Theoretical framework for location enhanced security in WLAN networks DIMITRIOS DRAKOULIS, IAKOVOS STAMOULIS, DIMITRIOS DRES Telesto ITC Makrygianni 69, Athens GREECE ODYSSEAS I. PYROVOLAKIS Hellenic Naval Academy Terma Chatzikyriakou 185 37 Pireaus GREECE Abstract: - Following the assessment of the threats posed to the security of WLAN (802.11a/b/g) networks as well as the conventional mechanisms used today, location is proposed as an additional layer in the conventionally applied network security strategy. The authors indicate alternative approaches for the implementation of location estimation schemes and proceed with a critical appraisal of the advantages and shortcomings. Key-Words: WLAN Security, Location Estimation, Kalman Filter, Bayesian Estimators 1 Introduction Wireless Local Area Network (WLAN) technologies are spreading rapidly in organizations of all sizes. However in parallel with market success, suspicion among the general public of weaknesses in the mechanisms employed for security, and in some cases debates have occurred among the engineering community of the technical immaturity of security mechanisms utilized. In the sections that follow, the authors review the goals of security policies in WLAN installations, the threats that may arise, the conventional mechanisms used for guaranteeing security (as well as the best practices that should govern the application of these mechanisms in the office environment), and propose the exploitation of the knowledge of the location of the network nodes as an additional layer in the security strategy. Consequently, the importance of the location estimation mechanisms for the fortification of security is explained. The theoretical framework of the location estimation problem is reviewed and eventually the authors attempt a high level evaluation of the alternative approaches. 2 Identification of Threats to WLAN Networks Threats to network security have existed since the very beginning of computer networks, however the advent of wireless networking amplifies the perceived threats. By nature, RF communications and as such, wireless networking is particularly vulnerable to security breaches and attacks because the signal is transmitted by radio waves, i.e. in an open, hard to confine, public medium. The situation is similar in mobile communication technologies, and security risks were high especially in the 1 st Generation systems, however 2 nd and eventually 3 rd Generation technologies have produced strong, proven authentication (mutual authentication for both the terminal as well as the network entities) and confidentiality mechanisms. The use of readily available software by potential intruders (former employees, competitors or even by-passers employing so called “war driving” techniques) for exploiting WLAN technical vulnerabilities, allows these persons to take “vengeance” from employers, colleagues or organizations or simply to satisfy their curiosity and vanity. The very nature of wireless means that information related to sensitive transactions, personal data, financial information are free to propagate, given the circumstances, both indoors and outdoors. Additionally for the first time in the history of computer networks, the conventional system monitoring tools may not reliably identify the communicating parties in a network transaction, or identify the location of the communicating parties. Actually anyone within line-of-sight (LOS) from the emitting sources (or even under non-LOS conditions in some cases) may detect the signal and potentially intrude the network. A classification of the goals of WLAN security as Proceedings of the 5th WSEAS Int. Conf. on APPLIED INFORMATICS and COMMUNICATIONS, Malta, September 15-17, 2005 (pp85-90)