Outline

• Wireless and 911• The old way• The new system• Unique

Considerations for WAPs and MATs.

• WAP design conditions• Mobile Terminal design

conditions• We got the performance

we had hoped for

Wireless & 9-11-2001SIGNIFICANT EVENTS• Security awareness increases – TSA • Security Vulnerability Assessment Completed

TECHNOLOGY DIFFICULTIES• IP Ethernet Switches from the Power Utility Industry migrated into

the Transportation world• MPEG 2 and MPEG 4 standards emerging• Handheld computers attain GHz Pentium class• No wireless standards• Intelligent video is a military deployment only• Video recorders are not VCRs and • Video on demand is waiting for terrabyte storage drives

Project History• Security Vulnerability Assessment -- 2001• Gaming and Grants activities -- 2003• Design Consultant selected -- 2004• Design completed -- 2005• Construction completed -- 2006• Next upgrade expected -- 2008

St. Pete in 2003The old system

•15-year old access control system•Equipment no longer manufactured •Upgrades available at 50% more than new•Copper-based communications•Some MMFO cable•Video done on a “homerun” basis and reviewed only occasionally

St. Pete 2006The new system

This Technology was not available in 2001• MM fiber for terminal SM fiber outside (F)• New access control system (T)• New Ethernet Layer 3 Switch (T)• New Ethernet Layer 2 switches (T)• New Intelligent Video application (F)• New mobile access terminals (MATs) (T)• New Wireless access points (WAPs) (T)

What Changed?

• Attitude

• Technology

• Cost

• Staff availability

Attitude Changed

• All Department of Defense wired and wireless networks should deploy 24x7 wireless monitoring and intrusion detection systems that are NIAP common criteria certified. – US DoD, June 2006

• Department of Transportation is now part of Homeland Security

Technology Change - FIBER

• All dielectric• 3 frequencies • Lots of experienced

Contractors• New installation methods• Reduced cost• Internet Protocols

Technology Change Access Control

• Badge operations• Database management• Provision for biometrics• Smart card encryption• Proximity card concept• Intelligent video • Communications

improvements

Technology Change - Layer 3

• Permits virtual LAN

• Hosts need only deal with messages in VLAN

• Routes messages between VLANs

Technology Change - Layer 2

• Permits connecting devices in spanning tree rings at under $1000

• Relieves devices of message overhead• Permits fiber with non-fiber devices• Up to 74ºF)

Technology Change Mobile Terminal

Technology ChangeCentral Control Room

• Rugged enough for outdoor

• Ergonomic • Flat screens• Dual screens• Computers built-in• Noise and air

conditioning considerations

• Lighting built-in

Conceptual Diagram

Changes in Concept• IP

• Fully digital

• Distributed intelligence – Control room– Controllers in field– Devices

• Windows, Corba

IEEE Standards have changed802.11 Working Groups

Number Description Number   Description

802.11 a 5.0 GHz 1999 802.11 n 100Mbps throughput 2007

802.11 b 2.4 GHz 1999 802.11 o Reserved

802.11 c Wireless Bridge 2001 802.11 p WAVE

802.11 d International 2001 802.11 q Reserved

802.11 e QoS 2005 802.11 r VOIP 2007

802.11 f AP Interoperability 2003 802.11 s Mesh Networks

802.11 g 2.4 GHz 2003 802.11 t Wireless Performance

802.11 h 802.11a Intl 2003 802.11 u Interworking non 802

802.11 i Security 2004 802.11 v Wireless Network Mgmt

802.11 j 802.11a Japan 2004 802.11 w Protected Mgmt Frames (Security)

802.11 k Radio Mgmt 2005 802.11 x Not yet

802.11 l Reserved 802.11 y 3.65-3.7 GHz for 802.11

802.11 m Standards Maintenance 802.11 z Not yet

MPEG Standardshave changed

• MPEG 2 requires 3-5 MBPS and is full motion. When the client sees it, the client loves it. It costs more.

• MPEG 4.6.2 requires less than 1.54 MBPS and can be reprogrammed to look like motion pictures for short periods of time. It costs less.

Why Wireless?• Roving patrols see what only operators once saw

• CCTV verifies conditions before the responder arrives

• Authorization is checked as the patrol moves toward the alarmed condition

• Less staff is required• Database can be either forensically sound or not• The control center moves to the field

Wireless Network Access Point

• Permits mobile network access

• Adds complexity

• Security concern

• Slow message rates

• Requires proper design– Eliminate dead zones– Eliminate interference

Why Not Wireless?

• Rogue Access Points

• Sniffing – WEP cracking

• Masquerading – Evil Twin

• Insertion – Man in the middle attack

• Denial of Service – Jamming

• Viruses

• Hot spot attacks

WiFi / WiMAX 2005

• WiFi – 100 feet good for personal access network– 802.11a 5 GHz and 54 Mbps– 802.11b 2.4 GHz and 11 Mbps– 802.11g 2.4 GHz and 54 Mbps

• WiMAX 300 miles Standard due in 2007 good for metropolitan area network– 802.16e-2004 QoS, Mobile Fixed

5 GHz unlicensed

10-66 GHz licensed

Will WiMAX replace WiFi/3GPP?

• Ubiquity• Development• Breadth of application• Nokia and Intel finalizing standard 802.16e• Cisco says WiMAX is a poor business

model but supports it.• 3GPP will coexist with WiMAX and the two

will suppress need for WiFi--Cisco

The practical solution

• Radio Frequency Study to determine how to eliminate interference -- $25K

• Deployment tools to make sure that field strength is optimal -- $25K

• WAP cost -- $1500

• Put in 4 times as many WAPs as you need.

What we caught because of Intelligent Video

• Tenant jumped the gate

• Airport documented the action in video

• Airport warned and cited the violator

• Airport let the tenant see that there was no room to dispute

• Tenant accepted penalty

What we get from a MAT

• The ability to rove

• Staff can multi-task

• Video documentation is a button away

• Quicker delivery of staff and other resources

• Access to networks from airports, etc.

The problem - solution

• Wireless coverage • Metal• Foil Walls• Small antennae• Hackers• Speed for video• Memory• IT vs Engineering• Previous successes

Metal – Foil Walls

The solution

• Design self-dampening antennae fields

• More WAPs

The problem

• Neighbors

• Holes in reception

• Signing off

A PDA or Computer?• This slide will be dated

within a year

• PDA can’t handle 3 MBPS

• Antenna is 2 to 4”

• PDA has specialized software for email, text messaging

• Technology genera-tions are > 2 years

• OQO could handle streaming video

• Antenna is 6 to 12” with extension to

18”

• OQO could emulate a Blackberry

Handling Hackers

• Wireless is susceptible to incursion

• Firewall is not enough

• Field strength must resolve conflict not create it

• Making it a less than once in a life time event

• Encryption is possible and required

• Field strength can be designed and “tweaked” with WAPs

An Institutional Issue

• IT does – Email– Internet– Phone

• IT does not do– Real time– Human safety– Security

• Engineering does– Real time– Human safety– IP Phone

• Engineering does not– Email– Internet

Previous Successes• Because the technology is only 1-2 years old

• Because the designers are still gaining experience

• Because the telecommunications explosion interferes

• Because the rules since 911 are unweildy

There are only a few successes to report.

Summary

• Attitude, Technology, Cost & Staff size changing rapidly

• Wireless becoming common• Wireless introduces liability/vulnerability• Proper design can “sure up” the application

reasonably.