WISP,ISP,Wireless Internet,Broadband,Wireless Broadband,Wholesale Wireless Broadband  
 
Home Contact Us About Us White Papers Services Service Zones Backbone Equipment Interfaces Coverage Areas

  Img8.jpg

PYXIS Broadband is a wholesale provider of broadband services to WISPs, VARs and National Enterprise customers using FCC Licensed frequencies. There are distinct advantages to the use of licensed frequencies including minimal interference and advanced encryption techniques.

In addition, the equipment used in licensed frequency applications comes in a variety of configurations, some of which are more impervious to a security breach than others. PYXIS Broadband has chosen the leading manufacturer of highly reliable and secure equipment, DragonWave, as the source for the equipment that is deployed in our licensed, wireless point-to-point network links.

DragonWave's industry-leading AirPair 100 provides wire-speed, 100-Mbps, full duplex operation with ultra-low latency. These features enable the DragonWave solution to handle virtually any type or combination of Internet Protocol (IP)/Ethernet traffic flawlessly and transparently.

DragonWave designs, markets and supports broadband, wireless networking products for service providers and enterprises requiring reliable, predictable, interference-free, high-bandwidth transmission of real-time, IP applications. DragonWave's intelligent millimeter wave radios provide the building blocks to rapidly introduce broadband access where fiber-optic or copper-line connectivity is either unavailable or impractical. The resultant RF building blocks will enable the following services to be delivered across a Fixed Broadband Wireless Access solution:

  • Modulation adjustment for rain fades
  • Variable asymmetry
  • Efficient utilization of limited and expensive spectrum
  • Ease of installation for rapid rollout

Building on the extensive industry experience, DragonWave is implementing revolutionary technologies that will enable new system-level solutions in the broadband wireless access market. DragonWave employs integrated ASIC-based technology solutions that achieve the next-generation functionality needed to provide the base station elements of the multipoint network.

Key Features of PYXIS network with DragonWave Equipment are:

• 18.0 GHz Licensed Frequency
• High order Modulation
• Type approvable (ETSI, FCC, IC, ARIB)
• High Reliability Wideband Platform
• Co or Cross Polarized
• Ease of installation for rapid rollout
• Network Manageable (proxies SNMP)
• Compensation for IF cable run lengths
• Operation in harsh, outdoor environmental conditions

DragonWave radios employ the latest MMIC and packaging technology coupled with a low-cost focused topology to provide a fully optimized solution. The system includes base station radios and modems that can be engineered to interoperate with other radio equipment such as third-party base station radios.

Equipment such as the DragonWave AirPair 100 outdoor radios interface with the customer's indoor networking equipment using either a DOCSIS™, 802.16, DAVIC or Proprietary IF interface. The air interface uses FDD or TDD Duplexing with Co or Cross-polarization to maximize frequency reuse. The DragonLink radio set employs a novel, rapidly configurable architecture combined with MMIC implementation technology. The result is a very low cost, yet flexible, Out Door Unit (ODU) solution for broadband multipoint applications.

However, wireless transmission of sensitive information presents another level of security concerns. Fortunately, AirPair systems are, by nature, resistant to data intercept and decoding. AirPair includes a number of imbedded security aspects such as:

  • directional point-to-point communication
  • narrow beamwidth
  • bit-level data stream with AirPair synchronization and framing
  • authentication and encryption.

These security mechanisms when used in standalone fashion, or when used together provide enhanced protection from data intercept and decoding. The AirPair systems are not susceptible to common wireless intrusion schemes for signal intercept and decoding. In order to even attempt to extract the signal, the intruder would have to execute an elaborate scheme, and would require direct access to the LAN/WAN data stream at the customer premises via the network equipment such as Ethernet Switch or Router

  • direct physical access to the AirPair units, as well as gain access to appropriate usernames and passwords
  • direct inline access to the narrow-beam signal and must use a DragonWave AirPair system as the receiver.

Other receivers will not be able to decode the AirPair synchronization and framing information.

If data security over the physical LAN connection, by means of tapping into the Ethernet cable or Ethernet LAN device is a concern, DragonWave recommends the use of a Virtual Private Network (VPN) between the AirPair endpoints. A VPN creates a secure tunnel using techniques such as IPSec, which provides both authentication and encryption at the IP (Internet Protocol) level and in turn protects any protocol running above the IP level.

One of the most significant security aspects is that the narrow-beam signal is transmitted as a series of bits with AirPair synchronization, requiring an AirPair unit located within the signal beam in order to capture any data. The receiving unit must be located directly in line with the narrow-beam signal. Even with no other security mechanism enabled, an intruder would be hard pressed to place an AirPair directly in the signal path. Any other system that is not an AirPair modem that may be located inline with the signal will simply receive a meaningless signal which it will not be able to decode.

When Ethernet level encryption devices are attached at the LAN access points, intrusion would be extremely difficult. The narrow, directional radio beam itself is a formidable impediment to eavesdropping. For example, using an 18" antenna attached to a 23 GHz radio, the beamwidth of at the end of a 1 km link is only 29 meters.

This means a receiving radio must be located within 14.5 meters on either side of the target receiving radio. The signal rolls off rapidly beyond the target radio location and signal interception would require a receiver sensitivity of –75 dBm in order to receive a clear signal at a distance of 2 km. This type of receiver would be an extremely high-performance device in the class of a DragonWave DragonLink 1002 radio. The side lobe signals are 20 dB lower in signal strength than the main beam and therefore would be even more difficult to intercept.

The signal contained in the AirPair data stream is encoded in such a manner as to present a seemingly random string of data bits. The user data is taken as a series of individual data bits and the AirPair framing and synchronization bits are interleaved in a proprietary manner. The receiving AirPair system extracts the framing and decodes the user data; only an AirPair system is able to extract the information. Idle time is filled with AirPair generated random patterns to further mask the user data.

With no standard framing and no start/stop indicators plus a data fill during idle time, it would be extremely unlikely that a sniffer device could decode the data. The AirPair framing takes place out of band from the user data and therefore there is no traffic impact from the user's point of view. The user will see full bandwidth of 100 Mbps for AirPair 100 and 50 Mbps for AirPair 50. Of course, this throughput depends on the LAN network device's ability to generate the full rate.

Another intrusion point could be the AirPair serial ports. AirPair Modem serial ports are protected by a username/password system to prevent unauthorized access at the physical location. Failed login attempts result in the user being locked out for a period of time. If a user account has not been established by the AirPair administrator and the default user is enabled, then no login prompt is presented at the serial port and the user must follow a known series of steps in order to gain access. No feedback is given until a successful login has been performed. An inactivity timeout causes the user to be automatically logged out.

For even further security, the AirPair system requires authentication. AirPair Authentication restricts an AirPair modem from communicating with other AirPair modems unless that other modem matches the authentication string. The AirPair system must authenticate with the peer in order to be able to receive data. Therefore, even if an AirPair system were place inline with the signal, it would not authenticate and begin to receive data if another AirPair system has already been authenticated.

There are 2 authentication modes, namely Unique or Group authentication. Unique authentication is used in a point-to-point configuration where two AirPair systems wish to communicate with each other and no other system. Group authentication is used where a network of AirPair systems is in place. The system authenticates its peer approximately every 5 minutes. Authentication takes place out of band.

Summary

AirPair's inherent security aspects prevent data intercept and decoding. These include:

- directional point-to-point communication with extremely narrow beamwidth meaning that the intruder must be directly inline with the rapidly fading signal;

- and an indecipherable bit-level data stream with AirPair synchronization and framing, meaning a matching AirPair system is required on the receiving end in order to receive the data.

Security may be enhanced through AirPair authentication mechanisms, AirPair encryption of the entire data stream, and user VPN mechanisms such as IPsec.

 

Technology Partners with DragonWave

 


Pyxis Broadband offers a wholesale alternative to landline fiber via carrier-grade, wireless backbone operating in a secure, FCC licensed frequency.

Call or write us today at 630- 443- 8201 or [email protected]


Img8.jpg

 

White Papers | Pyxis Broadband | Backbone