Method for wireless network security exposure visualization and scenario analysis

US 20060070113A1
Filed: 10/20/2004
Published: 03/30/2006
Est. Priority Date: 09/16/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing a security exposure analysis of one or more wireless networks within a selected local geographic region using at least one security exposure representation, the method comprising:

providing a selected geographic region, the selected geographic region comprising a layout;

generating a computer model of the selected local geographic region including the layout;

inputting information associated with one or more components of a wireless network into the computer model, the one or more components including at least one or more sniffer devices;

determining signal intensity characteristics of the one or more components of the wireless network over at least a portion of the selected geographic region using the computer model;

generating security information associated with a security exposure view using at least the signal intensity characteristics of the one or more components; and

displaying the security exposure view on a display, the security exposure view being an ability of at least one of the sniffer devices to detect at least one intruder in at least the portion of the selected geographic region.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to an embodiment of the present invention, security exposure analysis of wireless network within a selected local geographic area is provided. A computer model of the selected local geographic region comprising a layout is generated. Information regarding wireless network components is provided to the computer model. Using the computer model, signal intensity characteristics of at least one of the wireless network components are determined over at least a portion of the selected geographic region. Based at least on the signal intensity characteristics, security exposure information associated with the wireless network is determined. The security exposure information is graphically displayed on the computer screen in relation to the layout of the selected geographic region. The security exposure information includes sniffer detection and prevention coverage, access point vulnerability regions, and signal uncertainty and variability views.

42 Citations

View as Search Results

80 Claims

1. A method for providing a security exposure analysis of one or more wireless networks within a selected local geographic region using at least one security exposure representation, the method comprising:
- providing a selected geographic region, the selected geographic region comprising a layout;
  
  generating a computer model of the selected local geographic region including the layout;
  
  inputting information associated with one or more components of a wireless network into the computer model, the one or more components including at least one or more sniffer devices;
  
  determining signal intensity characteristics of the one or more components of the wireless network over at least a portion of the selected geographic region using the computer model;
  
  generating security information associated with a security exposure view using at least the signal intensity characteristics of the one or more components; and
  
  displaying the security exposure view on a display, the security exposure view being an ability of at least one of the sniffer devices to detect at least one intruder in at least the portion of the selected geographic region.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 73)
- - 2. The method of claim 1 wherein the layout comprises a floor plan including one or more walls and one or more entrances.
  - 3. The method of claim 1 wherein the layout comprises an outside view of a selected outdoor region.
  - 4. The method of claim 1 wherein the security exposure view further providing an ability of at least one of the sniffer devices to prevent the at least one intruder from accessing the wireless network.
  - 5. The method of claim 4 wherein the ability of the at least one sniffer device to prevent the one intruder corresponds to a prevention area of coverage for a prevention process.
  - 6. The method of claim 5 wherein the ability to detect the at least one intruder corresponds to a detection area of coverage.
  - 7. The method of claim 6 wherein the detection area is larger than the prevention area.
  - 8. The method of claim 1 wherein the ability to detect the at least one intruder corresponds to a detection area of coverage.
  - 9. The method of claim 4 wherein the ability of the one sniffer device to prevent the one intruder depends upon a range between the one sniffer device and the one intruder device.
  - 10. The method of claim 9 wherein the range is within an effective range the one intruder device may be disabled to a selected degree using the one sniffer device.
  - 11. The method of claim 9 wherein the range is outside of an effective range the one intruder device is not disabled to a selected degree using the one sniffer device.
  - 12. The method of claim 1 wherein the security exposure view comprises a first region surrounding a vicinity of the one sniffer device.
  - 13. The method of claim 1 wherein the information comprises location information associated with the one or more sniffer devices.
  - 14. The method of claim 1 wherein the information comprises antenna characteristics associated with the one or more sniffer devices.
  - 15. The method of claim 6 wherein the detection area of coverage includes a portion of the prevention area of coverage.
  - 16. The method of claim 1 wherein the signal intensity characteristics comprises probability data.
  - 17. The method of claim 16 wherein the probability data include an uncertainty characteristic of physical and/or radio characteristics associated with the layout.
  - 18. The method of claim 16 wherein the probability data include an uncertainty characteristic of the signal intensity.
  - 19. The method of claim 1 wherein the generating comprises ray racing.
  - 73. The method of claim 1 wherein the first certainty level is characterized by a probability value at the first range of signal strength.

20. A method for providing a security exposure analysis of a selected local geographic region using at least one security exposure representation associated with one or more wireless networks within the selected local geographic region, the method comprising:
- providing a selected geographic region, the selected geographic region comprising a layout in graphical form and one or more wireless access devices disposed in a spatial manner within a portion of the layout;
  
  generating a computer model of the selected local geographic region including the layout;
  
  inputting information associated with one or more components of a wireless network into the computer model, the one or more components including at least one of the wireless access devices;
  
  determining signal intensity characteristics of the at least one wireless access device of the wireless network over at least a portion of the selected geographic region using the computer model;
  
  generating security information associated with a security exposure view using at least the signal intensity characteristics of the at least one wireless access device; and
  
  displaying the security exposure view on a display, the security exposure view being an ability of at least one intruder device in the portion of the selected geographic region to access the at least one wireless access device.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 21. The method of claim 20 wherein the layout comprises a floor plan including one or more walls and one or more entrances.
  - 22. The method of claim 20 wherein the layout comprises an outside view of a selected outdoor region.
  - 23. The method of claim 20 wherein the security exposure view comprises a first region surrounding a vicinity of the one wireless access device.
  - 24. The method of claim 20 wherein the information comprises location information associated with the one wireless access device.
  - 25. The method of claim 20 wherein the information comprises vendor information associated with the one wireless access device.
  - 26. The method of claim 20 wherein the information comprises model information associated with the one wireless access device.
  - 27. The method of claim 20 wherein the information comprises configuration information associated with the one wireless access device.
  - 28. The method of claim 20 the signal intensity characteristics comprises probability data.
  - 29. The method of claim 28 wherein the probability data include an uncertainty characteristic of physical and/or radio characteristics associated with the layout.
  - 30. The method of claim 28 wherein the probability data include an uncertainty characteristic of the signal intensity.
  - 31. The method of claim 20 wherein the generating comprises ray racing.

32. A method for displaying one or more regions associated with one or more security exposures for a wireless network within a selected local geographic region, the method comprising:
- displaying a selected geographic region, the selected geographic region comprising a layout;
  
  displaying one or more wireless access devices disposed in a spatial manner within a portion of the layout;
  
  displaying a first region associated with at least one of the wireless access devices illustrating a first level of security exposure; and
  
  displaying a second region associated with at least one of the wireless access devices illustrating a second level of security exposure.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 33. The method of claim 32 wherein the layout comprises one or more walls and one or more entrances.
  - 34. The method of claim 32 wherein the first level of security exposure is associated with an intruder device, the intruder device being capable of receiving and decoding wireless signals in the wireless network within a portion of the selected geographic region.
  - 35. The method of claim 34 wherein the portion of the selected geographic region consists of a selected access point.
  - 36. The method of claim 32 wherein the second level of security exposure is associated with an intruder device, the intruder device being capable of receiving and decoding wireless signals in the wireless network within a portion of the selected geographic region, the wireless signals being transmitted at a given bit rate.
  - 37. The method of claim 32 wherein the level of security exposure is associated with an intruder device, the intruder device being capable of receiving and decoding a subset of the wireless signals in the wireless network within a portion of the selected geographic region.
  - 38. The method of claim 32 wherein the level of security exposure is associated with an intruder device, the intruder device being capable of detecting the presence of the at least one wireless access device within a portion of the selected geographic region.
  - 39. The method of claim 38 wherein the portion of the selected geographic region consists of a selected access point.
  - 40. The method of claim 32 further comprising displaying a third region associated with at least one of the access devices illustrating a third level of security exposure.
  - 41. The method of claim 32 further comprising displaying an Nth region associated with at least one of the access devices illustrating an Nth level of security exposure.
  - 42. The method of claim 32 wherein the first region and the second region are displayed simultaneously.

43. A method for displaying multiple regions associated with one or more signal variability for a selected local geographic region, the method comprising:
- displaying a selected geographic region, the selected geographic region comprising a layout and one or more wireless access devices disposed in a spatial manner within a portion of the layout;
  
  displaying a first region associated with at least one of the access devices illustrating a first level of signal variability; and
  
  displaying a second region associated with at least one of the access devices illustrating a second level of signal variability.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
- - 44. The method of claim 43 wherein the selected geographic region including one or more walls and one or more entrances.
  - 45. The method of claim 43 wherein the first level of signal variability ranges from about +/−
    - 1 dBm of a predetermined value.
  - 46. The method of claim 45 wherein the predetermined value is a predicted value.
  - 47. The method of claim 46 wherein the selected geographic region consists of a selected access point.
  - 48. The method of claim 43 wherein the second level of signal variability ranges from about +/−
    - 5 dBm of a predetermined value.
  - 49. The method of claim 48 wherein the predetermined value is a predicted value.
  - 50. The method of claim 49 wherein the selected geographic region consists of a selected access point.
  - 51. The method of claim 43 further comprising displaying a third region associated with at least one of the access devices illustrating a third level of signal variability.
  - 52. The method of claim 51 wherein the third level of signal variability ranges from about +/−
    - 10 dBm of a predicated value.
  - 53. The method of claim 43 further comprising displaying an Nth region associated with at least one of the access devices illustrating an Nth level of signal variability.
  - 54. The method of claim 43 wherein the first region and the second region are displayed simultaneously.
  - 55. The method of claim 43 wherein the signal variability is associated with temporal variation of signal intensity.

56. Method for displaying one or more regions associated with one or more security exposures for a wireless network within a selected local geographic region, the method comprising:
- displaying a selected geographic region, the selected geographic region comprising a layout and one or more wireless access devices disposed in a spatial manner within a portion of the layout;
  
  displaying a first region associated with at least one of the access devices illustrating a first level of security exposure;
  
  displaying a second region associated with at least one of the access devices illustrating a second level of security exposure; and
  
  displaying a prediction confidence indication, the prediction confidence indication being associated with a measure of signal accuracy associated with the first region and the second region.
- View Dependent Claims (57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
- - 57. The method of claim 56 wherein the selected geographic region including one or more walls and one or more entrances.
  - 58. The method of claim 56 wherein the first level of security exposure is associated with an intruder device, the intruder device being capable of receiving and decoding wireless signals in the wireless network within a portion of the selected geographic region.
  - 59. The method of claim 58 wherein the portion of the selected geographic region consists of a selected access point.
  - 60. The method of claim 56 wherein the second level of security exposure is associated with an intruder device, the intruder device being capable of receiving and decoding wireless signals in the wireless network within a portion of the selected geographic region, the wireless signals being transmitted at a given bit rate.
  - 61. The method of claim 60 wherein the portion of the selected geographic region consists of a selected access point.
  - 62. The method of claim 56 further comprising displaying a third region associated with at least one of the access devices illustrating a third level of security exposure.
  - 63. The method of claim 56 further comprising displaying an Nth region associated with at least one of the access devices illustrating an Nth level of security exposure.
  - 64. The method of claim 56 wherein the first region, the second region, and the prediction confidence indication are displayed simultaneously.
  - 65. The method of claim 56 wherein the first region and the prediction confidence indication are displayed simultaneously.
  - 66. The method of claim 56 wherein the indication is associated with a first size and/or shape of the first region and a second size and/or shape of the second region.
  - 67. The method of claim 66 wherein the first size and/or shape changes as the signal accuracy changes.
  - 68. The method of claim 66 wherein the second size and/or shape changes as the signal accuracy changes.

69. A method for displaying one or more regions associated with signal certainty of at least a strength in a wireless network within a selected local geographic region, the method comprising:
- retrieving information associated with a selected geographic region from a first portion of memory;
  
  displaying the selected geographic region from at least a portion of the information, the selected geographic region comprising a layout and one or more wireless devices disposed in a spatial manner within a portion of the layout;
  
  determining a first region having a first range of signal strength and a first certainty level associated with at least one of the wireless devices using a predetermined process;
  
  displaying the first region associated with at least one of the wireless devices illustrating the first range of signal strength and the first certainty level on a display device;
  
  providing a selected input coupled to the display device; and
  
  displaying an Nth region associated with at least one of the wireless devices illustrating a Nth range of signal strength, where Nth is an integer of 2 or greater, and a second certainty level upon the selected input.
- View Dependent Claims (70, 71, 72)
- - 70. The method of claim 69 wherein the predetermined process is selected from a prediction process, an observation process, or a combination of a prediction process and an observation process.
  - 71. The method of claim 69 wherein the selected input is provided from a user interface device coupled to the display device.
  - 72. The method of claim 69 wherein the one or more wireless devices is selected from an access point device, a sniffer, a transmitter, a receiver, and a wireless station.

74. A method for displaying one or more regions associated with variability of at least a parameter associated with a wireless network within a selected local geographic region, the method comprising:
- retrieving information associated with a selected geographic region from a first portion of memory;
  
  displaying the selected geographic region from at least a portion of the information, the selected geographic region comprising a layout and one or more wireless devices disposed in a spatial manner within a portion of the layout;
  
  determining a first region having a first variability level for a parameter associated with at least one of the wireless devices using a predetermined process;
  
  displaying the first region associated with the parameter for at least one of the wireless devices illustrating the first variability level on a display device; and
  
  displaying an Nth region associated with the one of the wireless devices illustrating a Nth range of variability associated with the parameter, where Nth is an integer of 2 or greater.
- View Dependent Claims (75, 76, 77)
- - 75. The method of claim 74 wherein the first region and the Nth region are displayed simultaneously.
  - 76. The method of claim 74 wherein the first region and the second region are free from any spatial overlap on the display.
  - 77. The method of claim 74 further comprising:
    - determining a first certainty region having a first range of signal strength and a first certainty level associated with at least one of the access devices using a predetermined process;
      
      displaying the certainty first region associated with at least one of the wireless devices illustrating the first range of signal strength and the first certainty level on a display device;
      
      providing a selected input coupled to the display device; and
      
      displaying an Nth certainty region associated with at least one of the wireless devices illustrating a Nth range of signal strength, where Nth is an integer of 2 or greater, and a second certainty level upon the selected input.

78. A system for displaying one or more regions associated with one or more security exposures for a wireless network within a selected local geographic region, the system comprising one or more computer memories, the one or more computer memories including:
- code directed to displaying a selected geographic region, the selected geographic region comprising a layout;
  
  code directed to displaying one or more wireless access devices disposed in a spatial manner within a portion of the layout;
  
  code directed to displaying a first region associated with at least one of the wireless access devices illustrating a first level of security exposure; and
  
  code directed to displaying a second region associated with at least one of the wireless access devices illustrating a second level of security exposure.

79. A system for displaying multiple regions associated with one or more signal variability for a selected local geographic region, the system comprising one or more computer memories, the one or more computer memories comprising:
- code directed to displaying a selected geographic region, the selected geographic region comprising a layout and one or more wireless access devices disposed in a spatial manner within a portion of the layout;
  
  code directed to displaying a first region associated with at least one of the access devices illustrating a first level of signal variability; and
  
  code directed to displaying a second region associated with at least one of the access devices illustrating a second level of signal variability.

80. A system for displaying one or more regions associated with one or more security exposures for a wireless network within a selected local geographic region, the system comprising one or more computer memories comprising:
- code directed to displaying a selected geographic region, the selected geographic region comprising a layout and one or more wireless access devices disposed in a spatial manner within a portion of the layout;
  
  code directed to displaying a first region associated with at least one of the access devices illustrating a first level of security exposure;
  
  code directed to displaying a second region associated with at least one of the access devices illustrating a second level of security exposure; and
  
  code directed to displaying a prediction confidence indication, the prediction confidence indication being associated with a measure of signal accuracy associated with the first region and the second region.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Airtight Networks Incorporated (Arista Networks, Inc.)
Original Assignee
Airtight Networks Incorporated (Arista Networks, Inc.)
Inventors
Chaskar, Hemant, Bhagwat, Pravin, Krishnamurthy, Gopinath

Application Number

US10/970,830
Publication Number

US 20060070113A1
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/1433   Vulnerability analysis

H04W 12/122   Counter-measures against at...

H04W 12/126   Anti-theft arrangements, e....

H04W 12/128   Anti-malware arrangements, ...

H04W 4/021   Services related to particu...

Method for wireless network security exposure visualization and scenario analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

80 Claims

Specification

Solutions

Use Cases

Quick Links

Method for wireless network security exposure visualization and scenario analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

80 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links