§1.1 Field of the Invention
The present invention concerns wireless communications. More specifically, the present invention concerns enabling certain security features in wireless communications, such as communications taking place in a wireless LAN in which a “helper” node helps a source node to send data to a destination node.
§1.2 Background Information
U.S. Pat. No. 7,330,457 (referred to as “the '457 patent” and incorporated herein by reference) describes an improvement over the then current IEEE 802.11 protocol. More specifically, the '457 patent describes a media access control (referred to as “MAC”) protocol that can achieve better performance, provide fair service, reduce interference, and improve coverage in an area covered by multiple access points, while being backwards compatible with current IEEE 802.11 standards. Further, the approach described in the '457 patent could be used with other wireless techniques and protocols.
As described in the '457 patent, a helper node can be used to forward data from a source node to a destination node in accordance with a Cooperative MAC protocol (referred to as “CoopMAC”). Generally, under the CoopMAC protocol, when it is advantageous to do so, each station sends the data packets to a destination station via an intermediate station, instead of to the destination station directly. That is, the intermediate station, which serves as a helper to the source, forwards packets received from the source station to the intended destination station. This cooperative data transmission approach can result in system performance improvement if the total time consumed by two-hop transmission (i.e., transmission via the helper station) is less than direct transmission. Such a determination may be made using rate information stored at each station. Specifically, using the rate information, signaling needed to set up a transmission, the amount of data to be transmitted, etc., transmitting the data directly and via a help station may be compared.
FIG. 1 (which corresponds to FIG. 1 of the '457 patent) illustrates transmission paths between a source station 105, a helper station 110 and a destination station 115. In particular, it illustrates a transmission via a helper station 110 versus a direct transmission from source 105 to destination 115. In FIG. 1, the dashed arrow represents the legacy direct data transmission path, while the solid lines show cooperative data forwarding at the MAC layer done in a manner consistent with the present invention.
Although the CoopMAC protocols described in the '457 and the like provide numerous advantages, a number of security issues may need to be considered. One potential security issue is that the helper might change the destination address of the intended recipient of the frame. Thus, the frame will reach a node not intended by the source. The source might not know this, so it will think that it is communicating with the intended recipient and may end up voluntarily sending it privileged information, such as username and passwords. This type of an attack is possible when no wireless encryption scheme is used and if the Wired Equivalent Privacy (referred to as “WEP”) scheme is used. If no wireless encryption scheme is employed, then an alteration of the address field in the header cannot be detected. In a related security issue, the payload might be modified. Such a modification might go undetected if no encryption or WEP is used and if there is a single shared key. Under WEP, an integrity check value (referred to as “ICV”) is calculated over the data or payload portion only. Consequently, any changes to the header would not be detectable. The Rivest Cipher 4 (referred to as “RC4”) stream cipher used in WEP, with a 24-bit initialization vector (referred to as “IV”), has a 50% probability of reuse after 5000 packets. If compromised, it can be used by an attacker.
Another security issue is that the helper might modify the packet payload before forwarding the packet. This can be easily done when no encryption is used and even when WEP is used if the key has been compromised. This cannot be easily avoided unless the transmitter and receiver can themselves find that there is a lot of delay in the received packets (which will be caused by calculations of CRC, etc. at the helper), in which case they may use some other helper.
As noted above, encryption might be used to avoid certain security issues. IEEE 802.11i, also known as WiFi Protected Access 2 (referred to as “WPA2”), is an amendment to the 802.11 standard specifying security mechanisms for wireless networks. Since WEP has been shown to have severe security weaknesses, WPA had previously been introduced as an intermediate solution to WEP insecurities. WPA implemented a subset of 802.11i. 802.11i makes use of the Advanced Encryption Standard (“AES”) block cipher. WEP and WPA use the RC4 stream cipher.
The 802.11i architecture uses 802.1X for authentication, RSN for keeping track of associations, and AES-based Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (referred to as “CCMP”) to provide confidentiality, integrity and origin authentication. Like WPA, 802.11i has a pre-shared key (referred to as “PSK”) mode designed for home and small office networks that cannot afford the cost and complexity of an 802.1X authentication server. Using PSK, each user must enter a passphrase to access the network. The passphrase is typically stored on the user's computer, so it need only be entered once.
802.11i uses Temporal Key Integrity Protocol (referred to as “TKIP”) as a security protocol in WPA. FIG. 2 illustrates a TKIP MAC Protocol Data Unit (referred to as “MPDU”). WPA is used for WiFi networks to correct deficiencies in the older WEP standard. TKIP was designed to replace WEP without replacing legacy hardware. (This was important because the breaking of WEP had left WiFi networks without viable link-layer security, and the solution to this problem could not wait for the replacement of deployed hardware.) For this reason, like WEP, TKIP uses a key scheme based on RC4. However, unlike WEP, TKIP provides per-packet key mixing, a message integrity check and a rekeying mechanism. TKIP ensures that every data packet is sent with its own unique encryption key. Key mixing increases the complexity of decoding the keys by giving the cracker much less data that has been encrypted using any one key. The message integrity check prevents forged packets from being accepted.
Under WEP, it was possible to alter a packet whose content was known even if it had not been decrypted. TKIP also hashes the initialization vector (referred to as “IV”) values, which are sent as plaintext, with the WPA key to form the RC4 traffic key, addressing one of WEP's largest security weaknesses. WEP simply concatenated its key with the IV to form the traffic key, allowing a successful related key attack.
802.11i uses CCMP as an encryption protocol. FIG. 3 illustrates a CCMP MPDU. CCMP was created, together with TKIP, to replace an earlier, insecure, WEP protocol. CCMP uses the Advanced Encryption Standard (referred to as “AES”) algorithm. Unlike TKIP, with CCMP, key management and message integrity are handled by a single component built around AES. Data is encrypted using counter (referred to as “CTR”) mode AES. Authentication is achieved by using a Cipher Block Chaining Message Authentication Code (referred to as “CBC-MAC”). This combination of CTR and CBC-MAC is what constitutes CCMP. CCMP encapsulations attempt to ensure the confidentiality and integrity of the communications channel, and to prevent replay attacks. Integrity is assured by calculating a Message Integrity Code (referred to as “MIC”) sum to check if a message is altered, protecting data from replay attacks.
As can be appreciated from the foregoing, it would be useful to address security issues inherent in wireless communications protocols that use a helper node to forward data from a source node to a destination node, such as CoopMAC for example. It would be useful to allow authentication and/or encryption, such as that proposed in 802.11i for example.