Wired/Wireless Alarm Systems

Larwe Wrote:

> Commercially available systems do NOT use encryption of any kind on
> sensors. It is not necessary. Think what happens when you burst open a
> door and break in: the sensor sends an alarm to the panel. If you then
> close the door, that sends a restore for that zone, but it doesn't
> cancel the alarm. So a record/playback attack is of no use.
>

I design these systems professionally. My company and all that I have 
reviewed DO use encryption on all sensors. Think about it a little more and 
you'll realise why. Re-think your record playback scenario. Normally record 
playback attacks are only an issue on wireless keyfobs that can arm/disarm 
the system. However, there are zone types that are used to arm/disarm (shunt 
lock etc.). This type of zone is used commercially and needs encrption.

Jim 

??? wrote:

>
> I have demonstrated to many a salesperson just how easy it is to
> defete wireless alarm systems.
>
> They may be conveniant, but that comes at a price!
>
> P.S. Does not matter what frequency you put them on as you can easyly
> build your own TX.

Depends on security grade of the system involved. As Larwe as mentioned an 
RF Supervision event and subsequent RF jamming fault signals can be used to 
inform a user that the alarm system is being jammed. If someone tries to jam 
a panel in armed mode then it is possible on some panels to cause an alarm 
event. The feeling being that someone 'may' be trying to block any detector 
transmissions.

Of course each design will be different but if a particular standard is 
being met for a wireless system then this is usually taken care of.

Jim 

Jim wrote:

> > Commercially available systems do NOT use encryption of any kind on
> > sensors. It is not necessary. Think what happens when you burst open a

> you'll realise why. Re-think your record playback scenario. Normally record
> playback attacks are only an issue on wireless keyfobs that can arm/disarm

Right. I design these things professionally too, BTW :) Care to share
what size of operation this is you work for? The three big names I can
think of here in the US - I work for one of them - do not use
encryption on sensors.

Larwe Wrote:

> Right. I design these things professionally too, BTW :)

Yep. I know you do. ;-)

>Care to share
> what size of operation this is you work for?

See private email.

The three big names I can
> think of here in the US - I work for one of them - do not use
> encryption on sensors.
>

We designed encryption in to make the system more secure for zone types that 
can disarm the system and I have seen encryption used on other equipment 
too. Looks like some panels are more secure than others.

Lets hope that James (original post) has an unencrypted panel. Or better 
still, has decided that the time and effort involved is too great. I know I 
wouldn't be able to find the spare time necessary to undertake such a task.

Jim

On Wed, 29 Mar 2006 17:34:57 GMT, "Jim" <tech@picmodules.com> wrote:

>If someone tries to jam 
>a panel in armed mode then it is possible on some panels to cause an alarm 
>event. The feeling being that someone 'may' be trying to block any detector 
>transmissions.

And after a few weeks of such events without any other consequences,
do you expect that anybody would pay attention to them ? Then one
night during the blackout something else happens :-).

If the system works on any license free band, such as the ISM bands
with other industrial and medical radiators (e.g. 2.45 GHz), it would
be quite unlikely that the national telecommunication authorities
would start to hunt for the jammer. In addition, locating a randomly
transmitting transmitter in an urban environment is quite hard due to
reflections. 

Paul

Paul Keinanen wrote:

> If the system works on any license free band, such as the ISM bands
> with other industrial and medical radiators (e.g. 2.45 GHz), it would

Empirically I can tell you: millions of installed systems -> no
appreciable problems.

"Paul Keinanen" Wrote:

> And after a few weeks of such events without any other consequences,
> do you expect that anybody would pay attention to them ?
>

Oh there are consequences!.  For example (and depending on the installers 
setup), the panel can be forced to not allow arm if certain faults exist. If 
the user decides to ignore the persistant fault noise, ignore the fact that 
the keypad is reporting a jamming fault, ignore the fact that the panel 
cannot arm, then hey, that user has already made the decision that they 
don't care if thet are burgled. At the end of the day the ownes is on the 
user. The alarm panel has done its job of informing the user that a problem 
has occurred and needs attention.

>Then one night during the blackout something else happens :-).
What, not a battery backed panel?. If theres a blackout then I guess the 
inteference cause will now not be operating. Guess the battery backed panel 
can now work even better. :-)

Jim 

On Thu, 30 Mar 2006 19:50:52 GMT, "Jim" <tech@picmodules.com> wrote:

>
>"Paul Keinanen" Wrote:
>
>> And after a few weeks of such events without any other consequences,
>> do you expect that anybody would pay attention to them ?
>>
>
>Oh there are consequences!.  For example (and depending on the installers 
>setup), the panel can be forced to not allow arm if certain faults exist. If 
>the user decides to ignore the persistant fault noise, ignore the fact that 
>the keypad is reporting a jamming fault, ignore the fact that the panel 
>cannot arm, then hey, that user has already made the decision that they 
>don't care if thet are burgled. At the end of the day the ownes is on the 
>user. The alarm panel has done its job of informing the user that a problem 
>has occurred and needs attention.

You just proved my point. The user will eventually disable the "false"
alarms and easily also ignore real alarms, if the system generates a
lot of spurious alarms due to bad design. IMHO, to be dependable, an
alarm system must generate far less false alarms than real alarms.
 
>>Then one night during the blackout something else happens :-).
>What, not a battery backed panel?. If theres a blackout then I guess the 
>inteference cause will now not be operating. Guess the battery backed panel 
>can now work even better. :-)

I was not referring to main failure.

In radio communication "blackout" usually refers to complete loss of
communication, often on a large number of frequencies. One the radio
link is once again jammed, but the event is ignored as a nuisance,
then it is time for the bad guy to act.

My point is that the communication should not be easily jammable, e.g.
use cables within the premises rather than radio technology.

Paul

Paul Keinanen wrote:

> My point is that the communication should not be easily jammable, e.g.
> use cables within the premises rather than radio technology.

Are you familiar with the UL clash tests for wireless security and fire
safety appliances?

Wireless sensors are universally approved for use in, and sometimes the
only practical choice for, both residential and commercial burglary and
fire warning systems.

"larwe" <zwsdotcom@gmail.com> wrote in message
news:1143801854.432295.246340@i39g2000cwa.googlegroups.com...
>
> Paul Keinanen wrote:
>
> > My point is that the communication should not be easily jammable, e.g.
> > use cables within the premises rather than radio technology.
>
> Are you familiar with the UL clash tests for wireless security and fire
> safety appliances?

Out of curiosity: what signal levels should a wireless alarm survive?
I'm asking because I find it very hard to believe that such a system,
whatever sophisticated modulation methods they use, will keep working if
someone transmits a 50W modulated carrier within a few tens of meters of
that system.

Meindert