Monday, 28 October 2019

Using radio jammers to stop WiFi networks


Last week a cyber security consultant called me to ask if Mojo Networks (the company I co-founded) can provide WiFi jammers. He mentioned the need was to protect Electronic Voting Machines or EVMs from WiFi based attacks. These EVMs from recent legislative assembly elections in Maharashtra and Haryana were placed inside a facility with physical security. Apparently, someone was concerned about the possibility that WiFi may be used to hack these machines. As I understand, these machines are not connected to any network; were kept lock & key and are very difficult not easy to access. Anyway I reminded him that civilians cannot deploy radio jammers. More important, there is no need to use jammers to create protection against WiFi based attacks. It can be achieved by deploying a state of the art wireless intrusion prevention system (WIPS).

However, knowledge of WiFi security is feeble even among computer networking professionals. In addition, there is lack of awareness on the regulatory guidelines that exist in India such as Ministry of Communications & Information Technology (MCIT) regulation, Ministry of Home Affairs (MHA) guidelines, and RBI IT Governance guidelines, to name a few.

Fundamental to wireless security is the sensor technology. WIPS sensors detect all WiFi in the air; figure out which networks are authorized as well as those those that are external. The system then prevents internal users from connecting to external networks and quarantines devices that are un-authorized but are on users’ network. While a single sensor can scan entire WiFi radio spectrum, sensors can be dedicated to select channels to massively strengthen the security cover.

The notion of “No WiFi” is an interesting use case. In a “no WiFi” environment there is no WiFi access point on users’ network and none of the users are connected to WiFi network of any kind. Such an environment is often required in data centers, military locations and even organizations with high security posture such as banks, IT/ITES companies. Besides creating a blanket “No WiFi” scenario inside a data center or a military installation, interesting situations can emerge in case of WiFi in Smart Cities where a No WiFi and public WiFi will need to coexist at the same time.

Among above regulations, MHA seems to be specific about the use of WIPS. A News item appeared on MHA guidelines in Express Computers in 2009 (https://indianexpress.com/article/india/india-others-do-not-use/citing-safety-govt-bans-wifi-in-key-offices-missions/). According to the News item, MHA mandates use of WIPS is in sensitive Central Government ministries and missions. Another article appeared in the December 2009 issue of the Indian Police Journal on “WiFi Network - A Challenge to Security Agencies”. (http://www.bprd.nic.in/WriteReadData/userfiles/file/5493026775-oct-dec.pdf).

It is noteworthy that neither of these asks for radio jamming. On the contrary, some IT administrators often ask if they can use jammers. That's like saying can I go thru a RED Light. Its not allowed unless there is a regulator of traffic (like a traffic cop) there and allows you to go. I must mention that security consultant who called me was fully aware of WIPS and how to use it.

WiFi has evolved a great deal since these articles appeared, has become ubiquitous and a de-facto mode for end users to connect to their network and Internet. WiFi is also making great strides in public arena. However, preparedness of business and Government remains far from adequate. And, there have been attacks using WiFi. While we are fixated on security threats emanating from backdoors in 3G/4G/5G network equipment, we are leaving front doors open by not deploying WIPS at sensitive locations be it corporate, Government and even public. Network and security administrators carry the primary responsibility for this. It also necessitates a policy intervention on this front.

Coming to EVMs, they have done their job well. It is now for the political parties to figure out Government formation, a non-trivial activity given the fractured mandate and those with smaller share of seats aiming for bigger slice of the Government pie.

Sunday, 6 October 2019

Disaster Management & Opportunities for Entrepreneurs


Few months back, I received a call my friend Professor Kavi Arya from IIT Bombay for being a co-faculty for a workshop on disaster management he was organizing in Bhutan. Kavi’s team also included Dr. Vinod Menon, Founder Member of NDMA (National Disaster Management Authority) of India. Bhutan workshop gave me enough opportunity interact with Vinod and pick his brains on disasters. And sure enough, Vinod poured his insights and wisdom on various types of disasters from earthquakes to fires, frequency and ferocity with which disasters strike, relief measures and most important Indian expertise in disaster management. I also learnt that minimising life and property loss through early warning systems is critical. Government spends a lot of money on relief but smarter way would be prevention. We have witnessed fury of nature in this monsoon season. And the phenomenon is global. Summer in Northern hemisphere has been severe. 

Vinod classified into floods, Landslide, Glacier Lake Out Floods (GLOFs), earthquakes, windstorms, forest fires, epidemics & biological disasters. Disasters today are result of climate change caused by massive human mistakes as well as shortsighted approaches by people coupled with laxity of city managements as was evident in water flooding witnessed in Pune recently. 

I understood that sensors (vibration, sound, thermal, magnetic radio and more) a couple with early warning systems are key to building technology and systems to monitor manage and mitigate losses from disasters. Presence of Dr. Samit Sen of IITB, an expert on Geo Spatial technologies, Raghu Iyer of Nevis Networks, one of the few who work on electronics hardware and of course Kavi a computer science expert ensured that we conceptualised what can be called as the strawman of technologies for early warning systems for disasters. 

Being an entrepreneur and part of TiE, I started looking for opportunities for entrepreneurs build systems to help Disaster Management. I am glad that FutureTech an industry vertical oriented conference by @TiEPune on Oct 18-19, 2019 has a special track on Disaster Management. The conference should open the door for entrepreneurs to leverage this massive opportunity.