1. Field of the Invention
The present invention generally relates to an electronic device and a method for discovering a network in the electronic device, and more particularly, to an electronic device capable of securely requesting and receiving network information of an external device in a network discovery operation that is performed before the electronic device is connected to the external device, and a method for discovering a network in the electronic device.
2. Description of the Related Art
802.11u is the standard established to discover external network information of an Access Point (AP).
In 802.11u, an electronic device allows network discovery with an external network regardless of its connection to an AP, so network discovery is possible in the electronic device even in the pre-association state.
In an Access Network Query Protocol (ANQP) which is the typical protocol of 802.11u, an electronic device may perform network discovery with an external information server using Generic Advertisement Service (GAS) Initial Request/Response frames that are specified as action frames in 802.11u, and the network discovery operation may be performed regardless of the connection to an AP.
Basically, if an electronic device queries an AP about ANQP information using a GAS Initial Request frame, the AP may query an information server (or an ANQP server) about the ANQP information, and send a response of the information server back to the electronic device in a GAS Initial Response frame. If an ANQP query value is too large or a response of the information server is delayed, the AP may first send a GAS Initial Response frame to the electronic device to inform the delay. In this case, the electronic device may obtain necessary ANQP information through the exchange of GAS Comeback Request/Response frames after it is informed of the comeback delay.
FIG. 1 illustrates network information that an electronic device can receive through network discovery. As illustrated in FIG. 1, an electronic device may receive, as network information, a variety of ANQP information which includes elements defined in the ANQP protocol.
By utilizing an ANQP vendor-specific list field, it is possible to customize define information about elements other than the elements defined in the standard. Recently, attempts have been made to use not only the network information defined in the standard, but also a variety of information customized defined using this feature, and this information may include the information that should not be exposed due to its security.
As described above, the network discovery based on 802.11u may be performed regardless of a Wireless Fidelity (Wi-Fi) connection. In other words, an electronic device may receive network information through a network discovery operation with an external network or a separate information server in an unauthenticated state of the pre-association state. 802.11u communication that is performed in the unauthenticated state has a weakness in terms of the security because it does not have the separate L2 layer security. Basically, the GAS Initial Request/Response frames for 802.11u communication are based on the unauthenticated state, so details of the frames may be easily exposed. Therefore, the network information that should not be exposed due to its security, among a variety of network information included in the frames, may also be easily exposed.
For example, upon receiving a GAS Initial Request frame for requesting network information from an electronic device while monitoring it in a passive way in a specific channel where an AP is located, an attacker may insert a Media Access Control (MAC) address of an AP (which is a target to which the electronic device will send a GAS Response frame) into a GAS Initial Response frame as a source address, insert a failure code therein by compulsion, and send the resulting frame to the electronic device. Thereafter, the electronic device, which has received the GAS Initial Response frame from the attacker, may drop a GAS Initial Response frame received from an AP even though the GAS Initial Response frame is actually received from the AP, and determine that the reception of the network information is failed. Alternatively, the attacker may forge a payload of a GAS Initial Response frame and send the forged frame to the electronic device, so the electronic device may receive incorrect network information.
In general, an AP has a predetermined amount of buffer for processing the GAS Initial Request frame received from the electronic device. In this case, if the attacker consecutively sends multiple GAS Initial Request frames including different source MAC addresses to the AP for a short period of time, the buffer assigned to the AP may be saturated. If the buffer of the AP is saturated, the AP may not process the GAS Initial Request frame received from the electronic device, causing a reduction in the transmission capacity for the GAS Initial Response frame that the AP sends to the electronic device.