GE MDS is a world leader in wireless data networking solutions with applications in the SCADA, telemetry, telecommunications, and on-line transaction processing markets. GE MDS continuously seeks ways to reduce customer costs, increase efficiency, and enhance security for its customers worldwide. One way to ensure this is through development and manufacture of the highest quality products with state-of-the-art versatility to meet specific customer needs in an ever-changing global marketplace. MDS' TransIt wireless data network is a good example.

When compared to traditional wire alternatives TransIt offers a more secure communications alternative. The following is a brief discussion on how a TransIt Data Network system addresses security issues.

There are two main areas of security in a transmission media: protecting the data from being monitored by unauthorized persons, for example when dealing with passwords, and protecting the data from being altered or manipulated by unauthorized persons.

TransIt has a multi-tiered approach to security. At the carrier level the strength of the security provided depends on the type of radio platform being used. Spread Spectrum is a much more robust solution than narrowband since it was originally designed for military applications to provide a secure and reliable transmission medium. At the radio protocol level, or MAC layer, the TransIt WARP protocol provides the necessary protection. An additional level of security is provided by the actual protocol between user's equipment. Even more important than transport level security mechanisms ¾ no matter how sophisticated they are ¾ is the level of protection provided at the application level.

A wireless network such as TransIt is much more secure than a regular leased or dial-up telephone line, where unknown persons could tap into the wire with little difficulty. Most leased-line and dial-up modems use standard modulation techniques and are compatible with almost any other modem.

So most regular modems do not provide any additional level of protection to the information being transported.

Carrier Level Security

The first level of security is provided at the carrier level by the type of radio platform used. A Frequency Hopping Spread Spectrum radio provides a higher level of security than a Direct Sequence Spread Spectrum or narrowband radio.

Spread Spectrum models
When a Spread Spectrum TransIt system model is used, There is a pseudo-random sequence of channels over which the radio "hops". The radio transmits in a channel during a preset period of time known as dwell time. Without knowing the exact frequency progression, the bandwidth and the dwell time, it is virtually impossible for any other radio to synchronize and obtain the information being transmitted.

The seed being used by the hopping algorithm is user configured and is one of 65,000 possible values that provide a unique pseudo-random hopping pattern. Without this pattern to follow, it is practically impossible for the remote radio to synchronize with the master station.

Narrowband platform
In the narrow band case, the protection at the carrier level is provided by the proprietary framing of the raw data being transported. Additional control bits are added to the regular data stream before it is sent over the air, and stripped at the receiving end before being delivered to the internal data processor that handles the MAC layer. The radio level is not compatible with other brands. Additionally, this mode of operation requires a license, with a non-public, non-shared frequency channel that is different for every user. An unauthorized radio trying to gain access in this licensed band could cause interference that will affect the operation of some parts of the network, but it will not break the security of the system.

Back to Top

Radio MAC Level Security

Once bits are being received by the intended radio, the next level of security is the proprietary MAC layer being used. Once again, Spread Spectrum implementation is a little different than the narrowband implementation. In this layer though, both types of systems provide an equivalent level of security.

Cell Id and Remote Id
Every packet transmitted over the air between the master and the remotes has an embedded Cell ID and the Remote ID (source or destination). For the master or remote to recognize and process a message, the Cell ID must match with what has been locally configured by an operator. If the message does not match this Cell ID, it is discarded.

Packet segmentation and multiple overlaid protocols
It is possible for longer packets to be segmented by the WARP protocol. The effect is that even if a message is intercepted for examination, chances are the message will not be complete and will be virtually undecodable. Another mechanism used by WARP is a simple compression scheme. If a character is repeated consecutively more than three times, it is compressed to save transmission time. This acts as a form of encoding, and if more than one protocol is used in a cell, then a potential interceptor will receive a series of disjoint pieces of information addressed to different remotes with different protocols. Interpretation of this is virtually impossible.

Checksum and numbering protection
The integrity of every packet sent over the radio is protected by a CRC-16 checksum to detect modification of the information carried in the packet. Every packet includes a progressive number that allows detection and elimination of duplicated or out-of-order packets as well. This dramatically reduces the possibility of someone replaying previously recorded messages.

Controlled access of remotes
During normal operation, the master will poll all of the remotes according to a user configurable list. If the ID of a remote radio has not been explicitly included in this list, the master will not poll that particular remote. This effectively blocks any possibility of information transfer between the network and that particular remote. Even when the remote can request to be polled during the contention periods, the master will not consider it until it is added to the list by the operator.

Back to Top

Management Level Security

If unauthorized persons try to breach the system security, operators are warned that such activity may be occurring.

NMS Alarm Reporting
Duplicate addresses detected by the MAC layer are reported to the NMS as such. This should alert the network operations staff of possible attempts to breach security. These alarms are kept on a log that shows date and time of occurrence.

Password Protection
Configuration changes are safeguarded by a security password. There are three different levels of access: User level, which is a read-only access level, Master level, which allows configuration changes, and Factory level, that allows software to be changed. A person would need the master level password to be able to make any configuration changes, for example, to add a remote to the authorization list.

Back to Top

As we can see, a TransIt wireless system provides significantly greater protection than a traditional wire system. It is a much bigger challenge for unauthorized persons to even listen to data traffic, let alone modify the information. An MDS TransIt™ wireless system has basically two switching points: the master station, and the remote station, while a wired system has multiple switching points where data can be intercepted, such as phone wiring cabinets located in the street.

An added level of protection comes from the fact that a wireless system has much more resistance to failure than a wired system. The exposure to potential human/mechanical error is diminished by the fact that there is significantly less switching equipment that a signal must travel through in a wireless system than the equivalent on a wired infrastructure. Thus a TransIt wireless solution provides increased overall system robustness.

The following table summarizes the above discussion:

Back to Top