1. Field of the Invention
The present application relates to communication devices for performing cryptographically secured communication in a WLAN (Wireless Local Area Network) network and corresponding integrated circuit chips, computer systems and methods, and in particular to the manner in which encryption/decryption is performed therein.
2. Description of the Related Art
A wireless local area network is a flexible data communication system implemented as an extension to or as an alternative for a wired LAN. Using radio frequency or infrared technology, WLAN systems transmit and receive data over the air minimizing the need for wired connections. Thus, WLAN systems combine data connectivity with user mobility.
Today, most WLAN systems use spread spectrum technology, a wideband radio frequency technique developed for use in reliable and secure communication systems. The spread spectrum technology is designed to trade-off bandwidth efficiency for reliability, integrity and security. Two types of spread spectrum radio systems are frequently used: frequency-hopping and direct sequence systems.
The standard defining and governing wireless local area networks that operate in the 2.4 GHz spectrum is the IEEE 802.11 standard. To allow higher data rate transmissions, the standard was extended to 802.11b which allows data rates of 5.5 and 11 Mbps in the 2.4 GHz spectrum. Further extensions exist.
In order to address existing security gaps of the 802.11 standard's native security, i.e., the WEP (Wired Equivalent Privacy) protocol, the 802.11i security standard was developed. This enhanced security standard relies on the 802.1x standard for port-based access control and the TKIP (Temporal Key Integrity Protocol) and CCMP (Counter-mode Cypher block chaining Message authentication code Protocol) protocols for data frame encryption and decryption. 802.1x provides a framework for WLAN station authentication and cryptographic key distribution, both features originally missing from the 802.11 standard. According to the TKIP and CCMP protocols, data frames are encrypted using a character string that is generated individually for each data frame. This encryption character string is based on a packet number or sequence number inserted in the data frame indicating data frame ordering. Out of order data frames are discarded. Thereby and by several further measures, the TKIP and CCMP protocols provide enhanced communication security over the original WEP protocol, the TKIP protocol being targeted at legacy equipment and the CCMP protocol being targeted at future WLAN equipment.
To perform a cryptographically secured exchange of data frames according to the above-described communication security techniques or similar approaches known in the art, existing WLAN systems apply multiple-stage transmission and reception processes. Between the individual transmission or reception stages, the data frames are buffered. This may lead to a number of disadvantages.
FIG. 1 shows a conventional multi-stage transmission process. In step 110, a packet and/or sequence number is inserted into a plaintext data frame. This step is repeated for each of the plaintext data frames. All the plaintext data frames to which the packet and/or sequence number has been inserted are buffered in step 120. In step 130, one of the buffered plaintext data frames is encrypted. The encryption is repeated for each of the buffered plaintext data frames. The encrypted data frames are buffered again in step 140. Finally, in step 150, one of the buffered encrypted data frames is sent to a WLAN communication counterpart. Step 150 is repeated for all the buffered encrypted data frames.
Usually, steps 120 to 150 are performed by a particular WLAN device within the WLAN system. Step 100 of inserting the packet and/or sequence number into the plaintext data frame, however, is performed by the CPU (Central Processing Unit) of the WLAN system. This may cause a waste of processing capacities of the high performance CPU for a simple data combination task.
Further, conventional systems may suffer from processing delays in the CPU which may occur during the insertion step 100 of the packet and/or sequence numbers into the plaintext data frames. Such processing delays usually result in unnecessary deceleration of the transmission process and may therefore lead to further problems in achieving efficient transmission data rates.
Moreover, the multiple buffering steps 120, 140 for the data frames generally still aggravates the problem of achieving efficient transmission data rates. Each step of buffering a data frame causes a retardation of the transmission process.
FIG. 3 schematically shows the content of a buffer 310 in a conventional WLAN system. Plaintext data frames 320, 330, 340, as well as encrypted data frames 350, 360, 370, are buffered. Each of the data frames includes an individual packet and/or sequence number 325, 335, 345, 355, 365, 375.
Since both plaintext data frames and encrypted data frames are buffered, existing WLAN systems usually suffer from intense buffer load. This may cause unnecessarily high buffer management complexity and buffer costs.
In addition, the feature of buffering data frames 320, 330, 340, 350, 360, 370 to which packet and/or sequence numbers 325, 335, 345, 355, 365, 375 have already been inserted may lead to considerable data faults in prior art WLAN systems. When the encrypted data frames are read from the buffer and sent in a different order than the plaintext data frames have been written to the buffer, out of order transmission of data frames occurs. At reception, out of order data frames are discarded for security reasons. Therefore, the buffering of data frames including packet and/or sequence numbers during the transmission process may represent a severe reason for data loss in conventional systems.
Referring now to FIG. 5, a reception process in existing WLAN systems is schematically shown. In step 510, encrypted data frames are received from a WLAN communication counterpart. Step 510 is repeated for all data frames received. Once an encrypted data frame has been received, it is buffered in step 520. In step 530, a buffered encrypted data frame is decrypted. This step is repeated for all the encrypted data frames contained in the buffer. In step 540, the plaintext data frames resulting from the decryption step 530 are buffered again.
As illustrated in FIG. 5, a conventional reception process comprises multiple buffering of the data frames. Therefore, the above-discussed problems of existing WLAN systems relating to inefficient transmission data rates and unnecessarily high buffer load also emerge during the reception process.
Further, the feature of buffering the encrypted data frames between the reception step 510 and the decryption step 530 allows that the individual data frames are decrypted 530 in different order than they have been received. Thus, conventional WLAN systems often suffer from the above-discussed problem of considerable data faults also during the reception process.