In a few of the previous posts, I’ve discussed some principles used in the radio communications in alarms. I’ve mentioned that some features are harder to implement well using one-way radios. What is the difference between one-way and two-way? What practical difference will it make?
Radio communications can be one-way or two-way, depending on how they have been designed.
A one-way system has a transmitter in each of the detectors and a receiver in the panel. This means that the detectors can send signals to the panel, but the panel cannot send signals to the detectors.
In a two-way system, each component has both a transmitter and receiver. This means that the detectors are now capable of receiving a signal from the panel.
It is fairly normal for the two-way systems to use a combined transmitter and receiver called a “transceiver”. Whilst not a strict limitation, most of these transceivers can only transmit or receive at any given moment in time (this is called half duplex). They can switch from receive to transmit very quickly, so from a user perspective they look like they are transmitting and receiving at the same time.
Most older systems use one-way radio. I suspect this is because there were not easy to use, cheap integrated RF transceivers available 10 or 20 years ago. Often they will use a simple AM transmitter built from discrete components or one of the very old remote control ICs that require an 8-bit address (these are common in wirelessly controlled mains sockets still).
A lot of newer systems use two-way radio. They will use one of the modern integrated RF transceivers like the TI CCxxxx, Si4432, or any of the Nordic Semi products. These do all of the hard RF work (and even a lot of the packet handling and encoding, sometimes even encryption) for you, and are controlled using a simple digital serial protocol. They are very cheap and versatile.
What are the practical limitations of one-way radios?
There are an awful lot of them – too many to list really. Let’s cover a few really key ones
Detectors have no idea if the system is armed or not
There is no way for a detector to know if the system is armed or not as it cannot receive any information.
This means that they always have to behave as if the system was armed. This behaviour has to be a balance of responding to alarms quickly vs preserving battery life. This trade-off is often accomplished by holding-off alarm detection for a period of a few minutes after an alarm has been raised.
It also means that they try to send supervisory “OK” status messages as infrequently as possible – and by standards, this can be up to 240 minutes.
This has practical implications for how responsive an alarm system can be.
The panel cannot ping the detectors when it is armed
Two-way panels all actively check the presence and status of detectors at the moment the system is armed. If any are in tamper, contacts open, detectors missing, or batteries low, the user will be warned (and possibly, arming the alarm is not allowed). This is very similar to how a wired system works.
One-way systems need to rely on the last alarm or status message received. They could be from a long time prior and could be out of date.
Jamming detection is much harder
Jamming detection in a two-way system is easy. Panel sends out a ping, detector responds. If no response is received after several pings, we can assume that communication has been lost for some reason.
Also in a two-way system, when the alarm is actually triggered, the detector will keep on sending alarm signals until it receives an acknowledgement response from the panel.
In one-way systems we need to wait to see if we miss several supervisory signals to know that signals aren’t getting through. This can take hours.
Some one-way systems have passive jamming detection systems. They listen to the RF channel all of the time, and if the channel is in use a lot of the time, they assume it is being jammed. It doesn’t work very well (I will go into this another time). They have to side with less false alarms and lower sensitivity, and the result of this is that they are easy to jam.
Above all, when the alarm goes off in a one way system, all it does is send the signal for a reasonable period of time and assumes that the panel has received it. There is no way for it to be acknowledged.
Rolling code and encryption is much harder to do well
In a previous post, I discussed how rolling code systems can’t just accept the next code in the sequence – they need to accept codes over a wide window, possibly the next 256 valid codes. This is because the transmission is not guaranteed to be received and the transmitter hops forwards regardless.
With a two way system, this window can be avoided. The keyfob can continue to send the same code in the sequence until the panel sends a message back saying that it has been received (this is a simple explanation of how it could work, pure rolling code is rare in two-way systems).
Alongside this, one-way radio makes exchanging keys in encryption systems difficult. A similar concept to the window of valid codes needs to be used to ensure that transmissions are received correctly after a key changes. For this reason, encryption keys in one-way systems are most often fixed (though they can be exchanged during the initial pairing).
Conceptually, it’s exactly the same as two people trying to communicate reliably with each other, where one of them can only speak and the other only listen. There’s also a 2 year old in the room who won’t shut up (interference), and another guy who is actively trying to make sure everything goes wrong (a malicious attacker).
This raises another interesting aside – alarm systems always need to find a balance between security and reliability of communications. There is little use in ensuring that communications are completely secure if it means alarm messages do not make it through.