WO2025110907A1

WO2025110907A1 - Transmitting and receiving a probe message

Info

Publication number: WO2025110907A1
Application number: PCT/SE2023/051185
Authority: WO
Inventors: Petri LAARI; Jaime JIMÉNEZ; Tero Kauppinen
Original assignee: Telefonaktiebolaget LM Ericsson AB
Current assignee: Telefonaktiebolaget LM Ericsson AB
Priority date: 2023-11-23
Filing date: 2023-11-23
Publication date: 2025-05-30
Anticipated expiration: 2026-05-23

Abstract

A wireless device (210) and a network node (225) in a communication network (200), methods (300; 400) performed by the wireless device and the network node, a computer program and a computer program product each for the wireless device and the network node is provided The wireless device generates a first BF of length. The first BF comprises an indication of one or more SSIDs associated with one or more network nodes (220). One or more SSIDs are associated with a network node (225) of the one or more network nodes. The wireless device transmits, to the one or more network nodes, a probe message for joining at least one of the one or more SSIDs associated with the one or more network nodes, wherein the probe message comprises the first BF.

Description

TRANSMITTING AND RECEIVING A PROBE MESSAGE

TECHNICAL FIELD

The disclosure herein relates to transmitting and receiving a probe message, and provides a method performed by a wireless device, a method performed by a network node, the wireless device and the network node, a corresponding computer program and computer program product each for the wireless device and the network node.

BACKGROUND A Bloom filter (BF) is a probabilistic data structure that can be used by a first device to identify to a second device in an efficient manner one or more known data items (i.e., a "set" of known data items") selected by the first device. For example, if a first device wants to inform the second device that one or more of three possible known data items have been selected by the first device, the first device initializes a BF and then "adds" to the BF each selected data item. After receiving the BF, for each one of the three possible data items, the second device "queries" the BF to determine if the data item is included in the BF. Due to the probabilistic nature of BFs, there is a controllable level of uncertainty in the result of the query: the negative answer is always correct, but a positive answer may be a false positive. Institute of Electrical and Electronics Engineers (IEEE) 802.11 is a set of wireless network standards commonly known as Wi-Fi. The IEEE 802.11 standards define the protocols and specifications for wireless communication in local area networks (LANs).

The IEEE 802.11 standards cover a wide range of aspects, including data rates, security protocols, and network management. The probing procedure in 802.11 refers to a process through which a Wi-Fi device discovers and connects to available wireless access points (APs) in its vicinity. This probing procedure is essential for establishing a connection between the Wi-Fi device (e.g. a laptop, a smartphone, an Internet-of- Things device) and an AP to access a wireless network.

When a Wi-Fi device is powered on or brought into a new area, it begins the probing procedure to find available APs. There are two types of access points that can be discovered during this process: open APs and hidden APs. Open APs broadcast their Service Set Identifier (SSID), which is a unique name assigned to each wireless network. Open APs actively send out beacon frames containing their SSID information. When a Wi-Fi device starts the probing procedure, it listens for beacon frames broadcasted by open APs. The Wi-Fi device collects information about available APs, including their SSIDs, signal strengths, and supported security protocols. Once the Wi-Fi receives this information, the Wi-Fi device presents a list of available open APs to a user, who can then choose which open AP to connect to.

Hidden APs, also known as closed or non-broadcasting APs, do not actively broadcast their SSIDs in beacon frames. Instead, they keep their SSID information hidden from passive scanning. When a Wi-Fi device starts a discovery/ search procedure for a hidden APs, the Wi-Fi device sends out a probe request frame containing the SSID the Wi-Fi device is searching for. This probe request is broadcasted to all access points in range. Hidden APs that receive a probe request frame from the Wi-Fi device and match the requested SSID respond with a probe response frame, providing their SSID, supported security protocols, and other relevant information.

The Wi-Fi device collects these responses and presents a list of available hidden APs to the user, who can then choose which hidden AP to connect to.

US 9756571 B2 discloses an electronic device. When the electronic device has established a communication connection with a wireless access point, the electronic device cycles a network interface controller of the electronic device between a power on state and a power off state without terminating the communication connection.

SUMMARY

An object of the invention is to improve security in a communication network. This and other objects are met by means of different aspects of the invention, as defined by the independent claims.

According to a first aspect, a method performed by a wireless device in a communication network is provided. The method comprises generating a first Bloom filter (BF) of length m. The first BF comprises an indication of one or more SSIDs associated with one or more network nodes. One or more SSIDs are associated with a network node of the one or more network nodes. The method comprises transmitting, to the one or more network nodes, a probe message for joining at least one of the one or more SSIDs associated with the one or more network nodes, wherein the probe message comprises the first BF.

According to a second aspect, a method performed by a network node in a communication network is provided. The method comprises receiving, from a wireless device, a probe message for joining a first SSID associated with the network node. The probe message comprises a first BF. The first BF comprises an indication of one or more SSIDs associated with one or more network nodes. The method comprises generating a second BF of length m. The second BF comprises an indication of the first SSID. The method comprises verifying whether the first SSID is present in the first BF by comparing the first BF and the second BF.

According to a third aspect, a wireless device in a communication network is provided. The wireless device is adapted to generate a first BF of length m. The first BF comprises an indication of one or more SSIDs associated with one or more network nodes. One or more SSIDs are associated with a network node of the one or more network nodes. The wireless device is adapted to transmit, to the one or more network nodes, a probe message for joining at least one of the one or more SSIDs associated with the one or more network nodes, wherein the probe message comprises the first BF.

According to a fourth aspect, a network node in a communication network is provided. The network node is adapted to receive, from a wireless device, a probe message for joining a first SSID associated with the network node. The probe message comprises a first BF. The first BF comprises an indication of one or more SSIDs associated with one or more network nodes. The network node is adapted to generate a second BF of length m. The second BF comprises an indication of the first SSID. The network node is adapted to verify whether the first SSID is present in the first BF by comparing the first BF and the second BF.

According to a fifth aspect, a wireless device in a communication network is provided. The wireless device comprises at least one processing circuitry. The wireless device comprises at least one memory. The at least one memory is connected to the at least one processing circuitry. The at least one memory storing program code that is executed by the at least one processing circuitry to perform the method according to the first aspect. According to a sixth aspect, a network node in a communication network is provided. The network node comprises at least one processing circuitry. The network node comprises at least one memory. The at least one memory is connected to the at least one processing circuitry. The at least one memory storing program code that is executed by the at least one processing circuitry to perform the method according to the second aspect.

According to a seventh aspect, a computer program is provided. The computer program comprises instructions which, when executed by at least one processing circuitry of a wireless device causes the wireless device to carry out the method according to the first aspect and/or, when executed by at least one processing circuitry of a network node, causes the network node to carry out the method according to the second aspect.

According to an eighth aspect, a computer program product stored on a non- transitory computer readable medium is provided. The computer program product comprises instructions that, when executed by at least one processing circuitry of a wireless device, causes the wireless device to perform the method according to the first aspect. Alternatively, or in addition, the computer program product comprises instructions that, when executed by at least one processing circuitry of a network node, causes the network node to perform the method according to the second aspect. Thus, advantageously, the disclosure herein provides transmitting/ receiving a memory-efficient probe message. Hereby, a single probe message is sent from a wireless device for requesting connection from a plurality of SSIDs associated with one or more network nodes. The disclosure herein advantageously improves resource efficiency in a communication network. Furthermore, the disclosure herein may advantageously reduce an exchange of messages and/or signaling in a communication network. Also, the disclosure herein may advantageously improve privacy in a communication network. The disclosure herein may advantageously reduce interference in the communication network. An advantage of the disclosure herein can be to reduce time taken to establish a connection with a network node in the communication network. The various aspects of the invention herein increase privacy during a network discovery process while maintaining robustness against malicious activities. The disclosure herein may be used for both hidden and non-hidden (i.e. open) access points.

BRIEF DESCRIPTION OF THE DRAWINGS The above, as well as additional objects, features and advantages of the invention, will be better understood through the following illustrative and non-limiting detailed description of embodiments of the invention, with reference to the appended drawings, in which:

Fig. 1 illustrates an embodiment of a Bloom filter of the invention. Fig. 2 illustrates an embodiment of a communication network of the invention.

Figs. 3 illustrates an embodiment according to a method performed by a wireless device of the invention.

Figs. 4 illustrates an embodiment according to a method performed by a network node of the invention. Fig. 5 shows an embodiment of a network node according to the invention.

Fig. 6 shows an embodiment of a wireless device according to the invention.

Fig. 7 illustrates an embodiment of a computer program product according to the invention.

All the figures are schematic, not necessarily to scale, and generally only show parts which are necessary in order to elucidate the invention, wherein other parts may be omitted or merely suggested.

DETAILED DESCRIPTION

The invention will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the invention are shown.

This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Generally, all terms used herein are to be interpreted according to their ordinary meaning in the relevant technical field, unless a different meaning is clearly given and/or is implied from the context in which it is used. All references to a/an/the element, apparatus, component, means, step, etc. are to be interpreted openly as referring to at least one instance of the element, apparatus, component, means, step, etc., unless explicitly stated otherwise. The steps of any methods disclosed herein do not have to be performed in the exact order disclosed, unless a step is explicitly described as following or preceding another step and/or where it is implicit that a step must follow or precede another step. Any feature of any of the embodiments disclosed herein may be applied to any other embodiment, wherever appropriate. Likewise, any advantage of any of the embodiments may apply to any other embodiments, and vice versa. Other objectives, features and advantages of the enclosed embodiments will be apparent from the following description.

In known systems, a Wireless Fidelity (Wi-Fi) client must transmit multiple messages when probing for a network, (i.e., for hidden access points and/or open access points) with each message specifically targeting an individual Service Set Identifier (SSID) the Wi-Fi client aims to discover. This process of individually probing each SSID can be time-consuming, as it requires multiple probing messages to identify available networks. Additionally, in known systems, since SSIDs are visible to any device capable of intercepting network traffic wirelessly, the known systems might inadvertently expose users' information. In particular, the known systems may potentially reveal locations that a user of the users have visited in the past. The disclosure herein provides a wireless device and a network node in a communication network, methods for the wireless device and the network node, a corresponding computer program product and a computer program for each of the network node and the wireless device. The disclosure herein may improve one or more of a latency of the communication network, a throughput of the communication network, a resource utilization in the communication network and a network efficiency of the communication network.

Fig. 1 provides an illustrative example of a Bloom filter 100. In Fig. 1, a first data item ("Data 1") and a second data item ("Data 2") from a set of known data items that includes Data 1, Data 2, Data 3 (i.e., a third data item) and Data 4 (i.e., a fourth data item) are inserted into the BF 100. After which a "query" process (a.k.a., "verification process") is performed to check if Data 1, Data 3 and Data 4 are included in the BF 100. Generally, a BF is an m-bit string which is initialized to 0 and then, for each data item added to the BF, then it is modified accordingly. A data item from a known set of data items is added to the filter by hashing the data item using k different hash functions to produce k index values. As an example. Fig. 1 shows using two hash functions to insert Data 1 and Data 2 into the BF 100. The selection of hash functions depends on the implementation, for example, once the hash functions have been selected, the same set of functions is used during the lifetime of the BF.

Each of the hash operations results in an integer value between 1 and m (or between 0 and m-1), wherein the resulting value from each of the hash operations is referred to as an "index" value. The resulting k index values are used as indexes to the BF. More specifically, for each of the k index values, the bit in the BF that corresponds to the index value is set to 1 (e.g., if the index values range between 1 and m and if one of the k index values is 7, then the seventh bit of the BF is set to 1). If a bit corresponding to the index value in the BF is already set to 1 due to some previously added data item, the bit is left unmodified. Once all the desired data items from the known set of data items have been inserted in the BF, the BF can be transmitted to another device, which then uses the BF to determine the data items that are "identified" by (or "included in") the BF. Due to the possibility of false positives, the fact that a BF identifies a particular data item does not necessarily mean that the creator of the BF added the particular data item to the BF. To determine whether the BF identifies a particular data item from the known set of data items, the device receiving the BF determines the k different index values using the particular data item and the k hash functions. The BF "identifies" the particular data item if, and only if, for each of the k index values, the corresponding bit in the BF is set to 1. Thus, if any of the corresponding bits are set to 0, the BF does not identify the data item (i.e., the device receiving the BF will know that the particular data item was not added to the BF by the creator of the BF). When verifying the presence of Data 1 in the BF 100, the result correctly confirms that there is a match in the BF 100 (i.e.. Data 1 is present in the BF 100). When verifying the presence of Data 3 in the BF 100, the result correctly confirms that there is no match in the BF 100 (i.e.. Data 3 is not present in the BF 100).

As noted above, the mere fact that the BF identifies a particular data item from the set of known data items does not necessarily mean that the creator of the BF added the particular data item to the BF. In general, there are two kinds of false answers. A verification could result in a positive answer even though the data item has not been inserted into the filter. This means all the bit locations are 1 but the 1's were generated by inserting two or more different data items in the filter. This is called a false positive answer. False negative, in turn, occurs when the verification results in a negative answer even if the data item has been inserted in the filter. In a BF this would mean that there is 0 in some bit position that should be 1.

In this case, however, a BF can never return a false negative answer (assuming, of course, that the BF has not been corrupted). If the insertion and verification have been done correctly, all the bits of an inserted data item are 1 and verification of the same data item must return a positive answer. On the other hand, false positives are possible as seen in Fig. 1 when verifying Data 4. As a result of inserting Data 1 and Data 2, the k index bits calculated from Data 3 are all set to 1, providing a wrong answer when verifying Data 4. Due to possible false positives, there is a non-zero probability that the BF identifies a data item even if the data item was not expressly added to the BF. This probability depends on many parameters including the number of bits in the BF, the number of hash operations k per data item, and the number of data items that have been added to the filter. Generally, the more bits set to 1 in the BF, the greater the probability for false positives.

The false positive probability can be calculated using the equation below with size m, number of hash functions k, and number of items inserted in the filter n:

-i kn ^k k-n i

P= (l-(1-— m ) ) ~ (l - e — m )^fc

Increasing the size of the filter provides better results (i.e., reduces the chance of a false positive). However, the implementation environment may set limits to the size of the BF. Also, increasing the number of elements inserted in the BF will increase the false positive probability. In addition to adjusting the size of the BF, the number of hash functions used can be optimized to achieve a better result.

Fig. 2 illustrates an embodiment of a communication network 200 according to the invention. The communication network 200 comprises a wireless device 210 and one or more network node 220. In an example, the one or more network nodes 220 (e.g. a network node 221, a network node 222, a network node 225) may be capable of serving the first wireless device 210. Examples of the wireless device 210 have been provided in relation to the description corresponding to Fig. 6. Examples of the network nodes 220 have been provided in relation to the description corresponding to Fig. 5. The wireless device 220 is configured/adapted to generate a first Bloom filter

(BF) of length m, wherein the first BF comprises an indication of one or more SSIDs associated with one or more network nodes 220 and wherein one or more SSIDs are associated with a network node 225 of the one or more network nodes 220. The wireless device 210 is configured to transmit, to the network nodes 220, including the network node 225, a probe message for joining at least one of the one or more SSIDs associated with the network node 225, wherein the probe message comprises the first BF. In some embodiments, the probe messages can be broadcasted to the network nodes 220 in the communication network 200.

In an example, the network nodes 220 (including the network node 225) is an Institute of Electrical and Electronics Engineers, (IEEE) 802.11 access point and the wireless device supports IEEE 802.11 communication.

The disclosure herein enables the wireless device 210 to transmit multiple SSIDs into one probe message in a fixed length field by generating a first BF. Also, the disclosure herein reduces the number of probe messages to be sent from the wireless device 210 to one or more network nodes 220 in communication network 200. The disclosure herein further reduces the size of the message to be sent from the wireless device 210 to the network nodes 220. Further, using the BF, network SSIDs that the wireless device 210 maintains/stores are not revealed to an interceptor and/or network SSIDs that the wireless device 210 maintains cannot be decrypted from the probe messages. Thus, a potential attacker may not be able gather information about, for example, the network node 225 that the wireless device 210 has stored.

In some embodiments, a number of different hash functions, k, are agreed in the communication network 200. The hash functions may be stored in the network nodes 220 and the wireless device 210. The size of the first BF and/or the second BF may be pre-configured. The number of hash functions is at least two or more.

The wireless device 210 calculates a first BF and then transmits/broadcasts a probe message comprising the first BF containing hashed representations of stored SSIDs (while keeping the stored SSIDs concealed) and the probe message optionally comprising timestamps. In some embodiments, the timestamps may be the time that the wireless device 210 sends the probe message. The network node 225 of the one or more network nodes 220 then verifies whether the received probe message contains the SSID of the network node 225. In some embodiments, the network node 225 calculates a second BF using an SSID of the network node 225 in order to verify whether the SSID of the network node 225 is included in the probe message. If there's a match (i.e., the received probe message comprises the SSID of the network node 225), the network node 225 enables a connection setup to proceed. To prevent replay attacks, the network node 225 keeps a track of used timestamps, if received in the probe message. Further, the network node 225 may block consequent malicious host attempts using a previously used timestamp. For example, the network node 225 blocks an attempt by an attacker device which uses a previously used timestamp (which was used by a non-malicious node) in a probe message. Fig. 3 illustrates an embodiment according to a method performed by a wireless device 210 of the invention. The method 200 is performed by the wireless device 210 in a communication network, such as the communication network 200 as described in relation to the description corresponding to Fig. 2.

The method 300 comprises generating 305 a first BF of length m. The first BF comprises an indication of one or more SSIDs associated with one or more network nodes 220, wherein one or more SSIDs are associated with a network node 225 of the one or more network nodes 220. In other words, the first BF comprises an indication of one or more SSIDs associated with one or more network nodes 220, wherein at least one SSID is associated with a network node 225 of the one or more network nodes 220. The length of the first BF m may correspond to a number of the one or more SSIDs associated with one or more network nodes 220.

The method 300 comprises transmitting 310, to the one or more network nodes 220, including the network node 225, a probe message for joining at least one of the one or more SSIDs associated with the one or more network node 220 (i.e., the probe message for joining the at least one SSID associated with the network node 225). The probe message comprises the first BF. In some embodiments, the one or more network nodes 220 comprises at least the network node 225. Advantageously, the method enables the wireless device 210 to transmit/send lesser messages to the network node 225 and/or other network nodes of the network node 220 as the probe message may contain multiple SSIDs in a combined format. Also, a size of the probe message is fixed which may be shorter than a regular IEEE 802.11 probe message. The one or more SSIDs that are known to the wireless device 210 may be included in the BF of the probe message which leads to protection from a potential eavesdropper because the SSIDs cannot be decoded from the BF by the eavesdropper.

Each of the one or more SSIDs associated with the one or more network nodes 220 may optionally be represented by a bitstring. The indication of one or more SSIDs associated with the one or more network nodes 220 may optionally be generated by performing a bitwise logical OR operation on all bitstrings associated with the one or more SSIDs associated with the one or more network nodes 220. In an example, if a first SSID of the network node 225 is represented by '100101' and a second SSID of the network node 225 is represented by '110011', the generated indication is '110111' (considering a BF length of 6, and performing a logical bitwise OR operation on the first SSID and the second SSID). Each of the bitstrings may be generated from a hash value obtained by applying a hash function (e.g. murmurhash, CityHash, xxHash, FarmHash, Jenkins Hash) on an SSID associated with the one or more network nodes 220. The hash function may be selected from a set of hash functions known to both of the one or more network nodes 220 and the wireless device 210. The hash value is a value between 0 and (m - 1) and the hash value represents an index value in the first BF.

The probe message may further comprise a first timestamp and the first timestamp may indicate a time when the wireless device 210 sends the probe message.

In some embodiments, prior to the wireless device 210 connecting/accessing a network, using WiFi, provided by the network node 225, the wireless device 210 polls for previously stored SSIDs in the neighborhood. The polling is performed by the wireless device 210 to check if there are previously stored SSIDs nearby that the wireless device 210 has connected to earlier and to check if the wireless device 210 can reconnect to the previously stored SSIDs (wherein SSIDs are stored on the wireless device 210). The wireless device 210 may select the previously stored SSIDs and a current timestamp. The wireless device 210 may then calculate an SSID-bf entry for each of the previously stored SSIDs (and also the SSIDs that the wireless device 210 is actively trying to probe) using the hash functions, i.e. setting the bits to one that are results from the hash function calculations. The SSID-bf entries for each of the SSIDs previously stored in the wireless device 210 form a first BF. The calculation resulting from each hash function results in an index value between 0 and m-1, when the length of the first BF is m. Optionally, the SSID-bf calculation for an SSID may be performed by using a hash function on i) an SSID of the SSIDs previously stored in the wireless device and ii) the current timestamp. Representation of the SSID-bf may be provided by:

SSID-bf [hashj(SSID, timestamp)] = 1, for all hash functions l...k.

Once the SSID-bf is calculated for all the previously stored SSIDs in the wireless device 210 (and also the SSIDs that the wireless device 210 is actively trying to probe), the wireless device 210 inserts all SSID-bfs into the first BF by using logical bitwise OR operation. Representation of the first BF may be provided by:

First BF = SSID-bfl I SSID-bf2/ ...

Once the first BF has been generated for all the previously stored SSIDs in the wireless device 210 (and also the SSIDs that the wireless device 210 is actively trying to probe), the wireless device 210 transmits/ broadcasts the probe message to the network node 225 including the first BF (represented by a bitstring) and the timestamp (represented in plain text). Representation of the probe message may be provided by:

Probe (BF, timestamp) In an example, given the following SSIDs of the network nodes 220 or the network node 225: HomeWiFi, OfficeWiFi, CafeWiFi and considering the length of a BF to be 15. The number of hash functions (e.g. murmurhash) to be used is equal to the length of the BF. The hash functions may each be the same or may be different depending upon the implementation. If the generated BFs for the above SSIDS are:

HomeWiFi-bf: 010010000010000 OfficeWiFi-bf: 000001010100100 CafeWiFi-bf: 001100000001010

Then a combined BF of the three SSID-bfs using bitwise OR operation may be represented by:

BF=011111010111110 In an example, the probe message to be transmitted by the wireless device 210 at a time 13:24:00 on 20 November 2023 may be represented by:

Probe (BF, timestamp) = Probe (011111010111110, 2023-ll-20T13:24:00Z) Advantageously, adding the first timestamp to the probe message, in addition to the BF of the probe message, enables replay protection for the probe message. The addition of the first timestamp prevents an eavesdropper or a potentially malicious node to acquire SSIDs from the network nodes 220 which are hiding their SSIDs. Each of the bitstrings of the one or more SSIDs associated with one or more network nodes may optionally be generated from a hash value obtained by applying a hash function (e.g. murmurhash) on a SSID associated with the one or more network nodes 220. Each of the bitstrings of the one or more SSIDs associated with one or more network nodes may be optionally generated from a hash value obtained by applying a hash function on an SSID associated with the one or more network nodes and the first timestamp. The hash function may be selected from a set of hash functions known to both of the one or more network nodes 220 and the wireless device 210. In some embodiments, the set of hash functions is agreed between the one or more network nodes 220 and the wireless device 210. In some embodiments, the set of hash functions is pre-fed into the communication network 200.

The method 300 optionally comprises storing 315 the one or more SSIDs associated with the one or more network nodes 220 (including the network node 225) in the wireless device 210.

The method 300 optionally comprises receiving 320, from the network node 225, a message for establishing a connection with the network node 225.

Figs. 4 illustrates an embodiment according to a method performed by a network node 225 of the invention. The method 400 is performed by the network node 225 in a communication network, such as the communication network 200 as described in relation to the description corresponding to Fig. 2.

The method 400 comprises receiving 405, from the wireless device 210, a probe message for joining a first SSID associated with the network node 225. The probe message comprises a first BF and the first BF comprises an indication of one or more SSIDs associated with one or more network nodes 220 (as described in relation to Figs. 2 and 3). The method 400 comprises generating 410 a second BF of length m. The second BF comprises an indication of the first SSID. The length of the second BF corresponds to the length of the first BF, wherein the length of the first BF corresponds to a number of the one or more SSIDs associated with one or more network nodes 220 (i.e., the size of the first BF is the same as the size of the second BF).

The method 400 comprises verifying 415 whether the first SSID is present in the first BF by comparing the first BF and the second BF. The verification procedure may be performed as provided in a checking/verification procedure of members in a BF as described above. The one or more SSIDs associated with one or more network nodes (220) may be represented by a bitstring. The first SSID may be represented by another bitstring. The first BF may comprise the bitstring and the second BF may comprise the another bitstring.

The probe message received by the wireless device 210 may further comprise a first timestamp. The first timestamp may indicate a time when the wireless device sends the probe message. The method 400 optionally comprises deleting 445 the first timestamp after a predefined time has elapsed. The predefined time may vary from a few microseconds to a few hours. The method 400 optionally comprises discarding 450 of the probe message if the first timestamp is older than a predefined time window. The predefined time window may range from a few microseconds to a few minutes.

The method 400 optionally comprises storing 420, in the network node 225, the first timestamp. The method 400 optionally comprises storing 425, in the network node 225, an identification of the wireless device. Advantageously, the network node 225 maintains a list of wireless devices (e.g. including the wireless device 210) which are allowed to use the SSID of the network node 225.

The method 400 optionally comprises confirming (430) whether the first timestamp is same as a previously used timestamp associated with the wireless network device 210. In some embodiments, if the first timestamp is same as the previously used timestamp, the method 400 comprises discarding 435 the probe message. In some embodiments, if the first timestamp is same as the previously used timestamp, the method 400 comprises tagging 440 the wireless device 210 as a malicious device (e.g. an eavesdropper node, a potential attacker node), wherein further probe messages from the wireless device 210 are discarded.

In some embodiments, the indication of the first SSID of the second BF may be generated from a hash value obtained by applying a hash function on the first SSID. Each of the bitstring may be generated from a hash value obtained by applying a hash function on the first SSID. The hash function may be selected from a set of hash functions known to both of the network node and the wireless device. The hash value is a value between 0 and (m - 1) and the hash value represents an index value in the second BF. Advantageously, the hash value may include an indication of the wireless device's 210 identifier and an indication of the first timestamp (in plain text), to reduce the possibility for an attacker node/ a malicious node to replay the probe message.

The method 400 optionally comprises transmitting 455, to the wireless device 210, a message for establishing a connection between the wireless device 210 and the network node 225 in response to verifying that the first SSID is present in the first BF. The method 400 optionally comprises dropping 460 the probe message in response to verifying that the first SSID is not present in the first BF.

One or more clocks may be roughly synced (e.g. within one minute) in the communication network 200, i.e. all nodes (e.g. the network nodes 220, the wireless device 210) may roughly have the same time. Advantageously, the clock syncing may allow the network nodes 220 to remove stored probe messages (i.e., older probe messages) from the network nodes 220.

In some embodiments, the network node 225 receives the probe message comprising the BF and optionally the timestamp. The network node 225 calculates an SSID-bf value similar to the description in in relation to Fig. 3. In some embodiments, the indication of the first SSID of the second BF is generated from a hash value obtained by applying a hash function on the first SSID and the first timestamp. In some embodiments, the verifying operation 415 comprises comparing a bitstring of the first BF and the another bitstring of second BF, wherein the first BF comprises the indication of one or more SSIDs associated with one or more network nodes and the first timestamp. The SSID-bf value is calculated, for example, using the network node's 225 SSID/ SSIDs value and optionally the timestamp included in the probe message. In some embodiments, the timestamp, if received by the network node 225, is marked as used, so that the exact same timestamp cannot be used for a second time.

Once the network node 225 calculates the SSID-bf, the network node 225 generates a second BF which is of the same length as the first BF (i.e., the first BF including in the probe message from the wireless device 210). If the network node 225 finds a match between the first BF and the second BF, the network node 225 deems that the wireless device 210 is a non-malicious wireless device, and then the network node 225 sends a message to the wireless device 210 to continue connection setup. If there is no match between the first BF and the second BF, the probe message is dropped as an SSID corresponding to the network node's 225 one or more SSIDs was not found in the first BF of the probe message.

In some embodiments, the network node 225 stores used timestamps (i.e., timestamps received from previous probe messages). The timestamps are stored to avoid replay (e.g. replay attacks) of the probe messages (e.g. in a case if the communication network 200 comprises nodes with an incorrectly synced clock). In some embodiments, the stored timestamps may be purged after a certain amount of time so that the network node's 225 memory is freed. The certain amount of time before purging the stored timestamps may be configured in the network node 225 according to a service-level agreement (SLA). After the certain time has passed, new probe messages comprising the stored timestamps are not accepted, and such probe messages are dropped.

In some embodiments, in case a device in the communication network 200 tries to guess a correct BF, the network node 225 may tag/ mark such a device to belong to a block list/ a malicious list. Furthermore, the network node 225 may not handle any probe message arriving from the tagged device, at least for a certain period of time.

In some embodiments, if there is a false positive match at the network node 225 (i.e., the wireless device 210 sends a probe message to one or more network nodes 220 in the communication network), the network node 225 will initiate a connection setup process with the wireless device 210. However, the wireless device 210 may not accept the connection setup request (i.e., since the wireless device 210 has not considered connecting to the network node 225). An estimation of a probability for false positives may be made. The probably is based on a selected size of a Bloom filter, n, and a number of different hash functions (i.e.. Bloom filters), k.

The following table shows an example of false positive probability when the size of the BF, m, =256; k is 3, 5 or 7 (i.e., for different numbers of hash functions); and a number of network SSIDs in the communication network 200, m, inserted into the BF is 10, 20, 30.

From the table above, if 20 SSIDs are inserted into a BF of size, m = 256 and k=5, the false positive probability of matching an SSID in the probe message received at the network node 225 is 0.3%. Thus, impact of varying the size of the BF, the number of hash functions to be used and the number of inserted SSIDs in the BF has been presented in the table above. The size of the BF and/or the number of hash functions may thus be adjusted to obtain a certain surety about false positive rate in the network node 225.

Fig. 5 shows the network node 225 in accordance with some embodiments. As used herein, network node 225 refers to equipment capable, configured, arranged and/or operable to communicate directly or indirectly with a UE and/or with other network nodes or equipment, in a telecommunication network. Examples of network nodes include, but are not limited to, access points (APs) (e.g., radio access points), routers, base stations (BSs) (e.g., radio base stations. Node Bs, evolved Node Bs (eNBs) and NR NodeBs (gNBs)), RAN nodes, O-RAN nodes or components of an O-RAN node (e.g., 0- RU, 0-DU, O-CU), and/or any 6G network nodes.

Base stations may be categorized based on the amount of coverage they provide (or, stated differently, their transmit power level) and so, depending on the provided amount of coverage, may be referred to as femto base stations, pico base stations, micro base stations, or macro base stations. A base station may be a relay node or a relay donor node controlling a relay. A network node may also include one or more (or all) parts of a distributed radio base station such as centralized digital units, distributed units (e.g., in an O-RAN access node) and/or remote radio units (RRUs), sometimes referred to as Remote Radio Heads (RRHs). Such remote radio units may or may not be integrated with an antenna as an antenna integrated radio. Parts of a distributed radio base station may also be referred to as nodes in a distributed antenna system (DAS).

Other examples of network nodes include multiple transmission point (multi-TRP) 5G access nodes, multi-standard radio (MSR) equipment such as MSR BSs, network controllers such as radio network controllers (RNCs) or base station controllers (BSCs), base transceiver stations (BTSs), transmission points, transmission nodes, multi- cell/multicast coordination entities (MCEs), Operation and Maintenance (O&M) nodes. Operations Support System (OSS) nodes, Self-Organizing Network (SON) nodes, positioning nodes (e.g.. Evolved Serving Mobile Location Centers (E-SMLCs)), and/or Minimization of Drive Tests (MDTs).

The network node 225 includes a processing circuitry 502, a memory 504, a communication interface 506, and a power source 508. The network node 225 may be composed of multiple physically separate components (e.g., a NodeB component and a RNC component, or a BTS component and a BSC component, etc.), which may each have their own respective components. In certain scenarios in which the network node 225 comprises multiple separate components (e.g., BTS and BSC components), one or more of the separate components may be shared among several network nodes. For example, a single RNC may control multiple NodeBs. In such a scenario, each unique NodeB and RNC pair, may in some instances be considered a single separate network node. In some embodiments, the network node 225 may be configured to support multiple radio access technologies (RATs). In such embodiments, some components may be duplicated (e.g., separate memory 504 for different RATs) and some components may be reused (e.g., a same antenna 510 may be shared by different RATs). The network node 225 may also include multiple sets of the various illustrated components for different wireless technologies integrated into network node 225, for example GSM, WCDMA, LTE, NR, WiFi, Zigbee, Z-wave, LoRaWAN, Radio Frequency Identification (RFID) or Bluetooth wireless technologies. These wireless technologies may be integrated into the same or different chip or set of chips and other components within network node 225. The processing circuitry 502 may comprise a combination of one or more of a microprocessor, controller, microcontroller, central processing unit, digital signal processor, application-specific integrated circuit, field programmable gate array, or any other suitable computing device, resource, or combination of hardware, software and/or encoded logic operable to provide, either alone or in conjunction with other network node 500 components, such as the memory 504, to provide network node 225 functionality.

In some embodiments, the processing circuitry 502 includes a system on a chip (SOC). In some embodiments, the processing circuitry 502 includes one or more of radio frequency (RF) transceiver circuitry 512 and baseband processing circuitry 514. In some embodiments, the radio frequency (RF) transceiver circuitry 512 and the baseband processing circuitry 514 may be on separate chips (or sets of chips), boards, or units, such as radio units and digital units. In alternative embodiments, part or all of RF transceiver circuitry 512 and baseband processing circuitry 514 may be on the same chip or set of chips, boards, or units. The memory 504 may comprise any form of volatile or non-volatile computer- readable memory including, without limitation, persistent storage, solid-state memory, remotely mounted memory, magnetic media, optical media, random access memory (RAM), read-only memory (ROM), mass storage media (for example, a hard disk), removable storage media (for example, a flash drive, a Compact Disk (CD) or a Digital Video Disk (DVD)), and/or any other volatile or non-volatile, non-transitory device- readable and/or computer-executable memory devices that store information, data, and/or instructions that may be used by the processing circuitry 502. The memory 504 may store any suitable instructions, data, or information, including a computer program, software, an application including one or more of logic, rules, code, tables, and/or other instructions capable of being executed by the processing circuitry 502 and utilized by the network node 225. The memory 504 may be used to store any calculations made by the processing circuitry 502 and/or any data received via the communication interface 506. In some embodiments, the processing circuitry 502 and memory 504 is integrated.

The communication interface 506 is used in wired or wireless communication of signaling and/or data between a network node, access network, and/or UE. As illustrated, the communication interface 506 comprises port(s)/terminal(s) 516 to transmit and receive data, for example to and from a network over a wired connection. The communication interface 506 also includes radio front-end circuitry 518 that may be coupled to, or in certain embodiments a part of, the antenna 510. Radio front-end circuitry 518 comprises filters 520 and amplifiers 522. The radio front-end circuitry 518 may be connected to an antenna 510 and processing circuitry 502. The radio front-end circuitry may be configured to condition signals communicated between antenna 510 and processing circuitry 502. The radio front-end circuitry 518 may receive digital data that is to be sent out to other network nodes or UEs via a wireless connection. The radio front-end circuitry 518 may convert the digital data into a radio signal having the appropriate channel and bandwidth parameters using a combination of filters 520 and/or amplifiers 522. The radio signal may then be transmitted via the antenna 510.

Similarly, when receiving data, the antenna 510 may collect radio signals which are then converted into digital data by the radio front-end circuitry 518. The digital data may be passed to the processing circuitry 502. In other embodiments, the communication interface may comprise different components and/or different combinations of components.

In certain alternative embodiments, the network node 225 does not include separate radio front-end circuitry 518, instead, the processing circuitry 502 includes radio front-end circuitry and is connected to the antenna 510. Similarly, in some embodiments, all or some of the RF transceiver circuitry 512 is part of the communication interface 506. In still other embodiments, the communication interface 506 includes one or more ports or terminals 516, the radio front-end circuitry 518, and the RF transceiver circuitry 512, as part of a radio unit (not shown), and the communication interface 506 communicates with the baseband processing circuitry 514, which is part of a digital unit (not shown).

The antenna 510 may include one or more antennas, or antenna arrays, configured to transmit and/or receive wireless signals. The antenna 510 may be coupled to the radio front-end circuitry 518 and may be any type of antenna capable of transmitting and receiving data and/or signals wirelessly. In certain embodiments, the antenna 510 is separate from the network node 225 and connectable to the network node 225 through an interface or port. The antenna 510, communication interface 506, and/or the processing circuitry

502 may be configured to perform any receiving operations and/or certain obtaining operations described herein as being performed by the network node. Any information. data and/or signals may be received from a UE, another network node and/or any other network equipment. Similarly, the antenna 510, the communication interface 506, and/or the processing circuitry 502 may be configured to perform any transmitting operations described herein as being performed by the network node. Any information, data and/or signals may be transmitted to a UE, another network node and/or any other network equipment.

The power source 508 provides power to the various components of network node 500 in a form suitable for the respective components (e.g., at a voltage and current level needed for each respective component). The power source 508 may further comprise, or be coupled to, power management circuitry to supply the components of the network node 500 with power for performing the functionality described herein. For example, the network node 500 may be connectable to an external power source (e.g., the power grid, an electricity outlet) via an input circuitry or interface such as an electrical cable, whereby the external power source supplies power to power circuitry of the power source 508. As a further example, the power source 508 may comprise a source of power in the form of a battery or battery pack which is connected to, or integrated in, power circuitry. The battery may provide backup power should the external power source fail.

Embodiments of the network node 225 may include additional components beyond those shown in Fig. 5 for providing certain aspects of the network node's functionality, including any of the functionality described herein and/or any functionality necessary to support the subject matter described herein. For example, the network node 225 may include user interface equipment to allow input of information into the network node 225 and to allow output of information from the network node 225. This may allow a user to perform diagnostic, maintenance, repair, and other administrative functions for the network node 225. In an example, the one or more network nodes 220 comprises the network node 225. The network node 225 is configured to perform the operations according to any of the methods disclosed herein in relation to the network node 225, including the method shown in Fig. 4.

Fig. 6 shows a wireless device 210 in accordance with some embodiments. As used herein, the wireless device 210 refers to a device capable, configured, arranged and/or operable to communicate wirelessly with network nodes and/or other wireless devices. Examples of the wireless device 210 include, but are not limited to, a smart phone, mobile phone, cell phone, voice over IP (VoIP) phone, wireless local loop phone, desktop computer, personal digital assistant (PDA), wireless cameras, gaming console or device, music storage device, playback appliance, wearable terminal device, wireless endpoint, mobile station, tablet, laptop, laptop-embedded equipment (LEE), laptop- mounted equipment (LME), smart device, wireless customer-premise equipment (CPE), vehicle, vehicle-mounted or vehicle embedded/integrated wireless device, etc. Other examples include any wireless device 210 identified by the 3rd Generation Partnership Project (3GPP) including a 6G compatible wireless device, including a narrow band loT (NB-IoT) wireless device, a machine type communication (MTC) wireless device 210, and/or an enhanced MTC (eMTC) wireless device. The wireless device 210 is configured to perform the operations according to any of the methods disclosed herein in relation to the wireless device 210, including the method shown in Fig. 3.

The wireless device 210 may support device-to-device (D2D) communication, for example by implementing a 3GPP standard for sidelink communication. Dedicated Short-Range Communication (DSRC), vehicle-to-vehicle (V2V), vehicle-to- infrastructure (V2I), or vehicle-to-everything (V2X). In other examples, the wireless device 210 may not necessarily have a user in the sense of a human user who owns and/or operates the relevant device. Instead, the wireless device 210 may represent a device that is intended for sale to, or operation by, a human user but which may not, or which may not initially, be associated with a specific human user (e.g., a smart sprinkler controller). Alternatively, the wireless device 210 may represent a device that is not intended for sale to, or operation by, an end user but which may be associated with or operated for the benefit of a user (e.g., a smart power meter).

The wireless device 210 includes processing circuitry 602 that is operatively coupled via a bus 604 to an input/output interface 606, a power source 608, a memory 610, a communication interface 612, and/or any other component, or any combination thereof. Certain wireless devices may utilize all or a subset of the components shown in Fig. 6. The level of integration between the components may vary from one wireless device to another wireless device. Further, certain wireless devices may contain multiple instances of a component, such as multiple processors, memories, transceivers, transmitters, receivers, etc. The processing circuitry 602 is configured to process instructions and data and may be configured to implement any sequential state machine operative to execute instructions stored as machine-readable computer programs in the memory 610. The processing circuitry 602 may be implemented as one or more hardware-implemented state machines (e.g., in discrete logic, field-programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), etc.); programmable logic together with appropriate firmware; one or more stored computer programs, general-purpose processors, such as a microprocessor or digital signal processor (DSP), together with appropriate software; or any combination of the above. For example, the processing circuitry 602 may include multiple central processing units (CPUs).

In the example, the input/output interface 606 may be configured to provide an interface or interfaces to an input device, output device, or one or more input and/or output devices. Examples of an output device include a speaker, a sound card, a video card, a display, a monitor, a printer, an actuator, an emitter, a smartcard, another output device, or any combination thereof. An input device may allow a user to capture information into the wireless device 210. Examples of an input device include a touch- sensitive or presence-sensitive display, a camera (e.g., a digital camera, a digital video camera, a web camera, etc.), a microphone, a sensor, a mouse, a trackball, a directional pad, a trackpad, a scroll wheel, a smartcard, and the like. The presence-sensitive display may include a capacitive or resistive touch sensor to sense input from a user. A sensor may be, for instance, an accelerometer, a gyroscope, a tilt sensor, a force sensor, a magnetometer, an optical sensor, a proximity sensor, a biometric sensor, etc., or any combination thereof. An output device may use the same type of interface port as an input device. For example, a Universal Serial Bus (USB) port may be used to provide an input device and an output device.

In some embodiments, the power source 608 is structured as a battery or battery pack. Other types of power sources, such as an external power source (e.g., an electricity outlet), photovoltaic device, or power cell, may be used. The power source 608 may further include power circuitry for delivering power from the power source 608 itself, and/or an external power source, to the various parts of the wireless device 210 via input circuitry or an interface such as an electrical power cable. Delivering power may be, for example, for charging of the power source 608. Power circuitry may perform any formatting, converting, or other modification to the power from the power source 608 to make the power suitable for the respective components of the wireless device 210 to which power is supplied.

The memory 610 may be or be configured to include memory such as random access memory (RAM), read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic disks, optical disks, hard disks, removable cartridges, flash drives, and so forth. In one example, the memory 610 includes one or more application programs 614, such as an operating system, web browser application, a widget, gadget engine, or other application, and corresponding data 616. The memory 610 may store, for use by the wireless device 210, any of a variety of various operating systems or combinations of operating systems.

The memory 610 may be configured to include a number of physical drive units, such as redundant array of independent disks (RAID), flash memory, USB flash drive, external hard disk drive, thumb drive, pen drive, key drive, high-density digital versatile disc (HD-DVD) optical disc drive, internal hard disk drive, Blu-Ray optical disc drive, holographic digital data storage (HDDS) optical disc drive, external mini-dual in-line memory module (DIMM), synchronous dynamic random access memory (SDRAM), external micro-DIMM SDRAM, smartcard memory such as tamper resistant module in the form of a universal integrated circuit card (UICC) including one or more subscriber identity modules (SIMs), such as a USIM and/or ISIM, other memory, or any combination thereof. The UICC may for example be an embedded UICC (eUICC), integrated UICC (iUICC) or a removable UICC commonly known as 'SIM card.' The memory 610 may allow the wireless device 210 to access instructions, application programs and the like, stored on transitory or non-transitory memory media, to off-load data, or to upload data. An article of manufacture, such as one utilizing a communication system may be tangibly embodied as or in the memory 610, which may be or comprise a device-readable storage medium.

The processing circuitry 602 may be configured to communicate with an access network or other network using the communication interface 612. The communication interface 612 may comprise one or more communication subsystems and may include or be communicatively coupled to an antenna 622. The communication interface 612 may include one or more transceivers used to communicate, such as by communicating with one or more remote transceivers of another device capable of wireless communication (e.g., another wireless device or a network node in an access network). Each transceiver may include a transmitter 618 and/or a receiver 620 appropriate to provide network communications (e.g., optical, electrical, frequency allocations, and so forth). Moreover, the transmitter 618 and receiver 620 may be coupled to one or more antennas (e.g., antenna 622) and may share circuit components, software or firmware, or alternatively be implemented separately.

In the illustrated embodiment, communication functions of the communication interface 612 may include cellular communication, Wi-Fi communication, LPWAN communication, data communication, voice communication, multimedia communication, short-range communications such as Bluetooth, near-field communication, location-based communication such as the use of the global positioning system (GPS) to determine a location, another like communication function, or any combination thereof. Communications may be implemented in according to one or more communication protocols and/or standards, such as IEEE 802.11, Code Division Multiplexing Access (CDMA), Wideband Code Division Multiple Access (WCDMA), GSM, LTE, New Radio (NR), UMTS, WiMax, Ethernet, transmission control protocol/internet protocol (TCP/IP), synchronous optical networking (SONET), Asynchronous Transfer Mode (ATM), QUIC, Hypertext Transfer Protocol (HTTP), and so forth.

Regardless of the type of sensor, the wireless device 210 may provide an output of data captured by its sensors, through its communication interface 612, via a wireless connection to a network node. Data captured by sensors of the wireless device 210 can be communicated through a wireless connection to a network node via another wireless device. The output may be periodic (e.g., once every 15 minutes if it reports the sensed temperature), random (e.g., to even out the load from reporting from several sensors), in response to a triggering event (e.g., when moisture is detected an alert is sent), in response to a request (e.g., a user initiated request), or a continuous stream (e.g., a live video feed of a patient). As another example, the wireless device 210 comprises an actuator, a motor, or a switch, related to a communication interface configured to receive wireless input from a network node via a wireless connection. In response to the received wireless input the states of the actuator, the motor, or the switch may change. For example, the wireless device 210 may comprise a motor that adjusts the control surfaces or rotors of a drone in flight according to the received input or to a robotic arm performing a medical procedure according to the received input. The wireless device 210, when in the form of an loT device, may be a device for use in one or more application domains, these domains comprising, but not limited to, city wearable technology, extended industrial application and healthcare. Non-limiting examples of such an loT device are a device which is or which is embedded in: a connected refrigerator or freezer, a TV, a connected lighting device, an electricity meter, a robot vacuum cleaner, a voice controlled smart speaker, a home security camera, a motion detector, a thermostat, a smoke detector, a door/window sensor, a flood/moisture sensor, an electrical door lock, a connected doorbell, an air conditioning system like a heat pump, an autonomous vehicle, a surveillance system, a weather monitoring device, a vehicle parking monitoring device, an electric vehicle charging station, a smart watch, a fitness tracker, a head-mounted display for Augmented Reality (AR) or Virtual Reality (VR), a wearable for tactile augmentation or sensory enhancement, a water sprinkler, an animal- or item-tracking device, a sensor for monitoring a plant or animal, an industrial robot, an Unmanned Aerial Vehicle (UAV), and any kind of medical device, like a heart rate monitor or a remote controlled surgical robot. The wireless device 210 in the form of an loT device comprises circuitry and/or software in dependence of the intended application of the loT device in addition to other components as described in relation to the wireless device 210 shown in Fig. 6.

As yet another specific example, in an loT scenario, the wireless device 210 may represent a machine or other device that performs monitoring and/or measurements, and transmits the results of such monitoring and/or measurements to another wireless device 210 and/or a network node. The wireless device 210 may in this case be an M2M device, which may in a 3GPP context be referred to as an MTC device. As one particular example, the wireless device 210 may implement the 3GPP NB-IoT standard. In other scenarios, the wireless device 210 may represent a vehicle, such as a car, a bus, a truck, a ship and an airplane, or other equipment that is capable of monitoring and/or reporting on its operational status or other functions associated with its operation. In practice, any number of wireless devices may be used together with respect to a single use case. For example, a first wireless device might be or be integrated in a drone and provide the drone's speed information (obtained through a speed sensor) to a second wireless device that is a remote controller operating the drone. When the user makes changes from the remote controller, the first wireless device may adjust the throttle on the drone (e.g. by controlling an actuator) to increase or decrease the drone's speed. The first and/or the second wireless device can also include more than one of the functionalities described above. For example, the wireless device 210 might comprise the sensor and the actuator, and handle communication of data for both the speed sensor and the actuators.

Fig. 7 illustrates an embodiment of a computer program product 710 according to the invention. The computer program product 710 of the wireless device 210 and/or the network node 225 includes a computer readable storage medium (storage or recording medium) storing a computer program 720 comprising computer readable instructions. The computer readable medium of the wireless device 210 and/or the network node 225, may be a non-transitory computer readable medium, such as, magnetic media (e.g., a hard disk), optical media, memory devices (e.g., random access memory, flash memory), and the like. In some embodiments, the computer readable instructions of the computer program 720 are configured such that when executed by processing circuitry 502 and/or the processing circuitry 602, the computer readable instructions cause the wireless device 210 and/or the network node 225 to perform steps described herein (e.g., method 300, method 400). In other embodiments, the wireless device 210 and/or the network node 225 may be configured/operable to perform steps described herein without the need for code. That is, for example, the processing circuity 502 and/or the processing circuitry 602 may consist merely of one or more ASICs. Hence, the features of the embodiments described herein may be implemented in hardware and/or software.

The computer program code mentioned above may also be provided, for instance in the form of a data carrier carrying computer program code for performing the embodiments herein when being loaded into the hardware. One such carrier may be in the form of a CD ROM disc. It is however feasible with other data carriers such as a memory stick. The computer program code may furthermore be provided as pure program code on the wireless device 210 and/or the network node 225, and downloaded to the hardware at production, and/or during software updates.

Claims

1. A method (300) performed by a wireless device (210) in a communication network (200), the method comprising: generating (305) a first Bloom filter, BF, of length m, wherein the first BF comprises an indication of one or more SSIDs associated with one or more network nodes (220), wherein one or more SSIDs are associated with a network node (225) of the one or more network nodes (220); and transmitting (310), to the one or more network nodes (220), a probe message for joining at least one of the one or more SSIDs associated with the one or more network nodes (220), wherein the probe message comprises the first BF.

2. The method according to claim 1, wherein each of the one or more SSIDs associated with the one or more network nodes is represented by a bitstring.

3. The method according to claim 1 or 2, wherein the probe message further comprises a first timestamp and wherein the first timestamp indicates a time when the wireless device sends the probe message.

4. The method according to any of claims 1 to 3, wherein the indication of the one or more SSIDs associated with one or more network nodes is generated by performing a bitwise logical OR operation on all bitstrings associated with the one or more SSIDs associated with the one or more network nodes.

5. The method according to any of claims 1 to 4, comprising storing (315) the one or more SSIDs associated with the one or more network nodes in the wireless device.

6. The method according to any of claims 2 to 5, wherein each of the bitstrings of the one or more SSIDs associated with one or more network nodes is generated from a hash value obtained by applying a hash function on an SSID associated with the one or more network nodes.

7. The method according to any of claims 2 to 6, wherein each of the bitstrings of the one or more SSIDs associated with one or more network nodes is generated from a hash value obtained by applying a hash function on an SSID associated with the one or more network nodes and the first timestamp.

8. The method according to claim 6 or 7, wherein the hash function is selected from a set of hash functions known to both of the one or more network nodes and the wireless device.

9. The method according to any of claims 6 to 8, wherein the hash value is a value between 0 and (m - 1) and the hash value represents an index value in the first BF.

10. The method according to any of claims 1 to 9, wherein the length of the first BF corresponds to a number of the one or more SSIDs associated with one or more network nodes.

11. The method according to any of claims 1 to 10, comprising: receiving (320), from the one or more network nodes, a message for establishing a connection with the one or more network nodes.

12. The method according to any of claims 1 to 11, wherein the network node is an Institute of Electrical and Electronics Engineers, IEEE, 802.11 access point and the wireless device supports IEEE 802.11 communication.

13. A method (400) performed by a network node (225) in a communication network (200), the method comprising: receiving (405), from a wireless device (210), a probe message for joining a first SSID associated with the network node, wherein the probe message comprises a first

Bloom filter, BF, and wherein the first BF comprises an indication of one or more SSIDs associated with one or more network nodes (220); generating (410) a second BF of length m, wherein the second BF comprises an indication of the first SSID; and verifying (415) whether the first SSID is present in the first BF by comparing the first BF and the second BF.

14. The method according to claim 13, wherein the one or more SSIDs associated with one or more network nodes (220) is represented by a bitstring and the first SSID is represented by another bitstring.

15. The method according to claim 13 or 14, wherein the probe message further comprises a first timestamp and wherein the first timestamp indicates a time when the wireless device sends the probe message.

16. The method according to claim 15, comprising: storing (420), in the network node, the first timestamp; and/or storing (425), in the network node, an identification of the wireless device.

17. The method according to claim 15 or 16, comprising: confirming (430) whether the first timestamp is same as a previously used timestamp associated with the wireless network device; if the first timestamp is same as the previously used timestamp: discarding (435) the probe message; and/or tagging (440) the wireless device as a malicious device, wherein further probe messages from the wireless device are discarded.

18. The method according to claim 16 or 17, comprising: deleting (445) the first timestamp after a predefined time has elapsed.

19. The method according to any of claims 16 to 18, comprising: discarding (450) of the probe message if the first timestamp is older than a predefined time window.

20. The method according to any of claims 13 to 19, wherein the indication of the first SSID of the second BF is generated from a hash value obtained by applying a hash function on the first SSID.

21. The method according to any of claims 15 to 20, wherein the indication of the first

SSID of the second BF is generated from a hash value obtained by applying a hash function on the first SSID and the first timestamp.

22. The method according to claim 21, the verifying (415) comprises: comparing a bitstring of the first BF and the another bitstring of second BF, wherein the first BF comprises the indication of one or more SSIDs associated with one or more network nodes and the first timestamp.

23. The method according to any of claims 20 to 22, wherein the hash function is selected from a set of hash functions known to both of the network node and the wireless device.

24. The method according to any of claims 20 to 23, wherein the hash value is a value between 0 and (m - 1) and the hash value represents an index value in the second BF.

25. The method according to any of claims 13 to 24, wherein the length of the second BF corresponds to the length of the first BF, wherein the length of the first BF corresponds to a number of the one or more SSIDs associated with one or more network nodes.

26. The method according to any of claims 13 to 25, comprising: transmitting (455), to the wireless device, a message for establishing a connection between the wireless device and the network node in response to verifying that the first SSID is present in the first BF; and/or dropping (460) the probe message in response to verifying that the first SSID is not present in the first BF.

27. The method according to any of claims 13 to 26, wherein the network node is an Institute of Electrical and Electronics Engineers, IEEE, 802.11 access point and the wireless device supports IEEE 802.11 communication.

28. A wireless device (210) in a communication network (200), the wireless device adapted to: generate (305) a first Bloom filter, BF, of length m, wherein the first BF comprises an indication of one or more SSIDs associated with one or more network nodes (220), wherein one or more SSIDs are associated with a network node (225) of the one or more network nodes (220); and transmit (310), to the one or more network nodes (220), a probe message for joining at least one of the one or more SSIDs associated with the one or more network nodes (220), wherein the probe message comprises the first BF.

29. The wireless device according to claim 28, wherein each of the one or more SSIDs associated with the one or more network nodes is represented by a bitstring.

30. The wireless device according to claim 28 or 29, wherein with the probe message further comprises a first timestamp and wherein the first timestamp indicates a time when the wireless device sends the probe message.

31. The wireless device according to any of claims 28 to 30, wherein the indication of the one or more SSIDs associated with one or more network nodes is generated by performing a bitwise logical OR operation on all bitstrings associated with the one or more SSIDs associated with the one or more network nodes.

32. The wireless device according to any of claims 28 to 31, adapted to store (315) the one or more SSIDs associated with one or more network nodes in the wireless device.

33. The wireless device according to any of claims 29 to 32, wherein each of the bitstrings of the one or more SSIDs associated with one or more network nodes is generated from a hash value obtained by applying a hash function on an SSID associated with the one or more network nodes.

34. The wireless device according to any of claims 29 to 33, wherein each of the bitstrings of the one or more SSIDs associated with one or more network nodes is generated from a hash value obtained by applying a hash function on an SSID associated with the one or more network nodes and the first timestamp.

35. The wireless device according to claim 33 or 34, wherein the hash function is selected from a set of hash functions known to both of the one or more network nodes and the wireless device.

36. The wireless device according to any of claims 33 to 35, wherein the hash value is a value between 0 and (m - 1) and the hash value represents an index value in the first

BF.

37. The wireless device according to any of claims 28 to 36, wherein the length of the first BF corresponds to a number of the one or more SSIDs associated with one or more network nodes.

38. The wireless device according to any of claims 28 to 37, adapted to: receive (320), from the network node, a message for establishing a connection with the network node.

39. The wireless device according to any of claims 28 to 38, wherein the network node is an Institute of Electrical and Electronics Engineers, IEEE, 802.11 access point and the wireless device supports IEEE 802.11 communication.

40. A network node (225) in a communication network (200), the network node adapted to: receive (405), from a wireless device (210), a probe message for joining a first SSID associated with the network node, wherein the probe message comprises a first Bloom filter, BF, and wherein the first BF comprises an indication of one or more SSIDs associated with one or more network nodes (220); generate (410) a second BF of length m, wherein the second BF comprises an indication of the first SSID; and verify (415) whether the first SSID is present in the first BF by comparing the first BF and the second BF.

41. The network node according to claim 40, wherein the one or more SSIDs associated with one or more network nodes (220) is represented by a bitstring and the first SSID is represented by another bitstring.

42. The network node according to claim 40 or 41, wherein the probe message further comprises a first timestamp and wherein the first timestamp indicates a time when the wireless device sends the probe message.

43. The network node according to claim 42, adapted to: store (420), in the network node, the first timestamp; and/or store (425), in the network node, an identification of the wireless device.

44. The network node according to claim 42 or 43, adapted to: confirm (430) whether the first timestamp is same as a previously used timestamp associated with the wireless network device; if the first timestamp is same as the previously used timestamp: discard (435) the probe message; and/or tag (440) the wireless device as a malicious device, wherein further probe messages from the wireless device are discarded.

45. The network node according to claim 43 or 44, adapted to: delete (445) the first timestamp after a predefined time has elapsed.

46. The network node according to any of claims 43 to 45, adapted to: discard (450) the probe message if the first timestamp is older than a predefined time window.

47. The network node according to any of claims 41 to 46, wherein the indication of the first SSID of the second BF is generated from a hash value obtained by applying a hash function on the first SSID.

48. The network node according to any of claims 42 to 47, wherein the indication of the first SSID of the second BF is generated from a hash value obtained by applying a hash function on the first SSID and the first timestamp.

49. The network node according to claim 48, wherein the verifying (415) comprises: comparing a bitstring of the first BF and the another bitstring of second BF, wherein the first BF comprises the indication of one or more SSIDs associated with one or more network nodes and the first timestamp

50. The network node according to any of claims 47 to 49, wherein the hash function is selected from a set of hash functions known to both of the network node and the wireless device.

51. The network node according to claim 49 or 50, wherein the hash value is a value between 0 and (m - 1) and the hash value represents an index value in the second BF.

52. The network node according to any of claims 40 to 51, wherein the length of the second BF corresponds to the length of the first BF, wherein the length of the first BF corresponds to a number of the one or more SSIDs associated with one or more network nodes.

53. The network node according to any of claims 40 to 52, adapted to: transmit (455), to the wireless device, a message for establishing a connection between the wireless device and the network node in response to verifying that the first SSID is present in the first BF; and/or drop (460) the probe message in response to verifying that the first SSID is not present in the first BF.

54. The network node according to any of claims 40 to 53, wherein the network node is an Institute of Electrical and Electronics Engineers, IEEE, 802.11 access point and the wireless device supports IEEE 802.11 communication.

55. A wireless device (210) in a communication network (200), the wireless device comprising: at least one processing circuitry (602); and at least one memory (610) connected to the at least one processing circuitry (602) and storing program code that is executed by the at least one processing circuitry to perform the method according to any one of claims 1 to 12.

56. A network node (225) in a communication network (200), the network node comprising: at least one processing circuitry (502); and at least one memory (504) connected to the at least one processing circuitry (502) and storing program code that is executed by the at least one processing circuitry to perform the method according to any one of claims 13 to 27.

57. A computer program (720) comprising instructions which, when executed by at least one processing circuitry (602; 502) of: a wireless device (210), causes the wireless device to carry out the method according to any one of claims 1 to 12; and/or a network node (225), causes the network node to carry out the method according to any one of claims 13 to 27.

58. A computer program product (710) stored on a non-transitory computer readable medium and comprising instructions that, when executed by at least one processing circuitry (602; 502) of: a wireless device (210), causes the wireless device to perform the method according to any one of claims 1 to 12; and/or a network node (225), causes the network node to perform the method according to any one of claims 13 to 27.