Networks can be arranged in a star topology. A star topology allowed a central actor(s) (e.g., access point (AP), authentication/authorization/accounting (AAA) server) to facilitate key generation and distribution. Networks can also be arranged in other topologies (e.g., a mesh). A mesh topology typically employs distributed techniques that do not rely on a single central actor to establish and generate keys. However, such techniques are computationally intensive and generally require, for example, on the order of O(N2) communications for key distribution, where N is an integer that represents the number of stations in the mesh topology.
Emerging topologies (e.g., piconet basic server set (PBSS)) that include a central secret holder/provider, that allow secure, direct, station-to-station communications and that allow secure station (STA) to station broadcast communications have faced challenges finding appropriate key generation and distribution techniques.
In a conventional star topology, only a single broadcast key is required because all broadcast messages transit (or pass through) the access point. In a PBSS, where stations may broadcast without using a central actor (e.g., PBSS control point (PCP)), multiple broadcast keys may be required, thereby complicating issues associated with key generation and distribution. Additionally, in a conventional star topology, even station-to-station communications pass through the access point. In a PBSS, station-to-station communications can occur directly, without passing through a hub (e.g., AP, PCP). Once again this complicates pair-wise key generation and distribution issues.
Conventionally 802.11 networks have two basic modes of operation: an ad hoc mode, and an infrastructure mode. In the ad hoc mode, peers engage in peer to peer (P2P) communications with no AP access. The peers use an independent basic service set (IBSS) to support the P2P (a.k.a. station-to-station (S2S)) communications. In infrastructure mode, communicating stations rely on an AP.
Prior Art FIG. 1 illustrates a conventional 802.11 star topology including an access point (AP) 100, a first station STA1, a second station STA2, and an authentication, authorization, and accounting (AAA) server 110. When STA1 wants to have a secure communication with AP 100, then STA1 and AP 100 communicate with AAA server 110 to acquire copies of a pair-wise master key (PMK). The PMK can then serve as a shared secret from which STA1 and AP 100 can both compute pair-wise keys. For example, STA1 and AP 100 can compute a pair-wise transient key (PTK) as a function of the shared secret and some unique information communicated between STA1 and AP 100. The AAA server 110 may be, for example, a RADIUS server.
If STA2 also wants to have a secure communication with AP 100, then STA2 and AP 100 both communicate with AAA server 110 to acquire a different PMK and then compute a separate PTK based on this different PMK and different unique information communicated between STA2 and AP 100. If STA1 wants to have a secure communication with STA2 then in effect two separate pair-wise secure communications may occur, one between STA1 and AP 100 and one between STA2 and AP 100. The secured data that is communicated between STA1 and STA2 will transit the AP 100. In one configuration, STA1 and STA2 may have also acquired pair-wise keys that they use to secure communications that will transit AP 100. In one example, STA1 and STA2 may also use the pair-wise keys for direct secure communications between themselves without transiting the AP 100.
In the conventional topology illustrated in Prior Art FIG. 1, AP 100 may also generate a group-wise master key (GMK) and compute a group-wise transient key (GTK) based on the GMK for securing group (e.g., broadcast) communications. AP 100 may provide the GTK to STA1, STA2, and other members of the group to which the message will be broadcast. Thus, Prior Art FIG. 1 illustrates a conventional system where two stations that share a first secret (e.g., PMK) can each generate a second secret (e.g., PTK) as a function of the first secret and some unique information. The unique information can be shared using a conventional four-way handshake. Additionally Prior Art FIG. 1 illustrates a conventional system where a central actor can provide a broadcast key.