Ad hoc networks are self-forming networks including a number of nodes which can operate with or without any fixed infrastructure, and in some cases the ad hoc network is formed entirely of mobile nodes. An ad hoc network typically includes a number of geographically-distributed, potentially mobile nodes which are wirelessly connected to each other by one or more logical links (e.g., radio frequency communication channels). The nodes can be fixed or mobile and can communicate with each other over a wireless media with or without the support of an infrastructure-based or wired network. Logical links between these nodes can change dynamically in an arbitrary manner as existing nodes move within the ad hoc network, as new nodes join or enter the ad hoc network, or as existing nodes leave or exit the ad hoc network. A single-hop logical link can only exist between two nodes when they are within direct communication range. A multi-hop logical link can only exist between two nodes whenever a set of single-hop logical links can be used to construct a path between the nodes. Such multi-hop logical links are either instantaneously coherent (e.g. all single-hop links are present at the same time) or deferred coherent (e.g. all single-hop links are expected to be present or were present over a period of time).
A node typically includes an ad hoc interface such as an IEEE 802.11 interface which continuously scans for other nodes in its ad hoc network. IEEE 802.11 communication systems allow for “proximity-based” communications. For example, when two nodes are mobile within a geographic area, those nodes can communicate within a range of approximately 50 meters or 165 feet of each other. Nodes can operate in at least two different modes within a network: an autonomous ad hoc mode and an infrastructure mode.
In infrastructure mode, typically only one communication hop is used from a mobile node to an access point (AP) or other base station (e.g., a node with an infrastructure connection). For example, IEEE 802.11 protocols assume that a particular mobile node can rely on the presence of other nodes or access points (APs) in close proximity at any given time. For instance, IEEE 802.11-based protocols assume that the availability of internet access points (APs) which provide nodes in the network with access to different services on, for example, the Internet or other infrastructure.
An autonomous ad hoc network operates in the absence or presence of infrastructure components such as a base station or Wireless Local Area Network (WLAN) access point (AP). In autonomous ad hoc mode, communications single-hop or multi-hop over logical links locally between nodes. Such nodes are sometimes referred to as peer nodes or peers in this context. Processes typically referred to as service discovery or peer discovery can be used so that a particular node can recognize when it encounters another node in its proximity.
Nodes often require authentication for certain secure operations such as when accessing remote databases or networks or before communicating with other nodes.
In prior systems, a centralized authentication procedure is utilized where a single Access Point (AP), such as a base station, handles an authentication process for all nodes within range of the AP. For instance, systems which adhere to American National Standards Institute/Institute of Electrical and Electronics Engineers (ANSI/IEEE) 802.1X or ANSI/IEEE 802.11i standards utilize such a centralized procedure to control access to network resources.
IEEE 802.1X is an IEEE standard initially designed to provide authentication, access control, and key management in both wired and wireless networks. Three entities defined in 802.1X are a Supplicant, an Authenticator and an Authentication Server (AS). The Supplicant is the node seeking authentication and access authorization. The Authenticator or Network Access Server (NAS) is the node with which the Supplicant communicates directly. The AS, sometimes referred to as the Authentication, Authorization and Accounting (AAA) Server, authenticates and grants access, if authorized, to a Supplicant based on the Supplicant's credentials. An AS can be co-located with an Authenticator. Authentication is conducted between the Supplicant and the Authentication Server while the Authenticator acts as a pass-through of the authentication messages. The Authenticator has an uncontrolled port and a controlled port for every client. Before a client is authenticated, only authentication messages are allowed to pass through the uncontrolled port. Only after the Supplicant is successfully authenticated can other traffic be passed via the controlled port.
An exemplary protocol used for these communications between the Supplicant and the Authentication Server is EAP (Extensible Authentication Protocol). For 802.1X, EAP messages between the Supplicant and the Authenticator are encapsulated in EAPOL (EAP over local area network (LAN)) message formats. EAP is flexible and extensible in supporting multiple authentication mechanisms such as user password, certificate based authentication, one time password, authentication token or smart card, and the like. It provides a vehicle to negotiate and use appropriate authentication mechanisms including those which derive keying material at the Supplicant and the AS.
An authentication procedure can begin when a node transmits an authentication request using, for example, an Extensible Authentication Protocol (EAP) comprising EAP Over Local Area Network (EAPOL) packets. The authentication process involves several EAPOL packets being transmitted and received, beginning with an EAP start packet and finishing with either an EAP success message packet or an EAP failure message packet. The authentication server stores the authentication credentials of a mobile device (typically called a Supplicant) that is being authenticated. Authentication servers also can be connected to other authentication servers to obtain Supplicant authentication credentials that are not stored locally.
As described in the “IEEE Standard for Local and metropolitan area networks—Port-Based Network Access Control”, IEEE 802.1X-2001, June 2001, Supplicants (or nodes seeking to authenticate and gain access) are assumed to be one hop from the Authenticator (e.g., an access point (AP)) which grants or refuses access. Traditional 802.1X does not contemplate multi-hop communication between the Supplicant and the Authenticator. Because every Supplicant can be authenticated only via an AP, such a centralized procedure might not be practical in ad hoc wireless communication networks that have nodes outside of the wireless communication range of an AP.
Current 802.1X Supplicants of the IEEE 802.11i/Robust Secure Network (RSN) mandatory Authentication Framework are required to be synchronized with the 802.11 Mac-Layer-Management-Entity's (MLME) 3-states model of the IEEE 802.11 standard. The MLME state-machine that represents the 802.11 topology relationship is the function that drives 802.1X security association establishment. Within this framework, the 802.1X-Supplicant is triggered by MLME change-of-state events. The information needed for the 802.1X security association, like AP identity and capabilities, is provided to the 802.1X Supplicant entity by MLME events. However 802.11 MLME does not support AP-to-AP topology relationships such as those used in multi-hop infrastructure or multi-hop ad hoc networks.
IEEE 802.11s describes security establishment based on MLME processes, and provides two different models which can be used during security association establishment: the distributed 802.1X model, and the centralized-802.1X model. In both the distributed 802.1X model and the centralized-802.1X model, establishment of security associations between neighbors is performed independently of each other's 802.1X state; and neither model contemplates the use of real-time neighbor and multi-hop information used to create security associations between nodes. Because IEEE 802.11 MLME does not support AP-to-AP topology relationships, such as those used in an 802.11s multi-hop network, real-time neighbor node and multi-hop information is unavailable for security association establishment and removal. Furthermore, the MLME defined state machine does not take into consideration the needed synchronization between real-time neighbor events and security association states.
IEEE 802.11i also specifies rules/procedures for removal of security associations. Security associations are removed according to specific MLME events of the 802.11 protocol. However, the MLME does not take into account the AP-to-AP topology relationships that exist in ever changing multi-hop ad hoc and infrastructure networks.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.