Secure WiMAX Network Demonstration AFCEA WEST: TECHNET 2007

1

by Joseph Celano

Space and Naval Warfare Systems Center, San Diego Code 2871, Information Engineering Branch Head

and Jon Marcy

Nortel Government Solutions Vice President, Navy Programs

Introduction The Space and Naval Warfare Systems Center, San Diego (SSC SD), Code 2871, and Nortel Government Solutions (NGS), a U.S. company wholly owned by Nortel, have established a cooperative research and development agreement (CRADA) to create a secure wireless architecture for military use, such as supporting littoral operations. The CRADA efforts are aimed at improving the means of a comprehensive secure wireless network with reliable quality of service and control; especially for unmanned systems within military, humanitarian, and public safety operations in a C4ISR environment. AFCEA WEST Secure Wireless Network Demonstration To kick off the new partnership, SSC SD and NGS deployed a converged wireless enterprise network that consisted of WiMAX, WiFi, and commercial GSM technologies for the AFCEA West Conference held in San Diego, CA, from 27 January through 2 February 2007. The network demonstrated the delivery of ad-hoc networking in a secure environment providing telephony, video, and data services. Scenario An Amphibious Ready Group (ARG), composed of U.S. Navy amphibious ships and a landing force of U.S. Marines, demonstrates the United States commitment and resolve in diversified situations, including warfighting and humanitarian missions. One continual challenge of each ARG, which involves about 5,000 people, is the current means of communication provided by legacy tactical radios and satellite connectivity. The AFCEA West demonstration provided insight on advanced flexible terrestrial-based communications solution that offers broadband-like speeds for data exchanges, and one that can work in the mobile ad-hoc environment of the littoral operating area. Architecture The concept behind the architecture was to mimic a ship-to-shore configuration where the shore point of entry was the SSC SD location at Point Loma, and the ship point of entry was the San Diego Convention Center. The line of sight distance between the two points was approximately five miles.

Secure WiMAX Network Demonstration AFCEA WEST: TECHNET 2007

2

The CRADA team evaluated two unregulated wireless technologies to implement the five-mile, line-of-sight connection: 802.11a and 802.16d. At the Point Loma facility, they added a secondary wireless connection using 802.11a to interconnect the building hosting the SSC SD Secure Wireless Network Lab with the building that provided the highest point of presence needed for establishing a clear line of sight. An IP-enabled PBX telephone switch, VoIP telephones, and a GSM mobile switch controller were located at the SSC SD Secure Wireless Network Lab to emulate an ashore-based configuration. The San Diego Convention Center end of the link represented mobile and afloat units. A CAT5 cable was installed to extend the connection to the floor of the exhibit hall where the cable was terminated into an IP switch. Hosted off the IP switch was a GSM base transceiver station, an 802.11a/b/g access point, and several VoIP telephone sets. Interconnected via wireless mesh technology, additional 802.11a/b/g access points were placed at multiple locations on the exhibit floor, and VoIP telephone handsets were extended from each access point.

The technical objective of the topology was to demonstrate the ability to extend IP telephony and GSM cellular access through a secure wireless bridge. All GSM cell phones and VoIP handsets (both wireline and wireless) were able to accomplish their registration process and cross-connect through the PBX. The results were that locations hosting a wireless mesh 802.11 access point were able to successfully make and

5 Miles Direct Line of Sight

SSC SD Wireless

Network Lab on Point Loma

San Diego Convention

Center

Secure WiMAX Network Demonstration AFCEA WEST: TECHNET 2007

3

receive calls off the PBX located at the Point Loma SSC SD Secure Wireless Network Lab. Additionally, GSM calls were able to be made mobile-to-mobile and mobile-to-VoIP telephone set. Detailed Design

The following diagram captures the design and topology for the demonstration network.

SSC SD Secure Wireless Network Lab on Point Loma The configuration created for SSC SD was comprised of:

• CS1000M Communication Server or PBX (Running Succession 4.5)

• PP5520 IP Data Switch

• HX-1000 GSM Controller

• i2007 IP Telephone Handsets

• ES520 IP 802.11 Access Points o Radios - high-power 802.11a radio and high-power 802.11a/b/g radio o Range - tested up to 7 miles with omni-antennas and 32 miles with

directional antennas o High-assurance security encryption - AES 128, 192 & 256; WPA2

(802.11i) Suite B software upgradeable (Q1 2007); WIDS Sensor Module (Q1 2007) Multi-factor Authentication™

o Mesh technology - self-forming, self-healing network o Environmental - UL 60950-1, NEMA 3/3S/4, MIL-STD 810F

GSM Pico

802.16d 5 miles LOS (internal panel) Days 2-3/Primary

VoIP

GSM

SSC SD Secure Wireless Network

Lab on Point Loma

Convention Center

WLAN

Blackbox Booth

NGS

GSM

Fortress Booth

Microsoft Booth SPAWAR Booth

802.11a 5 miles LOS (parabolic-29dbi) Day 1/Back-up

Digital

Secure WiMAX Network Demonstration AFCEA WEST: TECHNET 2007

4

o Management - Browser-based GUI, CLI or SNMP o Form factor - Small (less than 4lbs), rugged, heat-dispersing unit with no

moving parts

• WiMAX Base Station o BPSK/QPSK/16QAM/64QAM o Up to +23dBm transmitter; -103 dBm receiver sensitivity o Adaptive modulation o Multi-channel transmitter and receiver diversity across multiple radios o Full-duplex/half-duplex FDD and TDD operation o Advanced software features o Full IEEE 802.16 QoS/service classes o Full IEEE 802.1d transparent bridging o IEEE 802.1Q/p VLAN tagging-untagging bridging and router functionality

The PBX was configured to support IP telephony and was interconnected to Nortel i2007 VoIP handsets, while providing trunk connectivity to an ES520 wireless 802.11 Access Point. From the ES520 Access Point, a short wireless link was made to an adjacent building where a clear line-of-sight shot was obtained. At that location, an Ethernet “relay” was established by interconnecting the ES520 with the WiMAX Base Station.

San Diego Convention Center The configuration created for the San Diego Convention Center was comprised of:

• PP5520 IP Data Switch

• GSM Base Transceiver Station o 1 TRX, 8-channel BTS in a 1RU chassis o 3 TRX, 24-channel BTS in a 2RU chassis o Single 10/100 Ethernet connection to Zynetix controller o Two antenna connections for TX and RX antenna connections o Range 2 to 10+ miles depending on antenna height, terrain type, tree

cover, and frequency o Frequency - 850MHz, 900MHz, 1800MHz, and 1900MHz options

o Supports GPRS (CS1 to CS4) o Integrated “Network Listen” capability – minimizes RF planning o Radio Interface

� Frequencies - 900, 1800 and 1900MHz � Output power - 43dBm � Power Control - 22 to 43dBm in 12 x 2dBm steps � Antenna - external SMA connectors for TX and RX � Configuration - 1 to 3 TRX, 8 to 24 timeslots

o Services � Circuit switched data supports secure calls at 9600bps � Tele-Services Telephony, SMS MT/MO/CB � GSM encryption - A5/1, A5/2 (requires applicable export license)

� GPRS support CS1-4, Multi-slot class 12, Dynamic PDCH

• ES520 IP 802.11 Access Points

• i2007 IP telephone handsets

• IP wireless handsets

• GSM Wireless PDAs

Secure WiMAX Network Demonstration AFCEA WEST: TECHNET 2007

5

• WiMAX Remote At the San Diego Convention Center, a WiMAX remote was mounted on the mezzanine, and a CAT5 cable was extended from the mezzanine to the exhibit floor where it was terminated into a PP5520 IP switch. Hosted off the IP switch was a GSM base transceiver station, an 802.11a/b/g access point, and several VoIP telephone sets. Interconnected via wireless mesh technology, additional 802.11a/b/g access points were placed at multiple locations on the exhibit floor, and VoIP telephone handsets were terminated off each access point. Security Fortress Layer Two encryption was activated across the RF paths carrying IP traffic. A Sectera encryption engine running Type Four (AES) encryption was used on the GSM system. Working with secure GSM handsets from General Dynamics, the CRADA team was able to become secure when a call was operational. Summary The secure WiMAX network demonstration proved that hybrid cellular/802.11/802.16 radio networks can be created and integrated with appropriate security to protect the IP and/or telephony traffic. VoIP calls were clear and latency was non-existent. Interoper-ability between IP and TDM (cellular) was accomplished using an IP-enabled PBX that supported SIP. About the Secure Wireless Network CRADA The Secure Wireless Network Lab has been established in Building 84, Topside, at SSC SD, in partnership with NGS. The lab focuses on designing a secure, multi-spectrum wireless network for fixed and mobile voice and data communications that meets all requirements of U.S. Department of Defense Directive 8100.2. Wireless technologies initially include Wi-Fi (802.11a/b/g), GSM, WiMAX (802.16d/e), MIMO, and OFDM. Other 4G (fourth-generation) wireless technologies will be added. Using an open-architecture approach, multiple vendors and government organizations will be integrated into the secure wireless network. The secure wireless network is currently limited to Point Loma, San Diego, but the goal is to extend the network throughout the San Diego metropolitan area, as well as to Camp Pendleton, CA, and St Julian’s Creek in the Norfolk, VA, area. For further information about the CRADA or how to participate in the research and development agreement, please contact Joseph Celano at joe.celano@navy.mil, 619-553-9433 (office), or 858-774-3843 (mobile).