer-implemented method of claims 1 or 2, wherein the UP key set identifier is sequentially incremented or decremented with respect to a previously generated UP key set identifier associated with the UP resource of the RAN.
  7. The computer-implemented method of claims 1 or 2, wherein the UP key set identifier comprises an index to a set of randomly generated numbers, and wherein the set of  UP cryptographic keys is generated in accordance with the randomly generated number associated with the index.
  8. The computer-implemented method of any preceding claim, wherein the CP message comprises a radio resource control (RRC) message.
  9. The computer-implemented method of any preceding claim, wherein the UP resource of the RAN comprises one of: the UE, a data radio bearer (DRB) associated with the UE, a group of one or more DRBs associated with the UE, a protocol data unit (PDU) session associated with the UE, a group of one or more PDU sessions associated with the UE, a quality of service (QoS) flow associated with the UE, a group of one or more QoS flows associated with the UE, a packet flow associated with the UE, a group of one or more packet flows associated with the UE, or the UP entity of the RAN.
  10. The computer-implemented method of any preceding claim, wherein the UP key set identifier is any one of: a numerical value, an alphanumeric value, a bit string value, or an index to a set of randomly generated numbers, wherein the set of UP cryptographic keys is generated in accordance with the randomly generated number associated with the index.
  11. A computer-implemented method for operating a network node in a radio access network (RAN) , the computer-implemented method comprising:
    determining, by the network node, that a first data radio bearer (DRB) of a user equipment (UE) is anchored at a first user plane (UP) entity of the RAN, and based thereon,
    generating, by the network node, a first UP key set identifier associated with the first UP entity of the RAN;
    sending, by the network node, to the UE, a first control plane (CP) message including the first UP key set identifier and an identifier associated with the first DRB;
    generating, by the network node, a first set of UP cryptographic keys, the generating in accordance with the first UP key set identifier; and
    sending, by the network node, to the first UP entity of the RAN, the first UP key set identifier, the first set of UP cryptographic keys and the identifier associated with the first DRB, wherein the first UP entity of the RAN cryptographically protects UP traffic conveyed over the first DRB using the first set of UP cryptographic keys.
  12. The computer-implemented method of claim 11, further comprising:
    determining, by the network node, that a second DRB of the UE is anchored at a second UP entity of the RAN, and based thereon,
    generating, by the network node, a second UP key set identifier associated with the second UP entity of the RAN;
    sending, by the network node, to the UE, a second CP message including the second UP key set identifier and an identifier associated with the second DRB;
    generating, by the network node, a second set of UP cryptographic keys, the generating in accordance with the second UP key set identifier; and
    sending, by the network node, to the second UP entity of the RAN, the second UP key set identifier, the second set of UP cryptographic keys and the identifier associated with the second DRB, wherein the second UP entity of the RAN cryptographically protects UP traffic conveyed over the second DRB using the second set of UP cryptographic keys.
  13. The computer-implemented method of claims 11 or 12, further comprising:
    determining, by the network node, that a third DRB of the UE is anchored at the first UP entity of the RAN, and based thereon,
    sending, by the network node, to the UE, a third CP message including the first UP key set identifier and an identifier associated with the third DRB; and
    sending, by the network node, to the first UP entity of the RAN, the first UP key set identifier and the identifier associated with the third DRB, wherein the first UP entity of the RAN cryptographically protects UP traffic conveyed over the third DRB using the first set of UP cryptographic keys.
  14. A computer-implemented method for operating a network node in a radio access network (RAN) , the computer-implemented method comprising:
    determining, by the network node, that a second network node of the RAN is a target for a handover of a user equipment (UE) ;
    sending, by the network node, a network control plane (NCP) request message to the second network node, the NCP request message comprising a first set of UP resources of the RAN that are associated with the UE;
    receiving, by the network node, an NCP response message from the second network node, the NCP response message comprising a second set of UP resources of the RAN that are to be associated with the UE and, for each UP resource in the second set of UP resources, a corresponding UP key set identifier; and
    sending, by the network node, a control plane (CP) message to the UE, the CP message comprising the second set of UP resources and, for each UP resource in the second set of UP resources, the corresponding UP key set identifier.
  15. The computer-implemented method of claim 14, wherein the NCP request message further comprises a corresponding UP key set identifier for each UP resource in the first set of UP resources.
  16. A computer-implemented method for operating a user equipment (UE) in a radio access network (RAN) , the computer-implemented method comprising:
    receiving, by the UE, a control plane (CP) message, the CP message comprising identities of multiple user plane (UP) resources of the RAN and multiple UP key set identifiers with each UP resource associated with one of the UP key set identifiers;
    generating, by the UE, a set of UP cryptographic keys for each one of the UP key set identifiers, the generating in accordance with the UP key set identifier; and
    using, by the UE, the set of UP cryptographic keys corresponding to the UP key set identifier associated with a UP resource to cryptographically protect UP traffic conveyed over the UP resource.
  17. The computer-implemented method of claim 16, wherein the CP message comprises a handover command and the UP resources comprise UP resources of the RAN associated with a handover target RAN node.
  18. A network node in a radio access network (RAN) comprising:
    a non-transitory memory storage comprising instructions; and
    one or more processors in communication with the memory storage, wherein the one or more processors execute the instructions to:
    determine a user plane (UP) resource of the RAN anchored at a UP entity of the RAN,
    generate a UP key set identifier to be associated with a set of UP cryptographic keys, where the set of UP cryptographic keys are to be associated with the UP resource,
    send to a user equipment (UE) , a control plane (CP) message including the UP key set identifier and an identifier associated with the UP resource,
    generate the set of UP cryptographic keys in accordance with the UP key set identifier, and
    send to the UP entity of the RAN, the set of UP cryptographic keys and the identifier associated with the UP resource, wherein the UP entity of the RAN cryptographically protects UP traffic conveyed over the UP resource using the set of UP cryptographic keys.
  19. The network node of claim 18, wherein the one or more processors further execute the instructions to provide at least the UP key set identifier and a security key associated with the network node to a key derivation function used to derive the set of UP cryptographic keys.
  20. The network node of claims 18 or 19, wherein the UP key set identifier is a number or counter maintained by the network node.
  21. The network node of claims 18 or 19, wherein the UP key set identifier has one of a numerical value, an alphanumeric value, or a bit string value.
  22. The network node of claims 18 or 19, wherein the UP key set identifier is randomly generated, and wherein the UP key set identifier is monotonically increasing or monotonically decreasing with respect to a previously generated UP key set identifier associated with the UP resource of the RAN.
  23. The network node of claims 18 or 19, wherein the UP key set identifier is sequentially incremented or decremented with respect to a previously generated UP key set identifier associated with the UP resource of the RAN.
  24. The network node of claims 18 or 19, wherein the UP key set identifier comprises an index to a set of randomly generated numbers, and wherein the set of UP cryptographic keys is generated in accordance with the randomly generated number associated with the index.
  25. The network node of claims 18, 19, 20, 21, 22, 23, or 24, wherein the CP message comprises a radio resource control (RRC) message.
  26. The network node of claims 18, 19, 20, 21, 22, 23, 24, or 25, wherein the UP resource of the RAN comprises one of: the UE, a data radio bearer (DRB) associated with the UE, a group of one or more DRBs associated with the UE, a protocol data unit (PDU) session associated with the UE, a group of one or more PDU sessions associated with the UE, a quality of service (QoS) flow associated with the UE, a group of one or more QoS flows associated with the UE, a packet flow associated with the UE, a group of one or more packet flows associated with the UE, or the UP entity of the RAN.
  27. The network node of claims 18, 19, 20, 21, 22, 23, 24, 25, or 26, wherein the set of UP cryptographic keys comprises one or both of: an integrity protection key or an encryption key.
  28. A network node in a radio access network (RAN) comprising:
    a non-transitory memory storage comprising instructions; and
    one or more processors in communication with the memory storage, wherein the one or more processors execute the instructions to:
    determine that a first data radio bearer (DRB) of a user equipment (UE) is anchored at a first user plane (UP) entity of the RAN, and based thereon,
    generate a first UP key set identifier associated with the first UP entity  of the RAN,
    send to the UE, a first control plane (CP) message including the first UP key set identifier and an identifier associated with the first DRB,
    generate a first set of UP cryptographic keys in accordance with the first UP key set identifier, and
    send to the first UP entity of the RAN, the first UP key set identifier, the first set of UP cryptographic keys and the identifier associated with the first DRB, wherein the first UP entity of the RAN cryptographically protects UP traffic conveyed over the first DRB using the first set of UP cryptographic keys.
  29. The network node of claim 28, wherein the one or more processors further execute the instructions to determine that a second DRB of the UE is anchored at a second UP entity of the RAN, and based thereon, generate a second UP key set identifier associated with the second UP entity of the RAN, send to the UE, a second CP message including the second UP key set identifier and an identifier associated with the second DRB, generate a second set of UP cryptographic keys in accordance with the second UP key set identifier, and send to the second UP entity of the RAN, the second UP key set identifier, the second set of UP cryptographic keys and the identifier associated with the second DRB, wherein the second UP entity of the RAN cryptographically protects UP traffic conveyed over the second DRB using the second set of UP cryptographic keys.
  30. The network node of claims 28 or 29, wherein the one or more processors further execute the instructions to determine that a third DRB of the UE is anchored at the first UP entity of the RAN, and based thereon, send to the UE, a third CP message including the first UP key set identifier and an identifier associated with the third DRB, and send to the first UP entity of the RAN, the first UP key set identifier and the identifier associated with the third DRB, wherein the first UP entity of the RAN cryptographically protects UP traffic conveyed over the third DRB using the first set of UP cryptographic keys.
  31. A network node in a radio access network (RAN) comprising:
    a non-transitory memory storage comprising instructions; and
    one or more processors in communication with the memory storage, wherein the one or more processors execute the instructions to:
    determine that a second network node of the RAN is a target for a handover of a user equipment (UE) ,
    send a network control plane (NCP) request message to the second network node, the NCP request message comprising a first set of UP resources of the RAN that are associated with the UE,
    receive an NCP response message from the second network node, the NCP response message comprising a second set of UP resources of the RAN that are to be associated with the UE and, for each UP resource in the second set of UP resources, a corresponding UP key set identifier, and
    send a control plane (CP) message to the UE, the CP message comprising the second set of UP resources and, for each UP resource in the second set of UP resources, the corresponding UP key set identifier.
  32. The network node of claim 31, wherein the NCP request message further comprises a corresponding UP key set identifier for each UP resource in the first set of UP resources.
  33. A user equipment (UE) in a radio access network (RAN) comprising:
    a non-transitory memory storage comprising instructions; and
    one or more processors in communication with the memory storage, wherein the one or more processors execute the instructions to:
    receive a control plane (CP) message, the CP message comprising identities of multiple user plane (UP) resources of the RAN and multiple UP key set identifiers with each UP resource associated with one of the UP key set identifiers;
    generate a set of UP cryptographic keys for each one of the UP key set identifiers in accordance with the UP key set identifier; and
    use the set of UP cryptographic keys corresponding to the UP key set identifier associated with a UP resource to cryptographically protect UP traffic conveyed over the UP resource.
  34. The UE of claim 33, wherein the CP message comprises a handover command and the UP resources comprise UP resources of the RAN associated with a handover target RAN node.
  35. A computer-implemented method for operating an access node, the computer-implemented method comprising:
    determining, by the access node, a user plane (UP) resource of the access node anchored at a UP entity of the access node to be associated with a set of UP cryptographic keys;
    generating, by the access node, a UP key value associated with the UP resource;
    sending, by the access node, to a user equipment (UE) , a control plane (CP) message including the UP key value;
    generating, by the access node, a local version of UP cryptographic keys in accordance with the UP key value; and
    sending, by the access node, to the UP entity of the access node, the local version of UP cryptographic keys.
  36. The computer-implemented method of claim 35, wherein the UP key value is a global number or counter maintained by the access node.
  37. The computer-implemented method of claims 35 or 36, wherein generating the local version of UP cryptographic keys comprises providing the UP key value and a security key associated with the access node to a key derivation function used to generate the local version of UP cryptographic keys.
  38. The computer-implemented method of claims 35 or 36, wherein the UP key value has one of a numerical value, or an alphanumeric value.
  39. The computer-implemented method of claims 35 or 36, wherein the UP key value is randomly generated, and wherein the UP key value is monotonically increasing or monotonically decreasing with respect to a previously generated UP key value associated with the UP resource of the access node anchored at the UP entity of the access node.
  40. The computer-implemented method of claims 35 or 36, wherein the UP key value is sequentially incremented or decremented with respect to a previously generated UP key value associated with the UP resource of the access node anchored at the UP entity of the access node.
  41. The computer-implemented method of claims 35 or 36, wherein the CP message further comprises an identifier of the UP resource of the access node anchored at the UP entity of the access node.
  42. The computer-implemented method of claims 35 or 36, wherein the CP message comprises a radio resource control connection reconfiguration (RRCConnectionReconfiguration) message.
  43. The computer-implemented method of claims 35 or 36, wherein the UP key value comprises an index to a randomly generated number, and wherein the local version of UP cryptographic keys is also generated in accordance with the randomly generated number.
  44. The computer-implemented method of claims 35 or 36, wherein the UP resource comprises one of a data radio bearer (DRB) , a protocol data unit (PDU) session, a UE, or a UP entity of the access node.
  45. The computer-implemented method of claims 35 or 36, wherein the local version of UP cryptographic keys comprises an integrity key associated with the UP resource of the access node and an encryption key associated with the UP resource of the access node.
  46. A computer-implemented method for operating a first access node, the computer-implemented method comprising:
    determining, by the first access node, that a data radio bearer (DRB) of a user equipment (UE) is anchored at a user plane (UP) entity of a second access node, and based thereon,
    generating, by the first access node, a UP key value associated with the DRB anchored at the UP entity of the second access node,
    sending, by the first access node, to the UE, a first CP message including the UP key value,
    generating, by the first access node, a first local version of UP cryptographic keys associated with the DRB anchored at the UP entity of the second access node, the generating in accordance with the UP key value, and
    sending, by the first access node, to the UP entity of the second access node, the first local version of UP cryptographic keys.
  47. The computer-implemented method of claim 46, further comprising determining, by the first access node, that no DRB is anchored at any UP entity of the second access node, and based thereon,
    sending, by the first access node, to the UE, a second CP message not including the UP key value,
    generating, by the first access node, a second local version of UP cryptographic keys without the UP key value, and
    sending, by the first access node, to UP entities of the second access node, the second local version of UP cryptographic keys.
  48. The computer-implemented method of claims 46 or 47, wherein generating the first local version of UP cryptographic keys comprises providing, by the first access node, the UP key value and a security key associated with the second access node to a key derivation function used to generate UP cryptographic keys.
  49. The computer-implemented method of claims 46 or 47, wherein the first access node comprises a source access node, and the second access node comprises a target access node.
  50. A computer-implemented method for operating a user equipment (UE) , the computer-implemented method comprising:
    determining, by the UE, that a control plane (CP) message includes a UP key value associated with a user plane (UP) resource of a first access node, and based thereon,
    generating, by the UE, first UP cryptographic keys associated with the UP resource in accordance with the UP key value and a security key associated with the first access node, and
    securing, by the UE, UP traffic with the first UP cryptographic keys prior to sending the UP traffic to the first access node.
  51. The computer-implemented method of claim 50, further comprising determining, by the UE, that the CP message does not include the UP key value, and based thereon,
    generating, by the UE, second UP cryptographic keys in accordance with the security key associated with the first access node, and
    securing, by the UE, UP traffic with the second UP cryptographic keys prior to sending the UP traffic to the first access node.
  52. The computer-implemented method of claims 50 or 51, wherein the UP key value is associated with a UP resource of a second access node, and wherein the UP key value is forwarded to the UE from the second access node through the first access node.
  53. The computer-implemented method of claim 52, further comprising:
    generating, by the UE, third UP cryptographic keys associated with the UP resource in the second access node in accordance with the UP key value and a security key associated with the second access node, and
    securing, by the UE, UP traffic with the third UP cryptographic keys prior to sending the UP traffic to the second access node.
  54. An access node comprising:
    a non-transitory memory storage comprising instructions; and
    one or more processors in communication with the memory storage, wherein the one or more processors execute the instructions to
    determine a user plane (UP) resource of the access node anchored at a UP entity of the access node to be associated with a set of UP cryptographic keys,
    generate a UP key value associated with the UP resource,
    send to a user equipment (UE) , a control plane (CP) message including the UP key value,
    generate a local version of UP cryptographic keys in accordance with the UP key value, and
    send to the UP entity of the access node, the local version of UP cryptographic keys.
  55. The access node of claim 54, wherein the UP key value is a global number or counter maintained by the access node.
  56. The access node of claims 54 or 55, wherein the one or more processors further execute the instructions to providing the UP key value and a security key associated with the access node to a key derivation function used to generate the local version of UP cryptographic keys.
  57. The access node of claims 54 or 55, wherein the UP key value is randomly generated, and wherein the UP key value is monotonically increasing or monotonically decreasing with respect to a previously generated UP key value associated with the UP resource of the access node anchored at the UP entity of the access node.
  58. The access node of claims 54 or 55, wherein the UP key value is sequentially incremented or decremented with respect to a previously generated UP key value associated with the UP resource of the access node anchored at the UP entity of the access node.
  59. The access node of claims 54 or 55, wherein the UP resource comprises one of a data radio bearer (DRB) , a protocol data unit (PDU) session, a UE, or a UP entity of the access node.
  60. A first access node comprising:
    a non-transitory memory storage comprising instructions; and
    one or more processors in communication with the memory storage, wherein the one or more processors execute the instructions to
    determine that a data radio bearer (DRB) of a user equipment (UE) is anchored at a user plane (UP) entity of a second access node, and based thereon,
    generate a UP key value associated with the DRB anchored at the UP entity of the second access node,
    send to the UE, a first CP message including the UP key value,
    generate a first local version of UP cryptographic keys associated with the DRB anchored at the UP entity of the second access node in accordance with the UP key value, and
    send to the UP entity of the second access node, the first local version of UP cryptographic keys.
  61. The first access node of claim 60, wherein the one or more processors further execute the instructions to determine that no DRB is anchored at any UP entity of the second access node, and based thereon, send to the UE, a second CP message not including the UP key  value, generate a second local version of UP cryptographic keys without the UP key value, and send to UP entities of the second access node, the second local version of UP cryptographic keys.
  62. The first access node of claims 60 or 61, wherein the one or more processors further execute the instructions to provide the UP key value and a security key associated with the second access node to a key derivation function used to generate UP cryptographic keys.
  63. The first access node of claims 60 or 61, wherein the first access node comprises a source access node, and the second access node comprises a target access node.
  64. A user equipment (UE) comprising:
    a non-transitory memory storage comprising instructions; and
    one or more processors in communication with the memory storage, wherein the one or more processors execute the instructions to
    determine that a control plane (CP) message includes a UP key value associated with a user plane (UP) resource of a first access node, and based thereon,
    generate first UP cryptographic keys associated with the UP resource in accordance with the UP key value and a security key associated with the first access node, and
    secure UP traffic with the first UP cryptographic keys prior to sending the UP traffic to the first access node.
  65. The UE of claim 64, wherein the one or more processors further execute the instructions to determine that the CP message does not include the UP key value, and based thereon, generate second UP cryptographic keys in accordance with the security key associated with the first access node, and secure UP traffic with the second UP cryptographic keys prior to sending the UP traffic to the first access node.
  66. The UE of claims 64 or 65, wherein the UP key value is associated with a UP resource of a second access node, and wherein the UP key value is forwarded to the UE from the second access node through the first access node.
  67. The UE of claim 66, wherein the one or more processors further execute the instructions to generate third UP cryptographic keys associated with the UP resource in the second access node in accordance with the UP key value and a security key associated with the second access node, and secure UP traffic with the third UP cryptographic keys prior to sending the UP traffic to the second access node.
PCT/CN2019/075142 2018-02-15 2019-02-15 System and method for providing security in a wireless communications system with user plane separation WO2019158117A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201862631238P 2018-02-15 2018-02-15
US62/631,238 2018-02-15
US201962796979P 2019-01-25 2019-01-25
US62/796,979 2019-01-25

Publications (1)

Publication Number Publication Date
WO2019158117A1 true WO2019158117A1 (en) 2019-08-22

Family

ID=67620209

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/075142 WO2019158117A1 (en) 2018-02-15 2019-02-15 System and method for providing security in a wireless communications system with user plane separation

Country Status (1)

Country Link
WO (1) WO2019158117A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200145819A1 (en) * 2018-11-01 2020-05-07 Nokia Technologies Oy Security management in disaggregated base station in communication system
CN112543450A (en) * 2019-09-23 2021-03-23 大唐移动通信设备有限公司 Key derivation method and device
CN114079986A (en) * 2020-08-18 2022-02-22 华为技术有限公司 Mobility management method and device
WO2022069759A1 (en) * 2020-10-02 2022-04-07 Telefonaktiebolaget Lm Ericsson (Publ) Radio access network security

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101072092A (en) * 2006-05-11 2007-11-14 华为技术有限公司 Method for realizing control plane and user plane key synchronization
CN101257723A (en) * 2008-04-08 2008-09-03 中兴通讯股份有限公司 Method, apparatus and system for generating cipher key
EP3163923A1 (en) * 2014-03-18 2017-05-03 Huawei Technologies Co., Ltd. Key generation method, master enodeb, secondary enodeb and user equipment
US20170222981A1 (en) * 2016-01-28 2017-08-03 Cisco Technology, Inc. Key distribution in a distributed network environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101072092A (en) * 2006-05-11 2007-11-14 华为技术有限公司 Method for realizing control plane and user plane key synchronization
CN101257723A (en) * 2008-04-08 2008-09-03 中兴通讯股份有限公司 Method, apparatus and system for generating cipher key
EP3163923A1 (en) * 2014-03-18 2017-05-03 Huawei Technologies Co., Ltd. Key generation method, master enodeb, secondary enodeb and user equipment
US20170222981A1 (en) * 2016-01-28 2017-08-03 Cisco Technology, Inc. Key distribution in a distributed network environment

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200145819A1 (en) * 2018-11-01 2020-05-07 Nokia Technologies Oy Security management in disaggregated base station in communication system
US11057766B2 (en) * 2018-11-01 2021-07-06 Nokia Technologies Oy Security management in disaggregated base station in communication system
CN112543450A (en) * 2019-09-23 2021-03-23 大唐移动通信设备有限公司 Key derivation method and device
CN114079986A (en) * 2020-08-18 2022-02-22 华为技术有限公司 Mobility management method and device
CN114079986B (en) * 2020-08-18 2024-04-09 华为技术有限公司 Mobility management method and device
WO2022069759A1 (en) * 2020-10-02 2022-04-07 Telefonaktiebolaget Lm Ericsson (Publ) Radio access network security

Similar Documents

Publication Publication Date Title
TWI822826B (en) Downlink data transmission in rrc inactive mode
JP7174763B2 (en) Establishing a cellular unicast link for vehicle-to-vehicle (V2V) communication
CN111052781B (en) Method and apparatus for negotiating security and integrity algorithms
EP3485699B1 (en) Layer 2 relay to support coverage and resource-constrained devices in wireless networks
CN109246697B (en) Base station, user equipment and execution method thereof
CN106134272B (en) Communication method, network device, user equipment and communication system
KR20230078676A (en) Establishing a secure communication link for relaying between UEs
US11856396B2 (en) System and method for security activation with session granularity
AU2018202590A1 (en) Apparatus, system and method of securing communications of a user equipment (ue) in a wireless local area network
CN115280817A (en) Secure communication of broadcast information related to cell access
WO2013075602A1 (en) Method, base station and user equipment for achieving carrier aggregation
US10812973B2 (en) System and method for communicating with provisioned security protection
WO2019158117A1 (en) System and method for providing security in a wireless communications system with user plane separation
EP3695636B1 (en) Method and apparatus for changing pdcp version
CN115428494B (en) Peer link security settings for relay connections to mobile networks
WO2020056433A2 (en) SECURE COMMUNICATION OF RADIO RESOURCE CONTROL (RRC) REQUEST OVER SIGNAL RADIO BEARER ZERO (SRBo)
WO2022252867A1 (en) Communication method and communication apparatus
EP4073996B1 (en) User equipment, network node and methods in a wireless communications network
CN103313393A (en) Method and apparatus for performing direct communication
US10911942B2 (en) Method and device for transmitting/receiving data using WLAN carrier
CN107925874B (en) Ultra-dense network security architecture and method
CN114930887B (en) A key management method and communication device
WO2025065972A1 (en) Method and apparatus for communication
WO2025065975A1 (en) Method and apparatus for communication
WO2025065970A1 (en) Method and apparatus for communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19753607

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19753607

Country of ref document: EP

Kind code of ref document: A1