Over the last decade or so, many companies have installed communication networks in order to allow their employees access to various network resources. To improve efficiency and to support mobility, many wireless access enhancements have been added to local, personal, and wide area networks. Based on these enhancements, Wireless Local Area Networks (WLANs), Personal Area Networks (PANs) and Wide Area Networks (WLANs) have been and continue to be utilized by more and more users.
Typically, a WLAN supports communications between a number of wireless devices without any required line of sight for such communications. In current network configurations, multiple Access Points (APs) are coupled to a wired network, such as an Ethernet network for example, and each AP operates as a relay station by supporting communications between resources of the wired network and wireless stations (STAs). STAs are mobile, wireless devices that enable users to alter their physical locations, but still communicate over the network.
A networking switch is deployed as a central device within the WLAN. The networking switch is adapted to receive signals from devices communicatively coupled to the wired network or radio waves from wireless devices. For both types of communications, the networking switch directs traffic across the WLAN, enabling devices to communicate with each other.
Secure Socket Layer (SSL) and Transport Layer Security (TLS), the successor to SSL, are cryptographic protocols that may be used by networking switches to secure data communications over a wireless network. While there are slight differences between these cryptographic protocols, the overall functionality of these protocols is generally the same.
SSL and/or TLS (hereinafter referred to as “SSL/TLS”) provides endpoint authentication and privacy over a network using cryptography. In typical use, a server is authenticated (e.g., the server identity is verified) while the client remains non-authenticated. However, SSL/TLS supports mutual authentication in accordance with a SSL or TLS Handshake Protocol that allows the server and client to authenticate each other and to negotiate a cryptographic algorithm and keys before information is exchanged. This enables the server and client to obfuscate their communications and prevent tampering by interlopers.
SSL/TLS operates on layers beneath application protocols (e.g., Hypertext Transfer Protocol “HTTP”, Simple Mail Transfer Protocol “SMTP”, etc.) but above the transport protocols such as Transport Control Protocol (TCP) and User Datagram Protocol (UDP). While SSL/TLS can add security to any protocol that uses reliable connections (such as TCP), it is most commonly used with HTTP to form a secure communication path “HTTPS” that many of us use to access secure web pages.
Currently, networking switches are implemented with two processors, where one processor handles the control path (CP processor) and the other processor handles the data path (DP processor). While the processing performance of the DP processor is far superior to the CP processor, and thus regularly handles encryption/decryption, it is normally difficult to program since these processors usually are implemented with a small, proprietary operating system (OS). The CP processor normally runs on a well-known OS and sacrifices speed for flexibility and configurability.
As a result, with networking switches, the CP processor handles the data processing except for offloading computationally intensive parts of the SSL/TLS operations such as performance of certain cryptographic functions such as RSA. This offloading solution has posed a number of disadvantages. For instance, state information needs to be maintained in the control path. This creates an unnecessary amount of data before an RSA handshake is even completed. Second, CP processors are highly susceptible to denial of service (DOS) attacks.
Alternatively, it has been suggested for the DP processor to handle the entire SSL/TLS operations within the data path. However, this solution causes increased design complexity when implementing features because it is typically much more difficult to implement features on the DP processor as mentioned above.
Hence, it would be advantageous to develop a communication scheme that enables any wireless device to communicate with another wireless device, and to make use of the acknowledgement signaling requirements described above.