Security in Packet-Switched Land Mobile Radio Backbone Networks
Thomschutz, Hans Olaf Rutger
MetadataShow full item record
Spurred by change in government regulations and to leverage lower-cost technology and services, many land mobile radio (LMR) operators have begun transitioning from circuit-switched to packet-switched backbone networks to handle their future communication needs. Due to the unique demands of packet-switched backbone networks for LMR, it may not be wise to carry over the previously implemented security methods used with circuit-switch systems or to treat an LMR backbone as a regular packet-switched network. This thesis investigates security in packet-switched LMR backbone networks to identify security issues in packet-switched LMR networks and provide possible solutions for them. Security solutions that are examined include different types of virtual private networks (VPNs), various encryption and keying procedures for safe communication, and logic behind how and where to implement security functions within the network. Specific schemes examined include IP Security (IPSec), OpenVPN, Virtual Tunnel (VTun), and Zebedee. I also present a quantitative analysis of the effects that the solutions have on packet-switched networks, in terms of link utilization, and on voice traffic, in terms of delay and delay jitter. In addition, I evaluate, in general terms, the additional cost or complexity that is introduced by the different security solutions. Simulation with OPNET Modeler was used to evaluate how the various security schemes affect voice communication and network performance as a whole. Since OPNET Modeler does not provide models of security functions, the source code of the transceiver system models was modified to introduce additional overhead that is representative of the various security solutions. Through experimentation, simulation, and analysis of the security schemes considered, it was found that the most effective security scheme overall for a packet-switched LMR backbone network would either be IPSec or OpenVPN implemented at the base stations and end-hosts. Both security schemes provide strong encryption, flexibility, and are actively supported. However, if bandwidth is scarce and flexibility is less important, then a security solution with less overhead, such as VTun, should be considered. Thus, one has to balance performance with security to choose the most effective security solution for a particular application.
- Masters Theses