1. Field of the Invention
The present invention relates generally to communications loops, and more specifically, to a method and system for providing enhanced loop security by measuring a distance between transceivers.
2. Background of the Invention
A multitude of wireless communications systems are in common use today. Mobile telephones, pagers and wireless-connected computing devices such as personal digital assistants (PDAs) and laptop computers provide portable communications at virtually any locality. In particular, BLUETOOTH devices provide a wireless network operating in the 2.4 GHz Industrial Scientific and Medical band (BLUETOOTH is a trademark of Bluetooth SIG, Inc., which is an acronym for Bluetooth Special Interest Group—a consortium of wireless device manufacturers). Wireless local area networks (WLANs) and wireless personal area networks (WPANs) according to the Institute of Electrical and Electronic Engineers (IEEE) specifications 802.11 (WLAN), 802.15.1 (WPAN) and 802.15.4 (WPAN-LR) also provide wireless interconnection of computing devices and personal communications devices, as well as other devices such as home automation devices.
Within the above-listed networks and wireless networks in general, privacy and security are increasingly necessary as devices connected to such wireless networks control critical systems, funds transactions and may contain and exchange confidential information. Wireless networks generally fall within one of two categories: “ad-hoc networks” or “infrastructure networks”. Ad-hoc wireless networks permit connection of devices on an ad-hoc basis wherein devices may enter the range of the wireless network and thereby connect to other devices. Pre-configured infrastructure wireless networks typically permit connection of only authorized devices that are part of the infrastructure known by information stored in a database during network configuration.
Security in an ad-hoc network is difficult to establish, as the only presently available means for uniquely identifying a device is the device name and address, which in many cases can be easily impersonated. Further, since the motivation behind ad-hoc connectivity is ease of connection for devices that are not part of a pre-configured infrastructure, the use of names or addresses to block a connection may not be desirable in general. Security in an infrastructure wireless network is easier to implement, as the device names and addresses are known and key information may be exchanged during network set-up, providing a means for securing the connection of an infrastructure device after an initial set-up. However, infrastructure devices are still subject to impersonation based on interception (reception) of the connection information during the set-up process.
Security protocols in use to protect the set-up process or connection of an ad-hoc device include passwords, verification of device types and names that are typically used in conjunction with key exchange protocols or in the generation of the keys. The establishment of the connection is followed by secured communications encrypted and decrypted using resulting keys. While encryption and decryption can provide very secure communications, key exchange during network setup or ad-hoc connection is a primary weak link in the overall security measure. If an unauthorized device is in the vicinity of a wireless network, it may monitor the network during a key exchange period and retain the information for subsequent connection by impersonating a legitimate device. Further, devices that are not hostile, but are undesired for connection, may accidentally connect during network set-up or as ad-hoc devices if they are within communications range of the network.
Techniques to reduce the possibility of unauthorized or accidental connection generally complicate the setup of wireless networks. A network user or administrator may be required to enter a password or Personal Identification Number (PIN) at the connecting device or a pair of devices, but manual password or PIN entry is tedious and time-consuming and the password may be compromised or hacked. Also, for ad-hoc connections generation or agreement on a unique PIN is generally inconvenient. For infrastructure networks, manually entered keys or digital certificates may be used that are retained in the device, but they are also subject to being compromised and reduce the flexibility of installing new devices on the network or replacing devices already connected. Also, if communications based on the passwords, PINs or digital certificates are intercepted during the connection process, those security measures may be bypassed by using the intercepted key exchange information. “Man-in-the-middle” attacks can be used to “fool” a pair of devices that are attempting to exchange keys. The result of this type of attack is that the intruding device exchanges keys with each of the pair of devices. The intruding device can retain all of the exchanged key information and may modify a transaction, for example to transfer a larger monetary amount from a payor into an alternative fund, while transferring the intended amount from a payor to the intended payee.
In the BLUETOOTH network security model, a combination key mechanism is used that generates an encryption/decryption key from stored passkeys within a pair of devices. When the devices are “paired” (e.g., connected during network setup), if a rouge device is present during pairing, the combination key for access to the devices or link establishment can be acquired. Also, if the passkey space is short, the access may be hacked by calculating the combination keys from guesses at the passkey and comparing them to the received combination keys or attempting to establish a link with a device based on passkey guesses.
In general, secure setup of a wireless network comprises a tradeoff between ease of setup and weakness of security and no matter how complicated the setup process, security can still be compromised. The only information available for uniquely verifying a BLUETOOTH device is its name, class and address, which may be easily copied. Security improvement requires complex manual user intervention such as isolating the devices during pairing.
Further, ad-hoc connection of unknown devices to wireless networks is desirable in many applications, such as automated teller machine (ATM) connections for transactions with a wireless payment or ticketing device or a personal computing device. Although many transactions require supplemental authentication such as password or personal identification number (PIN) entry, it is desirable to eliminate the need for these additional authentication measures.
Therefore, it would be desirable to provide a method and apparatus for enhancing security in a wireless network that does not increase a level of user intervention and provides a level of security that is not compromised by interception of connection information.