[go: up one dir, main page]

WO2025151279A2 - Trames de service sécurisées dans des communications sans fil - Google Patents

Trames de service sécurisées dans des communications sans fil

Info

Publication number
WO2025151279A2
WO2025151279A2 PCT/US2024/061433 US2024061433W WO2025151279A2 WO 2025151279 A2 WO2025151279 A2 WO 2025151279A2 US 2024061433 W US2024061433 W US 2024061433W WO 2025151279 A2 WO2025151279 A2 WO 2025151279A2
Authority
WO
WIPO (PCT)
Prior art keywords
cmf
control frame
control
frame
integrity check
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/US2024/061433
Other languages
English (en)
Other versions
WO2025151279A3 (fr
Inventor
Alfred ASTERJADHI
Abhishek Pramod PATIL
Sai Yiu Duncan Ho
George Cherian
Gaurang NAIK
Ranga Rao Ravuri
Balaji Nagarajan
Guido Robert Frederiks
Niranjan Regatte
Naveen Kumar Kakani
Srinivas Katar
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of WO2025151279A2 publication Critical patent/WO2025151279A2/fr
Publication of WO2025151279A3 publication Critical patent/WO2025151279A3/fr
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • a wireless local area network may be formed by one or more wireless access points (APs) that provide a shared wireless communication medium for use by multiple client devices also referred to as wireless stations (STAs).
  • the basic building block of a WLAN conforming to the Institute of Electrical and Electronics Engineers (IEEE) 802.11 family of standards is a Basic Service Set (BSS), which is managed by an AP.
  • BSS Basic Service Set
  • Each BSS is identified by a Basic Service Set Identifier (BSSID) that is advertised by the AP.
  • An AP periodically broadcasts beacon frames to enable any STAs within wireless range of the AP to establish or maintain a communication link with the WLAN.
  • APs and STAs may engage in reliable, such as ultra-high reliability (UHR), communications.
  • UHR communications may rely on transmissions of control information for many purposes, such as for example acknowledgments, network allocation vector (NAV) setting, sounding, triggering, and cross link control signaling, among others.
  • NAV network allocation vector
  • a malicious actor may attack a wireless communication by targeting the frames containing control information. Such attacks can lead to denial of service, power drain at UEs, decrease of reliability of the communications, and wastage of radio frequency resources.
  • the method may include obtaining a control frame including a first portion of a control message integrity check field (CMF) and a second portion of the CMF, the first portion of the CMF including an identifier (ID) of a security key and the second portion of the CMF including a truncated first integrity check and verifying a validity of the control frame, based on a comparison of the truncated first integrity check and a second integrity check, where the second integrity check is based on at least the security' key, a partial packet number (PN) associated with the control frame, and one or more portions of the control frame, and the second integrity check is truncated corresponding to the truncated first integrity check.
  • CMF control message integrity check field
  • ID identifier
  • PN partial packet number
  • the apparatus may include a processing system that includes processor circuitry and memory circuitry that stores code.
  • the processing system may be configured to cause the apparatus to obtain a control frame including a first portion of a CMF and a second portion of the CMF, the first portion of the CMF including an ID of a security key and the second portion of the CMF including a truncated first integrity check and verify a validity of the control frame, based on a comparison of the truncated first integrity check and a second integrity check, where the second integrity check is based on at least the security key, a partial PN associated with the control frame, and one or more portions of the control frame, and the second integrity' check is truncated corresponding to the truncated first integrity check.
  • the code may include instructions executable by one or more processors to obtain a control frame including a first portion of a CMF and a second portion of the CMF, the first portion of the CMF including an ID of a security key and the second portion of the CMF including a truncated first integrity check and verify a validity of the control frame, based on a comparison of the truncated first integrity check and a second integrity check, where the second integrity check is based on at least the security key, a partial PN associated with the control frame, and one or more portions of the control frame, and the second integrity check is truncated corresponding to the truncated first integrity check.
  • the second integnty check may be truncated to include a subset of bits of an authentication code output that may be based on at least the security key, the partial PN, and the one or more portions of the control frame.
  • Figure 5 shows an example signaling diagram that supports secure control frames in wireless communications.
  • FIG. 6 shows an example of a control message integrity check field (CMF) that supports secure control frames in wireless communications.
  • CMF control message integrity check field
  • CDMA code division multiple access
  • TDMA time division multiple access
  • OFDM orthogonal frequency division multiplexing
  • FDMA frequency division multiple access
  • OFDMA orthogonal FDMA
  • SC-FDMA single-carrier FDMA
  • SDMA spatial division multiple access
  • RSMA rate-splitting multiple access
  • MUSA multi-user shared access
  • SU single-user
  • MIMO multiple-input multiple-output
  • MU-MIMO multi-user
  • Various aspects relate generally to securing frames between an access point (AP) and station (STA), such as frames including control information.
  • a frame is transmitted with a control message integrity check (MIC) field (CMF) that includes an identifier (ID) of a security key, at least a portion of a packet number (PN), and at least a portion of an integrity check computed based on one or more portions of the frame including the control information and the security key.
  • the CMF may be transmitted is separate parts, such as a first portion and a second portion. The first portion of the CMF and the second portion of the CMF may include different subsets of the ID of the security key, the portion of the PN.
  • the first portion of the CMF may include the ID of the security key and at least the portion of the PN, and a second portion of the CMF may include at least a truncated portion of the integrity check.
  • the first portion of the CMF may be transmitted relatively early in the frame, such as pnor to one or more fields that are to be protected, and the second portion of the CMF may be transmitted after one or more fields that are to be protected.
  • a partial PN may be transmitted in the first portion of the CMF, which may be combined with a base PN to generate a full PN that is used for integrity check, encryption, or both.
  • an association identifier AID
  • MAC medium access control
  • an amount of padding provided in control frames may be based on whether a frame is protected and, if the frame is protected, whether protection is provided using an integrity check, encryption, or both.
  • the security key may be a group temporal key (GTK) or a pairwise temporal key (PTK). Such security- keys may be shared between an AP and authenticated STAs during or after authentication.
  • GTK or PTK may be selected for encrypting a frame based on a quantity of STAs that are being served by an AP, and switching between the PTK and GTK may be dynamic.
  • a UE can avoid wasting power and radio frequency resources when the UE receives an invalid control frame from an attacker.
  • the described techniques can be used to efficiently verify a control frame, allowing devices to efficiently respond to the control frames, as opposed to some techniques in which large portions of a frame may be encrypted, which can cause a device to spend a substantial amount of time and processing resources decrypting those portions of the frame.
  • the described techniques may allow for the CMF to be provided in accordance with existing frame structures in which the PN and the ID of the security key may be part of a security header while the integrity check is provided later in the frame.
  • the CMF may be provided in accordance with existing frame structures in which the PN and the ID of the security key may be part of a security header while the integrity check is provided later in the frame.
  • overhead within the CMF (such as within the first portion of the CMF) may be reduced, and by providing a truncated integrity check, overhead within the CMF (such as within the second portion of the CMF) may be reduced.
  • an AID may be used instead of a MAC address to associate one or more security keys for each STA
  • such techniques may provide for reduced memory usage relative to implementations in which the MAC address may be stored along with the one or more security keys for each STA.
  • such techniques may be used to efficiently manage tracking of security keys of multiple STAs at an AP, where if a quantity of STAs served by an AP is less than a first amount separate PTKs for each STA may be maintained, and otherwise a GTK may be associated with multiple STAs which may allow for more efficient processing at the AP.
  • an amount of padding is based on whether a frame is protected and, if the frame is protected, whether protection is provided using an integrity check, encryption, or both
  • sufficient processing time may be provided for processing of the control frame while reducing overhead in cases in which less processing time is used, such as cases in which no protection is provided for a frame or in which an unencrypted frame uses an integrity check, which use less processing time than encrypted frames.
  • FIG 1 shows a pictorial diagram of an example wireless communication network 100.
  • the wireless communication network 100 can be an example of a wireless local area network (WLAN) such as a Wi-Fi network.
  • WLAN wireless local area network
  • the wireless communication network 100 can be a network implementing at least one of the IEEE 802.11 family of wireless communication protocol standards (such as defined by the IEEE 802. 11-2020 specification or amendments thereof including, but not limited to, 802.11ay, 802.11ax, 802.11az, 802.11ba, 802.11bc, 802. 1 Ibd, 802. 1 Ibe, 802. 1 Ibf. and 802. 1 Ibn).
  • the wireless communication network 100 can include a WLAN that functions in an interoperable or converged manner with one or more personal area networks, such as a network implementing Bluetooth or other wireless technologies, to provide greater or enhanced network coverage or to provide or enable other capabilities, functionality, applications or services.
  • a WLAN that functions in an interoperable or converged manner with one or more personal area networks, such as a network implementing Bluetooth or other wireless technologies, to provide greater or enhanced network coverage or to provide or enable other capabilities, functionality, applications or services.
  • a STA 104 may have the opportunity to select one of many BSSs within range of the STA 104 or to select among multiple APs 102 that together form an extended service set (ESS) including multiple connected BSSs.
  • the wireless communication network 100 may be connected to a wired or wireless distribution system that may enable multiple APs 102 to be connected in such an ESS.
  • a STA 104 can be covered by more than one AP 102 and can associate with different APs 102 at different times for different transmissions.
  • a STA 104 after association with an AP 102, a STA 104 also may periodically scan its surroundings to find a more suitable AP 102 with which to associate.
  • a STA 104 that is moving relative to its associated AP 102 may perform a ‘‘roaming’' scan to find another AP 102 having more desirable network characteristics such as a greater received signal strength indicator (RS SI) or a reduced traffic load.
  • RS SI received signal strength indicator
  • STAs 104 may form networks without APs 102 or other equipment other than the STAs 104 themselves.
  • a network is an ad hoc network (or wireless ad hoc network).
  • Ad hoc networks may alternatively be referred to as mesh networks or peer-to-peer (P2P) networks.
  • P2P peer-to-peer
  • ad hoc networks may be implemented within a larger network such as the wireless communication network 100.
  • STAs 104 may be capable of communicating with each other through the AP 102 using communication links 106, STAs 104 also can communicate directly with each other via direct wireless communication links 110.
  • two STAs 104 may communicate via a direct wireless communication link 1 10 regardless of whether both STAs 104 are associated with and served by the same AP 102.
  • one or more of the STAs 104 may assume the role fdled by the AP 102 in a BSS.
  • Such a STA 104 may be referred to as a group owner (GO) and may coordinate transmissions within the ad hoc network.
  • Examples of direct wireless communication links 110 include Wi-Fi Direct connections, connections established by using a Wi-Fi Tunneled Direct Link Setup (TDLS) link, and other P2P group connections.
  • TDLS Wi-Fi Tunneled Direct Link Setup
  • Each PPDU is a composite structure that includes a PHY preamble and a pay load that is in the form of a PHY service data unit (PSDU).
  • the information provided in the preamble may be used by a receiving device to decode the subsequent data in the PSDU.
  • the preamble fields may be duplicated and transmitted in each of multiple component channels.
  • the PHY preamble may include both a legacy portion (or '‘legacy preamble”) and a non-legacy portion (or “non-legacy preamble”).
  • the legacy preamble may be used for packet detection, automatic gain control and channel estimation, among other uses.
  • the legacy preamble also may generally be used to maintain compatibility with legacy devices.
  • the format of, coding of, and information provided in the non-legacy portion of the preamble is associated with the particular IEEE 802. 11 wireless communication protocol to be used to transmit the payload.
  • Such licensed operating bands may map to or be associated with frequency range designations of FR1 (410 MHz - 7.125 GHz), FR2 (24.25 GHz - 52.6 GHz), FR3 (7.125 GHz - 24.25 GHz), FR4a or FR4-1 (52.6 GHz - 71 GHz), FR4 (52.6 GHz - 114.25 GHz), and FR5 (114.25 GHz - 300 GHz).
  • a wireless communication device may be configured to monitor multiple primary 7 20 MHz channels in parallel.
  • a first primary 20 MHz channel may be referred to as a main primary (M- Pnmary) channel and one or more additional, second primary channels may each be referred to as an opportunistic primary 7 (O-Primary) channel.
  • M- Pnmary main primary
  • O-Primary opportunistic primary 7
  • a wireless communication device measures, identifies, ascertains, detects, or otherwise determines that the M-Primary channel is busy or occupied (such as due to an overlapping BSS (OBSS) transmission)
  • OBSS overlapping BSS
  • the preamble 202 may include a legacy portion that itself includes a legacy short training field (L- STF) 206, which may consist of two symbols, a legacy long training field (L-LTF) 208, which may consist of two symbols, and a legacy signal field (L-SIG) 210, which may consist of two symbols.
  • L- STF legacy short training field
  • L-LTF legacy long training field
  • L-SIG legacy signal field
  • the legacy portion of the preamble 202 may be configured according to the IEEE 802. 1 la wireless communication protocol standard.
  • the preamble 202 also may include a non-legacy portion including one or more non-legacy fields 212, for example, conforming to one or more of the IEEE 802. 11 family of wireless communication protocol standards.
  • FIG 3 shows an example physical layer (PHY) protocol data unit (PPDU) 350 usable for communications between a wireless AP and one or more wireless STAs.
  • the AP and STAs may be examples of the AP 102 and the STAs 104 described with reference to Figure 1.
  • the PPDU 350 includes a PHY preamble, that includes a legacy portion 352 and a non-legacy portion 354, and a payload 356 that includes a data field 374.
  • the legacy portion 352 of the preamble includes an L-STF 358, an L-LTF 360, and an L-SIG 362.
  • U-SIG 366 and EHT-SIG 368 may be structured as, and cany' version-dependent information for. other wireless communication protocol versions associated with amendments to the IEEE family of standards beyond EHT.
  • U-SIG 366 may be used by a receiving device (such as an AP 102 or a STA 104) to interpret bits in one or more of EHT-SIG 368 or the data field 374.
  • the information in U-SIG 366 and EHT-SIG 368 may be duplicated and transmitted in each of the component 20 MHz channels in instances involving the use of a bonded channel.
  • FIG 4 shows a hierarchical format of an example PPDU usable for communications between a wireless AP and one or more wireless STAs.
  • the AP and STAs may be examples of the AP 102 and the STAs 104 described with reference to Figure 1.
  • each PPDU 400 includes a PHY preamble 402 and a PSDU 404.
  • Each PSDU 404 may represent (or “carry”) one or more MAC protocol data units (MPDUs) 416.
  • MPDUs MAC protocol data units
  • each PSDU 404 may cany an aggregated MPDU (A-MPDU) 406 that includes an aggregation of multiple A-MPDU subframes 408.
  • A-MPDU aggregated MPDU
  • Each A-MPDU subframe 408 may include an MPDU frame 410 that includes a MAC delimiter 412 and a MAC header 414 prior to the accompanying MPDU 416, which includes the data portion (“payload” or “frame body”) of the MPDU frame 410.
  • Each MPDU frame 410 also may include a frame check sequence (FCS) field 418 for error detection (for example, the FCS field 418 may include a cyclic redundancy check (CRC)) and padding bits 420.
  • the MPDU 416 may carry one or more MAC service data units (MSDUs) 430.
  • the MPDU 416 may carry an aggregated MSDU (A-MSDU) 422 including multiple A-MSDU subframes 424.
  • Each A-MSDU subframe 424 may be associated with an MSDU frame 426 and may contain a corresponding MSDU 430 preceded by a subframe header 428 and, in some examples, followed by padding bits 432.
  • the MAC delimiter 412 may serve as a marker of the start of the associated MPDU 416 and indicate the length of the associated MPDU 416.
  • the MAC header 414 may include multiple fields containing information that defines or indicates characteristics or attributes of data encapsulated within the frame body.
  • the MAC header 414 includes a duration field indicating a duration extending from the end of the PPDU until at least the end of an acknowledgement (ACK) or Block ACK (BA) of the PPDU that is to be transmitted by the receiving wireless communication device.
  • the use of the duration field serves to reserve the wireless medium for the indicated duration and enables the receiving device to establish its network allocation vector (NAV).
  • NAV network allocation vector
  • the MAC header 414 also includes one or more fields indicating addresses for the data encapsulated within the frame body.
  • the MAC header 414 may include a combination of a source address, a transmitter address, a receiver address or a destination address.
  • the MAC header 414 may further include a frame control field containing control information.
  • the frame control field may specify a frame type, for example, a data frame, a control frame, or a management frame.
  • wireless communication between an AP 102 and an associated STA 104 can be secured.
  • an AP 102 or a STA 104 may establish a security key for securing wireless communication between itself and the other device and may encry pt the contents of the data and management frames using the security key.
  • the control frame and fields within the MAC header of the data or management frames, or both also may be secured either via encryption or via an integrity check (for example, by generating a MIC for one or more relevant fields.
  • Figure 5 shows an example signaling diagram 500 that supports secure control frames in wireless communications between a first wireless device, such as a wireless AP, and one or more second wireless devices, such as one or more wireless STAs.
  • the signaling diagram 500 may implement or be implemented to realize one or more aspects of the wireless communication network 100.
  • the signaling diagram 500 illustrates communications 505 between an AP 510 and one or more STAs, such as a STA 515-a and a STA 515-b, which may be examples of corresponding devices illustrated by and described with reference to Figure 1.
  • wireless devices may transmit a control frame 520 in response to an initiating control frame (such as in a trigger-based PPDU format), or the like.
  • a wireless device may transmit a control response frame (CRF).
  • CRF control response frame
  • BA frame which may be a CRF sent in response to a soliciting frame that is not a control frame
  • a soliciting frame may be an RTS frame, a trigger frame (and any variants of the trigger frame), a BAR frame, or the like.
  • the control frame 520 may include a frame control field 525 (two octets in this example), a duration or identification field 530 (two octets in this example), a receiver address (RA) field 535 (six octets in this example), a transmitter address (TA) field 540 (six octets in this example), one or more control information fields 545 (such as a common information field, a user information list, CMF, and padding, which may have a variable length), and a frame check sequence (FCS) field 550 (four octets in this example). In some implementations, these fields may include one or more subfields.
  • a CMF may be provided in the control information fields 545, which may include two or more portions of the CMF such as a first portion of the CMF 555 and a second portion of the CMF 560.
  • a padding field 565 may be provided prior to the FCS field 550.
  • the first portion of the CMF 555 in some examples, may be provided relatively early within the one or more control information fields 545.
  • a secure trigger frame may include the first portion of the CMF 555 after a common information field.
  • the second portion of the CMF 560 in some examples, may be provided later within the one or more control information fields 545 such as subsequent to a user information list and prior to padding bits in padding field 565.
  • control frame 520 may contain variable amounts of data or information to support communicating control information in addition to other information (such as information related to a TXOP).
  • the control frame may be sent as a single MP DU, such as an initial frame of a TXOP or during the TXOP.
  • control frame 520 may solicit a response with control feedback, which may be indicated by a bit in the control frame 520 or a reserved value of a TXOP sharing mode.
  • FIG. 6 shows an example of a CMF 600 usable for communications between wireless devices, such as a wireless AP and one or more wireless STAs.
  • the example CMF 600 may include a security key ID field 610 that includes a first number of octets (such as two octets) or a packet number 615 (such as an integrity group temporal key packet number (IPN) or a beacon integrity group temporal key packet number (BIPN)) that includes a second number of octets (such as 6 octets) in a first portion of the CMF 620.
  • IPN integrity group temporal key packet number
  • BIPN beacon integrity group temporal key packet number
  • the example CMF 600 also may include a second portion of the CMF 630 that includes a MIC value 625 that includes a third number of octets (such as eight or sixteen octets). It may be noted that the example CMF 600 has a structure similar to a management MIC information element (IE) that may be used to protect beacon frames. However, the present disclosure is not limited to the structure illustrated in Figure 6 and includes CMFs having other structures.
  • IE management MIC information element
  • the ID described herein may be conveyed in fields smaller than two octets, or as bits that are included in other fields of a frame.
  • the complete PN described herein may be split into a partial PN and a base PN, and the PN field of the CMFs described herein may convey the partial PN instead of the complete PN.
  • the wireless devices described herein may exchange the base PN occasionally (such as, regularly, in response to a request, or in response to a triggering event) and store the base PN for use (such as in calculations, transmissions, or verifying received packets).
  • the wireless devices described herein may include only a portion of a MIC in the second portion of the CMF 630 (such as a truncated integrity check).
  • the truncated integrity check may be a truncated portion of a Galois message authentication code (GMAC) output (such as the 28 or 32 least significant bits of the GMAC output or the 56 or 62 least significant bits of the GMAC Output), which may reduce the MIC value 625 to four octets or eight octets, and thereby reduce overhead relative to transmission of the full GMAC output.
  • GMAC Galois message authentication code
  • a receiving device may compare the truncated integrity check to the corresponding four octets or eight octets of an integrity check calculated at the receiving device based at least on the security key and other portions of the packet.
  • one or more portions of the CMF 605 may be provided in a user information field of a trigger frame is that is five octets long, although the same approach may be used for other control frames as well.
  • FIG. 7 shows example CMF locations 700 that supports secure control frames in wireless communications between wireless devices, such as a wireless AP and one or more wireless STAs.
  • a control frame 705 may include a frame control field 710, a duration or identification field 715, an RA field 720, a TA field 725, one or more control information fields 730, and an FCS field 735.
  • the control information field 730 may include multiple fields including an optional first control information subfield 740-a, a second control information subfield 740-b, a first portion of a CMF 745, a second portion of the CMF 750, and a padding field 755.
  • the locations of the first portion of the CMF 745 and the second portion of the CMF 750 may be provided within the control information at different areas.
  • the first portion of the CMF 745 may be CMF1 immediately after the common information field, or if the control frame includes a special user information field, the first portion of the CMF 745 may be placed immediately after the special user information field.
  • the protected control frame 705 is a BAR or BA frame
  • the first portion of the CMF 745 may be placed immediately after the BAR or BA control information.
  • the second portion of the CMF 750 may be located subsequent to one or more fields that are protected in the protected control frame 705.
  • the second portion of the CMF 750 may be located immediately prior to the padding field 755 (such as if the second portion of the CMF 750 is included as a user information field).
  • the second portion of the CMF 750 may be included as part of the padding field 755.
  • the padding field 755 may include an initial set of bits having a defined value (such as the first 12 bits set to all ones), and the second portion of the CMF 750 may be located subsequent to such an initial set of bits.
  • a receiving device may be able to make a relatively early determination on the location of the first portion of the CMF 745 and the second portion of the CMF 750.
  • the location of the second portion of the CMF 750 may be indicated in or prior to the first portion of the CMF 745.
  • a padding duration after the second portion of the CMF 750 remains the same (or slowly changes) and is advertised via a management frame (such as in a UHR operation element); or can be signaled in or prior to the first portion of the CMF 745.
  • Such locations of the CMF may allow for decoding of the control frames at receiving devices that do not support security of such frames by preserving the control frame structure, in which the PN and encr ption key ID may be part of a security header and MIC may be at the end of the control information field 730.
  • uplink M-BA frames, compressed BlockAck (C-BA) frames, multi-traffic identifiers (TID) BAR frames, and compressed BAR (C- BAR) frames may be modified to provide an AID indication.
  • an AID field may be provided as part of MPDUs with secure MAC headers.
  • MPDUs that solicit protected control frames may only be carried in UHR PPDUs in which the PHY header of UHR PPDUs is expected to contain the transmitter ID in the U-SIG/SIG-A.
  • an indication of the AID may not be needed for all frames but only for frames that are generated by non-AP STAs, and that solicit protected responses, and in some examples the soliciting frame can contain a bit that indicates solicitation of protected control frames.
  • the first wireless device 905 may transmit a first control frame in response to receiving the data message.
  • the first control frame may be a first BA control frame and may be secured in accordance with techniques discussed herein.
  • the first BA control frame may include, for example, a CMF to be used for verification of the first BA control frame.
  • the second wireless device 910 may verify frame validity of the first control frame.
  • the second wireless device 910 may generate an integrity check on one or more fields of the first control frame and compare at least a portion of the generated integrity check to a corresponding MIC (or portion of a MIC) provided in a CMF within the first control frame. If the compared integrity checks match, the first control frame is further processed, and otherwise the first control frame is discarded.
  • the first wireless device 905 may receive a second control frame from the second wireless device 910.
  • the second control frame may be the second BA control frame.
  • the second control frame may include second control information (such as second BA control information) based on the first control feedback field indicating the request (soliciting a response).
  • the second control frame may be secured in accordance with techniques discussed herein.
  • the second BA control frame may include, for example, a CMF to be used for verification of the second BA control frame.
  • the first wireless device 905 may verify frame validity of the second control frame.
  • the first wireless device 905 may generate an integrity check on one or more fields of the second control frame and compare at least a portion of the generated integrity check to a corresponding MIC (or portion of a MIC) provided in a CMF within the second control frame. If the compared integrity checks match, the second control frame may be further processed, and otherwise the second control frame may be discarded.
  • Figure 10 shows an example of a process flow 1000 that supports secure control frames in wireless communications between a first wireless device and a second wireless device.
  • the process flow 1000 may implement, or be implemented by, one or more aspects of the wireless communications system that uses secure control frames as described with reference to Figures 1-8.
  • the operations may be performed (such as reported or provided) in a different order than the order shown, or the operations performed by the example devices may be performed in different orders or at different times. For example, specific operations also may be left out of the process flow 1000. or other operations may be added to the process flow 1000. Further, although some operations or signaling may be shown to occur at different times for discussion purposes, these operations may actually occur at the same time.
  • the first wireless device 1005 may receive, from the second wireless device 1010, a second control frame, such as a response frame responsive to the first control frame.
  • the second control frame may be generated in accordance with a request for the first wireless device 1005 to respond with the second control frame indicating whether the first control frame was successfully received.
  • the second control frame may not be transmitted if the first control frame does not solicit a response for the second wireless device 1010.
  • the second control frame may be secured in accordance with techniques discussed herein.
  • the second control frame may include, for example, a CMF to be used for verification of the first control frame.
  • the first wireless device 1005 may verify frame validity' of the second control frame.
  • the first wireless device 1005 may generate an integrity check on one or more fields of the second control frame and compare at least a portion of the generated integrity check to a corresponding MIC (or portion of a MIC) provided in a CMF within the second control frame. If the compared integrity checks match, the second control frame may be further processed, and otherwise the second control frame may be discarded.
  • FIG 11 shows a block diagram of an example wireless communication device 1100 that supports secure control frames in wireless communications.
  • the wireless communication device 1100 is configured to perform the processes 1300, 1400, 1600, 1700, 1800, and 2000 described with reference to Figures 13, 14, 16, 17, 18, and 20, respectively.
  • the wireless communication device 1100 may include one or more chips, SoCs, chipsets, packages, components or devices that individually or collectively constitute or include a processing system.
  • the processing system may interface with other components of the wireless communication device 1100, and may generally process information (such as inputs or signals) received from such other components and output information (such as outputs or signals) to such other components.
  • an example chip may include a processing system, a first interface to output or transmit information and a second interface to receive or obtain information.
  • the first interface may refer to an interface between the processing system of the chip and a transmission component, such that the wireless communication device 1100 may transmit the information output from the chip.
  • the second interface may refer to an interface between the processing system of the chip and a reception component, such that the wireless communication device 1100 may receive information that is passed to the processing system.
  • the first interface also may obtain information, such as from the transmission component, and the second interface also may output information, such as to the reception component.
  • the processing system of the wireless communication device 1100 includes processor (or “processing”) circuitry in the form of one or multiple processors, microprocessors, processing units (such as central processing units (CPUs), graphics processing units (GPUs), neural processing units (NPUs) (also referred to as neural network processors or deep learning processors (DLPs)), or digital signal processors (DSPs)), processing blocks, application-specific integrated circuits (ASIC), programmable logic devices (PLDs) (such as field programmable gate arrays (FPGAs)), or other discrete gate or transistor logic or circuitry (all of which may be generally referred to herein individually as “processors” or collectively as “the processor” or “the processor circuitry”).
  • processors may be individually or collectively configurable or configured to perform various functions or operations described herein.
  • the processing system may further include memory circuitry in the form of one or more memory devices, memory blocks, memory elements or other discrete gate or transistor logic or circuitry, each of which may include tangible storage media such as random-access memory (RAM) or read-only memory (ROM), or combinations thereof (all of which may be generally referred to herein individually as “memories” or collectively as “the memory” or “the memory circuitry”).
  • RAM random-access memory
  • ROM read-only memory
  • One or more of the memories may be coupled with one or more of the processors and may individually or collectively store processor-executable code that, when executed by one or more of the processors, may configure one or more of the processors to perform various functions or operations described herein.
  • one or more of the processors may be preconfigured to perform various functions or operations described herein without requiring configuration by software.
  • the processing system may further include or be coupled with one or more modems (such as a Wi-Fi (for example, IEEE compliant) modem or a cellular (for example, 3 GPP 4G LTE. 5G or 6G compliant) modem).
  • one or more processors of the processing system include or implement one or more of the modems.
  • the processing system may further include or be coupled with multiple radios (collectively “the radio”), multiple RF chains or multiple transceivers, each of which may in turn be coupled with one or more of multiple antennas.
  • one or more processors of the processing system include or implement one or more of the radios, RF chains or transceivers.
  • the wireless communication device 1100 can be configurable or configured for use in an AP, such as the AP 102 described with reference to Figure 1.
  • the wireless communication device 1100 can be an AP that includes such a processing system and other components including multiple antennas.
  • the wireless communication device 1100 is capable of transmitting and receiving wireless communications in the form of, for example, wireless packets.
  • the wireless communication device 1100 can be configurable or configured to transmit and receive packets in the form of physical layer PPDUs and MPDUs conforming to one or more of the IEEE 802. 11 family of wireless communication protocol standards.
  • the wireless communication device 1100 can be configurable or configured to transmit and receive signals and communications conforming to one or more 3GPP specifications including those for 5GNR or 6G.
  • the wireless communication device 1100 also includes or can be coupled with one or more application processors which may be further coupled with one or more other memories.
  • the wireless communication device 1100 further includes at least one external network interface coupled with the processing system that enables communication with a core network or backhaul network that enables the wireless communication device 1100 to gain access to external networks including the Internet.
  • the wireless communication device 1100 includes an CMF component 1125. a validation component 1130, and a frame manager 1135. Portions of one or more of the CMF component 1125, the validation component 1130, and the frame manager 1135 may be implemented at least in part in hardware or firmware. For example, one or more of the CMF component 1125, the validation component 1130, and the frame manager 1135 may be implemented at least in part by at least a processor or a modem. In some examples, portions of one or more of the CMF component 1125, the validation component 1130, and the frame manager 1135 may be implemented at least in part by a processor and software in the form of processor-executable code stored in memory.
  • the wireless communication device 1100 may support wireless communications in accordance with examples as disclosed herein.
  • the CMF component 1125 is configurable or configured to obtain a control frame including a first portion of a CMF and a second portion of the CMF, the first portion of the CMF including an ID of a security key and a partial PN, and the second portion of the CMF including a truncated first integrity check.
  • the partial PN included in the CMF is combined with a base PN associated with the control frame to obtain a full PN associated with the control frame, and where the second integrity check is based on the full PN.
  • a quantify of bits in the partial PN is based on a frame type of the control frame.
  • the wireless communication device 1100 may support wireless communications in accordance with examples as disclosed herein.
  • the CMF component 1125 is configurable or configured to obtain a frame including a CMF including an AID, an ID of a security key, a PN indication, and a first integrity check, where the AID is different than a medium access control address associated with the frame.
  • the validation component 1130 is configurable or configured to verify a validity of the frame, based on a comparison of the first integrity check and a second integrity check, where the second integrity check is based on at least the security key and the PN indication associated with the AID.
  • the CMF component 1125 is configurable or configured to obtain a control frame including a CMF and a set of multiple padding bits prior to an end-of- frame field, where a quantity of the set of multiple padding bits is based on whether the control frame is a secure control frame and, when the control frame is a secure control frame, a type of security associated with the control frame.
  • the validation component 1130 is configurable or configured to decode the control frame in accordance with the quantity of the set of multiple padding bits.
  • the validation component 1130 is configurable or configured to verily a validity of the control frame, based on a comparison of a first integrity 7 check included in the CMF and a second integrity 7 check, where the second integrity check is based on at least a security key indicated in the CMF. a PN indicated in the CMF, and one or more portions of the control frame.
  • unsecured control frames include a first quantity of padding bits that is smaller than a second quantity' of padding bits associated with secured control frames.
  • the secured control frames that are unencrypted include the second quantity of padding bits, and where the second quantity 7 of padding bits is smaller than a third quantity of padding bits associated with encrypted secured control frames.
  • the truncated integrity check includes a subset of bits of an authentication code output that is based on at least the security key, the partial PN, and the one or more portions of the control frame.
  • a validity of each of multiple different types on control frames is verified based on partial PNs and truncated first integrity checks.
  • the AID is provided in one or more MPDUs with secure MAC headers that solicit protected control frames.
  • the MPDUs that solicit protected control frames are earned in UHR PPDUs.
  • the AID is provided in one or more frames that are generated by non-access point stations that solicit protected control frames.
  • the one or more frames that solicit protected control frames include an indication that protected control frames are requested.
  • the wireless communication device 1100 may support wireless communications in accordance with examples as disclosed herein.
  • the CMF component 1125 is configurable or configured to generate a control frame including a CMF and a set of multiple padding bits prior to an end-of- frame field, where a quantity of the set of multiple padding bits is based on whether the control frame is a secure control frame and, when the control frame is a secure control frame, a type of security associated with the control frame.
  • the frame manager 1135 is configurable or configured to output the control frame for transmission.
  • the CMF field includes an integrity check based on at least a security key indicated in the CMF, a PN indicated in the CMF, and one or more portions of the control frame.
  • unsecured control frames include a first quantity of padding bits that is smaller than a second quantity of padding bits associated with secured control frames.
  • the secured control frames that are unencrypted include the second quantity of padding bits, and where the second quantity of padding bits is smaller than a third quantity of padding bits associated with encrypted secured control frames.
  • FIG 12 shows a block diagram of an example wireless communication device 1200 that supports secure control frames in wireless communications.
  • the wireless communication device 1200 is configured to perform the processes 1300, 1400, 1500, 1600, 1700, 1800, 1900, and 2000 described with reference to Figures 13, 14, 15, 16, 17, 18, 19, and 20, respectively.
  • the wireless communication device 1200 may include one or more chips, SoCs, chipsets, packages, components or devices that individually or collectively constitute or include a processing system.
  • the processing system may interface with other components of the wireless communication device 1200, and may generally process information (such as inputs or signals) received from such other components and output information (such as outputs or signals) to such other components.
  • an example chip may include a processing system, a first interface to output or transmit information and a second interface to receive or obtain information.
  • the first interface may refer to an interface between the processing system of the chip and a transmission component, such that the wireless communication device 1200 may transmit the information output from the chip.
  • the second interface may refer to an interface between the processing system of the chip and a reception component, such that the wireless communication device 1200 may receive information that is passed to the processing system.
  • the first interface also may obtain information, such as from the transmission component, and the second interface also may output information, such as to the reception component.
  • the processing system of the wireless communication device 1200 includes processor (or “processing”) circuitry in the form of one or multiple processors, microprocessors, processing units (such as CPUs, GPUs, NPUs (also referred to as neural network processors or DLPs), or DSPs), processing blocks, ASIC.
  • PLDs such as FPGAs
  • processors may be individually or collectively configurable or configured to perform various functions or operations described herein.
  • the processing system may further include memory circuitry in the form of one or more memory devices, memory blocks, memory elements or other discrete gate or transistor logic or circuitry', each of which may include tangible storage media such as RAM or ROM, or combinations thereof (all of which may be generally referred to herein individually as “memories” or collectively as “the memory” or “the memory circuitry”).
  • One or more of the memories may be coupled with one or more of the processors and may individually or collectively store processor-executable code that, when executed by one or more of the processors, may configure one or more of the processors to perform various functions or operations described herein.
  • the wireless communication device 1200 can be configurable or configured for use in a STA, such as the STA 104 described with reference to Figure 1.
  • the wireless communication device 1200 can be a STA that includes such a processing system and other components including multiple antennas.
  • the wireless communication device 1200 is capable of transmitting and receiving wireless communications in the form of, for example, wireless packets.
  • the wireless communication device 1200 can be configurable or configured to transmit and receive packets in the form of physical layer PPDUs and MPDUs conforming to one or more of the IEEE 802.11 family of wireless communication protocol standards.
  • the wireless communication device 1200 may support wireless communications in accordance with examples as disclosed herein.
  • the CMF component 1225 is configurable or configured to obtain a control frame including a first portion of a CMF and a second portion of the CMF.
  • the first portion of the CMF including an ID of a security key and a partial PN, and the second portion of the CMF including a truncated first integrity check.
  • the partial PN included in the CMF is combined with a base PN associated with the control frame to obtain a full PN associated with the control frame, and where the second integrity check is based on the full PN.
  • a quantity of bits in the partial PN is based on a frame type of the control frame.
  • the second integrity check is truncated to include a subset of bits of an authentication code output that is based on at least the security key, the partial PN, and the one or more portions of the control frame.
  • the validity of each of multiple different types on control frames is verified based on partial PNs and truncated first integrity checks.
  • the first portion of the CMF is provided at a first deterministic location within a control information portion of the control frame that is located prior to one or more fields that are protected by the truncated first integrity check
  • the second portion of the CMF is provided at a second deterministic location within the control information portion of the control frame that is located subsequent to the one or more fields that are protected by the truncated first integrity check.
  • the first portion of the CMF is placed before or after one or more information fields within the control information portion based on a frame type of the control frame.
  • the second portion of the CMF is included as a user information field within the control information portion that is located prior to a set of multiple padding bits located at an end of the control information portion, or the second portion of the CMF is included within the set of multiple padding bits.
  • the second portion of the CMF is included within the control information portion at a location that is specified with or prior to the first portion of the CMF.
  • a quantity of padding bits subsequent to the second portion of the CMF is a fixed value that is advertised via one or more management frames, or is a value that is signaled prior to the first portion of the CMF.
  • the wireless communication device 1200 may support wireless communications in accordance with examples as disclosed herein.
  • the CMF component 1225 is configurable or configured to obtain a frame including a CMF including an AID, an ID of a security key, a PN indication, and a first integrity check, where the AID is different than a medium access control address associated with the frame.
  • the validation component 1230 is configurable or configured to verify a validity of the frame, based on a comparison of the first integrity check and a second integrity check, where the second integrity check is based on at least the security' key and the PN indication associated wi th the AID.
  • the frame is a trigger frame, a block acknowledgment frame, or block acknowledgment request frame.
  • the AID is provided in one or more MPDUs with secure MAC headers that solicit protected control frames.
  • the MPDUs that solicit protected control frames are carried in UHR PPDUs.
  • the AID is provided in one or more frames that are generated by non-access point stations that solicit protected control frames.
  • the one or more frames that solicit protected control frames include an indication that protected control frames are requested.
  • control frame is a group control frame or an individual control frame, and where group control frames are secured with the GTK in accordance with the GTK mode or the PTK mode, and individual control frames are secured with the PTK in accordance with the PTK mode or the GTK in accordance with the GTK mode.
  • the indication that one of the GTK mode or the PTK mode is configured for the control frame security is a dynamic indication that provides for dynamic switching between the GTK mode and the PTK mode.
  • the indication that one of the GTK mode or the PTK mode is configured for the control frame security is obtained from a UHR operation element.
  • the wireless communication device 1200 may support wireless communications in accordance with examples as disclosed herein.
  • the CMF component 1225 is configurable or configured to obtain a control frame including a CMF and a set of multiple padding bits prior to an end-of- frame field, where a quantity of the set of multiple padding bits is based on w hether the control frame is a secure control frame and, when the control frame is a secure control frame, a type of security associated with the control frame.
  • the validation component 1230 is configurable or configured to decode the control frame in accordance with the quantity of the set of multiple padding bits.
  • the validation component 1230 is configurable or configured to verify a validity of the control frame, based on a comparison of a first integrity check included in the CMF and a second integrity check, where the second integrity check is based on at least a security key indicated in the CMF. a PN indicated in the CMF, and one or more portions of the control frame.
  • unsecured control frames include a first quantity’ of padding bits that is smaller than a second quantity of padding bits associated with secured control frames.
  • the secured control frames that are unencrypted include the second quantity of padding bits, and where the second quantity of padding bits is smaller than a third quantity of padding bits associated with encrypted secured control frames.
  • the partial PN included in the CMF is combined with a base PN associated with the control frame to provide a full PN associated with the control frame, and where the truncated integrity check includes a subset of bits of a full integrity check based on the full PN.
  • a quantity of bits in the partial PN is based on a frame type of the control frame.
  • the truncated integrity check includes a subset of bits of an authentication code output that is based on at least the security key, the partial PN, and the one or more portions of the control frame.
  • a validity of each of multiple different types on control frames is verified based on partial PNs and truncated first integrity checks.
  • the first portion of the CMF is provided at a first deterministic location within a control information portion of the control frame that is located prior to one or more fields that are protected by the truncated integrity check
  • the second portion of the CMF is provided at a second deterministic location within the control information portion of the control frame that is located subsequent to the one or more fields that are protected by the truncated integrity check.
  • the wireless communication device 1200 may support wireless communications in accordance with examples as disclosed herein.
  • the CMF component 1225 is configurable or configured to generate a frame including a CMF including an AID, an ID of a security key, a PN indication, and a first integrity check, where the AID is different than a medium access control address associated with the frame, and where the first integrity check is based on at least the security key and the PN indication associated with the AID.
  • the frame manager 1235 is configurable or configured to output the frame for transmission.
  • the apparatus may verify a validity of the control frame, based on a comparison of the truncated first integrity check and a second integrity check, where the second integrity check is based on at least the security key, a partial PN associated with the control frame, and one or more portions of the control frame, and the second integrity check is truncated corresponding to the truncated first integrity check.
  • the operations of block 1310 may be performed in accordance with examples as disclosed herein. In some implementations, aspects of the operations of block 1310 may be performed by a validation component 1130 or a validation component 1230 as described with reference to Figures 11 and 12.
  • FIG 14 shows a flowchart illustrating an example process 1400 performable by or at an apparatus that supports secure control frames in wireless communications.
  • the operations of the process 1400 may be implemented by an apparatus or its components as described herein.
  • the process 1400 may be performed by a wireless communication device, such as the wireless communication device 1100 described with reference to Figure 11, operating as or within a wireless AP or a wireless STA.
  • the process 1400 may be performed by a wireless AP or a wireless STA, such as one of the APs 102 or the STAs 104 described with reference to Figure 1.
  • the apparatus may obtain a frame including a CMF including an AID, an ID of a security key, a PN indication, and a first integrity' check, where the AID is different than a medium access control address associated with the frame.
  • the operations of block 1405 may be performed in accordance with examples as disclosed herein. In some implementations, aspects of the operations of block 1405 may be performed by an CMF component 1125 or an CMF component 1225 as described with reference to Figures 11 and 12.
  • the apparatus may verity' a validity of the frame, based on a comparison of the first integrity check and a second integrity check, where the second integrity check is based on at least the security key and the PN indication associated with the AID.
  • the operations of block 1410 may be performed in accordance with examples as disclosed herein. In some implementations, aspects of the operations of block 1410 may be performed by a validation component 1130 or a validation component 1230 as described with reference to Figures 11 and 12.
  • FIG. 15 shows a flowchart illustrating an example process 1500 performable by or at an apparatus that supports secure control frames in wireless communications.
  • the operations of the process 1500 may be implemented by an apparatus or its components as described herein.
  • the process 1500 may be performed by a wireless communication device, such as the wireless communication device 1200 described with reference to Figure 12, operating as or within a wireless STA.
  • the process 1500 may be performed by a wireless STA, such as one of the STAs 104 described with reference to Figure 1.
  • the apparatus may output the control frame for transmission.
  • the operations of block 1710 may be performed in accordance with examples as disclosed herein. In some implementations, aspects of the operations of block 1710 may be performed by a frame manager 1135 or a frame manager 1235 as described with reference to Figures 11 and 12.
  • FIG 18 shows a flowchart illustrating an example process 1800 performable by or at an apparatus that supports secure control frames in wireless communications.
  • the operations of the process 1800 may be implemented by an apparatus or its components as described herein.
  • the process 1800 may be performed by a wireless communication device, such as the wireless communication device 1100 described with reference to Figure 11, operating as or within a wireless AP or a wireless STA.
  • the process 1800 may be performed by a wireless AP or a wireless STA, such as one of the APs 102 or the STAs 104 described with reference to Figure 1.
  • the apparatus may generate a frame including a CMF including an AID, an ID of a security key, a PN indication, and a first integrity check, where the AID is different than a medium access control address associated with the frame, and where the first integrity check is based on at least the security key and the PN indication associated with the AID.
  • the operations of block 1805 may be performed in accordance with examples as disclosed herein. In some implementations, aspects of the operations of block 1805 may be performed by an CMF component 1 125 or an CMF component 1225 as described with reference to Figures 11 and 12.
  • the apparatus may output the frame for transmission.
  • the operations of block 1810 may be performed in accordance with examples as disclosed herein. In some implementations, aspects of the operations of block 1810 may be performed by a frame manager 1135 or a frame manager 1235 as described with reference to Figures 11 and 12.
  • the apparatus may obtain an indication that one of a GTK mode or a PTK mode is configured for control frame security.
  • the operations of block 1905 may be performed in accordance with examples as disclosed herein. In some implementations, aspects of the operations of block 1905 may be performed by a validation component 1230 as described with reference to Figure 12.
  • the apparatus may generate a control frame including a CMF including a security key ID. a PN indication, and a first integrity check, where the first integrity check is computed based on a GTK or a PTK in accordance with the indication of the GTK mode or the PTK mode.
  • the operations of block 1910 may be performed in accordance with examples as disclosed herein. In some implementations, aspects of the operations of block 1910 may be performed by an CMF component 1225 as described with reference to Figure 12.
  • the apparatus may output the control frame for transmission.
  • the operations of block 1915 may be performed in accordance with examples as disclosed herein. In some implementations, aspects of the operations of block 1915 may be performed by a frame manager 1235 as described with reference to Figure 12.
  • the apparatus may generate a control frame including a CMF and a set of multiple padding bits prior to an end-of-frame field, where a quantity of the set of multiple padding bits is based on whether the control frame is a secure control frame and, when the control frame is a secure control frame, a type of security associated with the control frame.
  • the operations of block 2005 may be performed in accordance with examples as disclosed herein. In some implementations. aspects of the operations of block 2005 may be performed by an CMF component 1125 or an CMF component 1225 as described with reference to Figures 11 and 12.
  • the apparatus may output the control frame for transmission.
  • the operations of block 2010 may be performed in accordance with examples as disclosed herein. In some implementations, aspects of the operations of block 2010 may be performed by a frame manager 1135 or a frame manager 1235 as described with reference to Figures 11 and 12.
  • a method for wireless communications including: obtaining a control frame including a first portion of a CMF and a second portion of the CMF, the first portion of the CMF including an ID of a security key and the second portion of the CMF including a truncated first integrity check; and verifying a validity of the control frame, based on a comparison of the truncated first integrity check and a second integrity check, where the second integrity check is based on at least the security key, a partial PN associated with the control frame, and one or more portions of the control frame, and the second integrity’ check is truncated corresponding to the truncated first integrity check.
  • Clause 3 The method of any of clauses 1-2, where a quantity of bits in the partial PN is based on a frame type of the control frame.
  • Clause 4 The method of any of clauses 1-3, where the second integritycheck is truncated to include a subset of bits of an authentication code output that is based on at least the security key, the partial PN, and the one or more portions of the control frame.
  • Clause 7 The method of clause 6, where the first portion of the CMF is placed before or after one or more information fields within the control information portion based on a frame type of the control frame.
  • Clause 8 The method of any of clauses 6-7, where the second portion of the CMF is included as a user information field within the control information portion that is located prior to a plurality of padding bits located at an end of the control information portion, or the second portion of the CMF is included within the plurality of padding bits.
  • Clause 10 The method of any of clauses 6-9, where a quantity of padding bits subsequent to the second portion of the CMF is a fixed value that is advertised via one or more management frames, or is a value that is signaled prior to the first portion of the CMF.
  • a method for wireless communications including: obtaining a frame including a CMF including an AID, an ID of a security key, a PN indication, and a first integrity check, where the AID is different than a medium access control address associated with the frame; and verifying a validity of the frame, based on a comparison of the first integrity check and a second integrity check, where the second integrity check is based on at least the security' key and the PN indication associated with the AID.
  • Clause 12 The method of clause 1 1 , where the frame is a trigger frame, a block acknowledgment frame, or block acknowledgment request frame.
  • Clause 13 The method of any of clauses 11-12, where the AID is provided in one or more MPDUs with secure MAC headers that solicit protected control frames.
  • Clause 16 The method of clause 15, where the one or more frames that solicit protected control frames include an indication that protected control frames are requested.
  • a method for wireless communications including: obtaining an indication that one of a GTK mode or a PTK mode is configured for control frame security; generating a control frame including a CMF including a security' key ID, a PN indication, and a first integrity check, where the first integrity check is computed based on a GTK or a PTK in accordance w ith the indication of the GTK mode or the PTK mode; and outputting the control frame for transmission.
  • Clause 18 The method of clause 17, where the control frame is a group control frame or an individual control frame, and where group control frames are secured with the GTK in accordance with the GTK mode or the PTK mode, and individual control frames are secured with the PTK in accordance with the PTK mode or the GTK in accordance w ith the GTK mode.
  • Clause 19 The method of any of clauses 17-18, where the indication that one of the GTK mode or the PTK mode is configured for the control frame security is a dynamic indication that provides for dynamic switching between the GTK mode and the PTK mode.
  • Clause 20 The method of clause 19, where the indication that one of the GTK mode or the PTK mode is configured for the control frame security is obtained from a UHR operation element.
  • Clause 21 A method for wireless communications, including: obtaining a control frame including a CMF and a plurality of padding bits prior to an end-of-frame field, where a quantity of the plurality of padding bits is based on whether the control frame is a secure control frame and, when the control frame is a secure control frame, a ty pe of security- associated with the control frame; and decoding the control frame in accordance with the quantity' of the plurality’ of padding bits.
  • Clause 23 The method of clause 22, where first frames soliciting unsecured control frames include a first quantity of padding bits that is smaller than a second quantity of padding bits included within second frames soliciting secured control frames.
  • Clause 26 The method of clause 25, where the secured control frames that are unencrypted include the second quantity of padding bits, and where the second quantity of padding bits is smaller than a third quantity of padding bits associated with encry pted secured control frames.
  • a method for wireless communications including: generating a control frame including a first portion of a CMF and a second portion of the CMF, the first portion of the CMF including an ID of a security key and the second portion of the CMF including a truncated integrity check, where the truncated integrity check is based on at least the security key, a partial PN associated with the control frame, and one or more portions of the control frame; and outputting the control frame for transmission.
  • Clause 28 The method of clause 27, where the CMF includes the partial PN, where the partial PN included in the CMF is combined with a base PN associated with the control frame to provide a full PN associated with the control frame, and where the truncated integrity check includes a subset of bits of a full integrity check based on the full PN.
  • Clause 30 The method of any of clauses 27-29. where the truncated integrity check includes a subset of bits of an authentication code output that is based on at least the security key, the partial PN, and the one or more portions of the control frame.
  • Clause 31 The method of any of clauses 27-30, where a validity of each of multiple different types on control frames is verified based on partial PNs and truncated first integrity checks.
  • Clause 32 The method of any of clauses 27-31, where the first portion of the CMF includes the partial PN; and where the first portion of the CMF is provided at a first deterministic location within a control information portion of the control frame that is located prior to one or more fields that are protected by the truncated integrity check, and the second portion of the CMF is provided at a second deterministic location within the control information portion of the control frame that is located subsequent to the one or more fields that are protected by the truncated integrity check.
  • Clause 33 The method of clause 32, where the first portion of the CMF is placed before or after one or more information fields within the control information portion based on a frame type of the control frame.
  • Clause 40 The method of clause 39, where the MPDUs that solicit protected control frames are carried in UHR PPDUs.
  • Clause 41 The method of any of clauses 37-40. where the AID is provided in one or more frames that are generated by non-access point stations that solicit protected control frames.
  • Clause 42 The method of clause 41, where the one or more frames that solicit protected control frames include an indication that protected control frames are requested.
  • Clause 50 The method of clause 47-49, where the CMF field includes an integrity check based on at least a security key indicated in the CMF, a PN indicated in the CMF. and one or more portions of the control frame.
  • Clause 52 The method of clause 51, where the secured control frames that are unencry pted include the second quantity of padding bits, and where the second quantity of padding bits is smaller than a third quantity of padding bits associated with encrypted secured control frames.
  • Clause 54 An apparatus for wireless communications, including one or more memories storing processor-executable code, and one or more processors coupled with the one or more memories and individually or collectively operable to execute the code to cause the apparatus to perform a method of any of clauses 1-10.
  • Clause 56 A non-transitory computer-readable medium storing code for wireless communications, the code including instructions executable by one or more processors to perform a method of any of clauses 1-10.
  • Clause 57 An apparatus for wireless communications, including a processing system that includes processor circuitry and memory’ circuitry that stores code, the processing system configured to cause the apparatus to perform a method of any of clauses 11-16.
  • Clause 58 An apparatus for wireless communications, including one or more memories storing processor-executable code, and one or more processors coupled with the one or more memories and individually or collectively operable to execute the code to cause the apparatus to perform a method of any of clauses 11-16.
  • Clause 59 An apparatus for wireless communications, including at least one means for performing a method of any of clauses 11-16.
  • Clause 60 A non-transitory computer-readable medium storing code for wireless communications, the code including instructions executable by one or more processors to perform a method of any of clauses 11-16.
  • Clause 61 An apparatus for wireless communications, including a processing system that includes processor circuitry and memory circuitry that stores code, the processing system configured to cause the apparatus to perform a method of any of clauses 17-20.
  • Clause 62 An apparatus for wireless communications, including one or more memories storing processor-executable code, and one or more processors coupled with the one or more memories and individually or collectively operable to execute the code to cause the apparatus to perform a method of any of clauses 17-20.
  • Clause 64 A non-transitory computer-readable medium storing code for wireless communications, the code including instructions executable by one or more processors to perform a method of any of clauses 17-20.
  • Clause 65 An apparatus for wireless communications, including a processing system that includes processor circuitry and memory' circuitry' that stores code, the processing system configured to cause the apparatus to perform a method of any of clauses 21-26.
  • Clause 66 An apparatus for wireless communications, including one or more memories storing processor-executable code, and one or more processors coupled with the one or more memories and individually or collectively operable to execute the code to cause the apparatus to perform a method of any of clauses 21-26.
  • Clause 67 An apparatus for wireless communications, including at least one means for performing a method of any of clauses 21-26.
  • Clause 68 A non-transitory computer-readable medium storing code for wireless communications, the code including instructions executable by one or more processors to perform a method of any of clauses 21-26.
  • Clause 69 An apparatus for wireless communications, including a processing system that includes processor circuitry and memory circuitry that stores code, the processing system configured to cause the apparatus to perform a method of any of clauses 27-36.
  • Clause 70 An apparatus for wireless communications, including one or more memories storing processor-executable code, and one or more processors coupled with the one or more memories and individually or collectively operable to execute the code to cause the apparatus to perform a method of any of clauses 27-36.
  • Clause 71 An apparatus for wireless communications, including at least one means for performing a method of any of clauses 27-36.
  • Clause 72 A non-transitory computer-readable medium storing code for wireless communications, the code including instructions executable by one or more processors to perform a method of any of clauses 27-36.
  • Clause 73 An apparatus for wireless communications, including a processing system that includes processor circuitry and memory circuitry that stores code, the processing system configured to cause the apparatus to perform a method of any of clauses 37-42.
  • Clause 77 An apparatus for wireless communications, including a processing system that includes processor circuitry and memory circuitry that stores code, the processing system configured to cause the apparatus to perform a method of any of clauses 43-46.
  • Clause 78 An apparatus for wireless communications, including one or more memories storing processor-executable code, and one or more processors coupled with the one or more memories and individually or collectively operable to execute the code to cause the apparatus to perform a method of any of clauses 43-46.
  • Clause 79 An apparatus for wireless communications, including at least one means for performing a method of any of clauses 43-46.
  • Clause 80 A non-transitory' computer-readable medium storing code for wireless communications, the code including instructions executable by one or more processors to perform a method of any of clauses 43-46.
  • Clause 81 An apparatus for wireless communications, including a processing system that includes processor circuitry and memory' circuitry' that stores code, the processing system configured to cause the apparatus to perform a method of any of clauses 47-52.
  • Clause 82 An apparatus for wireless communications, including one or more memories storing processor-executable code, and one or more processors coupled with the one or more memories and individually or collectively operable to execute the code to cause the apparatus to perform a method of any of clauses 47-52.
  • Clause 83 An apparatus for wireless communications, including at least one means for performing a method of any of clauses 47-52.
  • Clause 84 A non-transitory computer-readable medium storing code for wireless communications, the code including instructions executable by one or more processors to perform a method of any of clauses 47-52.
  • the term “determine” or “determining” encompasses a wide variety of actions and, therefore, “determining” can include calculating, computing, processing, deriving, estimating, investigating, looking up (such as via looking up in a table, a database, or another data structure), inferring, ascertaining, or measuring. among other possibilities. Also, “determining” can include receiving (such as receiving information), accessing (such as accessing data stored in memory) or transmitting (such as transmitting information), among other possibilities. Additionally, “determining” can include resolving, selecting, obtaining, choosing, establishing and other such similar actions.
  • a phrase referring to “at least one of’ or “one or more of’ a list of items refers to any combination of those items, including single members.
  • “at least one of: a, b, or c” is intended to cover: a, b, c, a-b, a-c, b-c, and a-b-c.
  • “or” is intended to be interpreted in the inclusive sense, unless otherwise explicitly indicated. For example, “a or b” may include a only, b only, or a combination of a and b.
  • a phrase referring to “a” or “an” element refers to one or more of such elements acting individually or collectively to perform the recited function(s). Additionally, a “set” refers to one or more items, and a “subset” refers to less than a whole set, but non-empty.
  • based on is intended to be interpreted in the inclusive sense, unless otherwise explicitly indicated. For example, “based on” may be used interchangeably with “based at least in part on,” “associated with,” “in association with,” or “in accordance with” unless otherwise explicitly indicated. Specifically, unless a phrase refers to “based on only ‘a,’” or the equivalent in context, whatever it is that is “based on 'a,’” or “based at least in part on ‘a,’” may be based on “a” alone or based on a combination of “a” and one or more other factors, conditions, or information.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente divulgation concerne des procédés, des composants, des dispositifs et des systèmes pour des trames de service sécurisées dans des communications sans fil. Certains aspects concernent plus spécifiquement la sécurité pour des trames de service sur la base d'un ou de plusieurs champs inclus dans les trames de service. Dans certains exemples, une trame est transmise avec un champ de contrôle d'intégrité de message (MIC) de contrôle (CMF) qui comprend un identifiant d'une clé de sécurité, au moins une partie d'un numéro de paquet (PN), et au moins une partie d'un contrôle d'intégrité calculé sur la base d'une ou de plusieurs parties de la trame comprenant les informations de contrôle et la clé de sécurité. La CMF peut être transmise en parties séparées, telles qu'une première partie du CMF qui comprend l'identifiant de la clé de sécurité et au moins la partie du PN, et une seconde partie de la CMF qui comprend au moins une partie tronquée du contrôle d'intégrité.
PCT/US2024/061433 2024-01-11 2024-12-20 Trames de service sécurisées dans des communications sans fil Pending WO2025151279A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202441002125 2024-01-11
IN202441002125 2024-01-11

Publications (2)

Publication Number Publication Date
WO2025151279A2 true WO2025151279A2 (fr) 2025-07-17
WO2025151279A3 WO2025151279A3 (fr) 2025-10-23

Family

ID=94386514

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2024/061433 Pending WO2025151279A2 (fr) 2024-01-11 2024-12-20 Trames de service sécurisées dans des communications sans fil

Country Status (1)

Country Link
WO (1) WO2025151279A2 (fr)

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118870490A (zh) * 2017-06-15 2024-10-29 松下电器(美国)知识产权公司 站、用于站的通信方法和集成电路
US20190007904A1 (en) * 2017-06-30 2019-01-03 Qualcomm Incorporated Wake-up radio frame formats and device communications
US11051246B2 (en) * 2018-02-26 2021-06-29 Qualcomm Incorporated Addressing for wake-up radio (WUR) frames in WUR device communications
US20190200278A1 (en) * 2018-03-02 2019-06-27 Ido Ouzieli Enhanced beacon frames in wireless communications
US10958416B2 (en) * 2018-11-26 2021-03-23 International Business Machines Corporation Encrypted and compressed data transmission with padding
US11824980B2 (en) * 2019-08-27 2023-11-21 Intel Corporation Enhanced security for multi-link wireless operations
JP2025518809A (ja) * 2022-06-03 2025-06-19 エルジー エレクトロニクス インコーポレイティド 無線lanシステムにおいて拡張された帯域幅のための動作モードを指示する方法及び装置

Also Published As

Publication number Publication date
WO2025151279A3 (fr) 2025-10-23

Similar Documents

Publication Publication Date Title
US12250741B2 (en) Security for multi-link operation in a wireless local area network (WLAN)
US20250358610A1 (en) Multi-link wireless communication security
US12342364B2 (en) Full-duplex access points
US20240305987A1 (en) Wireless packet header protection
US20240073946A1 (en) Packet detection for non-primary channel
US20240298173A1 (en) Secure control information
WO2025151279A2 (fr) Trames de service sécurisées dans des communications sans fil
US20250240624A1 (en) Protecting timing synchronization function values with security parameters
US20250300760A1 (en) Short response feedback
US20250323901A1 (en) End-to-end encrypted transmissions in a wireless mesh network
US20250113393A1 (en) Reconfiguration signaling for seamless roaming
US20250358615A1 (en) Tracking-resistant client indication using bloom filters
US20250158777A1 (en) Indication of medium access control (mac) protocol data unit (mpdu) encoding
US20250088854A1 (en) Frame protection in wireless communications
US20250300916A1 (en) Error correction for increased reliability of data packets
US20250385766A1 (en) Communication with dynamic sub-channel operation
US20250266950A1 (en) Single trigger frame use for trigger based ranging sounding modes
US20250247280A1 (en) Extended long range (elr) physical layer protocol data unit (ppdu) design
US20250279918A1 (en) Enhanced long range physical layer protocol data unit design and numerology
US20250113264A1 (en) Discovery signaling for seamless roaming
US20250386336A1 (en) Communication with dynamic sub-channel operation
US20240098550A1 (en) Increasing transmission control protocol (tcp) throughput by reducing tcp round-trip time (rtt) in a wireless network
WO2024182045A1 (fr) Sécurisation de trames à l'aide d'une protection d'intégrité et d'un chiffrement
KR20250095619A (ko) 무선랜에서 제어 프레임 보호를 위한 장치 및 방법
WO2025183857A1 (fr) Protection de support pour points d'accès partagés dans un accès multiple par répartition dans le temps coordonné