US20060193299A1 - Location-based enhancements for wireless intrusion detection - Google Patents

Location-based enhancements for wireless intrusion detection Download PDF

Info

Publication number
US20060193299A1
US20060193299A1 US11066009 US6600905A US2006193299A1 US 20060193299 A1 US20060193299 A1 US 20060193299A1 US 11066009 US11066009 US 11066009 US 6600905 A US6600905 A US 6600905A US 2006193299 A1 US2006193299 A1 US 2006193299A1
Authority
US
Grant status
Application
Patent type
Prior art keywords
ap
radio
manager
aps
wlan
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11066009
Inventor
Nancy Winget
Mark Krischer
Timothy Olson
Sheausong Yang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Cisco Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
    • H04W12/12Fraud detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/24Connectivity information management, e.g. connectivity discovery or connectivity update
    • H04W40/246Connectivity information discovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Abstract

In a wireless local area network, a method for detecting the presence of an unauthorized device comprises: detecting the presence of neighboring devices from which management frames can be sent; saving a representation of each neighboring device present; receiving a management frame purporting to be from one of the detected device; determining that the received management frame was sent by an unauthorized device; and indicating the presence of the unauthorized device.

Description

    FIELD OF THE INVENTION
  • [0001]
    The present invention relates broadly to configuration of wireless local area networks. Specifically, the present invention relates to configuring a wireless local area network of client devices. More specifically, the present invention relates to using management frames in a wireless transmission medium to detect unauthorized access to a wireless local area network.
  • BACKGROUND
  • [0002]
    Use of wireless networks such as wireless local area networks (WLANs) is becoming widespread. With the proliferation of WLANs, network security is also becoming more and more important. WLANs present important network security concerns.
  • [0003]
    A WLAN may be ad hoc, in that any client device (referred to herein as a client) may communicate directly with any other client, or have an infrastructure in which a client can only communicate with another client via an access point device (AP). Problems specific to WLANs arise from wireless clients requesting access to the various APs. Often in a deployment of a WLAN environment, AP cells' coverages are overlapped to achieve maximum RF coverage to reduce non-service spots. Wireless clients can move between APs, and thus change the RF environment of the WLAN depending on their location. Additionally, WLANs are often required to grow with increased demand as more and more clients require service from the WLAN. Expanding the WLAN requires reconfiguring equipment, adding APs, and placing APs in locations that do not conflict with other APs or otherwise complicate managing the WLAN.
  • [0004]
    Because wireless is an open medium, anyone can contend for access and send frames over a channel. As 802.11 management frames are sent without any protection, an attacker can easily spoof as a legitimate AP, sending directives to clients as if it were the AP serving the clients. For example, nearly all attacks begin with an attacker spoofing as an AP by sending disassociation or deauthentication requests to a client.
  • [0005]
    Thus, there is a heartfelt need for methods and equipment to efficiently protect a WLAN and provide WLAN managers with information needed to make management and access control decisions.
  • SUMMARY
  • [0006]
    The present invention addresses the problems described above and protects WLANs by verifying that management frames purporting to be from a specific AP originate from near a physical location where the specific AP is known to be located. Thus, the present invention requires attackers to be located in close proximity to the AP they wish to spoof, allowing the AP to detect the spoofed frame and alert a WLAN administrator.
  • [0007]
    In an embodiment, the WLAN administrator deploys a new WLAN as described below. After installing hardware, the APs establish trusted relationships with the campus context manager (CCM). Radio parameters are auto-configured based on AP Radio discovery measurements. If necessary, client walkabouts are performed to gather signal strength measurements, and radio parameters can be re-configured using these measurements. In an embodiment, when a network is first installed, the WLAN administrator positions APs based on heuristic guidance and applies power without any time coordination. Optionally, the WLAN administrator may perform a site survey to optimize the AP placement. Site surveys can range from a quick coverage check using a client utility to detailed signal strength measurements using a third-party tool. After placement and power-up, each AP scans a frequency band to find a usable channel. In an embodiment, the Radio Manager generates a network-wide radio configuration overriding these initial settings. The WLAN administrator initiates radio discovery, auto-configuration and client walkabout measurements at the WLAN Network Manager (WNM) interface. AP Radio discovery involves APs broadcasting beacon signals and simultaneously listening for beacon signals from neighboring APs. The resulting measurements between APs are used to generate an initial radio configuration for the WLAN. Client walkabout measurements are not accompanied by location information, but sets of measurements correspond to specific locations in the WLAN coverage area. The Radio Manager uses these measurement sets to create measurement objects that contain data representing path losses to the strongest controlled APs and received signal strengths from uncontrolled sources at specific locations. A new radio configuration can be generated for the WLAN, using the additional information from the client walkabouts.
  • [0008]
    Depending on the embodiment of the present invention, the physical location of the APs can be either manually configured or achieved during the discovery or walkabout survey. During normal operation, the locations of the APs do not change as APs in general are not expected to be mobile devices. However, in the event that mobile APs are present, resurveying or manually reconfiguring the WLAN can be performed on a periodic basis. Once an AP's location is determined by physical coordinate location and/or through its relative set of neighbors, the AP's location is not expected to change.
  • [0009]
    A signature is conveyed for each management frame the AP transmits and is used for checking that management frames that purport to be from a specific AP actually originate from the expected location. Because the signature is unique to each frame, the dynamic nature of the stored signal strength information ensures a reasonably accurate representation of AP placement within the WLAN. As each AP sends management frames that contain a signal strength indication, this signal strength indication is compared to the AP's signal strength recorded in the radio manager's database. If a significant difference between the signal strength indicator of the management frame and the signal strength recorded in the radio manager's database indicates the possibility of an unauthorized user trying to spoof as a legitimate AP. In an embodiment, the actual validation is based on checking the message integrity code (MIC) of each management frame coupled with the signal strength of the AP by the detector to assert whether both the MIC is valid and whether that detector should have been able to detect that AP.
  • [0010]
    Many other features and advantages of the present invention will be realized by one skilled in the art upon reading the following detailed description when considered with the accompanying drawings, in which:
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • [0011]
    FIGS. 1A and 1B illustrate placement of APs in a WLAN and measurements taken during radio discovery.
  • [0012]
    FIG. 2 illustrates a network configuration in which radio measurements are introduced by embodiments of the present invention.
  • [0013]
    FIG. 3 illustrates an exemplary access point device containing measurement modules used in accordance with embodiments of the present invention.
  • [0014]
    FIG. 4 illustrates an exemplary access radio manager device used in accordance with embodiments of the present invention
  • DETAILED DESCRIPTION
  • [0015]
    The WLAN administrator initiates AP radio discovery at deployment and schedules AP radio discovery during brief maintenance periods when the WLAN is not in use (e.g., 2:00 AM each morning). The result of AP radio discovery is a snapshot of the RF interference at each AP and a set of signal strength measurements indicating the strength level at which each AP receives each neighboring AP's signal. Directing attention to FIG. 1A, a WLAN configuration having AP 1, AP 2, AP 3, AP 4, AP 5 and AP 6 and radio manager 10 and wireless network manager (WNM) 14 are shown. When the APs perform radio scans in accordance with the present invention is performed, APs are determined not in terms of physical location, but mapped in terms of signal strength received from each AP's neighboring APs. In other words, each AP is described in terms of what other APs the AP can detect, in terms of signal strength. For example, in accordance with the present invention, AP 4 is defined as AP 1 (50); AP 2 (55); AP 3 (58); AP 5 (56). In this example, AP 6 is not detected by AP 4, and thus is not included in the definition of AP 4. The values defining AP 4 are stored in a database maintained by radio manager 10. Radio manager 10 uses each AP's current transmission signal strength level to compute the path loss between each AP that the APs can detect. The computed path loss is saved in a database to characterize the RF environment, such as potential coverage redundancy in a set of 802.11 stations associated with a single AP (referred to herein as BSS), and overlap on the downlink. When the neighboring AP is not controlled, radio manager 10 saves the received signal strength. Radio manager 10 sets all controlled APs to transmit at their highest power level and then steps down through subsequent levels to characterize each AP's true power steps. AP Radio discovery is accomplished in the following event sequence. Radio manager 10 commands all APs to scan passively for RF energy over a predetermined time interval and return the results. This action is performed to detect uncontrolled 802.11 WLAN stations and interferers. Radio manager 10 uses the AP scan results to choose one test frequency for all APs in a particular region. Radio manager 10 sets all APs in a particular region to transmit beacons on the selected frequency at maximum transmit power. Each AP is assigned a unique beacon interval to minimize collisions. Radio manager 10 then commands each AP to report beacons that it receives from other APs along with accompanying signal strengths. This action is repeated with APs transmitting at each successively lower power level until reaching the lowest setting.
  • [0016]
    Directing attention to FIG. 1B, campus context manager (CCM) 15 can be utilized in a similar capacity as radio manager 10, database 12 and WNM 14. In an embodiment, CCM 15 stores the database of location information for each AP. This information can be manually configured or obtained through walkabouts based on signal strengths. As shown in FIG. 1B, AP 2's detected neighbors are AP 1 and AP 3. Similarly, AP 4's detected neighbors are only AP 3 and AP 5. In this embodiment, AP 2 and AP 4 are used to detect and validate all traffic they are able to receive. So if AP 4 receives frames that are from AP 1, then it is suspected to be a spoofed frame and AP 4 can report AP 1 to CCM 15 (or radio manager 10) as a potential rogue AP.
  • [0017]
    In an embodiment, a trust relationship is established between CCM 15 and all APs. APs issue their unique key used to protect their respective management frames. The management frame is protected, for example, by using a keyed one-way hash function such as HMAC-SHA1 and its resulting value, which serves as a message integrity code (MIC) that is also sent in the management frame. Sensor APs, such as AP2 and AP4 can validate these management frames as they receive them to also ensure that its neighboring APs are not under attack. In an embodiment, if AP 4 receives frames that are from AP 1 it can also validate that received frame using AP 1's key. Since APs may be moved occasionally, or some APs can even be mobile, the combination of location tracking and validation of the MIC provides for a better determination if a rogue is encountered.
  • [0018]
    The information stored in radio manager 10's database is also useful for checking that management frames that purport to be from a specific AP actually originate from the expected location. Because radio manager 10's database is updated periodically, the dynamic nature of the stored signal strength information associated with individual APs ensures a reasonably accurate representation of AP placement within the WLAN. As each AP sends management frames that contain a signal strength indication as well as the message integrity check (MIC), this signal strength indication is compared to the AP's signal strength recorded in radio manager 10's database. If a difference between the signal strength indicator of the management frame and the signal strength recorded in radio manager 10's database is outside of a threshold amount, this difference indicates the possibility of an unauthorized user trying to spoof as a legitimate AP. In such cases, a warning can be sent to the WLAN administrator to alert the administrator to the possibility of an attack on the WLAN.
  • [0019]
    In an embodiment, radio manager 10 uses the measured signal strength to calculate path loss information from AP to AP and from client location to AP. With this calculated path loss information and the configured power and channel settings of each AP, neighboring APs suffering from black holes are identified.
  • [0020]
    After AP Radio discovery and initial radio configuration, the WLAN administrator may initiate one or more client walkabouts. In a walkabout, a person walks around a coverage area while holding a client device, so that measurements can be gathered and all detected APs reported. The gathered information is used to characterize the RF environment of the WLAN, such as potential BSS coverage redundancy and overlap on the downlink. At the WNM user interface, the administrator specifies the media access control (MAC) addresses of clients from which the controlled APs will request frequent measurements, typically at five-second intervals. The WLAN administrator may select a walkabout with APs transmitting at maximum power or at the levels used during normal operation. During the walkabout, the WLAN administrator is not required to remain in a particular location for any length of time. Client measurements are taken quickly enough to allow the WLAN administrator to continue walking throughout the desired coverage area. Radio manager 10 makes requests to the client device 20 through the AP that is currently serving client 20, instructing client 20 to make a particular measurement. Typically, client 20 is requested to measure the signal strength of all beacon signals it can detect at any given spot at one point in time, and return the recorded signal strength indicator (RSSI) values of the received beacon signals. Where client 20 loses association from all APs, the WLAN administrator records the location. As the WLAN administrator walks the coverage area, the serving AP changes as its client moves from one BSS to another. As long as client 20 remains inside the coverage area, the serving AP continuously commands client 20 to measure and report the signal strength and background RF energy it receives from neighboring APs. All measurements are passed to radio manager 10, which incorporates them into its RF environment database 12. Database 12 provides data used to compute the next radio configuration. By performing radio discovery and client walkabout as described above, radio manager 10 is able to visualize the radio environment of the WLAN.
  • [0021]
    In an embodiment, the WLAN administrator can also walk through the coverage area using an 802.11 sniffer, such as available from Kismet Wireless, Inc., to locate the APs that can be seen at signal strengths sufficient to cause black hole problems among neighboring APS. Regardless of how black holes are detected among neighboring APS, either through transmitting beacon signals at stepped intervals or using an 802.11 sniffer during the walkabout, once black holes are detected, the APs suffering this problem are adjusted by radio manager 10 instructing each AP to change its beacon signal interval so that it is staggered with respect to the neighboring AP also suffering the black hole problem. The process of black hole detection can be an iterative process, performed after each occurrence of a black hole is corrected. This ensures that whatever beacon interval an AP selects to correct the detected black hole problem does not create a new black hole with a different, neighboring AP. In the preferred embodiment, skewing the beacon signals by one or two milliseconds with respect to the neighboring AP in the black hole is sufficient to prevent any extended period of time during which a black hole can occur.
  • [0022]
    During normal operation, radio manager 10 gathers RF statistics and identifies specific signal sources. This allows radio manager 10 to monitor the RF environment, and indicate when new APs appear, and roughly locate clients. Radio manager 10 may request measurements from APs and clients to monitor the WLAN RF environment. These measurements occur less frequently than during the walkabout, typically one or more minutes apart. Radio manager 10 typically asks only the clients to measure non-serving channels, allowing APs to remain on their serving channels to better serve their respective BSSs.
  • [0023]
    Each radio configuration includes parameters of AP channel, AP transmit power, BSS data rates, and BSS power limit. In computing a new radio configuration, radio manager 10 may be given free reign to select various combinations of parameters, or it may be limited to particular range of values for some or all of these parameters on some or all APs. After computing a new radio configuration, radio manager 10 quantifies the expected system performance and then waits for direction from WNM 14, which may request another configuration using a new set of constraints or may apply the computed radio parameters to the WLAN.
  • [0024]
    After the WLAN is deployed, radio manager 10 continuously collects measurements and monitors the RF state of the WLAN. Radio manager 10 alerts WNM 14 to changes that may require radio reconfiguration, but waits for further direction from WNM 14 before computing a new radio configuration and again before applying new radio parameters to the WLAN. Every action by radio manager 10 is made in response to a command received from WNM 14. This makes WNM 14 responsible for managing the degree of reconfiguration autonomy granted to the entire system by the WLAN administrator. The WLAN administrator uses the WNM interface to specify the conditions, if any, under which radio parameters may be automatically changed. All other conditions require explicit approval at each instance.
  • [0025]
    In a preferred embodiment, nightly measurements are performed automatically to check the RF state of the WLAN. These measurements are typically scheduled in a WNM job that runs AP Radio discovery early each morning, perhaps at 2:00 AM. During this brief maintenance time, which could last about a minute, the WLAN becomes unavailable while the APs change channels and power levels. After the new measurements have been accumulated, the WLAN reverts to its previous state and resumes normal operation. Radio manager 10 consolidates the new measurements into its radio environment database and alerts the WLAN administrator of any anomalies.
  • [0026]
    Radio manager 10 alerts WNM 14 whenever it detects a new AP's beacon during normal operation. At the administrator's command, WNM instructs radio manager 10 to ask all new APs to scan the radio spectrum and report their results. Meanwhile, existing APs and clients detect the new APs' beacons. The combination of measurements from the new APs, existing APs and clients provide the information to reconfigure the WLAN to best incorporate the new APs. If desired, the WLAN administrator may perform another client walkabout in the vicinity of the new APs.
  • [0027]
    During normal operation, APs and clients measure the 802.11 traffic load at their location on the serving channel. The traffic load at the AP is best managed by dynamic load balancing. High traffic loads at client locations may indicate inter-BSS contention, which can be remedied by an improved radio configuration. If a client reports a load that is much higher than its serving AP, it may indicate contention from stations (also referred to herein as STAs) in a neighboring BSS. In response to this condition, radio manager 10 schedules measurements to capture frames from the neighboring clients and/or AP to identify the BSS and the number of clients responsible for the contention. This information is used to serve two purposes. First, radio manager 10 consolidates and sends it to WNM 14 to use for performance visualization. Second, the information may prompt WNM 14 to ask radio manager 10 to suggest a new radio configuration that incorporates the new information and achieves better overall performance, possibly by reducing the transmit power in one BSS or by reassigning channels.
  • [0028]
    During normal operation, APs and clients, referred to herein collectively as stations (STAs) measure the non-802.11 interference strength at their locations on the serving channel. In addition, clients measure received interference strength on alternative channels. When radio manager 10 receives reports that indicate non-802.11 interference, it correlates the measurements to locate the interferer, if possible, and alerts WNM 14. The response by WNM 14 depends on the number of reporting STAs, severity and duration of the interference. If a small number of clients report moderate interference, WNM 14 may simply inform the clients of their situation. If the interference is persistent, pervasive and severe, WNM 14 may ask radio manager 10 to suggest a new radio configuration to avoid the interferer.
  • [0029]
    During normal operation, each client may detect a condition where another client is hidden from it. The WLAN administrator uses the WNM interface to specify when and how to act on this information. These instructions are sent by radio manager 10 to each AP. Clients may be instructed to periodically report hidden stations so that APs may take corrective action by lowering the ready to send (RTS) thresholds of the hidden clients. As a result, the serving AP clears the channel by issuing a clear to send (CTS) notification before either of the clients transmits data, which alleviates the hidden node problem.
  • [0030]
    Radio manager 10 gains knowledge of the WLAN radio environment through measurement reports obtained from APs and clients. An embodiment of the present invention introduces five types of radio measurement reports: Beacon Reports, Frame Reports CCA Reports, received power indicator (RPI) Histograms, and Hidden Node Reports, each of which indicates a particular RF characteristic or reports a particular RF event.
  • [0031]
    Beacon and Frame Reports identify sources of 802.11 contention. CCA Reports and RPI Histogram Reports characterize the degree of contention and interference. Hidden Node Reports identify stations colliding within the same BSS.
  • [0032]
    FIG. 2 illustrates the radio measurements introduced by embodiments of the present invention. As shown, the measuring client and one other client are associated with AP 1, but neither client detects the other's signal. AP 2 is close enough to be detected by the measuring client. AP 3 is out of range, but the measuring client does detect some of its associated clients.
  • [0033]
    Measuring client 20-2 issues a Beacon Report identifying AP 2 as a source of 802.11 contention. Client 20-2 issues a Frame Report indicating contention from a client in another BSS, and identifies AP 3 as the BSS access point. Measuring client 20-2 reports significant contention due to clients in another BSS. After receiving this report, radio manager 10 may request a Frame Report, which would identify AP 3 as the destination of the contenting frames. Measuring client 20-2 issues a RPI Histogram Report indicating intermittent, non-802.11 interference and describing the statistics of its received strength. Measuring client 20-2 issues a Hidden Node Report identifying another client in its BSS that appears to be hidden from it.
  • [0034]
    CCA and RPI Histogram Reports must achieve statistical significance and are therefore utilize measurements having longer durations (e.g., 60 seconds). Beacon, Frame and Hidden Node Reports capture and summarize 802.11 frames to identify specific signal sources. Beacon Reports utilize measurements having shorter durations (e.g., 1 second or less). Frame and Hidden Node Reports typically filter out most of the STA's received traffic and report on a small subset. These reports utilize measurements having medium to longer durations.
  • [0035]
    FIG. 3 illustrates an AP in accordance with embodiments of the present invention. In the preferred embodiment, AP 1,2,3,4,5,6 includes processor 28 that executes software modules 34, 36, 38, 40, and 42 for operatively controlling transmitter 30 and receiver 32 to perform the radio measurements of the present invention. Those skilled in the art will know that these software modules can also be implemented as firmware or circuitry as desired in various embodiments.
  • [0036]
    Beacon measurement module 34 performs measurements to obtain received signal strength, identity and other information of neighbor AP beacon or probe response, and generates a message containing this information. AP 1,2,3,4,5,6 send beacon signals to identify themselves to neighboring devices. During walkabout and AP discovery, beacon measurement module 34 measures radio connectivity of APs and characterize potential BSS downlink coverage. During normal operation, beacon measurement module 34 monitors known APs, detects new APs, and roughly locates clients. Frame measurement module 36 obtains signal strength of neighboring STAs and identity of their respective BSS and generates a message containing this information. During walkabout and AP discovery, frame measurement module 36 identifies uncontrolled STAs to be avoided in the radio configuration. During normal operation, frame measurement module 36 identifies contending neighbor STAs (controlled or not). Clear channel assessment (CCA) measurement module 38 measures the fraction of time that an STA observes a channel busy with 802.11 traffic and generates a message containing this information. During walkabout and AP discovery, CCA module 38 finds channels already busy with 802.11 traffic to avoid in radio configuration. During normal operation, CCA measurement module 38 characterizes 802.11 contention at reporting STA's locations. RPI Histogram measurement module 40 measures received strength and statistics of non-802.11 energy and generates a message containing this information. During walkabout and AP discovery, RPI Histogram measurement module 40 find channels with non-802.11 RF energy to avoid in radio configuration, if possible. During normal operation, RPI Histogram measurement module 40 monitors STAs for new non-802.11 RF energy and alarm, if appropriate. Hidden Node measurement module 42 is not used in walkabouts or AP discovery, but during normal operation improves AP performance by enabling dynamic hidden station control. The messages generated by modules 34, 36, 38, 40, 42 can be transmitted by transmitter 30 to radio manager 10, stored in database 12 and passed to WNM 14.
  • [0037]
    Radio manager 10 may request a STA to measure on its serving channel or on another channel. When measuring on the serving channel, the STA continues its normal traffic processing while concurrently accumulating the measurement. When measuring on a non-serving channel, the STA must postpone normal traffic and dedicate itself to the measurement since it cannot operate on two channels simultaneously.
  • [0038]
    During AP Radio discovery, radio manager 10 typically requests APs to scan multiple channels and then assigns one channel and requests beacon reports on that channel. During client walkabout, radio manager 10 requests the walkabout clients to measure on the serving channel and on non-serving channels. During normal operation, radio manager 10 requests APs to measure on their serving channels and clients to measure on serving and non-serving channels.
  • [0039]
    Radio manager 10 may request Beacon Reports on a serving or non-serving channel. Beacon Reports ask the measuring STA to report both beacons and probe responses. The Beacon Report may be requested of any STA, and typically contains information such as received signal strength, transmitting station address, computed TSF offset between detected BSS and serving BSS, beacon interval, capability information, SSID and supported rates.
  • [0040]
    The purpose of the Beacon Report is to discover and monitor the presence of neighboring APs, regardless of whether they are controlled by radio manager 10. This helps radio manager 10 characterize the overlap of cochannel BSSs and the redundancy of other-channel BSSs on the downlink. The Beacon Report is used during AP Radio discovery, Client walkabout and normal operation. The transmitting station address identifies the neighbor AP to radio manager 10. In an embodiment, the computed TSF offset allows the serving AP to schedule brief measurements of signal strength from the particular neighbor AP. The signal strength helps radio manager 10 assess the overlap of cochannel BSSs and the coverage redundancy of other-channel BSSs. If two cochannel BSSs contain power-save clients, in an embodiment, the computed TSF offset is used to instruct each AP to schedule its multicast traffic in a manner that is less likely to collide with its neighbor's traffic.
  • [0041]
    Radio manager 10 may request Frame Reports on a serving or non-serving channel. Frame Reports may be requested of any STA. The Frame Report summarizes each 802.11 frame received from a STA in another BSS, and includes information such as received signal strength, transmitting station address, receiving station address, and frame type and length. The purpose of the Frame Report is to identify STAs that belong to another BSS but are located within radio range of the measuring STA. It also identifies the BSS to which the contending STAs belong. This report helps characterize and monitor the region of uplink RF influence of each neighboring BSS. This includes BSSs controlled by radio manager 10 and BSSs that are not under its control.
  • [0042]
    Radio manager 10 may request CCA Reports on a serving or non-serving channel. It is typically scheduled to run concurrently with normal traffic processing on the serving channel or in parallel with other dedicated measurements on a non-serving channel. This report may be requested of any STA. The report contains the CCA Busy Fraction. The CCA Busy Fraction measures the accumulated duration of all packets divided by the measurement interval length. This value includes successful packets and erroneous packets. The value range is 0-255, where 0 represents no traffic and 255 represents traffic occurring 100% of the time.
  • [0043]
    Radio manager 10 may request Received Power Indicator (RPI) Histogram Reports on a serving or non-serving channel. The RPI Histogram Report conveys the relative fraction of time during which RF energy from non-802.11-decodable sources falls into each of eight different received power ranges. The RPI Histogram report provides a measurement of RF energy due to a combination of background noise and background signals, including non-802.11 devices and 802.11 devices whose signals cannot be properly decoded. The histogram helps radio manager 10 assess the non-802.11-decodable RF energy contending with the WLAN at different locations. This information helps radio manager 10 to decide the best channel for each BSS in the vicinity of the measuring STA.
  • [0044]
    Radio manager 10 may request a Hidden Node Report from clients as a concurrent measurement on the serving channel. The Hidden Node Report includes the received signal strength and destination address of 802.11 frames sent by the serving AP for which the measuring client detected no acknowledgement. The purpose of the Hidden Node Report is to discover and monitor clients within the same BSS that are hidden from each other. This report helps radio manager 10 decide the best transmit power for each BSS and the appropriate RTS threshold for the hidden nodes, if it has a means of setting these thresholds at the clients.
  • [0045]
    FIG. 4 illustrates the functional components of radio manager 10. Besides database 12, described above, radio manager 10 also includes processor 50, memory 52, transmitter 54 and receiver 56. Transmitter 54 communicates the requests described above to APs and clients, as well as radio configuration information to WNM 14. Receiver 56 receives the report information described above from the APS and clients, as well as instructions from WNM 14.
  • [0046]
    While a method, computer program product, and apparatus for managing a radio environment without location information have been described and illustrated in detail, it is to be understood that many modifications can be made to various embodiments of the present invention without departing from the spirit thereof.

Claims (20)

  1. 1. In a wireless local area network, a method for detecting the presence of an unauthorized device, the method comprising:
    detecting the presence of neighboring devices from which management frames can be sent;
    saving a representation of each neighboring device present;
    receiving a management frame purporting to be from one of the detected device;
    determining that the received management frame was sent by an unauthorized device; and
    indicating the presence of the unauthorized device.
  2. 2. The method of claim 1, wherein the neighboring devices comprise access points.
  3. 3. The method of claim 1, wherein the neighboring devices comprise stations.
  4. 4. The method of claim 1, wherein detecting comprises performing radio discovery to determine individual signal strengths of the neighboring devices.
  5. 5. The method of claim 1, wherein detecting the presence of neighboring devices comprises manually configuring a device that manages the neighboring devices with location information for each neighboring device.
  6. 6. The method of claim 1, wherein a walkabout is performed to determine the locations of the neighboring devices.
  7. 7. The method of claim 1, wherein saving a representation of each neighboring device present comprises saving a representation of each neighboring device and its determined individual signal strength.
  8. 8. The method of claim 7, wherein receiving a management frame comprises receiving a management frame containing a signal strength indication and a device identifier.
  9. 9. The method of claim 8, further comprising:
    matching said access point identifier from the management frame with one of the neighboring devices;
    comparing the signal strength indication from the received management frame with the determined signal strength of the matched neighboring device; and
    indicating the presence of an unauthorized device if the difference between the signal strength indication and determined signal strength is greater than a threshold amount.
  10. 10. The method of claim 1, wherein saving a representation of each neighboring device comprises storing information describing the physical location of each neighboring device.
  11. 11. The method of claim 1, wherein at least one of the neighboring devices detects and validates radio traffic.
  12. 12. The method of claim 11, wherein validation is performed by detecting a key within a received management frame, the key being unique to one of the neighboring devices.
  13. 13. The method of claim 11, wherein validation is performed by detecting a message integrity check within a received management frame.
  14. 14. The method of claim 11, wherein the detecting neighboring device maintains location information for its neighboring devices and performs validation by determining if a management frame could be received from the device indicated as the source of the management frame.
  15. 15. A wireless local area network managing device, comprising:
    means for detecting the presence of neighboring devices from which management frames can be sent;
    means for saving a representation of each neighboring device present;
    means for receiving a management frame purporting to be from one of the detected device;
    means for determining that the received management frame was sent by an unauthorized device; and
    means for indicating the presence of the unauthorized device.
  16. 16. The wireless local area network managing device of claim 15, wherein neighboring devices comprise access points.
  17. 17. The wireless local area network managing device of claim 15, wherein neighboring devices comprise stations.
  18. 18. A device managed by a wireless local area network managing device, comprising:
    means for detecting the presence of neighboring devices from which management frames can be sent;
    means for saving a representation of each neighboring device present;
    means for receiving a management frame purporting to be from one of the detected device;
    means for determining that the received management frame was sent by an unauthorized device; and
    means for indicating the presence of the unauthorized device.
  19. 19. The device of claim 18, wherein neighboring devices comprise access points.
  20. 20. The device of claim 18, wherein neighboring devices comprise stations.
US11066009 2005-02-25 2005-02-25 Location-based enhancements for wireless intrusion detection Abandoned US20060193299A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11066009 US20060193299A1 (en) 2005-02-25 2005-02-25 Location-based enhancements for wireless intrusion detection

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US11066009 US20060193299A1 (en) 2005-02-25 2005-02-25 Location-based enhancements for wireless intrusion detection
US11188564 US7676216B2 (en) 2005-02-25 2005-07-25 Dynamically measuring and re-classifying access points in a wireless network
CN 200680001658 CN100490569C (en) 2005-02-25 2006-02-06 Method and device for dynamically measuring and re-classifying access points in a wireless network
PCT/US2006/004260 WO2006093634A1 (en) 2005-02-25 2006-02-06 Dynamically measuring and re-classifying access points in a wireless network
EP20060720429 EP1851631A4 (en) 2005-02-25 2006-02-06 Dynamically measuring and re-classifying access points in a wireless network
CN 200680001657 CN101189858B (en) 2005-02-25 2006-02-27 A method for detecting the presence of unauthorized devices in a wireless local area network
EP20060736279 EP1851981B1 (en) 2005-02-25 2006-02-27 Location-based enhancements for wireless intrusion detection
PCT/US2006/006923 WO2006091944A3 (en) 2005-02-25 2006-02-27 Location-based enhancements for wireless intrusion detection

Publications (1)

Publication Number Publication Date
US20060193299A1 true true US20060193299A1 (en) 2006-08-31

Family

ID=36928116

Family Applications (2)

Application Number Title Priority Date Filing Date
US11066009 Abandoned US20060193299A1 (en) 2005-02-25 2005-02-25 Location-based enhancements for wireless intrusion detection
US11188564 Active 2027-12-12 US7676216B2 (en) 2005-02-25 2005-07-25 Dynamically measuring and re-classifying access points in a wireless network

Family Applications After (1)

Application Number Title Priority Date Filing Date
US11188564 Active 2027-12-12 US7676216B2 (en) 2005-02-25 2005-07-25 Dynamically measuring and re-classifying access points in a wireless network

Country Status (4)

Country Link
US (2) US20060193299A1 (en)
EP (1) EP1851981B1 (en)
CN (2) CN100490569C (en)
WO (1) WO2006091944A3 (en)

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070058598A1 (en) * 2005-09-09 2007-03-15 Hon Hai Precision Industry Co., Ltd. Method and system for detecting rogue access points and device for identifying rogue access points
US20070081503A1 (en) * 2005-10-07 2007-04-12 Carl Mower System and method for evaluating operation of a wireless device in a wireless network
US20070142030A1 (en) * 2005-12-19 2007-06-21 Airdefense, Inc. Systems and methods for wireless vulnerability analysis
US20080095137A1 (en) * 2006-10-19 2008-04-24 Shmuel Levy Method and apparatus to provide hidden node protection
US20080188243A1 (en) * 2007-02-02 2008-08-07 Ubiquisys Limited Location of basestation
US20090042557A1 (en) * 2007-02-05 2009-02-12 Wefi, Inc. System and Method For Mapping Wireless Access Points
US20090160696A1 (en) * 2007-12-21 2009-06-25 Ralink Technology Corporation Configurable radar detection and avoidance system for wireless ofdm tranceivers
US20100091670A1 (en) * 2008-10-10 2010-04-15 Ralink Technology (Singapore) Corporation Method and apparatus to allow coeixtence between wireless devices
US20100102926A1 (en) * 2007-03-13 2010-04-29 Syngenta Crop Protection, Inc. Methods and systems for ad hoc sensor network
US20100254298A1 (en) * 2007-10-18 2010-10-07 Lee John C Wireless access system
US20110267977A1 (en) * 2010-05-03 2011-11-03 Nokia Corporation Method and Apparatus for Assisted Network Discovery
US8069483B1 (en) 2006-10-19 2011-11-29 The United States States of America as represented by the Director of the National Security Agency Device for and method of wireless intrusion detection
US20120026887A1 (en) * 2010-07-30 2012-02-02 Ramprasad Vempati Detecting Rogue Access Points
US20120249300A1 (en) * 2011-03-30 2012-10-04 Avital Shlomo Determination of location using rssi and transmit power
US20130305369A1 (en) * 2012-05-14 2013-11-14 Zimperium Detection of threats to networks, based on geographic location
US20140334317A1 (en) * 2013-05-09 2014-11-13 Avaya Inc. Rogue AP Detection
US20150099525A1 (en) * 2013-10-07 2015-04-09 Qualcomm Incorporated Lte-u clear channel assessment operations
US20150319657A1 (en) * 2014-04-30 2015-11-05 Aruba Networks, Inc. Distributed Method for Client Optimization
US20160037363A1 (en) * 2014-07-29 2016-02-04 Qualcomm Incorporated Interference management in a bursty-interference environment
US20160165396A1 (en) * 2013-08-01 2016-06-09 Here Global B.V. Assigning Location Information to Wireless Local Area Network Access Points
US20160165470A1 (en) * 2014-01-28 2016-06-09 Imagination Technologies Limited Proximity Detection
US20160323786A1 (en) * 2015-04-28 2016-11-03 Time Warner Cable Enterprises Llc Neighbor list management and connection control in a network environment
US9503992B2 (en) * 2005-04-04 2016-11-22 Blackberry Limited Determining a target transmit power of a wireless transmission
US20170108574A1 (en) * 2015-10-15 2017-04-20 International Business Machines Corporation Power and network independent locating of a lost device
US9730094B2 (en) 2014-07-29 2017-08-08 Qualcomm Incorporated Bursty-interference-aware interference management
US9755943B2 (en) 2013-08-08 2017-09-05 Cisco Technology, Inc. Location based technique for detecting devices employing multiple addresses

Families Citing this family (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070066308A1 (en) * 2005-09-06 2007-03-22 Oleg Andric Method and apparatus for removing phantom children in an ad-hoc communication system
KR20080040747A (en) * 2005-09-09 2008-05-08 노키아 코포레이션 Use of measurement pilot for radio measurement in a wireless network
US20070091858A1 (en) * 2005-10-24 2007-04-26 Xiaohua Wu Method and apparatus for tracking unauthorized nodes within a network
US7570625B1 (en) * 2006-01-10 2009-08-04 Tw Acquisition, Inc. Detection of wireless devices
RU2400935C2 (en) * 2006-04-25 2010-09-27 Интердиджитал Текнолоджи Корпорейшн Operation of high throughput capacity channel in mesh wireless local network
US8081996B2 (en) * 2006-05-16 2011-12-20 Honeywell International Inc. Integrated infrastructure for coexistence of WI-FI networks with other networks
US8023959B2 (en) * 2006-06-28 2011-09-20 Motorola Mobility, Inc. Method and system for personal area networks
CN101150839B (en) * 2006-09-20 2011-04-06 西门子(中国)有限公司 Scanning method and system in WLAN
WO2008100078A1 (en) * 2007-02-13 2008-08-21 Sk Telecom Co., Ltd. Method for allocating a beacon slot using a beacon table in wireless personal area network (wpan) and wpan device
US8316427B2 (en) 2007-03-09 2012-11-20 International Business Machines Corporation Enhanced personal firewall for dynamic computing environments
US8695081B2 (en) * 2007-04-10 2014-04-08 International Business Machines Corporation Method to apply network encryption to firewall decisions
US8009587B2 (en) * 2007-05-01 2011-08-30 Broadcom Corporation System and method of discovery of wireless control device
US20090016529A1 (en) * 2007-07-11 2009-01-15 Airtight Networks, Inc. Method and system for prevention of unauthorized communication over 802.11w and related wireless protocols
US8799648B1 (en) * 2007-08-15 2014-08-05 Meru Networks Wireless network controller certification authority
US8989764B2 (en) * 2007-09-05 2015-03-24 The University Of Utah Research Foundation Robust location distinction using temporal link signatures
US20090088132A1 (en) * 2007-09-28 2009-04-02 Politowicz Timothy J Detecting unauthorized wireless access points
EP2048829A1 (en) * 2007-10-01 2009-04-15 Alcatel Lucent Beacon and mobile terminal synchronization and method thereof
US8503673B2 (en) 2008-09-11 2013-08-06 University Of Utah Research Foundation Method and system for secret key exchange using wireless link characteristics and random device movement
US8515061B2 (en) * 2008-09-11 2013-08-20 The University Of Utah Research Foundation Method and system for high rate uncorrelated shared secret bit extraction from wireless link characteristics
WO2010030950A3 (en) * 2008-09-12 2010-06-17 University Of Utah Research Foundation Method and system for detecting unauthorized wireless access points using clock skews
US8502728B2 (en) 2008-09-12 2013-08-06 University Of Utah Research Foundation Method and system for tracking objects using radio tomographic imaging
US20100110877A1 (en) * 2008-10-30 2010-05-06 Symbol Technologies, Inc. System and method for failover of mobile units in a wireless network
WO2010133634A1 (en) * 2009-05-20 2010-11-25 Bitsec Ab Wireless intrusion detection
US8750265B2 (en) * 2009-07-20 2014-06-10 Wefi, Inc. System and method of automatically connecting a mobile communication device to a network using a communications resource database
CN101707795B (en) 2009-07-31 2012-05-23 重庆重邮信科通信技术有限公司 Method for eliminating interference between self-organized network base station nodes
US8818288B2 (en) 2010-07-09 2014-08-26 University Of Utah Research Foundation Statistical inversion method and system for device-free localization in RF sensor networks
CN102137413B (en) * 2011-01-30 2013-08-07 华为技术有限公司 Method and device for detecting basic service set identify (BSSID) conflict
US9026099B2 (en) * 2011-12-08 2015-05-05 Apple Inc. Mechanisms to improve mobile device roaming in wireless networks
US9642169B2 (en) * 2012-01-11 2017-05-02 Saguna Networks Ltd. Methods, circuits, devices, systems and associated computer executable code for facilitating access to a content source through a wireless mobile network
CN103220788B (en) * 2012-01-19 2016-08-24 华为技术有限公司 The method for grouping the node, the node and the access point
US20130272164A1 (en) * 2012-04-17 2013-10-17 Econais Ae Systems and methods of wi-fi enabled device configuration
KR101561113B1 (en) * 2012-06-07 2015-10-16 주식회사 케이티 Method of active scanning and connecting based on configuration information
CN103686702A (en) * 2012-08-31 2014-03-26 华为技术有限公司 Data transmission method, access point and site
WO2014056538A1 (en) * 2012-10-11 2014-04-17 Nokia Solutions And Networks Oy Fake base station detection with core network support
CN103118387A (en) * 2012-12-17 2013-05-22 上海寰创通信科技股份有限公司 Lightweight access point (AP) redundancy access control method of active standby mode
CN103997481B (en) * 2013-02-19 2017-07-07 华为终端有限公司 To ensure the validity of the positioning method, apparatus and network system
US9179336B2 (en) 2013-02-19 2015-11-03 Mimosa Networks, Inc. WiFi management interface for microwave radio and reset to factory defaults
EP2974389A4 (en) * 2013-03-15 2016-10-12 Ruckus Wireless Inc Improving distribution of clients across a network
CN103139778B (en) * 2013-03-25 2017-02-08 北京奇虎科技有限公司 Wireless LAN access system and method
GB201312506D0 (en) * 2013-07-12 2013-08-28 Ubiquisys Ltd Classification of a basestation
WO2015008282A1 (en) * 2013-07-15 2015-01-22 Cyberseal Ltd. Network protection
US9485243B2 (en) * 2014-05-23 2016-11-01 Google Inc. Securing a wireless mesh network via a chain of trust
CN104270366B (en) * 2014-09-30 2017-09-29 北京金山安全软件有限公司 A method and apparatus for detecting attacks karma
US9485660B2 (en) * 2015-01-21 2016-11-01 Ciena Corporation Systems and methods to detect and characterize fake cell towers
CN104618923A (en) * 2015-01-22 2015-05-13 杭州华三通信技术有限公司 Method and device for searching wireless access points
US9913201B1 (en) 2015-01-29 2018-03-06 Symantec Corporation Systems and methods for detecting potentially illegitimate wireless access points
US9730075B1 (en) 2015-02-09 2017-08-08 Symantec Corporation Systems and methods for detecting illegitimate devices on wireless networks
US9781604B1 (en) 2015-02-09 2017-10-03 Symantec Corporation Systems and methods for detecting illegitimate devices on wireless networks
US9882931B1 (en) * 2015-02-18 2018-01-30 Symantec Corporation Systems and methods for detecting potentially illegitimate wireless access points
US9781601B1 (en) 2015-06-08 2017-10-03 Symantec Corporation Systems and methods for detecting potentially illegitimate wireless access points
CN106559786A (en) * 2015-09-30 2017-04-05 中兴通讯股份有限公司 Establishing method and device of wireless fidelity WIFI network
US9918224B1 (en) 2015-11-24 2018-03-13 Symantec Corporation Systems and methods for preventing computing devices from sending wireless probe packets
GB201522654D0 (en) * 2015-12-22 2016-02-03 Airties Kablosuz Iletism Sanayi Ve Disticaret As Dynamic channel selection and DFS re-entry

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010032254A1 (en) * 1998-05-29 2001-10-18 Jeffrey C. Hawkins Method and apparatus for wireless internet access
US20040023640A1 (en) * 2002-08-02 2004-02-05 Ballai Philip N. System and method for detection of a rogue wireless access point in a wireless communication network
US6754488B1 (en) * 2002-03-01 2004-06-22 Networks Associates Technologies, Inc. System and method for detecting and locating access points in a wireless network
US20040190718A1 (en) * 2003-03-25 2004-09-30 Dacosta Behram Mario Apparatus and method for location based wireless client authentication
US20040218602A1 (en) * 2003-04-21 2004-11-04 Hrastar Scott E. Systems and methods for dynamic sensor discovery and selection
US20040266533A1 (en) * 2003-04-16 2004-12-30 Gentles Thomas A Gaming software distribution network in a gaming system environment
US20050073979A1 (en) * 2002-05-04 2005-04-07 Instant802 Networks, Inc. Visitor gateway in a wireless network
US20050073980A1 (en) * 2003-09-17 2005-04-07 Trapeze Networks, Inc. Wireless LAN management
US20050128989A1 (en) * 2003-12-08 2005-06-16 Airtight Networks, Inc Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices
US20050174961A1 (en) * 2004-02-06 2005-08-11 Hrastar Scott E. Systems and methods for adaptive monitoring with bandwidth constraints
US20050248452A1 (en) * 1995-03-29 2005-11-10 Medical Tracking Systems, Inc. Wide area multipurpose tracking system
US6990428B1 (en) * 2003-07-28 2006-01-24 Cisco Technology, Inc. Radiolocation using path loss data
US20060068811A1 (en) * 2004-09-24 2006-03-30 Microsoft Corporation Collaboratively locating disconnected clients and rogue access points in a wireless network
US7110756B2 (en) * 2003-10-03 2006-09-19 Cognio, Inc. Automated real-time site survey in a shared frequency band environment
US7286515B2 (en) * 2003-07-28 2007-10-23 Cisco Technology, Inc. Method, apparatus, and software product for detecting rogue access points in a wireless network
US7295524B1 (en) * 2003-02-18 2007-11-13 Airwave Wireless, Inc Methods, apparatuses and systems facilitating management of airspace in wireless computer network environments

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6965674B2 (en) 2002-05-21 2005-11-15 Wavelink Corporation System and method for providing WLAN security through synchronized update and rotation of WEP keys
US7272128B2 (en) 2002-08-30 2007-09-18 Motorola, Inc. Frame selection and distribution unit (SDU) and method for dynamically managing wireless call settings
US7184777B2 (en) * 2002-11-27 2007-02-27 Cognio, Inc. Server and multiple sensor system for monitoring activity in a shared radio frequency band
US8122136B2 (en) 2002-12-18 2012-02-21 Cisco Technology, Inc. Methods and apparatus for providing security to a computerized device
US7339914B2 (en) * 2004-02-11 2008-03-04 Airtight Networks, Inc. Automated sniffer apparatus and method for monitoring computer systems for unauthorized access
US7116988B2 (en) * 2004-03-16 2006-10-03 Airespace, Inc. Location of wireless nodes using signal strength weighting metric

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050248452A1 (en) * 1995-03-29 2005-11-10 Medical Tracking Systems, Inc. Wide area multipurpose tracking system
US20010032254A1 (en) * 1998-05-29 2001-10-18 Jeffrey C. Hawkins Method and apparatus for wireless internet access
US6754488B1 (en) * 2002-03-01 2004-06-22 Networks Associates Technologies, Inc. System and method for detecting and locating access points in a wireless network
US20050073979A1 (en) * 2002-05-04 2005-04-07 Instant802 Networks, Inc. Visitor gateway in a wireless network
US20040023640A1 (en) * 2002-08-02 2004-02-05 Ballai Philip N. System and method for detection of a rogue wireless access point in a wireless communication network
US7295524B1 (en) * 2003-02-18 2007-11-13 Airwave Wireless, Inc Methods, apparatuses and systems facilitating management of airspace in wireless computer network environments
US20040190718A1 (en) * 2003-03-25 2004-09-30 Dacosta Behram Mario Apparatus and method for location based wireless client authentication
US20040266533A1 (en) * 2003-04-16 2004-12-30 Gentles Thomas A Gaming software distribution network in a gaming system environment
US20040218602A1 (en) * 2003-04-21 2004-11-04 Hrastar Scott E. Systems and methods for dynamic sensor discovery and selection
US6990428B1 (en) * 2003-07-28 2006-01-24 Cisco Technology, Inc. Radiolocation using path loss data
US7286515B2 (en) * 2003-07-28 2007-10-23 Cisco Technology, Inc. Method, apparatus, and software product for detecting rogue access points in a wireless network
US20050073980A1 (en) * 2003-09-17 2005-04-07 Trapeze Networks, Inc. Wireless LAN management
US7110756B2 (en) * 2003-10-03 2006-09-19 Cognio, Inc. Automated real-time site survey in a shared frequency band environment
US20050128989A1 (en) * 2003-12-08 2005-06-16 Airtight Networks, Inc Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices
US20050174961A1 (en) * 2004-02-06 2005-08-11 Hrastar Scott E. Systems and methods for adaptive monitoring with bandwidth constraints
US20060068811A1 (en) * 2004-09-24 2006-03-30 Microsoft Corporation Collaboratively locating disconnected clients and rogue access points in a wireless network

Cited By (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9503992B2 (en) * 2005-04-04 2016-11-22 Blackberry Limited Determining a target transmit power of a wireless transmission
US7561554B2 (en) * 2005-09-09 2009-07-14 Hon Hai Precision Industry Co., Ltd. Method and system for detecting rogue access points and device for identifying rogue access points
US20070058598A1 (en) * 2005-09-09 2007-03-15 Hon Hai Precision Industry Co., Ltd. Method and system for detecting rogue access points and device for identifying rogue access points
US20070081503A1 (en) * 2005-10-07 2007-04-12 Carl Mower System and method for evaluating operation of a wireless device in a wireless network
US20070142030A1 (en) * 2005-12-19 2007-06-21 Airdefense, Inc. Systems and methods for wireless vulnerability analysis
US7577424B2 (en) * 2005-12-19 2009-08-18 Airdefense, Inc. Systems and methods for wireless vulnerability analysis
US8069483B1 (en) 2006-10-19 2011-11-29 The United States States of America as represented by the Director of the National Security Agency Device for and method of wireless intrusion detection
US20080095137A1 (en) * 2006-10-19 2008-04-24 Shmuel Levy Method and apparatus to provide hidden node protection
US20140286319A1 (en) * 2006-10-19 2014-09-25 Shmuel Levy Method and apparatus to provide hidden node protection
US8774140B2 (en) * 2006-10-19 2014-07-08 Intel Corporation Method and apparatus to provide hidden node protection
US8626240B2 (en) 2007-02-02 2014-01-07 Ubiquisys Limited Location of basestation
US20080188243A1 (en) * 2007-02-02 2008-08-07 Ubiquisys Limited Location of basestation
US8738033B2 (en) 2007-02-02 2014-05-27 Ubiquisys Limited Location of basestation
US20090042557A1 (en) * 2007-02-05 2009-02-12 Wefi, Inc. System and Method For Mapping Wireless Access Points
US8126476B2 (en) * 2007-02-05 2012-02-28 Wefi, Inc. System and method for mapping wireless access points
US20100102926A1 (en) * 2007-03-13 2010-04-29 Syngenta Crop Protection, Inc. Methods and systems for ad hoc sensor network
US20100254298A1 (en) * 2007-10-18 2010-10-07 Lee John C Wireless access system
US20090160696A1 (en) * 2007-12-21 2009-06-25 Ralink Technology Corporation Configurable radar detection and avoidance system for wireless ofdm tranceivers
US20100091670A1 (en) * 2008-10-10 2010-04-15 Ralink Technology (Singapore) Corporation Method and apparatus to allow coeixtence between wireless devices
US8081615B2 (en) * 2008-10-10 2011-12-20 Mediatek Inc. Method and apparatus to allow coexistence between wireless devices
US20110267977A1 (en) * 2010-05-03 2011-11-03 Nokia Corporation Method and Apparatus for Assisted Network Discovery
US8958401B2 (en) * 2010-05-03 2015-02-17 Nokia Corporation Method and apparatus for assisted network discovery
US20120026887A1 (en) * 2010-07-30 2012-02-02 Ramprasad Vempati Detecting Rogue Access Points
US20120249300A1 (en) * 2011-03-30 2012-10-04 Avital Shlomo Determination of location using rssi and transmit power
US20130305369A1 (en) * 2012-05-14 2013-11-14 Zimperium Detection of threats to networks, based on geographic location
US9503463B2 (en) * 2012-05-14 2016-11-22 Zimperium, Inc. Detection of threats to networks, based on geographic location
US9178896B2 (en) * 2013-05-09 2015-11-03 Avaya Inc. Rogue AP detection
US9723488B2 (en) 2013-05-09 2017-08-01 Avaya Inc. Rogue AP detection
US20140334317A1 (en) * 2013-05-09 2014-11-13 Avaya Inc. Rogue AP Detection
US9872144B2 (en) * 2013-08-01 2018-01-16 Here Global B.V. Assigning location information to wireless local area network access points
US20160165396A1 (en) * 2013-08-01 2016-06-09 Here Global B.V. Assigning Location Information to Wireless Local Area Network Access Points
US9730019B2 (en) * 2013-08-01 2017-08-08 Here Global B.V. Assigning location information to wireless local area network access points
US20170303087A1 (en) * 2013-08-01 2017-10-19 Here Global B.V. Assigning Location Information to Wireless Local Area Network Access Points
US9755943B2 (en) 2013-08-08 2017-09-05 Cisco Technology, Inc. Location based technique for detecting devices employing multiple addresses
US9763225B2 (en) * 2013-10-07 2017-09-12 Qualcomm Incorporated LTE-U clear channel assessment operations
US20150099525A1 (en) * 2013-10-07 2015-04-09 Qualcomm Incorporated Lte-u clear channel assessment operations
US20160165470A1 (en) * 2014-01-28 2016-06-09 Imagination Technologies Limited Proximity Detection
US20160192281A1 (en) * 2014-04-30 2016-06-30 Aruba Networks, Inc. Distributed method for client optimization
US9544840B2 (en) * 2014-04-30 2017-01-10 Aruba Networks, Inc. Distributed method for client optimization
US20150319657A1 (en) * 2014-04-30 2015-11-05 Aruba Networks, Inc. Distributed Method for Client Optimization
US9357458B2 (en) * 2014-04-30 2016-05-31 Aruba Networks, Inc. Distributed method for client optimization
US9730094B2 (en) 2014-07-29 2017-08-08 Qualcomm Incorporated Bursty-interference-aware interference management
US20160037363A1 (en) * 2014-07-29 2016-02-04 Qualcomm Incorporated Interference management in a bursty-interference environment
US20160323786A1 (en) * 2015-04-28 2016-11-03 Time Warner Cable Enterprises Llc Neighbor list management and connection control in a network environment
US9823333B2 (en) * 2015-10-15 2017-11-21 International Business Machines Corporation Power and network independent locating of a lost device
US20170108574A1 (en) * 2015-10-15 2017-04-20 International Business Machines Corporation Power and network independent locating of a lost device

Also Published As

Publication number Publication date Type
US7676216B2 (en) 2010-03-09 grant
EP1851981A2 (en) 2007-11-07 application
CN100490569C (en) 2009-05-20 grant
CN101189858A (en) 2008-05-28 application
US20060193284A1 (en) 2006-08-31 application
WO2006091944A3 (en) 2008-01-17 application
CN101099134A (en) 2008-01-02 application
EP1851981B1 (en) 2013-04-10 grant
EP1851981A4 (en) 2011-01-19 application
CN101189858B (en) 2015-09-09 grant
WO2006091944A2 (en) 2006-08-31 application

Similar Documents

Publication Publication Date Title
Baccour et al. Radio link quality estimation in wireless sensor networks: A survey
Adya et al. Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks
Sheng et al. Detecting 802.11 MAC layer spoofing using received signal strength
US7248858B2 (en) Visitor gateway in a wireless network
Sheth et al. MOJO: A distributed physical layer anomaly detection system for 802.11 WLANs
US6675012B2 (en) Apparatus, and associated method, for reporting a measurement summary in a radio communication system
US7346338B1 (en) Wireless network system including integrated rogue access point detection
US7715800B2 (en) Systems and methods for wireless intrusion detection using spectral analysis
US20150237519A1 (en) Cloud controller for self-optimized networks
US20070064655A1 (en) Techniques to provide measurement pilot transmission information in wireless networks
US20110130144A1 (en) Handoff in a self-configuring communication system
US20050124335A1 (en) Wireless communication method and apparatus for implementing access point startup and initial channel selection processes
US20070072638A1 (en) Protocol extension for a high density network
US20100008285A1 (en) Communication apparatus
US7039017B2 (en) System and method for detecting and locating interferers in a wireless communication system
US20090296635A1 (en) Method and apparatus for base stations and their provisioning, management, and networking
US20030040319A1 (en) Dynamic frequency selection in a wireless communication network
US20060067226A1 (en) End-point based approach for determining network status in a wireless local area network
US20060068769A1 (en) Detecting and diagnosing performance problems in a wireless network through neighbor collaboration
US7313113B1 (en) Dynamic transmit power configuration system for wireless network environments
US20130182652A1 (en) Methods and apparatus in a wireless network
US20060019663A1 (en) Robust and fast handover in a wireless local area network
US20080119130A1 (en) Systems and methods for proactively enforcing a wireless free zone
Han et al. A timing-based scheme for rogue AP detection
US20130077505A1 (en) Method And Apparatus For Using Received Signal Strength Indicator (RSSI) Filtering To Provide Air-Time Optimization In Wireless Networks

Legal Events

Date Code Title Description
AS Assignment

Owner name: CISCO TECHNOLOGY, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WINGET, NANCY CAM;KRISCHER, MARK;OLSON, TIMOTHY S.;AND OTHERS;REEL/FRAME:016338/0975;SIGNING DATES FROM 20050223 TO 20050225