1. Field of the Invention
The present invention relates to the field of security for computer network systems. Specifically, the present invention relates to establishing boundaries for limiting communication within a wireless computer network.
2. Related Art
Continued advancements in hardware technology and software development are enabling computer systems and other electronic devices, such as personal digital assistants, laptop computers, electronic books, cellular phones, etc., to be utilized in a variety of different implementations and applications. Some implementations are financial and commercial transactions, computer-aided design, communication, data storage and warehousing, education, etc. Additionally, coupling stand-alone computers and other electronic devices to form a networking environment greatly enhances their functionality. In a network environment, users are able to exchange information, share commonly stored files, combine resources, and communicate via e-mail (electronic mail) and via video conferencing. Further, with the advent of wireless communication, networked computers can communicate and exchange information with nearly any other computer or other electronic device without having to be physically connected via a wired configuration.
In a wireless environment, there is a wireless client and an access point. The communication between the client and the access point is in the form of electromagnetic (em) radiation that is transmitted over public air space, so the communication is visible to anyone within range. As illustrated in FIG. 1, the information 20 transmitted via this em radiation spills outside of the building 10, through windows, doors and through most wall materials. In order to protect the privacy and contents of the transmitted communication from intrusion, the information is commonly encrypted. To enable encryption, an encryption key may be distributed to each of the clients utilizing the wireless network.
It is important to assure that the client device is approved to receive an encryption key for a particular network and, conversely, that the network is approved for that particular client. It is also important that the user of the device also be approved for communication over the network. Therefore some form of authentication protocol must be employed in order to authenticate the devices, the network and the user.
There are a number of ways for a network to verify user identity in order to check whether it should grant access to its resources. For local area networks, the IEEE draft standard 802.1x/D11 specifies how to accomplish this. It establishes a basis for carrying authentication information from a supplicant to an authenticator, and optionally from the authenticator to an authentication server, in order to control access to the network by users. FIG. 2 illustrates a hardware block technique as specified in IEEE 802.1x/D11. When a client device 120 first connects to the network, the client device 120 is only allowed to communicate with the authentication server 110. A hardware switch 130 prevents the client device 120 from accessing the full network 140. After the client device 120 authenticates with the authentication server 110, the hardware switch 130 allows the client device 120 to have access to the network 140.
Most network environments have firewalls to prevent unauthorized users from having direct access to the network from outside the network. The firewall may be implemented in software on a computer, in a router, in a stand-alone firewall box, etc. The network may also have a Virtual Private Network (VPN) gateway. VPNs employ the security of a private network via access control and encryption. All traffic from the Internet may be directed through a firewall or a VPN gateway, thus providing a certain measure of protection for that path.
In comparison to wireline networks, wireless networks have an additional problem to solve when users attempt to connect to them. Generally, wireline networks rely on protected distribution systems (e.g., conduit protected cabling, switches in locked wiring closets) to ensure the traffic they carry is not intercepted or modified in an unauthorized way. Wireless networks, on the other hand, communicate over publically accessible radio channels. Consequently, they must provide other means for protecting their traffic. Generally, this requires wireless networking devices to encrypt and integrity-protect the traffic between them.
Several previous schemes have addressed the problem of user authentication, authorization and key distribution in wireless local area networks. In one scheme, a user and the network mutually authenticate using a shared secret, generally a password. A complimentary scheme utilizes a secret shared by the user and a network to create an encryption key that can then be used to protect the confidentiality and integrity of the traffic between the user's wireless device and the network. The use of these two schemes has the advantage of securely authenticating the user and creating the encryption key.
These schemes, and other conventional methods of moderating network access, are problematic for at least two major reasons. In the first place, requiring authentication procedure compliance to gain network access is not fool proof. “Spoofing,” e.g., faking the sending address of a data transmission in order to authenticate without authorization, if successful, may expose even a seemingly secure network to intrusion
Further, the “seemingly secure” nature of the network in such an instance weaves an obviously false sense of security. This false sense of security has its own risks, because great amounts of mischief may occur under its camouflage. Such mischief may perhaps occur in a manner and on an order unlikely in a patently non-secure system, wherein network participants would more probably know to take appropriate precautions.
Secondly, conventional methods of detecting intrusion into secured networks typically seek effects caused by the presence of unauthorized entities and/or actions taken by unauthorized entities that have gained access thereto. In many cases this amounts to nothing more than internal damage assessment. It therefore provides no ability to prevent the intrusion or resultant damage, or even to detect such intrusion in real time or near-real time.
However, in as much as such intrusions and other security breaches enabled by such spoofing continue to be problematic to networking and costly to users of networks, countermeasures to such schemes are sought. Such countermeasures should be capable of implementation without gross revamping of network architecture or burdening network accessibility to legitimate authorized entities.