The accompanying figures, where like reference numerals refer to identical or functionally similar elements throughout the separate views and which together with the detailed description below are incorporated in and form part of the specification, serve to further illustrate various embodiments and to explain various principles and advantages all in accordance with the present invention.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
Before describing in detail various embodiments that are in accordance with the present invention, it should be observed that the embodiments reside primarily in combinations of method steps and apparatus components related to establishing and removing security associations between pairs of neighboring nodes. Accordingly, the apparatus components and method steps have been represented where appropriate by conventional symbols in the drawings, illustrating only those specific details that are pertinent to understanding the embodiments of the present invention, so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.
In this document, relational terms such as first and second and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. The terms “comprises,” “comprising,” or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. An element preceded by “comprises a . . . ” does not, without more constraints, preclude the existence of additional identical elements in the process, method, article, or apparatus that comprises the element.
It will be appreciated that embodiments of the invention described herein may be comprised of one or more conventional processors and unique stored program instructions that control the one or more processors to implement, in conjunction with certain non-processor circuits, some, most, or all of the functions for establishing and removing security associations between pairs of neighboring nodes as described herein. The non-processor circuits may include, but are not limited to, a radio receiver, a radio transmitter, signal drivers, clock circuits, power source circuits, and user input devices. As such, these functions may be interpreted as steps of a method for establishing and removing security associations between pairs of neighboring nodes. Alternatively, some or all functions could be implemented by a state machine that has no stored program instructions, or in one or more application specific integrated circuits (ASICs), in which each function or some combinations of certain of the functions are implemented as custom logic. Of course, a combination of the two approaches could be used. Thus, methods and means for these functions have been described herein. Further, it is expected that one of ordinary skill, notwithstanding possibly significant effort and many design choices motivated by, for example, available time, current technology, and economic considerations, when guided by the concepts and principles disclosed herein will be readily capable of generating such software instructions and programs and ICs with minimal experimentation.
As described above, each node in the network establishes a trust relationship with the AAA Server 130 deployment. This can be based on, for example, a password, a subscriber identity module (SIM) card identification (I.D.) or other I.D. which is unique to the particular node and is stored at the AAA Server 130. Each node uses this relationship with the AAA Server 130 to authenticate to that AAA Server 130. The AAA Server 130 (or the IAP 120) also helps the particular node that is authenticating to establish a trust relationship with its neighbor nodes by distributing a shared secret that is encrypted and that can only be decrypted by that particular node and its immediate neighbor through which it hopped through to authenticate.
For example, the nodes 106, 107, 110, 115, 135, 140, 145 can each independently establish a “pairwise master key (PMK)” by authenticating with the AAA server 130. This unique PMK is a pairwise secret that is derived only by the node and the AAA server 130. For example, in one exemplary implementation, Node1115 transmits a first authentication request to the AAA server 130 via the IAP 120. The AAA server 130 authenticates Node1115, and Node1115 and AAA server 130 simultaneously derive a pairwise master key (PMK). Although not shown, it will be appreciated that this authentication process can also happen between the AAA server 130 and each of the other nodes 145, 110, 107, 135, 140, 106. The AAA server 130 securely transmits the PMKs to the IAP 120 which then transmits the PMKs only to the 802.1x-Authenticator nodes for which they are intended. Thus, at this point, the nodes have authenticated to the AAA server 130 via the IAP 120 and established PMKs. As will be described below, the PMKs can then be used to derive more pairwise secrets (or “temporal keys”) for data or routing protection.
In many cases, a node must establish a trust relationship with a neighbor node over the radio interface before it can start to communicate with or through that neighbor node. Establishing a security association between these two peer nodes assures the source node that the neighbor node is trusted, and at the same time assures the neighbor-node that the source node is allowed to access the network. One of the underlying problems in a mesh network relates to managing which neighbor node(s) a particular node will establish and maintain a security association with. Some of these neighbor nodes may be fixed, while other neighbor nodes may be mobile. For communication between peer nodes it is important to synchronize the security association state with the routing module since the routing module can not establish a route to a new neighbor “peer” node unless a security association is first established with that neighbor node.
IEEE 802.1X “Supplicants” are synchronized according to the Mac-Layer-Management-Entity's (MLME) “3-states” model. The MLME 3-states model will be described below with respect to
At step 210, the node is in State 1. In State 1, the node has not yet 802.11 authenticated (e.g., is unauthenticated) or 802.11 associated (e.g., is unassociated) with the AP. Upon successfully authenticating with the AP, at step 220, the node enters State 2. In State 2, the node has 802.11 authenticated (e.g., is authenticated), but has not yet 802.11 associated (e.g., is unassociated) with the AP. Upon successfully associating with the AP, at step 230, the node enters State 3. In State 3, the node has 802.11 authenticated (e.g., is authenticated), and 802.11 associated (e.g., is associated) with the AP. This triggers the Extensible Authentication Protocol (EAP) described above, and establishment of a security association, for example, using 802.1X.
The MLME state-machine drives/triggers establishment of 802.1X security associations. The 802.1X-Supplicant is actively triggered by MLME change-of-state notifications. All the information needed for the 802.1X security association is provided to the 802.1X-Supplicant by the MLME notifications/events as will now be described with reference to
At step 310, the node scans for a beacon and a desired Service Set Identifier (SSID). At step 320, the node authenticates with the AP having the desired SSID. This authentication is sometimes referred to as “open authentication,” and is driven by the MLME of the node and the AP. At step 330, the node associates to the AP having the desired SSID. Again, this association process is driven by the MLME. At step 340, the MLME of the node triggers the Extensible Authentication Protocol (EAP) described above. The node and AP perform an EAP Authentication to establish of a security association between the node and the AP, for example, using 802.1X.
Currently, IEEE 802.11 standards do not address security association establishment among peer nodes in a mesh network. For instance, the MLME does not support AP-to-AP topology relationships such as those which occur in a mesh network. It is desirable to provide security association establishment techniques which do not rely on the 802.11 MLME 3-state model since many routing modules used in peer mesh nodes do not support the notion of “association” or “open authentication” which is essential to the MLME management operation. As such, with respect to peer “mesh” nodes, it is desirable to provide security association establishment techniques in which the security association state is synchronized with the routing module.
A security association between a pair of node can help to provide for secure communications between those nodes. Techniques are provided herein for establishing security associations between nodes, maintaining security associations between nodes, and removing security associations between nodes in an ad hoc network such as a wireless mesh network. As used herein, the term “security association” refers to a set of policy(ies) and key(s) used to protect information. A security association can comprise information regarding, for example, key material (e.g., cryptographic keys), type of encryption/decryption or cipher algorithm, key length, MAC algorithm, counters, timers, etc. needed for correct operation. For example, components of a security association in the context of IEEE 802.11i can include: a pairwise master key (PMK) which is derived during EAP authentication between the Supplicant and the Authentication Server (e.g., derived from the 802.1x/EAP exchange), a pairwise transient key (PTK) which is derived between peer nodes using the PMK during an IEEE 802.11i 4-way handshake, and a group transient key (GTK) which is derived during an 802.11i 2-way handshake or optionally piggybacked on 4-way handshake as defined in 802.11i using the PMK. The security associations for each of the PMK, PTK and GTK include key material, cipher algorithm, counters, timers, etc.
The information in the security association is stored by each party of the security association, is consistent among all parties, and has an identity. Examples of such techniques will be described below with reference to
The processor 401 includes one or more microprocessors, microcontrollers, DSPs (digital signal processors), state machines, logic circuitry, or any other device or devices that process information based on operational or programming instructions. Such operational or programming instructions are stored in the program memory 409. The program memory 409 can be an IC (integrated circuit) memory chip containing any form of RAM (random-access memory) or ROM (read-only memory), a floppy disk, a CD-ROM (compact disk read-only memory), a hard disk drive, a DVD (digital video disc), a flash memory card, external subscriber identity module (SIM) card or any other medium for storing digital information. One of ordinary skill in the art will recognize that when the processor 401 has one or more of its functions performed by a state machine or logic circuitry, the memory 409 containing the corresponding operational instructions can be embedded within the state machine or logic circuitry. The operations performed by the processor 401 and the other elements of the node 400 are described in detail below.
The transmitter circuitry 403 and the receiver circuitry 405 enable the node 400 to communicate information packets to and acquire information packets from the other nodes. In this regard, the transmitter circuitry 403 and the receiver circuitry 405 include appropriate, conventional circuitry to enable digital or analog transmissions over a wireless communication channel. The transmitter circuitry 403 and the receiver circuitry 405 can operate over an ad hoc networking air interface (e.g., Bluetooth, IEEE 802.11, IEEE 802.15, and the like).
The implementations of the transmitter circuitry 403 and the receiver circuitry 405 depend on the implementation of the node 400. For example, the transmitter circuitry 403 and the receiver circuitry 405 can be implemented as an appropriate wireless modem, or as conventional transmitting and receiving components of two-way wireless communication devices. In the event that the transmitter circuitry 403 and the receiver circuitry 405 are implemented as a wireless modem, the modem can be internal to the node 400 or insertable into the node 400 (e.g., embodied in a wireless radio frequency (RF) modem implemented on a Personal Computer Memory Card International Association (PCMCIA) card). For a wireless communication device, the transmitter circuitry 403 and the receiver circuitry 405 are preferably implemented as part of the wireless device hardware and software architecture in accordance with known techniques. One of ordinary skill in the art will recognize that most, if not all, of the functions of the transmitter circuitry 403 and/or the receiver circuitry 405 can be implemented in a processor, such as the processor 401. However, the processor 401, the transmitter circuitry 403, and the receiver circuitry 405 have been artificially partitioned herein to facilitate a better understanding.
The receiver circuitry 405 is capable of receiving radio frequency (RF) signals from at least one frequency band and optionally multiple frequency bands, when, for example, the communications with the proximate device are in a frequency band other than that of the network communications. The receiver circuitry 405 can optionally comprise a first receiver and a second receiver, or one receiver capable of receiving in two or more frequency bands. The receiver 405, depending on the mode of operation, can be tuned to receive, for example, Bluetooth or wireless local area network (WLAN), such as IEEE 802.11, communication signals. The transceiver 402 includes at least one set of transmitter circuitry 403. The at least one transmitter 403 can be capable of transmitting to multiple devices potentially in multiple frequency bands.
The antenna 406 comprises any known or developed structure for radiating and receiving electromagnetic energy in the frequency range containing the wireless carrier frequencies.
The buffer memory 411 can be any form of volatile memory, such as random access memory (RAM), and is used for temporarily storing received information packets in accordance with the present invention. As illustrated in
Security association establishment and removal techniques will be discussed below with respect to
At step 510, a node detects the presence of neighbor nodes within its communication range. For example, in one implementation, upon power up the node listens or scans for messages such as a management frame, beacon or other regularly transmitted or periodic message (e.g., presence messages, HELLO messages) and desired Service Set Identifiers (SSIDs).
At step 520, a routing module of the node builds a neighbor node table by populating the neighbor node table with information about the neighbor nodes it detects at step 510.
At step 530, the routing module of the node selects a particular neighbor node from the neighbor table. The routing module can select one of the neighbor nodes based on attributes such as Link Quality Measurements (LQMs), routing metrics, mobility domain information, mobility information about the pair of peer nodes (e.g., fixed, stationary or mobile). For example, from the neighbor list the routing module can determine, for example, that the node has four fixed neighbors and five mobile neighbors. Of the four fixed neighbors the node can determine that two are from the same mobility domain and two of them are bound to the same AP. The routing module can select one or more of the neighbor nodes to establish a security association with based on this information (e.g., based on which neighbor node has the best path to the AP), and can then eventually try to establish a route to the selected neighbor node.
At step 540, the routing module of the node triggers the security module to establish a security association with the selected neighbor node(s). The security module can use any known protocol to establish a security association with the selected neighbor node(s). For example, in one implementation, the security module can use the Extensible Authentication Protocol (EAP) described previously herein. In this implementation, the node and the selected neighbor node can perform an 802.11i/EAPOL exchange to establish a security association between the node and the selected neighbor node. In one implementation, if the node and the selected neighbor node successfully establish security association, then the security module informs the routing module and a “security association-established-to-neighbor” flag is set in the neighbor list.
After the security association is established, at step 550, the routing module of the node can then establish a route between the node and the selected neighbor node. Alternative or back-up routes can be quickly established using fast-handoff solutions for inter-mobility domain handoffs. This can be done a priori (e.g., establish parallel security associations) or the back-up security association(s) can be done at time of failure. To minimize traffic overhead and the management of “short-lived security associations,” the node can establish security associations to the “best neighbor” only. Significantly, no MLME involvement is required.
The process 600 starts at step 605. At step 610, a node detects the presence of neighbor “peer mesh” nodes within its communication range, and upon detecting the beacons, a routing module of the node, using information in those beacons, builds a neighbor node table based on the received beacons. For example, in one implementation, upon power up the node listens or scans for beacons (e.g., HELLO messages) and desired Service Set Identifiers (SSIDs) associated with peer mesh nodes.
At step 620, the routing module of the node selects a neighbor node or nodes from the neighbor table based on a number of factors, such as, Link Quality Measurements (LQMs) for the neighbor nodes, mobility domains of the neighbor nodes, routing metrics for the neighbor nodes, mobility information about the node and the neighbor nodes (e.g., whether the nodes are fixed, stationary or mobile), and whether a security association exists for the neighbor nodes. The routing module uses the factors or attributes to determine and select the optimal or “best” neighbor node. The node will eventually try to establish a route to the selected neighbor node(s). In an alternative implementation, if the routing module selects a neighbor node with which it has already established security association, then process 600 can directly proceed to step 670 without conducting steps 630-660.
At step 630, the routing module sends a message (e.g., a message internal to the node) to the security module to trigger the security module to begin the process of establishing a security association between the node and the selected neighbor node(s). The process of establishing a security association with a neighbor node can involve deriving keying material from an existing master key (e.g., pre-shared key or cached master key from prior authentication exchange) or can involve deriving the master key. Deriving a master key involves using any number of known protocols, including EAP based methods such as Protected Extensible Authentication Protocol (PEAP), EAP-Tunneled Transport Layer Security (EAP-TTLS), Transport Layer Security (TLS) and Lightweight Extensible Authentication Protocol (LEAP). Deriving a specific security association between the node and the selected neighbor node can use a number of protocols, for example, an 802.11i 4-way handshake, a wireless fidelity (WiFi) Protected Access (WPA) exchange or a Wired Equivalent Privacy (WEP) exchange.
At step 640, the node determines whether a security association between the node and the selected neighbor node(s) has been successfully established (e.g., whether establishment of a security association was a success or failure).
If the node and the selected neighbor node(s) successfully establish security association between the node and the selected neighbor node(s), then at step 650, the security module passes the security association information to the routing module via an internal message (e.g., a message within the node). At step 660, the routing module adds/updates the entry in the neighbor table for the selected neighbor node with the security association information such that the entry in the neighbor table for the selected neighbor node indicates that the node and the selected neighbor node share a security association. At step 670, the routing module of the node establishes a route between the node and the selected neighbor node. The process then ends at step 695.
If the node and the selected neighbor node are unable to successfully establish security association at step 640, then at step 680, the security module passes the failed security association information to the routing module. At step 690, the routing module adds/updates the entry in the neighbor table for the selected neighbor node with the failed security association information such that the entry in the neighbor table for the selected neighbor node indicates that the node and the selected neighbor node do not share a security association. The process 600 then loops back to step 620, where the routing module attempts to select another neighbor node from the neighbor table.
It will be appreciated by those of ordinary skill in the art, that in a mesh network, security associations are established with multiple neighbors based on mesh neighbor discovery/routing processes. As such, changes in the mesh topology are more likely to determine when a particular security association needs to be removed. Thus, in a meshed WLAN network one of the underlying problems is knowing when to remove an existing Security Association with a neighbor.
It would be desirable to synchronize management of security associations with routing table information and neighbor lists used by the routing module. It would be desirable to provide techniques which can allow a peer node in a mesh network to determine when to delete or remove security association information that has become “stale.”
As discussed above, peer nodes in a mesh network do not have a Media Access Control (MAC) policy management definition for security association states. Techniques are provided which define a removal policy for peer nodes in a mesh network that do not have a MAC policy for management of security association states. Two exemplary implementations of these techniques will now be described below with reference to
The process 700 starts at step 705. At step 710, a node detects the presence of neighbor nodes within its communication range based on a message received from the neighbor node, and upon detecting the presence of neighbor nodes, the routing module of the node, using information in those messages, builds a neighbor table. The messages may generally comprise one of a beacon-type message (e.g., 802.11 beacon-type message), a Hello message, management frames, neighbor advertisement lists, etc. For example, in one implementation, upon power up the node listens or scans for messages (e.g., management frames such as beacons, HELLO messages) and desired Service Set Identifiers (SSIDs) associated with peer mesh nodes. The routing module of the node stores a neighbor table with entries for a number of neighbor nodes. The entries for each node can include a number of factors, such as, Link Quality Measurements (LQMs) for the particular neighbor node, mobility domain of the particular neighbor node, routing metrics associated with the particular neighbor node, mobility information about the particular neighbor node (e.g., whether the particular neighbor node is fixed, stationary or mobile), and security association information which indicates whether the node has established a security association with the particular neighbor node.
To determine which security associations are “stale” and should be removed from the neighbor table, at step 720, the node checks the neighbor node table and determines, for each particular neighbor node, if a number of “missed messages” (or other regularly or periodically transmitted messages) from the particular neighbor node exceeds a threshold number. The missed messages can be any messages a node regularly transmits, such as, announcement messages (e.g., beacon messages, Hello messages), advertisement messages, status messages, presence messages, periodic messages, etc. If the number of missed messages from the particular neighbor node does not exceed the threshold number, then the node maintains the security association information for that particular neighbor node in the neighbor table.
If the number of missed Hello messages from the particular neighbor node exceeds the threshold number, then at step 730, the node determines that the particular neighbor node has “aged-out,” and decides that the particular neighbor node should be removed from the neighbor node table. At step 740, the routing module of the node sends a message to the security module to notify the security module that the security association for the particular neighbor node is not needed. In one implementation, the message indicates that the security module should remove the security association information for that particular neighbor node.
At step 750, the security module flags that the security association for the particular neighbor node is not needed in a security association table of the security module. In some situations, it is prudent to maintain, but not immediately remove, the stale security associations since some particular security associations may be needed within a short time period even though the routing module has removed the corresponding neighbor node from the neighbor node table. As such, in one implementation, the security module can remove or delete the security association information for that particular neighbor node from the security association table, whereas in other implementations the security module retains the stale security associations for future use. The process 700 ends at step 755.
The process 800 starts at step 805. At step 810, a security module in the node manages timers associated with each security association stored in the neighbor table. In one implementation, a “lifetime” timer runs from the time the security association is established for a fixed duration, and at expiration of the timer the security association will be removed or deleted from the security association table. In another implementation, an “idle” timer has a fixed duration and runs from the time the security association is established or updated, and is reset each time the timer is updated. If the timer is not reset before the timer expires (e.g., is idle for too long a period), then the security association will be removed or deleted from the security association table. In other implementations, other types of timers or combinations of timers can also be utilized.
At step 820, the security module determines if the timer has expired. If the timer has not expired, then the process 800 loops back to step 820. If the timer has expired, then at step 830, the security module removes or relates the particular security association associated with that particular timer.
At step 840, the security module of the node sends a message to the routing module of the node (or other module that manages the neighbor list) indicating that the security association information for that particular neighbor node has been removed from the security module. At step 850, the routing module of the node (or other module that manages the neighbor list) augments the neighbor node attributes to indicate that “no security association established”. The process 800 ends at step 855.
Nodes belonging to a particular network run the processes shown in
At state 905, the routing module 970 of the node receives beacon massages from other nodes in the network. At state 910, the routing module 970 of the node has chosen or selected a particular neighbor node (or selected neighbor node), and a first flag (AUTH_FLAG) is set to FALSE indicating that the particular neighbor node has not yet been authenticated. The trigger security association arc 912 represents the messages sent by the routing module 970 of a node to the security module 980 of the node when the routing module 970 decides to begin the process of establishing a security association between the node and the particular neighbor node. Upon receiving a message associated with the trigger security association arc 912, the dispatch function 915 sends a message (represented via arc 917) to the security module 980 that triggers security association establishment which results in a transition to either state 920 or 930, depending upon the state of the security association in the security module 980.
At state 920, the node and the particular neighbor node (or selected neighbor node) have not yet been authenticated with one another. The security association failure arc 913 represents the messages sent by the security module 980 of the node to the routing module 970 of the same node when the security module 980 determines that the process of establishing a security association between the node and the particular neighbor node has failed. The security association establishment arc 922 represents a successful establishment of a security association with a specified neighbor node. The security association establishment arc 922 results in the security module 980 transitioning to state 935.
The dispatcher function 915 places the security module 980 in state 930 upon reception of a security association trigger message (arc 912) from the routing module 970 for a neighbor node that has an existing security association. At state 930, the node and the particular neighbor node (or selected neighbor node) have been authenticated with one another, however the routing module 970 and security module 980 are out of synchronization.
The security module 980 transitions out of state 930 by arcs 931, 932 and 934. When the security association table reflects synchronization with the routing module 970 (an event shown by arc 931), the security module 980 enters state 935. At state 935, the security association for the particular neighbor node is set to true, and the state of the security association in the routing module 970 is in synchronization with the state of the security association in the security module 980. Arcs 932 and 934 represent events resulting in the security module 980 entering a false security association for neighbor state 920. Arc 932 represents an event that results in the deletion of a security association due to security module 980 resource maintenance (e.g., reclaiming memory by deleting security associations no longer needed by the routing module 970). Arc 934 represents expiration of a security association timer in the security module 980. When a security association timer expires, as shown by arc 934, the security module 980 enters state 920 resulting in the deletion of a security association (e.g., expiration of a PMK timer can result in the deletion of the PMK security association and derived PTK and GTK security association).
At state 935, the security association for the particular neighbor node is set to true, and the state of the security association in the routing module 970 is in synchronization with the state of the security association in the security module 980. As represented by arc 937, a security association exists for the specific neighbor and the routing module 970 is informed of the security association. As shown by arc 939, when a security association timer expires for a specific neighbor node, the security association is deleted for the neighbor node and the security module 980 enters state 920. The remove security association arc 914 represents the messages sent by the security module 980 of the node to the routing module 970 of the same node when the security module 980 determines that the timer associated with the security association between the node and the particular neighbor node has expired. As represented by remove security association arc 914, state 920 informs the routing module 970 of the security association deletion for the specific neighbor node.
At state 940, the routing module 970 of the node sets the first flag (AUTH_FLAG) to TRUE indicating that the particular neighbor node has been authenticated and a security association between the node and the particular neighbor node has been established. Arc 934 represents the messages sent by the routing module 970 of the node to the security module 980 of the same node when the routing module 970 deletes or removes a neighbor node entry from the neighbor node table.
In the foregoing specification, specific embodiments of the present invention have been described. However, one of ordinary skill in the art appreciates that various modifications and changes can be made without departing from the scope of the present invention. Accordingly, the specification and figures are to be regarded in an illustrative rather than a restrictive sense, and all such modifications are intended to be included within the scope of the present invention.
This application claims benefit under 35 U.S.C. §119(e) from U.S. Provisional Patent Application Ser. No. 60/835,206, filed Aug. 2, 2006, and entitled “MANAGING ESTABLISHMENT AND REMOVAL OF SECURITY ASSOCIATIONS IN A WIRELESS MESH NETWORK”, the contents of which is incorporated herein by reference.
Number | Date | Country | |
---|---|---|---|
60835206 | Aug 2006 | US |