It's all just "Bits in the Air"

I was just reading an editorial (Network Magazine, August 2003, "Wide Angle") about whether "bits and volts" can coexist. It was about the use of the power grid as a "universal access" network distribution medium; using the physical medium for the power to your home to also deliver things like Internet.

The piece decried that such a use would be a security nightmare.

Personally, I'm of the opinion that any bits outside my direct control (and even most of those in my direct control) are a security nightmare so what is special about power-line bits?

The same problem applies to wireless; and in fact every medium. All are snoopable in one way or another although some are harder than others.

About 15 years or so ago I read an article on "black fiber" - the unlit fiber being installed all over the world by various companies but not yet in use. The article hinged on what at that time was just coming out of the lab - tunable lasers and laser amplification to propose that a single, shared fiber physical network could handle all of man's bandwidth needs point to point for whatever possible needs might be dreamed up in the future in a similar fashion to the way CB radio worked; a shared "all call" channel and "meet me" facility for a particular wavelength the two ends would agree on for further communications.

The laser amplification would allow the fiber to be split many times (infinitely) and fanned out to the home/office/desk and would be bi-directional.  Of course since this would be a shared facility, encryption would have to be used and at that time (remember, 15 years ago) good encryption was the territory of government (mostly the US) and not exportable.

All of this would mean that there would be many millions of potential listeners in all conversations, the same as would be necessary for a power-line physical plant.

So, we come back to the same point - the physical medium is insecure. Only encryption, end to end, can fix this.

Today, thankfully, there is good encryption available to most people using Internet facilities. There are some exceptions, both due to export restrictions and to local governments, but all in all the problem now is really one of implementation, not availability.

Today I was working with a friend of mine on our customer's site, implementing a Virtual Private Network (VPN) capable edge router on their business LAN gateway with the intention of allowing the customer to access their business LAN from their home office. The VPN router has all the software built-in and it was only a matter of deciding what blocks of IP addresses were going to be where and allowing the remote blocks to have access to the server. The rest was handled by the new under CDN$200 per end hardware.

Another customer uses a Linux box with an older, text-oriented interface database as a major part of their business. In their case, we simply configured an open source suite called PuTTy to use the Secure Shell (SSH) protocol from their various home offices into the central server in the same manner as we had configured it for normal telnet internally on the LAN (with telnet blocked at the firewall).

I just purchased a laptop that came with a 802.11 wireless card in it, and finally decided to implement a "production" wireless LAN in my home. Our software  company has written all manner of software for 802.11 products and I've done testing and such for several years, but have never had product that I could call "mine" so I could rely on having it for any length of time. Since I was setting this up on my LAN instead of in a test environment, I was careful to ensure that it was "secure", despite the fact that there is a known vulnerability in WLAN access point software in general.

I did this by putting the access point on the outside of my firewall and treating anything that comes in or goes out through it as if it were snoopable by anyone - which meant that I set my laptop's firewall software to block all ports incoming and only use SSH to talk to the rest of my LAN. In fact, I'm setting up a software VPN facility so I can share my disk files directly too - no matter where on the planet I find myself - but all encrypted end-to end and requiring my passphrase to activate.

And this is exactly the kind of thing that is necessary when using such physical media as the power-line Internet transmission facilities I started with at the top of the article. The point is that today, not only is the technology available to take advantage of power line transmission of digital data, but also the encryption technologies necessary to allow us to make use of them without a care for how "public" they are - in contrast to the article's author's point of view.

There is no such thing as a private physical LAN/WAN facility, so expect to use encryption for anything you want to keep private and then don't sweat where the bits go.

richard