Method and apparatus for wireless network security

US 7,724,717 B2
Filed: 07/24/2006
Issued: 05/25/2010
Est. Priority Date: 07/22/2005
Status: Active Grant

First Claim

Patent Images

1. A system, for securing a wireless computing network, comprising:

means for receiving a communication from an unidentified transmitter;

means for identifying the transmitter in accordance with a fingerprint generated from one or more radio frequency signal characteristics extracted from the communication;

means for making one or more access control decisions in response to an identity of the transmitter; and

a fingerprint store comprising fingerprint data for one or more transmitters known to the wireless computing network, wherein the fingerprint store is an extension of an address resolution protocol cache.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, the present invention is a method and apparatus for wireless network security. In one embodiment, a method for securing a wireless computing network includes receiving a communication from an unidentified transmitter, identifying the transmitter in accordance with a fingerprint generated from one or more radio frequency signal characteristics extracted from the communication, and taking action in response to an identity of the transmitter.

95 Citations

View as Search Results

55 Claims

1. A system, for securing a wireless computing network, comprising:
- means for receiving a communication from an unidentified transmitter;
  
  means for identifying the transmitter in accordance with a fingerprint generated from one or more radio frequency signal characteristics extracted from the communication;
  
  means for making one or more access control decisions in response to an identity of the transmitter; and
  
  a fingerprint store comprising fingerprint data for one or more transmitters known to the wireless computing network, wherein the fingerprint store is an extension of an address resolution protocol cache.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein at least some contents of the fingerprint store are exported to other wireless computing network security systems.
  - 3. The system of claim 1, wherein at least some contents of the fingerprint store are imported from other wireless computing network security systems.
  - 4. The system of claim 1, wherein the means for making one or more access control decisions comprises:
    - a firewall module configured to accept or deny data link layer frames of the communication based on the fingerprint.
  - 5. The system of claim 4, wherein the firewall module is further configured to:
    - pass data link layer frames associated with authorized transmitters to a network stack module; and
      
      drop data link layer frames that are not associated with the authorized transmitters.
  - 6. The system of claim 4, wherein the firewall module is further configured to send an alert to an intrusion prevention system if the data link layer frames are not associated with the authorized transmitters.
  - 7. The system of claim 4, wherein the firewall module is further configured to disrupt communications of unauthorized transmitters.
  - 8. The system of claim 1, further comprising:
    - an intrusion prevention system configured to perform inline packet inspection and anomaly detection.
  - 9. The system of claim 1, wherein the means for receiving comprises one or more antennas.
  - 10. The system of claim 1, wherein the means for identifying comprises:
    - a standard processing module configured to extract a data link layer frame from a raw radio frequency signal associated with the communication; and
      
      a fingerprint processing module configured to produce the fingerprint.
  - 11. The system of claim 10, wherein the fingerprint processing module is further configured to extract a medium access control address contained in the communication.
  - 12. The system of claim 10, wherein the fingerprint processing module is further configured to demodulate and decode additional radio frequency signals not associated with the transmitter.
  - 13. The system of claim 10, wherein the fingerprint processing module comprises an expert reasoning engine for detecting location-fixed transmitter position violations.

14. A method for securing a wireless computing network, the method comprising:
- receiving a communication from an unidentified transmitter;
  
  identifying the transmitter in accordance with a first fingerprint generated from one or more radio frequency signal characteristics extracted from the communication;
  
  making one or more access control decisions in response to an identity of the transmitter; and
  
  storing one or more stored fingerprints representing one or more transmitters known to the wireless computing network in a fingerprint store, wherein the fingerprint store is an extension of an address resolution protocol cache.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 15. The method of claim 14, wherein the one or more radio frequency signal characteristics are extracted from a physical layer frame of the communication.
  - 16. The method of claim 14, wherein the identifying comprises:
    - comparing the first fingerprint to at least one of the one or more stored fingerprints.
  - 17. The method of claim 16, wherein the comparing comprises:
    - generating for each comparison performed in accordance with the comparing a similarity score indicative of a degree of similarity between the first fingerprint and a respective one of the one or more stored fingerprints.
  - 18. The method of claim 16, wherein the comparing comprises:
    - converting the first fingerprint to a first fingerprint model, the first fingerprint model comprising one or more categorical measurements for radio frequency signal characteristics corresponding to the first fingerprint; and
      
      comparing the first fingerprint model to a stored fingerprint model of one of the one or more stored fingerprints, the stored fingerprint model comprising one or more categorical measurements for radio frequency signal characteristics corresponding to the one of the one or more stored fingerprints.
  - 19. The method of claim 18, wherein the stored fingerprint model further comprises:
    - a tolerance associated with each of the one or more categorical measurements, the tolerance specifying a degree of similarity that an associated one of the one or more categorical measurements must meet with regard to a corresponding one of the one or more categorical measurements of the first fingerprint model in order to be considered a match.
  - 20. The method of claim 14, wherein the making one or more access control decisions comprises:
    - registering the transmitter such that the transmitter is allowed to communicate with an infrastructure of the wireless computing network.
  - 21. The method of claim 14, wherein the making one or more access control decisions comprises:
    - authenticating the transmitter if the first fingerprint matches at least one of the one or more stored fingerprints that corresponds to an authorized user of the wireless computing network.
  - 22. The method of claim 14, wherein the making one or more access control decisions comprises:
    - authenticating the transmitter if the first fingerprint indicates that an estimated location of the transmitter is within a permissible range.
  - 23. The method of claim 14, wherein the making one or more access control decisions comprises:
    - generating an alert if the first fingerprint matches at least one of the one or more stored fingerprints that corresponds to a known source of malicious activity, the alert indicative of a possible intrusion in the wireless computing network; and
      
      forwarding the alert to an intrusion prevention system.
  - 24. The method of claim 14, wherein the making one or more access control decisions comprises:
    - generating an alert if the first fingerprint does not match at least one of the one or more stored fingerprints that corresponds to an authorized user of the wireless computing network, the alert indicative of a possible intrusion in the wireless computing network; and
      
      forwarding the alert to an intrusion prevention system.
  - 25. The method of claim 24, wherein the alert includes information about the first fingerprint.
  - 26. The method of claim 14, wherein the making one or more access control decisions comprises:
    - determining that the transmitter is not an authorized user of the wireless computing device, in accordance with the first fingerprint; and
      
      disrupting communication sessions associated with the transmitter.
  - 27. The method of claim 26, wherein the disrupting is accomplished in accordance with a frame injection technique.
  - 28. The method of claim 14, wherein the making one or more access control decisions comprises:
    - sharing the first fingerprint with at least one other computing network.
  - 29. The method of claim 28, further comprising:
    - tracking a location of the transmitter in accordance with the first fingerprint.
  - 30. The method of claim 29, wherein the tracking comprises:
    - receiving a new communication from the transmitter;
      
      generating a new fingerprint from one or more radio frequency signal characteristics extracted from the new communication; and
      
      comparing the new fingerprint to the first fingerprint.
  - 31. The method of claim 14, further comprising:
    - providing one or more data link layer frames associated with the transmitter to a network firewall; and
      
      indicating to the network firewall whether the transmitter has been identified as an authorized user of the wireless computing network or an unauthorized user of the wireless computing network, in accordance with the first fingerprint.
  - 32. The method of claim 14, wherein the making one or more access control decisions comprises:
    - marking the transmitter as blacklisted if the first fingerprint does not match at least one of the one or more stored fingerprints that corresponds to an authorized user of the wireless computing network.
  - 33. The method of claim 14, wherein the first fingerprint is generated periodically.
  - 34. The method of claim 14, further comprising:
    - receiving a new communication from the transmitter; and
      
      recognizing the transmitter in accordance with the first fingerprint.

35. A computer readable storage medium containing an executable program for securing a wireless computing network, where the program performs steps comprising:
- receiving a communication from an unidentified transmitter;
  
  identifying the transmitter in accordance with a first fingerprint generated from one or more radio frequency signal characteristics extracted from the communication;
  
  making one or more access control decisions in response to an identity of the transmitter; and
  
  storing one or more stored fingerprints representing one or more transmitters known to the wireless computing network in a fingerprint store, wherein the fingerprint store is an extension of an address resolution protocol cache.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
- - 36. The computer readable storage medium of claim 35, wherein the one or more radio frequency signal characteristics are extracted from a physical layer frame of the communication.
  - 37. The computer readable storage medium of claim 35, wherein the identifying comprises:
    - comparing the first fingerprint to at least one of the one or more stored fingerprints.
  - 38. The computer readable storage medium of claim 37, wherein the comparing comprises:
    - generating for each comparison performed in accordance with the comparing a similarity score indicative of a degree of similarity between the first fingerprint and a respective one of the one or more stored fingerprints.
  - 39. The computer readable storage medium of claim 37, wherein the comparing comprises:
    - converting the first fingerprint to a first fingerprint model, the first fingerprint model comprising one or more categorical measurements for radio frequency signal characteristics corresponding to the first fingerprint; and
      
      comparing the first fingerprint model to a stored fingerprint model of one of the one or more stored fingerprints, the stored fingerprint model comprising one or more categorical measurements for radio frequency signal characteristics corresponding to the one of the one or more stored fingerprints.
  - 40. The computer readable storage medium of claim 39, wherein the stored fingerprint model further comprises:
    - a tolerance associated with each of the one or more categorical measurements, the tolerance specifying a degree of similarity that an associated one of the one or more categorical measurements must meet with regard to a corresponding one of the one or more categorical measurements of the first fingerprint model in order to be considered a match.
  - 41. The computer readable storage medium of claim 35, wherein the making one or more access control decisions comprises:
    - registering the transmitter such that the transmitter is allowed to communicate with an infrastructure of the wireless computing network.
  - 42. The computer readable storage medium of claim 35, wherein the making one or more access control decisions comprises:
    - authenticating the transmitter if the first fingerprint matches at least one of the one or more stored fingerprints that corresponds to an authorized user of the wireless computing network.
  - 43. The computer readable storage medium of claim 35, wherein the making one or more access control decisions comprises:
    - authenticating the transmitter if the first fingerprint indicates that an estimated location of the transmitter is within a permissible range.
  - 44. The computer readable storage medium of claim 35, wherein the making one or more access control decisions comprises:
    - generating an alert if the first fingerprint matches at least one of the one or more stored fingerprints that corresponds to a known source of malicious activity, the alert indicative of a possible intrusion in the wireless computing network; and
      
      forwarding the alert to an intrusion prevention system.
  - 45. The computer readable storage medium of claim 35, wherein the making one or more access control decisions comprises:
    - generating an alert if the first fingerprint does not match at least one of the one or more stored fingerprints that corresponds to an authorized user of the wireless computing network, the alert indicative of a possible intrusion in the wireless computing network; and
      
      forwarding the alert to an intrusion prevention system.
  - 46. The computer readable storage medium of claim 45, wherein the alert includes information about the first fingerprint.
  - 47. The computer readable storage medium of claim 35, wherein the making one or more access control decisions comprises:
    - determining that the transmitter is not an authorized user of the wireless computing device, in accordance with the first fingerprint; and
      
      disrupting communication sessions associated with the transmitter.
  - 48. The computer readable storage medium of claim 47, wherein the disrupting is accomplished in accordance with a frame injection technique.
  - 49. The computer readable storage medium of claim 35, wherein the making one or more access control decisions comprises:
    - sharing the first fingerprint with at least one other computing network.
  - 50. The computer readable storage medium of claim 47, further comprising:
    - tracking a location of the transmitter in accordance with the first fingerprint.
  - 51. The computer readable storage medium of claim 50, wherein the tracking comprises:
    - receiving a new communication from the transmitter;
      
      generating a new fingerprint from one or more radio frequency signal characteristics extracted from the new communication; and
      
      comparing the new fingerprint to the first fingerprint.
  - 52. The computer readable storage medium of claim 35, further comprising:
    - providing one or more data link layer frames associated with the transmitter to a network firewall; and
      
      indicating to the network firewall whether the transmitter has been identified as an authorized user of the wireless computing network or an unauthorized user of the wireless computing network, in accordance with the first fingerprint.
  - 53. The computer readable storage medium of claim 35, wherein the making one or more access control decisions comprises:
    - marking the transmitter as blacklisted if the first fingerprint does not match at least one of the one or more stored fingerprints that corresponds to an authorized user of the wireless computing network.
  - 54. The computer readable storage medium of claim 35, wherein the first fingerprint is generated periodically.
  - 55. The computer readable storage medium of claim 35, further comprising:
    - receiving a new communication from the transmitter; and
      
      recognizing the transmitter in accordance with the first fingerprint.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SRI International, Inc.
Original Assignee
SRI International, Inc.
Inventors
Porras, Phillip Andrew, Manseau, David, Marcotullio, John Peter, Corr, Michael G., Watt, David, Dawson, Steven Mark
Primary Examiner(s)
Eng, George
Assistant Examiner(s)
Torres, Marcos L

Application Number

US11/492,399
Publication Number

US 20070025265A1
Time in Patent Office

1,401 Days
Field of Search

455410-411, 455/423, 455/425, 370/338, 370/332, 370/335, 726 1- 7
US Class Current

370/338
CPC Class Codes

G06K 7/0008   General problems related to...

H04L 63/0876   based on the identity of th...

H04W 12/06   Authentication

H04W 12/122   Counter-measures against at...

H04W 12/79   Radio fingerprint

Method and apparatus for wireless network security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

95 Citations

55 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for wireless network security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

95 Citations

55 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links