1. Field of the Invention
The present invention relates to an apparatus and method for securing media access control (MAC) addresses in a wireless local area network (LAN) environment.
2. Description of the Related Art
FIG. 1 is a diagram illustrating a conventional wireless LAN environment. Referring to FIG. 1, the conventional wireless LAN environment includes a mobile station 1, access point (AP) A (21), AP B (22), AP C (23), access router (AR) A (31), and AR B (32).
Suppose that the mobile station 1 moves from a basic service set (BSS) managed by AP A (21) to a BSS managed by AP B (22) and from the BSS managed by AP B(22) to a BSS managed by AP C (23). A BSS is a wireless LAN based on the IEEE 802.11 standard. AR A (31), AP A (21) and AP B (22) managed by AR A (31), and the BSSs managed by AP A (21) and AP B (22) constitute a first subnet. Likewise, AR B (32), AP C (23), and the BSS managed by AP C (23) constitute a second subnet. In short, the mobile station 1 can move from the first subnet to the second subnet by departing from the BSS managed by AP B (22) and entering the BSS managed by AP C (23).
According to the IEEE 802.11 standard, the mobile station 1 searches for an AP that it can currently communicate with in a passive or active manner. In the passive manner, the mobile station 1 searches for the AP that it can currently communicate with by receiving beacon frames from AP A (21), AP B (22), and AP C (23). Alternatively, in the active manner, the mobile station 1 searches for the AP that it can currently communicate with by transmitting probe request frames to AP A (21), AP B (22), and AP C (23).
If the AP that can currently communicate with the mobile station 1 is AP A (21), the mobile station 1 transmits an association request frame or re-association request frame to AP A (21) using its MAC address as a source address and the MAC address of AP A (21) as a destination address in order to associate or re-associate with AP A (21). Thereafter, the mobile station 1 confirms that it has associated or re-associated with AP A (21) when receiving a response frame from AP A (21) and communicates with terminals in a wired network via AP A (21). An example of the wired network is the Internet.
As described above, the mobile station 1 uses MAC addresses when communicating with AP A (21), AP B (22), or AP C (23) in a link layer. However, the mobile station 1 uses IP addresses when communicating with terminals on the Internet via AP A (21), AP B (22), or AP C (23) in an Internet protocol (IP) layer.
FIG. 2 is a diagram illustrating the formats of conventional addresses. Referring to FIG. 2, a conventional MAC address is comprised of a company identifier field 101, which is managed by the IEEE, and an extension identifier field 102, which is managed by a manufacturer of a network interface card. The conventional MAC address is determined when the network interface card is manufactured. The network interface card has a unique MAC address of its own. Accordingly, the mobile station 1 with the network interface card installed therein also has a unique MAC address of its own.
A conventional IP version 6 (IPv6) address is comprised of a subnet prefix field 201 and an interface identifier field 202. The interface identifier field 202 is comprised of a company identifier field 101, which is comprised of 24 most significant bits of the conventional MAC address, FFFE 103, and an extension identifier Field 102, which is comprised of 24 least significant bits of the conventional MAC address.
As described above, the mobile station 1 has a unique MAC address of its own. Thus, if a third person knows about the MAC address of the mobile station 1, he or she can also know about a station or a user that currently communicates with an AP. Therefore, the third person can interfere with an authorized person's communication with the AP, can steal the authorized person's personal information, or can exploit the authorized person's communication with the AP for illegal purposes. In short, the security of conventional MAC addresses is flawed.