Wi-fi privacy in a wireless station using media access control address randomization

What is claimed is: 1 . A method for wireless communication at a wireless station, comprising: determining a first media access control (MAC) address associated with over-the-air (OTA) communications between the wireless station and an access point during a communication session; determining a second MAC address associated with backend communications via the access point during the communication session; and communicating the first MAC address and the second MAC address to the access point via a secure channel. 2 . The method of claim 1 , further comprising: generating a random MAC address, the random MAC address comprising a third MAC address, wherein the third MAC address is used as a source address prior to communicating the first MAC address and the second MAC address to the access point via the secure channel. 3 . The method of claim 1 , further comprising: generating a random MAC address, the random MAC address comprising the first MAC address; and transmitting at least one message to the access point comprising the random MAC address via the secure channel. 4 . The method of claim 1 , further comprising: performing, with the access point, a security association process to establish the secure channel. 5 . The method of claim 4 , further comprising: transmitting information indicative of the first MAC address and the second MAC address to the access point in a message 4 of the security association process, wherein the security association process is a 4-way handshake procedure, wherein the first MAC address and the second MAC address are encrypted. 6 . The method of claim 4 , further comprising: transmitting information indicative of the first MAC address and the second MAC address to the access point in a message 1 of the security association process, wherein the security association process is a 2-way handshake procedure. 7 . The method of claim 1 , further comprising: receiving a data frame from the access point during the communication session, the data frame comprising information indicative of the first MAC address; replacing the first MAC address in the data frame with the second MAC address; and decoding the data frame based at least in part on the second MAC address. 8 . The method of claim 1 , further comprising: identifying a data frame to be transmitted to the access point during the communication session, the data frame comprising information indicative of the second MAC address; replacing the second MAC address in the data frame with the first MAC address; and transmitting the data frame to the access point using the first MAC address as a source address. 9 . The method of claim 1 , further comprising: receiving a data frame from the access point during the communication session, the data frame comprising a MAC frame having the second MAC address as a destination address being encapsulated with a MAC frame header having the first MAC address as a destination address; removing the MAC frame encapsulating the second MAC address; and decoding the data frame based at least in part on the second MAC address. 10 . The method of claim 1 , further comprising: identifying a data frame to be transmitted to the access point during the communication session; encapsulating a MAC frame having the second MAC address as a destination address using a MAC frame header having the first MAC address as a destination address; and transmitting the data frame to the access point, the data frame comprising the encapsulated MAC frame. 11 . The method of claim 1 , wherein the second MAC address is valid for the communication session. 12 . The method of claim 11 , further comprising: deriving the second MAC address based at least in part on a pairwise master key known by the wireless station and the access point. 13 . The method of claim 1 , wherein the first MAC address is valid for the communication session. 14 . The method of claim 1 , further comprising: changing the first MAC address during the communication session based at least in part on a pairwise master key known by both the wireless station and the access point. 15 . The method of claim 1 , wherein the second MAC address is a permanent MAC address of the wireless station. 16 . An apparatus for wireless communication, comprising: a processor; memory in electronic communication with the processor; and instructions being stored in the memory, the instructions being executable by the processor to: determine a first media access control (MAC) address associated with over-the-air (OTA) communications between a wireless station and an access point during a communication session; determine a second MAC address associated with backend communications via the access point during the communication session; and communicate the first MAC address and the second MAC address to the access point via a secure channel. 17 . The apparatus of claim 16 , further comprising instructions executable by the processor to: generate a random MAC address, the random MAC address comprising a third MAC address, wherein the randomly generated third MAC address is used as a source address prior to communicating the first MAC address and the second MAC address to the access point via the secure channel. 18 . The apparatus of claim 16 , further comprising instructions executable by the processor to: generate a random MAC address, the random MAC address comprising the first MAC address; and transmit at least one message to the access point comprising the random MAC address via the secure channel. 19 . The apparatus of claim 16 , further comprising instructions executable by the processor to: perform, with the access point, a security association process to establish the secure channel. 20 . The apparatus of claim 19 , further comprising instructions executable by the processor to: transmit information indicative of the first MAC address and the second MAC address to the access point in a message 4 of the security association process, wherein the security association process is a 4-way handshake procedure, wherein the first MAC address and the second MAC address are encrypted. 21 . The apparatus of claim 16 , further comprising instructions executable by the processor to: receive a data frame from the access point during the communication session, the data frame comprising information indicative of the first MAC address; replace the first MAC address in the data frame with the second MAC address; and decode the data frame based at least in part on the second MAC address. 22 . The apparatus of claim 16 , further comprising instructions executable by the processor to: identify a data frame to be transmitted to the access point during the communication session, the data frame comprising information indicative of the second MAC address; replace the second MAC address in the data frame with the first MAC address; and transmit the data frame to the access point using the first MAC address as a source address. 23 . The apparatus of claim 16 , further comprising instructions executable by the processor to: receive a data frame from the access point during the communication session, the data frame comprising a MAC frame having the second MAC address as a destination address being encapsulated with a MAC frame header having the first MAC address as a destination address; remove the MAC frame encapsulating the second MAC address; an