Part 1 of this article looks at low-level communications protocols, including PPP and Ethernet, and their specific security features and requirements. Part 2 examines higher-level network protocols, specifically focusing on the transport layer.]
Cutting the Wires
We have so far looked at all the "wired" protocols, since they have a conspicuous lack of security options. For the most part, the wired protocols, unless running over a public network, do not really need all that much security, except in the most critical applications.
These protocols all rely on an inherent property of the network itself for basic security - wires are easy to secure. This property does not become apparent until you try to remove the wires and broadcast information using a radio. Suddenly, every hacker, black CIA helicopter, and alien invader in the vicinity can read everything you send without you knowing about it.
If someone were to try to eavesdrop on a wire, they would need physical access to that wire. Without the wire, all they need is an antenna (and maybe a dish to amplify the signal). See Figure 15 for some example threats to wireless communications.
Figure 15: Wireless Communication Threats
One of the primary reasons wireless technologies have not been as prevalent so far (even though the radio predates the Internet) is that wireless communication is hard - everything from cell phones to sunspots to microwave ovens to Grandma's pacemaker emits some kind of radio noise - see Figure 16. If any one of those things is producing loud enough noise on the frequency you want to broadcast on, it can be extremely difficult to pick out your specific message (this also brings up an interesting point about denial-of-service attacks - how can you know if you are experiencing a DOS attack or a bad day of sunspots?).
Figure 16: Radio Noise Sources
Slightly less of a factor, but nonetheless a contributor to the problem, is the fact that security is also hard. As we said, all it takes is an antenna for someone to listen to your broadcast, but tapping a wire is at least a little more difficult. For this reason, security is basically an absolute necessity for any type of wireless communication technology.
Until the security capabilities of the systems employing wireless communications caught up with the wireless technology, it could not progress too quickly. Of course, when wireless technologies started to catch on, it started in the high-end PC market. Only now, several years later, is that technology percolating down into the inexpensive embedded control industry.
Starting in the next section and continuing into the following chapter, we will look at some of the most common wireless technologies and the security implications of using those technologies. Armed with the analyses of the wired protocols from the previous sections, it should be apparent that securing wireless applications can be both easier and more difficult than securing their wired cousins.