• June 24, 2011

Mobile Security Requires More Than Secure Wireless Devices

Person with PDA handheld device.

Image via Wikipedia

When people think of mobile security, they usually think of encryption for their smartphones, tablet computers such as the BlackBerry PlayBook or other wireless devices. Or they think of a remote “wipe” capability that can render any lost device blank of any data if some unauthorized party did in fact try to enter the device illegally. These wireless solutions are all state-of-the-art thinking in the mobile security community. And many wireless equipment OEMs and third-party mobile security providers offer them.

But they only protect the data on the devices. They only protect so-called “data at rest” once it’s been downloaded onto the iPhone or iPad. They don’t speak to the need to cover “data in motion” as it is transmitted over the air. Some parts of the over the air journey are protected by infrastructure in the form of Wi-Fi and GSM. One is notoriously subject to human failing to enable security and the other has been broken for sometime. And then there is wireless security for backhaul. In this area, there has not even been an industry standard or de facto standard established. And most microwave solutions providers don’t even offer options for wireless security on the backhaul.

Fortunately, this is not the case across the board. Strong Security on the Eclipse Packet Node microwave radio platform offers three-way protection for mobile backhaul security: secure management, payload encryption and integrated RADIUS capability. Read the embedded overview document in full-screen mode for more details:

  • June 10, 2011

TDD or FDD Wireless: That is the Question!

Image via Wikipedia

TDD, or Time Division Duplex, where a single radio channel is used to send and receive data, has been a common technique employed in unlicensed microwave transmission bands, such as 2.4 and 5.8GHz. The advantage of TDD is a simplified and lower cost design, often based upon 802.11 standards. In contrast, FDD, or Frequency Division Duplex, where data is transmitted in one frequency channel and received in another (separated by anywhere from less than 100 to more than 1,000 MHz) has been the staple of licensed frequency bands between 2 and 38 GHz worldwide.

Now, a number of the CEPT recommendations for the new point to point bands over 40GHz contain provisions for TDD operation. TDD is accommodated either as an alternative band plan or a mixed TDD/FDD band plan, in addition to the more common FDD band plan. However, CEPT recommendations are only just that—recommendations. How these bands will be implemented in each country will be determined by the individual national regulatory authority.

Recently, we asked a number of European national regulators about if and how they would introduce TDD operation in these new bands. The general response was that they were not opposed to the introduction of TDD in principle, and that such operation would have to be worked into existing or revised band plans. One complication raised was that spectrum would have to be reserved for guard bands between TDD and FDD segments within the same band. Regulators usually try to avoid having to waste valuable spectrum in this way. Also, once a band plan is established and the spectrum allocated to users, efforts to introduce TDD operation at a later date is extremely difficult.

Some regulators have already issued new national band plans at 42GHz and above, and to date none of these allow for TDD operation. Furthermore, for countries that have allocated new bands through spectrum auction, there we see the usual FDD style symmetric band approach.

Despite the appeal of TDD operation from a cost perspective, early indications are that although provision for TDD operation is being made in these higher bands, practical complications and concerns over maximizing the use of new bands may prevent its widespread introduction.

What are your thoughts on using TDD more in national band plans? Leave a comment, if you’d please.

Ian Marshall
Regulatory Manager, Aviat Networks

Related articles
  • May 13, 2011

Comprehensive Embedded Security in Microwave (Wireless) Networks

The current and ongoing migration toward IP networking on backhaul networks supports rising data volumes, which is increasing the opportunities and motivations for data and call interception. As data volumes rise in wireless networks and their associated microwave backhaul, security has become of greater concern.

This white paper presents a look at security issues, and the broad portfolio of solutions for remediating such concerns for microwave operators.

  • May 11, 2011

Security Focus as Wireless Traffic Rises, Mobiles Get More Powerful

Even though microwave communications have some built-in security-like features such as scrambling, narrow beamwidth, proprietary airframe, coding and other factors, it is not very hard for them to be broken by those with the proper expertise. Some vendors even openly offer digital microwave interception systems for “legitimate” monitoring. This and the growing sophistication and willingness of those attempting to break into wireless networks makes a high level of security for microwave more important than ever.

Historically, security and encryption measures were primarily employed by government or defense agencies or by the financial industry to protect sensitive information. But in today’s connected world the issue of network security can apply to any type of communications network, whether it is fixed, mobile or private.

Is Microwave Ready?

In general, microwave packet radio security is a concern. However, there are different aspects of microwave radio protection that must be considered. The information payload of microwave communications is the most obvious part. For operators that participate in the public switched telephone network (PSTN), the main issue is the security of the communications traffic they are carrying. That would involve both voice and data traffic.

Payload Security

Both popular and scholarly publications have been rife with stories of how easy it has become to tap into mobile calls. For example, the GSM code has been ineffective arguably since a hack was announced in August 2009. With GSM encryption broken, degraded or bypassed, mobile phone calls and text messages can be monitored and diverted by snooping parties. This can happen even before they get to the basestation. The BBC recently demonstrated GSM hacking in an online video.

Once calls and messages are in the mobile backhaul network, in many cases, no encryption is applied at all—not even the broken GSM code. In the past, hackers would have had to buy or by some other means obtain radio equipment identical to that they wanted to take over illegally. This was not an obstacle for those intent on industrial or governmental espionage, but it put it beyond the means of the run-of-the-mill hacker who has become familiar since the mid-1990s. Even if the hacking was not beyond the average hacker’s technical capabilities, it was beyond his economic capabilities. Now commercially available microwave monitoring equipment can be employed to pick out communications channels, to listen and record all conversation and ambient noises for up to 72 hours. One research firm also demonstrated how cell towers can be spoofed to intercept communications.

Secure Management

Another aspect of microwave security encompasses how secure is the management of the network. Even if the payload of a microwave backhaul network is secure, the management may not be, allowing hackers or others with malevolent motives to drop or kill traffic. Unsecure management channels can allow them to create mismatched frequency settings between radio pairs, reconfigure circuitry or reroute payload traffic to another radio if a cross-connect is present. For example, there was an instance where unauthorized users took control of a motorized antenna and repeatedly sent instructions for the motor to adjust the position of the antenna, eventually draining the batteries for the entire site, rendering it “dead.” However, with the shift to the all IP/Ethernet network of the future, hackers are finding ways to wreak havoc on backhaul networks from their desktop PCs, smartphones and other powerful mobile computing devices.

Access Control

Access control of the microwave network is also a cause for concern. It is critical that only authorized personnel are allowed to log onto the administration of a microwave backhaul network. Like many computer-based systems, microwave radios are set up with some basic logon access procedures. Oftentimes, the logon screen will not look very dissimilar from the typical Windows or Macintosh workstation. There will be a dialog box for a username and a password. However, unlike the typical desktop computer, a microwave radio’s graphical user interface is not logged onto that much. Therefore, as per human nature, their usernames and passwords become all too predictable. “Root” and “admin” and “123456” and “password” were very popular as usernames and passwords, respectively, according to one security study. A “mechanized” or “dictionary” attack can randomly generate username-and-password combinations and succeed in unlawfully logging onto a radio on this premise: that the logon will be subject to people being creatures of habit. Thus, there must be a way for microwave network administration to enforce a hard-to-guess username/password security policy.

Another aspect to access control is the issue of the level of control. It is also essential to control what each legitimate user is allowed to perform once logged in—to prevent voluntary and involuntary damaging actions. Not only must users be limited to their area of responsibility and knowledge and avoid involuntary commands that could damage the network but also reserve critical activity for designated key personnel (e.g., cryptography officers).

Would my Radio Network be Secure?

Given the security issues around microwave payload, management and access control, many questions have been raised. Would my microwave radio network be safe from intrusion? What would be the impact of breached calls or text messages? There could always be potential for a Greece type of incident. More importantly, the proactive questions to ask about microwave network security include:

  • Who does need a high level of security?
  • What comprises the high level of security necessary to protect my microwave backhaul?
  • What precautions will a high level of security invoke to protect my network?
  • How is this high level of security implemented?
  • What are the options for high-level security?
  • How do I get a high level of security for my network?
  • Is this high-level security solution standards-based?
  • What type of threats does my high-level security solution need to protect against?

We’ll examine these questions more in future posts. Or see our white paper.

  • April 15, 2011

White Paper-Deploying IEEE 1588v2 Synchronization over Packet Microwave Networks

Joint Application Note with Symmetricom and Aviat Networks.

Mobile Backhaul Networks are evolving to packet, driven by 4G evolution, requiring high data and video traffic and growing number of apps, users, smartphones and tablet devices. 1588v2 microwave are a perfect match for Mobile Backhaul evolution. Paper covers 1588v2 overview, unique considerations for microwave and typical deployment scenarios (multi-hop, ring).

  • April 6, 2011

What’s So Different About IEEE 1588v2 Sync Over Microwave Backhaul?

The beauty of IEEE 1588v2 (i.e., Precision Time Protocol) synchronization is that it is a bookended solution. In theory, there is no need to worry about what is in between or underneath—from a Layer 1 transport perspective. While in principle this is accurate, there are a couple “unique” aspects of running 1588v2 over a microwave network that should be carefully considered in your deployment plans.

First, the infamous “last mile” is in reality typically many miles across multiple microwave radio hops—which may consist of a mix of linear, ring and hub-and-spoke configurations. Unfortunately, more hops introduce more packet transmission delay and delay variation over the backhaul—a potentially lethal mix for sync transport—the amount of which is proportional to the number of microwave hops. Careful design and engineering are required. On a bright note, Aviat Networks and Symmetricom recently validated <1.5ms delay could be achieved across 10 hops—well within the requirements for mobile backhaul.

Second, most advanced microwave systems now support Adaptive Coding and Modulation (ACM), a key benefit for microwave transport that allows the effective throughput of the microwave link to be dynamically changed to accommodate for radio path fading, typically due to changes in the weather. If bandwidth is reduced as a result of an ACM change, it is critical that advanced traffic and QoS management techniques be applied in the microwave systems to ensure that 1588v2 traffic (packets carrying timestamps) are given the highest/strict priority for transmission, and are not subject to delay or discard. On a brighter note, Aviat Networks and Symmetricom recently validated that 1588v2 could operate over a highly loaded (approaching 100 percent) microwave network running ACM.

In a nutshell, there are some unique considerations for running 1588v2 over microwave – but the outcome can be predictably bright with proper engineering.

Check out the Aviat Networks application note for more information on the Aviat Networks/Symmetricom partnership and 1588v2 network synchronization over microwave backhaul.

Errol Binda

Senior Solutions Marketing Manager, Aviat Networks

  • March 30, 2011

Microwave Backhaul Total Cost of Ownership (TCO) pt. 2

How Important is Initial CAPEX?

Are we seeing the forest or the trees?

Based on microwave Total Cost of Ownership (TCO) model posted earlier, the most significant contributor to total cost is ongoing OPEX.

We see an increasing trend of operators making decisions on backhaul solution based mostly (sometimes solely) on price (or initial CAPEX). While initial CAPEX is important, if the goal is lowest cost, this can be problematic approach as initial CAPEX it is not the most significant contributor to total cost.  Ongoing OPEX is key.

Perhaps a better approach would be to focus on features most impacting lowering total costs.  For instance, adaptive coding and modulation can lower antenna sizes – which can reasonably reduce 10 year TCO by as much as $48,000 (which is 2-3x more than initial CAPEX).  Deploying ring architectures with high layer (L2/L3 or packet-based) failure recovery techniques can enable lower per hop reliability and smaller antennas – further lowering costs.

Microwave Backhaul Total Cost of Ownership (TCO) pt. 2

Microwave Backhaul Total Cost of Ownership

Gary Croke

Product Marketing, Aviat Networks

  • March 16, 2011

Microwave Total Cost of Ownership (TCO) Pt. 1

When choosing the right backhaul technology, total cost of a microwave system is a critical, often overlooked, consideration. TCO is not widely understood today. Lack of understanding of microwave TCO can lead to poor decisions about choice in backhaul technology and obscure the relative importance of features. Features that lower critical components of TCO are often not given enough attention.

A summary of a TCO model for a mobile operator in North America is shown below. Clearly, ongoing OPEX resulting from tower leases represent largest contributor to total cost.  These lease costs include tower space for antennas and cable runs, shelter/cabinet space and power, and ongoing move/add/change fees regularly paid to tower companies. The largest portion of this tower lease is related to the antenna size. Microwave products and features that enable smaller antennas sizes, less indoor space, and fewer cables are most important for operators.

Microwave Total Cost of Ownership (TCO) Pt. 1

10 Year Microwave Total Cost of Ownership

*Note: for private network applications (like state/local governments, public safety organizations, and utilities) who generally own towers, initial CAPEX is often higher, leading to an overall reduction in ongoing OPEX and TCO.

Make sure to check back next week for post #2 ” How Important is Initial CAPEX?” where I breakdown the true costs of initial and ongoing CAPEX.

Gary Croke

Product Marketing, Aviat Networks

  • February 15, 2011

Wireless Backhaul Solutions Everywhere in Barcelona

I must have counted nearly 30 vendors during the opening day at Mobile World Congress this year who are promoting some form of wireless backhaul solution. It seems like instead of consolidating the market it continues to expand and fragment like never before. Ten or 15 years ago I thought that the market could not support 20 vendors, but now things are hotter than ever.

There are the big guys (Ericsson, NSN, Huawei, Alcatel Lucent and NEC), the independent point-to-point (PTP) microwave providers like Ceragon (newly merged with Nera) and SIAE from Italy (part of the STM Group), to a myriad of small guys from all over the world. And then there are the other wanna-be backhaul solutions, like point-to-multipoint (PMP), free space optics (FSO), mesh, E-Band, etc.

There are also a slew of new products announced and on display (including two from Aviat Networks), including Ericsson, Ceragon, Trango, Comba and NEC. A lot of these new products are IP based and primarily all-outdoor, reflecting the ongoing trend in the industry for ‘zero footprint’, packet microwave systems for new 4G/LTE base station deployments.

With all of these players and products coming to market each year at Mobile World Congress it’s a must see event and I can’t wait for the next few days to unfold.

Stuart Little,
Director of Marketing, Aviat Networks

  • January 26, 2011

Welcome to the Wireless Transmission Blog

Here at Aviat Networks we are focused on everything that is wireless transmission. With so much happening in the wireless industry, we wanted to join in the conversation and share our experiences and insights on the trends, technology, and business.

If you are reading this inaugural blog post it is likely we have a lot in common. While the main purpose of this blog is to talk about wireless transmission, we will also cover topics such as network evolution, software usability, services, and more.

Our initial blog posts will cover topics leading up to Mobile World Congress 2011. Over the course of the next three weeks, we will offer timely coverage and video excerpts from the show to keep you up-to-speed on the latest and greatest.

We encourage you to be part of the conversation since just hearing from us would be like having a conversation with ourselves. New viewpoints and constructive feedback are always welcome and we looking forward to hearing from you!

The Aviat Networks Team

Subscribe to our newsletter