Wireless communication systems typically include wireless access nodes, such as base stations, which coordinate wireless communications between wireless communication devices and a wireless communication network. In many examples of wireless communication systems, a network entry process must be completed before user communications can be exchanged between the wireless communication device and the wireless communication network.
The network entry process could include different phases during which a wireless communication device and a wireless access node exchange information related to initiating communications with the wireless communication network. This information related to initiating communications is typically transferred over a wireless link between the wireless communication device and the wireless access node.
Unfortunately, the wireless link can be susceptible to security attacks by which unauthorized users and devices can gain access to the wireless communication network by exploiting the information exchanged during the network entry process. Some examples of the security attacks include man-in-the-middle attacks, where a device is used to intercept wireless communications over a wireless link and impersonate the identity of a wireless communication device or a wireless access node.
Overview
What is disclosed is a method of operating a wireless communication system. The method includes exchanging wireless communications between a wireless access node and a wireless communication device to perform a network entry process, where the network entry process comprises at least a capability exchange phase and a subsequent authentication exchange phase. The method also includes, during the capability exchange phase, transferring a capability negotiation message from the wireless communication device, and receiving the capability negotiation message in the wireless access node. The method also includes, during the authentication exchange phase, transferring an authentication key associated with the wireless communication device and a digital signature for the capability negotiation message from the wireless communication device, and receiving the authentication key associated with the wireless communication device and the digital signature for the capability negotiation message in the wireless access node. The method also includes authenticating the capability negotiation message by processing the digital signature for the capability negotiation message and the authentication key associated with the wireless communication device.
What is also disclosed is a wireless communication system. The wireless communication system includes a wireless access node and a wireless communication device configured to perform a network entry process by exchanging wireless communications, where the network entry process comprises at least a capability exchange phase and a subsequent authentication exchange phase. During the capability exchange phase, the wireless communication device is configured to transfer a capability negotiation message, and the wireless access node is configured to receive the capability negotiation message. During the authentication exchange phase, the wireless communication device is configured to transfer an authentication key associated with the wireless communication device and a digital signature for the capability negotiation message, and the wireless access node is configured to receive the authentication key associated with the wireless communication device and the digital signature for the capability negotiation message. The wireless access node is configured to authenticate the capability negotiation message by processing the digital signature for the capability negotiation message and the authentication key associated with the wireless communication device.