Wireless networks have experienced increasing development over the past several years. Two particular examples are the wireless local area network (LAN), and the wireless metropolitan area network (MAN), both of which typically include several wireless stations (e.g., a laptop with a wireless Ethernet-type card) which communicate with one or more access points (e.g., a server) via radio frequency signals, for example. The fixed nodes may be used to provide a bridge between the wireless LAN/MAN and a wired network, such a telephone network, for example, as well as facilitate communications between wireless nodes. Of course, in some wireless LANs/MANs the wireless stations may, to a limited extent, also engage in direct peer-to-peer communications with one another.
One of the more prominent standards which has been developed for regulating communications within wireless LANs/MANs is that of the Institute of Electrical and Electronic Engineers' 802 LAN/MAN Standards Committee, entitled “IEEE Standards for Information Technology—Telecommunications and Information Systems—Local and Metropolitan Area Network—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications,” 1999, which is hereby incorporated herein in its entirety by reference. In addition to providing wireless communications protocols, the 802.11 standard also defines a wired equivalent privacy (WEP) algorithm which is used to protect wireless signals from eavesdropping, as wireless signals are typically more vulnerable to being intercepted than signals sent on wired networks. WEP relies on a secret key that is shared between wireless stations and an access point. The secret key is used to encrypt data packets prior to transmission, and an integrity check is used to ensure that packages are not modified during the transmission.
Nonetheless, it has recently been discovered that the WEP algorithm is not as immune to external attacks as once believed. For example, in an article entitled “Intercepting mobile communications: The Insecurity of 802.11” by Borisov et al., MOBICOM, Rome, Italy, July 2001, the authors set forth a number of vulnerabilities in WEP. In particular, it was noted that a significant breach of security occurs when two messages are encrypted using a same initialization vector (IV) and secret key, as this can reveal information about both messages. More particularly, in accordance with WEP message ciphertext is generated using an exclusive OR operation. By exclusive ORing ciphertext from two messages generated using the same IV, the key streams cancel out and it is then possible to recover the plain text. As such, this key stream re-use is susceptible to a decryption dictionary attack in which a number of messages are stored and compared to find multiple messages generated with a same IV.
Moreover, in a presentation by Fluhrer et al. entitled “Weaknesses in the Key Scheduling Algorithm of RC4” delivered in August of 2001 at the Eighth Annual Workshop on Selected Areas in Cryptography, several weaknesses in the key scheduling algorithm of WEP were outlined along with a proposed method for exploiting these weaknesses, which is commonly known as the “Fluhrer attack.” Others have subsequently implemented the Fluhrer attack and established its viability. See, e.g., Stubblefield et al., “Using the Fluhrer, Mantin, and Shamir Attack to Break WEP,” AT&T Labs Technical Report TD-4ZCPZZ, Aug. 6, 2001.
As a result of such newly discovered weaknesses in WEP, several attempts have been made to make WEP less susceptible to external attacks. One such approach developed by RSA Security Inc. is called “Fast Packet Keying.” This approach uses a hashing function that generates a unique pseudo-random key for each packet of data sent over the wireless LAN. The hash function is implemented in two phases. Phase one involves key mixing where the transmitter address (TA) is mixed into a secret temporal key (TK) to ensure that the various parties encrypting with the TK use different key streams.
By mixing the TA and the TK, a different set of keys is used by each party. Traffic sent by a wireless station to the access point uses a different set of keys than traffic sent by the access point to the wireless station. This output is typically cached to improve performance and can be reused to process future packets with the same TK and TA. Phase two mixes the output of the first phase with an IV and generates a unique per-packet key for each data packet. To avoid any repetition of keys, a different IV is used for each packet encrypted under the TK.
Another approach called “Key Hopping” has been developed by NextComm, Inc. This approach requires that security keys be switched on a frequent basis to make it more difficult for intruders to adapt to the air traffic to learn and break the encryption. The existing key set mechanism used in WEP is therefore modified to generate “session keys” using the previously defined secret WEP key, a basic service set identifier (BSSID), and a random seed. Further details regarding this approach may be found in a white paper by Ying entitled “Key Hopping—A Security Enhancement Scheme for IEEE 802.11 WEP Standards,” February 2002, available at http://www.nextcomm.com.
One potential drawback of the above approaches is that it may be cumbersome to continuously generate and/or distribute temporary or session keys to different nodes in the network. Further, the temporary key distribution mechanism for Fast Packet Keying as yet remains unspecified. Generation of session keys in Fast Packet Keying also requires infrastructure such as an Access Point, and is less suitable for ad-hoc WLANs.