The present application relates to wireless communications, including techniques for wireless communication among wireless stations and/or access points in a wireless networking system.
Wireless communication systems are rapidly growing in usage. Further, wireless communication technology has evolved from voice-only communications to also include the transmission of data, such as Internet and multimedia content. A popular short/intermediate range wireless communication standard is wireless local area network (WLAN). Most modern WLANs are based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard (and/or 802.11, for short) and are marketed under the Wi-Fi brand name. WLAN networks link one or more devices to a wireless access point, which in turn provides connectivity to the wider area Internet.
In 802.11 systems, devices that wirelessly connect to each other are referred to as “stations”, “mobile stations”, “user devices”, “user equipment”, or STA or UE for short. Wireless stations can be either wireless access points or wireless clients (and/or mobile stations). Access points (APs), which are also referred to as wireless routers, act as base stations for the wireless network. APs transmit and receive radio frequency signals for communication with wireless client devices. APs can also couple to the Internet in a wired and/or wireless fashion. Wireless clients operating on an 802.11 network can be any of various devices such as laptops, tablet devices, smart phones, smart watches, or fixed devices such as desktop computers. Wireless client devices are referred to herein as user equipment (and/or UE for short). Some wireless client devices are also collectively referred to herein as mobile devices or mobile stations (although, as noted above, wireless client devices overall can be stationary devices as well).
Mobile electronic devices can take the form of smart phones or tablets that a user typically carries. Wearable devices (also referred to as accessory devices) are a newer form of mobile electronic device, one example being smart watches. Additionally, low-cost low-complexity wireless devices intended for stationary or nomadic deployment are also proliferating as part of the developing “Internet of Things”. In other words, there is an increasingly wide range of desired device complexities, capabilities, traffic patterns, and other characteristics.
Some WLANs can utilize multi-link operation (MLO), e.g., using a plurality of channels (e.g., links) concurrently. APs and/or STAs capable of MLO can be referred to as multi-link devices (MLD). For example, APs capable of MLO can be referred to as AP-MLDs and STAs capable of MLO that are not acting as APs can be referred to as non-AP MLDs. Improvements in the field are desired.
Embodiments described herein relate to systems, methods, apparatuses, and mechanisms for enhanced integrity protection in wireless networking systems.
In some embodiments, a station (STA) can receive, from an access point (AP), an integrity protection (IP) capability request and transmit an IP capability response to the AP. The STA can receive, from the AP, one or more downlink (DL) frames comprising at least one adjusted parameter field of a plurality of parameter fields. The STA can verify, based on at least one value of the adjusted parameter field or one or more parameter fields of the plurality of parameter fields, that the one or more DL frames have been correctly received from the AP.
According to some embodiments, the one or more DL frames can include a Header Message Integrity Check (MIC) field and Frame Number (FN) field. Additionally or alternatively, as part of verifying that the one or more DL frames have been correctly received from the AP, the method can further include performing an integrity checksum calculation using the Header MIC field.
In some embodiments, the one or more DL frames can be associated with a group address and the method can further include receiving, from the AP, a Headers MIC value associated with a group key. Additionally, the method can include determining, as part of verifying that the one or more DL frames have been correctly received from the AP, that the Header MIC value associated with the group key matches a value of the Headers MIC field.
According to some embodiments, the plurality of parameter fields can include at least one address and the method can further include determining, based on a comparison of the at least one address to an address of the STA whether or not the STA is an intended recipient of the one or more DL frames or whether or not the AP is a correct transmitter of the one or more DL frames.
In some instances, the one or more DL frames can be a trigger frame or a block acknowledgement (BA) frame. In some embodiments, at least one of the plurality of parameter fields can be adjusted to a value of zero. Additionally or alternatively, a value of one of the plurality of parameter fields can be increased by one.
In other embodiments, an apparatus can include at least one processor configured to cause an access point (AP) to receive, from a station (STA), an integrity protection (IP) capability request. The at least one processor can be further configured to cause the AP to transmit, to the STA, an IP capability response indicating that the AP supports one or more IP capabilities. The at least one processor can be further configured to cause the AP to receive, from the STA, one or more uplink (UL) frames, wherein the one or more UL frames comprise at least one adjusted parameter field of a plurality of parameter fields. Additionally or alternatively, the at least one processor can be further configured to cause the AP to verify, based on at least one value of the adjusted parameter field or one or more parameter fields of the plurality of parameter fields, that the one or more UL frames have been correctly received from the STA.
In some embodiments, as part of verifying that the one or more UL frames have been correctly received from the STA, the at least one processor can be further configured to cause the AP to determine, based on a value of a Power Management (PM) field of the one or more UL frames, that the AP is an intended recipient of the one or more UL frames transmitted from the STA. Furthermore, the at least one adjusted parameter field of the plurality of parameter fields can be adjusted to a value of zero or increased by a value of one.
In some embodiments, the one or more UL frames can be quality of service (QOS) null frames which can include a Protected Medium Access Control (MAC) Header field and a High Throughput (HT) Control field. Additionally or alternatively, the one or more QoS null frames can further include a Header Message Integrity Check (MIC) field and a Frame Number (FN) field. Furthermore, the Header MIC field can allow for an integrity checksum to be calculated by the AP to verify that the one or more QoS null frames have been correctly received by the STA.
In some embodiments, an access point (non-AP) can include a radio and a processor operably coupled to the radio and configured to cause the AP to transmit, to a non-access point (non-AP), an integrity protection (IP) capability request. The processor can be further configured to cause the AP to receive an IP capability response from the non-AP and adjust, based at least in part on the non-AP supporting one or more IP capabilities, a value of at least one parameter field of one or more downlink (DL) frames. The processor can be further configured to cause the AP to transmit, to the non-AP, the one or more DL frames, wherein the at least one parameter field is adjusted to provide IP to the one or more DL frames.
According to some embodiments, the one or more DL frames can be beacons transmitted during one or more beacon periods. Additionally or alternatively, the beacons can include one or more beacon integrity protection number (BIPNs) and values of the one or more BIPNs can be respectively increased by one for beacons transmitted subsequent to a first beacon period. Furthermore, the one or more BIPNs and one or more respective frame numbers (FNs) can be included in one or more respective physical packet data unit (PPDUs), wherein the one or more BIPNs can be six octets in length, and wherein the one or more respective FNs can be one, two, or three octets in length.
This Summary is intended to provide a brief overview of some of the subject matter described in this document. Accordingly, it will be appreciated that the above-described features are merely examples and should not be construed to narrow the scope or spirit of the subject matter described herein in any way. Other features, aspects, and advantages of the subject matter described herein will become apparent from the following Detailed Description, Figures, and Claims.
A better understanding of the present subject matter can be obtained when the following detailed description of the embodiments is considered in conjunction with the following drawings.
While the features described herein are susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and are herein described in detail. It should be understood, however, that the drawings and detailed description thereto are not intended to be limiting to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope of the subject matter as defined by the appended claims.
Various acronyms are used throughout the present application. Definitions of the most prominently used acronyms that can appear throughout the present application are provided below:
The following is a glossary of terms used in this disclosure:
Memory Medium—Any of various types of non-transitory memory devices or storage devices. The term “memory medium” is intended to include an installation medium, e.g., a CD-ROM, floppy disks, or tape device; a computer system memory or random access memory such as DRAM, DDR RAM, SRAM, EDO RAM, Rambus RAM, etc.; a non-volatile memory such as a Flash, magnetic media, e.g., a hard drive, or optical storage; registers, or other similar types of memory elements, etc. The memory medium can include other types of non-transitory memory as well or combinations thereof. In addition, the memory medium can be located in a first computer system in which the programs are executed, or can be located in a second different computer system which connects to the first computer system over a network, such as the Internet. In the latter instance, the second computer system can provide program instructions to the first computer for execution. The term “memory medium” can include two or more memory mediums which can reside in different locations, e.g., in different computer systems that are connected over a network. The memory medium can store program instructions (e.g., embodied as computer programs) that can be executed by one or more processors.
Carrier Medium—a memory medium as described above, as well as a physical transmission medium, such as a bus, network, and/or other physical transmission medium that conveys signals such as electrical, electromagnetic, or digital signals.
Computer System—any of various types of computing or processing systems, including a personal computer system (PC), mainframe computer system, workstation, network appliance, Internet appliance, personal digital assistant (PDA), television system, grid computing system, or other device or combinations of devices. In general, the term “computer system” can be broadly defined to encompass any device (and/or combination of devices) having at least one processor that executes instructions from a memory medium.
Mobile Device (and/or Mobile Station)—any of various types of computer systems devices which are mobile or portable and which performs wireless communications using WLAN communication. Examples of mobile devices include mobile telephones or smart phones (e.g., iPhone™, Android™-based phones), and tablet computers such as iPad™, Samsung Galaxy™, etc. Various other types of devices would fall into this category if they include Wi-Fi or both cellular and Wi-Fi communication capabilities, such as laptop computers (e.g., MacBook™), portable gaming devices (e.g., Nintendo DS™, PlayStation Portable™, Gameboy Advance™, iPhone™), portable Internet devices, and other handheld devices, as well as wearable devices such as smart watches, smart glasses, headphones, pendants, earpieces, etc. In general, the term “mobile device” can be broadly defined to encompass any electronic, computing, and/or telecommunications device (and/or combination of devices) which is easily transported by a user and capable of wireless communication using WLAN or Wi-Fi.
Wireless Device (and/or Wireless Station)—any of various types of computer systems devices which performs wireless communications using WLAN communications. As used herein, the term “wireless device” can refer to a mobile device, as defined above, or to a stationary device, such as a stationary wireless client or a wireless base station. For example, a wireless device can be any type of wireless station of an 802.11 system, such as an access point (AP) or a client station (STA or UE). Further examples include televisions, media players (e.g., AppleTV™, Roku™, Amazon FireTV™, Google Chromecast™, etc.), refrigerators, laundry machines, thermostats, and so forth.
WLAN—The term “WLAN” has the full breadth of its ordinary meaning, and at least includes a wireless communication network or RAT that is serviced by WLAN access points and which provides connectivity through these access points to the Internet. Most modern WLANs are based on IEEE 802.11 standards and are marketed under the name “Wi-Fi”. A WLAN network is different from a cellular network.
Processing Element—refers to various implementations of digital circuitry that perform a function in a computer system. Additionally, processing element can refer to various implementations of analog or mixed-signal (combination of analog and digital) circuitry that perform a function (and/or functions) in a computer or computer system. Processing elements include, for example, circuits such as an integrated circuit (IC), ASIC (Application Specific Integrated Circuit), portions or circuits of individual processor cores, entire processor cores, individual processors, programmable hardware devices such as a field programmable gate array (FPGA), and/or larger portions of systems that include multiple processors.
Automatically—refers to an action or operation performed by a computer system (e.g., software executed by the computer system) or device (e.g., circuitry, programmable hardware elements, ASICs, etc.), without user input directly specifying or performing the action or operation. Thus, the term “automatically” is in contrast to an operation being manually performed or specified by the user, where the user provides input to directly perform the operation. An automatic procedure can be initiated by input provided by the user, but the subsequent actions that are performed “automatically” are not specified by the user, e.g., are not performed “manually”, where the user specifies each action to perform. For example, a user filling out an electronic form by selecting each field and providing input specifying information (e.g., by typing information, selecting check boxes, radio selections, etc.) is filling out the form manually, even though the computer system must update the form in response to the user actions. The form can be automatically filled out by the computer system where the computer system (e.g., software executing on the computer system) analyzes the fields of the form and fills in the form without any user input specifying the answers to the fields. As indicated above, the user can invoke the automatic filling of the form, but is not involved in the actual filling of the form (e.g., the user is not manually specifying answers to fields but rather they are being automatically completed). The present specification provides various examples of operations being automatically performed in response to actions the user has taken.
Concurrent—refers to parallel execution or performance, where tasks, processes, signaling, messaging, or programs are performed in an at least partially overlapping manner. For example, concurrency can be implemented using “strong” or strict parallelism, where tasks are performed (at least partially) in parallel on respective computational elements, or using “weak parallelism”, where the tasks are performed in an interleaved manner, e.g., by time multiplexing of execution threads.
Configured to—Various components can be described as “configured to” perform a task or tasks. In such contexts, “configured to” is a broad recitation generally meaning “having structure that” performs the task or tasks during operation. As such, the component can be configured to perform the task even when the component is not currently performing that task (e.g., a set of electrical conductors can be configured to electrically connect a module to another module, even when the two modules are not connected). In some contexts, “configured to” can be a broad recitation of structure generally meaning “having circuitry that” performs the task or tasks during operation. As such, the component can be configured to perform the task even when the component is not currently on. In general, the circuitry that forms the structure corresponding to “configured to” can include hardware circuits.
Various components can be described as performing a task or tasks, for convenience in the description. Such descriptions should be interpreted as including the phrase “configured to.” Reciting a component that is configured to perform one or more tasks is expressly intended not to invoke 35 U.S.C. § 112(f) interpretation for that component.
As shown, the exemplary wireless communication system includes a (“first”) wireless device 102 in communication with another (“second”) wireless device. The first wireless device 102 and the second wireless device 104 can communicate wirelessly using any of a variety of wireless communication techniques, potentially including ranging wireless communication techniques.
As one possibility, the first wireless device 102 and the second wireless device 104 can perform ranging using wireless local area networking (WLAN) communication technology (e.g., IEEE 802.11/Wi-Fi based communication) and/or techniques based on WLAN wireless communication. One or both of the wireless device 102 and the wireless device 104 can also be capable of communicating via one or more additional wireless communication protocols, such as any of Bluetooth (BT), Bluetooth Low Energy (BLE), near field communication (NFC), LTE, LTE-Advanced (LTE-A), NR, GPS, ultra-wideband (UWB), etc.
The wireless devices 102 and 104 can be any of a variety of types of wireless device. As one possibility, one or more of the wireless devices 102 and/or 104 can be a substantially portable wireless user equipment (UE) device, such as a smart phone, hand-held device, a wearable device such as a smart watch, a tablet, a motor vehicle, or virtually any type of wireless device. As another possibility, one or more of the wireless devices 102 and/or 104 can be a substantially stationary device, such as a set top box, media player (e.g., an audio or audiovisual device), gaming console, desktop computer, appliance, door, access point, base station, or any of a variety of other types of devices.
Each of the wireless devices 102 and 104 can include wireless communication circuitry configured to facilitate the performance of wireless communication, which can include various digital and/or analog radio frequency (RF) components, a processor that is configured to execute program instructions stored in memory, a programmable hardware element such as a field-programmable gate array (FPGA), and/or any of various other components. The wireless device 102 and/or the wireless device 104 can perform any of the method embodiments described herein, or any portion of any of the method embodiments described herein, using any or all of such components.
Each of the wireless devices 102 and 104 can include one or more antennas for communicating using one or more wireless communication protocols. In some cases, one or more parts of a receive and/or transmit chain can be shared between multiple wireless communication standards; for example, a device might be configured to communicate using either of Bluetooth or Wi-Fi using partially or entirely shared wireless communication circuitry (e.g., using a shared radio or at least shared radio components). The shared communication circuitry can include a single antenna, or can include multiple antennas (e.g., for MIMO) for performing wireless communications. Alternatively, a device can include separate transmit and/or receive chains (e.g., including separate antennas and other radio components) for each wireless communication protocol with which it is configured to communicate. As a further possibility, a device can include one or more radios or radio components which are shared between multiple wireless communication protocols, and one or more radios or radio components which are used exclusively by a single wireless communication protocol. For example, a device might include a shared radio for communicating using one or more of LTE, and/or 5G NR, and separate radios for communicating using each of Wi-Fi and Bluetooth. Other configurations are also possible.
As previously noted, aspects of this disclosure can be implemented in conjunction with the wireless communication system of
As shown, the device 100 can include a processing element 101. The processing element can include or be coupled to one or more memory elements. For example, the device 100 can include one or more memory media (e.g., memory 105), which can include any of a variety of types of memory and can serve any of a variety of functions. For example, memory 105 could be RAM serving as a system memory for processing element 101. Other types and functions are also possible.
Additionally, the device 100 can include wireless communication circuitry 130. The wireless communication circuitry can include any of a variety of communication elements (e.g., antenna(s) for wireless communication, analog and/or digital communication circuitry/controllers, etc.) and can enable the device to wirelessly communicate using one or more wireless communication protocols.
Note that in some cases, the wireless communication circuitry 130 can include its own processing element (e.g., a baseband processor), e.g., in addition to the processing element 101. For example, the processing element 101 can be an ‘application processor’ whose primary function can be to support application layer operations in the device 100, while the wireless communication circuitry 130 can be a ‘baseband processor’ whose primary function can be to support baseband layer operations (e.g., to facilitate wireless communication between the device 100 and other devices) in the device 100. In other words, in some cases the device 100 can include multiple processing elements (e.g., can be a multi-processor device). Other configurations (e.g., instead of or in addition to an application processor/baseband processor configuration) utilizing a multi-processor architecture are also possible.
The device 100 can additionally include any of a variety of other components (not shown) for implementing device functionality, depending on the intended functionality of the device 100, which can include further processing and/or memory elements (e.g., audio processing circuitry), one or more power supply elements (which can rely on battery power and/or an external power source) user interface elements (e.g., display, speaker, microphone, camera, keyboard, mouse, touchscreen, etc.), and/or any of various other components.
The components of the device 100, such as processing element 101, memory 105, and wireless communication circuitry 130, can be operatively coupled via one or more interconnection interfaces, which can include any of a variety of types of interfaces, possibly including a combination of multiple types of interface. As one example, a USB high-speed inter-chip (HSIC) interface can be provided for inter-chip communications between processing elements. Alternatively (and/or in addition), a universal asynchronous receiver transmitter (UART) interface, a serial peripheral interface (SPI), inter-integrated circuit (I2C), system management bus (SMBus), and/or any of a variety of other communication interfaces can be used for communications between various device components. Other types of interfaces (e.g., intra-chip interfaces for communication within processing element 101, peripheral interfaces for communication with peripheral components within or external to device 100, etc.) can also be provided as part of device 100.
Further, in some embodiments, a wireless device 106 (which can be an exemplary implementation of device 100) can be configured to perform methods for robust discovery of a new access point (AP) in AP MLD, robust link addition to an AP MLD association, AP beaconing modes when the AP is added or deleted to/from an AP MLD, and robust BSS transition management (BTM) signaling to steer a non-AP MLD to a best AP MLD and to most suitable APs, as well as privacy improvements for associated non-AP MLD.
The AP 112 can include at least one network port 270. The network port 270 can be configured to couple to a wired network and provide a plurality of devices, such as mobile devices 106, access to the Internet. For example, the network port 270 (and/or an additional network port) can be configured to couple to a local network, such as a home network or an enterprise network. For example, port 270 can be an Ethernet port. The local network can provide connectivity to additional networks, such as the Internet.
The AP 112 can include at least one antenna 234, which can be configured to operate as a wireless transceiver and can be further configured to communicate with mobile device 106 via wireless communication circuitry 230. The antenna 234 communicates with the wireless communication circuitry 230 via communication chain 232. Communication chain 232 can include one or more receive chains, one or more transmit chains or both. The wireless communication circuitry 230 can be configured to communicate via Wi-Fi or WLAN, e.g., 802.11. The wireless communication circuitry 230 can also, or alternatively, be configured to communicate via various other wireless communication technologies, including, but not limited to, Long-Term Evolution (LTE), LTE Advanced (LTE-A), UWB, etc., for example when the AP is co-located with a base station in case of a small cell, or in other instances when it can be desirable for the AP 112 to communicate via various different wireless communication technologies.
Further, in some embodiments, as further described below, AP 112 can be configured to perform methods for robust discovery of a new access point (AP) in AP MLD, robust link addition to an AP MLD association, AP beaconing modes when the AP is added or deleted to/from an AP MLD, and robust BSS transition management (BTM) signaling to steer a non-AP MLD to a best AP MLD and to most suitable APs, as well as privacy improvements for associated non-AP MLD.
As shown, the SOC 300 can include processor(s) 302, which can execute program instructions for the client station 106 and display circuitry 304, which can perform graphics processing and provide display signals to the display 360. The SOC 300 can also include motion sensing circuitry 370 which can detect motion of the client station 106, for example using a gyroscope, accelerometer, and/or any of various other motion sensing components. The processor(s) 302 can also be coupled to memory management unit (MMU) 340, which can be configured to receive addresses from the processor(s) 302 and translate those addresses to locations in memory (e.g., memory 306, read only memory (ROM) 350, NAND flash memory 310) and/or to other circuits or devices, such as the display circuitry 304, cellular communication circuitry 330, short range wireless communication circuitry 329, connector interface (I/F) 320, and/or display 360. The MMU 340 can be configured to perform memory protection and page table translation or set up. In some embodiments, the MMU 340 can be included as a portion of the processor(s) 302.
As noted above, the client station 106 can be configured to communicate wirelessly directly with one or more neighboring client stations. The client station 106 can be configured to communicate according to a WLAN RAT for communication in a WLAN network, such as that shown in
As described herein, the client station 106 can include hardware and software components for implementing the features described herein. For example, the processor 302 of the client station 106 can be configured to implement part or all of the features described herein, e.g., by executing program instructions stored on a memory medium (e.g., a non-transitory computer-readable memory medium). Alternatively (and/or in addition), processor 302 can be configured as a programmable hardware element, such as an FPGA (Field Programmable Gate Array), or as an ASIC (Application Specific Integrated Circuit). Alternatively (and/or in addition) the processor 302 of the UE 106, in conjunction with one or more of the other components 300, 304, 306, 310, 315, 320,329, 330, 335, 336, 337, 338, 340, 350, 360, 370 can be configured to implement part or all of the features described herein.
In addition, as described herein, processor 302 can include one or more processing elements. Thus, processor 302 can include one or more integrated circuits (ICs) that are configured to perform the functions of processor 302. In addition, each integrated circuit can include circuitry (e.g., first circuitry, second circuitry, etc.) configured to perform the functions of processor(s) 204.
Further, as described herein, cellular communication circuitry 330 and short-range wireless communication circuitry 329 can each include one or more processing elements. In other words, one or more processing elements can be included in cellular communication circuitry 330 and also in short range wireless communication circuitry 329. Thus, each of cellular communication circuitry 330 and short-range wireless communication circuitry 329 can include one or more integrated circuits (ICs) that are configured to perform the functions of cellular communication circuitry 330 and short-range wireless communication circuitry 329, respectively. In addition, each integrated circuit can include circuitry (e.g., first circuitry, second circuitry, etc.) configured to perform the functions of cellular communication circuitry 330 and short-range wireless communication circuitry 329.
As shown, the SOC 400 can be coupled to various other circuits of the wireless node 107. For example, the wireless node 107 can include various types of memory (e.g., including NAND flash 410), a connector interface 420 (e.g., for coupling to a computer system, dock, charging station, etc.), the display 460, and wireless communication circuitry 430 (e.g., for 5G NR, LTE, LTE-A, Bluetooth, Wi-Fi, NFC, GPS, UWB, etc.).
The wireless node 107 can include at least one antenna, and in some embodiments, multiple antennas 435 and 436, for performing wireless communication with base stations and/or other devices. For example, the wireless node 107 can use antennas 435 and 436 to perform the wireless communication. As noted above, the wireless node 107 can in some embodiments be configured to communicate wirelessly using a plurality of wireless communication standards or radio access technologies (RATs).
The wireless communication circuitry 430 can include Wi-Fi Logic 432, a Cellular Modem 434, and Bluetooth Logic 439. The Wi-Fi Logic 432 is for enabling the wireless node 107 to perform Wi-Fi communications, e.g., on an 802.11 network. The Bluetooth Logic 439 is for enabling the wireless node 107 to perform Bluetooth communications. The cellular modem 434 can be capable of performing cellular communication according to one or more cellular communication technologies. Some or all components of the wireless communication circuitry 430 can be used for ranging communications, e.g., using WLAN, Bluetooth, and/or cellular communications.
As described herein, wireless node 107 can include hardware and software components for implementing embodiments of this disclosure. For example, one or more components of the wireless communication circuitry 430 (e.g., Wi-Fi Logic 432) of the wireless node 107 can be configured to implement part or all of the methods described herein, e.g., by a processor executing program instructions stored on a memory medium (e.g., a non-transitory computer-readable memory medium), a processor configured as an FPGA (Field Programmable Gate Array), and/or using dedicated hardware components, which can include an ASIC (Application Specific Integrated Circuit).
IEEE and/or 802.11 (e.g., 802.11bn) can include MLD capabilities. In current implementations, an access point (AP) MLD node can manage its affiliated APs. Thus, an AP MLD node can modify, add, and/or subtract affiliated APs to increase capacity, manage Basic Service Sets (BSSs) interference and coverage, include switching APs to operate in channels with less interference, and/or steer associated non-AP MLD nodes to operate on better performing APs and/or AP MLD nodes.
The AP MLD can provide the affiliated APs from a single physical device (e.g., a single shared housing and potentially using the same antenna(s)). In some embodiments, the AP MLD can provide the APs from multiple distinct devices (e.g., a first device can provide one or more APs and a second device can provide one or more different APs, etc.). In some embodiments, various affiliated APs can be separated spatially (e.g., using beams in different directions, using different antennas with a shared housing (e.g., antennas of a same physical device), and/or of different devices, etc.). In some embodiments, spatially separated affiliated APs can operate on a same (or overlapping) channel(s).
As illustrated, the non-AP MLD 106 can operate three affiliated STAs corresponding to the three affiliated APs. For example, STA 806a can operate in the 2.4 GHz band, STA 806b can operate in a 5 GHz band, and STA 806c can operate in a 6 GHz band. The STAs can communicate with corresponding APs (e.g., STA 806a can communicate with AP 812a, STA 806b can communicate with AP 812b, etc.). Furthermore, any number of affiliated STAs can be used in any combination of bands. For example, the non-AP MLD can operate multiple affiliated STAs in one band and/or possibly not operate any affiliated STAs in a band. The non-AP MLD can operate STAs corresponding to some, none, or all of the APs of the AP MLD. The affiliated STAs can include various layers such as PHY and/or MAC layers, among various possibilities. The affiliated STAs can use different addresses such as Addr 1-3 illustrated in
The non-AP MLD can provide the affiliated STAs from a single physical device (e.g., a single shared housing and potentially using the same antenna(s)). In some embodiments, the non-AP MLD can provide the STAs from multiple distinct devices (e.g., a first device can provide one or more STAs and/or a second device can provide one or more different one or more STAs, etc.). In some embodiments, various affiliated STAs can be separated spatially (e.g., using beams in different directions, using different antennas with a shared housing (e.g., antennas of a same physical device), and/or of different devices, etc.).
The various affiliated STAs and APs can communicate concurrently/simultaneously. For example, STA 806a can exchange uplink and/or downlink data with AP 812a on a first link while STA 806b exchanges uplink and/or downlink data with AP 812b on a second link, etc. Furthermore, concurrent communication can include different data being exchanged at the same time, overlapping times, and/or different times on different links. For example, data between the AP MLD and non-AP MLD can be routed over the first available link and/or a link selected based on other criteria (e.g., lowest energy use, etc.). Additionally or alternatively, a first packet or portion of data can be sent over a first link and concurrently a second packet or portion of data can be sent over a second link.
In some embodiments, the AP MLD and non-AP MLD can include respective multi-link (ML) entities. An ML entity can provide upper MAC functionality that controls the separate APs and/or STAs and can additionally or alternatively control traffic delivery through available links (e.g., between the various APs and STAs). Furthermore, the respective MLDs (e.g., AP and non-AP) can have only one respective MAC service access point (SAP) interface and the ML entity can manage this SAP interface. Additionally, the ML entity can also manage transmission buffering (e.g., bookkeeping and link selection in the transmitter) and data re-order buffering in reception (e.g., combination of the data that is transmitted in different links).
According to some embodiments, the AP MLD 112 and non-AP MLD 106 can exchange information about their respective operations, operating parameters, and/or capabilities. For example, the non-AP MLD and AP MLD can have various capabilities for operating a STA in a particular band. The capabilities can be different for different bands. For example, the capabilities in a band can be associated with one or more maximum (e.g., fastest, most flexible, most powerful, highest throughput, etc.) parameter values that a STA of the non-AP MLD can use. Additionally or alternatively, the AP-MLD and/or non-AP MLD can support integrity protection capabilities. Operations or operating parameters can describe the parameter values (e.g., associated with integrity protection capabilities, as one example) that are currently in use or can be planned to be in use at a future time.
For example, the parameters (e.g., parameter values) can include an applicable physical (PHY) version and its associated parameters. The parameters can describe supported services and transmission formats that are available. Additionally or alternatively, the parameters can describe available resources, bandwidths and number of spatial streams. In some embodiments, the parameters can apply integrity protection to various fields and subfields such that frames transmitted between a STA and AP (or non-AP MLD and an AP MLD) benefit from integrity protection. For example, it can be beneficial for client privacy enhanced (CPE) stations (STAs) or clients (as well as APs) to change or adjust certain parameters used for performing communications with an AP or STA.
According to some embodiments, the links can be located so closely (e.g., spatially and/or in frequency) that the non-AP STA can possibly not operate them independently (e.g., due to limits of the device and/or to manage resources or performance). Additionally, some APs can support STAs (e.g., non-AP MLDs) that are not capable of simultaneously transmitting and receiving on the link pair, according to some embodiments.
In some embodiments, the non-AP MLD can operate STAs communicating with multiple AP-MLDs. For example, a first STA can communicate with a first AP MLD and a second STA can communicate with a second AP MLD. Similarly, an AP MLD can communicate with multiple STAs. For example, one affiliated AP can communicate with multiple STAs.
In the illustrated example, the non-AP MLD operates a number of STAs equal to the number of APs provided by the AP MLD. However, different numbers are possible. For example, the AP MLD can provide more APs than the number of STAs operated by the non-AP MLD or vice versa. The number of APs and/or number of STAs can change over time.
By changing or adjusting certain parameters used for performing communications with an AP and/or STA, it can be more difficult for eavesdroppers (e.g., cybercriminals, hackers, etc.) to intercept, extract or listen in on communications between STAs and APs (as one example of various other device to device communications). Accordingly, clients can seek to perform more secure communications between the STAs and APs using various techniques involving integrity protection or related parameter adjustments. For example, it can be beneficial for a client (e.g., STA) and AP to change the transmitted frame number (FN), frame control field, QoS control field, or other various parameters to new values on downlink and uplink without any loss of connection, according to some embodiments. Some or all of these described changes can be useful in providing increased privacy of communications between CPE STAs and APs through making eavesdropping by unwanted persons more difficult.
For example,
Additionally,
In some embodiments, some MAC Header fields such as Power Management (PM) and HT Control can possibly not be integrity protected. Accordingly, security attacks with QoS Null frames can be relatively simple for skilled eavesdroppers to perform since the QoS Null frame has no integrity, replay or encryption protection. In other words, a lack of integrity protection can enable simple security attacks by eavesdroppers. For example, an attacker or eavesdropper can use the PM field to bypass AP encryption which results in a clear or poorly protected frame leak. Accordingly, these attacks can be avoided if the PM field is integrity protected.
Additionally, a STA can send an operating mode indication (OMI) HT Control field value to control its support for a number of spatial streams (NSS), a bandwidth (BW), and/or whether or not the STA supports uplink (UL) multi-user (MU) transmissions (e.g., whether or not the AP can trigger the station). However, in some instances, an attacker can use an OMI field control value to cause a transmission in a format that the victim STA is not capable of receiving. For example, an attacker can use an OMI field to indicate to the AP that the STA is capable of receiving a BW or NSS that is actually larger than the STA is capable of receiving. Additionally or alternatively, an attacker or eavesdropper can use an OMI field value to enable a very inefficient transmission mode (e.g., 20 MHz, 1 synchronization signal (SS) at 6 GHZ). Accordingly, these attacks can result in delays and decreased communication efficiency between APs and STAs and therefore preventative techniques involving integrity protection can be beneficial in mitigating these attack occurrences.
Additionally, while the PM field equals 0 for A-MPDU subframes 1-3, the PM field for retransmission A-MPDU subframe 2 equals 1. This change from PM=0 to PM=1 can cause a security vulnerability because WLAN data payload integrity protection can possibly not protect MAC Header fields for which values can change in retransmissions. More specifically, this change from PM=0 to PM=1 can cause the STA to unintentionally enter a power save mode in which it can possibly not be able to receive transmissions of frames. In other words, an attacker can utilize this change in PM value to instruct the STA to turn off. Alternatively, an attacker can inform the AP (e.g., via a QoS null frame) that the STA is in power conservation mode (e.g., PM=1) when in fact the STA is not in said mode and is actually available to receive transmissions of frames. In turn, these scenarios can cause delays in communications between APs and STAs.
In some embodiments, the payload integrity protection can be performed one time for each MPDU payload and selected MAC header fields. Furthermore, protected MAC header field values can possibly not change in retransmissions as payload integrity protection uses a MPDU specific Packet Number (PN). Additionally, the More Data field or HT Control field values can change per transmitted PPDU, so they can possibly not be able to utilize payload integrity protection. However, per PPDU integrity protection of the More Data or HT Control field can be possible using separate PPDU specific Frame Number (FN) and keys, according to some embodiments.
As eavesdroppers, attackers, and/or hackers have become increasingly aware of potential security vulnerabilities such as those discussed above, enhanced integrity protection of MAC headers and QoS null frames (as some examples) above can offer more robust protection and mitigation of successful attacks.
One potential technique for implementing integrity protection of MAC headers and QoS null frames can include the AP requesting information from a STA regarding the STA's integrity protection capabilities. Accordingly, the AP MLD can, in response to the STA supporting one or more integrity protection capabilities, adjust parameters fields of downlink frames (e.g., MAC PDUs (MPDUs) as one example) to be transmitted to the STA.
According to some embodiments, the AP can adjust parameter fields of the MPDU to allow for one or more subfields to benefit from integrity protection. For example, integrity protection of messages or frames between APs and STAs (including MLDs or non-MLDs) can involve verifying the integrity of said messages or frames. More specifically, message integrity (e.g., integrity protected messages) can allow for the receiving STA or AP or verify whether or not the messages/frames have been correctly received (e.g., from an expected/intended AP/STA). According to some embodiments, this verification can involve performing an integrity checksum of one or more parameter fields of the messages/frames. Additionally or alternatively, the checksum can be compared to a previously received value to ensure the frames are being received by the correct receiver (e.g., a STA) and/or being transmitted by the correct transmitter (e.g., an AP).
Aspects of the method of
Note that while at least some elements of the method of
The methods shown can be used in conjunction with any of the systems, methods, or devices shown in the Figures, among other devices. In various embodiments, some of the method elements shown can be performed concurrently, in a different order than shown, or can be omitted. Additional method elements can also be performed as desired. As shown, this method can operate as follows.
In 1202, a STA 106 can receive, from an access point (AP) 112, an integrity protection (IP) capability request, according to some embodiments. For example, before making any IP related decisions or performing IP related actions, the AP 112 can first determine whether or not the STA 106 supports one or more IP capabilities. In other words, the AP 112 can first verify that the STA 106 supports an IP capability before applying IP techniques related to said IP capability. As an alternative embodiment, the STA 106 can transmit an IP capability request to the AP 112.
In 1204, the STA 106 can transmit an IP capability response to the AP 112, according to some embodiments. For example, in response to the IP capability request from the AP 112, the STA 106 can transmit a response including an indication of whether or not it supports one or more IP capabilities. As an alternative embodiment, the STA 106 can receive an IP capability response to the AP 112.
In 1206, the AP 112 can adjust one or more parameter fields of downlink (DL) frames to be sent to the STA 106, according to some embodiments. In some embodiments, the AP 112 can adjust one or more parameter fields of the DL frames to a value of zero. For example, the AP 112 can adjust the frame control and/or QoS control fields to be values of zero. Alternatively, the AP 112 can adjust one or more parameter fields of the DL frames to increase by a value of one. For example, the AP 112 can adjust a frame number field value to increase by one for each subsequent transmission of DL frames. As an alternative embodiment, the STA 106 can adjust one or more parameter fields of uplink (UL) frames to be sent to the AP 112.
In 1208, the STA 106 can receive the adjusted DL frames from the AP 112, according to some embodiments. In some embodiments, the one or more DL frames can include a header message integrity check (MIC) field and frame number field. Additionally or alternatively, the header MIC field can allow the STA 106 to perform an integrity checksum procedure to verify the transmitting AP 112. According to some embodiments, the one or more DL frames can be at least one of, a trigger frame, or a block acknowledgement (BA) frame. As an alternative embodiment, the STA 106 can transmit the adjusted UL frames to the AP 112.
In some embodiments, if the one or more DL frames are transmitted to a group address, the STA 106 can receive, from the AP 112, a headers MIC value associated with a group key and verify, in order to confirm that the one or more DL frames have been correctly received, that the header MIC value associated with the group key matches a value of the headers MIC field.
According to further embodiments, the plurality of parameter fields can include at least one address and the STA 106 can determine, based on a comparison of the at least one address to an address of the STA 106, whether or not the STA 106 is an intended recipient of the one or more DL frames or whether or not the AP 112 is a correct (e.g., expected) transmitter of the one or more DL frames.
In some embodiments, the one or more DL frames can be quality of service (QOS) null frames. Additionally or alternatively, the QoS null frames can include a protected medium access control (MAC) header field and a high throughput (HT) control field.
In some instances, the one or more DL frames can be beacons transmitted during one or more beacon periods. Furthermore the beacons can include one or more beacon integrity protection number (BIPNs) in which values of the one or more BIPNs are respectively increased by a value of one for beacons transmitted in respective beacon periods subsequent to a first beacon period. In other words, the BIPN can be increased by a value of one in each subsequent beacon period.
In some embodiments, the one or more BIPNs and one or more respective frame numbers (FNs) can be included as part of one or more respective physical packet data unit (PPDUs). For example, the one or more BIPNs can be six octets in length and the one or more respective FNs can be either one, two, or three octets in length. Accordingly, the PPDUs can be lengths of seven, eight, or nine octets, according to some embodiments.
At 1210, the STA 106 can verify, based on a value of the at least one of the adjusted parameter field or one or more parameter fields of the plurality of parameter fields, that the one or more DL frames have been correctly received from the AP 112. For example, if the one or more DL frames can include a header MIC field, this can allow the STA 106 to perform an integrity checksum procedure to verify that the transmitting AP 112 is the expected AP. As an alternative embodiment, the AP 112 can verify, based on a value of the at least one of the adjusted parameter field or one or more parameter fields of the plurality of parameter fields, that the one or more UL frames have been correctly received from the STA 106. For example, the AP can utilize the PM field as well as its value (e.g., PM=1 or PM=0) to determine whether or not one or more UL frames are received from the correct STA, according to some embodiments.
According to some embodiments, the MPDU payload can be encrypted only one time and the payload encryption can be kept the same while the payload is being transmitted. Furthermore, the payload encryption can include Address fields, Packet Number and Sequence Number as input parameters and further provide integrity protection for these MAC Header fields. The values of these fields can be kept the same for the encrypted payload transmission and retransmissions. Additionally, the payload can have a separate MIC field for the integrity protection, according to some embodiments.
In some embodiments, MAC Header field values can change per each transmitted MPDU and these fields can typically signal the state of the transmitter. For example, the fields can signal the transmitter power management mode. In other words, the fields can signal whether the device is in an active mode or in a power save mode. However, the transmitter can change these values per transmitted MPDU, according to some embodiments.
According to further embodiments, the per MPDU MAC Header integrity protection mechanism can integrity protect all MAC Header fields or only a partial set of the MAC Header fields. For example, the partial set of MAC Header fields protection can protect only the fields that are not protected by the data frame integrity protection. Accordingly, this can enable security attacks against the STA. Therefore, protecting all MAC Header fields can be beneficial and the receiver can verify the MAC Header integrity before starting to decrypt the MPDU payload, according to some embodiments.
According to some embodiments, a PPDU can be considered as a whole transmission which can include a preamble and one or more MPDUs. Additionally, the MPDU can contain the MAC Header and payload. Furthermore, some MAC Header fields can have the same values in the MPDUs of the PPDU. Alternatively, some MAC Header fields can have distinct values for MPDUs of the PPDU, according to some embodiments.
In some embodiments and related to
In some embodiments, the MAC Header integrity protection may have a key (e.g., key ID) change. In a key change process, the transmitter and receiver can setup a new key via key renewal signaling, according to some embodiments. Furthermore, for the key renewal process, it can be necessary for the MAC Header to identify the key that is used to integrity protect the current MAC Header. For example, a high data rate (HDR) Key ID bit can be used to signal the key that is used to integrity protect the MAC Headers in transmission(s), according to some embodiments. In some embodiments, a HDR Key ID value of 0 (e.g., zero) can be assigned to a specific integrity protection key in an association procedure and a value of 1 can be assigned to the integrity protection key setup in key renewal negotiation procedures. Furthermore and as illustrated in
In some embodiments, the frame number field and headers MIC field can be added to the MPDU and can further have header encryption (e.g., as shown by the extra bold dashed line around the frame number and header MIC fields in
According to some embodiments, including MAC header fields and A-MSDU header fields in the header encrypted portion of the MPDU can be beneficial in providing enhanced integrity protection. For example, if the Frame Control and QoS control fields were adjusted to zero (e.g., in order to not provide that information to the recipient), the previously assigned values of those fields could be included in the header encrypted MAC header fields and would therefore benefit from being integrity protected. In some embodiments, two formats of addresses can be used in the MPDU. For example, the A-MSDU header field can be added as payload to integrity protect (e.g., by being included in the header encryption) the address fields as part of one format while the address fields 1-4 remain unencrypted.
In some embodiments related to a selective protection scheme or technique, the frame number, MAC header fields, A-MSDU header, and headers MIC fields can be characterized as having headers integrity protection, Address 1-4 fields, CCMP header, data payload, and MIC fields can be characterized as having payload integrity protection, and the sequence control field can be characterized as having partial integrity protection. Additionally or alternatively, it can be possible to apply headers integrity protection across the all of the clear fields and header encrypted fields, according to some embodiments. In other words, a complete (rather than selective) headers integrity protection scheme or technique can be applied across the clear and header encrypted fields.
In both
In some embodiments, a STA can determine whether it is the correct recipient of the frame by checking whether its MAC address is the receiver address. In other words, the STA can compare its MAC address to Address 1-4 fields to confirm that its address in included. Accordingly, if its MAC address is not included in the Address fields 1-4, the STA can determine that it is not a correct recipient of the frames, according to some embodiments. Furthermore, if the STAs address was not included, it can further determine that the frames were transmitted by potential attacker/hacker and therefore the STA can terminate frame reception, according to some embodiments.
Additionally or alternatively, a STA can determine whether it is the correct recipient of the frame by checking or verifying that the frame has been transmitted to a group address and that the Headers MIC matches a calculated Headers MIC value, according to some embodiments. If the STA determines that one or both of these cases is not true, the STA can terminate frame reception. Additionally, some STAs can check the frame checksum (FCS) field to ensure that frame is correctly received. In some embodiments, the Headers MIC field uses group keys which can allow all STAs in a BSS to calculate the MIC. In these cases, if the calculated MIC matches with the received MIC, the STA can verify that it has received the MAC Headers correctly. In some embodiments, the aspects of
For example,
According to some embodiments, it can be possible to avoid replay attacks and to make MAC Header fields integrity protection secure. For example, as Frame Numbers (FNs) and Sequence Numbers (SNs) can be maintained at the link level (e.g., Individual FN [STA,AP] and Group FN [AP] as shown in
In some embodiments, each PPDU which is integrity protected can have a new FN Accordingly, by increasing each transmitted UL/DL Protected frame (e.g., UL/DL FN) by +1, the receiver can maintain link specific replay counters. Therefore, upon each reception of a transmission, the receiver checks that UL/DL Individual frame has UL/DL FN+1 (e.g., the uplink or downlink frame number has increased from the previous value) to verify that it is receiving from the correct transmitter. In other words, MLDs can use respective counters for respective links as part of an integrity protection technique involving increasing the FN of frames received from specific links.
Alternatively, the receiver can verify that the received FN value (e.g., UL/DL FN+1) is greater than an older value. This can allow for the situation in which the AP or STA did not receive a PPDU. Additionally or alternatively, a STA can check that group frames have a larger Group FN value than previously received. Furthermore, if an AP uses group keys for integrity protection, the AP can use only one FN for all frames, according to some embodiments. In some embodiments, the aspects of
More specifically,
Additionally,
Due to the aforementioned random nature of channel access processes and potential beacon transmission delay, the transmitter can additionally have a delay in the TBTT value increase, according to some embodiments. For example, before a TBTT, the beacon transmitted on Link 1 can be associated with a BIPN with an old value (e.g., BIPN (old). During a grace period extending from TBTT to TBTT+X ms, the beacon transmitted on Link 1 can be associated with either BIPN (old) or BIPN (old)+1, according to some embodiments. However, after TBTT+X ms marking the end of the grace period, the beacon should be associated with BIPN (old)+1 rather than BIPN (old). In other words, the receiver receives frames that use the old TBTT value for a grace period to ensure simple transmitter implementations. In some embodiments, the duration of the grace period can be defined in the specification or it can be negotiated in association.
While
In some embodiments, the aspects of
Accordingly, it can be beneficial to incorporate integrity protection of the ICF in order to mitigate attacks using said ICF. In some embodiments, the aspects of
Furthermore, because a Multi-STA BA can contain Block Ack information to multiple STAs and the BA Information contains multiple Per AID TID Information, no changes to the Multi-STA Block Ack frame format can be necessary to provide integrity protection. For example, Group addressed BA will use Group integrity protection keys and frame number, according to some embodiments.
In some embodiments, the AID11 field value can be associated with or correspond to content of the Block Ack Bitmap field. For example, an AID11 field value of 2044 (TBC) can correspond to a Block Ack Bitmap field content of a frame number (24 bits) and X reserved bits and an AID11 field value of 2045 (TBC) can correspond to a Block Ack Bitmap field content of a headers MIC value, according to some embodiments. Furthermore, the AID11 field value (e.g., a new dedicated AID or STA-IDs) of 2044 (TBC) can correspond to a BA content size of four octets and a BA bitmap content of a 16 bit frame number and 12 reserved bits. Alternatively, the AID11 field value of 2045 (TBC) can correspond to a BA content size of sixteen or thirty-two octets and a BA bitmap content of the headers MIC value, according to some embodiments.
Additionally or alternatively, an AID11 field value of 20 can correspond to a BA Bitmap of TID 1 for STA 1, an AID11 field value of 21 can correspond to a BA Bitmap of TID 2 for STA 1, an AID11 field value of 22 can correspond to a BA Bitmap of TID 0 for STA 2, and an AID11 field value of 23 can correspond to a BA Bitmap of TID 7 for STA 1, according to some embodiments.
In some embodiments, the aspects of
Furthermore, as the User Info List contains the UL RU allocations and the Frame Number and MIC are carried as part of User Info list, no changes to the trigger frame format can be necessary. Accordingly, the trigger frame format can be considered to be fully legacy compatible and use the same AID values as in the BA (e.g., as in
In some embodiments, the aspects of
It is well understood that the use of personally identifiable information should follow privacy policies and practices that are generally recognized as meeting or exceeding industry or governmental requirements for maintaining the privacy of users. In particular, personally identifiable information data should be managed and handled so as to minimize risks of unintentional or unauthorized access or use, and the nature of authorized use should be clearly indicated to users.
Embodiments of the present disclosure can be realized in any of various forms. For example, some embodiments can be realized as a computer-implemented method, a computer-readable memory medium, or a computer system. Other embodiments can be realized using one or more custom-designed hardware devices such as ASICs. Other embodiments can be realized using one or more programmable hardware elements such as FPGAs.
In some embodiments, a non-transitory computer-readable memory medium can be configured so that it stores program instructions and/or data, where the program instructions, if executed by a computer system, cause the computer system to perform a method, e.g., any of the method embodiments described herein, or, any combination of the method embodiments described herein, or, any subset of any of the method embodiments described herein, or, any combination of such subsets.
In some embodiments, a wireless device can be configured to include a processor (and/or a set of processors) and a memory medium, where the memory medium stores program instructions, where the processor is configured to read and execute the program instructions from the memory medium, where the program instructions are executable to cause the wireless device to implement any of the various method embodiments described herein (or, any combination of the method embodiments described herein, or, any subset of any of the method embodiments described herein, or, any combination of such subsets). The device can be realized in any of various forms.
Although the embodiments above have been described in considerable detail, numerous variations and modifications will become apparent to those skilled in the art once the above disclosure is fully appreciated. It is intended that the following claims be interpreted to embrace all such variations and modifications.
This application claims priority to U.S. Provisional Patent Application No. 63/512,545, entitled “Enhanced Integrity Protection for Wireless Networking Systems,” filed Jul. 7, 2023, which is hereby incorporated by reference in its entirety as though fully and completely set forth herein. The claims in the instant application are different than those of the parent application or other related applications. The Applicant therefore rescinds any disclaimer of claim scope made in the parent application or any predecessor application in relation to the instant application. The Examiner is therefore advised that any such previous disclaimer and the cited references that it was made to avoid, may need to be revisited. Further, any disclaimer made in the instant application should not be read into or against the parent application or other related applications.
Number | Date | Country | |
---|---|---|---|
63512545 | Jul 2023 | US |