Building on the extensive industry experience, DragonWave is implementing revolutionary technologies that will enable new system-level solutions in the broadband wireless access market. DragonWave employs integrated ASIC-based technology solutions that achieve the next-generation functionality needed to provide the base station elements of the multipoint network.

DragonWave radios employ the latest MMIC and packaging technology coupled with a low-cost focused topology to provide a fully optimized solution. The system includes base station radios and modems that can be engineered to interoperate with other radio equipment such as third-party base station radios.

Equipment such as the DragonWave AirPair 100 outdoor radios interface with the customer's indoor networking equipment using either a DOCSIS™, 802.16, DAVIC or Proprietary IF interface. The air interface uses FDD or TDD Duplexing with Co or Cross-polarization to maximize frequency reuse. The DragonLink radio set employs a novel, rapidly configurable architecture combined with MMIC implementation technology. The result is a very low cost, yet flexible, Out Door Unit (ODU) solution for broadband multipoint applications.

However, wireless transmission of sensitive information presents another level of security concerns. Fortunately, AirPair systems are, by nature, resistant to data intercept and decoding. AirPair includes a number of imbedded security aspects such as:

• directional point-to-point communication
• narrow beamwidth
• bit-level data stream with AirPair synchronization and framing
• authentication and encryption.

These security mechanisms when used in standalone fashion, or when used together provide enhanced protection from data intercept and decoding. The AirPair systems are not susceptible to common wireless intrusion schemes for signal intercept and decoding. In order to even attempt to extract the signal, the intruder would have to execute an elaborate scheme, and would require direct access to the LAN/WAN data stream at the customer premises via the network equipment such as Ethernet Switch or Router

• direct physical access to the AirPair units, as well as gain access to appropriate usernames and passwords
• direct inline access to the narrow-beam signal and must use a DragonWave AirPair system as the receiver.

Other receivers will not be able to decode the AirPair synchronization and framing information.

If data security over the physical LAN connection, by means of tapping into the Ethernet cable or Ethernet LAN device is a concern, DragonWave recommends the use of a Virtual Private Network (VPN) between the AirPair endpoints. A VPN creates a secure tunnel using techniques such as IPSec, which provides both authentication and encryption at the IP (Internet Protocol) level and in turn protects any protocol running above the IP level.

One of the most significant security aspects is that the narrow-beam signal is transmitted as a series of bits with AirPair synchronization, requiring an AirPair unit located within the signal beam in order to capture any data. The receiving unit must be located directly in line with the narrow-beam signal. Even with no other security mechanism enabled, an intruder would be hard pressed to place an AirPair directly in the signal path. Any other system that is not an AirPair modem that may be located inline with the signal will simply receive a meaningless signal which it will not be able to decode.

When Ethernet level encryption devices are attached at the LAN access points, intrusion would be extremely difficult. The narrow, directional radio beam itself is a formidable impediment to eavesdropping. For example, using an 18" antenna attached to a 23 GHz radio, the beamwidth of at the end of a 1 km link is only 29 meters.

This means a receiving radio must be located within 14.5 meters on either side of the target receiving radio. The signal rolls off rapidly beyond the target radio location and signal interception would require a receiver sensitivity of –75 dBm in order to receive a clear signal at a distance of 2 km. This type of receiver would be an extremely high-performance device in the class of a DragonWave DragonLink 1002 radio. The side lobe signals are 20 dB lower in signal strength than the main beam and therefore would be even more difficult to intercept.

The signal contained in the AirPair data stream is encoded in such a manner as to present a seemingly random string of data bits. The user data is taken as a series of individual data bits and the AirPair framing and synchronization bits are interleaved in a proprietary manner. The receiving AirPair system extracts the framing and decodes the user data; only an AirPair system is able to extract the information. Idle time is filled with AirPair generated random patterns to further mask the user data.

Another intrusion point could be the AirPair serial ports. AirPair Modem serial ports are protected by a username/password system to prevent unauthorized access at the physical location. Failed login attempts result in the user being locked out for a period of time. If a user account has not been established by the AirPair administrator and the default user is enabled, then no login prompt is presented at the serial port and the user must follow a known series of steps in order to gain access. No feedback is given until a successful login has been performed. An inactivity timeout causes the user to be automatically logged out.

For even further security, the AirPair system requires authentication. AirPair Authentication restricts an AirPair modem from communicating with other AirPair modems unless that other modem matches the authentication string. The AirPair system must authenticate with the peer in order to be able to receive data. Therefore, even if an AirPair system were place inline with the signal, it would not authenticate and begin to receive data if another AirPair system has already been authenticated.

There are 2 authentication modes, namely Unique or Group authentication. Unique authentication is used in a point-to-point configuration where two AirPair systems wish to communicate with each other and no other system. Group authentication is used where a network of AirPair systems is in place. The system authenticates its peer approximately every 5 minutes. Authentication takes place out of band.

AirPair's inherent security aspects prevent data intercept and decoding. These include:

- directional point-to-point communication with extremely narrow beamwidth meaning that the intruder must be directly inline with the rapidly fading signal;

- and an indecipherable bit-level data stream with AirPair synchronization and framing, meaning a matching AirPair system is required on the receiving end in order to receive the data.