1. Field of the Invention
The present application relates generally to wireless networking and, in some preferred embodiments, to localization of wireless users in a wireless communication network; that is, determining the physical location of a wireless user for the purpose of deploying location-based services, or in order to detect the presence and location of intruders in the network.
2. General Background Discussion
Networks and Internet Protocol
There are many types of computer networks, with the Internet having the most notoriety. The Internet is a worldwide network of computer networks. Today, the Internet is a public and self-sustaining network that is available to many millions of users. The Internet uses a set of communication protocols called TCP/IP (i.e., Transmission Control Protocol/Internet Protocol) to connect hosts. The Internet has a communications infrastructure known as the Internet backbone. Access to the Internet backbone is largely controlled by Internet Service Providers (ISPs) that resell access to corporations and individuals.
With respect to IP (Internet Protocol), this is a protocol by which data can be sent from one device (e.g., a phone, a PDA [Personal Digital Assistant], a computer, etc.) to another device on a network. There are a variety of versions of IP today, including, e.g., IPv4, IPv6, etc. Each host device on the network has at least one IP address that is its own unique identifier.
IP is a connectionless protocol. The connection between end points during a communication is not continuous. When a user sends or receives data or messages, the data or messages are divided into components known as packets. Every packet is treated as an independent unit of data.
In order to standardize the transmission between points over the Internet or the like networks, an OSI (Open Systems Interconnection) model was established. The OSI model separates the communications processes between two points in a network into seven stacked layers, with each layer adding its own set of functions. Each device handles a message so that there is a downward flow through each layer at a sending end point and an upward flow through the layers at a receiving end point. The programming and/or hardware that provides the seven layers of function is typically a combination of device operating systems, application software, TCP/IP and/or other transport and network protocols, and other software and hardware.
Typically, the top four layers are used when a message passes from or to a user and the bottom three layers are used when a message passes through a device (e.g., an IP host device). An IP host is any device on the network that is capable of transmitting and receiving IP packets, such as a server, a router or a workstation. Messages destined for some other host are not passed up to the upper layers but are forwarded to the other host. In the OSI and other similar models, IP is in Layer-3, the network layer.
Wireless Networks
Wireless networks can incorporate a variety of types of mobile devices, such as cellular and wireless telephones, PCs (personal computers), laptop computers, wearable computers, cordless phones, pagers, headsets, printers, PDAs, etc. For example, mobile devices may include digital systems to secure fast wireless transmissions of voice and/or data. Typical mobile devices include some or all of the following components: a transceiver (i.e., a transmitter and a receiver, including a single chip transceiver with an integrated transmitter, receiver and, if desired, other functions); an antenna; a processor; one or more audio transducers (for example, a speaker or a microphone as in devices for audio communications); electromagnetic data storage (such as ROM, RAM, digital data storage, etc., such as in devices where data processing is provided); memory; flash memory; a full chip set or integrated circuit; interfaces (such as USB, CODEC, UART, PCM, etc.); and/or the like.
Wireless LANs (WLANS) in which a mobile user can connect to a local area network (LAN) through a wireless connection may be employed for wireless communications. Wireless communications can include, e.g., communications that propagate via electromagnetic waves, such as light, infrared, radio, microwave. There are a variety of WLAN standards that currently exist, such as, Bluetooth, IEEE 802.11, and HomeRF.
By way of example, Bluetooth products may be used to provide links between mobile computers, mobile phones, portable handheld devices, personal digital assistants (PDAs), and other mobile devices and connectivity to the Internet. Bluetooth is a computing and telecommunications industry specification that details how mobile devices can easily interconnect with each other and with non-mobile devices using a short-range wireless connection. Bluetooth creates a digital wireless protocol to address end-user problems arising from the proliferation of various mobile devices that need to keep data synchronized and consistent from one device to another, thereby allowing equipment from different vendors to work seamlessly together. Bluetooth devices may be named according to a common naming concept. For example, a Bluetooth device may possess a Bluetooth Device Name (BDN) or a name associated with a unique Bluetooth Device Address (BDA). Bluetooth devices may also participate in an Internet Protocol (IP) network. If a Bluetooth device functions on an IP network, it may be provided with an IP address and an IP (network) name. Thus, a Bluetooth Device configured to participate on an IP network may contain, e.g., a BDN, a BDA, an IP address and an IP name. The term “IP name” refers to a name corresponding to an IP address of an interface.
An IEEE standard, IEEE 802.11, specifies technologies for wireless LANs and devices. Using 802.11, wireless networking may be accomplished with each single base station supporting several devices. In some examples, devices may come pre-equipped with wireless hardware or a user may install a separate piece of hardware, such as a card, that may include an antenna. By way of example, devices used in 802.11 typically include three notable elements, whether or not the device is an access point (AP), a mobile station (STA), a bridge, a PCMCIA card or another device: a radio transceiver; an antenna; and a MAC (Media Access Control) layer that controls packet flow between points in a network.
In addition, Multiple Interface Devices (MIDs) may be utilized in some wireless networks. MIDs may contain two independent network interfaces, such as a Bluetooth interface and an 802.11 interface, thus allowing the MID to participate on two separate networks as well as to interface with Bluetooth devices. The MID may have an IP address and a common IP (network) name associated with the IP address.
Wireless network devices may include, but are not limited to Bluetooth devices, Multiple Interface Devices (MIDs), 802.11x devices (IEEE 802.11 devices including, e.g., 802.11a, 802.11b and 802.11g devices), HomeRF (Home Radio Frequency) devices, Wi-Fi (Wireless Fidelity) devices, GPRS (General Packet Radio Service) devices, 3G cellular devices, 2.5G cellular devices, GSM (Global System for Mobile Communications) devices, EDGE (Enhanced Data for GSM Evolution) devices, TDMA type (Time Division Multiple Access) devices, or CDMA type (Code Division Multiple Access) devices, including CDMA2000. Each network device may contain addresses of varying types including but not limited to an IP address, a Bluetooth Device Address, a Bluetooth Common Name, a Bluetooth IP address, a Bluetooth IP Common Name, an 802.11 IP Address, an 802.11 IP common Name, or an IEEE MAC address.
Wireless networks can also involve methods and protocols found in, e.g., Mobile IP (Internet Protocol) systems, in PCS systems, and in other mobile network systems. With respect to Mobile IP, this involves a standard communications protocol created by the Internet Engineering Task Force (IETF). With Mobile IP, mobile device users can move across networks while maintaining their IP Address assigned once. See Request for Comments (RFC) 3344. NB: RFCs are formal documents of the Internet Engineering Task Force (IETF). Mobile IP enhances Internet Protocol (IP) and adds means to forward Internet traffic to mobile devices when connecting outside their home network. Mobile IP assigns each mobile node a home address on its home network and a care-of-address (CoA) that identifies the current location of the device within a network and its subnets. When a device is moved to a different network, it receives a new care-of address. A mobility agent on the home network can associate each home address with its care-of address. The mobile node can send the home agent a binding update each time it changes its care-of address using, e.g., Internet Control Message Protocol (ICMP).
Localization of Wireless Users
Discovering the location of a wireless user has many purposes, ranging from sending rescue or emergency personnel to a user in distress who may be unable to identify her present location, to providing location customized wireless services, to detecting and locating intruders or other unauthorized users of a wireless networks. Many localization schemes have been proposed for wireless networks. Such schemes are typically based on the features of the underlying physical layer. For example, various schemes based on ultrasound, infrared, Bluetooth, and 802.11 RF networks have been proposed. These schemes infer the location of wireless users by measuring various signal parameters such as a received signal strength indicator (RSSI), time of flight, and angle of arrival. Some of these schemes are client-based, where the user determines his location and the network has no knowledge of the user's location, while others are network-based schemes where the network infrastructure is used to determine the location of the user. The former approach might be preferred when user privacy is a concern. In a vast majority of the known schemes, there is an assumption that none of the users in the system is malicious.
Known localization schemes proposed for WLAN (802.11) systems, are normally based on measuring the signal strength (SS) parameter. The concept is to determine a SS map of the area beforehand. The system then tries to determine the location of a user based on the best match between the signal strengths from the user as seen by multiple Access Points (APs) and the SS map. The match can be made based on deterministic or probabilistic techniques in order to improve the location accuracy and resolution. Typically, the SS values from a wireless device are compared with expected SS values and the location of the device is considered to be that value which minimizes the mean squared error.
There also has been some work recently on secure localization in the context of sensor networks. L. Lazos and R. Poovendran, “SeRLoc: Secure Range-independent Localization for Wireless Sensor Networks,” Proceedings of WISE, Philadelphia, Pa., October 2004, discussed secure positioning in a network of sensors and proposed techniques based on the use of directional antennas. Localization in the presence of an intruder in a wireless network also has been disclosed, where explicit RF distance bounding was used in order to obtain a verifiable localization scheme. Certain schemes use a combination of directional antennae and explicit RF distance bounding. The use of covert base stations also has been disclosed. Techniques also have been proposed for the detection of malicious attacks against beacons which broadcast localization information in sensor networks. The detection is based on the use of time-of-flight (TOF) techniques to verify the consistency of information. One approach to location-based access control was provided in N. Sastry, U. Shankar and D. Wagner, “Secure Verification of Location Claims,” WISE 2003. There, the focus is on location verification using ultrasound and time of flight techniques.
Schemes for secure localization in 802.11 networks also have been proposed. In S. Pandey, B. Kim, F. Anjum and P. Agrawal, “Client Assisted Location Data Acquisition Scheme for Secure Enterprise Wireless Networks,” WCNC 2004, a secure localization scheme using SS values was proposed. A SS lookup table is built efficiently but is based on an enterprise-like environment with cooperating users. The paper indicated that by using a simple trilaterization based on an averaged signal strength lookup table, an accuracy of 85% with a location error range of about 10 ft was obtained. In P. Tao, A. Rudys, A. M. Ladd, and D. S. Wallach, “Wireless LAN location-sensing for security applications,” Proceedings of the Second ACM Workshop on Wireless Security (WISE), San Diego, Calif., September 2003, a location estimation scheme based on building a SS lookup table is proposed. The SS table is built by taking SS readings at various locations. A “difference method” was developed that could detect the location of an intruder transmitting at various power levels. Mapping techniques were introduced in Z. Li, W. Trappe, Y. Zhang, and B. Nath, “Robust Statistical Methods for Securing Wireless Localization in Sensor Networks,” Proceedings of the International Conference on Information Processing in Sensor Networks (IPSN), 2005, which proposed statistical methods for secure localization in wireless sensor networks. There, it was proposed to determine user location based on a mapping which minimizes the median squared error which is more robust in the presence of malicious users.
Using different technologies such as ultrasound, infrared, and Bluetooth for localization in RF based wireless networks would require additional hardware and hence are not cost efficient. Also, infrared has many drawbacks since it is restricted to line of sight and is affected by sunlight.
As pointed out above, most of the localization schemes proposed for WLAN (802.11) systems are normally based on measuring the signal strength (SS) parameter and have been developed without considering security and hence may be easily eluded by an intruder intent on spoofing his location. The SS at any location can be easily measured using a simple “sniffer” and hence a malicious user may easily use the measured SS information to spoof his location.
Additionally, many of the techniques based on sensor networks would not be appropriate for the purpose of secure localization in all wireless networks (e.g., 802.11 networks). This is because of the need for special hardware such as directional antennae or hardware with very small time constraints (i.e., for RF distance bounding) and the fact that such special hardware is typically not preferred with all wireless networks. Also, these techniques are susceptible to various attacks.
Pandey et al., supra, assume an enterprise-like environment with cooperating users. Using the verification data from Pandey et al., the present inventors simulated the scenario of an intruder transmitting at a higher power level by increasing the received SS values by 25% and using the regular matching techniques based on least mean squares error. In this case, the localization scheme failed and the accuracy dropped from 85% (without power variation) to 19% (with power variation). The Tao et al. system (supra) has a poor accuracy of estimated locations, with 70% probability of a correct location estimate with a resolution of about 10 ft. Further, although the median scheme can be robust in the presence of malicious users, it is worse than the mean scheme under normal operating conditions.
Thus, while a variety of systems and methods are known, there remains a need for improved systems and methods of secure wireless user localization. The present application improves upon such systems and methods as described above.