| 发明名称 |
DETECTION OF SPOOF ATTACKS ON LOCATION BROADCASTING BEACONS |
| 摘要 |
Spoof attacks on location based beacons are detected. A stream of beacons (e.g., IBEACONS) comprising at least a unique source identifier is generated. The stream of beacons is broadcast over a wireless communication channel to mobile devices within range. A list of broadcasted beacons is stored in a table along with a time and location of broadcast. Subsequent to broadcasting, a stream of beacons is detected. The detected beacon stream comprises a unique source identifier along with a time and a location of broadcast. The unique source identifier, the time and the location of at least one beacon of the detected beacon stream can be compared to the unique source identifier, the time and the location of at least one beacon of the broadcast beacon stream. Responsive to a match between the unique source identifiers and a mismatch of at least one of the time and locations, it is determined that the broadcast beacon stream has been spoofed by the detected beacon stream. Once a spoof has been detected, various remediation actions can be taken, such as sending alerts to admin, cautioning end users, and other security mode procedures. |
| 申请公布号 |
US2017026408(A1) |
申请公布日期 |
2017.01.26 |
| 申请号 |
US201615286532 |
申请日期 |
2016.10.05 |
| 申请人 |
Fortinet, Inc. |
发明人 |
KAUSHIK Anil |
| 分类号 |
H04L29/06;H04W12/12 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer-implemented method in a wireless networking device for detecting spoof attacks of location broadcasting beacons, the method comprising the steps of:
detecting a first stream of beacons comprising at least a first unique source identifier, and a packet sequence number with a broadcast time for each beacon, over a wireless communication channel; storing the unique source identifier along with a sequence number and a time of broadcast for at least one of the first stream of beacons; subsequent to detecting the first stream, detecting a second stream of beacons, the detected beacon stream comprising at least a second unique source identifier along with a packet sequence number and a broadcast time for each beacon; comparing the first and second unique source identifiers, packet sequence numbers and broadcast times of the at least one of the first stream of beacons; and responsive to a match between the first and second unique source identifiers and packet sequence numbers, and a mismatch of at least one of the times, determining that the first broadcast beacon stream has been spoofed by the second beacon stream. |
| 地址 |
Sunnyvale CA US |
