Feel secure with license-free wireless bridges

Modulation techniques and security features help wireless bridges send secure transmissions between wired networks

Feb 1st, 2002
Th 84085

Modulation techniques and security features help wireless bridges send secure transmissions between wired networks.

Modulation techniques and security features help wireless bridges send secure transmissions between wired networks.

As research firms predict an increasing use of wireless LANs, we must become more aware of the technologies involved. People often confuse wireless bridges (see table, page 54) with access points.

"An access point is designed to be like a central location with wireless clients that associate with it. Then, the access point connects them to a LAN," explains Michael Young, president of Young Design Inc. (www.ydi.com). In other words, the access point connects the clients to a LAN, and wireless clients associated with the access point can get access to the LAN. "Some people refer to this as a bridge because you are bridging a wireless device to a LAN, but it is not a wireless bridge."


LSA Communications' SupraConnect uses optical filtration to reject solar radiation, a form of interference.
Click here to enlarge image

Access points can be configured to act as a wireless bridge. "A lot of the 802.11-compliant access points are used as point-to-point bridges," says Dan Pritchett, manager of Adtran Inc.'s (www.adtran.com) wireless products. "These [access points] will talk to each other in a bridge configuration." Robert Frye, director of marketing at LSA Communications (www.lsainc.com), refers to wireless bridges as "wireless point-to-point connections. A radio frequency (RF) could be a wireless point-to-point or point-to-multipoint. Access points are usually thought of as Internet access points or hubs."

Also, the access point's accompanying software may be altered so that the access point acts as a bridge. Wave Wireless Networking (www.wavewireless.com) calls its wireless bridge a "wireless router" since it is used for routing between networks. "I think the name just depends on where a vendor is coming from with its product," says Patrick Pacifico, vice president, marketing and product management at Wave Wireless.

Each vendor spokesperson we interviewed agrees upon the following facts. "If it's inside of the building, it's technically an access point. If it's outside of the building to be used for connecting point-to-point or point-to-multipoint in an outdoor environment, it's a wireless bridge," explains Tom Janning, director of product management for the AMP Netconnect (www.ampnetconnect.com) wireless business.


Western Multiplex's Tsunami Multipoint wireless bridge uses adaptive modulation to overcome LOS restrictions
Click here to enlarge image

Frye explains it this way: "When we talk about optical wireless, we're basically talking about something that could be perceived as optical fibers through the air. Configured as a rooftop unit or placed so as to transmit through a window, wireless bridges are laser devices that emanate a laser beam that shoots to the corresponding other end's transceiver. The transceivers both transmit and receive, so there is simultaneous two-way operation."

A wireless bridge basically functions the same way a fiber would. It connects all the media access control (MAC) layer addresses on one side of a link to the MAC addresses on the other side of a link wirelessly. The MAC layer resides at the lower portion of the data-link layer and controls access to the physical transmission medium. Modulation techniques and line of sight (LOS) allow secure connection of these MAC addresses by license-free wireless bridges.

Line of sight

Before discussing common modulation techniques used by unlicensed wireless bridges, we must first understand how an optical-fiber-like system communicates without the optical fiber. Effective connections between a wireless bridge and its transceiver depend upon a clear path for the signal to travel.

LOS is defined in a white paper by Western Multiplex Corp. (www.wmux.com) as "an unobstructed path between two locations, where one could use binoculars to see clearly from Point A to Point B." Wireless bridges must have this unobstructed path to be able to connect MAC layers. Obstacles such as multiple buildings, mountains, or trees can obstruct a path between two locations, not allowing a successful transmission of the signal. Signals are transmitted via RF, and when an RF signal bounces off an obstruction as it travels between two points, a duplicate of the original signal is generated. The distance traveled by these two signals is different, causing them to arrive at their destination (the other side of the link) at different times. This causes the signals to overlap and merge into a single distorted signal at the receiving end, causing interference. Interference does not exist when there is line of sight, since there are no objects close enough to the signal's path to create reflected signals with significant strength.

In dense urban areas and corporate campus settings, it is common for buildings, trees, and other fixed objects to partially obstruct the LOS. Sunlight and weather conditions such as fog and rain may also affect transmission.


Wave Wireless' SPEEDLAN 9000 uses a "mesh" topology instead of having all the traffic run back to a central site.
Click here to enlarge image

LSA Communications' SupraConnect uses optical filtrations to keep out other types of light. It is also designed to reject solar radiation. "This is especially important when you have a link for a customer where the orientation for that link is in an east-west direction. The rising sun and setting sun could, at certain times of the year, be in direct alignment with the system," says Frye. Supra Connect's optical filtration rejects such interference with a 7-layer system of optical filtration and electronics that allow it to only see the laser.

Optical services are for short ranges and are adversely affected by weather. For this reason, Adtran's Tracer 2631 uses RF to reach a range of 30 miles.

AMP Netconnect uses computer software to calculate an adequate range and LOS for its wireless bridge dual and single ports. "Our computer software generates a layout of the land, and from that, we can determine average tree growth and plan around existing buildings," explains Janning. If you can see the bridge, it doesn't necessarily mean you have LOS. Computer software can take into account external factors and elements.

Some vendors are making attempts to move beyond the restrictions of LOS. Western Multiplex's Tsunami Multipoint wireless bridge uses near-line of sight so that it may overcome obstructions. "Near-line of sight is accomplished through adaptive modulation or orthogonal frequency division multiplexing (OFDM)," explains Todd Thiemann, product line manager. "Adaptive modulation com bines weaker signals to achieve one stronger signal."

Wave Wireless goes one step further with its SPEEDLAN 9000 non-line of sight wireless bridge-or wireless router, as Pacifico refers to it earlier in the article-with its "mesh" topology. "Some nodes must have a LOS back, but mesh networking allows each node to be both an end node and a repeater for any other node that it hears. You can use mesh by itself in a campus environment rather than have all of the traffic run back to a central site," says Pacifico. "Each building can 'talk to' any other building it can hear within a 1/2-mile radius." Also, this topology can maintain a strong transmission for a range of 5 miles.

Spread spectrum

Today's license-free wireless bridges employ spread spectrum modulation techniques that maintain the strength of the signal. Spread spectrum technology has inherent noise and interference resistance in comparison to traditional narrowband radio transmission technologies. It takes a narrowband signal or data input and distributes the data signal's input over a broader frequency range using one of two coding implementations-direct sequence spread spectrum (DSSS) or frequency hopping spread spectrum (FHSS). Once the signal is spread and transmitted, it must then be reassembled at the receiver (transceiver).

In FHSS, the original narrowband signal is taken and "chopped" into smaller narrowband signals and is transmitted in a pseudo-random fashion across the spread area of spectrum. Instead of being collated with a multiplier, the receive mechanism is set in such a manner that it is picking up each of these narrowband signals and reconstructing them in the processor.

Direct sequence is a matter in which a radio signal is taken in a narrowband configuration and digitally multiplied and spread over a wide band. DSSS is transmitted in a flattened-out wide-band condition, and then digitally reconstructed by the radio equipment on the other end.

Janning believes DSSS is becoming the more popular modulation technique for license-free wireless bridges. "It is faster, more reliable, and channel conflict goes away," he explains. "If you have two frequency hoppers right next to each other, they are just beating each other up. Direct sequence will allow for enough clearance from an RF standpoint by changing polarity and the signal's channel."

By using pseudo-random codes for bandwidth spreading, spread spectrum signals are not only harder to decode, but receivers must also mimic the exact pseudo-random code for demodulation to take place. Since this spreading creates signals that are much wider than the original information that is carried over the spread spectrum band, transmissions can be hidden with random noise. Essentially, a spread spectrum information signal is made to look like random noise so that it is harder to detect and the information within the medium is protected from interference.

Even more security

A major concern expressed by those not using wireless LANs is security. Vendors are installing added security to discourage the efforts of "hackers" and, potentially, erase this concern.

The AMP Netconnect wireless bridge dual port offers levels of security protection. "These levels of security have to do with algorithms within the software and the encryption on the radio card," says Janning. With a configurable network identifier name, each user must be using the same network name or key to be part of a group. This can be changed as often as needed. An automatic key exchange feature uses a Diffie-Hellman automatic key exchange. Also, with Windows XP, the dual port will support 802.1x security features.

Western Multiplex's Tsunami fixed wireless Ethernet bridges also offer several levels of protection. The product line includes two levels of password protection-one for monitor and a second providing monitor/modify privileges. Transmission signals are unique so that you need another Tsunami bridge to receive and decode the signal. A unique data transmission code sequence is set by the administrator and can be changed in a secure fashion using a Web browser or via simple network management protocol (SNMP) using existing system and network-management software. Numerous levels of security minimize the possibility of intrusion and keep the user's transmissions safe.


Ryan Clicheis assistant editor of Cabling Installation & Maintenance.

-

null

More in Wireless/5G