Patent Application
20090154701
1. Field of the Invention
The present invention generally relates to wireless networks. Specifically, the present invention provides a system and method for easily securing a wireless network using number lock driven key generation for a wireless router in a wireless network security standard.
2. Related Art
One issue with wireless networks in general, and wireless LANS, or WLANs, in particular, involves the need for security. Many early access points could not discern whether or not a particular user had authorization to access the network. Although this problem reflects issues that have long troubled many types of wired networks (it has been possible in the past for individuals to plug computers into randomly available Ethernet jacks and get access to a local network), this did not usually pose a significant problem, since many organizations had reasonably good physical security. However, the fact that radio signals bleed outside of buildings and across property lines makes physical security largely irrelevant to wardrivers. (Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using a Wi-Fi-equipped computer, such as a laptop or a PDA. Wi-Fi, also unofficially known as Wireless Fidelity, is a wireless technology brand owned by the Wi-Fi Alliance intended to improve the interoperability of wireless local area network products based on the IEEE 802.11 standards.) Anyone within the geographical network range of an open, unencrypted wireless network can sniff on all the traffic, gain unauthorized access to internal network resources as well as to the Internet, possibly sending spam or doing other illegal actions using the owner's IP address, all of which are rare for home routers but may be significant concerns for office networks.
If router security is not activated, or if the owner deactivates it for convenience, it creates a free hotspot. Further, virtually all laptop PCs now have Wireless Networking built in (cf. Intel® Centrino technology), thus rendering redundant the need for a third-party adapter (usually a PCMCIA Card or USB dongle). These features might be enabled by default, without the owner ever realizing it, thus broadcasting the laptop's accessibility to any computer nearby.
Modern operating systems such as Linux, Mac OS, or Microsoft Windows XP as the “standard” in home PCs make it very easy to set up a PC as a Wireless LAN “basestation” and using Internet Connection Sharing, thus allowing all the PCs in the home to access the Internet via the “base” PC. However, lack of knowledge about the security issues in setting up such systems often means that someone nearby, such as a next-door neighbor, may also use the internet connection. This is typically done without the wireless network owner's knowledge; it may even be without the knowledge of the intruding user if his computer automatically selects a nearby unsecured wireless network to use as an access point.
Today all (or almost all) access points incorporate Wired Equivalent Privacy (WEP) encryption. (Wired Equivalent Privacy or Wireless Encryption Protocol (WEP) is a scheme to secure IEEE 802.11 wireless networks. It is part of the IEEE 802.11 wireless networking standard. Wireless networks broadcast messages using radio, so are more susceptible to eavesdropping than wired networks.)
However, when a new user is setting up a wireless network, he typically finds it to be a difficult process involving many steps which are needed to set up the encryption scheme in a wireless router the wireless network. For instance, the user needs to connect a cable to the computer and access a program that is running on the wireless router through a browser. Then, he needs to setup the desired WEP encryption parameters. Because of this complicated mechanism, new users often end up leaving the wireless network open and unsecured. No known easy solutions exist for setting up a wireless router to utilize WEP encryption, or other forms of encryption, to set up a secured wireless network. Other wireless encryption systems for wireless networks include WPA and WPA2, both in a class of systems to secure wireless (Wi-Fi) computer networks. It was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA is designed to work with all wireless network interface cards, but not necessarily with first generation wireless access points. WPA2 implements the full standard, but will not work with some older network cards. Both WEP and WPA encryption schemes are shared key encryption schemes. It always difficult for a new user to set up a secure wireless network, especially if he does not have much familiarity with the computers using the existing mechanisms.
A shared key encryption scheme means that both the wireless client (such as the user's laptop or a wireless PDA or other computing device which has Wi-Fi) and wireless access point (such as a router) agree on a secret key. Presently, the way of setting up a shared key encryption scheme is by the user logging onto the router by connecting it via the browser interface or a CLI (command line interface) and entering the key on the wireless router and then entering the same key on user's wireless client. (Sometimes, it is a seed which generates the key which implies the same seed and the algorithm to generate the key have to be the same on both the wireless client (the user's laptop or a wireless PDA) and wireless router.) This can be very tedious and thwarting for a non-experienced user. It also requires the user to have certain type of client interface to connect to the router (like a browser or a command line terminal session).
Buffalo Technology (see www.bufalo.com) offers a system which is fairly popular. However, the way Buffalo's mechanism works is during the setup phase, the wireless router and the wireless device enter into a key sharing mode when the user presses a button on both of them. The software program, on both sides communicate and, once a key and the protocol are agreed, they begin operating in a secure way. When the user of the Buffalo system press the one touch button on the router the client and the router communicate in a secure way using 64 bit WEP encryption to negotiate a final security mechanism and a key. This is called the association phase. However all the Buffalo products and the clients contain the same key which is hidden from the user. However, any one hacker anywhere in the world hacking figuring this key will make all the Buffalo routers and client software become vulnerable during the association phase if that key became public. There is a need to not having to remember the key so that the administrator doesn't need to go to the router.
The disadvantages of this approach are that the time window, during which initial key sharing takes place, the router is in a insecure mode. This presents an opportunity to an attacker to eavesdrop. Another disadvantage of the prior art systems is that every time a system has a new client wanting to use the router, the administrator has to go and press the one touch button again on the router. So the administrator has to get the router physically at that time.
Another disadvantage is that it requires new software to be installed on client machines for the communication to take place.
By requiring software, it limits the number of clients that can access this service based on software availability - especially with legacy clients and PDA type devices. Further, new software requires that the end user learn how to use. The user may be most likely familiar with the software that he is already using something that is installed on his client.
Every new client, which needs to use the router, has to go through this mechanism of setup during which more opportunities for attackers are presented.
Therefore, there exists a need for a solution which provides a quick and easy way to secure a wireless network without any additional setup and which solves other deficiencies of the related art.
The present invention provides a way to secure a wireless network by encrypting data which is passed via a wireless router. In general, when a person buys a wireless router if that person doesn't secure it, someone can eavesdrop on that person's communication. A mechanism to secure this communication is encrypting the data that goes back and forth using a shared key encryption. (Common wireless security protocols that use this are WEP and WPA).
A shared key means both the wireless client (the user's laptop or a wireless PDA) and wireless router agree on a secret key. Today, the way of setting up a shared key is logging onto the router by connecting it via the browser interface or a CLI (command line interface) and entering the key and then entering the same key on the user's wireless client. (Sometimes it is a seed which generates the key which implies the same seed and the algorithm to generate the key have to be the same on both sides.) This can be very tedious and thwarting for a non experienced user. It also requires the user to have certain type of client interface to connect to the router (like a browser or a command line terminal session).
The present invention solves this by a embedding a number lock system on the router which serves as a input mechanism for entering the shared key or a shared seed which generates a shared key. A combination of numbers and letters may be used on the dials of the number lock. There will be a slider to set the security protocol in use or turn it off. Once the user sets his key combination using the number lock on the device and sets a security mechanism he can go to his computer or a PDA or any device that supports WIFI, he will use the same mechanism that he does today with existing technology to enter the shared key and select the security mechanism. This is typically a software application running on the device. The number or dials and the alphanumeric characters on the dials employed may vary depending on various security protocols supported.
The present invention solve the problems in the prior art by a embedding a number lock system on the router which serves as a input mechanism for entering the shared key or a shared seed which generates a shared key. A combination of numbers and letters may be used on the dials of the number lock. There is a slider to set the security protocol in use or turn it off. Once the user sets his key combination using the number lock on the device and sets a security mechanism he can go to his computer or a PDA or any device that supports Wi-Fi, he will use the same mechanism that he does today with existing technology to enter the shared key and select the security mechanism. This is typically a software application running on the device. The number or dials and the alphanumeric characters on the dials employed may vary depending on various security protocols supported.
A wireless network can be secured quickly with a simple numbered lock associated with a wireless router. The present invention adds a number lock to the wireless router and the user just has to press a button to indicate that the wireless network needs to be secured and chooses the appropriate lock number combinations.
The invention provides a simple solution to secure a wireless network for users who are not familiar with computers.
These and other features of this invention will be more readily understood from the following detailed description of the various aspects of the invention taken in conjunction with the accompanying drawings in which:
The drawings are not necessarily to scale. The drawings are merely schematic representations, not intended to portray specific parameters of the invention. The drawings are intended to depict only typical embodiments of the invention, and therefore should not be considered as limiting the scope of the invention. In the drawings, like numbering represents like elements.
The present invention provides a way to secure a wireless network through the wireless router of the wireless network.
A data processing system, such as that system 100 shown in
Network adapters (network adapter 138) may also be coupled to the system to enable the data processing system (as shown in
Referring now to
The wireless router of the present invention has a Security-On/Security-Off button to control whether the wireless network needs to be secured or not. The router will also have a numbered combination lock. When the Security-On is selected, the user can change the combination lock to select a number that needs to be used to secure the network. The number combination internally generates the WEP Key or other key for other types of encryption schemes to be used by the router.
Depending on the type of security protocol which the user selects using the slider 306, it could require a minimum or maximum number or a fixed number of keys which the user is required to enter for a pass phrase. Some protocols require ASCII characters while others require hexadecimal characters as an input. For example, WEP in 128 bit mode can take a maximum 13 ASCII characters or 26 hexadecimal digits. An LED may be used next to the number lock which lights green, or another color, if the passphrase is valid and red if it is invalid and off if not security is turned on.
When the user is on the computer trying to connect to the wireless network, the user would use a small program to enter the number lock combination and that would generate the same WEP key and connects to the wireless network.
The solution can be used in an exclusively non-PC environment like PCs/PDA's to quickly secure and connect to a WI-FL network. (Partitioning Communication System (PCS) is a high-assurance computer security architecture based on an information flow separation policy. Personal digital assistant (PDA) is an electronic device which can include some of the functionality of a computer, a cell phone, a music player and a camera).
It should be understood that the present invention is typically computer-implemented via hardware and/or software. As such, and client systems and/or servers will include computerized components as known in the art. Such components typically include (among others), a processing unit, a memory, a bus, input/output (I/O) interfaces, external devices, etc. It should also be understood that although a specific embodiment involving wireless routers has been depicted and described, the present invention could be implemented in conjunction with any type of wireless communicating device.
While shown and described herein as a system and method for easily securing a wireless network using number lock driven WEP/WPA key generation for the wireless router, it is understood that the invention further provides various alternative embodiments. For example, in one embodiment, the invention provides a computer-readable/useable medium that includes computer program code to enable a computer infrastructure to easily secure a wireless network using number lock driven WEP/WPA key generation for the wireless router. To this extent, the computer-readable/useable medium includes program code that implements each of the various process steps of the invention. It is understood that the terms computer-readable medium or computer useable medium comprises one or more of any type of physical embodiment of the program code. In particular, the computer-readable/useable medium can comprise program code embodied on one or more portable storage articles of manufacture (e.g., a compact disc, a magnetic disk, a tape, etc.), on one or more data storage portions of a computing device, such as memory and/or storage system (e.g., a fixed disk, a read-only memory, a random access memory, a cache memory, etc.), and/or as a data signal (e.g., a propagated signal) traveling over a network (e.g., during a wired/wireless electronic distribution of the program code).
As used herein, it is understood that the terms “program code” and “computer program code” are synonymous and mean any expression, in any language, code or notation, of a set of instructions intended to cause a computing device having an information processing capability to perform a particular function either directly or after either or both of the following: (a) conversion to another language, code or notation; and/or (b) reproduction in a different material form. To this extent, program code can be embodied as one or more of: an application/software program, component software/a library of functions, an operating system, a basic I/O system/driver for a particular computing and/or I/O device, and the like.
The foregoing description of various aspects of the invention has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise form disclosed, and obviously, many modifications and variations are possible. Such modifications and variations that may be apparent to a person skilled in the art are intended to be included within the scope of the invention as defined by the accompanying claims.
