1 / 32

Welcome

If there were no errors, the receiving radio sends an acknowledgement packet (ACK) to the ... Each radio frequency packet you send over a Locus radio is encrypted, ...

Kelvin_Ajay
Download Presentation

Welcome

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome! ISA Wireless Communications Conference April 15-17, 2003 Memphis, TN “Ensuring Security in Wireless Applications” John Callison, Regional Sales Manager Locus, Incorporated www.locusinc.com

  2. Today’s Agenda • Who is Locus? • Security--What’s the Big Deal? • Security Safeguards • Frequency Hopping Spread Spectrum (FHSS) • CRCs and ARQs • Encryption-- Where and How Makes all the Difference • Proprietary vs. Open Architecture • Security Issues With 802.11b • Authentication & TKIP

  3. Locus Profile • Founded in 1979 in Madison, WI • Privately-held • 35 experienced team members • Two product lines: • Industrial radios • Loran-C timing and navigation receivers • Customers include: • Motorola, USCG, Leica Geosystems, and AMCO Automated Systems

  4. Why is Locus Qualified to Talk About Wireless Security? • Locus has been designing and supporting secure wireless networks for 25 years • Security is of utmost importance to our customers which span military, governmental, municipal and industrial sectors • We engineer our own products, own our code, and create our own architecture

  5. Security. What’s the Big Deal? • Depending on your industry, security may or may not be an obvious issue • Regardless, giving unauthorized people access to your data is risky • Access means a person cannot only see your data, they can change your data and share your data!

  6. Wireless Security Safeguards • Frequency Hopping Spread Spectrum Technology (FHSS) • CRCs and ARQs • Encryption at the firmware level • Proprietary, non-open architecture

  7. Frequency Hopping Spread Spectrum, Basics (FHSS) • A transmitted signal is spread over a wide frequency band • What is sent over the air is intentionally “different” from actual data • The benefits of spreading the signal are: • signal is immune to unwanted noise/interference • signal is immune to snooping/access

  8. FHSS, continued... • Locus radios signals “hop” among 79 frequencies in the 2.4ghz band in a predetermined, apparently random pattern unique to that network • Spread Spectrum is different from Direct Sequence which continuously spreads data over a wide portion of the frequency band instead of hopping

  9. Frequency Hopping vs. Direct Sequence Spread Spectrum

  10. FHSS, continued... • Each radio network utilizes its own frequency hopping pattern

  11. FHSS, continued... • Only radios in that network can detect and communicate with other radios in that network • A radio from another network would have a different hopping pattern • A different brand of radio may or may not utilize FHSS at all, but if it did, its hopping sequence would also be different from a Locus radio network

  12. FHSS, continued... • Frequency hopping is less vulnerable to interference, because the frequency is always shifting • It is very difficult to intercept a frequency hopping communication; one must jam the whole band to attack

  13. Cyclic Redundancy Checks (CRCs) & Automatic Resend Queries (ARQs) • Security means more than knowing someone else isn’t seeing your data • It means knowing your ARE seeing your data! • Locus uses CRCs and ARQs to make sure you are receving error-free data

  14. What’s a Cyclic Redundancy Check? • A Cyclic Redundancy Check (CRC) is an industry standard method of ensuring data integrity • To ensure that a message made it to the destination intact, the most straightforward method would be to check it “word for word” or “bit for bit” to make sure that it is what it should be • But that would mean sending the message at least twice so that two messages could be compared with each other to make sure that they agree!

  15. CRCs, continued... • So, as not to waste that bandwidth, a shorter representation of the message is tacked on the end, called the CRC • Since the CRC is shorter than the actual message, it isn’t a perfect “bit for bit” check of integrity, and the longer the CRC, the better its ability to flag an error in the message • Common CRC lengths range from 8 bits to 32 bits • The 32-bit CRC that Locus uses, in conjunction with the rest of the correlation mechanisms in the radio, ensure that packets passed to the user contain accurate data only

  16. What’s an Automatic Resend Query? • An Automatic Resend Query (ARQ) is a method of “asking” that a packet be re-sent from one radio to another if the packet arrived with an error originally • Locus radios use a common communications method between radios to have packets resent if they are received in error, and the sending radio transmits the packet over the air • The receiving radio checks the CRC to make sure it received the packet without errors

  17. ARQs, continued... • If there were no errors, the receiving radio sends an acknowledgement packet (ACK) to the sender indicating that the message was received intact • If the sender does not receive the ACK, it resends the message (up to a specified amount of time) until it does receive the ACK

  18. CRCs & ARQs in Summary • Your data travels in packets, which like trains, have engines and cabooses (starts and stops) • Radios are looking for those starts and stops in CRCs • If an error is detected, the radio will issue an ARQ which says, “Send that one again!” • This all happens transparently, behind-the-scenes

  19. Encryption. What is it? • Essentially, encryption is disguising your data • “Keys” are used to mask your data • The encryption used today is known as ARC4 with 128 bit key • In addition, Locus implements an algorithm in its encryption which significantly distances the key from the encrypted data

  20. Encryption, continued... • Each radio frequency packet you send over a Locus radio is encrypted, and the encryption happens INSIDE THE RADIO • This means that no un-encrypted data passes over the air • Since the encryption happens INSIDE THE RADIO, it is impossible to intercept the data stream

  21. Encryption, continued... • The data can only be deciphered by the receiving Locus radio • Locus radios also discard improperly encrypted data (possibly foreign or introduced) so it is virtually impossible for someone to (intentionally or accidentally) add data to the Locus data stream

  22. Proprietary Architecture • Locus radios do not conform to open standards, they are designed only to talk with one another • Third-party radios cannot circumvent Locus security, nor can freeware programs such as AirSnort because they have different architecture • No other radio uses the same architecture that Locus does

  23. In Summary… • In order for Locus radio data to be accessed • The radios must be Locus radios • The radios must be on the same Locus radio network • The radios must be on the identical frequency hopping channel • Both must have the same encryption key • Both must have Locus’ proprietary architecture

  24. 802.11b • Wireless devices such as 802.11b (Wi-Fi radios) are intended for consumer and office applications, not harsh industrial settings • They are specifically designed to meet open standards and are intended to be easily interfaced to other similar devices • What makes 802.11b radios “open” also makes them vulnerable and less secure

  25. Increasing 802.11b Security 802.1x Authentication TKIP Encryption

  26. Authentication • Authentication is the process by which 2 radios link to each other • “Open System” and “Shared Key” are the common authentication schemes in 802.11b • In both, the Access Point validates that the client (PC) is allowed to communicate with it • “Open System” uses no encryption • “Shared Key” does request that the client returns a message that has been encrypted and verifies that it matches its own before granting access...

  27. Authentication, continued... …however, it is easily possible for an unwanted user to pretend to be an Access Point and grant access to it, without having any key at all. The “rogue” Access Point can then begin listening to the encrypted data of the client and work on cracking the encryption key.

  28. Authentication, continued... Locus prevents unwanted authentication in that both of the radios that form a link must share the same encryption key BEFORE the link is established. If both radios do not have PRIOR knowledge of the key, the radios will not link and the encrypted data does not pass.

  29. Standard 802.11 b Encryption • Off-the-shelf 802.11b encryption is flawed in that it is possible to inspect encrypted data, then work your way back to the key that generated it.

  30. What is TKIP Encryption? • Temporal Key Integrity Protocol • distances the encryption key from the actual data by performing several alogorithms to the key before generating the encrypted data • performs dynamic key management (changes the temporal keys frequently) • performs message integrity checks to prevent forgery and replay

  31. In Summary Wireless is made secure through: • Inherent security within Frequency Hopping Spread Spectrum (FHSS) technology • CRCs and ARQs • Varations of encryption & authentication • Proprietary or non-open architectures

  32. Thank You! Any Questions? John Callison, Regional Sales Manager callison@locusinc.com www.locusinc.com

More Related