The IEEE (Institute of Electrical and Electronic Engineers) 802.11 standard provides guidelines for allowing users to wirelessly connect to a network and access basic services provided therein. It has become more evident in recent years that security and controlled access are necessities in light of the large amount of sensitive information that is communicated over networks today.
Traditionally, the security and controlled access efforts of wireless networking, and more specifically of layer 2 and the 802.11 MAC protocol have been directed toward protecting the data content of the transmission and not toward the prevention of session disruption. In other words, prior efforts have only been directed toward protecting the sensitivity of the content of the data transmitted and not toward the protection of the transmission of management frame packets which control the session integrity and quality.
Of course, access to a network can be restricted by any number of methods, including user logins and passwords, network identification of a unique identification number embedded within the network interface card, call-back schemes for dial-up access, and others. These conventional protection schemes are directed toward controlling the overall access to the network services and toward protecting the data transmissions.
Unfortunately, identifying information contained within the management frames transmitted via a network (e.g. IEEE 802.11 network) has not been the focus of protection in traditional security schemes. This lack of protection leaves the network vulnerable to attackers whereby an attacker can spoof a MAC address thereby impersonating valid stations. For example, such attacks can lead to session interruption by an imposter posing as a valid user sending a disassociation request which can result in disruption of the trusted user's session. Additionally, the integrity of management frames should also be protected. For example, some frame characteristics that could potentially be compromised include changing the destination address or perhaps values of information elements.
Additionally, a network session may also be crippled if an action management frame is impersonated or forged thereby affecting the quality of service as well as other capabilities.
In view of the foregoing, it may be useful to provide methods and systems that facilitate more extensive control between wireless entities such that the trust relationship includes the authentication of management frame data packets transmitted via the network to allow detection of a compromised connection, as well as preventing a connection from being compromised.
The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent to those of skill in the art upon a reading of the specification and a study of the drawings.