Improving security with Ronja

Ronja is an optical datalink 10Mbps full duplex over 1.4km:

Home or office security

Here you see Ronja installed on balcony of a flat.

A camera can be installed, monitoring inside and/or outside of the flat. Let data be streamed to remote location immediately, where the record is stored on a hard disk. If a intruder breaks into the flat, he will be recorded by the camera. He cannot destroy the record though, because it is located up to 1.4km away. To defeat this system, both locations would have to be broken in at the same.

The intruder cannot disable the system by radio jamming, because the transmission is done by light, and by very narrow beam. Also outside cables don't exist that could be severed, as in case of implementing the system over metallic or fibre optics network. As Ronja consumes only 5.6W of power, it can be easily put on an UPS, which guards against attempts to defeat the system by cutting the house off power grid.

Man in the middle attack

From the picture you can see that mounting a man-in-the-middle attack against Ronja would require a crane to put a man into the beam. The man would have to set up a bulky optical device to receive data and retransmit their changed version. Mounting such high-profile attack would be witnessed by the whole neighbourhood.

On the other hands, today's most widespread wireless technology, WiFi networks, can be hijacked very easily, as you can see from demonstration of "airpwn" tool. And built-in security protocols of WiFi don't remove this problem -- according to paper "Your Wireless Network Has No Clothes", all of them are flawed.

Denial of Service (DoS) attack

Today's most widespread technology, WiFi, is open to a jamming attack without workaround. The jammer can sit anywhere, concealed.

On the other hand, to jam Ronja, the attacker would have to carry a modulated laser device with bulky tripod and fine-pointing mechanics. On top of that, he would have to seek certain small spot, where the beam is visible. This spot furthermore doesn't exist in all installations, and those that exist often aren't publicly accessible. Jamming would be then easily spotted by looking from the receiver - it's clear where the jammer has to be - and the jammer would be easily witnessed by public.

Network Hijacking

WiFi networks can be hijacked (see chapter 4.2 of the paper). Ronja is immune to this attack because doesn't contain any state machines that could be confused by the adversary.

Distributed Denial of Service (DDoS) attack in wireless networks

If someone mounts a successful distributed DoS against a wireless network, a flood of data will come that will overflow all available bandwidth.

Today's most popular wireless architecture, WiFi, has a distinct disadvantage of being half duplex. This results in a failure in such case:

Packetloss will rise enormously
Round-trip will rise to unacceptable level, and fluctuate rapidly
Legitimate TCP connections will grind to halt, and fall apart after timeout.

On the other hand, Ronja will still maintain it's key properties:

Packetloss will stay the same, at it's typicel BER of 10^-9 or better
Roundtrip will stay at it's normal value, virtually zero.
Only the bandwidth will be used up to 100%.

In such scenario, legitimate TCP connections will be typically just slowed down. Even this can be prevented by prioritizing them over other traffic using QoS.

Backup connectivity