1. Field of the Invention
The present application relates generally to wireless networking, and more particularly to improving the privacy and security levels of a user's interactions with the network.
2. General Background Discussion
Internet Protocol
IP is a connectionless protocol. The connection between end points during a communication is not continuous. When a user sends or receives data or messages, the data or messages are divided into components known as packets. Every packet is treated as an independent unit of data.
In order to standardize the transmission between points over the Internet or the like networks, an OSI (Open Systems Interconnection) model was established. The OSI model separates the communications processes between two points in a network into seven stacked layers, with each layer adding its own set of functions. Each device handles a message so that there is a downward flow through each layer at a sending end point and an upward flow through the layers at a receiving end point. The programming and/or hardware that provides the seven layers of function is typically a combination of device operating systems, application software, TCP/IP and/or other transport and network protocols, and other software and hardware.
Typically, the top four layers are used when a message passes from or to a user and the bottom three layers are used when a message passes through a device (e.g., an IP host device). An IP host is any device on the network that is capable of transmitting and receiving IP packets, such as a server, a router or a workstation. Messages destined for some other host are not passed up to the upper layers but are forwarded to the other host. In the OSI and other similar models, IP is in Layer-3, the network layer. The layers of the OSI model are listed below.
Layer 7 (i.e., the application layer) is a layer at which, e.g., communication partners are identified, quality of service is identified, user authentication and privacy are considered, constraints on data syntax are identified, etc.
Layer 6 (i.e., the presentation layer) is a layer that, e.g., converts incoming and outgoing data from one presentation format to another, etc.
Layer 5 (i.e., the session layer) is a layer that, e.g., sets up, coordinates, and terminates conversations, exchanges and dialogs between the applications, etc.
Layer-4 (i.e., the transport layer) is a layer that, e.g., manages end-to-end control and error-checking, etc.
Layer-3 (i.e., the network layer) is a layer that, e.g., handles routing and forwarding, etc.
Layer-2 (i.e., the data-link layer) is a layer that, e.g., provides synchronization for the physical level, does bit-stuffing and furnishes transmission protocol knowledge and management, etc. The Institute of Electrical and Electronics Engineers (IEEE) sub-divides the data-link layer into two further sub-layers, the MAC (Media Access Control) layer that controls the data transfer to and from the physical layer and the LLC (Logical Link Control) layer that interfaces with the network layer and interprets commands and performs error recovery.
Layer 1 (i.e., the physical layer) is a layer that, e.g., conveys the bit stream through the network at the physical level. The IEEE sub-divides the physical layer into the PLCP (Physical Layer Convergence Procedure) sub-layer and the PMD (Physical Medium Dependent) sub-layer.
Typically, layers higher than layer-2 (such as, e.g., layers including the network layer or layer-3 in the OSI model and the like) are referred to as the higher-layers.
Wireless Networks
Wireless networks can incorporate a variety of types of mobile devices, such as cellular and wireless telephones, PCs (personal computers), laptop computers, wearable computers, cordless phones, pagers, headsets, printers, PDAs, etc. For example, mobile devices may include digital systems to secure fast wireless transmissions of voice and/or data.
Wireless LANs (WLANs) in which a mobile user can connect to a local area network (LAN) through a wireless connection may be employed for wireless communications. Wireless communications can include communications that propagate via electromagnetic waves, such as light, infrared, radio, microwave. There are a variety of WLAN standards that currently exist, such as, e.g., Bluetooth, IEEE 802.11, and HomeRF.
IEEE 802.11 specifies technologies for wireless LANs and devices. Using 802.11, wireless networking may be accomplished with each single base station supporting several devices. In some examples, devices may come pre-equipped with wireless hardware or a user may install a separate piece of hardware, such as a card, that may include an antenna. By way of example, devices used in 802.11 typically include three notable elements, whether or not the device is an access point (AP), a mobile station (STA), a bridge, a PCMCIA card or another device: a radio transceiver; an antenna; and a MAC (Media Access Control) layer that controls packet flow between points in a network.
Wireless networks can also involve methods and protocols found in Mobile IP (Internet Protocol) systems, in PCS systems, and in other mobile network systems. With respect to Mobile IP, this involves a standard communications protocol created by the Internet Engineering Task Force (IETF). With Mobile IP, mobile device users can move across networks while maintaining their IP Address assigned once. See Request for Comments (RFC) 3344. Mobile IP enhances Internet Protocol (IP) and adds means to forward Internet traffic to mobile devices when connecting outside their home network. Mobile IP assigns each mobile node a home address on its home network and a care-of-address (CoA) that identifies the current location of the device within a network and its subnets. When a device is moved to a different network, it receives a new care-of address. A mobility agent on the home network can associate each home address with its care-of address. The mobile node can send the home agent a binding update each time it changes its care-of address by using a protocol such as Internet Control Message Protocol (ICMP).
In basic IP routing, routing mechanisms typically rely on the assumptions that each network node always has a constant attachment point to the Internet and that each node's IP address identifies the network link it is attached to. In this document, the terminology “node” includes a connection point, which can include a redistribution point or an end point for data transmissions, and which can recognize, process and/or forward communications to other nodes. For example, Internet routers can look at an IP address prefix or the like identifying a device's network. Then, at a network level, routers can look at a set of bits identifying a particular subnet. Then, at a subnet level, routers can look at a set of bits identifying a particular device. With typical mobile IP communications, if a user disconnects a mobile device from the Internet and tries to reconnect it at a new subnet, then the device has to be reconfigured with a new IP address, a proper netmask and a default router. Otherwise, routing protocols would not be able to deliver the packets properly.
MAC Addresses and Privacy
The Media Access Control (MAC) address serves as a unique identifier of a network device. A MAC address is assigned to a network device at the manufacturing stage (typically after having undergone a quality control inspection) by burning or writing it into a permanent location in the network device, such as in ROM. Because of the need to provide a unique MAC address for each network device, MAC address assignment has to be centrally controlled. Consequently the association of MAC addresses with purchasers or users of the network devices is possible, with the result that an observer is able to trace the movements of users based on the MAC address. This also will enable the collection of user history and profile data by an observer. This is possible even when layer 2 security is being used to encrypt the layer 2 packets.
To prevent compromising of user privacy and security, the concept of temporary device identifiers has been proposed in other areas such as 3G networks. In the case of 3G networks, the procedure to use temporary device identifiers is as follows. Every 3G device has a permanent identifier analogous to the permanent MAC address for WLAN devices. When the 3G device desires to connect to a base station, it first sends its permanent identifier “in the clear” (i.e. unencrypted) to the base station. The base station in reply sends to the 3G device (also in the clear) a temporary identifier that the 3G device can then start using. Because the base station allocates the temporary addresses, it can ensure that a single address is not allocated to multiple devices simultaneously.
A problem in 3G networks is the initial usage of the permanent identifier “in the clear,” i.e. in an unencrypted manner such that the permanent identifier may be observed by third parties. The 3G system allocates the temporary identifier only after the initial insecure transmission of the permanent identifier. Thus, anybody “listening to” or monitoring communications on the wireless channel continuously would be able to link the temporary address to the permanent address and from there draw inferences about the communication pattern of a device.
In an attempt to avoid this, 3G networks include the concept of a temporary address called TMSI, or Temporary Mobile Subscriber Identity. TMSI has only local significance (e.g., within a VLR (Visitor Location Register) and the area controlled by a VLR, or within an SGSN (Serving General Packet Radio Service Support Node) and the area controlled by an SGSN). As a result, the structure and coding of the TMSI can be defined by agreement between the network operator and manufacturer to meet local needs. This implies the presence of protocols in the 3G network to ensure the uniqueness of the TMSI.
In the case of WLANs, in contrast, it must be ensured that any temporary identifier is unique within a given region that can correspond either to a single Access Point (AP), to multiple APs with the same ESSID (Extended Service Set Identifier), or to multiple APs with different ESSIDs, but which belong to the same organization and are hence accessed via a single router.
The 3G network solution does not provide an efficient solution to the problem in WLANs. With the 3G approach, a mobile device would have to contact the Access Point, which would then allocate a temporary MAC address to the mobile device. This temporary MAC address would have to be unique across the entire region within which the mobile device would be operational. As discussed above, this region could span a single AP, multiple APs with the same ESSID or multiple APs with different ESSIDs.
It would not be difficult to ensure the uniqueness of a temporary MAC address across a region that spans a single AP, as the single AP itself can ensure this during allocation. However, when the mobile device moves from that region to an area covered by a different Access Point, then ensuring that the temporary MAC address is unique would require coordination and negotiation between the involved Access Points (i.e., the old AP and the new AP).
In view of the foregoing, a more efficient solution is needed in the WLAN art, which would be able to allocate a temporary MAC address to a mobile device such that the temporary MAC address would be unique across the region, and which does not require cumbersome and costly coordination and negotiation among Access Points. In addition, the temporary MAC address should provide user anonymity in all cases irrespective of whether the WLAN channel is being monitored or eavesdropped upon.