Search

US-20260129453-A1 - MITIGATION FOR MAN-IN-THE-MIDDLE AND REPLAY ATTACKS WITHIN A MOBILITY DOMAIN

US20260129453A1US 20260129453 A1US20260129453 A1US 20260129453A1US-20260129453-A1

Abstract

The present disclosure provides techniques for mitigating Man-in-the-Middle (MITM) and replay attack within a mobility domain. An access point (AP) within a seamless mobility domain (SMD), generates a frame comprising an SMD signature, an SMD identifier, and a replay protection value, where the SMD signature is generated by signing a data structure comprising the SMD identifier and the replay protection value using a private key associated with the SMD. The AP transmits the frame to a station (STA) for verification.

Inventors

  • Binita Gupta
  • Brian D. Hart
  • Stephen M. Orr
  • Malcolm M. Smith
  • Indermeet S. GANDHI

Assignees

  • CISCO TECHNOLOGY, INC.

Dates

Publication Date
20260507
Application Date
20251002

Claims (20)

  1. 1 . A method, comprising: receiving, by a station (STA), a frame transmitted by an access point (AP), wherein the STA is a member of a seamless mobility domain (SMD) and the frame comprises: an SMD signature, an SMD identifier, and a replay protection value; reconstructing, by the STA, a data structure using the SMD identifier and the replay protection value; verifying, by the STA, using a public key associated with the SMD, the SMD signature against the data structure; and determining, based on successful verification of the SMD signature, that the AP is a valid member of the SMD.
  2. 2 . The method of claim 1 , wherein the replay protection value is valid within a defined time interval, and the replay protection value comprises at least one of: a nonce, or a replay counter.
  3. 3 . The method of claim 1 , wherein the frame further comprises at least one of: identity information of the AP, operating channel information, or a timestamp.
  4. 4 . The method of claim 3 , wherein reconstructing the data structure comprises: reconstructing the data structure using the SMD identifier, the replay protection value, and at least one of: the identity information of the AP, the operating channel information, or the timestamp.
  5. 5 . The method of claim 1 , wherein the public key associated with the SMD is obtained by the STA using one of: received over-the-air from the AP, provisioned on the STA, or received as part of a certificate signed by a trusted certificate authority (CA).
  6. 6 . The method of claim 1 , further comprising receiving, by the STA, the public key associated with the SMD from the AP via an Access Network Query Protocol (ANQP) request and response exchange.
  7. 7 . A method, comprising: generating, by an access point (AP) within a seamless mobility domain (SMD), a frame comprising: an SMD signature, an SMD identifier, and a replay protection value, wherein the SMD signature is generated by signing a data structure comprising the SMD identifier and the replay protection value using a private key associated with the SMD; and transmitting, by the AP, the frame to a station (STA) for verification.
  8. 8 . The method of claim 7 , wherein the replay protection value is valid within a defined time interval, and the replay protection value comprises at least one of: a nonce, or a replay counter.
  9. 9 . The method of claim 8 , further comprising: in response to determining the defined time interval has elapsed, generating, by the AP, a second frame comprising: a second SMD signature, the SMD identifier; and a second replay protection value, wherein the second SMD signature is generated by signing a data structure comprising the SMD identifier and the second replay protection value using the private key associated with the SMD; and transmitting, by the AP, the second frame to the STA.
  10. 10 . The method of claim 7 , wherein the frame further comprises at least one of: identity information of the AP, operating channel information, or a timestamp.
  11. 11 . The method of claim 10 , wherein the data structure signed for generating the SMD signature comprises the SMD identifier and the replay protection value, and at least one of: the identity information of the AP, the operating channel information, or the timestamp.
  12. 12 . The method of claim 7 , wherein the STA, upon receiving the frame, verifies the SMD signature using a public key associated with the SMD.
  13. 13 . The method of claim 12 , wherein the public key associated with the SMD is obtained by the STA using one of: received over-the-air from the AP, provisioned on the STA, or received as part of a certificate signed by a trusted certificate authority (CA).
  14. 14 . A method, comprising: receiving, by a station (STA), a frame transmitted by an access point (AP), wherein the STA is a member of a seamless mobility domain (SMD) and the frame comprises: an SMD signature, and an SMD identifier; transmitting, by the STA, a client nonce (CNonce) to the AP; receiving, by the STA and from the AP, a live SMD signature generated based on the CNonce, an AP nonce (ANonce), and the SMD identifier using a private key associated with the SMD; verifying, by the STA, the live SMD signature using a public key associated with the SMD; and determining, based on successful verification of the live SMD signature, that the AP is a valid member of the SMD.
  15. 15 . The method of claim 14 , wherein the frame further comprises at least one of: identity information of the AP, operating class, or a channel number.
  16. 16 . The method of claim 15 , wherein the live SMD signature is generated based on the CNonce, an AP nonce (ANonce), the SMD identifier, and at least one of: the identity information of the AP, the operating class, or the channel number.
  17. 17 . The method of claim 14 , wherein the public key associated with the SMD is obtained by the STA using one of: received over-the-air from the AP, provisioned on the STA, or received as part of a certificate signed by a trusted certificate authority (CA).
  18. 18 . A method, comprising: generating, by an access point (AP) within a seamless mobility domain (SMD), a frame comprising: a static SMD signature, and a SMD identifier; transmitting, by the AP, the frame to a station (STA); receiving, by the AP, a client nonce (CNonce) from the STA; generating, by the AP, an AP nonce (ANonce); generating a live SMD signature by signing a data structure comprising the CNonce, the ANonce, and the SMD identifier using a private key associated with the SMD; and transmitting, by the AP, the live SMD signature to the STA for verification.
  19. 19 . The method of claim 18 , wherein the frame further comprises at least one of: identity information of the AP, operating class, or a channel number.
  20. 20 . The method of claim 18 , wherein generating the live SMD signature comprises: transmitting, by the AP, the data structure to a trusted entity holding the private key associated with the SMD, wherein the trusted entity generates the live SMD signature by signing the data structure using the private key; and receiving, by the AP, the live SMD signature from the trusted entity.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application claims benefit of co-pending U.S. provisional patent application Ser. No. 63/715,442 filed Nov. 12, 2024. The aforementioned related patent application is herein incorporated by reference in its entirety. TECHNICAL FIELD Embodiments presented in this disclosure generally relate to wireless communication. More specifically, embodiments disclosed herein relate to mitigating Man-in-the-Middle (MITM) and replay attacks within a mobility domain. BACKGROUND Wireless networks are evolving to support seamless mobility across extended service sets (ESS), such as campus-wide or enterprise-wide deployments. To reduce handoff latency and improve user experience during roaming, mechanisms have been introduced that allow stations (STAs) to maintain continuous connectivity while moving between multiple access points (APs) within the same mobility domain. However, as roaming becomes more seamless and decentralized, the risk of replay attacks increases. Existing protection often relies on per-link key management and sequence number tracking but does not provide verification of membership in a scalable and low-latency manner. BRIEF DESCRIPTION OF THE DRAWINGS So that the manner in which the above-recited features of the present disclosure can be understood in detail, a more particular description of the disclosure, briefly summarized above, may be had by reference to embodiments, some of which are illustrated in the appended drawings. It is to be noted, however, that the appended drawings illustrate typical embodiments and are therefore not to be considered limiting; other equally effective embodiments are contemplated. FIG. 1 depicts an example of client roaming within a seamless mobility domain (SMD), according to some embodiments of the present disclosure. FIG. 2 depicts an example of a roaming replay attack scenario during client roaming in an SMD, according to some embodiments of the present disclosure. FIG. 3 depicts an example sequence of interaction between a station multi-link device (STA MLD) and a target access point multi-link device (AP MLD) during roaming, according to some embodiments of the present disclosure. FIG. 4 depicts an example sequence of interaction between a STA MLD and a target AP MLD during roaming, according to some embodiments of the present disclosure. FIG. 5 depicts an example method performed by a target AP MLD for seamless mobility domain (SMD) signature transmission, according to some embodiments of the present disclosure. FIG. 6 depicts an example method performed by a STA MLD to verify a target AP using an SMD signature and a replay protection value, according to some embodiments of the present disclosure. FIG. 7 depicts an example method performed by a target AP MLD for SMD signature-based liveness verification using a nonce exchange, according to some embodiments of the present disclosure. FIG. 8 depicts an example method performed by a STA MLD to verify a target AP using an SMD signature with liveness verification, according to some embodiments of the present disclosure. FIG. 9 is a block diagram depicting an example method performed by a STA MLD for verifying an AP MLD using an SMD signature and a replay protection value, according to some embodiments of the present disclosure. FIG. 10 is a block diagram depicting an example method performed by an AP MLD for transmitting an SMD signature with a replay protection value, according to some embodiments of the present disclosure. FIG. 11 is a block diagram depicting an example method performed by a STA MLD for verifying an AP MLD using a nonce exchange and live SMD signature, according to some embodiments of the present disclosure. FIG. 12 is a block diagram depicting an example method performed by an AP MLD for generating and transmitting a live SMD signature in response to a STA-initiated nonce exchange, according to some embodiments of the present disclosure. FIG. 13 depicts an example client device configured to perform various aspects of the present disclosure, according to some aspects of the present disclosure. FIG. 14 depicts an example network device configured to perform various aspects of the present disclosure, according to some aspects of the present disclosure. To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures. It is contemplated that elements disclosed in one embodiment may be beneficially used in other embodiments without specific recitation. DESCRIPTION OF EXAMPLE EMBODIMENTS Overview One embodiment presented in this disclosure provides a method, including receiving, by a station (STA), a frame transmitted by an access point (AP), where the STA is a member of a seamless mobility domain (SMD) and the frame comprises an SMD signature, an SMD identifier, and a replay protection value, reconstructing, by the STA, a data structure using the SMD identifier and the replay