Articles and Technical Papers
Data-Linc Group SRM Series Wireless Security: Understanding Wireless Modem Data Transmission
Industrial wireless transmission has arrived providing clear and significant advantages. Nevertheless, security is always an important issue and a question often asked is, "Will information be secure when broadcast via Data-Linc Group wireless modems?" The answer can be found in understanding the technologies employed in these products and, to that end, this paper will provide the understanding needed.
This paper applies to Data-Linc's SRM6000, SRM6100, SRM6200E, SRM6300E, SRM6210E and SRM6310E license-free, serial and Ethernet radio modems.
The Data-Linc Group SRM series of modems are sophisticated devices that utilize complex technologies including adaptive frequency hopping, proprietary RF (Radio Frequency) packets, data compression and encryption, as well as a wide variety of configuration options. Unlike the 802.11 wireless radios designed for easy and universal access to which security can be applied, the SRM Series is designed for inherently secure and reliable communications.
The design is based on frequency hopping spread spectrum technology as funded and developed by the Defense Advanced Research Products Agency (DARPA) for the United States Military to ensure secure and reliable communications under the most severe wartime battlefield conditions. Although other RF technologies could possibly provide higher communication throughput, they do not approach the security level provided by the SRM Series technology.
Data security is further enhanced through proprietary information packets, data compression, and fast changing dynamic key encryption of all information transferred.
There are many configurations available for the SRM Series modems and their exact settings must be known for any modem to operate within a wireless network. The design of a method to monitor or interject new and/or modified data on this wireless network poses a significant technological and cost prohibitive challenge. A possible form of entry could be via another SRM Series modem, which incorporates the correct technology. However, without network configuration knowledge, any outside modem would be unable to establish communications.
Any security system is theoretically vulnerable. Nevertheless, Data-Linc Group modems are particularly secure and can be enhanced by:
Using technologies designed for the particularly rigorous security demands of the US Military, the SRM Series modems provide several levels of inherent security that, if deemed necessary, can be further strengthened by network configuration management and additional external security measures.
The FCC certified SRM modems are Frequency Hopping Spread Spectrum (FHSS) transceivers that operate in the license free Industrial, Scientific and Medical (ISM) bands of either 902 to 928 MHz or 2.4 to 2.4835 GHz.
Frequency hopping is achieved in the 902 to 928 MHz band by dividing the RF band into 112 operating channels and hopping through the channels one at a time, in a pseudo-random pattern. (The RF band is divided into 50 channels for the 2.4 GHz band.) There are over 90 programmable hopping patterns. Based on radio operational characteristics, the hopping pattern is further modified (adaptive hopping).
Other wireless devices also operate on these frequencies but are not compatible with the SRM Series hopping, packet, compression and encryption methods. Other radios may receive an SRM Series RF packet but cannot decode them. Furthermore, due to frequency hopping, it would be rare they would receive more than one sequential packet.
Compatibility with 802.11 Standards
The SRM Series modems incorporate proprietary technologies that were uniquely designed and can only communicate with compatible products using the same core technology. This proprietary technology is not compatible with 802.11 products nor any other technologies. Strategies designed to penetrate 802.11 wireless security cannot compromise the SRM Series layered security.
At each frequency hop, using this unique technology, an RF packet is constructed and emitted. The packet is synchronous, bi-directional, encrypted and CRC checked. The clock rate and packet size are programmable and must be matched exactly for all radios.
Data Encryption and Error Detection
SRM Series information (modem specific and user data) exchanged between the modems is compressed, encrypted using a Substitution Dynamic Key and checked with one or more 32-bit CRC (Cyclical Redundancy Check) words. The dynamic key is changed more than 100 times a second and is generated based on network dynamics. The CRC error detection and correction, along with data encryption, ensures the data gets through securely and without corruption or is rejected.
Wireless Network Configuration
There are two modes of operation for a SRM Series network of radios, point-to-point and point-to-multipoint. Each will be approached separately.
How could information be hacked from a SRM wireless network? There are theoretically three approaches; reverse engineer the information that can be received, reverse engineer the SRM hardware, or discover and utilize network configuration. Please note that it is probably far easier to design a new wireless radio system than to reverse engineer an existing undocumented wireless system. Reverse engineering the SRM hardware, assuming it was successfully accomplished, would still require knowledge of the existing networks configuration so that will not be explored further.
Monitoring data in a SRM wireless network is an extraordinarily difficult matter - layered technology that crosses several engineering disciplines and of considerably greater complexity than required to hack into 128-bit encryption (See reference 3). Injecting data is even more daunting. Add a management process that causes periodic configuration change and the hacking work must be done again. This is why the technology employed by the SRM family is used on the battlefield for the US military.
The open architecture of 802.11 offers relatively easy access to interject data into the wireless network. To compensate for the inherent security weaknesses of 802.11 technology, heightened universal encryption methods, such as 128-bit encryption, is commonly used. In the end, these methods have yielded little protection. Universal encryption methods are constantly under attack and at least 10 percent can be easily decrypted in less than 24 hours by a third party utilizing a mobile PC with decryption software. Historically, as each is cracked or becomes threatened, 802.11 security methods must be constantly improved through new algorithms and/or strengthened WEP keys.
The proprietary industrial SRM Series modems are designed for utmost reliability and security in contrast to the 802.11 standards wireless technologies. By design, Data-Linc Group SRM Series technology offers optimal data security in contrast to alternative, universally available WEP technologies. Data-Linc SRM Series technology provides proprietary, non-disclosed design and programmable network configurations.
||Features & Benefits | Focus Item | Product Selection Guides | Catalog | PDF Library | Order Information|
||Engineering Specifications | Articles & Technical Papers | Installation Information|
||GE Fanuc | Omron | Rockwell Automation | Schneider Electric | Siemens | Technology Partners|
||Security | Traffic | and other industry application notes and diagrams|
||Distributors | System Integrators | OEMs|
||Tradeshows and Events | Press Releases | Newsletters|
||Overview | Jobs/Employment | Office Locations/Contact Information|
|© 1996-2015 Data-Linc Group. All rights reserved.|