JP2023104494A - Unauthorized access point detection system, access point, method, and program - Google Patents

Abstract

To provide an unauthorized access point detection system or the like that can contribute to monitoring unauthorized access points in a wide range at low cost.SOLUTION: A first authorized access point comprises a radio connection unit that acquires identification information related to the other access point when a password related to the same identification information as itself is transmitted to the other access point and radio connection is successful, and a request transmission unit that transmits request information including the acquired identification information to the second authorized access point. The second authorized access point includes an analysis unit that analyzes whether the other access point related to the identification information included in the request information is an unauthorized access point on the basis of a management database in which permission or rejection of the identification information related to the access point is registered, and an email sending unit that when the other access point is an unauthorized access point, sends an email notifying that effect to a management terminal.SELECTED DRAWING: Figure 7

Description

The present invention relates to an unauthorized access point detection system, an access point, a method, and a program.

In recent years, access points (public wireless LAN (Local Area Network), free Wi-Fi (registered trademark), etc.) are provided in various places (eg, hotels, restaurants, convenience stores, airports, etc.). In such places, the SSID (Service Set Identifier: sometimes called ESSID (Extended Service Set Identifier)) and password for using the access point are disclosed to users. Under such circumstances, a malicious service provider may install an unauthorized access point with the same SSID and password as the SSID and password of an authorized access point. By connecting a terminal to the unauthorized access point, there is a risk that the information of the terminal will be extracted and misused. Since access points are now easy to install, the risk of rogue access points is likely to increase in the future. Therefore, methods for detecting unauthorized access points have been proposed (see Patent Documents 1 to 3, for example).

For example, in Patent Literature 1, a management terminal that manages wireless LAN devices within a LAN is used to register regular wireless LAN devices (BSSID (Basic Service Set Identifier), ESSID, flag) in a list, and a beacon of the wireless LAN device is registered. is obtained, the beacon information (including BSSID and ESSID) of the beacon and the list are used to discriminate unauthorized wireless LAN devices, and the result of the discrimination is notified to the person in charge of management.

Further, in Patent Document 2, when another access point that transmits the same identification information as the specific identification information transmitted by the authorized access point is detected from the received signal using the authorized access point, the detected Wireless communication is performed with another access point using a second MAC address different from the first MAC address for performing wireless communication with a wireless communication terminal under the control of the authorized access point, and the other access point receives a password. or when it is detected that the authentication method of the other access point is different from the authentication method of the legitimate access point, the other access point is detected as an unauthorized access point and the authentication of the other access point is performed. A method of transmitting information to a management device is disclosed.

Further, in US Pat. No. 5,400,000, a detector in a wireless local area network receives a beacon frame containing a sequence number and a MAC address, and the beacon frame is transmitted over the wireless local area network by one or more access points. , a method is disclosed in which sequence numbers and MAC addresses of received beacon frames are analyzed (pre-registered sequence numbers and MAC addresses) in a detector to detect counterfeit access points in a wireless local area network.

JP 2019-129434 A JP 2017-168909 Special Table No. 2005-522120

The following analysis is given by the inventors.

However, in the method of Patent Literature 1, since a management terminal is added separately from the wireless LAN device, a large number of management terminals are required to monitor unauthorized access points over a wide range, resulting in high cost. Moreover, in the method of Patent Document 2, in order to monitor unauthorized access points over a wide area, it is necessary that all authorized access points in the area have a function to detect unauthorized access points, so the cost is high. It takes Furthermore, the method of Patent Document 3 requires a large number of detectors to monitor unauthorized access points over a wide area, which is costly.

A main object of the present invention is to provide an unauthorized access point detection system, an access point, a method, and a program that can contribute to monitoring unauthorized access points in a wide range at low cost.

In an unauthorized access point detection system according to a first aspect, a plurality of authorized access points and a management terminal are communicably connected via a network, and an unauthorized access point is detected by one of the plurality of authorized access points. an unauthorized access point detection system configured to send an e-mail notifying the existence of the unauthorized access point to the management terminal, wherein one or a plurality of first authorized access points among the plurality of authorized access points; transmits to another access point a password associated with the same identification information as the first authorized access point itself, attempts wireless connection with the other access point, and establishes wireless connection with the other access point. a wireless connection unit configured to acquire identification information related to the other access point from the other access point when the connection is successful; when the identification information relating to the access point is acquired, the request information including the identification information relating to the other access point is sent to a first access point out of the plurality of authorized access points that is different from the first authorized access point a request transmission unit configured to transmit to two authorized access points, wherein the second authorized access point is registered with data indicating whether or not the identification information related to the access point is an allowable access point. a management database; and an analysis unit configured to analyze whether or not the other access point associated with the identification information included in the request information is the unauthorized access point based on the management database. and a mail sending unit configured to send a mail notifying the existence of the unauthorized access point to the management terminal when the other access point is determined to be the unauthorized access point.

An access point according to a second aspect (corresponding to a first authorized access point) is connected to a plurality of authorized access points and a management terminal so as to be communicable via a network, and any of the plurality of authorized access points One or a plurality of predetermined access points out of the plurality of authorized access points in the unauthorized access point detection system configured to send an email notifying the existence of the unauthorized access point to the management terminal when the unauthorized access point is detected. An access point (corresponding to a first authorized access point) that transmits a password related to the same identification information as the predetermined access point itself to another access point to establish a wireless connection with the other access point and the predetermined request information including the identification information of the other access point is received from the plurality of authorized access points when the wireless connection unit of the access point acquires the identification information of the other access point a request transmitting unit configured to transmit to another predetermined access point (corresponding to a second authorized access point) different from the predetermined access point.

An access point according to a third aspect (corresponding to a second authorized access point) is connected to a plurality of authorized access points and a management terminal via a network so as to be able to communicate therewith, and at any one of the plurality of authorized access points any one of the plurality of authorized access points in the unauthorized access point detection system configured to send an email notifying the existence of the unauthorized access point to the management terminal when the unauthorized access point is detected; an access point (equivalent to a second authorized access point) in which data indicating whether or not the predetermined access point is an access point that permits identification information relating to the access point is registered; identification information included in request information from another prescribed access point (corresponding to a first authorized access point) different from the prescribed access point among the plurality of authorized access points, based on a management database; an analysis unit configured to analyze whether or not another access point is the unauthorized access point; and an analysis unit configured to analyze whether the other access point is the unauthorized access point; and a mail sending unit configured to send a mail notifying of its existence to the management terminal.

An unauthorized access point detection method according to a fourth aspect, wherein a plurality of authorized access points and a management terminal are communicably connected via a network, and an unauthorized access point is detected by one of the plurality of authorized access points. An unauthorized access point detection method for detecting the unauthorized access point using an unauthorized access point detection system configured to send an email notifying the existence of the unauthorized access point to the management terminal when the plurality of One or a plurality of first authorized access points out of the authorized access points transmits a password related to the same identification information as the first authorized access point itself to other access points, so as to communicate with the other access points. and obtaining identification information related to the other access point from the other access point when the wireless connection with the other access point is successful; and wherein, when the first authorized access point acquires the identification information related to the other access point, the request information including the identification information related to the other access point is sent to one of the plurality of authorized access points. a step of transmitting to a second authorized access point different from the first authorized access point; and registration of data indicating whether or not the identification information of the access point is an allowable access point at the second authorized access point. a step of analyzing whether or not the other access point associated with the identification information included in the request information is the unauthorized access point based on the management database; and sending an e-mail notifying the existence of the unauthorized access point to the management terminal when another access point is determined to be the unauthorized access point.

A program according to a fifth aspect (program for a first authorized access point) connects a plurality of authorized access points and a management terminal so as to be communicable via a network, Predetermined access to one or more of the plurality of authorized access points in an unauthorized access point detection system configured to send an email notifying the existence of the unauthorized access point to the management terminal when the access point is detected. A program that causes a point (equivalent to a first authorized access point) to execute a process of detecting the unauthorized access point, in which a password related to the same identification information as the predetermined access point itself is issued to another access point. to attempt wireless connection with the other access point, and to obtain identification information related to the other access point from the other access point when the wireless connection with the other access point is successful. and when the wireless connection unit of the predetermined access point acquires the identification information related to the other access point, the request information including the identification information related to the other access point is sent to the plurality of a process of transmitting to one of the authorized access points different from the prescribed access point (equivalent to a second authorized access point), and the prescribed access point (equivalent to a first authorized access point) ) to run.

A program according to a sixth aspect (a program for a second authorized access point) connects a plurality of authorized access points and a management terminal so as to be communicable via a network, Predetermined access to any one of the plurality of authorized access points in an unauthorized access point detection system configured to send an email notifying the existence of the unauthorized access point to the management terminal when the access point is detected A program that causes a point (equivalent to a second authorized access point) to execute a process for detecting an unauthorized access point, and registers data as to whether or not the access point is an allowable access point for the identification information related to the access point. identification information included in request information from another prescribed access point (corresponding to a first authorized access point) different from the prescribed access point among the plurality of authorized access points, based on a management database; a process of analyzing whether or not another access point is the unauthorized access point; and a process of transmitting to the management terminal are executed by the predetermined access point (corresponding to the second authorized access point).

Note that the program can be recorded in a computer-readable storage medium. The storage medium can be non-transient such as semiconductor memory, hard disk, magnetic recording medium, optical recording medium, and the like. The present disclosure may also be embodied as a computer program product. A program is input to a computer device via an input device or an external communication interface, is stored in a storage device, drives a processor in accordance with predetermined steps or processes, and stages the results of processing including intermediate states as necessary. can be displayed via a display device, or can be communicated with the outside via a communication interface. A computer device for this purpose, as an example, typically includes a processor, a storage device, an input device, a communication interface, and optionally a display device, all of which are connectable to each other by a bus.

According to the first to sixth viewpoints, it is possible to contribute to monitoring unauthorized access points in a wide range at low cost.

1 is a block diagram schematically showing the configuration of an unauthorized access point detection system according to Embodiment 1; FIG. 1 is a block diagram schematically showing an example of a configuration when the unauthorized access point detection system according to Embodiment 1 is applied; FIG. 4 is a table schematically showing the configuration of a management database used in the unauthorized access point detection system according to Embodiment 1; 4 is a table schematically showing the structure of request information used in the unauthorized access point detection system according to the first embodiment; FIG. 4 is a flow chart diagram schematically showing an operation when a first authorized access point is wirelessly connected to an unauthorized access point in the unauthorized access point detection system according to the first embodiment; FIG. 7 is a flow chart diagram schematically showing the operation of the unauthorized access point detection system according to the first embodiment when a second authorized access point is wirelessly connected to an unauthorized access point; FIG. 11 is a block diagram schematically showing the configuration of an unauthorized access point detection system according to Embodiment 2; 3 is a block diagram schematically showing the configuration of hardware resources; FIG.

Hereinafter, embodiments will be described with reference to the drawings. It should be noted that when reference numerals are used in the drawings in this application, they are solely for the purpose of helping understanding, and are not intended to limit the embodiments shown in the drawings. Moreover, the following embodiments are only examples, and do not limit the present invention. Also, connection lines between blocks in drawings and the like referred to in the following description include both bidirectional and unidirectional connections. The unidirectional arrows schematically show the flow of main signals (data) and do not exclude bidirectionality. Furthermore, in the circuit diagrams, block diagrams, internal configuration diagrams, connection diagrams, etc. disclosed in the present application, an input port and an output port exist at the input end and the output end of each connection line, respectively, although not explicitly shown. The input/output interface is the same. The program is executed via a computer device, and the computer device includes, for example, a processor, a storage device, an input device, a communication interface, and optionally a display device. It is configured to be able to communicate with external devices (including computers), whether wired or wireless.

[Embodiment 1]
An unauthorized access point detection system according to the first embodiment will be described with reference to the drawings. FIG. 1 is a block diagram schematically showing the configuration of an unauthorized access point detection system according to the first embodiment. FIG. 2 is a block diagram schematically showing an example of the configuration when the unauthorized access point detection system according to the first embodiment is applied. FIG. 3 is a table schematically showing the configuration of a management database used in the unauthorized access point detection system according to the first embodiment. FIG. 4 is a table schematically showing the configuration of request information used in the unauthorized access point detection system according to the first embodiment.

The unauthorized access point detection system 1 is a system that detects an unauthorized access point 50 using first authorized access points 10A to 10N and a second authorized access point 20 (see FIGS. 1 and 2). In the unauthorized access point detection system 1, the first authorized access points 10A to 10N and the second authorized access point 20 attempt connection with the unauthorized access point 50 having the same SSID and password as their own SSID and password. The unauthorized access point detection system 1 acquires identification information (for example, BSSID including MAC address) related to the unauthorized access point 50 when the connection is successful, and uses the acquired identification information (for example, BSSID and MAC address) for the second authorized access. A search is made to see if there is a match with the identification information registered in the point 20 (for example, the registered MAC address in FIG. 3). In the unauthorized access point detection system 1, if there is no matching identification information (eg, MAC address), or if there is matching identification information (eg, MAC address) but is NG, the second authorized access point 20 manages A mail is sent to the terminal 30 notifying that the unauthorized access point 50 has been detected. The unauthorized access point detection system 1 includes first authorized access points 10A to 10N, a second authorized access point 20, a management terminal 30, and a network .

The first authorized access points 10A to 10N are authorized access points having a function of acquiring identification information (eg, MAC address) related to other access points (unauthorized access points 50, authorized access points) (see FIG. 1 , see FIG. 2). The first authorized access points 10A to 10N do not have the function of analyzing identification information (eg, MAC addresses) related to other access points. Although there are N first regular access points 10A to 10N in FIGS. 1 and 2, at least one should be present. The first authorized access points 10A to 10N are connected to the network 40 by wire so as to be communicable. The first authorized access points 10A to 10N wirelessly connect with the user terminal 60 that has sent the password associated with its own SSID, thereby enabling communication between the user terminal 60 and the network 40. FIG. The first authorized access points 10A to 10N transmit passwords associated with their own SSIDs to other access points and attempt wireless connection with the other access points. When wireless connection with the other access point is successful, the first authorized access points 10A to 10N receive identification information (for example, BSSID including MAC address) related to the other access point from the other access point. The request information including the obtained identification information (eg, BSSID, MAC address) is transmitted to the second authorized access point 20 . The first authorized access points 10A-10N comprise computers including processors, memory, network interfaces and the like. The first authorized access points 10A to 10N virtually include a wireless provision unit 11, a wireless connection unit 12, and a request transmission unit 13 by executing a program in a processor while using memory. can be configured.

The wireless provision unit 11 is a functional unit that provides wireless connection to the user terminal (60 in FIG. 2) that has sent the password associated with the SSID of the first authorized access points 10A to 10N (see FIG. 1). . The SSID and password of the first authorized access points 10A to 10N themselves are registered in the wireless provision unit 11 . The wireless provision unit 11 requests the password associated with the SSID of the first authorized access points 10A to 10N from the user terminal 60, and receives the password associated with the SSID sent from the user terminal 60 and the registered password. The password associated with the SSID is collated, and communication between the user terminal 60 and the network 40 is enabled when they match.

The wireless connection unit 12 periodically (for example, at a time specified in advance) to other access points (unauthorized access points (50 in FIG. 2), authorized access points), the first authorized access points 10A to 10N themselves. is a functional unit that attempts wireless connection with the other access point by transmitting the password associated with the SSID of the access point (see FIG. 1). When wireless connection with the other access point is successful, the wireless connection unit 12 acquires identification information (for example, BSSID including MAC address) related to the other access point from the other access point.

When the wireless connection unit 12 acquires identification information from another access point (for example, a BSSID related to another access point), the request transmission unit 13 transmits the identification information (a MAC address extracted from the BSSID is also acceptable). 4) to the second authorized access point 20 (see FIG. 1). The request information is information requesting the second authorized access point 20 to analyze the identification information included in the request information. For transmission of the request information, for example, HTTP (Hypertext Transfer Protocol) communication can be used, and another communication method different from the communication method used by the wireless provider 11 may be used.

The second authorized access point 20 is an authorized access point having a function of acquiring and analyzing identification information (for example, BSSID, MAC address) related to other access points (unauthorized access points 50, authorized access points) ( 1 and 2). Although one second authorized access point 20 exists in FIGS. 1 and 2, two or more may exist, but it is preferable that the number is smaller than the number of first authorized access points 10A to 10N. The second authorized access point 20 is communicably connected to the network 40 by wire. The second authorized access point 20 wirelessly connects with the user terminal 60 that has sent the password associated with its own SSID, and enables communication between the user terminal 60 and the network 40 . The second authorized access point 20 transmits the password associated with its own SSID to another access point and attempts wireless connection with the other access point. When wireless connection with the other access point is successful, the second authorized access point 20 acquires identification information (for example, BSSID including MAC address) related to the other access point from the other access point. (It is also possible to extract the MAC address from the BSSID). By receiving the request information from the first authorized access points 10A to 10N, the second authorized access point 20 extracts identification information (BSSIDs and MAC addresses of other access points) from the request information. The second authorized access point 20 searches the acquired or extracted identification information (eg, MAC address) for identification information (eg, MAC address) registered in advance in the management database 25 that matches. . If there is no matching identification information (eg, MAC address), or if there is matching identification information (eg, MAC address) but is NG, the second authorized access point 20 manages A mail is sent to the terminal 30 notifying that the unauthorized access point 50 has been detected. If there is no matching identification information (eg, MAC address), the second authorized access point 20 registers the extracted identification information (eg, MAC address) in the management database 25 as NG. The second authorized access point 20 comprises a computer including a processor, memory, network interface and the like. The second authorized access point 20 executes a program in a processor while using a memory to obtain a wireless provision unit 21, a wireless connection unit 22, a request reception unit 23, an analysis unit 24, and a management database 25. , and a mail transmission unit 26 .

The wireless provision unit 21 is a functional unit that provides wireless connection to the user terminal (60 in FIG. 2) that has sent the password associated with the SSID of the second authorized access point 20 itself (see FIG. 1). The SSID and password of the second authorized access point 20 itself are registered in the wireless provision unit 21 . The wireless provision unit 21 requests the password associated with the SSID of the second authorized access point 20 itself from the user terminal 60, and receives the password associated with the SSID sent from the user terminal 60 and the password associated with the registered SSID. The passwords are collated, and communication between the user terminal 60 and the network 40 is enabled when they match.

The wireless connection unit 22 periodically (for example, at a time specified in advance) periodically (for example, at a predetermined time) to other access points (unauthorized access points (50 in FIG. 2), authorized access points), the SSID of the second authorized access point 20 is a functional unit that attempts wireless connection with the other access point by transmitting a password related to the access point (see FIG. 1). When wireless connection with the other access point is successful, the wireless connection unit 22 acquires identification information (for example, BSSID including MAC address) related to the other access point from the other access point.

The request receiving unit 23 is a functional unit that receives request information (see FIG. 4) from the first authorized access points 10A to 10N (see FIG. 1).

Based on the management database 25, the analysis unit 24 analyzes the acquired identification information (for example, the MAC address included in the BSSID) or the identification information (for example, MAC address included in the received request information (see FIG. 4)). address) is an unauthorized access point (50 in FIG. 2) (see FIG. 1). The analysis unit 24 identifies the acquired identification information (for example, the MAC address included in the BSSID) or the identification information (for example, the MAC address) included in the received request information as the identification registered in the management database 25. If the information (for example, the registered MAC address in FIG. 3) is searched and there is a match, and the permission/denial of the identification information (for example, the registered MAC address in FIG. 3) is NG, the unauthorized access point 50 exists. Then judge. The analysis unit 24 identifies the acquired identification information (for example, the MAC address included in the BSSID) or the identification information (for example, the MAC address) included in the received request information as the identification registered in the management database 25. Information (for example, the registered MAC address in FIG. 3) is searched, and if there is no match, it is determined that the unauthorized access point 50 exists, and the identification information (for example, the MAC address) and its permission/denial are NG. Register that there is something in the management database 25 . The analysis unit 24 identifies the acquired identification information (for example, the MAC address included in the BSSID) or the identification information (for example, the MAC address) included in the received request information as the identification registered in the management database 25. Search for information (for example, the registered MAC address in FIG. 3), if there is a match, and if the identification information (for example, the registered MAC address in FIG. 3) is OK, there is no unauthorized access point I judge.

The management database 25 is a database for management in which data indicating whether or not the identification information (registered MAC address in FIG. 3) is an allowable access point (authorized access point) is registered. In the management database 25, identification information (registered MAC address in FIG. 3) and permission/denial (OK/NG) are associated. The management database 25 is registered (or updated) in advance (or when the number of authorized access points is changed) by an operation from the management terminal 30 . In addition, in the management database 25, the identification information (for example, the MAC address included in the BSSID) acquired by the analysis unit 24 or the identification information (for example, the MAC address) included in the received request information, If there is no match with the identification information (for example, the registered MAC address in FIG. 3) registered in the management database 25, the identification information (for example, the MAC address) and its permission/denial are NG. Something is registered.

When the analysis unit 24 determines that the identification information (eg, MAC address) is related to the unauthorized access point (50 in FIG. 2), the mail transmission unit 26 It is a functional unit that sends an e-mail notifying that an unauthorized access point 50 exists to the management terminal 30 associated with a pre-registered e-mail address (see FIG. 1). The e-mail address is registered in the e-mail transmission unit 26 by an operation from the management terminal 30. FIG. In addition to the identification information (eg, MAC address) related to the unauthorized access point 50, the e-mail includes information on whether the identification information (eg, MAC address) is new registration or existing registration, and the identification information (eg, MAC address). For example, information such as identification information related to the second authorized access point 20 from which the MAC address was acquired, and mail sender information (for example, identification information related to the second authorized access point 20) may be included.

The management terminal 30 is a terminal used by an administrator of the unauthorized access point detection system 1 (see FIG. 1). The management terminal 30 is communicably connected (wired connection or wireless connection) to the network 40 . As the management terminal 30, a computer including a processor, a memory, a network interface, etc. can be used. For example, a personal computer, a tablet terminal, a smart phone, etc. can be used. The management terminal 30 has a function of inputting and outputting (including displaying) information. The management terminal 30 can be operated by the administrator to input and transmit the management database 25 registered in the second authorized access point 20 and an e-mail address. The management terminal 30 can receive mail from the second authorized access point 20 and display it.

The network 40 is a wired or wireless communication network that communicably connects the first authorized access points 10A to 10N, the second authorized access point 20, and the management terminal 30 (see FIG. 1). For the network 40, for example, a communication network such as a PAN (Personal Area Network), a LAN (Local Area Network), a MAN (Metropolitan Area Network), a WAN (Wide Area Network), or a GAN (Global Area Network) can be used. .

The unauthorized access point 50 is not a constituent part of the unauthorized access point detection system (1 in FIG. 1), but is an unauthorized access point installed with malicious intent as a parasite on the network 40 of the unauthorized access point detection system 1. (see FIG. 2). The password associated with the same SSID as the password associated with the SSID of any of the authorized access points 10A to 10N and 20 is set for the unauthorized access point 50 . The unauthorized access point 50 is communicably connected to the network 40 by wire. The unauthorized access point 50 establishes wireless connection to the user terminal (60 in FIG. 2) that has sent the password associated with the SSID of any of the authorized access points 10A to 10N, 20 or to the authorized access points 10A to 10N, 20. have the ability to provide The unauthorized access point 50 requests the password associated with the SSID of any of the authorized access points 10A to 10N, 20 from the accessing user terminal 60 or authorized access points 10A to 10N, 20 . The unauthorized access point 50 collates the password associated with the SSID sent from the user terminal 60 or the authorized access points 10A to 10N, 20 with the password associated with the SSID set in the unauthorized access point 50 itself, and they match. Sometimes, the identification information (for example, BSSID, MAC address) related to the unauthorized access point 50 itself is transmitted to the user terminal 60 or the authorized access points 10A to 10N, 20, and the user terminal 60 or the authorized access points 10A to 10N, 20 and network 40.

A user terminal 60 is a terminal used by a user who uses an access point (see FIG. 2). The user terminal 60 is configured to be wirelessly connectable to an access point. For the user terminal 60, for example, a smart phone, a tablet terminal, a notebook personal computer, or the like can be used.

Each access point (10A to 10N, 20, 50) is assigned unique identification information for communication (eg, BSSID, MAC address) different from identification information for communication related to other access points. there is The identification information is transmitted from the access point to the user terminal 60 when wireless connection between the access point and the user terminal 60 is successful.

The operation of the unauthorized access point detection system according to the first embodiment will be described.

First, the operation of the unauthorized access point detection system 1 when wirelessly connecting to the unauthorized access point 50 at any of the first authorized access points 10A to 10N will be described with reference to the drawings. FIG. 5 is a flow chart diagram schematically showing the operation of the unauthorized access point detection system according to the first embodiment when the first authorized access point is wirelessly connected to an unauthorized access point.

First, the second authorized access point 20 is operated from the management terminal 30 in advance (or at the time of change if the number of authorized access points is changed), so that the management database 25 and the e-mail address (related to the management terminal 30 E-mail address) is registered (or updated) (step A1).

Next, the first authorized access point (here, the first authorized access point 10A) periodically (for example, at a predetermined time) transmits the password associated with the SSID of the first authorized access point 10A itself. , attempts wireless connection with another access point (step A2). If wireless connection with another access point cannot be successfully established, it is determined that there is no illegal access point, and the process ends.

When wireless connection with another access point (here, unauthorized access point 50) is successful, unauthorized access point 50 transmits identification information (here, BSSID including MAC address) relating to unauthorized access point 50 itself. It is transmitted to the first authorized access point 10A (step A3).

Next, the first authorized access point 10A acquires the MAC address from the received BSSID by receiving the BSSID from the unauthorized access point 50 (step A4).

Next, the first authorized access point 10A generates request information including the obtained MAC address (step A5).

Next, the first authorized access point 10A transmits the generated request information to the second authorized access point 20 (step A6). Here, the request information can be transmitted by a communication method (for example, HTTP communication) different from the communication method between the first authorized access point 10A and the unauthorized access point 50. FIG.

Next, the second authorized access point 20 acquires the MAC address from the received request information by receiving the request information from the first authorized access point 10A (step A7).

Next, the second authorized access point 20 searches for the obtained MAC address to see if there is a matching identification information (here, the registered MAC address) registered in advance in the management database 25 (step A8). If there is a matching registered MAC address and the permission/denial is OK, it is determined that there is no illegal access point, and the process ends.

If there is no matching registered MAC address, the second authorized access point 20 determines that there is an unauthorized access point 50, and registers (administers) the acquired MAC address and its permission/denial as NG in the management database 25. database 25) (step A9). If there is a matching registered MAC address and the permission is NG, it is determined that there is an unauthorized access point 50, skipping step A9 and proceeding to step A10.

After step A8, the second authorized access point 20 sends an e-mail notifying of the existence of the unauthorized access point 50 to the management terminal 30 associated with the pre-registered e-mail address (step A10), and then ends.

Next, the operation of the unauthorized access point detection system 1 when the second authorized access point 20 is wirelessly connected to the unauthorized access point 50 will be described with reference to the drawings. FIG. 6 is a flowchart diagram schematically showing the operation of the unauthorized access point detection system according to the first embodiment when a second authorized access point is wirelessly connected to an unauthorized access point.

First, the second authorized access point 20 is operated from the management terminal 30 in advance (or at the time of change if the number of authorized access points is changed), so that the management database 25 and the e-mail address (related to the management terminal 30 e-mail address) is registered (or updated) (step B1).

Next, the second authorized access point 20 periodically (for example, at a predetermined time) transmits the password associated with the SSID of the second authorized access point 20 itself, and attempts wireless connection with other access points. (Step B2). If wireless connection with another access point cannot be successfully established, it is determined that there is no illegal access point, and the process ends.

When wireless connection with another access point (here, unauthorized access point 50) is successful, unauthorized access point 50 transmits identification information (here, BSSID including MAC address) relating to unauthorized access point 50 itself. It is transmitted to the second authorized access point 20 (step B3).

Next, the second authorized access point 20 acquires the MAC address from the received BSSID by receiving the BSSID from the unauthorized access point 50 (step B4).

Next, the second authorized access point 20 searches for the acquired MAC address to see if there is any match with the identification information (registered MAC address here) registered in advance in the management database 25 (step B5). If there is a matching registered MAC address and the permission/denial is OK, it is determined that there is no illegal access point, and the process ends.

If there is no matching registered MAC address, the second authorized access point 20 determines that there is an unauthorized access point 50, and registers (administers) the acquired MAC address and its permission/denial as NG in the management database 25. database 25 is updated (step B6). If there is a matching registered MAC address and the permission is NG, it is determined that there is an unauthorized access point 50, skipping step B6 and proceeding to step B7.

After step B6, the second authorized access point 20 sends an e-mail notifying of the presence of the unauthorized access point 50 to the management terminal 30 associated with the pre-registered e-mail address (step B7), and then ends.

According to the first embodiment, when any of the authorized access points 10A to 10N and 20 successfully establishes a wireless connection with another access point, the identification information related to the other access point obtained from the other access point is sent as the first access point. Since the unauthorized access points 50 are detected by collecting the two authorized access points 20, the configuration of the first authorized access points 10A to 10N can be simplified, and the plurality of authorized access points 10A to 10N, 20 Since it is possible to monitor unauthorized access points 50 over a wide area, it is possible to contribute to monitoring unauthorized access points over a wide area at low cost.

[Embodiment 2]
An unauthorized access point detection system according to the second embodiment will be described with reference to the drawings. FIG. 7 is a block diagram schematically showing the configuration of an unauthorized access point detection system according to the second embodiment.

The unauthorized access point detection system 1 is a system for detecting unauthorized access points. The unauthorized access point detection system 1 has a configuration in which authorized access points 10A to 10N, 20 and a management terminal 30 are connected via a network 40 so as to be communicable. When the unauthorized access point detection system 1 detects an unauthorized access point at any one of the authorized access points 10A to 10N, 20 (for example, the authorized access point 10A), the unauthorized access point detection system 1 sends an email notifying the existence of the unauthorized access point to the management terminal 30. configured to send to The authorized access points 10A-10N, 20 comprise first authorized access points 10A-10N and a second authorized access point 20. FIG.

Each of the first authorized access points 10A-10N includes a wireless connection section 12 and a request transmission section 13. FIG. The wireless connection unit 12 transmits a password related to the same identification information as the first authorized access points 10A to 10N to other access points, attempts wireless connection with the other access points, and is configured to acquire identification information related to the other access point from the other access point when the wireless connection with the other access point is successful. When the wireless connection unit 12 acquires the identification information of another access point, the request transmission unit 13 transmits the request information including the identification information of the other access point to the second authorized access point 20. is configured to

The second authorized access point 20 includes a management database 25 , an analysis section 24 and a mail transmission section 26 . In the management database 25, data indicating whether or not the access point is an allowable access point is registered with respect to the identification information related to the access point. The analysis unit 24 is configured to analyze whether or not another access point related to the identification information included in the request information is an unauthorized access point based on the management database 25 . The mail sending unit 26 is configured to send an email notifying the existence of the unauthorized access point to the management terminal 30 when another access point is determined to be an unauthorized access point.

According to the second embodiment, when any one of the first authorized access points 10A to 10N successfully establishes a wireless connection with another access point, the identification information related to the other access point obtained from the other access point is transmitted to the first authorized access point. Since unauthorized access points are detected by collecting them into two authorized access points 20, the configuration of the first authorized access points 10A to 10N can be simplified, and unauthorized access points can be detected over a wide range by the first authorized access points 10A to 10N. Since the access point 50 can be monitored, it is possible to contribute to monitoring unauthorized access points in a wide range at low cost.

The access point in the unauthorized access point detection system according to the first and second embodiments can be configured to include so-called hardware resources (information processing device, computer). can be used. For example, hardware resource 100 includes processor 101 , memory 102 , network interface 103 , etc. interconnected by internal bus 104 .

Note that the configuration shown in FIG. 8 is not intended to limit the hardware configuration of the hardware resource 100 . The hardware resource 100 may include hardware not shown (for example, an input/output interface). Alternatively, the number of units such as the processors 101 included in the device is not limited to the illustration in FIG. For the processor 101, for example, a CPU (Central Processing Unit), MPU (Micro Processor Unit), GPU (Graphics Processing Unit), or the like can be used.

For the memory 102, for example, RAM (RandoMACcess Memory), ROM (Read Only Memory), HDD (Hard Disk Drive), SSD (Solid State Drive), etc. can be used.

For the network interface 103, for example, a LAN (Local Area Network) card, network adapter, network interface card, or the like can be used.

The functions of the hardware resource 100 are implemented by the processing modules described above. The processing module is implemented by the processor 101 executing a program stored in the memory 102, for example. Also, the program can be downloaded via a network or updated using a storage medium storing the program. Furthermore, the processing module may be realized by a semiconductor chip. In other words, the functions performed by the above processing modules may be realized by executing software in some kind of hardware.

Some or all of the above embodiments may also be described in the following appendices, but are not limited to the following.

[Appendix 1]
A plurality of authorized access points and a management terminal are communicably connected via a network, and when an unauthorized access point is detected by any of the plurality of authorized access points, an e-mail notifying the existence of the unauthorized access point is sent. A rogue access point detection system configured to transmit to a management terminal,
One or more first authorized access points among the plurality of authorized access points,
A password associated with the same identification information as that of the first authorized access point itself is transmitted to another access point to attempt wireless connection with the other access point, and wireless connection with the other access point is attempted. a wireless connection unit configured to, when successful, obtain identification information associated with the other access point from the other access point;
When the wireless connection unit of the first authorized access point acquires the identification information related to the other access point, request information including the identification information related to the other access point is transmitted to the plurality of authorized access points. a request transmission unit configured to transmit to a second authorized access point different from the first authorized access point of
with
The second authorized access point,
A management database in which data indicating whether or not an access point is an allowable access point for identification information related to an access point is registered;
an analysis unit configured to analyze whether or not the other access point associated with the identification information included in the request information is the unauthorized access point, based on the management database;
an email sending unit configured to send an email notifying the existence of the unauthorized access point to the management terminal when the other access point is determined to be the unauthorized access point;
comprising
Rogue access point detection system.
[Appendix 2]
The second authorized access point transmits a password related to the same identification information as the second authorized access point itself to another access point, attempts wireless connection with the other access point, and further comprising a wireless connection unit configured to acquire identification information related to the other access point from the other access point when the wireless connection with the access point is successful;
The analysis unit analyzes whether or not the other access point related to the identification information acquired by the wireless connection unit of the second authorized access point is the unauthorized access point, based on the management database. configured as
The unauthorized access point detection system according to appendix 1.
[Appendix 3]
the analysis unit determines that the unauthorized access point exists when the identification information related to the other access point does not match the identification information registered in the management database;
The unauthorized access point detection system according to appendix 1 or 2.
[Appendix 4]
The analysis unit registers the identification information relating to the other access point in the management database as an unacceptable access point when there is no match with the identification information registered in the management database. configured to
An unauthorized access point detection system according to any one of Appendices 1 to 3.
[Appendix 5]
The analysis unit determines that the identification information related to the other access point includes identification information that matches the identification information registered in the management database and is registered in the management database as an unacceptable access point. is configured to determine that the rogue access point exists if
An unauthorized access point detection system according to any one of Appendices 1 to 4.
[Appendix 6]
The request transmission unit is configured to transmit the request information to the second authorized access point by HTTP communication.
An unauthorized access point detection system according to any one of Appendices 1 to 5.
[Appendix 7]
the identification information related to the other access point is a MAC address or BSSID;
An unauthorized access point detection system according to any one of Appendices 1 to 6.
[Appendix 8]
The request transmission unit is configured to transmit the request information to the second authorized access point by a communication method different from a communication method between the first authorized access point and the other access point.
An unauthorized access point detection system according to any one of Appendices 1 to 7.
[Appendix 9]
The analysis unit determines that the identification information related to the other access point includes identification information that matches the identification information registered in the management database and is registered in the management database as an allowable access point. is configured to determine that the rogue access point does not exist if
An unauthorized access point detection system according to any one of Appendices 1 to 8.
[Appendix 10]
A plurality of authorized access points and a management terminal are communicably connected via a network, and when an unauthorized access point is detected by any of the plurality of authorized access points, an e-mail notifying the existence of the unauthorized access point is sent. One or a plurality of predetermined access points (corresponding to a first authorized access point) among the plurality of authorized access points in an unauthorized access point detection system configured to transmit to a management terminal,
A password associated with the same identification information as the predetermined access point itself is transmitted to another access point to attempt wireless connection with the other access point, and the wireless connection with the other access point is successful. a wireless connection unit configured to acquire identification information related to the other access point from the other access point when the
When the wireless connection unit of the predetermined access point acquires the identification information related to the other access point, the request information including the identification information related to the other access point is sent to the plurality of authorized access points. a request transmission unit configured to transmit to another predetermined access point (corresponding to a second authorized access point) different from the predetermined access point of the request transmission unit;
comprising
Access point (equivalent to first regular access point).
[Appendix 11]
A plurality of authorized access points and a management terminal are communicably connected via a network, and when an unauthorized access point is detected by any of the plurality of authorized access points, an e-mail notifying the existence of the unauthorized access point is sent. Any one predetermined access point (corresponding to a second authorized access point) among the plurality of authorized access points in an unauthorized access point detection system configured to transmit to a management terminal,
The predetermined access point is
A management database in which data indicating whether or not an access point is an allowable access point for identification information related to an access point is registered;
identification information included in request information from another prescribed access point (corresponding to a first authorized access point) different from the prescribed access point among the plurality of authorized access points, based on the management database; an analysis unit configured to analyze whether the other access point is the unauthorized access point;
an email sending unit configured to send an email notifying the existence of the unauthorized access point to the management terminal when the other access point is determined to be the unauthorized access point;
comprising
Access point (equivalent to second regular access point).
[Appendix 12]
A plurality of authorized access points and a management terminal are communicably connected via a network, and when an unauthorized access point is detected by any of the plurality of authorized access points, an e-mail notifying the existence of the unauthorized access point is sent. An unauthorized access point detection method for detecting the unauthorized access point using an unauthorized access point detection system configured to transmit to a management terminal,
At one or a plurality of first authorized access points among the plurality of authorized access points, a password related to the same identification information as the first authorized access point itself is transmitted to other access points, and the other access points Attempting wireless connection with an access point, and acquiring identification information related to the other access point from the other access point when wireless connection with the other access point is successful;
When the first authorized access point acquires the identification information related to the other access point, request information including the identification information related to the other access point is sent to the plurality of access points. transmitting to a second authorized access point different from the first authorized access point among authorized access points;
In the second authorized access point, based on a management database in which data indicating whether or not the access point is an allowable access point is registered for the identification information related to the identification information included in the request information. analyzing whether another access point is the unauthorized access point;
a step of, in the second authorized access point, sending an e-mail notifying the existence of the unauthorized access point to the management terminal when the other access point is determined to be the unauthorized access point;
including,
A rogue access point detection method.
[Appendix 13]
A plurality of authorized access points and a management terminal are communicably connected via a network, and when an unauthorized access point is detected by any of the plurality of authorized access points, an e-mail notifying the existence of the unauthorized access point is sent. An unauthorized access point is detected at one or a plurality of predetermined access points (corresponding to a first authorized access point) among the plurality of authorized access points in an unauthorized access point detection system configured to transmit to a management terminal. A program that executes a process to
A password associated with the same identification information as the predetermined access point itself is transmitted to another access point to attempt wireless connection with the other access point, and the wireless connection with the other access point is successful. a process of acquiring identification information related to the other access point from the other access point when the
When the wireless connection unit of the predetermined access point acquires the identification information related to the other access point, the request information including the identification information related to the other access point is sent to the plurality of authorized access points. A process of transmitting to another predetermined access point (corresponding to a second authorized access point) different from the predetermined access point of the
is executed by the predetermined access point (corresponding to the first authorized access point).
[Appendix 14]
A plurality of authorized access points and a management terminal are communicably connected via a network, and when an unauthorized access point is detected by any of the plurality of authorized access points, an e-mail notifying the existence of the unauthorized access point is sent. Detecting the unauthorized access point at a predetermined access point (corresponding to a second authorized access point) among the plurality of authorized access points in an unauthorized access point detection system configured to transmit to a management terminal A program that executes a process to
Another predetermined access different from the predetermined access point among the plurality of authorized access points based on a management database in which data indicating whether or not the access point is an allowable access point is registered for the identification information related to the access point. a process of analyzing whether or not another access point related to the identification information included in the request information from the point (corresponding to the first authorized access point) is the unauthorized access point;
a process of sending an email notifying the existence of the unauthorized access point to the management terminal when the other access point is determined to be the unauthorized access point;
is executed by the predetermined access point (corresponding to the second authorized access point).

It should be noted that each disclosure of the above patent documents is incorporated herein by reference and can be used as the basis or part of the present invention as necessary. Within the framework of the entire disclosure of the present invention (including claims and drawings), modifications and adjustments of the embodiments and examples are possible based on the basic technical concept thereof. Also, various combinations or selections of various disclosure elements (including each element of each claim, each element of each embodiment or example, each element of each drawing, etc.) within the framework of the full disclosure of the present invention (if necessary not selected) is possible. That is, the present invention naturally includes various variations and modifications that can be made by those skilled in the art according to the entire disclosure including the claims and drawings and the technical idea. Also, with regard to numerical values and numerical ranges described in this application, it is assumed that any intermediate values, sub-numerical values and sub-ranges thereof are described even if not specified. Furthermore, each disclosure item of the above-cited document can be used in combination with the items described in this document as part of the disclosure of the present invention in accordance with the spirit of the present invention, if necessary. are considered to be included in (belong to) the disclosure of the present application.

1 Unauthorized Access Point Detection System 10A to 10N First Authorized Access Point 11 Wireless Provider 12 Wireless Connection Unit 13 Request Transmitter 20 Second Authorized Access Point 21 Wireless Provider 22 Wireless Connector 23 Request Receiver 24 Analysis Unit 25 For Management Database 26 Mail Sending Unit 30 Management Terminal 40 Network 50 Unauthorized Access Point 60 User Terminal 100 Hardware Resources 101 Processor 102 Memory 103 Network Interface 104 Internal Bus

Claims (10)

A plurality of authorized access points and a management terminal are communicably connected via a network, and when an unauthorized access point is detected by any of the plurality of authorized access points, an e-mail notifying the existence of the unauthorized access point is sent. A rogue access point detection system configured to transmit to a management terminal,
One or more first authorized access points among the plurality of authorized access points,
A password associated with the same identification information as that of the first authorized access point itself is transmitted to another access point to attempt wireless connection with the other access point, and wireless connection with the other access point is attempted. a wireless connection unit configured to, when successful, obtain identification information associated with the other access point from the other access point;
When the wireless connection unit of the first authorized access point acquires the identification information related to the other access point, request information including the identification information related to the other access point is transmitted to the plurality of authorized access points. a request transmission unit configured to transmit to a second authorized access point different from the first authorized access point of
with
The second authorized access point,
A management database in which data indicating whether or not an access point is an allowable access point for identification information related to an access point is registered;
an analysis unit configured to analyze whether or not the other access point associated with the identification information included in the request information is the unauthorized access point, based on the management database;
an email sending unit configured to send an email notifying the existence of the unauthorized access point to the management terminal when the other access point is determined to be the unauthorized access point;
comprising
Rogue access point detection system. The second authorized access point transmits a password related to the same identification information as the second authorized access point itself to another access point, attempts wireless connection with the other access point, and further comprising a wireless connection unit configured to acquire identification information related to the other access point from the other access point when the wireless connection with the access point is successful;
The analysis unit analyzes whether or not the other access point related to the identification information acquired by the wireless connection unit of the second authorized access point is the unauthorized access point, based on the management database. configured as
An unauthorized access point detection system according to claim 1. the analysis unit determines that the unauthorized access point exists when the identification information related to the other access point does not match the identification information registered in the management database;
An unauthorized access point detection system according to claim 1 or 2. The analysis unit registers the identification information relating to the other access point in the management database as an unacceptable access point when there is no match with the identification information registered in the management database. configured to
An unauthorized access point detection system according to any one of claims 1 to 3. The analysis unit determines that the identification information related to the other access point includes identification information that matches the identification information registered in the management database and is registered in the management database as an unacceptable access point. is configured to determine that the rogue access point exists if
An unauthorized access point detection system according to any one of claims 1 to 4. The request transmission unit is configured to transmit the request information to the second authorized access point by HTTP communication.
An unauthorized access point detection system according to any one of claims 1 to 5. the identification information related to the other access point is a MAC address or BSSID;
An unauthorized access point detection system according to any one of claims 1 to 6. A plurality of authorized access points and a management terminal are communicably connected via a network, and when an unauthorized access point is detected by any of the plurality of authorized access points, an e-mail notifying the existence of the unauthorized access point is sent. One or more predetermined access points among the plurality of authorized access points in an unauthorized access point detection system configured to transmit to a management terminal,
A password associated with the same identification information as the predetermined access point itself is transmitted to another access point to attempt wireless connection with the other access point, and the wireless connection with the other access point is successful. a wireless connection unit configured to acquire identification information related to the other access point from the other access point when the
When the wireless connection unit of the predetermined access point acquires the identification information related to the other access point, the request information including the identification information related to the other access point is sent to the plurality of authorized access points. a request transmission unit configured to transmit to another predetermined access point different from the predetermined access point of the request transmission unit;
comprising
access point. A plurality of authorized access points and a management terminal are communicably connected via a network, and when an unauthorized access point is detected by any of the plurality of authorized access points, an e-mail notifying the existence of the unauthorized access point is sent. Any one predetermined access point among the plurality of authorized access points in the unauthorized access point detection system configured to transmit to the management terminal,
The predetermined access point is
A management database in which data indicating whether or not an access point is an allowable access point for identification information related to an access point is registered;
Based on the management database, another access point related to identification information included in request information from another predetermined access point different from the predetermined access point out of the plurality of authorized access points may perform the unauthorized access. an analysis unit configured to analyze whether it is a point;
an email sending unit configured to send an email notifying the existence of the unauthorized access point to the management terminal when the other access point is determined to be the unauthorized access point;
comprising
access point. A plurality of authorized access points and a management terminal are communicably connected via a network, and when an unauthorized access point is detected by any of the plurality of authorized access points, an e-mail notifying the existence of the unauthorized access point is sent. An unauthorized access point detection method for detecting the unauthorized access point using an unauthorized access point detection system configured to transmit to a management terminal,
At one or a plurality of first authorized access points among the plurality of authorized access points, a password related to the same identification information as the first authorized access point itself is transmitted to other access points, and the other access points Attempting wireless connection with an access point, and acquiring identification information related to the other access point from the other access point when wireless connection with the other access point is successful;
When the first authorized access point acquires the identification information related to the other access point, request information including the identification information related to the other access point is sent to the plurality of access points. transmitting to a second authorized access point different from the first authorized access point among authorized access points;
In the second authorized access point, based on a management database in which data indicating whether or not the access point is an allowable access point is registered for the identification information related to the identification information included in the request information. analyzing whether another access point is the unauthorized access point;
a step of, in the second authorized access point, sending an e-mail notifying the existence of the unauthorized access point to the management terminal when the other access point is determined to be the unauthorized access point;
including,
A rogue access point detection method.

Images