This document describes the SenSource Wireless System with regards to potential security threats to a network (Ethernet and/or wireless). For more information, please consult the SenSource Sensor Server User Manual and the sensor data sheets.
SenSource provides a family of battery-powered sensor transmitters, using either 418/433 MHz or 900 MHz/ 2.4 GHz. SenSource uses a "sensor gateway" called a Sensor Server to receive sensor data from the sensor transmitters and transport this data to a central host. The Sensor Server can deliver this data through Ethernet or serial ports.
The SenSource system does not purposely encrypt the data and commands to provide security. The data is marginally obscured because of the propriety nature of the products.
» 418/433 MHz Sensor Transmitters
The 418/433 MHz sensor transmits a 29 character packet every 10 seconds. The transmitter provides one way communication
(it does not have a receiver) and is designed specifically for transmitting
the 29 character packet. The transmitter encodes
the packet for efficiency to improve battery life and to enhance transmission
distance. Because of FCC rules at 418/433 MHz,
the transmitter cannot transmit more frequently than 10 seconds and must
transmit the packet in 20 milliseconds. There is
no means of being able to remotely recode the transmitter.
» 900 MHz/ 2.4 GHz Sensor Transmitters
The 900 MHz/ 2.4 GHz sensor transmitter works is similar to the 418/433
MHz transmitters. These sensors are transmit-only. Because of battery considerations, these transmitters typically transmit every 5 minutes.
» Sensor Server
The Sensor Server was designed from the ground up to collect sensor
data and transport that data to a host. The Sensor
server has no operating system and each function was designed for the
specific task of collecting and transporting sensor data. The
Sensor Server has no abilities to update drivers. Although
code libraries were used in the development of the Sensor Server for functions
like the TCP/IP stack and communication protocols, only specific elements
of the library were used to code the specific tasks (for example with
the TCP/IP stack, only the functions described
below were coded). The following describes the
various communication functions of the Sensor server.
Wireless Media
418/433 MHz Receiver (optional) - The Sensor server has a 418/433 MHz receiver designed specifically to decode packets from the 418/433 MHz sensor transmitters. The Sensor server cannot transmit any data through the 418/433 MHz receiver. It can only decode packets from the sensors. The decoder subsystem in the Sensor server will not allow any data or communicates to proceed if the received encoded data does not follow the format of a sensor packet.
900 MHz/ 2.4 GHz Transceiver (optional) - The Sensor server has a 900 MHz/ 2.4 GHz transceiver designed specifically to decode packets from the 900 MHz/ 2.4 GHz Sensor transmitters and 900 MHz/ 2.4 GHz repeaters. The Sensor server will only process sensor packets or Sensor server commands through the transceiver. All other communications are ignored.
Other Media
RS232 and RS485 Port - The Sensor Server serial ports are used to configure the sensor server, collect queued sensor data and receive sensor packets. The communication protocol is ASCII command/response. A simple password login can be set up to restrict access. Wired sensors can be connected to the RS485 port where the sensor will send sensor packets to the Sensor server. No other communication will be accepted except for the specified ASCII commands/responses and sensor packets.
Ethernet - The Sensor server uses the Ethernet for a variety of communication needs:
Delivery of Historical sensor data and Events via HTTP/XML (using port 80)
Web Server serving 3 dedicated HTTP/HTML pages (port 80)
Configuration, data collection and diagnostics through the TCP/IP Command port (port 1000)
SMTP Client
SNTP Client
DHCP Client
Send/Receive Sensor Packets via UDP (both receiving and forwarding) (port 6767)
TCP/IP Command (port 1000)* - A telnet-like interface. It uses an ASCII command/response protocol in order to configure, collect data and diagnose the Sensor server. A simple password login can be set up to restrict access. No other communication will be accepted except for the specified ASCII commands/responses.
Web Server (port 80)* - Dedicated to the task of serving 3 web pages. The web pages’ form cannot be changed. Only the contents dealing with sensors will be changed. No additional web pages can be added. HTTP digest authentication is used to restrict access to the web pages.
UPD (port 6767)* - The Sensor Server listens on UDP port 6767 for sensor packets sent by other Sensor Servers or sensors. Sensor Servers will accept only sensor packets on this port and ignore any other communications.
* The user can change the port number for these functions, or instruct the Sensor server not to listen on these ports.
