Slashdot Mirror
Office Surveillance: Locating And Tracking 802.11b
securitas writes "The NY Times recently ran an article about locating and tracking users of 802.11b WiFi networks in three dimensions using triangulation (Google) with multiple base stations. The goal is to create context-aware networks that can allocate bandwidth and provide location-based services such as uploading relevant information to a PDA. The article can be seen in a new light when coupled with the growth in workplace surveillance of employees by corporate executives (Google / short version at IHT) and the associated practical, ethical and legal problems. Interlink Networks 802.11 wireless detection and tracking white paper (PDF)." (This seems as good a place as any to mention Kensington's handheld 802.11 detector; they claim it to be the only such device on the market today. This is the cheapest detector I've seen; have the others all disappeared?)
I thought that was obvious??
-
If you keep throwing chairs, one day you'll break windows....
I think Radio Detectors work fairly well, too, but they don't tell you whether it's 802.11x or not, so I guess that is pretty good.
The only WiFi detector on the market today
Completely hassle free -- no more booting up your notebook to find a WiFi signal
Instantly detects WiFi networks with the press of a button
Three lights indicate signal strength
Messrs Kensington, could you make a version that
1) doesn't require me to push a button to detect WiFi networks (i.e. works continuously)
2) has a connector for an external antenna and an optional car lighter plug to power it
3) has a 4th led to indicate if the network uses encryption or not ?
I believe such a device would sell very much better. Thank you.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Do I see Google links in that article? ;)
--
One by one the penguins steal my sanity...
The signal gets weaker as it passes through walls. Therefore, the signal strength can not be easilly be correlated to a distance from the base station for purposes of triangulation.
Triangulation traditionally relies on measuring distance through signal strengths and so is limited to an outdoor environment, where the signal loss per kilometer can be predicted with much greater accuracy than in an indoor environment.
The article is short on technical details -- did they somehow also enter a 3D-model of how the building weakens radio signals, and use that in order to create three 3D-shapes at the point of intersection the transmitter can be located? Just like traditional triangulation, but with weirder shapes than simple spheres...
Perhaps a better way would be to use "ping" to check the travel times, rather than the signal strength, compensating for any delays imposed by TCP/IP-stacks and hardware etc. Is this even possible, or is the Signal/Noise ratio just too low?
In the article they mention the use of this in a hospital to push patient information to a handheld the doctor is carrying when doing rounds.
Instead of triangulating (requiring more power) wouldn't it be simpler and possibly quicker to outfit each bed with e.g. a rfid tag?
This seems an overly complex solution to a, relatively, simple problem.
The rfid would also be a plus when the patient is being transfered in his bed (from his room to the or)
A troll? Or just someone thinking too fast? Either way I'll bite.
They provide any information you put in it. You could conceivably put an RFID tag on the hospital bed that said "I AM BED NUMBER 37" and the RFID receiver would get this information and know where it was.
This is a pretty stupid approach from the communications theory point of view. 802.11b frames contain a pretty long preamble in front of the packet header and data payload. This preamble (basically 11-bit barker sequences convolved with a prn-sequence) have excellent autocorrelation characteristics since they must be used for time and frequency syncronization at the RX station.
By cross correlating the received signal with the (known) barker sequence at all three base stations precision would be increased drastically as it would be possible to measure the actual time lag (->way) the signal took to the receiver.
AirTrafis a 100% passive packet sniffing tool for the wireless 802.11b networks. It captures and tracks all wireless activity in the coverage area, decodes packets, and maintains acquired information associated by access points, as well as detected individual wireless nodes. It dynamically detects any access points in the area, finds association between wireless clients and access points, and builds information table for each packet that is transmitted via the air. AirTraf is able to maintain packet count, byte information, related bandwidth, as well as signal strength of nodes.
Positioning in office environments using WLAN really isn't that new. Microsoft did it in 2000 with the RADAR system (http://citeseer.nj.nec.com/bahl00radar.html), and loads of people have tried since.
:-(
There are two approaches to it:
1. Use signal strength to estimate range and then multilaterate. This usually does a poor job because you can't match distance reliably to signal strength because of wall attenuation etc. Also, most WLAN systems quantize the signal strength into a few bins.
2. Pattern recognition. Have a calibration phase where you put the device in lots of positions around the office, measuring the signal strengths to various stations. Record all this. Then try to match what you're seeing to this database of strengths to localise yourself. Problem is, the radio environment changes VERY easily, so you need lots of points in calibration. Plus, if the environment changes, so do the signal strengths!
The best I've seen for a WLAN system achieved accuracy to about 2 metres. That used quite a few WLAN dase stations, too. And they had a fair error on that too - enough that you wouldn't be able to guarantee which office you're in...
Location indoors is a tricky business. It's an active research area. The best so far is based on ultrasonics (the Bat system at (www.uk.research.att.com/bat). UWB looks good too (www.ubisense.net).
The same discussion seems to be popping up every 6 months or so. Check out what companies such as Ekahau and BlueSoft are offering.
there used to be idetect, from www.idetect.co.sg.
based in singapore, i mailed them for prices, but they only had a product samples available, no real production was going on. now their site is down, have they dissapeared? their wifi finder was featured in wired magazine a few months back.
This article on Computerworld talks about tracking down unauthorized access points.
They were tracked and located.
One line blog. I hear that they're called Twitters now.
Erricsson MPS allows for location aware services on GSM phones. I've seen a demo from a WAP (hehehe) site that showed your location on a map, but that was a few years ago. I haven't seen anything after that.
ERRICSSON'S MOBILE POSITIONING SYSTEM (MPS)
The Ericsson mobile positioning system (MPS) (to be delivered to the Taiwanese company) is a server based solution that allows positioning services to be introduced into any GSM network that has Ericsson switching systems. The system will work with any GSM standard radio network and all existing GSM phones. At the heart of the Ericsson MPS is the mobile location centre (MLC), a system that allows user applications to access position information for GSM phones. An application programming interface (API) will be available to allow the development of custom applications. The MLC also handles access security and protects subscriber privacy by allowing GSM users to choose whether or not their phones and other devices are tracked.
Could this be used to stop war-driving, by not letting anybody in that hadn't the right 2d/3d position (eg: inside the company)?
It would probably not stop sniffing, but possibly it could prevent a break-in?
It occurs to me that this system could seal a major hole in the concept of wireless security. As we all know, the biggest problem with trying to lock down a wireless network is that it's basically just a radio broadcast and anyone within range can easily tap into the signal (whether they can get anywhere from there is another matter, but theoretically it's always possible to crack through software guards). But if the triangulation worked well enough, then a system could be set up to, say, detect if a client is sitting on the ground in the alley next to the building, and if so shut off the connection to that client. Or it could be used to limit wireless access to only clients in certain offices or floors - no access for random people in the lobby, for instance.
Karma: Chameleon (mostly affected when you come and go, you come and go)
With this in place I just have to set up my laptop so that the network card turns on and off at the right times, and my boss can just sit in his office with that smug look thinking that I'm working my tail off while I'm sitting in the star bucks with my laptop working away.... Oh kr4p. Does Kensington sell an 802.11b emitter?
Now my boss can track me down to the bathroom if I keep my PDA with me
KappaStone
Following the links, Kensington doesn't list an MSRP or sell it directly, but the other links indicated the "going rate" for the toy is $22.00, and I think that's well within budget for a computer toy.
It could really use an external antenna though. If it had this, (or if the unit itself exhibited some amount of directional reception?) then it would be much more useful to find the actual location (down to say, which building on the storefront) the hotspot was at. The closer bench gets the better connectivity!
Maybe someone will post a hack shortly that shows how to jurry-rig an antenna port on the little bugger. I'd also like to "me too" a previous post that suggested an external power connection. Just keep the puppy sitting on your dash whilst driving around town until the green lights start climbing up.
Was anyone able to spot where these could be bought at? (this really looks like something ThinkGeek would carry)
I work for the Department of Redundancy Department.
I bought mine yesterday at the local Best Buy and they had at least a dozen. There's probably not a huge demand for this in Indiana though...
The thing doesn't work all that well. You press the button, then for two minutes it scans. I was 10 feet away from my WAP and it didn't show a signal. 8 feet: full signal, 12 feet: full signal - all within line-of-sight. It's a fun toy for $30, but It'd not a very practical/reliable tool.
Although it is fun to walk around downtown holding this little credit-card looking thing and acting like you're searching for radioactive emmisions... People get nervous when you point it at them and yell "Ah ha! It's YOU!" especially when it's right in front of a Borders book store and it's lit up like a Christmas tree.
Self realization: I was thinking of the immortal words of Socrates, who said: "I drank what?"
One pertinant thing I noted in the article was the following:
As part of that work, Dr. Junglas modified a Wi-Fi network that operated in the business school's two buildings so that each of its many base stations had a radius of about 15 feet.
Emphasis mine. This is an insanely dense network of AP's! At over $100 a pop for a cheap one, it seems wildly impractical to simply use stock access points with software corelation to figure out where people are - assuming such density is required.
In a commercial deployment, AP's are going to be deployed in such a way as to give good coverage without costing too damn much. ie: as few AP's as will give adequate coverage for the site.
There are other solutions, of course. Using a phased array antenna (sorry, no cool rotating dish) to get a direction and using signal strength to approximate range (random attenuation in the site will have a large affect on accuracy) or using multiple antennas in fixed locations to triangulate a source location (the more vectors you can get, the more accurate your fix will be) Using signal timing between different AP's (time difference between arriving signals) is plausible, but would add considerably to the cost (current AP's aren't equipped with ultra accurate clocks and transmission times over the network aren't accurate enough for the purpose.)
Phased arrays for direction finding use precise measurements between antenna elements to get their accuracy. They effectively use a harmonic tone to determing the shift angle between antennas, and thus the relative direction to the source. Accurately placing and orienting the AP's would be vital.
Locating wireless source points isn't exceptionally hard, and could be rather useful. But accuracy costs. Existing AP's would give limited accuracy, so this study used lots of them. More acurate location capability on an AP would cost more.
Take your pick.
Never attribute to malice what can as easily be the result of incompetence...
I'm just as whiney as the next guy about Big Brother, but businesses monitoring their facilities for 802.11 traffic is not about Big Brother, it is about network security. What use is hardening your wired network if someone can put a $99.00 wireless access point on your network and open a gaping hole in your security. For this reason it seems prudent network security to monitor for these "rogue" wireless access points. We use a product called AirMagnet, which is an iPaq based, packet sniffer developed by the guy who developed NetXray (now known as Sniffer) to periodically survey the facilities for these rogue access points. We've have added a 4db gain directional antenna to really hone in on these access points. Another advantage of this product is that we can use it to ensure that our legitimate wireless access points are configured securely. It would be nice to have a distributed system to perform these surveys automagically, but the solutions I have seen (including AirMagnet's) are a bit cost prohibitive. Most people wouldn't consider packet sniffing, intrusion detection, and other wired network monitoring as "workplace surveillance", so why rail against 802.11 sniffing as another example of Big Brother's "workplace surveillance"? What you call surveillance in this example, I call basic network security.
The signal gets weaker as it passes through walls. Therefore, the signal strength can not be easilly be correlated to a distance [...]
Perhaps a better way would be to use "ping" to check the travel times, rather than the signal strength, compensating for any delays imposed by TCP/IP-stacks and hardware etc. Is this even possible?
It's possible. But IMHO indoors the variability of the response time of the processor to the message will probably introduce far too much jitter for the result to be useful. Finding the right neighborhood, or even the right house, yes. Finding the right desk, no.
But I understand that some of the underlying net-discovery and scheduling protocols (where the cards are talking directly to each other and picking times to transmit) give you a much better measurement of transit time, which may be good enough for the purpose.
Perhaps someone with more intimate knowlege can fill us in.
= = = = =
Given a good measure of transit time, two base stations can construct a hyperboloid on which the mobile is located. (With uncertainty it's actually the space between two hyperboloids.) Add a third and you intersect two hyperboloids, giving you a curved line. Add a fourth and you've got it located to a single point (or two points if all four bases are in the same plane).
It's basically GPS or LORAN run backward (with an extra base station relative to LORAN to give you altitude, since you don't know you're "on the ocean's surface").
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way