Part One: The Problem
The current solutions of sensor based perimeter defense have their limitations. Taking home defense as an example, sensors are located at all possible breach points of the perimeter (windows, doors, etc). The alarm is triggered only when there is an actual perimeter breach. It takes time for the alarm company to report to local police and more time for police to send patrol cars. If the attackers are determined to finish the task quickly and take off before police can arrive, the chance of getting away is very high.
There is one important additional weakness: this traditional method is limited to what information the sensors pick up. The old methods have no capability of identifying the reconnaissance, which happens very often before potential breaches.
Part Two: The Solution
Most attackers carry cell phones during reconnaissance and the actual breach. This means the chances that a new cellular device will show up near the (potential) breach site is very likely.
I propose a solution of using software-defined radio to simulate cell tower signals within a short range, near the protected perimeters of a site. Through the analysis of abnormal devices within a certain range of the perimeter, we can:
* Identify potential threats (reconnaissance, following, etc).
* Post-breach investigation (by providing cellular device info).
* Conviction (crime scene presence through the location of the device).
Part Three: Technical Implementation Details
SDR Configuration
* (The following SDR config is done only to a short range around the protected perimeter.)
* Use SDR to simulate the cell tower within a short range.
* SDR will force cell phones to downgrade to 2G for information gathering.
* Frequency to power on the SDR. The SDR will NOT always be powered on. It only powers on every 30 minutes, for 1 minute.
* SDR will capture the phone number, active time, and location (directions related to the SDR).
Data Storage
The following data will be stored and encrypted:
* Phone number
* Active time
* Location (relative to the SDR)
Data Analysis
* Normal pattern (learning process): 1) Devices frequently showing up near perimeter (neighbours). 2) Devices only showing up at certain times of the day (mail delivery, garbage pickup, etc).
* Exception pattern: Devices near perimeter that have never show up before (potential reconnaissance).
Identify intrusion: Devices inside the perimeter that have never show up before.
* Correlating the exception pattern with intrusion: identify and note the reconnaissance activity.
Part Four: Limitations and Thoughts
Limitations
* The solution assumes attackers carry cellular device during the recon or breach.
* The location and direction of the device is based on signal strength and is therefore not guaranteed to be accurate.
Integrate with Other Solutions
* Integration with existing perimeter defense solutions
* Trigger the action of drones for 1) vehicle identification 2) real time images
Part Five: Video Demo
Disclaimer:
This article and any related technical detail was prepared or accomplished by the author in his personal capacity. The opinions expressed in this article are the author's own and do not reflect the view of author’s employer