Search

US-20260129452-A1 - ROGUE AP DETECTION AND SIGNALING WITHIN A SEAMLESS MOBILITY DOMAIN

US20260129452A1US 20260129452 A1US20260129452 A1US 20260129452A1US-20260129452-A1

Abstract

Detection of rogue access points (APs) through an AP that is associated with a mobility domain in a network. Unvalidated APs that attempt to join the network may be validated by another AP that is associated with the network. The unvalidated and associated APs may exchange signatures to determine if the unvalidated AP knows a key associated with the network. If the unvalidated AP does not know the key, the unvalidated AP is not validated for the network. The AP that was doing the validation may transmit a message to devices on the network indicating a rogue AP, the unvalidated AP, is attempting to join the network.

Inventors

  • Binita Gupta
  • Brian D. Hart
  • Stephen M. Orr
  • Malcolm M. Smith
  • Indermeet S. GANDHI

Assignees

  • CISCO TECHNOLOGY, INC.

Dates

Publication Date
20260507
Application Date
20250618

Claims (20)

  1. 1 . A method comprising: receiving, on a first access point associated with a mobility domain in a network, a first mobility domain signature from a second access point; communicating, from the first access point to the second access point, a first nonce generated by the first access point; receiving, on the first access point, a second mobility domain signature and a second nonce from the second access point; and evaluating, on the first access point, a mobility domain validation of the second access point based on verification of the second mobility domain signature.
  2. 2 . The method of claim 1 , wherein the second mobility domain signature is a digital signature generated based on at least the first nonce, the second nonce, and a private key of the mobility domain.
  3. 3 . The method of claim 2 , wherein the verification of the second mobility domain signature comprises verifying the digital signature based on at least the first nonce, the second nonce, and a public key of the mobility domain.
  4. 4 . The method of claim 1 , wherein the mobility domain is a seamless mobility domain (SMD), and wherein the first access point and the second access point are advertised to be part of the SMD.
  5. 5 . The method of claim 1 , further comprising: responsive to determining that the verification of the second mobility domain signature fails, broadcasting, by the first access point, a signal indicating the network includes an access point that has failed the mobility domain validation.
  6. 6 . The method of claim 5 , further comprising indicating in the broadcasted signal an identity of the second access point that has failed the mobility domain validation.
  7. 7 . The method of claim 6 , further comprising: broadcasting a second signal instructing a first device receiving the signal from the first access point to perform mobility domain validation for access points that the first device attempts to connect to.
  8. 8 . The method of claim 7 , wherein broadcasting the signal includes sending the signal in one or more of a beacon frame, a probe response frame, or a fast initial link setup (FILS) discovery frame.
  9. 9 . The method of claim 1 , wherein communication between the first access point and the second access point for the mobility domain validation is performed using an access network query protocol (ANQP).
  10. 10 . The method of claim 1 , further comprising: transmitting, by the first access point, a third mobility domain signature; receiving, by the first access point, a third nonce; generating, by the first access point, a fourth mobility domain signature based in part on the third nonce; and transmitting, by the first access point, the fourth mobility domain signature.
  11. 11 . The method of claim 3 , further comprising: responsive to determining that the verification of the second mobility domain signature passes, determining, by the first access point, that the second access point passed the mobility domain validation.
  12. 12 . The method of claim 11 , further comprising: responsive to determining that the second access point passed the mobility domain validation, transmitting, by the first access point, an indication that the second access point is a validated member of the mobility domain in the network.
  13. 13 . A system comprising: one or more memories; and one or more processors communicatively coupled to the one or more memories, wherein the one or more processors are configured to, individually or collectively, perform operations comprising: receiving a first mobility domain signature from a second access point; communicating, to the second access point, a generated first nonce; receiving a second mobility domain signature and a second nonce from the second access point; and evaluating a mobility domain validation of the second access point based on verification of the second mobility domain signature.
  14. 14 . The system of claim 13 , further comprising: responsive to determining that the verification of the second mobility domain signature fails, broadcasting a signal indicating a network includes an access point that has failed mobility domain verification.
  15. 15 . The system of claim 14 , further comprising: broadcasting a second signal instructing a first device receiving the signal to perform mobility domain validation for access points that the first device attempts to connect to.
  16. 16 . The system of claim 15 , further comprising indicating in the broadcasted signal an identity of the second access point that has failed the mobility domain validation.
  17. 17 . A non-transitory computer-readable medium containing computer program code that, when executed by operation of one or more computer processors, performs operations comprising: receiving a first mobility domain signature from a second access point; communicating, to the second access point, a generated first nonce; receiving a second mobility domain signature and a second nonce from the second access point; and evaluating a mobility domain validation of the second access point based on verification of the second mobility domain signature.
  18. 18 . The non-transitory computer-readable medium of claim 17 , further comprising: responsive to determining that the verification of the second mobility domain signature fails, broadcasting a signal indicating a network includes an access point that has failed mobility domain verification.
  19. 19 . The non-transitory computer-readable medium of claim 18 , further comprising: broadcasting a second signal instructing a first device receiving the signal to perform mobility domain validation for access points that the first device attempts to connect to.
  20. 20 . The non-transitory computer-readable medium of claim 19 , further comprising indicating in the broadcasted signal an identity of the second access point that has failed the mobility domain validation.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application claims benefit of U.S. provisional patent application Ser. No. 63/715,487 filed Nov. 1, 2024. The aforementioned related patent application is herein incorporated by reference in its entirety. TECHNICAL FIELD Embodiments presented in this disclosure generally relate to detecting rogue access points. More specifically, embodiments disclosed herein relate to detection of rogue access points by authenticating access points that advertise as being part of a mobility domain. BACKGROUND To provide smooth roaming and mobility across a Wi-Fi network, clients can create a “secure association” with an extended service set (ESS) represented by a Seamless Mobility Domain (SMD), instead of associating with a single Access Point (AP) within the ESS. Such architecture can enable a client to roam seamlessly between APs without requiring reassociation and re-establishment of contexts with a new AP, since the client associates with the SMD that is associated with the APs of the ESS. BRIEF DESCRIPTION OF THE DRAWINGS So that the manner in which the above-recited features of the present disclosure can be understood in detail, a more particular description of the disclosure, briefly summarized above, may be had by reference to embodiments, some of which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate typical embodiments and are therefore not to be considered limiting; other equally effective embodiments are contemplated. FIG. 1 depicts a block diagram of an environment with a mobility domain that has access points and a rogue access point that attempts to mimic one of the access points, according to one embodiment. FIG. 2 depicts a flowchart of a method for verifying an access point using another access point in a mobility domain, according to one embodiment. FIG. 3 depicts a flowchart of a method for verifying an access point using a client device, according to one embodiment. FIG. 4 depicts a flowchart of a method for associating an access point to a mobility domain, according to one embodiment. FIG. 5 depicts a flowchart for an example method for verifying an unvalidated AP with a verified AP, according to one embodiment. FIG. 6 depicts an example network device configured to perform various aspects of the present disclosure, according to one embodiment. To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures. It is contemplated that elements disclosed in one embodiment may be beneficially used in other embodiments without specific recitation. DESCRIPTION OF EXAMPLE EMBODIMENTS Overview One embodiment presented in this disclosure is a method that includes receiving, on a first access point associated with a mobility domain in a network, a first mobility domain signature from a second access point. The method further includes communicating, from the first access point to the second access point, a first nonce generated by the first access point. The method further includes receiving, on the first access point, a second mobility domain signature and a second nonce from the second access point and evaluating, on the first access point, a mobility domain validation of the second access point based on verification of the second mobility domain signature. The embodiments presented in this disclosure further include a system and a non-transitory computer-readable medium. Example Embodiments This disclosure relates to validation of an unvalidated access point (AP) that purports to be associated with a mobility domain (e.g., an AP that advertises itself as part of the mobility domain, though it may or may not actually be a legitimate member of the domain). In one embodiment, the unvalidated AP is verified by another AP that is already associated with the mobility domain. The unvalidated AP exchanges nonces with the associated AP along with exchanging mobility domain signatures to verify the unvalidated AP. If the nonces and mobility domain signatures align, then the unvalidated AP is verified, and the now verified AP can be confidently associated with the mobility domain. A similar process can be done by a client device that receives a beacon from an AP. For example, the client device may verify the unvalidated AP before the client device joins the mobility domain through the unvalidated AP. In one embodiment, the unvalidated AP is a rogue AP that is mimicking an AP that is associated with the mobility domain. By having an unvalidated AP go through a validation process with an AP associated with the mobility domain, the associated AP can warn devices of the rogue AP before the devices connect to the rogue AP. Also, by having client devices verify APs when the client device is joining the mobility domain, the client devices are less likely to connect to a rogue AP, which enhances security of the client devices data. FIG. 1 d