FRAMINGHAM (10/17/2003) - In a bid to avoid the IT security problems that have plagued some airport wireless LANs, the Greater Toronto Airports Authority (GTAA) is installing a centrally managed WLAN that was designed from the ground up to prevent intrusions into applications such as baggage-handling systems.
The WLAN, which is being installed in a terminal that's due to open early next year at Toronto Pearson International Airport, will use a role-based access control approach designed by Hewlett-Packard Co.'s Canadian unit. HP Canada won a contract to install the network in January, and details of the project were disclosed this week.
At many U.S. airports, airlines have installed WLANs on an ad hoc basis, in some cases creating unencrypted networks that were open to sniffing and potential intrusions. In an effort to avoid those problems, the GTAA will install its own WLAN plus a fiber backbone and manage the network for the airlines that use the airport, said James Burke, vice president of IT and telecommunications at the GTAA.
"We have stepped into the network management role," he said. "There is no doubt who is managing the wireless spectrum. No one wants baggage-tracking data sniffed." Burke and HP officials declined to disclose the project's cost, other than to say it's a multimillion-dollar initiative.
In an attempt to prevent any network intrusions, HP's role-based setup is able to control access to the WLAN based on the jobs and work locations of end users, said Victor Garcia, director of mobility services at HP Canada. For example, a ramp worker loading luggage onto planes would be able to access the bag-tracking application on the WLAN only within about 320 feet of his usual work location. Such access parameters will be managed by a database of role-specific information about airport workers, Garcia said.
The role-based access system will also make it easier for the GTAA to add public Wi-Fi access capabilities and keep public users separated from the secure part of the network, according to Garcia.
HP Canada tapped Burlington, Mass.-based Bluesocket Inc. to provide the security technology for the WLAN. Dave Juitt, Bluesocket's chief technology officer, said the company's wireless gateways could be configured to make the network access controls even more precise. Access could be granted to users for limited periods -- such as the time needed to load or unload an aircraft's baggage hold.
In addition, the gateways could be set up to support a variety of authentication and encryption technologies to give the WLAN "bulletproof" security, Juitt said.
Burke said the WLAN will support the core baggage-tracking application being installed at Pearson's new Terminal 1 by Societe Internationale de Telecommunications de Aeronautiques, an airline-owned IT company in Geneva.
The WLAN includes 256 trimode wireless access devices made by Cisco Systems Inc., all designed to support the 802.11a, 802.11b and 802.11g protocols. That should enable the GTAA to add high-bandwidth applications such as video surveillance cameras to the wireless network without overtaxing it, Burke said.