Methods and systems for wired equivalent privacy and Wi-Fi protected access protection

US 8,281,392 B2
Filed: 08/11/2006
Issued: 10/02/2012
Est. Priority Date: 08/11/2006
Status: Active Grant

First Claim

Patent Images

1. A method of disrupting attempts to break encryption or authentication associated with a wireless network, the method comprising the steps of:

monitoring the wireless network to detect weak initialization vectors, wherein the weak initialization vectors are weak due to reuse over a specified time period on the wireless network;

monitoring the wireless network to detect known wired equivalent privacy keys being used; and

transmitting random wired equivalent privacy encrypted frames on the wireless network responsive to the monitoring steps, the random wired equivalent privacy encrypted frames are operable to confuse unauthorized devices attempting to capture wired equivalent privacy encrypted frames to break the wired equivalent privacy key, wherein the random wired equivalent privacy encrypted frames each comprise random data encrypted with a different wired equivalent privacy key and random initialization vectors generated at a rate derived in response to monitored traffic, and wherein the random initialization vectors are different from monitored initialization vectors but logically correct and in sequence, wherein the random initialization vectors are invalid packets and are configured to pass validity checks while preventing an attacker to filter out the invalid packets thereby preventing decryption of the wired equivalent privacy key;

wherein the monitoring step is performed by a plurality of distributed monitoring devices, the plurality of monitoring devices are connected to one or more servers; and

wherein the servers are operable to receive and correlate data, events, and statistics from the distributed monitoring devices and to direct the distributed monitoring devices to perform the transmitting step responsive to any of a periodic interval, an intrusion alarm, a manual request, and an automatic request based on policy.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for disrupting potential attacks on a wireless network through transmission of random data are disclosed. Specifically, this disclosure relates to systems and methods for disrupting the breaking of the secret key or passphrase by an adversary or rogue device for Wi-Fi networks using wired equivalent privacy (WEP) and Wi-Fi protected access (WPA).

329 Citations

17 Claims

1. A method of disrupting attempts to break encryption or authentication associated with a wireless network, the method comprising the steps of:
- monitoring the wireless network to detect weak initialization vectors, wherein the weak initialization vectors are weak due to reuse over a specified time period on the wireless network;
  
  monitoring the wireless network to detect known wired equivalent privacy keys being used; and
  
  transmitting random wired equivalent privacy encrypted frames on the wireless network responsive to the monitoring steps, the random wired equivalent privacy encrypted frames are operable to confuse unauthorized devices attempting to capture wired equivalent privacy encrypted frames to break the wired equivalent privacy key, wherein the random wired equivalent privacy encrypted frames each comprise random data encrypted with a different wired equivalent privacy key and random initialization vectors generated at a rate derived in response to monitored traffic, and wherein the random initialization vectors are different from monitored initialization vectors but logically correct and in sequence, wherein the random initialization vectors are invalid packets and are configured to pass validity checks while preventing an attacker to filter out the invalid packets thereby preventing decryption of the wired equivalent privacy key;
  
  wherein the monitoring step is performed by a plurality of distributed monitoring devices, the plurality of monitoring devices are connected to one or more servers; and
  
  wherein the servers are operable to receive and correlate data, events, and statistics from the distributed monitoring devices and to direct the distributed monitoring devices to perform the transmitting step responsive to any of a periodic interval, an intrusion alarm, a manual request, and an automatic request based on policy.
- View Dependent Claims (2, 3, 4, 5, 6, 15, 16)
- - 2. The method of claim 1, wherein the condition comprises any of a periodic interval, an intrusion alarm, a manual request, and an automatic request based on policy.
  - 3. The method of claim 1, wherein the plurality of distributed monitoring devices comprise any of wireless sensors, wireless access points, wireless client devices configured with a software agent, and combinations thereof.
  - 4. The method of claim 1, wherein the monitoring step and the transmitting step are performed by a stand-alone wireless radio.
  - 5. The method of claim 1, wherein the monitoring step and the transmitting step are performed simultaneously on a plurality of wireless channels.
  - 6. The method of claim 1, wherein the condition is an injection attack.
  - 15. The method of claim 1, wherein the weak initialization vectors comprise a 24 bit initialization vector.
  - 16. The method of claim 1, wherein the weak initialization vectors are reused during a streaming cipher.

7. A method of thwarting an attack designed to obtain a secret passphrase of a Wi-Fi protected access wireless network, the method comprising the steps of:
- monitoring the wireless network to detect a rogue device monitoring the Wi-Fi protected access wireless network for keys;
  
  transmitting challenge-response frames on the wireless network responsive to the monitoring step, the challenge-response frames are operable to thwart attacks designed to obtain the secret passphrase, and wherein the challenge-response frames comprise a fake handshake using SNonce and ANonce transmissions during a four way handshake and key exchange designed to obfuscate actual challenge-response frames from the rogue device monitoring the wireless network; and
  
  periodically simulating fake handshakes when authorized devices are already connected with proper handshakes;
  
  wherein the monitoring step is performed by a plurality of distributed monitoring devices, the plurality of monitoring devices are connected to one or more servers; and
  
  wherein the servers are operable to receive and correlate data, events, and statistics from the distributed monitoring devices and to direct the distributed monitoring devices to perform the transmitting step responsive to any of a periodic interval, an intrusion alarm, a manual request, and an automatic request based on policy.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7, wherein the plurality of distributed monitoring devices comprise any of wireless sensors, wireless access points, wireless client devices configured with a software agent, and combinations thereof.
  - 9. The method of claim 7, wherein the monitoring step and the transmitting step are performed by a stand-alone wireless radio.

10. A method of disrupting attempts to break encryption or authentication associated with a wireless network, the method comprising the steps of:
- receiving a protection request from a monitoring device responsive to detecting weakness due to reuse over a specified time period on the wireless network, the protection request comprising an instruction to protect a wireless network from any of a plurality of wireless attacks;
  
  transmitting random protection frames on the wireless network based upon the protection request, the random protection frames being operable to confuse unauthorized devices attempting to collect information from the wireless network, wherein the random protection frames comprising one of random wired equivalent privacy encrypted frames and forged Wi-Fi protected access handshake frames;
  
  wherein the random wired equivalent privacy encrypted frames each comprise simulated data with a different wired equivalent privacy key and random initialization vectors generated at a rate derived in response to monitored traffic, and wherein the random initialization vectors are different from monitored initialization vectors but logically correct and in sequence, and wherein the random initialization vectors are invalid packets and are configured to pass validity checks while preventing an attacker to filter out the invalid packets thereby preventing decryption; and
  
  wherein weak initialization vectors are reused during a streaming cipher.
- View Dependent Claims (11, 12, 13, 14, 17)
- - 11. The method of claim 10, further comprising determining which of a plurality of types of random protection frames to transmit based upon the protection request.
  - 12. The method of claim 10, further comprising signaling the protection request based upon a periodic schedule.
  - 13. The method of claim 10, further comprising:
    - detecting an unauthorized device attempting to attack the wireless network; and
      
      signaling the protection request based on detecting an unauthorized device attempting to attack the wireless network.
  - 14. The method of claim 10, further comprising receiving an intrusion alert from any of a plurality of wireless monitoring devices;
    - andsignaling the protection request based upon the intrusion alert.
  - 17. The method of claim 10, wherein the monitored initialization vectors comprise a 24 bit initialization vector.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
AirDefense Incorporated (Motorola Solutions, Inc.)
Inventors
Sinha, Amit, Darrow, Nicholas John
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
CHANG, KENNETH W

Application Number

US11/464,043
Publication Number

US 20080052779A1
Time in Patent Office

2,244 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/1441   Countermeasures against mal...

H04L 9/002   Countermeasures against att...

H04W 12/122   Counter-measures against at...

H04W 12/126   Anti-theft arrangements, e....

H04W 88/02   Terminal devices

Methods and systems for wired equivalent privacy and Wi-Fi protected access protection

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

329 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems for wired equivalent privacy and Wi-Fi protected access protection

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

329 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others