Patent Application
20250141599
This application claims priority to Indian Patent Application number 202241022313, filed Apr. 14, 2022, which is assigned to the assignee hereof and hereby expressly incorporated by reference in its entirety as if fully set forth below and for all applicable purposes
Certain aspects of the present disclosure generally relate to wireless communications and, more particularly, to protecting various types of messages in wireless networks.
Wireless communications networks are widely deployed to provide various communications services such as voice, video, packet data, messaging, broadcast, etc. These wireless networks may be multiple-access networks capable of supporting multiple users by sharing the available network resources. Examples of such multiple-access networks include Code Division Multiple Access (CDMA) networks, Time Division Multiple Access (TDMA) networks, Frequency Division Multiple Access (FDMA) networks, Orthogonal FDMA (OFDMA) networks, and Single-Carrier FDMA (SC-FDMA) networks.
In order to address the issue of increasing bandwidth requirements that are demanded for wireless communications systems, different schemes are being developed to allow multiple user terminals to communicate with a single access point by sharing the channel resources while achieving high data throughputs. Multiple Input Multiple Output (MIMO) technology represents one such approach that has emerged as a popular technique for communications systems. MIMO technology has been adopted in several wireless communications standards such as the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard. The IEEE 802.11 denotes a set of Wireless Local Area Network (WLAN) air interface standards developed by the IEEE 802.11 committee for short-range communications (such as tens of meters to a few hundred meters).
The systems, methods and devices of this disclosure each have several innovative aspects, no single one of which is solely responsible for the desirable attributes disclosed herein.
Certain aspects of the present disclosure provide a method for wireless communication at a first wireless device. The method generally includes generating a protected frame that indicates: 1) an updated starting sequence number (SSN) of a block acknowledgment (BA) window and 2) an intended purpose of the protected frame as a request to update a BA window with the updated SSN, outputting, for transmission to a second wireless device that the first wireless device has established a protected block acknowledgment (BA) agreement with, the protected frame, generating multiple medium access control (MAC) Protocol Data Units (MPDUs) with SNs within the updated BA window, and outputting, for transmission to the second wireless device, the multiple MPDUs.
Certain aspects of the present disclosure provide a method for wireless communication at a second wireless device. The method generally includes obtaining, from a first wireless device that the second wireless device has established a protected block acknowledgment (BA) agreement with, a protected frame that indicates: 1) an updated starting sequence number (SSN) of a block acknowledgment (BA) window and 2) an intended purpose of the protected frame as a request to update a BA window with the updated SSN; and maintaining a bitmap to track medium access control (MAC) Protocol Data Units (MPDUs) with SNs within the updated BA window have been successfully obtained by the second wireless device.
Certain aspects of the present disclosure provide a method for wireless communication at a wireless device. The method generally includes obtaining a data frame with a medium access control (MAC) Protocol Data Unit (MPDU) that fails at least one of a decryption check or an integrity check; and clearing, in response to the failure: entries in the bitmap used to track MPDUs that have been successfully obtained by the wireless device; or an entry, corresponding to the received MPDU, in the bitmap used to track MPDUs that have been successfully obtained by the wireless device.
Certain aspects of the present disclosure provide a method for wireless communication at a first wireless device. The method generally includes generating a data frame with a medium access control (MAC) Protocol Data Unit (MPDU) encrypted using additional authentication data (AAD) applied to a sequence number (SN) of the MPDU; and outputting the data frame for transmission to a second wireless device that the first wireless device has established a protected block acknowledgment (BA) agreement with.
Certain aspects of the present disclosure provide a method for wireless communication at a second wireless device. The method generally includes obtaining a data frame from a first wireless device that the first wireless device has established a protected block acknowledgment (BA) agreement with; and extracting a medium access control (MAC) Protocol Data Unit (MPDU) from the data frame, based on an additional authentication data (AAD) deconstruction using a sequence number (SN) of the MPDU.
Certain aspects of the present disclosure provide a method for wireless communication at a first wireless device. The method generally includes modifying an original medium access control (MAC) Protocol Data Unit (MPDU) by performing an operation with a sequence number (SN) of the MPDU to obtain a modified MPDU; generating a data frame with an encrypted version of the modified MPDU; and outputting the data frame for transmission to a second wireless device that the first wireless device has established a protected block acknowledgment (BA) agreement with.
Certain aspects of the present disclosure provide a method for wireless communication at a second wireless device. The method generally includes obtaining, from a first wireless device that the second wireless device has established a protected block acknowledgment (BA) agreement with, a data frame with a sequence number (SN) modified version of a medium access control (MAC) Protocol Data Unit (MPDU); performing a cyclic redundancy check (CRC) test based on the modified version of the MPDU; and if the CRC test passes, performing an operation with the SN to recover an original MPDU from the modified version of the MPDU if the CRC test passed; and updating a BA bitmap to indicate successful receipt of the original MPDU.
To the accomplishment of the foregoing and related ends, the one or more aspects comprise the features hereinafter fully described and particularly pointed out in the claims. The following description and the appended drawings set forth in detail certain illustrative features of the one or more aspects. These features are indicative, however, of but a few of the various ways in which the principles of various aspects may be employed.
So that the manner in which the above-recited features of the present disclosure can be understood in detail, a more particular description, briefly summarized above, may be had by reference to aspects, some of which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate only certain typical aspects of this disclosure, and the description may admit to other equally effective aspects.
To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures. It is contemplated that elements disclosed in one aspect may be beneficially utilized on other aspects without specific recitation.
Aspects of the present disclosure generally relate to wireless communications and, more particularly, to protecting various types of messages in wireless networks.
There are various types of attacks that a hostile device (an attacker) may carry out to cause harm in a wireless network. Examples of such attacks include injecting a block acknowledgment request (BAR) frame, injecting a fake data frame, and replaying a genuine data frame, but with a modified sequence number (SN).
Each of these types of attacks can impact system performance, not only due the consumption of bandwidth, but also the processing overhead and potential disruption in delivery of valid frames (denial of service). In some cases, an attack could go undetected and, in such cases, disrupt context of scoreboard that is maintained at a receiver to successfully received packets, by SN.
Aspects of the present disclosure propose various mechanisms for protecting against these types of attacks. As a result, the mechanisms may help prevent the potential disruption in valid frame delivery and, thus, may help improve overall system performance.
Various aspects of the disclosure are described more fully hereinafter with reference to the accompanying drawings. This disclosure may, however, be implemented in many different forms and should not be construed as limited to any specific structure or function presented throughout this disclosure. Rather, these aspects are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. Based on the teachings herein one skilled in the art should appreciate that the scope of the disclosure is intended to cover any aspect of the disclosure disclosed herein, whether implemented independently of or combined with any other aspect of the disclosure. For example, an apparatus may be implemented or a method may be practiced using any number of the aspects set forth herein. In addition, the scope of the disclosure is intended to cover such an apparatus or method which is practiced using other structure, functionality, or structure and functionality in addition to or other than the various aspects of the disclosure set forth herein. It should be understood that any aspect of the disclosure disclosed herein may be implemented by one or more elements of a claim.
The word “exemplary” is used herein to mean “serving as an example, instance, or illustration.” Any aspect described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other aspects.
Although particular aspects are described herein, many variations and permutations of these aspects fall within the scope of the disclosure. Although some benefits and advantages of the preferred aspects are mentioned, the scope of the disclosure is not intended to be limited to particular benefits, uses, or objectives. Rather, aspects of the disclosure are intended to be broadly applicable to different wireless technologies, system configurations, networks, and transmission protocols, some of which are illustrated by way of example in the figures and in the following description of the preferred aspects. The detailed description and drawings are merely illustrative of the disclosure rather than limiting, the scope of the disclosure being defined by the appended claims and equivalents thereof.
The techniques described herein may be used for various broadband wireless communications systems, including communications systems that are based on an orthogonal multiplexing scheme. Examples of such communications systems include Spatial Division Multiple Access (SDMA), Time Division Multiple Access (TDMA), Orthogonal Frequency Division Multiple Access (OFDMA) systems, Single-Carrier Frequency Division Multiple Access (SC-FDMA) systems, and so forth. An SDMA system may utilize sufficiently different directions to simultaneously transmit data belonging to multiple user terminals. A TDMA system may allow multiple user terminals to share the same frequency channel by dividing the transmission signal into different time slots, each time slot being assigned to different user terminal. An OFDMA system utilizes orthogonal frequency division multiplexing (OFDM), which is a modulation technique that partitions the overall system bandwidth into multiple orthogonal sub-carriers. These sub-carriers may also be called tones, bins, etc. With OFDM, each sub-carrier may be independently modulated with data. An SC-FDMA system may utilize interleaved FDMA (IFDMA) to transmit on sub-carriers that are distributed across the system bandwidth, localized FDMA (LFDMA) to transmit on a block of adjacent sub-carriers, or enhanced FDMA (EFDMA) to transmit on multiple blocks of adjacent sub-carriers. In general, modulation symbols are sent in the frequency domain with OFDM and in the time domain with SC-FDMA.
The teachings herein may be incorporated into (such as implemented within or performed by) a variety of wired or wireless apparatuses (such as nodes). In some aspects, a wireless node implemented in accordance with the teachings herein may comprise an access point or an access terminal.
An access point (“AP”) may comprise, be implemented as, or known as a Node B, Radio Network Controller (“RNC”), evolved Node B (eNB), Base Station Controller (“BSC”), Base Transceiver Station (“BTS”), Base Station (“BS”), Transceiver Function (“TF”), Radio Router, Radio Transceiver, Basic Service Set (“BSS”), Extended Service Set (“ESS”), Radio Base Station (“RBS”), or some other terminology.
An access terminal (“AT”) may comprise, be implemented as, or known as a subscriber station, a subscriber unit, a mobile station (MS), a remote station, a remote terminal, a user terminal (UT), a user agent, a user device, user equipment (UE), a user station, or some other terminology. In some implementations, an access terminal may comprise a cellular telephone, a cordless telephone, a Session Initiation Protocol (“SIP”) phone, a wireless local loop (“WLL”) station, a personal digital assistant (“PDA”), a handheld device having wireless connection capability, a Station (“STA”), or some other suitable processing device connected to a wireless modem. Accordingly, one or more aspects taught herein may be incorporated into a phone (such as a cellular phone or smart phone), a computer (such as a laptop), a tablet, a portable communications device, a portable computing device (such as a personal data assistant), an entertainment device (such as a music or video device, or a satellite radio), a global positioning system (GPS) device, or any other suitable device that is configured to communicate via a wireless or wired medium. In some aspects, the node is a wireless node. Such wireless node may provide, for example, connectivity for or to a network (such as a wide area network such as the Internet or a cellular network) via a wired or wireless communications link.
For simplicity, only one AP 110 is shown in
While portions of the following disclosure will describe wireless STAs 120 capable of communicating via Spatial Division Multiple Access (SDMA), for certain aspects, the wireless STAs 120 may also include some wireless STAs 120 that do not support SDMA. Thus, for such aspects, an AP 110 may be configured to communicate with both SDMA and non-SDMA wireless STAs 120. This approach may conveniently allow older versions of wireless STAs 120 (“legacy” stations) to remain deployed in an enterprise, extending their useful lifetime, while allowing newer SDMA wireless STAs 120 to be introduced as deemed appropriate.
System 100 employs multiple transmit and multiple receive antennas for data transmission on the DL and UL. AP 110 is equipped with Nap antennas and represents the multiple-input (MI) for DL transmissions and the multiple-output (MO) for UL transmissions. A set of K selected wireless stations 120 collectively represents the multiple-output for DL transmissions and the multiple-input for UL transmissions. For pure SDMA, it is desired to have Nap≥K≥1 if the data symbol streams for the K wireless STAs are not multiplexed in code, frequency or time by some means. K may be greater than Nap if the data symbol streams can be multiplexed using TDMA technique, different code channels with CDMA, disjoint sets of subbands with OFDM, and so on. Each selected wireless STA transmits user-specific data to and/or receives user-specific data from the access point. In general, each selected wireless STA may be equipped with one or multiple antennas (i.e., Nsta≥1). The K selected wireless STAs can have the same or different number of antennas.
System 100 may be a time division duplex (TDD) system or a frequency division duplex (FDD) system. For a TDD system, the DL and UL share the same frequency band. For an FDD system, the DL and UL use different frequency bands. System 100 may also utilize a single carrier or multiple carriers for transmission. Each wireless STA may be equipped with a single antenna or multiple antennas. System 100 may also be a TDMA system if wireless STAs 120 share the same frequency channel by dividing transmission/reception into different time slots, each time slot being assigned to a different wireless STA 120.
AP 110 is equipped with Nap antennas 224a through 224t. Wireless STA 120m is equipped with Nsta,m antennas 252ma through 252mu, and wireless STA 120x is equipped with Nsta,x antennas 252xa through 252xu. AP 110 is a transmitting entity for the DL and a receiving entity for the UL. Each wireless STA 120 is a transmitting entity for the UL and a receiving entity for the DL. As used herein, a “transmitting entity” is an independently operated apparatus or device capable of transmitting data via a wireless channel, and a “receiving entity” is an independently operated apparatus or device capable of receiving data via a wireless channel. The term communication generally refers to transmitting, receiving, or both. In the following description, the subscript “DL” denotes the downlink, the subscript “UL” denotes the uplink, NUL wireless STAs are selected for simultaneous transmission on the uplink, NDL wireless STAs are selected for simultaneous transmission on the downlink, NUL may or may not be equal to NDL, and NUL and NDL may be static values or can change for each scheduling interval. The beam-steering or some other spatial processing technique may be used at the access point and wireless station.
On the UL, at each wireless STA 120 selected for UL transmission, a transmit (TX) data processor 288 receives traffic data from a data source 286 and control data from a controller 280. TX data processor 288 processes (e.g., encodes, interleaves, and modulates) the traffic data for the wireless station based on the coding and modulation schemes associated with the rate selected for the wireless STA and provides a data symbol stream. A TX spatial processor 290 performs spatial processing on the data symbol stream and provides Nsta,m transmit symbol streams for the Nsta,m antennas. Each transceiver (TMTR) 254 receives and processes (e.g., converts to analog, amplifies, filters, and frequency upconverts) a respective transmit symbol stream to generate an uplink signal. Nsta,m transceivers 254 provide Nsta,m UL signals for transmission from Nsta,m antennas 252 to AP 110.
NUL wireless STAs may be scheduled for simultaneous transmission on the uplink. Each of these wireless STAs performs spatial processing on its data symbol stream and transmits its set of transmit symbol streams on the UL to the AP 110.
At AP 110, Nap antennas 224a through 224ap receive the UL signals from all NUL wireless STAs transmitting on the UL. Each antenna 224 provides a received signal to a respective transceiver (RCVR) 222. Each transceiver 222 performs processing complementary to that performed by transceiver 254 and provides a received symbol stream. A receive (RX) spatial processor 240 performs receiver spatial processing on the Nap received symbol streams from Nap transceiver 222 and provides NUL recovered UL data symbol streams. The receiver spatial processing is performed in accordance with the channel correlation matrix inversion (CCMI), minimum mean square error (MMSE), soft interference cancellation (SIC), or some other technique. Each recovered UL data symbol stream is an estimate of a data symbol stream transmitted by a respective wireless station. An RX data processor 242 processes (e.g., demodulates, deinterleaves, and decodes) each recovered uplink data symbol stream in accordance with the rate used for that stream to obtain decoded data. The decoded data for each wireless STA may be provided to a data sink 244 for storage and/or a controller 230 for further processing.
On the DL, at AP 110, a TX data processor 210 receives traffic data from a data source 208 for NDL wireless stations scheduled for downlink transmission, control data from a controller 230, and possibly other data from a scheduler 234. The various types of data may be sent on different transport channels. TX data processor 210 processes (e.g., encodes, interleaves, and modulates) the traffic data for each wireless station based on the rate selected for that wireless station. TX data processor 210 provides NDL DL data symbol streams for the NDL wireless stations. A TX spatial processor 220 performs spatial processing (such as a precoding or beamforming, as described in the present disclosure) on the NDL DL data symbol streams, and provides Nap transmit symbol streams for the Nap antennas. Each transceiver 222 receives and processes a respective transmit symbol stream to generate a DL signal. Nap transceivers 222 providing Nap DL signals for transmission from Nap antennas 224 to the wireless STAs.
At each wireless STA 120, Nsta,m antennas 252 receive the Nap DL signals from access point 110. Each transceiver 254 processes a received signal from an associated antenna 252 and provides a received symbol stream. An RX spatial processor 260 performs receiver spatial processing on Nsta,m received symbol streams from Nsta,m transceiver 254 and provides a recovered DL data symbol stream for the wireless station. The receiver spatial processing is performed in accordance with the CCMI, MMSE or some other technique. An RX data processor 270 processes (e.g., demodulates, deinterleaves and decodes) the recovered DL data symbol stream to obtain decoded data for the wireless station.
At each wireless STA 120, a channel estimator 278 estimates the DL channel response and provides DL channel estimates, which may include channel gain estimates, SNR estimates, noise variance and so on. Similarly, a channel estimator 228 estimates the UL channel response and provides UL channel estimates. Controller 280 for each wireless STA typically derives the spatial filter matrix for the wireless station based on the downlink channel response matrix Hdn,m for that wireless station. Controller 230 derives the spatial filter matrix for the AP based on the effective UL channel response matrix Hup,eff-Controller 280 for each wireless STA may send feedback information (e.g., the downlink and/or uplink eigenvectors, eigenvalues, SNR estimates, and so on) to the AP. Controllers 230 and 280 also control the operation of various processing units at AP 110 and wireless STA 120, respectively.
Wireless device 302 may include a processor 304 which controls operation of wireless device 302. Processor 304 may also be referred to as a central processing unit (CPU). Memory 306, which may include both read-only memory (ROM) and random access memory (RAM), provides instructions and data to the processor 304. A portion of the memory 306 may also include non-volatile random access memory (NVRAM). The processor 304 typically performs logical and arithmetic operations based on program instructions stored within the memory 306. The instructions in the memory 306 may be executable to implement the methods described herein.
Wireless device 302 may also include a housing 308 that may include a transmitter 310 and a receiver 312 to allow transmission and reception of data between the wireless device 302 and a remote location. Transmitter 310 and receiver 312 may be combined into a transceiver 314. A single or a plurality of transmit antennas 316 may be attached to the housing 308 and electrically coupled to the transceiver 314. Wireless device 302 may also include (not shown) multiple transmitters, multiple receivers, and multiple transceivers.
Wireless device 302 may also include a signal detector 318 that may be used in an effort to detect and quantify the level of signals received by the transceiver 314. The signal detector 318 may detect such signals as total energy, energy per subcarrier per symbol, power spectral density and other signals. Wireless device 302 may also include a digital signal processor (DSP) 320 for use in processing signals.
The various components of wireless device 302 may be coupled together by a bus system 322, which may include a power bus, a control signal bus, and a status signal bus in addition to a data bus.
Certain aspects of the present disclosure are directed to apparatus and techniques for implementing multi-link communications. For example, certain aspects provide techniques for managing data flows for across multiple links by an MLD. Multiple bands may be implemented for wireless devices. For example, a wireless device may be able to support at least one of a 2.4 GHz band, a 5 GHz band or a 6 GHz band and operate over more than one link spread over these bands. With multi-link communications, data flows may be transmitted across multiple wireless links which may be associated with different bands.
Block acknowledgment (Block Ack or BA) generally refers to a mechanism of combining acknowledgments of multiple MPDUs into a single frame. As illustrated in
If the recipient STA is capable of participating in a secure BA session, the originator STA sends an ADDBA Request frame indicating a traffic ID (TID) for which the BA session is being set up. The recipient STA shall respond by an ADDBA Response frame. The recipient STA has the option of accepting or rejecting the request. When the recipient STA accepts, then a protected BA agreement is said to exist between the originator STA and the recipient STA.
After a protected or unprotected Block ACK Session is negotiated between an AP and a station, the AP and the WLAN station can participate in a Contention Free Burst, wherein blocks of QoS data frames (MPDUs) may be transmitted from the originator to the recipient. The recipient STA may maintain a scorecard for MPDUs received within a certain window, with bits indicating which MPDUs within a sequence were successfully received.
The originator requests acknowledgment of outstanding QoS data frames by sending a BA request frame. The request can be implicitly carried within the Data frame itself (signaled in a field in the MAC header) or the request can be sent as an explicit frame. In an unprotected BA setup, the originator can send a BlockAck Request (BAR) frame. In response, the recipient STA may send the BA, with a bitmap reflective of the scorecard, indicating the number of packets successfully received by the AP.
The BAR frame is a Control frame and all Control frames are not protected (or encrypted). In some cases, a hostile device (an attacker) may carry out an attack by transmitting (injecting) a fake BAR frame. This type of attack is possible because, in conventional wireless systems, BAR frames are not protected.
A BAR frame is typically used for two general purposes. The first purpose, as noted above, is to obtain the ACK information for a previous burst of frames sent in a transmit opportunity (TXOP). The second purpose is to clear the receive re-order buffer at the receiver.
The injection of a fake BAR frame may have the following impact. An attacker may set a Block Ack Starting Sequence Control subfield in the BAR frame to an arbitrary value. If this type of attack goes unnoticed, it will disrupt the reorder buffer and scoreboard context at the recipient. This disruption may result in a change to the start sequence number (SSN) and lead confusion as to the recipient next expected sequence number (WinStartB). This may result in a denial-of-service attack, where the attacker can block delivery of genuine Data frames for a specific TID.
According to a conventional procedure, STAs that have established a protected BA agreement (session) do not use the SSN field in a BAR frame for updating WinStartB. Instead, an originator STA transmits a protected Management frame (i.e., ADDBA Request frame) to update WinStartB. A recipient ignores other fields of the ADDBA Request frame, except for the SSN.
This existing procedure creates potential issues, however, as an originator is allowed to transmit an ADDBA Request frame to update parameters (such as timeout) for an existing BA agreement. Aspects of the present disclosure, however, may address these potential issues by providing a mechanism to differentiate between an ADDBA Request frame sent to advance the window (WinStartB) from an ADDBA Request frame sent to update parameters. Further, aspects of the present disclosure may help relieve ambiguity regarding whether an ADDBA Response frame is required when an ADDBA Request is sent to advance the window.
As illustrated in
For example, according to a first option, a new Block Ack action frame may be defined. Defining a new Block Ack action frame may provide a clear separation (distinction) between a legacy protected BA procedure and an updated procedure proposed herein. Given that typical conventional systems do not implement protected BA frames, such a change (to support this newly defined BA action frame) may have no impact on devices that are already deployed. In case BA action frames are supported, the new frame may be defined in a manner that provides a clear separation from legacy BA procedures. This approach may also help address the case of legacy interoperability where some devices are known to incorrectly advertise support for a protected BA procedure.
One potential benefit of this approach is that some implementations may use a separate processing path for quickly for handling the (newly defined) frame. Typically, other types of management frames are processed on a slower path (than action frames). Using an ADDBA Request frame may force a receiver to use this faster path (e.g., as it may not be able to differentiate between an ADDBA request sent for window advancement or parameter update). Another potential benefit is that this approach may also eliminate the need for an explicit (management) response frame since this newly defined frame is able to be processed quickly. This may help ensure that the originator and receiver are in the same state (in sync) with regard to WinStartO (which generally refers to the lowest sequence number in an SN window) and WinStartB are in sync.
Other potential options to differentiate between an ADDBA Request frame sent to advance the window (WinStartB) from an ADDBA Request sent to update parameters include using an existing field (sub-field) in an Action field of an ADDBA Request frame. For example, a fragment number (Frag Num) may be set to a certain value (e.g., Frag Num=1) as an indication. Another option is to Use a field in the frame header of an ADDBA Request frame. As frame headers are processed early, this approach may help the receiver quickly determine the intention of the frame and, hence, take a different (faster) path for processing the frame.
In some cases, an attacker may transmit (inject) a fake data frame, for example, a data frame with an arbitrary sequence number (SN). In a conventional system, this type of attack may not be detected until a decryption/integrity check is performed. Unfortunately, by that point, the scoreboard context (and possibly WinStartR that defines a beginning of a SN window) will get updated.
Certain aspects of the present disclosure may help protect against a fake data frame by having a recipient STA taking certain actions in response to receiving a data frame with an MPDU that fails at least one of a decryption check or an integrity check. As an example, in response to the failure the recipient may clear entries in the bitmap used to track MPDUs that have been successfully received by the wireless device or the recipient may clear an entry, corresponding to the received MPDU, in the bitmap used to track MPDUs that have been successfully received by the wireless device.
In case the recipient STA maintains partial state, then the recipient STA may clear the BA scoreboard context (if a fake data frame is detected). If the recipient STA maintains a full state, if a fake data frame is detected, the recipient STA may not update the value of WinStartR and may clear the BA scoreboard context for that MPDU. This approach may require some implementation changes in order to keep track of MPDUs. As an alternative, a standard specification could mandate or recommend that a STA that negotiates a protected BA shall maintain a partial state.
In some cases, an attacker may carry out an attack by replaying (re-transmitting) a genuine data frame. For example, the attacker could record a genuine MPDU (or AMPDU) and replay that recorded (A) MPDU with a modified Sequence Number (or SNs). The attacker may learn of actual SNs as the field carrying SN is not protected. Since the frame is a replayed frame, it should pass decryption and integrity check. As a result, this type of attack may go unnoticed until a packet number (PN)-based replay check is performed. Unfortunately, the PN-based replay check typically comes much later in the processing chain. By this time, the scoreboard context (and possibly WinStartR) will get updated. This may also result in a fake entry in the reorder buffer (and possibly updates WinStartB).
As illustrated by the call flow diagram 500 of
This approach, of protecting against replaying of a genuine Data frame with a modified SN may be implemented by mandating SN protection in a protected BA. In some cases, this may involve an update to a standard to specify that the SN bits not be masked during the computation of AAD. If partial state is used, then flush the scoreboard context for an error condition (SN check failed).
As illustrated by the call flow diagram 700 of
At the recipient STA, if the SN is modified (i.e., per the attack scenario described above), the CRC verification will fail for the received MPDU. MPDU is discarded (not passed further up the chain).
As illustrated by the processing flow diagram 800 of
In some cases, if a replay check fails for an MPDU that was successfully decrypted and passed integrity check, and if the recipient STA maintains partial state, then the recipient STA may not update the value of WinStartB. In this event, the recipient STA may clear the scoreboard context and clear the entry for that MPDU from the reorder buffer. If the recipient STA maintains full state, then the recipient STA may not update the value of WinStartB and WinStartR. In this case, the recipient STA may clear the scoreboard context for that MPDU, and shall clear the entry for that MPDU from the reorder buffer. This approach may involve tracking MPDUs in scoreboard context and re-order buffer.
Aspects of the present disclosure may also help address a scenario where a transmitter (originator STA) receives an unsolicited BA. According to certain aspects, the transmitter may be expected to ignore a BA that comes unexpectedly (e.g., without any soliciting MPDU from the transmitter SIFS before the BA was received). Ignoring an unsolicited BA in this manner may help avoid state disruption at the transmitter.
Operations 900 begin, at 905, by generating a protected frame that indicates: 1) an updated starting sequence number (SSN) of a block acknowledgment (BA) window and 2) an intended purpose of the protected frame as a request to update a BA window with the updated SSN. At 910, the first wireless device for transmission to a second wireless device that the first wireless device has established a protected block acknowledgment (BA) agreement with, the protected frame. At 915, the first wireless station generates multiple medium access control (MAC) Protocol Data Units (MPDUs) with SNs within the updated BA window. At 920, the first wireless station outputs, for transmission to the second wireless device, the multiple MPDUs.
Operations 1000 begin, at 1005, by obtaining, from a first wireless device that the second wireless device has established a protected block acknowledgment (BA) agreement with, a protected frame that indicates: 1) an updated starting sequence number (SSN) of a block acknowledgment (BA) window and 2) an intended purpose of the protected frame as a request to update a BA window with the updated SSN. At 1010, the second wireless device maintains a bitmap to track medium access control (MAC) Protocol Data Units (MPDUs) with SNs within the updated BA window have been successfully obtained by the second wireless device.
Operations 1100 begin, at 1105, by obtaining a data frame with a medium access control (MAC) Protocol Data Unit (MPDU) that fails at least one of a decryption check or an integrity check. At 1110, the wireless device clears, in response to the failure: entries in the bitmap used to track MPDUs that have been successfully obtained by the wireless device; or an entry, corresponding to the received MPDU, in the bitmap used to track MPDUs that have been successfully obtained by the wireless device.
Operations 1200 begin, at 1205, by generating a data frame with a medium access control (MAC) Protocol Data Unit (MPDU) encrypted using additional authentication data (AAD) applied to a sequence number (SN) of the MPDU. At 1210, the first wireless device outputs the data frame for transmission to a second wireless device that the first wireless device has established a protected block acknowledgment (BA) agreement with.
Operations 1300 begin, at 1305, by obtaining a data frame from a first wireless device that the first wireless device has established a protected block acknowledgment (BA) agreement with. At 1310, the second wireless device extracts a medium access control (MAC) Protocol Data Unit (MPDU) from the data frame, based on an additional authentication data (AAD) deconstruction using a sequence number (SN) of the MPDU.
Operations 1400 begin, at 1405, by modifying an original medium access control (MAC) Protocol Data Unit (MPDU) by performing an operation with a sequence number (SN) of the MPDU to obtain a modified MPDU. At 1410, the first wireless device generates a data frame with an encrypted version of the modified MPDU. At 1415, the first wireless device outputs the data frame for transmission to a second wireless device that the first wireless device has established a protected block acknowledgment (BA) agreement with.
Operations 1500 begin, at 1505, by obtaining, from a first wireless device that the second wireless device has established a protected block acknowledgment (BA) agreement with, a data frame with a sequence number (SN) modified version of a medium access control (MAC) Protocol Data Unit (MPDU). At 1510, the first wireless device performs a cyclic redundancy check (CRC) test based on the modified version of the MPDU. At 1515, if the CRC test passes, the second wireless device performs an operation with the SN to recover an original MPDU from the modified version of the MPDU if the CRC test passed and updates a BA bitmap to indicate successful receipt of the original MPDU.
The various operations of methods described above may be performed by any suitable means capable of performing the corresponding functions. The means may include various hardware or software component(s) or module(s), including, but not limited to a circuit, an application specific integrated circuit (ASIC), or processor. Generally, where there are operations illustrated in figures, those operations may have corresponding counterpart means-plus-function components with similar numbering.
Communications device 1600 includes a processing system 1602 coupled to a transceiver 1608 (such as a transmitter or a receiver). Transceiver 1608 is configured to transmit and receive signals for the communications device 1600 via an antenna 1610, such as the various signals as described herein. Processing system 1602 may be configured to perform processing functions for the communications device 1600, including processing signals received or to be transmitted by the communications device 1600.
Processing system 1602 includes a processor 1604 coupled to a computer-readable medium/memory 1612 via a bus 1606. In certain aspects, computer-readable medium/memory 1612 is configured to store instructions (such as computer-executable code) that when executed by processor 1604, cause processor 1604 to perform the operations illustrated in
In certain aspects, computer-readable medium/memory 1612 stores code 1614 (such as an example of means for) for outputting, code 1615 (such as an example of means for) for obtaining, code 1616 (such as an example of means for) for maintaining, code 1617 (such as an example of means for) for generating, code 1618 (such as an example of means for) for extracting, and code 1619 (such as an example of means for) for modifying.
In certain aspects, processor 1604 has circuitry configured to implement the code stored in the computer-readable medium/memory 1612. Processor 1604 includes circuitry 1624 (such as an example of means for) for outputting, circuitry 1625 (such as an example of means for) for obtaining, code 1626 (such as an example of means for) for generating, code 1627 (such as an example of means for) for extracting, and circuitry 1630 (such as an example of means for) for modifying.
Transceiver 1608 may provide a means for receiving information such as packets, user data, or control information associated with various information channels (such as control channels, data channels, etc.). Information may be passed on to other components of the device 1600. Transceiver 1608 may be an example of aspects of the transceiver 254 described with reference to
In some cases, rather than actually transmitting a frame a device may have an interface to output a frame for transmission (a means for outputting). For example, a processor may output a frame, via a bus interface, to a radio frequency (RF) front end for transmission. Similarly, rather than actually receiving a frame, a device may have an interface to obtain a frame received from another device (a means for obtaining). For example, a processor may obtain (or receive) a frame, via a bus interface, from an RF front end for reception. In some cases, the interface to output a frame for transmission and the interface to obtain a frame (which may be referred to as first and second interfaces herein) may be the same interface.
Means for establishing, means for maintaining, means for generating, means for extracting, and/or means for modifying may include any of the various processors and/or transceivers shown in
Implementation examples are described in the following numbered aspects:
Aspect 1. A method for wireless communications at a first wireless device, comprising: generating a protected frame that indicates: 1) an updated starting sequence number (SSN) of a block acknowledgment (BA) window and 2) an intended purpose of the protected frame as a request to update a BA window with the updated SSN; outputting, for transmission to a second wireless device that the first wireless device has established a protected block acknowledgment (BA) agreement with, the protected frame; generating multiple medium access control (MAC) Protocol Data Units (MPDUs) with SNs within the updated BA window; and outputting, for transmission to the second wireless device, the multiple MPDUs.
Aspect 2. The method of Aspect 1, further comprising: outputting, for transmission to the second wireless device, an MPDU indicating a BA request; and obtaining, from the second wireless device in response to the request, a BA indicating which of the MPDUs within the updated BA window were successfully received by the second wireless device.
Aspect 3. The method of Any of Aspects 1-2, wherein the protected frame comprises a BA action frame designed for updating the BA window.
Aspect 4. The method of Aspect 3, wherein the protected frame indicates the intended purpose via at least one of a category field or BA action field of the protected frame.
Aspect 5. The method of Any of Aspects 1-4, further comprising obtaining, from the second wireless device, an acknowledgment of the protected frame.
Aspect 6. The method of Any of Aspects 1-5, wherein the protected frame comprises an add BA (ADDBA) request frame.
Aspect 7. The method of Aspect 6, wherein the protected frame includes a field set to a certain value to indicate the intended purpose.
Aspect 8. The method of Aspect 7, wherein the field is in a frame header of the ADDBA request frame.
Aspect 9. A method for wireless communications at a second wireless device, comprising: obtaining, from a first wireless device that the second wireless device has established a protected block acknowledgment (BA) agreement with, a protected frame that indicates: 1) an updated starting sequence number (SSN) of a block acknowledgment (BA) window and 2) an intended purpose of the protected frame as a request to update a BA window with the updated SSN; and maintaining a bitmap to track medium access control (MAC) Protocol Data Units (MPDUs) with SNs within the updated BA window that have been successfully obtained by the second wireless device.
Aspect 10. The method of Aspect 9, further comprising: obtaining, from the first wireless device, a BA request; and outputting, for transmission to the first wireless device, an MPDU indicating a BA indicating which of the MPDUs within the updated BA window were successfully obtained by the second wireless device in accordance with the bitmap.
Aspect 11. The method of Any of Aspects 9-10, wherein the protected frame comprises a BA action frame designed for updating the BA window.
Aspect 12. The method of Aspect 11, wherein the protected frame indicates the intended purpose via at least one of a category field or BA action field of the protected frame.
Aspect 13. The method of Any of Aspects 9-12, further comprising outputting, for transmission to the first wireless device, an acknowledgment of the protected frame.
Aspect 14. The method of Any of Aspects 9-13, wherein the protected frame comprises an add BA (ADDBA) request frame.
Aspect 15. The method of Aspect 14, wherein the protected request frame includes a field set to a certain value to indicate the intended purpose.
Aspect 16. The method of Aspect 15, wherein the field is in a frame header of the ADDBA request frame.
Aspect 17. A method for wireless communications at a wireless device, comprising: obtaining a data frame with a medium access control (MAC) Protocol Data Unit (MPDU) that fails at least one of a decryption check or an integrity check; and clearing, in response to the failure: entries in a bitmap used to track MPDUs that have been successfully obtained by the wireless device; or an entry, corresponding to the received MPDU, in the bitmap used to track MPDUs that have been successfully obtained by the wireless device.
Aspect 18. The method of Aspect 17, further comprising maintaining partial state information where the bitmap for a particular traffic ID (TID) is maintained only for a limited amount of time. current transmit opportunity (TXOP).
Aspect 19. The method of Any of Aspects 17-18, further comprising: maintaining full state information where bitmaps for different traffic types are maintained until an associated block acknowledgment (BA) session ends; the bitmap is for a session corresponding to the MPDU that that failed at least one of the decryption check or an integrity check; and the clearing comprises clearing the bitmap.
Aspect 20. The method of Aspect 19, wherein the wireless device maintains a current value for a parameter representing a lowest sequence number position in the bitmap, after clearing the bitmap.
Aspect 21. A method for wireless communications at a first wireless device, comprising: modifying an original medium access control (MAC) Protocol Data Unit (MPDU) by performing an operation with a sequence number (SN) of the MPDU to obtain a modified MPDU; generating a data frame with an encrypted version of the modified MPDU; and outputting the data frame for transmission to a second wireless device that the first wireless device has established a protected block acknowledgment (BA) agreement with.
Aspect 22. The method of Aspect 21, wherein modifying the original MPDU by performing an operation with the SN comprises performing a logical operation with a portion of the original MPDU and the SN.
Aspect 23. The method of Any of Aspects 21-22, wherein the data frame includes a cyclic redundancy check (CRC) value generated based on the encrypted version of the modified MPDU and a MAC header.
Aspect 24. A method for wireless communications at a second wireless device, comprising: obtaining, from a first wireless device that the second wireless device has established a protected block acknowledgment (BA) agreement with, a data frame with a sequence number (SN) of a modified version of a medium access control (MAC) Protocol Data Unit (MPDU); performing a cyclic redundancy check (CRC) test based on the modified version of the MPDU; and if the CRC test passes, performing an operation with the SN to recover an original MPDU from the modified version of the MPDU if the CRC test passes; and updating a BA bitmap to indicate successful receipt of the original MPDU.
Aspect 25. The method of Aspect 24, wherein performing an operation with the SN to recover the original MPDU comprises performing a logical operation with a portion of the modified version of the MPDU and the SN.
Aspect 26. The method of Any of Aspects 24-25, further comprising: passing the original version of the MPDU to a re-order buffer if the CRC test passes.
Aspect 27. A method for wireless communications at a first wireless device, comprising: generating a data frame with a medium access control (MAC) Protocol Data Unit (MPDU) encrypted using additional authentication data (AAD) applied to a sequence number (SN) of the MPDU; and outputting the data frame for transmission to a second wireless device that the first wireless device has established a protected block acknowledgment (BA) agreement with.
Aspect 28. A method for wireless communications at a second wireless device, comprising: obtaining a data frame from a first wireless device that the first wireless device has established a protected block acknowledgment (BA) agreement with; and extracting a medium access control (MAC) Protocol Data Unit (MPDU) from the data frame, based on an additional authentication data (AAD) deconstruction using a sequence number (SN) of the MPDU.
Aspect 29. A method for wireless communications at a first wireless device, comprising: obtaining an unsolicited block acknowledgment (BA) frame from a second wireless device; and ignoring the unsolicited BA frame.
Aspect 30. The method of Aspect 29, wherein the unsolicited BA frame is obtained independent of the first wireless device outputting, for transmission, a soliciting frame a short inter-frame space (SIFS) before obtaining the unsolicited BA.
Aspect 31. An apparatus for wireless communications, comprising: a memory comprising instructions; and one or more processors configured to execute the instructions and cause the apparatus to perform a method in accordance with any one of Aspects 1-30.
Aspect 32. An apparatus for wireless communications, comprising means for performing a method in accordance with any one of Aspects 1-30.
Aspect 33. A non-transitory computer-readable medium comprising instructions that, when executed by an apparatus, cause the apparatus to perform a method in accordance with any one of Aspects 1-30.
Aspect 34. A wireless device, comprising: at least one transceiver; a memory comprising instructions; and one or more processors configured to execute the instructions and cause the wireless device to perform a method in accordance with any one of Aspects 1-8, wherein the at least one transceiver is configured to transmit the protected frame and the multiple MPDUs.
Aspect 35. A wireless device, comprising: at least one transceiver; a memory comprising instructions; and one or more processors configured to execute the instructions and cause the wireless device to perform a method in accordance with any one of Aspects 9-16, wherein the at least one transceiver is configured to receive the protected frame.
Aspect 36. A wireless device, comprising: at least one transceiver; a memory comprising instructions; and one or more processors configured to execute the instructions and cause the wireless device to perform a method in accordance with any one of Aspects 17-20, wherein the at least one transceiver is configured to receive the data frame.
Aspect 37. A wireless device, comprising: at least one transceiver; a memory comprising instructions; and one or more processors configured to execute the instructions and cause the wireless device to perform a method in accordance with any one of Aspects 21-23, wherein the at least one transceiver is configured to transmit the data frame.
Aspect 38: A wireless device, comprising: at least one transceiver; a memory comprising instructions; and one or more processors configured to execute the instructions and cause the wireless device to perform a method in accordance with any one of Aspects 24-26, wherein the at least one transceiver is configured to receive the data frame.
Aspect 39. A wireless device, comprising: at least one transceiver; a memory comprising instructions; and one or more processors configured to execute the instructions and cause the wireless device to perform a method in accordance with any one of Aspect 27, wherein the at least one transceiver is configured to transmit the data frame.
Aspect 40. A wireless device, comprising: at least one transceiver; a memory comprising instructions; and one or more processors configured to execute the instructions and cause the wireless device to perform a method in accordance with any one of Aspect 28, wherein the at least one transceiver is configured to receive the data frame.
Aspect 41. A wireless device, comprising: at least one transceiver; a memory comprising instructions; and one or more processors configured to execute the instructions and cause the wireless device to perform a method in accordance with any one of Aspect 29, wherein the at least one transceiver is configured to receive the unsolicited BA frame.
As used herein, the term “determining” encompasses a wide variety of actions. For example, “determining” may include calculating, computing, processing, deriving, investigating, looking up (such as looking up in a table, a database or another data structure), ascertaining and the like. Also, “determining” may include receiving (such as receiving information), accessing (such as accessing data in a memory) and the like. Also, “determining” may include resolving, selecting, choosing, establishing and the like.
As used herein, a phrase referring to “at least one of” a list of items refers to any combination of those items, including single members. As an example, “at least one of: a, b, or c” is intended to cover: a, b, c, a-b, a-c, b-c, and a-b-c.
The various illustrative logics, logical blocks, modules, circuits and algorithm processes described in connection with the implementations disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. The interchangeability of hardware and software has been described generally, in terms of functionality, and illustrated in the various illustrative components, blocks, modules, circuits and processes described above. Whether such functionality is implemented in hardware or software depends upon the particular application and design constraints imposed on the overall system.
The hardware and data processing apparatus used to implement the various illustrative logics, logical blocks, modules and circuits described in connection with the aspects disclosed herein may be implemented or performed with a general purpose single- or multi-chip processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, or, any conventional processor, controller, microcontroller, or state machine. A processor also may be implemented as a combination of computing devices, such as a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. In some implementations, particular processes and methods may be performed by circuitry that is specific to a given function.
In one or more aspects, the functions described may be implemented in hardware, digital electronic circuitry, computer software, firmware, including the structures disclosed in this specification and their structural equivalents thereof, or in any combination thereof. Implementations of the subject matter described in this specification also can be implemented as one or more computer programs, i.e., one or more modules of computer program instructions, encoded on a computer storage media for execution by, or to control the operation of, data processing apparatus.
If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. The processes of a method or algorithm disclosed herein may be implemented in a processor-executable software module which may reside on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that can be enabled to transfer a computer program from one place to another. A storage media may be any available media that may be accessed by a computer. By way of example, and not limitation, such computer-readable media may include RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that may be used to store desired program code in the form of instructions or data structures and that may be accessed by a computer. Also, any connection can be properly termed a computer-readable medium. Disk and disc, as used herein, includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk, and Blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media. Additionally, the operations of a method or algorithm may reside as one or any combination or set of codes and instructions on a machine readable medium and computer-readable medium, which may be incorporated into a computer program product.
Various modifications to the implementations described in this disclosure may be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other implementations without departing from the spirit or scope of this disclosure. Thus, the claims are not intended to be limited to the implementations shown herein, but are to be accorded the widest scope consistent with this disclosure, the principles and the novel features disclosed herein.
Certain features that are described in this specification in the context of separate implementations also can be implemented in combination in a single implementation. Conversely, various features that are described in the context of a single implementation also can be implemented in multiple implementations separately or in any suitable subcombination. Moreover, although features may be described above as acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a subcombination or variation of a subcombination.
Similarly, while operations are depicted in the drawings in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. Further, the drawings may schematically depict one more example processes in the form of a flow diagram. However, other operations that are not depicted can be incorporated in the example processes that are schematically illustrated. For example, one or more additional operations can be performed before, after, simultaneously, or between any of the illustrated operations. In certain circumstances, multitasking and parallel processing may be advantageous. Moreover, the separation of various system components in the implementations described above should not be understood as requiring such separation in all implementations, and it should be understood that the described program components and systems can generally be integrated together in a single software product or packaged into multiple software products. Additionally, other implementations are within the scope of the following claims. In some cases, the actions recited in the claims can be performed in a different order and still achieve desirable results.
| Number | Date | Country | Kind |
|---|---|---|---|
| 202241022313 | Apr 2022 | IN | national |
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/US2023/016149 | 3/23/2023 | WO |
