You are on page 1of 136

Wireless Sensor Systems: Security Implications for the Industrial Environment

Dr. Peter L. Fuhr
Chief Scientist RAE Systems, Sunnyvale, CA pfuhr@raesystems.com

Dr. Peter Fuhr, Presenter: 480+ publications&presentations in wireless sensor networking arena. Old-timer in this area«etc etc.

RAE Systems Inc.
‡ Pervasive Sensing Company based in Silicon Valley founded in 1991 Capabilities
± Radiation detection
‡ Gamma and neutron

± Chemical/vapor detection
‡ Toxic gas, VOC, combustible gas, oxygen, CWA, temperature, humidity, C02

± Redeployable sensor networks ± Mobile and fixed wireless monitors ± Cargo Container Sensor Systems
ISA Wireless Security, P. Fuhr 2

Contributors
A number of individuals have provided ³content´ for these slides. They include: Wayne Manges, Oak Ridge National Laboratory Robert Poor, Ember Pat Gonia, Honeywell Hesh Kagan, Foxboro/Invensys Kang Lee, NIST Tom Kevan, Advanstar Ramesh Shankar, Electric Power Research Institute Larry Hill, Larry Hill Consulting Rob Conant, Dust Rick Kriss, Xsilogy Gideon Varga, Dept of Energy Jack Eisenhauser, Energetics Michael Brambley, Pacific Northwest National Labs David Wagner, UC-Berkeley Undoubtedly, there are other contributors too (apologies if your name is not listed).
ISA Wireless Security, P. Fuhr 3

Fuhr 4 . P...Wireless Sensor Networking «it¶s not cellular telephony «it¶s not just WiFi. Wireless devices circa 1930 ISA Wireless Security.(and it just may be the next big thing) Each dot represents one cell phone tower.

P. April 2002 Slide courtesy of Rob Conant. Dust 5 ISA Wireless Security.Sensor Market: $11B in 2001 Installation (wiring) costs: >$100B ‡ Fragmented market platform opportunity ‡ Installation cost limits penetration reducing installation cost increases market size Highly Fragmented Sensor Market Freedonia Group report on Sensors. Fuhr .

Asset Tracking. Preventative Maintenance. Environmental Monitoring ‡ Conclusions: ± ± ± Rapid Growth in Industrial markets Tank Level Monitoring will remain a significant opportunity Key µ User¶ Needs: ‡ ‡ ‡ Lower Costs over Wired (or Manual) Solutions Education of Potential Customers on the Technology Demonstration of Operational Reliability & Application µ Domain¶ Knowledge ISA Wireless Security. Preventative Maintenance 2006: Tank Level Monitoring. Xsilogy 6 . P.1 billion ‡ Largest Application areas: ± ± 2002: Tank Level Monitoring. Fuhr Slide courtesy of Rick Kriss.Industrial Market Sizing Sensor Networking Products ‡ North American Market for Wireless products used in Applications where transmission distances are 1 mile or less: ± ± ± 2002 Total: $107 million 2006 Forecast: $713 million 2010 Estimates: $ 2.

FLEX SAT. Xsilogy 7 .The True cost per monitored node ± to the End User Higher DENSE Bluetooth. WiFi etc SPARSE 1xRTT.15. etc Higher 3-Yr TOC $$$ Design For Here Installation Costs Lower Meters $ Radio RF Range (dB) Miles $$$$$ Lower ISA Wireless Security. 802.4. Fuhr Slide courtesy of Rick Kriss. P.

.What to do with the data? Parameter of Interest Chemical Electrical Mechanical Thermal Radiation Optical Magnetic Output Signal Measurement System Modifier Output Transducer Chemical Electrical Mechanical Thermal Radiation Optical Magnetic Sensor Power Supply Great! But how do you get the output signal from the sensor to the location where the information will be interpreted (used)? Traditionally the output of the sensor was hardwired to some form of interpretive device (e. Fuhr 8 .g. PLC) perhaps relying on a 4-20mA signal« ISA Wireless Security. P.

P.15. An Integrated Solution 6.Outline: 1. The Situation for Wireless (its RF in an industrial setting. modulation. Spectrum. Security within various Wireless Delivery Schemes (cellular. Fuhr 9 .4. How is security achieved in a wired channel? 3. spatial«) 4. Bluetooth. encryption. 802. WiFi. Security? Who needs it? 2. The Big Review ISA Wireless Security. others«) 5.

who needs security in a wireless channel anyway! (pretty ridiculous statement isn¶t it! ISA Wireless Security.Oh. P. Fuhr 10 .

2003 www.Let¶s ask some experts: WINA meeting. Coral Gables. Sept. Fuhr 11 .org ISA Wireless Security. P.wireless4industrial.

P.org/wireless for the ISA Wireless Security conf details! ISA Wireless Security. the Wireless Industrial Networking Alliance (WINA) was formed to promote the adoption of wireless networking technologies and practices that will help increase industrial productivity and efficiency.wireless4industrial.5 day meeting at ISA-HQ in RTP.isa. NC on Feb 11/12 ± right after the ISA Wireless Security Expo and conference.org for WINA meeting details AND www. Check out www.What¶s a WINA? In the spring of 2003. WINA will be holding a 1. Fuhr 12 .

Fuhr 13 . P.Back to the Question: Who needs security in a wireless channel anyway! ISA Wireless Security.

Strategy Workshop Participants ‡ ‡ ‡ Suppliers (13) System integrators (6) Industrial end users (10) ± Chemicals ± Petroleum ± Automotive ± Energy/Utilities ± Forest Products ± Electronics ‡ ‡ Industry analysts/venture capitalists (3) Others (associations. P. researchers) 14 ISA Wireless Security. media. government. Fuhr .

End-User View of Industrial Wireless Likes ‡ Mobility ‡ Compactness ‡ Flexibility ‡ Low cost ‡ Capability to monitor rotating equipment ‡ Short range (security) ‡ Ease of installation ‡ High reliability ‡ Impetus to enhance electronics support Dislikes ‡ Change to status quo ‡ Complexity ‡ High cost for coverage in large plants ‡ Security issues ‡ Portability issues (power) ‡ Unproven reliability ‡ Too risky for process control ‡ Lack of experience in troubleshooting (staff) ‡ Restricted infrastructure flexibility once implemented ‡ Lack of analysis tools ISA Wireless Security. P. Fuhr 15 .

& systems management ‡ Robustness (at least as good as wired) ‡ RF characterization (radios. Fuhr *mean time between attention 16 . and eavesdropping ‡ Power ‡ Value (clear to customer) ‡ Interoperability ± Co-existence with other facility networks. collectors. data. collectors.Technology Group: Key Issues ‡ Security ± Jamming. environments) ISA Wireless Security. sensors. receivers.) ‡ Assured performance & reliability/MTBA* ‡ Software infrastructure. technology ‡ True engineered solution (sensors. hacking. etc. P.

Fuhr 17 .5 Alarm 5 5 1/4 Shutdown 5 5 1/1 Biz WLAN 1 1 1/5 5 4 4 1 2-3 1 5 5 5 2 Security Low Cost Gateway Technology Engineered Solution 1-5 5 5 1 5 2 1 5 5 1-3 3-4 4 5 1 1 5 5 2-3 1 3 ISA Wireless Security. P.) Scalability (Max.Technology Group: Criticality Varies by Application (5 = most critical) Applications Attributes Latency Device Reliability Raw Thru-put (node / aggr.5 /2.# nodes) Data Reliability Monitor 2-3 2-3 2/5 Control 3-5 3-5 2.

Fuhr 18 .Industrial CyberSecurity ‡ The Case of Vitek Boden ISA Wireless Security. P.

P. ISA Wireless Security. causing millions of liters of sewage to be spilled.‡ On October 31. ± Between Jan 2000 and Apr 2000 the sewage system experienced 47 unexplainable faults. He was refused. ± Vitek left the contractor in December 1999 and approached the shire for employment. Fuhr 19 . 2001 Vitek Boden was convicted of: ± 26 counts of willfully using a restricted computer to cause damage ± 1 count of causing serious environment harm ‡ The facts of the case: ± Vitek worked for the contractor involved in the installation of Maroochy Shire sewage treatment plant.

Fuhr .How did he do it? ‡ On April 23. 2000 Vitek was arrested with stolen radio equipment. P. controller programming software on a laptop and a fully operational controller. ‡ Vitek is now in jail« Disgruntled Contractor Rogue Radio PLC PLC 20 Sewage Plant ISA Wireless Security.

Fuhr 21 . P.4 GHz Antenna ISA Wireless Security.A Favorite 2.

Fuhr 22 .11 HotSpots in Silicon Valley ISA Wireless Security.WarDriving ± 802. P.

P. Fuhr 23 .WarDriving ± 802.11 HotSpots in San Francisco ISA Wireless Security.

Fuhr 24 .The Question: Who needs security in a wireless channel anyway! The Answer: We do. P. So«How do you provide the appropriate level of security within the acceptable price and ³inconvenience´ margin -> Risk Management! ISA Wireless Security.

Outside? ‡ Where do attacks come from? 90 80 70 60 50 40 30 20 10 0 Foreign Gov. Hackers U. Disgruntled Competitors Employees 2002 2001 2000 1999 1998 *Source: ´2002 CSI/FBI Computer Crime and Security Surveyµ Computer Security Institute . Foreign Corp.S.com/losses. Fuhr 25 % of Respondents .gocsi.Inside vs. ISA Wireless Security. P.www.

P. Fuhr 26 . When? April 2001 ISA Wireless Security.An ³Outside´ Example.

³Hacker War I´ ‡In the Spring of 2001. Fuhr 27 . the US got it¶s first a taste of a new form of warfare. ISA Wireless Security. P. ‡Launched from overseas and targeted at US critical infrastructure.

com Attack Methods: Denial of Service Attacks ‡Website Defacement ‡E-mailing viruses to US Government Employees ‡³KillUSA´ package ISA Wireless Security. Fuhr 28 ...make use of their skills for China.. P. Honker Union worked with other groups such as the Chinese Red Guest Network Security Technology Alliance ‡Hackers were encouraged to ".." Wired.Honker Union ‡Chinese Hacker Group working to advance and in some cases impose it¶s political agenda ‡During the spring of 2001.

‡ More than 1. P.Cyberwar ‡ Cyber attacks and web defacements increased dramatically after the start of the war against Iraq. with many of the attacks containing anti-war slogans. ‡ Security consultants state that the war against Iraq made March the worst month for digital attacks since records began in 1995. ISA Wireless Security. Fuhr 29 .000 sites were hacked in the first 48 hours of the conflict.

P.Hacker School ‡ North Korea's Mirim College. is a military academy specializing in electronic warfare ‡ 100 potential cybersoldiers graduate every year ISA Wireless Security. Fuhr 30 .

Fuhr 31 . P. ISA Wireless Security.The Question: Who needs security in a wireless channel anyway? The Answer: Everyone.

Spectrum. P. Security? Who needs it? 2. How is security achieved in a wired channel? 3. Bluetooth.4. encryption. Security within various Wireless Delivery Schemes (cellular. The Situation for Wireless (its RF in an industrial setting. WiFi. spatial«) 4. An Integrated Solution 6. Fuhr 32 . The Big Review ISA Wireless Security. 802.15.Outline: 1. others«) 5. modulation.

A few details« Layered Communications ISA Wireless Security. P. Fuhr 33 .

Fuhr Slide courtesy of Wayne Manges.) ISA Wireless Security.Wired Data Security . (There are a few other factors«such as the physical media. ORNL 34 . P.Encryption The ³traditional´ method involved encrypting the data prior to transmission over a potentially insecure channel. The level of protection rests on the encryption algorithm.

WiFi. P. Bluetooth. An Integrated Solution 6. Security? Who needs it? How is security achieved in a wired channel? The Situation for Wireless Security within various Wireless Delivery Schemes (cellular. others«) 5.15. 2. The Big Review ISA Wireless Security. 802. Fuhr 35 .4. 4.Outline: 1. 3.

Fuhr Slide courtesy of Pat Gonia. Honeywell 36 . Wireless Buildings Key to success: reduced installation costs ISA Wireless Security. P.From many perspectives. THIS is what a wireless sensor network can provide.

and they are not interoperable.Modulation E(t) = A(t) cos[[t + J(t)] Amplitude Modulation (AM) info is in A(t) Frequency Modulation (FM) info is in [ Phase Modulation (PM) info is in J(t) Different vendors use different schemes . Phase = 0o Phase = 180o Phase = 360o (or back to 0o) Phase = 270o ISA Wireless Security. P. Fuhr 37 .

P. ISA Wireless Security. The ISM bands most commonly used are at 433. Fuhr 38 . 915 and 2400 MHz.The FCC Frequency Assignment Different vendors may use different frequencies within the various ISM bands (green in the diagram).

TDMA and CDMA ISA Wireless Security. FDMA.Multiple Sensors Sharing the Medium: Multiplexing. P. Fuhr 39 .

³1´ in right) ISA Wireless Security.Binary Signaling Formats ‡ Used to Improve Digital Signal Reception and Decision ‡ NRZ: Non-Return to Zero ‡ RZ: Return to Zero ‡ Unipolar: Only one side of 0V ‡ Bipolar: Both sides of 0V ‡ Manchester: Bi-Phase (³0´ in left 1/2 time slot. P. Fuhr 40 .

Least secure modulation scheme. ISA Wireless Security. F0. F0. P. Prone to jamming or interference (two transmitters at the same carrier frequency. Easy to implement (inexpensive). Fuhr 41 . The receiver then locks onto the carrier frequency. F0.Narrowband or Spread Spectrum? Narrowband uses a fixed carrier frequency.

F0(t). The receiver must track the time-varying carrier frequency.) ? Frequency Hopping Spread Spectrum. P. F0) during any single transmit interval. ISA Wireless Security. Hopping rates may be ~1600 hops/second (ala Bluetooth). Prone to jamming or interference (two transmitters at the same carrier frequency. F0(t). Invented and patented by actress Heddy Lamarr and her pianist George Antheil. Relatively easy to implement (inexpensive). Fuhr 42 . Uses a carrier frequency that varies with time. Very secure modulation scheme (used in military for decades).Narrowband or Spread Spectrum (cont.

) ? Direct Sequence Spread Spectrum uses a fixed carrier frequency. P. Highly robust technique. Most secure modulation scheme. More difficult to implement (more expensive). F0 but interleaves the data with a precise mathematical 0/1 data sequence. Most complicated scheme (of these presented). (This increases the length of the transmitted information vector making it longer). The information is replicated many times throughout the bandwidth. Fuhr 43 . so if one ³lobe´ of the information is jammed.Narrowband or Spread Spectrum (cont. F0 receives the signal and then must ³undo´ the interleaving. the remainder ³gets through´. ISA Wireless Security. The receiver then locks onto the carrier frequency.

P.DIRECT-SEQUENCE SPREAD-SPECTRUM SIGNALS PN Clock Carrier PN Sequence Generator 1 Data Local PN Clock PN Sequence Generator Wide BP Filter 1 Narrow BP Filter Local Carrier Phase Demod Data Data Clock 1 Power Spectral Density Power Spectral Density Power Spectral Density RFI ³Spread´ RFI Frequency fc Frequency fc Narrow spectrum at output of modulator before spreading Spectrum has wider bandwidth and lower power density after spreading with PN sequence (PN Rate >> Data Rate) Original narrowband. Fuhr 44 . high power density spectrum is restored if local PN sequence is same as and lined up with received PN sequence Frequency fc ISA Wireless Security.

P. ISA Wireless Security.) ? Which is best? Each has its pluses and minuses«and each scheme has its share of diehard advocates and/or naysayers! Different vendors use these (and other) schemes at different frequencies within the various ISM bands. Fuhr From a security standpoint. DSSS is best.Narrowband or Spread Spectrum (cont. 45 .

P.Reality DSSS FHSS ISA Wireless Security. Fuhr 46 .

No Matter What«Its Just an Electromagnetic Field E(t) = A(t) cos[[t + J(t)] A(t): amplitude of the wave [: radian frequency of the wave J(t): phase of the wave ISA Wireless Security. Fuhr 47 . P.

size: 10m Local Area Network: typical radiated power: 20 dBm.The RF ³Footprint´ Network ³Size´ Personal Area Network: typical radiated power: 0 dBm. P. size: 100m Wide Area Network: typical radiated power: >30 dBm. size: >2000m ISA Wireless Security. Fuhr 48 .

Fuhr Ad Hoc Network 49 .There are SO many technical questions: such as« Network Topologies? Bus Network Tree Network Ring Network Star Network ISA Wireless Security. P.

The Real World Presents the Wireless Channel with Multipath and Attenuation«and« ISA Wireless Security. Fuhr 50 . P.

Fuhr 51 . P.Real World: Multipath The Effect The Cause ISA Wireless Security.

P.4GHz ISA Wireless Security.Real World: Atmospheric Attenuation at 2.4 GHz Rayleigh Fading @ 2. Fuhr 52 .

P.4 GHz ISA Wireless Security.Real World: Signal Attenuation at 2. Fuhr 53 .

(This plays havoc with the BER or for fixed BER.4 GHz wireless surveillance cameras. Fuhr 54 . the overall data rate. the background Noise level has increased by 12 dB.) ISA Wireless Security.Real World: And Signal-to-Noise Ratios really do matter! Anecdotal Evidence: As Frankfurt has increased the deployment of 2. P.

Fuhr 55 .Real World: Which Frequency is Best? ALERT! ALERT!! Notice that the operation at 2. ISA Wireless Security. P.45 GHz is WORSE than at 900MHz (which is worse than 433 MHz).

802.15. Security within various Wireless Delivery Schemes (cellular. Bluetooth.4. The Big Review ISA Wireless Security. P. others«) 5. modulation. Security? Who needs it? 2. The Situation for Wireless (its RF in an industrial setting. How is security achieved in a wired channel? 3. WiFi. spatial«) 4.Outline: 1. Fuhr 56 . Spectrum. An Integrated Solution 6. encryption.

such as spreading and interleaving. ISA Wireless Security. This can improve the security of the network by orders of magnitude. Fuhr Slide courtesy of Wayne Manges. Spreading. These techniques can make the signal virtually undetectable without prior knowledge about the network.Wireless Data Security: Encryption. ORNL 57 . Interleaving Wireless networks use a variety of techniques to enhance security. P.

The Wireless Market
TEXT LONG GRAPHICS INTERNET HI-FI AUDIO STREAMING VIDEO DIGITAL VIDEO MULTI-CHANNEL VIDEO

802.11b 802.11a/HL2 & 802.11g Bluetooth 2

LAN

<

RANGE

>

SHORT

ZigBee

Bluetooth1

PAN

LOW

<

DATA RATE

>

HIGH

ISA Wireless Security, P. Fuhr

58

Bluetooth vs. the Rest (cont¶d)
Parameter Technology 802.11 2.4 GHz, DSSS 11 chips/bit 11Mbps Data Rate +20 dBm Power 50m Range 128 devices Topology CSMA/CA Optional WEP Security Voice Channel Optional HomeRF 2.4GHz, FHSS 50 hops/s 1 Mbps +20 dBm 50m 128 devices CSMA/CA Optional Optional Bluetooth 2.4 GHz, FHSS 1000+hops/s 1Mbps 0, +20dBm 1-10m, 50m 8 devices, Piconet Encryption Yes ZigBee (proposed) 2.4 GHz,DSSS 15 chips/bit 40 kbits/s 0dBm 100m 100s devices, CSMA/CA Not yet No

Bluetooth ² aka IEEE 802.15.1 ZigBee ² aka IEEE 802.15.4
ISA Wireless Security, P. Fuhr 59

Side by Side

ISA Wireless Security, P. Fuhr

60

802. P.11? ISA Wireless Security. Fuhr 61 .

The Worldwide View of the 802. Fuhr 62 .11 Spectral Space ISA Wireless Security. P.

Fuhr 63 . P.Radiated Field from a single AP (Kansas City) ISA Wireless Security.

Mesh and AP deployments ISA Wireless Security.20dB Attenuation Profile for Univ of Kansas Eng Bldg.. P. Fuhr 64 .

Fuhr 65 .WEP (encrypted traffic) ‡ The industry¶s solution: WEP (Wired Equivalent Privacy) ± Share a single cryptographic key among all devices ± Encrypt all packets sent over the air. P. using the shared key ± Use a checksum to prevent injection of spoofed packets ISA Wireless Security.

Early History of WEP 1997 802. WSJ break the story Borisov. Fuhr Simon. 2001 Feb 5. 2001 ISA Wireless Security. Wagner: 7 serious attacks on WEP 66 . Aboba. P. Goldberg. Moore: some weaknesses Walker: Unsafe at any key size NY Times.11 WEP standard released Mar 2000 Oct 2000 Jan 30.

Fuhr 67 Borisov. Shamir: efficient attack on way WEP uses RC4 Arbaugh. P. Mishra: still more attacks Feb 2002 ISA Wireless Security.Subsequent Events Jan 2001 Mar 2001 Arbaugh: Your 802. Wagner Arbaugh: more attacks « . Mantin.11 network has no clothes May 2001 Jun 2001 Aug 2001 Newsham: dictionary attacks on WEP keys Fluhrer. Goldberg.

thehackerschoice.sourceforge.net/projects/wepcrack/ ± To brute force enter into WLAN.WEP Attack Tools ‡ Downloadable procedures from the Internet ± To crack the Key: ‡ AirSnort ± http://airsnort. Fuhr 68 .com/releases. ‡ THC-RUT ± http://www. P.net ‡ WEPCrack ± http://sourceforge.php ISA Wireless Security.

11i standard for enhanced wireless security Addresses weak data encryption and user authentication within existing 802. ± IEEE developing 802.11 standard. P. ‡WPA provides stronger data encryption (weak in WEP) and user authentication (largely missing in WEP). lack of key distribution method.Wi-Fi Protected Access (WPA) ± Flaws in WEP known since January 2001 . possibly early 2004 . (keys no longer than 40 bits). ISA Wireless Security. Fuhr 69 . ± WPA standard joint effort between Wi-Fi Alliance and IEEE . ± 802.0). static encryption keys.11i standard (Draft 3.flaws include weak encryption.outstanding issues.11i standard will not be ratified until late 2003.WPA a subset of IEEE 802.

ISA Wireless Security.11b hardware compared to other available cipher suites. Extended 48-bit Initialization Vector (IV) and IV sequencing rules (compared to the shorter 24-bit WEP RC4 key). 3.WPA ± Data Encryption ± WPA uses Temporal Key Integrity Protocol (TKIP) . 4. ensures messages haven¶t been tampered with during transmission. 1.a.stronger data encryption.a. re-keying.k.k. Fuhr 70 . New per-packet key mixing function. ± TKIP based on RC4 stream cipher algorithm. surrounds WEP cipher engine with 4 new algorithms. 2.a. ‡TKIP chosen as primary encryption cipher suite Easily deployed and supported in legacy 802. addresses known vulnerabilities in WEP. µMichael¶.a. A message integrity check (MIC) . Derivation and distribution method . P.

P. cont¶d ‡ the Temporal Key Integrity Protocol.WPA ± Data Encryption. Fuhr TKIP ± Temporal Key Integrity Protocol TSC ± TKIP Sequence Counter TTAK± result of phase 1 key mixing of Temporal Key and Transmitter Address WEP ± Wired Equivalent Privacy WEP IV ± Wired Equivalent Privacy Initialization Vector 71 . Phase 1 key mixing WEP seed(s) (represented as WEP IV + RC4 key) Temporal Key TA TTAK Key TSC MIC Key Plaintext MSDU + MIC Phase 2 key mixing SA + DA + Plaintext MSDU Data MIC Fragment(s) Plaintext MPDU(s) WEP Encapsulation Ciphertext MPDU(s) ‡DA ± Destination Address ‡ICV± Integrity Check Value ‡MPDU ± Message Protocol Data Unit ‡MSDU ± MAC Service Data Unit ‡RSN ± Robust Security Network ‡SA ± Source Address ‡TA ± Transmitter Address ISA Wireless Security.

± After 60 second timeout new PMK or Groupwise Key generated. cont¶d ± TKIP implements countermeasures . depending on which attacked ± ensures attacker cannot obtain information from attacked key. ISA Wireless Security. Fuhr 72 . P. ± TKIP is made available as firmware or software upgrade to existing legacy hardware. ‡TKIP eliminates having to replace existing hardware or having to purchase new hardware. ± Countermeasures bound probability of successful forgery and amount of information attacker can learn about a key.WPA ± Data Encryption.reduces rate which attacker can make message forgery attempts down to two packets every 60 seconds.

Fuhr 73 . P.Bluetooth? ISA Wireless Security.

Some Specifications ‡ Uses unlicensed 2. ISA Wireless Security. P.480 GHz frequency range ‡ Frequency hopping spread spectrum 79 hops separated by 1 MHz ‡ Maximum frequency hopping rate: 1600 hops/sec ‡ Nominal range: 10 cm to 10 meters ‡ Nominal antenna power: 0 dBm ‡ One complete Bluetooth data packet can be transmitted within each 625 msec hop slot.2. Fuhr 74 .402 .BlueTooth.

P.Potential Bluetooth Markets ISA Wireless Security. Fuhr 75 .

Fuhr 76 . P.Bluetooth Market Forecast Nov¶03: 100M Bluetooth compliant devices worldwide ISA Wireless Security.

Bluetooth Protocol Stack
‡ Adopted Protocols ± PPP(Point-To-Point Protocol) ± TCP/UDP/IP ± OBEX-Session Protocol for IrDA(Infrared Data Association) ± Contents Fromat(e.g. vCard, vCalendar) ± WAP-Wireless Application Protocol

ISA Wireless Security, P. Fuhr

77

Bluetooth Security
‡ Supports Unidirectional or Mutual Encryption based on a Secret Link key Shared Between Two Devices ‡ Security Defined In 3 modes: ± Mode1- No Security ± Mode 2 - Service Level Security: Not Established Before Channel is Established at L2CAP ± Mode 3 - Link Level Security: Device Initiates Security Before LMP Link is Setup
‡ Devices and Services can be Set for Different Levels of Security ± Two Trust Levels are Set for Devices ‡ Trusted Device: Fixed Relationship and Unrestricted Access to All Services ‡ Untrusted: No Permanent relationship and Restricted Services
ISA Wireless Security, P. Fuhr 78

Bluetooth Security
‡ Devices and Services can be Set for Different Levels of Security ± Two Trust Levels are Set for Devices ‡ Trusted Device: Fixed Relationship and Unrestricted Access to All Services ‡ Untrusted: No Permanent relationship and Restricted Services

ISA Wireless Security, P. Fuhr

79

Bluetooth Security ‡ 3 Levels of Service Access ± Require Authorization and Authenication ± Require Authentication Only ± Default Security for Legacy Applications ISA Wireless Security. Fuhr 80 . P.

P.But is this Wireless Link Secure? ISA Wireless Security. Fuhr Newsflash: Jan 2001: Norwegian ´hackersµ crack a Bluetooth transmission 81 .

Analysis of a BlueTooth Transmission High overhead? ISA Wireless Security. Fuhr 82 . P.

15. Fuhr 83 . P.4/Zigbee? ISA Wireless Security.802.

2 beacon management. channel access Networking App Layer (NWK) mechanism. frame validation.4 standard ‡ Includes layers up to and including Link Layer Control ± LLC is standardized in 802.15. Data Link Controller (DLC) IEEE 802.15. Cluster Tree and ‡ Features of the MAC: Mesh ZigBee Application Framework Association/dissociation.1 (Bluetooth) ISA Wireless Security.15.4 868/915 MHz PHY 2400 MHz PHY 802. Fuhr 84 . Type I ‡ Low complexity: 26 primitives IEEE 802.15.4 IEEE 802. frame delivery. channel scan IEEE 802. ACK. guaranteed time slot management.4 LLC LLC.15.1 ‡ Supports multiple network topologies including Star. P.15.IEEE 802.4 MAC versus 131 primitives for IEEE 802.

4GHz/250kbps) ‡ Coexistence w/ ± 802.3 DSSS ISA Wireless Security.1 FHSS ± 802. 40 or 250 kbps ‡ Channels ± 1 channel in the 868MHz band ± 10 channels in the 915MHz band ± 16 channels in the 2.11b DSSS ± 802.PHY overview ‡ Speed ± 20.15.15.4GHz band ‡ Modulation ± BPSK (868MHz/20kbs) ± BPSK (915MHz/40kbps) ± O-QPSK (2. P. Fuhr 85 .

P. Fuhr 86 .MAC overview ‡ Security support ‡ Power consumption consideration ‡ Dynamic channel selection ‡ Network topology ± Star topology ± p2p topology ± cluster-tree network topology ISA Wireless Security.

Fuhr 87 .Device classification ‡ Full Function Device (FFD) ± Any topology ± Can talk to RFDs or other FFDs ± Operate in three modes ‡ PAN coordinator ‡ Coordinator ‡ Device. ‡ Reduced Function Device (RFD) ± Limited to star topology ± Can only talk to an FFD (coordinator) ± Cannot become a coordinator ± Unnecessary to send large amounts of data ± Extremely simple ± Can be implemented using minimal resources and memory capacity ISA Wireless Security. P.

Fuhr 88 .Transmission management ‡ Acknowledgement ±No ACK ±ACK ±Retransmission ±Duplicate detection ‡ Indirect transmission ISA Wireless Security. P.

Fuhr 89 . P.Security ‡ Unsecured mode ‡ ACL mode ± Access control ‡ Secured mode ± Access control ± Data encryption ± Frame integrity ± Sequential freshness ISA Wireless Security.

P. they ACK the ³health inquiry´ as if everything was OK ± but they do not forward to the rest of the net ‡ The rest of the network is virtually cut off from inspection by controller ‡ Need secure key and a random seed that changes at each round ISA Wireless Security. Fuhr 90 .Scalable Security ‡ Assume the attacker can deploy own nodes (can create a ³ring´ at some distance from controller)[Wisenet 2003] ‡ Enemy nodes ³mimick´ the mesh nodes.

Fuhr 91 .5? 1xRTT? SAT? CDPD? Others? No time this morning! ISA Wireless Security. P.What About: 1451.

encryption. The Situation for Wireless (its RF in an industrial setting. How is security achieved in a wired channel? 3. Security? Who needs it? 2. 802. The Big Review ISA Wireless Security. spatial«) 4.15. others«) 5. Security within various Wireless Delivery Schemes (cellular. WiFi. An Integrated Solution 6.Outline: 1. Spectrum. Bluetooth.4. Fuhr 92 . P. modulation.

Fuhr 93 .There are SO many technical questions: such as« Integrated Industrial Networks? If the sensor network is to integrate into an industrial setting. P. ISA Wireless Security. then you should be cognizant of the Industrial Networking arena.

Fuhr . three layers of networking make up enterprisewide networks. links sensors and smart devices. and it's linked to controllers or industrial PCs. which supply strategic data to the enterprise.Industrial Device Network Topology ‡ Typically. P. An industrial network. Ethernet acts as the company's intranet backbone. 94 ISA Wireless Security. or fieldbus. A gateway (not uncommon in a large system with lots of devices) links devices that have only RS-232 or RS485 ports to the fieldbus system.

‡ Obviously the complexity of the network increases as the functionality is increased. 95 ISA Wireless Security. P. Fuhr .Industrial Device Networks ‡ General characteristics for industrial device networks have arisen.

P. Fuhr 96 . ISA Wireless Security. ‡ There are over 100 different proprietary networks in the field.Classification of Industrial Networks ‡ Three logical groupings of instrumentation networks used in an industrial setting.

blocking legitimate maintenance and forcing process shutdown. P.Inside Security Incident ‡ Employee attacks PLC in another plant area over PLC highway. Plant Highway Disgruntled Employee PLC PLC PLC PLC Steam Plant Paper Plant * Source: BCIT Industrial Security Incident Database (ISID) ISA Wireless Security. ‡ Password changed to obscenity. Fuhr 97 .

Hardwiring. Fuhr Cost + 98 . Seriplex. P.Network Positioning + Data Ethernet TCP/IP ControlNet Foundation Fieldbus H2 Profibus-FMS Profibus-DP Data Highway+ Interbus-S Modbus Plus Remote I/O DeviceNet Other CAN SDS Fieldbus H1 Profibus-PA Modbus HART + + Functionality Complexity - ASi. - ISA Wireless Security. RS485 etc.

P. ISA Wireless Security.Too Focused on Internet Issues? ‡ Myth #1: Our SCADA/PLC/DCS is safe if we don¶t connect to the Internet. Fuhr 99 . ‡ Myth #3: Our IT department understands process control issues and security. ‡ Myth #2: Our Internet firewall will protect our control systems.

Fuhr Process Historian WarDialing Attack PLC 802. P. 2002 100 . CT. Windsor.11 WLAN Field Devices OEM Source (used by permission): Interface Technologies.Is Industrial Comm Security Too Focused on Internet Issues? Internet Remote Engineering Firewall Enterprise Resource Planning Manufacturing Logistics Production Planning Enterprise Network Production Networks Ethernet Programming Stations SCAD A Control Network PLC Modem Handheld Operator Terminal ISA Wireless Security.

Spectrum. The Situation for Wireless (its RF in an industrial setting.15. others«) 5. Security? Who needs it? 2. An Integrated Solution 6. The Big Review ISA Wireless Security. spatial«) 4. Fuhr 101 . How is security achieved in a wired channel? 3.Outline: 1. P. WiFi. 802. encryption. Bluetooth. modulation.4. Security within various Wireless Delivery Schemes (cellular.

Bit Rate vs. Fuhr 102 . the more power you consume! ISA Wireless Security. Quality of Service How Many Bits are Needed? The more bits you xmit. P.

Quality of Service Is Coding Really Necessary? ISA Wireless Security. P. Fuhr 103 .Coding vs.

Fuhr 104 . P.Direct Sequence Spread Spectrum ISA Wireless Security.

P. Fuhr Range RF Power Battery life longest Short short Numbers In Area High Medium High 105 Medium Low Long High Medium Lowest .Comparing Wireless Tech. DSSS FHSS UWB ISA Wireless Security.

Technology Beats Marketing in Performance! Technology versus Attributes Summary Chart Technology Low Mobile Power Ad Hoc Power Embedded Designs Networks Harvesting Intelligence Diversity NA yes NA NA yes NA NA NA NA NA yes NA yes yes yes yes yes NA yes yes NA NA NA yes yes yes NA NA yes yes NA NA NA yes yes NA yes NA NA yes NA yes NA NA yes yes NA NA NA NA yes NA NA NA NA DSSS FHSS UWB NA DSSS FHSS DSSS DSSS UWB UWB UWB DSSS FHSS FHSS CDMA TDMA FDMA NA CDMA FDMA NA CDMA CDMA NA NA CDMA FDMA TDMA BPSK QPSK Open Standards M-ary NA yes NA NA NA NA NA NA NA yes NA NA NA M-ary NA NA NA M-ary NA BPSK BPSK BPSK 900MHz 2.8GHz 5.8GHz Attribute Long Range Plug-and-Play Long Battery life Low RFI risk Self Locating Secure High throughput non line-of-sight robust connections low cost small size FEC yes NA yes NA NA NA yes NA yes NA NA ISA Wireless Security.8GHz 5.4GHz 5.8GHz 900MHz NA 900MHz 5. P.8GHz 900MHz 5.8GHz 900MHz 5.8GHz 5. Fuhr 106 .

ISA Wireless Security.gocsi.Statistics on Types of Attacks Denial of Service Laptop Theft Active Wiretap Telecom Fraud Unauthorized Insider Access Virus Finacial Fraud Insider Abuse of Net Access System Penetration Telecom Evesdropping Sabotage Theft of Propriety Info 0 20 40 60 80 100 120 1997 1998 1999 2000 2001 2002 % of Respondents *Source: ´2002 CSI/FBI Computer Crime and Security Surveyµ Computer Security Institute . P.www.com/losses. Fuhr 107 .

P. Cost ‡ Risk reduction is balanced against the cost of security counter measures to mitigate the risk.Optimization of Security vs. Fuhr 108 . Optimal Level of Security at Minimum Cost Cost ($) Cost of Security Breaches Cost of Security Countermeasures Security Level ISA Wireless Security.

Risk in Security ‡ Safety Definition: ³Risk is a measure of human injury.Risk in Safety vs.´ ‡ Security Definition: ³Risk is an expression of the likelihood that a defined threat will exploit a specific vulnerability of a particular attractive target or combination of targets to cause a given set of consequences.´ *Source: CSPP Guidelines For Analyzing And Managing The Security Vulnerabilities Of Fixed Chemical Sites ISA Wireless Security. or economic loss in terms of both the incident likelihood and the magnitude of the loss or injury. environmental damage. P. Fuhr 109 .

P. ‡ The proxy firewall handles potential security holes in the higher layer protocols. ‡ The internal router blocks all traffic except to the proxy server. source routing. packet fragments.Firewall Architectures ‡ The external router blocks attempts to use the underlying IP layer to break security (e. Fuhr . etc) and forces all traffic to the proxy. Internet External Router Internal Router   110 ISA Wireless Security. IP spoofing.g.

Fuhr 111 . P.There¶s lot of ³Wireless´ ‡ From cellphones to PDAs to WiFi to Satellite-based ISA Wireless Security.

Wireless LAN Standards ISA Wireless Security. P. Fuhr 112 .

2004) Port Based Network Access Personal Area Network (WPAN) Wireless Metropolitan Area Network (WMAN) 113 ISA Wireless Security. P.11b ± 802.11f ± 802. Fuhr .16 ± Frequency Hopping/DSSS 54Mbps / HyperLAN (1999) 11Mbps Quality of Service Point 2 Point Roaming (2003) 54Mbps European Inspired Changes (Q2.15 ± 802.11e ± 802.11i ± 802.11h ± 802.11g ± 802.11802.2004) New Encryption Protocols (Q2.Existing/Developing IEEE 802.1x ± 802.11a ± 802.11 Standards ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ 802.

Wireless Backbone for Inflight ³Entertainment´ On-Board Network Integration PicoCell BTS PicoCell BTS Noise Floor Lifter 6 MCU GSM SERVER SDU ISA Wireless Security. P. Fuhr «and we haven¶t even touched on RFID! 114 .

P.There¶s lot of ³Wireless´ ‡ And it all needs to feel more Secure! ISA Wireless Security. Fuhr 115 .

Fuhr 116 .For a real review of networking security« ‡ Take Eric Byrnes ISA course IC32C« ISA Wireless Security. P.

802. WEP 2000 2001 WEP broken [BGW] WEP badly broken [FMS]  attacks pervasive digital: TDMA.11 analog cloning. scanners fraud pervasive & costly wireless networks 1999 802.11.15.4. Fuhr 2003 WPA Future: 802.11i . P. ISA Wireless Security.: 3GPP.Will History Repeat? Cellular networks 1980 analog cellphones: AMPS wireless security: not just 802.BGW] 2002 2000 Future: 3rd gen. GSM 1990 TDMA eavesdropping [Bar] sensor networks Proprietary systems 2002 1451. TinyOS 2003 Future: ??? 117 more TDMA flaws [WSK] GSM cloneable [BGW] GSM eavesdropping [BSW.

P.PATRIOT Act ‡ PATRIOT (Provide Appropriate Tools Required to Intercept and Obstruct Terrorism) ‡ Legally classifies many hacking attacks as acts of terrorism ISA Wireless Security. Fuhr 118 .

at least PLEASE do this for your WiFi System! ‡ Conduct site survey ‡ ‡ ‡ ‡ WLAN Security Countermeasures Identify areas of signal strength and weakness Do a ³walkaround´ with NetStumbler Document and shut down rogue access points Document and shut down unauthorized wireless NICs ‡ AND TURN ON SOME LEVEL OF THE PROVIDED PROTECTION! 119 ISA Wireless Security.So« If Nothing else. Fuhr . P.

AC) you¶re ok. So if your wireless network has primepower (a. But if you¶re going off a battery then it¶s a tradeoff of security versus Power Consumption You Choose that one! ISA Wireless Security. Fuhr 120 .Oh« And don¶t forget that as you layer in all of these wacky encryption schemes and CDMA and DSSS and«and« that it takes some joules to actually implement this. P.a.k.

.. BumbleBee with RF xcvr .... P.... Fuhr 121 . HoneyBee with RFID Two potential forms of wireless sensor networks.and in the end..or. And they should both be secure! ISA Wireless Security.

Spectrum. The Situation for Wireless (its RF in an industrial setting. Glossary and References ISA Wireless Security. How is security achieved in a wired channel? 3. The Big Review 7. others«) 5. Security within various Wireless Delivery Schemes (cellular.Outline: 1. spatial«) 4. Bluetooth. An Integrated Solution 6. Fuhr 122 . P. modulation. WiFi.15. 802.4. Security? Who needs it? 2. encryption.

Glossary
10BASE-T: IEEE 802.3 standard for a twisted-pair Ethernet network. 10 Mbps transmission rate over baseband using unshielded, twistedpair cable. 802.11: The IEEE 802.11 standard defines both frequency hopping and direct sequence spread spectrum solutions for use in the 2.4-2.5 MHz ISM (Industrial, Scientific, Medical) band. 802.11a: The Global System for Mobile Communications standard for worldwide wireless communications on wide area networks (WANs). 802.11b: The portion of the 802.11 specification that defines the 11 Mbps data rate. A Access Point: Provides a bridge between Ethernet wired LANs and the wireless network. Access points are the connectivity point between Ethernet wired networks and devices (laptops, hand-held computers, point-of-sale terminals) equipped with a wireless LAN adapter card. Analog phone: Comes from the word "analogous," which means similar to. In telephone transmission, the signal being transmitted from the phone²voice, video or image²is analogous to the original signal. Antenna-Directional: Transmits and receives radio waves off the front of the antenna. The power behind and to the sides of the antenna is reduced. The coverage area is oval with the antenna at one of the narrow ends. Typical directional antenna beam width angles are from 90° (somewhat directional) to as little as 20°(very directional). A directional antenna directs power to concentrate the coverage pattern in a particular direction. The antenna direction is specified by the angle of the coverage pattern called the beam width. Antenna-Omni-directional: Transmits and receives radio waves in all directions. The coverage area is circular with the antenna at the center. Omni-directional antennas are also referred to as whip or low-profile antennas. Association: The process of determining the viability of the wireless connection and establishing a wireless network's root and designated access points. A mobile unit associates with its wireless network as soon as it is powered on or moves into range. ATM: Asynchronous Transfer Mode. A type of high-speed wide area network.

ISA Wireless Security, P. Fuhr

123

Glossary
B Backbone: A network that interconnects other networks, employing high-speed transmission paths and often spanning a large geographic area. Bandwidth: The range of frequencies, expressed in hertz (Hz), that can pass over a given transmission channel. The bandwidth determines the rate at which information can be transmitted through the circuit. Bandwidth Management: Functionality that allocates and manages RF traffic by preventing unwanted frames from being processed by the access point. BC/MC: Broadcast frames; Multicast frames Beacon: A uniframe system packet broadcast by the AP to keep the network synchronized. A beacon Includes the Net_ID (ESSID), the AP address, the Broadcast destination addresses, a time stamp, a DTIM (Delivery Traffic Indicator Maps) and the TIM (Traffic Indicator Message). BFA Antenna Connector: Miniature coaxial antenna connector manufactured by MuRata Manufacturing Corporation. Bluetooth: See Wireless Personal Area Networks. Bridge: A device that connects two LANs of the same or dissimilar types. It operates at the Data Link Layer, as opposed to routers. The bridge provides fast connection of two collocated LAN segments that appear as one logical network through the bridge. Buffer: A segment of computer memory used to hold data while it is being processed.

ISA Wireless Security, P. Fuhr

124

C

Glossary

CAM: Continuously Aware Mode: Mode in which the adapter is instructed to continually check for network activity. Card and Socket Services: Packages that work with the host computer operating system, enabling the Wireless LAN adapter to interface with host computer configuration and power management functions. Cellular Phone: Low-powered, duplex, radio/telephone that operates between 800 and 900 MHz, using multiple transceiver sites linked to a central computer for coordination. The sites, or "cells," cover a range of one to six or more miles in each direction. Centrex: Business telephone service offered by a local telephone company from a local telephone company office. Centrex is basically a single line phone system leased to businesses as a substitute for a business that is buying or leasing its own on-premises phone system or PBX. CDMA and TDMA: The Code Division Multiple Access and Time Division Multiple Access standard for wireless communications on wide area networks (WANs) in North America. Circuit switching: The process of setting up and keeping a circuit open between two or more users so that users have exclusive and full use of the circuit until the connection is released. Client: A computer that accesses the resources of a server. Client/Server: A network system design in which a processor or computer designated as a server (such as a file server or database server) provides services to other client processors or computers. CODEC: Coder-Decoder. Audio compression/decompression algorithm that is designed to offer excellent audio performance. Converts voice signals from their analog form to digital signals acceptable to modern digital PBXs and digital transmission systems. It then converts those digital signals back to analog so that you may hear and understand what the other person is saying. Computer Telephony Integration: Technology that integrates computer intelligence with making, receiving, and managing telephone calls. Computer telephony integrates messaging, real-time connectivity, and transaction processing and information access.

ISA Wireless Security, P. Fuhr

125

direct sequence has higher throughput. Desktop Conferencing: A telecommunications facility or service on a PC that permits callers from several diverse locations to be connected together for a conference call. The signal being transmitted in a digital phone system is the same as the signal being transmitted in an analog phone system. including a wide variety of dumb terminals or terminals without embedded intelligence in the form of programmed logic. Mitel. The same device. the conversion from analog-to-digital can occur in a digital phone." this bit pattern numbers 10 chips to one per bit of information. and then converts those digital signals back to analog. and so on. Alternatively. P. to the computer system. The second antenna is used only for receiving radio signals. Fuhr 126 . such as a mobile unit's radio card. the dialed digits are passed from the PSTN to the PBX. ISA Wireless Security. Compared with frequency hopping. such as a mainframe or midrange computer. Direct Inward Dialing: DID. Direct-Sequence (DS) Spread Spectrum: Direct sequence transmits data by generating a redundant bit pattern for each bit of information sent. Driver: A program routine that links a peripheral device. Northern Telecom. In large PBX systems. host computer or front-end processor. usually performs both encryption and decryption. such as AT&T. Diversity Reception: The use of two antennas attached to a single access point to improve radio reception. Commonly referred to as a "chip" or "chipping code. Decryption: Decryption is the decoding and unscrambling of received encrypted data. which then completes the call. Digital Phone System: Proprietary phone system provided by a vendor. The system can consist of a proprietary PBX system that converts voice signals from their analog form to digital signals. while the primary is used for both transmitting and receiving.4GHz band.Glossary D Data Terminal: Computer transmit and receive equipment. The ability for a caller outside a company to call an internal extension without having to pass through an operator or attendant. wider range and is upgradable in the 2. Most data terminals provide a user interface to a more capable host computer.

each channel occupying 1MHz of bandwidth. Gatekeepers map LAN aliases to IP addresses and provide address lookups when needed. and so on. printers. cost and ease-of-installation.323 conferences to other networks. Gain. Filtering: Prevents user-defined frames from being processed by the access point. communications protocols. As its label suggests. expressed in decibels referenced to a theoretical isotropic radiator that is circularly polarized. Larger frames fragment into several packets this size or smaller before transmission over the radio. servers. Frequency hopping technology is recognized as superior to direct sequence in terms of echo resistance. One Gigahertz (GHz) is one billion Hertz. There are 79 channels in a 2.4GHz ISM band. and multimedia formats. It uses TCP/IP commands. Fuhr 127 . frequency hopping transmits using a narrowband carrier that changes frequency in a given pattern. Frequency Hopping (FH) Spread Spectrum: Hedy Lamarr.323 conference. Ethernet operates over twisted wire and over coaxial cable at speeds up to 100 Mbps. The receiving station reassembles the transmitted fragments. terminals. expressed in decibels referenced to a half wave dipole. To date. Gateways are not required if connections to other networks or non-H. Gateway: Optional element in an H.5 hops per channel per second is required in the United States. Gain. GHz: International unit for measuring frequency is Hertz (Hz). there has also been a greater selection of WLAN products from which to chose. typically with mathematical formulas called algorithms. Frame Mode: A communications protocol supported by the OEM Modules. Glossary Encryption: Entails scrambling and coding information. interference immunity. the actress. before the information is transmitted over a network. which is equivalent to the older unit of cycles per second. FTP (File Transfer Protocol): A common Internet protocol used for transferring files from a server to the Internet user. workstations. Gateways bridge H. within the same building or campus. GSM: The Global System for Mobile Communications standard for worldwide wireless communications on wide area networks (WANs). expressed in decibels referenced to a theoretical isotropic radiator. P.Element-level Management: Level of technologies aimed at small or medium-sized businesses.45 GHz.323 compliant terminals are not needed. is credited in name only for inventing frequency hopping during World War II. with 1 Gbps speeds coming soon. dBic: Antenna gain. Fragmentation Threshold: The maximum size for directed data packets transmitted over the radio. ISA Wireless Security. Gatekeeper: Software that performs two important functions to maintain the robustness of the network: address translation and bandwidth management. A minimum hop rate of 2. dBi: Antenna gain. The frame protocol implements asynchronous serial Point-to-Point (PPP) frames similar to those used by serial Internet protocols. dBi: Antenna gain. Gain. Microwave ovens typically operate at 2. Ethernet: A local area network used for connecting computers.

often referred to as the Information Superhighway. and modem. causing potential phase distortions and bit errors. The most popular standard currently in use.4835GHz). In essence.323: An umbrella standard from the International Telecommunications Union (ITU) that addresses call control.11 open standard. and Internet malls. Jitter: Noise on a communications line which is based on phase hits.725-5. Handheld PC (HPC): The term adopted by Microsoft and its supporters to describe handheld computers employing Microsoft's Windows CE operating system. and bandwidth management for point-to-point and multi-point conferences. Interoperability: The ability of equipment or software to operate properly in a mixed environment of hardware and software. science (2. as well as interfaces between LANs and other networks. The voice processing acts as a front-end to appropriate databases that reside on general purpose computers. Internet: World's largest network. bypassing the traditional PSTN and saving money in the process. P. Intranet: A private network that uses Internet software and Internet standards.. ISM Band: ISM bands--instrumental (902-928MHz).Glossary H. Provides the basis of the Internet connection-less.850GHz)--are the radio frequency bands allocated by the FCC for unlicensed continuous operations for up to 1W. and voice processing systems. An Internet phone can be a small phone (such as the NetVision Phone) or a multimedia PC with a microphone. multimedia management. speaker. DTMF (touch tone) input of a Personal Identification Number can be required for access or more unusual and expensive techniques such as voice recognition and voice print matching.4-2. For instance.best-effort packet delivery service. Internet Commerce: Electronic business transactions that occur over the Internet.323 and other international standards. The Internet protocol suite is often referred to as TCP/IP because IP is one of the two fundamental protocols. IP (Internet Protocol): The Internet standard protocol that defines the Internet datagram as the unit of information passed across the Internet. Internet Phone: Device used to transmit voice over the Internet. The most recent band approved by the FCC for WLANs was the medical band in January 1997. The participants on the Internet and its topology change on a daily basis. Emerging network technology offered by local phone companies that is designed for digital communications. ISA Wireless Security. ITU: International Telecommunications Union. airline reservation systems. Standards body that defined H. and medical (5. computer telephony. International Roaming: Ability to use one adapter worldwide. Fuhr 128 . The Internet is a virtual network based on packet switching technology. Enabled by the IEEE 802. Samples of Internet commerce applications include electronic banking. from different vendors. an intranet is a private Internet reserved for use by people who have been given the authority and passwords necessary to use that network. ISDN: Integrated Services Digital Network. Interactive Voice Response: System used to access a database access application using a telephone.

MAC (Media Access Control): Part of the Data Link Layer. third-party device. MMCX Antenna Connector: Miniature coaxial antenna connector in use by several major wireless vendors. Microcell: A bounded physical space in which a number of wireless devices can communicate. Data is received from the network connection and sent out over the serial port. Mobile IP: The ability of the mobile unit to communicate with the other host using only its home IP address. Modem: Equipment that converts digital signals to analog signals and vice versa.Glossary Kerberos: A widely deployed security protocol that was developed at the Massachusetts Institute of Technology (MIT) to authenticate users and clients in a wired network environment and to securely distribute encryption keys. Modulation: Any of several techniques for combining user information with a transmitter's carrier signal. Mobile Unit (MU): May be a Symbol Spectrum24 terminal. MIB (Management Information Base): An SNMP structure that describes the specific device being monitored by the remote-monitoring program. typically around 50 telephones. this sublayer contains protocols for gaining orderly access to cable or wireless media. MD5 Encryption: An authentication methodology when MU is in foreign subnet. the WLAN adapter connects to an access point (AP) or another WLAN installed system. interfering with each other. the boundaries of the cell are established by some rule or convention. bar-code scanner. Key Telephone System: A system in which the telephone has multiple buttons permitting the user to directly select central office phone lines and intercom lines. P. after changing its point of attachment to the Internet and intranet. Mobile units appear as network nodes to other devices. consequently. allowing the device to roam freely between AP cells in the network. Fuhr 129 . LPD (Line Printer Daemon): A TCP-based protocol typically used between a Unix server and a printer driver. Because it is possible to have overlapping cells as well as isolated cells. and other Mobile Unit Mode: In this mode. PC Card and PCI adapter. Layer: A protocol that interacts with other protocols as part of an overall transmission system. Key phone systems are most often found in relatively small business environments. Multipath Fading: A type of fading caused by signals taking different paths from the transmitter to the receiver and. Multipath: The signal variation caused when radio signals take multiple paths from transmitter to receiver. ISA Wireless Security. as defined by the IEEE. Modems are used to send digital data signals over the analog PSTN.

All frames are sent to the wireless network verbatim--should be used with care as improperly formatted data can go through with undesirable consequences. POTS (Plain Old Telephone Service): The basic service supplying standard single line telephones. Power Management: Algorithms that allow the adapter to sleep between checking for network activity.5 to 1.S. The cells are smaller and closer together. In the U. When a mobile unit in PSP mode associates with an access point. PLD (Data Link Protocol): A raw packet protocol based on the Ethernet frame format. ISA Wireless Security. Packet switching is a data switching technique only. PCS operates in the 1. the PSTN is provided by AT&T. memory. Fuhr 130 . and access to the public switched telephone network.. Small version of the phone company's larger central switching office. Pocket PC: The term adopted by Microsoft and its supporters to describe handheld computers employing Microsoft's Pocket PC operating system. Point-of-Sale Device: A special type of equipment that is used to collect and store retail sales data. Peer-to-peer Network: A network design in which each computer shares and uses devices on an equal basis. it notifies the AP of its activity status. PBX Phone System: Private Branch eXchange. higher-frequency competitive technology to cellular. thus conserving power. Glossary Packet Switching: Refers to sending data in packets through a network to some remote location. requires less user interaction and minimizes hardware conflicts. In a packet switched network. PSP (Power Save Polling): stations power off their radios for long periods. no circuit is left open on a dedicated basis.Node: A network junction such as a switch or a routing center. PSTN (Public Switched Telephone Network): Refers to the worldwide voice telephone network accessible to all those with telephones and access privileges. This device may be connected to a bar code reader and it may query a central computer for the current price of that item. The AP responds by buffering packets received for the MU. and device recognition addresses. lower powered. The idea with PCS is that the phone are cheaper.8 GHz range. and are digital. have less range. PCS (Personal Communications Service): A new. Ping: A troubleshooting TCP/IP application that sends out a test message to a network device to measure the response time. Plug and Play: A feature that allows a computer to recognize the PCI adapter and configure the hardware interrupt. PCMCIA (Personal Computer Memory Card International Association) PC Card: A credit card-size device used in laptop computers and available as removable network adapters. P. An alternative to a PBX is to subscribe to a local telephone company's Centrex service. and airtime is cheaper. telephone lines. Whereas cellular typically operates in the 800900 MHz range.

Two types of spread spectrum exist: direct sequence and frequency hopping. QoS refers to things like: Is the call easy to hear? Is it clear? Is it loud enough? RBOC (Regional Bell Operating Company): One of the seven Bell operating companies set up after the divestiture of AT&T. military in World War II to provide secure voice communications. spread spectrum is the most commonly used WLAN technology today. Stream Mode: A communications protocol supported only by the Telnet and TCP protocols. Roaming: Movement of a wireless node between two microcells. Defines the method for obtaining information about network operating characteristics. ISA Wireless Security. Router: The main device in any modern network that routes data blocks from source to destination using routing tables and determining the best path dynamically. The signal is manipulated in the transmitter so that the bandwidth becomes wider than the actual information bandwidth. The statistics enable a mobile unit to reassociate by synchronizing its frequency to the AP. It provides security by "spreading" the signal over a range of frequencies. as well as the number of devices necessary to provide optimal coverage. each of which own two or more Bell Operating Companies (BOCs). Repeater: A device used to extend cabling distances by regenerating signals. De-spreading the signal is impossible for those not aware of the spreading parameters. Interference from narrowband signals is also minimized to background noise when it is de-spread by the receiver. Roaming usually occurs in infrastructure networks built around multiple access points. It functions as an addressable entity on the LAN and is the basic building block of the Internet. P. change parameters for routers and gateways. to them. The MU continues communicating with that access point until it needs to switch cells or roam. Fuhr 131 . Spread Spectrum: A transmission technique developed by the U. the signal sounds like background noise.S. Stream mode transfers serial characters as they are received by encapsulating them in a packet and sending them to the host. Site Survey: Physical environment survey to determine the placement of access points and antennas. Scanning: A periodic process where the mobile unit sends out probe messages on all frequencies defined by the country code. in a new or expanding installation.Glossary QoS (Quality of Service): Measure of the telephone service quality provided to a subscriber. SNMP (Simple Network Management Protocol): The network management protocol of choice for TCP/IP based intranets.

The two types of voice mail devices are those which are "stand alone" and those which offer some integration with the user's phone system. A T1 line can normally handle 24 voice conversations. T1 is the standard for digital transmission in the U.Glossary T1: A type of dedicated digital leased-line available from a public telephone provider with a capacity of 1. and retrieves voice messages. Only select wireless networking products possess this characteristic of IEEE802. and time-outs. UDP (User Datagram Protocol): UDP/IP is a connection-less protocol that describes how messages reach application programs running in the destination machine. and Japan. With more advanced digital voice encoding techniques.544 Mbps. stores. or mobile unit.S. Hong Kong. Terminal: An endpoint. Telnet (Terminal Emulation Protocol): A protocol that uses the TCP/IP networking protocol as a reliable transport mechanism. or token. provides low overhead and fast response and is well suited for high-bandwidth applications. TCP/IP is used in the industry to refer to the family of common Internet protocols. it can handle more voice channels. providing the mechanism for connection maintenance. Token ring is the technique used by IBM and others. each one digitized at 64 Kbps. retries. two-way communications with another terminal. Considered extremely stable. must be received by an attached terminal or workstation before that terminal or workstation can start transmitting. between computers with diverse hardware architectures. Wi-Fi: A logo granted as the "seal of interoperability" by the Wireless Ethernet Compatibility Alliance (WECA). and various operating systems. flow control. P.11b. TCP/IP: Networking protocol that provides communication across interconnected networks. Fuhr 132 . Canada. which provides for real-time. ISA Wireless Security. Wireless AP Support: Access Point functions as a bridge to connect two Ethernet LANs. gateway. TCP (Transport Communication Protocol): Controls the transfer of data from one client to one host. Token Ring: A ring type of local area network (LAN) in which a supervisory frame. Video Conferencing: Video and audio communication between two or more people via a video CODEC (coder/decoder) at either end and linked by digital circuits. Voice Mail System: Device or system that records.

on the road. or a device with a stand-alone radio card.Glossary Wireless Local Area Network (WLAN): A wireless LAN is a data communications system providing wireless peer-to-peer (PC-to-PC. e-mail. WLANs must include NICs (adapters) and access points (in-building bridges). and other hand-held devices to do business at home. mobile phones. Wireless Personal Area Network (WPAN): Personal area networks are based on a global specification called Bluetooth which uses radio frequency to transmit voice and data. peripheral sharing. or the Internet. or printer-to-hub) and point-to-point (LAN-to-LAN) connectivity within a building or campus. PC-to-hub. WLANs transmit and receive data over electromagnetic waves. PIMs. and for campus communications building-to-building (LAN-LAN) bridges. your corporate intranet. Bluetooth is ideal for mobile professionals who need to link notebook computers. can receive and send information from a network. Fuhr 133 . P. PDAs. and in the office. Over a short range. PDA. ISA Wireless Security. Wireless Wide Area Network (WWAN): Wide area networks utilize digital mobile phone systems to access data and information from any location in the range of a cell tower connected to a data-enabled network. WLANs perform traditional network communications functions such as file transfer. a mobile computing device such as a notebook computer. In place of TP or coaxial wires or optical fiber as used in a conventional LAN. this cable-replacement technology wirelessly and transparently synchronizes data across devices and creates access to networks and the Internet. Using the mobile phone as a modem. and database access as well as augmenting wired LANs.

Gruhler.. IEE. Johannsmeyer. Report DISC PD0014:2000.. Huber J. Hüthig & Pflaum. ISBN 0-07-005592-0.. "A distributed control & diagnostic architecture for railway maintenance". ISA. G. Entwicklung und Anwendung". Brown. ETZ Report 27. Baran-Harper 1991.. "Colloquium: Fieldbus devices . ISA Press 2002. Franzis Verlag. "Physical Level Interfaces and Protocols". "Der Feldbus in der Maschinen.. ISBN 0-471-95236-1. Franzis Verlag 2001. ISBN 90-6674-726-9. 3-8169-0771-7. Wiley 1995. "Bussysteme . 1999. Black U. Black U. ISBN 90-557-6059-5. Holzmann. Jordan. "The V-series recommendations". Fuhr 134 . Oldenbourg Verlag. ISBN 3-89429-310-1. Chapmann & Hall 1997. "Standardisierung der Prozeßdatenkommunikation". Dietrich D. "Feldbusse und Geräte-Kommunikationssysteme". Prentice-Hall. VDE Verlag. 1996 Control Engineering. ISBN 3-7723-4621-9. Hill. "Fieldbus Standard for use in industrial control systems". ISBN 0-8186-8824-6. Borst W. McGraw-Hill. Maintenance". McGraw-Hill 1993. ISBN 1-55617-637-6. ISA 1993. Centrum voor Micro-elektronica. Hulsebos. issues of 1994 and 1995.und Anlagentechnik". 1994/236. Delta Press 1989. Kluwer 1996. Bonfig K. "Guide to the evaluation of fieldbus protocols".parallele und serielle Bussysteme in Theorie und Praxis". British Standard Institute. 1993. IEE 1994. Ref. VDE Verlag 1991. Frankort. ISA Wireless Security. "The OSI Dictionary of acronyms". Gladdis. "Feldbustechnik in Forschung.. "Fieldbus for Industrial Control Systems". ISBN 0-412-57890-5. ISA 1997. "Datenübertragung auf Fahrzeugen mittels serieller Bussysteme". ISBN 1-55617-317-2. "Intelligente sensornetwerken". ISBN 0-07-057601-7. "Bussysteme für die Gebäudeinstallation. ISBN 1-55617-760-7. ISBN 3-8007-1829-4. Expert Verlag 1992. PTB. P. R. report W53. ISBN 3-7723-5745-8. ISBN 1-55617-521-3-G. "Design and validation of computer protocols". "Digitale Communicatie". "Veldbussen". Fachzeitschrift DE.A changing future". Burton. ETG Fachbericht 37. ISBN 0-9632170-0-3. "The ISA Fieldbus Guide". ISA Press 1995. ISBN 0-13-539834-7. "Serial networked field instrumentation". "Investigation into the intrinsic safety of fieldbus systems (FISCO)". Operation.. "Feldbus-Systeme"."Industrial Fiber Optic Networks". Färber.A Few References Berge J. ISA. Springer Verlag. "How to automate your home".. University of South-Carolina 1998."Fieldbuses for Process Control: Engineering. ISBN 3-486-28581-5. "Fieldbus series". 1997. IEEE.

P.and Prozesstechnik" (4th Ed. ISBN 3-540-63880-6. "RS422 and RS485 Application Guide". Rosch. Fuhr 135 . "Demanding measurements on the factory floor". ISBN 1-55617-231-1. ISBN 3-52836569. Hüthig Verlag 1998. Svacina. ISBN 3-540-52551-3. 1993-2001. Springer Verlag 1999. Hüthig Verlag 2000. Schnell. Rikkert de Koe. PTB 1994. Verlag Moderne Industrie 1998. Springer Verlag 1987.). 2002. Lian. Scherff. "Bussysteme in der Automatisierungs.. ISA Wireless Security. ISBN 3-89429-512-0. Phoenix. ISBN 3-8023-1813-7. "Richtlinien 3687: Auswahl von Feldbussysteme durch Bewertung ihrer Leistungseigenschaften für verschiedene Anwendungsbereiche". Proceedings of the ASME (Dynamics and Control Division). "Industrial Data Communications: Fundamentals And Applications" 3rd Edition. Kluwer Telematica. "Basic course in sensor/actuator fieldbus technology".". Vogel Verlag. Kriesel. 2nd Ed. ISBN 90-201-2388-2. "Bustechnologien für die Automation. Syllabi themadagen "Industriële netwerken". F. "Feldbussysteme in der Praxis". "Handboek Industriële Netwerken". VDI/VDE. ISBN 90-5404-628-7. 2nd Ed. ISBN 1-55617-767-4-G. Vieweg Verlag 1999. Physikalische Technische Bundesanstalt. ISBN 3478-93185-1.References (cont. "Optische übertragungstechnik in der Praxis. G. Wittgruer. ISBN 3-486-24536-8. Oldenbourg Verlag. Reinert. 1999. Phoenix. Texas Instruments. Phoenix. ISBN 3-7785-2638-3. "Investigations into the intrinsic safety of fieldbus systems". ISBN 0-471-51696-1. Wiley. Mikrocentrum Nederland. ISA 1993. "Real-time control networks". "Grundkurs Feldbustechnik". Turck. Vieweg Verlag 2000. "Understanding Device Level Buses". "OSI-Protocollen lagen 1 t/m 4". "Digitale Schnittstellen und Bussysteme". 1994. ISA Press 2002. ISBN 3-8023-1708-4. Thompson. Wybranietz. Miklovic. "Multicast-Kommunikation in verteilten Systemen". ISBN 3-7785-2797-5.) Keithley Instruments. Kluwer 2000. Kluwer. "Grundkurs Sensor/Aktor-Feldbustechnik". "Sichere Bussysteme für die Automation" Hüthig Verlag 2001.". "Gebäudesystemtechnik: Datenubertragung auf dem 230V Netz". "Performance evaluation of control networks for manufacturing systems". Vogel Verlag. "Direct digital control of building systems". Newman. Reißenweber B. VDI/VDE. Vogel Verlag 2000. B. "Feldbussysteme". ISBN 3-7785-2778-9. Wrobel. 1997.

Fuhr 136 .Questions? Comments? ISA Wireless Security. P.