Beware of chinks in wireless links

Any decision to use a wireless link is a decision to radiate information-bearing energy in a form that can be detected at a distance.

Any decision to use a wireless link is a decision to radiate information-bearing energy in a form that can be detected at a distance. Regardless of any promise to ensure security, privacy or reliability, all wireless links take the risks that come with that choice.

Users may intend only to link devices that are under their personal control, perhaps with Bluetooth hardware. They may intend to choose the other end point of a wireless link, as in a cellular telephone conversation. They may intend to interact with several shared resources, as on a wireless network using IEEE 802.11 protocols. They may even hope that unknown parties are monitoring their signals and are willing to respond, as when they put out a call for help on the road.

Each of these wireless modes resembles some familiar wired service, ranging from simple cables and conventional telephones to Internet chat rooms and newsgroups—but users can be betrayed by the assumptions, conscious or not, that they make based on such a resemblance. Cellular telephone users, for example, were slow to realize how easy it is to monitor conversations on first- generation analog systems.

To meet users varying needs, hardware and application developers must choose from among many options to optimize a wireless service.

One brute-force approach to wireless security is to limit stray radiation, for example, of point-to-point laser or microwave links. With very short wavelengths (nanometers for light, millimeters for microwaves), it makes sense to build antennas, whether electrical or optical, that span a large number of wavelengths. The larger the antenna, as measured in wavelengths, the more narrowly it can focus signals, both transmitted and received; this is why even portable optical telescopes can separate the side-by-side pinpoints of double stars, while radio telescopes, though far less precise, are the size of a house.

Highly directional antennas suppress signal interference from undesired directions, in addition to reducing the signal energy thats available to unintended recipients. As the electromagnetic environment grows more crowded with users, not to mention the incidental radiation of other electronic devices, antenna technology is a strong defense against both deliberate and accidental denial of service.

Public detectives

But laser and microwave transmissions, which are easily blocked by buildings or other objects, arent practical for mobile and portable service; nor do directional antennas, with their unwieldy size and need for constant reorientation, fit mobile users needs. Omnidirectional antennas and centimeter-wavelength UHF signals (300MHz to 3,000MHz) are more accessible, not only to users but also to a wide range of monitoring technologies.

Theres already a well-established network of UHF listeners, ranging from amateur radio astronomers to commercial photographers who monitor police and fire reports. This population of buyers supports a mass-market infrastructure. On this past Christmas Eve, a seven-member robbery gang in Texas monitored police activity with scanners that they had stolen from a Radio Shack store. Equipment makers and resellers wink at U.S. laws that ban the sale of radio receivers for cellular telephone wavelengths—such equipment is available in other countries, including Canada.

Spread-spectrum techniques impede interception, whether by hopping across many channels, a la Bluetooth, or by spreading signal energy across a broad swath at low, hard-to-detect power density, a la 802.11. But a narrow-beam antenna aimed at a specific location can capture energy over a bandwidth equal to that of the spread-spectrum modulation scheme in use, recording and later isolating the desired signal with subsequent processing.

The power of Pentium-class PCs makes them a strong foundation for integrated scanning and processing systems, such as those from WinRadio Communications, whose MS-8006 integrates six programmable receivers with a high degree of automatic control.

With the signal layer inherently at risk, application developers must understand and use protocol layers (for example, Bluetooths multilevel encryption) and continue to follow sound practices in devising access policy, deploying and managing password or biometric authentication, and monitoring their systems to detect patterns suggesting unauthorized use.

The price of wireless liberty is eternal vigilance.