Apparatus, method and computer program product providing unified reactive and proactive handovers

Abstract

Apparatus, methods and computer program products incorporate improvements that provide enhanced security during handovers in a cellular wireless communications network. In one aspect, user equipment performs additional operations during handover to improve security. During such operations, user equipment begins key generation based on a predicted target base station before it is notified of the handover decision. User equipment also signs certain communications generated during handover operations to prevent hijacked base stations from generating false location updates. Separate keys are used to authenticate communications made by base stations during handover proceedings defeating, for example, logical theft of service attacks since a target base station's signature and encrypted content is required to be sent to the user equipment before the user equipment can switch to the target base station. In other aspects, user equipment assigns location updates sequence numbers and the active gateway keeps track of them defeating attacks based on replay of intercepted location update messages.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

In the attached Drawing Figures:

FIG. 1 shows a simplified block diagram of various electronic devices that are suitable for use in practicing the exemplary embodiments of this invention;

FIG. 2 shows the relative orientation of FIG. 2A to FIG. 2B, which together depict a first exemplary embodiment of an inter-radio access handoff security as example of the utility of the exemplary embodiments of this invention. FIGS. 2A and 2B are connected via the circular connectors designated as A, B, C and D;

FIG. 3 shows the relative orientation of FIG. 3A to FIG. 3B, which together depict a second exemplary embodiment of an inter-radio access handoff security as a further example of the utility of the exemplary embodiments of this invention. FIGS. 3A and 3B are also connected via the circular connectors designated as A, B, C and D;

FIG. 4 is a flowchart depicting a method performed by user equipment during an HO implemented in accordance with an exemplary embodiment of the invention;

FIG. 5 is a flowchart depicting a method performed by a target base station during an HO implemented in accordance with an exemplary embodiment of the invention;

FIG. 6 is a flowchart depicting a method performed by user equipment during an HO implemented in accordance with an exemplary embodiment of the invention; and

FIG. 7 is a flowchart depicting a method performed by user equipment during an HO implemented in accordance with an exemplary embodiment of the invention.

Claims

1. A user equipment comprising: a transceiver configured for bidirectional communication in a wireless telecommunications network; anduser equipment control apparatus configured to perform handoff-related measurements using the transceiver; to select at least one handoff candidate from available base stations in dependence on the handoff-related measurements; and to begin generation of at least one security key for use in communication with the at least one handoff candidate if the at least one handoff candidate is selected to receive the handoff, the security key generation beginning prior to receipt of a message by the user equipment identifying the base station selected by the network to receive the handoff.

2. The user equipment of claim 1 wherein the at least one handoff candidate is different from the base station selected by the network to receive the handoff.

3. The user equipment of claim 2 wherein the user equipment is further configured to generate a different security key for use in communications with the base station selected by the network to receive the handoff.

4. The user equipment of claim 1 wherein the user equipment control apparatus is further configured to generate a measurement report; and to cause the transceiver to transmit the measurement report to a source base station.

5. The user equipment of claim 4 wherein the user equipment control apparatus is further configured to include information identifying the handoff candidate in the measurement report.

6. The user equipment of claim 4 wherein the user equipment control apparatus is further configured to receive a nonce and to include the nonce in the measurement report.

7. The user equipment of claim 4 wherein the user equipment control apparatus is further configured to sign and encrypt the measurement report with a session-specific security key shared only with the source base station.

8. The user equipment of claim 1 wherein when generating at least one security key the user equipment control apparatus is further configured to derive a secret key based on a root key and identity of the at least one handoff candidate.

9. The user equipment of claim 8 wherein the user equipment control apparatus is further configured to derive keys to be used to sign and to encrypt communications, wherein the keys for signing and for encryption are derived from the secret key for use in communicating with the handoff candidate; identity of the source base station; a nonce generated by the user equipment; a nonce generated by the network; and a temporary identification assigned to the user equipment.

10. The user equipment of claim 4 wherein the user equipment control apparatus is further configured to access a handover command message received by the transceiver from a source base station, wherein the handover command message identifies a target base station to which the handoff will be made.

11. The user equipment of claim 10 wherein the user equipment control apparatus is further configured to verify a source base station signature used to sign the handover command message.

12. The user equipment of claim 10 where the handover command message is signed and encrypted with a session-specific security key shared only between the user equipment and the source base station, and wherein the user equipment control apparatus is further configured to verify and decrypt the handover command message with the session specific security key.

13. The user equipment of claim 10 wherein the handover command message comprises content generated by the target base station to which the handoff will be made, the content generated by the target base station signed by the target base station with a session—specific security key shared only between the user equipment and the target base station.

14. The user equipment of claim 13 where the signed content comprises anew C-RNTI and CTXID, and wherein the user equipment control apparatus is further configured to verify the content with the key shared with the target base station.

15. The user equipment as in claim 13 wherein the user equipment control apparatus is further configured to determine whether the content contained in the handover command message generated by the target base station is signed with the correct security key and to complete the handoff only if it is determined that the content generated by the target base station is signed with the correct security key.

16. The user equipment of claim 10 wherein the user equipment is further configured to generate a handover confirmation message containing a sequence number to be used by the wireless telecommunications network to track location update messages; and to cause the transceiver to transmit the handover confirmation message to the target base station selected to receive the handoff.

17. The user equipment of 10 wherein the user equipment is further configured to generate a handover confirmation message containing content signed with a security key shared only between the wireless telecommunications network and the user equipment, and to cause the transceiver to transmit the handover confirmation message to the target base station selected to receive the handoff.

18. A base station comprising: a transceiver configured for bidirectional communication in a wireless telecommunications network; andbase station control apparatus configured to operate the base station as a source base station during handoff operations; and to add context identification information to handoff-related messages when operating as a source base station, the context identification information identifying a context for a handoff involving a user equipment.

19. The base station of claim 18 wherein the base station control apparatus is further configured to access a measurement report message received by the transceiver from the user equipment; and to select a target base station to receive a handoff based on the measurement report.

20. The base station of claim 19 where the measurement report message is signed and encrypted with a session-specific security key shared only between the user equipment and the source base station, and wherein the base station control apparatus is further configured to verify the signature of and decrypt the measurement report message.

21. The base station of claim 19 wherein the base station control apparatus is further configured to generate a context data message containing the context identification information; and to cause the base station to transmit the context data message to the selected target base station.

22. The base station of claim 21 where the base station control apparatus is further configured to sign the context data message with a UE-specific security key shared among base stations listed in the user equipment secret key cryptography.

23. The base station of claim 21 where the base station control apparatus is further configured to encrypt content contained in the context data message with a UE-specific security key shared among base stations listed in the user equipment secret key cryptography.

24. The base station of claim 23 where the context identification information is encrypted with the UE-specific security key.

25. The base station of claim 21 wherein the base station control apparatus is further configured to access a context confirmation message received from the selected target base station, the context confirmation message containing content signed with a security key shared only by the user equipment and the target base station.

26. The base station of claim 25 wherein the content signed with a security key shared only by the user equipment and the target base station comprises at least new context identification information identifying the context between the user equipment and the target base station.

27. The base station of claim 26 wherein the base station is further configured to send a handover command message to the user equipment, the handover command message containing at least an identification of the target base station selected to receive the handoff and the content received from the selected target base station, the content signed with a security key shared only by the user equipment and the target base station.

28. The base station of claim 27 where the base station control apparatus is further configured to access a handover completed message received by the transceiver.

29. A base station comprising: a transceiver configured for bidirectional communication in a wireless telecommunications network; andbase station control apparatus coupled to the transceiver, the base station control apparatus configured to operate the base station as a target base station during handoff operations involving user equipment; to identify context identification information in handoff-related messages received from source base stations; to determine whether the base station has received context for a handoff using the context identification information; and if context for a handoff has not been received, to use the context identification information to request the context from a source base station.

30. The base station of claim 29 wherein the base station control apparatus is further configured to generate a context confirmation message, the context confirmation message comprising context identification information identifying a new context for the base station, the context identification information to be used in subsequent handoffs; and to cause the base station to transmit the context confirmation message to the source base station.

31. The base station of claim 30 wherein the base station is further configured to sign context identification information contained in the context confirmation message with a security key shared only by the base station and the user equipment.

32. The base station of claim 30 wherein the base station control apparatus is further configured to access a handover confirmation message received by the base station from the user equipment, the handover confirmation message comprising content signed with a security key shared only by the user equipment and the wireless communications network.

33. The base station of claim 32 wherein the base station control apparatus is further configured to cause the base station to transmit a path switch message to the wireless communications network, the patch switch message containing the content from the handover confirmation message signed with a security key shared only by the wireless communications network and the user equipment.

34. The base station of claim 33 wherein when the base station control apparatus is further configured to generate a handover completed message; and to cause the base station transmit the handover completed message to the superseded source base station.

35. A method comprising: at user equipment in a wireless communication system: predicting a candidate base station to receive a handoff from a source base station currently handling communications for the user equipment; andpre-calculating at least one security key to be used for communicating with the candidate base station if the candidate base station receives the handoff.

36. The method of claim 35 further comprising: at user equipment in the wireless communication system: generating a measurement report message containing a measurement list, a NonceUE, and the identity of the candidate base station;signing and encrypting the measurement report message with a security key shared only by the user equipment and the source base station; andtransmitting the measurement report message to the source base station.

37. The method of claim 36 further comprising: at a source base station in the wireless communication system: receiving the measurement report message;selecting, in dependence on data contained in the measurement report message, the target base station to receive the handoff;generating a context data message containing at least context identification information for the handoff;encrypting at least the context identification information portion of the context data message with a user-equipment-specific security key shared by the source and target base station; andtransmitting the context data message to the target base station.

38. The method of claim 37 further comprising: at the target base station in the wireless communication system: receiving the context data message; anddecrypting the context identification information portion of the context data message.

39. The method of claim 38 further comprising: at the target base station in the wireless communication system: in the case of a reactive handoff, using the context identification information decrypted from the context data message to request context information for the handoff from the source base station.

40. The method of claim 37 further comprising: at the user equipment: receiving a handover command message containing at least context identification information identifying a new context between the user equipment and the target base station;generating a handover confirmation message containing at least a sequence number identifying the handover confirmation message;signing at least a portion of the handover confirmation message with a security key shared only by the wireless communications network and the user equipment; andtransmitting the handover confirmation message to the target base station.

41. The method of claim 40 further comprising: at the target base station:receiving the handover confirmation message;generating a path switch message containing content received in the handover confirmation message from the user equipment, the content signed with a security key shared only by the wireless communications network and the user equipment; andtransmitting the path switch message to the wireless communications network.

42. A computer program product comprising a computer readable memory medium storing a computer program configured to be executed by digital processing apparatus of user equipment operative in a wireless telecommunications network, wherein when the computer program is executed operations are performed, the operations comprising: predicting a candidate base station to receive a handoff from a source base station currently handling communications for the user equipment; and pre-calculating at least one security key to be used for communicating with the candidate base station if the candidate base station receives the handoff.

43. An integrated circuit for use in a base station operative in a wireless communications network, the integrated circuit comprising circuitry configured to operate the base station as a source base station during handoff-related operations; to access a measurement report message received by the base station from user equipment; to select, in dependence on data contained in the measurement report message, a target base station to receive a handoff involving the user equipment; to generate a context data message containing at least context identification information for the handoff; to encrypt at least the context identification information portion of the context data message with a user-equipment-specific security key shared by the source and target base station; and to cause the base station to transmit the context data message to the target base station.