SlideShare a Scribd company logo

IEEE 802.11 Wireless LAN Standards

Download as PPTX, PDF
T
TapodhirAcharjee2

wireless

Education
1 of 84
Topic 1 Wireless LAN – IEEE 802.11
Frequency Bands Band Frequency Range Propagation Characteristics Typical Use ELF(Extrem ely Low Freq) 30 – 300Hz Ground Wave (GW) Power Line frequencies; used by some home control systems VF (Voice Freq) 300 – 3KHz GW Telephone system for analog subscriber lines VLF (Very Low Freq) 3 – 30KHz GW Long-range navigation; submarine commn LF (Low Freq) 30 – 300KHz GW Long-range navigation; marine comm radio beacon MF(Medium Freq) 300 – 3MHz GW and night SW (Sky Wave) Maitime radio; direction finding; AM broadcasting HF (High Freq) 3 – 30MHz SW Amateur Radio; int’l broadcasting; military comm; long dist aircraft and ship comm
Frequency Bands (Cont’d) Band Frequency Range Propagation Characteristics Typical Use VHF (Very High Freq) 30 – 300MHz Line-of-Sight (LOS) VHF Television; FM Radio and 2-way radio, AM aircraft comm; aircraft navigation aids UHF (Ultra High Freq) 300 – 3GHz LOS UHF Television; Cell phone; radar; microwave links; PCS SHF (Very Low Freq) 3 – 30GHz LOS Satellite commn;radar; terrestrial microwave links; Wireless Local Loop EHF (Extremely High Freq) 30 – 300GHz LOS Experimental; WLL Infrared 300GHz – 400THz LOS Infrared LANs; Consumer electronic applns Visible Light 400THz – 900THz LOS Optical Communication
Mobile Communication Technology according to IEEE (examples) Local wireless networks WLAN 802.11 802.11a 802.11b 802.11i/e/…/n/…/z/aa 802.11g WiFi 802.11h Personal wireless nw WPAN 802.15 802.15.4 802.15.1 802.15.2 Bluetooth 802.15.4a/b/c/d/e/f/g ZigBee 802.15.3 Wireless distribution networks WMAN 802.16 (Broadband Wireless Access) [802.20 (Mobile Broadband Wireless Access)] 802.16e (addition to .16 for mobile devices) + Mobility WiMAX 802.15.3b/c 802.15.5, .6 (WBAN)
Characteristics of wireless LANs • Advantages – very flexible within the reception area – Ad-hoc networks without previous planning possible – (almost) no wiring difficulties (e.g. historic buildings, firewalls) – more robust against disasters like, e.g., earthquakes, fire - or users pulling a plug... • Disadvantages – typically very low bandwidth compared to wired networks (1-10 Mbit/s) due to shared medium – many proprietary solutions, especially for higher bit-rates, standards take their time (e.g. IEEE 802.11n) – products have to follow many national restrictions if working wireless, it takes a vary long time to establish global solutions like, e.g., IMT-2000
Design goals for wireless LANs • global, seamless operation • low power for battery use • no special permissions or licenses needed to use the LAN • robust transmission technology • simplified spontaneous cooperation at meetings • easy to use for everyone, simple management • protection of investment in wired networks • security (no one should be able to read my data), privacy (no one should be able to collect user profiles), safety (low radiation) • transparency concerning applications and higher layer protocols, but also location awareness if necessary • …
Transmission: Infrared vs. Radio • Infrared – uses IR diodes, diffuse light, multiple reflections (walls, furniture etc.) • Advantages – simple, cheap, available in many mobile devices – no licenses needed – simple shielding possible • Disadvantages – interference by sunlight, heat sources etc. – many things shield or absorb IR light – low bandwidth • Example – IrDA (Infrared Data Association) interface available everywhere • Radio – typically using the license free ISM (Industrial Scientific Medical) band at 2.4 GHz • Advantages – experience from wireless WAN and mobile phones can be used – coverage of larger areas possible (radio can penetrate walls, furniture etc.) • Disadvantages – very limited license free frequency bands – shielding more difficult, interference with other electrical devices • Example – WiFi, WaveLAN, HIPERLAN, Bluetooth
Wireless LAN • operate in a local area – less than 100 m • provide access to wired LANs and the Internet • provide high data rates – currently, up to 54 Mbps
Major Standards for WLAN • HIPERLAN – High Performance Radio LAN – European standard • IEEE 802.11 – US standard – today, it holds the entire market – Only this standard will be mainly discussed here
Two Modes of IEEE 802.11 • Infrastructure Mode – Terminals communicate to an access point. • Ad Hoc Mode – Terminals communicate in a peer-to-peer basis without any access point.
Comparison: infrastructure vs. ad-hoc networks infrastructure network ad-hoc network AP AP AP wired network AP: Access Point
Distribution System Portal 802.x LAN Access Point 802.11 LAN BSS2 802.11 LAN BSS1 Access Point 802.11 - Infrastructure Mode • Station (STA) – Wireless terminals • Basic Service Area (BSA) – Coverage area of one access point • Basic Service Set (BSS) – group of stations controlled by the same AP • Distribution System (DS) – Fixed infrastructure used to connect several BSS to create an Extended Service Set (EES) • Portal – bridge to other (wired) networks STA1 STA2 STA3 ESS
802.11 - Architecture of an ad-hoc network • Direct communication within a limited range – Station (STA): terminal with access mechanisms to the wireless medium – Independent Basic Service Set (IBSS): group of stations using the same radio frequency 802.11 LAN IBSS2 802.11 LAN IBSS1 STA1 STA4 STA5 STA2 STA3
IEEE 802 Protocol Layers
Protocol Architecture mobile terminal access point server fixed terminal application TCP 802.11 PHY 802.11 MAC IP 802.3 MAC 802.3 PHY application TCP 802.3 PHY 802.3 MAC IP 802.11 MAC 802.11 PHY LLC Ethernet LLC LLC Data Link Logical link control 802.11 covers only PHY and MAC A typical scenario
Functions of Each Layer • Physical Layer – Encoding/decoding of signals – Bit transmission/reception • Medium Access Control (MAC) Layer – On transmission, assemble data into a frame for transmission – On reception, disassemble frame and perform error detection – Coordinate users’ access to the transmission medium • Logical Link Control (LLC) Layer – Provide an interface to upper layers – Perform flow and error control
802.11 - Layers and functions • PLCP Physical Layer Convergence Protocol – clear channel assessment signal (carrier sense) • PMD Physical Medium Dependent – modulation, coding • PHY Management – channel selection, MIB • Station Management – coordination of all management functions PMD PLCP MAC LLC MAC Management PHY Management • MAC – access mechanisms, fragmentation, encryption • MAC Management – synchronization, roaming, MIB, power management PHY DLC Station Management
Physical Layer 802.11 supports 3 different PHY layers • Infrared – simple and cheap – requires line of sight (LOS) • Radio (2 types) – Frequency Hopping Spread Spectrum (FHSS) – Direct Sequence Spread Spectrum (DSSS) – can cover a larger area (e.g. penetrate walls)
Main IEEE 802.11 Standards Standard Spectrum Bit Rate Transmission Compatibilit y 802.11 (1997) wavelength between 850 and 950 nm;2.4 GHz 1/2 Mbps Infrared / FHSS / DSSS N/A 802.11a (1999) 5.0 GHz 54 Mbps OFDM None 802.11b (Wi- Fi)(1999) 2.4 GHz 11 Mbps (ARS) DSSS 802.11 802.11g (June, 2003) 2.4 GHz 54 Mbps OFDM 802.11 / 802.11b 802.11n (Oct, 2009) 2.4/5 GHz 600 OFDM 802.11a, 11b, and 11g
How to join a network? Infrastructure Mode
Steps to Join a Network 1. Discover available network • i.e. basic service set (BSS) 2. Select a BSS 3. Authentication 4. Association
1. Discovering Available Network • Passive Scanning – Each AP broadcasts periodically a Beacon frame, which includes: • AP’s MAC address, Network name (also known as Service Set Identifier, SSID), etc. • Active Scanning – Station sends a Probe Request frame – AP responses with a Probe Response frame, which includes • AP’s MAC address, SSID, etc. • A method (Active or passive) is chosen according to the power consumption/performance trade- off.
2. Choosing a Network • The user selects from available networks • Common criteria for selecting a network are: – User choice – Strongest signal – Most recently used
3. Authentication • Authentication – A station proves its identity to the AP. • Two Mechanisms – Open System Authentication – Shared Key Authentication
Open System Authentication • The default authentication protocol for 802.11. • Authenticates anyone who requests authentication. – NULL authentication (i.e. no authentication at all) Authentication Request (open system) Authentication Response Station Access Point
Shared Key Authentication Authentication Request (shared key) 128-byte “Challenge” text string, generated randomly “Challenge” text string, encrypted with shared key Positive or negative response based on decryption result Station Access Point It is assumed that the station and the AP somehow agrees on a shared secret key via a channel independent of IEEE 802.11. Note: “Challenge” is encrypted by WEP algorithm.
4. Association Association Request Association Response Station Access Point The station needs to register to the AP. During this process, the wireless devices make transitions from one state to others. These states are: (1). Unauthenticated and Unassociated. (2). Authenticated and unassociated and (3). Authenticated and associated
How to transmit? The MAC layer
Media Access Control • How to share a common medium among the users?
Motivation • Can we apply media access methods from fixed networks? • Example: CSMA/CD – Carrier Sense Multiple Access with Collision Detection – Method used in IEEE 802.3 Ethernet
CSMA/CD • Carrier Sense: Listen before talk – Sense the channel – If the channel is idle, transmit – If the channel is busy, • waits a random amount of time • sense the channel again • Collision Detection: Stop if collision occurs – If there is a collision, • stops transmission immediately, • waits a random amount of time • senses the channel again
Hidden Terminal Problem • A, C cannot hear each other (CS fails) • Collisions at B, undetected (CD also fails) Obstacles Signal Attenuation
Exposed Terminal Problem B A C • C has to wait, since CS signals a medium in use • But A is outside the radio range of C; therefore waiting is not necessary • C is “exposed” to B B sends to A C wants to send to someone else (not A or B)
(MACA) Multiple Access with Collision Avoidance • IEEE 802.11 is based on the idea of MACA • MACA uses a three-way handshake protocol • Short signaling packets are used – RTS (request to send) • sender request the right to send from a receiver with a short RTS packet before it sends a data packet – CTS (clear to send) • receiver grants the right to send as soon as it is ready to receive • The sender then sends the data. • Signaling (RTS/CTS) packets contain – sender address – receiver address – packet size (duration of data transmission)
An Illustration: 3-way handshake A RTS CTS B Data Can it solve the hidden terminal problem? Can it solve the exposed terminal problem?
A Solution: Hidden Terminal • MACA avoids the hidden terminal problem – Both A and C want to send to B – A sends RTS first – C waits after receiving CTS from B A C RTS CTS CTS B
A Solution: Exposed Terminal • MACA avoids the exposed terminal problem – B wants to send to A, while C to another terminal – now C does not have to wait, for it cannot receive CTS from A A B C RTS CTS RTS
Packet Collision • Collisions may occur during RTS-CTS exchange. packet collision occurs …… Next attempt: Transmit at a random slot over the contention window How large is the contention window?
Binary Exponential Backoff • The contention window size is adjusted dynamically. – binary exponential backoff is used. • When a terminal fails to receive CTS in response to its RTS, it increases the contention window – cw is doubled (up to an upper bound, CWmax) • When a node successfully completes a data transfer, it restores cw to CWmin
Binary Exponential Backoff • The contention window size is doubled whenever a collision occurs. A packet experiences i collisions …… 2i CWmin slots
(MACAW) MACA for Wireless LAN • Fair access of media by learning/setting backoff counter value from a packet transmission (carried in packet header) • Wild oscillation on backoff counter value is prevented by defining new Multiplicative Increase Linear Decrease (MILD) backoff updation functions (multiplied by 1.5 and decreased by 1) • Changes in basic message exchange (RTS-CTS-DATA) – Inclusion of ACK packet (i.e. RTS-CTS-DATA-ACK) • If sender after sending DATA does not receive ACK, it schedules data packet for retransmission. • If not DATA but ACK was lost, the receiver will return ACK after receiving RTS for retransmitted packet – Inclusion of DS (Data Sending) packet (i.e. RTS-CTS-DS-DATA-ACK) • After successful exchange of RTS-CTS, sender sends a small control packet (DS) so that all stations which are in the vicinity of sender can know that the RTS-CTS exchange was successful and a data transmission is about to follow. • These overhearing stations defer all transmissions until the DATA-ACK transmission is over (Restriction in transmissions by exposed terminals).
IEEE 802.11 MAC Protocols • Two traffic services are supported – Asynchronous Data Service • Best-effort services – Time-bounded Service (optional) • Guarantee a maximum delay • Available only in infrastructure mode
Two Classes of Access Mechanisms • Distributed Coordination Function (DCF) – Support asynchronous data services – CSMA/CA (with minor modification) – CSMA/CA with RTS/CTS exchange (optional) • Point Coordination Function (PCF) (optional) – Support time-bounded services – Polling from AP
Inter-Frame Spacings (for waiting time before medium access) • SIFS (Short Inter Frame Spacing) – highest priority, for ACK, CTS, polling response • PIFS (PCF IFS) – medium priority, for time-bounded service using PCF • DIFS (DCF IFS) – lowest priority, for asynchronous data service • EIFS (Extended IFS) – Longest IFS used by a station that has received a pkt that it could not understand (duration info for virtual carrier sense). t medium busy SIFS PIFS DIFS DIFS next frame contention direct access if medium is free  DIFS
Method 1a: CSMA/CA 802.11 CSMA/CA: sender - if sense channel idle for DIFS sec.(plus a RBT(Random Backoff Time) if the medium was busy) then transmit entire frame (no collision detection) -if sense channel busy then wait for the channel to become idle for DIFS and choose a random backoff time and countdown the backoff timer for every free slot 802.11 CSMA/CA: receiver if received OK return ACK (16 bytes) after SIFS DIFS: Distributed Inter Frame Spacing SIFS: Short Inter Frame Spacing
Example (with backoff timer) t busy boe station1 station2 station3 station4 station5 packet arrival at MAC DIFS boe boe boe busy elapsed backoff time bor residual backoff time busy medium not idle (frame, ack etc.) bor bor DIFS boe boe boe bor DIFS busy busy DIFS boe busy boe boe bor bor 12 4 8 8 4 4 10 12 4
Method 1b: CSMA/CA with RTS-CTS • CSMA/CA: explicit channel reservation – sender: send RTS (20 bytes) – receiver: reply with CTS (16 bytes) • CTS reserves channel for sender, notifying (possibly hidden) terminals 4-way handshake
No Collision during Data Transmission t SIFS DIFS data ACK waiting time other stations receiver sender data DIFS contention How can other stations know how long the waiting time is?
Net Allocation Vector (reserves the medium for one sender exclusively) t SIFS DIFS data ACK defer access other stations receiver sender data DIFS contention RTS CTS SIFS SIFS NAV (RTS) NAV (CTS) The RTS packet has a duration field, which consists of information about the length of data packet. Other stations hear the RTS packet set their NAV accordingly. The CTS packet also has the duration field. Other stations hear the CTS packet set their NAV accordingly.
Using RTS/CTS • Removes hidden terminal problem • Collision may occur at the beginning of transmission (RTS/data packets) • Non-negligible overhead (b/w and delay) • RTS Threshold to determine when to use/disable RTS/CTS option (based on frame size)
Fragmentation • Probability of erroneous frame is much higher in Wireless LAN compared to wired LAN (BER is higher) assuming same frame length. • Using shorter frames to decrease error prob of frames • IEEE 802.11 specifies a fragmentation mode • MAC layer adjust the frame size according to current error rates. • RTS carries duration of 1st frag including ACK • Frag 1 carries the duration of frag2 + ACK2 and ACK1 carries duration (as CTS) and so on.
Method 2: Point Coordination Function • Polling by the access point (or point coordinator) • Sends polling message after waiting for PIFS • Since PIFS is smaller than DIFS, it can lock out all asynchronous traffic – To prevent this, an interval called superframe is defined.
Two parts of a Superframe Contention-free Period: The point coordinator polls stations with time-bounded service in a round-robin fashion Contention Period: The point coordinator idles for the remainder of the superframe, allowing for asynchronous access.
MAC: Reliability • Wireless links are prone to errors. High packet loss rate detrimental to transport-layer performance. • Solution: Use of acknowledgements – When B receives DATA from A, B sends an ACK. – If A fails to receive an ACK, A retransmits the DATA. – Both C and D remain quiet until ACK (to prevent collision of ACK). – Expected duration of transmission+ACK is included in RTS/CTS packets. – This approach adopted in many protocols [802.11]. A B C RTS CTS CTS DATA D RTS ACK  Collision of RTS/CTS packets can happen (hidden terminal).  If no CTS, retransmit RTS after backoff.
MAC: Collision Avoidance • With half-duplex radios, collision detection is not possible • Collision avoidance: Once channel becomes idle, the node waits for a randomly chosen duration before attempting to transmit • IEEE 802.11 DCF – When transmitting a packet, choose a backoff interval in the range [0,cw]; cw is contention window – Count down the backoff interval when medium is idle – Count-down is suspended if medium becomes busy – When backoff interval reaches 0, transmit RTS • Time spent counting down backoff intervals is part of MAC overhead • large cw leads to larger backoff intervals • small cw leads to larger number of collisions
DCF Example data wait B1 = 5 B2 = 15 B1 = 25 B2 = 20 data wait B1 and B2 are backoff intervals at nodes 1 and 2 cw = 31 B2 = 10
MAC: Congestion Control • Number of nodes attempting to transmit simultaneously may change with time; some mechanism to manage congestion is needed. • IEEE 802.11 DCF: Congestion control achieved by dynamically choosing the contention window cw • Binary Exponential Backoff in DCF: – When a node fails to receive CTS in response to its RTS, it increases the contention window • cw is doubled (up to a bound CWmax) – Upon successful completion data transfer, restore cw to CWmin • Optimization: MACAW – 802.11: cw reduces much faster than it increases – Backoff: multiply cw by 1.5 (instead of doubling) – Restore: Reduce cw by 1 (instead of CWmin) – cw reduces slower than it increases. Exponential increase linear decrease – Avoids wild oscillations of cw when congestion is high.
MAC: Energy Conservation • Wireless nodes need to conserve power (“resource poor”). • Typical solution: Turning the radio off when not needed • Power Saving Mode in IEEE 802.11 (Infrastructure Mode) – An Access Point periodically transmits a beacon indicating which nodes have packets waiting for them (TIM) – Each power saving (PS) node wakes up periodically to receive the beacon – If a node has a packet waiting, then it sends a PS-Poll • After waiting for a backoff interval in [0,CWmin] – Access Point sends the data in response to PS-poll
MAC Protocols: Summary • Wireless medium is prone to hidden and exposed terminal problems • Protocols are typically based on CSMA/CA • RTS/CTS based signaling • Acks for reliability • Contention window is used for congestion control • IEEE 802.11 wireless LAN standard • Fairness issues are still unclear
MAC Frame format
MAC Frame Format MAC Header
MAC Frame Fields • Frame Control – frame type, control information • Duration/connection ID – channel allocation time (or STA ID in PS-poll messages) • Addresses – context dependant, types include source and destination (may conatin up to 4 adds dep on ToDS and FromDS fields) ToDS FromDS Add1 Add2 Add3 Add4 0 0 DA SA BSSID N/A 0 1 DA BSSID SA N/A 1 0 BSSID SA DA N/A 1 1 RA TA DA SA
MAC Frame Fields • Add1 is always the Recupient Address (may be AP or end- station depending on ToDS) • Add2 is always the Transmitter Address (may be AP or end-station depending on FromDS) • Add3 is in most cases the remaining/missing address (FromDS: original SA, ToDS: orginal DA) • Add4 is used on special case where a Wireless DS is used and the frame is being transmitted from one AP to another. • Sequence control – numbering and reassembly (frag no. & seq. no) • Frame body – MSDU or fragment of MSDU • Frame check sequence – 32-bit Cyclic Redundancy Check
Frame Control Fields • Protocol version – 802.11 version (0 for current version) • Type – management, control or data (11 reserved) magmt: system integration, form ESS, Synchronization • Subtype – identifies function of frame (Association (Request, Response), Reassociation (Request, Response), Probe (R&R), Beacon, ATIM, Disassoc etc), (PS-poll, RTS, CTS, ACK, CF End etc), (Data, Data+CF-Ack, Data+CF-Poll, Data+CF-Ack+CF-Poll, CF-Poll etc) • ToDS – 1 if destined for DS (to be forwarded by AP) • FromDS – 1 if frame is coming from the DS (leaving DS) • More fragments – 1 if fragments follow • Retry – 1 if retransmission of previous frame
Frame Control Fields • Power management – 1: transmitting station will be in sleep mode after transmission of this frame (AP maintains an updated record of the PS mode nodes). Multicasts and Broadcasts are stored by AP and transmitted at pre-known time (DTIM), where all PS nodes who wish to receive this kind of frames should be awake. • More data – Indicates that station has more data to send (used by AP in PS mode to indicate that there are more frames buffered to this station, station can use this for changing state from PS to active or vice-versa. • WEP – 1 if wired equivalent protocol is implemented • Order – 1 if any data frame is sent using the Strictly Ordered service
Control Frame Subtypes • Power save – poll (PS-Poll) • Request to send (RTS) • Clear to send (CTS) • Acknowledgment • Contention-free (CF)-end • CF-end + CF-ack
Data Frame Subtypes • Data-carrying frames – Data – Data + CF-Ack – Data + CF-Poll – Data + CF-Ack + CF-Poll • Other subtypes (don’t carry user data) – Null Function – CF-Ack – CF-Poll – CF-Ack + CF-Poll
Management Frame Subtypes • Association request • Association response • Reassociation request (Roaming process) How does roaming in LAN diff. from roaming in Cellular networks? (packet based, temporary disconnection result is retransmission in upper layer) • Reassociation response • Probe request (Active Scanning) • Probe response • Beacon (timestamp,SSID, TIM etc)
Management Frame Subtypes • Announcement traffic indication message • Dissociation • Authentication • Deauthentication
Is it Secure? The IEEE 802.11 Security Problem
WLAN Security Problem Internal network protected Wireless Access Point Valid User Access Only Conventionally, an organization protect itself by limiting external connections to a few well protected openings called firewall. For wireless networks, anyone within the radio range can eavesdrop on the communication.
Basic Security Mechanisms 1. Network Access Control based on SSID 2. MAC Address Filtering 3. Wired Equivalent Privacy (WEP) – Shared Key Authentication – Data Encryption
Mechanism 1: SSID • Only those stations with knowledge of the network name, or SSID, can join. • The SSID acts as a shared secret. • Is it secure?
SSIDs are “useless”! • AP periodically broadcasts the SSID in a beacon frame. • Beacon frames are sent unprotected. • A hacker can easily identify the SSID.
Mechanism 2: MAC Address Filtering • A MAC address list is maintained at each AP. • Only those stations whose MAC addresses are listed are permitted access to the network. • Is it secure?
MAC Address as Identity is Weak • MAC addresses are easily sniffed by an attacker since they must be sent unprotected. • Most wireless LAN cards allow changing of their MAC addresses by software.
Mechanism 3: WEP • Wired Equivalent Privacy (WEP) – The objective is to provide confidentiality similar to wired LAN. • WEP is used to provide two types of security: – Authentication (to prevent unauthorized access to the network) – Encryption (to prevent eavesdropping) • WEP uses an encryption algorithm based on RC4.
Basic Idea of RC4 Pseudo-random number generator Encryption Key K Plaintext bit stream p Random bit stream b  Ciphertext bit stream c Decryption works in the same way: p = c  b XOR
How WEP uses RC4? • Station and AP share a 40-bit secret key – semi-permanent • Station appends a 24-bit initialization vector (IV) to create a 64-bit key • The 64-bit key is used to generate a key sequence, ki IV – ki IV is used to encrypt the i-th data bit, di: ci = di XOR ki IV – IV and encrypted bits, ci are sent.
802.11 WEP encryption IV (per frame) KS: 40-bit secret symmetric key k1 IV k2 IV k3 IV … kN IV kN+1 IV … kN+1 IV d1 d2 d3 … dN CRC1 … CRC4 c1 c2 c3 … cN cN+1 … cN+4 plaintext frame data plus CRC key sequence generator ( for given KS, IV) 802.11 header IV WEP-encrypted data plus CRC Figure 7.8-new1: 802.11 WEP protocol Sender-side WEP encryption Note : 1. IV changes from frame to frame. 2. IV is sent unencrypted.
Shared Key Authentication • Shared key authentication is based on WEP. • AP sends challenge text d. • Station generates an IV and use the secret key to generate a key stream, kIV. • Station then computes the ciphertext c using the key sequence – c = d XOR kIV • Station sends IV and c to AP.
Authentication without a Key • A hacker can record one challenge/response. – The hacker now knows d, c and IV. • The hacker can compute the key sequence kIV. – kIV = d XOR c • The hacker can use IV and kIV to encrypt any subsequent challenge. • The hacker can now authenticate to the target network – without knowing the shared secret key.
WEP Encrypted Traffic • Data encryption using WEP is NOT secure. • Major reason: – IV has only 24 bits. – IV collisions (use of the same IV) occur frequently. • Details omitted.
Secure or Not? • WEP has serious security flaw. • In actual deployment, WEP is usually disabled. • It is very easy to attack a wireless LAN.

Recommended

awsn module 1.ppt
awsn module 1.pptawsn module 1.ppt
awsn module 1.pptnandhakumar421744
 
Wireless presentation-1
Wireless presentation-1Wireless presentation-1
Wireless presentation-1Mayur Garg
 
EC8004-Wireless Networks-unitwise notes.pdf
EC8004-Wireless Networks-unitwise notes.pdfEC8004-Wireless Networks-unitwise notes.pdf
EC8004-Wireless Networks-unitwise notes.pdfdhananjeyanrece
 
12 wireless la-ns
12 wireless la-ns12 wireless la-ns
12 wireless la-nsHattori Sidek
 
Unit 1-converted.pptx
Unit 1-converted.pptxUnit 1-converted.pptx
Unit 1-converted.pptxPavithra525349
 
WirelessLANs.pptx
WirelessLANs.pptxWirelessLANs.pptx
WirelessLANs.pptxChetanmalviya8
 
CS553_ST7_Ch17-WirelessLANs.ppt
CS553_ST7_Ch17-WirelessLANs.pptCS553_ST7_Ch17-WirelessLANs.ppt
CS553_ST7_Ch17-WirelessLANs.pptseid mohammed
 
WirelessLANs.ppt
WirelessLANs.pptWirelessLANs.ppt
WirelessLANs.pptManinderSinghRekhi1
 

Recommended

awsn module 1.ppt
awsn module 1.pptawsn module 1.ppt
awsn module 1.pptnandhakumar421744
 
Wireless presentation-1
Wireless presentation-1Wireless presentation-1
Wireless presentation-1Mayur Garg
 
EC8004-Wireless Networks-unitwise notes.pdf
EC8004-Wireless Networks-unitwise notes.pdfEC8004-Wireless Networks-unitwise notes.pdf
EC8004-Wireless Networks-unitwise notes.pdfdhananjeyanrece
 
12 wireless la-ns
12 wireless la-ns12 wireless la-ns
12 wireless la-nsHattori Sidek
 
Unit 1-converted.pptx
Unit 1-converted.pptxUnit 1-converted.pptx
Unit 1-converted.pptxPavithra525349
 
WirelessLANs.pptx
WirelessLANs.pptxWirelessLANs.pptx
WirelessLANs.pptxChetanmalviya8
 
CS553_ST7_Ch17-WirelessLANs.ppt
CS553_ST7_Ch17-WirelessLANs.pptCS553_ST7_Ch17-WirelessLANs.ppt
CS553_ST7_Ch17-WirelessLANs.pptseid mohammed
 
WirelessLANs.ppt
WirelessLANs.pptWirelessLANs.ppt
WirelessLANs.pptManinderSinghRekhi1
 
WirelessLANs.ppt
WirelessLANs.pptWirelessLANs.ppt
WirelessLANs.pptDEEPAK948083
 
Worldwide interoperability for microwave access wi max(ieee 802)
Worldwide interoperability for microwave access wi max(ieee 802)Worldwide interoperability for microwave access wi max(ieee 802)
Worldwide interoperability for microwave access wi max(ieee 802)Kishore Kumar
 
Wireless LANs PPT.ppt
Wireless LANs PPT.pptWireless LANs PPT.ppt
Wireless LANs PPT.pptDrTThendralCompSci
 
IT8602 Mobile Communication - Unit III
IT8602 Mobile Communication - Unit IIIIT8602 Mobile Communication - Unit III
IT8602 Mobile Communication - Unit IIIpkaviya
 
Computer networks wireless lan,ieee-802.11,bluetooth
Computer networks wireless lan,ieee-802.11,bluetoothComputer networks wireless lan,ieee-802.11,bluetooth
Computer networks wireless lan,ieee-802.11,bluetoothDeepak John
 
Mobile Computing (Part-2)
Mobile Computing (Part-2)Mobile Computing (Part-2)
Mobile Computing (Part-2)Ankur Kumar
 
Ieee 802.11 wireless lan
Ieee 802.11 wireless lanIeee 802.11 wireless lan
Ieee 802.11 wireless lanParthipan Parthi
 
Lecture 13
Lecture 13Lecture 13
Lecture 13Joe Christensen
 
wifi-technology
wifi-technology wifi-technology
wifi-technologytardeep
 
Meixia Tao Introduction To Wireless Communications And Recent Advances
Meixia Tao Introduction To Wireless Communications And Recent AdvancesMeixia Tao Introduction To Wireless Communications And Recent Advances
Meixia Tao Introduction To Wireless Communications And Recent Advancesmelvincabatuan
 
Wireless%20networking%20technology(1)
Wireless%20networking%20technology(1)Wireless%20networking%20technology(1)
Wireless%20networking%20technology(1)Darpan Patel
 
Unit I Wireless Networks.ppt
Unit I Wireless Networks.pptUnit I Wireless Networks.ppt
Unit I Wireless Networks.pptSiva Cool
 
Wireless Networks.pptx
Wireless Networks.pptxWireless Networks.pptx
Wireless Networks.pptxMinecraftJava
 
Wireless networksppt
Wireless networkspptWireless networksppt
Wireless networkspptdxmuthu
 
Wireless networksppt
Wireless networkspptWireless networksppt
Wireless networkspptpmuthumca51
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networkingvasanthimuniasamy
 
Very nice Wireless-lan-wlan-selected-topics-selected-topics-introduction-wlan...
Very nice Wireless-lan-wlan-selected-topics-selected-topics-introduction-wlan...Very nice Wireless-lan-wlan-selected-topics-selected-topics-introduction-wlan...
Very nice Wireless-lan-wlan-selected-topics-selected-topics-introduction-wlan...AssocaKazama
 
Media Access Layer
Media Access LayerMedia Access Layer
Media Access LayerKamal Acharya
 
wireless la-ns
wireless la-nswireless la-ns
wireless la-nsSrinivasa Rao
 
Wireless LAN
Wireless LANWireless LAN
Wireless LANKannanKrishnana
 
41.ppt
41.ppt41.ppt
41.pptTapodhirAcharjee2
 
32.pptx
32.pptx32.pptx
32.pptxTapodhirAcharjee2
 

More Related Content

Similar to IEEE 802.11 Wireless LAN Standards

Worldwide interoperability for microwave access wi max(ieee 802)
Worldwide interoperability for microwave access wi max(ieee 802)Worldwide interoperability for microwave access wi max(ieee 802)
Worldwide interoperability for microwave access wi max(ieee 802)Kishore Kumar
 
IT8602 Mobile Communication - Unit III
IT8602 Mobile Communication - Unit IIIIT8602 Mobile Communication - Unit III
IT8602 Mobile Communication - Unit IIIpkaviya
 
Computer networks wireless lan,ieee-802.11,bluetooth
Computer networks wireless lan,ieee-802.11,bluetoothComputer networks wireless lan,ieee-802.11,bluetooth
Computer networks wireless lan,ieee-802.11,bluetoothDeepak John
 
Mobile Computing (Part-2)
Mobile Computing (Part-2)Mobile Computing (Part-2)
Mobile Computing (Part-2)Ankur Kumar
 
wifi-technology
wifi-technology wifi-technology
wifi-technologytardeep
 
Meixia Tao Introduction To Wireless Communications And Recent Advances
Meixia Tao Introduction To Wireless Communications And Recent AdvancesMeixia Tao Introduction To Wireless Communications And Recent Advances
Meixia Tao Introduction To Wireless Communications And Recent Advancesmelvincabatuan
 
Wireless%20networking%20technology(1)
Wireless%20networking%20technology(1)Wireless%20networking%20technology(1)
Wireless%20networking%20technology(1)Darpan Patel
 
Unit I Wireless Networks.ppt
Unit I Wireless Networks.pptUnit I Wireless Networks.ppt
Unit I Wireless Networks.pptSiva Cool
 
Wireless Networks.pptx
Wireless Networks.pptxWireless Networks.pptx
Wireless Networks.pptxMinecraftJava
 
Wireless networksppt
Wireless networkspptWireless networksppt
Wireless networkspptdxmuthu
 
Wireless networksppt
Wireless networkspptWireless networksppt
Wireless networkspptpmuthumca51
 
Very nice Wireless-lan-wlan-selected-topics-selected-topics-introduction-wlan...
Very nice Wireless-lan-wlan-selected-topics-selected-topics-introduction-wlan...Very nice Wireless-lan-wlan-selected-topics-selected-topics-introduction-wlan...
Very nice Wireless-lan-wlan-selected-topics-selected-topics-introduction-wlan...AssocaKazama
 

Similar to IEEE 802.11 Wireless LAN Standards (20)

WirelessLANs.ppt
WirelessLANs.pptWirelessLANs.ppt
WirelessLANs.ppt
 
Worldwide interoperability for microwave access wi max(ieee 802)
Worldwide interoperability for microwave access wi max(ieee 802)Worldwide interoperability for microwave access wi max(ieee 802)
Worldwide interoperability for microwave access wi max(ieee 802)
 
Wireless LANs PPT.ppt
Wireless LANs PPT.pptWireless LANs PPT.ppt
Wireless LANs PPT.ppt
 
IT8602 Mobile Communication - Unit III
IT8602 Mobile Communication - Unit IIIIT8602 Mobile Communication - Unit III
IT8602 Mobile Communication - Unit III
 
Computer networks wireless lan,ieee-802.11,bluetooth
Computer networks wireless lan,ieee-802.11,bluetoothComputer networks wireless lan,ieee-802.11,bluetooth
Computer networks wireless lan,ieee-802.11,bluetooth
 
Mobile Computing (Part-2)
Mobile Computing (Part-2)Mobile Computing (Part-2)
Mobile Computing (Part-2)
 
Ieee 802.11 wireless lan
Ieee 802.11 wireless lanIeee 802.11 wireless lan
Ieee 802.11 wireless lan
 
Lecture 13
Lecture 13Lecture 13
Lecture 13
 
wifi-technology
wifi-technology wifi-technology
wifi-technology
 
Meixia Tao Introduction To Wireless Communications And Recent Advances
Meixia Tao Introduction To Wireless Communications And Recent AdvancesMeixia Tao Introduction To Wireless Communications And Recent Advances
Meixia Tao Introduction To Wireless Communications And Recent Advances
 
Wireless%20networking%20technology(1)
Wireless%20networking%20technology(1)Wireless%20networking%20technology(1)
Wireless%20networking%20technology(1)
 
Unit I Wireless Networks.ppt
Unit I Wireless Networks.pptUnit I Wireless Networks.ppt
Unit I Wireless Networks.ppt
 
Wireless Networks.pptx
Wireless Networks.pptxWireless Networks.pptx
Wireless Networks.pptx
 
Wireless networksppt
Wireless networkspptWireless networksppt
Wireless networksppt
 
Wireless networksppt
Wireless networkspptWireless networksppt
Wireless networksppt
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networking
 
Very nice Wireless-lan-wlan-selected-topics-selected-topics-introduction-wlan...
Very nice Wireless-lan-wlan-selected-topics-selected-topics-introduction-wlan...Very nice Wireless-lan-wlan-selected-topics-selected-topics-introduction-wlan...
Very nice Wireless-lan-wlan-selected-topics-selected-topics-introduction-wlan...
 
Media Access Layer
Media Access LayerMedia Access Layer
Media Access Layer
 
wireless la-ns
wireless la-nswireless la-ns
wireless la-ns
 
Wireless LAN
Wireless LANWireless LAN
Wireless LAN
 

More from TapodhirAcharjee2

More from TapodhirAcharjee2 (8)

41.ppt
41.ppt41.ppt
41.ppt
 
32.pptx
32.pptx32.pptx
32.pptx
 
23.ppt
23.ppt23.ppt
23.ppt
 
new 2.ppt
new 2.pptnew 2.ppt
new 2.ppt
 
MANET.ppt
MANET.pptMANET.ppt
MANET.ppt
 
2.ppt
2.ppt2.ppt
2.ppt
 
3.pptx
3.pptx3.pptx
3.pptx
 
4.ppt
4.ppt4.ppt
4.ppt
 

Recently uploaded

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxLigayaBacuel1
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.arsicmarija21
 
Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........LeaCamillePacle
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 

Recently uploaded (20)

call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.
 
Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 

IEEE 802.11 Wireless LAN Standards

  • 1. Topic 1 Wireless LAN – IEEE 802.11
  • 2. Frequency Bands Band Frequency Range Propagation Characteristics Typical Use ELF(Extrem ely Low Freq) 30 – 300Hz Ground Wave (GW) Power Line frequencies; used by some home control systems VF (Voice Freq) 300 – 3KHz GW Telephone system for analog subscriber lines VLF (Very Low Freq) 3 – 30KHz GW Long-range navigation; submarine commn LF (Low Freq) 30 – 300KHz GW Long-range navigation; marine comm radio beacon MF(Medium Freq) 300 – 3MHz GW and night SW (Sky Wave) Maitime radio; direction finding; AM broadcasting HF (High Freq) 3 – 30MHz SW Amateur Radio; int’l broadcasting; military comm; long dist aircraft and ship comm
  • 3. Frequency Bands (Cont’d) Band Frequency Range Propagation Characteristics Typical Use VHF (Very High Freq) 30 – 300MHz Line-of-Sight (LOS) VHF Television; FM Radio and 2-way radio, AM aircraft comm; aircraft navigation aids UHF (Ultra High Freq) 300 – 3GHz LOS UHF Television; Cell phone; radar; microwave links; PCS SHF (Very Low Freq) 3 – 30GHz LOS Satellite commn;radar; terrestrial microwave links; Wireless Local Loop EHF (Extremely High Freq) 30 – 300GHz LOS Experimental; WLL Infrared 300GHz – 400THz LOS Infrared LANs; Consumer electronic applns Visible Light 400THz – 900THz LOS Optical Communication
  • 4. Mobile Communication Technology according to IEEE (examples) Local wireless networks WLAN 802.11 802.11a 802.11b 802.11i/e/…/n/…/z/aa 802.11g WiFi 802.11h Personal wireless nw WPAN 802.15 802.15.4 802.15.1 802.15.2 Bluetooth 802.15.4a/b/c/d/e/f/g ZigBee 802.15.3 Wireless distribution networks WMAN 802.16 (Broadband Wireless Access) [802.20 (Mobile Broadband Wireless Access)] 802.16e (addition to .16 for mobile devices) + Mobility WiMAX 802.15.3b/c 802.15.5, .6 (WBAN)
  • 5. Characteristics of wireless LANs • Advantages – very flexible within the reception area – Ad-hoc networks without previous planning possible – (almost) no wiring difficulties (e.g. historic buildings, firewalls) – more robust against disasters like, e.g., earthquakes, fire - or users pulling a plug... • Disadvantages – typically very low bandwidth compared to wired networks (1-10 Mbit/s) due to shared medium – many proprietary solutions, especially for higher bit-rates, standards take their time (e.g. IEEE 802.11n) – products have to follow many national restrictions if working wireless, it takes a vary long time to establish global solutions like, e.g., IMT-2000
  • 6. Design goals for wireless LANs • global, seamless operation • low power for battery use • no special permissions or licenses needed to use the LAN • robust transmission technology • simplified spontaneous cooperation at meetings • easy to use for everyone, simple management • protection of investment in wired networks • security (no one should be able to read my data), privacy (no one should be able to collect user profiles), safety (low radiation) • transparency concerning applications and higher layer protocols, but also location awareness if necessary • …
  • 7. Transmission: Infrared vs. Radio • Infrared – uses IR diodes, diffuse light, multiple reflections (walls, furniture etc.) • Advantages – simple, cheap, available in many mobile devices – no licenses needed – simple shielding possible • Disadvantages – interference by sunlight, heat sources etc. – many things shield or absorb IR light – low bandwidth • Example – IrDA (Infrared Data Association) interface available everywhere • Radio – typically using the license free ISM (Industrial Scientific Medical) band at 2.4 GHz • Advantages – experience from wireless WAN and mobile phones can be used – coverage of larger areas possible (radio can penetrate walls, furniture etc.) • Disadvantages – very limited license free frequency bands – shielding more difficult, interference with other electrical devices • Example – WiFi, WaveLAN, HIPERLAN, Bluetooth
  • 8. Wireless LAN • operate in a local area – less than 100 m • provide access to wired LANs and the Internet • provide high data rates – currently, up to 54 Mbps
  • 9. Major Standards for WLAN • HIPERLAN – High Performance Radio LAN – European standard • IEEE 802.11 – US standard – today, it holds the entire market – Only this standard will be mainly discussed here
  • 10. Two Modes of IEEE 802.11 • Infrastructure Mode – Terminals communicate to an access point. • Ad Hoc Mode – Terminals communicate in a peer-to-peer basis without any access point.
  • 11. Comparison: infrastructure vs. ad-hoc networks infrastructure network ad-hoc network AP AP AP wired network AP: Access Point
  • 12. Distribution System Portal 802.x LAN Access Point 802.11 LAN BSS2 802.11 LAN BSS1 Access Point 802.11 - Infrastructure Mode • Station (STA) – Wireless terminals • Basic Service Area (BSA) – Coverage area of one access point • Basic Service Set (BSS) – group of stations controlled by the same AP • Distribution System (DS) – Fixed infrastructure used to connect several BSS to create an Extended Service Set (EES) • Portal – bridge to other (wired) networks STA1 STA2 STA3 ESS
  • 13. 802.11 - Architecture of an ad-hoc network • Direct communication within a limited range – Station (STA): terminal with access mechanisms to the wireless medium – Independent Basic Service Set (IBSS): group of stations using the same radio frequency 802.11 LAN IBSS2 802.11 LAN IBSS1 STA1 STA4 STA5 STA2 STA3
  • 15. Protocol Architecture mobile terminal access point server fixed terminal application TCP 802.11 PHY 802.11 MAC IP 802.3 MAC 802.3 PHY application TCP 802.3 PHY 802.3 MAC IP 802.11 MAC 802.11 PHY LLC Ethernet LLC LLC Data Link Logical link control 802.11 covers only PHY and MAC A typical scenario
  • 16. Functions of Each Layer • Physical Layer – Encoding/decoding of signals – Bit transmission/reception • Medium Access Control (MAC) Layer – On transmission, assemble data into a frame for transmission – On reception, disassemble frame and perform error detection – Coordinate users’ access to the transmission medium • Logical Link Control (LLC) Layer – Provide an interface to upper layers – Perform flow and error control
  • 17. 802.11 - Layers and functions • PLCP Physical Layer Convergence Protocol – clear channel assessment signal (carrier sense) • PMD Physical Medium Dependent – modulation, coding • PHY Management – channel selection, MIB • Station Management – coordination of all management functions PMD PLCP MAC LLC MAC Management PHY Management • MAC – access mechanisms, fragmentation, encryption • MAC Management – synchronization, roaming, MIB, power management PHY DLC Station Management
  • 18. Physical Layer 802.11 supports 3 different PHY layers • Infrared – simple and cheap – requires line of sight (LOS) • Radio (2 types) – Frequency Hopping Spread Spectrum (FHSS) – Direct Sequence Spread Spectrum (DSSS) – can cover a larger area (e.g. penetrate walls)
  • 19. Main IEEE 802.11 Standards Standard Spectrum Bit Rate Transmission Compatibilit y 802.11 (1997) wavelength between 850 and 950 nm;2.4 GHz 1/2 Mbps Infrared / FHSS / DSSS N/A 802.11a (1999) 5.0 GHz 54 Mbps OFDM None 802.11b (Wi- Fi)(1999) 2.4 GHz 11 Mbps (ARS) DSSS 802.11 802.11g (June, 2003) 2.4 GHz 54 Mbps OFDM 802.11 / 802.11b 802.11n (Oct, 2009) 2.4/5 GHz 600 OFDM 802.11a, 11b, and 11g
  • 20. How to join a network? Infrastructure Mode
  • 21. Steps to Join a Network 1. Discover available network • i.e. basic service set (BSS) 2. Select a BSS 3. Authentication 4. Association
  • 22. 1. Discovering Available Network • Passive Scanning – Each AP broadcasts periodically a Beacon frame, which includes: • AP’s MAC address, Network name (also known as Service Set Identifier, SSID), etc. • Active Scanning – Station sends a Probe Request frame – AP responses with a Probe Response frame, which includes • AP’s MAC address, SSID, etc. • A method (Active or passive) is chosen according to the power consumption/performance trade- off.
  • 23. 2. Choosing a Network • The user selects from available networks • Common criteria for selecting a network are: – User choice – Strongest signal – Most recently used
  • 24. 3. Authentication • Authentication – A station proves its identity to the AP. • Two Mechanisms – Open System Authentication – Shared Key Authentication
  • 25. Open System Authentication • The default authentication protocol for 802.11. • Authenticates anyone who requests authentication. – NULL authentication (i.e. no authentication at all) Authentication Request (open system) Authentication Response Station Access Point
  • 26. Shared Key Authentication Authentication Request (shared key) 128-byte “Challenge” text string, generated randomly “Challenge” text string, encrypted with shared key Positive or negative response based on decryption result Station Access Point It is assumed that the station and the AP somehow agrees on a shared secret key via a channel independent of IEEE 802.11. Note: “Challenge” is encrypted by WEP algorithm.
  • 27. 4. Association Association Request Association Response Station Access Point The station needs to register to the AP. During this process, the wireless devices make transitions from one state to others. These states are: (1). Unauthenticated and Unassociated. (2). Authenticated and unassociated and (3). Authenticated and associated
  • 28. How to transmit? The MAC layer
  • 29. Media Access Control • How to share a common medium among the users?
  • 30. Motivation • Can we apply media access methods from fixed networks? • Example: CSMA/CD – Carrier Sense Multiple Access with Collision Detection – Method used in IEEE 802.3 Ethernet
  • 31. CSMA/CD • Carrier Sense: Listen before talk – Sense the channel – If the channel is idle, transmit – If the channel is busy, • waits a random amount of time • sense the channel again • Collision Detection: Stop if collision occurs – If there is a collision, • stops transmission immediately, • waits a random amount of time • senses the channel again
  • 32. Hidden Terminal Problem • A, C cannot hear each other (CS fails) • Collisions at B, undetected (CD also fails) Obstacles Signal Attenuation
  • 33. Exposed Terminal Problem B A C • C has to wait, since CS signals a medium in use • But A is outside the radio range of C; therefore waiting is not necessary • C is “exposed” to B B sends to A C wants to send to someone else (not A or B)
  • 34. (MACA) Multiple Access with Collision Avoidance • IEEE 802.11 is based on the idea of MACA • MACA uses a three-way handshake protocol • Short signaling packets are used – RTS (request to send) • sender request the right to send from a receiver with a short RTS packet before it sends a data packet – CTS (clear to send) • receiver grants the right to send as soon as it is ready to receive • The sender then sends the data. • Signaling (RTS/CTS) packets contain – sender address – receiver address – packet size (duration of data transmission)
  • 35. An Illustration: 3-way handshake A RTS CTS B Data Can it solve the hidden terminal problem? Can it solve the exposed terminal problem?
  • 36. A Solution: Hidden Terminal • MACA avoids the hidden terminal problem – Both A and C want to send to B – A sends RTS first – C waits after receiving CTS from B A C RTS CTS CTS B
  • 37. A Solution: Exposed Terminal • MACA avoids the exposed terminal problem – B wants to send to A, while C to another terminal – now C does not have to wait, for it cannot receive CTS from A A B C RTS CTS RTS
  • 38. Packet Collision • Collisions may occur during RTS-CTS exchange. packet collision occurs …… Next attempt: Transmit at a random slot over the contention window How large is the contention window?
  • 39. Binary Exponential Backoff • The contention window size is adjusted dynamically. – binary exponential backoff is used. • When a terminal fails to receive CTS in response to its RTS, it increases the contention window – cw is doubled (up to an upper bound, CWmax) • When a node successfully completes a data transfer, it restores cw to CWmin
  • 40. Binary Exponential Backoff • The contention window size is doubled whenever a collision occurs. A packet experiences i collisions …… 2i CWmin slots
  • 41. (MACAW) MACA for Wireless LAN • Fair access of media by learning/setting backoff counter value from a packet transmission (carried in packet header) • Wild oscillation on backoff counter value is prevented by defining new Multiplicative Increase Linear Decrease (MILD) backoff updation functions (multiplied by 1.5 and decreased by 1) • Changes in basic message exchange (RTS-CTS-DATA) – Inclusion of ACK packet (i.e. RTS-CTS-DATA-ACK) • If sender after sending DATA does not receive ACK, it schedules data packet for retransmission. • If not DATA but ACK was lost, the receiver will return ACK after receiving RTS for retransmitted packet – Inclusion of DS (Data Sending) packet (i.e. RTS-CTS-DS-DATA-ACK) • After successful exchange of RTS-CTS, sender sends a small control packet (DS) so that all stations which are in the vicinity of sender can know that the RTS-CTS exchange was successful and a data transmission is about to follow. • These overhearing stations defer all transmissions until the DATA-ACK transmission is over (Restriction in transmissions by exposed terminals).
  • 42. IEEE 802.11 MAC Protocols • Two traffic services are supported – Asynchronous Data Service • Best-effort services – Time-bounded Service (optional) • Guarantee a maximum delay • Available only in infrastructure mode
  • 43. Two Classes of Access Mechanisms • Distributed Coordination Function (DCF) – Support asynchronous data services – CSMA/CA (with minor modification) – CSMA/CA with RTS/CTS exchange (optional) • Point Coordination Function (PCF) (optional) – Support time-bounded services – Polling from AP
  • 44. Inter-Frame Spacings (for waiting time before medium access) • SIFS (Short Inter Frame Spacing) – highest priority, for ACK, CTS, polling response • PIFS (PCF IFS) – medium priority, for time-bounded service using PCF • DIFS (DCF IFS) – lowest priority, for asynchronous data service • EIFS (Extended IFS) – Longest IFS used by a station that has received a pkt that it could not understand (duration info for virtual carrier sense). t medium busy SIFS PIFS DIFS DIFS next frame contention direct access if medium is free  DIFS
  • 45. Method 1a: CSMA/CA 802.11 CSMA/CA: sender - if sense channel idle for DIFS sec.(plus a RBT(Random Backoff Time) if the medium was busy) then transmit entire frame (no collision detection) -if sense channel busy then wait for the channel to become idle for DIFS and choose a random backoff time and countdown the backoff timer for every free slot 802.11 CSMA/CA: receiver if received OK return ACK (16 bytes) after SIFS DIFS: Distributed Inter Frame Spacing SIFS: Short Inter Frame Spacing
  • 46. Example (with backoff timer) t busy boe station1 station2 station3 station4 station5 packet arrival at MAC DIFS boe boe boe busy elapsed backoff time bor residual backoff time busy medium not idle (frame, ack etc.) bor bor DIFS boe boe boe bor DIFS busy busy DIFS boe busy boe boe bor bor 12 4 8 8 4 4 10 12 4
  • 47. Method 1b: CSMA/CA with RTS-CTS • CSMA/CA: explicit channel reservation – sender: send RTS (20 bytes) – receiver: reply with CTS (16 bytes) • CTS reserves channel for sender, notifying (possibly hidden) terminals 4-way handshake
  • 48. No Collision during Data Transmission t SIFS DIFS data ACK waiting time other stations receiver sender data DIFS contention How can other stations know how long the waiting time is?
  • 49. Net Allocation Vector (reserves the medium for one sender exclusively) t SIFS DIFS data ACK defer access other stations receiver sender data DIFS contention RTS CTS SIFS SIFS NAV (RTS) NAV (CTS) The RTS packet has a duration field, which consists of information about the length of data packet. Other stations hear the RTS packet set their NAV accordingly. The CTS packet also has the duration field. Other stations hear the CTS packet set their NAV accordingly.
  • 50. Using RTS/CTS • Removes hidden terminal problem • Collision may occur at the beginning of transmission (RTS/data packets) • Non-negligible overhead (b/w and delay) • RTS Threshold to determine when to use/disable RTS/CTS option (based on frame size)
  • 51. Fragmentation • Probability of erroneous frame is much higher in Wireless LAN compared to wired LAN (BER is higher) assuming same frame length. • Using shorter frames to decrease error prob of frames • IEEE 802.11 specifies a fragmentation mode • MAC layer adjust the frame size according to current error rates. • RTS carries duration of 1st frag including ACK • Frag 1 carries the duration of frag2 + ACK2 and ACK1 carries duration (as CTS) and so on.
  • 52. Method 2: Point Coordination Function • Polling by the access point (or point coordinator) • Sends polling message after waiting for PIFS • Since PIFS is smaller than DIFS, it can lock out all asynchronous traffic – To prevent this, an interval called superframe is defined.
  • 53. Two parts of a Superframe Contention-free Period: The point coordinator polls stations with time-bounded service in a round-robin fashion Contention Period: The point coordinator idles for the remainder of the superframe, allowing for asynchronous access.
  • 54. MAC: Reliability • Wireless links are prone to errors. High packet loss rate detrimental to transport-layer performance. • Solution: Use of acknowledgements – When B receives DATA from A, B sends an ACK. – If A fails to receive an ACK, A retransmits the DATA. – Both C and D remain quiet until ACK (to prevent collision of ACK). – Expected duration of transmission+ACK is included in RTS/CTS packets. – This approach adopted in many protocols [802.11]. A B C RTS CTS CTS DATA D RTS ACK  Collision of RTS/CTS packets can happen (hidden terminal).  If no CTS, retransmit RTS after backoff.
  • 55. MAC: Collision Avoidance • With half-duplex radios, collision detection is not possible • Collision avoidance: Once channel becomes idle, the node waits for a randomly chosen duration before attempting to transmit • IEEE 802.11 DCF – When transmitting a packet, choose a backoff interval in the range [0,cw]; cw is contention window – Count down the backoff interval when medium is idle – Count-down is suspended if medium becomes busy – When backoff interval reaches 0, transmit RTS • Time spent counting down backoff intervals is part of MAC overhead • large cw leads to larger backoff intervals • small cw leads to larger number of collisions
  • 56. DCF Example data wait B1 = 5 B2 = 15 B1 = 25 B2 = 20 data wait B1 and B2 are backoff intervals at nodes 1 and 2 cw = 31 B2 = 10
  • 57. MAC: Congestion Control • Number of nodes attempting to transmit simultaneously may change with time; some mechanism to manage congestion is needed. • IEEE 802.11 DCF: Congestion control achieved by dynamically choosing the contention window cw • Binary Exponential Backoff in DCF: – When a node fails to receive CTS in response to its RTS, it increases the contention window • cw is doubled (up to a bound CWmax) – Upon successful completion data transfer, restore cw to CWmin • Optimization: MACAW – 802.11: cw reduces much faster than it increases – Backoff: multiply cw by 1.5 (instead of doubling) – Restore: Reduce cw by 1 (instead of CWmin) – cw reduces slower than it increases. Exponential increase linear decrease – Avoids wild oscillations of cw when congestion is high.
  • 58. MAC: Energy Conservation • Wireless nodes need to conserve power (“resource poor”). • Typical solution: Turning the radio off when not needed • Power Saving Mode in IEEE 802.11 (Infrastructure Mode) – An Access Point periodically transmits a beacon indicating which nodes have packets waiting for them (TIM) – Each power saving (PS) node wakes up periodically to receive the beacon – If a node has a packet waiting, then it sends a PS-Poll • After waiting for a backoff interval in [0,CWmin] – Access Point sends the data in response to PS-poll
  • 59. MAC Protocols: Summary • Wireless medium is prone to hidden and exposed terminal problems • Protocols are typically based on CSMA/CA • RTS/CTS based signaling • Acks for reliability • Contention window is used for congestion control • IEEE 802.11 wireless LAN standard • Fairness issues are still unclear
  • 62. MAC Frame Fields • Frame Control – frame type, control information • Duration/connection ID – channel allocation time (or STA ID in PS-poll messages) • Addresses – context dependant, types include source and destination (may conatin up to 4 adds dep on ToDS and FromDS fields) ToDS FromDS Add1 Add2 Add3 Add4 0 0 DA SA BSSID N/A 0 1 DA BSSID SA N/A 1 0 BSSID SA DA N/A 1 1 RA TA DA SA
  • 63. MAC Frame Fields • Add1 is always the Recupient Address (may be AP or end- station depending on ToDS) • Add2 is always the Transmitter Address (may be AP or end-station depending on FromDS) • Add3 is in most cases the remaining/missing address (FromDS: original SA, ToDS: orginal DA) • Add4 is used on special case where a Wireless DS is used and the frame is being transmitted from one AP to another. • Sequence control – numbering and reassembly (frag no. & seq. no) • Frame body – MSDU or fragment of MSDU • Frame check sequence – 32-bit Cyclic Redundancy Check
  • 64. Frame Control Fields • Protocol version – 802.11 version (0 for current version) • Type – management, control or data (11 reserved) magmt: system integration, form ESS, Synchronization • Subtype – identifies function of frame (Association (Request, Response), Reassociation (Request, Response), Probe (R&R), Beacon, ATIM, Disassoc etc), (PS-poll, RTS, CTS, ACK, CF End etc), (Data, Data+CF-Ack, Data+CF-Poll, Data+CF-Ack+CF-Poll, CF-Poll etc) • ToDS – 1 if destined for DS (to be forwarded by AP) • FromDS – 1 if frame is coming from the DS (leaving DS) • More fragments – 1 if fragments follow • Retry – 1 if retransmission of previous frame
  • 65. Frame Control Fields • Power management – 1: transmitting station will be in sleep mode after transmission of this frame (AP maintains an updated record of the PS mode nodes). Multicasts and Broadcasts are stored by AP and transmitted at pre-known time (DTIM), where all PS nodes who wish to receive this kind of frames should be awake. • More data – Indicates that station has more data to send (used by AP in PS mode to indicate that there are more frames buffered to this station, station can use this for changing state from PS to active or vice-versa. • WEP – 1 if wired equivalent protocol is implemented • Order – 1 if any data frame is sent using the Strictly Ordered service
  • 66. Control Frame Subtypes • Power save – poll (PS-Poll) • Request to send (RTS) • Clear to send (CTS) • Acknowledgment • Contention-free (CF)-end • CF-end + CF-ack
  • 67. Data Frame Subtypes • Data-carrying frames – Data – Data + CF-Ack – Data + CF-Poll – Data + CF-Ack + CF-Poll • Other subtypes (don’t carry user data) – Null Function – CF-Ack – CF-Poll – CF-Ack + CF-Poll
  • 68. Management Frame Subtypes • Association request • Association response • Reassociation request (Roaming process) How does roaming in LAN diff. from roaming in Cellular networks? (packet based, temporary disconnection result is retransmission in upper layer) • Reassociation response • Probe request (Active Scanning) • Probe response • Beacon (timestamp,SSID, TIM etc)
  • 69. Management Frame Subtypes • Announcement traffic indication message • Dissociation • Authentication • Deauthentication
  • 70. Is it Secure? The IEEE 802.11 Security Problem
  • 71. WLAN Security Problem Internal network protected Wireless Access Point Valid User Access Only Conventionally, an organization protect itself by limiting external connections to a few well protected openings called firewall. For wireless networks, anyone within the radio range can eavesdrop on the communication.
  • 72. Basic Security Mechanisms 1. Network Access Control based on SSID 2. MAC Address Filtering 3. Wired Equivalent Privacy (WEP) – Shared Key Authentication – Data Encryption
  • 73. Mechanism 1: SSID • Only those stations with knowledge of the network name, or SSID, can join. • The SSID acts as a shared secret. • Is it secure?
  • 74. SSIDs are “useless”! • AP periodically broadcasts the SSID in a beacon frame. • Beacon frames are sent unprotected. • A hacker can easily identify the SSID.
  • 75. Mechanism 2: MAC Address Filtering • A MAC address list is maintained at each AP. • Only those stations whose MAC addresses are listed are permitted access to the network. • Is it secure?
  • 76. MAC Address as Identity is Weak • MAC addresses are easily sniffed by an attacker since they must be sent unprotected. • Most wireless LAN cards allow changing of their MAC addresses by software.
  • 77. Mechanism 3: WEP • Wired Equivalent Privacy (WEP) – The objective is to provide confidentiality similar to wired LAN. • WEP is used to provide two types of security: – Authentication (to prevent unauthorized access to the network) – Encryption (to prevent eavesdropping) • WEP uses an encryption algorithm based on RC4.
  • 78. Basic Idea of RC4 Pseudo-random number generator Encryption Key K Plaintext bit stream p Random bit stream b  Ciphertext bit stream c Decryption works in the same way: p = c  b XOR
  • 79. How WEP uses RC4? • Station and AP share a 40-bit secret key – semi-permanent • Station appends a 24-bit initialization vector (IV) to create a 64-bit key • The 64-bit key is used to generate a key sequence, ki IV – ki IV is used to encrypt the i-th data bit, di: ci = di XOR ki IV – IV and encrypted bits, ci are sent.
  • 80. 802.11 WEP encryption IV (per frame) KS: 40-bit secret symmetric key k1 IV k2 IV k3 IV … kN IV kN+1 IV … kN+1 IV d1 d2 d3 … dN CRC1 … CRC4 c1 c2 c3 … cN cN+1 … cN+4 plaintext frame data plus CRC key sequence generator ( for given KS, IV) 802.11 header IV WEP-encrypted data plus CRC Figure 7.8-new1: 802.11 WEP protocol Sender-side WEP encryption Note : 1. IV changes from frame to frame. 2. IV is sent unencrypted.
  • 81. Shared Key Authentication • Shared key authentication is based on WEP. • AP sends challenge text d. • Station generates an IV and use the secret key to generate a key stream, kIV. • Station then computes the ciphertext c using the key sequence – c = d XOR kIV • Station sends IV and c to AP.
  • 82. Authentication without a Key • A hacker can record one challenge/response. – The hacker now knows d, c and IV. • The hacker can compute the key sequence kIV. – kIV = d XOR c • The hacker can use IV and kIV to encrypt any subsequent challenge. • The hacker can now authenticate to the target network – without knowing the shared secret key.
  • 83. WEP Encrypted Traffic • Data encryption using WEP is NOT secure. • Major reason: – IV has only 24 bits. – IV collisions (use of the same IV) occur frequently. • Details omitted.
  • 84. Secure or Not? • WEP has serious security flaw. • In actual deployment, WEP is usually disabled. • It is very easy to attack a wireless LAN.