Techniques for applying context-based security over interfaces in O-RAN environments in mobile networks are disclosed. In some embodiments, a system/process/computer program product for applying context-based security over interfaces in O-RAN environments in mobile networks includes monitoring network traffic on a mobile network at a security platform to identify a GTP-U tunnel session setup message associated with a new session; extracting a plurality of parameters from the GTP-U tunnel session setup message and from F1AP traffic to extract contextual information at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to apply context-based security to the network traffic transported between O-RAN Distributed Unit (O-DU) and O-RAN Centralized Unit Control Plane (O-CU-CP) nodes in an O-RAN environment in the mobile network.

Techniques for applying context-based security over interfaces in O-RAN environments in mobile networks are disclosed. In some embodiments, a system/process/computer program product for applying context-based security over interfaces in O-RAN environments in mobile networks includes monitoring network traffic on a mobile network at a security platform to identify a GTP-U tunnel session setup message associated with a new session; extracting a plurality of parameters from the GTP-U tunnel session setup message and from F1AP traffic to extract contextual information at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to apply context-based security to the network traffic transported between O-RAN Distributed Unit (O-DU) and O-RAN Centralized Unit Control Plane (O-CU-CP) nodes in an O-RAN environment in the mobile network.

A method includes establishing a multi-link security association between a transmitter upper Media Access Control (MAC) logic entity of a transmitter and a receiver upper MAC logic entity of a receiver. The transmitter includes one or more transmitter links. The receiver includes one or more receiver links.

The disclosure provides methods, apparatus, and products for evaluating trustworthiness of GNSS-based location estimates. In one aspect, a method comprises obtaining observation information corresponding to one or more access points observed by a computing device during a time period; obtaining a GNSS-based location estimate indicating an estimated location of the computing device during at least a portion of the time period; determining an access points count corresponding to a number of the one or more observed access points that satisfy a distance criteria relative to the GNSS-based location estimate; comparing the determined access point count to a pre-defined threshold access points count; and based on results of the comparison, providing, by the processor, an indication of whether or not the GNSS-based location estimate is trustworthy. The method may be performed by one or more processors in a cloud-based computing system in response to an API call from the computing device.

A method for executing a security negotiation for a network configuration at a network device, includes obtaining, by the network device, a security update information from a communication device being assigned to a first security segment. The first security segment is associated with a first segment security profile. The security update information is indicative of at least one change in a first security profile of the communication device. The method further includes determining, by the network device, a second security segment for the communication device based on the security update information. An instruction is provided by the network device to the communication device to join the determined second security segment.

A secure communication method and a secure communications apparatus related to the field of communications technologies and applied to a terminal. The terminal has a first security context and a second security context, the first security context is used by the terminal to communicate with a first network, the second security context is used by the terminal to communicate with a second network, and the first security context and the second security context include different first information.

A secure communication method and a secure communications apparatus related to the field of communications technologies and applied to a terminal. The terminal has a first security context and a second security context, the first security context is used by the terminal to communicate with a first network, the second security context is used by the terminal to communicate with a second network, and the first security context and the second security context include different first information.

Methods, apparatuses, systems, and non-transitory computer-readable medium are disclosed relating to abnormal transmission identification. One method comprises, at a receiving device, receiving a V2X message from a transmitting device. The method further comprises determining a signal propagation context for the receiving device and obtaining an RSSI value and a distance value for the V2X message. The method further comprises generating an adjusted RSSI value based on (1) the RSSI value and (2) the signal propagation context for the receiving device. The method further comprises obtaining a predetermined RSSI-to-distance relationship model and comparing an adjusted RSSI-to-distance data pair, comprising the adjusted RSSI value and the distance value, to the predetermined RSSI-to-distance relationship model. The method further comprises, in response to determining that the adjusted RSSI-to-distance data pair fails a criterion for conforming to the predetermined RSSI-to-distance relationship model, identifying the V2X message as an abnormal transmission.

Apparatuses, methods, and systems are disclosed for selecting a non-3GPP access network. One apparatus includes a memory coupled to a processor configured to cause the apparatus to generate a list indicating a set of PLMNs and a respective trusted connectivity type associated with each PLMN of the set of PLMNs, select a PLMN from the set of PLMNs, select a trusted connectivity type associated with the selected PLMN, and select a non-3GPP access network from a set of non-3GPP access networks based on the non-3GPP access network supporting the selected trusted connectivity type associated with the selected PLMN and a priority of the non-3GPP access network. Additionally, the processor causes the apparatus to perform a connection procedure with the selected PLMN using the selected trusted connectivity type and via the selected non-3GPP access network.

Systems and methods enable the provisioning of security as a service for network slices. A network device stores definitions of multiple security assurance levels for network slices based on security parameters of assets used in the network slices. The network device stores multiple network slice templates, wherein the multiple network slice templates have different security assurance levels, of the multiple security assurance levels, for a Network Service Descriptor (NSD). The network device receives a request for a network slice with a requested security assurance level, of the multiple security assurance levels, for the NSD, and deploys the network slice using one of the network slice templates that has a security assurance level that corresponds to the requested security assurance level. The network device monitors the security parameters of the assets of the network slice for changes to the security assurance level of the deployed network slice.