Field of the Invention
Embodiments are typically in the field of wireless networks.
Background of Related Art
Wireless networks are increasingly being used in homes and offices. Mesh networks are wireless networks with a flexible topology. Meshable nodes of a mesh network have features to detect topology changes or to establish fallback routes.
For the Internet, real-time applications such as Voice-over-IP (VoIP) or Video-on-Demand (VoD) are known. Endpoints of real-time communication are usually so-called “stations” or “clients”, i.e., non-meshable terminals.
For integration into a mesh network, these terminals must be associated with access nodes of the mesh network. In response to topology changes in the mesh network or the movements of a terminal across multiple wireless cells of the mesh network's access nodes, handover procedures are provided in which the terminal associated with an access node newly associates with another access node of the mesh network.
The speed of the handover procedures for real-time applications is especially critical for the quality and feasibility of such real-time applications using wireless connections. To enable real-time capabilities for non-meshable terminals, the handover procedures from one access node to another should therefore occur with the least possible lag time and packet loss.
802.11 networks operate with fixed access nodes, which usually communicate with each other via wired connections.
In mesh networks, communication for key distribution between access nodes is less reliable than with wired communication, due to the wireless transmission, and experiences increased delays due to multi-hop communication. This results in slower handover procedures in mesh networks. Due to the mobility of both mesh nodes and terminals or stations, handover procedures also occur more frequently in mesh networks. The mobility of both mesh nodes and terminals can lead to an increased number of handover procedures. In mesh networks, access nodes operate error-prone communication via a wireless medium, which is typically also carried out across several wireless hops. Thus, a request of a PMK-R1 key through an access node with which a terminal must newly associate requires time, and the handover is delayed.
The IEEE 802.11F standard indicates handover mechanisms in 802.11 networks and is documented in IEEE Trial-Use Recommended Practice for Multi-Vendor Access Point Interoperability via an Inter-Access Point Protocol Across Distribution Systems Supporting IEEE 802.11 Operation, 2003. It does not include any mechanisms for optimizing a handover procedure.
The 802.21 standard concerns the communication and execution of a handover procedure between heterogeneous networks and is documented in Standard for Media Independent Handover Services, IEEE Computer Society/Local and Metropolitan Area Networks, Draft 802.21-Standard, 2004.
Bruce McMurdo, Cisco Fast Secure Roaming, 2004 demonstrates an acceleration of authentication after initiating a handover.
To speed up handover procedures, the utilization of several interfaces is demonstrated in Catherine Rosenberg, Edwin K. P. Chong, Hosame Abu-Amara, Jeongjoon Lee, Efficient Roaming over Heterogeneous Wireless Networks, Proceedings of WNCG Wireless Networking Symposium, 2003. To this end, authentication with the new access node is already carried out while the station is still connected to the old node via the second interface.
A standardization for fast handover procedures in wireless 802.11 networks is shown in Draft Amendment to Standard for Information Technology—Telecommunications and Information Exchange between Systems—LAN/MAN Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications: Amendment 2: Fast BSS Transition, D2.0, March 2006.
According to the IEEE 802.11r standard, a special key hierarchy is used in wireless 802.11 networks in order to optimize handover procedures. This standardized version of key distribution, in which a node is adapted as in the preamble in claim 1, is such that a security relationship with the PMK-R0 key holder must be requested first at the Mobility Domain Controller (MDC), before a PMK-R1 key can be transferred for the handover procedure. This delays the handover procedure.
FIG. 2 schematically illustrates communication in a handover procedure according to the IEEE 802.11r standard.
After its initial registration, each access node calculates a PMK-R0 key within a mobility domain. Using a mobility domain controller MDC, it establishes a security relationship with a PMK-R0 key holder. After successful authentication, said key holder is derived from the negotiated master key and is stored on the access node MAP1, where the new access node MAP2 logs on for the first time. This access node MAP1 is also referred to as PMK-R0 key holder. Then, a so-called PMK-R1 key, which forms the basis for protecting the communication between access nodes and a terminal STA, is derived from the PMK-R0 key.
The new meshable access node MAP2 receives an authentication request from the terminal STA, which initiates the handover procedure. If the terminal STA initiates a handover procedure in a step S1, then the new access node MAP2 establishes a security relationship with the access node MAP1, which is the PMK-R0 key holder, in a step S0 using the mobility domain controller MDC. There, in a step S2′, it requests its “own” PMK-R1 key, which serves as the basis for the protection of the new communication relationship between the terminal STA and the new access node MAP2. To this end, in a step S3′ the access node MAP1 derives the PMK-R1 key from the PMK-R0 key, and in a step S4′ it transmits the PMK-R1 key to the new access node MAP2. The new access node MAP2 then transmits an authentication response to the terminal in a step S5′, whereupon the terminal associates with the new access node MAP2 in a step S6 such that the handover procedure can be concluded successfully without renewed authentication of the terminal.