Wi Fi Technology


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Wi Fi Technology

  1. 1. Wi-Fi Technology Alok Pandey
  2. 2. Agenda <ul><li>Introduction </li></ul><ul><li>Wi-Fi Technologies </li></ul><ul><li>Wi-Fi Architecture </li></ul><ul><li>Wi-Fi Network Elements </li></ul><ul><li>How a Wi-Fi Network Works </li></ul><ul><li>Wi-Fi Network Topologies </li></ul><ul><li>Wi-Fi Configurations </li></ul><ul><li>Applications of Wi-Fi </li></ul><ul><li>Wi-Fi Security </li></ul><ul><li>Advantages/ Disadvantages of Wi-Fi </li></ul>
  3. 3. Introduction <ul><li>Wireless Technology is an alternative to Wired Technology, which is commonly used, for connecting devices in wireless mode. </li></ul><ul><li>Wi-Fi (Wireless Fidelity) is a generic term that refers to the IEEE 802.11 communications standard for Wireless Local Area Networks (WLANs). </li></ul><ul><li>Wi-Fi Network connect computers to each other, to the internet and to the wired network. </li></ul>
  4. 4. The Wi-Fi Technology <ul><li>Wi-Fi Networks use Radio Technologies to transmit & receive data at high speed: </li></ul><ul><ul><li>IEEE 802.11b </li></ul></ul><ul><ul><li>IEEE 802.11a </li></ul></ul><ul><ul><li>IEEE 802.11g </li></ul></ul>
  5. 5. IEEE 802.11b <ul><li>Appear in late 1999 </li></ul><ul><li>Operates at 2.4GHz radio spectrum </li></ul><ul><li>11 Mbps (theoretical speed) - within 30 m Range </li></ul><ul><li>4-6 Mbps (actual speed) </li></ul><ul><li>100 -150 feet range </li></ul><ul><li>Most popular, Least Expensive </li></ul><ul><li>Interference from mobile phones and Bluetooth devices which can reduce the transmission speed. </li></ul>
  6. 6. IEEE 802.11a <ul><li>Introduced in 2001 </li></ul><ul><li>Operates at 5 GHz (less popular) </li></ul><ul><li>54 Mbps (theoretical speed) </li></ul><ul><li>15-20 Mbps (Actual speed) </li></ul><ul><li>50-75 feet range </li></ul><ul><li>More expensive </li></ul><ul><li>Not compatible with 802.11b </li></ul>
  7. 7. IEEE 802.11g <ul><li>Introduced in 2003 </li></ul><ul><li>Combine the feature of both standards (a,b) </li></ul><ul><li>100-150 feet range </li></ul><ul><li>54 Mbps Speed </li></ul><ul><li>2.4 GHz radio frequencies </li></ul><ul><li>Compatible with ‘b’ </li></ul>
  8. 8. 802.11 Physical Layer <ul><li>There are three sublayers in physical layer: </li></ul><ul><li>Direct Sequence Spread Spectrum (DSSS) </li></ul><ul><li>Frequency Hoping Spread Spectrum (FHSS) </li></ul><ul><li>Diffused Infrared (DFIR) - Wide angle </li></ul>
  9. 9. DSSS <ul><li>Direct sequence signaling technique divides the 2.4 GHz band into 11 22-MHz channels. Adjacent channels overlap one another partially, with three of the 11 being completely non-overlapping. Data is sent across one of these 22 MHz channels without hopping to other channels. </li></ul>
  10. 10. IEEE 802.11 Data Link Layer <ul><li>The data link layer consists of two sublayers : </li></ul><ul><ul><li>Logical Link Control (LLC) </li></ul></ul><ul><ul><li>Media Access Control (MAC). </li></ul></ul><ul><ul><li>802.11 uses the same 802.2 LLC and 48-bit addressing as other 802 LANs, allowing for very simple bridging from wireless to IEEE wired networks, but the MAC is unique to WLANs. </li></ul></ul>
  11. 11. 802.11 Media Access Control <ul><li>Carrier Sense Medium Access with collision avoidance protocol (CSMA/CA) </li></ul><ul><ul><li>Listen before talking </li></ul></ul><ul><ul><li>Avoid collision by explicit Acknowledgement (ACK) </li></ul></ul><ul><ul><li>Problem: additional overhead of ACK packets, so slow performance </li></ul></ul><ul><li>Request to Send/Clear to Send (RTS/CTS) protocol </li></ul><ul><ul><li>Solution for “hidden node” problem </li></ul></ul><ul><ul><li>Problem: Adds additional overhead by temporarily reserving the medium, so used for large size packets only retransmission would be expensive </li></ul></ul>
  12. 12. 802.11 Media Access Control(cont.) <ul><li>Power Management </li></ul><ul><ul><li>MAC supports power conservation to extend the battery life of portable devices </li></ul></ul><ul><ul><li>Power utilization modes </li></ul></ul><ul><ul><ul><li>Continuous Aware Mode </li></ul></ul></ul><ul><ul><ul><ul><li>Radio is always on and drawing power </li></ul></ul></ul></ul><ul><ul><ul><li>Power Save Polling Mode </li></ul></ul></ul><ul><ul><ul><ul><li>Radio is “dozing” with access point queuing any data for it </li></ul></ul></ul></ul><ul><ul><ul><ul><li>The client radio will wake up periodically in time to receive regular beacon signals from the access point. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>The beacon includes information regarding which stations have traffic waiting for them </li></ul></ul></ul></ul><ul><ul><ul><ul><li>The client awake on beacon notification and receive its data </li></ul></ul></ul></ul>
  13. 13. 802.11 Media Access Control(cont.) <ul><li>Fragmentation </li></ul><ul><li>CRC checksum </li></ul><ul><ul><li>Each pkt has a CRC checksum calculated and attached to ensure that the data was not corrupted in transit </li></ul></ul><ul><li>Association & Roaming </li></ul>
  14. 14. Elements of a WI-FI Network <ul><li>Access Point (AP) - The AP is a wireless LAN transceiver or “base station” that can connect one or many wireless devices simultaneously to the Internet. </li></ul><ul><li>Wi-Fi cards - They accept the wireless signal and relay information.They can be internal and external.(e.g PCMCIA Card for Laptop and PCI Card for Desktop PC) </li></ul><ul><li>Safeguards - Firewalls and anti-virus software protect networks from uninvited users and keep information secure. </li></ul>
  15. 15. How a Wi-Fi Network Works <ul><li>Basic concept is same as Walkie talkies. </li></ul><ul><li>A Wi-Fi hotspot is created by installing an access point to an internet connection. </li></ul><ul><li>An access point acts as a base station. </li></ul><ul><li>When Wi-Fi enabled device encounters a hotspot the device can then connect to that network wirelessly. </li></ul><ul><li>A single access point can support up to 30 users and can function within a range of 100 – 150 feet indoors and up to 300 feet outdoors. </li></ul><ul><li>Many access points can be connected to each other via Ethernet cables to create a single large network. </li></ul>
  16. 16. Wi-Fi Network Topologies <ul><li>AP-based topology (Infrastructure Mode) </li></ul><ul><li>Peer-to-peer topology (Ad-hoc Mode) </li></ul><ul><li>Point-to-multipoint bridge topology </li></ul>
  17. 17. AP-based topology <ul><li>The client communicate through Access Point. </li></ul><ul><li>BSA-RF coverage provided by an AP. </li></ul><ul><li>ESA-It consists of 2 or more BSA. </li></ul><ul><li>ESA cell includes 10-15% overlap to allow roaming. </li></ul>
  18. 18. Peer-to-peer topology <ul><li>AP is not required. </li></ul><ul><li>Client devices within a cell can communicate directly with each other. </li></ul><ul><li>It is useful for setting up of a wireless network quickly and easily. </li></ul>
  19. 19. Point-to-multipoint bridge topology <ul><li>This is used to connect a LAN in one building to a LANs in other buildings even if the buildings are miles apart.These conditions receive a clear line of sight between buildings. The line-of-sight range varies based on the type of wireless bridge and antenna used as well as the environmental conditions. </li></ul>
  20. 20. Wi-Fi Configurations
  21. 21. Wi-Fi Configurations
  22. 22. Wi-Fi Configurations
  23. 23. Wi-Fi Applications <ul><li>Home </li></ul><ul><li>Small Businesses or SOHO </li></ul><ul><li>Large Corporations & Campuses </li></ul><ul><li>Health Care </li></ul><ul><li>Wireless ISP (WISP) </li></ul><ul><li>Travellers </li></ul>
  24. 24. Wi-Fi Security Threats <ul><li>Wireless technology doesn’t remove any old security issues, but introduces new ones </li></ul><ul><ul><li>Eavesdropping </li></ul></ul><ul><ul><li>Man-in-the-middle attacks </li></ul></ul><ul><ul><li>Denial of Service </li></ul></ul>
  25. 25. Eavesdropping <ul><li>Easy to perform, almost impossible to detect </li></ul><ul><li>By default, everything is transmitted in clear text </li></ul><ul><ul><li>Usernames, passwords, content ... </li></ul></ul><ul><ul><li>No security offered by the transmission medium </li></ul></ul><ul><li>Different tools available on the internet </li></ul><ul><ul><li>Network sniffers, protocol analysers . . . </li></ul></ul><ul><ul><li>Password collectors </li></ul></ul><ul><li>With the right equipment, it’s possible to eavesdrop traffic from few kilometers away </li></ul>
  26. 26. MITM Attack <ul><li>Attacker spoofes a disassociate message from the victim </li></ul><ul><li>The victim starts to look for a new access point, and the attacker advertises his own AP on a different channel, using the real AP’s MAC address </li></ul><ul><li>The attacker connects to the real AP using victim’s MAC address </li></ul>
  27. 27. Denial of Service <ul><li>Attack on transmission frequecy used </li></ul><ul><ul><li>Frequency jamming </li></ul></ul><ul><ul><li>Not very technical, but works </li></ul></ul><ul><li>Attack on MAC layer </li></ul><ul><ul><li>Spoofed deauthentication / disassociation messages </li></ul></ul><ul><ul><li>can target one specific user </li></ul></ul><ul><li>Attacks on higher layer protocol (TCP/IP protocol) </li></ul><ul><ul><li>SYN Flooding </li></ul></ul>
  28. 28. Wi-Fi Security <ul><li>The requirements for Wi-Fi network security can be broken down into two primary components: </li></ul><ul><li>Authentication </li></ul><ul><ul><li>User Authentication </li></ul></ul><ul><ul><li>Server Authentication </li></ul></ul><ul><li>Privacy </li></ul>
  29. 29. Authentication <ul><li>Keeping unauthorized users off the network </li></ul><ul><li>User Authentication </li></ul><ul><ul><li>Authentication Server is used </li></ul></ul><ul><ul><li>Username and password </li></ul></ul><ul><ul><li>Risk: </li></ul></ul><ul><ul><ul><li>Data (username & password) send before secure channel established </li></ul></ul></ul><ul><ul><ul><li>Prone to passive eavesdropping by attacker </li></ul></ul></ul><ul><ul><li>Solution </li></ul></ul><ul><ul><ul><li>Establishing a encrypted channel before sending username and password </li></ul></ul></ul>
  30. 30. Authentication (cont..) <ul><li>Server Authentication </li></ul><ul><ul><li>Digital Certificate is used </li></ul></ul><ul><ul><li>Validation of digital certificate occurs automatically within client software </li></ul></ul>
  31. 31. Wi-Fi Security Techniques <ul><ul><li>Service Set Identifier (SSID) </li></ul></ul><ul><ul><li>Wired Equivalent Privacy (WEP) </li></ul></ul><ul><ul><li>802.1X Access Control </li></ul></ul><ul><ul><li>Wireless Protected Access (WPA) </li></ul></ul><ul><ul><li>IEEE 802.11i </li></ul></ul>
  32. 32. Service Set Identifier (SSID) <ul><li>SSID is used to identify an 802.11 network </li></ul><ul><li>It can be pre-configured or advertised in beacon broadcast </li></ul><ul><li>It is transmitted in clear text </li></ul><ul><ul><li>Provide very little security </li></ul></ul>
  33. 33. Wired Equivalent Privacy (WEP) <ul><li>Provide same level of security as by wired network </li></ul><ul><li>Original security solution offered by the IEEE 802.11 standard </li></ul><ul><li>Uses RC4 encryption with pre-shared keys and 24 bit initialization vectors (IV) </li></ul><ul><li>key schedule is generated by concatenating the shared secret key with a random generated 24-bit IV </li></ul><ul><li>32 bit ICV (Integrity check value) </li></ul><ul><li>No. of bits in keyschedule is equal to sum of length of the plaintext and ICV </li></ul>
  34. 34. Wired Equivalent Privacy (WEP) (cont.) <ul><li>64 bit preshared key-WEP </li></ul><ul><li>128 bit preshared key-WEP2 </li></ul><ul><li>Encrypt data only between 802.11 stations.once it enters the wired side of the network (between access point) WEP is no longer valid </li></ul><ul><li>Security Issue with WEP </li></ul><ul><ul><li>Short IV </li></ul></ul><ul><ul><li>Static key </li></ul></ul><ul><li>Offers very little security at all </li></ul>
  35. 35. 802.1x Access Control <ul><li>Designed as a general purpose network access control mechanism </li></ul><ul><ul><li>Not Wi-Fi specific </li></ul></ul><ul><li>Authenticate each client connected to AP (for WLAN) or switch port (for Ethernet) </li></ul><ul><li>Authentication is done with the RADIUS server, which ”tells” the access point whether access to controlled ports should be allowed or not </li></ul><ul><ul><li>AP forces the user into an unauthorized state </li></ul></ul><ul><ul><li>user send an EAP start message </li></ul></ul><ul><ul><li>AP return an EAP message requesting the user’s identity </li></ul></ul><ul><ul><li>Identity send by user is then forwared to the authentication server by AP </li></ul></ul><ul><ul><li>Authentication server authenticate user and return an accept or reject message back to the AP </li></ul></ul><ul><ul><li>If accept message is return, the AP changes the client’s state to authorized and normal traffic flows </li></ul></ul>
  36. 36. 802.1x Access Control
  37. 37. Wireless Protected Access (WPA) <ul><li>WPA is a specification of standard based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN system. </li></ul><ul><li>User Authentication </li></ul><ul><ul><li>802.1x </li></ul></ul><ul><ul><li>EAP </li></ul></ul><ul><li>TKIP (Temporal Key Integrity Protocol) encryption </li></ul><ul><ul><li>RC4, dynamic encryption keys (session based) </li></ul></ul><ul><ul><ul><li>48 bit IV </li></ul></ul></ul><ul><ul><ul><li>per packet key mixing function </li></ul></ul></ul><ul><ul><li>Fixes all issues found from WEP </li></ul></ul><ul><li>Uses Message Integrity Code (MIC) Michael </li></ul><ul><ul><li>Ensures data integrity </li></ul></ul><ul><li>Old hardware should be upgradeable to WPA </li></ul>
  38. 38. Wireless Protected Access (WPA)(cont.) <ul><li>WPA comes in two flavors </li></ul><ul><ul><li>WPA-PSK </li></ul></ul><ul><ul><ul><li>use pre-shared key </li></ul></ul></ul><ul><ul><ul><li>For SOHO environments </li></ul></ul></ul><ul><ul><ul><li>Single master key used for all users </li></ul></ul></ul><ul><ul><li>WPA Enterprise </li></ul></ul><ul><ul><ul><li>For large organisation </li></ul></ul></ul><ul><ul><ul><li>Most secure method </li></ul></ul></ul><ul><ul><ul><li>Unique keys for each user </li></ul></ul></ul><ul><ul><ul><li>Separate username & password for each user </li></ul></ul></ul>
  39. 39. WPA and Security Threats <ul><ul><li>Data is encrypted </li></ul></ul><ul><ul><ul><li>Protection against eavesdropping and man-in-the-middle attacks </li></ul></ul></ul><ul><ul><li>Denial of Service </li></ul></ul><ul><ul><ul><li>Attack based on fake massages can not be used. </li></ul></ul></ul><ul><ul><ul><li>As a security precaution, if WPA equipment sees two packets with invalid MICs within a second, it disassociates all its clients, and stops all activity for a minute </li></ul></ul></ul><ul><ul><ul><li>Only two packets a minute enough to completely stop a wireless network </li></ul></ul></ul>
  40. 40. 802.11i <ul><li>Provides standard for WLAN security </li></ul><ul><li>Authentication </li></ul><ul><ul><li>802.1x </li></ul></ul><ul><li>Data encryption </li></ul><ul><ul><li>AES protocol is used </li></ul></ul><ul><li>Secure fast handoff-This allow roaming between APs without requiring client to fully reauthenticate to every AP. </li></ul><ul><li>Will require new hardware </li></ul>
  41. 41. Advantages <ul><li>Mobility </li></ul><ul><li>Ease of Installation </li></ul><ul><li>Flexibility </li></ul><ul><li>Cost </li></ul><ul><li>Reliability </li></ul><ul><li>Security </li></ul><ul><li>Use unlicensed part of the radio spectrum </li></ul><ul><li>Roaming </li></ul><ul><li>Speed </li></ul>
  42. 42. Limitations <ul><li>Interference </li></ul><ul><li>Degradation in performance </li></ul><ul><li>High power consumption </li></ul><ul><li>Limited range </li></ul>