Title

非法無線存取點偵測與無線裝置定位之研究

Translated Titles

A Study on Rogue Access Point Detection and Wireless Device Localization

DOI

10.6845/NCHU.2008.01133

Authors

高國峰

Key Words

無線區域網路存取點偵測 ; 封包對 ; 非法無線區域網路存取點 ; 無線基地台 ; 封包分析 ; 定位 ; 情境感知 ; 訊號強度 ; 方向性 ; 無線網路 ; 網路安全 ; AP Detection ; Packet Pair ; Rogue AP ; Packet Analysis ; Security ; Localization ; Location Aware ; Received Signal Strength ; Orientation ; Wireless LAN

PublicationName

中興大學資訊科學與工程學系所學位論文

Volume or Term/Year and Month of Publication

2008年

Academic Degree Category

博士

Advisor

廖宜恩

Content Language

英文

Chinese Abstract

無線網路技術近幾年逐漸成熟,構成無線網路的兩大類裝置:無線區域網路存取點(Access Point)以及遠端無線裝置(Remote Device),在所有學校或企業組織當中也越來越普及。 這使得這些無線裝置的安全管理,成為一個迫切而且重要的研究課題。 非法無線區域網路存取點問題,便是其中一個備受矚目的問題。 非法無線區域網路存取點,指的是未經管理者允許,而由一般使用者或駭客,自行設立的無線區域網路存取點。 這些非法無線區域網路存取點,很容易造成網路安全的重大危害。 針對這個問題,有兩項功能對網路管理是特別有用的。第一項是非法無線區域網路存取點的偵測,第二項是遠端無線裝置的定位。 傳統上,要偵測非法無線區域網路存取點的存在,網管人員必須帶著無線電波偵測器,一一掃描管理區域的每一個角落。 這樣的工作方式,不但需要額外的硬體,又非常辛苦且沒有效率。 本論文提出一種基於網路封包分析,且不需要額外硬體的新方法。 這個方法藉由封包對技術,分析某個連線的客戶端瓶頸頻寬,藉此可以判斷該連線是否來自於非法無線區域網路存取點。 網管人員將可以在辦公室中藉由監控封包,輕鬆的完成非法無線區域網路存取點偵測的工作。 在我們的實驗當中,本論文所提出的方法,可以達到99\%以上的準確率。 實驗結果顯示,本方法確實可以減輕網管人員的負擔,並增加網路的安全性。 在找出非法無線區域網路存取點後,管理者可能需要找出透過非法無線區域網路存取點連線上來的遠端無線裝置的位置,以作進一步的處裡。 要達到這個目的,我們便需要遠端無線裝置的定位的功能。 而事實上,無線裝置的定位技術,除了能在解決非法無線區域網路存取點問題,扮演重要的角色,這技術更是情境感知服務的重要基礎。 在定位技術的研究當中,定位準確度是一個非常重要的課題。 傳統的定位演算法,只藉由感測到的訊號強度來定位。 本研究提出一個,藉由訊號強度以及偵測使用者方向,來改善準確度的方法。 理論上,若能掌握使用者的正確方向,我們便可以在預測位置時,只使用該方向的訓練資料來作為預測的依據。 因此,可以增加預測的準確度。 然而實務上,若方向性資訊,也是經由預測得知;那麼,在使用該方向性資訊時,便要非常小心。 因為,不正確的方向性資訊,反而會降低預測準確度。 為了能夠避免誤用方向性資訊的傷害,本研究提出一項假設。 我們假設,當方向預測錯誤時,該錯誤將不會偏於特定方向。 基於這個假設,本研究提出一個累進方向性強度演算法。 這個演算法,能夠讓我們恰當的使用正確的方向性資訊,並且避免使用錯誤的方向性資訊。 藉此,我們可以改善位置預測的整體準確度。 我們使用貝氏模型,來實做該系統,並以中興大學理學院大樓七樓為測試環境,來檢驗我們的假設及該演算法的效能。 實驗數據顯示,我們提出的方法,確實能夠改善準確度。 這將可以為解決非法無線區域網路存取點問題,以及建立情境感知服務,提供更有力的幫助。

English Abstract

The wireless LAN (WLAN), which contains Access Points (AP) and remote devices, has become increasingly popular due to its low price and easy installation. However, the popularity of the WLAN increases the threat of network security. One of the important security problems is the rogue AP problem. In unprotected areas, an unauthorized AP can be plugged into the LANs of most organizations quickly and easily, the matter which results in serious security problems. Network managers always look at two useful functions on the AP and the remote device to resist the invasion of the rogue AP. One is to detect whether illegal APs are deployed on the managed area. The second is to predict the position of a remote device from the rogue AP. To detect an AP, the network manager traditionally takes an electric wave sensor across the whole protected place. This method of detection is very difficult and inefficient. This study presents a new method to detect an AP without additional hardware and intense effort. This new method determines whether the network packets of an IP are routed from APs according to client-side bottleneck bandwidth. The network manager can then perform his job from his office by monitoring the packets passing through the core switch. The experimental results indicate that the accuracies of this method constantly remain above 99%. The proposed method can effectively reduce the detailed labor of the network manager and increase the network security. Once a rogue AP is detected, the next task is to find the location of the illegal user. Due to the rogue AP problem and the demand for context-aware services inside buildings, the WLAN-based location determination has emerged as a significant research topic. However, prediction accuracy remains a primary issue in the practicality of WLAN-based location determination systems. This study proposes an innovative scheme that utilizes mobile user orientation information to improve prediction accuracy. Theoretically, if the precise orientation of a user can be identified, then the location determination system can predict that user's location with a high degree of accuracy by using the training data of this specific orientation. In reality, a mobile user's orientation can be estimated only by comparing variations in received signal strength; and the predicted orientation may be incorrect. Incorrect orientation information causes the accuracy of the entire system to decrease. Therefore, this study presents an accumulated orientation strength algorithm which can utilize uncertain estimated orientation information to improve prediction accuracy. Implementation of this system is based on the Bayesian model, and the experimental results show the effectiveness of the proposed approach.

Topic Category 基礎與應用科學 > 資訊科學
電機資訊學院 > 資訊科學與工程學系所
Reference
  1. [1] AirDefense, Wireless LAN Security. http://airdefense.net.
    連結:
  2. [2] AirMagnet, AirMagnet Distributed System. http://airmagnet.com.
    連結:
  3. user location and tracking system,". Tech. Rep. MSR-TR-2000-12, Microsoft
    連結:
  4. Research, February 2000.
    連結:
  5. based user location and tracking system," in Proceedings of IEEE Infocom,
    連結:
  6. pp. 775{784, March 2000.
    連結:
  7. [6] Anand Balachandran, Geo®rey M. Voelker, Paramvir Bahl, and P. Venkat Ran-
    連結:
  8. gan, Characterizing user behavior and network performance in a public wire-
    連結:
  9. international conference on Measurement and modeling of computer systems,
    連結:
  10. [7] Suman Banerjee, Sulabh Agarwal, Kevin Kamel, Andrzej Kochut, Christo-
    連結:
  11. Moustafa Youssef, Ronald L. Larsen, A. Udaya Shankar, and Ashok Agrawala,
    連結:
  12. Rover: Scalable location-aware computing," Computer, vol. 35, no. 10, pp. 46{
    連結:
  13. computing: a neural network model for determining location in wireless LANs,".
    連結:
  14. Tech. Rep. DIT-5, Informatica e Telecomunicazioni, University of Trento, 2002.
    連結:
  15. [9] Raheem Beyah, Shantanu Kangude, George Yu, Brian Strickland, and John
    連結:
  16. Copeland, Rogue access point detection using temporal tra±c characteristics,"
    連結:
  17. in IEEE GLOBECOM 2004, December 2004.
    連結:
  18. [10] Bhagyavati, Wayne C. Summers, and Anthony DeJoie, Wireless security tech-
    連結:
  19. ence on Information security curriculum development, pp. 82{87, New York,
    連結:
  20. [11] Jean-Chrysotome Bolot, End-to-end packet delay and loss behavior in the
    連結:
  21. [12] Huiping Cao, Shan Wang, and Lingwei Li, Location dependent query in a
    連結:
  22. schemes for TCP over wireless networks," IEEE Transactions on Mobile Com-
    連結:
  23. puting, vol. 3, 2004.
    連結:
  24. [14] Robert L. Carter and Mark E. Crovella, Measuring bottleneck link speed in
    連結:
  25. bilistic room location service for wireless networked environments," in Proceed-
    連結:
  26. [16] Chih-Yung Chang, Kuei-Ping Shih, Chung-Hsien Hsu, and Hung-Chang Chen,
    連結:
  27. A location-aware multicasting protocol for bluetooth location networks," In-
    連結:
  28. College, November 2000.
    連結:
  29. [18] Cisco, Cisco wireless location appliance," http://www.cisco.com/en/US/ prod-
    連結:
  30. location system based on dynamic mapping of signal strength," in MobiWac
    連結:
  31. Wireless Access, pp. 92{99, 2006.
    連結:
  32. [20] Constantinos Dovrolis, Ravi Prasad, Margaret Murray, and Kc Cla®y, Band-
    連結:
  33. width estimation: metrics, measurement techniques, and tools," Network,
    連結:
  34. IEEE, vol. 17, 2003.
    連結:
  35. [21] Constantinos Dovrolis, Parameswaran Ramanathan, and David Moore, What
    連結:
  36. do packet dispersion techniques measure?," in INFOCOM, pp. 905{914, 2001.
    連結:
  37. [22] Richard O. Duda, Peter E. Hart, and David G. Stork, Pattern Classi‾cation,
    連結:
  38. [23] Ekahau, Ekahau positioning engine," http://www.ekahau.com/.
    連結:
  39. ceedings of the Second International Workshop on Mobility Management &
    連結:
  40. Wireless Access Protocols, pp. 2{9, 2004.
    連結:
  41. estimation of stationary and mobile users," in Proceedings of IEEE Infocom,
    連結:
  42. pp. 1032{1043, March 2004.
    連結:
  43. [26] Andreas Haeberlen, Eliot Flannery, Andrew M. Ladd, Algis Rudys, Dan S.
    連結:
  44. Wallach, and Lydia E. Kavraki, Practical robust localization over large-scale
    連結:
  45. ternational Conference on Mobile Computing and Networking, pp. 70{84, Sep
    連結:
  46. Francisco, CA, USA: Morgan Kaufmann, 2001.
    連結:
  47. The anatomy of a context-aware application," in Proceedings of the 5th Annual
    連結:
  48. systems for ubiquitous computing,". Tech. Rep. UW-CSE 01-08-03, Dept. of
    連結:
  49. Computer Science and Engineering, University of Washington, 2001.
    連結:
  50. study of localization using wireless Ethernet," in Proceedings of the Interna-
    連結:
  51. tional Conference on Field and Service Robotics, pp. 201{206, Jul 2003.
    連結:
  52. [32] Eija Kaasinen, User needs for location-aware mobile services," Personal Ubiq-
    連結:
  53. ceived signal strength for WLAN location ‾ngerprinting," in MobiQuitous '04:
    連結:
  54. [34] Srinivasan Keshav, A control-theoretic approach to °ow control," in SIG-
    連結:
  55. Ganu, A system for lease: Location estimation assisted by stationery emitters
    連結:
  56. [36] Andrew M. Ladd, Kostas E. Bekris, Algis Rudys, Lydia E. Kavraki, and Dan S.
    連結:
  57. Wallach, Robotics-based location sensing using wireless Ethernet," Wireless
    連結:
  58. [37] Andrew M. Ladd, Kostas E. Bekris, Algis Rudys, Guillaume Marceau, Lydia E.
    連結:
  59. Kavraki, and Dan S. Wallach, Robotics-based location sensing using wireless
    連結:
  60. [39] Yui-Wah Lee, Eric Stuntebeck, and Scott C. Miller, MERIT: Mesh of RF
    連結:
  61. Communications and Networks, pp. 545{554, 2006.
    連結:
  62. cation based on accumulated orientation strength algorithm," in Proceedings
    連結:
  63. packet analysis," in Master Thesis of National Chung Hsing University, Taiwan,
    連結:
  64. June 2005.
    連結:
  65. [42] Tom Logsdon, Understanding the NAVSTAR: GPS, GIS, and IVHS ,Second
    連結:
  66. [43] MICA2, Crossbow wireless sensor networks," http://www.xbow.com/Products/
    連結:
  67. surroundings: Enabling techniques and technologies for localization," in LoCA:
    連結:
  68. Berlin, May 2005. Springer-Verlag.
    連結:
  69. ference Assistant with priVacy Observant architectURe," in ICSOC 2005: Pro-
    連結:
  70. ceedings of the 3rd International Conference on Service Oriented Computing,
    連結:
  71. MARC: Indoor location sensing using active RFID," Wirel. Netw., vol. 10,
    連結:
  72. tem for wireless networks based on linear discriminant functions and hidden
    連結:
  73. markov models," EURASIP Journal on Applied Signal Processing, vol. 2006,
    連結:
  74. [49] Nissanka B. Priyantha, Anit Chakraborty, and Hari Balakrishnan, The cricket
    連結:
  75. horjan, Measurement-based characterization of 802.11 in a hotspot setting,"
    連結:
  76. perimental approaches to wireless network design and analysis, pp. 5{10, New
    連結:
  77. Conference on Communications and Mobile Computing, pp. 1141{1146, 2006.
    連結:
  78. proach to in-door localization of wireless devices using received signal strength
    連結:
  79. Conference on Pervasive Computing and Communications, pp. 75{84, March
    連結:
  80. Wang, Location sensing and privacy in a context aware computing environ-
    連結:
  81. ment," IEEE Wireless Communications, vol. 9, no. 5, pp. 10{17, 2002.
    連結:
  82. available bandwidth estimation tools," in IMC '03: Proceedings of the 3rd ACM
    連結:
  83. SIGCOMM conference on Internet measurement, pp. 39{44, New York, NY,
    連結:
  84. USA, 2003. ACM Press.
    連結:
  85. active o±ce," IEEE Personal Communications, vol. 4, no. 5, pp. 42{47, 1997.
    連結:
  86. [57] Wavelink, Rogue Access Point Dection. http://www.proxim.com/learn/library
    連結:
  87. [58] Jay Werb and Colin Lanzl, Designing a positioning system for ‾nding things
    連結:
  88. [60] Ian H. Witten and Eibe Frank, Data Mining: Practical machine learning tools
    連結:
  89. [61] Alec Woo, Terence Tong, and David Culler, Taming the underlying challenges
    連結:
  90. of reliable multihop routing in sensor networks," in SenSys '03: Proceedings
    連結:
  91. of the 1st International Conference on Embedded Networked Sensor Systems,
    連結:
  92. [62] Ronald R. Yager, An extension of the naive bayesian classi‾er," Information
    連結:
  93. [63] Moustafa Youssef and Ashok Agrawala, The Horus WLAN location determina-
    連結:
  94. [64] Moustafa A. Youssef, Ashok Agrawala, and A. Udaya Shankar, WLAN loca-
    連結:
  95. tion determination via clustering and probability distributions," in Proceedings
    連結:
  96. of the First IEEE International Conference on Pervasive Computing and Com-
    連結:
  97. [65] Yasir Zahur and T. Andrew Yang, Wireless lan security and laboratory de-
    連結:
  98. 1st International Conference on Embedded Networked Sensor Systems, pp. 1{
    連結:
  99. [67] Gang Zhou, Tian He, Sudha Krishnamurthy, and John A. Stankovic, Impact
    連結:
  100. of radio irregularity on wireless sensor networks," in MobiSys '04: Proceed-
    連結:
  101. Services, pp. 125{138, 2004.
    連結:
  102. European University Information Systems, pp. 448{453, June 2006.
    連結:
  103. [3] AirWave, AirWave Management Platform. http://airwave.com.
  104. [4] Paramvir Bahl and Venkata N. Padmanabhan. Enhancements to the RADAR
  105. [5] Paramvir Bahl and Venkata N. Padmanabhan, RADAR: An in-building RF-
  106. less lan," in SIGMETRICS '02: Proceedings of the 2002 ACM SIGMETRICS
  107. pp. 195{205, New York, NY, USA, 2002. ACM Press.
  108. pher Kommareddy, Tamer Nadeem, Pankaj Thakkar, Bao Trinh, Adel Youssef,
  109. 53, 2002.
  110. [8] Roberto Battiti, Thang Le Nhat, and Alessandro Villani. Location-aware
  111. niques: an overview," in InfoSecCD '04: Proceedings of the 1st annual confer-
  112. NY, USA, 2004. ACM Press.
  113. internet," in SIGCOMM '93: Conference proceedings on Communications ar-
  114. chitectures, protocols and applications, pp. 289{298, New York, NY, USA, 1993.
  115. ACM Press.
  116. mobile environment," Information Sciences, vol. 154, no. 1-2, pp. 71{83, 2003.
  117. [13] Antonio Capone, Luigi Fratta, and Fabio Martignon, Bandwidth estimation
  118. packet-switched networks," Perform. Eval., vol. 27-28, pp. 297{318, 1996.
  119. [15] Paul Castro, Patrick Chiu, Ted Kremenek, and Richard R. Muntz, A proba-
  120. ings of the 3rd International Conference on Ubiquitous Computing, pp. 18{34,
  121. 2001.
  122. formation Sciences, vol. 177, no. 15, pp. 3161{3177, 2007.
  123. [17] Guanling Chen and David Kotz. A survey of context-aware mobile computing
  124. research,". Tech. Rep. TR2000-381, Dept. of Computer Science, Dartmouth
  125. ucts/ps6386/index.html.
  126. [19] Lu³s Felipe M. de Moraes and Bruno Astuto A. Nunes, Calibration-free WLAN
  127. '06: Proceedings of the International Workshop on Mobility Management and
  128. Second Edition. Hoboken, NJ, USA: Wiley, 2000.
  129. [24] Youngjune Gwon and Ravi Jain, Error characteristics and calibration-free
  130. techniques for wireless LAN-based location estimation," in MobiWac '04: Pro-
  131. [25] Youngjune Gwon, Ravi Jain, and Toshiro Kawahara, Robust indoor location
  132. 802.11 wireless networks," in MOBICOM: Proceedings of the Tenth ACM In-
  133. 2004.
  134. [27] Jiawei Han and Micheline Kamber, Data Mining Concepts and Techniques. San
  135. [28] Andy Harter, Andy Hopper, Pete Steggles, Andy Ward, and Paul Webster,
  136. ACM/IEEE International Conference on Mobile Computing and Networking,
  137. pp. 59{68, 1999.
  138. [29] HighHall, WLAN Monitoring, Intrusion Prevention and Rogue Detection.
  139. http://www.highwalltech.com/.
  140. [30] Je®rey Hightower and Gaetano Borriello. A survey and taxonomy of location
  141. [31] Andrew Howard, Sajid Siddiqi, and Gaurav S. Sukhatme, An experimental
  142. uitous Comput., vol. 7, no. 1, pp. 70{79, 2003.
  143. [33] Kamol Kaemarungsi and Prashant Krishnamurthy, Properties of indoor re-
  144. Proceedings of the 1st Annual International Conference on Mobile and Ubiqui-
  145. tous Systems: Networking and Services, pp. 14{23, August 2004.
  146. COMM '91: Proceedings of the conference on Communications architecture &
  147. protocols, pp. 3{15, New York, NY, USA, 1991. ACM Press.
  148. [35] P. Krishnan, A. S. Krishnakumar, Wen-Hua Ju, Colin Mallows, and Sachin
  149. for indoor rf wireless networks," in Proceedings of IEEE Infocom, 2004.
  150. Networks, vol. 11, no. 1, 2005.
  151. Ethernet," in MOBICOM: Proceedings of the Eighth ACM International Con-
  152. ference on Mobile Computing and Networking, pp. 227{238, 2002.
  153. [38] Kevin Lai and Mary Baker, Nettimer: A tool for measuring bottleneck link
  154. bandwidth," in USENIX Symposium on Internet Technologies and Systems,
  155. 2001.
  156. sensors for indoor tracking," in SECON2006: Proceedings of the Third An-
  157. nual IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc
  158. [40] I-En Liao, Kuo-Fong Kao, and Ke-An Chen, WLAN location-aware appli-
  159. of First European Conference on Smart Sensing and Context (Paul Havinga,
  160. Maria Lijding, Nirvana Meratnia, and Maarten Wegdam, eds.), vol. 4272 of
  161. LNCS, pp. 204{217. Springer, 2006.
  162. [41] Chih-Chieh Ling, Detection of unlawful wireless access point based on network
  163. Edition. Dordrecht, The Netherlands: Kluwer Academic, 1995.
  164. productdetails.aspx?sid=174.
  165. [44] K. Muthukrishnan, M. E. M. Lijding, and P. J. M. Havinga, Towards smart
  166. Proceedings of the 1st Int. Workshop on Location- and Context-Awareness
  167. (T. Strang and C. Linnho®-Popien, eds.), vol. 3479 of LNCS, pp. 350{362,
  168. [45] Kavitha Muthukrishnan, Nirvana Meratnia, Georgi Koprinkov, Maria Lijding,
  169. and Paul Havinga, Demonstrating FLAVOUR: Friendly Location-aware con-
  170. pp. 13{16, 2005.
  171. [46] NetStumbler. http://www.netstumbler.com.
  172. [47] Lionel M. Ni, Yunhao Liu, Yiu Cho Lau, and Abhishek P. Patil, LAND-
  173. no. 6, pp. 701{710, 2004.
  174. [48] Galo Nu~no-Barrau and Jose M. Paez-Borrallo, A new location estimation sys-
  175. pp. Article ID 68154, 17 pages, 2006.
  176. location-support system," in Proceedings of the 6th Annual International Con-
  177. ference on Mobile Computing and Networking, pp. 32{43, 2000.
  178. [50] Maya Rodrig, Charles Reis, Ratul Mahajan, David Wetherall, and John Za-
  179. in E-WIND '05: Proceeding of the 2005 ACM SIGCOMM workshop on Ex-
  180. York, NY, USA, 2005. ACM Press.
  181. [51] C. Philipp Schloter and Hamid Aghajan, Wireless symbolic positioning using
  182. support vector machines," in IWCMC '06: Proceeding of the 2006 International
  183. [52] T.S. Seidel, S.Y.; Rappaport, 914 mhz path loss prediction models for indoor
  184. wireless communications in multi°oored buildings," IEEE Transactions on An-
  185. tennas and Propagation, vol. 40, no. 2, pp. 207{217, 1992.
  186. [53] Vinay Seshadri, Gergely Zaruba, and Manfred Huber, A bayesian sampling ap-
  187. indication," in PerCom 2005: Proceedings of the Third IEEE International
  188. 2005.
  189. [54] Asim Smailagic, Daniel P. Siewiorek, Joshua Anhalt, David Kogan, and Yang
  190. [55] Jacob Strauss, Dina Katabi, and Frans Kaashoek, A measurement study of
  191. [56] Andy Ward, Alan Jones, and Andy Hopper, A new location technique for the
  192. /whitepapers.
  193. and people indoors," IEEE Spectrum, vol. 35, pp. 71{78, September 1998.
  194. [59] Wimetrics, WiSentry. http://www.wimetrics.com/.
  195. and techniques, 2nd Edition. San Francisco, CA, USA: Morgan Kaufmann,
  196. 2005.
  197. pp. 14{27, 2003.
  198. Sciences, vol. 176, no. 5, pp. 577{588, 2006.
  199. tion system," in MobiSys '05: Proceedings of the 3rd International Conference
  200. on Mobile Systems, Applications, and Services, pp. 205{218, 2005.
  201. munications, pp. 143{150, 2003.
  202. signs," J. Comput. Small Coll., vol. 19, no. 3, pp. 44{60, 2004.
  203. [66] Jerry Zhao and Ramesh Govindan, Understanding packet delivery perfor-
  204. mance in dense wireless sensor networks," in SenSys '03: Proceedings of the
  205. 13, 2003.
  206. ings of the 2nd International Conference on Mobile Systems, Applications, and
  207. [68] Rui Zhou, Enhanced wireless indoor tracking system in multi-°oor buildings
  208. with location predication," in EUNIS 2006: Proceedings of the Conference on
  209. [69] Rui Zhou, Wireless indoor tracking system (WITS)," in Proceedings of doIT
  210. Conference on Software Research, pp. 163{177, July 2006.