Method to secure 802.11 traffic against MAC address spoofing
First Claim
1. A method to protect a network from MAC address spoofing, comprising:
- receiving a request to associate with the network, the request having a MAC address;
receiving a user identity associated with the MAC address;
verifying the MAC address does not already have an associated user identity in a database; and
storing the association of the MAC address with the user identity in the database.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for protecting a wireless network against spoofed MAC address attacks. A database is used for storing MAC address and user identity bindings. When a new request to access the network is received, the MAC address and user identity of the request is compared to the stored MAC address and user identity bindings. If a new request has an existing MAC address, but not the corresponding user identity, then the request will be denied. The bindings database contains the MAC Address, User identity bindings for wireless nodes and/or, for wired nodes. The MAC address, User identity bindings contained in the bindings database may be automatically learned or statically configured.
-
Citations
19 Claims
-
1. A method to protect a network from MAC address spoofing, comprising:
-
receiving a request to associate with the network, the request having a MAC address;
receiving a user identity associated with the MAC address;
verifying the MAC address does not already have an associated user identity in a database; and
storing the association of the MAC address with the user identity in the database. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer readable medium of instructions, comprising:
-
means for receiving a MAC address associated with a request for access;
means for receiving a user identity associated with request for access; and
means for accessing a database;
wherein the means for accessing a database responsive to the means for receiving a MAC address and means for receiving a user identity to verifying the MAC address does not already have an associated user identity in a database; and
wherein the means for accessing a database is responsive for storing the association of the MAC address with the user identity in the database. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A network, comprising:
-
an authentication entity;
a database communicatively coupled to the authentication entity;
a first access point with a wireless transceiver for communicating with a wireless client;
a second access point with a wireless transceiver for communicating with the wireless client; and
a network backbone coupled to the first access point, the second and the authentication entity, enabling the first access point, second access point and authentication entity to communicate with each other;
wherein the first access point is configured to receive a message from the client via the wireless transceiver to access the network, the message having an associated MAC address and an associated user identity; and
wherein the authentication entity is configured to receive the request from the first access point, and upon verifying there is no entry for the MAC address in the database, updating the database by adding a new record into the database, the new record comprising the MAC address and the user identification. - View Dependent Claims (16, 17, 18, 19)
-
Specification