Put Data Pirates Up a Tree

Oct. 14, 2010
If you're a technologist and landscaper, and you read my last blog, I have good news for you. Even if you're not a landscaper, you'll be happy to know that there are ways to use wireless technology without making sensitive data vulnerable to pirates. ...

If you're a technologist and landscaper, and you read my last blog, I have good news for you. Even if you're not a landscaper, you'll be happy to know that there are ways to use wireless technology without making sensitive data vulnerable to pirates.

In my last blog I told you about my conversation with a former GM employee whose IT people would not consider wireless devices in their plant for fear that a competitor or anybody else who wanted to access their production data could simply lift it out of thin air. That's not paranoia, apparently. But it's also not the easiest way to get at data. Dan Dobkin, principal with Enigmatic Consulting and author of several books on RF technology, told me if he were trying to penetrate someone's data stores, he'd go through their firewall via the Internet rather than try to plunder the airwaves from an adjacent parking lot.

“To intercept a radio signal, I have to be there (or at least my equipment does), which exposes me to discovery and capture,” he said. “And if I hack into the network I'm much more likely to find what I really want, well-organized information in files or databases.”

Nevertheless, RF does have its vulnerabilities. In a perfect world, sensibly designed RFID systems send data that only makes sense if you know what's in the database. But according to Dan, for people using the EPC standards, tags do broadcast some information that anyone can decode.

“EPC Gen 2 provides a “cover code,” but it's useless if you can hear the tag talk,” he explained. “I've decoded cover-coded messages during some intercept work.”

Wi-Fi radios provide physical-layer security through encryption. Dan says the original model, called "WEP" (wired equivalent privacy) was not terribly secure and can be broken with a few megabytes of traffic. Then, around 2004, WPA2 came out, and was based on the Advanced Encryption Standard. He has yet to hear of someone breaking WPA2—as long as a reasonably secure passcode is used.

“Bluetooth communications can be encoded but I believe few of them are,” he concluded. “Fortunately they are low power, but someone typing next to a window might be sending the characters they type in the clear, for all I know.”

What does this have to do with landscaping? Trees might be one of your best defenses against parking lot pirates. Dan told me that trees are good absorbers in the range of frequencies usually used by portable wireless systems. One tree can contribute 10 dB attenuation when in leaf. If you have three layers of trees in leaf, the signal will be decreased by 25-30 dB and will be much harder to decode successfully.

If you live in the Midwest or the East, winter might pose a challenge, unless you use pines or other evergreens.

However, if your building is made of concrete and steel it might attenuate another 10-15 dB. And you can also transmit at low power. Any one of these might not be enough to foil a pirate, but put them all together and you'll make it a lot harder for them.

And you'll have a lovely, woodsy place to work at the same time.