A content transport security system includes a computing platform having processing hardware and a memory storing software code and a database including one or more business rule(s). The processing hardware executes the software code to intercept a content file including a content asset, during a file transfer of the content file between a client device and a destination device, determine an authorization status of the destination device, and decrypt the content file, using a decryption key corresponding to an encryption key available to the client device. The processing hardware further executes the software code to search the content asset for a forensic identifier, assign a classification to the file transfer, based on the authorization status and a result of the searching, the classification being one of allowable, forbidden, or suspicious, and allow or block the file transfer to the destination device, based on the classification and the business rule(s).

Provided is a terminal apparatus, wherein based on detection of a request, for a PDCP SDU received from an upper layer, the terminal apparatus performs header compression of the PDCP SDU by using second header compression processing, performing ciphering by using a second ciphering algorithm, a second ciphering key, and a COUNT value, performs integrity protection of the PDCP SDU by using a second integrity protection algorithm, a second integrity protection key, and the COUNT value, and submits a PDCP PDU created, to the second RLC entity.

A network node operates a Session Management Function (SMF) in a control plane of a core network of a wireless network. The network node authenticates a User Equipment (UE) with an Extensible Authentication Protocol (EAP) server in a secondary authentication process that uses the SMF as an EAP authenticator. The EAP server is outside of the core network and the UE is separately authenticated with a further network node in the control plane of the core network via a primary authentication process. Authenticating the UE in the secondary authentication process comprises exchanging EAP messages between the SMF and the UE and between the SMF and the EAP server. The SMF authorizes a data session between the UE and the external network through a user plane of the core network based on the UE having successfully authenticated via both the primary authentication process and the secondary authentication process.

A method for use in a wireless transmit/receive unit (WTRU) for configuring a privacy protocol stack profile, including private addresses for the WTRU is described herein. For example, the WTRU may determine if it is in an unknown location and may set a profile of the WTRU to public network, and may set the MAC and IP addresses and other protocol identifiers to random, opaque and non-persistent. The method also includes receiving information about neighboring networks, which may then be used to determine profile options based on context of the neighboring networks. Available profile options based on the determination may be displayed and selected via a user input. Each layer of a protocol stack may be then instructed to use privacy and security settings based on the selected profile, which may include anonymous or random dynamic host configuration protocol (DHCP) parameters.

A method and apparatus for identifying similar and coordinated communications between computers connected by a network are described. Communications between a plurality of pairs of computers are monitored to obtain respective flow metrics for a first and second pair of computers. The flow metric represents at least one property of the data flow between the pair of computers. Representations of the evolution of the data flows between the pairs of computers are updated using the flow metrics. The representations of the evolution of the data flows are compared to determine the similarity of the data flows between the pairs of computers. The first pair of computers and the second pair of computers are identified as exhibiting similar and coordinated communication if their data flows are determined to be similar.

Methods, systems, and devices for wireless communications are described. A base station may transmit, to a user equipment (UE), a control message that includes an identification of a set of protection levels corresponding to different degrees of physical layer security for securing communications between the UE and the base station. The base station may transmit, to the UE, an indication of an identified protection level of the set of protection levels to be used by the UE for securing the communications between the UE and the base station. The UE may communicate with the base station in accordance with the identified protection level.

Apparatus, methods, and computer program products for disaggregated UE are provided. An example method includes establishing, with a second UE, a connection session based on a configuration profile, the configuration profile including a mapping of an upper-layer protocol to a lower-layer protocol, one or more security policies, and a routing for one or more services associated with the second UE to a protocol stack. The example method further includes managing a connection between the second UE and a third device via the connection session.

Methods, systems and computer readable media for protecting networks and devices from network security attack using physical communication layer characteristics are described.

An approach for detecting anomalous flows in a network using header field entropy. This can be useful in detecting anomalous or malicious traffic that may attempt to “hide” or inject itself into legitimate flows. A malicious endpoint might attempt to send a control message in underutilized header fields or might try to inject illegitimate data into a legitimate flow. These illegitimate flows will likely demonstrate header field entropy that is higher than legitimate flows. Detecting anomalous flows using header field entropy can help detect malicious endpoints.

Methods and devices establish a secure network link between an encryption-capable port and an encryption-incapable port in an access-controlled network domain. A processing unit of a network device configures the network device to secure a network link between an encryption-incapable port of the network device and a port of a peer network device using security association keys (“SAKs”) of a security association (“SA”) exchanged between the network device and the peer network device according to a key exchange protocol. A processing unit further configures reserving an encryption-capable port to process packets in a circular forwarding mode. A processing unit further configures a PHY of the network device to perform one of encryption or decryption over each of a first secure channel (“SC”) and a second SC using the SAKs. A processing unit further configures redirection of packets received over the SA to the reserved encryption-capable port.