download
TRANSCRIPT
WIRELESS INFORMATION ASSURANCE
April 18, 2023
Paul RatazziAir Force Research Laboratory
Rome NY
(315) [email protected]
UNCLASSIFIED
2
UNCLASSIFIED
UNCLASSIFIED
Wireless Exposes the Enterprise
• Cannot contain RF signals without compromising system performance.
• No physical boundaries for conventional firewalls or perimeter defense.
• Cannot prevent receipt of adversarial incident energy without compromising system performance.
Intruder can easily…
…gain access to information
…manipulate/tamper data
…utilize network resources
…perform traffic - activity correlation
…detect communication activity
…locate network components (T/DOA)
…deny service
3
UNCLASSIFIED
UNCLASSIFIED
Simplified Network Architecture
Firewall
PUBLICWEB
SERVER
Router Internet
PHYSICAL SECURITY BOUNDARY
4
UNCLASSIFIED
UNCLASSIFIEDBasic Wireless Architecture &
Vulnerability
Firewall
PUBLICWEB
SERVER
Router Internet
ACCESS POINT
WIRELESS COMPUTERS
PHYSICAL SECURITY BOUNDARY
5
UNCLASSIFIED
UNCLASSIFIED
Detect
Protect / Collect
Respond
“The information operations that protect and defend information and/or information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for the restoration of the information systems by incorporating protection, detection, and reaction capabilities.”
Source: Joint Pub. 3-13, Information Operations
Protect information, information systems, and computer networks.
Collect information to facilitate future decision making.
Analyze, Understand, and Respond quickly to ensure mission critical information is available, correct and secure.
Monitor and Detect information warfare attacks in real-time.
Information Assurance
6
UNCLASSIFIED
UNCLASSIFIED
Protect Detect Respond
“Full Spectrum” IA Problem Space
Data link
Physical
Network
Transport
Session
Presentation
Application
Wir
eles
s E
mp
has
is
!
!
7
UNCLASSIFIED
UNCLASSIFIEDInitial Technology Focus – Commercial
Wireless LAN
• Institute of Electrical & Electronics Engineers (IEEE) 802.11
– Encryption (Wired Equivalent Privacy – WEP)
– Proprietary and standard security features/enhancements (dynamic WEP, “closed” network, access-control lists)
– Modes of operation (ad-hoc, infrastructure)
– Air interface (antenna, operating frequency)
– Software (driver, utility, application, diagnostic)
– Architecture, CONOPS and integration into corporate infrastructure
Adapter: $130
AP: $560
Distribution System (DS)
Extended Service Set (ESS)
BSS
Basic Service Set (BSS)
AP
Access Point (AP)
Adapter
802.11 Architecture
Example 802.11b Hardware
8
UNCLASSIFIED
UNCLASSIFIED
DoD Applications of Commercial WLAN
• Flight line
– Maintenance, operations
• Logistics, asset tracking
• Base infrastructure
– Hospitals, offices
• Deployed units
– Air Operations Center
– Forward Operating Location
– Medical
• Small unit operations, Special Forces, TACP, battlefield operations
• Shipboard, sub-board, ship-to-ship, littoral
• Aircraft internal, air-to-air (formation)
9
UNCLASSIFIED
UNCLASSIFIED
Issues – Use of Commercial WLAN
• RF
– Unlicensed frequency bands of operation
– No use of advanced RF techniques (nulling, steering)
– No electronic protection technology
• Security
– Security features are optional and may impact interoperability
– Weak encryption used and only applied to payload, not network information
– Vendors won’t publicize security problems
– Size of security perimeter depends on adversary’s antenna
– Wireless can “break” the forensics trail
• Standards/Interoperability
– Proprietary extensions to standards and proprietary HW/SW
• Other
– Focus is on operation in a benign environment
– Friendly equipment same as adversary’s equipment
10
UNCLASSIFIED
UNCLASSIFIED
Issues (cont’d)
• Capstone Requirements Document (CRD) for Global Information Grid (GIG), dated 30 August 2001:
“DoD has little or no network management capability to accompany its increasingly widespread use and application of advanced mobile wireless computing and networking which are inherently ad hoc.”
11
UNCLASSIFIED
UNCLASSIFIED
Issues – “Wardriving”
• Network Stumbler, Kismet, WinXP, etc.
– Wireless LAN discovery
• AirSnort
– Breaks WEP encryption keys after sufficient traffic is captured
• WEPcrack
– WEP breaker
• AeroSniff
– 802.11b sniffer
• AeroPeek
– 802.11b sniffer, WEP decoder
• wigle.net, netstumbler.com
– National databases of identified networks
12
UNCLASSIFIED
UNCLASSIFIEDWireless Geographic Logging Engine
(WiGLE)
As of 5 Dec:
Total unique networks in DB: 191170Total networks protected (layer 2): 51718 (27%) Chicago
13
UNCLASSIFIED
UNCLASSIFIEDImpact of Commercial WLAN
Shortcomings
• Unprotected physical layer
– Detection, location, activity analysis, jamming, interference
• Poor layer-2 security
– Man-in-the-middle, forgery, unauthorized use, DoS, traffic analysis
• Lack of wireless layer 2 IDS
– Poor forensic capability, lack of situational awareness
• Weak encryption
– Data security compromise
14
UNCLASSIFIED
UNCLASSIFIEDWhat’s Being Done?
Policy
DoD Directive 8100.bb:
“Use of Commercial Wireless Devices, Services, and Technologies in the DoD Global Information Grid (GIG)”
Status:
SD106 Adjudication Draft, 30 Jan 03
15
UNCLASSIFIED
UNCLASSIFIEDWhat’s Being Done?
Technical Risk Mitigation Strategies
• Only allow access to known clients
– MAC address filtering
• Configure Access Points to “Closed Mode”
• Set strong SSID (Service Set Identifier ~ Wireless Network Name)
• Require Username/Password authentication
– e.g., EAP (802.1x)
• Turn on Wired Equivalent Privacy (WEP), WEP+, Dynamic WEP
– 128-bit encryption
– Change session keys at every logon
– Avoid “weak keys”
• Implement VPN encryption, 3DES (168-bit) IPsec
– FIPS 140-2 compliant
• Firewall the WLAN environment (Wireless DMZ)
16
UNCLASSIFIED
UNCLASSIFIED
FirewallVPN (Cisco
3030)
Access Points (Cisco 350)ID Sensors
(future)
WirelessComputers
Secured – 128-bit WEP+ & VPN 3DES 168-bit encrypted
What’s Being Done?Today’s Wireless Security Architecture
INTERNALNETWORK
DMZ
Firewall
PUBLICWEB
SERVER
Router Internet
PUBLICFTP
SERVERDOD Policy & AF Implementation Guidance Being Finalized
17
UNCLASSIFIED
UNCLASSIFIEDWhat’s Being Done?
Operational Risk Mitigation Strategies
• “War Driving” - Periodic compliance testing
• Tools used
– AiroPeek (passive wireless sniffer, cost: $2K)
• Detects and can decode WEP
• Detects all APs and clients in range
– Network Stumbler (AP interrogator, cost: free)
• If AP is not “closed”:
– Reveals SSID (Wireless Network Name)
– Indicates if encrypted (WEP)
– Measures signal, location
– Locust (dedicated passive handheld 802.11b receiver, cost: $4K)
• Reveals MAC, WEP usage, signal information
“Parking Lot Attack”
CRITICAL NEED:
Automated, integrated
compliance and intrusion detection
capabilities!
18
UNCLASSIFIED
UNCLASSIFIED
Still A Lot More to Do…
Detect
Protect
Respond
PolicySecurity Architecture
Manual Security Testing & Monitoring
??
Wireless IA
??
??
19
UNCLASSIFIED
UNCLASSIFIED
What Else Can Be Done?
Detect
Protect
Respond
RF ProtectionAdvanced Antennas
Mobile AuthenticationKey Management
RF Detection & LocationLayer 2 Intrusion Detection
Host-Based ID
Active ResponseAdaptive NodeKey Revocation
Wireless IA
20
UNCLASSIFIED
UNCLASSIFIEDAFRL Wireless Detect and Respond
Development Capability
• Development System
– Free and Open Source Software (FOSS) platform
• Linux OS, linux-wlan, hostAP, other community s/w
• Cross-compiler for target sensor platform
– PPC SBC, laptop, etc.
• Intersil® PRISM® WLAN hardware
– PC Cards, USB adaptors
• Code portable to other platforms
– Wintel
21
UNCLASSIFIED
UNCLASSIFIED
Development Process
Wireless Protocol AnalysisAnomalous Behavior Identification
Intrusion Detection Threshold
Intrusion Started
Intrusion Stopped
Embedded Systems Development
22
UNCLASSIFIED
UNCLASSIFIED
Wireless Intrusion Detection System
• Layer 2 monitoring of WLAN via wireless NIC
• Distributed coincident with WLAN coverage
• AP-based or host-based
• Uses standard NIC
• Small, low-cost embedded platform
• Free and open source software based
• AFRL in-house developed
23
UNCLASSIFIED
UNCLASSIFIED
WIDS Functional Block Diagram
NCC Tools, e.g., Air Force Enterprise Defense (AFED)
WIDS SBC
Wireless Sensor 5Wireless Sensor 4
Wireless Sensor 3Wireless Sensor 2
Wireless Sensor 1
widsd Daemon
wland Daemon
Access Point
syslogd Daemon
RF, firmware
EthernetNO Wireless Intrusion
Detection or Policy Violation Detection Capability
Currently in DoD NCCs
24
UNCLASSIFIED
UNCLASSIFIED
Current WIDS Sensors
• Policy Compliance
– Rogue AP Detection
– Unauthorized Client Connections
– Unprotected SSIDs
– WEP Usage
– Ad-hoc Networks
• Intrusion Detection
– “Wardriving” Probes (Network Stumbler, Kismet, WinXP, “survey”/”debug” mode, etc.)
– Connection Hijacks
25
UNCLASSIFIED
UNCLASSIFIED
WIDS Concept Architecture - Fixed
FIREWALL
PUBLICSERVERS
Router
ACCESS POINT
WIDS-AGENT
WIRELESS COMPUTERS
PHYSICAL SECURITY BOUNDARY
ACCESS POINT
ESM TOOLS
INTERNETINTERNET
WIDS
WIDS-AGENT
WIDS-D
WIDS-D
WIDS
WIDS Server
26
UNCLASSIFIED
UNCLASSIFIED
WIDS Concept Architecture - Mobile
WIDS
WIDS-AGENT
WIDS-AGENT
WIDS-AGENT
27
UNCLASSIFIED
UNCLASSIFIED
Additional AFRL R&D Activities
• Distributed Intrusion Detection and Boundary Control
– Leverage client antenna perspectives
• Adaptive Radio Frequency Processing
– Develop radio front-end with real-time adaptive carrier frequency
• Software Defined Radio Applications
– Allow full reconfigurability at all seven layers
• Waveform Signature Analysis
– Hardware authentication and keying
• RF Watermarking
– “Invisible” data embedded at physical layer
28
UNCLASSIFIED
UNCLASSIFIED
Adaptive RF ProcessingIn-house Activity
Objective:
• Develop adaptive “physical layer” (i.e. RF) techniques to improve signal “robustness” against intentional and unintentional jamming/interference
Approach:
• Implement “N-Sigma Adaptive Frequency Domain Excision” algorithm
• Utilize FPGA technology for digital implementation of algorithm
• Utilize RFICs for up/down-conversion of 802.11 waveform to baseband
Summary:
• Expect working N-Sigma Algorithm by 3-4QFY03
• End-to-end demo, including up/down conversion, 1-2QFY04
Progress:
• Purchased Xilinx FPGA boards and RFICs
• Developed Triple Memory Space (TMS) 1024-point Fast Fourier Transform
• Developed various VHDL sub-modules optimized for FPGAs:
– Real/Imaginary Magnitude Function
– Logarithmic Scaling Function
– Mean/Standard Deviation Function
Schematic of 1024-point Complex Fast Fourier Transform
29
UNCLASSIFIED
UNCLASSIFIEDSoftware Defined Radio for Secure
Wireless• Demonstrate interoperability and
ability to P-D-R
– SDR contains all layers of networking and all are reconfigurable
• Develop dynamic node personality concepts – “sense and adapt”
– Multiple modulation formats
– Reconfigurable antennas
– Frequency agility
• Develop enhanced COTS protocols
– Secure LPI/D orderwire
– Automatic key updates
• Develop AJ approaches
– AJ receivers
– Frequency agility
Detect
Protect
Respond
SDRCOTS
30
UNCLASSIFIED
UNCLASSIFIED
RF Watermarking
• Objective: Develop techniques to insert watermarking (aka branding) at the physical layer of a wireless network. Demonstrate how various radio equipment can be identified based on its RF signature. Demonstrate RF watermarking in either SDR testbed or 802.11 WLAN environment.
• Approach: Develop approach for RF watermarking of wireless links. Identify platform best suited for implementation (SDR or 802.11). Identify and leverage current work in equipment identification based on RF signatures. Demonstrate RF watermarking and equipment Identification on SDR platform
31
UNCLASSIFIED
UNCLASSIFIEDAuthentication & Key Revocation
Protocols for WLAN
• Fast, secure software data encryption
• Scalable mutual authentication protocol between nodes with unequal computing power
– Symmetric key systems on mobile side
– Public key systems on base side
• Efficient group key distribution and update (via broadcast)
Lack of mutual authenticationMutually
authenticated
Attackerbase station
Base station
Mobile units
Failed authentication
32
UNCLASSIFIED
UNCLASSIFIED
CONOPSCONOPS andandIntrusion Tolerant ProgramsIntrusion Tolerant Programs
IntrusionIntrusionForecastingForecastingProgramsPrograms
RealReal -- TimeTimeRecoveryRecoveryProgramsPrograms
AttackAttackMountedMounted
SystemSystemIntrusionIntrusion
Attacker Attacker ReconnaissanceReconnaissance
DamageDamageInflictedInflicted
Access Access ProbeProbe
CoverCover -- UpUp
TargetTargetAnalysisAnalysis
Attack Attack ForecastForecast
Intrusion Intrusion DetectionDetection
Damage Damage AssessmentAssessment
RecoveryRecovery
Defender Defender ReconnaissanceReconnaissance
Impact Impact AnalysisAnalysis
ResponseResponse
Threat Threat AnalysisAnalysis
COTS Solution
Defense GAP
Legend
Time
FortificationFortification
Physical Physical SecuritySecurity
Entry Entry ControlControl
System System ReactionReaction
Comprehensive Intrusion Detection & Recovery for the Tactical Comm. Grid
Attacker
Defender
33
UNCLASSIFIED
UNCLASSIFIEDWireless Intrusion Detection:Establishing “Radio Loyalty”
•••
•
Use Patterns & Indicator Classes
On/Off ProfileUntimely
Response
Compare with Doctrine, Policy and
Procedure
Detect & Respond
Establishing radio loyalty is an integration of reporting, pattern recognition, mission profile awareness and tracking, and doctrine
34
UNCLASSIFIED
UNCLASSIFIEDWLAN Security Analytic Tools &
Database
Use Case
WLANCharacterization
Threats
Defensive Measures
PDR
A B C
DATABASE
Taxonomy
OccurrenceConsequence
EffectivenessCost/Impact
ISO
SAICProcess
(tool)
RISKAssessment
Tools
L I D R
WIRELESS INFORMATION ASSURANCE
April 18, 2023
Paul RatazziAir Force Research Laboratory
Rome NY
(315) [email protected]
36
UNCLASSIFIED
UNCLASSIFIED
38
UNCLASSIFIED
UNCLASSIFIED
Network Stumbler“Proudly Stumbling on a Street Near You”
Vendor
Encryption?SSID/Name Location (GPS)S/N
MAC
Coverage
39
UNCLASSIFIED
UNCLASSIFIED
AFOSI Netstumbler.com Database Analysis
• Webcrawler script to gather entire netstumbler.com database
– BSSID, SSID, Latitude, Longitude, Vendor, S/N
• Position compared to AF Base locations
– 10 mile radius
• Results (a/o Dec 01)
– >2,600 APs in database that meet location criteria
– Many have “AF-ish” SSID
• Database now offline, but was probably merged with WiGLE
Vulnerable Wireless Networks Adjacent to Air Force Bases
BSSID SSID Distance (km)Adjacent Base
00:02:2D:00:55:07 WaveLAN Network 14.63 Andrews AFB MD00:02:2D:00:55:15 WaveLAN Network 14.61 Andrews AFB MD00:02:2D:0D:16:B8 WaveLAN Network 14.18 Andrews AFB MD00:02:2D:2F:E9:78 Cox Cable 15.3 Andrews AFB MD00:02:2D:2F:F0:5F Adv Airport 14.51 Andrews AFB MD00:04:5A:0E:8B:9A linksys 14.73 Andrews AFB MD00:04:5A:CF:84:8B linksys 14.83 Andrews AFB MD00:40:96:25:95:FD 2 3.72 Andrews AFB MD00:40:96:30:69:A5 tsunami 13.04 Andrews AFB MD00:40:96:30:9C:0B 8 15.79 Andrews AFB MD00:40:96:33:B2:F6 colcap01 12.65 Andrews AFB MD00:40:96:34:22:7B bodyshop 15.25 Andrews AFB MD00:40:96:34:8E:50 2 12.76 Andrews AFB MD00:40:96:42:EF:84 R-Pilot 14.81 Andrews AFB MD00:40:96:47:A7:48 ats 15.32 Andrews AFB MD00:60:1D:23:B1:85 WaveLAN Network 14.18 Andrews AFB MD00:60:1D:F0:A6:94 AirPort Network f0a694 14.55 Andrews AFB MD00:02:2D:21:5B:FE Apple Network 215bfe 13.58 Beale AFB CA00:40:96:26:32:3A marysville 13.47 Beale AFB CA00:04:5A:0E:0E:03 linksys 11.97 Bergstrom AFB TX00:02:2D:00:55:07 WaveLAN Network 5.1 Bolling AFB DC00:02:2D:00:55:15 WaveLAN Network 5.1 Bolling AFB DC00:90:D1:00:E8:D6 SITO192 10.54 Bolling AFB DC00:90:D1:00:E9:35 SITO192 10.28 Bolling AFB DC00:90:D1:00:F9:D1 WLAN 11.52 Bolling AFB DC00:02:2D:0C:F9:0D WLAN 8.64 Bolling AFB DC00:90:D1:01:12:AC WLAN 8.07 Bolling AFB DC00:90:D1:01:14:5A TELISPARKWAP 10 Bolling AFB DC00:90:D1:01:30:35 HOTEL 8.98 Bolling AFB DC00:E0:03:04:1F:C4 Nokia WLAN 8.38 Bolling AFB DC00:E0:03:04:1F:FB ArlWIPOP 9.03 Bolling AFB DC00:E0:03:04:31:4F ArlWIPOP 8.67 Bolling AFB DC00:E0:03:04:C1:2B Nokia WLAN 9.32 Bolling AFB DC08:00:46:0A:EC:70 0aec70 11.5 Bolling AFB DC00:02:2D:0D:16:B8 WaveLAN Network 5.13 Bolling AFB DC00:02:2D:0D:4E:DF AirPort 10.1 Bolling AFB DC00:02:2D:0F:6E:E5 Apple Network 0f6ee5 9.37 Bolling AFB DC00:02:2D:0F:8E:3B Tanyas Airport 8.44 Bolling AFB DC00:02:2D:0F:CE:5D Telispark Airport 10 Bolling AFB DC00:02:2D:1C:65:10 WaveLAN Network 9.59 Bolling AFB DC00:02:2D:1C:65:2B WaveLAN Network 9.59 Bolling AFB DC00:02:2D:1C:65:71 WaveLAN Network 9.63 Bolling AFB DC00:02:2D:1C:65:73 WaveLAN Network 9.59 Bolling AFB DC00:02:2D:1D:91:40 Apple Network 1 8.53 Bolling AFB DC00:02:2D:1E:F0:3E Home Wireless 10 Bolling AFB DC00:02:2D:1F:55:E1 TEKLOGIX 15.29 Bolling AFB DC00:02:2D:20:8C:11 airport1 9.94 Bolling AFB DC00:02:2D:21:98:26 Base Station 8.55 Bolling AFB DC00:02:2D:22:13:05 sunnyd13 9.04 Bolling AFB DC00:02:2D:22:4F:F0 NCEE Airport Net 2 8.2 Bolling AFB DC00:02:2D:2B:81:F1 Apple Network 2b81f1 9.13 Bolling AFB DC
40
UNCLASSIFIED
UNCLASSIFIED
Forensic Issues Amplified by WLAN
• Collection problematic or impossible.
– No persistent or latent physical evidence w.r.t. network connection. “Drive away.”
– Latent evidence on network will link attack to unwitting service provider, not ultimate attacker.
– Layer 1 & 2 latent evidence trail stops at AP
Prevents comprehensive forensic process.
• Attacker not bound by…
– Any service level agreement
– Physical constraints
Significantly reduces traceability & accountability
41
UNCLASSIFIED
UNCLASSIFIEDWireless Forensic Spin-Up
- Recommendations
• Covert agents to “see over” layer 1/2 AP “wall”
– Dispatched to attacker’s machine
– Return layer 1/2 info. over covert higher-layer channel
• Wireless-side smart sensors, triggers, logs, etc.
– Tied back to provider’s NMS
– Include feature selection, semi-autonomous
• Improved wireless standards
– Include features that support requirements of IA
42
UNCLASSIFIED
UNCLASSIFIED
CITS CDR Draft Wireless Architecture
Ext-Rtr
Internet
NCC.AF.MIL
NCC-INT-RTRCisco 7507
NCC_EXT_2916
NCC_INT_2916
NCC_SWv5.1
NCC-FW2v5.21
NCC-FW1v5.21
DNS
DNS
ASIM
SDP
BaseDomain
Controller
AccessPoint
EBNSwitch
EBNSwitch
EBNSwitch EBN
Switch
ITN Switch
AccessPoint
AccessPoint
AccessPoint
AccessPoint
AccessPoint
VPN Gateway(Will Be Redundant)
IDS
Layer 3Switch
Workstation
VLAN for Wired baseusers
VLAN for Wirelessusers
NetworkManagement
Servers
Radius
AccessPoint
Workstation
Workstation
Workstation
Laptop computerwith VPN Client
Laptop computerwith VPN Client
Pen computer
PDA withVPN Client
WIN CEwith VPN
Client
Handheld dataTerminals with
VPN Client
Workstation
Handheld dataTerminals with
VPN Client
Workstation withVPN Client
Handheld dataTerminals with
VPN Client
43
UNCLASSIFIED
UNCLASSIFIED
Excerpt from SRD for ITS-Wireless
4.3.6 Intrusion: Detection and Prevention
The WLAN shall be integrated within CITS framework to ensure that the following features are provided:
a) Collecting sufficient data to monitor and document the internal and external threats; store packets for future recreation and analysis; creating files, which can be analyzed using filters, policy and options (threshold).
b) Protection in such a manner that the network based Intrusion Detection System (IDS) detects correlated intrusion attempts in space (different sources of intrusion) or in time (long attempts) against a base, against a group of hosts or a single host (objective).
c) Generation of alerts and alarms and sending them to the IDS manager. False alarm rate is less than 1% of all alarms (threshold).
d) Anti-IDS avoidance capabilities (objective).
e) Sniffing and penetrating scanner functions: scanning for the presence of unauthorized APs and clients; maintaining a list of authorized APs; detection of attempts to get connected to an AP, made by unauthorized users; ability to simulate unauthorized access attempts to a legitimate AP (objective); reporting wireless connections, which are not a part of the authorized structure; detecting location of any AP or client using directional antennas and signal strength measurements (objective).
f) Traps for network scanners and attackers (objective).
g) Monitoring log files for suspicious activities (threshold).
h) Capability of presenting the security picture of the whole wireless network (threshold).
44
UNCLASSIFIED
UNCLASSIFIEDWIDS Concept Architecture #1:
Collocated Sensors
FIREWALL
PUBLICSERVERS
Router
ACCESS POINT
WIRELESS COMPUTERS
PHYSICAL SECURITY BOUNDARY
ACCESS POINT
ESM TOOLS
INTERNETINTERNET
WIDS
WIDS
WIDS FUSION
45
UNCLASSIFIED
UNCLASSIFIEDWIDS Concept Architecture #2:
Integrated Sensors
FIREWALL
PUBLICSERVERS
Router
ACCESS POINT
WIRELESS COMPUTERS
PHYSICAL SECURITY BOUNDARY
ACCESS POINT
ESM TOOLS
INTERNETINTERNETWIDS-i
WIDS-iWIDS
FUSION
46
UNCLASSIFIED
UNCLASSIFIEDWIDS Concept Architecture #3:
Parasite Sensors
FIREWALL
PUBLICSERVERS
Router
ACCESS POINTW
IRELESS COMPUTERS
PHYSICAL SECURITY BOUNDARY
ACCESS POINT
ESM TOOLS
INTERNETINTERNET
WIDS-USB
WIDS-USB
WIDS FUSION
47
UNCLASSIFIED
UNCLASSIFIED
100m
Host-Based Intrusion Detection
Authorized Client
Unauthorized Client(s)Access Point
Client/AP w/ID
48
UNCLASSIFIED
UNCLASSIFIED
Adaptive RF ProcessingIn-house Activity
Philips SA1630 IF Transceiver
Philips MA1021 Philips SA2420
Internal Antennas
DARPA Miniature Radio CODEC
{PC Control
2.4 GHz Front End
Modified ORiNOCO (Lucent) 11 MBPS “Silver” PC Card