Protection for wireless devices against false access-point attacks
First Claim
1. In a wireless communications network, a method of selectively associating an access point (AP) by a mobile client (MC), the method comprising the steps of:
- a) forming a request message including two protected indicators, a first of which uniquely identifies an AP and a second of which uniquely identifies the MC;
b) transmitting the request message into the wireless communication network;
c) receiving the request message at the AP and determining whether the MC is a valid MC according to the two protected indicators;
d) forming, responsive to the MC being a valid MC, a response message including another two protected indicators that uniquely identify the AP and MC, respectively;
e) transmitting the response message into the wireless communication network;
f) receiving the response message at the MC and determining whether the AP is a valid AP according to the another two protected indicators; and
g) causing the MC to be associated with the AP responsive to the AP being a valid AP.
8 Assignments
0 Petitions
Accused Products
Abstract
Mechanisms and methods for providing a mobile/wireless device with protection against false access-point/base-station attacks using MAC address protection are presented. The mobile/wireless device known as mobile client (MC) gains access to wireless network by discovering and selectively associating with an access point (AP). The MAC addresses of both the AP and the MC are protected during all communications between the AP and MC during the discovery phase. This protection mitigates MAC address spoofing type attacks on both the AP and the MC.
-
Citations
33 Claims
-
1. In a wireless communications network, a method of selectively associating an access point (AP) by a mobile client (MC), the method comprising the steps of:
-
a) forming a request message including two protected indicators, a first of which uniquely identifies an AP and a second of which uniquely identifies the MC;
b) transmitting the request message into the wireless communication network;
c) receiving the request message at the AP and determining whether the MC is a valid MC according to the two protected indicators;
d) forming, responsive to the MC being a valid MC, a response message including another two protected indicators that uniquely identify the AP and MC, respectively;
e) transmitting the response message into the wireless communication network;
f) receiving the response message at the MC and determining whether the AP is a valid AP according to the another two protected indicators; and
g) causing the MC to be associated with the AP responsive to the AP being a valid AP. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
13. The method as defined 5 wherein the protected indicators for the probe response message are respective encrypted MAC addresses of AP and MC that have been first mixed with a second random number.
-
27. In a wireless communications network, a system for selectively associating an access point (AP) by a mobile client (MC), the system comprising:
-
a) means for forming a request message including two protected indicators, a first of which uniquely identifies an AP and a second of which uniquely identifies the MC;
b) means for transmitting the request message into the wireless communication network;
c) means for receiving the request message at the AP and determining whether the MC is a valid MC according to the two protected indicators;
d) means for forming, responsive to the MC being a valid MC, a response message including another two protected indicators that uniquely identify the AP and MC, respectively;
e) means for transmitting the response message into the wireless communication network;
f) means for receiving the response message at the MC and determining whether the AP is a valid AP according to the another two protected indicators; and
g) means for causing the MC to be associated with the AP responsive to the AP being a valid AP. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
Specification