Patent Application
20150124966
This application relates to a method, a system, a network communication device, such as an access point, a master server and a computer-readable medium comprising instructions for improved security in a communication system.
There are hundreds of millions of Wi-Fi networks in the world today, serving billions of devices. Many of these networks are installed in consumer homes and business and are there for a reason, they have a primary function. But they are to an increasing degree also used to fulfil a secondary role, e.g. providing mobile data communications services to secondary users e.g. for the purpose of offloading Universal Mobile Telecommunications System (UMTS) or Long Term Evolution (LTE) networks. This gives rise to a security problem steaming from the fact that the networks and access points are often under the physical control of organizations and operators that are not trustworthy in the eyes of secondary users and/or their service providers. The technology disclosed herein solves this problem by protecting the data communication with the standard IEEE 802.11i security mechanism end-to-end, all the way from the device to a location that the user can reasonably consider trusted Security is important in all Wi-Fi networks but requirements vary depending on how the technology is deployed. We make a clear distinction between the following three security requirements.
Restricted access. Access must be restricted so that only authorized users can access the network and its resources.
Data privacy. Once a device is connected to the network it must not be possible for a third party to eavesdrop on the communication between the device and the network.
Data integrity. Once a device is connected to the network it must not be possible for a third party to modify the communication between the device and the network.
In residential or enterprise Wi-Fi networks preventing unauthorized access is usually the focus of attention. Potential threats to data privacy and data integrity on the air interface are handled with IEEE 802.11 mutual authentication and encryption, but not so on the wireline side. It is assumed that anybody with physical access to network elements is prevented through other means (e.g. physical security, company policy, legal agreements and so on) from eavesdropping on or modifying the communication of other users.
In an enterprise or residential context this key assumption often holds true, but not so in a carrier context. Access points and backhaul connections are more often than not under the physical control of somebody that cannot effectively be prevented from attempting to eavesdrop on or modify the communication of others. Making this incorrect assumption and deploying equipment designed for enterprise use or similar design practices in a carrier context can lead to severe security problems.
Some vendors in the carrier Wi-Fi space try to mitigate these problems by separately encrypting backhaul connections with IPSec or similar VPN protocols. This however leaves a weak link: clear-text data can still be accessed and modified within the access point itself.
There is thus a need for a secure manner of enabling a secure connection between a mobile communications terminal and a home router. There also exists a need for a system which is enabled to adapt the data traffic in the system.
It is an object of the teachings of this application to overcome the problems listed above by providing a communication network comprising a front-end network communication device arranged to operate as a front-end access point for establishing at least one data connection, such as an IEEE 802.11 data connection, between at least one mobile communications terminal and at least one back-end network communication device, wherein said front-end network communication device comprises a memory, a controller and a data port and said back-end network communication device comprises a memory, a controller and a data port wherein said front-end network communication device has a primary purpose and said at least one data connections is for a secondary purpose associated with said at least one back-end network communication devices.
The primary purpose is to provide one or more primary users with data communication services, and at least one of said primary users is in physical control of said front-end network communications device, and said front-end network communications device is arranged with access to primary encryption keys necessary for communication with said one or more primary users.
The secondary purpose is to provide one or more secondary user's access to secondary service providers.
The data connection is established end-to-end by said front-end network communications device being configured to receive at least one 802.11 frame from said mobile communications terminal, said IEEE 802.11 frame comprising an information entity, and send a corresponding message to said back-end network communications device, said message comprising said information entity, and/or receive at least one message from said back-end network communications device, said message comprising an information entity, and send a corresponding 802.11 frame to said mobile communications terminal, said IEEE 802.11 comprising said information entity, said front-end network communications device thereby being configured to act as a forwarding relay between said at least one mobile communications terminal and said at least one back-end network communications device and wherein said back-end network communication device is configured for: sending and receiving messages comprising IEEE 802.11 authentication protocol data to and/or from said at least one mobile communications terminal; and authenticating said mobile communication terminal and deriving secondary encryption keys based on said IEEE 802.11 authentication protocol data, wherein said back-end network communication device has access to said secondary encryption keys and said back-end network communication device is configured to keep said secondary encryption keys secret from the front-end network communications device.
It is also an object of the teachings of this application to overcome the problems listed above by providing a method for use in a communication network (400) comprising a front-end network communication device (100A, 200A) arranged to operate as a front-end access point for establishing at least one data connection (430), such as an IEEE 802.11 data connection (430), between at least one mobile communications terminal (420) and at least one back-end network communication device (100B, 200A), wherein said front-end network communication device (100A) comprises a memory (240), a controller (210) and a data port and said back-end network communication device (100B) comprises a memory (240), a controller (210) and a data port wherein said front-end network communication device (100A) has a primary purpose and said at least one data connections (430) is for a secondary purpose associated with said at least one back-end network communication devices (100B), wherein said primary purpose is to provide one or more primary users with data communication services, and at least one of said primary users is in physical control of said front-end network communications device (100A), and said front-end network communications device (100A) is arranged with access to primary encryption keys necessary for communication with said one or more primary users, and wherein said secondary purpose is to provide one or more secondary users access to secondary service providers, and wherein said method comprises establishing said data connection (430) end-to-end by: in the front-end network communications device (100A) receiving at least one 802.11 frame from said mobile communications terminal (420), said IEEE 802.11 frame comprising an information entity, and from the front-end network communications device (100A) sending a corresponding message to said back-end network communications device (100B), said message comprising said information entity, and/or in the front-end network communications device (100A) receiving at least one message from said back-end network communications device (100B), said message comprising an information entity, and from the front-end network communications device (100A) send a corresponding 802.11 frame to said mobile communications terminal (420), said IEEE 802.11 comprising said information entity, said front-end network communications device (100A) thereby being configured to act as a forwarding relay between said at least one mobile communications terminal (420) and said at least one back-end network communications device (100B) and wherein said method further comprising sending and receiving messages comprising IEEE 802.11 authentication protocol data between said back-end network communication device (100B) and said at least one mobile communications terminal (420); and authenticating said mobile communication terminal (420) and deriving secondary encryption keys based on said IEEE 802.11 authentication protocol data, wherein said back-end network communication device (100B) has access to said secondary encryption keys and said back-end network communication device (100B) is configured to keep said secondary encryption keys secret from the front-end network communications device (100A).
It is also an object of the teachings of this application to overcome the problems listed above by providing a computer-readable storage medium encoded with instructions that, when executed on a processor, performs the method according to above.
It is also an object of the teachings of this application to overcome the problems listed above by providing a back-end network communication device (100B, 200A) for use in a communication network (400) according to claim 1, wherein said back-end network communications device (100B) is configured to receive message from said front-end network communications device (100A), said message comprising at least one 802.11 frame from said mobile communications terminal (420), said IEEE 802.11 frame comprising an information entity, and/or send at least one message from said back-end network communications device (100B), said message comprising an information entity, to said front-end network communications device (100A), and sending and receiving messages comprising IEEE 802.11 authentication protocol data to and/or from said at least one mobile communications terminal (420); and authenticating said mobile communication terminal (420) and deriving secondary encryption keys based on said IEEE 802.11 authentication protocol data, wherein said back-end network communication device (100B) has access to said secondary encryption keys and said back-end network communication device (100B) is configured to keep said secondary encryption keys secret from the front-end network communications device (100A).
It is also an object of the teachings of this application to overcome the problems listed above by providing a front-end network communication device (100A, 200A) for use in a communication network (400) according to claim 1, wherein said front-end network communication device (100A) has a primary purpose and said at least one data connections (430) is for a secondary purpose associated with said at least one back-end network communication devices (100B), wherein said primary purpose is to provide one or more primary users with data communication services, and at least one of said primary users is in physical control of said front-end network communications device (100A), and said front-end network communications device (100A) is arranged with access to primary encryption keys necessary for communication with said one or more primary users, and wherein said secondary purpose is to provide one or more secondary users access to secondary service providers, and wherein said data connection (430) is established end-to-end by: said front-end network communications device (100A) being configured to receive at least one 802.11 frame from said mobile communications terminal (420), said IEEE 802.11 frame comprising an information entity, and send a corresponding message to said back-end network communications device (100B), said message comprising said information entity, and/or receive at least one message from said back-end network communications device (100B), said message comprising an information entity, and send a corresponding 802.11 frame to said mobile communications terminal (420), said IEEE 802.11 comprising said information entity, said front-end network communications device (100A) thereby being configured to act as a forwarding relay between said at least one mobile communications terminal (420) and said at least one back-end network communications device (100B) and wherein said sending and receiving message and corresponding 802.11 frame comprising IEEE 802.11 authentication protocol data enabling the back-end network communications device (100B) to authenticate said mobile communication terminal (420) and derive secondary encryption keys based on said IEEE 802.11 authentication protocol data, wherein said front-end network communication device (100A) is arranged to not have access to said secondary encryption keys.
It is also an object of the teachings of this application to overcome the problems listed above by providing a computer-readable storage medium encoded with instructions that, when executed on a processor of a back-end network communications device (100B) causes the back-end network communications device (100B) to perform as the back-end network communications device according to above.
It is also an object of the teachings of this application to overcome the problems listed above by providing a computer-readable storage medium encoded with instructions that, when executed on a processor of a front-end network communications device (100A) causes the front-end network communications device (100A) to perform as the front-end network communications device according to above.
The inventors of the present invention have realized, after inventive and insightful reasoning, that as an untrusted entity may have complete physical and/or electronic access to the Access Point (AP), and may therefore be capable of manipulating both hardware and software of the AP, there exists a real problem in that a mobile communication terminal connecting to the AP cannot be guaranteed data integrity and/or data privacy. These problems are a result of the fact that the AP is actually arranged for a primary purpose or function and the primary user of the AP has complete access to the AP.
Also, the primary function should not be influenced or affected by the AP also executing secondary functions and the AP should remain to be seen as intact from the primary purpose's perspective.
The inventors of the present invention have further realized, after inventive and insightful reasoning, that as if the AP is to authenticate secondary users using a standard IEEE 802.11 security mechanism, such as WPA2 Enterprise with EAP-AKA authentication, then the authentication interface, e.g. a RADIUS connection to an Authentication Authorization and Accounting (AAA) server operatively connected to the Home Location Registry (HLR), is exposed to the primary user. A primary user with malicious intent may misuse this access to set up a rogue access point arranged to use the authentication interface and thereby impersonate a service provider to trick a user to connect to the rogue access point, whereby the user is vulnerable to exploitation by the rogue access point; their devices may in many cases connect automatically to the rouge access point without user intervention and with minimal user notification.
It should be noted that protecting the authentication interface in itself does not solve the problem unless the encryption keys derived during authentication are also protected. Take as an example a Wireless Termination Point (WTP) arranged to communicate with an Access Controller (AC) in a typical enterprise IEEE 802.11 communication system deployed by a service provider. The AC may be installed in a secure location and configured to perform IEEE 802.1X authentication using a RADIUS interface that is only accessible within the protected environment. But since the AC sends the encryption keys derived during authentication to the WTP after authentication, and the WTP may be under the control an attacker, the attacker may be enabled to operate a rouge access point even if the attacker is not provided direct access to the RADIUS authentication interface; the rogue access point can still be arranged to connect to the AC through the compromised WTP, impersonating an authorized WTP and tricking a device to connect. Once the device has authenticated with the AC the AC will send the derived encryption keys necessary for communication with the device to the compromised WTP which may forward them to the rogue access point.
Also note that the security threat posed by the above problem is not geographically limited. The compromised WTP and rogue access point may be operatively connected over the Internet, enabling an attacker to target any device that trusts the service provider anywhere in the world.
The mere realization of these two problems, alone or in combination, requires inventive thinking as the problem(s) have previously been unknown and the establishing of a secure connection has in the prior art been thought of as not being possible. This disbelief in a practical solution has been based to a large extent on not understanding the underlying problems, which the inventors of this technology have realized.
The solution is based on not exposing authentication credentials or interfaces to untrusted parties or allowing any encryption key to be transmitted or stored outside a physically and electronically secure location as is discussed in great detail herein. This is a simple solution to a highly complicated problem in a complex communication network providing a functionality which has been thought of not being possible.
The details regarding these problems will be discussed in greater detail in the detailed description as well as further below in this summary.
The technology disclosed herein in contrast has been designed from the ground up for carrier-grade security. User plane data privacy and data integrity is ensured, even when an attacker is in physical control of both the visited AP and the backhaul connection.
One major benefit of the teachings herein is that a strong mutual authentication is enabled and secured as is disclosed below.
Most IEEE 802.11 security protocols ensure strong mutual authentication, i.e. the device is authenticated to the network but the network is also authenticated to the device. This acts as a safeguard against man-in-the-middle attacks in the form of so-called rogue access points.
No chain is however stronger than its weakest link; the authentication mechanism can only ensure that the counterparties have access to the authentication credentials they say they do. Therefore, if the surrounding system exposes the credentials to unauthorized third parties then the authentication is essentially null and void. In a WPA/WPA2 Personal context this means that the passphrase must be protected. In a WPA/WPA2 Enterprise context it means ensuring that no untrusted entity has access to the RADIUS authentication interface
The (software of the) technology disclosed herein goes to great lengths to protect authentication credentials: in the case of WPA/WPA2 Personal the passphrase never leaves the residential gateway or consumer Wi-Fi router and in the case of WPA/WPA2 Enterprise the RADIUS interface only needs to be accessible from the tunnel termination gateway (TTG) which can be physically secured.
In most Wi-Fi systems designed for residential or enterprise use user data is only encrypted over the air, or if it is encrypted over the backhaul connection then the backhaul is protected by a separate encryption tunnel, e.g. IPSec or other VPN. The technology disclosed herein in contrast encrypts the connection end-to-end, all the way from the mobile device to the tunnel termination point (TTP), using the standard IEEE 802.11i AES or TKIP encryption. The encryption keys are derived in the mobile device and at the tunnel termination point (TTP) and are as a rule only available there.
But, every rule has an exception. In order to optimize network traffic flow it is possible to adapt the technology disclosed herein to send the Temporal Key (TK) into the operators network so that Internet-bound traffic can be broken out centrally. For example, if the operator has the capability to remotely update the firmware in the subscriber's home gateway then the subscriber has placed his or her trust in the operator and the privacy and integrity of their communication is protected through other means than purely technical. In this context the Temporal Key (TK) can be transferred from the residential gateway to the operator's network without affecting the nature of the trust relationship between subscriber and operator. On the other hand, the same subscriber can reasonably expect the integrity of their network to be protected even from their operator if they are using a consumer Wi-Fi router. In this case a transfer of the Temporal Key (TK) is not acceptable.
It should be noted that the technology disclosed herein is not an authentication technology; it is a tunneling technology that simply brings raw Wi-Fi radio traffic to where it can be authenticated and decrypted. The security of the technology disclosed herein rests firmly on the tested and proven IEEE 802.11(i) mechanism. There are however some aspects that need careful consideration when employing this mechanism in a different context.
The Internet is much larger than the coverage area of your average Wi-Fi network. Since we expose the IEEE 802.11 stack in the tunnel termination back-end to frames coming in over the network a security defect in this software is much more likely to be exploited and the potential consequences much more severe. We have therefore implemented some security measures intended to harden the IEEE 802.11 subsystem against such attacks.
Firstly, the tunnel termination back-end software will not provide remote access to networks protected with WEP. The technology herein also enables protection against brute force attacks. The tunnel termination back-end will not allow a mobile device to authenticate until it has received an introduction message from the cloud-based matchmaking service. This prevents parallel “port scanning” type attacks. Once the introduction message is received the back-end will only allow the mobile device a certain number of IEEE 802.11i authentication attempts before disconnecting. The back-end may also report such authentication failures to an optional master server, enabling monitoring and detection of potentially compromised and malicious front-ends.
Other features and advantages of the disclosed embodiments will appear from the following detailed disclosure, from the attached dependent claims as well as from the drawings.
Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein.
All references to “a/an/the [element, device, component, means, step, etc]” are to be interpreted openly as referring to at least one instance of the element, device, component, means, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
The invention will be described in further detail under reference to the accompanying drawings in which:
The disclosed embodiments will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Like numbers refer to like elements throughout.
More details on the underlying technology for communication systems such as disclosed herein are to be found in the two international patent applications referenced by WO 2010/0145882 and PCT/EP2011/070586. The terminology of the two applications differs somewhat from the terminology of this application. The master server of the two applications is referred to herein as a master server or matchmaking service. An access point of the two applications is referred to herein as an access point or a radio front-end. A service provider server of the two applications is referred to herein as a tunnel termination back-end. The two international applications are incorporated herein by reference and a reader is invited to study either of the two international applications for further details on how to implement a general communication system as disclosed herein.
With reference to
The network communication apparatus 100 will hereafter be exemplified and described as being a router 100. The router 100 comprises a housing 110 comprising a controller or CPU (not shown) and one or more computer-readable storage mediums (not shown), such as storage units and internal memory. Examples of storage units are disk drives or hard drives. The router 100 further comprises at least one data port 120. Data ports can be wired and/or wireless. An example of a wired data port is an Ethernet port 120a. An example of a wireless data port is a radio frequency based data port 120b based on the IEEE 802.11 standard, that is, a Wi-Fi port. Data ports are configured to enable a terminal 100 to connect with other routers or a server. They are also configured for enabling the router 100 to communicate with one or more mobile communications terminals such as a mobile phone, a computer tablet or a laptop computer. In one embodiment the mobile communications terminal is Wi-Fi enabled. The router 100 may also comprise at least one input unit such as a button 130. Such a button 130 may for example be used to reset the router 100.
The router 200A may comprise a wired interface 220, which is adapted to allow the terminal to communicate with other devices such a server for a service provider. Examples of such wired technologies are USB, Ethernet, Local Area Network, TCP/IP (Transport Control Protocol/Internet Protocol) to name a few.
The router 200A further comprises a radio frequency interface 230, which is adapted to allow the terminal to communicate with other devices through a radio frequency band through the use of different radio frequency technologies. Examples of such technologies are Wi-Fi, Bluetooth®, W-CDMA, GSM, UTRAN, LTE, and NMT to name a few. It should be noted that for the purpose of this application the evolving communication standard commonly referred to as White-Fi is considered to be equivalent to the Wi-Fi in its operation and the teachings offered herein in relation to Wi-Fi and the IEEE 802.11 standard also extend to the White-Fi standard.
In order for the router 100 to function as a radio front-end the RF interface 230 should have a Wi-Fi chipset should have a software defined IEEE 802.11 Media Access Control (MAC) layer and support for multiple BSSIDs. The Wi-Fi driver should also support a low level interface so that the technology disclosed herein can send and receive raw encrypted IEEE 802.11 frames.
The master server 200B comprises a wired interface 220, which is adapted to allow the terminal to communicate with other devices such a server for a service provider. Examples of such wired technologies are USB, Ethernet, Local Area Network, TCP/IP (Transport Control Protocol/Internet Protocol) to name a few.
The master server 200B may further comprise an interface 230 which is adapted to allow the terminal to communicate with other devices, such as network communication devices and other master servers or other network devices or other communication networks, through a radio frequency band through the use of different radio frequency technologies. Examples of such technologies are Wi-Fi, Bluetooth®, W-CDMA, GSM, UTRAN, LTE, and NMT to name a few.
The instructions 31 may also be downloaded to a computer data reading device 100, such as a router as the router 100 of
The instructions may be stored in a memory (not shown explicitly in
In this manner the router 100 may be updated with new instructions and enabled for an updated operation. Both the software and/or the firmware may thus be updated remotely.
References to computer program, instructions, code etc. should be understood to encompass software for a programmable processor or firmware such as, for example, the programmable content of a hardware device whether instructions for a processor, or configuration settings for a fixed-function device, gate array or programmable logic device etc.
To enable a router 100 for operation as a front-end 100A according to the technology herein public access point vendors only need to integrate the radio front-end software.
To enable a router 100 for operation as a back-end 100B according to the technology herein residential gateway vendors should integrate both the radio front-end and the tunnel termination back-end software.
To enable a consumer Wi-Fi router 100 for operation according to the technology herein router vendors should integrate both the radio front-end and the tunnel termination back-end software.
A tunnel termination gateway, as the name implies, should only support tunnel termination back-end functionality. The configuration interface needs to allow adjustment of the standard Wi-Fi network settings, e.g. SSID, security mechanism, encryption algorithms and RADIUS servers. The interface should also allow the operator to specify an Account that the resulting Service should be associated with.
It should be noted that the embodiments relating to a communications network as disclosed with reference to
One example of how to establish a data connection, over which 802.11 encrypted data can be transferred, without a master server is to store the Fully Qualified Domain Name (FQDN) of the back-end network communications device 100B in the memory 240 of a router 210 when manufactured. Said router can resolve the IP address associated with the FQDN using DNS and function as a front-end network communications device 100A by independently connecting to said back-end network communications device 100B. The FQDN can also be stored in the memory of the router 210 after it has been deployed using a remote configuration protocol such as TR-069 or SNMP. The FQDN of a plurality of front-end network communications devices 100A may similarly be stored in the memory of a tunnel termination gateway
In such a system, as exemplified in
The terminology used herein denotes encryption keys to include any encryption key involved in the IEEE802.11 handshake process. And the key derivation to include any derivation of an encryption key involved in an IEEE 802.11 security mechanism.
The 802.11 authentication protocol data is meant to include any authentication protocol data involved in an IEEE 802.11 authentication.
In one embodiment the IEEE 802.11 stack is partitioned into three parts: a radio front-end, such as the front-end access point 100 of
The radio front-end 100A, such as the AP 100A of
The radio front-end 100A handles the low level real-time critical aspects of the IEEE 802.11 protocol, e.g. sending acknowledgement frames and transmitting periodic beacons. The higher level MLME (Media Access Control (MAC) Sublayer Management Entity) and data frames are instead encapsulated in UDP/IP (User Datagram Protocol/Internet Protocol) datagrams and forwarded to the relevant tunnel termination back-end 100B. In this sense the front-end functions as a “dumb” radio; it simply forwards (often encrypted) IEEE 802.11 radio frames between its wired network interface and the Wi-Fi radio.
Adding radio front-end functionality to a public access point or residential gateway may be achieved through a remote firmware or software update as has been disclosed in relation to
A tunnel termination back-end 100B functions almost exactly like a Wi-Fi access point, with one important difference: instead of sending and receiving IEEE 802.11 frames over a local radio it sends and receives them on its wired network interface, encapsulated in UDP/IP datagrams. The IEEE 802.11 frames may be sent through a data tunnel 430 as disclosed in relation to
The back-end 100B performs all the higher level functions of the IEEE 802.11 stack including authentication and encryption. This architecture is essential for ensuring the security model according to technology disclosed herein.
The tunnel termination software according to the technology disclosed herein can be deployed in a residential gateway as a remote firmware or software update or pre-installed in consumer Wi-Fi routers. Once the software or firmware is installed it will allow mobile devices and other mobile communications terminals to connect to the local Wi-Fi network remotely, through any radio front-end. The software can also be integrated in special purpose tunnel termination gateways.
The cloud-based matchmaking service or server 410 coordinates radio front-ends 100A and tunnel termination back-ends 100B and connects them to form complete IEEE 802.11 stacks on demand. More details on how such a stack is formed can be found in the incorporated applications, namely WO 2010/0145882 and PCT/EP2011/070586.
It communicates with front-ends 100A and back-ends 100B with a lightweight UDP/IP based protocol in many ways similar to DNS (Domain Name System).
As can be seen in
In an example an explanation of the operation of the system will be given by a step-by-step description of a complete use-case which will show how the parts fit together.
For the purposes of this walkthrough imagine you are a fixed-line broadband subscriber and your ISP (Internet Service Provider) has provided you with a Wi-Fi equipped residential gateway containing and configured to operate according to the technology disclosed herein.
When the user's residential gateway starts up the embedded tunnel termination back-end software will send a registration message to the cloud-based matchmaking service containing a UUID identifying the user's home Wi-Fi network and a template that can be used to generate an IEEE 802.11 beacon frame for this network. If this is the first time the matchmaking service receives a registration message from the user's gateway it will create a Service instance to represent the user's network. It will also store the beacon template and make note of the source IP address and UDP port number of the registration message.
In one use case the first time a new device, such as a mobile communications terminal 420, is connected to the residential gateway a Bind message containing the MAC address of the device is sent to the cloud-based matchmaking service. More details are disclosed in the published and incorporated application PCT/EP2011/070586.
When a user connects a new device 420 to his home Wi-Fi network through his residential gateway 100B for the first time the tunnel termination back-end software will send another message, a Bind message, to the cloud-based matchmaking service, this time containing the MAC address of your device and the UUID identifying your home Wi-Fi network. See
The matchmaking service uses this information to create a new Client representing the user's device and a Binding encoding the user's device's preference for the user's home Wi-Fi network. The front-end 100A sends a Match message containing the MAC address of the front-end 100A. The matchmaking service 410 introduces the front-end 100A to a back-end 100B with an introduction message, containing an IP address and a port. A response message is then sent to the front-end 100A to enable a data tunnel to be established. See
When a probe request originating from that MAC address is detected elsewhere in the network the cloud-based matchmaking service will introduce the radio front-end 100A to the relevant tunnel termination back-end 100B.
Now whenever a user comes close to a radio front-end 100A, be it a public access point, residential gateway or consumer Wi-Fi router, his mobile device will automatically connect to the user's home Wi-Fi exactly as if he was at home. To accomplish this feat the radio front-end 100A must connect to the tunnel termination back-end 100B in the user's home gateway to form a complete IEEE 802.11 stack, and the resulting Wi-Fi network must from the user's device's point of view be indistinguishable from his regular home Wi-Fi. Due to the inventive reasoning made by the inventors this can be performed in a fast and efficient manner, and so quickly that the device doesn't even notice.
Once the introduction has been made encrypted Wi-Fi over IP traffic flows directly between the client device 420 and the tunnel termination back-end 100B, using the radio front-end 100A as the wireless termination point. See
The control plane (see
The embodiment(s) disclosed herein and associated protocols have been carefully designed to only allocate resources when they are actually needed. It will then set up a beacon and answer probe requests based on the beacon template provided by the matchmaking service.
At this point the Wi-Fi over IP tunnel to the tunnel termination back-end is not yet established—tunnel setup is deferred until the device attempts to associate with the Wi-Fi network. Resource de-allocation follows a similar early release scheme.
This just-in-time resource allocation scheme ensures that tunnel termination back-end load scales with the number of mobile devices served, and not with the number of radio front-ends 100A in the network. This is of course an essential requirement for the monetization and exchange platform since this open marketplace lets every radio front-end in the world stand ready to provide access to each and every tunnel termination back-end 100B.
When a mobile device re-associates to the network the matchmaking service 410 will introduce the radio front-end 100A to a tunnel termination back-end 100B running on another tunnel termination gateway 430. The end result is a glitch in connectivity that lasts less than a minute and only affects the STAs that were served by the failing tunnel termination gateway. A STA is a terminology commonly used in the IEEE802.11 standard and is used in this context to describe a station such as a mobile communications terminal.
NAT (Network Address Translation) traversal may be used as part of the design. Both the radio front-end software and the tunnel termination back-end software can be deployed behind NAT with so-called cone properties.
A user data plane connects a radio front-end 100A to a tunnel termination back-end 100B through a Wi-Fi over IP tunnel 430. Wi-Fi over IP relates to a specific implementation: IEEE 802.11 frames coming in on the radio are encapsulated in a thin UDP/IP header and sent out over a network backhaul (not shown explicitly, but well-known to a skilled person). In the opposite direction UDP/IP packets coming in over the backhaul connection carry IEEE 802.11 frames ready to be sent out over the radio interface.
When the tunnel termination software runs on a residential gateway or consumer Wi-Fi router the standard IEEE 802.11i 4-way handshake goes all the way from the mobile device to the user's home, where the device is authenticated using the passphrase stored in the tunnel termination point (TTP). Since this passphrase was entered into the device (or transferred to the device using Wi-Fi Protected Setup) when it was first connected to the Wi-Fi network no user interaction is necessary for authentication, not even the first time a device connects through a Wi-Fi over IP tunnel, ensuring what we refer to as ZERO sign-on, which name indicates one of the benefits of this embodiment. Also, since the passphrase is only available in the mobile device and at the tunnel termination point (TTP) the mutual authentication property of the WPA-PSK security mechanism ensures that the end-user is in fact connected to their own network, and not to a rogue access point. This is an important benefit of this technology and also a solution to the problems as discussed in relation to the background prior art, see
When the tunnel termination software runs on a tunnel termination gateway the standard WPA/WPA2 4-way handshake goes all the way from the mobile device to the tunnel termination gateway where the IEEE 802.1X authenticator can verify the identity of the subscriber using an EAP based security mechanism. This mechanism can be EAP-SIM, EAP-AKA, EAP-AKA′ or any other mechanism supported by the AAA-server. Note that with this architecture the RADIUS interface is only used to connect the tunnel termination gateway to the AAA-server within a trusted network environment. This combined with the mutual authentication property of the security mechanism ensures that the end-user is in fact connected to their operator's network, and not to a rogue access point. This is an important benefit of this technology and also a solution to the problems as discussed in relation to the background prior art, see
Since the 4-way handshake runs all the way from the mobile device to the tunnel termination back-end the encryption keys are also derived only in these two places. This architecture ensures user data integrity and data confidentiality end-to-end, all the way from the mobile device to the tunnel termination back-end thereby providing an improved security.
Handover from WTP to WTP is handled through the standard IEEE 802.11 mechanism, i.e. the mobile device periodically scans for new access points.
The technology disclosed herein architecture where mobile data is always tunneled through a tunnel termination back-end aligns perfectly with the standard IEEE 802.11 mobility mechanism. Layer 2 connectivity is preserved during handover and Layer 3 connections are therefore unaffected. Since the IEEE 802.1X authenticator runs in the tunnel termination back-end the implementation of key caching and fast handover is greatly facilitated.
When a Wi-Fi over IP tunnel is terminated in on broadband subscriber's premises data needs to traverse the subscriber's home broadband connection twice. The reason is that the cryptographic key needed to encrypt and decrypt IEEE 802.11 frames to and from a mobile device is only available in the back-end portion of the IEEE 802.11 stack in the subscribers own residential gateway or Wi-Fi router. This has strong benefits from a security point of view but may have some drawbacks from a traffic engineering perspective.
With most access network technologies this roundtrip to the subscriber's premises is all things considered acceptable, but there may be cases where the incentives to avoid the roundtrip are significant. For example, digital subscriber line technologies (xDSL) may constrain throughput in the uplink to less than 1 Mbps and since encrypted IEEE 802.11 frames destined for a mobile device will need to traverse the uplink this will limit the downstream throughput. Perhaps even more pressingly, in DOCSIS based access networks the total aggregate uplink capacity of a cable plant can be relatively low, and increasing this uplink capacity is already a major cost burden for operators.
This problem is solved by relaxing the security model in a careful and controlled manner. A novel network element, the Optimizer, is inserted in the communication path between the radio front-end and tunnel termination back-end. The Temporal Key (TK) used to encrypt and decrypt Unicast IEEE 802.11 data frames to and from the mobile device can then be transferred to the Optimizer and Internet-bound traffic can be broken out there.
Consider for instance the case where a DOCSIS operator has integrated the technology disclosed herein in cable modems and is operating its own matchmaking service. The end-subscriber can be assumed to trust the operator since the residential gateway firmware is operator managed. It would therefore be acceptable for the tunnel termination back-end software in the residential gateway to transfer the Temporal Key (TK) to the operator controlled matchmaking service. The key can then be further transferred to the Optimizer which is also under the operator's control.
The optimizer 440 can also be used in a mobile Wi-Fi offload scenario to selectively terminate some of the mobile traffic in the fixed-line network edge while terminating other traffic in the mobile core. The optimizer 440 is then integrated in the fixed-line network edge while the tunnel termination back-end is implemented in a tunnel termination gateway installed in the mobile core.
The tunnel termination back-end portion of an embodiment disclosed herein implements a number of mechanisms that can be used to create advanced mobile Wi-Fi services. These are briefly outlined here.
The technology herein has been devised to protect the primary function of the residential gateway, i.e the fixed-line subscriber's use of the connection. A radio front-end software component according to the technology disclosed herein carefully monitors the fixed-line subscriber's use of both backhaul and radio resources. When there is a risk that a mobile user may in any way impact the primary function the mobile user will be throttled, both in the downstream and upstream direction, to prevent such impact.
The normal home Wi-Fi user experience is well-known to a skilled person. The technology disclosed herein lets an operator provide that exact same user experience outside the home, whenever the subscriber is close to any one of the operator's residential gateways. The user experience is exactly like at home; open a laptop or take the key lock off a phone and it will automatically connect. Note that there is no software to install on the device, no manual registration process and no username or password to remember. Yet the connection is completely secure, protected end-to-end with the standard WPA/WPA2 Personal security mechanism.
A number of benefits follow from utilizing the technology herein and translate into a superior user experience, as well as a scalable and economical solution for the operator.
No client-side software—the subscriber does not need to install any additional software on their device, or anywhere else.
Strong mutual authentication—the device is of course authenticated to the network, but the network is also authenticated to the device. The subscriber can be sure that they are in fact connected to their own home Wi-Fi network (through a Wi-Fi over IP tunnel) and not to a rogue access point.
End-to-end encryption—the Wi-Fi encryption protects the communication end-to-end, all the way from the device to the subscriber's own residential gateway. Even if an attacker is in physical control of the local access point (which is usually another subscriber's residential gateway) they cannot eavesdrop on or modify the communication. The IEEE 802.11i encryption protects the data plane end-to-end, all the way from the mobile device to the tunnel termination gateway (TTG). Data integrity and confidentiality is ensured in the transport layer and even physically insecure access points such as residential gateways can be integrated into the mobile core as a “trusted non-3GPP access” (3GPP TS 33.402). The subscriber will notice a seamless user experience on more devices (since no I-WLAN or similar client software is necessary) and improved battery life (since encryption and decryption on the mobile device is done in dedicated hardware as part of the Wi-Fi chipset).
Full mobility with fast handover—since Wi-Fi over IP tunnels are always terminated at the same place devices stay connected to the same Layer 2 network when roaming from one visited gateway to another. This means that handovers are completely seamless and that traffic traceability and other regulatory requirements are met. It also means that encryption keys derived using EAP-SIM or AKA can be cached in one secure place and reused, ensuring fast handover and reduced load on the operator's authentication infrastructure.
Infinite scalability—the Wi-Fi over IP tunnels are peer-to-peer and neither data nor signaling traffic passes through any central location. In effect you are leveraging an immense distributed system to handle tunnel termination and authentication; all the CPUs in your entire installed base of residential gateways. Also, access points do not connect to the tunnel termination gateway (TTG) until a mobile device is ready to use the service. The architecture therefore scales with the number of mobile devices, and not with the number of access points. Load balancing between tunnel termination gateways ensures scalability up to hundreds of millions of mobile devices and the REST Web Service Interface can be leveraged to select for offload only those devices that will benefit the most.
Many consumer Wi-Fi routers and most corporate WLAN systems come with a guest access solution, usually implemented as an insecure open network with a separate SSID. The technology disclosed herein makes it possible to also provide guests with remote access to their own secure Wi-Fi networks, through a Wi-Fi over IP tunnel. In a corporate environment this functionality can be used e.g. to provide employees access to their own home Wi-Fi, easing the load on IT support for providing Internet access when employees bring their own devices into the workplace. When combined with the monetization and exchange platform it can also be used to let mobile operators offload data onto a corporate WLAN, using only spare radio spectrum and backhaul. In a residential setting the technology can be used to provide employees with remote access to the corporate WLAN network. A consumer Wi-Fi router can easily be configured to connect to a tunnel termination gateway installed in a corporate data center by simply associating them with the same Account. The result is a virtual Remote Access Point (vRAP), providing seamless and secure access to the corporate WLAN from the home.
An operator with the technology disclosed herein integrated in residential gateways could provide the same virtual Remote Access Point (vRAP) functionality as a service, by simply issuing a directed Sell Order through the REST Web Service Interface.
The invention has mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the invention, as defined by the appended patent claims.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/EP2013/057841 | 4/15/2013 | WO | 00 |
| Number | Date | Country | |
|---|---|---|---|
| 61686836 | Apr 2012 | US |
