Home About Us Services Shop Online Contact Us
Internet Access
Dedicated Access
Wireless
IP-VPN Services
Hosting Services
Knowledgebase
Databases
News
Shop Online

What kinds of wireless data networks are there?

Wireless data networks exist in such number and variety as to be difficult to categorize and compare.

Some wireless data networks run over wireless voice networks, such as mobile telephone networks. CPDP, HSCSD, PDC-P, and GPRS are examples. Other wireless networks run on their own physical layer networks, utilizing anything from antennas built into handlheld devices to large antennas mounted on towers. 802.11, LMDS, and MMDS are examples. A few wireless networks are intended only to connect small devices over short distances. Bluetooth is an example.

Wireless networks which run over other wireless networks often utilize the lower layer networks to provide security and encryption. Stand-alone wireless networks either provide their own security and encryption features or rely upon VPN's (Virtual Private Networks) to provide those features. In many cases, multiple layers of security and encryption may be desirable.

Some wireless networks are fixed, meaning that antennas do not move frequently. Other wireless networks are mobile, meaning that the antenna can move constantly. This is often a feature of the specific implementation and antenna design, instead of an inherent limitation of the wireless network specification.

Wireless networks may operate on licensed or unlicensed portions of the frequency spectrum.

CDPD Cellular Digital Packet Data
HSCSD High Speed Circuit Switched Data
PDC-P Packet Data Cellular
GPRS General Packet Radio Service
1xRTT 1x Radio Transmission Technology
Bluetooth Bluetooth
IrDA Infrared
LMDS Local Multipoint Distribution Service
MMDS Multichannel Multipoint Distribution Service
802.11 Wi-Fi


What is CDPD (Cellular Digital Packet Data)?
CDPD (Cellular Digital Packet Data) is a specification for supporting wireless access to the Internet and other public packet-switched networks over callular telephone networks. CDPD supports TCP/IP and Connectionless Network Protocol (CLNP). CDPD utilizes the RC4 stream cipher with 40 bit keys for encryption.

CDPD is defined in the IS-732 standard.

CDPD modems are manufactured by companies such as Sierra Wireless, Novatel, and AirCard.

Many wireless ISP's support CDPD modems, including Airlink, Alltel, AT&T Wireless Services, Earthlink Wireless, Globicom Wireless, Telus Mobility, and Verizon Wireless.


Fixed/Mobile Mobile
Circuit/Packet Packet (A circuit switched variant, CS-CDPD, does exist.)
Max Bandwidth 19.2Kbps
Range Coverage area of host network
Frequency Frequency of host network
Host Network Network Cellular
Definer CTIA (Cellular Telecommunications and Internet Association)
URL http://www.wow-com.com/
Back to Top


What is HSCSD (High Speed Circuit Switched Data)?
HSCSD (High Speed Circuit Switched Data) is a specification for data transfer over GSM networks. HSCSD utilizes up to four 9.6Kb or 14.4Kb time slots, for a total bandwidth of 38.4Kb or 57.6Kb.

14.4Kb time slots are only available on GSM networks that operate at 1,800Mhz. 900Mhz GSM networks are limited to 9.6Kb time slots. Therefore, HSCSD is limited to 38.4Kbps on 900Mhz GSM networks. HSCSD can nly achieve 57.6Kbps on 1,800Mhz GSM networks.

EDGE (Enhanced Data-Rates for GSM Evolution) enabled GSM networks are able to implement ECSD (Enhanced Circuit Switched Data), an enhanced version of HSCSD. ECSD increases the bandwidth of each timeslot to 48Kb and allows the use of eight timeslots, which gives a total transmission speed of 384Kbps.

Because HSCSD is a circuit-switched technology, it is less efficient with expensive wireless links than GPRS, which is a packet-switched technology. Due to this, HSCSD is not as widespread as GPRS. Both HSCSD/ECSD and GPRS are likely to eventually be phased out in favor of UMTS, which is a packet switched technology with speeds up to 2Mbps.


Fixed/Mobile Mobile
Circuit/Packet Circuit
Max Bandwidth 57.6Kbs
Range Coverage area of host network
Frequency Frequency of host network
Host Network GSM
Definer ETSI (European Telecommunications Standards Institute)
URL http://www.etsi.org
Back to Top 


What is PDC-P (Packet Data Cellular)?
PDC-P (Packet Data Cellular) is a packet switching message system utilized by NTT DoCoMo in Japan. PDC-P utilizes up to three 9.6Kb TDMA channels, for a total maximum bandwidth of 28.8Kb.


Fixed/Mobile Mobile
Circuit/Packet Packet
Max Bandwidth 28.8Kbs
Range Coverage area of host network
Frequency Frequency of host network
Host Network NTT DoCoMo i-mode
Definer NTT DoCoMo
URL

http://www.nttdocomo.com

Back to Top 


What is GPRS (General Packet Radio Service)?
GPRS (General Packet Radio Service) is a specification for data transfer on TDMA and GSM networks. GPRS utilizes up to eight 9.05Kb or 13.4Kb TDMA timeslots, for a total bandwidth of 72.4Kb or 107.2Kb. GPRS supports both TCP/IP and X.25 communications.

EDGE (Enhanced Data-Rates for GSM Evolution) enabled GSM networks are able to implement EGPRS (Enhanced General Packet Radio Service), an enhanced version of GPRS. EGPRS increases the bandwidth of each timeslot to 60Kb.

For more information on GPRS security, read GSM and GPRS Security by Chengyuan Pen.


Fixed/Mobile Mobile
Circuit/Packet Packet
Max Bandwidth 107.2Kbs
Range Coverage area of host network
Frequency Frequency of host network
Host Network TDMA, GSM
Definer ETSI (European Telecommunications Standards Institute)
URL

http://www.etsi.org

Back to Top 


What is CDMA-2000 1xRTT?

CDMA-2000 1xRTT is a 3G wireless technology based on the CDMA platform. The 1x in 1xRTT refers to 1x the number of 1.25MHz channels. The RTT in 1xRTT stands for Radio Transmission Technology.

CDMA-2000 1xRTT was developed by Qualcomm.

CDMA-2000 1xRTT is a CDMA version of the IMT-2000 standard developed by the International Telecommunication Union (ITU).

A planned enhancement to 1xRTT, 1xRTT Release A, will double data rates to 288 Kb. Another enhancement to 1xRTT, 3xRTT, is in development.

For more information on CDMA-2000 1xRTT security, read CDMA 1xRTT Security Overview.

Sprint and Verizon operate CDMA-2000 1xRTT services in the United States.

A directory of CDMA-2000 1xRTT devices is available at the CDG web site.

CDMA-2000 1xRTT is also referred to as 3G1X and IMT-CDMA Multi-Carrier. CDMA-2000 1xRTT is part of the IS-2000 CDMA standard.


Fixed/Mobile

Mobile

Circuit/Packet

Packet

Max Bandwidth

114Kbps

Range

Coverage area of host network

Frequency

Frequency of host network

Host Network

CDMA

Definer

CDG (CDMA Development Group)

URL

http://www.cdg.org


Back to Top 


What is Bluetooth?

Bluetooth is a specification for short distance wireless communication between two devices. Bluetooth security is based upon device authentication, not user authentication. Each device is either trusted or untrusted. Bluetooth devices are identified by unique 48-bit identifiers, much like Ethernet MAC addresses.

Bluetooth weakness include:

• The Bluetooth challenge-response key generation is weak. This scheme may use a static number or a number for a period of time, which can reduce the effectiveness of the authentication.
• Bluetooth's challenge-response is simplistic. A one-way challenge for authentication is susceptible to man-in-the-middle attacks. Mutual authentication via user verification should be used.
• The keys used by Bluetooth are weak. The initialization key needs to be more robust and the unit key is a public-generated key that can be reused. A set of keys should be used instead.
• The master key is shared between Bluetooth connections. This key is a broadcast and should have a better scheme than what is used.
• The encryption algorithm scheme utilized in Bluetooth uses a single algorithm and allows repeat authentication. A more robust method that limits authentication and increases the encryption should be used.
• Bluetooth implementations normally limit the PIN number range. A PIN number is usually only four digits and the scalability for large environments is difficult.

For more information on Bluetooth security, refer to the Bluetooth Security Overview by Haihui Huang, Bluetooth Protocol and Security Architecture Review by Korak Dasgupta, or Overview of Ad Hoc and Bluetooth Networks.


Fixed/Mobile

Mobile

Circuit/Packet

Both

Max Bandwidth

1Mbps

Range

10 Meters

Frequency

2.4Ghz-2.483.5Ghz (U.S. and Europe)

Host Network

None

Definer

Bluetooth SIG

URL

http://www.bluetooth.org


Back to Top 


What is IrDA?
IrDA defines a standard for an interoperable universal two way cordless infrared light transmission data port.

IrDA is utilized for high speed short range, line of sight, point-to-point cordless data transfer - suitable for HPCs, digital cameras, handheld data collection devices, etc...

The IrDA standards does not specify any security measures.


Fixed/Mobile Mobile
Circuit/Packet Point to Point
Max Bandwidth 16Mbps
Range 1 Meter
Frequency Infrared
Host Network None
Definer The Infrared Data Association
URL

http://www.irda.org


Back to Top


What is LMDS (Local Multipoint Distribution Service)?
LMDS (Local Multipoint Distribution Service) is a broadband wireless point-to-multipoint specification utilizing microwave communications. LMDS operates on FCC licensed frequencies. The FCC divided the United States into 493 BTA's (Basic Trading Areas) and auctioned the rights to transmit on the LMDS bands in each of those areas to LMDS service providers. Each BTA is licensed to two LMDS service providers. The LMDS bandplan is available from the FCC at http://wireless.fcc.gov/auctions/data/bandplans/lmds.pdf.

LMDS and MMDS have adapted the DOCSIS (Data Over Cable Service Inferface Specification) from the cable modem world. The version of DOCSIS modified for wireless broadband is known as DOCSIS+.

Data-transport security is accomplished under LMDS by encrypting traffic flows between the broadband wireless modem and the WMTS (Wireless Modem Termination System) located in the base station of the providers network using Triple DES.

DOCSIS+ reduces theft-of-service vulnerabilities under LMDS by requiring that the WMTS enforce encryption, and by employing an authenticated client/server key-management protocol in which the WMTS controls distribution of keying material to broadband wireless modems.

LMDS and MMDS wireless modems utilize the DOCSIS+ key-management protocol to obtain authorization and traffic encryption material from a WMTS, and to support periodic reauthorization and key refresh. The key-management protocol uses X.509 digital certificates, RSA public key encryption, and Triple DES encryption to secure key exchanges between the wireless modem and the WMTS.

LMDS may be obsoleted by the newer 802.16 WiMAX standard which is due in 2004.


Fixed/Mobile Fixed
Circuit/Packet N/A
Max Bandwidth 1.5Mbps downstream, 200Mbps upstream
Range 4 Miles
Frequency  27.5Ghz-28.35Ghz, 29.1Ghz-29.25Ghz, 31.075Ghz-31.225Ghz
Host Network None
Definer IEEE (Institute of Electrical and Electronic Engineers
URL

http://grouper.ieee.org/groups/802/16/


Back to Top


What is MMDS (Multichannel Multipoint Distribution Service)?
MMDS (Multichannel Multipoint Distribution Service) is a broadband wireless point-to-multipoint specification utilizing UHF (Ultra High Frequency) communications. MMDS operates on FCC licensed frequencies. The FCC divided the United States into BTA's (Basic Trading Areas) and auctioned the rights to transmit on the MMDS bands in each of those areas to MMDS service providers. The MMDS bandplan is available from the FCC at http://wireless.fcc.gov/auctions/data/bandplans/mdsband.pdf.

LMDS and MMDS have adapted the DOCSIS (Data Over Cable Service Inferface Specification) from the cable modem world. The version of DOCSIS modified for wireless broadband is known as DOCSIS+.

Data-transport security is accomplished under MMDS by encrypting traffic flows between the broadband wireless modem and the WMTS (Wireless Modem Termination System) located in the base station of the providers network using Triple DES.

DOCSIS+ reduces theft-of-service vulnerabilities under MMDS by requiring that the WMTS enforce encryption, and by employing an authenticated client/server key-management protocol in which the WMTS controls distribution of keying material to broadband wireless modems.

LMDS and MMDS wireless modems utilize the DOCSIS+ key-management protocol to obtain authorization and traffic encryption material from a WMTS, and to support periodic reauthorization and key refresh. The key-management protocol uses X.509 digital certificates, RSA public key encryption, and Triple DES encryption to secure key exchanges between the wireless modem and the WMTS.

MMDS provides significantly greater range than LMDS.

MMDS may be obsoleted by the newer 802.16 WiMAX standard which is due in 2004.

MMDS is sometimes expanded to Multipoint Microwave Distribution System or Multi-channel Multi-point Distribution System. All three phrases refer to the same technology.


Fixed/Mobile Fixed
Circuit/Packet N/A
Max Bandwidth 10Mbps
Range 70 Miles
Frequency 2.5Ghz-2.686Ghz
Host Network None
Definer IEEE (Institute of Electrical and Electronic Engineers
URL

http://grouper.ieee.org/groups/802/16/


Back to Top


What is Wi-Fi (802.11)?
Wi-Fi (802.11) is a suite of specifications for wireless Ethernet. 802.11 is interesting to hackers because it allows almost untraceable entry into networks.

The 802.11 standards are defined by the IEEE (Institute of Electrical and Electronic Engineers) at http://grouper.ieee.org/groups/802/11/.

The most common 802.11 specification, 802.11b, defines twelve channels. These channels utilize overlapping frequencies. Channels one, six, and eleven do not overlap.



Standard
Speed
Frequency
Modulation
802.11 2Mbps 2.4Ghz Phase-Shift Keying
802.11a 54Mbps 5Ghz Orthogonal Frequency Division Multiplexing
802.11b 11Mbps 2.4Ghz Complementary Code Keying
802.11g 54Mbps 2.4Ghz Orthogonal Frequency Division Multiplexing


The SSID (Service Set IDentifier) is a token which identifies an 802.11 (Wi-Fi) network. The SSID is a secret key which is set by the network administrator. You must know the SSID to join an 802.11 network, however, the SSID can be discovered by network sniffing. By default, the SSID is part of the packet header for every packet sent over the WLAN.

The fact that the SSID is a secret key instead of a public key creates a management problem for the network administrator. Every user of the network must configure the SSID into their system. If the network administrator seeks to lock a user out of the network, the administrator must change the SSID of the network, which requires reconfiguration of the SSID on every network node. Some 802.11 NICs allow you to configure several SSIDs at one time.

Most 802.11 access point vendors allow the use of an SSID of "any" to enable an 802.11 NIC to connect to any 802.11 network. This is known to work with gear from Buffalo Technologies, Cisco, D-Link, Enterasys, Intermec, Lucent, and Proxim. Other default SSID's include "tsunami", "101", "RoamAbout Default Network Name", "Default SSID", and "Compaq".

Many Wireless Access Point (WAP) vendors have added a configuration option which lets you disable broadcasting of the SSID. This adds little security because it is only able to prevent the SSID from being broadcast with Probe Request and Beacon frames. The SSID must be broadcast with Probe Response frames. In addition, the wireless access cards will broadcast the SSID in their Association and Reassociation frames. Because of this, the SSID cannot be considered a valid security tool.

The SSID is also referred to as the ESSID (Extended Service Set IDentifier).

Wired Equivalent Privacy (WEP) is the encryption algorithm built into the 802.11 (Wi-Fi) standard. WEP encryption uses the RC4 stream cipher with 40 or 104 bit keys and a 24 bit initialization vector.

The security issues with Wired Equivalent Privacy (WEP) include:

• A high percentage of wireless networks have WEP disabled because of the administrative overhead of maintaining a shared WEP key.
• WEP has the same problem as all systems based upon shared keys: any secret held by more than one person soon becomes public knowledge. Take for example an employee who leaves a company - they still know the shared WEP key. • The ex-employee could sit outside the company with an 802.11 NIC and sniff network traffic or even attack the internal network.
• The initialization vector that seeds the WEP algorithm is sent in the clear.
• The WEP checksum is linear and predictable.

The number and scope of difficulties with WEP security has led to the creation of WPA (Wireless Protected Access).

For more information on security issues with Wired Equivalent Privacy (WEP), read Security of the WEP algorithm by Nikita Borisov, Ian Goldberg, and David Wagner.

WPA (Wi-Fi Protected Access) is an interim standard by the WiFi Alliance which will most likely be rolled into the eventual IEEE 802.11i standard.

WPA (Wi-Fi Protected Access) features two very different modes of operation:

WPA Enterprise Mode
WPA PSK (Pre-Shared Key) Mode
Requires an authentication server Does not require an authentication server
Uses RADIUS protocols for authentication and key distribution Shared secret is used for authentication
Centralizes management of user credentials Device-oriented management of user credentials

The PSK (Pre-Shared Key) Mode of WPA is vulnerable to the same risks as any other shared password system, such as dictionary attacks. PSK Mode also suffers from the same key management difficulties as any system where the key is shared among multiple users, such as the difficulties in removing a user once access has been granted.

The Enterprise Mode of WPA benefits from the mature RADIUS architecture -- but it requires a RADIUS server. This is not something that will benefit most home users.

WPA provides additional security by:

• Requiring authentication using 802.1X
• Requiring re-keying using TKIP
• Augmenting the ICV (Integrity Check Value) with a MIC (Message Integrity Check), to protect the header as well as the payload
• Implementing a frame counter to discourage replay attacks

In addition to WPA, some vendors also implement WPA2, which allows the use of AES instead of RC4.

802.11i is a draft IEEE standard for 802.11 wireless network security. 802.11i defines several new standards, and also relies heavily on many existing standards.

802.11i introduced the RSN (Robust Secure Network) protocol for establishing secure communications.

802.11i also introduced the WRAP (Wireless Robust Authentication Protocol) and CCMP encryption protocols, both of which are based upon the AES encryption algorithm.

802.11i uses EAP (Extensible Authentication Protocol) as the end-to-end transport for authentication methods between the wireless NIC and the wireless access point. 802.11i uses 802.1X (EAPoL) to encapsulate these EAP messages over wireless ethernet.

Although EAP-TLS is not an official component of the 802.11i standard, it is the de facto authentication protocol for 802.11i wireless networks.

RADIUS is also not an official component of the 802.11i standard, but it is the de facto standard authentication provider.

For more information on 802.11i, check out this Overview.


Back to Top


© 2017 Gigatek Computer Consulting. All rights reserved.
All trademarks property of their respective owners.