Communications & Networks
Wireless security: Do you know where your data is?
May 15, 2007 by Frank Williams
Today’s competitive and global manufacturing climate is driving the deployment of new technologies at an accelerated rate. Growth-oriented businesses recognize that retaining a competitive advantage means understanding and wisely selecting these new technologies, and then deploying them with maximum effect.
Many industrial manufacturing firms are finding compelling reasons to take a hard look at wireless solutions. Wireless technology changes the way that business is conducted and how it’s connected to management, employees, the sales channel, vendors and, most importantly, to its customers. But while the application of wireless technology brings such advantages as lower installation and maintenance costs, faster up time, more system flexibility, and easier scalability, it also presents new challenges to the would-be user, including issues related to secure and reliable communications of corporate and operational data.
Wireless changes everything
For more than 20 years, industrial applications have found value in wireless solutions. Supervisory control and data acquisition (SCADA) systems, such as those used in water and wastewater treatment, as well as oil and gas pipeline applications where the transfer of data can be over many miles, have benefited from wireless technology.
Although wireless is not new to industrial applications, it still carries a certain mystique. Sending corporate data through free-air seems inherently loose to the industrial plant or manufacturing engineer. Rather, seeing point “A” physically connect to point “B” retains a certain comfort level, suggesting a more secure and reliable communications medium.
Wireless does work, and advances in the technology make it robust and inherently more secure for current industrial applications.
Ethernet technology has become the local area network (LAN) protocol of choice for industrial use on the plant floor. The sheer simplicity of wired Ethernet allows easy, reliable and inexpensive deployment. And Ethernet provides a perfect platform for wireless technology. Through the use of an access point – a device that connects wireless communication devices together to form a wireless network – wireless extends the power of a wired Ethernet. Wireless access points present a new paradigm for industrial engineers, allowing them to access operational data when needed, with quick installation times and under more mobile conditions. Adding human machine interface visibility anywhere along the operation no longer requires hard wiring, electricians or system downtime, a very attractive thought to the plant manager on a never-ending quest for productivity gains.
The most common wireless access point uses the 802.11 protocol. However, due to its commercial origins, the developers of 802.11 gave little thought to security, standards or network management.
As wireless access points became more pervasive, would-be users recognized the inherent weakness in Wired Equivalent Privacy (WEP) encrypted 802.11 wireless installs – part of the IEEE 802.11 wireless networking standard. This concern for security is rooted in a fundamental question for industrial use: How secure is a wireless link compared to running wire?
Assessing your wireless security needs
In industrial applications, it is imperative to clearly understand how the system will behave when transferring data throughout the factory or plant. Imagine if a competitor could easily gain access to your plant data. They could model your plant, determine your cost of product, understand unused capacity, recognize the state of your equipment and potentially predict some of your future maintenance needs. Therefore, engineers thinking of applying wireless solutions must understand how to protect the system against hackers, competitors and other perpetrators; how to handle jamming or unwanted messages from getting into the process; and how to protect the application/network from malicious damage (e.g. disgruntled employees).
Determining how secure is secure, defining a hierarchy of access which aligns access privileges with functional uses for each work area, and selecting wireless products to best protect against unauthorized access to system operation, can be daunting.
The fact is, no single wireless solution fits all applications. Application requirements (e.g. distance, data speed, topography, network function) all help to select the correct wireless technology. The balance between the risk and the cost of security must be considered in any protection scheme. Wireless deployment for a small manufacturing firm might only require a minimum level of security, while mission-critical information on a process inside Procter & Gamble demands the highest security available to prevent competitive espionage.
Defining wireless security requires attention to both network and data messaging. SP100 is an emerging standard in industrial automation for wireless devices. It has defined networking security protection against deliberate attack or human error, and data messaging communications against deliberate attacks and eavesdropping. Wireless products that conform to this standard can provide a good base to your wireless security scheme.
Many suppliers of wireless solutions rely on spread spectrum as the only protection. Spread spectrum was developed by the military to inhibit unwanted intrusions by using a frequency-hopping mode of data transmission. Basically, data continually hops across a wide range of frequencies that constantly change in a random sequence. This protection method is a good start, but not good enough. To listen to data, an intruder must know the hopping sequence. It simply forces the perpetrator to use the same model wireless products that they are hacking into, which is not a big hurdle.
Fundamentally, transferring data in a secure wireless manner is divided into two parts – authentication and encryption. Authentication schemes, similar to passwords, verify the user’s identity, ensuring that the identity of a wireless client to an access point is who it says it is and vice versa. This is typically accomplished by passing “keys” and other pre-programmed information known only to the client device and its host back and forth. Encryption involves enabling a certain bit capability established in many wireless devices. Encryption defines the management of these keys that feed into an algorithm to encode or decode the data running over the network. These measures are used to prevent unauthorized “data sniffing.”
Wireless local area networks (WLAN) are common in short-distance data communications within a factory or small plant where normal security precautions are in effect. These devices typically operate in the 2.4 GHz frequency range. Initially, 2.4 GHz 802.11 used media access control (MAC) for authentication and WEP for encryption. However, obvious weakness in the WEP encryption scheme and the openness of the encryption information made this approach an easy target for hackers. The Institute of Electrical and Electronic Engineers task force worked to correct this inherent security flaw and amended the standard, which was adopted in June 2004. Called 802.11i, the standard includes the basic security algorithm defined in the United States government’s official cipher, the Advanced Encryption Standard (AES), also known as Rijndael, and adds stronger encryption, authentication and key management strategies that go a long way toward guaranteeing data and system security.
Are AES and MAC enough? Because no security method is perfect, many wireless manufacturers find value in proprietary security methods or add features that fatigue the intruder such as multiple levels of security. For example, cracking any encryption method requires a large number of encrypted data samples to be collected and processed by the intruder. Wireless products that make the data transmission random, makes this collection process harder. Devices that use exception-reporting protocols elongate this time. The longer it takes, the less likely the intruder will expend the necessary time.
Wireless products using multiple levels of security provide added flexibility. Anyone wanting to steal or inject a wireless message has to overcome various levels of protection. To be successful, the perpetrator has to figure out how all levels work to obtain your wireless data. These security levels cannot be bypassed by using an identical manufacturer’s wireless product.
Multiple levels of protection should include modulation techniques; unique data format structure with added security encryption; network and address validation; the transmission of messages intermittently; and password protection.
For longer distance transmission of wireless data, or to protect the network when outside access is required, the use of a wireless gateway with full firewall protection is necessary. There is little point in securing the wireless data if messages can be fed via an interface device such as a gateway (or wireless access point) unless some form of firewall protection is in effect. Firewalls are core components of network security implementation. They can be standalone hardware solutions or built into the software scheme. Firewall to level protection 7 – the applications layer of the ISO/OSI network model that provides network services to end-users – should be the minimal acceptable for use in industrial applications.
Any worthwhile security scheme should also include protection against jamming techniques. Most frequency hopping is synchronized, so a jamming signal covering a couple of consecutive channels is enough to interrupt the hopping sequence on every hopping cycle, which effectively stops the system from working. Wireless solutions that use non-synchronized frequency-hopping data transmission give a much better performance against this type of attack.
You can’t relax
Security is vital for proper use of wireless technology. As the benefits of wireless become more obvious, greater vigilance must be paid to security. You can’t let your guard down just because you have implemented a security program. Many suppliers of wireless products provide cutting-edge security methods, but one certainty remains: as security technology progresses, hackers and other malicious efforts will continue to evolve in an attempt to crack the code. Choosing an experienced wireless partner and maintaining company-wide security awareness may be the most effective way to confidently gain advantage from wireless technology.
Frank Williams is the vice-president for Elpro Technologies, an industrial wireless solutions provider. Williams earned a BSEE from San Diego State University and has considerable experience in the instrumentation business.