1. Technical Field
The present invention relates to network security apparatus and methods and, in particular, to network adapters and methods providing a secure setup for shared physical medium devices.
2. Related Art
A network can describe a system of two or more electronic devices coupled by a channel—an interconnecting signal path using a transmission medium. In general, a communications network is a service network formed to exchange data between the networked devices. The rate, at which data can be transferred reliably over that interconnecting signal path within a defined interval, is the channel capacity or throughput. In a real communications channel, throughput is constrained by the available channel bandwidth and the noise present in that channel. Bandwidth corresponds to the frequency range of the particular communication channel operates, and the rate at which data is communicated through that channel. Many types of noise exist, including for example, additive white Gaussian, periodic pulse, a periodic pulse, single tone, and multiple tone, with each type imposing a characteristic penalty on channel capacity. In general, the data rate of reliable communication is directly proportional to the frequency range of the signal used for the communication.
The Shannon-Hartley Capacity Theorem establishes the maximum amount of error-free data that can be transmitted over a communications channel with a specified bandwidth, in the presence of noise interference and data corruption:
  C  =      BW    *                  log        2            ⁡              (                  1          +                      S            N                          )            or, alternatively,
  C  ⁢          ⁢  •  ⁢          ⁢  BW  *      (          1.44      *              ln        ⁡                  (                      1            +                          S              N                                )                      )  where
C is maximum channel capacity (bps);
BW is channel bandwidth (Hz); and
S/N is average channel signal-to-noise power ratio (SNR).
Thus, the Shannon-Hartley Capacity Theorem indicates that the rate at which data can be transmitted over a communications channel can be increased up to the channel capacity and, conversely, that no useful information can be transmitted beyond the channel capacity, because the probability of error at the receiver increases without bound, as the data transmission rate is increased. While the Shannon-Hartley Theorem establishes the maximum rate at which data can be communicated over a channel, many practical factors significantly limit the capacity of a real channel. Exemplary practical factors include the choice of transmitter and receiver; the physical distance between, and the relative placement of, the transmitter and the receiver; the nature of the transmission medium used by the channel to couple the transmitter and receiver; the communication environment of the channel; the predicted noise levels for a given implementation; channel-imposed nonlinearities; and the presence of other transmitters on a channel. Implementation factors are diverse, ranging from adopted or imposed standards, to regulating body constraints, to production costs, and to the end-use uncertainties.
Typically, transmitters and receivers are designed to meet adopted or imposed standards, while simultaneously achieving some acceptable level of reliable data transfer over a range of presumed adverse conditions. For example, the exemplary Gigabit Ethernet family of standards describes multiple types of communication channels intended to communicate data at a rate of 1000 Mb/s with 100% reliability despite (limited) errors in the data stream. One such standard, IEEE Std. 802.3ab (1000BASE-T), specifies the requirements for the physical layer for a CSMA/CD baseband EEPN, which uses electrical signaling to communicate data to a distance of 100 meters over a transmission medium of four pairs of 50-ohm Category 5 balanced copper cabling, by transmitting at a power level of about one watt. Another such standard, IEEE Std. 802.3z specifies the requirements for the physical layer for several CSMA/CD baseband EEPN architectures, including 1000BASE-L, in which a transmitter uses a longwave laser operating at a wavelength of about 1300 nm to communicate data signals to a distance of 5000 meters over a 10 micron single-mode optical fiber transmission medium, by transmitting at a power level of −3 dBm (0 dBm=1 mW). However, the rates and metrics specified by the aforementioned standards are closely tied to the transmission medium used at the physical layer of the network. Significant departures from the corresponding standard, for example, using a lower transmitted signal power, a higher transmitted bit rate, consuming greater bandwidth, and so on, will likely produce a substantial increase in transmitted bit error rate and a sharp decrease in experienced transmission reliability.
Accordingly, current network adapters, conforming to these and other communication standards, are designed to combat deleterious factors that degrade the maximum achievable throughput in a specific transmission medium, by employing transceivers designed to consistently transmit robust signals at a defined minimum transmitted power that is sufficient to reach the standard-specified maximum signal range, or alternately, maximum network segment length (e.g., 100 meters, 5000 meters). Such network adapters are widely used in shared medium networks.
In a shared medium network, all networked devices share the same transmission medium, but only one device can drive the network at a time. Even so, networked devices designed for use with a shared medium are adapted to offset signal degradation by the transmission medium and to accommodate the effects induced by the network couplings and by the listening networked devices.
A type of shared medium network, rapidly achieving popularity, is shared services, shared transmission medium (S3M) network. In a shared medium network, the network transmission medium may be dedicated to one type of service, e.g., a CSMA/CD data networking service. A shared medium of this type may use signaling methods and specified transmission media that facilitate high-performance data networking services. By comparison, in an S3M network, the network transmission medium is capable of providing services other than data networking services. Exemplary services offering shared services, shared transmission medium include, without limitation, wireline telephony, electrical power utility, and cable-access services, with the respective shared transmission medium being structural household telephony wiring, structural electrical power utility wiring, and structural or installed coaxial cabling. Thus, an S3M network can have an ad hoc topology, extendable by simple, readily available extension cables and patch cords that potentially is hostile to high-bandwidth digital communications. For example, S3M infrastructures can experience signal reflections, frequency-dependent channel transfer functions, variable and uncharacterized operating parameters, for example, signal and power transients, varying impedances, impulse noise, and RF ingress and egress. Also, an S3M network may be coupled to an existing commercial or public transmission service network, which may introduce additional noise into the data network channel of the S3M network. To combat the potentially hostile environment posed to the data network channel sharing services on a shared services, shared transmission medium, current S3M network networked device client adapters also are adapted for robust transmissions to offset signal degradation that may exist in the S3M environment.
Moreover, although convenient and popular, shared medium networks, including S3M networks, can be vulnerable to eavesdropping and compromise, leaving attached devices exposed to unauthorized access, misuse, and tampering (collectively, intrusion). Unfortunately, no unified, standard security implementation has been devised to protect every network in every environment, and security mechanisms effective in one environment for one type of shared medium network, may offer little protection to other implementations. In practical use, traditional network security mechanisms, such as user-initiated activations, hands-on authentication protocols, and out-of-band security password or key transfers, can be cumbersome to implement and manage, and may be particularly unwieldy in the context of headless devices, including those disposed in inconvenient locations within a networked premises (e.g., in an attic or crawl space or behind a large appliance).
Despite attempts to simplify security activation for end users, “easy” mechanisms may require multiple steps, and, unfortunately, significant user interaction. Such mechanisms may be improperly implemented, thereby offering only an illusion of security. A security implementation process that is too cumbersome or too inconvenient may be ignored out of frustration by a user, providing an opportunistic miscreant with numerous avenues for intrusion into the user network. Even worse, when faced with burdensome security obligations and daunted by the risks of operating an unsecured network, a consumer may be dissuaded from deploying a network in the home or a small business, in the first instance.
It is desirable, therefore, to provide methods and apparatus for simplifying network security deployment and use, thereby encouraging consumers to benefit from the ubiquitous use of networks and networked devices point networks. More so, it is desirable to beneficially engage, rather than combat, communication channel characteristics otherwise considered to be deleterious factors that degrade the maximum achievable throughput for a chosen transmission medium.