1. The Field of the Invention
The present invention is related to secure association for network communications. The present invention is also directed to verification of the network communications, including management frames.
2. Background and Relevant Art
Various techniques have been developed for networking devices and enabling communication in wired and wireless networks. Some of these techniques have been adopted and propagated by the IEEE (Institute of Electrical and Electronics Engineers) standards. For example, the 802.11 standard is generally directed at techniques for networking in an over-the-air interface between a wireless client and a base station or between two wireless clients.
Other networking techniques include, but are not limited to Bluetooth, Personal Area Networks (PAN) with Ultra Wide Band (UWB) technologies, and even wireless Wide Area Network technologies such as the General Packet Radio Service (GPRS).
One problem encountered by existing networking technologies involves the potential for a hack to maliciously broadcast false requests and false information about network device. By doing this, it is possible for a hack to effectively terminate a desired association between network devices and to create undesired or unauthorized associations. Such network security threats are more commonly known by such terms as spoofing, network hijacking, data packet forging and modification, resource starvation attacks, impersonation, and so forth, each of which is undesirable.
Some of the available techniques have been implemented to improve the security of networks by requiring that network devices be authenticated by the network prior to being granted access to the network. This level of security is nice, but fails to overcome all of the known problems in the art. For example, a resource starvation attack could still occur when the capabilities of a network access point are publicized incorrectly by a hack, and such that the network access point appears so attractive that all devices in the serviceable range of the access point choose to access the network through that single access point rather than other available access points. Because the network devices do not currently have any way of verifying the publicized capabilities of the access point, such an attack is possible.
Likewise, once a network device is authenticated, it is possible for a hack to hijack the communications coming from the network device to maliciously append the communications with management frames that can effectively terminate or undesirably alter the association between the network device and the access point. One reason for this is that all of the frames transmitted between the network device and the access points of the network are not verified as being authentic prior to their execution.
One hurdle in overcoming the aforementioned problems is the desire to provide flexibility in the network, particularly within wireless networks, where a wireless device, such as a telephone or PDA moves through the serviceable ranges of various access points. In particular, the security requirements placed on network devices during creation of secure associations with the access points can represent expensive processing operations that have to be replicated in existing systems as the network device moves from one access point to another.
Accordingly, there is still an ongoing need for improved methods and systems for networking devices in wireless and wired networks that do not prohibitively restrict the flexibility of the networks.