In communications networks, there is always a challenge to obtain good performance and capacity for a given communications protocol, its parameters and the physical environment in which the communications network is deployed.
Proximity services (hereinafter ProSe) have recently been made available in communications networks. In general terms, proximity services are services that can be provided by some 3rd Generation Partnership Project (3GPP) communications networks based on wireless devices (hereinafter WDs) being in proximity to each other. One of these services is ProSe Discovery. The ProSe service is described in 3GPP TS 22.278 ‘Technical Specification Group Services and System Aspects; Service requirements for the Evolved Packet System (EPS) (Release 12)’—V12.4.0, Section: 7A.0A.1 and 3GPP TS 23.303 ‘Technical Specification Group Services and System Aspects; Proximity based Services; Stage 2 (Release 12)’—V0.2.1, Sections: 4.2, 5.3.2, 5.3.3.
ProSe Discovery identifies that ProSe-enabled WDs are in proximity of each other, using Evolved Universal Terrestrial Radio Access (E-UTRA), with or without the Evolved Universal Terrestrial Radio Access Network (E-UTRAN), or the Evolved Packet Core (EPC) network when permission, authorisation and proximity criteria are fulfilled. The proximity criteria can be configured by the operator.
In general terms, the ProSe Function comprises three main sub-functions that perform different roles depending on the ProSe feature. The Direct Discovery Name Management Function is one of the sub-functions.
The Direct Discovery Name Management Function is used for open Prose Direct Discovery to allocate and process the mapping of ProSe Applications identities or identifiers and ProSe Application Codes used in ProSe Direct Discovery. It uses ProSe related subscriber data stored in the Home Subscriber Server (HSS) for authorisation for each discovery request. It also provides the WD with the necessary security material in order to protect discovery messages transmitted over the air.
In order to perform device to device ProSe a Discoverer WD transmits information (such as a direct discovery request message) about other WDs that it would like to receive responses from. This approach may be regarded as querying “who is there/are you there”. For example the transmitted information may be about a ProSe Application Identifier corresponding to a group and the members of the same group who listen and are interested in the same application (the ProSe Application Identifier) may respond to the Discoverer WD who then for example can start communication with the Group member(s), and so on.
When a Discoveree WD listens to Direct Discovery Request messages (e.g., on broadcast channels) and discovers a code or an identifier that the Discoveree WD is interested in, then the Discoveree WD replies by announcing a Direct Discovery Response message.
However, when the Discoverer WD receives the Direct Discovery Response message, it is today not possible for the Discoverer WD to be able to determine whether the responding WD is a genuine WD, i.e., a WD authorized to respond to the Direct Discovery request message or not. It could happen that a false Discoveree WD could fool the Discoverer WD that the false Discoveree WD is a genuine Discoveree WD which is currently located in proximity of the Discoverer WD. Also replay attacks where, for example, a false Discoveree WD is replaying genuine Direct Discovery response messages may occur. Such issues are not described in 3GPP TR 33.833 ‘Technical Specification Group Services and System Aspects Study on security issues to support Proximity Services (Release 12)’—V0.4.0, section 6.2.5.
Hence, there is a need for secure device to device discovery.