Page 18
J-Series Data Radio – User Manual
Issue 09-10
Security
Frequency Hopping Spread Spectrum radios offer a high level
of security because it is not possible to eaves drop on data
transactions without knowing the hopping pattern being used and
having proprietary knowledge about how the data is encoded.
Unlike 802.11 and WiFi equipment which can be purchased “off the
shelf” the Trio J-Series employs many levels of defence against
security potential security threats.
Security Layers
The J-Series Radio employs several layers of security. Each layer
is detailed below.
(1) Network Name : The Network Name is used to derive the
hopping pattern. The Network Name must be identical in all
radios in the Network.
(2) Trusted Remotes/Access Points : If enabled, only serial
numbers in the Trusted Remotes/Access Points list can be
communicated with. Serial numbers are unique and factory
set. They can not be manipulated by the user.
(3) Encryption : All data is encrypted with a 256-bit AES
encryption key. If enabled, the same key MUST be used in all
radios.
Password Protected Web site Interface
When enabled the user will be required to enter a password to
enter the web site interface to access the configuration of the radio.
Trusted Access Points and Trusted Remotes
Trusted Remotes:
Access Point radios can be configured to communicate only
with a list of trusted REMOTE radios. If any serial numbers of
trusted remotes are entered into the “Trusted Remote List” then
communications will only occur with radios entered on this list. If
the list is empty, then communication can occur with any remote
and this security feature is disabled. Up to 63 trusted remotes can
be specified.
Trusted Access Points:
REMOTE radios can be configured to communicate only with a
list of trusted Access Point radios. If the Access Point radio serial
number is in the “Trusted Access Point” list the communication
can only occur to this Access Point. If the list is empty, then
communication can occur with any Access Point that has the
correct Network Name. Up to 4 trusted Access Points can be
specified.
By entering any serial number into either the “Trusted Remote” or
“Trusted Access Point” lists, this security feature is enabled and the
radios will only communicate with radios defined on their trusted
list, if these lists are empty the radios will communicate with any
radio having the correct network name.
Ethernet Traffic Filtering
As of firmware release V3.1, the J-Series radios implement several
features to reduce the amount of redundant on air traffic so that
higher actual bandwidths may be achieved. These features add no
additional latency to the network, they require no configuration and
improve bandwidth. As such they are always enabled.
Peer to Peer Repeat Filtering:
This feature greatly improves the available bandwidth in systems
where peer to peer connectivity is required. The filtering is
implemented in within the Access Point (or Bridge) of PTMP
or PTMP/B systems. Essentially it prevents the unnecessary
repeating of Ethernet traffic which is inherently point to point in
nature (ie: a TCP session).
When two remote radios need to communicate with each other
(often referred to as Peer to Peer), the Access Point (or Bridge) will
repeat the traffic to provide peer to peer connectivity.
However, if the traffic is from a Remote to an AP (or Bridge), then
peer to peer repeating is not required and the AP (or Bridge) does
not repeat the traffic. The AP (or Bridge) learns what devices (MAC
addresses) do not require repeating. Broadcast traffic is always
repeated. By learning where devices are located on the network,
the route table does not require any special configuration or setup.
Unicast Transmissions & Data Acknowledgements
This feature provides an improvement in downstream
bandwidth (ie: From AP to Remote) as it prevents unnecessary
retransmissions of data from AP to Remote (ie: retransmission
blindly transmit data multiple times). When the AP (or Bridge)
detects that data is being unicast (ie: sent to one remote device
only), the AP (or Bridge) swaps from retransmission of data (ie:
blindly sending data multiple times) to data acknowledgement
mode (No Ack Retires).
Essentially the AP (or Bridge) briefly swaps to a PTP mode
of operation during the transmission of this unicast data. The
remote radio acknowledges this unicast data from AP which in
turn allows AP to send data to remote without the need for blind
retransmissions. The acknowledge process is described earlier in
this user manual. Refer to “No Ack Retries” in Part D.
When the AP (or Bridge) detects the traffic is of a broadcast or
multicast type, the AP (or Bridge) returns to normal PTMP mode
where traffic is retransmitted as per the normal process.
Upstream and Downstream Filtering for Bridge
Radios
This feature prevents unnecessary transmission of data either
upstream or downstream of a bridge. It is useful for systems where
Ethernet devices are connected to bridges. The bridge learns
which direction (either upstream or downstream) the traffic needs
to flow and filters out the traffic accordingly.