1 Introduction
The rapid development of the Internet in the past decade has led to the third revolution in the information industry, and it has also brought many problems and hidden dangers. Among them, the information security and network security issues are an obvious example. Especially with the popularization and development of mobile broadband access technology, the hidden dangers of wireless broadband network security are worrying for the relevant government regulatory agencies and enterprises. Under this background, considering the characteristics of wireless broadband networks and their security protection needs, the location-based security protection technology generated by the combination of positioning technology and network security technology has emerged at the historic moment, and will surely have a broad development space and applications prospect
2 Positioning technology
2.1 GPS positioning technology
The GPS system can be said to be the earliest, most mature and widely used positioning technology. The full English name of GPS is "NavigaTIon Satellite TIming And Ranging / Global PosiTIon System", that is, satellite time ranging and navigation / global positioning system. The United States began developing GPS systems in the 1970s. This system, which lasted 20 years and cost $ 20 billion, was completed in 1994. The system is provided with position information services by 24 satellite groups in space. These 24 satellites are evenly distributed on 6 orbital planes, orbiting the earth at 11 hours and 58 minutes. The orbital inclination angle of the satellite orbital plane relative to the earth ’s equatorial plane Is 55 °. The purpose of this layout is to ensure that at least 4 satellites can be observed anywhere in the world at any time.
GPS system is a new generation of satellite navigation and positioning system with all-round real-time three-dimensional navigation and positioning capabilities in sea, land and air. Its positioning error can be controlled within 10m. After more than ten years of use by many professional departments in the world, GPS has obvious characteristics such as all-weather, high precision, automation, and high efficiency. Today, the size of GPS client receivers continues to shrink, and the accuracy of clients is getting higher and higher. It has even appeared in some high-end mobile phones, laptops and other electronic products. The popularity of the GPS client has accelerated the application of GPS positioning technology in the commercial field. While creating huge commercial profits, it is also gradually changing the lifestyle of modern humans.
2.2 Mobile positioning technology
The United States Communications Commission (FCC) passed the Enhanced 911 Act in 1996 (revised again in 1999), requiring mobile phone operators to know the geographic location of each mobile phone (with an error control within 50-100m). If any mobile phone calls 911 for American emergency services, the government must know its location, even if the user does not know where he is. The FCC bill greatly promotes the development of mobile positioning technology and related service business research.
The arrival of the 3G era has opened a new chapter for the development of mobile positioning technology. With the improvement of data transmission capabilities, the popularity of terminal multimedia capabilities and the emergence of built-in GPS solutions in terminal chips, there are fewer and fewer restrictions on mobile positioning technology. At present, there are mainly 4 kinds of 3G mobile positioning technologies commonly used in the world, which are network-based CELL-ID, TOA / TDOA positioning technology, terminal-based OTDOA positioning technology and network-terminal hybrid A-GPS positioning technology.
The rapid development of mobile positioning technology and the rapid growth of the number of global mobile users have also provided unprecedented development opportunities and extremely attractive market prospects for the mobile location service (LocaTIon Based Service, LBS) based on user location.
2.3 Indoor positioning technology
Even though GPS systems and many mobile positioning technologies have achieved great success in outdoor positioning applications, in complex indoor environments, such as airport halls, exhibition halls, warehouses, supermarkets, libraries, underground parking lots, mines, etc., they The performance is not very satisfactory. Taking the GPS system as an example, when positioning indoors, it often fails to receive satellite signals, which results in positioning failure or excessive positioning error, which results in the system not being used normally. In order to make up for the gap in indoor positioning, a variety of novel indoor positioning technologies have sprung up, including indoor GPS positioning technology and indoor wireless positioning technology (Wi-Fi, Bluetooth, RFID, optical tracking, ultrasonic, infrared) , Ultra-wideband, wireless sensors, etc.) and computer vision positioning technology.
Although the commercial application of indoor positioning technology is just in its infancy, as technology continues to progress and develop and integrate with existing positioning technology and business services, it will surely be able to create new markets and business opportunities, and its related position The service business will also penetrate into people's lives.
3 Application of positioning technology in network security
With the introduction of 802.11n and Mesh technologies, wireless local area network (WLAN) as an emerging Internet broadband access method is gradually changing people's traditional way of accessing the Internet based on fixed broadband. To get rid of the shackles of network cables, people can connect to the Internet through portable terminal devices such as laptops, netbooks, smartphones, etc. in any place where wireless LAN is deployed, such as libraries, shopping malls, cafes, restaurants and other public places and office buildings Office spaces, etc., greatly meet the urgent needs of users to access the Internet anytime, anywhere. The application of a centralized wireless LAN architecture greatly reduces costs and simplifies tasks such as wireless system management, security, and upgrades, making wireless LANs rapidly gaining popularity and rapid development.
The wireless local area network adopts a wireless channel as the information transmission path between the terminal and the access point (Access Piont), which is more open and convenient than the traditional fixed line, and also brings new challenges to network security. The network security technologies, strategies and management methods of the original fixed local area network can no longer meet the needs of network security in the new situation of wireless local area network. Especially for enterprises with high demands on network security, how to use wireless LAN to improve office conditions, while effectively preventing illegal access from the outside world and protecting sensitive information is the focus of current enterprises.
Although some standards (such as Wi-Fi WPA2 and 802.11i) can provide a new level of wireless security capabilities and are supported by new monitoring and intrusion protection tools, the focus of enterprises has shifted to how to integrate traditional network security with physical security. Combine to form a new network security solution based on location information. Helping companies balance the contradiction between providing their employees and visitors with mobile Internet services while providing the necessary checks on this unmanageable freedom.
For example, enterprises deploy wireless LANs in their office buildings to facilitate employees' work, but enterprises do not want people outside the office buildings to access their wireless LANs to prevent potential security risks such as network attacks and theft of sensitive information. For another example, an enterprise needs to implement wireless Internet access for the human resources department because of office work, but it needs to restrict wireless access except for the human resources department to prevent others from accessing sensitive data inside the department, such as employee information and performance evaluation information.
This is where the security technology based on location information comes into play: based on the user's location information to restrict access to the wireless LAN. In addition to adding a layer of physical security protection, location control plus permission control can also prevent overloading of network elements (and prevent "denial of service" attacks) and restrict where visitors can access the network.
This new network security idea actually embodies a concept of "physical fence", which is based on factors such as the geographic location of the visitor and the authorization status, thereby limiting the activities of accessing the network. This concept is not technically difficult to achieve, as long as the positioning technology is introduced into the wireless local area network.
The user's identity is established based on one or more IDs (such as RFID badges / visitor cards and mobile Wi-Fi devices), and positioning technology is used to determine the location of specific IDs, thus achieving an appropriate level of network access for users Settings. The basic premise is to build a virtual access fence around every mobile device and every user. Its working principle is to track the user's actions in the building, and to approve or deny the user's access to network resources based on the authorization status and whether it is in the designated allowable area.
The "physical fence" can also be set to access the wireless LAN and network resources only when the ID card (physical security) conforms to the specified user and his mobile device, which greatly reduces someone ’s use of other users ’portable computers Or the possibility of mobile devices accessing unauthorized information online.
"Geographic fence" by tracking the location of the visitor, when he / she is in the meeting room with other employees of the company to allow him to access the wireless LAN, and after leaving the meeting room access is denied. At the same time, the "Geographic Fence" can also issue an alarm message after the visitor leaves the permitted area and terminate the wireless LAN access.
The comprehensive use of location-based security technology and user and mobile device identification technology has raised network protection and intelligent identification functions to a higher level. "Geographic fence" can create a customized invisible fence that moves with every mobile device, enabling network administrators to ensure that each device can only access authorized areas and resources on the network.
4 Principles of indoor positioning technology
The key to implementing a network security solution based on location information is to obtain location information, which requires the help of positioning technology. The application scenarios of “physical fences†are mostly located indoors, so this article takes wireless sensor networks as an example to briefly describe the principles of indoor positioning technology.
In wireless sensor network node positioning technology, sensor nodes are divided into beacon nodes (Beacon Node) and unknown nodes (Unknown Node) according to whether the node knows its own location. The proportion of beacon nodes in network nodes is very small, and it is the reference point for unknown node positioning. Except for the beacon node, the other sensor nodes are unknown nodes. They calculate their own positions according to a certain positioning algorithm through the position information of the beacon nodes.
According to whether the distance between actual nodes is measured in the positioning process, the positioning algorithm is divided into a range-based positioning algorithm and a range-free positioning algorithm. The mainstream distance-based positioning algorithms include maximum likelihood estimation and circular positioning algorithms. Their principle is that unknown nodes obtain the actual distance from beacon nodes by measuring the received signal strength (RSS), and then use certain mathematical methods to obtain their own location information.
There are two key links:
(1) How to convert the received signal strength to the distance between nodes. In the distance-based positioning algorithm, the transmit signal strength of the transmitting node is known, and the receiving node calculates the propagation loss of the signal based on the signal strength, and the transmission loss is converted into distance using theoretical and empirical models. In fact, this theoretical and empirical model is the wireless channel model, which relates the received signal strength to the distance. For example, in the free space fading model, the farther the distance between the transmitter and the receiver, the weaker the received signal strength. Currently, commonly used channel models include Nakagami fading model, Rayleigh fading model, Rice fading model, and log-normal shadow path loss model. The first task to ensure positioning accuracy is to select the correct channel model. The signal fading law in different spaces is different. Only by selecting the appropriate channel model according to the specific situation can the received signal strength be more accurately converted into the distance between the nodes, without introducing excessive errors and reducing the positioning accuracy. degree.
(2) The key link is that the mathematical method used by the positioning algorithm requires at least the distance and position information of 3 beacon nodes to calculate the position of the unknown node. And the more distance and location information of the beacon nodes obtained, the higher the positioning accuracy. Therefore, in the link of system deployment, the criterion for selecting the position of the beacon node is to ensure that any position in the positioning area can receive signals from at least 3 beacon nodes. The blocking of the walls in the building will cause the received signal strength to drop sharply and affect the result of the conversion of the received signal strength to the actual distance, so it is best to ensure that at least 3 lines of sight can be received anywhere in the positioning area Beacon node signal.
The principles of wireless sensor network positioning technology are also applicable to other indoor positioning technologies based on wireless signals, such as Wi-Fi, Bluetooth, RFID, etc. It is just that due to the different physical layer technologies used, the methods for obtaining the distance between known and unknown nodes may not be nearly the same. Differences in communication distance and differences in network structure also lead to differences in deployment of positioning systems based on different positioning technologies, but the general principles and positioning algorithms used are still the same.
5 Conclusion
As an emerging and interdisciplinary security protection technology, network security technology based on location information is still in the primary stage of research and application. "Physical fence" technology is just a simple combination of positioning technology and network security technology. With the deepening of research, network security technology based on location information will surely become more mature and perfect, and its application field is no longer limited to wireless local area network, but will play an active role in a broader security field.
Power X (Qingdao) Energy Technology Co., Ltd. , https://www.qdpowerxsolar.com