Wireless Sensor System

  • Uploaded by: Manasvi Mehta
  • 0
  • 0
  • June 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Wireless Sensor System as PDF for free.

More details

  • Words: 10,554
  • Pages: 136
Wireless Sensor Systems: Security Implications for the Industrial Environment Dr. Peter L. Fuhr Chief Scientist RAE Systems, Sunnyvale, CA [email protected]

Dr. Peter Fuhr, Presenter: 480+ publications&presentations in wireless sensor networking arena. Old-timer in this area…etc etc.

RAE Systems Inc. • Pervasive Sensing Company based in Silicon Valley founded in 1991 Capabilities – Radiation detection • Gamma and neutron

– Chemical/vapor detection • Toxic gas, VOC, combustible gas, oxygen, CWA, temperature, humidity, C02

– Redeployable sensor networks – Mobile and fixed wireless monitors – Cargo Container Sensor Systems

ISA Wireless Security, P. Fuhr

2

Contributors

A number of individuals have provided “content” for these slides. They include: Wayne Manges, Oak Ridge National Laboratory Robert Poor, Ember Pat Gonia, Honeywell Hesh Kagan, Foxboro/Invensys Kang Lee, NIST Tom Kevan, Advanstar Ramesh Shankar, Electric Power Research Institute Larry Hill, Larry Hill Consulting Rob Conant, Dust Rick Kriss, Xsilogy Gideon Varga, Dept of Energy Jack Eisenhauser, Energetics Michael Brambley, Pacific Northwest National Labs David Wagner, UC-Berkeley Undoubtedly, there are other contributors too (apologies if your name is not listed). ISA Wireless Security, P. Fuhr

3

Wireless Sensor Networking …it’s not cellular telephony …it’s not just WiFi...(and it just may be the next big thing)

Each dot represents one cell phone tower. Wireless devices circa 1930 ISA Wireless Security, P. Fuhr

4

Sensor Market: $11B in 2001 Installation (wiring) costs: >$100B • Fragmented market  platform opportunity • Installation cost limits penetration  reducing installation cost increases market size

Highly Fragmented Sensor Market Freedonia Group report on Sensors, April 2002

ISA Wireless Security, P. Fuhr

Slide courtesy of Rob Conant, Dust 5

Industrial Market Sizing Sensor Networking Products •

North American Market for Wireless products used in Applications where transmission distances are 1 mile or less: – – –



Largest Application areas: – –



2002 Total: $107 million 2006 Forecast: $713 million 2010 Estimates: $ 2.1 billion

2002: Tank Level Monitoring, Asset Tracking, Preventative Maintenance 2006: Tank Level Monitoring, Preventative Maintenance, Environmental Monitoring

Conclusions: – – –

Rapid Growth in Industrial markets Tank Level Monitoring will remain a significant opportunity Key ‘ User’ Needs: • • •

Lower Costs over Wired (or Manual) Solutions Education of Potential Customers on the Technology Demonstration of Operational Reliability & Application ‘ Domain’ Knowledge

ISA Wireless Security, P. Fuhr

Slide courtesy of Rick Kriss, Xsilogy

6

The True cost per monitored node – to the End User Higher

Higher

SPARSE

DENSE Bluetooth, 802.15.4, WiFi etc

1xRTT, FLEX SAT, etc

Installation Costs

3-Yr TOC $$ $

Design For Here

Lower

Lower Meters $

ISA Wireless Security, P. Fuhr

Radio RF Range (dB)

Miles $$$$$

Slide courtesy of Rick Kriss, Xsilogy

7

What to do with the data? Parameter of Interest Chemical Electrical Mechanical Thermal Radiation Optical Magnetic

Output Signal Measurement System

Sensor

Modifier

Output Transducer

Chemical Electrical Mechanical Thermal Radiation Optical Magnetic

Power Supply

Great! But how do you get the output signal from the sensor to the location where the information will be interpreted (used)?

Traditionally the output of the sensor was hardwired to some form of interpretive device (e.g., PLC) perhaps relying on a 4-20mA signal…

ISA Wireless Security, P. Fuhr

8

Outline: 1. Security? Who needs it? 2. How is security achieved in a wired channel? 3. The Situation for Wireless (its RF in an industrial setting. Spectrum, modulation, encryption, spatial…)

4. Security within various Wireless Delivery Schemes (cellular, WiFi, 802.15.4, Bluetooth, others…)

5. An Integrated Solution 6. The Big Review

ISA Wireless Security, P. Fuhr

9

Oh, who needs security in a wireless channel anyway!

(pretty ridiculous statement isn’t it! ISA Wireless Security, P. Fuhr

10

Let’s ask some experts: WINA meeting, Coral Gables, Sept. 2003

www.wireless4industrial.org ISA Wireless Security, P. Fuhr

11

What’s a WINA?

In the spring of 2003, the Wireless Industrial Networking Alliance (WINA) was formed to promote the adoption of wireless networking technologies and practices that will help increase industrial productivity and efficiency. WINA will be holding a 1.5 day meeting at ISA-HQ in RTP, NC on Feb 11/12 – right after the ISA Wireless Security Expo and conference. Check out www.wireless4industrial.org for WINA meeting details AND www.isa.org/wireless for the ISA Wireless Security conf details! ISA Wireless Security, P. Fuhr

12

Back to the Question: Who needs security in a wireless channel anyway!

ISA Wireless Security, P. Fuhr

13

Strategy Workshop Participants •

Suppliers (13)



System integrators (6)



Industrial end users (10) – Energy/Utilities – Chemicals – Forest Products – Petroleum – Automotive

– Electronics



Industry analysts/venture capitalists (3)



Others (associations, government, media, researchers)

ISA Wireless Security, P. Fuhr

14

End-User View of Industrial Wireless Likes • Mobility • Compactness • Flexibility • Low cost • Capability to monitor rotating equipment • Short range (security) • Ease of installation • High reliability • Impetus to enhance electronics support

ISA Wireless Security, P. Fuhr

Dislikes • Change to status quo • Complexity • High cost for coverage in large plants • Security issues • Portability issues (power) • Unproven reliability • Too risky for process control • Lack of experience in troubleshooting (staff) • Restricted infrastructure flexibility once implemented • Lack of analysis tools

15

Technology Group: Key Issues • Security – Jamming, hacking, and eavesdropping • Power • Value (clear to customer) • Interoperability – Co-existence with other facility networks, sensors, collectors, technology • True engineered solution (sensors, collectors, etc.) • Assured performance & reliability/MTBA* • Software infrastructure, data, & systems management • Robustness (at least as good as wired) • RF characterization (radios, receivers, environments) ISA Wireless Security, P. Fuhr *mean time between attention

16

Technology Group: Criticality Varies by Application (5 = most critical) Alarm

Shutdown

Biz WLAN

3-5

5

5

1

2-3

3-5

5

5

1

Raw Thru-put (node / aggr.)

2/5

2.5 /2.5

1/4

1/1

1/5

Scalability (Max.# nodes)

5

4

4

1

2-3

Data Reliability

1

5

5

5

2

1-5

5

5

5

5

Low Cost

5

2

1-3

1

2-3

Gateway Technology

5

1

3-4

1

1

Engineered Solution

1

5

4

5

3

Monitor

Control

Latency

2-3

Device Reliability

Attributes

Security

ISA Wireless Security, P. Fuhr

Applications

17

Industrial CyberSecurity

• The Case of Vitek Boden

ISA Wireless Security, P. Fuhr

18

• On October 31, 2001 Vitek Boden was convicted of: – 26 counts of willfully using a restricted computer to cause damage – 1 count of causing serious environment harm • The facts of the case: – Vitek worked for the contractor involved in the installation of Maroochy Shire sewage treatment plant. – Vitek left the contractor in December 1999 and approached the shire for employment. He was refused. – Between Jan 2000 and Apr 2000 the sewage system experienced 47 unexplainable faults, causing millions of liters of sewage to be spilled. ISA Wireless Security, P. Fuhr

19

How did he do it? • On April 23, 2000 Vitek was arrested with stolen radio equipment, controller programming software on a laptop and a fully operational controller. • Vitek is now in jail… Disgruntled Contractor

Rogue Radio

PLC

PLC

Sewage Plant ISA Wireless Security, P. Fuhr

20

A Favorite 2.4 GHz Antenna

ISA Wireless Security, P. Fuhr

21

WarDriving – 802.11 HotSpots in Silicon Valley

ISA Wireless Security, P. Fuhr

22

WarDriving – 802.11 HotSpots in San Francisco

ISA Wireless Security, P. Fuhr

23

The Question: Who needs security in a wireless channel anyway!

The Answer: We do. So…How do you provide the appropriate level of security within the acceptable price and “inconvenience” margin -> Risk Management! ISA Wireless Security, P. Fuhr

24

Inside vs. Outside? • Where do attacks come from? 90

% of Respondents

80 70 60 2002 2001 2000 1999 1998

50 40 30 20 10 0 ForeignGov.

Foreign Corp.

Hackers

U.S. Com petitors

Disgruntled Em ployees

*Source: “2002 CSI/FBI Computer Crime and Security Survey” Computer Security Institute - www.gocsi.com/losses. ISA Wireless Security, P. Fuhr

25

An “Outside” Example. When? April 2001

ISA Wireless Security, P. Fuhr

26

“Hacker War I”

•In the Spring of 2001, the US got it’s first a taste of a new form of warfare. •Launched from overseas and targeted at US critical infrastructure.

ISA Wireless Security, P. Fuhr

27

Honker Union •Chinese Hacker Group working to advance and in some cases impose it’s political agenda •During the spring of 2001, Honker Union worked with other groups such as the Chinese Red Guest Network Security Technology Alliance •Hackers were encouraged to "...make use of their skills for China..." Wired.com Attack Methods:

ISA Wireless Security, P. Fuhr

Denial of Service Attacks •Website Defacement •E-mailing viruses to US Government Employees •“KillUSA” package

28

Cyberwar • Cyber attacks and web defacements increased dramatically after the start of the war against Iraq. • More than 1,000 sites were hacked in the first 48 hours of the conflict, with many of the attacks containing anti-war slogans. • Security consultants state that the war against Iraq made March the worst month for digital attacks since records began in 1995.

ISA Wireless Security, P. Fuhr

29

Hacker School • North Korea's Mirim College, is a military academy specializing in electronic warfare • 100 potential cybersoldiers graduate every year

ISA Wireless Security, P. Fuhr

30

The Question: Who needs security in a wireless channel anyway?

The Answer: Everyone.

ISA Wireless Security, P. Fuhr

31

Outline: 1. Security? Who needs it?

2. How is security achieved in a wired channel? 3. The Situation for Wireless (its RF in an industrial setting. Spectrum, modulation, encryption, spatial…)

4. Security within various Wireless Delivery Schemes (cellular, WiFi, 802.15.4, Bluetooth, others…)

5. An Integrated Solution 6. The Big Review

ISA Wireless Security, P. Fuhr

32

A few details…

Layered Communications

ISA Wireless Security, P. Fuhr

33

Wired Data Security - Encryption

The “traditional” method involved encrypting the data prior to transmission over a potentially insecure channel. The level of protection rests on the encryption algorithm. (There are a few other factors…such as the physical media.) ISA Wireless Security, P. Fuhr

Slide courtesy of Wayne Manges, ORNL 34

Outline: 1. 2. 3. 4.

Security? Who needs it? How is security achieved in a wired channel? The Situation for Wireless Security within various Wireless Delivery Schemes

(cellular, WiFi, 802.15.4, Bluetooth, others…)

5. An Integrated Solution 6. The Big Review

ISA Wireless Security, P. Fuhr

35

From many perspectives, THIS is what a wireless sensor network can provide.

Wireless Buildings

Key to success: reduced installation costs ISA Wireless Security, P. Fuhr

Slide courtesy of Pat Gonia, Honeywell

36

Modulation E(t) = A(t) cos[ω t + φ (t)] Amplitude Modulation (AM) info is in A(t) Frequency Modulation (FM) info is in ω Phase Modulation (PM) info is in φ (t)

Different vendors use different schemes - and they are not interoperable. P h a s e =0 o P h a s e 1= 8 0o

P h a s e 3= 6 0o (o r b a c k to 0o)

P h a s e 2= 7 0o

ISA Wireless Security, P. Fuhr

37

The FCC Frequency Assignment

Different vendors may use different frequencies within the various ISM bands (green in the diagram).

The ISM bands most commonly used are at 433, 915 and 2400 MHz.

ISA Wireless Security, P. Fuhr

38

Multiple Sensors Sharing the Medium: Multiplexing. FDMA, TDMA and CDMA

ISA Wireless Security, P. Fuhr

39

Binary Signaling Formats • Used to Improve Digital Signal Reception and Decision • NRZ: Non-Return to Zero • RZ: Return to Zero • Unipolar: Only one side of 0V • Bipolar: Both sides of 0V • Manchester: Bi-Phase (“0” in left 1/2 time slot, “1” in right)

ISA Wireless Security, P. Fuhr

40

Narrowband or Spread Spectrum? Narrowband uses a fixed carrier frequency, F0.

The receiver then locks onto the carrier frequency, F0.

Easy to implement (inexpensive). Prone to jamming or interference (two transmitters at the same carrier frequency, F0. Least secure modulation scheme.

ISA Wireless Security, P. Fuhr

41

Narrowband or Spread Spectrum (cont.) ? Frequency Hopping Spread Spectrum. Uses a carrier frequency that varies with time, F0(t).

Invented and patented by actress Heddy Lamarr and her pianist George Antheil.

The receiver must track the time-varying carrier frequency, F0(t).

Relatively easy to implement (inexpensive). Prone to jamming or interference (two transmitters at the same carrier frequency, F0) during any single transmit interval. Hopping rates may be ~1600 hops/second (ala Bluetooth). Very secure modulation scheme (used in military for decades). ISA Wireless Security, P. Fuhr

42

Narrowband or Spread Spectrum (cont.) ? Direct Sequence Spread Spectrum uses a fixed carrier frequency, F0 but interleaves the data with a precise mathematical 0/1 data sequence. (This increases the length of the transmitted information vector making it longer). The information is replicated many times throughout the bandwidth, so if one “lobe” of the information is jammed, the remainder “gets through”. Highly robust technique.

The receiver then locks onto the carrier frequency, F0 receives the signal and then must “undo” the interleaving.

More difficult to implement (more expensive). Most complicated scheme (of these presented). Most secure modulation scheme.

ISA Wireless Security, P. Fuhr

43

DIRECT-SEQUENCE SPREAD-SPECTRUM SIGNALS PN Clock Local PN Clock Local PN Sequence Generator

PN Sequence Generator

Carrier

±1

Wide BP Filter

Data

±1

Carrier

Narrow BP Filter

Phase Demod

±1

Power Spectral Density

Power Spectral Density

fc

Narrow spectrum at output of modulator before spreading

ISA Wireless Security, P. Fuhr

Frequency

Data Clock

Power Spectral Density

“Spread” RFI

RFI

Frequency

Data

fc

Spectrum has wider bandwidth and lower power density after spreading with PN sequence (PN Rate >> Data Rate)

Frequency

fc

Original narrowband, high power density spectrum is restored if local PN sequence is same as and lined up with received PN sequence

44

Narrowband or Spread Spectrum (cont.) ? Which is best?

Each has its pluses and minuses…and each scheme has its share of die-hard advocates and/or naysayers!

Different vendors use these (and other) schemes at different frequencies within the various ISM bands.

ISA Wireless Security, P. Fuhr

From a security standpoint, DSSS is best. 45

Reality

DSSS

ISA Wireless Security, P. Fuhr

FHSS

46

No Matter What…Its Just an Electromagnetic Field

E(t) = A(t) cos[ω t + φ (t)] A(t): amplitude of the wave ω : radian frequency of the wave φ (t): phase of the wave

ISA Wireless Security, P. Fuhr

47

The RF “Footprint” Network “Size”

Personal Area Network: typical radiated power: 0 dBm, size: 10m

Local Area Network: typical radiated power: 20 dBm, size: 100m

ISA Wireless Security, P. Fuhr

48

There are SO many technical questions: such as…

Network Topologies?

Bus Network Tree Network

Ring Network

StarNetwork ISA Wireless Security, P. Fuhr

Ad Hoc Network 49

The Real World Presents the Wireless Channel with Multipath and Attenuation…and…

ISA Wireless Security, P. Fuhr

50

Real World:

Multipath

The Effect

The Cause

ISA Wireless Security, P. Fuhr

51

Real World:

Atmospheric Attenuation at 2.4 GHz

Rayleigh Fading @ 2.4GHz ISA Wireless Security, P. Fuhr

52

Real World:

Signal Attenuation at 2.4 GHz

ISA Wireless Security, P. Fuhr

53

Real World:

And Signal-to-Noise Ratios really do matter!

Anecdotal Evidence: As Frankfurt has increased the deployment of 2.4 GHz wireless surveillance cameras, the background Noise level has increased by 12 dB. (This plays havoc with the BER or for fixed BER, the overall data rate,)

ISA Wireless Security, P. Fuhr

54

Real World:

Which Frequency is Best?

ALERT! ALERT!! Notice that the operation at 2.45 GHz is WORSE than at 900MHz (which is worse than 433 MHz).

ISA Wireless Security, P. Fuhr

55

Outline: 1. Security? Who needs it? 2. How is security achieved in a wired channel? 3. The Situation for Wireless (its RF in an industrial setting. Spectrum, modulation, encryption, spatial…)

4. Security within various Wireless Delivery Schemes (cellular, WiFi, 802.15.4, Bluetooth, others…)

5. An Integrated Solution 6. The Big Review

ISA Wireless Security, P. Fuhr

56

Wireless Data Security: Encryption, Spreading, Interleaving

Wireless networks use a variety of techniques to enhance security, such as spreading and interleaving. These techniques can make the signal virtually undetectable without prior knowledge about the network. This can improve the security of the network by orders of magnitude. ISA Wireless Security, P. Fuhr

Slide courtesy of Wayne Manges, ORNL

57

The Wireless Market GRAPHICS INTERNET

SHORT

< RANGE >

LONG

TEXT

HI-FI AUDIO

STREAMING VIDEO

DIGITAL VIDEO

MULTI-CHANNEL VIDEO

802.11b

LAN

802.11a/HL2 & 802.11g Bluetooth 2

ZigBee

LOW

ISA Wireless Security, P. Fuhr

PAN

Bluetooth1

< DATA RATE >

HIGH

58

Bluetooth vs. the Rest (cont’d) Parameter Technology

802.11 HomeRF Bluetooth 2.4 GHz, DSSS2.4GHz, FHSS 2.4 GHz, FHSS 11 chips/bit 50 hops/s 1000+hops/s Data Rate 11Mbps 1 Mbps 1Mbps Power +20 dBm +20 dBm 0, +20dBm Range 50m 50m 1-10m, 50m Topology 128 devices 128 devices 8 devices, CSMA/CA CSMA/CA Piconet Security Optional WEP Optional Encryption Voice ChannelOptional Optional Yes

ZigBee (proposed) 2.4 GHz,DSSS 15 chips/bit 40 kbits/s 0dBm 100m 100s devices, CSMA/CA Not yet No

Bluetooth – aka IEEE 802.15.1 ZigBee – aka IEEE 802.15.4 ISA Wireless Security, P. Fuhr

59

Side by Side

ISA Wireless Security, P. Fuhr

60

802.11?

ISA Wireless Security, P. Fuhr

61

The Worldwide View of the 802.11 Spectral Space

ISA Wireless Security, P. Fuhr

62

Radiated Field from a single AP (Kansas City)

ISA Wireless Security, P. Fuhr

63

20dB Attenuation Profile for Univ of Kansas Eng Bldg., Mesh and AP deployments

ISA Wireless Security, P. Fuhr

64

WEP (encrypted traffic)

• The industry’s solution: WEP

(Wired Equivalent Privacy)

– Share a single cryptographic key among all devices – Encrypt all packets sent over the air, using the shared key – Use a checksum to prevent injection of spoofed packets

ISA Wireless Security, P. Fuhr

65

Early History of WEP 1997

Mar 2000

802.11 WEP standard released

Simon, Aboba, Moore: some weaknesses Walker: Unsafe at any key size

Oct 2000 Jan 30, 2001 Feb 5, 2001 ISA Wireless Security, P. Fuhr

NY Times, WSJ break the story

Borisov, Goldberg, Wagner: 7 serious attacks on WEP 66

Subsequent Events Jan 2001 Mar 2001

May 2001 Jun 2001 Aug 2001

Borisov, Goldberg, Wagner Arbaugh: Your 802.11 network has no clothes

Arbaugh: more attacks …

Newsham: dictionary attacks on WEP keys Fluhrer, Mantin, Shamir: efficient attack on way WEP uses RC4 Arbaugh, Mishra: still more attacks

Feb 2002 ISA Wireless Security, P. Fuhr

67

WEP Attack Tools • Downloadable procedures from the Internet – To crack the Key: • AirSnort – http://airsnort.sourceforge.net • WEPCrack – http://sourceforge.net/projects/wepcrack/ – To brute force enter into WLAN, • THC-RUT – http://www.thehackerschoice.com/releases.php

ISA Wireless Security, P. Fuhr

68

Wi-Fi Protected Access (WPA) – Flaws in WEP known since January 2001 - flaws include weak encryption, (keys no longer than 40 bits), static encryption keys, lack of key distribution method. – IEEE developing 802.11i standard for enhanced wireless security - Addresses weak data encryption and user authentication within existing 802.11 standard. – 802.11i standard will not be ratified until late 2003, possibly early 2004 outstanding issues. – WPA standard joint effort between Wi-Fi Alliance and IEEE - WPA a subset of IEEE 802.11i standard (Draft 3.0). •WPA provides stronger data encryption (weak in WEP) and user authentication (largely missing in WEP).

ISA Wireless Security, P. Fuhr

69

WPA – Data Encryption – WPA uses Temporal Key Integrity Protocol (TKIP) - stronger data encryption, addresses known vulnerabilities in WEP.

•TKIP chosen as primary encryption cipher suite - Easily deployed and supported in legacy 802.11b hardware compared to other available cipher suites. – TKIP based on RC4 stream cipher algorithm, surrounds WEP cipher engine with 4 new algorithms, 1. Extended 48-bit Initialization Vector (IV) and IV sequencing rules (compared to the shorter 24-bit WEP RC4 key).

2. New per-packet key mixing function.

3. Derivation and distribution method - a.k.a. re-keying.

4. A message integrity check (MIC) - a.k.a. ‘Michael’, ensures messages haven’t been tampered with during transmission.

ISA Wireless Security, P. Fuhr

70

WPA – Data Encryption, cont’d • the Temporal Key Integrity Protocol.

Phase 1 key mixing

Temporal Key TA

Phase 2 key mixing

TTAK Key TSC

WEP seed(s) (represented as WEP IV + RC4 key)

MIC Key

SA + DA + Plaintext MSDU Data

MIC

Plaintex t MSDU + MIC

Fragment(s)

Plaintext MPDU(s)

WEP Encapsulation

Ciphertext MPDU(s)

•DA – Destination Address TKIP – Temporal Key Integrity Protocol •ICV– Integrity Check Value TSC – TKIP Sequence Counter •MPDU – Message Protocol Data Unit TTAK– result of phase 1 key mixing of Temporal Key •MSDU – MAC Service Data Unit and Transmitter Address •RSN – Robust Security Network WEP – Wired Equivalent Privacy •SA – Source Address WEP IV – Wired Equivalent Privacy Initialization Vector •TA – Transmitter Address ISA Wireless Security, P. Fuhr

71

WPA – Data Encryption, cont’d – TKIP implements countermeasures - reduces rate which attacker can make message forgery attempts down to two packets every 60 seconds. – After 60 second timeout new PMK or Groupwise Key generated, depending on which attacked – ensures attacker cannot obtain information from attacked key. – Countermeasures bound probability of successful forgery and amount of information attacker can learn about a key. – TKIP is made available as firmware or software upgrade to existing legacy hardware. •TKIP eliminates having to replace existing hardware or having to purchase new hardware.

ISA Wireless Security, P. Fuhr

72

Bluetooth?

ISA Wireless Security, P. Fuhr

73

BlueTooth- Some Specifications • Uses unlicensed 2.402 - 2.480 GHz frequency range • Frequency hopping spread spectrum 79 hops separated by 1 MHz • Maximum frequency hopping rate: 1600 hops/sec • Nominal range: 10 cm to 10 meters • Nominal antenna power: 0 dBm • One complete Bluetooth data packet can be transmitted within each 625 msec hop slot.

ISA Wireless Security, P. Fuhr

74

Potential Bluetooth Markets

ISA Wireless Security, P. Fuhr

75

Bluetooth Market Forecast

Nov’03: 100M Bluetooth compliant devices worldwide ISA Wireless Security, P. Fuhr

76

Bluetooth Protocol Stack • Adopted Protocols – PPP(Point-To-Point Protocol) – TCP/UDP/IP – OBEX-Session Protocol for IrDA(Infrared Data Association) – Contents Fromat(e.g. vCard, vCalendar) – WAP-Wireless Application Protocol

ISA Wireless Security, P. Fuhr

77

Bluetooth Security • Supports Unidirectional or Mutual Encryption based on a Secret Link key Shared Between Two Devices • Security Defined In 3 modes: – Mode1- No Security – Mode 2 - Service Level Security: Not Established Before Channel is Established at L2CAP – Mode 3 - Link Level Security: Device Initiates Security Before LMP Link is Setup •

Devices and Services can be Set for Different Levels of Security – Two Trust Levels are Set for Devices • Trusted Device: Fixed Relationship and Unrestricted Access to All Services • Untrusted: No Permanent relationship and Restricted Services

ISA Wireless Security, P. Fuhr

78

Bluetooth Security • Devices and Services can be Set for Different Levels of Security – Two Trust Levels are Set for Devices • Trusted Device: Fixed Relationship and Unrestricted Access to All Services • Untrusted: No Permanent relationship and Restricted Services

ISA Wireless Security, P. Fuhr

79

Bluetooth Security • 3 Levels of Service Access – Require Authorization and Authenication – Require Authentication Only – Default Security for Legacy Applications

ISA Wireless Security, P. Fuhr

80

But is this Wireless Link Secure?

Newsflash: Jan 2001: Norwegian “hackers” crack a Bluetooth transmission

ISA Wireless Security, P. Fuhr

81

Analysis of a BlueTooth Transmission

High overhead?

ISA Wireless Security, P. Fuhr

82

802.15.4/Zigbee?

ISA Wireless Security, P. Fuhr

83

IEEE 802.15.4 standard • Includes layers up to and including Link Layer Control – LLC is standardized in 802.1

• Supports multiple network topologies including Star, Cluster Tree and • Features of the MAC: Mesh ZigBee Application Framework Association/dissociation, ACK, frame delivery, channel access Networking App Layer (NWK) mechanism, frame validation, Data Link Controller (DLC) guaranteed time slot management, IEEE 802.2 beacon management, channel scan IEEE 802.15.4 LLC LLC, Type I • Low complexity: 26 primitives IEEE 802.15.4 MAC versus 131 primitives for IEEE 802.15.4 IEEE 802.15.4 868/915 MHz PHY 2400 MHz PHY 802.15.1 (Bluetooth)

ISA Wireless Security, P. Fuhr

84

PHY overview • Speed – 20, 40 or 250 kbps • Channels – 1 channel in the 868MHz band – 10 channels in the 915MHz band – 16 channels in the 2.4GHz band • Modulation – BPSK (868MHz/20kbs) – BPSK (915MHz/40kbps) – O-QPSK (2.4GHz/250kbps)

• Coexistence w/ – 802.11b DSSS – 802.15.1 FHSS – 802.15.3 DSSS ISA Wireless Security, P. Fuhr

85

MAC overview • Security support • Power consumption consideration • Dynamic channel selection • Network topology – Star topology – p2p topology – cluster-tree network topology

ISA Wireless Security, P. Fuhr

86

Device classification • Full Function Device (FFD) – Any topology – Can talk to RFDs or other FFDs – Operate in three modes • PAN coordinator • Coordinator • Device. • Reduced Function Device (RFD) – Limited to star topology – Can only talk to an FFD (coordinator) – Cannot become a coordinator – Unnecessary to send large amounts of data – Extremely simple – Can be implemented using minimal resources and memory capacity ISA Wireless Security, P. Fuhr

87

Transmission management • Acknowledgement – No ACK – ACK – Retransmission – Duplicate detection

• Indirect transmission

ISA Wireless Security, P. Fuhr

88

Security • Unsecured mode • ACL mode – Access control

• Secured mode – Access control – Data encryption – Frame integrity – Sequential freshness

ISA Wireless Security, P. Fuhr

89

Scalable Security • Assume the attacker can deploy own nodes (can create a “ring” at some distance from controller)[Wisenet 2003] • Enemy nodes “mimick” the mesh nodes; they ACK the “health inquiry” as if everything was OK – but they do not forward to the rest of the net • The rest of the network is virtually cut off from inspection by controller • Need secure key and a random seed that changes at each round

ISA Wireless Security, P. Fuhr

90

What About: 1451.5? 1xRTT? SAT? CDPD? Others? No time this morning!

ISA Wireless Security, P. Fuhr

91

Outline: 1. Security? Who needs it? 2. How is security achieved in a wired channel? 3. The Situation for Wireless (its RF in an industrial setting. Spectrum, modulation, encryption, spatial…)

4. Security within various Wireless Delivery Schemes (cellular, WiFi, 802.15.4, Bluetooth, others…)

5. An Integrated Solution 6. The Big Review

ISA Wireless Security, P. Fuhr

92

There are SO many technical questions: such as…

Integrated Industrial Networks?

If the sensor network is to integrate into an industrial setting, then you should be cognizant of the Industrial Networking arena. ISA Wireless Security, P. Fuhr

93

Industrial Device Network Topology



Typically, three layers of networking make up enterprisewide networks. Ethernet acts as the company's intranet backbone, and it's linked to controllers or industrial PCs, which supply strategic data to the enterprise. An industrial network, or fieldbus, links sensors and smart devices. A gateway (not uncommon in a large system with lots of devices) links devices that have only RS-232 or RS485 ports to the fieldbus system.

ISA Wireless Security, P. Fuhr

94

Industrial Device Networks • General characteristics for industrial device networks have arisen.



Obviously the complexity of the network increases as the functionality is increased.

ISA Wireless Security, P. Fuhr

95

Classification of Industrial Networks

• Three logical groupings of instrumentation networks used in an industrial setting. • There are over 100 different proprietary networks in the field.

ISA Wireless Security, P. Fuhr

96

Inside Security Incident • Employee attacks PLC in another plant area over PLC highway. • Password changed to obscenity, blocking legitimate maintenance and forcing process shutdown. Plant Highway Disgruntled Employee PLC

Steam Plant

PLC

PLC

PLC

Paper Plant

* Source: BCIT Industrial Security Incident Database (ISID) ISA Wireless Security, P. Fuhr

97

Network Positioning Data

+

+

+

-

Ethernet TCP/IP

Functionality

DeviceNet Other CAN SDS

Complexity

ControlNet Foundation Fieldbus H2 Profibus-FMS Profibus-DP Data Highway+ Interbus-S Modbus Plus Remote I/O Fieldbus H1 Profibus-PA Modbus HART

-

ISA Wireless Security, P. Fuhr

-

ASi, Seriplex, Hardwiring, RS485 etc.

Cost

+ 98

Too Focused on Internet Issues? • Myth #1: Our SCADA/PLC/DCS is safe if we don’t connect to the Internet. • Myth #2: Our Internet firewall will protect our control systems. • Myth #3: Our IT department understands process control issues and security.

ISA Wireless Security, P. Fuhr

99

Is Industrial Comm Security Too Focused on Internet Issues? Enterprise Resource Planning Manufacturing Logistics

Internet

Production Planning

Firewall

Remote Engineering

Enterprise Network

Production Networks Ethernet Programming Stations

PLC

SCAD A Control Network PLC

)))))

Handheld Operator Terminal

802.11 WLAN Field Devices

Process Historian

WarDialing Attack Modem

OEM

Source (used by permission): Interface Technologies, Windsor, ISA Wireless Security, P. Fuhr CT, 2002

100

Outline: 1. Security? Who needs it? 2. How is security achieved in a wired channel? 3. The Situation for Wireless (its RF in an industrial setting. Spectrum, modulation, encryption, spatial…)

4. Security within various Wireless Delivery Schemes (cellular, WiFi, 802.15.4, Bluetooth, others…)

5. An Integrated Solution 6. The Big Review

ISA Wireless Security, P. Fuhr

101

Bit Rate vs. Quality of Service

How Many Bits are Needed?

The more bits you xmit, the more power you consume! ISA Wireless Security, P. Fuhr

102

Coding vs. Quality of Service

Is Coding Really Necessary?

ISA Wireless Security, P. Fuhr

103

Direct Sequence Spread Spectrum

ISA Wireless Security, P. Fuhr

104

Comparing Wireless Tech. DSSS

RF Power Battery life Medium Low longest

Numbers In Area High

FHSS

Long

Short

Medium

UWB

Medium Lowest

short

High

Narrow band

Longest

short

Lowest

ISA Wireless Security, P. Fuhr

Range

High

highest

105

Technology Beats Marketing in Performance! T e c h n o l o g y v e r su s A ttr i b u te s S u m m a ry C h a rt T e c h n o lo g y DS S S CDM A Low M o b ile F H S S TD M A P ow er A d H oc P ow er E m bedded U W B F D M A D e s ig n sN e t w o rkHs a rve s t inIngt e llig e nDc ive e rs it yF E C

A ttr i b u te Long Range NA P lu g -a n d -P la y D S S S L o n g B a t t e ry life FHSS L o w R F I ris k D S S S S e lf L o c a t in g D S S S S e c u re UW B H ig h t h ro u g h p uUt W B n o n lin e -o f-s ig hUt W B ro b u s t c o n n e c tDioSn Ss S lo w c o s t FHSS s m a ll s iz e FHSS ISA Wireless Security, P. Fuhr

NA CDM A FDM A NA CDM A CDM A NA NA CDM A FDM A TD M A

NA NA yes yes NA yes NA NA NA yes yes

yes NA NA yes NA NA NA yes yes NA NA

NA NA yes NA NA NA NA NA NA NA NA

NA NA yes yes yes yes yes NA NA NA NA

yes NA yes yes yes yes yes yes yes NA NA

yes NA yes NA NA NA yes NA yes NA NA

B P S K 900M H O pen Q P S K 2.4G H S t a n d a rdM s-a ry 5 . 8 G H NA yes NA NA NA NA NA NA NA yes NA

NA NA M -a ry NA NA NA M -a ry NA BPSK BPSK BPSK

900M H NA 900M H 5.8G H 5.8G H 5.8G H 5.8G H 900M H 5.8G H 900M H 5.8G H 106

Statistics on Types of Attacks Denial of Service LaptopTheft ActiveWiretap TelecomFraud 1997 1998 1999 2000 2001 2002

UnauthorizedInsider Access Virus Finacial Fraud Insider Abuseof NetAccess SystemPenetration TelecomEvesdropping Sabotage Theftof ProprietyInfo 0

20

40

60

80

100

120

% of Respondents *Source: “2002 CSI/FBI Computer Crime and Security Survey” Computer Security Institute - www.gocsi.com/losses. ISA Wireless Security, P. Fuhr

107

Optimization of Security vs. Cost • Risk reduction is balanced against the cost of security counter measures to mitigate the risk.

Optimal Level of Security at Minimum Cost

Cost ($) Cost of Security Countermeasures

Cost of Security Breaches

Security Level ISA Wireless Security, P. Fuhr

108

Risk in Safety vs. Risk in Security • Safety Definition: “Risk is a measure of human injury, environmental damage, or economic loss in terms of both the incident likelihood and the magnitude of the loss or injury.” • Security Definition: “Risk is an expression of the likelihood that a defined threat will exploit a specific vulnerability of a particular attractive target or combination of targets to cause a given set of consequences.”

*Source: CSPP Guidelines For Analyzing And Managing The Security Vulnerabilities Of Fixed Chemical Sites ISA Wireless Security, P. Fuhr

109

Firewall Architectures • The external router blocks attempts to use the underlying IP layer to break security (e.g. IP spoofing, source routing, packet fragments, etc) and forces all traffic to the proxy. • The proxy firewall handles potential security holes in the higher layer protocols. • The internal router blocks all traffic except to the proxy server. Internet

ISA Wireless Security, P. Fuhr

External Router



Internal Router

 110

There’s lot of “Wireless” • From cellphones to PDAs to WiFi to Satellite-based

ISA Wireless Security, P. Fuhr

111

Wireless LAN Standards

ISA Wireless Security, P. Fuhr

112

Existing/Developing IEEE 802.11 Standards • • • • • • • • • • •

802.11802.11a – 802.11b – 802.11e – 802.11f – 802.11g – 802.11h – 802.11i – 802.1x – 802.15 – 802.16 –

ISA Wireless Security, P. Fuhr

Frequency Hopping/DSSS 54Mbps / HyperLAN (1999) 11Mbps Quality of Service Point 2 Point Roaming (2003) 54Mbps European Inspired Changes (Q2,2004) New Encryption Protocols (Q2,2004) Port Based Network Access Personal Area Network (WPAN) Wireless Metropolitan Area Network (WMAN) 113

Wireless Backbone for Inflight “Entertainment”

On-Board Network Integration

PicoCell BTS

PicoCell BTS

6 MCU GSM SERVER

ISA Wireless Security, P. Fuhr

Noise Floor Lifter

SDU

…and we haven’t even touched on RFID! 114

There’s lot of “Wireless” • And it all needs to feel more Secure!

ISA Wireless Security, P. Fuhr

115

For a real review of networking security… • Take Eric Byrnes ISA course IC32C…

ISA Wireless Security, P. Fuhr

116

Will History Repeat? Cellular networks

wireless security: not just 802.11

1980analog cellphones: AMPS

analog cloning, scanners fraud pervasive & costly

digital: TDMA, GSM

wireless networks 1999 802.11, WEP

1990 TDMA eavesdropping [Bar]

more TDMA flaws [WSK] GSM cloneable [BGW] GSM eavesdropping [BSW,BGW]

2000 Future: 3rd gen.: 3GPP, … ISA Wireless Security, P. Fuhr

sensor networks

2000 2001 WEP broken [BGW]

WEP badly broken [FMS]

2002

 attacks pervasive

2003 WPA Future: 802.11i

Proprietary systems

2002 1451, 802.15.4, TinyO 2003 Future: ???

117

PATRIOT Act • PATRIOT (Provide Appropriate Tools Required to Intercept and Obstruct Terrorism) • Legally classifies many hacking attacks as acts of terrorism

ISA Wireless Security, P. Fuhr

118

So… If Nothing else, at least PLEASE do this for your WiFi System! WLAN Security Countermeasures

• Conduct site survey • • • • •

Identify areas of signal strength and weakness Do a “walkaround” with NetStumbler Document and shut down rogue access points Document and shut down unauthorized wireless NICs AND TURN ON SOME LEVEL OF THE PROVIDED PROTECTION!

ISA Wireless Security, P. Fuhr

119

Oh… And don’t forget that as you layer in all of these wacky encryption schemes and CDMA and DSSS and…and… that it takes some joules to actually implement this. So if your wireless network has primepower (a.k.a. AC) you’re ok. But if you’re going off a battery then it’s a tradeoff of security versus Power Consumption  You Choose that one! ISA Wireless Security, P. Fuhr

120

...and in the end...

BumbleBee with RF xcvr

...or...

HoneyBee with RFID

Two potential forms of wireless sensor networks. And they should both be secure! ISA Wireless Security, P. Fuhr

121

Outline: 1. Security? Who needs it? 2. How is security achieved in a wired channel? 3. The Situation for Wireless (its RF in an industrial setting. Spectrum, modulation, encryption, spatial…)

4. Security within various Wireless Delivery Schemes (cellular, WiFi, 802.15.4, Bluetooth, others…)

5. An Integrated Solution 6. The Big Review 7. Glossary and References

ISA Wireless Security, P. Fuhr

122

Glossary 10BASE-T: IEEE 802.3 standard for a twisted-pair Ethernet network. 10 Mbps transmission rate over baseband using unshielded, twistedpair cable. 802.11: The IEEE 802.11 standard defines both frequency hopping and direct sequence spread spectrum solutions for use in the 2.4-2.5 MHz ISM (Industrial, Scientific, Medical) band. 802.11a: The Global System for Mobile Communications standard for worldwide wireless communications on wide area networks (WANs). 802.11b: The portion of the 802.11 specification that defines the 11 Mbps data rate. A Access Point: Provides a bridge between Ethernet wired LANs and the wireless network. Access points are the connectivity point between Ethernet wired networks and devices (laptops, hand-held computers, point-of-sale terminals) equipped with a wireless LAN adapter card. Analog phone: Comes from the word "analogous," which means similar to. In telephone transmission, the signal being transmitted from the phone—voice, video or image—is analogous to the original signal. Antenna-Directional: Transmits and receives radio waves off the front of the antenna. The power behind and to the sides of the antenna is reduced. The coverage area is oval with the antenna at one of the narrow ends. Typical directional antenna beam width angles are from 90° (somewhat directional) to as little as 20°(very directional). A directional antenna directs power to concentrate the coverage pattern in a particular direction. The antenna direction is specified by the angle of the coverage pattern called the beam width. Antenna-Omni-directional: Transmits and receives radio waves in all directions. The coverage area is circular with the antenna at the center. Omni-directional antennas are also referred to as whip or low-profile antennas. Association: The process of determining the viability of the wireless connection and establishing a wireless network's root and designated access points. A mobile unit associates with its wireless network as soon as it is powered on or moves into range. ATM: Asynchronous Transfer Mode. A type of high-speed wide area network.

ISA Wireless Security, P. Fuhr

123

Glossary B Backbone: A network that interconnects other networks, employing high-speed transmission paths and often spanning a large geographic area. Bandwidth: The range of frequencies, expressed in hertz (Hz), that can pass over a given transmission channel. The bandwidth determines the rate at which information can be transmitted through the circuit. Bandwidth Management: Functionality that allocates and manages RF traffic by preventing unwanted frames from being processed by the access point. BC/MC: Broadcast frames; Multicast frames Beacon: A uniframe system packet broadcast by the AP to keep the network synchronized. A beacon Includes the Net_ID (ESSID), the AP address, the Broadcast destination addresses, a time stamp, a DTIM (Delivery Traffic Indicator Maps) and the TIM (Traffic Indicator Message). BFA Antenna Connector: Miniature coaxial antenna connector manufactured by MuRata Manufacturing Corporation. Bluetooth: See Wireless Personal Area Networks. Bridge: A device that connects two LANs of the same or dissimilar types. It operates at the Data Link Layer, as opposed to routers. The bridge provides fast connection of two collocated LAN segments that appear as one logical network through the bridge. Buffer: A segment of computer memory used to hold data while it is being processed.

ISA Wireless Security, P. Fuhr

124

C

Glossary

CAM: Continuously Aware Mode: Mode in which the adapter is instructed to continually check for network activity. Card and Socket Services: Packages that work with the host computer operating system, enabling the Wireless LAN adapter to interface with host computer configuration and power management functions. Cellular Phone: Low-powered, duplex, radio/telephone that operates between 800 and 900 MHz, using multiple transceiver sites linked to a central computer for coordination. The sites, or "cells," cover a range of one to six or more miles in each direction. Centrex: Business telephone service offered by a local telephone company from a local telephone company office. Centrex is basically a single line phone system leased to businesses as a substitute for a business that is buying or leasing its own on-premises phone system or PBX. CDMA and TDMA: The Code Division Multiple Access and Time Division Multiple Access standard for wireless communications on wide area networks (WANs) in North America. Circuit switching: The process of setting up and keeping a circuit open between two or more users so that users have exclusive and full use of the circuit until the connection is released. Client: A computer that accesses the resources of a server. Client/Server: A network system design in which a processor or computer designated as a server (such as a file server or database server) provides services to other client processors or computers. CODEC: Coder-Decoder. Audio compression/decompression algorithm that is designed to offer excellent audio performance. Converts voice signals from their analog form to digital signals acceptable to modern digital PBXs and digital transmission systems. It then converts those digital signals back to analog so that you may hear and understand what the other person is saying. Computer Telephony Integration: Technology that integrates computer intelligence with making, receiving, and managing telephone calls. Computer telephony integrates messaging, real-time connectivity, and transaction processing and information access.

ISA Wireless Security, P. Fuhr

125

Glossary D Data Terminal: Computer transmit and receive equipment, including a wide variety of dumb terminals or terminals without embedded intelligence in the form of programmed logic. Most data terminals provide a user interface to a more capable host computer, such as a mainframe or midrange computer. Decryption: Decryption is the decoding and unscrambling of received encrypted data. The same device, host computer or front-end processor, usually performs both encryption and decryption. Desktop Conferencing: A telecommunications facility or service on a PC that permits callers from several diverse locations to be connected together for a conference call. Digital Phone System: Proprietary phone system provided by a vendor, such as AT&T, Mitel, Northern Telecom, and so on. The signal being transmitted in a digital phone system is the same as the signal being transmitted in an analog phone system. The system can consist of a proprietary PBX system that converts voice signals from their analog form to digital signals, and then converts those digital signals back to analog. Alternatively, the conversion from analog-to-digital can occur in a digital phone. Direct Inward Dialing: DID. The ability for a caller outside a company to call an internal extension without having to pass through an operator or attendant. In large PBX systems, the dialed digits are passed from the PSTN to the PBX, which then completes the call. Direct-Sequence (DS) Spread Spectrum: Direct sequence transmits data by generating a redundant bit pattern for each bit of information sent. Commonly referred to as a "chip" or "chipping code," this bit pattern numbers 10 chips to one per bit of information. Compared with frequency hopping, direct sequence has higher throughput, wider range and is upgradable in the 2.4GHz band. Diversity Reception: The use of two antennas attached to a single access point to improve radio reception. The second antenna is used only for receiving radio signals, while the primary is used for both transmitting and receiving. Driver: A program routine that links a peripheral device, such as a mobile unit's radio card, to the computer system.

ISA Wireless Security, P. Fuhr

126

Glossary

Element-level Management: Level of technologies aimed at small or medium-sized businesses.

Encryption: Entails scrambling and coding information, typically with mathematical formulas called algorithms, before the information is transmitted over a network. Ethernet: A local area network used for connecting computers, printers, workstations, terminals, servers, and so on, within the same building or campus. Ethernet operates over twisted wire and over coaxial cable at speeds up to 100 Mbps, with 1 Gbps speeds coming soon. Filtering: Prevents user-defined frames from being processed by the access point. Fragmentation Threshold: The maximum size for directed data packets transmitted over the radio. Larger frames fragment into several packets this size or smaller before transmission over the radio. The receiving station reassembles the transmitted fragments. Frame Mode: A communications protocol supported by the OEM Modules. The frame protocol implements asynchronous serial Point-to-Point (PPP) frames similar to those used by serial Internet protocols. Frequency Hopping (FH) Spread Spectrum: Hedy Lamarr, the actress, is credited in name only for inventing frequency hopping during World War II. As its label suggests, frequency hopping transmits using a narrowband carrier that changes frequency in a given pattern. There are 79 channels in a 2.4GHz ISM band, each channel occupying 1MHz of bandwidth. A minimum hop rate of 2.5 hops per channel per second is required in the United States. Frequency hopping technology is recognized as superior to direct sequence in terms of echo resistance, interference immunity, cost and ease-of-installation. To date, there has also been a greater selection of WLAN products from which to chose. FTP (File Transfer Protocol): A common Internet protocol used for transferring files from a server to the Internet user. It uses TCP/IP commands. Gain, dBi: Antenna gain, expressed in decibels referenced to a half wave dipole. Gain, dBi: Antenna gain, expressed in decibels referenced to a theoretical isotropic radiator. Gain, dBic: Antenna gain, expressed in decibels referenced to a theoretical isotropic radiator that is circularly polarized. Gatekeeper: Software that performs two important functions to maintain the robustness of the network: address translation and bandwidth management. Gatekeepers map LAN aliases to IP addresses and provide address lookups when needed. Gateway: Optional element in an H.323 conference. Gateways bridge H.323 conferences to other networks, communications protocols, and multimedia formats. Gateways are not required if connections to other networks or non-H.323 compliant terminals are not needed. GHz: International unit for measuring frequency is Hertz (Hz), which is equivalent to the older unit of cycles per second. One Gigahertz (GHz) is one billion Hertz. Microwave ovens typically operate at 2.45 GHz. GSM: The Global System for Mobile Communications standard for worldwide wireless communications on wide area networks (WANs). ISA Wireless Security, P. Fuhr

127

Glossary H.323: An umbrella standard from the International Telecommunications Union (ITU) that addresses call control, multimedia management, and bandwidth management for point-to-point and multi-point conferences, as well as interfaces between LANs and other networks. The most popular standard currently in use. Handheld PC (HPC): The term adopted by Microsoft and its supporters to describe handheld computers employing Microsoft's Windows CE operating system. Interactive Voice Response: System used to access a database access application using a telephone. The voice processing acts as a front-end to appropriate databases that reside on general purpose computers. For instance, DTMF (touch tone) input of a Personal Identification Number can be required for access or more unusual and expensive techniques such as voice recognition and voice print matching. Internet: World's largest network, often referred to as the Information Superhighway. The Internet is a virtual network based on packet switching technology. The participants on the Internet and its topology change on a daily basis. Internet Commerce: Electronic business transactions that occur over the Internet. Samples of Internet commerce applications include electronic banking, airline reservation systems, and Internet malls. Internet Phone: Device used to transmit voice over the Internet, bypassing the traditional PSTN and saving money in the process. An Internet phone can be a small phone (such as the NetVision Phone) or a multimedia PC with a microphone, speaker, and modem. Interoperability: The ability of equipment or software to operate properly in a mixed environment of hardware and software, from different vendors. Enabled by the IEEE 802.11 open standard. IP (Internet Protocol): The Internet standard protocol that defines the Internet datagram as the unit of information passed across the Internet. Provides the basis of the Internet connection-less- best-effort packet delivery service. The Internet protocol suite is often referred to as TCP/IP because IP is one of the two fundamental protocols. International Roaming: Ability to use one adapter worldwide. Intranet: A private network that uses Internet software and Internet standards. In essence, an intranet is a private Internet reserved for use by people who have been given the authority and passwords necessary to use that network. ISDN: Integrated Services Digital Network. Emerging network technology offered by local phone companies that is designed for digital communications, computer telephony, and voice processing systems. ISM Band: ISM bands--instrumental (902-928MHz), science (2.4-2.4835GHz), and medical (5.725-5.850GHz)--are the radio frequency bands allocated by the FCC for unlicensed continuous operations for up to 1W. The most recent band approved by the FCC for WLANs was the medical band in January 1997. ITU: International Telecommunications Union. Standards body that defined H.323 and other international standards. Jitter: Noise on a communications line which is based on phase hits, causing potential phase distortions and bit errors.. ISA Wireless Security, P. Fuhr

128

Glossary Kerberos: A widely deployed security protocol that was developed at the Massachusetts Institute of Technology (MIT) to authenticate users and clients in a wired network environment and to securely distribute encryption keys. Key Telephone System: A system in which the telephone has multiple buttons permitting the user to directly select central office phone lines and intercom lines. Key phone systems are most often found in relatively small business environments, typically around 50 telephones. Layer: A protocol that interacts with other protocols as part of an overall transmission system. LPD (Line Printer Daemon): A TCP-based protocol typically used between a Unix server and a printer driver. Data is received from the network connection and sent out over the serial port. MAC (Media Access Control): Part of the Data Link Layer, as defined by the IEEE, this sublayer contains protocols for gaining orderly access to cable or wireless media. MD5 Encryption: An authentication methodology when MU is in foreign subnet. MIB (Management Information Base): An SNMP structure that describes the specific device being monitored by the remote-monitoring program. Microcell: A bounded physical space in which a number of wireless devices can communicate. Because it is possible to have overlapping cells as well as isolated cells, the boundaries of the cell are established by some rule or convention. Modem: Equipment that converts digital signals to analog signals and vice versa. Modems are used to send digital data signals over the analog PSTN. MMCX Antenna Connector: Miniature coaxial antenna connector in use by several major wireless vendors. Mobile IP: The ability of the mobile unit to communicate with the other host using only its home IP address, after changing its point of attachment to the Internet and intranet. Mobile Unit (MU): May be a Symbol Spectrum24 terminal, PC Card and PCI adapter, bar-code scanner, third-party device, and other Mobile Unit Mode: In this mode, the WLAN adapter connects to an access point (AP) or another WLAN installed system, allowing the device to roam freely between AP cells in the network. Mobile units appear as network nodes to other devices. Modulation: Any of several techniques for combining user information with a transmitter's carrier signal. Multipath: The signal variation caused when radio signals take multiple paths from transmitter to receiver. Multipath Fading: A type of fading caused by signals taking different paths from the transmitter to the receiver and, consequently, interfering with each other. ISA Wireless Security, P. Fuhr

129

Node: A network junction such as a switch or a routing center.

Glossary

Packet Switching: Refers to sending data in packets through a network to some remote location. In a packet switched network, no circuit is left open on a dedicated basis. Packet switching is a data switching technique only. PBX Phone System: Private Branch eXchange. Small version of the phone company's larger central switching office. An alternative to a PBX is to subscribe to a local telephone company's Centrex service. PCMCIA (Personal Computer Memory Card International Association) PC Card: A credit card-size device used in laptop computers and available as removable network adapters. PCS (Personal Communications Service): A new, lower powered, higher-frequency competitive technology to cellular. Whereas cellular typically operates in the 800900 MHz range, PCS operates in the 1.5 to 1.8 GHz range. The idea with PCS is that the phone are cheaper, have less range, and are digital. The cells are smaller and closer together, and airtime is cheaper. Peer-to-peer Network: A network design in which each computer shares and uses devices on an equal basis. Ping: A troubleshooting TCP/IP application that sends out a test message to a network device to measure the response time. PLD (Data Link Protocol): A raw packet protocol based on the Ethernet frame format. All frames are sent to the wireless network verbatim--should be used with care as improperly formatted data can go through with undesirable consequences. Plug and Play: A feature that allows a computer to recognize the PCI adapter and configure the hardware interrupt, memory, and device recognition addresses; requires less user interaction and minimizes hardware conflicts. Pocket PC: The term adopted by Microsoft and its supporters to describe handheld computers employing Microsoft's Pocket PC operating system. Point-of-Sale Device: A special type of equipment that is used to collect and store retail sales data. This device may be connected to a bar code reader and it may query a central computer for the current price of that item. POTS (Plain Old Telephone Service): The basic service supplying standard single line telephones, telephone lines, and access to the public switched telephone network. Power Management: Algorithms that allow the adapter to sleep between checking for network activity, thus conserving power. PSP (Power Save Polling): stations power off their radios for long periods. When a mobile unit in PSP mode associates with an access point, it notifies the AP of its activity status. The AP responds by buffering packets received for the MU. PSTN (Public Switched Telephone Network): Refers to the worldwide voice telephone network accessible to all those with telephones and access privileges. In the U.S., the PSTN is provided by AT&T. ISA Wireless Security, P. Fuhr

130

Glossary QoS (Quality of Service): Measure of the telephone service quality provided to a subscriber. QoS refers to things like: Is the call easy to hear? Is it clear? Is it loud enough?

RBOC (Regional Bell Operating Company): One of the seven Bell operating companies set up after the divestiture of AT&T, each of which own two or more Bell Operating Companies (BOCs). Roaming: Movement of a wireless node between two microcells. Roaming usually occurs in infrastructure networks built around multiple access points. Repeater: A device used to extend cabling distances by regenerating signals. Router: The main device in any modern network that routes data blocks from source to destination using routing tables and determining the best path dynamically. It functions as an addressable entity on the LAN and is the basic building block of the Internet.

SNMP (Simple Network Management Protocol): The network management protocol of choice for TCP/IP based intranets. Defines the method for obtaining information about network operating characteristics, change parameters for routers and gateways. Scanning: A periodic process where the mobile unit sends out probe messages on all frequencies defined by the country code. The statistics enable a mobile unit to reassociate by synchronizing its frequency to the AP. The MU continues communicating with that access point until it needs to switch cells or roam. Site Survey: Physical environment survey to determine the placement of access points and antennas, as well as the number of devices necessary to provide optimal coverage, in a new or expanding installation. Spread Spectrum: A transmission technique developed by the U.S. military in World War II to provide secure voice communications, spread spectrum is the most commonly used WLAN technology today. It provides security by "spreading" the signal over a range of frequencies. The signal is manipulated in the transmitter so that the bandwidth becomes wider than the actual information bandwidth. De-spreading the signal is impossible for those not aware of the spreading parameters; to them, the signal sounds like background noise. Interference from narrowband signals is also minimized to background noise when it is de-spread by the receiver. Two types of spread spectrum exist: direct sequence and frequency hopping. Stream Mode: A communications protocol supported only by the Telnet and TCP protocols. Stream mode transfers serial characters as they are received by encapsulating them in a packet and sending them to the host.

ISA Wireless Security, P. Fuhr

131

Glossary T1: A type of dedicated digital leased-line available from a public telephone provider with a capacity of 1.544 Mbps. A T1 line can normally handle 24 voice conversations, each one digitized at 64 Kbps. With more advanced digital voice encoding techniques, it can handle more voice channels. T1 is the standard for digital transmission in the U.S. Canada, Hong Kong, and Japan. TCP/IP: Networking protocol that provides communication across interconnected networks, between computers with diverse hardware architectures, and various operating systems. TCP/IP is used in the industry to refer to the family of common Internet protocols. TCP (Transport Communication Protocol): Controls the transfer of data from one client to one host, providing the mechanism for connection maintenance, flow control, retries, and time-outs. Telnet (Terminal Emulation Protocol): A protocol that uses the TCP/IP networking protocol as a reliable transport mechanism. Considered extremely stable. Terminal: An endpoint, which provides for real-time, two-way communications with another terminal, gateway, or mobile unit. Token Ring: A ring type of local area network (LAN) in which a supervisory frame, or token, must be received by an attached terminal or workstation before that terminal or workstation can start transmitting. Token ring is the technique used by IBM and others. UDP (User Datagram Protocol): UDP/IP is a connection-less protocol that describes how messages reach application programs running in the destination machine; provides low overhead and fast response and is well suited for high-bandwidth applications. Video Conferencing: Video and audio communication between two or more people via a video CODEC (coder/decoder) at either end and linked by digital circuits. Voice Mail System: Device or system that records, stores, and retrieves voice messages. The two types of voice mail devices are those which are "stand alone" and those which offer some integration with the user's phone system. Wi-Fi: A logo granted as the "seal of interoperability" by the Wireless Ethernet Compatibility Alliance (WECA). Only select wireless networking products possess this characteristic of IEEE802.11b. Wireless AP Support: Access Point functions as a bridge to connect two Ethernet LANs.

ISA Wireless Security, P. Fuhr

132

Glossary

Wireless Local Area Network (WLAN): A wireless LAN is a data communications system providing wireless peer-to-peer (PC-to-PC, PC-to-hub, or printer-to-hub) and point-to-point (LAN-to-LAN) connectivity within a building or campus. In place of TP or coaxial wires or optical fiber as used in a conventional LAN, WLANs transmit and receive data over electromagnetic waves. WLANs perform traditional network communications functions such as file transfer, peripheral sharing, e-mail, and database access as well as augmenting wired LANs. WLANs must include NICs (adapters) and access points (in-building bridges), and for campus communications building-to-building (LAN-LAN) bridges. Wireless Personal Area Network (WPAN): Personal area networks are based on a global specification called Bluetooth which uses radio frequency to transmit voice and data. Over a short range, this cable-replacement technology wirelessly and transparently synchronizes data across devices and creates access to networks and the Internet. Bluetooth is ideal for mobile professionals who need to link notebook computers, mobile phones, PDAs, PIMs, and other hand-held devices to do business at home, on the road, and in the office. Wireless Wide Area Network (WWAN): Wide area networks utilize digital mobile phone systems to access data and information from any location in the range of a cell tower connected to a data-enabled network. Using the mobile phone as a modem, a mobile computing device such as a notebook computer, PDA, or a device with a stand-alone radio card, can receive and send information from a network, your corporate intranet, or the Internet.

ISA Wireless Security, P. Fuhr

133

A Few References

e J.,"Fieldbuses for Process Control: Engineering, Operation, Maintenance". ISA Press 2002, ISBN 1-55617-760-7 k U., "Physical Level Interfaces and Protocols". IEEE, ISBN 0-8186-8824-6. k U., "The V-series recommendations". McGraw-Hill, ISBN 0-07-005592-0. ig K., "Feldbus-Systeme". Expert Verlag 1992, 3-8169-0771-7. t W., "Der Feldbus in der Maschinen- und Anlagentechnik". Franzis Verlag, ISBN 3-7723-4621-9. sh Standard Institute, "Guide to the evaluation of fieldbus protocols". Report DISC PD0014:2000. wn, "The OSI Dictionary of acronyms". McGraw-Hill 1993, ISBN 0-07-057601-7. on, "Fieldbus for Industrial Control Systems". Chapmann & Hall 1997, ISBN 0-412-57890-5. rum voor Micro-elektronica, "Intelligente sensornetwerken". 1993, 1996 rol Engineering, issues of 1994 and 1995, "Fieldbus series". rich D., "Feldbustechnik in Forschung, Entwicklung und Anwendung". Springer Verlag, 1997. Fachbericht 37, "Datenübertragung auf Fahrzeugen mittels serieller Bussysteme". VDE Verlag, ISBN 3-8007-182 Report 27, "Standardisierung der Prozeßdatenkommunikation". VDE Verlag 1991. zeitschrift DE, "Bussysteme für die Gebäudeinstallation. Hüthig & Pflaum, 1999. er, "Bussysteme - parallele und serielle Bussysteme in Theorie und Praxis". Oldenbourg Verlag, ISBN 3-486-285 kort, "Digitale Communicatie". Delta Press 1989, ISBN 90-6674-726-9. dis, "How to automate your home". Baran-Harper 1991, ISBN 0-9632170-0-3. hler, G. "Feldbusse und Geräte-Kommunikationssysteme". Franzis Verlag 2001, ISBN 3-7723-5745-8. "A distributed control & diagnostic architecture for railway maintenance". University of South-Carolina 1998. mann, "Design and validation of computer protocols". Prentice-Hall, ISBN 0-13-539834-7. er J.,"Industrial Fiber Optic Networks". ISA Press 1995, ISBN 1-55617-521-3-G. ebos, R., "Veldbussen". Kluwer 1996, ISBN 90-557-6059-5. "Colloquium: Fieldbus devices - A changing future". IEE 1994, Ref. 1994/236. "Fieldbus Standard for use in industrial control systems". ISA 1993, ISBN 1-55617-317-2. "The ISA Fieldbus Guide". ISA 1997, ISBN 1-55617-637-6. nnsmeyer, "Investigation into the intrinsic safety of fieldbus systems (FISCO)". PTB, report W53, ISBN 3-89429-3 an, "Serial networked field instrumentation". Wiley 1995, ISBN 0-471-95236-1. ISA Wireless Security, P. Fuhr

134

References (cont.) Keithley Instruments, "Demanding measurements on the factory floor". Kluwer, "Handboek Industriële Netwerken". Kluwer 2000, ISBN 90-5404-628-7. Kriesel, "Bustechnologien für die Automation, 2nd Ed.". Hüthig Verlag 2000, ISBN 3-7785-2778-9. Lian, "Performance evaluation of control networks for manufacturing systems". Proceedings of the ASME (Dynamics and Control Division), 1999. Miklovic, "Real-time control networks". ISA 1993, ISBN 1-55617-231-1. Mikrocentrum Nederland, Syllabi themadagen "Industriële netwerken". 1993-2001. Newman, "Direct digital control of building systems". Wiley, 1994, ISBN 0-471-51696-1. Phoenix, "Grundkurs Sensor/Aktor-Feldbustechnik". Vogel Verlag, ISBN 3-8023-1708-4. Phoenix, "Grundkurs Feldbustechnik". Vogel Verlag 2000, ISBN 3-8023-1813-7. Phoenix, "Basic course in sensor/actuator fieldbus technology". Vogel Verlag. Physikalische Technische Bundesanstalt, "Investigations into the intrinsic safety of fieldbus systems". PTB 1994, ISBN 3-89429-512-0. Reinert, "Sichere Bussysteme für die Automation" Hüthig Verlag 2001, ISBN 3-7785-2797-5. Reißenweber B., "Feldbussysteme". Oldenbourg Verlag, 2002, ISBN 3-486-24536-8. Rikkert de Koe, "OSI-Protocollen lagen 1 t/m 4". Kluwer Telematica, ISBN 90-201-2388-2. Rosch, "Gebäudesystemtechnik: Datenubertragung auf dem 230V Netz". Verlag Moderne Industrie 1998, ISBN 3-478-93185-1. Scherff, B. "Feldbussysteme in der Praxis". Springer Verlag 1999, ISBN 3-540-63880-6. Schnell, G. "Bussysteme in der Automatisierungs- and Prozesstechnik" (4th Ed.). Vieweg Verlag 2000, ISBN 3-528-36569. Svacina, "Understanding Device Level Buses". Turck. Thompson, "Industrial Data Communications: Fundamentals And Applications" 3rd Edition. ISA Press 2002, ISBN 1-55617-767-4-G. Texas Instruments, "RS422 and RS485 Application Guide". VDI/VDE, "Richtlinien 3687: Auswahl von Feldbussysteme durch Bewertung ihrer Leistungseigenschaften für verschiedene Anwendungsbereiche". VDI/VDE, 1997. Wittgruer, F. "Digitale Schnittstellen und Bussysteme". Vieweg Verlag 1999. Wrobel, "Optische übertragungstechnik in der Praxis, 2nd Ed.". Hüthig Verlag 1998, ISBN 3-7785ISA Wireless Security, P. Fuhr 2638-3.

135

Questions? Comments?

ISA Wireless Security, P. Fuhr

136

Related Documents


More Documents from "ashwanth.5467059"