The present invention is generally related to wireless networking, more specifically to methods and systems for authenticating and provisioning wireless devices as the devices roam among access points.
Most current 802.11 network-level authentication protocols require a substantial amount of time to re-establish a wireless station's connectivity to the network after that station roams from one access point (AP) to another access point. Typically, when a station associates with a first access point, it has to be authenticated through a central authentication server. When the station roams to a new access point, the station loses the session to the network and must again authenticate itself with the authentication server which typically involves a full challenge request and response. A new accounting session is then established. This method introduces a new key hierarchy that commences on the initial authentication and allows for the authentication key to persist across the duration of a session to the network versus an 802.11 link. Further, this new key hierarchy is based on counter mode key generation to allow the precomputation of the 802.11 key obviating the need for unnecessary session teardown and restart.
This delay in re-establishing connectivity greatly impacts 802.11 service to the point that some upper-level protocols, such as Voice-over-IP (VoIP), actually fail. Furthermore, each roam commonly necessitates interaction with a site's Authentication, Accounting, and Authorization (AAA) servers, resulting in a significant increase in server load, to the point at which some servers fail to provide the necessary rate of authentications requests for the 802.11 lo stations. More importantly, after the authentication has succeeded, the 802.11 station must then use the key provisioned at authentication to establish a fresh key used to secure the 802.11 link with the access point.
Thus, the need exists for a fast, secure and reliable method for authenticating and provisioning a station when the station roams from one access point to another that decreases is traffic to the authentication server and optimizes the generation of a fresh 802.11 key. In designing a fast secure and reliable method for seamlessly roaming a station between access points, the following underlying assumptions and requirements are desirable:    1) Fast handoff must minimize the message transactions and computations between MN and AP    2) Fast handoff is affected only in intra-subnet mobility, though an infrastructure is built to allow for future support for inter-subnet mobility    3) The handoff must be secure    4) The overall design must leverage existing standards to the extent possible    5) The overall design must not interfere with existing protocols.    6) The handoff mechanism is based on key management and thus is independent of the authentication mechanism. Note however that any key management mechanism must be aware of chosen authentication type as it must know how to properly retrieve and interpret the NSK.    7) The handoff mechanism relies on a centralized service to provide secure key distribution services
Current authentication protocols such as PEAP or TLS require interaction with the authentication state. PEAP touts the ability to shorten roam time by allowing a MN to bypass a full challenge-response authentication exchange by affecting a resume operation. IEEE 802.11 security task group ‘i’ e.g. TGi have accommodated for the means of pre-authenticating. These two mechanisms presume a need for re-establishment of the network session key (NSK) before the link between the AP and MN can establish a pairwise transient key (PTK) for protecting 802.11 and 802.1X traffic. However, with a defined key hierarchy, TGi also alludes to the ability of transferring the NSK from one AP to another. This design also uses the notion of retaining the NSK and relies only on the key management mechanisms to affect a fast handoff during a roam. However, to provide freshness and uniqueness of a session key for each access point, CCKM defines an initial authenticated key exchange by which the MN and first associated AP contribute material for deriving fresh keys for authenticating key requests, KRK, and a base transient key, BTK for deriving PTKs.
The following is a list of acronyms and their corresponding definition as used throughout this specification:
AKM—Authenticated Key Management
AP—Access Point
AS—Authentication server
BSSID—Basic Service Set Indetifier
BTK—Base Transient Key
CCKM—Central Key Management
CCM—Campus Context Manager
CCX—Client Enablement
CTK—Context Transfer Key
GTK—Group Transient Key
KRK—Key Request Key
MN—Mobile Node
MN-ID—Mobile Node Identifier
NSK—network session key
PRF—PseudoRandom Function
PMK—Pairwise Master Key
PTK—pairwise transient key
RN—rekey request sequence number
SCM—Subnet Context Manager
SSID—Service Set Identifier
SSN—Simple Security Network
VLAN—Virtual Local Area Network
WLCCP—Wireless Local Context Control Protocol.
Along with the aforementioned acronyms, defined below is a definition of terms appearing throughout this application:
IEEE—Institute of Electrical and Electronics Engineers, Inc.
IEEE 802.11—The 802.11 protocol and 802.11 terms are defined in IEEE Std 802.11, 1999 Edition
IEEE 802.11 TGi—a task group in IEEE 802.11 currently focused in addressing 802.11 security.
802 address. A canonical IEEE 48 bit “Ethernet” address. 802.11 and Ethernet addresses are 802 addresses.
802.11 bridge—An 802.11 bridge is a transparent bridge with an Ethernet bridge port and one or more 802.11 bridge ports. A parent 802.11 bridge has a secondary 802.11 port which links to a primary 802.11 port in a child 802.11 bridge.
802.11 station—A MN or AP.
802.1X—The IEEE 802.1X protocol and 802.1X terms are defined in [ ]. 802.1X defines a protocol where an 802.1X Supplicant mutually authenticates with an 802.1X Authenticator via an Authentication Server.
AAA—Authentication Authorization Accounting. A node will request network access by executing a protocol to a (typically) Authentication Server that provides protocols and services for providing authentication, authorization and session accounting.
AKM—Authenticated Key Management. New selector in both the SSN and TGi negotiated element present in beacons, probe response and reassociation request/response messages. This selector allows for definition of authentication type and key management.
AP—Access Point. In this document, “AP” is used as a general term to refer to any 802.11-to-Ethernet or 802.11-to-802.11 relay devices.
Association Message—An 802.11 station sends an Association Request message to initially associate with a parent AP. The parent AP replies with an Association Response message.
AS—Authentication Server. A node that provides AAA (specifically authentication) service.
BDPU—an 802.1D Bridge Protocol Data Unit.
BSS—An 802.11 Basic Service Set. A BSS is the set of 802.11 stations associated with a single 802.11 AP. A logical “BSS port” in an AP is used to access stations in the BSS.
Base Transient Key (BTK)—the base transient key that is mutually derived between MN and SCM to serve as the key for generating PTKs.
Campus Network—an aggregate “seamless roaming domain” which implies a geographic locality which may include one or more 802.11 Extended Service Sets. A physical campus network may contain multiple “campus networks.”
Central Key Management (CCKM)—the key management scheme of the present invention. It utilizes a central node, an AP, as the key distributor to enable protected communications between a link (e.g. an AP and MN).
Context Transfer Key (CTK)—A key shared between two nodes to establish protection of its data packets. The CTK may consist of a pair of keys if the protection mechanism requires a unique key for each encryption and packet authentication (e.g. a MIC).
Correspondent Host (CH)—A mobile or non-mobile node that is actively communicating with a MN.
Descednant—A node that is in the sub tree of a Topology Tree that is roonated in an ancestor node.
DRR—Descendant Registration Record. A DRR contains state information for descendant nodes. An MN-DRR is a DRR for a mobile node. An AP-DRR is a DRR for an AP.
DPR—Descendant Path Record (DPR). A DPR contains path state information for descendant nodes.
Downlink—The logical radio path from an 802.11 AP radio to a child 802.11 station.
ESS—An 802.11 Extended Service Set. An ESS includes one or more BSSes and may span one or more subnets. MNs can roam between APs in the ESS. A SWAN Campus Network may include multiple ESSes.
FA—A Mobile Ipv4 foreign agent.
Group Transient Key (GTK)—A key owned and managed by an AP. It is used to protect multicast and broadcast traffic.
HA—A Mobile Ipv4 home agent.
Hopwise Routing—“Hopwise routing” is used when an inbound or outbound WLCCP message must be forwarded to intermediate APs on the path from the Originator to the Responder.
IA—Infrastructure Node Authenticator. In standalone mode, the SCM is the IA; in a full SWAN configuration, the CCM is the IA.
IGMP—Internet Group Management Protocol. IGMP is used to determine IP multicast group membership.
IGMP Snooping—Switches and APs “snoop” IGMP messages, received on a port, to determine which IP multicast addresses must be transmitted on the port.
Inbound—An “inbound frame” is forwarded toward the CCM, in the SWAN Topology Tree. An “inbound node” is accessed via the “primary port”. (An “inbound node” is not necessarily an “ancestor node”.)
IN—Infrastructure Node. An IN is an AP, SCM, LCM, or CCM.
IRR—Inbound Registration Record.
KDC—Key Distribution Center. This is a service provided by the IN Authenticator to distribute CTKs to be consumed by registered infrastructure nodes.
Key Request Key (KRK)—the portion of the expanded NSK used to authenticate key refresh request/response handshakes
Layer 2—The data link layer, as defined in the ISO 7-layer model.
L-CTK—Lateral Context Transfer Key.
Link—the logical link between two immediate neighbors in the SWAN Topology tree.
Link State—Each SWAN node is responsible for monitoring the link to each of its lo immediate neighbors. The Link State can be “Connected” or “Disconnected”.
MIP—Mobile IPv4 as defined in RFC 2002.
MN—802.11 Mobile Node.
MN-ID—802.11 Mobile Node identifier represented as the node's MAC address
Network Session Key (NSK)—the key established by a successful authentication between a node an its authenticator. With the CCM being the authenticator for all infrastructure nodes and the LCM being the authenticator for all MNs. In the case where an SCM is acting in standalone mode, the SCM is the authenticator for all nodes.
MNR—Mobile Node Record. A Mobile Node Record contains state information for MNs.
Mobility bindings—The “mobility bindings” for a station are used to determine the current path to the station. APs, context managers, and MIP agents maintain mobility bindings for 802.11 stations.
MSC—Message Sequence Counter. This is effectively the RC4 IV and replay protector.
Native VLAN ID—A switch port and/or AP can be configured with a “native VLAN ID”. Untagged or priority-tagged frames are implicitly associated with the native VLAN ID.
Network Access Identifier (NAI)—An NAI is used to identify a user within a network domain. For example, “joe@cisco.com” is a typical NAI.
NSK—Network Session Key. An NSK is the key established by a successful authentication between a node and its “authenticator”. (The CCM is the authenticator for all infrastructure nodes and the LCM is the authenticator for all MNs, in a campus network. In a standalone subnet domain, the SCM is the authenticator for all nodes in the subnet.)
Originator—The node that “originates” a WLCCP “request” message.
Outbound—An “outbound frame” is forwarded away from the CCM, in the SWAN Topology Tree. An “outbound node” is a “descendant” node that is relatively further from the CCM in the SWAN Topology Tree.
OMNR—Outbound Mobile Node Record
Pairwise Master Key (PMK)—the key established by a successful authentication. This is the term used in both the TGi and SSN draft specification and is a key used to derive PTKs.
Pairwise Transient Key (PTK)—the key mutually derived by AP and MN and is a function of BTK and RN
Path Authentication—Path authentication refers to the process where an AP or child CM mutually authenticates and establishes a path CTK with each of its ancestors. Path-Init and (optionally) intial Registration messages are used for path authentication.
Port—The logical entity that provides access to a SWAN Topology Tree “link”. Multiple logical ports may exist on a single hardware interface.
PNR—Parent Node Record
Primary LAN—The wired Ethernet LAN directly attached to the SCM. Each subnet has one Primary Ethernet LAN. The primary LAN may include multiple Ethernet segments and wired transparent bridges/switches.
Primary Port—The port that is used to attach to the SWAN topology tree. In an SCM, it is the port that is used to access the parent LCM or CCM. In an AP, it is the port that is used to transmit frames toward the primary LAN. An AP primary port can be an Ethernet or 802.11 port. The AP primary port is the “default port” for unicast flooding purposes. [If an AP is co-located with an SCM, then a logical internal link exists between the AP and SCM. A logical AP “internal primary port” provides access to the SCM; however, the Ethernet port is still the “primary port” for frame forwarding purposes.]
PTK—Pairwise Transient Key. This key is used to protect 802.1X and 802.11 data packets between a MN and AP. PTKs are mutually derived by each node in the link based on a predefined strong pseudorandom function, BSSID, RN and BTK.
Reassociation Message—An 802.11 station sends an 802.11 Reassociation Request message to associate with a new parent AP after it roams. The parent AP replies with a Reassociation Response message.
Rekey Request Number (RN)—the counter used to protect PTK key refreshes from replay attacks. The counter is also used as part of the PTK key generator.
Repeater—A repeater is a “wireless AP” that is attached to a parent AP on an 802.11 primary port.
RN—Request Number. A sequence value used to rotate PTKs used between an authenticated MN and Root AP.
Root AP—A “root AP” is directly attached to the primary LAN on its primary Ethernet port.
Root CM—The CM that is at the root of the active SWAN Topology Tree. The CCM is the root CM in a campus network. The SCM is the root CM in a “stand-alone” subnet control domain.
Responder—The destination of a WLCCP Request message or the node that originates a WLCCP Reply message.
SARpM—SCM-Advertisement Reply Message
SCM—Subnet Context Manager. An SCM provides a central control point for each subnet. The SCM establishes the “primary LAN” for each subnet. From the perspective of a MN, a home SCM is the SCM of the home subnet for the MN and a foreign SCM is an SCM on any other “foreign subnet”.
Seamless roaming. A MN is said to roam “seamlessly” if it roams between APs in different subnets without changing its “home IP address”.
Secondary LAN—Any wired Ethernet LAN that is attached to the Primary Ethernet LAN by a wireless link. A secondary LAN may include multiple Ethernet segments and wired transparent bridges/switches.
Secondary Port—A secondary port is any active AP or CM port other than the primary port.
SSID—802.11 Service Set Identifier. Authentication parameters are defined globally per SSID. An SSID can be locally bound to a “home subnet” or VLAN, in each AP.
Simple Security Network (SSN)—Microsoft's specification for a framework used to provide 802.11 security. It mandates use of 802.1X EAP authentication, TKIP and Microsoft's 802.1X 4-way handshake for managing unicast keys and 802.1X 2-way handshake for managing broadcast and multicast keys.
STP—IEEE 802.1D Spanning Tree Protocol. An “STP AP” executes the 802.1D STP and the 802.1D STP is operated on an “STP link”. A “non-STP AP” does not execute the 802.1D STP.
Subnet—An IP subnet. A MN is associated with a single “home subnet” at any given time. Any other subnet is a “foreign subnet”, from the perspective of the MN.
Supplicant—The IEEE 802.1X standard defines the term “supplicant”. A supplicant is a node that is mutually authenticating with an “802.1X authenticator” via an authentication server.
SWAN—Smart Wireless Architecture for Networking, an architecture for radio, network and mobility management within a secure environment.
SWAN Topology Tree—The logical structure of a SWAN network as determined by the SWAN parent/child relationships. The SWAN CCM is at the root of the topology tree.
VLAN—A “Virtual LAN”, as defined in the IEEE 802.1Q standard.
TLV—Type, Length, Value “TLV's” contain optional parameters in WLCCP messages.
Uplink—The logical radio path from an 802.11 child station to its parent AP radio.
URR—Unbound Registration Record.
VLAN—A “Virtual LAN” as defined in the IEEE 802.1Q standard. VLAN tagged frames are transmitted on a VLAN Trunk link.
Wireless station—A MN, repeater, WGB, or child 802.11 bridge.
WGB—A work-group bridge is a non-STP AP with an 802.11 primary port and a secondary Ethernet port that provides access to a non-STP secondary Ethenet LAN segment.
WLAN-Wireless LAN.
WLCCP—Wireless LAN Context Control Protocol.
In addition to the aforementioned acronyms, unless otherwise defined acronyms from the 802.11 specification should be given their usual and customary meaning as defined by the 802.11 specification. The 802.11 specification is hereby incorporated by reference.