HK1112080B - System and method for providing variable security level in a wireless communication system - Google Patents
System and method for providing variable security level in a wireless communication system Download PDFInfo
- Publication number
- HK1112080B HK1112080B HK08106888.4A HK08106888A HK1112080B HK 1112080 B HK1112080 B HK 1112080B HK 08106888 A HK08106888 A HK 08106888A HK 1112080 B HK1112080 B HK 1112080B
- Authority
- HK
- Hong Kong
- Prior art keywords
- security level
- intruder
- wireless device
- establishing
- wireless
- Prior art date
Links
Description
Technical Field
The present invention relates to wireless communication network security. More particularly, the present invention relates to a method of providing secure communications in a wireless communication system.
Background
The nature of wireless communication networks makes them highly vulnerable to attack, and there are currently a number of security measures to protect wireless communications between wireless transmit/receive units (WTRUs) and other WTRUs, as well as between WTRUs and wireless Access Points (APs), including, for example, various forms of encryption, which are procedures that encode information that can only be decoded by recipients with the appropriate keys. Other techniques for routing wireless data include, for example, error correction codes, checksum (checksum), hash functions (including message authentication codes), digital signatures, network security protocol (SSL) techniques, and the like.
Different wireless communication networks employ different security technologies, for example, IEEE 802.11a/b wlan employ Wired Equivalent Privacy (WEP), symmetric key encryption (symmetric key) mechanisms to secure wireless communications over wireless networks. IEEE 802.11i WLANs use Wi-Fi protected Access (WPA) to secure wireless communications over a wireless network. Cellular networks, such as GSSM and UMTS networks, use the authentication and key exchange protocol (AKA), which uses integrity keys (integrity keys), encryption keys (cipher keys), and anonymity keys (anonymity keys), which form the basis for the confidentiality, integrity, authentication, and anonymity of a security system, typically using security measures or techniques specified by appropriate standards.
These security techniques require a large amount of computational power and thus create a bottleneck in the operating rate of the network, e.g., a PalmTMThe III-X handheld WTRU requires 3.4 minutes to perform the 512-bit RSA key generation, 7 seconds to perform the digital signature generation, and DES encryption can only be performed at 13kbps at most, and the increased electronic power consumption is an additional drawback associated with the high security encryption algorithm.
Thus, the competition for the interest in data security and network performance is to create a fixed level of network security. Generally, the data rate of a network is inversely proportional to the security level of the network, meaning that increasing the security of a wireless network reduces the rate at which data is communicated over the network, and the security parameters selected by the network administrator are typically optimized for the particular use of the wireless communication network in place of competing interests.
Fig. 1 illustrates a conventional wireless communication network 100 that operates with a fixed security level. The network shown in fig. 1 is a Wireless Local Area Network (WLAN) as used in homes and small businesses. An ap 110 connects the WLAN to the internet 120 and an internal network 125 and is configured with a plurality of WTRUs 130, e.g., 1301、1302、1303Within a trust zone 140 extending a predetermined distance from the wireless ap 110. The WTRUs 130 hold the appropriate encryption keys or other information as needed, depending on the nature of the security technology used in the network 100.
The security level maintained between devices operating within the trust zone 140 of the network 100 is fixed and does not change unless a system administrator adjusts security settings or turns security off. For example, an intruder WTRU 150 is located at a location a outside the trust zone 140, and the security level of the system remains unchanged when the intruder WTRU 150 enters location B of the trust zone 140, the intruder WTRU 150 not having the necessary encryption keys or other information required by currently used security techniques, or otherwise not having the above information. The aggressor WTRU 150 may access the network 100 if the aggressor WTRU 150 holds the appropriate encryption key or other necessary information, however, the aggressor WTRU 150 may not be able to communicate with the network 100 if the aggressor WTRU 150 does not have the required encryption key or other information.
Thus, the network 100 does not need to expend significant resources in security when only trusted WTRUs 130 are operating within the network 100. When only trusted WTRUs 130 are operating within the trust zone, the network 100 sacrifices the ability to provide higher data rates by maintaining an unnecessarily high level of security.
Therefore, there is a need for a method of providing variable security in a wireless communication network.
Disclosure of Invention
The present invention is a system and method for providing variable security levels in a wireless communication network. The present invention is optimized for the conflict often created by the requirements of highly secure wireless communications and high rate wireless communications. In accordance with the preferred embodiment of the present invention, different security sensors are scanned to determine that there is a possible intruder within a predetermined trust zone, and if an intruder is likely to be present, the security level is changed to the highest level setting and therefore a lower data rate, while the intruder is identified. If the intruder is identified as actually a trusted node, the security level reverts to a lower setting, and if the intruder is not identified as a trusted node, the security level remains at a higher level while the intruder is in the trust zone.
Drawings
The invention will be understood in more detail from the following description of a preferred embodiment, given as an example, with reference to the accompanying drawings, in which:
figure 1 illustrates a conventional wireless communication system having a predetermined trust zone in which a plurality of trusted WTRUs operate and an aggressor WTRU enters the trust zone;
FIG. 2 is a flow chart of a method for providing variable security levels in a wireless communication system, in accordance with a preferred embodiment of the present invention;
FIG. 3 is a diagram of a wireless communication system having a predetermined trust zone in which a plurality of trusted WTRUs operate and implement variable security levels in accordance with the present invention; and
FIG. 4 is a block diagram of a node implementing a variable security level in accordance with the present invention.
Detailed Description
The present invention will be described in more detail with reference to the drawings, wherein like reference numerals refer to like elements throughout.
When referred to hereafter, a wireless transmit/receive unit (WTRU) includes, but is not limited to, a mobile telephone, pager, laptop, User Equipment (UE), Mobile Station (MS), a fixed or mobile subscriber unit (mu), or any other type of device capable of operating in a wireless environment. When referred to hereafter, an access point includes, but is not limited to, a base station, a node B, a site controller, or any other type of interface in a wireless environment. When referring to a node, it may be a WTRU or an access point. When referring to trust zones, it is meant a physical space in which the network may determine in an anticipatory manner that a WTRU or other mobile device may be present. Thereafter, when referring to an intruder, this indicates that any WTRU or other mobile device operating within a trusted area is not connected to the wireless communication network.
In a preferred embodiment of the present invention, a wireless communication system dynamically changes its security level based on the presence of an intruder within a trust zone. For simplicity, the present invention will be described in terms of an 802.11WLAN using WEP security, and it should be noted by those skilled in the art that this embodiment of the present invention is an example, and the present invention is not limited thereto, and the present invention can be implemented in different types of wireless communication networks, for example, 3G, 802.x, GPRS, etc., which use different security protocols, for example, symmetric encryption, asymmetric encryption, error correction codes, checksum, hash functions (including information authentication codes), digital signatures, SSL, etc., which are used alone or in combination.
Referring to fig. 2, a method 200 for providing variable security levels in a wireless communication network is shown, in accordance with a preferred embodiment of the present invention. The method 200 is initiated when the wireless communication system is on-line, or a system administrator may turn the variable security level method on or off as desired. First, intruders in the trust zone are scanned by different security sensors (step 210), which may include, for example, infrared sensors, video surveillance sensors, photoelectric sensors, motion sensors, sound sensors, etc., alone or in different combinations, or may use conventional wireless Radio Frequency (RF) sensors, such as antennas, smart antennas, etc., to scan for possible intruders, or may use different signal quality metrics, such as Channel Impulse Response (CIR) of channel change of signal band, as a means for detecting intruders, or may use spatial/frequency/temporal CIR, etc.
The system administrator may adjust the settings and parameters of the various security scanning devices to adjust the thresholds and sensitivity of detecting the presence of an intruder. Then, based on the security sensor scan, a determination is made as to whether any intruders are likely to be present (step 220), and if no intruders are detected, the method returns to step 210 for further scanning.
If an intruder is detected, the security level of the network is immediately upgraded to a level higher than the current level (step 230), for example, if the wireless system uses public key encryption (e.g., Wired Equivalent Privacy (WEP)) for its security protection, a longer public key is used, for example, the public key can range from 64 bits to 128 bits in length, thereby providing a higher security level.
Alternatively, when the wireless system uses asymmetric encryption, the frequency of key changes may be increased to provide higher levels of security, and the trusted user may be alerted to the possible presence of an intruder and advised that increased security and decreased data rates may result from the above. Alternatively, when all traffic in the wireless network is encrypted and decrypted, the enhanced level of security may be to restrict all unencrypted communications and only allow encrypted communications. Alternatively, when the AP or WTRU or both are equipped with switched beam antennas, the higher security level may be to use the beam steering technique to create an invalid space to cover the spatial location of the intruder, in a manner well known to those skilled in the art. These techniques may be used alone or in combination, providing a highly secure level as desired.
The system administrator may decide, as desired, the different security levels that the system changes immediately upon detection of a possible intruder. Alternatively, the system may be configured by the system administrator to stop all data transmissions, however, this approach may be impractical in certain wireless communication systems, such as 3G wireless communication systems that primarily communicate audio.
The potential intruder is identified when the system is operating in an enhanced security level (step 240). If the intruder is a wireless communication device, the intruder's identification can be made, for example, by polling, signaling, referencing a database, remote authentication, etc., whereby a challenger can ascertain the security characteristics of an intruder device, RF channel sensing, and/or CIR signature. Various other identification techniques are also known to those skilled in the art.
The method 200 then determines whether the identified intruder is trusted (step 250). This may include determining whether the identified intruder is operating in an expected manner, if the intruder is another wireless communication device, the intruder may register with the network at some point in the time stamp, and such registration may allow the network to identify the intruder, with or without reference to the database of known and trusted devices in this determination. In other cases, the identification of the intruder may not be required, for example, when the policy is to stop data transmission or to invalidate the spatial location of the intruder.
If the network determines that the identified intruder is not trusted or that the network is unable to identify whether the intruder is trusted, the network is maintained at an increased security level for as long as the identified intruder is likely to be present in the trusted zone (step 260). On the other hand, if the network determines that the identified intruder is trusted, the security level is set to a predetermined security level that is suitable for use by the identified intruder (step 270). When beam steering invalidation signals are used to cover the location of the intruder, an intruder identified as trusted enters the network by terminating the invalidation. In either case, the method 200 returns to step 210 for further scanning.
Typically, the determination to change the security level settings is done locally in the area where the intruder is identified, followed by the intruder's identification and any additional information, such as any classification information, location information, etc., throughout the network. For example, in a WLAN, the identification of an intruder may be performed on the WTRU and AP (note that since APs typically control more functions than WTRUs, there is a higher probability of identifying the intruder by the AP), any station that identifies an intruder will immediately change its own security policy and begin notifying other nodes on the network.
Referring now to fig. 3, an illustration of a wireless communication network, generally designated 300, operating in accordance with the present invention is shown. The network 300 is, for example, an IEEE 802.11x network using WEP security techniques. An ap 310 connects WTRUs, designated by the number 330, to the internet 120 and an intranet 125. A trust zone 340 extends a predetermined distance from the ap 310, the size or extension of the trust zone being determined by a system administrator as desiredDifferent parameters are corrected. WTRUs identified by the network, and determined to be trusted, are designated as number 3301、3302And 3303Commonly referred to as number 330.
To illustrate the operation of the variable security levels of the present invention, two examples of variable security levels will be described herein. When an intruder WTRU 350 is located at location a outside the trust zone, the network security level is optionally set to trust communication, typically at a relatively low security level to achieve a higher level of data throughput. For example, the network uses WEP encryption to secure the wireless communication, and the relatively low security level is 64-bit keys, or no keys at all. When the aggressor WTRU 350 enters location B of the trust zone 340, various security sensors determine that there is a possible presence of an aggressor, and upon determining that the aggressor WTRU 350 is present at location B, the network raises the security level, for example, setting the ciphering key length to 128 bits. The network attempts to identify the aggressor WTRU 350. in the first example, the aggressor 350 is independent of the network 300 and is determined to be untrusted, thus, the security level is maintained at an elevated security level while the aggressor WTRU 350 is at location B, and the network 300 returns to a lower security level when the aggressor WTRU 350 leaves the trust zone 340 and is at location C.
Alternatively, referring to fig. 3, in a second example, an intruder 360 is in fact a trusted WTRU located at location D outside the trust zone 340. upon entering the trust zone 340, the intruder WTRU 360 is located at location E and is sensed by various network security sensors of the network 300. Upon determining that an intruder is likely to be present, the security level of the network 300 is increased. The intruder WTRU 360 then identifies as a trusted WTRU from the network 300 using authentication methods well known to those skilled in the art. The security level of the network 300 is then returned to its original, relatively low security level.
In another embodiment of the present invention, referring again to FIG. 3, different security levels may be configured for different WTRUs within a trusted area of the network. For example, referring again to fig. 3, the intruder 360 is in fact a trusted WTRU that moves to location E within the trust zone 340, the security level is raised and the intruder WTRU 360 is authenticated. When the intruder WTRU 360 leaves the trust zone 340 to location F, the security level is lowered, but preferably does not return to its original security level, which is preferably set to an intermediate level. In this manner, the variable security level method of the present invention provides a variable security manner that can be configured to correspond to particular WTRUs operating within the network 300, thereby optimizing transmission rates and network security for particular network conditions.
It should be understood by those skilled in the art that multiple security levels may be implemented, as the system administrator may set as desired, based on the threat to network security as measured by the various sensors throughout the communication system.
It will be appreciated by those skilled in the art that different levels of security can be achieved by using other well-known data protection mechanisms, including, but not limited to, changing error correction codes, checksums, hash functions (including message authentication codes), digital signatures, parameters for different ciphers, changing cipher forms, changing antenna patterns, completely or partially interrupting transmissions, changing transmission power, and the like.
Referring to fig. 4, a node 400 implementing variable security levels in a wireless communication system according to the present invention is shown, where the node 400 may be an access point, a WTRU, or any other device capable of operating in a wireless environment. The intruder detector 410 is configured to detect the presence of an intruder within a trust zone, and more precisely, the intruder detector 410 receives and processes data about the intruder via an antenna 420, wherein the antenna 420 is used as a sensor, and the antenna 420 can also receive data about the intruder from other sensors disposed within the trust zone. In another embodiment of the present invention, the node 400 may be configured to receive data about an intruder from a sensor that is hardwired to the node 400 via terminal 430. As previously described, the sensor may be in the form of a sensor for detecting intruders. In a preferred embodiment of the present invention, upon detection of an intruder, the intruder detector 410 notifies the security level controller 450, which sets the network security level to the safest security level via the antenna 420. Alternatively, when an intruder is detected, the security level is increased to an elevated level predetermined by the system operator. The intruder detector 410 can also be provided with a processor to promote security levels immediately upon detection of an intruder within a trust zone without requiring security level promotion by the security level controller 450.
The intruder identifier 440 receives data about the detected intruder from the intruder detector 410. the intruder identifier 440 determines whether the intruder is a trusted device based on the intruder's identification data. As described above, different authentication methods may be used to identify and determine whether the intruder is trusted, for example, by polling, signaling, referencing a database, remote authentication, etc., whereby a challenger may ascertain the security characteristics of an intruder device, RF channel sensing, and/or CIR signature. Various other identification techniques are also known to those skilled in the art. The database of trusted devices may be used to determine whether an intruder device is trusted, or determining whether the device is trusted may include determining whether the identified intruder is operating in an expected manner.
The node 400 further includes a security level controller 450 for determining and managing the security level of the communication system. The security level controller 450 receives data regarding the identity and trust status of detected intruders from the intruder identifier 440. when the intruder identifier 440 determines that an intruder is an untrusted device, the security level controller 450 raises the security level to a more secure security level, and when the intruder identifier 440 determines that an intruder is in fact a trusted device, the security level controller 450 lowers the security level to a lower level security level, thereby increasing the data rate. Alternatively, an intermediate level of security may be required, depending on operator preference. In a preferred embodiment, when an intruder is detected within the trust zone and a security level is immediately raised, if the intruder is an untrusted device, the security level is maintained in a highly secure state, which may be the same or different than before the intruder was detected. The security level controller 450 notifies other nodes operating in the communication system of the security level change and the presence of trusted and untrusted intruders via antenna 420.
The security level controller 450 further controls and stores various security data to implement various security levels, including, for example, encryption keys, the length of the current encryption key, hash functions, authentication keys, SSIDs, and the like. When symmetric cryptography is not used, the security level controller 450 controls the rotation of the public key.
The intruder detector 410, intruder identifier 440, and security level controller 450 may be integrated on an Integrated Circuit (IC), or configured on a circuit comprising a plurality of interconnected components, or any other type of circuit and/or processor. Those skilled in the art will appreciate that the functions of the various elements of node 400 may be performed by other different elements, combinations of elements, and/or combinations of elements other than those described herein.
Although the features and elements of the present invention are described in the embodiments in particular combinations, each feature or element can be used alone without the other features and elements of the preferred embodiments or in various combinations with or without other features and elements of the present invention. Although the present invention has been described in terms of preferred embodiments, other variations which do not depart from the scope of the invention as claimed will become apparent to those skilled in the art. The foregoing description is for the purpose of illustration and is not intended to limit the particular invention in any way.
Claims (37)
1. A method of providing a variable security level, the method comprising:
establishing a first security level for trusted wireless devices operating within a trust zone of the wireless communication system;
wirelessly scanning the trust zone to detect the presence of an intruder wireless device; and
establishing a second security level for the trusted wireless device if an intruder wireless device is detected, wherein the second security level is higher than the first security level.
2. The method of claim 1, wherein the wireless communication system uses symmetric key cryptography, and wherein the establishing the second security level comprises increasing a bit length of an encryption key.
3. The method of claim 2 wherein the key length is increased from 64 bits to 128 bits.
4. The method of claim 1 wherein the wireless communication system uses asymmetric key cryptography, and the establishing the second security level includes increasing a frequency of public key changes.
5. The method of claim 1, wherein the establishing the second security level comprises: the security level is lowered when the detected intruder wireless device is a trusted wireless device.
6. The method of claim 1, wherein the establishing the second security level comprises: the second security level is maintained when the detected intruder wireless device is an untrusted wireless device.
7. The method of claim 1, wherein the establishing the second security level comprises: all communications over the wireless communication system are terminated.
8. The method of claim 1, wherein the scanning the trust region comprises: scanning is performed by at least one sensor selected from the group consisting of an infrared sensor, a video monitoring sensor, a photoelectric sensor, a dynamic detection sensor and an audio sensor.
9. The method of claim 1, wherein the scanning the trust zone further comprises scanning with at least one RF sensor selected from the group consisting of an antenna and a smart antenna.
10. The method of claim 1, wherein the scanning the trust zone further comprises: the channel impulse response is analyzed.
11. The method of claim 1, wherein the scanning the trust zone further comprises: analyzing at least one of: a spatial channel impulse response, a frequency channel impulse response, and a temporal channel impulse response.
12. The method of claim 1, wherein the establishing the second security level comprises: non-encrypted communication is restricted.
13. The method of claim 1 wherein the wireless communication system uses a beam steering antenna, and wherein the establishing the second security level comprises steering a directional beam to create a nulling area at the geographic location of the aggressor wireless device.
14. A method of providing a variable security level, the method comprising:
establishing a first security level for trusted wireless devices operating within a trust zone of the wireless communication system;
wirelessly scanning the trust zone to detect the presence of an intruder wireless device;
detecting the presence of an intruder wireless device;
establishing a second security level for the trusted wireless device if an intruder wireless device is detected, wherein the second security level is higher than the first security level;
identifying the intruder wireless device detected;
determining whether the intruder wireless device detected is trusted or untrusted; and
a third security level is established based on the determination of whether the detected intruder wireless device is trusted or untrusted.
15. The method of claim 14 wherein the wireless communication system uses symmetric key cryptography, and wherein the establishing the second security level and the establishing the third security level comprise changing a bit length of an encryption key.
16. The method of claim 14 wherein the wireless communication system uses asymmetric key cryptography, and wherein the establishing the second security level and the establishing the third security level comprise changing a frequency of public key changes.
17. The method of claim 14, wherein the establishing the third security level further comprises: the third security level is maintained when the identified intruder wireless device is an untrusted device.
18. The method of claim 14, wherein the establishing the second security level comprises: all communications over the wireless communication system are terminated.
19. The method of claim 14, wherein the establishing the third security level comprises: all communications over the wireless communication system are terminated when the intruder wireless device is identified as an untrusted device.
20. The method of claim 14, wherein the scanning the trust zone further comprises: scanning is performed by at least one sensor selected from the group consisting of an infrared sensor, a video monitoring sensor, a photoelectric sensor, a dynamic detection sensor and an audio sensor.
21. The method of claim 14, wherein the scanning the trust zone further comprises: scanning is performed by at least one radio frequency sensor selected from the group consisting of an antenna and a smart antenna.
22. The method of claim 14, wherein the scanning the trust zone further comprises: the channel impulse response is analyzed.
23. The method of claim 14, wherein the scanning the trust zone further comprises: analyzing at least one of: a spatial channel impulse response, a frequency channel impulse response, and a temporal channel impulse response.
24. The method of claim 14 wherein the identifying the detected intruder wireless device further comprises: a database of trusted users is queried.
25. The method of claim 14, wherein the establishing the second security level comprises: non-encrypted communication is restricted.
26. The method of claim 14, wherein the establishing the third security level comprises: non-encrypted communication is restricted.
27. The method of claim 14 wherein the wireless communication system uses a beam steering antenna, and wherein the establishing the second security level comprises steering a directional beam to create a nulling area at the geographic location of the aggressor wireless device.
28. The method of claim 14 wherein the wireless communication system uses a beam steering antenna, and wherein the establishing the third security level includes beam steering to create a nulling area at the geographic location of the aggressor wireless device.
29. A wireless node to provide a variable security level, comprising:
an intruder detector configured to detect intruder wireless devices within a trust zone;
an intruder wireless device identifier configured to identify a detected intruder wireless device and determine whether the identified intruder wireless device is trusted; and
a security level controller configured to adjust a security level within the trusted region to prevent access by the untrusted intruder wireless device based on the determination.
30. The wireless node of claim 29 wherein the node is an access point.
31. The wireless node of claim 29 wherein the node is a wireless transmit/receive unit (WTRU).
32. The wireless node of claim 29 wherein the security level controller is configured to promote the security level upon detection of an intruder wireless device within the trust zone.
33. The wireless node of claim 29 wherein the security level controller is configured to maintain the security level if an identified intruder wireless device is determined to be untrusted.
34. The wireless node of claim 29 wherein the security level controller is configured to lower the security level if an identified intruder wireless device is determined to be trusted.
35. The wireless node of claim 29 wherein the security level controller is configured to terminate all non-encrypted communications upon detection of an intruder wireless device within the trust zone.
36. The wireless node of claim 29 wherein the security level controller is configured to terminate all non-encrypted communications if an identified intruder wireless device is determined to be untrusted.
37. An integrated circuit, comprising:
an intruder detector configured to detect intruder wireless devices within a trust zone;
an intruder identifier configured to identify a detected intruder wireless device and determine whether the identified intruder wireless device is trusted; and
a security level controller configured to adjust a security level within the trusted region to prevent access by the untrusted intruder wireless device based on the determination.
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US64269105P | 2005-01-10 | 2005-01-10 | |
| US60/642,691 | 2005-01-10 | ||
| US11/241,429 | 2005-09-30 | ||
| US11/241,429 US7636842B2 (en) | 2005-01-10 | 2005-09-30 | System and method for providing variable security level in a wireless communication system |
| PCT/US2005/047249 WO2006083436A2 (en) | 2005-01-10 | 2005-12-29 | System and method for providing variable security level in a wireless communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK1112080A1 HK1112080A1 (en) | 2008-08-22 |
| HK1112080B true HK1112080B (en) | 2013-02-01 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8135953B2 (en) | System and method for providing variable security level in a wireless communication system | |
| Lounis et al. | Attacks and defenses in short-range wireless technologies for IoT | |
| Barbeau et al. | Detecting impersonation attacks in future wireless and mobile networks | |
| Karygiannis et al. | Wireless Network Security:. | |
| EP1957824B1 (en) | Insider attack defense for network client validation of network management frames | |
| US9363675B2 (en) | Distributed wireless security system | |
| EP1834466B1 (en) | Method and system for detecting attacks in wireless data communication networks | |
| US8151351B1 (en) | Apparatus, method and computer program product for detection of a security breach in a network | |
| KR20140035600A (en) | Dongle apparatus for preventing wireless intrusion | |
| KR20070054067A (en) | Wireless access point device and network traffic intrusion detection and blocking method using same | |
| Qi et al. | Unauthorized and privacy‐intrusive human activity watching through Wi‐Fi signals: An emerging cybersecurity threat | |
| US9100429B2 (en) | Apparatus for analyzing vulnerability of wireless local area network | |
| US20060058053A1 (en) | Method for logging in a mobile terminal at an access point of a local communication network, and access point and terminal for carrying out the method | |
| US8122243B1 (en) | Shielding in wireless networks | |
| Shourbaji et al. | Wireless intrusion detection systems (WIDS) | |
| Amoordon et al. | Characterizing Wi-Fi Man-In-the-Middle Attacks | |
| HK1112080B (en) | System and method for providing variable security level in a wireless communication system | |
| KR101553827B1 (en) | System for detecting and blocking illegal access point | |
| Huang et al. | Countermeasures against MAC address spoofing in public wireless networks using lightweight agents | |
| Fayssal | Wireless self-protection system | |
| Sharma | Intrusion detection in infrastructure wireless LANs | |
| Kelechi et al. | Evaluating the Challenging Issues in the Security of Wireless Communication Networks in Nigeria | |
| Kumar et al. | Contemporary Exploration of Wireless Network Security issues & Design Challenges for an Enterprise Network | |
| Tao | A novel intrusion detection system for detection of MAC address spoofing in wireless networks |