Wireless technology


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Estas son dos de las antenas típicas en aplicaciones de puentes inalámbricos cuando se quieren cubrir grandes distancias. Como puede verse por el patrón de radiación se trata de antenas muy direccionales. Como siempre es posible obtener un alcance mayor si se está dispuesto a sacrificar parte de la velocidad.
  • En esta figura se muestran algunas de las antenas utilizadas en los ejemplos anteriores. La ganancia de una antena se mide en una escala logarítmica llamada dBi que mide la ganancia relativa a una antena isotrópica, es decir una antena que radia exactamente con la misma potencia en todas las direcciones. Así una antena que tiene una ganancia de 6 dBi radia en el sentido de máxima intensidad con una potencia unas 4 veces mayor que una antena isotrópica (10 0,6 =3,98), lo cual le da un alcance doble que dicha antena isotrópica. En la práctica las antenas isotrópicas no se utilizan por lo que todas las antenas presentan cierta ganancia. Incluso las antenas omnidireccionales son algo direccionales ya que su patrón de radiación solo es homogéneo en dirección horizontal, no en dirección vertical. La antena habitual de menor ganancia es la dipolo simple, que es la estándar en las tarjetas de red de los equipos; esta antena es omnidireccional y tiene una ganancia de 2,14 dBi. Otras antenas más direccionales tienen mayores ganancias. Por ejemplo la antena de parche que aparece en la figura tieen una ganancia de 8,5 dBi.
  • Wireless technology

    1. 1. 3.- Wireless technologies <ul><li>Basics </li></ul><ul><ul><li>Applications </li></ul></ul><ul><ul><li>The physical media </li></ul></ul><ul><ul><li>Free-space loss and frequency dependency </li></ul></ul><ul><ul><li>The IEEE 802 specification family </li></ul></ul><ul><ul><li>Comparison between different wireless technologies (PHY and MAC layers) </li></ul></ul><ul><li>IEEE 802.11 </li></ul><ul><li>Bluetooth </li></ul>
    2. 2. Wireless? Why? <ul><li>Mobility (anytime) </li></ul><ul><li>Coverage (anywhere) </li></ul><ul><li>New applications potential (services) </li></ul><ul><ul><li>Healthcare </li></ul></ul><ul><ul><ul><li>Lab administration </li></ul></ul></ul><ul><ul><ul><li>People with disabilities </li></ul></ul></ul><ul><ul><ul><li>Point-of-Care testing </li></ul></ul></ul><ul><ul><ul><li>Homecare administration </li></ul></ul></ul><ul><ul><ul><li>Controlling patient data </li></ul></ul></ul><ul><ul><li>Education </li></ul></ul><ul><ul><ul><li>More efficient learning methods </li></ul></ul></ul><ul><ul><ul><li>Wireless is ideal for campus-wide coverage </li></ul></ul></ul>
    3. 3. Some Application Areas <ul><li>Retail </li></ul><ul><ul><ul><li>Direct inventory management </li></ul></ul></ul><ul><ul><ul><li>Mobile POS </li></ul></ul></ul><ul><ul><ul><li>Self-checkout </li></ul></ul></ul><ul><ul><ul><li>Mobile scanners </li></ul></ul></ul><ul><li>Manufacturing </li></ul><ul><ul><ul><li>Field based data collections </li></ul></ul></ul><ul><ul><ul><li>Product management </li></ul></ul></ul><ul><ul><ul><li>Inventory visibility and planning </li></ul></ul></ul>
    4. 4. Vehicular Networks <ul><li>Safety and transport efficiency </li></ul><ul><ul><li>In Europe around 40 , 000 people die and more than 1.5 millions are injured every year on the roads </li></ul></ul><ul><ul><li>Traffic jams generate a tremendous waste of time and of fuel </li></ul></ul><ul><li>Most of these problems can be solved by providing appropriate information to the driver or to the vehicle </li></ul>
    5. 5. Vehicle Communication (VC) <ul><li>VC promises safer roads, </li></ul><ul><li>… more efficient driving, </li></ul>
    6. 6. Vehicle Communication (VC) <ul><li>… more fun, </li></ul><ul><li>… and easier maintenance. </li></ul>
    7. 7. Rural communications <ul><li>Rural communications on the global agenda </li></ul><ul><ul><li>Connecting villages with Information and Communication Technologies (ICT) and establishing community access points </li></ul></ul><ul><li>Benefits </li></ul><ul><ul><li>E-business and e-commerce could play an important role in enabling local artisans to reach national and international markets </li></ul></ul>Yasuhiko Kawasumi, “ Rural communications on the global agenda,” Global Survey on Rural Communications for the ITU-D on Communications for rural and remote areas. Over 40% of the world’s population lives in rural and remote areas of developing countries and have difficult or no access to even basic telecommunications services. Development of telecommunications in rural and remote areas, therefore forms an important mission of the ITU Development sector.
    8. 8. Rural populations and their ICT needs <ul><li>Needs of rural people in connection with e-services </li></ul><ul><ul><li>E-health, e-education and e-administration top the list as primary needs </li></ul></ul><ul><ul><li>E-business and e-banking also scored highly </li></ul></ul>ITU-D global survey, Doc 111/SG2 For many rural areas, electricity supply is simply non-existent or insufficient Telemedicine Training in Bhutan by Tokai University: Tokai University Institute of Medical Sciences donated the medical equipments with ICT functions and provided the training on the use of equipments. Tokai University Second Opinion center provides the assistance service over the internet when requested by the Bhutanese ends.
    9. 9. About the “Wireless Internet” WWAN (3G,4G?) Low throughput, short range WLAN (Wi-Fi) WPAN WMAN (Wi-Max) Bluetooth RFID High throughput, short range Low throughput, Long range
    10. 10. Big Picture – WPAN’s <ul><li>WPAN technologies – RFID, Bluetooth </li></ul><ul><li>RFID used in tagging applications, restricted environments (supermarkets, institutions) </li></ul><ul><li>10 billion RFID tags to be sold by the end of 2005 (source: Deloitte & Touche) </li></ul><ul><li>Bluetooth – technology has matured </li></ul><ul><li>56% of mainstream devices commercialised will have Bluetooth support by 2008 (Source: IDC) </li></ul><ul><li>Poor interoperability between vendors restricts the wide use of Bluetooth </li></ul>
    11. 11. Big Picture – WLAN’s <ul><li>WLAN – based on WiFi (802.11x) </li></ul><ul><li>Adoption rate increased worldwide </li></ul><ul><ul><ul><li>Up 51% more units sold globally in 2004 compared to 2003 (source: Infonetics Research) </li></ul></ul></ul><ul><li>European cities’ infrastructure facilitates the adoption of WiFi against wired alternatives </li></ul><ul><ul><ul><li>Old buildings </li></ul></ul></ul><ul><ul><ul><li>High population density </li></ul></ul></ul><ul><ul><ul><li>Poor telecommunications infrastructure </li></ul></ul></ul><ul><li>Wi-Fi mesh infrastructure: </li></ul><ul><ul><li>Current backend implementations of Wi-Fi mesh infrastructure are based on proprietary solutions </li></ul></ul><ul><ul><li>Usage: wireless coverage of WLANs, blanketing large areas with hot-spot coverage </li></ul></ul><ul><ul><li>Coverage: 100m to 10km </li></ul></ul><ul><ul><li>Data rate:54Mbps- 100Mbps </li></ul></ul>
    12. 12. Big Picture –WMAN’s <ul><li>WiMax (Worldwide Interoperability for Microwave Access) </li></ul><ul><li>Standards-based technology </li></ul><ul><li>Deployment of broadband wireless networks based on the IEEE 802.16 standard </li></ul><ul><li>Enables the delivery of last mile wireless broadband access as an alternative to cable and DSL </li></ul><ul><li>Some characteristics of the 802.16- 2004 standard: </li></ul><ul><ul><li>Improve user connectivity </li></ul></ul><ul><ul><li>Higher quality of services </li></ul></ul><ul><ul><li>Full support for WMAN service </li></ul></ul><ul><ul><li>Robust carrier-class operation </li></ul></ul>
    13. 13. Big Picture –WMAN’s Mobile Networks Evolution GPRS EDGE UMTS HSDPA 2G 3G 1995 2015 4G 2005 Download Speed 1-10 Mbps 250-384 kbps 90-180 kbps 40 kbps
    14. 14. 3.- Wireless technologies <ul><li>Basics </li></ul><ul><ul><li>Applications </li></ul></ul><ul><ul><li>The physical media </li></ul></ul><ul><ul><li>Free-space loss and frequency dependency </li></ul></ul><ul><ul><li>The IEEE 802 specification family </li></ul></ul><ul><ul><li>Comparison between different wireless technologies (PHY and MAC layers) </li></ul></ul><ul><li>IEEE 802.11 </li></ul><ul><li>Bluetooth </li></ul>
    15. 15. Antennas basics <ul><li>Directional Antenna </li></ul><ul><ul><li>&quot;An antenna having the property of radiating or receiving electromagnetic waves more effectively in some directions than others&quot;. </li></ul></ul><ul><li>Omni-Directional Antenna </li></ul><ul><ul><li>&quot;A hypothetical, lossless antenna having equal radiation intensity in all directions&quot;. For a WLAN antenna, the gain in dBi is referenced to that of an omni-directional (isotropic) antenna (which is defined as 0 dBi). </li></ul></ul>YAGI Directional Antenna
    16. 16. Directional antennas Yagi antenna (13,5 dBi) reach: 6 Km at 2 Mb/s 2 Km at 11 Mb/s Parabolic antenna (20 dBi) reach: 10 Km at 2 Mb/s 4,5 Km at 11 Mb/s
    17. 17. More antennas examples Horizontal Radiation
    18. 18. ISM frequency bands ISM (Industrial, Scientific and Medical) frequency bands: <ul><ul><li>900 MHz band (902 … 928 MHz) </li></ul></ul><ul><ul><li>2.4 GHz band (2.4 … 2.4835 GHz) </li></ul></ul><ul><ul><li>5.8 GHz band (5.725 … 5.850 GHz) </li></ul></ul>Anyone is allowed to use radio equipment for transmitting in these bands (provided specific transmission power limits are not exceeded) without obtaining a license.
    19. 19. ISM frequency band at 2.4 GHz The ISM band at 2.4 GHz can be used by anyone as long as (in Europe...) <ul><li>Transmitters using FH (Frequency Hopping) technology: </li></ul><ul><ul><li>Total transmission power < 100 mW </li></ul></ul><ul><ul><li>Power density < 100 mW / 100 kHz </li></ul></ul><ul><li>Transmitters using DSSS technology: </li></ul><ul><ul><li>Total transmission power < 100 mW </li></ul></ul><ul><ul><li>Power density < 10 mW / 1 MHz </li></ul></ul>ETSI EN 300 328-1 requirements
    20. 20. Free-space loss The free-space loss L of a radio signal is: where d is the distance between transmitter and receiver,  is the rf wavelength, f is the radio frequency, and c is the speed of light. The formula is valid for d >>  , and does not take into account antenna gains (=> Friis formula) or obstucting elements causing additional loss.
    21. 21. Power budget graphical representation
    22. 22. 3.- Wireless technologies <ul><li>Basics </li></ul><ul><ul><li>Applications </li></ul></ul><ul><ul><li>The physical media </li></ul></ul><ul><ul><li>Free-space loss and frequency dependency </li></ul></ul><ul><ul><li>The IEEE 802 specification family </li></ul></ul><ul><ul><li>Comparison between different wireless technologies (PHY and MAC layers) </li></ul></ul><ul><li>IEEE 802.11 </li></ul><ul><li>Bluetooth </li></ul>
    23. 23. IEEE 802 wireless network technology options Network definition Wireless personal area network (WPAN) Low-rate WPAN (LR-WPAN) Wireless local area network (WLAN) Wireless metroplitan area network (WMAN) IEEE standard IEEE 802.15.1 IEEE 802.15.4 IEEE 802.11 IEEE 802.16 Known as Bluetooth ZigBee WiFi WiMAX
    24. 24. IEEE 802 standardisation framework 802.1 Manage-ment 802.3 MAC 802.3 PHY 802.5 MAC 802.5 PHY 802.11 PHY 802.11a PHY 802.11b PHY 802.11g PHY 802.2 Logical Link Control (LLC) 802.11 Medium Access Control (MAC) CSMA/CD (Ethernet) CSMA/CA Token Ring CSMA/CA (Wireless LAN)
    25. 25. CSMA/CA Wireless LAN 802.11 PHY 802.11a PHY 802.11b PHY 802.11g PHY 802.11 Medium Access Control (MAC) CSMA/CA CSMA/CA = Carrier Sense Multiple Access with Collision Avoidance Unlike wired LAN stations, WLAN stations cannot detect collisions => avoid collisions A common MAC layer, but many PHY options
    26. 26. WLAN physical layer (1) 802.11 PHY 802.11a PHY 802.11b PHY 802.11g PHY 802.11 Medium Access Control (MAC) CSMA/CA The original physical layer specified in 802.11 defines two signal formats: FHSS (Frequency Hopping Spread Spectrum) DSSS (Direct Sequence Spread Spectrum) Data rates supported: 1 and 2 Mbit/s. ISM band: 2.4 … 2.4835 GHz Outdated, never implemented
    27. 27. WLAN physical layer (2) 802.11 PHY 802.11a PHY 802.11b PHY 802.11g PHY 802.11 Medium Access Control (MAC) CSMA/CA The first widely implemented physical layer was 802.11b that uses: DSSS (Direct Sequence Spread Spectrum) like in 802.11 but with larger bit rates: 1, 2, 5.5, 11 Mbit/s Automatic fall-back to lower speeds in case of bad radio channel. ISM band: 2.4 … 2.4835 GHz Becoming outdated
    28. 28. WLAN physical layer (3) 802.11 PHY 802.11a PHY 802.11b PHY 802.11g PHY 802.11 Medium Access Control (MAC) CSMA/CA 802.11a operates in the 5.8 GHz band. 5 GHz frequency band The signal format is OFDM (Orthogonal Frequency Division Multiplexing) Data rates supported: Various bit rates from 6 to 54 Mbit/s. Not too used in Europe
    29. 29. WLAN physical layer (4) 802.11 PHY 802.11a PHY 802.11b PHY 802.11g PHY 802.11 Medium Access Control (MAC) CSMA/CA 802.11g is the most recent physical layer, operating in the same band as 802.11b ISM band: 2.4 … 2.4835 GHz The signal format is OFDM (Orthogonal Frequency Division Multiplexing) Data rates supported: Various bit rates from 6 to 54 Mbit/s (same as 802.11a)
    30. 30. Wireless Fidelity (WiFi) 802.11 PHY 802.11a PHY 802.11b PHY 802.11g PHY 802.11 Medium Access Control (MAC) CSMA/CA WiFi The WiFi certification program of the Wireless Ethernet Compatibility Alliance (WECA) addresses compatibility of IEEE 802.11 equipment => WiFi ensures interoperability of equipment from different vendors. WiFi5
    31. 31. Wireless Personal Area Network (WPAN) 802.1 Manage-ment 802.3 MAC 802.3 PHY 802.5 MAC 802.5 PHY 802.11 PHY 802.15.1 MAC + PHY 802.2 LLC 802.11 MAC 802.15.4 MAC + PHY 802.16 MAC + PHY Bluetooth Special Interest Group (SIG) ISM band: 2.4 … 2.4835 GHz Data rates up to 700 kbit/s (2.1 Mbit/s)
    32. 32. Low-rate WPAN (LR-WPAN) 802.15.1 MAC + PHY 802.15.4 MAC + PHY 802.16 MAC + PHY 802.1 Manage-ment 802.3 MAC 802.3 PHY 802.5 MAC 802.5 PHY 802.11 PHY 802.2 LLC 802.11 MAC ISM band: 2.4 … 2.4835 GHz ZigBee Alliance Data rates up to 250 kbit/s
    33. 33. Wireless Metropolitan Area Network (WMAN) 802.15.1 MAC + PHY 802.15.4 MAC + PHY 802.16 MAC + PHY 802.1 Manage-ment 802.3 MAC 802.3 PHY 802.5 MAC 802.5 PHY 802.11 PHY 802.2 LLC 802.11 MAC Various frequency bands (not only ISM) WiMAX Various data rates up to 100 Mbit/s and more
    34. 34. 3.- Wireless technologies <ul><li>Basics </li></ul><ul><ul><li>Applications </li></ul></ul><ul><ul><li>The physical media </li></ul></ul><ul><ul><li>Free-space loss and frequency dependency </li></ul></ul><ul><ul><li>The IEEE 802 specification family </li></ul></ul><ul><ul><li>Comparison between different wireless technologies (PHY and MAC layers) </li></ul></ul><ul><li>IEEE 802.11 </li></ul><ul><li>Bluetooth </li></ul>
    35. 35. Possible architectures <ul><li>Independent Basic Service Set (IBSS) </li></ul><ul><ul><li>Decentralized structure </li></ul></ul><ul><ul><li>Flexible: </li></ul></ul><ul><ul><ul><li>Permanent and temporary networks </li></ul></ul></ul><ul><ul><li>Allows to control power consumption </li></ul></ul><ul><li>infrastructure Basic Service Set (BSS) </li></ul><ul><ul><li>Components: </li></ul></ul><ul><ul><ul><li>Station (STA) </li></ul></ul></ul><ul><ul><ul><li>Access Point (AP) or Point Coordinator (PC) </li></ul></ul></ul><ul><ul><li>Basic Service Set (BSS) </li></ul></ul><ul><ul><li>Extended Service Set (ESS) </li></ul></ul>
    36. 36. The Extended Service Set (ESS) <ul><li>The standard does not define the implementation details </li></ul><ul><li>exists a proposal by a group of industries: Inter-acces point protocol (IAPP) </li></ul>Distribution System (DS) BSS AP WLAN LAN
    37. 37. Task Group f <ul><li>Scope of Project : to develop recommended practices for an Inter-Access Point Protocol (IAPP) which provides the necessary capabilities to achieve multi-vendor Access Point interoperability across a Distribution System supporting IEEE P802.11 Wireless LAN Links. </li></ul><ul><li>Purpose of  Project : ... including the concepts of Access Points and Distribution Systems. Implementation of these concepts where purposely not defined by P802.11 ... As 802.11 based systems have grown in popularity, this limitation has become an impediment to WLAN market growth. </li></ul><ul><li>This project proposes to specify the necessary information that needs to be exchanged between Access Points to support the P802.11 DS functions. The information exchanges required will be specified for, one or more Distribution Systems; in a manner sufficient to enable the implementation of Distribution Systems containing Access Points from different vendors which adhere to the recommended practices </li></ul><ul><li>Status : Work has been completed and is now part of the Standard as a recommended practice. </li></ul>
    38. 38. Frames structure <ul><li>management (00) </li></ul><ul><li>control (01), </li></ul><ul><li>data (10), </li></ul><ul><li>reserved (11) </li></ul><ul><li>Types of addresses: </li></ul><ul><li>Source address (SA) </li></ul><ul><li>Destination Address (DA) </li></ul><ul><li>Transmitter Address (TA) </li></ul><ul><li>Receiver Address (RA) </li></ul><ul><li>BSS identifier (BSSID) </li></ul>SA DA TA RA 1 1 Wireless DS - DA SA RA = BSSID 0 1 To the AP - SA BSSID RA = DA 1 0 From the AP - BSSID SA RA = DA 0 0 IBSS Addr. 4 Addr. 3 Addr. 2 Addr. 1 From DS To DS Función
    39. 39. BSSID y SSID <ul><li>BSSID ( Basic Service Set Identity ) </li></ul><ul><ul><li>BSS: AP’s MAC address </li></ul></ul><ul><ul><li>Ad-Hoc: 46 bit random number </li></ul></ul><ul><li>SSID ( Service Set ID ) </li></ul><ul><ul><li>Known as the Network Name </li></ul></ul><ul><ul><li>Length: 0~32 bytes </li></ul></ul><ul><ul><ul><li>0: is the broadcast SSID </li></ul></ul></ul><ul><ul><li>Handled either manually or automatically </li></ul></ul><ul><ul><li>Should be unique; used to distinguish WLAN </li></ul></ul><ul><ul><li>Access point and station that would like to form a unique WLAN should use the same SSID </li></ul></ul>
    40. 40. Addressing and DS bits Server DA DS RA (BSSID) SA/TA Client AP Server SA AP AP TA Client RA DA SA DA TA RA 1 1 Wireless DS - DA SA RA = BSSID 0 1 To the AP - SA BSSID RA = DA 1 0 From the AP - BSSID SA RA = DA 0 0 IBSS Addr. 4 Addr. 3 Addr. 2 Addr. 1 From DS To DS Función
    41. 41. Services <ul><li>The IEEE 802.11 architecture defines 9 services: for the station and for the distribution </li></ul><ul><li>Station services: </li></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Deauthentication </li></ul></ul><ul><ul><li>Privacy  WEP </li></ul></ul><ul><ul><li>Data delivery </li></ul></ul><ul><li>Distribution services: </li></ul><ul><ul><li>Association  generates a connection between a STA and a AP </li></ul></ul><ul><ul><li>Disassociation </li></ul></ul><ul><ul><li>Reassociation  like association but informing about the previous AP </li></ul></ul><ul><ul><li>Distribution </li></ul></ul><ul><ul><li>integration  connects the WLAN with other LANs; </li></ul></ul>Similar to connect/disconnect a cable to a traditional network
    42. 42. State variables and services State 1: unauthenticated, unassociated State 2: authenticated , unassociated State 3: authenticated, associated Disassociation notification Successful authentication Deauthentication notification Successful authentication or reassociation Class 1, 2 & 3 frames Class 1 & 2 frames Class 1 frames Deauthentication notification In a IBSS there is neither auth., nor ass. Data service is allowed A STA can be authenticated with various AP but it can be associated with only one AP
    43. 43. Scanning <ul><li>Parameters : BSStype, BSSID, SSID, ScanType, ChannelList, ProbeDelay, Min/MaxChannelDelay </li></ul><ul><li>ScanType : Passive </li></ul><ul><ul><li>The stations wait for the APs beacons </li></ul></ul><ul><li>ScanType : Active </li></ul><ul><ul><li>Stations send probe requests </li></ul></ul><ul><li>scan report are generated </li></ul><ul><li>The following phase is joining; this phase precedes the sequence of actions up to association </li></ul>
    44. 44. The MAC: reliable data delivery <ul><li>CSMA/CA with binary exponential backoff </li></ul><ul><li>The minimum protocol consists of two frames: the data and the ACK </li></ul><ul><li>The 5 timing values: </li></ul><ul><li>Slot time </li></ul><ul><li>SIFS: short interframe space (< slot time) </li></ul><ul><li>PIFS: PCF interframe space (=SIFS+1slot) </li></ul><ul><li>DIFS: DCF interframe space (=SIFS+2slots) </li></ul><ul><li>EIFS: extended interframe space </li></ul>Point Coordination Function (PCF) Distributed Coordination Function (DCF) MAC No contention With contention DIFS DIFS PIFS SIFS Contention window defer access busy medium slot
    45. 45. DCF behaviour <ul><li>The back off values are chosen inside the congestion window . That is, inside the interval [0, CW] </li></ul><ul><li>CW can vary between 31 slots ( CW min ) and 1023 slots ( CW max ) </li></ul><ul><li>CW is incremented after every failed sending and reset after every successful transmission </li></ul><ul><li>B1 and B2 are the back off interval at STA 1 and 2 </li></ul><ul><li>CW = 31 </li></ul>data wait B1 = 5 B2 = 15 data wait B1 = 25 B2 = 20 B2 = 10
    46. 46. Problematic configurations A B C A B C D Exposed node Hidden node
    47. 47. RTS/CTS mechanism <ul><li>Based on the network allocation vector (NAV) </li></ul>RTS DIFS CTS data ACK DIFS NAV (RTS) NAV (CTS) source destination other STA defer access Contention window SIFS SIFS SIFS
    48. 48. PCF: Point Coordination Function <ul><li>Beacons are used to keep timers in the stations synchronized and to send control information </li></ul><ul><li>The AP generates beacons at regular intervals </li></ul><ul><li>Stations know when the following beacon is arriving </li></ul><ul><ul><li>The target beacon transmission time (TBTT) is announced in the previous beacon </li></ul></ul>Data+Poll DATA+ACK Beacon Data+Poll ACK Station 2 sets NAV(Network Allocation Vector) CF-End PIFS SIFS SIFS SIFS SIFS SIFS (no response) PIFS CP PC STA1 Contention Free Period CP Data+Poll SIFS STA2 NAV Reset Time STA3 Station 3 is hidden to the PC, it does not set the NAV. It continues to operate in DCF.
    49. 49. PCF: the superframe <ul><li>There is an repetition of contention-free (CFP) and contention (CP) periods </li></ul><ul><li>A CFP and the following CP form a superframe . </li></ul>Beacon CF-Poll CF-End 802.11 periodic Superframe DATA DATA DATA CFP(Contention Free Period) CP(Contention Period) DATA DATA DATA PC STAs
    50. 50. Broadcast trafic <ul><li>It is not possible to fragment frames whose destination is a group address </li></ul><ul><li>Acknowledgement are not sent </li></ul><ul><li>MAC does not offer any retransmission service to broadcast or multicast frames </li></ul>
    51. 51. 802.11b channels overview <ul><li>The standard defines 14 channels, 22 MHz wide </li></ul><ul><ul><li>FCC only uses the first 11 </li></ul></ul><ul><ul><li>In Spain only channel 10 and 11 </li></ul></ul><ul><li>3 channel do not overlap (1, 6,11) </li></ul><ul><li>data rate is 11 Mbps </li></ul>
    52. 52. 3.- Wireless technologies <ul><li>Basics </li></ul><ul><ul><li>Applications </li></ul></ul><ul><ul><li>The physical media </li></ul></ul><ul><ul><li>Free-space loss and frequency dependency </li></ul></ul><ul><ul><li>The IEEE 802 specification family </li></ul></ul><ul><ul><li>Comparison between different wireless technologies (PHY and MAC layers) </li></ul></ul><ul><li>IEEE 802.11: SECURITY </li></ul><ul><li>Bluetooth </li></ul>
    53. 53. Wireless LAN Security Issues <ul><li>Issue </li></ul><ul><li>Wireless sniffer can view all WLAN data packets </li></ul><ul><li>Anyone in AP coverage area can get on WLAN </li></ul><ul><li>802.11 WEP Solution </li></ul><ul><li>Encrypt all data transmitted between client and AP </li></ul><ul><li>Without encryption key, user cannot transmit or receive data </li></ul>Wireless LAN (WLAN) Wired LAN Goal: Make WLAN security equivalent to that of wired LANs (Wired Equivalent Privacy) client access point (AP)
    54. 54. WEP – Protection for 802.11b <ul><li>Wired Equivalent Privacy </li></ul><ul><ul><li>No worse than what you get with wire-based systems. </li></ul></ul><ul><li>Criteria: </li></ul><ul><ul><li>“ Reasonably strong” </li></ul></ul><ul><ul><li>Self-synchronizing – stations often go in and out of coverage </li></ul></ul><ul><ul><li>Computationally efficient – in HW or SW since low MIPS CPUs might be used </li></ul></ul><ul><ul><li>Exportable – US export codes (relaxed in Jan 2000 / “Wassenaar Arrangement”) </li></ul></ul><ul><ul><li>Optional – not required to used it </li></ul></ul><ul><li>Objectives: </li></ul><ul><ul><li>confidentiality </li></ul></ul><ul><ul><li>integrity </li></ul></ul><ul><ul><li>authentication </li></ul></ul>
    55. 55. WEP – How It Works <ul><li>Secret key (40 bits or 104 bits) </li></ul><ul><ul><li>can use up to 4 different keys </li></ul></ul><ul><li>Initialization vector (24 bits, by IEEE std.) </li></ul><ul><ul><li>total of 64 or 128 bits “of protection.” </li></ul></ul><ul><li>RC4-based pseudo random number generator (PRNG) </li></ul><ul><li>Integrity Check Value (ICV): CRC 32 </li></ul>IV (4 bytes) Data (PDU) (  1 byte) Frame header ICV (4 bytes) FCS Init Vector (3 bytes) 1 byte Pad 6 bits Key ID 2 bits
    56. 56. WEP Encryption Process <ul><li>Compute ICV using CRC-32 over plaintext msg. </li></ul><ul><li>Concatenate ICV to plaintext message. </li></ul><ul><li>Choose random IV and concat it to secret key and input it to RC4 to produce pseudo random key sequence. </li></ul><ul><li>Encrypt plaintext + ICV by doing bitwise XOR with key sequence to produce ciphertext. </li></ul><ul><li>Put IV in front of cipertext. </li></ul>Initialization Vector (IV) Secret Key Plaintext Integrity Algorithm Seed WEP PRNG Key Sequence Integrity Check Value (ICV) IV Ciphertext Message
    57. 57. WEP Decryption Process <ul><li>IV of message used to generate key sequence, k. </li></ul><ul><li>Ciphertext XOR k  original plaintext + ICV. </li></ul><ul><li>Verify by computing integrity check on plaintext (ICV’) and comparing to recovered ICV. </li></ul><ul><li>If ICV  ICV’ then message is in error; send error to MAC management and back to sending station. </li></ul>IV Ciphertext Secret Key Message WEP PRNG Seed Key Sequence Integrity Algorithm Plaintext ICV’ ICV ICV’ - ICV
    58. 58. WEP Station Authentication <ul><li>Wireless Station (WS) sends Authentication Request to Access Point (AP). </li></ul><ul><li>AP sends (random) challenge text T. </li></ul><ul><li>WS sends challenge response (encrypted T). </li></ul><ul><li>AP sends ACK/NACK. </li></ul>WS AP Auth. Req. Challenge Text Challenge Response Ack
    59. 59. WEP Weaknesses <ul><li>Forgery Attack </li></ul><ul><ul><li>Packet headers are unprotected, can fake src and dest addresses. </li></ul></ul><ul><ul><li>AP will then decrypt data to send to other destinations. </li></ul></ul><ul><ul><li>Can fake CRC-32 by flipping bits. </li></ul></ul><ul><li>Replay </li></ul><ul><ul><li>Can eavesdrop and record a session and play it back later. </li></ul></ul><ul><li>Collision (24 bit IV; how/when does it change?) </li></ul><ul><ul><li>Sequential: roll-over in < ½ day on a busy net </li></ul></ul><ul><ul><li>Random: After 5000 packets, > 50% of reuse. </li></ul></ul><ul><li>Weak Key </li></ul><ul><ul><li>If ciphertext and plaintext are known, attacker can determine key. </li></ul></ul><ul><ul><li>Certain RC4 weak keys reveal too many bits. Can then determine RC4 base key. </li></ul></ul><ul><li>Well known attack described in Fluhrer/Mantin/Shamir paper </li></ul><ul><ul><li>“ Weaknesses in the Key Scheduling Algorithm of RC4 ”, Scott Fluhrer, Itsik Mantin, and Adi Shamir </li></ul></ul><ul><ul><li>using : http://www.aircrack-ng.org/ </li></ul></ul>
    60. 60. Ways to Improve Security with WEP <ul><li>Use WEP(!) </li></ul><ul><li>Change wireless network name from default </li></ul><ul><ul><li>any, 101, tsunami </li></ul></ul><ul><li>Turn on closed group feature, if available in AP </li></ul><ul><ul><li>Turns off beacons, so you must know name of the wireless network </li></ul></ul><ul><li>MAC access control table in AP </li></ul><ul><ul><li>Use Media Access Control address of wireless LAN cards to control access </li></ul></ul><ul><li>Use 802.11i support if available in AP </li></ul><ul><ul><li>Define user profiles based on user name and password </li></ul></ul><ul><li>War Driving in New Orleans (back in December 2001) </li></ul><ul><ul><li>Equipment </li></ul></ul><ul><ul><ul><li>Laptop, wireless card, software </li></ul></ul></ul><ul><ul><ul><li>GPS, booster antenna (optional) </li></ul></ul></ul><ul><ul><li>Results </li></ul></ul><ul><ul><ul><li>64 Wireless LAN’s </li></ul></ul></ul><ul><ul><ul><li>Only 8 had WEP Enabled (12%) </li></ul></ul></ul><ul><ul><ul><li>62 AP’s & 2 Peer to Peer Networks </li></ul></ul></ul><ul><ul><ul><li>25 Default (out of the box) Settings (39%) </li></ul></ul></ul><ul><ul><ul><li>29 Used The Company Name For ESSID (45%) </li></ul></ul></ul>
    61. 61. War Driving in New Orleans (back in December 2001)
    62. 62. Other solutions <ul><li>VPN Connectivity </li></ul><ul><ul><li>PPTP </li></ul></ul><ul><ul><li>L2TP </li></ul></ul><ul><ul><li>Third Party </li></ul></ul><ul><li>IPSec </li></ul><ul><ul><li>Many vendors </li></ul></ul><ul><li>Password-based Layer 2 Authentication </li></ul><ul><ul><li>Cisco LEAP </li></ul></ul><ul><ul><li>RSA/Secure ID </li></ul></ul><ul><ul><li>IEEE 802.1x PEAP/MSCHAP v2 </li></ul></ul><ul><li>Certificate-based Layer 2 Authentication </li></ul><ul><ul><li>IEEE 802.1x EAP/TLS </li></ul></ul>
    63. 63. WLAN Security Comparisons WLAN Security Type Security Level Ease of Deployment Usability and Integration IEEE 802.11 Low High High VPN Medium Medium Low Password-based Medium Medium High IPSec High Low Low IEEE 802.1x TLS High Low High
    64. 64. 802.1X <ul><li>Defines port-based access control mechanism </li></ul><ul><ul><li>Works on anything, wired and wireless </li></ul></ul><ul><ul><li>Access point must support 802.1X </li></ul></ul><ul><ul><li>No special encryption key requirements </li></ul></ul><ul><li>Allows choice of authentication methods using EAP </li></ul><ul><ul><li>Chosen by peers at authentication time </li></ul></ul><ul><ul><li>Access point doesn’t care about EAP methods </li></ul></ul><ul><li>Manages keys automatically </li></ul><ul><ul><li>No need to preprogram wireless encryption keys </li></ul></ul>
    65. 65. Wi-Fi Protected Access (WPA) <ul><li>A specification of standards-based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN systems </li></ul><ul><li>Goals </li></ul><ul><ul><li>Enhanced Data Encryption (TKIP) </li></ul></ul><ul><ul><li>Provide user authentication (802.1x) </li></ul></ul><ul><ul><li>Be forward compatible with (802.11i) </li></ul></ul><ul><ul><li>Provide non-RADIUS solution for Small/Home offices WPA-PSK </li></ul></ul><ul><li>Typically a software upgrade and Wi-Fi Alliance began certification testing for interoperability on Wi-Fi Protected Access products in February 2003 </li></ul><ul><li>WPA2 </li></ul>
    66. 66. Wi-Fi Protected Access (WPA) <ul><li>WEPs IV only 24 bits and so are repeated every few hours  WPA increased IV to 24 bits repeated 900 years </li></ul><ul><li>WPA alters values acceptable as IVs </li></ul><ul><li>Protects against forgery and replay attacks </li></ul><ul><ul><li>IV formed MAC address </li></ul></ul><ul><ul><li>TSC </li></ul></ul><ul><li>TKIP: New password generated every 10,000 packets </li></ul><ul><li>WPA-PSK  Passphrase </li></ul><ul><li>WPA 802.ii1 recommend 20-character password </li></ul><ul><li>Crack is brute force based </li></ul>
    67. 67. 802.1x and PEAP
    68. 68. 3.- Wireless technologies <ul><li>Basics </li></ul><ul><ul><li>Applications </li></ul></ul><ul><ul><li>The physical media </li></ul></ul><ul><ul><li>Free-space loss and frequency dependency </li></ul></ul><ul><ul><li>The IEEE 802 specification family </li></ul></ul><ul><ul><li>Comparison between different wireless technologies (PHY and MAC layers) </li></ul></ul><ul><li>IEEE 802.11: CONFIGURATION </li></ul><ul><li>Bluetooth </li></ul>
    69. 69. Linksys Wireless-G Access Point
    70. 70. Linksys Wireless-G Access Point
    71. 71. Linksys Wireless-G Access Point
    72. 72. Linksys Wireless-G Access Point
    73. 73. Linksys Wireless-G Access Point
    74. 74. Linksys Wireless-G Access Point
    75. 75. Linksys Wireless-G Access Point
    76. 76. Linksys Wireless-G Access Point
    77. 77. Linksys Wireless-G Access Point
    78. 78. Linksys Wireless-G Access Point
    79. 79. Linksys Wireless-G Access Point
    80. 80. 3.- Wireless technologies <ul><li>Bluetooth </li></ul>
    81. 81. Bluetooth history <ul><li>De facto standard - open specifications. </li></ul><ul><ul><li>publicly available on Bluetooth.com: </li></ul></ul><ul><ul><ul><li>http://bluetooth.com/Bluetooth/Technology/Works/ </li></ul></ul></ul><ul><li>Bluetooth specs developed by Bluetooth SIG. </li></ul><ul><ul><li>February 1998 : The Bluetooth SIG is formed </li></ul></ul><ul><ul><ul><li>promoter company group: Ericsson, IBM, Intel, Nokia, Toshiba </li></ul></ul></ul><ul><ul><li>May 1998: The Bluetooth SIG goes “public” </li></ul></ul><ul><ul><li>July 1999: 1.0A spec (>1,500 pages) is published </li></ul></ul><ul><ul><li>December 1999: ver. 1.0B is released </li></ul></ul><ul><ul><li>December 1999: The promoter group increases to 9 </li></ul></ul><ul><ul><ul><li>3Com, Lucent, Microsoft, Motorola </li></ul></ul></ul><ul><ul><li>February 2000: There are 1,500+ adopters </li></ul></ul><ul><li>Versions: </li></ul><ul><ul><li>0.7  0.9  1.0A  1.0B  1.1  … </li></ul></ul><ul><li>November 2003: release 1.2 </li></ul><ul><li>November 2004: release 2.0+EDR </li></ul><ul><ul><li>(EDR or Extended Data Rate) triples the data rate up to about 3 Mb/s </li></ul></ul><ul><li>Currently (July 2007): release 2.1+EDR </li></ul><ul><li>Next specification (2Q08) will include ability to utilize additional radio technologies to enable high speed Bluetooth applications. </li></ul>
    82. 82. Versions <ul><li>The 1.2 version, unlike the 1.1, provides a complementary wireless solution to co-exist Bluetooth and Wi-Fi in the 2.4 GHz spectrum without interference between them. </li></ul><ul><ul><li>uses the technique &quot;Adaptive Frequency Hopping (AFH), which runs a more efficient transmission and a more secure encryption. </li></ul></ul><ul><ul><li>offers voice quality (Voice Quality - Enhanced Voice Processing) with less noise, and provides a faster configuration of communication with other Bluetooth devices within range of reach. </li></ul></ul><ul><li>Version 2.0, created to be a separate specification, mainly incorporates the technique &quot;Enhanced Data Rate (EDR) that allows you to improve transmission speeds up to 3Mbps while trying to solve some errors specification 1.2. </li></ul>
    83. 83. Release 2.1 <ul><li>Near Field Communication (NFC) Technology </li></ul><ul><ul><li>NFC may also be used in the new pairing system, enabling a user to hold two devices together at a very short range to complete the pairing process. </li></ul></ul><ul><ul><li>Lower Power Consumption </li></ul></ul><ul><ul><ul><li>Reduced power consumption means longer battery life in devices like mice and keyboards. Bluetooth Specification Version 2.1 + EDR can increase battery life by up to five times. </li></ul></ul></ul><ul><ul><li>Improved Security </li></ul></ul><ul><ul><ul><li>For pairing scenarios that require user interaction, eavesdropper protection makes a simple six-digit passkey stronger than a 16-digit alphanumberic character random PIN code. Improved pairing also offers &quot;Man in the Middle&quot; protection that in reality eliminates the possibility for an undetected middle man intercepting information. </li></ul></ul></ul>
    84. 84. Bluetooth usage <ul><li>Low-cost, low-power, short range radio  a cable replacement technology </li></ul><ul><ul><li>Common (File transfer, synchronisation, internet bridge, conference table) </li></ul></ul><ul><ul><li>Hidden computing (background synchronisation, audio/video player) </li></ul></ul><ul><ul><li>Future (PC login, remote control) </li></ul></ul><ul><li>Why not use Wireless LANs? </li></ul><ul><ul><li>power </li></ul></ul><ul><ul><li>cost </li></ul></ul>
    85. 85. Bluetooth RF <ul><li>1 Mb/s symbol rate </li></ul><ul><li>Normal range 10m (0dBm) </li></ul><ul><li>Optional range 100m (+20dBm) </li></ul><ul><li>Normal transmission power 0dBm (1mW) </li></ul><ul><li>Optional transmission power -30 to +20dBm (100mW) </li></ul><ul><li>Receiver sensitivity -70dBm </li></ul><ul><li>Frequency band 2.4Ghz ISM band </li></ul><ul><li>Gross data rate 1Mbit/s </li></ul><ul><li>Max data transfer 721+56kbps/3 voice channels </li></ul><ul><li>Power consumption 30uA(max), 300uA(standby), ~50uA(hold/park) </li></ul><ul><li>Packet switching protocol based on frequency hop scheme with 1600 hops/s </li></ul>
    86. 86. Bluetooth Power Class Table 30m 10m 0dBm 1mW Class 3 50m 16m 4dBm 2.5mW Class 2 300m 42m 20dBm 100mW Class 1 Range in Free Space Expected Range Max Output Power Max Output Power Power Class
    87. 87. Bluetooth Network Topology <ul><li>Bluetooth devices have the ability to work as a slave or a master in an ad hoc network. The types of network configurations for Bluetooth devices can be three. </li></ul><ul><ul><li>Single point-to-point ( Piconet ): In this topology the network consists of one master and one slave device. </li></ul></ul><ul><ul><li>Multipoint ( Piconet ): Such a topology combines one master device and up to seven slave devices in an ad hoc network. </li></ul></ul><ul><ul><li>Scatternet : A Scatternet is a group of Piconets linked via a slave device in one Piconet which plays master role in other Piconet. </li></ul></ul>The Bluetooth standard does not describe any routing protocol for scatternets and most of the hardware available today has no capability of forming scatternets. Some even lack the ability to communicate between slaves of one piconet or to be a member of two piconets at the same time. M S i) Piconet (Point-to-Point) M S S S S ii) Piconet (Multipoint) M S S S M S S Master/Slave iii) Scatternet
    88. 88. Bluetooth stack: short version RF Baseband Link Manager L2CAP SDP RFCOMM Applications HCI
    89. 89. Transport Protocol Group (contd.) <ul><li>Radio Frequency (RF) </li></ul><ul><ul><li>Sending and receiving modulated bit streams </li></ul></ul><ul><li>Baseband </li></ul><ul><ul><li>Defines the timing, framing </li></ul></ul><ul><ul><li>Flow control on the link. </li></ul></ul><ul><li>Link Manager </li></ul><ul><ul><li>Managing the connection states. </li></ul></ul><ul><ul><li>Enforcing Fairness among slaves. </li></ul></ul><ul><ul><li>Power Management </li></ul></ul><ul><li>Logical Link Control & Adaptation Protocol </li></ul><ul><ul><li>Handles multiplexing of higher level protocols </li></ul></ul><ul><ul><li>Segmentation & reassembly of large packets </li></ul></ul><ul><ul><li>Device discovery & QoS </li></ul></ul><ul><li>The Radio, Baseband and Link Manager are on firmware. </li></ul><ul><li>The higher layers could be in software. </li></ul><ul><li>The interface is then through the Host Controller (firmware and driver). </li></ul><ul><li>The HCI interfaces defined for Bluetooth are UART, RS232 and USB. </li></ul>Source: Farinaz Edalat, Ganesh Gopal, Saswat Misra, Deepti Rao BLUETOOTH SPECIFICATION, Core Version 1.1 page 543
    90. 90. End to End Overview of Lower Software Layers to Transfer Data BLUETOOTH SPECIFICATION, Core Version 1.1 page 544
    91. 91. Physical Link Definition <ul><li>Synchronous Connection-Oriented (SCO) Link </li></ul><ul><ul><li>circuit switching </li></ul></ul><ul><ul><li>symmetric, synchronous services </li></ul></ul><ul><ul><li>slot reservation at fixed intervals </li></ul></ul><ul><li>Asynchronous Connection-Less (ACL) Link </li></ul><ul><ul><li>packet switching </li></ul></ul><ul><ul><li>(a)symmetric, </li></ul></ul><ul><ul><li>asynchronous services </li></ul></ul><ul><ul><li>polling access scheme </li></ul></ul>
    92. 92. ACL data rates
    93. 93. Multi-slot packets Single slot Three slot Five slot f n f n+1 f n+2 f n+3 f n+4 f n+5
    94. 94. Symmetric single slot f n f n+1 f n+2 f n+3 f n+4 f n+5 f n+6 f n+7 f n+8 f n+9 f n+10 f n+11 f n+12 Master Slave
    96. 96. Polling on ACL links <ul><li>Slave is allowed to send only after it has been polled. </li></ul><ul><li>Master polls slave at least Npoll slots (negotiated). </li></ul><ul><li>Master may send at will. </li></ul><ul><li>Polling algorithm is proprietary. </li></ul>time Master Slave Data Data POLL Slot TDD frame
    97. 97. Bluetooth Connection States <ul><li>There are four Connection states on Bluetooth Radio: </li></ul><ul><li>Active : Both master and slave participate actively on the channel by transmitting or receiving the packets (A,B,E,F,H) </li></ul><ul><li>Sniff : In this mode slave rather than listening on every slot for master's message for that slave, sniffs on specified time slots for its messages. Hence the slave can go to sleep in the free slots thus saving power (C) </li></ul><ul><li>Hold : In this mode, a device can temporarily not support ACL packets and go to low power sleep mode to make the channel available for things like paging, scanning etc (G) </li></ul><ul><li>Park : Slave stays synchronized but not participating in the Piconet, then the device is given a Parking Member Address (PMA) and it loses its Active Member Address (AMA) (D,I) </li></ul>Bluetooth Connection States E A G H C D I H C B F Master
    98. 98. Bluetooth Forming a Piconet <ul><li>Inquiry : Inquiry is used to find the identity of the Bluetooth devices in the close range. </li></ul><ul><li>Inquiry Scan : In this state, devices are listening for inquiries from other devices. </li></ul><ul><li>Inquiry Response : The slave responds with a packet that contains the slave's device access code, native clock and some other slave information. </li></ul><ul><li>Page : Master sends page messages by transmitting slave's device access code (DAC) in different hop channels. </li></ul><ul><li>Page Scan : The slave listens at a single hop frequency (derived from its page hopping sequence) in this scan window. </li></ul><ul><li>Slave Response : Slave responds to master's page message </li></ul><ul><li>Master Response : Master reaches this substate after it receives slave's response to its page message for it. </li></ul>Forming a Piconet Procedures Master Inquiry Inquiry Scan Inquiry Response Page Page Scan Slave Response Master Response Connection Connection Slave 3 2 4 1 5 7 6
    99. 99. SDP - Service Discovery <ul><li>Focus </li></ul><ul><ul><li>Service discovery within Bluetooth environment </li></ul></ul><ul><ul><li>Optimized for dynamic nature of Bluetooth </li></ul></ul><ul><ul><li>Services offered by or through Bluetooth devices </li></ul></ul><ul><li>Some Bluetooth SDP Requirements (partial list) </li></ul><ul><ul><li>Search for services based upon service attributes and service classes </li></ul></ul><ul><ul><li>Browse for services without a priori knowledge of services </li></ul></ul><ul><ul><li>Suitable for use on limited-complexity devices </li></ul></ul><ul><ul><li>Enable caching of service information </li></ul></ul><ul><li>How it works? </li></ul><ul><ul><li>Establish L2CAP connection to remote device </li></ul></ul><ul><ul><li>Query for services </li></ul></ul><ul><ul><ul><li>Search for specific class of service, or </li></ul></ul></ul><ul><ul><ul><li>Browse for services </li></ul></ul></ul><ul><ul><li>Retrieve attributes that detail how to connect to the service </li></ul></ul><ul><ul><li>Establish a separate (non-SDP) connection to use the service </li></ul></ul>
    100. 100. Packet Structure Control packets Data/voice packets Voice data HV1 HV2 HV3 DV (136 bits) DM1 DM3 DM5 DH1 DH3 DH5 (2712 bits) Source: Farinaz Edalat, Ganesh Gopal, Saswat Misra, Deepti Rao Data Header CRC <ul><li>ARQ </li></ul><ul><li>CRC </li></ul><ul><li>FEC (optional) </li></ul><ul><li>No retries </li></ul><ul><li>No CRC </li></ul><ul><li>FEC (optional) </li></ul>220  s ID* Null Poll FHS DM1 72 bits 54 bits 0 - 2745 bits Access Code Header Payload Guard
    101. 101. Bluez