WO2021240054A1 - An apparatus for monitoring traffic in a wireless local access network - Google Patents

An apparatus for monitoring traffic in a wireless local access network Download PDF

Info

Publication number
WO2021240054A1
WO2021240054A1 PCT/FI2021/050367 FI2021050367W WO2021240054A1 WO 2021240054 A1 WO2021240054 A1 WO 2021240054A1 FI 2021050367 W FI2021050367 W FI 2021050367W WO 2021240054 A1 WO2021240054 A1 WO 2021240054A1
Authority
WO
WIPO (PCT)
Prior art keywords
monitoring
rules
wireless access
access devices
traffic
Prior art date
Application number
PCT/FI2021/050367
Other languages
French (fr)
Inventor
Jos GEORGE
Dominique Chiaroni
Original Assignee
Nokia Solutions And Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Solutions And Networks Oy filed Critical Nokia Solutions And Networks Oy
Publication of WO2021240054A1 publication Critical patent/WO2021240054A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/11Arrangements specific to free-space transmission, i.e. transmission through air or vacuum
    • H04B10/114Indoor or close-range type systems
    • H04B10/116Visible light communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/0816Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level

Definitions

  • Various example embodiments relate to monitoring traffic in a wireless local access network.
  • Capabilities of communication networks will create more confidential data to get digitized and flow through the data communication network. Not only more and more humans are getting connected through communication networks, but also devices, e.g. machines, robots, AI enabled devices, will be using networks, e.g. 5G end-to-end network, for their critical communications. It is highly challenging to ensure the security of the data.
  • an apparatus coupled to one or more wireless access devices and a backbone network comprising at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least: monitoring traffic to and/or from one or more user devices served by the one or more wireless access devices.
  • a method comprising: monitoring, by an apparatus coupled to one or more wireless access devices and a backbone network, traffic to and/or from one or more user devices served by the one or more wireless access devices.
  • a non-transitory computer readable medium comprising program instructions that, when executed by at least one processor, cause an apparatus to perform at least: monitoring, by an apparatus coupled to one or more wireless access devices and a backbone network, traffic to and/or from one or more user devices served by the one or more wireless access devices.
  • a computer program configured to cause a method in accordance with the second aspect to be performed.
  • FIG. 1 shows, by way of example, transmission and reception of data using wireless light communication
  • Fig. 2 shows, by way of example, a reference diagram for light communication integrated to 802.11 specification
  • FIG. 3 shows, by way of example, a sidecar device coupled with wireless access device
  • FIG. 4 shows, by way of example, a sidecar device coupled with multiple wireless access devices
  • FIG. 5 shows, by way of example, a block diagram of an apparatus
  • FIG. 6 shows, by way of example, a flowchart of a method.
  • Communication networks e.g. 5G and beyond communication networks, enable the digitalization of more confidential and security-critical data.
  • requirements from an indoor communication environment are constantly updating and more security- critical data is getting generated from environments like Industry 4.0 or an enterprise, there is a need to enhance security of wireless communications, e.g. wireless communications in an indoor access network.
  • a sidecar computing node coupled to a wireless access device to monitor, route and/or firewall traffic to and/or from a user device served by the wireless access device.
  • the sidecar computing node may take action on the traffic in the access network level itself before entering the network.
  • a GDPR outlined data protection principle when processing personal data includes e.g. integrity and confidentiality (security). This means that data is to be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
  • a data controller is a person or business who determines the purposes for which, and the way in which, personal data is processed. In many cases, e.g. in the enterprises or factory indoor communication networks, there must be options for data controller to check whether the data originating or terminating to each user is in line with GDPR or other government or company regulations.
  • Zero Trust Security relates to cybersecurity and means that no one is trusted by default from inside or outside the network. In addition, verification is required from everyone trying to gain access to resources on the network.
  • Indoor communication environment may be considered as shared or open. Examples of shared environment are co-working places where people and/or devices from different organisations or companies will do collaborative work. In shared environment, it is important to ensure security of data originated and consumed by each user. [0022] Examples of open environment are malls, retail shops, airports, etc. which is an open indoor communication environment where secure wireless communication of each user have to be guaranteed.
  • Light communication (LC) technologies or optical wireless communications (OWC) is a form of optical communication in which a signal is carried by light, e.g. visible, infrared (IR) or ultraviolet (UV) light.
  • Light communication technologies such as Light Fidelity (LiFi) or Free Space Optics (FSO), may be used to secure point-to-point wireless connectivity in the indoor network with its physical properties of smaller cell radius due to its high frequency.
  • LiFi exploiting e.g. IR or visible light e.g. typically wavelength range from 350 nm to 950 nm or higher
  • Light communication technologies will enhance the zero trust security by providing secured point-to point communications for a user accessing to a network.
  • encryption may be enforced by using any standard encryption techniques currently used in other techniques, such as WiFi and other radio wave techniques.
  • Light communication technologies e.g. LiFi
  • LiFi Light communication technologies
  • LiFi light communication technologies
  • 8K TV the support of 8K TV
  • gaming with sub-ms latencies while guaranteeing enough bandwidth for other applications in a secured way.
  • LiFi Light Fidelity
  • FSO Free-space Optics
  • OOCC Optical Camera Communications
  • LiFi is defined as an optical wireless broadband access technology, exploiting modulated light emitting diodes (LEDs) as transmitters and photodetectors (PDs) as receivers.
  • LEDs modulated light emitting diodes
  • PDs photodetectors
  • LiFi mainly uses the visible and IR light spectrum for data transmission and provides bi-directional (transmit and receive) capabilities.
  • LiFi is able to support uplink and downlink in a point-to-point or point-to-multipoint topology.
  • LiFi extends the concept of visible light communication (VLC) to achieve high speed, bi-directional and fully networked optical wireless communications.
  • VLC visible light communication
  • LiFi transmission speed may be in the 10 Mbps-Multiple Gbps range with LED lighting and may reach more than 5 Gbps with new generations of Solid-State Lighting devices.
  • Fig. 1 shows, by way of example, transmission and reception of data using wireless light communication.
  • Uplink data 115 and downlink data 135 may be transmitted between transceiver circuitries 150, 160 using light, e.g. infrared light.
  • a photodetector (PD) may be used as receiver 120, 140 for the reception of the data.
  • a LED e.g. infrared LED, may be used as transmitter 110, 130 for transmission of the data.
  • Infrared LED bulbs are semiconductor devices, which means that the brightness of the light flowing through them may be modulated at extremely high speeds. This allows sending a signal by modulating the light at different rates. The signal may then be received by a PD receiver which converts photons into electrons.
  • the FSO technology is very similar to the LiFi technology.
  • the main difference is that the source is a laser diode and not a LED.
  • the beam is smaller, and the bit rate may be potentially higher.
  • the OCC technology is unidirectional, and the bit rate is limited to few kbit/s. OCC technology enables exploiting the cameras of smart phones to offer new services like advertising, indoor positioning or messaging.
  • LC technologies e.g. LiFi
  • Wireless communication using light cannot be jammed by a radio jammer.
  • LC may be considered inherently secure, since light does not penetrate walls and eliminates the risk of the signal leakage due to eavesdropping unlike in case of radio transmission technologies, such as WiFi.
  • Light is having higher frequency (several hundreds of THz) than radio waves (GHz) which causes the light to radiate in a confined place.
  • Field of view of the LED light may be adjusted to further reduce the cell radius and to do a more pointed transmission. This may further reduce the risk of eavesdropping.
  • Standard encryption techniques e.g. Advanced Encryption Standard (AES)
  • cryptographic protocols e.g. Transport Layer Security (TLS)
  • TLS Transport Layer Security
  • FIG. 2 shows, by way of example, a reference diagram for light communication integrated to 802.11 specification.
  • 802.11 MAC 210 may integrate 240 existing PHY for LC 220 and LC optimized PHY 230.
  • One medium access control (MAC) and several physical layer (PHY) specifications may be defined for light-based wireless connectivity for fixed, portable, and moving stations within a local area network.
  • MAC medium access control
  • PHY physical layer
  • the IEEE 802.15.13 Multi-Gigabit/s Optical Wireless Communications Task Group defines a Physical (PHY) and Media Access Control (MAC) layer using light wavelengths from 10,000 nm to 190 nm in optically transparent media for optical wireless communications.
  • the standard can deliver data rates up to 10 Gbit/s at distances in the range of 200 meters unrestricted line of sight.
  • LC access device(s) e.g. LiFi access devices
  • installed as part of that heterogeneous indoor network can be tuned to offer secure point-to-point wireless connectivity to the user.
  • an apparatus may e.g. monitor, analyse, control, route and firewall at the access level the traffic from and/or to those users served by the LC access device.
  • the apparatus may be coupled with each LC access device serving the user(s).
  • the apparatus may be considered as a sidecar device that improves security of the traffic originating from point-to-point wireless access, e.g. LiFi access together with an opportunity for the data controller or the administrator of the network to analyse and apply data security rules to the traffic to and/or from each user at the access network level itself before entering the backbone network.
  • Fig. 3 shows, by way of example, a sidecar device 310 coupled with wireless access device 320.
  • the wireless access device 320 may be a light communication (LC) access device.
  • the LC access device may be any generic light-based wireless communication device, e.g. LiFi access device.
  • the wireless access device 320 serves a user device 330 or a machine, e.g. internet of things (IoT) machine.
  • the user device and/or the machine is equipped with a transceiver, e.g. a LiFi transceiver or FSO transceiver.
  • the bi-directional wireless communication may be, for example, over light.
  • LC e.g. LiFi
  • the wireless access device 320 may be a radio access device.
  • the wireless access device may be any generic high frequency radio access device that is capable of point-to-point connectivity, and/or that radiates in a smaller cell radius.
  • the LC access device has a sidecar device 310, or a generic computing or processing node, coupled with it.
  • the connection 315 may be implemented e.g. via any standard data connectivity technology fulfilling bandwidth and latency requirements to serve the user.
  • the sidecar device 310 is configured to monitor traffic to and/or from a user device 330 served by the wireless access device 320, e.g. LC access device.
  • Point-to-point transmission e.g. LiFI point-to-point transmission
  • Controller or administrator of the network to thoroughly monitor the traffic to and/or from each user at the access level itself before entering the backbone network, and apply policy to the traffic according to the security requirement.
  • One end of the sidecar device 310 is connected to one or more wireless access devices 320, e.g. LC access devices, and one end is connected 350 to the backbone network.
  • wireless access devices 320 e.g. LC access devices
  • the sidecar device 310 is a computing node which may be e.g. a small computing device with required amount of computing resources.
  • the sidecar device may comprise software functions for handling policies associated with monitoring, logging and fire walling traffic originating from a user device and traffic transmitted to a user device.
  • the sidecar device may be, for example, part of a distributed computing cluster installed in an enterprise.
  • the sidecar device may apply intrusion detection techniques such as signature-based detection, statistical anomaly-based detection and/or stateful protocol analysis detection.
  • the sidecar device 310 may be in proximity with the LC access device.
  • the sidecar device may be e.g. physically separated from the LC access point but paired with the LC access point.
  • the physical separation may reduce the overall attack surface and increase the flexibility so that the sidecar device may be independently reconfigured.
  • the reconfiguration may be performed e.g. by the controller of the network as per a change in the security policy in the network, without affecting the LC access device.
  • the sidecar device keeps the security rules for the network updated and intact. Since the sidecar device is reconfigurable, the controller or administrator of the network may apply new security policies on demand in more granular way up to per user level.
  • the configuration logs may be stored by the apparatus, e.g. to a storage 525.
  • the sidecar device 310 may act as an assist entity to the LC access device to analyse and make discussions on the traffic originating and/or terminating to each user at the access network level itself.
  • the sidecar device provides a technical option for the data controller in the network to monitor the data originating from the users in the coverage of LC access device in a faster and more granular way up to per user level.
  • use of the sidecar device enables cleaner physical separation of user’s data for monitoring and processing.
  • Use of the sidecar device enables increasing overall security of wireless communication, e.g. of indoor wireless communication.
  • Data to and/or from the user device may be monitored by the sidecar device, or by the network controller at the sidecar device, and if malicious action, e.g. attack(s), is detected, needed firewalling and/or traffic routing policies may be applied.
  • malicious action e.g. attack(s)
  • needed firewalling and/or traffic routing policies may be applied.
  • Users under the wireless access may be considered as a compartment or a zone.
  • the sidecar device may detect an attack, e.g. a cyber-attack.
  • an attack e.g. a cyber-attack.
  • a user or a specific compartment of users may be isolated by switching off the wireless connectivity to the user.
  • a sidecar device 310 enables the administrator or controller of the network to customize cybersecurity to per-user level in the access network itself independent of the user device 330 by applying data traffic and firewall rules in the sidecar device 310 associated with the wireless access device 320, e.g.
  • LC access device e.g. a point-to-point access or LiFi access
  • security risk is reduced as each user device is associated with wireless access, e.g. a point-to-point access or LiFi access, and appropriate firewalling may be applied to that user, even though user failed to apply security software update suggested by the controller of the network.
  • a user device 330 is constrained to handle cryptographic authentication mechanism.
  • the LC access device coupled with a sidecar device may encrypt the data received from the user device and forward it to the cloud for processing. Since LiFi enables establishing point-to-point connection to the user device rather than radiating in larger cell radius, eavesdropping of the traffic during the wireless transmission between the user device and the LC access device is very difficult for an adversary trying to steal the critical data generated by the user.
  • the sidecar device may be associated with one or more wireless access devices, e.g. LC access devices.
  • Fig. 4 shows, by way of example, a sidecar device 410 coupled with multiple wireless access devices 420, 421.
  • the wireless access devices may be LC access devices, e.g. LiFi access devices or radio access devices that are capable of point-to-point connectivity, and/or that radiate in a smaller cell radius. Let us consider in the example of Fig. 4 that the wireless access devices 420, 421 are LC access devices.
  • the sidecar device 410 may be coupled with the wireless access device 420, 421 through an interconnection network 415.
  • the interconnection network 415 may be based on e.g. tree, bus, ring, or mesh topology.
  • the sidecar device 410 is connected 450 to the backbone network.
  • a first LC access device 420 serves a first user device 430 or a machine, e.g. IoT machine.
  • the user device 430 and/or the machine is equipped with a transceiver, e.g. a LiFi transceiver or FSO transceiver.
  • a transceiver e.g. a LiFi transceiver or FSO transceiver.
  • a second LC access device 421 serves a second user device 431 or a machine, e.g. IoT machine.
  • the user device 431 and/or the machine is equipped with a transceiver, e.g. a LiFi transceiver or FSO transceiver.
  • a transceiver e.g. a LiFi transceiver or FSO transceiver.
  • the sidecar device 410 may be a far edge sidecar device as part of a far edge cloud.
  • the sidecar device may be located in proximity with or near to LC access device and connected to multiple LC access devices each serving one or more users.
  • Sidecar device or computing node associated with wireless access may be considered as an extension of a far edge computing infrastructure serving an indoor network which will in turn communicate with central cloud.
  • Security policies related to the sidecar device may be received or get injected from a policy server in the central cloud.
  • FIG. 5 shows, by way of example, an apparatus capable of e.g. monitoring traffic in a wireless local access network.
  • device 500 which may comprise, for example, a computer or generic computing device, such as a sidecar device 310 of Fig. 3 or a sidecar device 410 of Fig. 4.
  • processor 510 which may comprise, for example, a single- or multi-core processor wherein a single-core processor comprises one processing core and a multi-core processor comprises more than one processing core.
  • Processor 510 may comprise, in general, a control device. Processor 510 may comprise more than one processor. Processor 510 may be a control device.
  • a processing core may comprise, for example, a Cortex-A8 processing core manufactured by ARM Holdings or a Steamroller processing core designed by Advanced Micro Devices Corporation.
  • Processor 510 may comprise at least one Qualcomm Snapdragon and/or Intel Atom processor.
  • Processor 510 may comprise at least one application-specific integrated circuit, ASIC.
  • Processor 510 may comprise at least one field-programmable gate array, FPGA.
  • Processor 510 may be means for performing method steps in device 500.
  • Processor 510 may be configured, at least in part by computer instructions, to perform actions.
  • a processor may comprise circuitry, or be constituted as circuitry or circuitries, the circuitry or circuitries being configured to perform phases of methods in accordance with example embodiments described herein.
  • circuitry may refer to one or more or all of the following: (a) hardware-only circuit implementations, such as implementations in only analog and/or digital circuitry, and (b) combinations of hardware circuits and software, such as, as applicable: (i) a combination of analog and/or digital hardware circuit(s) with software/firmware and (ii) any portions of hardware processor(s) with software (including digital signal processor(s)), software, and memory(ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) and (c) hardware circuit(s) and or processor(s), such as a microprocessor(s) or a portion of a microprocessor(s), that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.
  • firmware firmware
  • circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware.
  • circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
  • Device 500 may comprise memory 520.
  • Memory 520 may comprise random- access memory and/or permanent memory.
  • Memory 520 may comprise at least one RAM chip.
  • Memory 520 may comprise solid-state, magnetic, optical and/or holographic memory, for example.
  • Memory 520 may be at least in part accessible to processor 510.
  • Memory 520 may be at least in part comprised in processor 510.
  • Memory 520 may be means for storing information.
  • Memory 520 may comprise computer instructions that processor 510 is configured to execute. When computer instructions configured to cause processor 510 to perform certain actions are stored in memory 520, and device 500 overall is configured to run under the direction of processor 510 using computer instructions from memory 520, processor 510 and/or its at least one processing core may be considered to be configured to perform said certain actions.
  • Memory 520 may be at least in part comprised in processor 510. Memory 520 may be at least in part external to device 500 but accessible to device 500.
  • the device 500 may comprise storage 525, e.g. a solid-state drive (SSD), to store e.g. minimal configuration logs, etc.
  • SSD solid-state drive
  • Device 500 may comprise a transmitter 530.
  • Device 500 may comprise a receiver 540.
  • Transmitter 530 and receiver 540 may be configured to transmit and receive, respectively, information in accordance with at least one cellular or non-cellular standard.
  • Transmitter 530 may comprise more than one transmitter.
  • Receiver 540 may comprise more than one receiver.
  • Transmiter 530 and/or receiver 540 may be configured to operate in accordance with global system for mobile communication, GSM, wideband code division multiple access, WCDMA, 5G, long term evolution, LTE, IS-95, wireless local area network, WLAN, Ethernet and/or worldwide interoperability for microwave access, WiMAX, standards, for example.
  • Device 500 may comprise a near-field communication, NFC, transceiver 550.
  • NFC transceiver 550 may support at least one NFC technology, such as NFC, Bluetooth, Wibree or similar technologies.
  • Device 500 may comprise user interface, UI, 560.
  • UI 560 may comprise at least one of a display, a keyboard, a touchscreen, a speaker and a microphone.
  • a user may be able to operate device 500 via UI 560, for example to reconfigure the device, set and/or update monitoring rules, browse the Internet, to manage digital files stored in memory 520 or on a cloud accessible via transmitter 530 and receiver 540, or via NFC transceiver 550.
  • Processor 510 may be furnished with a transmitter arranged to output information from processor 510, via electrical leads internal to device 500, to other devices comprised in device 500.
  • a transmitter may comprise a serial bus transmitter arranged to, for example, output information via at least one electrical lead to memory 520 for storage therein.
  • the transmitter may comprise a parallel bus transmitter.
  • processor 510 may comprise a receiver arranged to receive information in processor 510, via electrical leads internal to device 500, from other devices comprised in device 500.
  • Such a receiver may comprise a serial bus receiver arranged to, for example, receive information via at least one electrical lead from receiver 540 for processing in processor 510.
  • the receiver may comprise a parallel bus receiver.
  • Fig. 6 shows, by way of example, a flowchart of a method.
  • the method may be performed e.g. by the apparatus of Fig. 5 which may be e.g. the sidecar device 310 of Fig. 3 or the sidecar device 410 of Fig. 4.
  • the method 600 comprises monitoring 610 traffic to and/or from one or more user devices served by the one or more wireless access devices.
  • the steps 620 and 630 are drawn using dashed lines and these steps may be comprised in the method 600.
  • the method 600 may comprise detecting 620 an attack based on monitoring.
  • the method 600 may comprise causing 630 switching off a wireless connection to the user served by the one or more wireless access devices relating to the detected attack.
  • the sidecar device may perform other actions in response to detecting an attack.
  • the sidecar may prevent the traffic originating from the user device from entering to the backbone network.
  • the sidecar device is able to take action on the traffic in the access network level itself.

Abstract

There is provided an apparatus coupled to one or more wireless access devices and a backbone network comprising at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least: monitoring traffic to and/or from one or more user devices served by the one or more wireless access devices.

Description

An apparatus for monitoring traffic in a wireless local access network
FIELD
[0001] Various example embodiments relate to monitoring traffic in a wireless local access network.
BACKGROUND
[0002] Capabilities of communication networks, e.g. 5G and beyond networks, will create more confidential data to get digitized and flow through the data communication network. Not only more and more humans are getting connected through communication networks, but also devices, e.g. machines, robots, AI enabled devices, will be using networks, e.g. 5G end-to-end network, for their critical communications. It is highly challenging to ensure the security of the data.
[0003] Thus, there is a need to enhance security of wireless communications in a wireless local access network. SUMMARY
[0004] According to some aspects, there is provided the subject-matter of the independent claims. Some example embodiments are defined in the dependent claims. The scope of protection sought for various example embodiments is set out by the independent claims. The example embodiments and features, if any, described in this specification that do not fall under the scope of the independent claims are to be interpreted as examples useful for understanding various example embodiments.
[0005] According to a first aspect, there is provided an apparatus coupled to one or more wireless access devices and a backbone network comprising at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least: monitoring traffic to and/or from one or more user devices served by the one or more wireless access devices. [0006] According to a second aspect, there is provided a method comprising: monitoring, by an apparatus coupled to one or more wireless access devices and a backbone network, traffic to and/or from one or more user devices served by the one or more wireless access devices. [0007] According to a third aspect, there is provided a non-transitory computer readable medium comprising program instructions that, when executed by at least one processor, cause an apparatus to perform at least: monitoring, by an apparatus coupled to one or more wireless access devices and a backbone network, traffic to and/or from one or more user devices served by the one or more wireless access devices. [0008] According to a fourth aspect, there is provided a computer program configured to cause a method in accordance with the second aspect to be performed.
BRIEF DESCRIPTION OF THE DRAWINGS
[0009] Fig. 1 shows, by way of example, transmission and reception of data using wireless light communication; [0010] Fig. 2 shows, by way of example, a reference diagram for light communication integrated to 802.11 specification;
[0011] Fig. 3 shows, by way of example, a sidecar device coupled with wireless access device;
[0012] Fig. 4 shows, by way of example, a sidecar device coupled with multiple wireless access devices;
[0013] Fig. 5 shows, by way of example, a block diagram of an apparatus; and
[0014] Fig. 6 shows, by way of example, a flowchart of a method.
DETAIFED DESCRIPTION
[0015] Communication networks, e.g. 5G and beyond communication networks, enable the digitalization of more confidential and security-critical data. As requirements from an indoor communication environment are constantly updating and more security- critical data is getting generated from environments like Industry 4.0 or an enterprise, there is a need to enhance security of wireless communications, e.g. wireless communications in an indoor access network. There is provided a sidecar computing node coupled to a wireless access device to monitor, route and/or firewall traffic to and/or from a user device served by the wireless access device. The sidecar computing node may take action on the traffic in the access network level itself before entering the network.
[0016] Government security regulations, e.g. General Data Protection Regulation (GDPR), and regulations of the National Security Authority, etc. are getting updated with new rules. This clearly shows it is important to secure the data originating from or terminating to a user, e.g. a human user or a machine user.
[0017] A GDPR outlined data protection principle when processing personal data includes e.g. integrity and confidentiality (security). This means that data is to be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
[0018] A data controller is a person or business who determines the purposes for which, and the way in which, personal data is processed. In many cases, e.g. in the enterprises or factory indoor communication networks, there must be options for data controller to check whether the data originating or terminating to each user is in line with GDPR or other government or company regulations.
[0019] Currently used indoor wireless communication techniques like WiFi are radiating in a larger cell radius and many people are sharing the signal from the same WiFi access point. Provision of wireless connectivity which can create a point-to-point link between the user device and access point will enhance the security of the wireless transmission in a heterogeneous indoor communication network.
[0020] Zero Trust Security relates to cybersecurity and means that no one is trusted by default from inside or outside the network. In addition, verification is required from everyone trying to gain access to resources on the network.
[0021] Indoor communication environment may be considered as shared or open. Examples of shared environment are co-working places where people and/or devices from different organisations or companies will do collaborative work. In shared environment, it is important to ensure security of data originated and consumed by each user. [0022] Examples of open environment are malls, retail shops, airports, etc. which is an open indoor communication environment where secure wireless communication of each user have to be guaranteed.
[0023] Using wireless communication medium in apartments where people live cannot be considered as secure, because typical wireless radio medium commonly used in apartments, e.g. WiFi, uses radio waves that may radiate outside the apartment.
[0024] Light communication (LC) technologies or optical wireless communications (OWC) is a form of optical communication in which a signal is carried by light, e.g. visible, infrared (IR) or ultraviolet (UV) light. Light communication technologies, such as Light Fidelity (LiFi) or Free Space Optics (FSO), may be used to secure point-to-point wireless connectivity in the indoor network with its physical properties of smaller cell radius due to its high frequency. For example, LiFi exploiting e.g. IR or visible light (e.g. typically wavelength range from 350 nm to 950 nm or higher) may be used to transmit high speed data in a bidirectional way for point-to-point systems.
[0025] Light communication technologies will enhance the zero trust security by providing secured point-to point communications for a user accessing to a network. On top of the light communication physical medium, encryption may be enforced by using any standard encryption techniques currently used in other techniques, such as WiFi and other radio wave techniques.
[0026] Light communication technologies, e.g. LiFi, may be used to provide secure communications in open and shared environments by ensuring secure peer-to-peer communications .
[0027] In private apartments, light communication technologies, e.g. LiFi, are a good replaceable alternative which may ensure more security as light will not penetrate walls. In addition, LiFi could offer higher bit rates to enable new applications, like the support of 8K TV, the support of gaming with sub-ms latencies, while guaranteeing enough bandwidth for other applications in a secured way.
[0028] Let us consider, as examples, three different categories of OWC technologies: Light Fidelity (LiFi), Free-space Optics (FSO), and Optical Camera Communications (OCC). [0029] LiFi is defined as an optical wireless broadband access technology, exploiting modulated light emitting diodes (LEDs) as transmitters and photodetectors (PDs) as receivers. LiFi mainly uses the visible and IR light spectrum for data transmission and provides bi-directional (transmit and receive) capabilities. LiFi is able to support uplink and downlink in a point-to-point or point-to-multipoint topology. LiFi extends the concept of visible light communication (VLC) to achieve high speed, bi-directional and fully networked optical wireless communications. LiFi transmission speed may be in the 10 Mbps-Multiple Gbps range with LED lighting and may reach more than 5 Gbps with new generations of Solid-State Lighting devices.
[0030] Fig. 1 shows, by way of example, transmission and reception of data using wireless light communication. Uplink data 115 and downlink data 135 may be transmitted between transceiver circuitries 150, 160 using light, e.g. infrared light. A photodetector (PD) may be used as receiver 120, 140 for the reception of the data. A LED, e.g. infrared LED, may be used as transmitter 110, 130 for transmission of the data. For example, when an electrical current is applied to an infrared LED light bulb, a stream of light (photons) is emitted from the bulb. Infrared LED bulbs are semiconductor devices, which means that the brightness of the light flowing through them may be modulated at extremely high speeds. This allows sending a signal by modulating the light at different rates. The signal may then be received by a PD receiver which converts photons into electrons.
[0031] The FSO technology is very similar to the LiFi technology. The main difference is that the source is a laser diode and not a LED. The beam is smaller, and the bit rate may be potentially higher.
[0032] The OCC technology is unidirectional, and the bit rate is limited to few kbit/s. OCC technology enables exploiting the cameras of smart phones to offer new services like advertising, indoor positioning or messaging.
[0033] LC technologies, e.g. LiFi, may be used to increase security in wireless communication. Wireless communication using light cannot be jammed by a radio jammer. LC may be considered inherently secure, since light does not penetrate walls and eliminates the risk of the signal leakage due to eavesdropping unlike in case of radio transmission technologies, such as WiFi. Light is having higher frequency (several hundreds of THz) than radio waves (GHz) which causes the light to radiate in a confined place. Field of view of the LED light may be adjusted to further reduce the cell radius and to do a more pointed transmission. This may further reduce the risk of eavesdropping. Standard encryption techniques, e.g. Advanced Encryption Standard (AES), and cryptographic protocols, e.g. Transport Layer Security (TLS), that are known from radio technologies may be used to secure data transmission in LC.
[0034] A standard for LC is defined in IEEE 802.1 lbb. Fig. 2 shows, by way of example, a reference diagram for light communication integrated to 802.11 specification. 802.11 MAC 210 may integrate 240 existing PHY for LC 220 and LC optimized PHY 230. One medium access control (MAC) and several physical layer (PHY) specifications may be defined for light-based wireless connectivity for fixed, portable, and moving stations within a local area network.
[0035] The IEEE 802.15.13 Multi-Gigabit/s Optical Wireless Communications Task Group defines a Physical (PHY) and Media Access Control (MAC) layer using light wavelengths from 10,000 nm to 190 nm in optically transparent media for optical wireless communications. The standard can deliver data rates up to 10 Gbit/s at distances in the range of 200 meters unrestricted line of sight.
[0036] As computing power is increasing, adverse parties will have more computing power to crack existing cryptographic techniques. Today’s cryptography might not be secure against mathematical attacks. In a cryptographic attack scenario, an adversary can record all the secure data stored in the database and take the data to a safe place of the adversary itself. Later, the adversary may decrypt the data when enough computational power is available to decrypt the data. With arrival of quantum computers, traditional encryption methods may be at risk.
[0037] Today, indoor wireless communication often makes use of radio waves and the network is shared between multiple users. There are some cryptographic techniques that may be used to protect user's data while transmitting it over the air. However, this might not be enough to satisfy with evolving security requirements relating to indoor communication scenarios, e.g. shared or open working environments.
[0038] For example, in an enterprise network, users may access different sets of data inside and outside the organization. External entities may also interact with the users inside the organization. In such an indoor communication scenario LC access device(s), e.g. LiFi access devices, installed as part of that heterogeneous indoor network can be tuned to offer secure point-to-point wireless connectivity to the user.
[0039] There is provided an apparatus that may e.g. monitor, analyse, control, route and firewall at the access level the traffic from and/or to those users served by the LC access device. The apparatus may be coupled with each LC access device serving the user(s). The apparatus may be considered as a sidecar device that improves security of the traffic originating from point-to-point wireless access, e.g. LiFi access together with an opportunity for the data controller or the administrator of the network to analyse and apply data security rules to the traffic to and/or from each user at the access network level itself before entering the backbone network.
[0040] Fig. 3 shows, by way of example, a sidecar device 310 coupled with wireless access device 320. The wireless access device 320 may be a light communication (LC) access device. The LC access device may be any generic light-based wireless communication device, e.g. LiFi access device. The wireless access device 320 serves a user device 330 or a machine, e.g. internet of things (IoT) machine. The user device and/or the machine is equipped with a transceiver, e.g. a LiFi transceiver or FSO transceiver. There is bi-directional wireless transmission 325 between the user device 330 or machine and the wireless access device 320. The bi-directional wireless communication may be, for example, over light. LC, e.g. LiFi, provides secure encrypted point-to-point communication thereby enhancing security in wireless communication. Secure encrypted point-to-point transmission may enhance security of wireless transmission in an open and shared indoor communication environment.
[0041] Instead of the LC access device, the wireless access device 320 may be a radio access device. For example, the wireless access device may be any generic high frequency radio access device that is capable of point-to-point connectivity, and/or that radiates in a smaller cell radius.
[0042] The LC access device has a sidecar device 310, or a generic computing or processing node, coupled with it. The connection 315 may be implemented e.g. via any standard data connectivity technology fulfilling bandwidth and latency requirements to serve the user. The sidecar device 310 is configured to monitor traffic to and/or from a user device 330 served by the wireless access device 320, e.g. LC access device. Point-to-point transmission, e.g. LiFI point-to-point transmission, to the user with associated sidecar device enables controller or administrator of the network to thoroughly monitor the traffic to and/or from each user at the access level itself before entering the backbone network, and apply policy to the traffic according to the security requirement.
[0043] One end of the sidecar device 310 is connected to one or more wireless access devices 320, e.g. LC access devices, and one end is connected 350 to the backbone network.
[0044] The sidecar device 310 is a computing node which may be e.g. a small computing device with required amount of computing resources. The sidecar device may comprise software functions for handling policies associated with monitoring, logging and fire walling traffic originating from a user device and traffic transmitted to a user device. The sidecar device may be, for example, part of a distributed computing cluster installed in an enterprise. The sidecar device may apply intrusion detection techniques such as signature-based detection, statistical anomaly-based detection and/or stateful protocol analysis detection.
[0045] The sidecar device 310 may be in proximity with the LC access device. The sidecar device may be e.g. physically separated from the LC access point but paired with the LC access point. The physical separation may reduce the overall attack surface and increase the flexibility so that the sidecar device may be independently reconfigured. The reconfiguration may be performed e.g. by the controller of the network as per a change in the security policy in the network, without affecting the LC access device. The sidecar device keeps the security rules for the network updated and intact. Since the sidecar device is reconfigurable, the controller or administrator of the network may apply new security policies on demand in more granular way up to per user level. The configuration logs may be stored by the apparatus, e.g. to a storage 525.
[0046] The sidecar device 310 may act as an assist entity to the LC access device to analyse and make discussions on the traffic originating and/or terminating to each user at the access network level itself. The sidecar device provides a technical option for the data controller in the network to monitor the data originating from the users in the coverage of LC access device in a faster and more granular way up to per user level. In addition, use of the sidecar device enables cleaner physical separation of user’s data for monitoring and processing. Use of the sidecar device enables increasing overall security of wireless communication, e.g. of indoor wireless communication.
[0047] Data to and/or from the user device may be monitored by the sidecar device, or by the network controller at the sidecar device, and if malicious action, e.g. attack(s), is detected, needed firewalling and/or traffic routing policies may be applied.
[0048] Users under the wireless access, e.g. LC access, may be considered as a compartment or a zone. While monitoring the traffic, the sidecar device may detect an attack, e.g. a cyber-attack. In response to detecting the attack, a user or a specific compartment of users may be isolated by switching off the wireless connectivity to the user.
[0049] It may be that users do not care about cyber-attacks and may be lazy to follow the rules provided by IT administrator of an enterprise or a controller of the network to keep the network secured. For example, users may be instructed to update software security patches provided by the network administrator, e.g. in bring your own device (BYOD) scenario. BYOD means that users are allowed to use one’s personally owned device, e.g. in open and collaborative indoor communication and working places. However, all the users might not follow the update instructions. In this case, a sidecar device 310 enables the administrator or controller of the network to customize cybersecurity to per-user level in the access network itself independent of the user device 330 by applying data traffic and firewall rules in the sidecar device 310 associated with the wireless access device 320, e.g. LC access device. Thus, in BYOD scenarios security risk is reduced as each user device is associated with wireless access, e.g. a point-to-point access or LiFi access, and appropriate firewalling may be applied to that user, even though user failed to apply security software update suggested by the controller of the network.
[0050] It may be that a user device 330 is constrained to handle cryptographic authentication mechanism. In such a case, the LC access device coupled with a sidecar device may encrypt the data received from the user device and forward it to the cloud for processing. Since LiFi enables establishing point-to-point connection to the user device rather than radiating in larger cell radius, eavesdropping of the traffic during the wireless transmission between the user device and the LC access device is very difficult for an adversary trying to steal the critical data generated by the user. [0051] The sidecar device may be associated with one or more wireless access devices, e.g. LC access devices. Fig. 4 shows, by way of example, a sidecar device 410 coupled with multiple wireless access devices 420, 421. The wireless access devices may be LC access devices, e.g. LiFi access devices or radio access devices that are capable of point-to-point connectivity, and/or that radiate in a smaller cell radius. Let us consider in the example of Fig. 4 that the wireless access devices 420, 421 are LC access devices.
[0052] The sidecar device 410 may be coupled with the wireless access device 420, 421 through an interconnection network 415. The interconnection network 415 may be based on e.g. tree, bus, ring, or mesh topology. The sidecar device 410 is connected 450 to the backbone network.
[0053] A first LC access device 420 serves a first user device 430 or a machine, e.g. IoT machine. The user device 430 and/or the machine is equipped with a transceiver, e.g. a LiFi transceiver or FSO transceiver. There is bi-directional wireless transmission 425 between the first user device 430 or machine and the first LC access device 420.
[0054] A second LC access device 421 serves a second user device 431 or a machine, e.g. IoT machine. The user device 431 and/or the machine is equipped with a transceiver, e.g. a LiFi transceiver or FSO transceiver. There is bi-directional wireless transmission 426 between the second user device 431 or machine and the second LC access device 421.
[0055] The sidecar device 410 may be a far edge sidecar device as part of a far edge cloud. The sidecar device may be located in proximity with or near to LC access device and connected to multiple LC access devices each serving one or more users.
[0056] Sidecar device or computing node associated with wireless access, e.g. LiFi access, may be considered as an extension of a far edge computing infrastructure serving an indoor network which will in turn communicate with central cloud. Security policies related to the sidecar device may be received or get injected from a policy server in the central cloud.
[0057] Computing resources of the sidecar device coupled with the wireless access device may be used by user devices served by the wireless access device. This is beneficial in case where the user device is resource constrained. [0058] Fig. 5 shows, by way of example, an apparatus capable of e.g. monitoring traffic in a wireless local access network. Illustrated is device 500, which may comprise, for example, a computer or generic computing device, such as a sidecar device 310 of Fig. 3 or a sidecar device 410 of Fig. 4. Comprised in device 500 is processor 510, which may comprise, for example, a single- or multi-core processor wherein a single-core processor comprises one processing core and a multi-core processor comprises more than one processing core. Processor 510 may comprise, in general, a control device. Processor 510 may comprise more than one processor. Processor 510 may be a control device. A processing core may comprise, for example, a Cortex-A8 processing core manufactured by ARM Holdings or a Steamroller processing core designed by Advanced Micro Devices Corporation. Processor 510 may comprise at least one Qualcomm Snapdragon and/or Intel Atom processor. Processor 510 may comprise at least one application-specific integrated circuit, ASIC. Processor 510 may comprise at least one field-programmable gate array, FPGA. Processor 510 may be means for performing method steps in device 500. Processor 510 may be configured, at least in part by computer instructions, to perform actions.
[0059] A processor may comprise circuitry, or be constituted as circuitry or circuitries, the circuitry or circuitries being configured to perform phases of methods in accordance with example embodiments described herein. As used in this application, the term “circuitry” may refer to one or more or all of the following: (a) hardware-only circuit implementations, such as implementations in only analog and/or digital circuitry, and (b) combinations of hardware circuits and software, such as, as applicable: (i) a combination of analog and/or digital hardware circuit(s) with software/firmware and (ii) any portions of hardware processor(s) with software (including digital signal processor(s)), software, and memory(ies) that work together to cause an apparatus, such as a mobile phone or server, to perform various functions) and (c) hardware circuit(s) and or processor(s), such as a microprocessor(s) or a portion of a microprocessor(s), that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.
[0060] This definition of circuitry applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example and if applicable to the particular claim element, a baseband integrated circuit or processor integrated circuit for a mobile device or a similar integrated circuit in server, a cellular network device, or other computing or network device.
[0061] Device 500 may comprise memory 520. Memory 520 may comprise random- access memory and/or permanent memory. Memory 520 may comprise at least one RAM chip. Memory 520 may comprise solid-state, magnetic, optical and/or holographic memory, for example. Memory 520 may be at least in part accessible to processor 510. Memory 520 may be at least in part comprised in processor 510. Memory 520 may be means for storing information. Memory 520 may comprise computer instructions that processor 510 is configured to execute. When computer instructions configured to cause processor 510 to perform certain actions are stored in memory 520, and device 500 overall is configured to run under the direction of processor 510 using computer instructions from memory 520, processor 510 and/or its at least one processing core may be considered to be configured to perform said certain actions. Memory 520 may be at least in part comprised in processor 510. Memory 520 may be at least in part external to device 500 but accessible to device 500. The device 500 may comprise storage 525, e.g. a solid-state drive (SSD), to store e.g. minimal configuration logs, etc.
[0062] Device 500 may comprise a transmitter 530. Device 500 may comprise a receiver 540. Transmitter 530 and receiver 540 may be configured to transmit and receive, respectively, information in accordance with at least one cellular or non-cellular standard. Transmitter 530 may comprise more than one transmitter. Receiver 540 may comprise more than one receiver. Transmiter 530 and/or receiver 540 may be configured to operate in accordance with global system for mobile communication, GSM, wideband code division multiple access, WCDMA, 5G, long term evolution, LTE, IS-95, wireless local area network, WLAN, Ethernet and/or worldwide interoperability for microwave access, WiMAX, standards, for example.
[0063] Device 500 may comprise a near-field communication, NFC, transceiver 550. NFC transceiver 550 may support at least one NFC technology, such as NFC, Bluetooth, Wibree or similar technologies. [0064] Device 500 may comprise user interface, UI, 560. UI 560 may comprise at least one of a display, a keyboard, a touchscreen, a speaker and a microphone. A user may be able to operate device 500 via UI 560, for example to reconfigure the device, set and/or update monitoring rules, browse the Internet, to manage digital files stored in memory 520 or on a cloud accessible via transmitter 530 and receiver 540, or via NFC transceiver 550.
[0065] Processor 510 may be furnished with a transmitter arranged to output information from processor 510, via electrical leads internal to device 500, to other devices comprised in device 500. Such a transmitter may comprise a serial bus transmitter arranged to, for example, output information via at least one electrical lead to memory 520 for storage therein. Alternatively to a serial bus, the transmitter may comprise a parallel bus transmitter. Likewise processor 510 may comprise a receiver arranged to receive information in processor 510, via electrical leads internal to device 500, from other devices comprised in device 500. Such a receiver may comprise a serial bus receiver arranged to, for example, receive information via at least one electrical lead from receiver 540 for processing in processor 510. Alternatively to a serial bus, the receiver may comprise a parallel bus receiver.
[0066] Fig. 6 shows, by way of example, a flowchart of a method. The method may be performed e.g. by the apparatus of Fig. 5 which may be e.g. the sidecar device 310 of Fig. 3 or the sidecar device 410 of Fig. 4. The method 600 comprises monitoring 610 traffic to and/or from one or more user devices served by the one or more wireless access devices. The steps 620 and 630 are drawn using dashed lines and these steps may be comprised in the method 600. The method 600 may comprise detecting 620 an attack based on monitoring. The method 600 may comprise causing 630 switching off a wireless connection to the user served by the one or more wireless access devices relating to the detected attack. Instead of or in addition to directly switching off the wireless connection to the user, the sidecar device may perform other actions in response to detecting an attack. For example, the sidecar may prevent the traffic originating from the user device from entering to the backbone network. Thus, the sidecar device is able to take action on the traffic in the access network level itself.

Claims

CLAIMS:
1. An apparatus coupled to one or more wireless access devices and a backbone network comprising at least one processor; and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least: monitoring traffic to and/or from one or more user devices served by the one or more wireless access devices.
2. The apparatus of claim 1, wherein a connection between a user device of the one or more user devices and a wireless access device of the one or more wireless access devices is a point-to-point connection.
3. The apparatus of claim 1 or 2, wherein the apparatus is further caused to perform: detecting an attack based on monitoring; and causing switching off a wireless connection to the user served by the one or more wireless access devices relating to the detected attack.
4. The apparatus of any preceding claim, wherein the apparatus is further caused to perform: receiving monitoring rules; and applying the monitoring rules in monitoring.
5. The apparatus of claim 4, wherein the monitoring rules comprise traffic rules and/or firewall rules.
6. The apparatus of claim 4 or 5, wherein the monitoring rules are customized for a specific user device and the apparatus is further caused to perform applying the customized rules for traffic to and/or from the specific user device.
7. The apparatus of any preceding claim, wherein the apparatus is physically separated from the wireless access point.
8. The apparatus of any preceding claim, wherein the one or more wireless access devices are light communication access devices.
9. The apparatus of any of the claims 1 to 7, wherein the one or more wireless access devices are radio access device capable of point-to-point connectivity and/or that radiate in a smaller cell radius.
10. A method comprising: monitoring, by an apparatus coupled to one or more wireless access devices and a backbone network, traffic to and/or from one or more user devices served by the one or more wireless access devices.
11. The method of claim 10, further comprising detecting an attack based on monitoring; and causing switching off a wireless connection to the user served by the one or more wireless access devices relating to the detected attack.
12. The method of claim 10 or 11, further comprising receiving monitoring rules; and applying the monitoring rules in monitoring.
13. The method of claim 12, wherein the monitoring rules comprise traffic rules and/or firewall rules.
14. The method of claim 12 or 13, wherein the monitoring rules are customized for a specific user device and the method further comprises applying the customized rules for traffic to and/or from the specific user device.
15. A non-transitory computer readable medium comprising program instructions that, when executed by at least one processor, cause an apparatus to perform at least: monitoring, by an apparatus coupled to one or more wireless access devices and a backbone network, traffic to and/or from one or more user devices served by the one or more wireless access devices.
16. The computer readable medium of claim 15 comprising program instructions that, when executed by at least one processor, further cause the apparatus to perform: detecting an attack based on monitoring; and causing switching off a wireless connection to the user served by the one or more wireless access devices relating to the detected attack.
17. The computer readable medium of claim 15 or 16, comprising program instructions that, when executed by at least one processor, further cause the apparatus to perform receiving monitoring rules; and applying the monitoring rules in monitoring.
18. The computer readable medium of claim 17, wherein the monitoring rules comprise traffic rules and/or firewall rules.
19. The computer readable medium of claim 17 or 18, wherein the monitoring rules are customized for a specific user device and the computer readable medium comprises program instructions that, when executed by at least one processor, further cause the apparatus to perform applying the customized rules for traffic to and/or from the specific user device.
20. A computer program configured to cause a method in accordance with at least one of claims 10 to 14 to be performed.
PCT/FI2021/050367 2020-05-27 2021-05-21 An apparatus for monitoring traffic in a wireless local access network WO2021240054A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202041022220 2020-05-27
IN202041022220 2020-05-27

Publications (1)

Publication Number Publication Date
WO2021240054A1 true WO2021240054A1 (en) 2021-12-02

Family

ID=78744144

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2021/050367 WO2021240054A1 (en) 2020-05-27 2021-05-21 An apparatus for monitoring traffic in a wireless local access network

Country Status (1)

Country Link
WO (1) WO2021240054A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090013073A1 (en) * 2004-02-11 2009-01-08 Airtight Networks, Inc. Method and system for detecting wireless access devices operably coupled to computer local area networks and related methods
US7574202B1 (en) * 2006-07-21 2009-08-11 Airsurf Wireless Inc. System and methods for a secure and segregated computer network
WO2016038353A1 (en) * 2014-09-08 2016-03-17 Purelifi Limited Light based wireless security system
US10594734B1 (en) * 2017-04-21 2020-03-17 Palo Alto Networks, Inc. Dynamic per subscriber policy enablement for security platforms within service provider network environments

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090013073A1 (en) * 2004-02-11 2009-01-08 Airtight Networks, Inc. Method and system for detecting wireless access devices operably coupled to computer local area networks and related methods
US7574202B1 (en) * 2006-07-21 2009-08-11 Airsurf Wireless Inc. System and methods for a secure and segregated computer network
WO2016038353A1 (en) * 2014-09-08 2016-03-17 Purelifi Limited Light based wireless security system
US10594734B1 (en) * 2017-04-21 2020-03-17 Palo Alto Networks, Inc. Dynamic per subscriber policy enablement for security platforms within service provider network environments

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KATZ, M. ET AL.: "Opportunities and Challenges for Visible Light Communications in 6G", 2020 2ND 6G WIRELESS SUMMIT (6G SUMMIT, 17 March 2020 (2020-03-17), Levi, Finland, XP033767025, Retrieved from the Internet <URL:https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9083805> DOI: 10.1109/6GSUMMIT49458.2020.9083805 *

Similar Documents

Publication Publication Date Title
Wang et al. Security and privacy in 6G networks: New areas and new challenges
US10630724B2 (en) Systems and methods for network vulnerability assessment and protection of Wi-fi networks using a cloud-based security system
US9544766B2 (en) System and method for authentication and key exchange for a mobile device via spectrally confined wireless communications
US10338191B2 (en) Sensor mesh and signal transmission architectures for electromagnetic signature analysis
Blinowski Security issues in visible light communication systems
US10049213B2 (en) Fog-based distributed malware defense
Salahdine et al. Security in 5G and beyond recent advances and future challenges
US11546150B2 (en) Secure scalable link key distribution using bootsrapping
Blinowski Practical aspects of physical and MAC layer security in visible light communication systems
Gupta et al. Exploring secure visible light communication in next-generation (6G) internet-of-things
US10985861B2 (en) Energy-efficient reactive jamming of frequency-hopping spread spectrum (FHSS) signals using software-defined radios
Zhang et al. The security in optical wireless communication: A survey
US10193226B2 (en) Wireless communication apparatus, wireless communication method, and wireless communication system
KR20220049195A (en) Single Photon Detector and Driving Method thereof
WO2021240054A1 (en) An apparatus for monitoring traffic in a wireless local access network
Soudgar et al. Li-Fi: An infallible standard for future indoor communication
Lata et al. Communication technologies, smart home solution and security trends in Internet of Things
Suduwella et al. Visible light communication based authentication protocol designed for location based network connectivity
Hadi Types of Attacks in Wireless Communication Networks
KR101936235B1 (en) The quantum security authorization home panel
Ramadhani A Mini Review of Lifi Technology: Security Issue
US11784973B2 (en) Edge-based enterprise network security appliance and system
US20230413053A1 (en) Wireless intrusion prevention
KR20180109652A (en) The CCTV monitoring system by certifying security system with mixed quantum random numbers and pseudo random numbers
Alfaw et al. 5G security threats

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21812781

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21812781

Country of ref document: EP

Kind code of ref document: A1