Protection for wireless devices against false access-point attacks

US 7,783,756 B2
Filed: 06/03/2005
Issued: 08/24/2010
Est. Priority Date: 06/03/2005
Status: Expired due to Fees

First Claim

Patent Images

1. In a wireless communications network, a method of establishing selective association of an access point (AP) with a mobile client (MC), the method comprising:

triggering said selective association in response to specific contexts, said specific contexts comprising at least one of location co-ordinates, corporate email, and intranet access, wherein said selective association involves the AP providing the MC with a dynamic Media Access Control (MAC) address that is expected during a subsequent connection;

forming a request message including two protected indicators, a first of which uniquely identifies the AP and a second of which uniquely identifies the MC;

transmitting the request message into the wireless communication network;

receiving the request message at the AP and determining whether the MC is a valid MC according to the two protected indicators, wherein the two protected indicators are respective encrypted MAC addresses of the AP and the MC that have been first mixed with a first random number based on at least one of time, day and location values;

forming, responsive to the MC being the valid MC, a response message including another two protected indicators that uniquely identify the AP and MC, respectively, wherein the another protected indicators for the probe-response message are respective encrypted MAC addresses of AP and MC that have been first mixed with a second random number based on at east one of time, day and location values, and the second random number is different from the first random number;

transmitting the response message into the wireless communication network;

receiving the response message at the MC and determining whether the AP is a valid AP according to the another two protected indicators; and

causing the MC to be associated with the AP responsive to the AP being the valid AP.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms and methods for providing a mobile/wireless device with protection against false access-point/base-station attacks using MAC address protection are presented. The mobile/wireless device known as mobile client (MC) gains access to wireless network by discovering and selectively associating with an access point (AP). The MAC addresses of both the AP and the MC are protected during all communications between the AP and MC during the discovery phase. This protection mitigates MAC address spoofing type attacks on both the AP and the MC.

Citations

25 Claims

1. In a wireless communications network, a method of establishing selective association of an access point (AP) with a mobile client (MC), the method comprising:
- triggering said selective association in response to specific contexts, said specific contexts comprising at least one of location co-ordinates, corporate email, and intranet access, wherein said selective association involves the AP providing the MC with a dynamic Media Access Control (MAC) address that is expected during a subsequent connection;
  
  forming a request message including two protected indicators, a first of which uniquely identifies the AP and a second of which uniquely identifies the MC;
  
  transmitting the request message into the wireless communication network;
  
  receiving the request message at the AP and determining whether the MC is a valid MC according to the two protected indicators, wherein the two protected indicators are respective encrypted MAC addresses of the AP and the MC that have been first mixed with a first random number based on at least one of time, day and location values;
  
  forming, responsive to the MC being the valid MC, a response message including another two protected indicators that uniquely identify the AP and MC, respectively, wherein the another protected indicators for the probe-response message are respective encrypted MAC addresses of AP and MC that have been first mixed with a second random number based on at east one of time, day and location values, and the second random number is different from the first random number;
  
  transmitting the response message into the wireless communication network;
  
  receiving the response message at the MC and determining whether the AP is a valid AP according to the another two protected indicators; and
  
  causing the MC to be associated with the AP responsive to the AP being the valid AP.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method as defined in claim 1, wherein the request and response messages are probe-request and probe-response messages respectively.
  - 3. The method as defined in claim 1, wherein the request and response messages are management messages.
  - 4. The method as defined in claim 1, wherein the request and response messages are association messages.
  - 5. The method as defined in claim 1, wherein the MC repeats the method of establishing selective association for multiple APs and selects the AP which satisfies certain criteria.
  - 6. The method as defined in claim 5, wherein the certain criteria represent a strongest signal for association.
  - 7. The method as defined in claim 2, wherein the probe-request message including the two protected indicators is encrypted using a shared key.
  - 8. The method as defined in claim 2, wherein the probe-request message including the two protected indicators is encrypted using a public key.
  - 9. The method as defined in claim 2, wherein an encryption algorithm is implemented to encrypt MAC addresses.
  - 10. The method as defined in claim 9, wherein the encryption algorithm is decided at configuration time.
  - 11. The method as defined in claim 2, wherein the AP creates a table binding the MAC address of the MC to the first random number.
  - 12. The method as defined in claim 11, wherein the AP updates the table when the AP receives additional messages from the MC.
  - 13. The method as defined in claim 12, wherein the MAC address of the MC is dynamic.
  - 14. The method as defined in claim 12, wherein the AP provides the MC with the MAC address that is expected on reconnecting.
  - 15. The method as defined in claim 14, wherein the MAC address that is expected on reconnecting is communicated to the MC before a current session is terminated.
  - 16. The method as defined in claim 15, wherein the AP updates its table to reflect the change in the MAC address.
  - 17. The method as defined in claim 1, wherein the wireless communications network is a Wireless Local Area Network (W-LAN).
  - 18. The method as defined in claim 1, wherein the wireless communications network is a WiMax network.
  - 19. The method as defined in claim 18, wherein the request and response messages are ranging messages.

20. In a wireless communications network, a system for establishing selective association of an access point (AP) with a mobile client (MC), the system comprising:
- said selective association in response to specific contexts, said specific contexts comprising at least one of location co-ordinates, corporate email, and intranet access, wherein said selective association involves the AP providing the MC with a dynamic Media Access Control (MAC) address that is expected during a subsequent connection;
  
  a first device that forms a request message including two protected indicators, a first of which uniquely identifies the AP and a second of which uniquely identifies the MC;
  
  a first transmitter that sends the request message into the wireless communication network;
  
  a first receiver that receives the request message at the AP and determining whether the MC is a valid MC according to the two protected indicators, wherein the two protected indicators are respective encrypted MAC addresses of the AP and the MC that have been first mixed with a first random number based on at least one of time, day and location values;
  
  a second device that forms, responsive to the MC being the valid MC, a response message including another two protected indicators that uniquely identify the AP and MC, respectively, wherein the another two protected indicators for the probe-response message are respective encrypted MAC addresses of AP and MC that have been first mixed with a second random number based on at least one of time, day and location values, and the second random number is different from the first random number;
  
  a second transmitter that sends the response message into the wireless communication network;
  
  a second receiver receives the response message at the MC and determining whether the AP is a valid AP according to the another two protected indicators; and
  
  a third device that causes the MC to be associated with the AP responsive to the AP being the valid AP.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The system as defined in claim 20, wherein the request and response messages are probe-request and probe-response messages.
  - 22. The system as defined in claim 21, wherein an encryption process is performed using a pre-arranged algorithm.
  - 23. The system as defined in claim 22, wherein a shared key is used in the encryption process.
  - 24. The system as defined in claim 22, wherein a private key is used in the encryption process.
  - 25. The system as defined in claim 21, wherein a probe-response or association message is sent by the AP to the MC confirming that it is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Choyi, Vinod Kumar, Marquet, Bertrand, Gariador, Frederic
Primary Examiner(s)
Bates, Kevin
Assistant Examiner(s)
Tran, Jimmy H

Application Number

US11/143,620
Publication Number

US 20060274643A1
Time in Patent Office

1,908 Days
Field of Search

709/226, 709/225, 709/227, 709/229, 713/162, 713/201, 726/3, 370/310, 370/216
US Class Current

709/225
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 61/00   Network arrangements, proto...

H04L 61/35   involving non-standard use ...

H04L 63/1466   Active attacks involving in...

H04L 9/3228   One-time or temporary data,...

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 12/71   Hardware identity

H04W 48/20   Selecting an access point

H04W 8/26   Network addressing or numbe...

Protection for wireless devices against false access-point attacks

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Protection for wireless devices against false access-point attacks

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links