Note: Descriptions are shown in the official language in which they were submitted.
CA 02661050 2011-12-07
WO 2008/020856 PCT/1JS2006/032535
DYNAMIC TEMPORARY MAC ADDRESS GENERATION IN WIRELESS NETWORKS
DESCRIPTION
BACKGROUND
[Para 1] field of the Invention:
[Para 2] The present application relates generally to wireless networking,
and more
particularly to improving the privacy and security levels of a user's
interactions with the
network.
[Para 3] General Background Discussion:
[Para 4] Internet Protocol
IP is a connectionless protocol. The connection between end points during a
communication is not continuous. When a user sends or receives data or
messages, the
data or messages are divided into components known as packets. Every packet is
treated as
an independent unit of data.
[Para 5] In order to standardize the transmission between points over the
Internet or the
like networks, an OSI (Open Systems Interconnection) model was established.
The OSI
model separates the communications processes between two points in a network
Into seven
stacked layers, with each layer adding its own set of functions. Each device
handles a
message so that there is a downward flow through each layer at a sending end
point and an
upward flow through the layers at a receiving end point. The programming
and/or
hardware that provides the seven layers of function is typically a combination
of device
operating systems, application software, TCP/IP and/or other transport and
network
protocols, and other software and hardware.
CA 02661050 2011-12-07
WO 2008/020856 PCT/US2006/032535
[Para 6] Typically, the top four layers are used when a message passes from
or to a user
and the bottom three layers are used when a message passes through a device
(e.g., an IP
host device). An IP host is any device on the network that is capable of
transmitting and
receiving IP packets, such as a server, a router or a workstation. Messages
destined for
some other host are not passed up to the upper layers but are forwarded to the
other host.
In the OSI and other similar models, IP is in Layer-3, the network layer. The
layers of the
OSI model are listed below.
[Para 7] Layer 7 (i.e., the application layer) is a layer at which, e.g.,
communication
partners are identified, quality of service is identified, user authentication
and privacy are
considered, constraints on data syntax are identified, etc.
[Para 8] Layer 6 (i.e., the presentation layer) is a layer that, e.g.,
converts incoming and
outgoing data from one presentation format to another, etc.
[Para 9] Layer 5 (i.e., the session layer) is a layer that, e.g., sets up,
coordinates, and
terminates conversations, exchanges and dialogs between the applications, etc.
[Pam 10] Layer-4 (i.e., the transport layer) is a layer that, e.g., manages
end-to-end
control and error-checking, etc.
[Para 11] Layer-3 (i.e., the network layer) is a layer that, e.g., handles
routing and
forwarding, etc.
[Pam 121 Layer-2 (i.e., the data-link layer) is a layer that, e.g.,
provides synchronization
for the physical level, does bit-stuffing and furnishes transmission protocol
knowledge and
management, etc. The Institute of Electrical and Electronics Engineers (IEEE)
sub-divides the
data-link layer into two further sub-layers, the MAC (Media Access Control)
layer that
controls the data transfer to and from the physical layer and the LLC (Logical
Link Control)
layer that interfaces with the network layer and interprets commands and
performs error
recovery.
2
CA 02661050 2011-12-07
WO 2008/020856 PCT/US2006/032535
[Para 131 Layer 1 (i.e., the physical layer) is a layer that, e.g., conveys
the bit stream
through the network at the physical level. The IEEE sub-divides the physical
layer into the
PLCP (Physical Layer Convergence Procedure) sub-layer and the PMD (Physical
Medium
Dependent) sub-layer.
[Para 14] Typically, layers higher than layer-2 (such as, e.g., layers
including the network
layer or layer-3 in the OSI model and the like) are referred to as the higher-
layers.
[Para 15] Wireless Networks
[Para 16] Wireless networks can incorporate a variety of types of mobile
devices, such as
cellular and wireless telephones, PCs (personal computers), laptop computers,
wearable
computers, cordless phones, pagers, headsets, printers, PDAs, etc. For
example, mobile
devices may include digital systems to secure fast wireless transmissions of
voice and/or
data.
[Para 17] Wireless LANs (W1ANs) in which a mobile user can connect to a local
area
network (LAN) through a wireless connection may be employed for wireless
communications. Wireless communications can include communications that
propagate via
electromagnetic waves, such as light, infrared, radio, microwave. There are a
variety of
MAN standards that currently exist, such as, e.g., Bluetooth, IEEE 802.11, and
HomeRF.
[Para 18] IEEE 802.11 specifies technologies for wireless LANs and devices.
Using
802.11, wireless networking may be accomplished with each single base station
supporting
several devices. In some examples, devices may come pre-equipped with wireless
hardware
or a user may install a separate piece of hardware, such as a card, that may
Inc.lude an
antenna. By way of example, devices used in 802.11 typically include three
notable
elements, whether or not the device is an access point (AP), a mobile station
(STA), a bridge,
a PCMCIA card or another device: a radio transceiver; an antenna; and a MAC
(Media Access
Control) layer that controls packet flow between points in a network.
3
CA 02661050 2011-12-07
WO 2008/020856 PCT/US2006/032535
[Para 191 Wireless networks can also involve methods and protocols found in
Mobile IP
(Internet Protocol) systems, in PCS systems, and in other mobile network
systems. With
respect to Mobile IP, this involves a standard communications protocol created
by the
Internet Engineering Task Force (IETF). With Mobile IP, mobile device users
can move across..
networks while maintaining their IP Address assigned once. See Request for
Comments
(RFC) 3344. Mobile IP enhances Internet Protocol (IP) and adds means to
forward Internet
traffic to mobile devices when connecting outside their home network. Mobile
IP assigns
each mobile node a home address on its home network and a care-of-address
(CoA) that
Identifies the current location of the device within a network and its
subnets. When a device
is moved to a different network, it receives a new care-of address. A mobility
agent on the
home network can associate each home address with its care-of address. The
mobile node
can send the home agent a binding update each time it changes its care-of
address by
using a protocol such as Internet Control Message Protocol (ICMP).
[Para 20] In basic IP routing, routing mechanisms typically rely on the
assumptions that
each network node always has a constant attachment point to the Internet and
that each
node's IP address identifies the network link it is attached to. In this
document, the
terminology "nodes includes a connection point, which can include a
redistribution point or
an end point for data transmissions, and which can recognize, process and/or
forward
communications to other nodes. For example, Internet routers can look at an IP
address
prefix or the like identifying a device's network. Then, at a network level,
routers can look
at a set of bits identifying a particular subnet. Then, at a subnet level,
routers can look at a
set of bits identifying a particular device. With typical mobile IP
communications, if a user
disconnects a mobile device from the Internet and tries to reconnect it at a
new subnet,
then the device has to be reconfigured with a new IP address, a proper netmask
and a
4
CA 02661050 2011-12-07
WO 2008/020856 PCT/US2006/032535
default router. Otherwise, routing protocols would not be able to deliver the
packets
properly.
[Para 21] MAC Addresses and Privacy
[Para 22] The Media Access Control (MAC) address serves as a unique Identifier
of a
network device. A MAC address is assigned to a network device at the
manufacturing stage
(typically after having undergone a quality control inspection) by burning or
writing it into a
permanent location in the network device, such as in ROM. Because of the need
to provide
a unique MAC address for each network device, MAC address assignment has to be
centrally
controlled. Consequently the association of MAC addresses with purchasers or
users of the
network devices is possible, with the result that an observer is able to trace
the movements
of users based on the MAC address. This also will enable the collection of
user history and
profile data by an observer. This is possible even when layer 2 security is
being used to
encrypt the layer 2 packets.
[Para 23] To prevent compromising of user privacy and security, the concept of
temporary device identifiers has been proposed In other areas such as 3G
networks. In the
case of 3G networks, the procedure to use temporary device identifiers is as
follows. Every
3G device has a permanent identifier analogous to the permanent MAC address
for WLAN
devices. When the 3G device desires to connect to a base station, it first
sends its
permanent identifier "In the dear" (i.e. unencrypted) to the base station. The
base station in
reply sends to the 3G device (also In the clear) a temporary identifier that
the 3G device can
then start using. Because the base station allocates the temporary addresses,
it can ensure
that a single address is not allocated to multiple devices simultaneously.
[Para 24] A problem in 3G networks is the initial usage of the permanent
identifier "in the
clear," i.e. In an unencrypted manner such that the permanent identifier may
be observed by
third parties. The 3G system allocates the temporary identifier only after the
initial insecure
CA 02661050 2011-12-07
WO 2008/020856 PCT/US2006/032535
transmission of the permanent identifier. Thus, anybody "listening to" or
monitoring
communications on the wireless channel continuously would be able to link the
temporary
address to the permanent address and from there draw inferences about the
communication pattern of a device.
[Para 25] In an attempt to avoid this, 3G networks include the concept of a
temporary
address called TMSI, or Temporary Mobile Subscriber Identity. TMSI has only
local
significance (e.g., within a VLR (Visitor Location Register) and the area
controlled by a VLR,
or within an SGSN (Serving General Packet Radio Service Support Node) and the
area
controlled by an SGSN). As a result, the structure and coding of the TMSI can
be defined by
agreement between the network operator and manufacturer to meet local needs.
This
implies the presence of protocols in the 3G network to ensure the uniqueness
of the TMSI.
[Para 26] In the case of WLANs, in contrast, it must be ensured that any
temporary
identifier is unique within a given region that can correspond either to a
single Access Point
(AP), to multiple APs with the same ESSID (Extended Service Set Identifier),
or to multiple APs
with different ESSIDs, but which belong to the same organization and are hence
accessed
via a single router.
[Para 27] The 3G network solution does not provide an efficient solution to
the problem
in WIANs. With the 3G approach, a mobile device would have to contact the
Access Point,
which would then allocate a temporary MAC address to the mobile device. This
temporary
MAC address would have to be unique across the entire region within which the
mobile
device would be operational. As discussed above, this region could span a
single AP,
multiple APs with the same ESSID or multiple APs with different ESSIDs.
[Para 28] It would not be difficult to ensure the uniqueness of a temporary
MAC address
across a region that spans a single AP, as the single AP itself can ensure
this during
allocation. However, when the mobile device moves from that region to an area
covered by
6
CA 02661050 2011-12-07
= WO 2008/020856
PCT/US2006/032535
a different Access Point, then ensuring that the temporary MAC address is
unique would
require coordination and negotiation between the involved Access Points (i.e.,
the old AP
and the new AP).
[Para 29] In view of the foregoing, a more efficient solution is needed
in the WLAN art,
which would be able to allocate a temporary MAC address to a mobile device
such that the
temporary MAC address would be unique across the region, and which does not
require
cumbersome and costly coordination and negotiation among Access Points. In
addition, the
temporary MAC address should provide user anonymity in all cases irrespective
of whether
the WLAN channel is being monitored or eavesdropped upon.
SUMMARY OF THE PREFERRED EMBODIMENTS
[Para 301 The preferred embodiments of the present invention can significantly
improve
upon the prior art and provide a solution to the problem of efficient
temporary MAC address
allocation to mobile devices in WLANs.
[Para 31] According to one aspect of the invention, a method is provided of
creating a
temporary identifier that is used to identify a mobile device on a wireless
network. The
method can include the steps of receiving information from a network access
point to which
the mobile device connects to said wireless network; combining the received
information
with a permanent identifier assigned to the mobile device; performing a
predetermined
mathematical calculation on the combination of the received information and
permanent
identifier; and using the result of the calculation to provide a temporary
identifier of the
mobile device in communications over the wireless network that satisfies the
above
constraints.
[Para 32] According to another aspect of the invention, a mobile device
is provided,
which can calculate its own unique temporary MAC address for use in a wireless
network
7
CA 02661050 2011-12-07
WO 2008/020856 PCT/US2006/032535
and which does not require any coordination or negotiation between access
points on the
network.
[Para 33] According to yet another aspect of the invention, a wireless network
is provided
wherein access points broadcast advertising information that is used by mobile
devices
seeking to connect to the wireless network to calculate unique temporary MAC
addressed.
BRIEF DESCRIPTION Of THE DRAWINGS
[Para 34] The preferred embodiments of the present invention are shown by a
way of
example, and not limitation, in the accompanying figures, in which:
[Para 35] FIG. us a diagram of an access point and wireless mobile station
interaction
for generation of a temporary MAC address and mobile station authentication
and
association with the wireless network, in accordance with an embodiment of the
present
Invention;
[Para 36] FIG. 2 is a flow diagram of a first procedure for establishing a
temporary MAC
address according to one embodiment of the present invention; and
[Para 37] FIG. 3 is a flow diagram of a second procedure for establishing a
temporary
MAC address according to another embodiment of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[Para 383 While the present invention may be embodied in many different forms,
the
illustrative embodiments are described herein with the understanding that the
present
disclosure is to be considered as providing examples of the principles of the
invention and
that such examples are not intended to limit the invention to preferred
embodiments
described herein and/or illustrated herein.
8
CA 02661050 2011-12-07
= WO 2008/020856
.. PCT/US2006/032535
[Para 39] According to the preferred embodiments of the invention, a mobile
device is
able to self-allocate a temporary MAC address that is ensured to be unique in
the entire
region over which the mobile device may traverse. The concepts of the
invention may be
categorized into two phases: the first phase addresses the uniqueness of the
temporary
MAC address, and the second phase ensures both that only authorized devices
can
communicate via the Access Point, and that an intruder cannot trace the amount
of
communication in which a particular device participates.
Phase 1
[Para 40] In this phase, with reference to Fig. 1, it is assumed that the
Access Point 101
*advertises" or broadcasts to the region for which it is responsible
information 102 that
identifies that region. This information 102 could be as simple as just the
SSID of the AP or
could include other information such as the SSID, the network ID etc.
Additionally, it is
possible for more than one Access Point to exist in a particular region, as in
public areas
such as airports, parks, public buildings, etc., wherein each Access Point
would represent a
different WLAN of a different service provider. In accordance with the
invention, the mobile
station 103 receives the information from the Access Point to which it desires
to connect,
and then hashes its own permanent MAC address (PMA as indicated in Fig. 1)
with the
received advertised information, using an algorithm 104. This will provide a
unique
temporary MAC address for the mobile station across the entire region served
by the AP.
When the mobile station moves into a region served by a different AP (which
the mobile
station will detect from received AP beacons or from replies to mobile station-
sent probe
signals), it will again perform the hash function calculation related to the
temporary MAC
address, with the new advertised information received from the new AP. The
advertised
information that is considered in the hashing algorithm can be driven by
policy and can be
9
CA 02661050 2011-12-07
WO 2008/020856 PCT/US2006/032535
different for different regions or it can be the same for many regions such as
the case would
be when using the SSID. In the latter case, the same temporary MAC address
would be valid
over all the regions that have the same advertised information. Indication of
this
information to the mobile station can be provided by using an appropriate out-
of-band
communication, such as over a control channel, etc. The mobile station uses
the calculated
temporary MAC address to complete the authentication process 105 in order to
connect to
the wireless network to be able to send and to receive information.
[Para 41] Referring now to Fig. 2, in step 201 the Access Point advertises
information that
is pertinent to the region in which the mobile station Is presently located.
The advertised
Information can indude, for example, information related to SSID, access
router identifier,
costs, capabilities of the Access Point, etc. The advertisement can be
communicated to the
mobile device either via beacons from the AP or via responses by the AP to
probes
transmitted by the mobile device, or any other suitable method. In accordance
with the
Invention, some or all of this advertised information is then used to
determine a temporary
MAC address for the mobile device. The particular advertised information to be
used by the
mobile device can be determined by policy, and itself can be indicated in the
advertisement.
[Para 42] Next, at step 202 the mobile station on receiving this
information will construct
a string which is a concatenation of the permanent MAC address of the mobile
station with
the information from the advertisement that is to be included in the
calculation. This string
is then hashed using any standard hashing algorithm such as SHA-1, MD5, etc.
SHA-1 Is
shown in Fig. 1 for purposes of Illustration. The 48 bits of the resultant
output of the hash
function then will be used as the temporary MAC address.
[Para 43] The mobile station at step 203 then proceeds with the rest of the
network
connection process, which involves authenticating and then associating with
the Access
Point using technologies such as 802.111 protocols, with the calculated
temporary MAC
CA 02661050 2011-12-07
WO 2008/020856 PCT/US2006/032535
address instead of the permanent MAC address that was burned into the device
in the
manufacturing stage.
Phase 2
[Para 44] Phase 2 is an optional alternate embodiment and would be used if it
is also
desired to prevent traffic analysis in addition to anonymity.
[Para 45] Phase 2 ensures that only authorized devices can communicate via the
access
point, and also that an intruder cannot trace the amount of communication in
which a
particular device participates. Here, It Is noted that phase 1 and phase 2
need not be
contiguous in terms of the message exchange. Each of these phases is also
independent of
each other.
[Para 46] At the beginning of phase 2, as shown at step 301 in Fig. 3, it is
assumed that
the permanent MAC address has been transferred securely to the AP. (This could
be done
using the flow of phase 1 for example) Further, the mobile device has also
successfully
authenticated itself with the AP (via the Access, Authentication and
Accounting (AAA) server)
and the corresponding keying material has been derived from the PMK key (step
302).
[Para 47] At this point both the mobile station and the AP have the following
information:
[Para 48] = permanent MAC address of the mobile station (this could have
been
transferred openly if phase 1 was not used (although this is not recommended)
or it could
have been transferred as an encrypted message after successful
authentication);
[Para 49] = AP_Info which is the information that is unique to the
region of interest.
This can be the same as the information used in phase 1;
[Para 50] = PMK, which has been derived as a result of successful
authentication.
[Para 51] At step 303, the mobile device is expected to use as the MAC address
the value:
[Para 52] HMAC(permanent MAC address, AP_info, COUNTER)
11
CA 02661050 2011-12-07
WO 2008/020856 PCT/US2006/032535
[Para 53] where the COUNTER is increased by one for each cycle. In a given
cycle the
HMAC value is the calculated 160 bit hash value. 48 bits of this 160 bit value
to serve as the
temporary MAC address (step 303). The exact 48 bits used as the temporary MAC
address
could be based on a deterministic algorithm. The deterministic algorithm can
be as simple
as always using the first 48 bits of the HMAC as the temporary MAC address, to
being as
complex as being a cyclic usage of the 160 bits of the hash value. The AP can
check the
transmitted temporary MAC address to verify it according to such rules. If the
transmitted
MAC address does not match, then the packet is dropped. Note that as a result
of this
procedure the MAC address can change not only from cycle to cycle but can also
change
during a cycle. This makes it very difficult to trace the communication
pattern of a given
mobile device. This implicitly assumes that there are multiple connected
devices in the area
concerned.
Implementation Example
[Para 54] Considering a region spanning multiple APs, let the unique
identifier
Information consist of the SSID, which will be denoted as A, and the IP
address of the access
router, denoted as B. Consider a mobile station with a permanent MAC address
C. Then
the temporary MAC address of the mobile station for use In this region Is
given by h(A,B,C)
where h() denotes a hash function. Any standard hash function such as SHA,
MD5, etc. can
be used for this purpose. Assuming that a MAC address occupies k bits, we
consider only
the first k bits of the hash function. Note that typically k is 48 bits in
length.
[Para 55] As the mobile station traverses the region and is handed off from
one AP to
another, it receives the SS1D and IP address of the new access router, and
performs again
the calculation h(A,B,C) for the new AP. The mobile station then uses the
calculation result
as its new temporary MAC address.
12
CA 02661050 2011-12-07
WO 2008/020856 PCT/U52006/032535
Broad Scone of the Invention
(Para 561 While illustrative embodiments of the invention have been described
herein, the
present invention is not limited to the various preferred embodiments
described herein, but
includes any and all embodiments having equivalent elements, modifications,
omissions,
combinations (e.g., of aspects across various embodiments), adaptations and/or
alterations
as would be appreciated by those in the art based on the present disclosure.
The
limitations In the claims are to be interpreted broadly based on the language
employed in
the claims and not limited to examples described in the present specification
or during the
prosecution of the application, which examples are to be construed as non-
exclusive. For
example, In the present disclosure, the term 'preferably" is non-exclusive and
means
"preferably, but not limited to." In this disclosure and during the
prosecution of this
application, means-plus-function or step-plus-function limitations will only
be employed
where for a specific claim limitation all of the following conditions are
present in that
limitation: a) "means for" or "step for" is expressly recited; b) a
corresponding function is
expressly recited; and c) structure, material or acts that support that
structure are not
recited. In this disclosure and during the prosecution of this application,
the terminology
"present invention" or "invention" may be used as a reference to one or more
aspect within
the present disclosure. The language present invention or invention should not
be
improperly interpreted as an identification of criticality, should not be
improperly
interpreted as applying across all aspects or embodiments (i.e., it should be
understood
that the present invention has a number of aspects and embodiments), and
should not be
improperly interpreted as limiting the scope of the application or claims. In
this disclosure
and during the prosecution of this application, the terminology "embodiment"
can be used
to describe any aspect, feature, process or step, any combination thereof,
and/or any
13
CA 02661050 2011-12-07
WO 2008/020856 PCT/US2006/032535
portion thereof, etc. In some examples, various embodiments may include
overlapping
features. In this disclosure, the following abbreviated terminology may be
employed: "e.g."
which means "for example."
14