1. Field of the Invention
The present invention relates to security of computer networks, and deals more particularly with methods, systems, computer program products, and methods of doing business whereby access to a wireless network is controlled based on a device's presence within a spatial boundary. The disclosed techniques may also be used for determining whether devices remain within a spatial boundary.
2. Description of the Related Art
“WiFi” (for “wireless fidelity”) or “Wi-Fi”® is the label commonly applied to devices following the Institute of Electrical and Electronics Engineers (“IEEE”) 802.11b specification. This abbreviation is taken from the logo of an industry interoperability group (Wireless Ethernet Compatibility Alliance, Inc., or “WECA”, also known as the Wi-Fi Alliance) that certifies compliant products. (“Wi-Fi” is a registered trademark of Wireless Ethernet Compatibility Alliance, Inc.) WiFi technology allows a raw wireless data transmission rate of approximately 11 Mbps at indoor distances from several dozen to several hundred feet, and outdoor distances of several to tens of miles using an unlicensed portion of the 2.4 GHz band in 14 overlapped channels.
While two modes of operation are possible, namely peer-to-peer and network, most WiFi installations use the network form where an “access point” serves as a hub bridging client adapters to one another and to a wired network, often using Network Address Translation (“NAT”) technology. See FIG. 1, where this configuration is illustrated. When a client wants to join a network hosted by an access point, it must first synchronize with that network by performing the following synchronization protocol steps. First, to establish initial communications, it either listens for a “beacon” sent periodically by the access point or sends a “probe” and awaits a response. Next, the client undergoes an authentication process with the access point. If that is successful, the client proceeds to an association process which sets up a logical session over which higher-layer protocols and data may flow. At any point thereafter, either the access point or the client may terminate the association, shutting down further data communications. After the association is terminated, no further data communication can occur until the aforementioned synchronization protocol is repeated to join the network anew.
The world of WiFi is no longer confined to expensive-gadget-happy geeks, but is being embraced by everyday people who love the convenience of being mobile. Mass production has made access points and client adapters so inexpensive that WiFi is being widely used for networking in many places, including homes and small offices, replacing the high-cost special wiring of the past and allowing folks to easily move their computing workspace on a moment-to-moment whim. As the majority of users purchasing commodity-priced WiFi gear are non-technical, they have no insight to the underlying technology nor do they understand the side effects of its use.
Unfortunately, WiFi has also attracted the hacker fringe, who view its deployment as an invitation to steal access to the Internet and/or locally-available services. The poor security which has been identified in WiFi's standard protocols (see, for example, “Wireless networks wide open to hackers” by Robert Lemos, which may be found on the Internet at http://news.com.com/2100-1001-269853.html?tag=bplst ), coupled with cheap ways to intercept the radio signals miles outside the nominal 300 foot service radius (see “Antenna on the Cheap” by Rob Flickenger, located on the Internet at http://www.oreillynet.com/cs/weblog/view/wlg/448) has opened the barn door to even the lowly budget-strapped high school “script kiddy”. With this trend, new terms for wireless hacking have emerged, such as “War Driving” and “Warchalking”. War driving is the activity of locating WiFi networks that can easily be tapped from a laptop in a car. (See “WAR DRIVING” by Sandra Kay Miller, located on the Internet at http://www.infosecuritymag.com/articles/november01/technology_wardriving.shtml, for an article on this topic.). Warchalking is the practice of marking the presence of WiFi networks (for example, on the side of a building where a WiFi network is detected by a “war driver”, or on the sidewalk in front of the building) so they are easy to locate without a device such as the $6.45 “Pringles” can antenna (described in the above-mentioned “Antenna on the Cheap” article) used by the war drivers.
What is needed is a way of improving security in WiFi networks to prevent intrusion by unauthorized devices. The solution must be easy to set up, even in a home environment, and must not require changes to the WiFi standards or to existing client device adapters.