June 24, 2011
When people think of mobile security, they usually think of encryption for their smartphones, tablet computers such as the BlackBerry PlayBook or other wireless devices. Or they think of a remote “wipe” capability that can render any lost device blank of any data if some unauthorized party did in fact try to enter the device illegally. These wireless solutions are all state-of-the-art thinking in the mobile security community. And many wireless equipment OEMs and third-party mobile security providers offer them.
But they only protect the data on the devices. They only protect so-called “data at rest” once it’s been downloaded onto the iPhone or iPad. They don’t speak to the need to cover “data in motion” as it is transmitted over the air. Some parts of the over the air journey are protected by infrastructure in the form of Wi-Fi and GSM. One is notoriously subject to human failing to enable security and the other has been broken for sometime. And then there is wireless security for backhaul. In this area, there has not even been an industry standard or de facto standard established. And most microwave solutions providers don’t even offer options for wireless security on the backhaul.
Fortunately, this is not the case across the board. Strong Security on the Eclipse Packet Node microwave radio platform offers three-way protection for mobile backhaul security: secure management, payload encryption and integrated RADIUS capability. Read the embedded overview document in full-screen mode for more details:
June 10, 2011
TDD, or Time Division Duplex, where a single radio channel is used to send and receive data, has been a common technique employed in unlicensed microwave transmission bands, such as 2.4 and 5.8GHz. The advantage of TDD is a simplified and lower cost design, often based upon 802.11 standards. In contrast, FDD, or Frequency Division Duplex, where data is transmitted in one frequency channel and received in another (separated by anywhere from less than 100 to more than 1,000 MHz) has been the staple of licensed frequency bands between 2 and 38 GHz worldwide.
Now, a number of the CEPT recommendations for the new point to point bands over 40GHz contain provisions for TDD operation. TDD is accommodated either as an alternative band plan or a mixed TDD/FDD band plan, in addition to the more common FDD band plan. However, CEPT recommendations are only just that—recommendations. How these bands will be implemented in each country will be determined by the individual national regulatory authority.
Recently, we asked a number of European national regulators about if and how they would introduce TDD operation in these new bands. The general response was that they were not opposed to the introduction of TDD in principle, and that such operation would have to be worked into existing or revised band plans. One complication raised was that spectrum would have to be reserved for guard bands between TDD and FDD segments within the same band. Regulators usually try to avoid having to waste valuable spectrum in this way. Also, once a band plan is established and the spectrum allocated to users, efforts to introduce TDD operation at a later date is extremely difficult.
Some regulators have already issued new national band plans at 42GHz and above, and to date none of these allow for TDD operation. Furthermore, for countries that have allocated new bands through spectrum auction, there we see the usual FDD style symmetric band approach.
Despite the appeal of TDD operation from a cost perspective, early indications are that although provision for TDD operation is being made in these higher bands, practical complications and concerns over maximizing the use of new bands may prevent its widespread introduction.
What are your thoughts on using TDD more in national band plans? Leave a comment, if you’d please.
Regulatory Manager, Aviat Networks
May 20, 2011
Ethernet OAM (Operations, Administration and Maintenance) can help mobile network operators and other transport providers meet the ever-growing demands for increased bandwidth across the backhaul network as well as meeting the equally important demand for quality and reliability of service.
May 11, 2011
Even though microwave communications have some built-in security-like features such as scrambling, narrow beamwidth, proprietary airframe, coding and other factors, it is not very hard for them to be broken by those with the proper expertise. Some vendors even openly offer digital microwave interception systems for “legitimate” monitoring. This and the growing sophistication and willingness of those attempting to break into wireless networks makes a high level of security for microwave more important than ever.
Historically, security and encryption measures were primarily employed by government or defense agencies or by the financial industry to protect sensitive information. But in today’s connected world the issue of network security can apply to any type of communications network, whether it is fixed, mobile or private.
Is Microwave Ready?
In general, microwave packet radio security is a concern. However, there are different aspects of microwave radio protection that must be considered. The information payload of microwave communications is the most obvious part. For operators that participate in the public switched telephone network (PSTN), the main issue is the security of the communications traffic they are carrying. That would involve both voice and data traffic.
Both popular and scholarly publications have been rife with stories of how easy it has become to tap into mobile calls. For example, the GSM code has been ineffective arguably since a hack was announced in August 2009. With GSM encryption broken, degraded or bypassed, mobile phone calls and text messages can be monitored and diverted by snooping parties. This can happen even before they get to the basestation. The BBC recently demonstrated GSM hacking in an online video.
Once calls and messages are in the mobile backhaul network, in many cases, no encryption is applied at all—not even the broken GSM code. In the past, hackers would have had to buy or by some other means obtain radio equipment identical to that they wanted to take over illegally. This was not an obstacle for those intent on industrial or governmental espionage, but it put it beyond the means of the run-of-the-mill hacker who has become familiar since the mid-1990s. Even if the hacking was not beyond the average hacker’s technical capabilities, it was beyond his economic capabilities. Now commercially available microwave monitoring equipment can be employed to pick out communications channels, to listen and record all conversation and ambient noises for up to 72 hours. One research firm also demonstrated how cell towers can be spoofed to intercept communications.
Another aspect of microwave security encompasses how secure is the management of the network. Even if the payload of a microwave backhaul network is secure, the management may not be, allowing hackers or others with malevolent motives to drop or kill traffic. Unsecure management channels can allow them to create mismatched frequency settings between radio pairs, reconfigure circuitry or reroute payload traffic to another radio if a cross-connect is present. For example, there was an instance where unauthorized users took control of a motorized antenna and repeatedly sent instructions for the motor to adjust the position of the antenna, eventually draining the batteries for the entire site, rendering it “dead.” However, with the shift to the all IP/Ethernet network of the future, hackers are finding ways to wreak havoc on backhaul networks from their desktop PCs, smartphones and other powerful mobile computing devices.
Access control of the microwave network is also a cause for concern. It is critical that only authorized personnel are allowed to log onto the administration of a microwave backhaul network. Like many computer-based systems, microwave radios are set up with some basic logon access procedures. Oftentimes, the logon screen will not look very dissimilar from the typical Windows or Macintosh workstation. There will be a dialog box for a username and a password. However, unlike the typical desktop computer, a microwave radio’s graphical user interface is not logged onto that much. Therefore, as per human nature, their usernames and passwords become all too predictable. “Root” and “admin” and “123456” and “password” were very popular as usernames and passwords, respectively, according to one security study. A “mechanized” or “dictionary” attack can randomly generate username-and-password combinations and succeed in unlawfully logging onto a radio on this premise: that the logon will be subject to people being creatures of habit. Thus, there must be a way for microwave network administration to enforce a hard-to-guess username/password security policy.
Another aspect to access control is the issue of the level of control. It is also essential to control what each legitimate user is allowed to perform once logged in—to prevent voluntary and involuntary damaging actions. Not only must users be limited to their area of responsibility and knowledge and avoid involuntary commands that could damage the network but also reserve critical activity for designated key personnel (e.g., cryptography officers).
Would my Radio Network be Secure?
Given the security issues around microwave payload, management and access control, many questions have been raised. Would my microwave radio network be safe from intrusion? What would be the impact of breached calls or text messages? There could always be potential for a Greece type of incident. More importantly, the proactive questions to ask about microwave network security include:
We’ll examine these questions more in future posts. Or see our white paper.
April 29, 2011
April 6, 2011
The beauty of IEEE 1588v2 (i.e., Precision Time Protocol) synchronization is that it is a bookended solution. In theory, there is no need to worry about what is in between or underneath—from a Layer 1 transport perspective. While in principle this is accurate, there are a couple “unique” aspects of running 1588v2 over a microwave network that should be carefully considered in your deployment plans.
First, the infamous “last mile” is in reality typically many miles across multiple microwave radio hops—which may consist of a mix of linear, ring and hub-and-spoke configurations. Unfortunately, more hops introduce more packet transmission delay and delay variation over the backhaul—a potentially lethal mix for sync transport—the amount of which is proportional to the number of microwave hops. Careful design and engineering are required. On a bright note, Aviat Networks and Symmetricom recently validated <1.5ms delay could be achieved across 10 hops—well within the requirements for mobile backhaul.
Second, most advanced microwave systems now support Adaptive Coding and Modulation (ACM), a key benefit for microwave transport that allows the effective throughput of the microwave link to be dynamically changed to accommodate for radio path fading, typically due to changes in the weather. If bandwidth is reduced as a result of an ACM change, it is critical that advanced traffic and QoS management techniques be applied in the microwave systems to ensure that 1588v2 traffic (packets carrying timestamps) are given the highest/strict priority for transmission, and are not subject to delay or discard. On a brighter note, Aviat Networks and Symmetricom recently validated that 1588v2 could operate over a highly loaded (approaching 100 percent) microwave network running ACM.
In a nutshell, there are some unique considerations for running 1588v2 over microwave – but the outcome can be predictably bright with proper engineering.
Check out the Aviat Networks application note for more information on the Aviat Networks/Symmetricom partnership and 1588v2 network synchronization over microwave backhaul.
Senior Solutions Marketing Manager, Aviat Networks
March 30, 2011
Based on microwave Total Cost of Ownership (TCO) model posted earlier, the most significant contributor to total cost is ongoing OPEX.
We see an increasing trend of operators making decisions on backhaul solution based mostly (sometimes solely) on price (or initial CAPEX). While initial CAPEX is important, if the goal is lowest cost, this can be problematic approach as initial CAPEX it is not the most significant contributor to total cost. Ongoing OPEX is key.
Perhaps a better approach would be to focus on features most impacting lowering total costs. For instance, adaptive coding and modulation can lower antenna sizes – which can reasonably reduce 10 year TCO by as much as $48,000 (which is 2-3x more than initial CAPEX). Deploying ring architectures with high layer (L2/L3 or packet-based) failure recovery techniques can enable lower per hop reliability and smaller antennas – further lowering costs.
Product Marketing, Aviat Networks
March 16, 2011
When choosing the right backhaul technology, total cost of a microwave system is a critical, often overlooked, consideration. TCO is not widely understood today. Lack of understanding of microwave TCO can lead to poor decisions about choice in backhaul technology and obscure the relative importance of features. Features that lower critical components of TCO are often not given enough attention.
A summary of a TCO model for a mobile operator in North America is shown below. Clearly, ongoing OPEX resulting from tower leases represent largest contributor to total cost. These lease costs include tower space for antennas and cable runs, shelter/cabinet space and power, and ongoing move/add/change fees regularly paid to tower companies. The largest portion of this tower lease is related to the antenna size. Microwave products and features that enable smaller antennas sizes, less indoor space, and fewer cables are most important for operators.
*Note: for private network applications (like state/local governments, public safety organizations, and utilities) who generally own towers, initial CAPEX is often higher, leading to an overall reduction in ongoing OPEX and TCO.
Make sure to check back next week for post #2 ” How Important is Initial CAPEX?” where I breakdown the true costs of initial and ongoing CAPEX.
Product Marketing, Aviat Networks