Data security is of paramount interest to the users of fixed wireless networks. Numerous published reports have cited security vulnerabilities in the very popular 802.11b wireless LAN standard (commonly referred to as WiFi). The open standards architecture of 802.11b permits competing equipment manufactures to coexist on the same local area network. Unfortunately, this interoperability limits the security of networks employing such technology.
Community Broadband's wireless broadband access system does NOT employ the 802.11b (WiFi) RF protocol. Instead we utilize a proprietary communication protocol that is fortified with direct sequence spread spectrum transmission, user authentication, and point-to-point scrambling. The resulting wireless links provide an almost impenetrable level of security.
The proprietary polling and authentication techniques employed by Community Broadband virtually eliminate decryption and unauthorized access. Unlike WiFi links, there are no off-the-shelf sniffers or other devices that can "hack" into or eavesdrop on the transmissions. The advanced nature of the modulation and data-scrambling techniques ensure that the only method of over-the-air system access is with another matching subscriber unit (SU). Community Broadband's individual SU authentication process ensures that the network will not recognize unauthorized SUs.
|
COMMUNITY BROADBAND
WIRELESS LOOPS ARE MORE SECURE THAN ANY TELCO PRODUCT -- INCLUDING
T1s, WHICH DO NOT EMPLOY ANY ADVANCED SECURITY OR AUTHENTICATION
PRACTICES.
|
Security Features
The Community Broadband wireless broadband
access system utilizes four distinct security features, all of which
contribute to a very high level of security, through both design and
implementation:
• Dynamic Polling Protocol
• Spread Spectrum Modulation at 5.8 GHz
• Subscriber Unit Authentication
• Proprietary Data Scrambling of Radio Frequency (RF) Data Packets
Dynamic Polling Protocol
Community Broadband employs a smart
proprietary polling protocol that provides security in addition to a
very high level of bandwidth efficiency. Our wireless network is comprised
of multiple master radios (AKA Access Points -- or APs) and multiple
subscriber units (SUs). Dynamic polling is an algorithm executed by
an AP that allocates varying timeslots at varying intervals to each
SU in order to grant it permission to send or receive data. The polling
sequence and allocation of timeslots is determined according to multiple
parameters, including size and frequency of the data being sent. The
resulting sequence of data transmissions is dynamic and not set to a
synchronous, predetermined pattern (unlike straight Time Division Multiple
Access based systems - or TDMA). This prohibits potential invaders from
predicting the polling sequence and tampering with the system.
Spread Spectrum 5.8 GHz
The Community Broadband wireless broadband
access system utilizes Spread Spectrum modulation in the unlicensed
5.8 and 5.3 GHz ISM band to provide an additional layer of security.
In this process, the encoded data is modulated with an 8-bit pseudo
noise code and spread over a band of frequencies. There is no simple
demodulator (either on the market or easily constructed) that can intercept
a Spread Spectrum 5.8 GHz signal.
Authentication
In order for information to pass between an AP and SU, the AP must first
authenticate the SU through a password protected database administered
by Community Broadband. This database,
located within the nonvolatile memory of the AP, contains the unique
MAC identification (MAC ID) and SU identification (SU ID) of every Community
Broadband authorized SU. Both unique numbers can only be confirmed
by the AP that has been assigned to that specific SU.
In short, only authenticated SUs can associate with a specifically assigned AP. In the event an unauthorized or rogue SU is brought into the proximity of the wireless network, the AP will not authenticate it and network access will be refused.
When more that one SU associates with an AP, an additional layer of authentication is added to each data packet outbound from the AP; a scrambled identifier is encoded with the data packet along with a target SU "address". In other words, only the intended SU will be able to receive and descramble the data necessary to recreate the original Ethernet packet.
Proprietary Data Scrambling
Community Broadband employs wireless
hardware-based patterns of sequencing, combining each data byte with
one of 256 scrambling bytes. This proprietary scrambling method offers
a significant level of over-the-air security and ensures that only authorized
equipment will be able to receive and de-scramble data.
An Additional Note About Security
These four advanced security practices combine to provide unparalleled
protection for traffic on the Community Broadband
managed network (between the Customer's router and the Internet peering
point); however, the end user must still take measures to secure internal
LAN and WAN traffic. The Internet is an open media accessible by some
very intelligent and crafty individuals. We encourage all businesses
to employ other means of protecting their total network operations,
such as Firewalls, VPNs and packet encryption (IPSec or SSL, for example).
Community Broadband can help to design
and implement a total security solution that best suits your business.
Please contact us for additional information.