Tuning out wireless chaos

Security for wireless could end up more of a mess than security on our PCs, unless we act soon

Anarchists have always loved radio, and it returns the favour. Every generation of wireless technology has been used for piratical purposes, and in return the pirates have helped develop the medium and the messages it sends. Yet the latest news from Australia, where a security advisory highlights how a lone PDA with Wi-Fi can effectively jam the best-protected 802.11 network, is a sign that the airwaves may be due for the most bloodthirsty battle yet.

Like email, the Web and ultimately the Internet itself, radio only works while people stick to the rules. It is particularly vulnerable in that it can be compromised at a distance without physical contact, and anything that can emit a radio signal is a potential threat. The bands are crowded and getting more so, with ever more standards staking a claim. Designing and producing so many different kinds of radio is hard, which is why a great deal of hope is being pinned on a new breed of device -- software-defined or cognitive radio.

These take the basic idea behind the PC and apply it to wireless: make the hardware as general-purpose as possible and configure everything through appropriate software. Radios have always need masses of specialist analogue circuitry dedicated to the exact band of frequencies used, but as the speed and power of digital signal processing has increased it's become possible to replace more and more of the analogue stuff with very fast digital. The end point is a single chip that can transmit or receive any sort of radio signal on any frequency, depending only on what software's running. Much cheaper, much more flexible and impressively future-proof.

What could go wrong with software-defined radios? There's a clue in the first word of the name. For if one of these chips goes haywire, if malicious code is introduced or even if the user decides to download a hack to double their wireless LAN's data rate, then the circuitry will blindly obey. The device could start to transmit anywhere on the spectrum, at any power and any bandwidth. This is not hygienic. It might not matter too much if you're just watching Deputy Dawg over streamed video, but radio is no respecter of importance -- it'll wipe out your phone conversation, online e-commerce session or GPS receiver just as happily. It's all very well having a transmitter as flexible as a PC, but we know to our cost how that flexibility can be abused.

In the past, governments have sought to control technologies that give the masses too much power on air -- an arms race between American pirate CBers and the FCC kicked off in the 70s, where the authorities kept banning easily modified CB sets and the manufacturers kept obeying the letter, rather than the spirit, of the law.

Now, the FCC is considering controlling the availability of high-speed digital to analogue converters, a key component in cognitive radios: however, it's unlikely that the economic imperatives that are driving the technology can easily be circumvented. For cognitive radios to achieve their potential, they have to be ubiquitous and flexible: making them difficult to obtain and restricted in what they do is an anathema.

The only way we can fully exploit the tremendous potential of new wireless is to take control of the airwaves. In particular, we can no longer treat our wireless environment as an unknowable spirit land beyond the veil. We are blithely deploying -- and becoming ever more dependent on -- increasingly freaky radio gear without the wireless diagnostic equivalent of so much as a fuse tester to help us when things go wrong. It's no good expecting the old school of statist spectrum regulators to come to our aid: they've been made so efficient and cost-effective they can no longer properly police the airwaves.

Where are the test tools? If your wireless network keeps stalling for no good reason, could you work out if it was interference at fault and, if so, where it was coming from? It could be a leaky microwave oven, it could be a faulty wireless card, it could be a mischievous hacker, but if you can't even tell it's there.

The weapon of choice for the RF warrior is a spectrum analyser, which sniffs the waves and draws a picture of what it hears. There's nothing better -- except that they're large, very expensive, hard to use and nowhere near good enough. A spectrum analyser that knows about network protocols would be far better; one that also has an expert system to help diagnosis and that can be linked into other management systems would be superb. If it ran in a handheld device and had network deployment facilities as well -- signal strength metering, access point location advice, automated alarms -- it would be a killer.

As far as I know, no such beast exists. In the past, doing even a tenth of that would have required an enormous amount of black-art radio frequency analogue magic and the market couldn't justify the development costs. Yet as we've seen, the rules have changed -- cognitive radio means simple hardware.

To safeguard against radio chaos, we have to develop smart, effective, cheap and powerful tools that let us sense the airwaves about us. Those developing cognitive radio hardware should produce an open reference design, preferably one that works in handheld computers, and libraries of DSP code that provide the raw building blocks for manipulating it. Other developers and white-hat hackers can take it from there: it will be a profitable and enduringly useful enterprise that's well overdue.