[go: up one dir, main page]

GB2640559A - Methods, devices, and computer programs for managing secret key for group and individual privacy - Google Patents

Methods, devices, and computer programs for managing secret key for group and individual privacy

Info

Publication number
GB2640559A
GB2640559A GB2405775.4A GB202405775A GB2640559A GB 2640559 A GB2640559 A GB 2640559A GB 202405775 A GB202405775 A GB 202405775A GB 2640559 A GB2640559 A GB 2640559A
Authority
GB
United Kingdom
Prior art keywords
edp
key
station
stations
shared
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
GB2405775.4A
Other versions
GB202405775D0 (en
Inventor
Sevin Julien
Baron Stéphane
Nezou Patrice
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Canon Inc
Original Assignee
Canon Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canon Inc filed Critical Canon Inc
Priority to GB2405775.4A priority Critical patent/GB2640559A/en
Publication of GB202405775D0 publication Critical patent/GB202405775D0/en
Priority to PCT/EP2025/060979 priority patent/WO2025224126A1/en
Publication of GB2640559A publication Critical patent/GB2640559A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method at a station of a basic service set (BSS) comprising: obtaining a secret key shared with at least another station of the BSS, generating an enhanced data privacy (EDP) key using the shared secret key and a shared pseudorandom function (PRF), and modifying a value of a privacy parameter as a function of the EDP key. The privacy parameter may be a MAC address, an association identifier (AID), a packet number (PN), a sequence number (SN). A method between an access point (AP) and a group of stations in a BSS: sending a group offset value to a group of stations to modify the value of a privacy parameter using the offset value, sending an update value to a sub-group of stations of the group for the sub-group of stations to modify the value of their corresponding privacy parameter using the update value, wherein the stations determine a start time at which a value of a privacy parameter is to be modified, the start time determined as a function of an EDP key.

Description

METHODS, DEVICES, AND COMPUTER PROGRAMS FOR MANAGING SECRET KEY FOR GROUP AND INDIVIDUAL PRIVACY
FIELD OF THE DISCLOSURE
The present disclosure relates to wireless communications and more specifically to user privacy during wireless communications.
BACKGROUND OF DISCLOSURE
The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section. Furthermore, all embodiments are not necessarily intended to solve all or even any of the problems brought forward in this section.
Wireless communication networks are widely deployed to provide various communication services such as voice, video, packet data, messaging, broadcast, etc. These wireless networks may be multiple-access networks capable of supporting multiple users by sharing the available network resources. Examples of such multiple-access networks include Code Division Multiple Access (CDMA) networks, Time Division Multiple Access (TDMA) networks, Frequency Division Multiple Access (FDMA) networks, Orthogonal FDMA (OFDMA) networks, and Single-Carrier FDMA (SC-FDMA) networks. The 802.11 family of standards adopted by the Institute of Electrical and Electronics Engineers (IEEE -RTM) provides a great number of mechanisms for wireless communications between stations.
Today, the evolution of wireless systems has brought privacy concerns at the forefront, driven by user demand and requirements of the General Data Protection Regulation (GDPR). The global wireless industry is faced with the growing need to protect users' personally identifiable information from increasingly sophisticated user tracking and user profiling activities, while continuing to improve wireless services and the user experience.
The Personally Identifiable Information (PII) corresponds to any data that identifies an individual or from which identity or contact information of an individual can be derived. A device's Media Access Control (MAC) address is an example of PII.
A dedicated task group 802.11bi has been initiated in 2019 to address those privacy concerns. Its objective is to specify Enhanced Data Privacy (EDP) features to be added in the current standard to increase privacy. Some of the EDP features relate to the obfuscation of multiple identified PI I, also referred to as EDP parameters or privacy parameters below, contained in the frames exchanged in clear by the stations (STAs) that would allow an eavesdropper to fingerprint a device. Among these EDP parameters, identifiers like the MAC address or the Association Identifier (AID) are of course the most important ones, but other parameters like the Sequence Number (SN) or the Packet Number (PN) present in the non-encrypted part of the data frames are also listed. The obfuscation consists in performing a simultaneous change of the transmitted EDP parameters (which are transmitted in clear in the frames) by the stations, to uncorrelated new values (with the previous ones) without any loss of connection.
This change relies on the concept of EDP epoch that corresponds to a limited period of time during which these uncorrelated values of the EDP parameters remain constant. An EDP epoch is either an individual EDP epoch or a group EDP epoch. More precisely, an individual EDP Epoch is a time window in which a single non-Access Point (non-AP) STA applies a set of EDP parameters that is valid for the duration of that individual EDP Epoch. It is initiated by a single non-AP station by an individual EDP epoch sequence request. A Group EDP Epoch is a time window in which each non-AP STA of a set of non-AP STAs applies a set of EDP parameters that is valid for the duration of that Group EDP Epoch. It is for instance initiated by an Access Point (AP) STA by advertising the EDP epoch parameters to a set of non-AP STAs. Each non-AP STA of the set of non-AP STAs applies the advertised EDP Epoch parameters of the Group EDP Epoch to determine the same one or more EDP Epoch start times. A key challenge is that these EDP Epoch start times need to be easily determined by both an AP station and a set of non-AP stations (one, several, or all the non-AP stations associated with the AP station), while not being easily determined by an eavesdropper. For this, the generation of these EDP Epoch start times is based on a shared function as a Pseudo-Random Function (PRF) which is executed in parallel by EDP non-AP STAs and EDP AP with the use of a shared private encryption key. According to the type of the EDP epoch (Individual or Group), the shared private encryption key is either specific to EDP non-AP STA or common to all the EDP non-AP STAs associated with the EDP AP.
Similarly, for generating the new uncorrelated values of the EDP parameters, the change is also based on a shared function as a PRF which is executed in parallel by EDP non-AP STA and EDP AP with the use of a shared private encryption key without explicit exchange over the air. According to the individual (meaning that the values is specific and apply for only a single non-AP STA) or group privacy usage (meaning that the same new values are applied for a group of EDP non-AP STAs) of the EDP parameter, the shared private encryption key is also either specific to EDP non-AP STAs or common to all the EDP non-AP STAs associated to the EDP AP.
At the current stage of the standard 802.11bi, the generation of the aforementioned shared private encryption key is not specified.
SUMMARY OF THE DISCLOSURE
It is a broad aspect of the present disclosure to provide methods, devices, and computer programs for managing secret key for group and individual privacy.
According to a first aspect, it is provided a method for improving communication privacy comprising, at a station of a Basic Station Set, BSS: obtaining a secret key shared with at least another station of the BSS; generating an Enhanced Data Privacy, EDP, key using the obtained shared secret key and a pseudo-random function shared by the at least another station, and modifying at least one privacy parameter as a function of the EDP key. Accordingly, the method of the invention makes it possible to improve communication privacy using simple and efficient mechanisms ensuring reliability.
According to a particular embodiment, the EDP key is generated using the obtained shared secret key, an identifier of the BSS, and the pseudo-random function.
Still according to a particular embodiment, a value of the at least one privacy parameter is modified as a function of the EDP key. The time at which the new value should be used may be determined similarly or not.
Still according to a particular embodiment, the value of the at least one privacy parameter is unique to the station and the other station, enabling individual secret key management.
Still according to a particular embodiment, the obtained secret key is a first secret key, the generated EDP key is a first EDP key, and the pseudo-random function is a first pseudo-random function, the method further comprising obtaining a second secret key shared with the at least another station; generating a second EDP key using the second shared secret key and a second pseudo-random function shared by the at least another station, and wherein a value of another privacy parameter, different from the at least one privacy parameter, is modified as a function of the second EDP key, the value of the other privacy parameter being common to several stations of a set of stations of the BSS, the set of stations of the BSS comprising the station and the other station.
Accordingly, such a method enables individual or group secret key management for changing the values of EDP parameters.
Still according to a particular embodiment, the obtained secret key is a first secret key, the generated EDP key is a first EDP key, and the pseudo-random function is a first pseudo-random function, the method further comprising obtaining a second secret key shared with the at least another station; generating a second EDP key using the second shared secret key and a second pseudo-random function shared by the at least another station, and determining a start time at which the at least one privacy parameter is to be modified, the start time being determined as a function of the second EDP key. Accordingly, such a method enables key management for modifying a value of an EDP parameter and determining the time at which the change should occur.
Still according to a particular embodiment, the start time is common to several stations of a set of stations of the BSS, the set of stations of the BSS comprising the station and the other station. Accordingly, such a method enables key management for modifying a value of an EDP parameter and determining the time at which the change should occur for a plurality of EDP stations.
Still according to a particular embodiment, the start time is unique to the station and the other station, enabling individual secret key management.
Still according to a particular embodiment, the method further comprises obtaining a third secret key shared with the at least another station; generating a third EDP key using the third shared secret key and a third pseudo-random function shared by the at least another station, and determining a start time at which the at least one privacy parameter and the other privacy parameter are to be modified, the start time being determined as a function of the third EDP key.
Still according to a particular embodiment, the method further comprises determining a start time at which the at least one privacy parameter and the other privacy parameter are to be modified, the start time being determined as a function of the second EDP key.
Still according to a particular embodiment, the start time is common to the stations of the set of stations of the BSS.
Still according to a particular embodiment, the method further comprises determining a start time at which the at least one privacy parameter is to be modified, the start time being determined as a function of the EDP key.
Still according to a particular embodiment, a value of the at least one privacy parameter is modified as a function of the EDP key.
Still according to a particular embodiment, the obtained secret key is a first secret key, the generated EDP key is a first EDP key, and the pseudo-random function is a first pseudo-random function, the method further comprising obtaining a second secret key shared with the at least another station; generating a second EDP key using the second shared secret key and a second pseudo-random function shared by the at least another station, and wherein a value of another privacy parameter, different from the at least one privacy parameter, is modified as a function of the second EDP key, the value of the other privacy parameter being common to stations of a set of stations of the BSS, the set of stations of the BSS comprising the station and the other station and the value of the at least one privacy parameter is unique to the station and the other station.
Still according to a particular embodiment, the obtained secret key is a first secret key, the generated EDP key is a first EDP key, and the pseudo-random function is a first pseudo-random function, the method further comprising obtaining a second secret key shared with the at least another station; generating a second EDP key using the second shared secret key and a second pseudo-random function shared by the at least another station, and modifying a value of the at least one privacy parameter as a function of the second EDP key, wherein a value of the at least one privacy parameter is modified as a function of the second EDP key.
Still according to a particular embodiment, the start time is common to several stations of a set of stations of the BSS, the set of stations of the BSS comprising the station and the other station.
Still according to a particular embodiment, the start time is unique to the station and the other station.
According to a second aspect, it is provided a communication device comprising a processing unit configured for carrying out each of the steps of the method described above. The advantages of such a communication device are similar to those of the 35 method.
At least parts of the methods according to the disclosure may be computer implemented. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "circuit", "module" or "system".
Furthermore, the present disclosure may take the form of a computer program product embodied in any tangible medium of expression having computer usable program code embodied in the medium.
Since the present disclosure can be implemented in software, the present disclosure can be embodied as computer readable code for provision to a programmable apparatus on any suitable carrier medium. A tangible, non-transitory carrier medium may comprise a storage medium such as a floppy disk, a CD-ROM, a hard disk drive, a magnetic tape device or a solid-state memory device and the like. A transient carrier medium may include a signal such as an electrical signal, an electronic signal, an optical signal, an acoustic signal, a magnetic signal or an electromagnetic signal, e.g., a microwave or RF signal.
BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the disclosure will now be described, by way of example only, and with reference to the following drawings in which: Figure 1 illustrates an example of a network system in which some embodiments of the disclosure may be implemented; Figure 2 illustrates an example of steps carried out by both an EDP STA AP and a non-AP STA when a non-AP STA is added to an EDP Group Epoch Sequence, according to some embodiments of the disclosure; Figure 3 illustrates an example of steps carried out by both EDP STA AP and non-AP STA when a non-AP STA initiates an EDP Group Individual Sequence,
according to some embodiments of the disclosure;
Figure 4 illustrates an Information Element containing group epoch parameters; Figure 5 illustrates an example of a frame format of an Information Element enabling a non-AP station to change its AID; and Figure 6 schematically illustrates an example of a communication device configured to implement at least some embodiments of the present disclosure.
DETAILED DESCRIPTION OF THE DISCLOSURE
According to some embodiments, a shared secret key used to determine at which time the value of an EDP parameter should change in EDP stations of a group of EDP stations is determined as a function of a primary shared secret key, for example as a function of a Group Transient Key (GTK) key, and of a KDF-Hash function (which may be the key derivation function as defined in 12.7.1.6.2 of IEEE P802.11-REVme/D5.0 (Key derivation function (KDF)). The shared secret key used to determine at which time the value of an EDP parameter should change may also be determined as a function of an identifier of the BSS. Likewise, a shared secret key used to determine a new value of an EDP parameter may be determine in the EDP stations of the group of EDP stations as a function of a primary shared secret key, for example as a function of the GTK key, and of the KDF-Hash function. The shared secret key used to determine at which time the value of an EDP parameter should change and the shared secret key used to determine a new value of an EDP parameter may be the same shared secret key or may be different shared secret keys. In addition, a shared secret key used to determine a new value of an EDP parameter may be determine in an EDP non-AP station and in an EDP AP station stations as a function of a primary shared secret key, for example as a function of a Key Derivation Key (KDK) forming subpart of a Pairwise Transient Key (PTK), and of the KDF-Hash function.
Still according to some embodiments, a shared secret key used to determine at which time the value of an EDP parameter should change in an EDP non-AP station and in an EDP AP station is determined as a function of a primary shared secret key, for example as a function of a Group Transient Key (GTK) key, and of a KDF-Hash function (which may be the key derivation function as defined in 12.7.1.6.2 of IEEE P802.11-REVme/D5.0 (Key derivation function (KDF)). The shared secret key used to determine at which time the value of an EDP parameter should change may also be determined as a function of an identifier of the BSS. Likewise, a shared secret key used to determine a new value of an EDP parameter may be determine in EDP stations of a group of EDP stations as a function of a primary shared secret key, for example as a function of the GTK key, and of the KDF-Hash function. In addition, a shared secret key used to determine a new value of an EDP parameter may be determine in the EDP non-AP station and in the EDP AP station as a function of a primary shared secret key, for example as a function of a Key Derivation Key (KDK) forming subpart of a Pairwise Transient Key (PTK), and of the KDF-Hash function. The shared secret key used to determine at which time the value of an EDP parameter should change and the shared secret key used to determine a new value of an EDP parameter in the EDP non-AP station and in the EDP AP station may be the same shared secret key or may be different shared secret keys.
Still according to some embodiments, a station may request the creation of an EDP Epoch sequence that may be joined latter by other stations. Thus this "individual" 5 sequence becomes a group EDP Epoch.
In the following the Enhanced Data Privacy Access Point stations are referred to as EDP AP STAs, AP STAs, or APs and the Enhanced Data Privacy non-Access Point stations are referred to as EDP non-AP STAs, non-AP STAs, or non-APs.
Figure 1 illustrates an example of a network system in which some embodiments of the disclosure may be implemented.
For the sake of illustration, Figure 1 represents an 802.11 network (i.e., a Wi-Fi network) system 100 comprising four wireless devices: an access point station (AP) 105 and three non-AP stations (STAs) 110a, 110b, and 110c. The AP station and the non-AP stations may be an AP multi-link device (MLD) and non-AP MLDs, respectively. Of course, the number of non-AP stations 110a, 110b, and 110c may be different from three. AP station 105 provides wireless connections between non-AP stations 110a, 110b, 110c and a wider network, such as the Internet (not represented). The connection of one of non-AP station 110a, 110b, and 110c to AP 105 may be performed by a standardized process called association. Once a non-AP station is associated with the AP station, the non-AP station can send data to the network and receive data from the network through the AP station.
AP station 105 may comprise, be implemented as, or known as a Node B, Radio Network Controller (RNC), evolved Node B (eNB), 5G Next generation base station (gNB), Base Station Controller (BSC), Base Transceiver Station (BTS), Base Station (BS), Transceiver Function (TF), Radio Router, Radio Transceiver, Basic Service Set (BSS), Extended Service Set (ESS), Radio Base Station (RBS), or some other terminology. It can be a standalone product or it may be integrated in a device, for instance in a broadband remote access server (BRAS).
Non-AP stations 110a, 110b, and/or 110c may comprise, be implemented as, or known as a subscriber's station, a subscriber unit, a mobile station (MS), a remote station, a remote terminal, a user terminal (UT), a user agent, a user's device, a user equipment (UE), a user station (STA), or some other terminology. In some implementations, a non-AP station may be or may comprise a cellular telephone, a cordless telephone, a Session Initiation Protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), a handheld device having wireless connection capability, or some other suitable processing device connected to a wireless modem. Accordingly, one or more aspects taught herein may be incorporated into a phone (e.g., a cellular phone or a smartphone), a computer (e.g., a laptop), a tablet, a portable communication device, a portable computing device (e.g., a personal data assistant), an entertainment device (e.g., a music or video device, or a satellite radio), a global positioning system (GPS) device, or any other suitable device that is configured to communicate via a wireless or wired medium. In some aspects, some of non-AP stations 110a, 110b, and 110c may be wireless nodes. Such a wireless node may provide, for example, connectivity for or to a network (e.g., a wide area network such as the Internet or a cellular network) via a wired or wireless communication link.
AP station 105 manages a set of stations that together organize their accesses to the wireless medium for communication purposes. All the stations (AP station 105 and non-AP stations 110a, 110b, and 110c) form a service set, which may be referred to as basic service set, BSS (although other terminology can be used). It is noted that AP station 105 may manage more than one BSS: each BSS is thus uniquely identified by a specific basic service set identifier (BSSID) and managed by a separate virtual AP station implemented in physical AP station 105.
Figure 2 illustrates an example of steps carried out by both EDP STA AP and non-AP STA when a non-AP STA is added to an EDP Group Epoch Sequence, according to some embodiments of the disclosure, an EDP Group Epoch Sequence being a sequence of EDP Group Epochs used by a set of EDP non-AP STAs associated with the same EDP AP, to change values of EDP parameters at the same time.
According to some embodiments, a Group EDP Epoch sequence is initiated by an EDP AP (AP that has indicated its support of EDP features) by advertising an EDP Epoch Sequence parameters element through the transmission of a Group EDP Epoch Indication action frame or in any management frames on any enabled links.
Upon the reception of EDP Epoch Sequence parameters element through a Group EDP Epoch Indication action frame or in any management frames, a non-AP STA, that has indicated a support of EDP features and referred to as EDP non-AP STA, applies the advertised EDP Epoch sequence parameters to determine the start time of the Group EDP Epoch sequence and the subsequent Group EDP Epochs of the Group EDP Epoch sequence.
For this, at step 200, both EDP non-AP STA and the EDP AP retrieve the value denoted GTO that is indicated in the Start Time field of the advertised EDP Epoch Sequence parameters element, the value denoted RandTR that is indicated in the Time Range field of the advertised EDP Epoch Sequence parameters element, and the value denoted GEI that is indicated in the Interval field of the advertised EDP Epoch Sequence parameters element, as illustrated in Figure 4.
Next, at step 210, the EDP non-AP STA determines the current Group Epoch iteration of the Group EDP Epoch sequence n, for example as follows: n = (TSF-GTO) I GB] wherein TSF represents the Timing synchronization function or TSF time.
According to some embodiments, step 210 is not carried out by the EDP AP as it knows directly the current Group Epoch iteration.
Next, at step 220, both EDP non-AP STA and EDP AP compute the start time denoted GETn+1 of the (n+1)th EDP Group Epoch, from a shared function which is executed in parallel by EDP non-AP station and EDP AP with the use of a shared private encryption key denoted EDP-G-Epoch-Key.
According to some embodiments, the shared function is the pseudorandom function (PRF) as specified in section 12.7.1.2 of the standard IEEE Std 802.11-2020. Alternatively, any other PRF or block cipher algorithm allowing to cipher a block, with similar input parameters (shared private encryption key and shared parameter having a value varying over time) may be used. The description below mostly concentrates on the PRF for ease of explanation. However, similar considerations can be made with respect to any block cipher algorithm.
According to some embodiments, start time GETn+1 is computed as follows: GETn+1 = GTn+1 + AlT with A/T = PRF-128164(EDP-G-Epoch-Key, "EDP", GTn+1) mod (RandTR) and with: GTn+1 = GTn + GEl or with n = IITSF -GTO)/ GEIJ GTn+1 =GTO+ (n+1) x GEI where: n is the current iteration of the sequence computed at step 210; PRF-Length-M/L is the pseudorandom function generating a sequence of M random bits from which only the L leftmost bits are extracted; TSF is the current value of the internal TSF counter of the receiving link of the non-AP STA; GTO is the value indicated in the Start Time field of the advertised EDP Epoch Sequence parameters element retrieved at step 200; RandTR is the value indicated in the Time Range field of the advertised EDP Epoch Sequence parameters element retrieved at step 200; GTn is the start time for the current iteration n of the sequence; GEl is the value indicated in the Interval field of the advertised EDP Epoch Sequence parameters element retrieved at step 200; and EDP-G-Epoch-Key is the shared private encryption key involved in the procedure to generate the uncorrelated start time of a group EDP epoch.
According to some embodiments, EDP-G-Epoch-Key is a key derived from the 15 Group Transient Key (GTK, GTK being a key provided by the AP to the non-AP station upon association, that is known by all the stations associated with the AP) as follows: EDP-G-Epoch-Key = KDF-Hash-256 (GTK, "EDP", BSSID) wherein KDF-Hash-Length is the key derivation function as defined in 12.7.1.6.2 (Key derivation function (KDF)), GTK is the current GTK of the EDP AP, "EDP" is a string of characters identifying a context for carrying out the key derivation function, this is given as an example only and any other string can be used, and BSSID is the BSS identifier of the EDP AP.
Next, at step 230, both EDP non-AP STA and EDP AP compute the new uncorrelated values of the EDP parameters for an Individual usage for the (n+1)th EDP Group Epoch from a shared function which is executed in parallel by the EDP non-AP STA and the EDP AP STA with the use of a shared private encryption key denoted EDP-I-Param-Key.
According to the considered EDP parameter, a new uncorrelated value may consist in either a reset of the EDP parameter itself (reset-based obfuscation) that is the transmitted (OTA) EDP parameter included in the exchanged 802.11 frames or an encoding of the EDP parameter in order to generate an encoded EDP parameter (mask-based obfuscation) which is used as the new value for the corresponding transmitted (OTA) EDP parameter included in the exchanged 802.11 frames. The encoding operation may take as inputs the local current value of the EDP parameter considered and an encoding parameter shared by the encoder and the decoder. The encoding operation may be a mere masking, in which case the shared encoding parameter is a shared mask having the same binary length as the EDP parameter considered.
Alternative to the masking (e.g., XOR) includes the binary addition or an offset, both being based on a shared encoding parameter.
EDP Parameter has either an individual privacy usage or a group privacy usage. An individual privacy usage for an EDP Parameter means that the value or the obfuscation mask is specific to the non-AP STA. Typically, the EDP Parameter as MAC Addresses, Sequence Number, and Packet Number have either an individual privacy usage.
A group privacy usage for an EDP Parameter means that the same value or the same obfuscation mask is used for a group of EDP non-AP STA. The AID may have a group privacy usage involving that only one mask is generated for obfuscating the AIDs of the group of non-AP STAs involved in the Group EDP Epoch.
The AID may be a 16 bit identifier that is locally unique. This means that two stations associated with two different Basic Service Sets (BSSs) of an AP station may have the same AID value, but two stations associated with the same BSS do not share the same AID value.
The AID has been originally introduced to reduce the signalling overhead when an AP STA wants to identify a station for delivery of buffered frames when power-saving is enabled. The AID is advantageously used in replacement of the MAC address (that is 48 bit long) when an AP STA indicates in Traffic Indication Messages that it has some traffic waiting for transmission to a station in power save state. It is noted that the range of value for the AID selection is much shorter. In addition, in IEEE 802.11 series, the AID for a station is limited to a sub range [1; 2,007] of an 11-bits identifier (instead of the 2,045 possible values), the other values being reserved to identify some groups of stations, or specific signalling (unassigned resource, resources for random access, etc.).
Since AID belongs to a limited range of values, a random selection may drive to multiple AID values collisions across different stations. This is why for AIDs (without being limited to AIDs), applying a same offset value (referred to as group offset value) or a same obfuscation mask for a group of EDP non-AP STAs is beneficial to avoid collisions. However, adding a same offset to the AIDS of the group just shifts the AID assignment pattern by a fixed value, and after some iterations, an eave dropper may be able to identify the pattern and then correlate old and new values.
A solution to the side effect of applying a same group offset value for a privacy parameter (such as the AID) to the stations of the group may be to assign, for a selected number of stations of the group, a value to the privacy parameter that differs from what is obtained by applying the group offset. In other words, for a sub-group of one or more stations, a frame is for example sent to those stations indicating an update value for the privacy parameter. The update value may be a new safe (unique among all the STAs) value to be applied by each recipient station to modify its privacy parameter.
Alternatively, the update value may be a specific offset value that is common to all the stations of the sub-group or that is different for each station of the sub-group. The update value is preferably computed by the AP STA. This allows for example in the case of AID to guarantee that each resulting AID, either directly assigned or obtained by applying the specific offset, is unique within the BSS. The update value (e.g., new AID value or new offset for instance) is applied by the receiving station upon reception, or at the expiration of the AID switch counter field 520 (Figure 5) if present. If case of receiving an update value corresponding to a specific offset, a station of the sub-group may apply only the specific offset value or, according to a variant, both the group offset and the specific offset values cumulatively.
It is to be noted that the sub-group of selected stations may be dynamic, which means that the selected stations and their number may change over time. This creates more diversity and gives flexibility to the AP STA to adapt the method (timing of modification and/or selected stations) according to current conditions of the BSS for example.
The proposed solution advantageously allows the AP STA to avoid any identifiable patterns when privacy parameters are modified, and hence security is increased. For the AID for example, the proposed solution breaks the AID assignment pattern, making correlation impossible using a pattern identification.
Since the AP STA does not need to send the new AID value to every station at each Epoch, this solution has also the advantage of avoiding large frame exchange overhead.
In one embodiment, the new AID value computed by the AP is sent thanks to a unicast encrypted frame (for instance a dedicated protected action frame, as illustrated in Figure 5). Therefore, according to some embodiments, it is provided a method for 35 modifying one or more EDP parameters of one or more EDP non-AP STAs of an EDP group, wherein the one or more EDP parameters are provided within an EDP parameters' assignment pattern, the method comprising sending, for each of the one or more EDP non-AP STAs, a new value for the one or more EDP parameters. Still according to some embodiments, the same offset value or the same obfuscation mask is applied to the EDP parameters of the EDP parameters' assignment pattern other than the one or more modified EDP parameters or the one or more EDP parameters to be modified. Still according to some embodiments, the one or more EDP parameters to be modified are an AID and the assignment pattern is an AID assignment pattern.
To carry out these obfuscation operations, a shared function may be executed to generate the new reset values and the new masks (or more generally new shared encoding parameter values). The shared function is carried out in parallel by the EDP non-AP STA and the EDP AP STA with a shared encryption key in order to generate, on both sides, the same new reset values and the new masks without exchanging them in clear.
Preferably, the same and single execution of the shared function simultaneously generates the new reset value or values for one or more EDP parameters (here below referred to as reset-based EDP parameters) to obfuscate and the new mask or masks (or more generally encoding parameter values) for one or more EDP parameters to obfuscate through encoding or masking (here below referred to as mask-based EDP parameters).
According to some embodiments, the shared function is the pseudorandom function (PRF) as specified in the section 12.7.1.2 of the standard IEEE Std 802.112020. Alternatively, any other PRF or block cipher algorithm allowing to cipher a block, with similar input parameters (shared private encryption key and shared parameter having a value varying over time) may be used. The description below mostly concentrates on the PRF for ease of explanation. However, similar considerations can be made with respect to any block cipher algorithm.
Back to step 230, both EDP non-AP STA and EDP AP STA compute the new uncorrelated values of the EDP parameters for an individual privacy usage for the (n+i)th EDP Group Epoch from the PRF, which is carried out in parallel by EDP non-AP STA and EDP AP with the use of a shared private encryption key denoted EDP-I-Param-Key, for example as follows: I EDP PARAM (n+1) = PRF-M/L(EDP-I-Param-Key, "EDP Param'; GTn+1) wherein I EDP PARAM (n+1) corresponds to the sum of the lengths of the EDP parameters for an individual privacy usage for the (n+l)'h EDP Group Epoch. It is split into predetermined chunks, each chunk corresponding either to a new reset value for each reset-based EDP parameter or a new shared encoding parameter value for each mask-based EDP parameter; PRF-M/L is the pseudorandom function generating a sequence of M random bits from which only the L leftmost bits are extracted; EDP-I-Pa ram-Key is the shared private encryption key involved in the procedure to generate either to a new reset value for each reset-based EDP parameter or a new shared encoding parameter value for each mask-based EDP parameter; "EDP Param" is a string of characters identifying a context for carrying out the key derivation function, this is given as an example only and any other string can be used, and GTn+1 is the start time for the (n+1)'h EDP Group Epoch.
According to some embodiments, EDP-I-Param-Key is a key derived from a Key Derivation Key, KDK, forming subpart of a Pairwise Transient Key, PTK, agreed between the two stations, for example as follows: EDP-I-Param-Key = KDF-Hash-256 (KDK, "EDP", BSSID) wherein KDF-Hash-Length may be the key derivation function as defined in 12.7.1.6.2 (Key derivation function (KDF)); KDK is the KDK part of the current PTK of the EDP non-AP STA as specified in 12.14.8.3.4 (PTKSA derivation with EDPKE authentication); "EDP" is a string of characters identifying a context for carrying out the key derivation function, this is given as an example only and any other string can be used, and BSSID is the BSS identifier of the EDP AP.
Next, at step 240, both EDP non-AP STA and EDP AP STA compute the new uncorrelated values of the EDP parameters for a group privacy usage for the (n+1)th EDP Group Epoch from the PRF which is executed in parallel by the EDP non-AP STA and the EDP AP STA with the use of a shared private encryption key denoted EDP-G-ParamKey, for example as follows: G_EDP PARAM (n+1) = PRF-M/L(EDP-G-Param-Key, "Client ERCM", GTn+1) wherein G_EDP PARAM (n+1) corresponds to the sum of the lengths of the EDP parameters for a group usage for the (n+1)th EDP Group Epoch. It is split into predetermined chunks, each chunk corresponding either to a new reset value for each reset-based EDP parameter or a new shared encoding parameter value for each mask-based EDP parameter; EDP-G-Param-Key is the shared private encryption key involved in the procedure to generate either to a new reset value for each reset-based EDP parameter or a new shared encoding parameter value for each mask-based EDP parameter; PRF-M/L is the pseudorandom function generating a sequence of M random bits from which only the L leftmost bits are extracted; EDP-G-Pa ram-Key is the shared private encryption key involved in the procedure to generate either to a new reset value for each reset-based EDP parameter or a new shared encoding parameter value for each mask-based EDP parameter; "Client ERCM" is a string of characters identifying a context for carrying out the key derivation function, this is given as an example only and any other string can be used; and GTn+1 is the start time for the (n+1)'h EDP Group Epoch.
According to some embodiments, EDP-G-Param-Key is a key derived from GTK as follows: EDP-G-Param-Key = KDF-Hash-256 (GTK, "EDP", BSSID) wherein KDF-Hash-Length is the key derivation function as defined in 12.7.1.6.2 (Key derivation function (KDF)); GTK is the current GTK of the EDP AP STA; "EDP" is a string of characters identifying a context for carrying out the key derivation function, this is given as an example only and any other string can be used; and BSSID is the BSS identifier of the EDP AP STA.
According to some embodiments EDP-G-Epoch-Key is different from EDP-G30 Param-Key.
According to other embodiments, EDP-G-Epoch-Key is the same secret key as EDP-G-Param-Key. In such a case, the parameter SIT in step 220 and the G_EDP PARAM (n+1) relative to EDP parameters for a group privacy usage in step 240 are generated simultaneously by carrying out the same and single execution of the shared function, for example as follows: fA,BJ = PRF-MYLIEDP-G-Param-Key, "Client ERCM", GTn+1) wherein G_EDP PARAM (n+1) = A and 61T = B mod (RandTR).
Figure 3 illustrates an example of steps carried out by both EDP AP STA and non-AP STA when a non-AP STA initiates an EDP Individual Sequence, according to some embodiments of the disclosure, an EDP Individual Epoch Sequence being a sequence of EDP Individual Epochs.
During a Multi-Link (ML) setup or resetup procedure, an EDP non-AP STA may initiate an individual EDP epoch sequence negotiation by including an EDP Epoch Sequence parameters element in the Association Request frame or in the ReAssociation Request frame if an AP has indicated a support of EDP features. Otherwise, the non-AP STA should not include the EDP Epoch Sequence parameters element in the Association Request frame on in the ReAssociation Request frame.
After the ML (re)setup is successful, to negotiate an individual EDP epoch sequence, an initiating EDP non-AP STA should send an Individual EDP Epoch Sequence Request through an affiliated non-AP STA, on any enabled link, to a responding EDP AP that has indicated support of EDP features.
Once an EDP non-AP STA has successfully negotiated an individual EDP epoch sequence with an EDP AP STA, both the EDP non-AP STA and the EDP AP STA should initiate the negotiated individual EDP epoch by computing the start time IET of the Individual EDP epoch sequence.
Once an EDP non-AP STA has successfully negotiated an individual EDP epoch sequence with an EDP AP STA, at step 300, both EDP non-AP STA and EDP AP STA retrieve the value ITO indicated in the Start Time field of the negotiated EDP Epoch Sequence parameters element, the value RandTR indicated in the Time Range field of the advertised EDP Epoch Sequence parameters element, the value 1E1 indicated in the Interval field of the advertised EDP Epoch Sequence parameters element Next, at step 310, both the EDP non-AP STA and the EDP AP compute the initial start time of the EDP Individual epoch sequence and of the nth subsequent Individual EDP epochs of the Individual EDP epoch sequence from a shared function which is executed in parallel by the EDP non-AP STA and the EDP AP STA with the use of a shared private encryption key denoted EDP-I-Epoch-Key.
According to some embodiments, the shared function is the pseudorandom function (PRF) as specified in the section 12.7.1.2 of the standard IEEE Std 802.112020. Alternatively, any other PRF or block cipher algorithm allowing to cipher a block, with similar input parameters (shared private encryption key and shared parameter having a value varying over time) may be used. The description below mostly concentrates on the PRF for ease of explanation. However, similar considerations can be made with respect to any block cipher algorithm.
The initial start time of the EDP Individual epoch sequence, denoted IET, may be computed as follows: IET = ITO + AIT with AlT = PRF-128164(EDP-I-Epoch-Key, "EDP, ITO) mod (RandTR) where PRF-Length-M/L is the pseudorandom function generating a sequence of M random bits from which only the L leftmost bits are extracted; EDP-I-Epoch-Key is the key used to generate the start time; "EDP" is a string of characters identifying a context for carrying out the key derivation function, this is given as an example only and any other string can be used; ITO is the value indicated in the Start Time field of the negotiated EDP Epoch Sequence parameters element; and RandTR is the value indicated in the Time Range field of the negotiated EDP Epoch Sequence parameters element.
According to some embodiments, EDP-I-Epoch-Key is a key derived from the KDK of the PTK generated, for example as follows: EDP-I-Epoch-Key = KDF-Hash-256 (KDK, "EDP Epoch Sequence", BSSID) wherein KDF-Hash-Length is the key derivation function as defined in 12.7.1.6.2 (Key derivation function (KDF)); KDK is the KDK part of the current PTK of the EDP non-AP STA as specified in 12.14.8.3.4 (PTKSA derivation with EDPKE authentication); "EDP Epoch Sequence" is a string of characters identifying a context for carrying out the key derivation function, this is given as an example only and any other string can be used; and BSSID is the BSS identifier of the EDP AP STA.
Likewise, the start time IETn of the nth subsequent Individual EDP epoch of the Individual EDP epoch sequence may be computed as follows: IETn = IT + AIT where n = I (TSF -IETO) /1E1/ IT =ITO+ n x 1E1 AlT = PRF-126164(EDP-1-Epoch-Key, "EDP Epoch Sequence", 17) mod (RandTR) where n corresponds to the current iteration of the sequence; TSF is the local TSF counter value of the EDP non-AP station; IETO is the value indicated in the Start Time field of the negotiated EDP Epoch Sequence parameters element; RandTR is the value indicated in the Time Range field of the negotiated EDP Epoch Sequence parameters element; and 1E1 is the value indicated in the Interval field of the negotiated EDP Epoch Sequence parameters element.
According to some embodiments; EDP-I-Epoch-Key is the key derived from the KDK of the current PTK of the EDP non-AP STA as specified above: EDP-1-Epoch-Key = KDF-Hash-256 (KDK, "EDP Epoch Sequence", BSSID) wherein KDF-Hash-Length is the key derivation function as defined in 12.7.1.6.2 (Key derivation function (KDF)); KDK is the KDK part of the current PTK of the EDP non-AP STA as specified in 12.14.8.3.4 (PTKSA derivation with EDPKE authentication) of the standard 802.11bi; "EDP Epoch Sequence" is a string of characters identifying a context for carrying out the key derivation function, this is given as an example only and any other string can be used; and BSSID is the BSS identifier of the EDP AP STA.
Next, at step 320, both the EDP non-AP STA and the EDP AP STA compute the new uncorrelated values of the EDP parameters for an individual privacy usage for the EDP Individual Epochs from a shared function which is executed in parallel by the EDP non-AP STA and the EDP AP STA with the use of a shared private encryption key denoted EDP-I-Param-Key.
According to the considered EDP parameter, a new uncorrelated value may consist in either a reset of the EDP parameter itself (reset-based obfuscation) that is the transmitted (OTA) EDP parameter included in the exchanged 802.11 frames or an encoding of the EDP parameter in order to generate an encoded EDP parameter (mask-based obfuscation) which is used as the new value for the corresponding transmitted (OTA) EDP parameter included in the exchanged 802.11 frames. The encoding operation may take as inputs the local current value of the EDP parameter considered and an encoding parameter shared by the encoder and the decoder. The encoding operation may be a mere masking, in which case the shared encoding parameter is a shared mask having the same binary length as the EDP parameter considered.
Alternative to the masking (e.g., XOR) includes the binary addition or an offset, both being based on a shared encoding parameter.
To carry out these obfuscation operations, a shared function may be executed to generate the new reset values and the new masks (or more generally new shared encoding parameter values). The shared function may be carried out in parallel by the EDP non-AP STA and the EDP AP STA with a shared encryption key in order to generate, on both sides, the same new reset values and the new masks without exchanging them in clear.
According to some embodiments, the same and single execution of the shared function simultaneously generates the new reset value or values for one or more EDP parameters (here below referred to as reset-based EDP parameters) to obfuscate and the new mask or masks (or more generally encoding parameter values) for one or more EDP parameters to obfuscate through encoding or masking (here below referred to as mask-based EDP parameters).
According to some embodiments, the shared function is the pseudorandom function (PRE) as specified in the section 12.7.1.2 of the standard IEEE Std 802.112020. Alternatively, any other PRF or block cipher algorithm allowing to cipher a block, with similar input parameters (shared private encryption key and shared parameter having a value varying over time) may be used. The description below mostly concentrates on the PRF for ease of explanation. However, similar considerations can be made with respect to any block cipher algorithm.
Back to step 320, both the EDP non-AP STA and the EDP AP compute the new uncorrelated values of the EDP parameters for an individual privacy usage for the EDP Individual Epochs from the PRF which is carried out in parallel by the EDP non-AP STA and the EDP AP STA with the use of a shared private encryption key denoted EDP-IParam-Key, for example as follows: I EDP PARAM (n) = PRF-M/L(EDP-I-Param-Key, "EDP", IT) wherein / EDP PARAM (n) corresponds to the sum of the lengths of the EDP parameters for an individual usage for the nth EDP Individual Epoch. It is split into predetermined chunks, each chunk corresponding either to a new reset value for each reset-based EDP parameter or a new shared encoding parameter value for each mask-based EDP parameter; PRF-M/L is the pseudorandom function generating a sequence of M random bits from which only the L leftmost bits are extracted; EDP-I-Pa ram-Key is the shared private encryption key involved in the procedure to generate either to a new reset value for each reset-based EDP parameter or a new shared encoding parameter value for each mask-based EDP parameter; "EDP" is a string of characters identifying a context for carrying out the key derivation function, this is given as an example only and any other string can be used; and IT is the value computed at step 310.
According to some embodiments, EDP-I-Param-Key is a key derived from the KDK of the PTK that may be generated as follows: EDP-I-Param-Key = KDF-Hash-256 (KDK, "EDP", BSSID) wherein KDF-Hash-Length is the key derivation function as defined in 12.7.1.6.2 (Key derivation function (KDF)); KDK is the KDK part of the current PTK of the EDP non-AP STA as specified in 12.14.8.3.4 (PTKSA derivation with EDPKE authentication); "EDP" is a string of characters identifying a context for carrying out the key derivation function, this is given as an example only and any other string can be used; and BSSID is the BSS identifier of the EDP AP STA.
Next, at step 330, both the EDP non-AP STA and the EDP AP STA compute the new uncorrelated values of the EDP parameters for a group privacy usage for the nth EDP Individual from the PRF which is carried out in parallel by the EDP non-AP STA and the EDP AP STA with the use of a shared private encryption key denoted EDP-G-Param-Key, for example as follows: G_EDP PARAM (n) = PRF-M/L(EDP-G-Param-Key, "Client ERCM", IT) wherein G_EDP PARAM (n) corresponds to the sum of the lengths of the EDP parameters for a group usage for the nth EDP Individual Epoch. is split into predetermined chunks, each chunk corresponding either to a new reset value for each reset-based EDP parameter or a new shared encoding parameter value for each mask-based EDP parameter; PRF-M/L is the pseudorandom function generating a sequence of M random bits from which only the L leftmost bits are extracted; EDP-G-Param-Key is the shared private encryption key involved in the procedure to generate either to a new reset value for each reset-based EDP parameter or a new shared encoding parameter value for each mask-based EDP parameter; "Client ERCM" is a string of characters identifying a context for carrying out the key derivation function, this is given as an example only and any other string can be used; and IT is the value computed at step 310.
According to some embodiments, EDP-G-Param-Key is a key derived from GTK as follows: EDP-G-Param-Key = KDF-Hash-256 (GTK, "EDP", BSSID) wherein KDF-Hash-Length is the key derivation function as defined in 12.7.1.6.2 (Key derivation function (KDF)); GTK is the current GTK of the EDP AP STA; "EDP" is a string of characters identifying a context for carrying out the key derivation function, this is given as an example only and any other string can be used; and BSSID is the BSS identifier of the EDP AP STA.
According to some embodiments, EDP-I-Epoch-Key is different from EDP-IParam-Key.
According to other embodiments, EDP-I-Epoch-Key is the same secret key as EDP-I-Param-Key. In such a case, parameter A/T in step 310 and I EDP PARAM (n-Fl) relative to EDP parameters for an individual privacy usage in step 320 are generated simultaneously by launching the same and single execution of the shared function, for example as follows: IA,BJ = PRF-MYLIEDP-I-Param-Key, "Client ERCM", IT), with I EDP PARAM (n+1) = A and AlT = B mod (RandTR) Figure 4 illustrates an example of an Information Element (IE) 400 containing group epoch parameters. Information Element (IE) 400 complies with section 9.4.2 of the IEEE 802.11-2020 standard and fields 405 and 410, representing the element identifier and the length of the IE, respectively, are those defined in this standard specification.
The Group Id field 415 may contain an identifier. In one embodiment, this identifier may allow future modification of the group epoch sequence by sending a broadcast frame containing an IE with the new parameter's values, for example in a beacon frame, in a probe response frame, in an association response frame, or in a Group Epoch Indication frame. In another embodiment, this identifier may have a special value (for instance 0) when this IE 400 is used to request a creation of a group by a non-AP STA. In another embodiment, the identifier 415 is used by a non-AP Station to request joining an existing group.
The Policy field 420 may provide some items of information regarding the group epoch sequence such as the following: the group epoch sequence is optional for the receiving non-AP station, meaning that the AP put in place this group epoch sequence but the non-AP station may decide to ignore it. In this case, the non-AP station should follow the group epoch sequence until it successfully negotiates an individual epoch sequence with an exclusive policy; - the group epoch sequence is mandatory for the receiving non-AP station, meaning that the non-AP station should follow the group epoch sequence, but the non-AP station may also negotiate a non-exclusive individual epoch sequence with the AP; the group epoch sequence is exclusive for the receiving non-AP station, meaning that the non-AP station has to follow the group epoch sequence and cannot request an individual epoch sequence; -the group epoch sequence is global, meaning that all the Client Privacy Enhancement parameters (CPE parameters) of the different links of a MLD non-AP station are changed at the same time; and - the group epoch sequence is local, indicating that only the CPE parameters, associated with the link on which the frame is received, are changed.
For the sake of illustration, field Policy 420 may be encoded as a bitmap, each bit indicating one of the different parameters of the policy (Optional/Mandatory, Exclusive/Non-Exclusive, Global/Local).
Start Time field 425 indicates the reference time To of the group epoch sequence.
Interval 430 indicates the Group Epoch Interval (GEO of the group epoch sequence.
Duration field 435 indicates the duration of the group epoch sequence. For the sake of illustration, a special value (for instance the maximum value that the field may take) for this field may indicate that there is no time limit for the sequence. This duration may be indicated in a number of iterations, in a multiple of Time Unit (TU) value, Beacon Interval, or in any other time indication units. A special value (for instance 0) for this field may indicate that the sender of the frame request to exit from the group. Alternatively or in addition, a special value (for instance 0) for this field may indicate that the recipient of the frame has to leave the group. This may be for example sent prior cancelation of the group. Another special value (for instance 1) may indicate a request for a one-shot change of parameters (not establishing a sequence). In another embodiment, this field only supports the special values, reducing the required size of the field to 2 bits for instance.
Link Id 440 indicates, in case of a multi-link device, the Link Identifier of the link that is used as time reference for the expression of the reference time To.
Time Range 445 indicates the range of value the pseudo-random variation AT may be selected in.
Figure 5 illustrates an example of a frame format of a new Information Element enabling a non-AP station to change its AID. It may correspond to Information Elements (IE) as specified in section 9.4.2 in the IEEE 802.11-2020 standard.
A dedicated IE may be specified for the AID value change procedure, referred to as AID IE, for example AID IE 500. As illustrated, the IE may be identified by an Element ID, for example Element ID 505. AID IE 500 further comprises a length field referenced 510 that indicates the number of octets in the IE 500, excluding Element ID field 505 and
length field 510.
AID IE 500 further comprises an AID field 515 indicating the new value of the AID and an AID switch counter field 520.
The AID switch counter field indicates the duration to wait before the effective change of the AIDS. In some embodiments, this duration indicates the number of beacons (TBTTs) to wait, or the number of EDP Epochs to wait. Other embodiments are possible.
Figure 6 schematically illustrates an example of a communication device that may correspond any of the stations described by reference to Figure 1, of a wireless network, configured to implement at least some embodiments of the disclosure. The communication device, referenced 600, may preferably be a device such as a micro-computer, a workstation, or a light portable device. Communication device 600 may comprise a communication bus 613 to which may be connected: -a central processing unit 601, such as a processor, denoted CPU; - a memory 603, denoted MEM, for storing an executable code of methods or steps of the methods according to embodiments of the disclosure as well as the registers adapted to record variables and parameters necessary for implementing the methods; and - at least two communication interfaces 602 and 602' connected to the wireless communication network, for example a communication network according to one of the IEEE 802.11 family of standards, via transmitting and receiving antennas 604 and 1004', respectively.
Preferably, communication bus 613 may provide communication and interoperability between the various elements included in the communication device 600 or connected to it. The representation of the bus is not limiting and in particular the central processing unit is operable to communicate instructions to any element of the communication device 600 directly or by means of another element of the communication device 600.
The executable code may be stored in a memory that may either be read only, a hard disk, or on a removable digital medium such as for example a disk. According to an optional variant, the executable code of the programs can be received by means of the communication network, via the interface 602 or 602', in order to be stored in the memory 603 of communication device 600 before being executed.
According to some embodiments, communication device 600 may be a programmable apparatus which uses software to implement embodiments of the disclosure. However, alternatively, some embodiments of the disclosure may be implemented, totally or in partially, in hardware (for example, in the form of an Application Specific Integrated Circuit or ASIC).
Embodiment(s) of the disclosure can also be realized by a computer of a system or apparatus that reads out and executes computer executable instructions (e.g., one or more programs) recorded on a storage medium (which may also be referred to more fully as a "non-transitory computer-readable storage medium") to perform the functions of one or more of the above-described embodiment(s) and/or that includes one or more circuits (e.g., application specific integrated circuit (ASIC)) for performing the functions of one or more of the above-described embodiment(s), and by a method performed by the computer of the system or apparatus by, for example, reading out and executing the computer executable instructions from the storage medium to perform the functions of one or more of the above-described embodiment(s) and/or controlling the one or more circuits to perform the functions of one or more of the above-described embodiment(s). The computer may comprise one or more processors (e.g., central processing unit (CPU), micro processing unit (MPU)) and may include a network of separate computers or separate processors to read out and execute the computer executable instructions. The computer executable instructions may be provided to the computer, for example, from a network or the storage medium. The storage medium may include, for example, one or more of a hard-disk, a random-access memory (RAM), a read-only memory (ROM), a storage of distributed computing systems, an optical disk (such as a compact disc (CD), digital versatile disc (DVD), etc.), a flash memory device, a memory card, and the like.
Expressions such as "comprise", "include", "incorporate", "contain", "is" and "have" are to be construed in a non-exclusive manner when interpreting the description and its associated claims, namely construed to allow for other items or components which are not explicitly defined also to be present. Reference to the singular is also to be construed in be a reference to the plural and vice versa.
A person skilled in the art will readily appreciate that various parameters disclosed in the description may be modified and that various embodiments disclosed may be combined without departing from the scope of the disclosure.

Claims (26)

  1. CLAIMS1. A method for improving communication privacy comprising, at a station of a Basic Station Set, BSS: obtaining a secret key shared with at least another station of the BSS; generating an Enhanced Data Privacy, EDP, key using the obtained shared secret key and a pseudo-random function shared by the at least another station, and modifying at least one privacy parameter as a function of the EDP key.
  2. 2. The method of claim 1, wherein the EDP key is generated using the obtained shared secret key, an identifier of the BSS, and the pseudo-random function.
  3. 3. The method of claim 1 or claim 2, wherein a value of the at least one privacy parameter is modified as a function of the EDP key.
  4. 4. The method of claim 3, wherein the value of the at least one privacy parameter is unique to the station and the other station.
  5. 5. The method of claim 3 or claim 4, wherein the obtained secret key is a first secret key, the generated EDP key is a first EDP key, and the pseudo-random function is a first pseudo-random function, the method further comprising obtaining a second secret key shared with the at least another station; generating a second EDP key using the second shared secret key and a second pseudo-random function shared by the at least another station, and wherein a value of another privacy parameter, different from the at least one privacy parameter, is modified as a function of the second EDP key, the value of the other privacy parameter being common to several stations of a set of stations of the BSS, the set of stations of the BSS comprising the station and the other station.
  6. 6. The method of claim 3 or claim 4, wherein the obtained secret key is a first secret key, the generated EDP key is a first EDP key, and the pseudo-random function is a first pseudo-random function, the method further comprising obtaining a second secret key shared with the at least another station; generating a second EDP key using the second shared secret key and a second pseudo-random function shared by the at least another station, and determining a start time at which the at least one privacy parameter is to be modified, the start time being determined as a function of the second EDP key.
  7. 7. The method of claim 6, wherein the start time is common to several stations of a set of stations of the BSS, the set of stations of the BSS comprising the station and the other station.
  8. 8. The method of claim 6, wherein the start time is unique to the station and the other station.
  9. 9. The method of claim 5, further comprising obtaining a third secret key shared with the at least another station; generating a third EDP key using the third shared secret key and a third pseudorandom function shared by the at least another station, and determining a start time at which the at least one privacy parameter and the other privacy parameter are to be modified, the start time being determined as a function of the third EDP key.
  10. 10. The method of claim 5, further comprising determining a start time at which the at least one privacy parameter and the other privacy parameter are to be modified, the start time being determined as a function of the second EDP key.
  11. 11. The method of claim 10 depending on claim 9 or of claim 9, wherein the start time is common to the stations of the set of stations of the BSS.
  12. 12. The method of claim 1 or claim 2, further comprising determining a start time at which the at least one privacy parameter is to be modified, the start time being determined as a function of the EDP key.
  13. 13. The method of claim 12, wherein a value of the at least one privacy parameter is modified as a function of the EDP key.
  14. 14. The method of claim 13, wherein the obtained secret key is a first secret key, the generated EDP key is a first EDP key, and the pseudo-random function is a first pseudo-random function, the method further comprising obtaining a second secret key shared with the at least another station; generating a second EDP key using the second shared secret key and a second pseudo-random function shared by the at least another station, and wherein a value of another privacy parameter, different from the at least one privacy parameter, is modified as a function of the second EDP key, the value of the other privacy parameter being common to stations of a set of stations of the BSS, the set of stations of the BSS comprising the station and the other station and the value of the at least one privacy parameter is unique to the station and the other station.
  15. 15. The method of claim 12, wherein the obtained secret key is a first secret key, the generated EDP key is a first EDP key, and the pseudo-random function is a first pseudorandom function, the method further comprising obtaining a second secret key shared with the at least another station; generating a second EDP key using the second shared secret key and a second pseudo-random function shared by the at least another station, and modifying a value of the at least one privacy parameter as a function of the second EDP key, wherein a value of the at least one privacy parameter is modified as a function of the second EDP key.
  16. 16. The method of any one of claims 12 to 15, wherein the start time is common to several stations of a set of stations of the BSS, the set of stations of the BSS comprising the station and the other station.
  17. 17. The method of any one of claims 12 to 15, wherein the start time is unique to the station and the other station.
  18. 18. A method for improving communication privacy comprising, at an access-point (AP) station of a Basic Station Set, BSS: sending a group offset value to a group of non-AP stations for the non-AP stations to modify a corresponding privacy parameter using the group offset value; and sending an update value to a sub-group of one or more non-AP stations of the group for the sub-group of non-AP stations to modify their corresponding privacy parameter using the update value.
  19. 19. A method for improving communication privacy comprising, at a non-access-point (AP) station of a Basic Station Set, BSS: receiving an update value from an AP station, the update value being specific to a sub-group of one or more non-AP stations, comprising the non-AP station, of a group of non-AP stations; determining a start time at which a privacy parameter is to be modified, the start time being determined as a function of an Enhanced Data Privacy, EDP, key; and modifying the privacy parameter using the update value.
  20. 20. The method of claim 19, wherein the update value corresponds to a specific value of the privacy parameter.
  21. 21. The method of claim 19, wherein the update value corresponds to a specific offset value to be applied by the non-AP stations of the sub-group.
  22. 22. The method of any one of claims 19 to 21, wherein the EDP key is generated using a secret key and a pseudo-random function, the secret key and the pseudo-random function being shared between the non-AP station and the AP station.
  23. 23. The method of any one of claims 18 to 22, wherein the privacy parameter is an Association Identifier (AID).
  24. 24. A computer program product for a programmable apparatus, the computer program product comprising a sequence of instructions for implementing each of the steps of the method according to any one of claims 'I to 23 when loaded into and executed by the programmable apparatus.
  25. 25. A non-transitory computer-readable storage medium storing instructions of a computer program for implementing each of the steps of the method according to any one of claims 1 to 23.
  26. 26. A communication device comprising a processing unit configured for carrying out each of the steps of the method according to any one of claims 1 to 23.
GB2405775.4A 2024-04-24 2024-04-24 Methods, devices, and computer programs for managing secret key for group and individual privacy Pending GB2640559A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GB2405775.4A GB2640559A (en) 2024-04-24 2024-04-24 Methods, devices, and computer programs for managing secret key for group and individual privacy
PCT/EP2025/060979 WO2025224126A1 (en) 2024-04-24 2025-04-23 Methods, devices, and computer programs for managing secret key for group and individual privacy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB2405775.4A GB2640559A (en) 2024-04-24 2024-04-24 Methods, devices, and computer programs for managing secret key for group and individual privacy

Publications (2)

Publication Number Publication Date
GB202405775D0 GB202405775D0 (en) 2024-06-05
GB2640559A true GB2640559A (en) 2025-10-29

Family

ID=91275269

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2405775.4A Pending GB2640559A (en) 2024-04-24 2024-04-24 Methods, devices, and computer programs for managing secret key for group and individual privacy

Country Status (2)

Country Link
GB (1) GB2640559A (en)
WO (1) WO2025224126A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4149135A1 (en) * 2021-09-13 2023-03-15 Apple Inc. Address randomization schemes for multi-link devices
GB2614584A (en) * 2022-01-07 2023-07-12 Canon Kk Method for changing the value of one or more privacy parameters of stations within a basic service set
EP4290902A1 (en) * 2022-06-10 2023-12-13 Apple Inc. Association identifier change and obfuscation in wlan communication
US20240073677A1 (en) * 2021-11-18 2024-02-29 Cypress Semiconductor Corporation Media access control (mac) address privacy handling
EP4554148A1 (en) * 2023-11-07 2025-05-14 Apple Inc. Encryption and protection of mac headers and control frames
GB2635421A (en) * 2023-11-09 2025-05-14 Canon Kk Methods, devices and computer programs for determining when to change values of privacy enhancement

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7745761B2 (en) * 2022-01-07 2025-09-29 キヤノン株式会社 Method for modifying the value of one or more privacy parameters of a station in a basic service set - Patents.com

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4149135A1 (en) * 2021-09-13 2023-03-15 Apple Inc. Address randomization schemes for multi-link devices
US20240073677A1 (en) * 2021-11-18 2024-02-29 Cypress Semiconductor Corporation Media access control (mac) address privacy handling
GB2614584A (en) * 2022-01-07 2023-07-12 Canon Kk Method for changing the value of one or more privacy parameters of stations within a basic service set
EP4290902A1 (en) * 2022-06-10 2023-12-13 Apple Inc. Association identifier change and obfuscation in wlan communication
EP4554148A1 (en) * 2023-11-07 2025-05-14 Apple Inc. Encryption and protection of mac headers and control frames
GB2635421A (en) * 2023-11-09 2025-05-14 Canon Kk Methods, devices and computer programs for determining when to change values of privacy enhancement

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
IEEE 802.11-24/0604r1 (CISCO) 'Periodic Frame Anonymization' (10.04.2024) <https://mentor.ieee.org/802.11/dcn/24/11-24-0604-03-00bi-periodic-frame-anonymization.docx> *
IEEE 802.11-24/0604r1 (CISCO) 'Periodic Frame Anonymization' (10.04.2024) https://mentor.ieee.org/802.11/dcn/24/11-24-0604-03-00bi-periodic-frame-anonymization.docx *
IEEE 802.11-24/0645r0 (CANON) 'EDP Epoch operation normative text for 11bi' (03.04.2024) <https://mentor.ieee.org/802.11/dcn/24/11-24-0645-00-00bi-edp-epoch-setup-normative-text-for-11bi.docx> *
IEEE 802.11-24/0645r0 (CANON) 'EDP Epoch operation normative text for 11bi' (03.04.2024) https://mentor.ieee.org/802.11/dcn/24/11-24-0645-00-00bi-edp-epoch-setup-normative-text-for-11bi.docx *

Also Published As

Publication number Publication date
WO2025224126A1 (en) 2025-10-30
GB202405775D0 (en) 2024-06-05

Similar Documents

Publication Publication Date Title
US11785510B2 (en) Communication system
US12470918B2 (en) Communication terminal, core network device, core network node, network node, and key deriving method
EP2184933B1 (en) A method and apparatus for new key derivation upon handoff in wireless networks
JP7745761B2 (en) Method for modifying the value of one or more privacy parameters of a station in a basic service set - Patents.com
GB2614584A (en) Method for changing the value of one or more privacy parameters of stations within a basic service set
US20250184306A1 (en) Method for changing the mac address of a non-ap station for a next association with an ap station
CN115412909A (en) Communication method and device
WO2024008841A1 (en) Obfuscation of ies in management frames using container ies with encrypted information section
GB2640559A (en) Methods, devices, and computer programs for managing secret key for group and individual privacy
GB2635417A (en) Methods, devices, and computer programs for determining when to change values of privacy enhancement parameters of a multi link wireless station
GB2614562A (en) Method for changing a value of an extended unique identifier of a non-AP station associated with an AP station
GB2615796A (en) Method for changing a value of an extended unique identifier of a non-AP station associated with an AP station
GB2642337A (en) Methods, devices, and computer programs for managing a group key
WO2026008684A1 (en) Methods, devices, and computer programs for managing a group key
WO2025008542A1 (en) Privacy parameter obfuscating method with multiple trust levels
GB2631557A (en) Privacy parameter obfuscating method with multiple trust levels
US20250113184A1 (en) Mobility domain access point wide pairwise transient key
EP4677884A1 (en) Communication method obfuscating multiple privacy parameters
WO2024188898A1 (en) Communication method obfuscating multiple privacy parameters
WO2025008415A1 (en) Method for changing a value of an extended unique identifier of a non-ap station associated with an ap station
GB2628022A (en) Communication method obfuscating multiple privacy parameters
CN118511558A (en) Method for changing the value of one or more privacy parameters of a station within a basic service set
WO2024088863A1 (en) Method for resynchronizing the mac address of a non-ap station
GB2628008A (en) Dynamic setting of station association parameters to improve user privacy and communication reliability
WO2025099004A1 (en) Method and apparatus for operating with enhanced data privacy features for stations implementing changing mac address