Search

US-20260128866-A1 - FILS PUBLIC KEY AUTHENTICATION AND PRIVATE PMKID CALCULATION

US20260128866A1US 20260128866 A1US20260128866 A1US 20260128866A1US-20260128866-A1

Abstract

A wireless device and system are described to provide enhanced privacy in 802.11 association and Reassociation procedures. To avoid an access point (AP)-only modification of the Pairwise Master Key Identifier (PMKID) during (Re)Association, Nonces are exchanged by both a non-AP station (STA) and the AP to derive a new PMKID. In addition, fast initial link setup (FILS) public key authentication is adjusted to move the signature of the FILS Responder to the second Authentication rather than the (Re)Association Response frame. In addition, an identity key is included in the Pairwise Master Key (PMK) or Pairwise Transient Key (PTK) derivation.

Inventors

  • Po-Kai Huang
  • Ilan Peer
  • JOHANNES BERG
  • Ido Ouzieli

Assignees

  • INTEL CORPORATION

Dates

Publication Date
20260507
Application Date
20251219

Claims (20)

  1. 1 . A wireless device comprising: a memory configured to store a Pairwise Master Key Identifier (PMKID); and processing circuitry that configures the wireless device to: after establishment of a Pairwise Transient Key Security Association (PTKSA) based on a Pairwise Master Key Security Association (PMKSA) during one of association or Reassociation, determine Nonce elements in a pair of frames, the pair of frames including one of Association Request and Response frames or Reassociation Request and Response frames; and change, based on the Nonce elements, the PMKID for the PMKSA to a new PMKID for a next association and Reassociation.
  2. 2 . The wireless device of claim 1 , wherein: the processing circuitry is further configured to determine whether a PMKSA Caching Privacy Support field in a Robust Security Network Extension Element (RSNXE) is set to 1, and one of the Nonce elements is included in each of the Association and Reassociation Request and Response frames in response to a determination that the PMKSA Caching Privacy Support field is set to 1.
  3. 3 . The wireless device of claim 2 , wherein the processing circuitry is further configured to, for non-Multi-Link Operation (MLO): encode a first of the Nonce elements for transmission in the Association Request or Reassociation Request frame and decode a second of the Nonce elements in the Association Response or Reassociation Response frame when the wireless device is an Enhanced Privacy Protection (EPP) non-access point (AP) station (STA), and encode the second of the Nonce elements for transmission in the Association Response or Reassociation Response frame and decode the first of the Nonce elements for transmission in the Association Request or Reassociation Request frame when the wireless device is an EPP AP.
  4. 4 . The wireless device of claim 2 , wherein the processing circuitry is further configured to, for Multi-Link Operation (MLO): encode a first of the Nonce elements for transmission in the Association Request or Reassociation Request frame and decode a second of the Nonce elements in the Association Response or Reassociation Response frame when the wireless device is an Enhanced Privacy Protection (EPP) non-access point (AP) multi-link device (MLD), and encode the second of the Nonce elements for transmission in the Association Response or Reassociation Response frame and decode the first of the Nonce elements for transmission in the Association Request or Reassociation Request frame when the wireless device is an EPP AP MLD.
  5. 5 . The wireless device of claim 1 , wherein the processing circuitry is further configured to: decode an indication of a changed Pairwise Master Key Identifier (PMKID) in a Robust Security Network Element (RSNE) that identifies a cached PMKSA; and establish the PTKSA based on the PMKSA.
  6. 6 . The wireless device of claim 1 , wherein: the Nonce elements include an Authenticator Nonce of an Authenticator in the Association Response or Reassociation Response frame and a Supplicant Nonce of a Supplicant in the Association Request or Reassociation Request frame, and the processing circuitry is configured to calculate the PMKID using a hash function that includes both the Authenticator Nonce and the Supplicant Nonce.
  7. 7 . The wireless device of claim 6 , wherein the processing circuitry is configured to calculate the PMKID using: PMKID = Truncate - 128 ⁢ ( Hash ( “ PMK ⁢ Name ” ⁢  PMKIDANonce  ⁢ PMKIDSNonce ) ) where Hash is a hash algorithm from a key derivation type, ANonce is the Authenticator nonce used when the PTKSA was established, SNonce is the Supplicant nonce used when the PTKSA was established, and PMK Name is a fixed, standardized string that identifies a Pairwise Master Key (PMK) used for the PMKSA.
  8. 8 . The wireless device of claim 1 , wherein the processing circuitry is further configured to set an Association or Reassociation Frame Encryption Support field in a Robust Security Network Extension Element (RSNXE) to 1 in response to a PMKSA Caching Privacy Support field in the RSNXE being set to 1.
  9. 9 . A non-transitory computer-readable storage medium that stores instructions for execution by a processor of a wireless device, the instructions, when executed, cause the wireless device to: after establishment of a Pairwise Transient Key Security Association (PTKSA) based on a Pairwise Master Key Security Association (PMKSA) during one of association or Reassociation, determine Nonce elements in a pair of frames, the pair of frames including one of Association Request and Response frames or Reassociation Request and Response frames; and change, based on the Nonce elements, a Pairwise Master Key Identifier (PMKID) for the PMKSA for use in a next association or Reassociation.
  10. 10 . The non-transitory computer-readable storage medium of claim 9 , wherein the instructions, when executed, cause the processor to set an Association or Reassociation Frame Encryption Support field in a Robust Security Network Extension Element (RSNXE) to 1 in response to a PMKSA Caching Privacy Support field in the RSNXE being set to 1.
  11. 11 . The non-transitory computer-readable storage medium of claim 9 , wherein: the instructions, when executed, cause the processor to determine whether a PMKSA Caching Privacy Support field in a Robust Security Network Extension Element (RSNXE) is set to 1, and one of the Nonce elements is included in each of the Association and Reassociation Request and Response frames in response to a determination that the PMKSA Caching Privacy Support field is set to 1.
  12. 12 . The non-transitory computer-readable storage medium of claim 11 , wherein for non-Multi-Link Operation (MLO), the instructions, when executed, cause the processor, encode a first of the Nonce elements for transmission in the Association Request or Reassociation Request frame and decode a second of the Nonce elements in the Association Response or Reassociation Response frame when the wireless device is an Enhanced Privacy Protection (EPP) non-access point (AP) station (STA), and encode the second of the Nonce elements for transmission in the Association Request or Reassociation frame Response and decode the first of the Nonce elements for transmission in the Association Response or Reassociation Request frame when the wireless device is an EPP AP.
  13. 13 . The non-transitory computer-readable storage medium of claim 11 , wherein for Multi-Link Operation (MLO), the instructions, when executed, cause the processor, encode a first of the Nonce elements for transmission in the Association Request or Reassociation Request frame and decode a second of the Nonce elements in the Association Response or Reassociation Response frame when the wireless device is an Enhanced Privacy Protection (EPP) non-access point (AP) multi-link device (MLD), and encode the second of the Nonce elements for transmission in the Association Request or Reassociation frame Response and decode the first of the Nonce elements for transmission in the Association Response or Reassociation Request frame when the wireless device is an EPP AP MLD.
  14. 14 . The non-transitory computer-readable storage medium of claim 10 , wherein the instructions, when executed, cause the processor to: decode an indication of a changed Pairwise Master Key Identifier (PMKID) in a Robust Security Network Element (RSNE) that identifies a cached PMKSA; and establish the PTKSA based on the PMKSA.
  15. 15 . The non-transitory computer-readable storage medium of claim 10 , wherein: the Nonce elements include an Authenticator Nonce of an Authenticator in the Association Response or Reassociation Response frame and a Supplicant Nonce of a Supplicant in the Association Request or Reassociation Request frame, and the instructions, when executed, cause the processor to calculate the PMKID using a hash function that includes both the Authenticator Nonce and the Supplicant Nonce.
  16. 16 . non-transitory computer-readable storage medium of claim 15 , wherein the instructions, when executed, cause the processor to calculate the PMKID using: PMKID = Truncate - 128 ⁢ ( Hash ( “ PMK ⁢ Name ” ⁢  PMKIDANonce  ⁢ PMKIDSNonce ) ) where Hash is a hash algorithm from a key derivation type, ANonce is the Authenticator nonce used when the PTKSA was established, SNonce is the Supplicant nonce used when the PTKSA was established, and PMK Name is a fixed, standardized string that identifies a Pairwise Master Key (PMK) used for the PMKSA.
  17. 17 . A wireless device comprising: a memory configured to store a signature of the wireless device; and processing circuitry that configures the wireless device to: decode an Authentication Request frame from a fast initial link setup (FILS) Originator; encrypt a FILS Public Key element and a FILS Key Confirmation element as an encryption; and encode the encryption for transmission in an Authentication Response frame for transmission to the FILS Originator.
  18. 18 . The wireless device of claim 17 , wherein the processing circuitry is further configured to determine, based on reception of a capability bit in the Authentication Request frame, that the FILS Originator supports authentication via reception of the encrypted FILS Public Key element and FILS Key Confirmation element prior to transmission of an Association or Reassociation Request frame.
  19. 19 . The wireless device of claim 18 , wherein the capability bit is in at least one of a Robust Security Network Extension Element (RSNXE) or a FILS Information field in a FILS Indication element.
  20. 20 . The wireless device of claim 17 , wherein the processing circuitry is further configured to perform FILS authentication with perfect forward secrecy (PFS) in response to the FILS Originator and a FILS Responder setting an Association or Reassociation Frame Encryption Support field in a Robust Security Network Extension Element (RSNXE) to 1.

Description

PRIORITY CLAIMS This application claims priority under 35 U.S.C. 119(e) to U.S. Provisional Patent Application Ser. No. 63/797,009, filed, Apr. 29, 2025, and U.S. Provisional Patent Application Ser. No. 63/819,316, filed, Jun. 6, 2025, each which are incorporated herein by reference in their entireties. TECHNICAL FIELD Embodiments pertain to wireless communications. Some embodiments relate to key-based authentication in wireless local area networks (WLANs). BACKGROUND Wireless devices are becoming widely prevalent and are increasingly requesting access to wireless channels. The Institute of Electrical and Electronics Engineers (IEEE) is developing standards for wireless local area networks (WLANs). The complexity of such communication systems, as well as interactions between stations (STAs) within a WLAN system, has increased. In particular, security continues to be an issue in various communications between STAs, as Wi-Fi 8 (IEEE 802.11bn or bi) and further standards continue to be developed. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram of a radio architecture, in accordance with some embodiments. FIG. 2 illustrates a front-end module circuitry for use in the radio architecture of FIG. 1, in accordance with some embodiments. FIG. 3 illustrates a radio IC circuitry for use in the radio architecture of FIG. 1, in accordance with some embodiments. FIG. 4 illustrates a baseband processing circuitry for use in the radio architecture of FIG. 1, in accordance with some embodiments. FIG. 5 illustrates a WLAN, in accordance with some embodiments. FIG. 6 illustrates a multi-link framework in accordance with some embodiments. FIG. 7 illustrates network environment of enhanced link security in accordance with some embodiments. FIG. 8 illustrates a frame exchange in accordance with some embodiments. FIG. 9 illustrates a fast initial link setup (FILS) public key element format in accordance with some embodiments. FIG. 10 illustrates a privacy beam frame format in accordance with some embodiments. FIG. 11 illustrates a flow diagram for an enhanced link security system in accordance with some embodiments. DETAILED DESCRIPTION The following description and the drawings sufficiently illustrate specific embodiments to enable those skilled in the art to practice them. Other embodiments may incorporate structural, logical, electrical, process, and other changes. Portions and features of some embodiments may be included in, or substituted for, those of other embodiments. Embodiments set forth in the claims encompass all available equivalents of those claims. FIG. 1 is a block diagram of a radio architecture 100 in accordance with some embodiments. Radio architecture 100 may include radio front-end module (FEM) circuitry 104, radio IC circuitry 106 and baseband processing circuitry 108. Radio architecture 100 as shown includes both Wireless Local Area Network (WLAN) functionality and Bluetooth (BT) functionality although embodiments are not so limited. In this disclosure, “WLAN” and “Wi-Fi” are used interchangeably. FEM circuitry 104 may include a WLAN or Wi-Fi FEM circuitry 104A and a Bluetooth (BT) FEM circuitry 104B. The WLAN FEM circuitry 104A may include a receive signal path comprising circuitry configured to operate on WLAN RF signals received from one or more antennas 101, to amplify the received signals and to provide the amplified versions of the received signals to the WLAN radio IC circuitry 106A for further processing. The BT FEM circuitry 104B may include a receive signal path which may include circuitry configured to operate on BT RF signals received from one or more antennas 101, to amplify the received signals and to provide the amplified versions of the received signals to the BT radio IC circuitry 106B for further processing. FEM circuitry 104A may also include a transmit signal path which may include circuitry configured to amplify WLAN signals provided by the radio IC circuitry 106A for wireless transmission by one or more of the antennas 101. In addition, FEM circuitry 104B may also include a transmit signal path which may include circuitry configured to amplify BT signals provided by the radio IC circuitry 106B for wireless transmission by the one or more antennas. In the embodiment of FIG. 1, although FEM CIRCUITRY 104A and FEM CIRCUITRY 104B are shown as being distinct from one another, embodiments are not so limited, and include within their scope the use of an FEM (not shown) that includes a transmit path and/or a receive path for both WLAN and BT signals, or the use of one or more FEM circuitries where at least some of the FEM circuitries share transmit and/or receive signal paths for both WLAN and BT signals. Radio IC circuitry 106 as shown may include WLAN radio IC circuitry 106A and BT radio IC circuitry 106B. The WLAN radio IC circuitry 106A may include a receive signal path which may include circuitry to down-convert WLAN RF signals received from the FEM circuitry 104A and provide