Currently Access Point (AP) needs to join to the Wireless LAN Controller (WLC) before it can serve the wireless clients. AP would communicate with the WLC over CAPWAP-DTLS tunnel. The AP or the WLC, could have become compromised so that they are no longer a trusted entity. For these CAPWAP-DTLS tunnels that can influence how the wireless LAN is deployed, configured, and used, it is important to establish DTLS connections only with the devices that can be verified to be trusted. Currently CAPWAP-DTLS tunnel does not offer a way to understand whether the discovered WLC or connected AP is a trustworthy device or not. The techniques presented herein applies attestation method to CAPWAP-DTLS communication between AP and WLC, wherein CAPWAP-DTLS messages between AP and WLC are extended with extensions that carry Proof of Integrity and intent to validate Proof of Integrity.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
M M, Niranjan, "METHOD TO PROVIDE TRUSTWORTHY BETWEEN ACCESS POINT AND WIRELESS LAN CONTROLLER", Technical Disclosure Commons, (March 23, 2022)