Protection for wireless devices against false access-point attacks
First Claim
Patent Images
1. In a wireless communications network, a method of establishing selective association of an access point (AP) with a mobile client (MC), the method comprising:
- triggering said selective association in response to specific contexts, said specific contexts comprising at least one of location co-ordinates, corporate email, and intranet access, wherein said selective association involves the AP providing the MC with a dynamic Media Access Control (MAC) address that is expected during a subsequent connection;
forming a request message including two protected indicators, a first of which uniquely identifies the AP and a second of which uniquely identifies the MC;
transmitting the request message into the wireless communication network;
receiving the request message at the AP and determining whether the MC is a valid MC according to the two protected indicators, wherein the two protected indicators are respective encrypted MAC addresses of the AP and the MC that have been first mixed with a first random number based on at least one of time, day and location values;
forming, responsive to the MC being the valid MC, a response message including another two protected indicators that uniquely identify the AP and MC, respectively, wherein the another protected indicators for the probe-response message are respective encrypted MAC addresses of AP and MC that have been first mixed with a second random number based on at east one of time, day and location values, and the second random number is different from the first random number;
transmitting the response message into the wireless communication network;
receiving the response message at the MC and determining whether the AP is a valid AP according to the another two protected indicators; and
causing the MC to be associated with the AP responsive to the AP being the valid AP.
8 Assignments
0 Petitions
Accused Products
Abstract
Mechanisms and methods for providing a mobile/wireless device with protection against false access-point/base-station attacks using MAC address protection are presented. The mobile/wireless device known as mobile client (MC) gains access to wireless network by discovering and selectively associating with an access point (AP). The MAC addresses of both the AP and the MC are protected during all communications between the AP and MC during the discovery phase. This protection mitigates MAC address spoofing type attacks on both the AP and the MC.
-
Citations
25 Claims
-
1. In a wireless communications network, a method of establishing selective association of an access point (AP) with a mobile client (MC), the method comprising:
-
triggering said selective association in response to specific contexts, said specific contexts comprising at least one of location co-ordinates, corporate email, and intranet access, wherein said selective association involves the AP providing the MC with a dynamic Media Access Control (MAC) address that is expected during a subsequent connection; forming a request message including two protected indicators, a first of which uniquely identifies the AP and a second of which uniquely identifies the MC; transmitting the request message into the wireless communication network; receiving the request message at the AP and determining whether the MC is a valid MC according to the two protected indicators, wherein the two protected indicators are respective encrypted MAC addresses of the AP and the MC that have been first mixed with a first random number based on at least one of time, day and location values; forming, responsive to the MC being the valid MC, a response message including another two protected indicators that uniquely identify the AP and MC, respectively, wherein the another protected indicators for the probe-response message are respective encrypted MAC addresses of AP and MC that have been first mixed with a second random number based on at east one of time, day and location values, and the second random number is different from the first random number; transmitting the response message into the wireless communication network; receiving the response message at the MC and determining whether the AP is a valid AP according to the another two protected indicators; and causing the MC to be associated with the AP responsive to the AP being the valid AP. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. In a wireless communications network, a system for establishing selective association of an access point (AP) with a mobile client (MC), the system comprising:
-
said selective association in response to specific contexts, said specific contexts comprising at least one of location co-ordinates, corporate email, and intranet access, wherein said selective association involves the AP providing the MC with a dynamic Media Access Control (MAC) address that is expected during a subsequent connection; a first device that forms a request message including two protected indicators, a first of which uniquely identifies the AP and a second of which uniquely identifies the MC; a first transmitter that sends the request message into the wireless communication network; a first receiver that receives the request message at the AP and determining whether the MC is a valid MC according to the two protected indicators, wherein the two protected indicators are respective encrypted MAC addresses of the AP and the MC that have been first mixed with a first random number based on at least one of time, day and location values; a second device that forms, responsive to the MC being the valid MC, a response message including another two protected indicators that uniquely identify the AP and MC, respectively, wherein the another two protected indicators for the probe-response message are respective encrypted MAC addresses of AP and MC that have been first mixed with a second random number based on at least one of time, day and location values, and the second random number is different from the first random number; a second transmitter that sends the response message into the wireless communication network; a second receiver receives the response message at the MC and determining whether the AP is a valid AP according to the another two protected indicators; and a third device that causes the MC to be associated with the AP responsive to the AP being the valid AP. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification