WO2009085528A2 - Apparatus and method for negotiating pairwise master key for securing peer links in wireless mesh networks - Google Patents

Apparatus and method for negotiating pairwise master key for securing peer links in wireless mesh networks Download PDF

Info

Publication number
WO2009085528A2
WO2009085528A2 PCT/US2008/085110 US2008085110W WO2009085528A2 WO 2009085528 A2 WO2009085528 A2 WO 2009085528A2 US 2008085110 W US2008085110 W US 2008085110W WO 2009085528 A2 WO2009085528 A2 WO 2009085528A2
Authority
WO
WIPO (PCT)
Prior art keywords
pmk
network device
default
identifier list
negotiated
Prior art date
Application number
PCT/US2008/085110
Other languages
French (fr)
Other versions
WO2009085528A3 (en
Inventor
Meiyuan Zhao
Jesse Walker
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Priority to CN200880123657XA priority Critical patent/CN101911814B/en
Priority to JP2010540714A priority patent/JP5010744B2/en
Priority to BRPI0819474A priority patent/BRPI0819474A2/en
Priority to EP08866653.2A priority patent/EP2225909A4/en
Publication of WO2009085528A2 publication Critical patent/WO2009085528A2/en
Publication of WO2009085528A3 publication Critical patent/WO2009085528A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B5/00Near-field transmission systems, e.g. inductive or capacitive transmission systems
    • H04B5/70Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
    • H04B5/72Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes for local intradevice communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • the embodiments of the invention generally relate to wireless networks. Specifically, the embodiments of the invention relate to an apparatus and a method for an authentication protocol in wireless ad-hoc networks.
  • Wireless networks are becoming more prevalent, and are available nearly everywhere.
  • Cities are deploying city- wide wireless networks, wireless connectivity is available in businesses, homes, libraries, airports, and even coffee shops.
  • the benefits of wireless networks are undeniable. They are extremely convenient, providing increased mobility and efficiency.
  • wireless networks are easy to expand, and easy to deploy.
  • issues of security, range, and speed exist with WLANs.
  • the IEEE 802.11 protocol is the governing standard for WLANs. As wireless networking technology has developed, the IEEE 802.11 standard has undergone multiple amendments. Each amendment is aimed to address specific shortcomings of wireless networks. These amendments are designated by a letter following "802.11," and have introduced various improvements on the original 802.11 standard.
  • the 802.11b and 802.1 Ig standards are two modulation amendments that are widely used for implementing home wireless networks.
  • the 802. Hi standard is an amendment to the 802.11 standard implementing various security mechanisms for wireless networks.
  • the 802.1 Ii standard introduced the WiFi Protected Access2 ("WP A2") protocol, which supplemented the wired equivalent privacy (“WEP”) and WiFi Protected Access (“WPA”) protocols.
  • WP A2 WiFi Protected Access2
  • WEP wired equivalent privacy
  • WPA WiFi Protected Access
  • WP A2 makes use of the Extensible Authentication Protocol ("EAP") in providing a pairwise master key (“PMK”) in establishing a secure link.
  • EAP Extensible Authentication Protocol
  • PMK pairwise master key
  • Another amendment currently under development to the IEEE 802.11 standard is the 802.11s standard.
  • the 802.11s standard was chartered to improve throughput of data transmission over a wireless network through the addition of mesh capabilities. Mesh capabilities allow data to be transmitted on paths consisting of multiple wireless hops.
  • a primary focus during the development of the 802.11s standard with mesh capabilities was to improve performance for streaming video. However, streaming video limits the time allotted for links to be established, making the establishment of a secure link difficult with existing authentication protocols. Particularly difficult is the negotiation of a PMK for establishing the authenticated peer link during the allotted time.
  • Figure 1 is an illustration of a wireless ad-hoc local area network according to an embodiment of the invention
  • Figure 2 is an exemplary block diagram of a mesh point according to an embodiment of the invention.
  • Figure 3 is an exemplary flow diagram data being exchanged between mesh points according to an embodiment of the invention.
  • FIG 4 is an exemplary flow diagram of negotiating a pairwise master key ("PMK") according to an embodiment of the invention
  • Figure 5 is an exemplary flow diagram of negotiating a pairwise master key
  • Figure 6 is an exemplary flow diagram of finalizing the negotiation of a pairwise master key according to an embodiment of the invention.
  • An embodiment of the invention is directed to a system for negotiating a pairwise master key ("PMK").
  • PMK is a shared key that allow the encryption and decryption of data transmitted between two network devices.
  • a PMK may have a limited life span, and may also be used to derive pairwise transient keys (“PTK”) to perform the actual encryption and decryption of data.
  • PMKs may be used for the entire duration of a connection between two network devices until the connection is terminated or lost.
  • authentication protocols utilizing PMKs are generally used in wireless networks, they can be used in the implementation of wired networks as well.
  • Each network device includes a processor, a storage device, a random number generator and a communication device that is able to both receive and transmit data. Furthermore, each network device is configured to select a default PMK before a PMK has been negotiated.
  • the selected default PMK may be the highest priority PMK from a list of available PMKs, where priorities are based on the expiration times of each PMK. Other methods of sorting the list of PMKs may also be used as long as the basis of the arrangement is known to both mesh points establishing the connection. This list of PMKs arranged in order of expiration times is also known as the PMK identifier list.
  • the PMK identifier list is specific between two specific mesh points, and includes a list of the PMKs that are shared between the two specific mesh points and are available for the establishing a connection between the two specific mesh points.
  • the network devices advertise the PMKs that it has available by adding the PMK identifier list to an open message when attempting to form a connection.
  • Each network device is also configured to receive PMK identifiers lists from other network devices and independently select a negotiated PMK, the PMK that will be used by the network devices for the duration of the connection that they establish, using an interpretive algorithm based on the default PMK and the PMK identifier lists it has received and transmitted.
  • the network device After a negotiated PMK has been selected, the network device sends out a confirmation to the network device with which it is establishing a link to complete the protocol.
  • the embodiments of the invention allow the negotiation of the PMK in at least four messages. This is accomplished through the use of an ordered PMK list that ranks the available PMKs according to expiration times of the individual PMKs, thus allowing a network device to select the highest priority PMK as a default PMK to be used in its initial transmission when attempting a connection before a PMK has been negotiated.
  • handshaking refers to handshaking in information technology, telecommunications, and related fields, wherein handshaking is an automated process of negotiation that dynamically sets parameters of a communications channel established between two entities before normal communication over the channel begins. It follows the physical establishment of the channel and precedes normal information transfer. Handshaking may be used to negotiate parameters that are acceptable to equipment and systems at both ends of the communication channel, including, but not limited to, information transfer rate, coding alphabet, parity, interrupt procedure, and other protocol or hardware features. Handshaking makes it possible to connect relatively heterogeneous systems or equipment over a communication channel without the need for human intervention to set parameters.
  • handshaking is that of modems, which typically negotiate communication parameters for a brief period when a connection is first established, and thereafter use those parameters to provide optimal information transfer over the channel as a function of its quality and capacity.
  • the "squealing" (which is actually a sound that changes in pitch 100 times every second) noises made by some modems with speaker output immediately after a connection is established are in fact the sounds of modems at both ends engaging in a handshaking procedure; once the procedure is completed, the speaker might be silenced, depending on the driver.
  • the network devices are configured to transmit and receive data wirelessly.
  • the plurality of network devices are mesh points in a wireless ad- hoc network.
  • the open message comprises a network device identifier associated with the network device transmitting the PMK identifier list; a generated random number associated with the network device transmitting the open message; a list of PMKs associated with the network device transmitting the open message; the default PMK associated with the network device transmitting the open message; and a message authentication code constructed with the default PMK.
  • the list of PMKs is arranged based on expiration times associated with each of the PMKs in the list.
  • the negotiated PMK is selected based on an interpretive algorithm.
  • the confirmation message comprises a network device identifier associated with the network device transmitting the confirmation message; a network device identifier associated with the network device receiving the confirmation message; a randomly generated number associated with the network device transmitting the confirmation message; a randomly generated number associated with the network device receiving the confirmation message; the negotiated PMK; and a message authentication code constructed with the negotiated PMK.
  • the PMK is selected based on an interpretive algorithm.
  • An alternative embodiment of the invention is directed to a method for negotiating a pairwise master key ("PMK") between network devices establishing a link.
  • PMK pairwise master key
  • a new instance for establishing a link is created at a network device.
  • a default PMK is selected from the PMKs that the network device has available, and the network device constructs a PMK identifier list to advertise available PMKs to other network devices using the selected default PMK.
  • the PMK identifier list includes the PMKs that the network device has available, arranged in order of priority, that it shares with the specific mesh point with which it is trying to establish a connection, and the default PMK is preferably the PMK with the highest priority.
  • the network device transmits the PMK identifier list to other network devices, and receives a PMK identifier list transmitted by a second network device.
  • the network device selects a negotiated PMK using an interpretive algorithm based on the received PMK identifier list and composes and transmits a confirmation message to the second network device if a PMK has been negotiated. If no PMK is successfully selected, no confirmation messages are constructed or composed and the link instances are discarded.
  • the method comprises the steps of determining a second default PMK associated with the second network device; constructing the second PMK identifier list associated with the second network device; transmitting the second PMK identifier list to the first network device; receiving the first PMK identifier list transmitted by the first network device; independently selecting a second PMK based on the received first PMK identifier list; composing the second confirmation message based on the selected second PMK; and transmitting the second confirmation message to the first network device.
  • the transmitting steps are performed wirelessly.
  • the first network device and the second network device are mesh points of a wireless ad-hoc network.
  • Another embodiment of the invention is directed to a method for negotiating a pairwise master key between two network devices.
  • both network devices create new instances for establishing a link, and select default PMKs from the PMKs that each network device has available.
  • the network devices use these PMKs and the PMKs that it has available to compose PMK identifier list messages, and transmit the PMK identifier list messages to each other.
  • each network device selects a PMK. After the PMKs have been selected, each network device composes and transmits a confirmation message to the other. If no PMK is successfully selected, no confirmation messages are constructed or composed and the link instances are discarded.
  • Figure 1 is an exemplary illustration of a wireless ad-hoc network according to an embodiment of the invention.
  • the wireless network 100 depicted in Figure 1 is shown with five mesh points, mesh points 110, 120, 130, 140, and 150, the wireless network 100 may have any number of wireless mesh points.
  • the mesh points 110, 120, 130, 140, and 150 may be any type of wireless node or network appliance such as a laptop computer, a personal computer, a wireless access points, etc.
  • the illustration of Figure 1 depicts a general wireless network, and since the design of wireless mesh networks will vary widely depending on the application and implementation of the network, Figure 1 does not include features of wireless mesh networks that may be present in other implementations of wireless mesh networks.
  • the invention may be described through exemplary embodiments of the invention, the features of the invention may be implemented in nearly all wireless mesh networks, and an embodiment of the invention has been accepted in the draft for the IEEE 802.1 Is standard.
  • FIG. 2 is a representative block diagram of a mesh point 200 that may be used in an embodiment of the invention.
  • the block diagram of the mesh point 200 of Figure 2 may be representative of any of the mesh points 110, 120, 130, 140 or 150 shown in Figure 1.
  • the mesh point 200 may be nearly any type of wireless network appliance, including a laptop computer, a personal computer ("PC"), a personal data assistant ("PDA"), a wireless access point, etc.
  • Figure 2 shows various basic components that the mesh point 200 may include.
  • the mesh point 200 may include an authenticated identity 210.
  • the authenticated identity 210 may be the media access control (“MAC") address of the mesh point 200, or any other unique identifier for the mesh point 200.
  • the mesh point 200 may also include a random number generator 220.
  • the random number generator 220 may be a software application that is part of an operating system for the mesh point 200, or the random number generator 200 may be a separate specific standalone application.
  • the random number generator 220 may conform to the ANSI X9.31 and ANSI X9.82 standards in generating random numbers.
  • the mesh point 200 may also include a memory 230.
  • the memory 230 may be a hard drive, a cache memory, or any type of solid state memory, etc.
  • the memory 230 stores any data the mesh point 200 may use in establishing a link with any other mesh point in a mesh network, or performing any other task the mesh point may perform.
  • the data stored in the memory 230 may include a PMK identifier list, a list of PMKs that are available to the mesh point 200, any PMK being used for any existing links, any authentication keys corresponding to any PMKs being used, etc.
  • the mesh point 200 may also include a processor 240.
  • the processor 240 may be any type of device that is designed to carry out the functions of the mesh point 200.
  • FIG 3 is a representative block diagram of two mesh points, 310 and 320, exchanging messages in negotiating a PMK according to an embodiment of the invention.
  • the mesh points 310 and 320 of Figure 3 may be any of the mesh points shown in Figure 1, and may be represented by the block diagram of the mesh point 200 in Figure 2.
  • at least one mesh point instantiates a new link instance, selects a default PMK and advertises its respective PMK identifier list.
  • the PMK identifier list is an ordered list of the PMKs that two specific mesh points share when they are establishing a connection, and the PMKs are arranged in an order of priority, preferably based on expiration times of the PMKs.
  • the PMKs are unique to each pair of mesh points in a network, and differ for each pair of mesh points attempting to establish a connection.
  • the PMK identifier list includes the PMKs that the mesh points 310 and 320 share and have available to each other when establishing a connection with each other.
  • the default PMK is preferably the PMK of highest priority in the PMK identifier list.
  • the PMK with the highest priority is the PMK with the latest expiration time.
  • the mesh point transmits the PMK identifier list in an open message.
  • the open messages include the PMK identifier lists that are constructed, the authenticated identity of the mesh point, a randomly generated number, the selected default PMK, and an message authentication code for the message computed by the message authentication code key derived from the selected default PMK.
  • the PMK identifier list may be constructed before the default PMK is selected.
  • the authenticated identity of the mesh point may be the authenticated identity 210 shown in Figure 2, and the randomly generated number may have been generated by random number generator 220.
  • the message authentication code may be generated according to a cryptographic standard such as the advanced encryption standard ("AES").
  • the open message may be constructed according to the following: MP ⁇ R Il L ⁇ K ⁇ m KK (MP ⁇ R ⁇ L ⁇ K); where MP is the authenticated identity of the transmitting mesh point, R is a random number, L is a list of identifiers of the PMKs available to the mesh point, K is the identifier of the selected default PMK, KK is the message authentication code key derived from K, VH KK ⁇ MP ⁇ R ⁇ L ⁇ K) is the message authentication code computed using KK, and "II" denotes concatenation. Furthermore, the list of the available PMKs for each mesh point is arranged in a predetermined order.
  • the PMK identifiers in the list of available PMKs L are ordered by the expiration time of each PMK.
  • the first PMK identifier in L identifies the PMK that expires last among all PMKs identified in L and the last PMK identifier in L identifies the PMK that expires first among all PMKs identified in L.
  • the selected default PMK is generally the first PMK identifier in L, the last PMK to expire.
  • the PMK identifier list is included in an open message and transmitted to other mesh points.
  • the mesh point 310 is initiating the negotiation of a PMK with the mesh point 320
  • the mesh point 310 constructs the PMK identifier list, includes the list in the open message 330 and transmits the open message 330 to the mesh point 320, illustrated by the arrow 335.
  • the mesh point 320 is initiating the negotiation of a PMK
  • the mesh point 320 constructs the PMK identifier list, includes the list in the open message 340 and transmits the open message 340 to the mesh point 310, illustrated by the arrow 345.
  • the open messages 330 and 340 are both constructed and transmitted simultaneously, as shown by arrows 335 and 345.
  • Each mesh point receives the open message and makes an independent determination regarding the PMK to be used for the current link using an interpretive algorithm, which is based on the default PMKs, and the PMK identifier lists of the mesh points. However, in an embodiment where only one mesh point is initiating the link, this step may precede the formation of a PMK identifier list.
  • the mesh point 310 constructs the PMK identifier list, includes it in the open message 330, and transmits the open message 330 to the mesh point 320.
  • the mesh point 320 receives the open message 330 and makes an independent determination of the PMK to be used for the current link.
  • the mesh point 320 constructs a PMK identifier list with the chosen PMK and transmits the PMK identifier list in the open message 340 to the mesh point 310.
  • both mesh points After both mesh point have constructed PMK identifier lists, transmitted the lists in open messages, and have each independently chosen the negotiated PMK to be used based on the received open messages, both mesh points compose confirmation messages and transmit the confirmation messages to the other mesh point if the negotiated PMKs are the same.
  • the mesh point 310 composes confirmation message 350 and the mesh point 320 composes confirmation message 360.
  • the confirmation message includes the authenticated identities of both mesh points, the random numbers sent by both mesh points in the respective PMK identifier lists, the selected negotiated PMK, and the message authentication code of the confirmation message computed using the negotiated PMK.
  • a confirmation message being sent from the mesh point 310 to the mesh point 320 may be composed according to the following:
  • 3 io is the random number generated and transmitted by the mesh point 310 in its open message
  • i?3 2 o is the random number generated and transmitted by the mesh point 320 in its open message
  • K is the selected negotiated PMK
  • KK is the message authentication code key derived from K
  • ⁇ 320 Il ⁇ O is the message authentication code computed using KK
  • " denotes concatenation.
  • the mesh point 320 composes and transmits a similar confirmation message to the mesh point 310 to confirm the commitment of both mesh points to use the chosen PMK, designated as K.
  • the corresponding confirmation message composed and transmitted by the mesh point 320 is as follows:
  • MP320 I MP310
  • Figure 4 is a representative flow diagram of a method 400 according to an embodiment of the invention that show the steps of the interpretive algorithm performed at a mesh point in independently selecting a negotiated PMK.
  • the steps of the method 400 are described with respect to elements and features of the wireless ad-hoc network 100 and the mesh point 310, shown in Figures 1 and 3, respectively. However, the steps of the method 400 are not confined to the embodiment of the invention described.
  • the first step of the method 400 is step 405, where the mesh point 310 is attempting to establish a link, and thus needs to negotiate a PMK.
  • the mesh point 310 creates a new instance for a new link during step 405.
  • the mesh point 310 selects a default PMK from the list of PMKs that it has available.
  • the available PMKs may be sorted in order of expiration times, with the PMK with the latest expiration time given the highest priority, and the PMK expiring closest in time ranked last.
  • the default PMK is the PMK with the highest priority (i.e. - the PMK that expires last).
  • the mesh point 310 constructs a PMK identifier list to be placed in an open message as described above during step 415.
  • the mesh point 310 then transmits the open message to another mesh point in the network 100 during step 420.
  • the mesh point 310 may receive an open message from another mesh point in the network 100 during step 425.
  • the other mesh point may be the mesh point 320 as shown in Figure 3.
  • the mesh point 310 After receiving the open message from another mesh point, the mesh point 310 independently selects a negotiated PMK based on the PMKs that it has available and the received open message. If no PMK can be selected during step 430, the mesh point 310 terminates the current instance for a link and begins the method 400 again. However, if a PMK is selected during step 430, the mesh point 310 composes a confirmation message as described above during step 440. The mesh point 310 then transmits the confirmation message during step 445, and receives a confirmation message from another mesh point during step 450. If the chosen PMKs match, the protocol ends and a link is successfully established.
  • FIG 5 is an exemplary flow diagram of a method 500 according to an embodiment of the invention that may be performed by at a mesh point, such as the mesh point 310, during the step 430 of the method 400 in independently selecting a PMK.
  • the method 500 may be performed at the mesh point 310 when it is attempting to establish a link, or when it has received an open message from another mesh point attempting to establish a link.
  • the steps of the method 500 are described with respect to elements and features of the wireless ad-hoc network 100 and the mesh point 310 shown in Figures 1 and 3. However, the steps of the method 500 are not confined to the embodiment of the invention described.
  • K represents the variable of the PMK being used by the mesh point
  • Kl represents the PMK that is received in the open message received during step 505
  • Ll represents the list of PMKs available to the mesh point 310
  • Ll represents the list of PMKs available to the mesh point that transmitted the open message received at the mesh point 310 during step 505.
  • the mesh point 310 receives an open message from another mesh point in the wireless ad-hoc network.
  • the mesh point 310 determines whether it already has a PMK to be used (K). If it determines that a PMK to be used has already been established, it checks to see if the PMK to be used is the same as Kl that was included in the received open message during step 515. If the two PMKs match, the mesh point 310 composes and transmits a confirmation message with the selected PMK (K2) during step 530. If the two PMKs do not match, the open message is discarded during step 525 and the method is ended.
  • K PMK to be used
  • the mesh point 310 verifies whether Kl is included in its list of available PMKs (Ll) during decision block 520. If Kl is not included in Ll , the open message is discarded, and the method is ended. However, if Kl is present in Ll, the mesh point 310 checks to see if Kl is the same PMK as the PMK with the highest priority (Kl, the PMK with the latest expiration time) in its list Ll during step 535. If ATl and Kl are the same, the mesh point sets Kl as the PMK to be used during step 540, and accordingly composes and sends a confirmation message.
  • Kl the same PMK as the PMK with the highest priority
  • the mesh point 310 looks to see if there are any shared PMKs in Ll and Ll. If no shared PMKs exist, the protocol is ended. If at least one common PMK exists, the mesh point 310 determines which PMK has the highest priority (latest expiration time) of the shared PMKs (Sl) during step 545. Next, the mesh point 310 checks to see if Sl and Kl are the same during step 550. If Sl and Kl are the same, the mesh point 310 constructs an open message using Kl, and sends the list in a corresponding open message.
  • the mesh point discards the current link instance, and constructs a new open message with Sl to transmit to the mesh point 320.
  • the resulting negotiated PMK is the PMK with the highest priority among the PMKs shared by the two mesh points.
  • FIG 6 is an exemplary flow diagram of a method 600 according to an embodiment of the invention that may be performed by at a mesh point, such as the mesh point 310, during the step 450 of the method 400 when it has received a confirmation message in order to in finalize the negotiated PMK.
  • the steps of the method 600 are described with respect to elements and features of the wireless ad- hoc network 100 and the mesh point 310 shown in Figures 1 and 3. However, the steps of the method 600 are not confined to the embodiment of the invention described.
  • the mesh point 310 receives a confirmation message.
  • the mesh point 310 determines whether it already has a PMK that is being used (K).
  • the mesh point 310 checks to see if the PMK being used is the same as the PMK received in the confirmation message (K2) during step 615. If the two PMKs are the same, the mesh point 310 verifies the authentication code included in the confirmation message. Afterwards, the mesh point 310 composes and sends a corresponding confirmation message during steps 630 and 640 and ends the method. If the two PMKs are not the same, the mesh point 310 discards the confirmation message and ends the method.
  • the mesh point checks to see if Kl is the same PMK as the PMK in its list of available PMKs with the highest priority (Kl) based on expiration time during step 620. If ATl and Kl are the same, the mesh point sets K2 as its PMK to be used during step 625, and composes and sends a corresponding confirmation message during steps 630 and 640.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A system and method for negotiating a pairwise master key ('PMK') in wireless mesh networks. The system includes a plurality of mesh points that are configured to perform an abbreviated handshake protocol in negotiating a PMK and establishing a secure connection. The method for establishing a negotiated PMK is based on selecting a PMK before transmitting any data, and arranging available PMKs in a predetermined list so that a PMK can be negotiated in a limited number of exchanges.

Description

APPARATUS AND METHOD FOR NEGOTIATING PAIRWISE MASTER KEY FOR SECURING PEER LINKS IN WIRELESS MESH NETWORKS
FIELD OF INVENTION
The embodiments of the invention generally relate to wireless networks. Specifically, the embodiments of the invention relate to an apparatus and a method for an authentication protocol in wireless ad-hoc networks.
BACKGROUND OF THE INVENTION
Recently, there has been a shift towards wireless technologies resulting in a surge of wireless products. Wireless versions exist for nearly all products. An area of wireless technology that has seen significant growth over the past decade is wireless networking, and more specifically wireless local area networks ("WLAN"). Wireless networks are becoming more prevalent, and are available nearly everywhere. Cities are deploying city- wide wireless networks, wireless connectivity is available in businesses, homes, libraries, airports, and even coffee shops. The benefits of wireless networks are undeniable. They are extremely convenient, providing increased mobility and efficiency. Furthermore, wireless networks are easy to expand, and easy to deploy. However, despite all the benefits of wireless networks, issues of security, range, and speed exist with WLANs.
The IEEE 802.11 protocol is the governing standard for WLANs. As wireless networking technology has developed, the IEEE 802.11 standard has undergone multiple amendments. Each amendment is aimed to address specific shortcomings of wireless networks. These amendments are designated by a letter following "802.11," and have introduced various improvements on the original 802.11 standard. The 802.11b and 802.1 Ig standards are two modulation amendments that are widely used for implementing home wireless networks. The 802. Hi standard is an amendment to the 802.11 standard implementing various security mechanisms for wireless networks. The 802.1 Ii standard introduced the WiFi Protected Access2 ("WP A2") protocol, which supplemented the wired equivalent privacy ("WEP") and WiFi Protected Access ("WPA") protocols. WP A2 makes use of the Extensible Authentication Protocol ("EAP") in providing a pairwise master key ("PMK") in establishing a secure link. Another amendment currently under development to the IEEE 802.11 standard is the 802.11s standard. The 802.11s standard was chartered to improve throughput of data transmission over a wireless network through the addition of mesh capabilities. Mesh capabilities allow data to be transmitted on paths consisting of multiple wireless hops. A primary focus during the development of the 802.11s standard with mesh capabilities was to improve performance for streaming video. However, streaming video limits the time allotted for links to be established, making the establishment of a secure link difficult with existing authentication protocols. Particularly difficult is the negotiation of a PMK for establishing the authenticated peer link during the allotted time.
BRIEF DESCRIPTION OF THE DRAWING FIGURES The present invention will be more readily understood from the detailed description of exemplary embodiments presented below considered in conjunction with the accompanying drawings, in which:
Figure 1 is an illustration of a wireless ad-hoc local area network according to an embodiment of the invention;
Figure 2 is an exemplary block diagram of a mesh point according to an embodiment of the invention;
Figure 3 is an exemplary flow diagram data being exchanged between mesh points according to an embodiment of the invention;
Figure 4 is an exemplary flow diagram of negotiating a pairwise master key ("PMK") according to an embodiment of the invention; Figure 5 is an exemplary flow diagram of negotiating a pairwise master key
("PMK") according to an embodiment of the invention; and
Figure 6 is an exemplary flow diagram of finalizing the negotiation of a pairwise master key according to an embodiment of the invention.
DETAILED DESCRIPTION OF THE INVENTION An embodiment of the invention is directed to a system for negotiating a pairwise master key ("PMK"). A PMK is a shared key that allow the encryption and decryption of data transmitted between two network devices. A PMK may have a limited life span, and may also be used to derive pairwise transient keys ("PTK") to perform the actual encryption and decryption of data. PMKs may be used for the entire duration of a connection between two network devices until the connection is terminated or lost. Although authentication protocols utilizing PMKs are generally used in wireless networks, they can be used in the implementation of wired networks as well. Each network device includes a processor, a storage device, a random number generator and a communication device that is able to both receive and transmit data. Furthermore, each network device is configured to select a default PMK before a PMK has been negotiated. The selected default PMK may be the highest priority PMK from a list of available PMKs, where priorities are based on the expiration times of each PMK. Other methods of sorting the list of PMKs may also be used as long as the basis of the arrangement is known to both mesh points establishing the connection. This list of PMKs arranged in order of expiration times is also known as the PMK identifier list. The PMK identifier list is specific between two specific mesh points, and includes a list of the PMKs that are shared between the two specific mesh points and are available for the establishing a connection between the two specific mesh points. The network devices advertise the PMKs that it has available by adding the PMK identifier list to an open message when attempting to form a connection. Each network device is also configured to receive PMK identifiers lists from other network devices and independently select a negotiated PMK, the PMK that will be used by the network devices for the duration of the connection that they establish, using an interpretive algorithm based on the default PMK and the PMK identifier lists it has received and transmitted. After a negotiated PMK has been selected, the network device sends out a confirmation to the network device with which it is establishing a link to complete the protocol. The embodiments of the invention allow the negotiation of the PMK in at least four messages. This is accomplished through the use of an ordered PMK list that ranks the available PMKs according to expiration times of the individual PMKs, thus allowing a network device to select the highest priority PMK as a default PMK to be used in its initial transmission when attempting a connection before a PMK has been negotiated.
The term "handshake" refers to handshaking in information technology, telecommunications, and related fields, wherein handshaking is an automated process of negotiation that dynamically sets parameters of a communications channel established between two entities before normal communication over the channel begins. It follows the physical establishment of the channel and precedes normal information transfer. Handshaking may be used to negotiate parameters that are acceptable to equipment and systems at both ends of the communication channel, including, but not limited to, information transfer rate, coding alphabet, parity, interrupt procedure, and other protocol or hardware features. Handshaking makes it possible to connect relatively heterogeneous systems or equipment over a communication channel without the need for human intervention to set parameters. One example of handshaking is that of modems, which typically negotiate communication parameters for a brief period when a connection is first established, and thereafter use those parameters to provide optimal information transfer over the channel as a function of its quality and capacity. The "squealing" (which is actually a sound that changes in pitch 100 times every second) noises made by some modems with speaker output immediately after a connection is established are in fact the sounds of modems at both ends engaging in a handshaking procedure; once the procedure is completed, the speaker might be silenced, depending on the driver.
It is a process that takes place when a computer is about to communicate with a device to establish rules for the communication.
Preferably, the network devices are configured to transmit and receive data wirelessly. Preferably, the plurality of network devices are mesh points in a wireless ad- hoc network. Preferably, the open message comprises a network device identifier associated with the network device transmitting the PMK identifier list; a generated random number associated with the network device transmitting the open message; a list of PMKs associated with the network device transmitting the open message; the default PMK associated with the network device transmitting the open message; and a message authentication code constructed with the default PMK. Preferably, the list of PMKs is arranged based on expiration times associated with each of the PMKs in the list. Preferably, the negotiated PMK is selected based on an interpretive algorithm. Preferably, the confirmation message comprises a network device identifier associated with the network device transmitting the confirmation message; a network device identifier associated with the network device receiving the confirmation message; a randomly generated number associated with the network device transmitting the confirmation message; a randomly generated number associated with the network device receiving the confirmation message; the negotiated PMK; and a message authentication code constructed with the negotiated PMK. Preferably, the PMK is selected based on an interpretive algorithm.
An alternative embodiment of the invention is directed to a method for negotiating a pairwise master key ("PMK") between network devices establishing a link. To start the process, a new instance for establishing a link is created at a network device. Then, a default PMK is selected from the PMKs that the network device has available, and the network device constructs a PMK identifier list to advertise available PMKs to other network devices using the selected default PMK. The PMK identifier list includes the PMKs that the network device has available, arranged in order of priority, that it shares with the specific mesh point with which it is trying to establish a connection, and the default PMK is preferably the PMK with the highest priority. The network device then transmits the PMK identifier list to other network devices, and receives a PMK identifier list transmitted by a second network device. Upon receiving the PMK identifier list, the network device selects a negotiated PMK using an interpretive algorithm based on the received PMK identifier list and composes and transmits a confirmation message to the second network device if a PMK has been negotiated. If no PMK is successfully selected, no confirmation messages are constructed or composed and the link instances are discarded.
Preferably, the method comprises the steps of determining a second default PMK associated with the second network device; constructing the second PMK identifier list associated with the second network device; transmitting the second PMK identifier list to the first network device; receiving the first PMK identifier list transmitted by the first network device; independently selecting a second PMK based on the received first PMK identifier list; composing the second confirmation message based on the selected second PMK; and transmitting the second confirmation message to the first network device. Preferably, the transmitting steps are performed wirelessly. Preferably, the first network device and the second network device are mesh points of a wireless ad-hoc network.
Another embodiment of the invention is directed to a method for negotiating a pairwise master key between two network devices. In this embodiment, both network devices create new instances for establishing a link, and select default PMKs from the PMKs that each network device has available. The network devices use these PMKs and the PMKs that it has available to compose PMK identifier list messages, and transmit the PMK identifier list messages to each other. After both network devices have received the PMK identifier lists, each network device selects a PMK. After the PMKs have been selected, each network device composes and transmits a confirmation message to the other. If no PMK is successfully selected, no confirmation messages are constructed or composed and the link instances are discarded. Figure 1 is an exemplary illustration of a wireless ad-hoc network according to an embodiment of the invention. Although the wireless network 100 depicted in Figure 1 is shown with five mesh points, mesh points 110, 120, 130, 140, and 150, the wireless network 100 may have any number of wireless mesh points. Furthermore, the mesh points 110, 120, 130, 140, and 150 may be any type of wireless node or network appliance such as a laptop computer, a personal computer, a wireless access points, etc. The illustration of Figure 1 depicts a general wireless network, and since the design of wireless mesh networks will vary widely depending on the application and implementation of the network, Figure 1 does not include features of wireless mesh networks that may be present in other implementations of wireless mesh networks. Furthermore, although the invention may be described through exemplary embodiments of the invention, the features of the invention may be implemented in nearly all wireless mesh networks, and an embodiment of the invention has been accepted in the draft for the IEEE 802.1 Is standard.
Figure 2 is a representative block diagram of a mesh point 200 that may be used in an embodiment of the invention. The block diagram of the mesh point 200 of Figure 2 may be representative of any of the mesh points 110, 120, 130, 140 or 150 shown in Figure 1. The mesh point 200 may be nearly any type of wireless network appliance, including a laptop computer, a personal computer ("PC"), a personal data assistant ("PDA"), a wireless access point, etc. Figure 2 shows various basic components that the mesh point 200 may include. The mesh point 200 may include an authenticated identity 210. The authenticated identity 210 may be the media access control ("MAC") address of the mesh point 200, or any other unique identifier for the mesh point 200. The mesh point 200 may also include a random number generator 220. The random number generator 220 may be a software application that is part of an operating system for the mesh point 200, or the random number generator 200 may be a separate specific standalone application. The random number generator 220 may conform to the ANSI X9.31 and ANSI X9.82 standards in generating random numbers. The mesh point 200 may also include a memory 230. The memory 230 may be a hard drive, a cache memory, or any type of solid state memory, etc. The memory 230 stores any data the mesh point 200 may use in establishing a link with any other mesh point in a mesh network, or performing any other task the mesh point may perform. The data stored in the memory 230 may include a PMK identifier list, a list of PMKs that are available to the mesh point 200, any PMK being used for any existing links, any authentication keys corresponding to any PMKs being used, etc. The mesh point 200 may also include a processor 240. The processor 240 may be any type of device that is designed to carry out the functions of the mesh point 200.
Figure 3 is a representative block diagram of two mesh points, 310 and 320, exchanging messages in negotiating a PMK according to an embodiment of the invention. Although an embodiment of the invention is described with respect to a wireless ad-hoc network having only two mesh points, the features of this invention is applicable for virtually all designs and configuration of wireless networks having any number of mesh points. The mesh points 310 and 320 of Figure 3 may be any of the mesh points shown in Figure 1, and may be represented by the block diagram of the mesh point 200 in Figure 2. According to an embodiment of the invention, in initiating negotiation of a PMK, at least one mesh point instantiates a new link instance, selects a default PMK and advertises its respective PMK identifier list. The PMK identifier list is an ordered list of the PMKs that two specific mesh points share when they are establishing a connection, and the PMKs are arranged in an order of priority, preferably based on expiration times of the PMKs. The PMKs are unique to each pair of mesh points in a network, and differ for each pair of mesh points attempting to establish a connection. In the current exemplary embodiment, the PMK identifier list includes the PMKs that the mesh points 310 and 320 share and have available to each other when establishing a connection with each other. The default PMK is preferably the PMK of highest priority in the PMK identifier list. In an exemplary embodiment of the invention, the PMK with the highest priority is the PMK with the latest expiration time. After the default PMK is selected the mesh point transmits the PMK identifier list in an open message. The open messages include the PMK identifier lists that are constructed, the authenticated identity of the mesh point, a randomly generated number, the selected default PMK, and an message authentication code for the message computed by the message authentication code key derived from the selected default PMK. Although one embodiment has been described where the default PMK is selected before the PMK identifier list is constructed, in another embodiment, the PMK identifier list may be constructed before the default PMK is selected. The authenticated identity of the mesh point may be the authenticated identity 210 shown in Figure 2, and the randomly generated number may have been generated by random number generator 220. The message authentication code may be generated according to a cryptographic standard such as the advanced encryption standard ("AES"). In an embodiment of the invention, the open message may be constructed according to the following: MP \\ R Il L \\ K \\ mKK (MP \\ R \\ L\\ K); where MP is the authenticated identity of the transmitting mesh point, R is a random number, L is a list of identifiers of the PMKs available to the mesh point, K is the identifier of the selected default PMK, KK is the message authentication code key derived from K, VHKK {MP \\ R \\ L\\ K) is the message authentication code computed using KK, and "II" denotes concatenation. Furthermore, the list of the available PMKs for each mesh point is arranged in a predetermined order. Since each PMK has an associated duration of time for which it is valid, the PMK identifiers in the list of available PMKs L are ordered by the expiration time of each PMK. The first PMK identifier in L identifies the PMK that expires last among all PMKs identified in L and the last PMK identifier in L identifies the PMK that expires first among all PMKs identified in L. The selected default PMK is generally the first PMK identifier in L, the last PMK to expire.
After a mesh point has constructed a PMK identifier list and selected the default PMK, the PMK identifier list is included in an open message and transmitted to other mesh points. In an embodiment where the mesh point 310 is initiating the negotiation of a PMK with the mesh point 320, the mesh point 310 constructs the PMK identifier list, includes the list in the open message 330 and transmits the open message 330 to the mesh point 320, illustrated by the arrow 335. In an embodiment where the mesh point 320 is initiating the negotiation of a PMK, the mesh point 320 constructs the PMK identifier list, includes the list in the open message 340 and transmits the open message 340 to the mesh point 310, illustrated by the arrow 345. In an embodiment where both mesh points 310 and 320 are initiating the negotiation, the open messages 330 and 340 are both constructed and transmitted simultaneously, as shown by arrows 335 and 345.
Each mesh point receives the open message and makes an independent determination regarding the PMK to be used for the current link using an interpretive algorithm, which is based on the default PMKs, and the PMK identifier lists of the mesh points. However, in an embodiment where only one mesh point is initiating the link, this step may precede the formation of a PMK identifier list. For example, in an embodiment where the mesh point 310 is initiating the link with the mesh point 320, the mesh point 310 constructs the PMK identifier list, includes it in the open message 330, and transmits the open message 330 to the mesh point 320. The mesh point 320 receives the open message 330 and makes an independent determination of the PMK to be used for the current link. After the PMK has been chosen, the mesh point 320 constructs a PMK identifier list with the chosen PMK and transmits the PMK identifier list in the open message 340 to the mesh point 310.
After both mesh point have constructed PMK identifier lists, transmitted the lists in open messages, and have each independently chosen the negotiated PMK to be used based on the received open messages, both mesh points compose confirmation messages and transmit the confirmation messages to the other mesh point if the negotiated PMKs are the same. In Figure 3, the mesh point 310 composes confirmation message 350 and the mesh point 320 composes confirmation message 360. The confirmation message includes the authenticated identities of both mesh points, the random numbers sent by both mesh points in the respective PMK identifier lists, the selected negotiated PMK, and the message authentication code of the confirmation message computed using the negotiated PMK. In an embodiment of the invention, a confirmation message being sent from the mesh point 310 to the mesh point 320 may be composed according to the following:
MP310 || MP320 | | R3io Il ^320 || K \\ mκκ (MP310 | | MP320 \\ R310 \\ R320 \\ K); where MP310 is the authenticated identity of the mesh point 310, MP320 is the authenticated identity of mesh point 320, i?3io is the random number generated and transmitted by the mesh point 310 in its open message, i?32o is the random number generated and transmitted by the mesh point 320 in its open message, K is the selected negotiated PMK, KK is the message authentication code key derived from K, VΆKK (MP310 (I MP320 || i?3io || ^320 Il ^O is the message authentication code computed using KK, and "||" denotes concatenation. In order to complete the protocol, the mesh point 320 composes and transmits a similar confirmation message to the mesh point 310 to confirm the commitment of both mesh points to use the chosen PMK, designated as K. The corresponding confirmation message composed and transmitted by the mesh point 320 is as follows:
MP320 I) MP310 | | R320 \\ R310 \\ K \\ mκκ (MP320 \ \ MP310 \\ R320 \\ R310 \\ K); where MP320 is the authenticated identity of the mesh point 320, MP310 is the authenticated identity of mesh point 310, i?32o is the random number generated and transmitted by the mesh point 320 in its open message, i?3io is the random number generated and transmitted by the mesh point 310 in its open message, K is the selected negotiated PMK, KK is the message authentication code key derived from K, VHKK (MP320 Il MP310 || i?32o || i?310 || £) is the authentication code computed using KK, and "II" denotes concatenation. The inclusion of the two random numbers in the confirmation message protect against replay attacks and confirm to both mesh points that the messages are fresh. The transmission of the two confirmation messages 350 and 360 is represented by the two arrows 355 and 365. However, if no PMK has been successfully negotiated, no confirmations messages are composed or transmitted.
Figure 4 is a representative flow diagram of a method 400 according to an embodiment of the invention that show the steps of the interpretive algorithm performed at a mesh point in independently selecting a negotiated PMK. The steps of the method 400 are described with respect to elements and features of the wireless ad-hoc network 100 and the mesh point 310, shown in Figures 1 and 3, respectively. However, the steps of the method 400 are not confined to the embodiment of the invention described.
The first step of the method 400 is step 405, where the mesh point 310 is attempting to establish a link, and thus needs to negotiate a PMK. In preparation for establishing a link, the mesh point 310 creates a new instance for a new link during step 405. In step 410, the mesh point 310 selects a default PMK from the list of PMKs that it has available. The available PMKs may be sorted in order of expiration times, with the PMK with the latest expiration time given the highest priority, and the PMK expiring closest in time ranked last. Preferably, the default PMK is the PMK with the highest priority (i.e. - the PMK that expires last). After the default PMK is chosen, the mesh point 310 constructs a PMK identifier list to be placed in an open message as described above during step 415. The mesh point 310 then transmits the open message to another mesh point in the network 100 during step 420. After the open message is transmitted in step 420, the mesh point 310 may receive an open message from another mesh point in the network 100 during step 425. The other mesh point may be the mesh point 320 as shown in Figure 3.
After receiving the open message from another mesh point, the mesh point 310 independently selects a negotiated PMK based on the PMKs that it has available and the received open message. If no PMK can be selected during step 430, the mesh point 310 terminates the current instance for a link and begins the method 400 again. However, if a PMK is selected during step 430, the mesh point 310 composes a confirmation message as described above during step 440. The mesh point 310 then transmits the confirmation message during step 445, and receives a confirmation message from another mesh point during step 450. If the chosen PMKs match, the protocol ends and a link is successfully established.
Figure 5 is an exemplary flow diagram of a method 500 according to an embodiment of the invention that may be performed by at a mesh point, such as the mesh point 310, during the step 430 of the method 400 in independently selecting a PMK. The method 500 may be performed at the mesh point 310 when it is attempting to establish a link, or when it has received an open message from another mesh point attempting to establish a link. The steps of the method 500 are described with respect to elements and features of the wireless ad-hoc network 100 and the mesh point 310 shown in Figures 1 and 3. However, the steps of the method 500 are not confined to the embodiment of the invention described. During the description of the method 500, K represents the variable of the PMK being used by the mesh point, Kl represents the PMK that is received in the open message received during step 505, Ll represents the list of PMKs available to the mesh point 310, and Ll represents the list of PMKs available to the mesh point that transmitted the open message received at the mesh point 310 during step 505.
During step 505, the mesh point 310 receives an open message from another mesh point in the wireless ad-hoc network. During decision block 510, the mesh point 310 determines whether it already has a PMK to be used (K). If it determines that a PMK to be used has already been established, it checks to see if the PMK to be used is the same as Kl that was included in the received open message during step 515. If the two PMKs match, the mesh point 310 composes and transmits a confirmation message with the selected PMK (K2) during step 530. If the two PMKs do not match, the open message is discarded during step 525 and the method is ended.
In the situation that the mesh point 310 does not have a PMK to be used, the mesh point 310 verifies whether Kl is included in its list of available PMKs (Ll) during decision block 520. If Kl is not included in Ll , the open message is discarded, and the method is ended. However, if Kl is present in Ll, the mesh point 310 checks to see if Kl is the same PMK as the PMK with the highest priority (Kl, the PMK with the latest expiration time) in its list Ll during step 535. If ATl and Kl are the same, the mesh point sets Kl as the PMK to be used during step 540, and accordingly composes and sends a confirmation message. However, if Kl and Kl are not the same, the mesh point 310 looks to see if there are any shared PMKs in Ll and Ll. If no shared PMKs exist, the protocol is ended. If at least one common PMK exists, the mesh point 310 determines which PMK has the highest priority (latest expiration time) of the shared PMKs (Sl) during step 545. Next, the mesh point 310 checks to see if Sl and Kl are the same during step 550. If Sl and Kl are the same, the mesh point 310 constructs an open message using Kl, and sends the list in a corresponding open message. However, if Sl and Kl are not the same, the mesh point discards the current link instance, and constructs a new open message with Sl to transmit to the mesh point 320. Thus, if a PMK is successfully negotiated with the method 500, the resulting negotiated PMK is the PMK with the highest priority among the PMKs shared by the two mesh points.
Figure 6 is an exemplary flow diagram of a method 600 according to an embodiment of the invention that may be performed by at a mesh point, such as the mesh point 310, during the step 450 of the method 400 when it has received a confirmation message in order to in finalize the negotiated PMK. The steps of the method 600 are described with respect to elements and features of the wireless ad- hoc network 100 and the mesh point 310 shown in Figures 1 and 3. However, the steps of the method 600 are not confined to the embodiment of the invention described. During step 605, the mesh point 310 receives a confirmation message. At decision block 610, the mesh point 310 determines whether it already has a PMK that is being used (K). If a PMK being used has been established, the mesh point 310 checks to see if the PMK being used is the same as the PMK received in the confirmation message (K2) during step 615. If the two PMKs are the same, the mesh point 310 verifies the authentication code included in the confirmation message. Afterwards, the mesh point 310 composes and sends a corresponding confirmation message during steps 630 and 640 and ends the method. If the two PMKs are not the same, the mesh point 310 discards the confirmation message and ends the method.
However, in the situations where the PMK does not have PMK that has been established (K), the mesh point checks to see if Kl is the same PMK as the PMK in its list of available PMKs with the highest priority (Kl) based on expiration time during step 620. If ATl and Kl are the same, the mesh point sets K2 as its PMK to be used during step 625, and composes and sends a corresponding confirmation message during steps 630 and 640.
Thus, while there have been shown, described, and pointed out fundamental novel features of the invention as applied to several embodiments, it will be understood that various omissions, substitutions, and changes in the form and details of the illustrated embodiments, and in their operation, may be made by those skilled in the art without departing from the spirit and scope of the invention. Substitutions of elements from one embodiment to another are also fully intended and contemplated. The invention is defined solely with regard to the claims appended hereto, and equivalents of the recitations therein.

Claims

We claim:
1. A system for negotiating a pairwise master key ("PMK"), comprising at least a first network device and a second network device, wherein at least one network device is configured to select a default PMK from an ordered PMK identifier list before the PMK has been negotiated, and negotiate the PMK based on the default PMK and the ordered PMK identifier list.
2. The system as in claim 1, wherein: at least one network device comprises a processor, a storage device, a random number generator, and a communication device configured to transmit and receive data, and wherein the first network devices is configured to create an instance for establishing a link, select a first default PMK, construct a first PMK identifier list, compose a first open message comprising the first PMK identifier list, transmit the first open message to the second network device, receive a second open message comprising a second default PMK and a second PMK identifier list constructed by the second network device, independently select a negotiated PMK based on the first default PMK, the first PMK identifier list and the second PMK identifier list.
3. The system as in claim 2, wherein the first network device and the second network device are mesh points in a wireless ad-hoc network.
4. The system as in claim 2, wherein the first open message comprises: a first network device identifier associated with the first network device; a generated random number associated with the first network device; the first PMK identifier list comprising a list of PMKs associated with the first network device and the second network device; the first default PMK associated with the first network device; and a message authentication code constructed with the first default PMK.
5. The system as in claim 2, wherein the second open message comprises: a second network device identifier associated with the second network device; a generated random number associated with the second network device; the second PMK identifier list comprising a list of PMKs associated with the first network device and the second network device; the second default PMK associated with the second network device; and a message authentication code constructed with the second default PMK.
6. The system as in claim 2, wherein the first PMK identifier list and the second PMK identifier lists are arranged in an order of priority based on expiration times associated with at least one of the PMKs in each of the lists and the first default PMK is a PMK in the first PMK identifier list with a highest priority in the first PMK identifier list and the second default PMK is a PMK in the second PMK identifier list with a highest priority in the second PMK identifier list.
7. The system as in claim 6, wherein a highest priority in the order of priority is given to the PMK that expires latest.
8. The system as in claim 2, wherein the negotiated PMK comprises a PMK with a highest priority of PMKs shared by both the first network device and the second network device.
9. The system as in claim 2, wherein the first network device and the second network device are further configured to transmit a first confirmation message and a second confirmation message upon successful negotiation of the PMK, wherein successful negotiation comprises the first default PMK and the second default PMK being the same PMK, the first confirmation message and the second confirmation message each comprising: a first network device identifier associated with the first network device; a second network device identifier associated with the second network device; a first randomly generated number associated with the first network device; a second randomly generated number associated with the second network; the negotiated PMK; and a message authentication code constructed with the negotiated PMK.
10. A method for negotiating a pairwise master key ("PMK"), comprising the steps of: selecting a default PMK from an ordered PMK identifier list before the PMK has been negotiated; and negotiating the PMK based on the default PMK and the ordered PMK identifier list.
11. The method as in claim 10, further comprising the steps of: creating an instance in order to establish a link; constructing a first PMK identifier list associated with a first network device and a second network device at the first network device; determining a first default PMK associated with the first network device; transmitting a first open message comprising the first PMK identifier list to a second network device; receiving a second open message comprising a second PMK identifier list associated with the second network device; and independently selecting a negotiated PMK based on first default PMK, the first PMK identifier list, and the second PMK identifier list.
12. The method as in claim 11, further comprising the steps of: constructing the second PMK identifier list associated with the second network device and the first network device at the second network device; determining a second default PMK associated with the second network device; transmitting the second open message comprising the second PMK identifier list to the first network device; receiving the first open message comprising the PMK identifier list transmitted by the first network device; and independently selecting the negotiated PMK based on the received first PMK identifier list, the second default PMK, and the second PMK identifier list.
13. The method as in claim 12, further comprising the steps of: successfully negotiating the PMK, wherein successful negotiation comprises the first default PMK being the same as the second default PMK; composing a first confirmation message based on the negotiated PMK at the first network device; transmitting the first confirmation message to the second network device; and receiving a second confirmation PMK message based on the negotiated PMK from the second network device.
14. The method as in claim 13, further comprising the steps of: successfully negotiating the PMK, wherein successful negotiation comprises the first default PMK being the same as the second default PMK; composing the second confirmation message based on the negotiated PMK at the second network device; transmitting the second confirmation message to the first network device; and receiving the first confirmation message based on the negotiated PMK from the first network device.
15. The method as in claim 11, wherein the first network device and the second network device are mesh points of a wireless ad-hoc network.
16. The method as in claim 11, wherein the first open message comprises: a first network device identifier associated with the first network device the; a generated random number associated with the first network device; the first PMK identifier list comprising a list of PMKs associated with the first network device and the second network device; the first default PMK associated with the first network device; and a message authentication code constructed with the first default PMK.
17. The method as in claim 12, wherein the second open message comprises: a second network device identifier associated with the second network device the; a generated random number associated with the second network device; the second PMK identifier list comprising a list of PMKs associated with the first network device and the second network device; the second default PMK associated with the second network device; and a message authentication code constructed with the second default PMK.
18. The method as in claim 11, wherein the negotiated PMK comprises a PMK with a highest priority of PMKs shared by both the first network device and the second network device.
19. The method as in claim 12, wherein the first PMK identifier list and the second PMK identifier lists are arranged in an order of priority based on expiration times associated with at least one of the PMKs in each of the lists, and the first default PMK is a PMK in the first PMK identifier list with a highest priority in the first PMK identifier list and the second default PMK is a PMK in the second PMK identifier list with the highest priority in the second PMK identifier list.
20. The method as in claim 19, wherein a highest priority in the order of priority is given to the PMK that expires latest.
21. The method as in claim 14, wherein the first confirmation message and the second confirmation message comprise: a first network device identifier associated with the first network device; a second network device identifier associated with the second network device; a first randomly generated number associated with the first network device; a second randomly generated number associated with the second network; the negotiated PMK; and a message authentication code constructed with the negotiated PMK.
22. A method as in claim 10, further comprising the steps of: creating a first instance for establishing a link at the first network device; creating a second instance for establishing a link at the second network device; constructing a first PMK identifier list associated with the first network device and the second network device at the first network device; constructing a second PMK identifier list associated with the second network device and the first network device at the second network device; selecting a first default PMK associated with the first network device; selecting a second default PMK associated with the second network device; transmitting a first open message comprising the first PMK identifier list to the second network device; transmitting a second open message comprising the second PMK identifier list to the first network device; receiving the first open message at the second network device; receiving the second open message at the first network device; independently selecting a negotiated PMK based on the received second PMK identifier list at the first network device; and independently selecting the negotiated PMK based on the received first PMK identifier list at the second network device.
23. A method as in claim 22, further comprising the steps of: successfully negotiating the PMK, wherein successful negotiation comprises the first default PMK being the same as the second default PMK; composing a first confirmation message based on the negotiated PMK at the first network device; composing a second confirmation message based on the negotiated PMK at the second network device; transmitting the first confirmation message to the second network device; transmitting the second confirmation message to the first network device; receiving the first confirmation message from the first network device at the second network device; and receiving the second confirmation message from the second network device at the first network device.
PCT/US2008/085110 2007-12-28 2008-12-01 Apparatus and method for negotiating pairwise master key for securing peer links in wireless mesh networks WO2009085528A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN200880123657XA CN101911814B (en) 2007-12-28 2008-12-01 Apparatus and method for negotiating pairwise master key for securing peer links in wireless mesh networks
JP2010540714A JP5010744B2 (en) 2007-12-28 2008-12-01 Apparatus and method for negotiating a pair master key to protect a peer link in a wireless mesh network
BRPI0819474A BRPI0819474A2 (en) 2007-12-28 2008-12-01 equipment and method for negotiating paired master keys to secure point links in wireless mesh networks
EP08866653.2A EP2225909A4 (en) 2007-12-28 2008-12-01 Apparatus and method for negotiating pairwise master key for securing peer links in wireless mesh networks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/966,776 US9246679B2 (en) 2007-12-28 2007-12-28 Apparatus and method for negotiating pairwise master key for securing peer links in wireless mesh networks
US11/966,776 2007-12-28

Publications (2)

Publication Number Publication Date
WO2009085528A2 true WO2009085528A2 (en) 2009-07-09
WO2009085528A3 WO2009085528A3 (en) 2009-08-27

Family

ID=40798478

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2008/085110 WO2009085528A2 (en) 2007-12-28 2008-12-01 Apparatus and method for negotiating pairwise master key for securing peer links in wireless mesh networks

Country Status (7)

Country Link
US (1) US9246679B2 (en)
EP (1) EP2225909A4 (en)
JP (1) JP5010744B2 (en)
KR (1) KR101175864B1 (en)
CN (1) CN101911814B (en)
BR (1) BRPI0819474A2 (en)
WO (1) WO2009085528A2 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9173095B2 (en) * 2013-03-11 2015-10-27 Intel Corporation Techniques for authenticating a device for wireless docking
US9462464B2 (en) * 2014-03-27 2016-10-04 Qualcomm Incorporated Secure and simplified procedure for joining a social Wi-Fi mesh network
CN106162633B (en) * 2015-04-20 2019-11-29 北京华为数字技术有限公司 A kind of cipher key transmission methods and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050140964A1 (en) 2002-09-20 2005-06-30 Laurent Eschenauer Method and apparatus for key management in distributed sensor networks

Family Cites Families (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS5534520A (en) * 1978-08-31 1980-03-11 Fujitsu Ltd Encrypt data communication system containing multi- encrypt key
DE19513959C2 (en) * 1995-04-12 1997-02-13 Siemens Ag Method for controlling functions for changing the radio range of communication terminals
US5930362A (en) * 1996-10-09 1999-07-27 At&T Wireless Services Inc Generation of encryption key
US6965674B2 (en) * 2002-05-21 2005-11-15 Wavelink Corporation System and method for providing WLAN security through synchronized update and rotation of WEP keys
US7212837B1 (en) * 2002-05-24 2007-05-01 Airespace, Inc. Method and system for hierarchical processing of protocol information in a wireless LAN
US7234063B1 (en) * 2002-08-27 2007-06-19 Cisco Technology, Inc. Method and apparatus for generating pairwise cryptographic transforms based on group keys
DE60202863T2 (en) * 2002-08-30 2005-06-30 Errikos Pitsos Method, gateway and system for data transmission between a network device in a public network and a network device in a private network
US7263357B2 (en) * 2003-01-14 2007-08-28 Samsung Electronics Co., Ltd. Method for fast roaming in a wireless network
US7275157B2 (en) * 2003-05-27 2007-09-25 Cisco Technology, Inc. Facilitating 802.11 roaming by pre-establishing session keys
US7350233B1 (en) * 2003-09-12 2008-03-25 Nortel Networks Limited Fast re-establishment of communications for virtual private network devices
EP1531645A1 (en) * 2003-11-12 2005-05-18 Matsushita Electric Industrial Co., Ltd. Context transfer in a communication network comprising plural heterogeneous access networks
JP5042834B2 (en) 2004-08-25 2012-10-03 エレクトロニクス アンド テレコミュニケーションズ リサーチ インスチチュート Security-related negotiation method using EAP in wireless mobile internet system
US7603700B2 (en) * 2004-08-31 2009-10-13 Aol Llc Authenticating a client using linked authentication credentials
US7558388B2 (en) * 2004-10-15 2009-07-07 Broadcom Corporation Derivation method for cached keys in wireless communication system
KR100923176B1 (en) * 2004-10-27 2009-10-22 메시네트웍스, 인코포레이티드 System and method for providing security for a wireless network
JP4551202B2 (en) * 2004-12-07 2010-09-22 株式会社日立製作所 Ad hoc network authentication method and wireless communication terminal thereof
KR100729725B1 (en) 2005-02-02 2007-06-18 한국전자통신연구원 Method for authorization in wireless portable internet and system thereof
US7596376B2 (en) * 2005-02-18 2009-09-29 Cisco Technology, Inc. Methods, apparatuses and systems facilitating client handoffs in wireless network systems
US20060233377A1 (en) * 2005-03-31 2006-10-19 Hwang-Daw Chang Key distribution method of mobile ad hoc network
US8532304B2 (en) * 2005-04-04 2013-09-10 Nokia Corporation Administration of wireless local area networks
WO2006137624A1 (en) * 2005-06-22 2006-12-28 Electronics And Telecommunications Research Institute Method for allocating authorization key identifier for wireless portable internet system
US7602918B2 (en) * 2005-06-30 2009-10-13 Alcatel-Lucent Usa Inc. Method for distributing security keys during hand-off in a wireless communication system
US7545810B2 (en) * 2005-07-01 2009-06-09 Cisco Technology, Inc. Approaches for switching transport protocol connection keys
KR100770928B1 (en) * 2005-07-02 2007-10-26 삼성전자주식회사 Authentication system and method thereofin a communication system
US8576846B2 (en) * 2005-10-05 2013-11-05 Qualcomm Incorporated Peer-to-peer communication in ad hoc wireless network
US7461253B2 (en) * 2005-11-22 2008-12-02 Motorola, Inc. Method and apparatus for providing a key for secure communications
US7706800B2 (en) * 2005-12-28 2010-04-27 Intel Corporation System, apparatus and method of hand over in wireless communication system
US8031872B2 (en) * 2006-01-10 2011-10-04 Intel Corporation Pre-expiration purging of authentication key contexts
JP2007188321A (en) * 2006-01-13 2007-07-26 Sony Corp Communication device, communication method, program, and recording medium
US7333464B2 (en) * 2006-02-01 2008-02-19 Microsoft Corporation Automated service discovery and wireless network set-up
US8023478B2 (en) * 2006-03-06 2011-09-20 Cisco Technology, Inc. System and method for securing mesh access points in a wireless mesh network, including rapid roaming
CN101052035B (en) * 2006-04-27 2011-08-03 华为技术有限公司 Multiple hosts safety frame and its empty port key distributing method
US7804807B2 (en) * 2006-08-02 2010-09-28 Motorola, Inc. Managing establishment and removal of security associations in a wireless mesh network
US7499547B2 (en) * 2006-09-07 2009-03-03 Motorola, Inc. Security authentication and key management within an infrastructure based wireless multi-hop network
US8594315B1 (en) * 2006-10-03 2013-11-26 Avaya Inc. Speed dial administration based on call history
JP4823015B2 (en) * 2006-10-26 2011-11-24 富士通株式会社 Remote control program, portable terminal device and gateway device
US8902793B2 (en) * 2007-02-15 2014-12-02 Broadcom Corporation Method and system for a low-complexity spanning tree algorithm in communication networks
US8175272B2 (en) * 2007-03-12 2012-05-08 Motorola Solutions, Inc. Method for establishing secure associations within a communication network
US9313658B2 (en) * 2007-09-04 2016-04-12 Industrial Technology Research Institute Methods and devices for establishing security associations and performing handoff authentication in communications systems

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050140964A1 (en) 2002-09-20 2005-06-30 Laurent Eschenauer Method and apparatus for key management in distributed sensor networks

Also Published As

Publication number Publication date
EP2225909A4 (en) 2016-06-01
CN101911814B (en) 2013-10-16
KR20100087768A (en) 2010-08-05
JP5010744B2 (en) 2012-08-29
US9246679B2 (en) 2016-01-26
WO2009085528A3 (en) 2009-08-27
KR101175864B1 (en) 2012-08-21
BRPI0819474A2 (en) 2015-09-29
US20090169011A1 (en) 2009-07-02
CN101911814A (en) 2010-12-08
JP2011509023A (en) 2011-03-17
EP2225909A2 (en) 2010-09-08

Similar Documents

Publication Publication Date Title
EP2007110B1 (en) Apparatus and methods for negotiating a capability in establishing a peer-to-peer communication link
KR102053829B1 (en) Secure NAN Data Link Settings
CN107769914B (en) Method and network device for protecting data transmission security
RU2696208C1 (en) Method and device for wireless devices authentication
US20190288860A1 (en) System and method for secure relayed communications from an implantable medical device
JP6522861B2 (en) Wireless communication system with multiple security levels
JP5597676B2 (en) Key material exchange
US9462464B2 (en) Secure and simplified procedure for joining a social Wi-Fi mesh network
EP2375627B1 (en) Three-way handshake protocol method
WO2011087575A2 (en) A multi-band/multi-link secure key generation and delivery protocol
US8037510B2 (en) Techniques for negotiation of security policies in wireless mesh networks
US11552994B2 (en) Methods and nodes for handling LLDP messages in a communication network
CN104602229A (en) Efficient initial access authentication method for WLAN and 5G integration networking application scenarios
US9246679B2 (en) Apparatus and method for negotiating pairwise master key for securing peer links in wireless mesh networks
Rong et al. Wireless network security
Mavrogiannopoulos On Bluetooth. Security
Shukla et al. Application Independent Security for IEEE 802.15. 1
WO2024033252A1 (en) Improved security establishment methods and systems

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200880123657.X

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08866653

Country of ref document: EP

Kind code of ref document: A2

ENP Entry into the national phase

Ref document number: 20107014360

Country of ref document: KR

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2010540714

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2008866653

Country of ref document: EP

ENP Entry into the national phase

Ref document number: PI0819474

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20100629