« Comments on DoD report "Preventing and Defending Against Clandestine Nuclear Attack" | Main | US ports and border crossings to get radioactivity monitors over the next couple of years »

November 12, 2004

Comments

Watching Them, Watching Us

It is astonishing that anybody would design a piece of critical infrastructure such as this kind of sensot network which relies on 2.4 GHz WiFi radio protocols.

This is fundamentally vulnerable to accidental or deliberate Denial of Service attacks - which is all that anyone wanting to smuggle illegal nuclear or radiological weapons wants i.e. for the detectors not to work, or for them to be "offline" so frequently that they are treated as forever "crying wolf" with false alarms.

It does not matter how strong the encryption or how effective the Cyclic Redundancy Checks which initiate data re-transmission are, the 2.4 Ghz Industrial Scientific Medical portion of the radio spectrum is licence free in most countries and there are no legal penalties for accidental or deliberate interference or jamming, from the millions of other radio devices using this part of the spectrum.

There is fundamentally no way to prevent several different protocol based Denial of Service attacks becuase the control frames which determine session handshakes etc. are not authenticated or encrypted and can be easily spoofed or forged.

This problem has not been sorted out even in the newer 802.11i version of the protocols which introduce better encryption etc.

It is bad enough when various sensor manufacturers plan to use this technology for simple industrial monitoring, which may have environmental or health and safety consequences if it goes wrong, but to use rely on Wi-Fi radio protocols for a critical security related task, is utter madness.


The comments to this entry are closed.

July 2005

Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

Blogroll