On the line with DES.
THANKS TO INEXPENsive microprocessors and standardized encryption techniques, highly secure and intelligent intrusion and alarm monitoring systems are now possible. The Data Encryption Standard (DES) of the National Institute of Standards and Technology allows for a standardized approach to encryption and line supervision of a high-security alarm monitoring system. Microprocessors in system control elements allow DES to be used throughout the system instead of residing only at the monitoring facility's central processing unit.
Before looking at the use of DES in a distributed system environment, it is important to understand the evolution of electronic, high-security alarm monitoring systems and the restrictions technology placed on those systems in the past.
First, some terms. Line supervision is a means of protecting signal lines that run between secured areas. A protected area is said to be configured for protection by alarm monitoring. The protected area's alarm monitoring equipment feeds status reports to a transmission module or termination module. The module sends the information via signal lines to a central monitoring area. The monitoring area contains a receiving unit or monitor panel for the specific protected area. The receiving unit annunciates the status of the line supervision and alarm monitoring equipment with audible and visual indicators.
The first line-supervision schemes made use of simple current-monitoring circuits that generated alarms when they detected interruptions in the current flowing through the signal lines. That technique is called class B line supervision. An interruption would occur if, for example, the signal lines were electrically shorted or opened in an attempt to compromise the system.
The next development in line supervision involved detection of an alternating current (AC) waveform. A combination of AC waveforms was sent over the signal lines. If any compromise attempt was made, the waveform changed, and a line supervision alarm would occur at the monitor panel. The AC waveform was later replaced with a digital signal generated at the transmission module by a digital pattern generator.
The AC waveform and digital signal pattern generator schemes are typically referred to as class A line supervision. Specifically, the AC waveform scheme is referred to as class A tone and the digital signal scheme as class A digital.
Unfortunately, these schemes theoretically can be compromised because of a fundamental flaw in their design. A person can easily compromise current-loop monitoring by introducing a simple resistive network and voltage source into the signal lines. Likewise, a class A tone AC waveform can be monitored and replaced with a similar signal. A class A digital signal can also be monitored and at some point replaced with a false substitute. These schemes are flawed because the signals from the protected-area transmission module to the central monitoring area receiving unit are repeating signals. The current-loop current can be monitored because it is constant, the class A tone AC waveform because it consists of a fixed number of frequencies, and the class A digital because it repeats its pattern. Even though class A digital patterns might not repeat for six months, they do repeat, and computer analysis of the communications can compromise the system.
Another problem is that the line supervision circuits in the class A tone and class B current loops were found to be oversensitive to signal line resistance variations. Tone circuits require constant readjustment because of signal line degradation due to age and interference from local radio frequency sources (such as security officers' walkie-talkies).
Early government specifications for alarm monitoring and intrusion detection equipment for class A high security called for a polling/response method of line supervision. The current-loop and tonal systems never met this criterion because their supervisory signals repeated. Nonrepetition, a high-security must, is best obtained through DES-based encryption. Signals must be decoded before they can be replaced, and decoding from DES is extremely difficult, to say the least. If a computerized receiving and transmission module architecture were coding and decoding data three times per second, it would take about 710 million years to try all the combinations. (For a more detailed account of the working of DES, see the author's article "Cloak and Data" in the special section of the March 1989 issue of Security Management.)
UNTIL RECENTLY, TECHNOLOGY was insufficient to develop circuits that could generate nonrepeating signals cost-effectively. Current-loop and class A tone and digital circuits were developed in the 1960s and at the time represented the state of the art. Today, however, they represent a relatively primitive and unsophisticated technology. Moreover, changing any of their functions requires major redesign.
The only practical type of electrical circuit with the capability to adapt to a changing environment had to involve some type of computer. Computers were very expensive commodities in the 1960s and early 1970s. In the late 1970s and early 1980s, however, the invention of the microprocessor made possible the first generation of computer-based alarm monitoring security systems.
Computers make it possible to control communications between a transmission module and receiving unit. If an electrical disturbance (such as lightning or the switching on and off of heavy electrical equipment) generates electrical interference near the signal lines between the transmission module and receiving unit, the signal is temporarily lost and the receiving unit must regain synchronization with the transmission module. Older class A digital devices often required personnel to re-synchronize the transmission module and receiving unit manually. The disadvantages to that are obvious.
Computer-based designs are able to detect a loss of synchronization, validate it as a temporary loss of synchronization, and reestablish synchronization. The central monitoring personnel need not be made aware that anything happened (that is, no false alarm indication will occur).
In the early days of computer-based alarm systems, it appeared that simply throwing conventional computer technology at the problem would solve most, if not all, of the difficulties encountered. However, that turned out not to be the case. When computers were designed into these systems, they were used as computers usually are--as central control devices for systems or functions. Hence, line supervision, communication with the protected area, and alarm annunciation were controlled by the computer for all protected areas or zones being monitored.
Unfortunately, if the computer went down, the entire system went down. For standard computer system applications (simple data base management and networking), that was not a catastrophe, but for a high-security alarm monitoring system, downtime was a critical and fundamental flaw. Also, since the central computer had to process data for all zones in the system, its response time to alarms and status changes was relatively slow. These central processing-based systems, therefore, did not represent the most effective approach to using computer-based components in security systems.
A distributed system is a better answer. A properly designed distributed system does not require all protected-area modules to be operational for the system as a whole to be operational. Therefore, if a protected-area module requires replacement, only that area is affected.
For a centralized system, if spare modules must be stored on-site, different modules for all probable fault scenarios would have to be on hand--the equivalent of having to buy a complete backup system for maintenance and repair. Since distributed system modules are identical, however, fewer are required to ensure that the entire system remains fully up.
In addition to using DES, line supervision is enhanced by allowing for multikeyed DES capability and subchannel communications. Multikeyed DES allows the communications between the transmission module and receiving unit not only to send unique data but also to use a different key for each transmission. The key is selected from a table of keys that resides on the computers at both ends of the system. This approach exponentially multiplies the difficulty of compromising DES encryption electronically.
Subchannel communications allows the receiving unit to determine whether a bogus transmission module has been substituted for the original transmission module in a protected area. This feature aids in detecting whether the system has been compromised by someone who knows the DES key. In subchannel communications, the electronic dialogue between the transmission module and receiving unit occurs in real time, so it is immune from detection from the outside.
To keep pace with high-tech threats, alarm monitoring systems must increasingly rely on advanced line-supervision techniques (such as DES) and flexible and reliable system architecture, such as distributed processing computer systems.
... Ronald J Baum is president of SECUR-DATA Systems Inc., whose implementation of DES has been certified by the National Institute of Standards and Technology (formerly National Bureau of Standards). He is responsible for the design and development of the company's line of DES-based high-security products.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Data Encryption Standard|
|Author:||Baum, Ronald J.|
|Date:||Apr 1, 1989|
|Previous Article:||Housing your security needs.|
|Next Article:||Get it right the first time.|