Slashdot Mirror
Can Faraday Cages Tame Wi-Fi?
mrraven writes "An article at TechWorld discusses the increased need for wireless network security. One possible solution to this problem is the use of building-wide Faraday cages to block the wireless signal from 'leaking'." From the article: "Small installations of RF shielding don't have to be expensive, and the basic concept of a Faraday cage can be extended to all kinds of small everyday objects. Leather wallets sandwiched with a conductive RF-shielding layer can prevent RFID scanners from reading personal information implanted in everything from RFID-enabled access control cards to some credit cards; they're widely available for as little as US$15. For those favoring a more DIY route, several Web sites have information on how to make an RFID-blocking wallet with duct tape and aluminum foil."
So this is essentially a giant tinfoil hat for your office? Will it stop the voices as well?
While adding a thin mesh around the building might not be hard to do at construction time, it seems the author has ignored windows. Most larger commercial buildings have large windows, which would need to be covered in a mesh in order to make the whole building a farady cage. This would obviously seriously impact the building's appearance, and I doubt would ever become practical. It's not that difficult to set up a WPA2 or VPN setup if you're concerned about keeping wifi secure.
BAE in the UK have made a wallpaper to do just this. No word on if it is available to consumers though I bet there is a market in the paranoid EM fearing folk that live near 'evil' cell phone masts.
Warhammer forums
Only if you don't want cell phone coverage or look out side. I work in a building that is EM sheilded using a Faraday cage. It was designed to test new radios so you didn't want outside signals coming in to mess up the test. Needless to say a all-metal no windowless office sucks. You have to go out side to make a cell call and when the AC breaks you're screwed because the place turns into an oven with no windows to open. It's a nice idea, but I doubt most wouldn't like to work in such a place 24-7. I sure don't.
I'm sure this will help minimize effects of leakage, but no building can have a "perfect" faraday cage on standard wifi frequencies - the wavelengths are far smaller than the openings required for humans to enter and exit the building.
:)
Once again, it's probably better to focus on good encryption, though this is hardly much help to defeat certain on-site DOS attacks. Then again, that's what your security force is for
After succeeding in preventing the wi-fi signal from "leaking", you are surprised your cellphone stopped working.
^_^
The best wireless security solution is just to not use wireless. Yes, it's sexy. Yes, I know it can be a pain when there's a split in an ethernet cable that's in the rafters. Yes, I like to be able to use this laptop on the couch because it helps my creative energies get flowing. But seriously, if I were at all concerned about security, I'd just stick at CAT5E into the side and be done with it. Big wireless deployments are things for college students and people who like cafes. If I were running a business, I wouldn't throw money at a wireless project to begin with, let alone build an elaborate jamming/shielding system to correct problems which could've been avoided by not doing anything in the first place.
So we can replace the wires from each user to a building-wide mesh of wires.
The cheapest way to do this would probably be to embed a mesh into the sheet rock. The manufacturer of the sheet rock could do this in their factory; you'd just select the "faraday sheet rock" model when remodelling. No extra labor costs, which, after all, is the biggest part of construction.
Still probably going to be rather expensive, it being a whole "chicken and egg" type of situation.
It's probably cheaper on the whole to use good wireless security and regularly test for employees opening unsecured wireless networks using some workstations with wifi cards running shell scripts looking for unsecured networks....
120 characters isn't enough to explain it.
A long time ago, I was a contractor for an establishment whose headquarters was over 4 city blocks and >10 stories above. The building was constructed entirely as a Faraday Cage (nothing inside got outside, checked on a regular basis). When the building was first constructed, the contractor adhered the wire mesh (windows were already shielded) with standard galvanized nails (inside receptor/conductor through shielding/outside transmitter). Go figure...
And ye shall know the truth, and the truth shall make you free.
John 8:32(King James Version)
Real Faraday cages are an unmitigated pain to deal with. The ones used for RF testing typically have a heavy door, like a walk-in refrigerator, with conductive fingers all around the doorframe that seal against the door. It's not enough to have metal; all the metal has to be connected. And slots will pass a wavelength up to the length of the slot.
The ones used for high-security classified work are even worse. They're made of welded metal panels. They're a few feet off the ground, so the underside can be checked. Any I/O is fibre optic. Power goes in through huge low-pass filters. Air goes through metal mesh filters. Double doors work like an airlock, and there's a compressed-air system to force the RF-tight door seals. Periodic testing (transmitter inside, receiver outside) insures the tank is really RF-tight.
Not a fun work environment.
Painting the walls with conductive paint is a joke.
There's nothing mysterious about any of this. RF propagation is well understood, and the test gear is easy to obtain. Ask any ham.
In my research lab, we have a Faraday caged room with dimensions of about 35feet x 50feet x 30feet. We house 3 NMR spectrometers there, and use the cage to shield us from stray RF from radio stations and other sources. (The lab is in NYC, and as you can imagine, there's a lot of EM noise).
The system works quite well, but we still get quite a bit of leakage through the two doorways (they have a copper lining as well). We can still pickup cell phone calls within 3-4 feet of the doorway (when closed), but not much more than that. However, the room is quite dead for WiFi transmission.
http://www.google.com/trends?q=Faraday+Cages&ctab= 0
No. Next.
A Faraday cage solves the wrong problem.
It will stop external interference from entering the building;
However, it wont stop your signal from leaving though.
So people people can still sniff and listen, but you get very low interfernance
and noise.
Hmm, I'm in need of a new wallet... where can I get one of these $15 anti-RFID models?
MRIs use very sensitive head coils to pick up their signals. The room that the bore is in needs to be enclosed in a pretty good Faraday cage to prevent EMI from messing with the receiver.
Granted, windows aren't a problem in the magnet room, but the doors are. So it becomes interesting to try and develop a door that can seal out the frequencies of interest effectively. It's tough, but some magnet rooms can effectively seal off noise while allowing humans to enter and leave.
:(){
Most windows (for residential construction, anyhow) already have an insect screen. These days most of these are plastic, but they used to be made from aluminum, which would shield the window quite nicely. And no, they don't look all that bad either.
There shouldn't be a problem if you had unshielded windows as long as long as we are not talking about a building with all glass on one side. The Faraday cage wil shield pretty effectively even if there are some gaps. This is why you can get away with using a mesh rather than putting everything inside solid metal boxes. If you've even seen the lightning demos with people in cages being completely unaffected while a big Van de Graff shoots sparks around the place (MOS in Boston has this - its fun).
This seems like its overkill - be more sensible to have some encryption and maybe a system where you have to login to get access to the web is more practical. This way you get to keep what few bars you have on the cell.
With respect to the RFID in passports or on cards, yeah you might want a Faraday cage in your wallet but I wonder how long it is before that becomes classified as suspicious behaviour. I can just see those TSA officials getting red in the face that you'd dare question their authority by using a shielded wallet and having you detained for an hour - just enough to miss your flight.
Reality must take precedence over public relations, for nature cannot be fooled.
Not very practical for a building or even a room, except for a special EMI testing room.
Or maybe I'm completely missing something. Maybe it doesn't take that much containment to actually stop 2-way communications at those frequencies
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
I know some of you say it's impossible, but I work for a cell company in the states. Our buildings where R&D is done are caged off to prevent our subscribers from roaming onto our test RF. It's pretty amazing, but once you leave the building - I mean JUST as you're exiting the front door you completely loose RF coverage. As others have said, though, this is a problem as there is no where for that energy to go and instead it is absorbed by things like your body. This is the only company I've worked for where a number of my coworkers have gotten brain cancer. Many of us don't think it's a coincidence.
As for the wave length being too hard to cage argument. What wave length does your microwave oven put out - whose magnetron emits 600-1200 watts? (hint: look at the FCC sticker on it, it runs on the 2.4ghz ISM band) Does your wifi go to crap everytime you nuke a hotdog? If so, it's time to get a new microwave oven...
As British researchers found out, stealth bomber skin blocks wifi.
There are so many ways of securing a wireless network without the messy business of placing a mesh wire around the building. The university in the town I live in has a campus wide wireless network. They then use a vpn system (cisco, I believe) to regulate access. Simply, anyone can connect to the wireless network, but you are given no access unless you connect to the university's vpn. Then from there, depending on that account's permissions, you can access the Internet and the university network permissions. I think this system is probably the best ideas because very little additional hardware is required, each account has a separate username/password combination (if the password is compromised, you only are dealing with a single user), and has the added bonus of being able to access the university resources from home. Plus, it works flawlessly with Linux.
Before you die, you see DoubleRing...
Who'd want such a thing? Quite possibly, you. New UK passports include RFID chips, and future editions of currency might be RFID-enabled too.
The US gov't has already announced they're switching to RFID-enabled passports, which supposedly have all kinds of privacy-related issues.
Will Faraday cages around passport-pouches make the RFID chip unreadable?
Look under the EMI link at the left sidebar Provides blast protection and by being partially reflective, visual protection of a kind too.
They're called window screens.
Seriously, blocking can't be to bad if you plan ahead. They already make several flavors of wallboard with various other additions for specialty applications - wire mesh should be worth it - and they do have styro' insulation with metal foil backing.
I've lived in a older house with plaster walls with wire mesh backing (it was common in the 50s or so) plus window screens did a fairly good job of cutting down wifi.
At work the rebar concrete and steel framing in some of our buildings does a darn good job of attenuating the signals.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
....wouldn't it just be easier to use a wire rather than construct a building in such a manner? Or use a powerline network instead? Nobody worth their tin-foil hat would ever think such a drastic measure was worthwhile.
This is incredible, all this time I thought I just had bad luck. I can't get 1 bar of signal strength on my cell phone, unless I prop the phone against my window and point it at the cell phone tower that I can see ~500' away.
And WiFi? No way! I have 3 access points (One in attic, one in basement, one on the same floor as the PC using it (10' away on the other side of a wall) and do you think I can get a reliable signal? Hell no, but if I am in my car I can pick it up 2 blocks away.
My wifes old 900MHz phone works fine, my new 5.8GHz phone? it'll only work if I stay in the same room as the base-station and the people can only hear me when I yell.
If I try using 802.11a, I get good results (despite my wifes phone and 2 microwave ovens in the house), my CRAP (Completly Ridiculous Assinine Pet) theory is that the lower frequency passes through the super-human drywall that my house is made of. But to compete with that theory I can't understand why a Nerf-ball is able to dent the wall.
Time to move I guess.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
Didn't I see the Cone of Silence on TV? A while back?
I will create a sig when innovation restarts in the U.S.
(a) static configuration: no arp, no dhcp.
2 0d13277558056a4c
2 0d13277558056a4c
(b) declare an ipsec tunnel from your laptop to your gateway.
(c) set ipsec policy to require it for all traffic.
(d) rtfm
ip link set dev wireless arp off up
ip address add dev wireless local 192.168.1.2 peer 192.168.1.3
ip neighbor add dev wireless to 192.168.1.3 lladdr 00:11:24:2c:38:c6 nud permanent
setkey -c >/dev/null <<-END
flush;
spdflush;
add 192.168.1.2 192.168.1.3 esp 256 -m tunnel
-E aes-cbc 0x25d8d1bbcf9b7b416ebd7ce514627539f12dc64e3e75c5a
-A hmac-sha1 0x17f98a8f668324191ee406855e81130fb17f7726;
add 192.168.1.3 192.168.1.2 esp 512 -m tunnel
-E aes-cbc 0x25d8d1bbcf9b7b416ebd7ce514627539f12dc64e3e75c5a
-A hmac-sha1 0x17f98a8f668324191ee406855e81130fb17f7726;
spdadd 192.168.1.3 0.0.0.0/0 any -P in ipsec
esp/tunnel/192.168.1.3-192.168.1.2/require;
spdadd 0.0.0.0/0 192.168.1.3 any -P out ipsec
esp/tunnel/192.168.1.2-192.168.1.3/require;
END
No doubt, there are some sensitive defense department or NSA facilities that already have RF blocking capability. But maintaining it probably requires careful attention to anything that might compromise it, including periodic testing. In other words, high expense.
The sort of people that want the convenience of WiFi in the office are the same people that insist on lugging their laptop into Starbucks and using the (insecure) WiFi network there. Better to deal with security using a VPN.
Have gnu, will travel.
Gee ... once I thought that wrapping up your credit card in foil might just be a convincing indicator of mental illness .... I think I'll be adding foil to my shopping list tho .... dang where are my pills.
They have been doing this in the government forever. Look up SCIF or Tempest on google and you'll get a lot of answers.
If you're that concerned about security, and are willing to build a faraday cage into your building, why not just run ethernet and use that? It can't "leak".
Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.
"Can you hear me now?" No, in fact it will stop your cell phone reception too.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
I recently setup a wireless ap to give net access to my next door neighbor. I located the ap in a closet on an outside wall facing his house. The distance across the driveway is only about 20 feet but the signal was very low in his house and was pretty much useless. We carried a laptop around outside and found that the signal dropped off very rapidly as we moved away from my house. Out at the street it was virtually gone. At first i was baffled. Then we realized that my house has aluminum siding. Bingo, the ap is inside a giant shield! I relocated the ap to a shelf on a window sill facing his house. Much better, but not as good as expected. I removed the window screen and all is well - he gets good signal anywhere in his house. This arrangement ends up being fairly directional toward his house. Signal strength outside the other three sides of my house is still very low.
My organization had to build a faraday cage for security requirements around a library about 40 foot squarish. It was enormously expensive to put into place in existing construction, what with pipes, cables, ductwork and whatnot to work around.
You must remember - people still have to breathe, so air must go in and out easily and in volume.
I was not directly involved in the installation (I was a user of the library), but IIRC they always had trouble getting it to not leak in some way. Think of RF as high pressure steam - it will always find a leak. Not all RF can be shielded the same way, or the one way that does work is most expensive and hardest.
I'm sure it can be made to work, if designed into the building from the start, but it's very difficult to add later.
WiFi is highly likely to be subjected to a lot of industry brainwork figuring out how to sniff it out thru Faraday cages that are supposedly "secure". I suspect a lotta snake oil could be sold this way.
At a facility I work at, there's so much non-optical cabling that they occassionally have interference from cable cross-talk. Using optical cables, that doesn't happen. Wire transmissions can be detected from outside an unshielded building, even if the cables go thru normal metal conduits.
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
So yes, it does work.
Is a set of standards for limiting EMI and RF radiation. We have classified several rooms at work that meet these standards and work very well. Chances are though, unless you're a defense contractor with security clearance, you won't know how to outfit a room to meet the reqs.
A Faraday cage needs a metal mesh around the space you want to isolate, with the meshes at most of the size of the wavelength you want to stop AND it needs to be GROUNDED. Otherwise all it does is dampen the signal (the metal mesh absorbs it, then radiates it again like an antenna). So that precludes things like 'Faraday wallets' and... tinfoil hats (unless you attach a metal chain to it and drag it on the ground...)
Non-Linux Penguins ?
did i miss something, or wasn't WPA or WPA2 'secure enough'? i know it's relatively easy to hack wep, but AFAIK, WPA with a good password hasn't been hacked yet? so why do stories about how to block wifi signals at significant cost always pop up now and then?
I keep all my ID badges, discount cards, etc. in an old Altoids tin (the "Liquorice" version is in a nice black-based color scheme). When I get to work, I have to pop the cover open to be able to scan through the door. Far cheaper than a "tinfoil wallet", and it has the added benefit of being something that few people would steal on first notice (old stale Altoids, and liquorice Altoids, even!).
It depends on how close the road is. 30db gain is allowed legally.
Go past legal and at lot more than 30db can be done.
20 db drop is only good if you network stays under 20db itself. If you fit a 30db arial inside a 20 db shield you shoot self in foot. A farday setup cannot be broken by just fitting a larger arial. But it can block mobile phones. Both ways have a price.
Now we really know why they put in that wire mesh "fire-rated" glass... Maybe that's the origin of the "firewall" as well. ;-)
So now the attacker has to come into your foyer and sit around instead of being able to do it from the coffeeshop across the street!
Comment of the year
My wireless router is in the basement, below ground. Anywhere in the house, I get a perfectly good signal, but by the time you're one house up or down the street, you can't even tell that it's there.
steve
Wifi person can normally monitor more traffic without being detected than wired correctly setup. This breaks the network.
Crypto because weaking the more data you have to work with. Its just the way of Crypto. Small amount if info Crypto can be unbreakable. Large ammounts of info it can be a sitting duck.
cell phones wont work in to building nor will pagers.
Freaky Schitt always happens to me... WHY God WHY!!
Police where I live complain that their 800 MHz radios cut out in modern office buildings. Firefighters are in the same band. Think twice before you RF-proof your building.
We used Wifi to avoid putting a cable, and we end building a Faraday cage around the whole building. What a trade off !
I want to hear from the first person to try to get one of those tinfoil wallets through airport security. Let me know how the strip search goes...