Protection for wireless devices against false access-point attacks

US 20060274643A1
Filed: 06/03/2005
Published: 12/07/2006
Est. Priority Date: 06/03/2005
Status: Active Grant

First Claim

Patent Images

1. In a wireless communications network, a method of selectively associating an access point (AP) by a mobile client (MC), the method comprising the steps of:

a) forming a request message including two protected indicators, a first of which uniquely identifies an AP and a second of which uniquely identifies the MC;

b) transmitting the request message into the wireless communication network;

c) receiving the request message at the AP and determining whether the MC is a valid MC according to the two protected indicators;

d) forming, responsive to the MC being a valid MC, a response message including another two protected indicators that uniquely identify the AP and MC, respectively;

e) transmitting the response message into the wireless communication network;

f) receiving the response message at the MC and determining whether the AP is a valid AP according to the another two protected indicators; and

g) causing the MC to be associated with the AP responsive to the AP being a valid AP.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms and methods for providing a mobile/wireless device with protection against false access-point/base-station attacks using MAC address protection are presented. The mobile/wireless device known as mobile client (MC) gains access to wireless network by discovering and selectively associating with an access point (AP). The MAC addresses of both the AP and the MC are protected during all communications between the AP and MC during the discovery phase. This protection mitigates MAC address spoofing type attacks on both the AP and the MC.

80 Citations

View as Search Results

33 Claims

1. In a wireless communications network, a method of selectively associating an access point (AP) by a mobile client (MC), the method comprising the steps of:
- a) forming a request message including two protected indicators, a first of which uniquely identifies an AP and a second of which uniquely identifies the MC;
  
  b) transmitting the request message into the wireless communication network;
  
  c) receiving the request message at the AP and determining whether the MC is a valid MC according to the two protected indicators;
  
  d) forming, responsive to the MC being a valid MC, a response message including another two protected indicators that uniquely identify the AP and MC, respectively;
  
  e) transmitting the response message into the wireless communication network;
  
  f) receiving the response message at the MC and determining whether the AP is a valid AP according to the another two protected indicators; and
  
  g) causing the MC to be associated with the AP responsive to the AP being a valid AP.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method as defined in claim 1 wherein selective association is triggered in response to specific contexts.
  - 3. The method as defined in claim 2 wherein the specific contexts include location co-ordinates.
  - 4. The method as defined in claim 2 wherein the specific contexts include an application.
  - 5. The method as defined in claim 1 wherein the request and response messages are probe-request and probe-response messages respectively.
  - 6. The method as defined in claim 1 wherein the request and response messages are management messages.
  - 7. The method as defined in claim 1 wherein the request and response messages are association messages.
  - 8. The method as defined in claim 5 wherein the protected indicators for the probe request message are respective encrypted MAC addresses of AP and MC that have been first mixed with a random number.
  - 9. The method as defined in claim 1 wherein the MC repeats steps a) to f) for multiple APs and selects the AP which satisfies certain criteria.
  - 10. The method as defined in claim 9 wherein the certain criteria represents the strongest signal for association.
  - 11. The method as defined in claim 5 wherein the probe request message including the two protected indicators is encrypted using a shared key.
  - 12. The method as defined in claim 5 wherein the probe request message including the two protected indicators is encrypted using a public key.
  - 14. The method as defined in claim 12 wherein the first and second random numbers are different and based on unique parameters.
  - 15. The method as defined in claim 14 wherein the unique parameters include time, day and location values.
  - 16. The method as defined in claim 5 wherein an encryption algorithm is implemented to encrypt MAC addresses.
  - 17. The method as defined in claim 16 wherein the encryption algorithm is decided at configuration time.
  - 18. The method as defined in claim 5 wherein the AP creates a table binding the MAC address of the MC to the random number.
  - 19. The method as defined in claim 18 wherein the AP updates the table when the AP receives additional messages from the MC.
  - 20. The method as defined in claim 19 wherein the MAC address of the MC is dynamic.
  - 21. The method as defined in claim 19 wherein the AP provides the MC with a MAC address that is expected on reconnecting.
  - 22. The method as defined in claim 21 wherein the MAC address that is expected on reconnecting is communicated to the MC before the current session is terminated.
  - 23. The method as defined in claim 22 wherein the AP updates its table to reflect the change in MAC address.
  - 24. The method as defined in claim 1 wherein the wireless communications network is a Wireless Local Area Network (W-LAN).
  - 25. The method as defined in claim 1 wherein the wireless communications network is a WiMax network.
  - 26. The method as defined in claim 25 wherein the request and response messages are ranging messages.

13. The method as defined 5 wherein the protected indicators for the probe response message are respective encrypted MAC addresses of AP and MC that have been first mixed with a second random number.

27. In a wireless communications network, a system for selectively associating an access point (AP) by a mobile client (MC), the system comprising:
- a) means for forming a request message including two protected indicators, a first of which uniquely identifies an AP and a second of which uniquely identifies the MC;
  
  b) means for transmitting the request message into the wireless communication network;
  
  c) means for receiving the request message at the AP and determining whether the MC is a valid MC according to the two protected indicators;
  
  d) means for forming, responsive to the MC being a valid MC, a response message including another two protected indicators that uniquely identify the AP and MC, respectively;
  
  e) means for transmitting the response message into the wireless communication network;
  
  f) means for receiving the response message at the MC and determining whether the AP is a valid AP according to the another two protected indicators; and
  
  g) means for causing the MC to be associated with the AP responsive to the AP being a valid AP.
- View Dependent Claims (28, 29, 30, 31, 32, 33)
- - 28. The system as defined in claim 27 wherein the request and response messages are probe-request and probe-response messages
  - 29. The system as defined in claim 28 wherein the protected indicators for the probe request message are respective encrypted MAC addresses of AP and MC that have been first mixed with a random number.
  - 30. The system as defined in claim 29 wherein encryption is performed using a pre-arranged algorithm.
  - 31. The system as defined in claim 30 wherein a shared key is used in the encryption process.
  - 32. The system as defined in claim 30 wherein a private key is used in the encryption process.
  - 33. The system as defined in claim 28 wherein a probe-response or association message is sent by the AP to the MC confirming that it is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Alcatel SA (Nokia Corporation)
Inventors
Gariador, Frederic, Choyi, Vinod Kumar, Marquet, Bertrand

Granted Patent

US 7,783,756 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/216
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 61/00   Network arrangements, proto...

H04L 61/35   involving non-standard use ...

H04L 63/1466   Active attacks involving in...

H04L 9/3228   One-time or temporary data,...

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 12/71   Hardware identity

H04W 48/20   Selecting an access point

H04W 8/26   Network addressing or numbe...

Protection for wireless devices against false access-point attacks

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Protection for wireless devices against false access-point attacks

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links