Browse Prior Art Database

MECHANISM TO MINIMIZE RF NETWORK LEAKAGE FROM A SECURE DOMAIN

IP.com Disclosure Number: IPCOM000237504D
Publication Date: 2014-Jun-19
Document File: 5 page(s) / 108K

Publishing Venue

The IP.com Prior Art Database

Related People

Joseph Salowey: AUTHOR [+2]

Abstract

Techniques are presented to disable wireless transmissions in response to detecting imminent opening of a portal (door) of the radio frequency (RF) isolated perimeter of a secure domain. This mechanism prevents violation of security policy by preventing leakage of RF energy outside the perimeter of the secure domain.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 47% of the total text.

Page 01 of 5

MECHANISM TO MINIMIZE RF NETWORK LEAKAGE FROM A SECURE DOMAIN

AUTHORS:

 Joseph Salowey Nancy Cam-Winget

CISCO SYSTEMS, INC.

ABSTRACT

    Techniques are presented to disable wireless transmissions in response to detecting imminent opening of a portal (door) of the radio frequency (RF) isolated perimeter of a secure domain. This mechanism prevents violation of security policy by preventing leakage of RF energy outside the perimeter of the secure domain.

DETAILED DESCRIPTION

    There are proposals to deploy a wireless network entirely within a radio frequency (RF) isolated domain to maintain security of any wireless communications made in that domain. This means that the wireless communication would be completely encapsulated in a physical perimeter such as a Faraday Cage or similar device. There are various entrances and exits to the isolated domain to allow people and other objects to enter and leave the protected domain.

    The problem is that when the physical perimeter is opened, RF energy can leak out. Even though the wireless communications may be encrypted, the fact that RF energy leaks out of the secure domain may violate a security policy which dictates that no RF signal from the secure domain may be present outside the physical perimeter.

    FIG. 1 below illustrates a solution to this problem. In the example shown, there is a secure domain bounded by an RF isolation perimeter using a Faraday cage or similar technologies. There are one or more wireless access points (APs) and client devices (CDs) deployed and operating in the secure domain. There are one or more secure portals that may be opened to cross the isolation perimeter of the secure domain.

Copyright 2014 Cisco Systems, Inc.

1


Page 02 of 5

FIG. 1

    The secure portals are designed such that before the portal may be opened a "RF Kill" procedure must be initiated. The "RF Kill" procedure can be configured to completely "kill" the RF signal or dampen it to minimize leakage outside the perimeter of the secure domain. The "RF Kill" procedure may simply be incorporated into the normal mechanism(s) for opening a secure door/portal such as badging, Biometric identifier (ID), push button, etc. For simplicity, FIG. 1 shows a portal controller associated with each secure portal.

Secure portal

 Portal Controller

"RF

AP

CD

CD

CD

CD

"RF

Secure portal

AP

 Portal Controller

CD

Secure Domain

Copyright 2014 Cisco Systems, Inc.

2


Page 03 of 5

FIG. 2 illustrates an example block diagram of a portal controller.
FIG. 2

    The portal controller initiates this "RF Kill" procedure to send a message to CDs and APs to stop or hold from further transmissions. This "RF Kill" message can be delivered in several ways:

    1. At the physical layer taking advantage of Dynamic Frequency Selection (DFS) or other mechanisms that prevent wireless transmission in certain frequency bands to avoid conflict with RADAR and other devices. This can be leveraged to similarly prevent APs and CDs from transmitting.

    2. At the media acce...