System and method for providing WLAN security through synchronized update and rotation of WEP keys
First Claim
1. A system for improved security for wireless local area networks, and comprised of:
- a wireless local area network providing wireless communications links for the transmission of data between the two or more communicating entities;
one or more generators for creating pseudorandom encryption keys for the communicating entities; and
one or more controllers for selecting a transmission encryption key index on a rotating basis to point to a pseudorandom encryption key from a set of active pseudorandom encryption keys, and updating the set of active pseudorandom encryption keys for each communicating entity;
wherein the step of selecting the transmission encryption key index and the step of updating are not required to be precisely synchronous.
28 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed that overcome deficiencies of prior art IEEE 802.11 WEP key management schemes. Preferred embodiments of the present system and method update WEP keys and rotate transmission key indices in a synchronized manner and on a frequent basis making it impractical for a hacker to gather sufficient network traffic using any one WEP key to decrypt that key and without disrupting communications. Preferred embodiments of the present system and method do not require changes in access point or mobile unit hardware, radio drivers, or firmware and are therefore compatible with existing or legacy network infrastructure or components. The disclosed system and method may be used to facilitate secure communications between one or more access points and one or more mobile units and/or groups of two or more mobile units engaging in peer-to-peer associations.
-
Citations
20 Claims
-
1. A system for improved security for wireless local area networks, and comprised of:
-
a wireless local area network providing wireless communications links for the transmission of data between the two or more communicating entities; one or more generators for creating pseudorandom encryption keys for the communicating entities; and one or more controllers for selecting a transmission encryption key index on a rotating basis to point to a pseudorandom encryption key from a set of active pseudorandom encryption keys, and updating the set of active pseudorandom encryption keys for each communicating entity; wherein the step of selecting the transmission encryption key index and the step of updating are not required to be precisely synchronous. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A mobile unit providing improved security in communications with a wireless local area network, and comprised of:
-
one or more generators for creating pseudorandom encryption keys for the communicating entities; and one or more controllers for selecting a transmission encryption key index on a rotating basis to point to a pseudorandom encryption key from a set of active pseudorandom encryption keys, and updating the set of active pseudorandom encryption keys; and wherein the step of selecting the transmission encryption key index and the step of updating are not required to be precisely synchronous; and wherein synchronization with the wireless local area network is maintained by one or more of (i) time stamp messages;
(ii) a time offset;
(iii) exchange of time synchronization messages;
(iv) prompts for key rotation;
(v) prompts for key generation; and
(vi) detection of the next key being in use.
-
-
12. A method for providing improved security for wireless local area networks, comprising:
-
creating pseudorandom encryption keys for at least one of a plurality of communicating entities adapted to communicate via a wireless local area network; selecting a transmission encryption key index on a rotating basis to point to a pseudorandom encryption key from a set of active pseudorandom encryption keys for the at least one of a plurality of communicating entities; and updating the set of active pseudorandom encryption keys; and wherein the step of selecting the transmission encryption key index and the step of updating are not required to be precisely synchronous. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification