Wireless LAN (WLAN) Networks Sabita Maharjan Simula Research Laboratory 24 April 2015
Agenda WLAN Overview Modulation Techniques Channel Access Mechanisms Security Protocols
Agenda WLAN Overview Modulation Techniques Channel Access Mechanisms Security Protocols
Wireless Local Area Network (WLAN) WLAN is a wireless network that connects devices mainly using spread spectrum or OFDM techniques Fig. 1: Typical WLAN Architecture (source.: Siemens)
Fig. 2: Encapsulation (source.: Siemens)
History of WLANs 2003 802.11g: 2.4 GHz, upto 54Mbps; Performance similar to 802.11a; Compatible with 802.11b devices Standardization of WLAN: IEEE approved 802.11, 2.4 GHz, 1-2 Mbps 2007-2009 IEEE approved 802.11n, upto 600 Mbps Optimizes modulation; Uses multiple antennas 1999 802.11b: 2.4GHz, upto 11 Mbps; 802.11a: 5GHz, upto 54Mbps The standard specifies the MAC and the physical layers for transmissions in the 2.4, 5.0 GHz band (ISM ….. 1997
Wireless LAN Components Access point (AP) Connects multiple wireless stations to the wired network Wireless station
Wireless LAN Operating Modes: Infrastructure mode Extended Service Set (ESS) Multiple cells, Two or more BSSs Basic Service Set (BSS) - One access point
Wireless LAN Operating Modes: Ad-hoc mode Independent Basic Service Set (IBSS)
WLAN Characteristics Medium Interference/Noise Variable quality (space/time) Shared with unwanted WiFi devices Shared with non-WiFi devices Connectivity issues (Hidden node problem) Mobility Variation in link reliability Power management: battery usage Security issues Radio resource management (RRM) is the system level control of co-channel interference and other radio transmission characteristics in wireless communication systems, for example cellular networks, wireless networks and broadcasting systems. RRM involves strategies and algorithms for controlling parameters such as transmit power, channel allocation, data rates, handover criteria, modulation scheme, error coding scheme, etc. The objective is to utilize the limited radio spectrum resources and radio network infrastructure as efficiently as possible.
Agenda WLAN Overview Modulation Techniques Channel Access Mechanisms Security Protocols
Direct Sequence Spread Spectrum (DSSS) Efficient modulation technique and good signal/noise properties. Phase Shift Keying: 1 Mbit/s: Differential Binary PSK, 2 Mbit/s: Differential Quadrant PSK. 3 colocated channels available in the 2.4 GHz ISM band Jamming/interference affects Signal/Noise ratio for entire channel DSSS is a modulation technique that transmits the message signal using a wide(r) bandwidth DSSS is more robust to interference and noise/jamming
Direct Sequence Spread Spectrum (DSSS) The message signal modulates a pseudorandom noise/code (PRN) source.: Siemens
DSSS Channels Non-overlapping DSSS Channels in the ISM band Graphical representation of WiFi Channels in 2.4 GHz band
Frequency Hopping Spread Spectrum (FHSS) FSK modulation 79 channels (2.4GHz-2.438 GHz) 1 MHz Channel spacing E.g., Multiple access method in the frequency-hopping CDMA (FD-CDMA). FHSS rapidly switches a carrier among many frequency channels Highly resistant to narrowband interference
FHSS Interference Avoidance System performance metrics used commonly used for TPC Transmit power control is a technical mechanism used within some networking devices in order to prevent too much unwanted interference between different wireless networks. The network devices supporting the transmit power control feature are IEEE 802.11h Wireless LAN device in the 5 GHz band compliant to the IEEE 802.11a.
Orthogonal Frequency Division Multiplexing (OFDM) The data is divided into a large number of radio frequencies (RFs) Each RF carries a small part of the data Each carrier is separately modulated by txn data using QAM or PSK. Because of this robustness OFDM is used in broadband systems, such as digital TV en digital radio, in mobile systems, such as Flash OFDM, and in Radio LANs which have to operate in an environment with a lot of multipath fading. OFDM is a technique that requires a lot of processing power. That is the reason that OFDM is used only since fairly recently. The carriers are very close to each other but are orthogonal OFDM is highly robust to frequency selective interference and fading, but it requires high processing power
Agenda WLAN Overview Modulation Techniques Channel Access Mechanisms Security Protocols
WLAN Medium Access Methods As the medium is shared, IEEE 802.11 standard ensures that all nodes implement channel access methods These methods address issues such as RF interference, denial-of-service attacks, and improve network throughput IEEE 802.11 mandates the use of DCF, a form of CSMA-CA DCF: Distributed Coordination Function DIFS: DCF Interframe Space = SIFS+(2*Slot Time) SIFS: Short Interframe Space PCF: Point Coordination Function PIFS: PCF Interframe Space = SIFS+Slot Time The DCF (Distributed Coordination Function) protocol controls access to the physical medium. A station must sense the status of the wireless medium before transmission. If the station detects the medium as idle for DIFS duration, then, it can transmit. Otherwise backoff. DIFS = IEEE 802.11b: Slot time: 20 micro s, DIFS = 50 micro s CSMA-CA is a contention based protocol that all stations sense the medium before transmitting RF: Radio Frequency, DCF: Distributed Coordination Function, CSMA-CA: Carrier Sense Multiple Access with Collision Avoidance
Carrier sense multiple access with collision avoidance (CSMA-CA) If a station that wants to transmit a frame, detects the energy in the channel above a certain threshold, it waits It transmits only if the medium is free for more than DIFS DCF: Distributed Coordination Function DIFS: DCF Interframe Space = SIFS+(2*Slot Time) SIFS: Short Interframe Space PCF: Point Coordination Function PIFS: PCF Interframe Space = SIFS+Slot Time The DCF (Distributed Coordination Function) protocol controls access to the physical medium. A station must sense the status of the wireless medium before transmission. If the station detects the medium as idle for DIFS duration, then, it can transmit. Otherwise backoff. DIFS = IEEE 802.11b: Slot time: 20 micro s, DIFS = 50 micro s Collision Avoidance The stations make use of the acknowledgements that a receiver sends to a sender to verify the error-free reception DIFS: DCF Interframe Space; DCF: Distributed Coordination Function
Carrier sense multiple access with collision avoidance (CSMA-CA) DCF: Distributed Coordination Function DIFS: DCF Interframe Space = SIFS+(2*Slot Time) SIFS: Short Interframe Space PCF: Point Coordination Function PIFS: PCF Interframe Space = SIFS+Slot Time The DCF (Distributed Coordination Function) protocol controls access to the physical medium. A station must sense the status of the wireless medium before transmission. If the station detects the medium as idle for DIFS duration, then, it can transmit. Otherwise backoff. DIFS = IEEE 802.11b: Slot time: 20 micro s, DIFS = 50 micro s The size of the exponential backoff window increases with the number of retransmissions DIFS: DCF Interframe Space; DCF: Distributed Coordination Function
Virtual carrier sense Two stations belonging to the same BSS may not be within the radio range of each other Neither of them can do a clear channel assessment through physical sensing: Hidden terminal problem Virtual carrier sense mechanisms consists of a NAV maintained by each client DCF: Distributed Coordination Function DIFS: DCF Interframe Space = SIFS+(2*Slot Time) SIFS: Short Interframe Space PCF: Point Coordination Function PIFS: PCF Interframe Space = SIFS+Slot Time The DCF (Distributed Coordination Function) protocol controls access to the physical medium. A station must sense the status of the wireless medium before transmission. If the station detects the medium as idle for DIFS duration, then, it can transmit. Otherwise backoff. DIFS = IEEE 802.11b: Slot time: 20 micro s, DIFS = 50 micro s NAV: Client’s prediction of how long the medium will be busy NAV: Network Allocation Vector
Virtual carrier sense RTS: Request To Send; CTS: Clear To Send DCF: Distributed Coordination Function DIFS: DCF Interframe Space = SIFS+(2*Slot Time) SIFS: Short Interframe Space PCF: Point Coordination Function PIFS: PCF Interframe Space = SIFS+Slot Time The DCF (Distributed Coordination Function) protocol controls access to the physical medium. A station must sense the status of the wireless medium before transmission. If the station detects the medium as idle for DIFS duration, then, it can transmit. Otherwise backoff. DIFS = IEEE 802.11b: Slot time: 20 micro s, DIFS = 50 micro s RTS: Request To Send; CTS: Clear To Send
DCF Protocol A station utilizes the value in the duration field in the control field of others’ frames, indicating, how long the sender needs the medium Stations must also check the duration field in addition to ensuring that no physically transmission is active DCF supports the transmission of asynchronous signals DCF: Distributed Coordination Function DIFS: DCF Interframe Space = SIFS+(2*Slot Time) SIFS: Short Interframe Space PCF: Point Coordination Function PIFS: PCF Interframe Space = SIFS+Slot Time The DCF (Distributed Coordination Function) protocol controls access to the physical medium. A station must sense the status of the wireless medium before transmission. If the station detects the medium as idle for DIFS duration, then, it can transmit. Otherwise backoff. DIFS = IEEE 802.11b: Slot time: 20 micro s, DIFS = 50 micro s Issues RF Interference – incidental Denial-of-service attack - Intentional RF: Radio Frequency
PCF Protocol As an optional method, IEEE 802.11 defines the PCF, that enables the transmission of time sensitive information A point control within the AP controls which stations can transmit within a given period of time PCF is a contention-free protocol and enables frames to transmit data synchronously with regular time delays DCF: Distributed Coordination Function DIFS: DCF Interframe Space = SIFS+(2*Slot Time) SIFS: Short Interframe Space PCF: Point Coordination Function PIFS: PCF Interframe Space = SIFS+Slot Time The DCF (Distributed Coordination Function) protocol controls access to the physical medium. A station must sense the status of the wireless medium before transmission. If the station detects the medium as idle for DIFS duration, then, it can transmit. Otherwise backoff. DIFS = IEEE 802.11b: Slot time: 20 micro s, DIFS = 50 micro s PCF thus effectively supports information flows requiring stricter synchronization such as video PCF: Point Coordination Function
Agenda WLAN Overview Modulation Techniques Channel Access Mechanisms Security Protocols
Types of Unauthorized Access Accidental association A terminal latches to an AP from a neighboring overlapping network Malicious association Malicious terminals act as “Soft APs” Steal passwords, launch attacks to the wired n/w, plant trojans Ad-hoc networks Ad-hoc networks provide bridge to other networks, while they have little protection Man-in-the-Middle Attacks Denial-of-Service Attacks Identity Thefts (MAC Spoofing) Despite MAC filtering, programs and techniques exist to identify/steal the MAC address of the devices …..
Open System Authentication Shared Key Authentication WLAN Security Authentication Open System Authentication Shared Key Authentication The station uses RC4 (Rivest Cipher 4; A cryptographic technique) to encrypt the random number and then to send it back. Authentication Request Challenge (Random number) Authentication Request Encrypted Challenge Authentication Response Authentication Response
WLAN Security: Wired Equivalent Privacy (WEP) Model BSS: Shared key is used between all stations and the APs ESS: All APs have the same shared key No key management Shared key is manually entered into stations and APs The password WEP uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. Scalability issues are critical WEP is the original security model (1999), but has distinct weaknesses and is outdated
WLAN Security Enhancement: Wi-Fi Protected Access (WPA) WPA (2003) employs Temporary Key Integrity Protocol (TKIP) to enhance security of the keys used with WEP WPA also uses RC4 stream cipher WPA changes the way keys are derived and rotates keys more often for improved security The password WEP uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WPA has an additional function called message integrity check function to prevent packet forgeries
WLAN Security Enhancement: WPA2 The WLAN security model currently in use is WPA2 (802.11i) WPA2 uses Advanced Encryption Standard (AES) block cipher WPA2 uses an encryption device that encrypts the network with a 256-bit key The password WEP uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP.
Discussion/Consideration: What is important in WLAN? Reliability? Throughput? Latency? Reliability? Robustness? Energy efficiency? Scalability and Complexity? “One size fits all” solution does not exist Cyber Physical Systems: Security, Reliability and Robustness?
Thank you!
CDMA A Practical Approach provides a comprehensive look at the emerging paradigm of radio resource management-based applications and services
WLAN Standards
Active Scanning
Fragmentation RRM in 3G and 4G Cellular systems should consider traffic arrivals channel conditions QoS classes Long fragments higher probability of error Microwave ovens interfere (4ms/4ms duty cycle) Collision recovery is less expensive if we use fragmentation Retransmission of fragments MSDU Hdr Body CRC Hdr Body CRC Hdr Body CRC
WLAN Security Wireless LAN uses radio signal Attacker needs equipment capable of: – monitoring (passive attacks) and transmitting (active attacks) encrypted traffic passive attacks can be carried out using off-the-shelf equipment by modifying driver settings active attacks are more difficult but not beyond reach and easy when firmware of PCMCIA cards can be upgraded Prudent to assume that motivated attackers have full access to link layer for passive and active attacks