Enhancing Security in Wireless Networks Using Positioning Techniques

Phani K. Sagiraju Student Member IEEE psagiraj@lonestar.utsa.edu

Praveen Gali pgali@lonestar.utsa.edu David Akopian Senior Member IEEE david.akopian@utsa.edu
G. V. S. Raju IEEE Life Fellow

gvsraju@utsa.edu

Department of Electrical and Computer Engineering The University of Texas at San Antonio
Abstract- Security is a key issue in any wireless environment. This paper considers the problem of using two alternative positioning technologies for secure authentications in wireless networks. Two different positioning techniques namely, Global Positioning System (GPS) and network-basedpositioning technique are merged for this purpose. For validation purposes network-based positioning is achieved through EkahauTM locationenabling enterprise for Wi-Fi networks. The authentication approach for any new node that wishes to enter the wireless network, requests from the node its position which can be computed using user-centric GPS receiver. Then the network identifies user position using network-centric approach and compares the results. In case user tries to mislead the network on its true location the network will identify the unauthorized access attempt. Doing so, shall improve the security of the networkfrom unknown intruders who claim to be in the network.
wired network where cables can be traced to their source. A mobile device which is transmitting on a wireless network is leaking its position. This information can be used to locate the intruders' who make no deliberate effort to decorrelate their signal from their position. Here we use the position-location capability of wireless networks to thwart these threats. We are interested in verifying a user's claimed location using the network's capability to determine location. This claimed location is determined independently by the node using its onboard GPS technology. In most of the cases, a node with malicious intent does not identify its actual location. In such situations, by using Ekahau , we can determine that the location claimed by the node is not true, then that node can be blocked by the system. The paper is organized as follows. Section II briefs about Positioning Technologies, Section III explains the experimental setup and results of the security system and finally section IV concludes the paper.

Keywords: Security, Wireless Network, GPS, Ekahau..

1. Introduction

2. Positioning Technologies

hackers, and theft of service. Malicious hackers are individuals who break into a

In the recent years, security in wireless networks has been a This section explains about the positioning technologies major issue of research and development. Major threats of that are used for this research. The two positioning security concern for wireless infrastructure are malicious technologies used are US GPS and EkahaUTM

to do harm. Such hackers may gain access to the wireless network access point by eavesdropping on wireless device communications. Theft of service occurs when an unauthorized user gains access to the network and consumes network resources. A principal difference between wired networks and wireless networks is that physical security is no longer sufficient to ensure the security of the network. Also, in a wireless network, the location of an intruder is considerably more difficult to determine as compared to a traditional

system without authorization, usually for personal gain or

2.1

Global Positioning Systems (GPS)

When we talk about "GPS," that usually means a GPS receiver [1,2] The Global Positioning System (GPS) is actually a constellation of 27 Earth-orbiting satellites (24 in operation and three extras in case one fails). Each of these satellites circles the globe at about 20,000 Km, making two complete rotations every day. A GPS receiver's job is to locate four or more of these satellites (known as acquisition), figure out the distance to each, and use this information to deduce its own location. This operation is

1 -4244-1 1 60-2/07/$25 .OO 2007 IEEE.

based on a simple mathematical principle called trilateration. In GPS, code modulated signals are transmitted by satellites that orbit the earth and received by GPS receivers of which the current position is to be determined. Each of the satellites transmits two microwave carrier signals. One of these carrier signals LI is employed for carrying a navigation message and code signals of a standard positioning service (SPS). The LI carrier phase is modulated by each satellite with a different C/A (Coarse Acquisition) Code known at the receiver. Thus, different channels are obtained for transmission by different satellites. The C/A code, a direct sequence spread spectrum code, which is spreading the spectrum over a 1 MHz bandwidth, is repeated every 1023 chips, the epoch of the code being 1 ms. The carrier frequency of the LI signal is further modulated with the navigation information at a bit rate of 50 bit/s. The navigation information, which constitutes a data sequence, can be evaluated for example determining the position of the respective receiver. The basic concept used to find the position of a certain point in space is quite simple. The position of that point is found from distances measured from that point to some known positions (satellites in our case) in space. As an example let us consider a two-dimensional case as shown in Fig 1.

With 3 equations and 3 unknowns the values ofx , y, & z can be determined. It is difficult to solve them directly, c but can be easily solved with linearization and an iterative approach. In order to find the distances, the position of the satellites must be known. This information is obtained through the data transmitted from the satellites. The distance from the user to the satellites must be measured simultaneously at a certain time instance. Each satellite sends a signal at a certain time tsi and the receiver receives the signal at a later time t.. The distance between the user
u

Innts toe.,3deste the rusrerdpiTio 3now ordterlites)

and the satellite 'i ' is given by p1T = c (t, -ts,) where p1T is the true value of the pseudorange from user to the satellite 'i t is the true time of transmission of the i , Si signal from satellite 'i' and t, is the true time of reception by the user. By having three different distances from three different satellites and by solving them as shown in (1) will give the user position xi,, y, & z, . They are converted to required formats. Mostly GPS is very good outdoors, but when we are looking at wireless networks which are mostly indoor, GPS by itself would have problems working in such environments. Assisted GPS (AGPS) technology is the one which is mostly used for urban and indoor environment. /s> si >>When indoor environments are considered the signal strengths are very low and we need to have very long s2 s3 processing before we can track any satellites. For this purpose, some sort of prior assistance is provided e.g. which satellites are visible, using which the receiver would Figure 1. Two dimensional position computational model only track those satellites which are available and eventually get the navigation data from which the user nes points (satellites) i.e., 3 distances are required The trace of position would be computed. a point with constant distances to a fixed point is a circle in a two-dimensional case (whereas it is a sphere in a three- 2T2 Ekah .M dimensional case). Two satellites and two distances give 2 2 E hau possible solutions as two circles intersect at 2 points, and EkahaUTM [3] Positioning Engine is one of the commercial the third circle is needed to uniquely determine the user position. Similarly for a three-dimensional case one might Itioning systems based on 802.11 WLAN infrastructure. need 4 satellites and 4 distances to determine the user It determines the location of a node based on the received signal strength from the access points of thee network. position* position. EkahauTT consists of three modules namely, a. The basic equation used for determining the user EkahauT Positioning Engine (EPE), b. EkahauT position is a 2-point distance formula. Given 3 known Manager, and c. EkahauT Client EPE is the server application that stores current points r2, r2, r3 and an unknown point rt, the distance between the 3 known points to the unknown point can be model of environment, reads the network data and resolves the client location. measured as p1, p2 & p3 given as EkahauTM Manager is a graphical tool to build the model of the environment. It runs on the manager laptop, a \2 \2 X11)\2 + + Z11) where i=1,2,3 special case of client device, reads local adapter p= measurements for the selected set of sample locations in the target area, and records the result over the wireless network

(jXI-

(Y,-Y11) (z1-

to the engine. The procedure is the initial step to start the system. During the evaluation the engine for simplicity is run locally. EkahauT Client allows EkahauT Manager to retrieve signal data for Site Calibration, and allows the Positioning Engine to retrieve signal data from client devices for positioning. The actual position determination involves two steps. The first step involves training the system, where a set of calibration data consisting of signal measurements from various locations of the site are collected. This data is then used to make inferences on the location of the user. The first step involves Model Calibration which is one through the EkahauT Manager module. You need to enter a map image for creating the positioning model. For better accuracy, the correct map scale must be defined for the map image. Next, we place tracking rails on the map to indicate possible travel paths between rooms, corridors, floors, and other locations. By placing Tracking Rails on the map, an empty Positioning Model is created. We then need to calibrate the positioning model i.e. record Wi-Fi signal data from various map locations. Click a point on the map, close to a tracking rail and walk up to that point. Activate the calibration tool which records the signal strength measurements. Turn around a full 360 degrees to record the signals from all directions. Then walk along the rail and repeat taking measurements until the entire area has been calibrated. Once calibration of the positioning model is finished, we can start tracking the client devices. EkahauT sells three products namely Site Survey, Positioning Engine and Wi-Fi Location Tag. The site survey product allows rapid mapping of the enterprise workspace (it typically takes an hour for every 10,000 sq.ft.). A map is generated showing signal strength by Wi-Fi node, network coverage, and signal to noise ratio. The map can handle queries such as "show me the areas of signal level greater than 70 decibels." It allows for precise mapping of the workspace so that location can be determined down to one meter. This means items can be tracked by building floor, The positioning engine works in real-time and combines signal strength with site calibration to display positions on a map ofthe workspace. The engine can show the position of any device connected to the Wi-Fi network, such as laptops, PDA's or Wi-Fi tags. This tag is similar to an RFID tag except it is active (battery powered) and works on a Wi-Fi network. It has a call button feature that lets the person wearing the tag identify that they need assistance by pushing a red button. A feature of the EkahauTM solution is the way it establishes position. A simple method of triangulation is used for locating any radio transmitter, cellbphone, ornWi-Fi enabled device. It measures signal strength or decay of the signal received at three or more points. This establishes a set of bearings and triangulation, as shown in Fig 2.

Trin!Oat

Slot-1
8
801

S.1-2
d

\
sm

hihs

SI Figure 2. Ekahaut position calculation model In a Wi-Fi environment there is also signal overlap (bearing to the location) and position can be determined in the same way. However, there are other factors that make the process more complicated. Network coverage may not be uniform and the frequencies are prone to reflection and refraction, making the signal path and the resultant signal strength measurement more complex. In the example shown below in Fig 3(a), it would appear that there are three nodes that are the paths to the target location (sources #1, #2 and #4).
dii

Wi"ii.kdith

Xw_o

(b) (a) Figure 3. Ekahau signal strength model

But the actual case may be more like the image in the Fig 3(b), with multiple paths due to the nature of the environment. Multiple paths provide more signal sources and a more complex set of problems for determining location. One of the advantages of the EkahauT system is that in surveying the site, measurements are made across the workspace that allow for a form of what is called "radio finger printing." It uses three factors. First, the location signal source -laptop, PDA or Wi-Fi tag- has unique characteristics. Second is the IP address of the location (target) signal source. Third, the signal characteristics of the target source itself have unique fingerprints, as dothe Wi-Fi access points collected by the site survey. These three factors allow for creation of a database of unique characteristics. The result is that the target signal source (laptop, PDA or Wi-Fi Tag) can be located with one meter and its location can be displayed on a map in real-time. Hence we use both the technologies explained earlier for a much secured wireless network.

3. Experimental Setup and Results

In order to demonstrate the working of the above explained technologies, we considered a couple of assumptions. First is an open floor wireless LAN network and second, we assume that the node entering the system is enabled with a GPS receiver with a very good proximity. The whole system consists of a wireless network, a server installed with EkahauT software that is capable of computing the position of any new node entering the system, and a laptop with built in GPS receiver technology which acts as a node entering the system. For our experiment, we used a Trimble GeoExplorer3 with a patch antenna for more accurate results placed alongside the

pixels from the reference in x and y directions. This coupled with the image's resolution gives the real world position of the node. The position of the node and the signal strengths acquired at the node from different accesses TM points are visible using Ekahau manager.

Assume that the laptop/node entering the network reports its position to the server. The server is clueless if the reported position is true/false, so, it computes the position of the new node with its own inbuilt software capability and validates the reported position.

laptop/node.

Figure 5. Snapshot of the map displaying Ekahaum position of the Client.

position

For our experimental purposes we considered a portion of the first floor of BSE building which consists of an open courtyard which is close to our initial assumptions. The image of the courtyard is shown in the figure below,

.....

....

At first we tested the working of EkahaUT software. For this, we considered the calibrated area which is done using EkahaUT Site Survey. Once a Laptop/node which has EkahaUT Client installed on it enters the network, its position is computed by EkahaUT positioning Engine installed on te server using te site survey data. This position is displayed by EkahauT Manager on the image as shown in Fig 5. Now that we have tested EkahauT software and its working we would like to merge both the network positioning and the GPS positioning for enhanced security. To do the validation of the positions we developed a simple GUI using Microsoft Visual Basic .Net, present at the server, which takes in both the positions, i.e. GPS position reported by tenodeand te server computed Wifi position using EkahauTM. It then computes the distance between both the positions. If the distance between both the positions is within a certain proximity (according to the

tM

position is valid or not. If valid it grants access to the network, else the access is denied.
Figure 4.open floor plan of BSE considered for experimental setup
Before doing any position estimations, the whole open floor's signal strength is calibrated over the image using EkahauT site survey. The signal strength of the floor plan is visible using EkahauT manager. With the aid of the calibrated signal strengths and the received signal strength at the node, the EkahauTM positioning Engine installed TOn the server finds the node's relative position. Ekahau considers the top left corner of the image as its reference and gives the coordinates of the position as the number of

level of security required) the

server

will

ensure

if the

respective units. GPS position is reported in standard WGS84 which is Latitude and Longitude measured in

The application takes in both the positions in their

pixels according to the image resolution. Both the coordinates are converted to a common unit as feet and the distance between both the positions is computed. The application developed takes both the positions in their respective units as inputs and displays the location on the map. Once the Coordinates are entered in their respective boxes, pressing the " Show GPS Position" button, displays the GPS reported position on the map. Similarly by pressing the "Show Wi-Fi Position" button,

decimal degrees, where as the Wi-fi position is computed in

map.

EkahauT

Once both the positions are displayed, pressing the validate button verifies the reported GPS position with that of the computed Ekahau. position. If the difference is within the proximity, a message is displayed to indicate that the reported GPS position is valid - access granted else, a message is displayed to indicate that the reported GPS position is invalid - access denied. Fig 6 gives the snapshot of the application for four cases - three valid cases and one invalid case. In Figure 6(a), the node reports its GPS position as Latitude = 29.5820296618, Longitude = -98.6174556434, and the position calculated by EkahauT is X-Coordinate 223, Y-Coordinate = 118. Both the positions are shown on

WiFi 066idih&66
223

Figure 6:Dmntationofthe aplicto dvloped whic 0t3akes bot the reore GPS positionadcmued E|ha

Fhw P6: iigr

-1 . ~
eontaio

computed Wi-Fi position is displayed on the

the map in different colors, which are circled together. Pressing the validate button displays the message "Reported Position is Valid - Access Granted". The other two valid cases are shown in Fig 6(b) and Fig 6(c). In Figure 6(d), the reported GPS position is Latitude = 29.5820312798, Longitude = -98.6180219755, and the EkahauT position is X-Coordinate = 80, YCoordinate = 60. Both the positions displayed are circled on the map. This is usually the case, when an intruder tries to hide his real position. Because the difference in the position reported from that of the actual EkahauT position is unacceptable, a message "Reported Position is Invalid Access Denied" is displayed after validation.

Ehhbh6nec N tWbrik Sebtqri W Beh G PS andiWfiF iUh1g

1::

c 6iE

hdin

elioiue

Ehh6hnedl NOeWbik..L~ ~ ~ ~S&dfllW. . . ..U. . . . .sim lBoth 1S PS and W8iFi Pos6itioin Techniques .... . .d .... ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~. . . .

51yG66g U UPS

hdFi GIPS

UPSFiP
29822 961
5

;0gTdhi6q ,t
5021950735

Sh~~~~~~~Ey;G

W ..........................~ ~~ ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~~~~~~~~~~~~~... ~ ~ ~ ~ ~

g.

Ih P_t~UP

~~
98

hPPi

~~~~~~~~~~
(a) (b)
iF~di~I~

.......

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F. . .

...... .. ....................

D~

VALIDATE

c6i

VALIDATE

(c)

(d)
poito as inpt andvaidateesl

fh

ppiaioneeoe reported ho s..bothb th (. c) a F d. .oition heovrted Iftheposition whi isGPk ....................... b _ GPS . . c tru or

s ()I if the position reported is true or not. (a, b, c) are valid cases (d) invalidcase.~...........

co Ekh6pstina ipt advliae Showmute

Table 1 Reported GPS Position and the corresponding EkahauTm position for each of the Demonstration.

Ekahau Computed Coordinates GPS Reported Coordinates Longitude Validity Demo X- Coordinate Y - Coordinate Latitude (pixels) (pixels) (Decimal Degrees) (Decimal degrees) -98.6174556434 'a' 223 118 29.5820296618 Valid -98.6175966091 'b5 147 29.5821950735 Valid -98.6175023746 Valid 100 100 29.5821535519 'c' 80 60 29.5820312798 -98.6180219755 Invalid 'd'
Table 1 summarizes the reported GPS positions and corresponding EkahauT position for each of the demonstration. The final column of the table indicates whether the reported position was valid or invalid.
are explained and are demonstrated using a real time network. An application is developed in VB.Net which takes in both the positions and validates them to demonstrate the idea of enhanced security using both GPS and EkahauT positioning techniques. Finally it can be said that by using such an approach the security ofthe wireless system is certainly enhanced. REFERENCES
1.

5. Conclusion
This paper considers the problem of using wireless LAN location-sensing for enhanced security. This paper shows how two different positioning techniques namely, Global Positioning System (GPS) *and network-based Positioning Sym ) positioning technique using Ekahau*TM are merged for this purpose. At first both the positioning techniques are briefly explained. The experimental setup and the way in which the security of the wireless network is enhanced

2.
3.

John Wiley & Sons Inc. Understanding GPS: Principles and Applications. E. D. Kaplan, Ed. Boston: Artech House, 1996. EkahauTm manuals. http://www.ekahau.com/

Fundamentals of Global Positioning System Receivers: A Software Approach., Tsui, James B-Y. (2005) Second Edition,