JP6688191B2 - Detection device, detection method, and detection program for unmanaged wireless transmission station - Google Patents

Description

  The present invention, in a wireless system in which a terminal device selects and connects to a wireless transmission station based on identification information notified from the wireless transmission station to the authentic wireless transmission station (service provider, self-service provider, A non-genuine wireless transmission station mixed with a wireless transmission station (hereinafter referred to as a regular wireless transmission station) managed by an administrator who installs and operates equipment for use by an organization (a malicious malicious station) The present invention relates to a technique for detecting an unmanaged wireless transmission station installed by the three parties (hereinafter referred to as a fake wireless transmission station).

  A public wireless LAN (Local Area Network), for example, is known as a wireless system in which a terminal device wirelessly connects to an unspecified number of wireless transmission stations. In a public wireless LAN, a wireless transmission station (in the case of wireless LAN, a wireless LAN base station (access point)) installed in a building or shop in a town transmits a notification signal (beacon signal) including identification information and the like. In the case of wireless LAN, a terminal device equipped with a wireless LAN function (smartphone, tablet terminal, laptop personal computer, etc.) connects to the wireless LAN base station based on the identification information of the received notification signal, and connects the wireless LAN base station. It is possible to access the Internet via the Internet.

  Here, the notification signal stores information related to the wireless transmission station (including identification information that identifies the wireless transmission station) and is transmitted to peripheral terminal devices at regular intervals (see, for example, Non-Patent Document 1). . At this time, it is possible to set an arbitrary character string as one piece of identification information that identifies the wireless transmission station, and for example, a service name or a store name can be notified by this character string. The use of wireless LAN is not limited to public wireless LAN service as a matter of course, and it is also used at work, at home, etc. At that time, this identification information is used to identify the wireless network to which the user connects. Used.

  A wireless system that uses a BLE (Bluetooth (registered trademark) Low Energy) device is known as a wireless system that detects broadcast information of a wireless transmission station, similar to a wireless LAN. The BLE device has a mechanism for periodically reporting the presence of its own station using an advertisement packet in order to discover a device having a Bluetooth function (for example, see Non-Patent Document 2). In order for the BLE device to provide position information using this mechanism, for example, a BLE beacon can be used (see Non-Patent Document 3, for example). In a BLE system having a BLE master and a BLE slave, the BLE master broadcasts ID (IDentifier) information (identification information) indicating its own station in an advertisement packet. In the BLE system, this advertisement packet is called a beacon frame, and ID information is stored in the AD data (ADvertisement data) field in the advertisement packet. For example, a UUID (Universal Unique Identifier) value and an identifier that complements it are used as the format of the ID information (for example, see Non-Patent Document 3).

IEEE Std 802.11TM-2012 “8.4.2.2 SSID element” BLE Core Version 4.2 (https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=286439) vol.3, p.389 Getting Started with iBeacon (https://developer.apple.com/ibeacon/Getting-Started-with-iBeacon.pdf) p.2-p.3

  FIG. 30 shows an example of a wireless LAN system 900 of a comparative example. In the wireless LAN system 900, the terminal device 902 receives the notification signal transmitted from the regular wireless LAN base station 901a and the wireless LAN base station 901b and the false wireless LAN base station 901z, and the terminal device 902 is either Perform processing to connect to the wireless LAN base station.

  However, in the wireless LAN system 900 shown in FIG. 30, for example, when the fake wireless LAN base station 901z forges an SSID (Service Set Identifier) / ESSID (Enhanced SSID) indicating a service name, a store name, etc. The 902 cannot determine its authenticity, which causes a problem of connecting to a base station having strong reception power (for example, a false wireless LAN base station 901z). Therefore, the installers (service providers) of the regular wireless LAN base stations 901a and 901b are required to have a mechanism for detecting the existence of the wireless LAN base station 901z in which the SSID is disguised. Here, in FIG. 30, a BSSID (Basic Service Set IDentifier) is device-specific information, and for example, a MAC (Media Access Control) address of a wireless LAN base station is used.

  In addition, the installer of the fake wireless LAN base station 901z makes continuous use of the wireless channels used by the regular wireless LAN base stations 901a and 901b difficult to use, or makes the regular wireless LAN base station 901z difficult to use. It is also conceivable that the antennas of 901a and 901b are physically destroyed so that the regular wireless LAN base stations 901a and 901b cannot be used.

  As a method of confirming the authenticity of the connection destination, a method of referring to a server certificate placed in the connection destination authentication server such as EAP-TLS (Extensible Authentication Protocol-Transport Level Security) is known, but all are known. There is a problem that the user of is not always performing such a connection process with a high security level.

  Further, in the case of the BLE system, the terminal device that tries to detect the BLE transmitting station uniquely identifies the BLE transmitting station by the identifier of the broadcast signal transmitted from the BLE transmitting station (a combination of the UUID field and the Major number and the Minor number). Identify. However, it is technically possible to notify arbitrary UUID / Major / Minor information using the BlueTooth transmitter, and install a BLE transmitter station that impersonates the identifier assigned to a store, It is possible to cause the terminal device to perform an erroneous operation. For example, when the terminal device uses the identifier of the notification signal as a means for calculating the position information, the false BLE transmitting station can notify the terminal device of the incorrect position.

  As described above, since the fake wireless transmission station gives various problems to the user, the installer of the legitimate wireless transmission station is required to have a mechanism capable of detecting the existence of the fake wireless transmission station.

  As described above, the wireless transmission station to which the terminal device is trying to connect is not necessarily a reliable wireless transmission station (genuine wireless transmission station), and a malicious third party steals information from the terminal device. There is a possibility that it is a fake wireless transmission station installed in. Alternatively, there may be another base station in which a similar character string is set in the identification information. Here, in the IEEE802.11 wireless LAN standard, an arbitrary character string can be stored in the SSID information element included in the beacon frame. The SSID information element is extended and is also referred to as ESSID (Extended Service Set Identifier), but in this specification, it is referred to as SSID. In this case, characters that suggest the service name, store name, building name, floor information, etc. in the public wireless LAN service in the SSID information element included in the beacon frame transmitted from the wireless LAN base station (access point) installed in the city Even if the row is stored, there arises a problem that the credibility of whether or not the access point is installed by a reliable service provider, store owner, building owner, or the like cannot be guaranteed. In addition to public services, there is a risk that malicious and fake wireless LAN base stations will be installed when using wireless LAN in offices and the like. In the present specification, the measures against the problem are mainly described by taking the use of public services as an example, but naturally, it can be applied to wireless LANs in general.

  In view of the above problem, in the present invention, based on the identification information of the notification signal transmitted from the wireless transmission station, it is confirmed whether the wireless transmission station is a reliable wireless transmission station, and easily detects a fake wireless transmission station. It is an object of the present invention to provide a detection device, a detection method, and a detection program for a wireless transmission station that can perform

A detection apparatus according to a first aspect of the present invention includes a reception unit that receives a notification signal notified from a wireless transmission station, and an acquisition unit that acquires information related to the wireless transmission station included in the notification signal received by the reception unit. comparing section, the number of radio transmission station the acquisition unit has a predetermined identifier obtained from the information obtained from the broadcast signal, and the number of the first radio transmission station having said predetermined identifier to be managed to, a detector for detecting the presence of different unmanaged second radio transmission station and said first radio transmission station, when the detecting unit detects the presence of the second radio transmission station, And a notification unit that notifies the outside of the information indicating that the presence of the second wireless transmission station has been detected.

A detection device according to a second aspect of the present invention is a plurality of receiving units that receive a notification signal notified from a wireless transmission station, and information related to the wireless transmission station included in the notification signals received by the plurality of receiving units. Comparing the information acquired by the acquisition unit and the information acquired from the notification signal by the acquisition unit with the information indicating the first wireless transmission station to be managed, and managing different from the first wireless transmission station. A detection unit for detecting the presence of an external second wireless transmission station, and the presence of the second wireless transmission station being detected when the detection unit detects the presence of the second wireless transmission station. the and a notification section that notifies the external information indicating the information related to the wireless transmitting station which the acquisition unit acquires the reception direction of the information of the reception level information and the broadcast signal of the broadcast signal wherein, the detecting unit, based on the information acquired by the acquiring unit There are, and detects a direction which is installed with the presence of the second radio transmission station.

Detection method according to the third invention, an acquisition process of acquiring the information related to the wireless transmission station included in the broadcast signal to be broadcast from the received radio transmission station by the receiving unit, the notification by the obtaining processing The first wireless transmission is performed by comparing the number of wireless transmission stations having a predetermined identifier obtained from the information acquired from the signal with the number of first wireless transmission stations having the predetermined identifier to be managed. a detection process for detecting the presence of different unmanaged second radio transmission station and the station, upon detecting the presence of the second radio transmission station in the detection process, the presence of the second radio transmission station There and executes a notification process of notifying the information indicating that it has been detected to the outside.

A detection method according to a fourth aspect of the present invention is an acquisition process for acquiring information related to the wireless transmission station included in a broadcast signal received from a plurality of reception units and broadcast by the wireless transmission station; The presence of an unmanaged second wireless transmission station different from the first wireless transmission station is detected by comparing information acquired from the notification signal with information indicating the first wireless transmission station to be managed. And a notification process of notifying the outside of information indicating that the presence of the second wireless transmission station is detected when the presence of the second wireless transmission station is detected in the detection process. run, associated with the wireless transmitting station acquired in the acquisition process information includes the receiving direction of the information of the reception level information and the broadcast signal of the broadcast signal, in the detection process, acquired by the acquisition process based on the information, the first And detecting the direction of the with the presence of the radio transmission station is installed.

Detection program according to the fifth invention is characterized Rukoto to execute each processing on a computer running in a detection method according to the third or fourth invention.

  The detection device, the detection method, and the detection program for a wireless transmission station according to the present invention, based on the identification information of the notification signal transmitted from the wireless transmission station, confirms whether or not the wireless transmission station is reliable, and easily False wireless transmitter stations can be detected. Further, the detection device can easily detect a fake wireless transmission station without being limited to the model and function of the wireless transmission station.

It is a figure which shows an example of the wireless system which concerns on 1st Embodiment. It is a figure which shows an example of a wireless LAN system. It is a figure which shows the hardware of a detection apparatus, and the structural example of software. It is a figure which shows the process example of a detection program. It is a figure which shows an example of the wireless LAN system which speeds up and simplifies a detection process. It is a figure which shows an example of a BLE system. It is a figure which shows the example of a method of setting a transmission station list in a radio station information management unit. It is a figure which shows an example of the radio system which concerns on 2nd Embodiment. It is a figure which shows an example of a wireless LAN system. It is a figure which shows the process example of a detection program. It is a figure which shows an example of the method of setting the information of the number of wireless transmission stations. It is a figure which shows an example of the detection apparatus which produces | generates a transmission station list automatically. It is a figure which shows an example of a wireless LAN system. It is a figure which shows an example of the process which a launcher part starts. It is a figure which shows an example of the notification method when a false wireless transmission station is detected. It is a figure which shows an example of the detection apparatus which estimates the installation direction of a false radio transmitter station. It is a figure which shows the specific example of the detection apparatus shown in FIG. It is a figure which shows the modification of the detection apparatus shown in FIG. It is a figure which shows an example in case there are multiple monitoring target areas. It is a figure which shows the example of application to a wireless LAN. It is a figure which shows an example of the detection method of the wireless transmission station in which the HW address was disguised. It is a figure which shows an example of the transmission interval of a notification signal (beacon). It is a figure which shows an example of the method of detecting a fake wireless transmission station by an information element. It is a figure which shows an example of the method of recording the information of an undetected wireless transmission station. It is a figure which shows an example at the time of performing the process of a wireless station information management part and an unmanaged wireless station detection part with an external device. FIG. 26 is a diagram showing an example of a case where the wireless transmission station shown in FIG. 25 is a wireless LAN base station. It is a figure which shows the example which acquires position information from BLE beacon information. It is a figure which shows the example which acquires position information from GPS information. It is a figure which shows an example of the method of constructing the database of information. It is a figure which shows an example of the wireless LAN system of a comparative example.

Embodiments of a wireless transmission station detection device, a detection method, and a detection program according to the present invention will be described below with reference to the drawings.
(First embodiment)
FIG. 1 shows an example of a wireless system 100 according to the first embodiment. The wireless system 100 of FIG. 1 includes a detection device 102, and in the example of FIG. 1, a legitimate wireless transmission station 101a and a wireless transmission station 101b to be managed and a fake wireless transmission station 101z that is not managed are arranged. Indicates that The detection device 102 receives a notification signal transmitted from the wireless transmission station 101a, the wireless transmission station 101b, and the wireless transmission station 101z, and detects a false wireless transmission station. Here, the detection device 102 will be described as a dedicated independent device that receives a notification signal from a wireless transmission station such as a wireless LAN base station or a BLE transmission station and detects a false wireless transmission station. A general-purpose device having a receivable wireless function may be used. For example, it can also be realized by a personal computer having a wireless function capable of receiving a notification signal and a program (detection program), and a program for detecting a false wireless transmission station is recorded in a recording medium and distributed, or May be distributed on the network. Further, as the wireless device other than the personal computer, the detection device 102 can be realized by, for example, a smartphone. In this case, a smartphone application (detection program) is downloaded from the network and installed on the smartphone. Then, by starting the application on the smartphone, the smartphone functions as the detection device 102. Accordingly, the notification signal received by the smartphone can be monitored by the smartphone's Bluetooth function or Wifi function, and a false wireless transmission station can be detected. Then, when a fake wireless transmission station is detected, the smart phone can notify the service provider or the like via the LTE (Long Term Evolution (registered trademark)) network.

  In FIG. 1, the wireless transmission station 101a has an identifier of aaa and an HW (Hard Ware) address of xx: xx: xx: xx: xx: xx. The wireless transmission station 101b has an identifier of aaa and an HW address of yy: yy: yy: yy: yy: yy. The wireless transmission station 101z has an identifier of aaa and an HW address of zz: zz: zz: zz: zz: zz. Here, the identifier is information for identifying, for example, a service name or a store name, and corresponds to SSID (or ESSID) in the case of wireless LAN. The HW address is unique information that differs for each wireless transmission station. In the case of wireless LAN, the HW address corresponds to BSSID, and the MAC address of the wireless interface is generally used. In general, x, y, and z are assumed to be hexadecimal numbers from 0 to F.

  In FIG. 1, the detection device 102 includes a wireless reception unit 201, a wireless notification information acquisition unit 202, a wireless station information management unit 203, an unmanaged wireless station detection unit 204, and a launcher unit 205.

  The wireless reception unit 201 has a wireless reception circuit that complies with, for example, the IEEE 802.11 wireless LAN standard or the BLE standard, and periodically receives a notification signal.

  The wireless notification information acquisition unit 202 acquires identification information (identifier, HW address, etc.) included in the notification signal received by the wireless reception unit 201.

  The wireless station information management unit 203 manages a list (transmitting station list 150) indicating the correspondence between the identifier of a reliable and authentic wireless transmitting station and the HW address.

  The unmanaged wireless station detection unit 204 creates a list 151 indicating the correspondence between the received wireless transmission station identifier and the HW address, based on the identification information acquired by the wireless notification information acquisition unit 202. Then, the unmanaged wireless station detection unit 204 compares the transmission station list 150 managed by the wireless station information management unit 203 and the received wireless transmission station list 151, and detects a false wireless transmission station for the identifier aaa to be confirmed. Check for the presence. In the example of FIG. 1, the unmanaged wireless station detection unit 204 determines that the wireless transmission station 101z with the HW address = zz: zz: zz: zz: zz: zz in the received wireless transmission station list 151 is in the transmission station list 150. Since there is none, the wireless transmission station 101z determines that there is a suspicion of a false wireless transmission station. Then, when the unmanaged wireless station detection unit 204 detects a wireless transmission station whose HW address corresponding to the identifier to be confirmed is not in the transmission station list 150, it launches the launcher unit 205.

  The launcher unit 205, for example, when the detection device 102 has a communication function with an external administrator, a predetermined program when the unmanaged wireless station detection unit 204 detects a wireless transmission station not included in the transmission station list 150 ( Communication function, etc.) to notify the administrator of the existence of a fake wireless transmission station.

In this way, the detection device 102 can detect a fake wireless transmission station and notify the administrator.
[For wireless LAN]
Next, a case where the wireless system 100 described in FIG. 1 is a wireless LAN will be described.

  FIG. 2 shows an example of the wireless LAN system 100. Here, in FIG. 2, the wireless system 100 shown in FIG. 1 is the wireless LAN system 100, the wireless transmission station 101a is the wireless LAN base station 101a, the wireless transmission station 101b is the wireless LAN base station 101b, and the wireless transmission station 101z is the wireless LAN. This will be described as the base station 101z.

  In FIG. 2, the wireless LAN base station 101a has an SSID of aaa and a BSSID of xx: xx: xx: xx: xx: xx. Similarly, the wireless LAN base station 101b has an SSID of aaa and a BSSID of yy: yy: yy: yy: yy: yy, and the wireless LAN base station 101z has an SSID of aaa and a BSSID of zz: zz: zz: zz. : zz: zz.

  The detection device 102 has the same configuration as the detection device 102 shown in FIG. 1, but has a wireless LAN function in the example of FIG.

  The wireless reception unit 201 has a wireless reception circuit that complies with the wireless LAN standard of IEEE 802.11, and receives a notification signal at regular intervals.

  The wireless notification information acquisition unit 202 acquires identification information (SSID, BSSID, etc.) included in the notification signal received by the wireless reception unit 201.

  The wireless station information management unit 203 manages the transmitting station list 150 showing the correspondence between the SSID and BSSID of a reliable and authentic wireless LAN base station.

  The unmanaged wireless station detection unit 204 creates a list 151 indicating the correspondence between the received SSID and BSSID of the wireless LAN base station based on the identification information acquired by the wireless notification information acquisition unit 202. Then, the unmanaged wireless station detection unit 204 compares the transmission station list 150 managed by the wireless station information management unit 203 with the received wireless LAN base station list 151, and a false wireless LAN base for the identifier aaa to be confirmed. Check if there is a station. Then, the unmanaged wireless station detection unit 204 activates the launcher unit 205 by determining that the BLE transmission station 101z is a false BLE transmission station when the BSSID in the list 151 is not in the transmission station list 150. . In the example of FIG. 2, the unmanaged wireless station detection unit 204 determines that the wireless LAN base station 101z of BSSID = zz: zz: zz: zz: zz: zz in the received wireless LAN base station list 151 has the transmitting station list 150. Therefore, the wireless LAN base station 101z determines that there is a suspicion of a false wireless transmission station and activates the launcher unit 205.

  The launcher unit 205 notifies the administrator of the existence of a fake wireless LAN base station.

  In this way, even in the case of the wireless LAN system 100, the detection device 102 can detect a false wireless LAN base station and notify the administrator.

  Note that there is a multi-BSSID mechanism in which one wireless LAN base station uses multiple BSSIDs, but in this case there is a different wireless LAN base station for each BSSID (virtual wireless LAN base station). Good.

  FIG. 3 shows a configuration example of hardware and software of the detection device 102. Note that the detection device 102 shown in FIG. 3 is an example in the case of supporting the wireless LAN described in FIG. 2, and may be a dedicated device or a wireless device such as a smartphone.

  In FIG. 3, the wireless reception unit 201 is realized by an antenna that receives radio waves, an RF circuit that demodulates a radio frequency signal into a baseband signal, and the like. The wireless notification information acquisition unit 202 is a wireless LAN dedicated chip device that performs processing conforming to the communication standard of the wireless LAN and extracts the identification information included in the notification signal from the baseband signal output by the wireless reception unit 201. The wireless station information management unit 203, the unmanaged wireless station detection unit 204, the launcher unit 205, and the notification unit 206 are blocks realized by software processing by a program stored in advance in the CPU or the like. Here, the wireless station information management unit 203, the unmanaged wireless station detection unit 204, and the launcher unit 205 have the same functions as the blocks of the same reference numerals described in FIG. The notification unit 206 performs software processing for controlling the external interface 207 and is activated by the launcher unit 205. Then, the notification unit 206 notifies the external monitoring device or the like via the external interface 207 that a false wireless transmission station has been detected. The external interface 207 is, for example, a serial data communication circuit such as a USB (Universal Serial Bus), a wired / wireless network interface circuit, or a hardware circuit connected to a wireless communication network such as a mobile phone or a smartphone. The unmanaged wireless station detection unit 204 has a driver for controlling the wireless notification information acquisition unit 202 of the wireless LAN chip and for inputting / outputting data. Similarly, the notification unit 206 has a driver for controlling the external interface 207 and communicating with an external monitoring device or the like.

  Here, when the unmanaged wireless station detection unit 204 detects an unmanaged wireless transmission station, the launcher unit 205 and the notification unit 206 notify the outside of information indicating that an unmanaged wireless transmission station has been detected. May be integrated as a processing unit that executes the processing for.

  FIG. 4 shows a processing example of the detection program processed by the CPU described in FIG. The detection program shown in FIG. 4 corresponds to the processing of the wireless station information management unit 203, the unmanaged wireless station detection unit 204, the launcher unit 205, and the notification unit 206 shown in FIG.

  In FIG. 4, the CPU of the detection device 102 starts a detection program.

  In step S101, the unmanaged wireless station detection unit 204 acquires information (SSID, BSSID) of peripheral wireless LAN base stations from the wireless notification information acquisition unit 202.

  In step S102, the unmanaged wireless station detection unit 204 generates the list 151 shown in FIG. 2 in which the SSID and BSSID are associated with each other receivable peripheral wireless LAN base station. Then, the unmanaged wireless station detection unit 204 extracts the wireless LAN base station of the SSID to be confirmed. For example, the unmanaged wireless station detection unit 204 extracts the BSSID of the wireless LAN base station whose SSID corresponding to the store A is aaa from the list 151.

  In step S103, the unmanaged wireless station detection unit 204 compares the transmission station list 150 and the list 151 managed by the wireless station information management unit 203, and the BSSID of the wireless LAN base station extracted in step S102 is the transmission station list. Determine whether it is included in 150. Then, the unmanaged wireless station detection unit 204 proceeds to the process of step S104 when there is a BSSID not included in the transmitting station list 150 (Yes), and when there is no BSSID not included in the transmitting station list 150 (No) The process proceeds to step S106.

  In step S104, the unmanaged wireless station detection unit 204 determines that a false wireless LAN base station that has been installed illegally has been detected.

  In step S105, the unmanaged wireless station detection unit 204 activates the notification processing of the notification unit 206 by the launcher unit 205 illustrated in FIG. 3, and notifies the external monitoring device via the external interface 207, for example. The administrator who is notified via the monitoring device that a false wireless LAN base station installed illegally has been detected, calls attention to the user and starts work to eliminate the false wireless LAN base station. You can

  In step S106, the unmanaged wireless station detection unit 204 waits for the process for a preset time, returns to the process of step S101 after the set time elapses, and executes the same detection process.

In this way, the detection device 102 can detect a false wireless LAN base station that has been illegally installed and notify the outside.
[Example of speedup and simplification]
FIG. 5 shows an example of speeding up and simplifying the detection process of the wireless LAN system 100 described in FIG. Note that in FIG. 5, blocks having the same reference numerals as in FIG. 1 perform the same or similar processing as in FIG.

  In FIG. 5, what is different from FIG. 1 is the BSSID information stored in the transmitting station list 150 and the detection processing of the unmanaged wireless station detection unit 204. In the transmitting station list 150 shown in FIG. 5, the SSID aaa and the upper 6 characters of the BSSID are stored. In the BSSID, the upper 6 characters correspond to the vendor code part indicating the device manufacturer. Here, the regular wireless LAN base station installed by the service provider often uses the product of the same manufacturing company, and the fake wireless LAN base station is manufactured by a different manufacturing company from the regular wireless LAN base station. It is assumed that the SSID is forged using the device. In the case of FIG. 5, the regular wireless LAN base station 101a and the wireless LAN base station 101b are products of the same manufacturing company, and the vendor codes of the wireless LAN base station 101a and the wireless LAN base station 101b are both xx: xx: It is xx. On the other hand, the fake wireless LAN base station 101z is a product of a manufacturing company different from the regular wireless LAN base stations 101a and 101b, and the vendor code of the wireless LAN base station 101z is the vendor of the wireless LAN base stations 101a and 101b. Zz: zz: zz, which is different from the code.

  In FIG. 5, the unmanaged wireless station detection unit 204 creates a list 151 of received wireless LAN base stations in which the SSID and BSSID acquired by the wireless notification information acquisition unit 202 are associated with each other. Then, the unmanaged wireless station detection unit 204 compares the list 151 with the transmission station list 150 managed by the wireless station information management unit 203. At this time, the unmanaged wireless station detection unit 204 compares only the upper 6 characters of the BSSID in the list 151 with the 6 characters in the vendor code portion of the transmitting station list 150. In the example of FIG. 5, the upper 6 characters of the BSSID whose SSID in the list 151 corresponds to aaa are two types, xx: xx: xx and zz: zz: zz. On the other hand, in the transmitting station list 150, for example, a vendor code of xx: xx: xx is recorded, and there is no wireless LAN base station having a vendor code of zz: zz: zz. In this way, the unmanaged wireless station detection unit 204 compares the upper 6 characters of the BSSID in the list 151 with the vendor code in the transmitting station list 150, so that the BSSID is zz: zz: zz: zz: zz: zz. The wireless LAN base station can be determined to be a false wireless LAN base station. In the example of FIG. 5, since the unmanaged wireless station detection unit 204 compares only the vendor code portion, the search processing can be speeded up and simplified compared to the case of comparing the entire 12-character BSSID. Moreover, since the number of characters of the BSSID stored in the transmitting station list 150 is reduced to half, the storage capacity of the transmitting station list 150 can be reduced. In the embodiment described with reference to FIG. 5, when the broadcast signals of a large number of wireless LAN base stations are received, or a large number of wireless LAN base stations such as wireless LAN base stations in other areas are managed by one transmitting station list 150. It is especially effective when

2 to 5 described above show the case where the wireless system 100 shown in FIG. 1 is a wireless LAN system, the wireless system 100 may be a BLE system.
[For BLE]
FIG. 6 shows an example of the BLE system 100. Here, in FIG. 6, the wireless system 100 shown in FIG. 1 is a BLE system 100, the wireless transmission station 101a is a BLE transmission station 101a, the wireless transmission station 101b is a BLE transmission station 101b, and the wireless transmission station 101z is a BLE transmission station 101z. explain.

  In FIG. 6, the BLE transmission station 101a has a UUID of aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa, a Major / Minor of 111/111, and a MAC address of xx: xx: xx: xx: xx: xx. The BLE transmission station 101b has a UUID of aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa, a Major / Minor of 111/112, and a MAC address of yy: yy: yy: yy: yy: yy. The BLE transmitting station 101z has a UUID of aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa, a Major / Minor of 111/111, and a MAC address of zz: zz: zz: zz: zz: zz. It should be noted that, here, the case where the Major / Minor of the fake BLE transmitting station 101z is 111/111 is shown, but in this case, for example, in the system for estimating the position by determining the nearest BLE transmitting station by the received power, position estimation If an error occurs and different values are set for Major / Minor, incorrect information can be notified to the user.

  The detection device 102 has the same configuration as the detection device 102 shown in FIG. 1, but has a BLE function in the example of FIG.

  The wireless reception unit 201 has a wireless reception circuit that complies with the BLE standard, and periodically receives a notification signal (BLE beacon).

  The wireless notification information acquisition unit 202 acquires identification information (UUID, Major / Minor, MAC address, etc.) included in the notification signal received by the wireless reception unit 201.

  The wireless station information management unit 203 manages the transmitting station list 150 indicating the correspondence between the UUID, the Major / Minor, and the MAC address of a reliable and authentic BLE transmitting station.

  The unmanaged wireless station detection unit 204 creates a list 151 indicating the correspondence between the UUID, Major / Minor, and MAC address of the received BLE transmission station, based on the identification information acquired by the wireless notification information acquisition unit 202. Then, the unmanaged wireless station detection unit 204 compares the transmission station list 150 managed by the wireless station information management unit 203 with the received BLE transmission station list 151, and the false BLE for the UUID to be confirmed (for example, aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa). Check if there is a transmitting station. Then, the unmanaged wireless station detection unit 204 determines that the BLE transmission station 101z is a false BLE transmission station and activates the launcher unit 205 when the MAC address in the list 151 is not in the transmission station list 150. To do. In the example of FIG. 6, the unmanaged wireless station detection unit 204 determines that the BLE transmitting station 101z with the MAC address = zz: zz: zz: zz: zz: zz in the received 151 list of BLE transmitting stations is in the transmitting station list 150. Since there is none, the BLE transmitting station 101z determines that there is a suspicion of a fake BLE transmitting station, and activates the launcher unit 205.

  The launcher unit 205 activates a predetermined program (for example, a notification program) to notify the administrator of the presence of a fake BLE transmitting station.

In this way, even in the case of the BLE system 100, the detection device 102 can detect a fake BLE transmission station and notify the administrator.
[How to set sender station list 150]
FIG. 7 shows an example of a method of setting the transmitting station list 150 in the wireless station information management unit 203. Note that in FIG. 7, blocks having the same reference numerals as those in other drawings have the same or similar functions as those in other drawings.

  The detection device 102 shown in FIG. 7A has a hardware management unit 210 and an SD card slot 211 in addition to the blocks described in FIG. Then, the administrator stores the file of the transmitting station list 150 in which the identification information of the regular wireless transmitting station is recorded in the SD card 211a, and when the SD card 211a is attached to the SD card slot 211 of the detection device 102, For example, the hardware management unit 210 automatically recognizes the files of the transmitting station list 150 stored in the SD card 211a. Then, when the hardware management unit 210 recognizes that the files of the transmission station list 150 are stored in the SD card 211a, it reads the transmission station list 150 and sets it in the wireless station information management unit 203. Information such as version and creation date and time is added to the transmitting station list 150, and the hardware managing unit 210 sets the transmitting station list 150 stored in the SD card 211a in the wireless station information managing unit 203. When the transmission station list 150 is newer than the transmission station list 150, the transmission station list 150 may be set in the wireless station information management unit 203.

  The detection device 102 shown in FIG. 7B has an external interface 212 in addition to the blocks described in FIG. The external interface 212 is connected to a personal computer (PC) 213 via a serial cable or the like and can communicate with the PC 213. Then, the PC 213 can control the detection device 102, and the administrator wirelessly sends a file of the transmitting station list 150 in which the identification information of the authorized wireless transmitting station is recorded from the PC 213 via the serial cable and the external interface 212. It can be set in the station information management unit 203. Note that the program of the PC 213 automatically detects that the detection device 102 is connected, and the transmitting station list 150 stored in the PC 213 is more than the transmitting station list 150 set in the wireless station information management unit 203. When new, the above program may set the transmitting station list 150 in the wireless station information management unit 203.

  The detection device 102 illustrated in FIG. 7C includes a network interface 214 in addition to the blocks described in FIG. The network interface 214 is an interface circuit for connecting to a network (NW) 215 such as Ethernet (registered trademark) or wireless LAN, and is connected to the file server 216 via the NW 215. The administrator stores the file of the transmitting station list 150 in which the identification information of the authorized wireless transmitting station is recorded in the file server 216, and the file of the transmitting station list 150 is transmitted from the file server 216 via the NW 215 and the network interface 214. Is transmitted and the transmitting station list 150 is set in the wireless station information management unit 203. At this time, as in the case of FIGS. 7A and 7B, the transmitting station list 150 stored in the file server 216 is newer than the transmitting station list 150 set in the wireless station information management unit 203. In this case, the detection apparatus 102 may set the transmission station list 150 in the wireless station information management unit 203. The file server 216 may periodically update the transmitting station list 150 of the detecting device 102 with the latest information at a preset cycle. Accordingly, for example, even when a new wireless transmission station is added to the service area, the detection device 102 can prevent the added wireless transmission station from being erroneously detected as a false wireless transmission station.

In FIG. 7 (c), when the detection apparatus 102 requests the file server 216 for the transmission station list 150, the location information is acquired by notifying the location information of the apparatus itself acquired by, for example, GPS (Global Positioning System). It becomes possible to acquire an appropriate transmitting station list 150 according to the above.
(Second embodiment)
FIG. 8 shows an example of a wireless system 100 according to the second embodiment. In FIG. 8, blocks having the same reference numerals as those in FIG. 1 have the same or similar functions as those in FIG. The difference from FIG. 1 is that the wireless station information management unit 203 of the detection device 102 has information 150a on the number of reliable wireless transmission stations instead of the transmission station list 150. The information 150a indicates the number of reliable wireless transmission stations corresponding to the predetermined identifier. For example, it is assumed that the information 150a in FIG. 8 indicates that the number of reliable wireless transmission stations corresponding to the identifier aaa is two. Then, the unmanaged wireless station detection unit 204 determines that the number of wireless transmitting stations corresponding to the identifier to be confirmed in the received wireless transmitting station list 151 is greater than the reliable wireless transmitting station number information 150a (for example, When the wireless transmission station corresponding to the identifier aaa is 3 in the list 151), it is determined that a false wireless transmission station may exist, and the launcher unit 205 is activated. The launcher unit 205 notifies the external monitoring device (administrator) of the presence of a false wireless transmission station, as in the first embodiment.

  Here, the number of reliable wireless transmission stations corresponds to the number of hardware addresses when one wireless transmission station corresponds to multiple addresses having a plurality of HW addresses.

  As described above, in the wireless system 100 according to the second embodiment, it is assumed that the number of wireless transmitting stations installed in, for example, a building or a store is predetermined, and a third party intentionally falsifies the number. When the wireless transmission station is installed, the presence of a false wireless transmission station can be detected by utilizing the fact that the number of peripheral wireless transmission stations that can be received by the detection device 102 increases. As a result, the wireless station information management unit 203 does not have to manage the identification information in the transmitting station list 150 as in the first embodiment, but needs to manage only the number of reliable wireless transmitting stations.

In the above description, the number of wireless transmission stations installed in the service area is predetermined, but it is not limited to setting a fixed value as the number of wireless transmission stations in the information 150a. The number of wireless transmission stations observed in a preset period may be set as the reference number of wireless transmission stations in the information 150a. For example, if the detection device 102 detects more wireless transmission stations than the reference number of the information 150a at the time of measurement, it determines that a false wireless transmission station may have been installed and notifies the administrator. You may do it. This means that if, for example, only two wireless transmitter stations are continuously observed for several months, but suddenly three wireless transmitter stations are observed, a false wireless transmission is performed. This is because it can be determined that the station may have been installed. In this case, for example, a test period of several days is provided before the service is started, and the detection apparatus 102 automatically sets the number of wireless transmission stations observed stably and continuously during the test period as the reference value of the information 150a. To do. This eliminates the need for the administrator to manually set the number of wireless transmission stations of the information 150a in the detection device 102.
[For wireless LAN]
Next, a case where the wireless system 100 described in FIG. 8 is a wireless LAN will be described.

  FIG. 9 shows an example of the wireless LAN system 100 of the second embodiment. In FIG. 9, blocks having the same reference numerals as those in FIG. 2 have the same or similar functions as those in FIG. The difference from FIG. 2 is that the wireless station information management unit 203 of the detection apparatus 102 has information 150a on the number of reliable wireless LAN base stations instead of the transmission station list 150. Further, as described with reference to FIG. 8, the information 150a indicates the number of reliable wireless LAN base stations corresponding to the predetermined SSID. For example, the information 150a in FIG. 9 indicates that the number of reliable wireless LAN base stations corresponding to SSID: aaa is two.

  In FIG. 9, the unmanaged wireless station detection unit 204 determines that the number of wireless LAN base stations corresponding to the SSID to be confirmed in the received wireless transmission station list 151 is more reliable than the information 150a of the number of reliable wireless LAN base stations. When the number is large (for example, when the number of wireless LAN base stations corresponding to SSID: aaa is 3 in list 151), it is determined that there is a possibility that a false wireless LAN base station exists, and the launcher unit 205 is activated. The launcher unit 205 notifies the external monitoring device (administrator) of the presence of a false wireless LAN base station, as in the first embodiment.

  In the example of FIG. 9, the unmanaged wireless station detection unit 204 creates a list 151 indicating the correspondence between the received SSID and BSSID of the wireless LAN base station, based on the identification information acquired by the wireless notification information acquisition unit 202. . Then, the unmanaged wireless station detection unit 204 determines that the reliable wireless LAN base station number information 150a managed by the wireless station information management unit 203 and the SSID to be confirmed in the received wireless LAN base station list 151 are unique to aaa. Compare with the number of different BSSID. In the example of FIG. 9, the number “3” of unique BSSIDs for the identifier aaa to be confirmed in the list 151 is larger than the number “2” of reliable wireless LAN base stations stored in the information 150a. The detection unit 204 determines that there may be an unauthorized wireless LAN base station.

  If one wireless LAN base station uses the multi-BSSID mechanism that uses multiple BSSIDs, it is considered that there is an independent wireless LAN base station for each BSSID (virtual wireless LAN base station) and management is performed. The outside wireless station detection unit 204 compares the numbers of unique BSSIDs and determines whether there is an unauthorized wireless LAN base station.

  In this way, even in the case of the wireless LAN system 100, the detection device 102 detects a false wireless LAN base station by managing the number of BSSIDs of the wireless LAN base station, and notifies the administrator. You can

  FIG. 10 shows an example of a detection program that realizes the processing described in FIG. The processing of the detection program shown in FIG. 10 is executed by the same device as the detection device 102 described in FIG. 3 except that the information 150a is included instead of the transmission station list 150. Then, each processing illustrated in FIG. 10 corresponds to the processing of the wireless station information management unit 203, the unmanaged wireless station detection unit 204, the launcher unit 205, and the notification unit 206 which are executed by the CPU.

  In FIG. 10, the CPU of the detection device 102 starts a detection program.

  In step S201, the unmanaged wireless station detection unit 204 acquires information (SSID, BSSID) of peripheral wireless LAN base stations from the wireless notification information acquisition unit 202.

  In step S202, the unmanaged wireless station detection unit 204 creates a list 151 in which SSIDs and BSSIDs are associated with each other receivable peripheral wireless LAN base stations. Then, the unmanaged wireless station detection unit 204 extracts the wireless LAN base station of the SSID to be confirmed. For example, the unmanaged wireless station detection unit 204 counts the number of unique BSSIDs of the wireless LAN base station having the SSID aaa corresponding to the store A from the list 151.

  In step S203, the unmanaged wireless station detection unit 204 compares the preset number of reliable wireless LAN base stations managed by the wireless station information management unit 203 with the number of BSSIDs in the observed list 151, It is determined whether or not the number of BSSIDs of the wireless LAN base station extracted in step S202 is larger than the preset number of wireless LAN base stations. Then, if the number of BSSIDs of the wireless LAN base station extracted in step S202 is larger than the number of preset wireless LAN base stations (Yes), the process proceeds to step S204, and if the number is small (No), the step S206 is performed. Go to processing.

  In step S204, the unmanaged wireless station detection unit 204 determines that a false wireless LAN base station that has been installed illegally has been detected.

  In step S205, the unmanaged wireless station detection unit 204 activates the notification process by the launcher unit 205 and notifies the external monitoring device.

  In step S206, the unmanaged wireless station detection unit 204 waits for the process for a preset time, returns to the process of step S201 after the set time elapses, and executes the same detection process.

In this way, the detection device 102 can detect a false wireless LAN base station that has been illegally installed and notify the outside.
[How to set the number of reliable wireless transmission stations]
FIG. 11 shows an example of a method for setting the information 150a on the number of reliable wireless transmission stations in the wireless station information management unit 203 described in FIG. In FIG. 11, blocks having the same reference numerals as those in FIG. 9 have the same or similar functions as those in FIG. In addition, in FIG. 11, among the blocks of the detection device 102 described in FIG. 9, blocks that are not related to the setting of the information 150a of the number of reliable wireless transmission stations are omitted.

  The detection device 102 illustrated in FIG. 11A includes a hardware management unit 301 and a liquid crystal display 302 in addition to the blocks described in FIG. 9. The liquid crystal display 302 has, for example, a touch panel function, and has numeric keys 0 to 9 displayed on the screen of the liquid crystal display 302, a backspace (BS) key, and an Enter key. Then, the administrator inputs the number of legitimate wireless transmission stations (HW addresses) with the ten keys and confirms it with the Enter button. If you make a mistake, use the BS key to delete and re-enter. The input information is set in the wireless station information management unit 203 via the hardware management unit 301.

The detection device 102 illustrated in FIG. 11B includes a hardware management unit 301 and a BlueTooth (registered trademark) unit 303 in addition to the blocks described in FIG. 9. The BlueTooth unit 303 can communicate with the smartphone 304 by short-range wireless communication. On the other hand, the smartphone 304 executes an application for setting the number of regular wireless LAN base stations in the wireless station information management unit 203. This application displays on the smartphone 304 a screen that provides the same function as the liquid crystal display 302 of FIG. Then, the administrator operates the ten keys 0 to 9 displayed on the screen of the smartphone 304, the BS key, and the Enter key to determine the number of authorized wireless transmission stations (HW addresses) in the hardware management unit. It is input via 301 and set in the wireless station information management unit 203.
(Third Embodiment)
In this embodiment, an example of automatically generating the transmitting station list 150 will be described. In the first embodiment, the transmitting station list 150 managed by the wireless station information management unit 203 is externally set in the detecting device 102 in advance, but the detecting device automatically generates the transmitting station list 150. You may do it.

  FIG. 12 shows an example of the detection device 102a that automatically generates the transmission station list 150. Note that, in FIG. 12, blocks having the same reference numerals as those in the other figures have the same or similar functions as those in the other figures. The detection device 102a shown in FIG. 12 is different from the detection devices 102 in the other figures in that it has a transmission station list generation unit 220.

  The transmission station list generation unit 220 generates the transmission station list 150 based on the identification information acquired by the wireless notification information acquisition unit 202, and sets the generated transmission station list 150 in the wireless station information management unit 203.

  In this way, the detection device 102a can automatically generate the transmission station list 150. Here, in the description of FIG. 12, the transmission station list generation unit 220 is an independent block for easy understanding, but the function of the transmission station list generation unit 220 is performed by the wireless station information management unit 203. Good.

  FIG. 13 shows an example of applying the detection device 102a shown in FIG. 12 to the wireless LAN system 100 described with reference to FIG. The detection device 102a illustrated in FIG. 13 includes an operation button 221, a hardware management unit 222, and a timer unit 223 in addition to the transmission station list generation unit 220 of the detection device 102a described in FIG.

  Here, as preparation for automatically creating the transmitting station list 150 by the detection device 102a, the administrator goes to the site (service area) where the detection device 102a is installed and observes the surrounding wireless LAN environment. By using a device (a measuring device different from the detecting device 102a of the present embodiment), the information of the wireless LAN base stations existing in the vicinity is confirmed. It is assumed that the administrator knows in advance the information on the SSID and BSSID of the wireless LAN base station installed in the service area. Then, the administrator reads the SSID and BSSID from the broadcast signal of the peripheral wireless LAN base station that can be received by the dedicated measuring device. In addition, the administrator, of the wireless LAN base stations read by the dedicated measurement device, the wireless LAN base station BSSID of the wireless LAN base station corresponding to the SSID monitored by the detection device 102a is installed in the service area. Make sure that there is no unexpected BSSID that matches the BSSID of the station. That is, the administrator confirms that no fake wireless LAN base station is installed.

  Then, when the administrator who confirms that the fake wireless LAN base station is not installed presses the operation button 221 of the detection device 102a, the timer unit 223 is activated via the hardware management unit 222, and the timer unit 223 is activated. The wireless reception unit 201, the wireless notification information acquisition unit 202, the transmission station list generation unit 220, and the wireless station information management unit 203 operate for a predetermined time set in advance. Then, the transmission station list generation unit 220 generates a list 151 of SSIDs and BSSIDs of peripheral wireless LAN base stations collected during a fixed time. Then, the BSSID corresponding to the SSID to be monitored is extracted from the list 151 generated by the transmission station list generation unit 220 and set in the wireless station information management unit 203 as the transmission station list 150. Here, it is assumed that the SSID to be monitored is preset in the wireless station information management unit 203. Alternatively, the function of the operation button 221 may be expanded so that the SSID to be monitored can be set. In the example of FIG. 13, the received wireless LAN base station list 151 has BSSIDs xx: xx: xx: xx: xx: xx, yy: yy: yy: yy: yy: yy, zz corresponding to SSID aaa. There are five types:: zz: zz: zz: zz: zz, vv: vv: vv: vv: vv: vv, and ww: ww: ww: ww: ww: ww. The transmission station list 150 in which the BSSID is recorded is generated and set in the wireless station information management unit 203.

In this way, the detection device 102a can automatically generate the transmission station list 150.
(Fourth Embodiment)
FIG. 14 shows an example of the process activated by the launcher unit 205. Note that FIG. 14A shows a diagram corresponding to FIG. 3, and the launcher unit 205 activates the notification unit 206 so that the presence of a false wireless transmission station in the external monitoring device via the external interface 207. Notify you of suspicion. In the example of FIG. 14B, the launcher unit 205 activates another software 230 and performs processing such as sounding an alarm.

  FIG. 15 shows an example of a notification method when a false wireless transmission station is detected. Note that, in FIG. 15, the launcher unit 205 and the notification unit 206 have the same or similar functions as the blocks having the same reference numerals as those in the other figures. Further, in FIG. 15, blocks such as the wireless reception unit 201, the wireless notification information acquisition unit 202, the wireless station information management unit 203, and the unmanaged wireless station detection unit 204 are omitted.

  The detection device 102 illustrated in FIG. 15A includes a hardware management unit 241, a speaker 242, and an LED 243. The hardware management unit 241 has a function of converting a command from the notification unit 206 into an electric signal, and outputs an alarm sound from the speaker 242 and lights the LED 243. In the example of FIG. 15A, when a false wireless transmission station is detected, the launcher unit 205 operates and the notification unit 206 is activated, and the notification unit 206 causes the speaker 242 via the hardware management unit 241. A warning sound is emitted from the LED, and the LED 243 is blinked to notify the administrator and the surroundings that the presence of a false wireless transmission station is suspected. Also, the above describes an example in which the detection device is a dedicated device, but if the detection device is a smartphone terminal, false alarms can be generated by issuing an alarm sound from the speaker attached to the main body or issuing a warning message on the liquid crystal display. The administrator and others may be notified that the existence of the wireless transmission station of is suspected.

  The detection device 102 shown in FIG. 15B has a network interface 244 and an emergency warning light 245. The network interface 244 has a function of transmitting a command from the notification unit 206 via a medium such as Ethernet using TCP / IP. For example, an emergency warning light 245 installed at a place distant from the detection device 102 is used. Turn on the light. In the example of FIG. 15B, when a fake wireless transmission station is detected, the launcher unit 205 operates to activate the notification unit 206, and the notification unit 206 causes the emergency warning light 245 via the network interface 244. Turn on to notify the administrator and others that the presence of a fake wireless transmission station is suspected. The difference from FIG. 15A is that the emergency warning light 245 can be installed in a place distant from the detection device 102 that needs to be installed in the service providing place. It is possible to notify that the presence of the wireless transmission station is suspected.

  The detection device 102 shown in FIG. 15C has a function of transmitting an electronic mail to the mail server 247 connected via the network interface 244 and the NW 246. The network interface 244 has a function of connecting to the NW 246 by Ethernet or the like, as in FIG. 15B. In the example of FIG. 15C, when a false wireless transmission station is detected, the launcher unit 205 operates and the notification unit 206 is activated, and the notification unit 206 transmits the false information via the network interface 244 and the NW 246. The electronic mail indicating that the existence of the wireless transmission station is suspected is transmitted to the mail server 247. The mail server may be prepared by an administrator or provided by an existing Internet service provider as a service.

In addition, in FIG. 15C, when the detection device 102 sends an e-mail to the mail server 247, the presence of a false wireless transmission station is suspected by adding the position information of the self device acquired by, for example, GPS. It becomes possible to specify the place to be visited.
(Fifth Embodiment)
In the present embodiment, a method of detecting the installation location of a fake wireless transmission station will be described.

  FIG. 16 shows an example of a detection device 102b that estimates the installation direction of a false wireless transmission station. Note that, in FIG. 16, blocks having the same reference numerals as those in other drawings have the same or similar functions as those in other drawings.

  In FIG. 16, the detection device 102b includes a wireless reception unit 201 (1), a wireless reception unit 201 (2), a wireless reception unit 201 (N), a wireless notification information acquisition unit 202 (1), and a wireless notification information acquisition unit 202 ( 2), the wireless broadcast information acquisition unit 202 (N), the wireless station information management unit 203, the unmanaged wireless station detection unit 204, and the launcher unit 205. Here, N is a positive integer of 2 or more.

  In the detection device 102b, the wireless reception units 201 (1) to 201 (N) are RF circuits each having the same function as the wireless reception unit 201 described in FIG. 1 and the like. Further, each of the wireless notification information acquisition unit 202 (1) to the wireless notification information acquisition unit 202 (N) is a wireless LAN chip having the same function as the wireless notification information acquisition unit 202 described with reference to FIG.

  In FIG. 16, the wireless reception units 201 (1) to 201 (N) are equipped with, for example, directional antennas, have different reception directions, and receive signal strength indicators (RSSI (Received Signal Strength Indicator) )) Is measured. Then, the value of the RSSI measured by the wireless reception unit 201 (1) to the wireless reception unit 201 (N) is an unmanaged wireless via the wireless notification information acquisition unit 202 (1) via the wireless notification information acquisition unit 202 (N). It is output to the station detection unit 204, respectively. Here, the receiving direction of the wireless receiving unit 201 (1) is the direction (1), the receiving direction of the wireless receiving unit 201 (2) is the direction (2), and the receiving direction of the wireless receiving unit 201 (N) is the direction (N). And

  For example, in the case of FIG. 16, with respect to the detection device 102b, the direction in which the regular wireless LAN base station 101a is installed, the direction in which the regular wireless LAN base station 101b is installed, and the false wireless LAN base station. The direction in which 101z is installed is different. Therefore, in the wireless reception unit 201 (1), the RSSI of the broadcast signal of the wireless LAN base station 101a, the RSSI of the broadcast signal of the wireless LAN base station 101b, and the RSSI of the broadcast signal of the wireless LAN base station 101z are different from each other. . Similarly, in the wireless reception unit 201 (2) and the wireless reception unit 201 (N), the RSSI of the broadcast signal of the wireless LAN base station 101a, the RSSI of the broadcast signal of the wireless LAN base station 101b, and the wireless LAN base station 101z. Are different from the RSSI of the broadcast signal.

  In the example of the received list 151b of wireless LAN base stations shown in FIG. 16, not only the SSID and BSSID information of the list 151 described in FIG. 1, but also the reception direction and RSSI information is added. Here, in the example of the list 151b, the reception directions are described by the numbers (1) to (N) of the wireless reception units 201 (1) to 201 (N). For example, in the list 151b, the RSSI of the wireless LAN base station 101a in the receiving direction (1) is -65 dBm, the RSSI of the wireless LAN base station 101b in the receiving direction (1) is -60 dBm, the wireless LAN base station in the receiving direction (1) The RSSI of 101z is -70 dBm. Similarly, in the list 151b, the RSSI of the wireless LAN base station 101a in the receiving direction (N) is -70 dBm, the RSSI of the wireless LAN base station 101b in the receiving direction (N) is -65 dBm, the wireless LAN base in the receiving direction (N). The RSSI of station 101z is -60 dBm.

  The unmanaged wireless station detection unit 204 creates the list 151b and compares the transmission station list 150 of the wireless station information management unit 203 with the list 151b as described with reference to FIG. It can be determined that 101z is highly likely to be a fake wireless LAN base station. Further, in the case of the detection device 102b shown in FIG. 16, the reception direction in which the RSSI of the notification signal of the false wireless LAN base station 101z is the strongest is determined, and the false wireless LAN base station 101z is detected in the reception direction in which the RSSI is the strongest. It is highly likely that it is installed. In the example of the list 151b, since the RSSI of the broadcast signal of the wireless LAN base station 101z is higher in the receiving direction (N) than in the receiving direction (1), the unmanaged wireless station detection unit 204 selects the receiving direction (N). It is highly possible that a false wireless LAN base station 101z is installed in the direction.

  Note that the unmanaged wireless station detection unit 204, which has detected that there is a suspicion that a fake wireless LAN base station exists, operates the launcher unit 205 as in the other embodiment to notify the administrator or the like. At this time, information about the direction in which the fake wireless LAN base station 101z is installed may be notified.

  FIG. 17 shows a specific example of the detection device 102b described with reference to FIG. In FIG. 17, the detection device 102b has a cylindrical housing composed of a main body 102b-1, a directional antenna 102b-2, and an LED 102b-3.

  The main body 102b-1 stores the blocks of the detection device 102b illustrated in FIG. 16, and further includes a hardware management unit 251, a BT (BlueTooth) unit 252, and a power button 253. The hardware management unit 251 has a circuit for connecting hardware in the detection device 102b, and performs lighting of the LED 102b-3, control of the BT unit 252, detection of pressing of the power button 253, and the like. The BT unit 252 has a communication circuit compliant with the BlueTooth standard and can communicate with the control terminal 254. The power button 253 is an operation button for activating the detection device 102b. The connection process of BlueTooth may be a specific operation such as pressing and holding the power button 253, or a separate button for connection may be prepared.

  The directional antenna 102b-2 includes directional antennas 102b-2 (1) to directional antennas 102b-2 (1) corresponding to the wireless reception units 201 (1) to 201 (N) shown in FIG. N) and in the present embodiment, they are arranged at equal intervals around a cylindrical housing. Therefore, the receiving directions of the directional antenna 102b-2 (1) to the directional antenna 102b-2 (N) are different from each other.

  LED102b-3 has LEDs 102b-3 (1) to LED102b-3 (N) corresponding to the directional antennas 102b-2 (1) to directional antennas 102b-2 (N), respectively, and has a cylindrical casing. The directional antennas 102b-2 (1) arranged around the body to the directional antennas 102b-2 (N) (numbers (1 to N)) are attached in correspondence with each other. In the present embodiment, the colors of the LEDs 102b-3 (1) to LED102b-3 (N) are colors corresponding to the RSSIs in the corresponding pointing directions (strong RSSI: red, medium RSSI: yellow, RSSI Is weak: blue, etc.), or it may be distinguished only by turning on and off.

  The list 151b shown in FIG. 17 shows the same contents as the list 151b shown in FIG. 16, and in the example of FIG. 17, notification received by the directional antenna 102b-2 (1) of the wireless reception unit 201 (1) The information of the signal and the information of the notification signal received by the directional antenna 102b-2 (4) of the wireless reception unit 201 (4) are shown. Then, since the false wireless LAN base station 101z is transmitting the notification signal from the direction of the directional antenna 102b-2 (4), the false wireless LAN base station received by the directional antenna 102b-2 (1). The RSSI (-60 dBm) of the notification signal of the false wireless LAN base station 101z received by the directional antenna 102b-2 (4) is higher than the RSSI (-70 dBm) of the notification signal of 101z.

  In this way, the detection device 102b determines that the fake wireless LAN base station 101z is arranged in the reception direction (4), and supports the reception direction (4) via the hardware management unit 251. Turn on or blink the LED 102b-3 (4) above the directional antenna 102b-2 (4) to notify the administrator of the direction in which a false wireless LAN base station 101z is likely to be installed. it can.

  FIG. 18 shows a detection device 102c which is a modification of the detection device 102b shown in FIG. In the detection apparatus 102b illustrated in FIG. 16, the wireless notification information acquisition unit 202 (1) to the wireless notification information acquisition unit 202 (N) are provided for each of the wireless reception unit 201 (1) to the wireless reception unit 201 (N). Although provided, the detection device 102c shown in FIG. 18 is provided with one radio notification information acquisition unit 202c for the radio reception unit 201 (1) to the radio reception unit 201 (N).

  In FIG. 18, the wireless broadcast information acquisition unit 202c does not manage the identification information and RSSI for each broadcast signal received by the wireless reception unit 201 (1) from the wireless reception unit 201 (1) for each number of the wireless reception unit 201. Output to the wireless station detection unit 204. The unmanaged wireless station detection unit 204, based on the identification information (SSID, BSSID) for each number of the wireless reception unit 201 output from the wireless notification information acquisition unit 202c and the RSSI, the list shown in FIG. 16 or FIG. 151b is generated, the false wireless LAN base station 101z is detected by comparing with the transmitting station list 150 of the wireless station information management unit 203, and the direction in which the wireless LAN base station 101z is likely to be installed is detected. Can inform the administrator.

Note that the detection device 102b (or the detection device 102c) described in the present embodiment is not only for detecting the installation direction of the false wireless LAN base station 101z, but also for specifying a condition from the control terminal 254, for example It is also possible to use the BSSID as a search key to search for wireless transmission stations.
(Sixth Embodiment)
In this embodiment, a case where there are a plurality of monitoring target areas will be described.

  FIG. 19 shows an example when there are a plurality of monitoring target areas. In the example of FIG. 19, the wide area 401 has three monitoring target areas: a monitoring target area 402A, a monitoring target area 402B, and a monitoring target area 402C.

  In the monitored area 402A, three wireless transmission stations, that is, a wireless transmission station 101A-1, a wireless transmission station 101A-2 and a wireless transmission station 101A-3, and a detection device 102A are arranged. Similarly, in the monitored area 402B, three wireless transmitting stations 101B-1, 101B-2 and 101B-3, and a detection device 102B are arranged, and the monitored area 402C is provided. The wireless transmission station 101C-1, the wireless transmission station 101C-2, and the wireless transmission station 101C-3, and the detection device 102C are arranged in this area. The detection device 102A, the detection device 102B, and the detection device 102C have the same functions as the detection devices of the other embodiments, and also have the function of measuring the RSSI of the notification signal. For example, the detection device 102A manages the regular transmission station list in the monitored area 402A, compares it with the received list of wireless transmission stations, and detects a false wireless transmission station. Similarly, the detection device 102B manages the regular transmission station list in the monitored area 402B, the detection device 102C manages the regular transmission station list in the monitored area 402C, and a list of wireless transmission stations received respectively. To detect fake wireless transmitter stations.

  However, as shown in the example of FIG. 19, a problem occurs when the identifiers of the wireless transmission stations installed in each of the monitoring target area 402A, the monitoring target area 402B, and the monitoring target area 402C are the same aaa. For example, if the detection device 102A can receive a notification signal transmitted from the wireless transmission station 101B-1 of the monitoring target area 402B other than the monitoring target area 402A of the own device and the wireless transmission station 101A-1 of the monitoring target area 402C, If all the wireless transmission stations that can receive the notification signal are to be determined, the regular wireless transmission stations 101B-1 and 101C-1 other than the monitored area 402A will be detected as false wireless transmission stations.

  Therefore, the detection device 102A has a function of measuring the RSSI for each broadcast signal, so as not to detect a wireless transmission station that transmits an RSSI broadcast signal lower than a preset RSSI threshold value as a false wireless transmission station. Operate.

  In this way, the detection apparatus 102A shown in FIG. 19 can prevent erroneous detection of a legitimate wireless transmission station in a different monitored area in which the same identifier is set as a false wireless transmission station.

  FIG. 20 shows an example of application of the detection device 102A described in FIG. 19 to a wireless LAN. In FIG. 20, the detection device 102A performs a process of detecting the presence of a false wireless LAN base station in the monitored area 402A. In the example of FIG. 20, the wireless LAN base station 101a, the wireless LAN base station 101b, and the wireless LAN base station 101c are installed in the monitoring target area 402A, and the wireless LAN base station 101d and the wireless LAN base station 101e are outside the monitoring target area 402A. Shall be installed in the wide area 401 of. Further, the detection device 102A can receive a notification signal transmitted by the wireless LAN base station 101d and the wireless LAN base station 101e installed outside the monitored area 402A. For this reason, the detection device 102A sets the same SSID (aaa) as that of the wireless LAN base station 101a, the wireless LAN base station 101b, and the wireless LAN base station 101c when all the wireless LAN base stations capable of receiving the notification signal are the determination targets. The detected authorized wireless LAN base station 101d and wireless LAN base station 101e are detected as false wireless LAN base stations. Therefore, in the detection device 102A, a wireless LAN base station whose RSSI measured by the wireless reception unit 201 is lower than a predetermined RSSI threshold is excluded from the determination target.

  In the example of FIG. 20, the RSSI threshold value is set in the transmitting station list 150A of the wireless station information management unit 203. The unmanaged wireless station detection unit 204 also creates a list 151A of wireless transmission stations received by the identification information (SSID, BSSID) acquired by the wireless notification information acquisition unit 202 and the RSSI measured by the wireless reception unit 201. Then, the unmanaged wireless station detection unit 204 compares the list 151A with the transmitting station list 150A and detects a false wireless LAN base station. In the example of the list 151A illustrated in FIG. 20, the unmanaged wireless station detection unit 204 includes the wireless LAN base station 101d whose BSSID is vv: vv: vv: vv: vv: vv and the BSSID is ww: ww: ww: ww. The wireless LAN base station 101e of: ww: ww is a candidate suspected of being a false wireless LAN base station. Here, since the RSSI threshold value (Threshold) of the transmitting station list 150A is −75 dBm, the unmanaged wireless station detection unit 204 excludes the wireless LAN base station whose RSSI is lower than −75 dBm from the determination target. Therefore, in the example of FIG. 20, the wireless LAN base station 101d with BSSID vv: vv: vv: vv: vv: vv has an RSSI of -80 dBm and a BSSID of ww: ww: ww: ww: ww: ww. Since the RSSI of the base station 101e is -85 dBm and both are lower than the RSSI threshold value (-75 dBm), the unmanaged wireless station detection unit 204 sets the wireless LAN base station 101d and the wireless LAN base station 101e to a false wireless LAN base station. It is judged that it is not the target of judgment.

  In this way, the detection apparatus 102A shown in FIG. 20 is configured to have the same identifier, and may mistakenly detect a regular wireless LAN base station installed outside the monitored area as a false wireless LAN base station. It can be prevented.

If a false wireless LAN base station exists below the threshold, the detection device 102A does not perform detection, but the user's terminal is generally considered to connect to a regular base station having a strong RSSI.
(Seventh embodiment)
In the present embodiment, a method of detecting a wireless transmission station whose HW address is spoofed will be described.

  FIG. 21 shows an example of a method for detecting a wireless transmission station in which the HW address is spoofed. The detection device 102d shown in FIG. 21 can detect a wireless transmission station whose HW address is spoofed. Note that, in FIG. 21, blocks having the same reference numerals as those in the other drawings have the same or similar functions as those in the other drawings.

  In FIG. 21, the identifier of the authorized wireless transmission station 101a is aaa, and the HW address is xx: xx: xx: xx: xx: xx. Similarly, the identifier of the authorized wireless transmission station 101b is aaa, and the HW address is yy: yy: yy: yy: yy: yy. On the other hand, the identifier of the fake wireless transmission station 101z is aaa and the HW address is xx: xx: xx: xx: xx: xx, and the same identifier and HW address as those of the legitimate wireless transmission station 101a are set. For this reason, it is difficult to detect that the wireless transmission station 101z is a false wireless transmission station by the method of determining by the HW address like the detection device 102 described in FIG. 2 and the like.

  Therefore, the detection device 102d illustrated in FIG. 21 includes the broadcast information analysis unit 261 in order to detect a wireless transmission station whose HW address is spoofed.

  The notification information analysis unit 261 analyzes the reception interval and the reception power difference of the notification signal received by the wireless reception unit 201 via the wireless notification information acquisition unit 202, and detects the notification signal transmitted by the false wireless transmission station. It is determined whether there is a suspicion, and the analysis result is output to the unmanaged wireless station detection unit 204. Here, in the description of FIG. 21, the broadcast information analysis unit 261 is described as an independent block for easy understanding of the description, but the function of the broadcast information analysis unit 261 is performed by the unmanaged wireless station detection unit 204. Good.

  Next, an analysis example of the notification information analysis unit 261 will be described.

  FIG. 22 shows an example of transmission intervals of a notification signal (beacon) in the case of wireless LAN. In FIG. 22, the horizontal axis represents time, and an example of transmission of beacons from the regular wireless LAN base station 101a and the false wireless LAN base station 101z is shown.

  In FIG. 22, the regular wireless LAN base station 101a transmits a beacon BE1 at time t1, a beacon BE3 at time t3, and a beacon BE5 at time t5. On the other hand, the wireless LAN base station 101z disguised as the BSSID transmits a beacon BE2 at time t2, a beacon BE4 at time t4, and a beacon BE6 at time t6. In this way, each beacon is transmitted at regular time intervals. However, the detection device 102d receives a beacon BE1, a beacon BE2, a beacon BE3, a beacon BE4, a beacon BE5 and a beacon BE6 in the same wireless LAN channel from the wireless LAN base station of the same HW address, but the beacon period ( Since the reception intervals are non-uniform, the broadcast information analysis unit 261 determines that a false wireless LAN base station may exist. T1 and T2 in the figure show the situation of non-uniform reception cycle.

  Alternatively, the beacon frame has an information element that stores beacon interval information, but if the beacon interval stored in the information element of the received beacon frame and the reception interval of the beacon that is actually received do not match, broadcast information analysis The unit 261 determines that a false wireless LAN base station may exist.

  Further, the RSSI of the beacon received from the same wireless LAN base station should be almost the same value, but as shown in FIG. 22, the RSSI of the beacon transmitted from the regular wireless LAN base station 101a and the false wireless It is different from the RSSI of the beacon transmitted from the LAN base station 101z. Therefore, if the beacons having the same BSSID but different RSSIs are mixed and received, the broadcast information analysis unit 261 determines that a false wireless LAN base station may exist. Similar analysis can be performed by using the ProbeResponse signal used in the wireless LAN standard instead of the beacon. Thereby, the detection device 102d shown in FIG. 21 can also discriminate a fake wireless transmission station to which the same HW address (BSSID in wireless LAN) is assigned.

  FIG. 23 shows an example of a method for detecting a false wireless transmission station based on the difference in information elements. This method is effective not only for detecting the wireless transmission station whose HW address is spoofed but also for detecting the wireless transmission station whose HW address is not spoofed. FIG. 23A shows the notification signal of the regular wireless transmission station 101a, FIG. 23B shows the notification signal of the regular wireless transmission station 101b, and FIG. 23C shows the notification signal of the fake wireless transmission station 101z. Indicates an information element, and information elements A to F are composed of the same information element.

  Since it is assumed that there are many cases where the same model of the same manufacturer is used in the area where the same service is provided, as shown in FIGS. 23A and 23B, the information elements of the notification signal are similar. Probability is high.

  On the other hand, since the configuration and contents of the information element of the notification signal depend on the wireless hardware (chipset), driver, etc., it is difficult for a third party to edit the information element on its own, and fake wireless transmission When a station is created, information elements are different as shown in FIGS. 23B and 23C unless the same model and the same firmware version of the same manufacturer as the regular wireless transmission station are prepared. Here, as an example of the difference in the information elements, even the same information element has different information lengths and contents, different information elements are used, device vendor-specific information elements (for example, model number information is described) Are different, and the order of arrangement of information elements may be different.

In this way, it is possible to detect a fake wireless transmission station by analyzing the difference in information elements. For example, the notification information analysis unit 261 illustrated in FIG. 21 has a function of comparing and analyzing the configurations and contents of the information elements included in the notification signal, and a notification signal having a different configuration or contents of the information elements is analyzed from the analysis result. In some cases, it is determined that there is a suspicion that a fake wireless transmission station exists. Thereby, the detection device 102d shown in FIG. 21 can also discriminate a fake wireless transmission station to which the same HW address (BSSID in wireless LAN) is assigned. In the case of wireless LAN, the same process can be performed by using the ProbeResponse signal instead of the beacon.
(Eighth Embodiment)
FIG. 24 shows an example of a method of recording information on an undetected wireless transmission station. Note that in FIG. 24, blocks having the same reference numerals as those in other drawings have the same or similar functions as those in other drawings.

  In the example of FIG. 24, the detection device 102e receives the notification signals transmitted from the authorized wireless transmission station 101a and the authorized wireless transmission station 101b.

  The detection device 102e includes a wireless reception unit 201, a wireless notification information acquisition unit 202, a wireless station information management unit 203, an unmanaged wireless station detection unit 204, and a launcher unit 205, similar to the detection device 102 illustrated in FIG. 1, for example. Further, an undetected wireless station recording unit 271 is provided between the unmanaged wireless station detection unit 204 and the launcher unit 205.

  The undetected wireless station recording unit 271 has a list 272 for recording information of undetected wireless transmission stations, and a counter 273 for counting the number of times each wireless transmission station is not detected. Then, the undetected wireless station recording unit 271 compares the wireless transmission station list 151 created by the unmanaged wireless station detection unit 204 with the transmitting station list 150 managed by the wireless station information management unit 203, and transmits the transmitting station. It is determined whether or not the wireless transmission station on the list 150 is on the list 151. Further, the undetected wireless station recording unit 271 determines that there is an undetected wireless transmitting station when the wireless transmitting station in the transmitting station list 150 is not in the list 151, and determines information about the undetected wireless transmitting station (identifier). , HW address, etc.) are recorded in the list 272, and the number of times of non-detection is counted by the counter 273. It should be noted that the processing for checking the presence or absence of an undetected wireless transmission station is periodically performed at a predetermined time interval. Further, the undetected wireless station recording unit 271, for example, when there is a wireless transmission station that has been determined to be undetected consecutively a predetermined number of times, a software or circuit preset by the launcher unit 205. It starts up and notifies the administrator of the identification information of the wireless transmission station that has not been detected. In the example of the list 151 shown in FIG. 24, a wireless transmission station having an HW address of xx: xx: xx: xx: xx: xx and a wireless transmission station having an HW address of yy: yy: yy: yy: yy: yy. From the wireless transmission station whose HW address set in the transmission station list 150 is zz: zz: zz: zz: zz: zz is not received. In this case, the undetected wireless station recording unit 271 determines that the wireless transmission station whose HW address is zz: zz: zz: zz: zz: zz: zz has not been detected.

  In this way, the detection apparatus 102e shown in FIG. 24 can determine whether or not there is an undetected wireless transmission station that has not received the notification signal among the wireless transmission stations set in the transmission station list 150. . Thereby, the administrator can quickly start repair work or replacement work of the wireless transmission station, for example, judging that the authorized wireless transmission station may be broken or stolen.

Here, in FIG. 24, the undetected wireless station recording unit 271 is described as an independent block for easy understanding of the description, but the unmanaged wireless station detection unit 204 performs the function of the undetected wireless station recording unit 271. You may
(9th Embodiment)
FIG. 25 shows an example in which the processing of the wireless station information management unit 203 and the unmanaged wireless station detection unit 204 described in FIG. 1 and the like is performed by an external device.

  In the example of FIG. 25, the detection device 102f receives notification signals transmitted from the wireless transmission station 101a, the wireless transmission station 101b, the wireless transmission station 101c, and the wireless transmission station 101d in the neighborhood area 403. Here, the wireless transmission station 101a has an identifier of aaa and an HW address of xx: xx: xx: xx: xx: xx, and the wireless transmission station 101b has an identifier of aaa and an HW address of yy: yy: yy: yy: yy: yy. , The wireless transmission station 101c has the identifier aaa and the HW address is zz: zz: zz: zz: zz: zz, and the wireless transmission station 101d has the identifier bbb and the HW address is vv: vv: vv: vv: vv: vv .

  In FIG. 25, the detection device 102f includes a wireless reception unit 201, a wireless notification information acquisition unit 202, a remote management unit (on the detection device side) 281, and a wireless communication unit 282. Here, blocks having the same reference numerals as those in other drawings have the same or similar functions as those in other drawings.

  The remote management unit (detection device side) 281 monitors the notification signal that the wireless reception unit 201 and the wireless notification information acquisition unit 202 acquire from each wireless transmission station, and identifies the wireless transmission station identification information (identifier and HW address). collect. Then, the remote management unit (detection device side) 281 transmits the transmission data 161 including the collected identification information of the wireless transmission station and the information related to the individual identifier or the installation position of the detection device 102f to the aggregation device 110.

  The aggregation device 110 includes a wireless station information management unit 203, an unmanaged wireless station detection unit 204, a launcher unit 205, and a remote management unit (aggregation device side) 284. Here, a block having the same reference numeral as that of the detection device 102 shown in FIG. 1 has the same or similar function as the detection device 102.

  The remote management unit (aggregation device side) 284 receives the transmission data 161 from the detection device 102f via the communication network 283 and outputs it to the unmanaged wireless station detection unit 204. Then, the unmanaged wireless station detection unit 204 operates in the same manner as the unmanaged wireless station detection unit 204 described in FIG. 1, and the identification information of the wireless transmission station collected by the detection device 102f included in the transmission data 161 and the wireless The station information management unit 203 is compared with a preset transmitting station list 150 to detect the presence or absence of a false wireless transmitting station with respect to the identifier (aaa) to be monitored. In the example of FIG. 25, the HW address of the wireless transmission station for the identifier (aaa) to be monitored, which is stored in the transmission data 161, is xx: xx: xx: xx: xx: xx and yy: yy: yy: yy: There are three yy: yy and zz: zz: zz: zz: zz: zz, but the HW address of the wireless transmission station for the identifier (aaa) recorded in the transmission station list 150 is xx: xx: xx: xx. There are only two:: xx: xx and yy: yy: yy: yy: yy: yy. In this case, the unmanaged wireless station detection unit 204 determines that the wireless transmission station with the HW address zz: zz: zz: zz: zz: zz is a false wireless transmission station. Then, the unmanaged radio station detection unit 204 activates the software and the circuit set in advance by the launcher unit 205, and notifies the administrator that a fake radio transmission station exists. At this time, the unmanaged wireless station detection unit 204 notifies the administrator of the identification information of the false wireless transmission station and the information related to the individual identifier of the detection device 102f or the installation position. Here, in the example of the transmission data 161, the individual identification information of the detection device 102f is transmitted from the detection device 102f to the aggregation device 110. If the administrator who installs the detection device 102f knows at which position (building, store, etc.) the detection device 102f is installed, the location is determined based on the individual identifier notified from the detection device 102f. Can be directly specified.

  Here, the detection device 102f, periodically receives the notification signal transmitted by the wireless transmission station in the neighborhood area 403, collects (or temporarily stores) the identification information of the wireless transmission stations in the vicinity, and the collected wireless The identification information of the transmitting station is periodically transmitted to the aggregation device 110. The aggregation device 110 may be a server device on the network.

  In this way, even when the detection device is installed at a remote place, the aggregation device 110 can detect the presence or absence of a fake wireless transmission station in the vicinity of the detection device, and a fake wireless transmission station is detected. It is possible to specify the installation location of the detection device. In particular, the aggregation device 110 can centrally manage the plurality of detection devices collectively even if the plurality of detection devices are installed at various geographically distant places, and the false detection in the vicinity of each detection device can be performed. It is possible to detect the presence or absence of the wireless transmission station. Then, it is possible to specify the installation location of the detection device in which the false wireless transmission station is detected. Note that, in FIG. 25, the detection device 102f functions as a collection device that collects information on wireless transmission stations, and the processing for detecting a false wireless transmission station is executed by the aggregation device 110.

  Here, in the description of FIG. 25, the remote management unit (terminal device side) 281 of the detection device 102f is an independent block for ease of understanding, but the function of the remote management unit (terminal device side) 281 is wireless. The notification information acquisition unit 202 may perform this. Similarly, although the remote management unit (aggregation device side) 284 of the aggregation device 110 is an independent block, the function of the remote management unit (aggregation device side) 284 may be performed by the unmanaged wireless station detection unit 204. .

  FIG. 26 shows an example when the wireless transmission station described in FIG. 25 is a wireless LAN base station. In FIG. 26, the identifier shown in FIG. 25 corresponds to the SSID of the wireless LAN and the HW address corresponds to the BSSID. Further, in the example of FIG. 26, the remote management unit (terminal device side) 281 has information of ID 281a (ID: 12345) as an individual identifier of the detection device 102f. Further, in the example of FIG. 26, the wireless communication unit 282 and the communication network 283 correspond to LTE used in high-speed mobile communication such as smartphones, and the aggregation device 110 wirelessly communicates with the detection devices 102f installed at various places. Information on LAN base stations can be collected to detect fake wireless LAN base stations.

  In FIG. 26, the wireless reception unit 201 and the wireless notification information acquisition unit 202 of the detection device 102f are the wireless LAN base station 101a, the wireless LAN base station 101b, the wireless LAN base station 101c, and the wireless LAN base station 101d in the neighborhood area 403. It receives the broadcast signal transmitted and collects the SSID and BSSID information of each wireless LAN base station. Then, the remote management unit (terminal device side) 281 is the transmission data including the information of the SSID and BSSID of the peripheral wireless LAN base stations collected by the wireless notification information acquisition unit 202 and the ID of the detection device 102f: 12345. 161 is created and transmitted from the wireless communication unit 282 to the aggregation device 110 via the LTE network 283.

  Note that, in FIG. 26, the aggregating apparatus 110, as described in FIG. 25, stores the information of the SSID and BSSID of the wireless LAN base station received from the detecting apparatus 102f and the information of the transmitting station list 150 in the aggregating apparatus 110. By comparison, a false wireless LAN base station can be detected, and the installation location of the detection device 102f where the false wireless LAN base station is detected can be specified.

Here, since the individual identifier only needs to be able to uniquely identify the detection device 102f in the aggregation device 110, for example, when using a wireless device such as a smartphone or a mobile phone as the detection device 102f, the user ID of the smartphone or the mobile phone IMEI (
1471404761472_0
) Or the like may be used instead of the individual identifier.

  FIG. 27 shows an example of acquiring the position information of the detection device from the BLE beacon information.

  In FIG. 27, the detection device 102g includes a wireless reception unit 201, a wireless notification information acquisition unit 202, a remote management unit 281, a wireless communication unit 282, a wireless reception unit 291 for acquiring position-related information (hereinafter referred to as a position information reception unit 291). ) And a position-related information acquisition unit 292 (hereinafter referred to as position information acquisition unit 292). Further, in the neighborhood area 403, a BLE transmitting station 501 corresponding to the BLE standard, a BLE transmitting station 502, and a BLE transmitting station 503 are arranged, and each BLE transmitting station periodically sends a BLE beacon containing information of its own station. Are being sent to you. Here, in the detection device 102g, a block having the same reference numeral as the detection device 102f shown in FIG. 26 has the same or similar function as the detection device 102f.

  The position information receiving unit 291 has a Bluetooth communication function and receives a BLE beacon transmitted from a BLE transmitting station.

  The position information acquisition unit 292 acquires information included in the BLE beacon received by the position information reception unit 291. Here, the information included in the BLE beacon is, for example, information such as the UUID, Major / Minor and RSSI of the BLE transmitting station.

  In the example of FIG. 27, the wireless broadcast information acquisition unit 202 transmits from the wireless LAN base station 101a, the wireless LAN base station 101b, the wireless LAN base station 101c, and the wireless LAN base station 101d in the neighborhood area 403, as in FIG. The information such as SSID, BSSID, and RSSI of each wireless LAN base station is collected by receiving the broadcast notification signal. On the other hand, the position information acquisition unit 292 receives the BLE beacons transmitted from the BLE transmitting station 501, the BLE transmitting station 502, and the BLE transmitting station 503, and outputs information such as UUID, Major / Minor and RSSI of each BLE transmitting station. collect.

  Then, the remote management unit 281 is the identification information and RSSI information of the wireless LAN base station acquired by the wireless notification information acquisition unit 202, the BLE transmission station information acquired by the position information acquisition unit 292, and the ID of the detection device 102g. The transmission data 161a including the information of: 12345 is created and transmitted to the aggregation device 110 via the wireless communication unit 282 and the LTE network 283.

  Here, in the example of the transmission data 161a illustrated in FIG. 27, ID: 12345 is stored as the individual identifier of the detection device 102g, and the position-related information is the information of the BLE transmission station 501 (UUID: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA, Major / Minor: (100/1, RSSI: -80dBm) and information of BLE transmitting station 502 (UUID: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA, Major / Minor: 100/2, RSSI: -90dBm) and information of BLE transmitting station 503 (UUID: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA, Major / Minor: 100/3, RSSI: -85dBm) are stored. Further, the transmission data 161a stores the SSID, BSSID, and RSSI acquired by the detection device 102g from the peripheral wireless LAN base stations.

  In FIG. 27, the aggregation device 110 refers to the transmission data 161a received from the detection device 102g, detects the presence / absence of a false wireless LAN base station, and detects a false wireless LAN base station as described in FIG. The detected installation location of the detection device 102g is specified from the information of the BLE transmission station. For example, the aggregation device 110 identifies the installation location of the detection device 102g based on the size of RSSI of BLE beacons transmitted from a plurality of BLE transmission stations. For example, the BLE beacon with the largest RSSI value is determined as the nearest beacon transmitting station. In addition, here, it is also possible to estimate the position of the detection device 102g based on the RSSIs of the BLE beacons received from at least three BLE transmitting stations. This makes it possible to estimate the position of the detection device 102g even indoors where GPS cannot be used.

  FIG. 28 shows an example of acquiring the position information of the detection device from the GPS information. 28, blocks having the same reference numerals as those in FIG. 27 have the same or similar functions as those in FIG. In the example of FIG. 28, the position information receiving unit 291 receives GPS signals from a plurality of GPS communication satellites instead of the BLE beacon transmitted by the BLE transmitting station as in FIG. In FIG. 28, the position information receiving unit 291 receives GPS signals from three communication satellites 511 for GPS, communication satellite 512, and communication satellite 513. Then, the position information acquisition unit 292 acquires the latitude / longitude information of the installation position of the detection device 102g based on the GPS signals received from three or more communication satellites.

  The remote management unit 281 includes the wireless LAN base station identification information and RSSI information acquired by the position information acquisition unit 292, the latitude / longitude information acquired by the position information acquisition unit 292, and the ID of the detection device 102g: 12345. Transmission data 161b including information is created and transmitted to the aggregation device 110 via the wireless communication unit 282 and the LTE network 283.

  Here, in the example of the transmission data 161b shown in FIG. 28, ID: 12345 as an individual identifier of the detection device 102g, and latitude (pp.ppp degree) / longitude (qqq. qqq degrees) information, identification information of each wireless LAN base station, and RSSI information are stored.

  Then, the aggregating apparatus 110 refers to the transmission data 161b received from the detecting apparatus 102g, detects the presence or absence of a false wireless LAN base station, and detects a false wireless LAN base station as described in FIG. The installation location of the detection device 102g can be specified from the latitude / longitude information.

Further, by using the mechanism of the present embodiment, it is possible to use the detection method of the undetected wireless transmission station of (Eighth Embodiment) together or manage the collected RSSI information of the wireless LAN base station, It can also be used to ascertain the status of wireless LAN base stations.
(10th Embodiment)
FIG. 29 shows an example of a method of constructing a database of information for a plurality of wireless transmission stations. Here, in the neighborhood area 403 (for example, A station) shown in FIG. 29, the detection device 102 (1), the detection device 102 (2), the wireless LAN base station 101a, the wireless LAN base station 101b, the wireless LAN base station 101c and The wireless LAN base station 101g is installed, and the transmission data 161 (1) and the transmission data 161 (2) are transmitted from the detection device 102 (1) and the detection device 102 (2) to the aggregation device 110, respectively. Here, the transmission data 161 (1) and the transmission data 161 (2) may be the transmission data 161 described with reference to FIGS. 25 and 26, or the transmission data 161a described with reference to FIG. 27 and the transmission data 161a described with reference to FIG. It may be the transmission data 161b.

  Like the aggregation device 110 described in FIGS. 25 to 28, the aggregation device 110a is a fake wireless LAN base station based on the information of the wireless LAN base station received from the detection device 102 (1) and the detection device 102 (2). To detect. In particular, the aggregation device 110a shown in FIG. 29 constructs a database 601 of information of wireless LAN base stations received from a plurality of wireless LAN base stations, and a false LAN is selected from wireless LAN base stations installed in the same area. Performs processing to detect a wireless LAN base station.

  In FIG. 29, the aggregation device 110a adds an identifier (Location ID) indicating a location to the information of the wireless LAN base station first received from the detection device 102 (1) or the detection device 102 (2). In the example of FIG. 29, the aggregation device 110a receives the BSSID (xx: xx: xx: of the wireless LAN base station (for example, the wireless LAN base station 101a) that is not recorded in the database 601 first received from the detection device 102 (1). Location ID = 98765 is assigned in correspondence with (xx: xx: xx). It should be noted that the detection device 102 (1) and the detection device 102 (2) transmit the information of the detected wireless LAN base stations in the vicinity to the aggregation device 110a at an arbitrary timing.

  In the example of the database 601, the wireless LAN base stations received from the same detection device 102 (1) are considered to be present in the same neighboring area 403, so the BSSID received from the same detection device 102 (1) is xx: xx: xx: The same LocationID = 98765 is given to three wireless LAN base stations of xx: xx: xx and yy: yy: yy: yy: yy: yy and vv: vv: vv: vv: vv: vv.

  In the example of FIG. 29, when the aggregation device 110a receives the transmission data 161 (1) from the detection device 102 (1) and then receives the transmission data 161 (2) from the detection device 102 (2), It is confirmed whether or not the BSSID stored in 161 (2) is recorded in the database 601. Then, the aggregation device 110a does not record the information of the wireless LAN base station of yy: yy: yy: yy: yy: yy already recorded in the database 601, in the database 601, and the BSSID not recorded in the database 601. The information of the wireless LAN base station of zz: zz: zz: zz: zz: zz is recorded in the database 601. At this time, the BSSID of the wireless LAN base station of zz: zz: zz: zz: zz: zz is the detecting device 102 (2) together with the BSSID of the wireless LAN base station of yy: yy: yy: yy: yy: yy. Location ID = 98765 is also given to the wireless LAN base station whose BSSID is zz: zz: zz: zz: zz: zz because it has been received from the wireless LAN base station.

  Here, a case will be described in which the transmission data 161 (2) received from the detection apparatus 102 (2) only stores information on the wireless LAN base station having the BSSID zz: zz: zz: zz: zz: zz. In this case, the aggregation device 110a assigns a Location ID different from the Location ID = 98765 to the BSSID zz: zz: zz: zz: zz: zz. After that, when yy: yy: yy: yy: yy: yy and zz: zz: zz: zz: zz: zz are notified by the same transmission data, the Location ID of zz: zz: zz: zz: zz: zz is set. Change to LocationID = 98765. By assigning such a Location ID, it is possible to associate neighboring areas with one Lokaiton ID as a key. For example, in the example of FIG. 29, the wireless LAN base station 101g and the wireless LAN base station 101c are not notified by the same transmission data (the areas are not necessarily overlapped), but they are the same. If it exists in the neighborhood area, it can be managed by the aggregation device 110a.

  If it is known in advance that the wireless LAN base station 101a with BSSID xx: xx: xx: xx: xx: xx is the wireless LAN base station installed at station A (the facility operator LocationID = 98765 and station A can be associated with each other.

  Alternatively, as described with reference to FIGS. 27 and 28, when the transmission data 161 stores latitude / longitude information and BLE transmitting station information, the geographical position of LocationID = 98765 can be known from these information. Therefore, it can be specified as the area around A station.

  Then, when the aggregation device 110a has the transmission station list 150 installed in the A station, by comparing the database 601 and the transmission station list 150, it is possible that a false wireless LAN base station exists. Can be determined. In addition, even if there is no transmitting station list 150, if the administrator knows that there are only two wireless LAN base stations with SSID aaa at station A, such as through the installation company, In the database 601, three wireless LAN base stations are recorded as SSID: aaa for LocationID = 98765 (A station), so it is possible that one of the wireless LAN base stations was installed illegally. Can be estimated.

  As described above, in the embodiment shown in FIG. 29, the aggregation device 110a records the information of the transmission data received from the plurality of detection devices in the database 601 and assigns the LocationID to the installation location of the wireless LAN base station. Can be confirmed.

  As described above with respect to each embodiment, the detection device, the detection method, and the detection program of the wireless transmission station according to the present invention are based on the identification information of the notification signal transmitted from the wireless transmission station, and are reliable and authentic. It is possible to easily detect a false wireless transmission station by confirming whether the wireless transmission station is a wireless transmission station.

100,900 ... Wireless system (wireless LAN system, BLE system); 101a, 101b, 101c, 101z, 101A-1,101A-2,101A-3,101B-1,101B-2,101B-3,101C-1,101C-2,101C-3 ... Wireless Transmitter station; 101d, 101e, 101g, 901a, 901b, 901z ... Wireless LAN base station; 102, 102 (1), 102 (2), 102a, 102A, 102b, 102B, 102c, 102C, 102d, 102e, 102f, 102g ... Detection device; 110, 110a ... Aggregation device; 150 ... Transmission station list; 150a ... Information on the number of wireless transmission stations; 151, 151A, 272 ... List; 161, 161 (1), 161 (2) ... Transmission data; 201, 201 (1), 201 (2), 201 (N) ... Wireless receiving unit; 202,202 (1), 202 (2), 202 (N) ... Wireless broadcast information acquisition unit; 203 ... Wireless station information management unit; 204 ... Unmanaged wireless station detection Part; 205 ... Launcher part; 206 ... Notification part; 207,212 ... External interface; 210,222,241 ... Hardware management part; 211 ... SD card slot; 211a ... SD card; 213 ... Personal computer (PC); 214, 244 ... Network interface; 215,246 ... NW; 216 ... File server; 220 ... Transmission station list Development unit; 221 ... Operation button; 223 ... Timer unit; 242 ... Speaker; 243 ... LED; 245 ... Emergency warning light; 247 ... Mail server; 261 ... Alert information analysis unit; 271 ... Undetected wireless station recording unit; 273 ... Counter; 281,284 ... Remote management section; 282 ... Wireless communication section; 283 ... Communication network; 291,292 ... Location information receiving section; 401 ... Wide area; 402A, 402B, 402C ... Monitoring area; 403 ... Neighboring area; 501,502,503 ... BLE transmission Stations; 511, 512, 513 ... GPS communication satellites; 601 ... Databases; 900 ... Wireless LAN systems; 902 ... Terminal devices

Claims (5)

A receiving unit for receiving a notification signal notified from the wireless transmission station,
An acquisition unit that acquires information related to the wireless transmission station included in the notification signal received by the reception unit,
The acquisition unit compares the number of wireless transmission stations having a predetermined identifier obtained from the information acquired from the notification signal with the number of first wireless transmission stations having the predetermined identifier to be managed, A detection unit for detecting the presence of a second wireless transmission station which is different from the first wireless transmission station and which is not managed;
And a notification unit configured to notify the outside of information indicating that the presence of the second wireless transmission station is detected when the detection unit detects the presence of the second wireless transmission station. Detector. A plurality of receiving units for receiving the notification signal notified from the wireless transmission station,
An acquisition unit that acquires information related to the wireless transmission station included in the notification signal received by the plurality of reception units,
A second wireless transmission that is different from the first wireless transmission station and is not managed by comparing the information acquired from the notification signal by the acquisition unit with the information indicating the first wireless transmission station to be managed. A detection unit that detects the presence of a station,
And a notification unit configured to notify the outside of information indicating that the presence of the second wireless transmission station is detected when the detection unit detects the presence of the second wireless transmission station,
Information related to the radio transmission station in which the acquiring unit acquires comprises receiving direction of the information of the reception level information and the broadcast signal of the broadcast signal,
The detection part, based on information acquired by the acquiring unit, detecting unit and detects a direction which is installed with the presence of the second radio transmission station. An acquisition process of acquiring information related to the wireless transmission station included in the notification signal notified from the wireless transmission station received by the reception unit,
Comparing the number of wireless transmission stations having a predetermined identifier obtained from the information acquired from the notification signal in the acquisition process with the number of first wireless transmission stations having the predetermined identifier to be managed, A detection process for detecting the presence of a second wireless transmission station which is different from the first wireless transmission station and which is out of control;
When the presence of the second wireless transmission station is detected in the detection processing, a notification processing of notifying the outside of the information indicating that the presence of the second wireless transmission station is detected is executed. And the detection method. An acquisition process of acquiring information related to the wireless transmission station included in the notification signal notified from the wireless transmission station received by the plurality of receiving units,
Information acquired from the notification signal in the acquisition processing is compared with information indicating the first wireless transmission station to be managed, and the second wireless transmission that is different from the first wireless transmission station and is not under management Detection processing to detect the presence of a station,
When the presence of the second wireless transmission station is detected in the detection process, a notification process of notifying the outside of the information indicating that the presence of the second wireless transmission station is detected is executed.
Information related to the radio transmission station acquired in the acquisition process may include a reception direction of the information of the reception level information and the broadcast signal of the broadcast signal,
The detection process is based on the information acquired by the acquisition process, the detection method characterized by detecting a direction which is installed with the presence of the second radio transmission station.   A detection program that causes a computer to execute each process executed by the detection method according to claim 3.

Images