Market adoption of wireless LAN (WLAN) technology has exploded, as users from a wide range of backgrounds and vertical industries have brought this technology into their homes, offices, and increasingly into the public areas. This inflection point has highlighted not only the limitations of earlier-generation systems, but also the changing role that WLAN technology now plays in people's work and lifestyles, across the globe. Indeed, WLANs are rapidly changing from convenience networks to business-critical networks. Increasingly users are depending on WLANs to improve the timeliness and productivity of their communications and applications, and in doing so, require greater visibility, security, management, and performance from their network.
Unauthorized access to wireless networks is a growing security issue. Address spoofing is one method used to gain unauthorized access to a wireless network, or to launch denial of service attacks. For example, an impostor user may transmit messages to an authorized network element (e.g., wireless access point) using the Media Access Control (MAC) address of an authorized user. Similarly, an impostor network element may transmit messages to an authorized network element (e.g., wireless access point) using the MAC address of an authorized wireless access point.
The IEEE 802.11i standard defines a mechanism that secures user data frames. This mechanism uses 802.1X for authentication, and defines a key exchange mechanism that provisions a key on both the station and the wireless access point. This key is used to derive an encryption key used to encrypt user frames, as well as other session keys that can be used to compute Message Integrity Codes that allow frames to be authenticated. This standard prevents malicious spoofing of user frames, but does not protect the management frames. Because the 802.1X and key exchange occur after the association phase, the association messages are in the clear (i.e., unsecured). Once a key has been exchanged, it is possible to secure an association and 802.11 authentication messages.
The IEEE 802.11w standard defines a mechanism that secures Media Access Control (MAC) Management Frames. This mechanism allows for an expanded 802.1X and key exchange phase that occurs after the association phase. However, a wireless access point also accepts unsecured association and authentication messages, because the wireless infrastructure does not know whether a wireless client has lost its state (i.e., lost its connection to the wireless network) either through a reboot or through some other mechanism.
One problem with this approach is that in order to allow wireless clients, which may have crashed or rebooted, to reconnect to the wireless access point, the infrastructure allows for 802.11 association and authentication messages to be accepted unsecured. Accepting unsecured messages, however, allows for a malicious node to send spoofed association requests, or other wireless management frames, in order to create problems such as a denial of service attack.
In light of the foregoing, a need in the art exists for methods, apparatuses, and systems that address the foregoing problems and facilitate the detection of address spoofing in wireless networks. Embodiments of the present invention substantially fulfill this need.