The advent of the Internet and users sharing files across the Internet has spurred the need to secure both ends of the Internet connection. Without some type of security system, a computer connected to the Internet is subject to many security threats such as remote logins. Remote logins are when someone is able to connect and control in some form the connected computer. Control may range from being able to view or access the files on the computer to actually running computer programs.
Security requirements are the same regardless of whether the network is wired or wireless in which security services for authentication, access-control, confidentiality, integrity and non-repudiation should be present. However, providing security to a wireless network is much more difficult when compared to wired networks for wireless networks do not require physical access. For example, a mobile ad-hoc network (MANET) which is a self-configured network of wireless and mobile nodes communicating via radio links does not rely upon a centralized administration to operate or include any pre-defined infrastructure. Thus, each node must assume security for itself for there is no fixed infrastructure such as an authentication server to support security. A MANET without an authentication provision allows an outsider to join the wireless network and perform a variety of activities ranging from passively listening to the network traffic to actively attempting to compromise the network.
Presently, the most common method to prevent such security breaches is the use of a firewall. A firewall creates a barrier between the connected computer and the Internet. Such firewall may be in the form of software, hardware or a combination thereof. The majority of firewalls utilize the process known as packet filtering to provide protection. Since all internet communications are accomplished via the exchange of individual data packets, the firewall uses a “wall of code” to inspect both inbound and outbound individual data packets to determine whether the packet should be allowed to pass through the wall or be blocked from entry. For instance, most firewalls may be configured to prevent specific IP addresses, subnets, services, socket ports, or the like from allowing access into the network.
In addition to a firewall, an intrusion detection system is often employed to protect a wireless network. While the firewall prevents unauthorized entry, the intrusion detection system detects security violations and intrusions in the event the firewall failed to prevent the unauthorized entry from entering. For example, a typical intrusion detection system monitors activities such as packet traffic or host behavior continually, automatically recognizes inappropriate activities, and reports inappropriate activities to a system administrator upon detection.
Although the combination of a firewall and an intrusion detection system assist in creating a safe wireless network, such security mechanisms are disadvantageous under certain scenarios. Both a firewall and an intrusion detection system are generally based upon monitoring activities within the network such as packet traffic or host behavior while not considering changes in factors external to the networking environment. For example, an aircraft fighter plane equipped with all network services may move from a low threat zone into a high threat or hostile zone with the network capabilities going unchanged for the network is not sensitive to the change in location. Such situation currently requires that network capabilities be severely restricted at all times or provides for the possibility of an attack on the network occurring especially while the aircraft is present in a hostile zone.
Therefore, it would be desirable to provide a security mechanism which uses location information as a controlling parameter.