Depending on your comfort level of implementing a VPN/HEAP/LEAP/WEP layered
approach to things, there is a commercial product available.
http://www.reefedge.com/ . I was able to get a sit-down with 2 of their
engineers and the product is worth taking a second look at (if you want some
kind of turn-key solution).
Pete
-----Original Message-----
From: Akash Malhotra [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 19, 2003 10:29 AM
To: Joe Shaw
Cc: [EMAIL PROTECTED]
Subject: Re: Wireless Device Security
Hi All,
Thanks a lot for your replies. Let me reframe my question. I am sorry for
not making my question clear..
Here is the scenerio
Wireless Link Wireless Link
1 2
---| |--|--\ |-----------|
---| |--|--\ |-----------|
Data Data Device to Store Data
Source collector
There is data source which is very low power device. Data colletor is
needs to collect data from *source* through wireless channel. Again *data
collector* is also a low power device. Data collector sends data to the
data storage unit again thru wireless channel.
Now I would like you all to comment being very low power device(data
source and data collector) what kind of security features you would like
to put in these devices.Its a point to point collection and only one data
source and one data collector will be there. The dsitance between these
tow devices can be maximum of 1 ft. I need data accuracy and its critical
data.
Second what kind of security feature should be implemented in data
collector and data storage unit. Distance can be 10-15 ft.
2> what kind of communication should be there between data collector and
data source( i.e. Normal wireless, 802.11b or any other protocol)
Same with data collector and data storage.
Thanks a lot again,
Looking forward to hear from you all soon,
-AKash
On Tue, 18 Mar 2003, Joe Shaw wrote:
>
> On Tue, 18 Mar 2003, Akash Malhotra wrote:
>
> > Hi All,
> >
> > I have a question about security in wireless system.
> >
> > 1> Is it possible for me to have AES encryption in physical layer.
> >
> > I dont want to have any kind of security feature at the MAC layer.
>
> What form of wireless are you talking about? I'm assuming 802.11.
> You're not going to be adding AES to the physical layer of 802.11 without
> re-writing some firmware, as the physical layer controls are hardcoded.
> The operating systems have no control over the physical layer of 802.11.
>
> Furthermore, what effect do you hope to achieve by doing so? Deny sync to
> rogue devices? By putting encryption at layer 1, you're going to have to
> know a shared secret in order to even talk to any other device. You're
> going to be encrypting Sync, Start Frame Delimeter, Signal Rate, Service,
> Length, Frame Check Sequence, and PSDU along with everything else from the
> upper layers, which to me seems to be a waste. Putting encryption and
> authenticaion at the MAC layer of the Datalink is much more advisable, as
> that is where all of 802.11's security flaws lie.
>
> > 2> Will this reduce power consumption( battery will last longer)
>
> Why would it? You've just increased the amount of data that is going to
> be encrypted, which should increase load and power consumption in theory.
> In contrast, WEP only encrypts the payload, not the framing information.
> While WEP has it's drawbacks, mostly in algorithm and implementation, what
> data it does encrypt is satisfactory. Replace the static WEP key with
> dynamic keys, improve the WEP algorithm, provide an authentication
> mechanism for the 802.11 control/management frames and you've effectively
> secured wireless.
>
> --
> Joseph
> I survived Enron, but I still need a job. Hire me.
>
