WO2008014971A2 - Method for protecting location information in wireless communication networks - Google Patents

Method for protecting location information in wireless communication networks Download PDF

Info

Publication number
WO2008014971A2
WO2008014971A2 PCT/EP2007/006758 EP2007006758W WO2008014971A2 WO 2008014971 A2 WO2008014971 A2 WO 2008014971A2 EP 2007006758 W EP2007006758 W EP 2007006758W WO 2008014971 A2 WO2008014971 A2 WO 2008014971A2
Authority
WO
WIPO (PCT)
Prior art keywords
access point
packet
sequence number
key
encryption
Prior art date
Application number
PCT/EP2007/006758
Other languages
French (fr)
Other versions
WO2008014971A3 (en
Inventor
Joao Girao
Frederik Armknecht
Alfredo Matos
Rui Luis Aguiar
Original Assignee
Nec Europe Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nec Europe Ltd. filed Critical Nec Europe Ltd.
Publication of WO2008014971A2 publication Critical patent/WO2008014971A2/en
Publication of WO2008014971A3 publication Critical patent/WO2008014971A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/02Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
    • H04W8/08Mobility data transfer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/04Interfaces between hierarchically different network devices
    • H04W92/10Interfaces between hierarchically different network devices between terminal device and access point, i.e. wireless air interface

Definitions

  • the present invention concerns a method for protecting location information in wireless communication networks, wherein the communication network includes an access point, as well as nodes associated with the access point.
  • Wireless communication networks in particular WLANs (wireless local area networks), gain more and more popularity and are increasingly installed, for example, in airports and train stations, shopping malls, cafes, office rooms, universities etc.
  • This kind of communication networks has the advantage that nodes can always be "connected” and can hence- continuously receive information from the network or exchange information with other nodes.
  • the constant connection to the network also shows some disadvantages though, which can be severe with regard to the loss of privacy, even though most of the users are not really aware of it. For example, third parties can track a change of the location that happened while being connected to the communication network.
  • An attack on the network level can, for example, be that an attacker tracks the path of a device/node from one network to another network by positioning himself in the same link layer cloud and deciphering the unchanging MAC address of the device.
  • the attacker By associating the addresses of the link layer and the network layer (e.g. MAC and IP) the attacker will in addition be able to circumvent any protection mechanisms of the location privacy implemented in layer 3.
  • Checking the MAC address can also be a simple way of detecting whether a certain device (and its owner) is present in the network, even without visual confirmation.
  • a further aspect is how to deal with source and destination of messages on network level.
  • This information can be used to precisely locate a user or - if correlated with further information, which, for example, can result from a periodical check of an IMAP server - to discover a user's identity.
  • a method of the initially described type is characterized in that an individual broadcast link - channel - is generated between the access point and each of the nodes, wherein the channels are each defined by a channel-specific key, and wherein the headers or parts of the headers of packets to be sent between the access point and the nodes are encrypted with the corresponding key before their transmission.
  • an efficient protection of location information in wireless communication networks is only given if corresponding mechanisms work already in layer 2, i.e. the link layer in the OSI model.
  • an efficient protection can be generated by creating an individual broadcast link - in the following to be referred to as channel - between the access point and the nodes, wherein the channels are each defined by a channel-specific key. Data can securely be transported over the wireless medium by pairwise secret keys that are only known to the access point and the corresponding node.
  • the channel- specific keys are used according to the invention to encrypt the headers or parts of the headers of packets to be sent between the access point and the nodes before transporting them.
  • This encryption can be performed together with the encryption of the payload of the packets.
  • a separation of encryption of header information on the one hand and payload on the other hand is also possible, whereas header information and payload are then encrypted independently.
  • parts of the packets to be sent are encrypted in different ways.
  • parts of the header that contain particularly sensitive information can be encrypted with an especially secure cipher, whereas less sensitive information can be encrypted with a weaker cipher or can even be transmitted unencrypted. By doing so, the efforts in time and computation necessary for encryption can be optimized.
  • an initialization vector is utilized that is appended to the packets to be sent over the wireless channel before their transport.
  • the packets prepared in such a way are encrypted by the channel-specific key, wherein the encryption is performed in such a way that the result of the encryption depends on the respectively used initialization vector.
  • the encryption of the same plaintext results in different ciphertexts depending on the value of the used initialization vector.
  • the initialization vector is changed after every message sent. With regard to, for example, a MAC address, this means that two packets that are sent from the same node, i.e. with the same MAC address, and that are encrypted with the same key, look different from one another to an attacker. Thus, an attacker has no possibility to match the two packets to the same node.
  • the initialization vector is synchronized at the two end-points of the packet transmission, i.e. at the access point and at the corresponding node.
  • sequence number can be defined in such a way that it is unambiguous for each channel.
  • the sequence number can be a random number that is randomly determined anew after each message sent over the channel.
  • the sequence number is designed as a counter that is incremented after each sent message by the value of 1 or is renewed in any other unambiguous way.
  • the correspondingly current sequence number is attached to the packet to be sent.
  • the sequence number is attached in form of a transport header.
  • the transport header can contain further information.
  • a field with the length of the original (i.e. the unencrypted) packet can be provided, a field with the destination address, and - if applicable - values of plaintext fields that were erased from the original packet and that are mandatory for the transportation over the channel
  • encryption is performed with block encryption.
  • a very efficient encryption should be applied. Due to its small block size and its highly efficient duty cycle, the application of the RC5 encryption is ideal. Said encryption could in particular work in CBC (cipher block chaining) mode.
  • CBC cipher block chaining
  • the size of the initialization vector can be adjusted to the block size by padding.
  • a stream encryption can also be applied for encryption, whereas this encryption would have to be re-initialized for each packet with a known vector.
  • the packets to be sent are encrypted and decrypted from end to the beginning.
  • the node After receipt of a packet at a node, it can be provided that the node decrypts the sequence number first. In a next step the node will decrypt the MAC address to which the packet is destined by using the decrypted sequence number. If the decrypted destination MAC address corresponds to the own MAC address of the node, the node knows that the packet is destined for it. Otherwise, the node can discard the packet immediately without any further decryption steps necessary.
  • the access point On the side of the access point it can be provided that it stores a table where the keys of the nodes associated with the access point are stored. In this stored table the pre-computed encrypted addresses of the associated nodes can be associated to the keys.
  • the access point uses the known keys one after the other in order to decrypt the sequence number of a packet and in order decrypt the source MAC address of the packet by using the decrypted sequence number. As soon as the access point has found the matching key, the access point can update the sequence number and can thereby re-synchronize. If the access point has tried all known keys without any success, this means that no key agreement has been made yet with the sending node of the corresponding packet. In this case it can be provided that the packet is discarded, or that the access point initiates a key exchange protocol.
  • the key exchange protocol can be based on the dissemination and solution of a puzzle, wherein this could be in concrete the so-called Merkle's puzzle.
  • the access point generates first of all a multitude of data pairs that contain each a key k j as well as an identifier ⁇ .
  • the identifiers ⁇ are each encrypted with the respectively corresponding key k j , i.e. the access point computes E ⁇ ) and stores the pairs (kj .E ⁇ )) in a table.
  • the access point sends the ciphertexts generated in this way over the wireless link.
  • a node that intends to establish a key with the access point chooses randomly a ciphertext from the multitude of ciphertexts and decrypts it with a brute force attack.
  • the found key k serves the node then as a base to initiate a Diffie-Hellmann key exchange with the access point.
  • the node can send a message to the access point, wherein the message contains the public parameter g a encrypted with the found key.
  • the message could further on contain a transport header which - as described above - also contains a sequence number.
  • the value of the identifier of the respectively chosen puzzle can be chosen as sequence number.
  • the data pairs sent by the access point in the context of the puzzle are publicly marked that they contain a puzzle, so nodes which have not yet established a key with the access point are informed about the option to now have the chance to establish a key.
  • the puzzles are sent along with the beacons which the access point sends periodically anyway, in general at intervals of 100 ms.
  • one or more of the described mechanisms are combined with methods to protect location information that work on the network layer.
  • Fig. 1 a scheme of the general structure of a communication network as well as the application of channel-specific keys and sequence numbers according to a first example of an embodiment of the method according to the invention
  • Fig. 2 a scheme of a key exchange protocol based on the Merkle's puzzle
  • Fig. 3 a scheme of a 802.11 header prepared according to an example of an embodiment of the method according to the invention.
  • Fig. 1 shows - in a scheme - the general structure of a communication network, in which the method according to the invention is applied.
  • the network contains an access point AP to which all in all n nodes N 1 N n are associated.
  • the broadcast medium is symbolized by the cloud which is indicated by reference number 1.
  • each channel has two endpoints, which are the address of the respective node N 1 - MAC, - and the address of the AP - MAC AP -, and is defined by a pairwise secret, channel-specific key K 1 . Even though the communication only happens between the respective nodes N 1 and the AP, all nodes N 1 can hear all messages that are sent over any of the channels C 1 , because a broadcast medium is concerned.
  • the header or parts of the header of packets to be sent are encrypted with the corresponding key K 1 before their transport over the wireless medium. It should be noted that basically the method according to the invention can also be applied in an ad hoc scenario where there are several channels available per node.
  • the encryption is performed by using a synchronized initialization vector iv.
  • a synchronized initialization vector iv makes it possible to encrypt in such a way that the encryption of the same plaintext results in different ciphertexts, depending on the value of iv. Since iv is synchronized at both endpoints of the communication, both endpoints can pre-compute the ciphertext for expected plaintexts by using the next iv.
  • the initialization vector is designed as a sequence number S 1 , which can be determined unambiguously within a channel C 1 by both endpoints. Since packets can get lost on the wireless link and, consequently, also the synchronization can get lost, a mechanism for re-establishing the synchronization is applied as described in detail in the following. This mechanism allows in addition that the nodes N 1 as well as the AP re-set the initialization vector iv at any time during communication.
  • the access point AP To each message to be sent, i.e. to messages of one of the nodes N 1 as well as to messages from the AP, the current value of s, is added before encryption. Upon receipt of a packet the nodes N 1 will always try to decrypt the message and to compare the decrypted address with their own address. The access point AP, in contrast, will first of all compare the encrypted address field of a received message to the pre-computed values, wherein it stores a table as shown in Fig. 1 for fast comparison. In case the access point AP cannot match anything, it will first of all decrypt the value of the sequence number s, with all known keys K 1 and then use this value to decrypt the address field.
  • the address that corresponds to the respectively tested key K 1 can be employed for checking whether the decryption was successful. In case this mechanism does not lead to any result, a key exchange protocol described below in detail will be initiated.
  • packets are always encrypted from the end to the beginning. By these means the value of s, impacts the whole packet.
  • the address field of the packet is encrypted and decrypted independently from the rest of the packet by placing the value of s, - if applicable by adding padding data to adjust to the size of a used block cipher - in the beginning, so that the first encrypted blocks solely correspond with s, and are erased before the address is refitted in the packet.
  • the resulting cipher message When encryption occurs, it is probable that the resulting cipher message not only differs in its content, but also in its size from the plaintext message. For this reason the size of the original message is appended to make it possible to distinguish between the actual content of the original packet and the padding data.
  • a transport header is used in the example of an embodiment shown in Fig. 1 including all the necessary information and being appended to all of the packets before encryption. Concretely, this transport header includes all those values that were erased from mandatory plaintext fields, as well as information regarding the original length of the packet.
  • the transport header is terminated with the value of the sequence number S 1 . Since the encryption and the decryption - as mentioned above - are performed from the end to the beginning, it is ensured that the changes in the ciphering caused by variability of s, affect the whole packet encryption.
  • a node N 1 or the access point AP intend to send a packet, they first need to decide on the right key. As to the nodes, this is trivial because each node only disposes of one key.
  • the access point can use the address of the nodes N 1 to determine which key it has to use.
  • the node then appends the transport header as described above to the packet and encrypts the packet from the end to the beginning with the exception of mandatory plaintext fields, as well as of the address that is used to identify the node.
  • the address of the node N, - MAC, - is encrypted independently, because it is pre- computed on the other side, i.e. at the AP.
  • the node encrypts MAC, by applying E Kl (s, Il padding Il MAC). Padding achieves that s, is adjusted to the block size of the used ciphering. After encryption the encrypted section of s, is truncated and only the encrypted address MAC, is added to the packet.
  • the encrypted address can be the source address or the destination address of the packet.
  • the AP will apply the described mechanism to the destination address, whereas the nodes will apply the mechanism normally to the source address.
  • the reason behind is that the nodes need to verify whether a packet is intended for them, whereas the AP needs to verify who has sent the packet it received.
  • the node updates the value of s, wherein the update is here realized by adding a unit. In an alternative embodiment it is possible to change the value randomly to increase security.
  • a node When a node receives a packet, it will start decryption at the end of the packet and will thereby obtain s,. In a next step it will employ the value s, to decrypt MAC n , by firstly concatenating the encrypted value s, with the padding data and then performing the following decryption operation: D Kl (E Kl (s, Il padding) Il E Kl (MACJ). This step is necessary because the address MAC m was encrypted independently, whereby s, had been used as a vector for ciphering. In the end, the node can compare the obtained address MAC n , to its own address MAC, and check whether the packet is intended for it. Once the original values for mandatory plaintext fields and the packet length are replaced by information from the transport header, the packet can be delivered to higher layers. Finally, the node uses the value s, to update its own internal sequence number.
  • the AP Similar to the case of the nodes, the AP also looks for the right key when it receives a packet. In order to optimize this process, the AP pre-computes encrypted MAC addresses of associated nodes and stores them in a table as shown in Fig. 1. Consequently, by simply scanning this table the AP can try to find the encrypted MAC m contained in the packet. If this process fails due to loss of synchronization, it can happen that the AP has to test, as described above, all keys that are known to it in the table. Once the key is found the AP proceeds to decrypt the packet as this has been described above in the context of nodes receiving packets. Furthermore, the AP will use the value s m from the packet to update the stored table for the next packet (s m +1) and to compute E Kl (s m Il padding Il MACJ.
  • the key exchange method is based on the so-called Merkle's puzzle and is depicted in Fig. 2 in detail.
  • step 1 the AP generates a multitude of different pairs (k j , r,).
  • the k j will later on serve as solution of the puzzles, whereas the values ⁇ will serve as identifiers, as well as initial sequence numbers.
  • the AP uses an encryption to encrypt the tuples ( ⁇ padding > Il ⁇ ) with the key k j , i.e. the AP computes E w (padding Il ⁇ ).
  • serves as padding.
  • a stream cipher or a block cipher allowing for a flexible adjustment to small block sizes, as for example the block cipher RC5, is used for encryption.
  • the ciphertexts are sent by the AP and can be received by all nodes, in particular by those nodes that do not yet share any key with the AP. Even though not shown in Fig. 2, these packets are publicly marked, such that the nodes will know that they contain a puzzle.
  • the AP stores the pairs (k j , E 1 ⁇ ( ⁇ )) - as the case may be provided with necessary padding data - in a table.
  • the time during which a puzzle is available at the AP depends on the time window offered to a node to register with the AP. It should be slightly longer than the time window a node needs to choose and break a puzzle.
  • a node N intending to establish a key with the AP receives during a certain preset time period all the puzzles from the AP and chooses during this time span randomly one of the ciphertexts and starts a brute force attack. This means concretely that the node tries to decrypt the data with any possible value of k, until the first part of the result equals the padding. If the padding is long enough it can be assumed that this condition only holds true for the value originally chosen by the AP. In principle, the ciphertext can be seen as a puzzle with the key being its solution.
  • the node initiates in step 3 an encrypted Diffie- Hellmann key exchange (DH) wherein the node uses the structure of the encrypted transport header described above. More precisely, the node sends a message to the AP which includes the public parameter g a and a transport header, wherein the sequence number in the transport header equals the identifier r.
  • the AP tries to perform the algorithm described above. If the AP cannot find the key in the list of keys of active communications, it looks up the encrypted value E k (r) in its puzzle table to find out the used key.
  • the AP decrypts the rest of the packet to obtain g a as well as the MAC address of N.
  • the AP then encrypts its part g b of the Diffie-Hellmann key exchange according to the format of the transport header using k and sends its part to N.
  • the AP also sets a timer used to erase this entry in case the key exchange will not be successful.
  • the AP sets S 1 equal to r+1 and updates the value for the encrypted MAC address of N in order to be able to easily process future packets.
  • step 4 the node N uses the key k to decrypt the received packet.
  • the AP receives a confirmation in step 5 saying that the procedure is finished, it erases the timer inserted in step 3 and assumes that the registration has been performed successfully. The handling of future packets can then be performed according to the method described above.
  • the method according to the invention can be realized directly within the IEEE 802.11 standard. All 802.11 frames have a generic format in common that consists in the MAC header, the frame body and the frame check sequence (FCS). The structure of a typical 802.11 header is shown in Fig. 3. The transport header as described above is inserted between the frame body and the FSC. The transport header serves two purposes, namely to carry information regarding the correct length of the decrypted packet on the one hand, and to solve a problem regarding those packets containing an AID on the other hand. The second purpose is to transport the value of S 1 which is used to initiate the encryption of the packets.
  • Fig. 3 shows the fields and the added options in a standardized 802.11 packet header.
  • the duration field all fields are encrypted, this fact being indicated by the light highlighting of the fields.
  • the dark highlighted address field - address 2 - has been encrypted independently. If a node N 1 sends a packet, this field will equal the source address and in case of a packet sent by the AP the destination address will be used in this way.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

A method for protecting location information in wireless communication networks, wherein the communication network includes an access point (AP), as well as nodes (Ni) associated with the access point (AP), is - with regard to a secure transmission of packets over the wireless medium - characterized in that an individual broadcast link - channel (Ci) - is generated between the access point (AP) and each of the nodes (Ni), wherein the channels (Ci) are each defined by a channel-specific key (Ki), and wherein the headers or parts of the headers of packets to be sent between the access point (AP) and the nodes (Ni) are encrypted with the corresponding key (Ki) before their transmission.

Description

METHOD FOR PROTECTING LOCATION INFORMATION IN WIRELESS COMMUNICATION NETWORKS
The present invention concerns a method for protecting location information in wireless communication networks, wherein the communication network includes an access point, as well as nodes associated with the access point.
Wireless communication networks, in particular WLANs (wireless local area networks), gain more and more popularity and are increasingly installed, for example, in airports and train stations, shopping malls, cafes, office rooms, universities etc. This kind of communication networks has the advantage that nodes can always be "connected" and can hence- continuously receive information from the network or exchange information with other nodes. The constant connection to the network also shows some disadvantages though, which can be severe with regard to the loss of privacy, even though most of the users are not really aware of it. For example, third parties can track a change of the location that happened while being connected to the communication network.
Since the problem of the so-called "location privacy" has been identified only recently, there are only a few approaches dealing with its solution. Most of the known solutions on the area of location privacy operate on the network layer, even though many problems already occur on the link layer (i.e. on link layer level). Approaches on network level prevent that a node can track the location of peers beyond the link scope, but offer no solution to the problem of two nodes communicating with each other on the same link layer domain. This problem is most evident in broadcast media where an attacker does not even have to participate in the communication to monitor all the necessary information. This problem becomes worse due to the increasing size of link layer domains coming along with the proliferation of WiMAX. Operators are more and more using network identifiers only for inter-network domain routing and the distinction between a link layer domain and a network domain is more and more disappearing.
An attack on the network level can, for example, be that an attacker tracks the path of a device/node from one network to another network by positioning himself in the same link layer cloud and deciphering the unchanging MAC address of the device. By associating the addresses of the link layer and the network layer (e.g. MAC and IP) the attacker will in addition be able to circumvent any protection mechanisms of the location privacy implemented in layer 3. Checking the MAC address can also be a simple way of detecting whether a certain device (and its owner) is present in the network, even without visual confirmation.
A further aspect is how to deal with source and destination of messages on network level. With current technologies it is easy for an attacker to identify the traffic pattern, as well as the directions of traffic. After appropriate analysis, this information can be used to precisely locate a user or - if correlated with further information, which, for example, can result from a periodical check of an IMAP server - to discover a user's identity.
It is therefore an object of the present invention to improve and further develop a method of the initially described type for protecting location information in wireless communication networks in such a way that packets can be transmitted over the wireless medium in a secure way, i.e. without revealing information, which is directly or indirectly relevant with regard to location privacy, to a third party.
In accordance with the invention, the aforementioned object is accomplished by a method comprising the features of claim 1. According to this claim a method of the initially described type is characterized in that an individual broadcast link - channel - is generated between the access point and each of the nodes, wherein the channels are each defined by a channel-specific key, and wherein the headers or parts of the headers of packets to be sent between the access point and the nodes are encrypted with the corresponding key before their transmission.
According to the invention, it has first been recognized that an efficient protection of location information in wireless communication networks is only given if corresponding mechanisms work already in layer 2, i.e. the link layer in the OSI model. In a next step it has been recognized that an efficient protection can be generated by creating an individual broadcast link - in the following to be referred to as channel - between the access point and the nodes, wherein the channels are each defined by a channel-specific key. Data can securely be transported over the wireless medium by pairwise secret keys that are only known to the access point and the corresponding node. For the purpose of protecting information, which is sensitive with regard to the location privacy, against attacks of third parties, the channel- specific keys are used according to the invention to encrypt the headers or parts of the headers of packets to be sent between the access point and the nodes before transporting them. This encryption can be performed together with the encryption of the payload of the packets. A separation of encryption of header information on the one hand and payload on the other hand is also possible, whereas header information and payload are then encrypted independently.
In the context of a concrete embodiment it is provided that parts of the packets to be sent are encrypted in different ways. For example, parts of the header that contain particularly sensitive information can be encrypted with an especially secure cipher, whereas less sensitive information can be encrypted with a weaker cipher or can even be transmitted unencrypted. By doing so, the efforts in time and computation necessary for encryption can be optimized.
In order to create a variability of the ciphertexts, in a particularly preferred embodiment an initialization vector is utilized that is appended to the packets to be sent over the wireless channel before their transport. The packets prepared in such a way are encrypted by the channel-specific key, wherein the encryption is performed in such a way that the result of the encryption depends on the respectively used initialization vector. In other words, the encryption of the same plaintext results in different ciphertexts depending on the value of the used initialization vector. The initialization vector is changed after every message sent. With regard to, for example, a MAC address, this means that two packets that are sent from the same node, i.e. with the same MAC address, and that are encrypted with the same key, look different from one another to an attacker. Thus, an attacker has no possibility to match the two packets to the same node.
In an especially advantageous way the initialization vector is synchronized at the two end-points of the packet transmission, i.e. at the access point and at the corresponding node. By these means it is possible that the access point as well as the corresponding node can compute the ciphertext for the expected plaintexts in advance by using the respective subsequent initialization vector. Hence, a particularly fast determination of the source and/or destination address of the packets is possible.
Since the synchronization of both end points is usually a more expensive operation, it is very advantageous to use a simple sequence number as initialization vector. The sequence number can be defined in such a way that it is unambiguous for each channel. Regarding a particularly high level of security, the sequence number can be a random number that is randomly determined anew after each message sent over the channel. Considering the fact that packets can get lost on the wireless link, which can directly impact the synchronization, it is particularly advantageous if the sequence number is designed as a counter that is incremented after each sent message by the value of 1 or is renewed in any other unambiguous way.
Regarding an easy implementation it can be provided that the correspondingly current sequence number is attached to the packet to be sent. In concrete, it can be provided that the sequence number is attached in form of a transport header. In addition to the sequence number, the transport header can contain further information. In particular, a field with the length of the original (i.e. the unencrypted) packet can be provided, a field with the destination address, and - if applicable - values of plaintext fields that were erased from the original packet and that are mandatory for the transportation over the channel
In the context of a concrete embodiment it can be provided that encryption is performed with block encryption. As the encryption is used for every packet and in addition in a time-critical environment, a very efficient encryption should be applied. Due to its small block size and its highly efficient duty cycle, the application of the RC5 encryption is ideal. Said encryption could in particular work in CBC (cipher block chaining) mode. In case the size of the initialization vector does not match the block size of the used block encryption, the size of the initialization vector can be adjusted to the block size by padding. Alternatively, a stream encryption can also be applied for encryption, whereas this encryption would have to be re-initialized for each packet with a known vector.
In any case, the packets to be sent are encrypted and decrypted from end to the beginning. By these means it is ensured that in case of an implementation, according to which the sequence number terminates the packet, all parts of the packet are impacted by the value of the sequence number when encrypted.
After receipt of a packet at a node, it can be provided that the node decrypts the sequence number first. In a next step the node will decrypt the MAC address to which the packet is destined by using the decrypted sequence number. If the decrypted destination MAC address corresponds to the own MAC address of the node, the node knows that the packet is destined for it. Otherwise, the node can discard the packet immediately without any further decryption steps necessary.
On the side of the access point it can be provided that it stores a table where the keys of the nodes associated with the access point are stored. In this stored table the pre-computed encrypted addresses of the associated nodes can be associated to the keys. These means reduces considerably the time and computation efforts because the access point, when receiving a packet, only has to search for the stored encrypted addresses in the table in order to determine the sender of the packet.
In case that the synchronization between the access point and a node gets lost, for example, due to packet loss, it can be provided that the access point uses the known keys one after the other in order to decrypt the sequence number of a packet and in order decrypt the source MAC address of the packet by using the decrypted sequence number. As soon as the access point has found the matching key, the access point can update the sequence number and can thereby re-synchronize. If the access point has tried all known keys without any success, this means that no key agreement has been made yet with the sending node of the corresponding packet. In this case it can be provided that the packet is discarded, or that the access point initiates a key exchange protocol. In a particularly advantageous way the key exchange protocol can be based on the dissemination and solution of a puzzle, wherein this could be in concrete the so- called Merkle's puzzle. Here, the access point generates first of all a multitude of data pairs that contain each a key kj as well as an identifier η. The identifiers η are each encrypted with the respectively corresponding key kj, i.e. the access point computes E^η) and stores the pairs (kj .E^η)) in a table. The access point sends the ciphertexts generated in this way over the wireless link.
A node that intends to establish a key with the access point chooses randomly a ciphertext from the multitude of ciphertexts and decrypts it with a brute force attack. The found key k serves the node then as a base to initiate a Diffie-Hellmann key exchange with the access point. Concretely, the node can send a message to the access point, wherein the message contains the public parameter ga encrypted with the found key. In an advantageous way the message could further on contain a transport header which - as described above - also contains a sequence number. The value of the identifier of the respectively chosen puzzle can be chosen as sequence number.
In an advantageous way the data pairs sent by the access point in the context of the puzzle are publicly marked that they contain a puzzle, so nodes which have not yet established a key with the access point are informed about the option to now have the chance to establish a key.
In order to avoid sending additional messages in the context of the key exchange protocol, it can be provided that the puzzles are sent along with the beacons which the access point sends periodically anyway, in general at intervals of 100 ms.
Regarding a particularly high level of security, it can be provided that one or more of the described mechanisms are combined with methods to protect location information that work on the network layer.
There are several ways how to design and further develop the teaching of the present invention in an advantageous way. To this end, it is to be referred to the patent claims subordinate to patent claim 1 on the one hand and to the following explanation of preferred embodiments of the invention by way of example, illustrated by the figure on the other hand. In connection with the explanation of the preferred embodiment of the invention by the aid of the figure, generally preferred embodiments and further developments of the teaching will we explained. In the drawing, the figures show
Fig. 1 a scheme of the general structure of a communication network as well as the application of channel-specific keys and sequence numbers according to a first example of an embodiment of the method according to the invention,
Fig. 2 a scheme of a key exchange protocol based on the Merkle's puzzle, and
Fig. 3 a scheme of a 802.11 header prepared according to an example of an embodiment of the method according to the invention.
Fig. 1 shows - in a scheme - the general structure of a communication network, in which the method according to the invention is applied. The network contains an access point AP to which all in all n nodes N1 Nn are associated. The broadcast medium is symbolized by the cloud which is indicated by reference number 1.
According to the invention there is an individual broadcast link created between the access point AP and each of the nodes N1, to which will later be referred to as channel C1. Each channel has two endpoints, which are the address of the respective node N1 - MAC, - and the address of the AP - MACAP -, and is defined by a pairwise secret, channel-specific key K1. Even though the communication only happens between the respective nodes N1 and the AP, all nodes N1 can hear all messages that are sent over any of the channels C1, because a broadcast medium is concerned. In order to protect the location information of the nodes N1 when they communicate with the access point AP, the header or parts of the header of packets to be sent are encrypted with the corresponding key K1 before their transport over the wireless medium. It should be noted that basically the method according to the invention can also be applied in an ad hoc scenario where there are several channels available per node.
In the concrete embodiment shown in Fig. 1 , the encryption is performed by using a synchronized initialization vector iv. Using such a vector makes it possible to encrypt in such a way that the encryption of the same plaintext results in different ciphertexts, depending on the value of iv. Since iv is synchronized at both endpoints of the communication, both endpoints can pre-compute the ciphertext for expected plaintexts by using the next iv. By applying this mechanism to the MAC address encrypted in the sent packets, a very fast determination of the source and/or destination of the packets is realized.
One problem is the synchronization of the endpoints, which represents a costly operation. For this reason, in the shown embodiment, the initialization vector is designed as a sequence number S1, which can be determined unambiguously within a channel C1 by both endpoints. Since packets can get lost on the wireless link and, consequently, also the synchronization can get lost, a mechanism for re-establishing the synchronization is applied as described in detail in the following. This mechanism allows in addition that the nodes N1 as well as the AP re-set the initialization vector iv at any time during communication.
To each message to be sent, i.e. to messages of one of the nodes N1 as well as to messages from the AP, the current value of s, is added before encryption. Upon receipt of a packet the nodes N1 will always try to decrypt the message and to compare the decrypted address with their own address. The access point AP, in contrast, will first of all compare the encrypted address field of a received message to the pre-computed values, wherein it stores a table as shown in Fig. 1 for fast comparison. In case the access point AP cannot match anything, it will first of all decrypt the value of the sequence number s, with all known keys K1 and then use this value to decrypt the address field. The address that corresponds to the respectively tested key K1 can be employed for checking whether the decryption was successful. In case this mechanism does not lead to any result, a key exchange protocol described below in detail will be initiated. In the described example of an embodiment, packets are always encrypted from the end to the beginning. By these means the value of s, impacts the whole packet. Moreover, the address field of the packet is encrypted and decrypted independently from the rest of the packet by placing the value of s, - if applicable by adding padding data to adjust to the size of a used block cipher - in the beginning, so that the first encrypted blocks solely correspond with s, and are erased before the address is refitted in the packet.
By applying the method described, all point-to-point packets in the network become indistinguishable from each other. An attacker will hence not be able to link two different packets to each other by using link layer information.
When encryption occurs, it is probable that the resulting cipher message not only differs in its content, but also in its size from the plaintext message. For this reason the size of the original message is appended to make it possible to distinguish between the actual content of the original packet and the padding data.
Depending on the technology to which the method is applied it may be necessary to transmit information previously erased from the original packet as well, so that said information can be re-inserted before the packet is delivered to higher layers. For this end, a transport header is used in the example of an embodiment shown in Fig. 1 including all the necessary information and being appended to all of the packets before encryption. Concretely, this transport header includes all those values that were erased from mandatory plaintext fields, as well as information regarding the original length of the packet. The transport header is terminated with the value of the sequence number S1. Since the encryption and the decryption - as mentioned above - are performed from the end to the beginning, it is ensured that the changes in the ciphering caused by variability of s, affect the whole packet encryption.
In the following, the sending of packets is to be described in some more details. If a node N1 or the access point AP intend to send a packet, they first need to decide on the right key. As to the nodes, this is trivial because each node only disposes of one key. The access point can use the address of the nodes N1 to determine which key it has to use. The node then appends the transport header as described above to the packet and encrypts the packet from the end to the beginning with the exception of mandatory plaintext fields, as well as of the address that is used to identify the node. The plaintext fields that obligatorily need to be readable for all nodes have to be handled on a case-by-case basis, and, if necessary, the original values have to be added to the transport header as described above. Since the real length of the packet is also embedded in the transport header, randomly created padding data can be added to make a traffic analysis more difficult for an attacker.
The address of the node N, - MAC, - is encrypted independently, because it is pre- computed on the other side, i.e. at the AP. The node encrypts MAC, by applying EKl (s, Il padding Il MAC). Padding achieves that s, is adjusted to the block size of the used ciphering. After encryption the encrypted section of s, is truncated and only the encrypted address MAC, is added to the packet.
It should be noted that the encrypted address can be the source address or the destination address of the packet. In most cases the AP will apply the described mechanism to the destination address, whereas the nodes will apply the mechanism normally to the source address. The reason behind is that the nodes need to verify whether a packet is intended for them, whereas the AP needs to verify who has sent the packet it received.
Finally, the node updates the value of s,, wherein the update is here realized by adding a unit. In an alternative embodiment it is possible to change the value randomly to increase security.
In the following, the receipt of a packet is described, and in this context it has to be distinguished between nodes and access point.
When a node receives a packet, it will start decryption at the end of the packet and will thereby obtain s,. In a next step it will employ the value s, to decrypt MACn, by firstly concatenating the encrypted value s, with the padding data and then performing the following decryption operation: DKl (EKl (s, Il padding) Il EKl (MACJ). This step is necessary because the address MACm was encrypted independently, whereby s, had been used as a vector for ciphering. In the end, the node can compare the obtained address MACn, to its own address MAC, and check whether the packet is intended for it. Once the original values for mandatory plaintext fields and the packet length are replaced by information from the transport header, the packet can be delivered to higher layers. Finally, the node uses the value s, to update its own internal sequence number.
Similar to the case of the nodes, the AP also looks for the right key when it receives a packet. In order to optimize this process, the AP pre-computes encrypted MAC addresses of associated nodes and stores them in a table as shown in Fig. 1. Consequently, by simply scanning this table the AP can try to find the encrypted MACm contained in the packet. If this process fails due to loss of synchronization, it can happen that the AP has to test, as described above, all keys that are known to it in the table. Once the key is found the AP proceeds to decrypt the packet as this has been described above in the context of nodes receiving packets. Furthermore, the AP will use the value sm from the packet to update the stored table for the next packet (sm+1) and to compute EKl (sm Il padding Il MACJ.
In case none of the known keys leads to any result, the method changes to the phase of key exchange. The key exchange method is based on the so-called Merkle's puzzle and is depicted in Fig. 2 in detail.
In step 1 the AP generates a multitude of different pairs (kj, r,). The kj will later on serve as solution of the puzzles, whereas the values η will serve as identifiers, as well as initial sequence numbers. Then, the AP uses an encryption to encrypt the tuples (< padding > Il η) with the key kj, i.e. the AP computes Ew (padding Il η). In this context, a string with a fixed bit-length that is bigger than | kj | serves as padding. A stream cipher or a block cipher allowing for a flexible adjustment to small block sizes, as for example the block cipher RC5, is used for encryption.
The ciphertexts are sent by the AP and can be received by all nodes, in particular by those nodes that do not yet share any key with the AP. Even though not shown in Fig. 2, these packets are publicly marked, such that the nodes will know that they contain a puzzle. The AP stores the pairs (kj, E1^ (η)) - as the case may be provided with necessary padding data - in a table.
The time during which a puzzle is available at the AP, depends on the time window offered to a node to register with the AP. It should be slightly longer than the time window a node needs to choose and break a puzzle.
A node N intending to establish a key with the AP receives during a certain preset time period all the puzzles from the AP and chooses during this time span randomly one of the ciphertexts and starts a brute force attack. This means concretely that the node tries to decrypt the data with any possible value of k, until the first part of the result equals the padding. If the padding is long enough it can be assumed that this condition only holds true for the value originally chosen by the AP. In principle, the ciphertext can be seen as a puzzle with the key being its solution.
As soon as N has found out the key k, the node initiates in step 3 an encrypted Diffie- Hellmann key exchange (DH) wherein the node uses the structure of the encrypted transport header described above. More precisely, the node sends a message to the AP which includes the public parameter ga and a transport header, wherein the sequence number in the transport header equals the identifier r. As the structure of the packet corresponds to the structure of the packets from the transport phase, the AP tries to perform the algorithm described above. If the AP cannot find the key in the list of keys of active communications, it looks up the encrypted value Ek(r) in its puzzle table to find out the used key. After that, the AP decrypts the rest of the packet to obtain ga as well as the MAC address of N. The AP then encrypts its part gb of the Diffie-Hellmann key exchange according to the format of the transport header using k and sends its part to N. Moreover, the AP computes the key K:=(gb)a and adds for the node N the key K to the key list. The AP also sets a timer used to erase this entry in case the key exchange will not be successful. In addition, the AP sets S1 equal to r+1 and updates the value for the encrypted MAC address of N in order to be able to easily process future packets.
In step 4 the node N uses the key k to decrypt the received packet. The node can check the validity of the packet by checking the MAC address. Once the node has received and decrypted the correct packet, it knows gb and can compute K:=(ga)b by itself. From this point in time on, N and AP can use the key K for future encrypted communications.
If the AP receives a confirmation in step 5 saying that the procedure is finished, it erases the timer inserted in step 3 and assumes that the registration has been performed successfully. The handling of future packets can then be performed according to the method described above.
The method according to the invention can be realized directly within the IEEE 802.11 standard. All 802.11 frames have a generic format in common that consists in the MAC header, the frame body and the frame check sequence (FCS). The structure of a typical 802.11 header is shown in Fig. 3. The transport header as described above is inserted between the frame body and the FSC. The transport header serves two purposes, namely to carry information regarding the correct length of the decrypted packet on the one hand, and to solve a problem regarding those packets containing an AID on the other hand. The second purpose is to transport the value of S1 which is used to initiate the encryption of the packets.
Fig. 3 shows the fields and the added options in a standardized 802.11 packet header. With the exception of the duration field, all fields are encrypted, this fact being indicated by the light highlighting of the fields. The dark highlighted address field - address 2 - has been encrypted independently. If a node N1 sends a packet, this field will equal the source address and in case of a packet sent by the AP the destination address will be used in this way.
This results in packets that are not distinguishable one from another. Hence, an attacker can find out neither source nor destination of a packet. He will also not be able to link two point-to-point packets by mere traffic analysis.
Many modifications and other embodiments of the invention set forth herein will come to mind the one skilled in the art to which the invention pertains having the benefit of the teachings presented in the foregoing description and the associated drawings. Therefore, it is to be understood that the invention is not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims

C l a i m s
1. Method for protecting location information in wireless communication networks, wherein the communication network includes an access point (AP), as well as nodes (N1) associated with the access point (AP), c h a r a c t e r i z e d i n that an individual broadcast link - channel (C1) - is generated between the access point (AP) and each of the nodes (N1), wherein the channels (C1) are each defined by a channel-specific key (K1), and wherein the headers or parts of the headers of packets to be sent between the access point (AP) and the nodes (N1) are encrypted with the corresponding key (K1) before their transmission.
2. Method according to claim 1 , characterized in that parts of packets to be sent are encrypted in different ways.
3. Method according to claim 1 or 2, characterized in that packets to be sent are appended with an initialization vector (iv) and that the packets, which are prepared in such way, are encrypted by means of the channel-specific key (K1) in such a way that the encryption of the same plaintext results in different ciphertexts depending on the value of the used initialization vector (iv).
4. Method according to claim 3, characterized in that the initialization vector (iv) is synchronized at both endpoints of the packet transmission.
5. Method according to claim 3 or 4, characterized in that a sequence number (sr) is used as initialization vector (iv).
6. Method according to claim 5, characterized in that the sequence number (s,) is unambiguously identifiable within a channel (C1) by both endpoints.
7. Method according to claim 5 or 6, characterized in that the sequence number (S1) is changed after each message sent over the channel (C1).
8. Method according to any of the claims 5 to 7, characterized in that the sequence number (s,) is a counter, which is incremented by the value of 1 after each message.
9. Method according to any of the claims 5 to 8, characterized in that the respectively current sequence number (s,) is appended to the packet to be sent.
10. Method according to claim 9, characterized in that the respectively current sequence number (s,) is appended to the packet to be sent in form of a transport header.
11. Method according to claim 10, characterized in that the transport header contains in addition to the respectively current sequence number (s,) a field with the original length of the packet, as well as, possibly, values of plaintext fields, which have been erased from the original packet and which are mandatory for the transmission over the channel (C1).
12. Method according to any of the claims 1 to 11 , characterized in that plaintext fields, which are mandatory for the transmission over the channel (C1), are exempted from encryption.
13. Method according to any of the claims 1 to 12, characterized in that for encryption a block encryption is applied.
14. Method according to claim 13, characterized in that an RC5-encryption, preferably in CBC (cipher block chaining) mode, is applied as block encryption.
15. Method according to claim 13 or 14, characterized in that the size of the initialization vector (iv) is adjusted to the block size of the used block encryption by padding.
16. Method according to any of the claims 1 to 12, characterized in that for encryption a stream encryption is applied.
17. Method according to any of the claims 1 to 16, characterized in that the packets to be sent are encrypted and decrypted from the end to the beginning.
18. Method according to any of the claims 5 to 17, characterized in that a node (N1), upon receipt of a packet, decrypts first the sequence number (s,).
19. Method according to claim 18, characterized in that the node (N1), by using the decrypted sequence number (s,), decrypts the destination MAC address (MACJ of the packet.
20. Method according to claim 19, characterized in that the node (N1) compares the decrypted destination MAC address (MACJ with its own MAC address (MAC,).
21. Method according to any of the claims 1 to 20, characterized in that the access point (AP) stores a table with the keys (K1), and with pre-computed encrypted addresses (MAC,) of the associated nodes (N1).
22. Method according to claim 21 , characterized in that the access point (AP) searches the encrypted addresses in the stored table in order to determine the sender of a received packet.
23. Method according to claim 21 or 22, characterized in that the access point (AP), in case of a loss of synchronization, uses the known keys (K1) in order to decrypt the sequence number (s,) of the packet, and, by using the decrypted sequence number (s,), to decrypt the source MAC address (MACJ of the packet.
24. Method according to claim 23, characterized in that the access point (AP) initiates a key exchange protocol in case the decryption with all known keys (K1) fails.
25. Method according to claim 24, characterized in that the key exchange protocol includes the dissemination and solution of a puzzle, wherein the access point (AP) generates a multitude of data pairs including each a key (kj) and an identifier (rj), and wherein the access point (AP) encrypts the identifier (η) with the corresponding key (k,), wherein the access point (AP) sends the ciphertexts generated in said way over the wireless link, wherein a node (K,), which intends to establish a key with the access point (AP), randomly selects a ciphertext from the multitude of ciphertexts and decrypts the selected ciphertext with a brute force attack, and wherein the node (K,) initiates a Diffie-Hellmann key exchange with the access point (AP) based on the found key (k).
26. Method according to claim 25, characterized in that the node sends a message to the access point (AP) in the context of the Diffie-Hellmann key exchange, wherein the message includes the public parameter ga encrypted with the key (k) as well as a transport header, wherein the sequence number (s) in the transport header conforms to the identifier (r).
27. Method according to claim 25 or 26, characterized in that the data pairs sent by the access point (AP) are provided with a public marking indicating that they contain a puzzle.
28. Method according to any of the claims 25 to 27, characterized in that the data pairs are sent along with beacon signals.
29. Method according to any of the claims 1 to 28, characterized in a combination of methods working on the network layer to protect location information.
PCT/EP2007/006758 2006-08-01 2007-07-31 Method for protecting location information in wireless communication networks WO2008014971A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE200610036164 DE102006036164A1 (en) 2006-08-01 2006-08-01 Method for protecting location information in wireless communication networks
DE102006036164.4 2006-08-01

Publications (2)

Publication Number Publication Date
WO2008014971A2 true WO2008014971A2 (en) 2008-02-07
WO2008014971A3 WO2008014971A3 (en) 2008-09-18

Family

ID=38884887

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2007/006758 WO2008014971A2 (en) 2006-08-01 2007-07-31 Method for protecting location information in wireless communication networks

Country Status (2)

Country Link
DE (1) DE102006036164A1 (en)
WO (1) WO2008014971A2 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6453159B1 (en) * 1999-02-25 2002-09-17 Telxon Corporation Multi-level encryption system for wireless network
EP1379029A1 (en) * 2002-07-06 2004-01-07 Samsung Electronics Co., Ltd. Method of guaranteeing users' anonymity and wireless local area network (LAN) system therefor
US20040083362A1 (en) * 2002-10-23 2004-04-29 Ndosa Technologies Inc. Cryptographic method and computer program product for use in wireless local area networks
US20060093148A1 (en) * 2004-11-03 2006-05-04 Ndosa Technologies, Inc. Systems and methods for the application of cryptosystems to the data link layer of packetized wireless networks
EP1679852A2 (en) * 2005-01-11 2006-07-12 Samsung Electronics Co.,Ltd. Data security in wireless network system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6453159B1 (en) * 1999-02-25 2002-09-17 Telxon Corporation Multi-level encryption system for wireless network
EP1379029A1 (en) * 2002-07-06 2004-01-07 Samsung Electronics Co., Ltd. Method of guaranteeing users' anonymity and wireless local area network (LAN) system therefor
US20040083362A1 (en) * 2002-10-23 2004-04-29 Ndosa Technologies Inc. Cryptographic method and computer program product for use in wireless local area networks
US20060093148A1 (en) * 2004-11-03 2006-05-04 Ndosa Technologies, Inc. Systems and methods for the application of cryptosystems to the data link layer of packetized wireless networks
EP1679852A2 (en) * 2005-01-11 2006-07-12 Samsung Electronics Co.,Ltd. Data security in wireless network system

Also Published As

Publication number Publication date
DE102006036164A1 (en) 2008-02-07
WO2008014971A3 (en) 2008-09-18

Similar Documents

Publication Publication Date Title
US7734052B2 (en) Method and system for secure processing of authentication key material in an ad hoc wireless network
EP2067296B1 (en) Method and apparatus for establishing security associations between nodes of an ad hoc wireless network
US8627092B2 (en) Asymmetric cryptography for wireless systems
EP2030362B1 (en) Method and apparatus for encrypted communications using ipsec keys
KR20100092989A (en) Encryption method for secure packet transmission
KR20070084568A (en) System and method for providing security for a wireless network
WO2011111842A1 (en) Confidential communication method using vpn, a system and program for the same, and memory media for program therefor
JP4526079B2 (en) Multi-hop communication system, mobile terminal thereof, route control server, and route establishment method
WO2012024905A1 (en) Method, terminal and ggsn for encrypting and decrypting data in mobile communication network
Armknecht et al. Who said that? privacy at link layer
KR101478733B1 (en) System for registering profile information of terminal
JP4847951B2 (en) Protocol extension of signaling messages
Trimintzios et al. WiFi and WiMAX secure deployments
EP2047631B1 (en) Method for establishing a secret key between two nodes in a communication network
Chowdhury et al. Security issues in integrated EPON and next-generation WLAN networks
WO2008014971A2 (en) Method for protecting location information in wireless communication networks
Sher et al. Network access security management (NASM) model for next generation mobile telecommunication networks
Hu et al. Security Research on Mobile IP network handover
Matos et al. Toward dependable networking: secure location and privacy at the link layer
Banescu et al. Security of 3G and LTE
Bakthavathsalu et al. Management frame attacks in WiMAX networks: Analysis and prevention
Morioka et al. MIS protocol for secure connection and fast handover on wireless LAN
Preneel Mobile and Wireless Communications Security
Castelluccia-INRIA Securing 802.11 (WiFi) networks
Kranakis et al. Mobile and wireless communications security1

Legal Events

Date Code Title Description
NENP Non-entry into the national phase in:

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07786455

Country of ref document: EP

Kind code of ref document: A2