1 Module B WLAN – Engineering Aspects Prof. JP Hubaux Mobile Networks

2 Reminder on frequencies and wavelenghts VLF = Very Low FrequencyUHF = Ultra High Frequency LF = Low Frequency SHF = Super High Frequency MF = Medium Frequency EHF = Extra High Frequency HF = High Frequency UV = Ultraviolet Light VHF = Very High Frequency Frequency and wave length:  = c/f wave length, speed of light c  3x10 8 m/s, frequency f 1 Mm 300 Hz 10 km 30 kHz 100 m 3 MHz 1 m 300 MHz 10 mm 30 GHz 100  m 3 THz 1  m 300 THz visible light VLFLFMFHFVHFUHFSHFEHFinfraredUV optical transmission coax cabletwisted pair

3 Frequencies for mobile communication  VHF-/UHF-ranges for mobile radio  simple, small antenna for handset  deterministic propagation characteristics, reliable connections  SHF and higher for directed radio links, satellite communication  small antenna  large bandwidth available  Wireless LANs use frequencies in UHF to SHF spectrum  some systems planned up to EHF  limitations due to absorption by water and oxygen molecules (resonance frequencies) Weather-dependent fading, signal loss caused by heavy rainfall etc.

4 Frequency allocation Note: in the coming years, frequencies will become technology-neutral

5 Characteristics of Wireless LANs Advantages  flexibility  (almost) no wiring difficulties (e.g., historic buildings)  more robust against disasters like, e.g., earthquakes, fire - or users pulling a plug... Disadvantages  lower bitrate compared to wired networks  More difficult to secure

Data rate Scope of Various WLAN and WPAN Standards n Power consumption Complexity I Bluetooth a g WPAN b WLAN WPAN: Wireless Personal Area Network

7 Design goals for wireless LANs  low power  no special permissions or licenses needed to use the LAN  robust transmission technology  easy to use for everyone, simple management  protection of investment in wired networks (internetworking)  security, privacy, safety (low radiation)  transparency concerning applications and higher layer protocols  location awareness if necessary

8 Comparison: infrared vs. radio transmission Infrared  uses IR diodes Advantages  simple, cheap, available in many mobile devices  no licenses needed  simple shielding possible Disadvantages  interference by sunlight, heat sources etc.  many materials shield or absorb IR light  low bandwidth Example  IrDA (Infrared Data Association) interface used to be available on many devices Radio  typically using the license free ISM band at 2.4 GHz and 5 GHz Advantages  coverage of larger areas possible (radio can penetrate walls, furniture etc.) Disadvantages  very limited license free frequency bands  shielding more difficult, interference with other electrical devices  more difficult to secure Examples  IEEE , Bluetooth

9 Infrastructure vs. ad hoc networks infrastructure network Ad hoc network AP wired network AP: Access Point

10 Distribution System Portal 802.x LAN Access Point LAN BSS LAN BSS 1 Access Point IEEE Architecture of an infrastructure network Station (STA)  terminal with access mechanisms to the wireless medium and radio contact to the access point Basic Service Set (BSS)  group of stations using the same radio frequency Access Point  station integrated into the wireless LAN and the distribution system Portal  bridge to other (wired) networks Distribution System  interconnection network to form one logical network (ESS: Extended Service Set) based on several BSS STA 1 STA 2 STA 3 ESS

Architecture of an ad-hoc network Direct communication within a limited range  Station (STA): terminal with access mechanisms to the wireless medium  Basic Service Set (BSS): group of stations using the same radio frequency LAN BSS LAN BSS 1 STA 1 STA 4 STA 5 STA 2 STA 3

12 Interconnection of IEEE with Ethernet mobile station access point server fixed terminal application TCP PHY MAC IP MAC PHY application TCP PHY MAC IP MAC PHY infrastructure network

Layers and functions PLCP (Physical Layer Convergence Protocol)  clear channel assessment signal (carrier sense) PMD (Physical Medium Dependent)  modulation, coding PHY Management  channel selection, MIB Station Management  coordination of all management functions PMD PLCP MAC IP MAC Management PHY Management MAC  access mechanisms, fragmentation, encryption MAC Management  synchronization, roaming, MIB, power management PHY Station Management

b - Physical layer 3 versions: 2 radio: DSSS and FHSS (both typically at 2.4 GHz), 1 IR  data rates 1, 2, 5 or 11 Mbit/s DSSS (Direct Sequence Spread Spectrum)  DBPSK modulation (Differential Binary Phase Shift Keying) or DQPSK (Differential Quadrature PSK)  chipping sequence: +1, -1, +1, +1, -1, +1, +1, +1, -1, -1, -1 (Barker code)  max. radiated power 1 W (USA), 100 mW (EU), min. 1mW FHSS (Frequency Hopping Spread Spectrum)  spreading, despreading, signal strength  min. 2.5 frequency hops/s, two-level GFSK modulation (Gaussian Frequency Shift Keying) Infrared (rarely used in practice)  nm, diffuse light, around 10 m range  carrier detection, energy detection, synchronization

MAC layer principles (1/2) Traffic services  Asynchronous Data Service (mandatory) exchange of data packets based on “best-effort” support of broadcast and multicast  Time-Bounded Service (optional) implemented using PCF (Point Coordination Function) Access methods (called DFWMAC: Distributed Foundation Wireless MAC)  DCF CSMA/CA (mandatory) collision avoidance via randomized „back-off“ mechanism minimum distance between consecutive packets ACK packet for acknowledgements (not for broadcasts)  DCF with RTS/CTS (optional) avoids hidden terminal problem  PCF (optional and rarely used in practice) access point polls terminals according to a list DCF: Distributed Coordination Function PCF: Point Coordination Function

MAC layer principles (2/2) Priorities  defined through different inter frame spaces  no guaranteed, hard priorities  SIFS (Short Inter Frame Spacing) highest priority, for ACK, CTS, polling response  PIFS (PCF IFS) medium priority, for time-bounded service using PCF  DIFS (DCF, Distributed Coordination Function IFS) lowest priority, for asynchronous data service t medium busy SIFS PIFS DIFS next framecontention direct access if medium is free  DIFS time slot Note : IFS durations are specific to each PHY

17 t medium busy DIFS next frame contention window (randomized back-off mechanism) CSMA/CA principles  station ready to send starts sensing the medium (Carrier Sense based on CCA, Clear Channel Assessment)  if the medium is free for the duration of an Inter-Frame Space (IFS), the station can start sending (IFS depends on service type)  if the medium is busy, the station has to wait for a free IFS, then the station must additionally wait a random back-off time (collision avoidance, multiple of slot-time)  if another station occupies the medium during the back-off time of the station, the back-off timer stops (to increase fairness) time slot direct access if medium has been free for at least DIFS

– CSMA/CA broadcast t busy bo e station 1 station 2 station 3 station 4 station 5 packet arrival at MAC DIFS bo e busy elapsed backoff time bo r residual backoff time busy medium not idle (frame, ack etc.) bo r DIFS bo e bo r DIFS busy DIFS bo e busy The size of the contention window can be adapted (if more collisions, then increase the size) The size of the contention window can be adapted (if more collisions, then increase the size) Here St4 and St5 happen to have the same back-off time = Note: broadcast is not acknowledged (detection by upper layer)

CSMA/CA unicast Sending unicast packets  station has to wait for DIFS before sending data  receiver acknowledges at once (after waiting for SIFS) if the packet was received correctly (CRC)  automatic retransmission of data packets in case of transmission errors t SIFS DIFS data ACK waiting time other stations receiver sender data DIFS Contention window The ACK is sent right at the end of SIFS (no contention)

– DCF with RTS/CTS Sending unicast packets  station can send RTS with reservation parameter after waiting for DIFS (reservation determines amount of time the data packet needs the medium)  acknowledgement via CTS after SIFS by receiver (if ready to receive)  sender can now send data at once, acknowledgement via ACK  other stations store medium reservations distributed via RTS and CTS t SIFS DIFS data ACK defer access other stations receiver sender data DIFS Contention window RTS CTS SIFS NAV (RTS) NAV (CTS) NAV: Net Allocation Vector RTS/CTS can be present for some packets and not for other

21 Fragmentation mode t SIFS DIFS data ACK 1 other stations receiver sender frag 1 DIFS contention RTS CTS SIFS NAV (RTS) NAV (CTS) NAV (frag 1 ) NAV (ACK 1 ) SIFS ACK 2 frag 2 SIFS Fragmentation is used in case the size of the packets sent has to be reduced (e.g., to diminish the probability of erroneous frames) Each frag i (except the last one) also contains a duration (as RTS does), which determines the duration of the NAV By this mechanism, fragments are sent in a row In this example, there are only 2 fragments

MAC frame format Types  control frames, management frames, data frames Sequence numbers  important against duplicated frames due to lost ACKs Addresses  receiver, transmitter (physical), BSS identifier, sender (logical) Miscellaneous  sending time, checksum, frame control, data Frame Control Duration ID Address 1 Address 2 Address 3 Sequence Control Address 4 DataCRC bytes version, type, fragmentation, security,...detection of duplication

23 MAC address format DS: Distribution System AP: Access Point DA: Destination Address SA: Source Address BSSID: Basic Service Set Identifier - infrastructure BSS : MAC address of the Access Point - ad hoc BSS (IBSS): random number RA: Receiver Address TA: Transmitter Address

MAC management Synchronization  Purpose for the physical layer (e.g., maintaining in sync the frequency hop sequence in the case of FHSS) for power management  Principle: beacons with time stamps Power management  sleep-mode without missing a message  periodic sleep, frame buffering, traffic measurements Association/Reassociation  integration into a LAN  roaming, i.e. change networks by changing access points  scanning, i.e. active search for a network MIB - Management Information Base  managing, read, write

25 Synchronization (infrastructure case) beacon interval t medium access point busy B BBB value of the timestamp B beacon frame The access point transmits the (quasi) periodic beacon signal The beacon contains a timestamp and other management information used for power management and roaming All other wireless nodes adjust their local timers to the timestamp

26 Synchronization (ad-hoc case) t medium station 1 busy B1B1 beacon interval busy B1B1 value of the timestamp B beacon frame station 2 B2B2 B2B2 random delay (back-off) Each node maintains its own synchronization timer and starts the transmission of a beacon frame after the beacon interval Contention  back-off mechanism  only 1 beacon wins All other stations adjust their internal clock according to the received beacon and suppress their beacon for the current cycle

27 Power management Idea: switch the transceiver off if not needed States of a station: sleep and awake Timing Synchronization Function (TSF)  stations wake up at the same time Infrastructure case  Traffic Indication Map (TIM) list of unicast receivers transmitted by AP  Delivery Traffic Indication Map (DTIM) list of broadcast/multicast receivers transmitted by AP Ad-hoc case  Ad-hoc Traffic Indication Map (ATIM) announcement of receivers by stations buffering frames more complicated - no central AP collision of ATIMs possible (scalability?)

28 Power saving (infrastructure case) TIM interval t medium access point busy D TTD T TIM D DTIM DTIM interval BB B broadcast/multicast station awake p Power Saving poll: I am awake, please send the data p d d d data transmission to/from the station Here the access point announces data addressed to the station

29 Power saving (ad-hoc case) awake A transmit ATIM D transmit data t station 1 B1B1 B1B1 B beacon frame station 2 B2B2 B2B2 random delay A a D d ATIM window beacon interval a acknowledge ATIM d acknowledge data ATIM: Ad hoc Traffic Indication Map (a station announces the list of buffered frames) Potential problem: scalability (high number of collisions)

Roaming No or bad connection? Then perform: Scanning  scan the environment, i.e., listen into the medium for beacon signals or send probes into the medium and wait for an answer Reassociation Request  station sends a request to one or several AP(s) Reassociation Response  success: AP has answered, station can now participate  failure: continue scanning AP accepts Reassociation Request  signal the new station to the distribution system  the distribution system updates its data base (i.e., location information)  typically, the distribution system now informs the old AP so it can release resources

31 Security of  WEP: Wired Equivalent Privacy  Objectives:  Confidentiality  Access control  Data integrity M C(M) Integrity checksum MC(M) P = RC4 k IV RC4 k IV Note: several security weaknesses have been identified and WEP should not be used anymore. MC(M) P =

32 The new solution for security: standard 802.1x Supplicant AuthenticatorAuthentication Server EAPOL (over Ethernet or ) Encapsulated EAP, Typically on RADIUS EAP: Extensible Authentication Protocol (RFC 2284, 1998) EAPOL: EAP over LAN RADIUS: Remote authentication dial in user service (RFC 2138, 1997) Features: - Supports a wide range of authentication schemes, thanks to the usage of EAP - One-way authentication - Optional encryption and data integrity

33 More on IEEE 802.1x Example of authentication, using one-time passwords (OTP): SupplicantAuthenticatorAuthentication server EAP-request/identity EAP-response/identiy (MYID) EAP-request/OTP, OTP challenge EAP-response/OTP, OTPpassword EAP-success Port authorized Authentication successfully completed Notes : 1.Weaknesses have been found in 802.1x as well, but are corrected in the various implementations. 2.New standard in the making : IEEE i Notes : 1.Weaknesses have been found in 802.1x as well, but are corrected in the various implementations. 2.New standard in the making : IEEE i : exchange of EAPOL frame : exchange of EAP frames in a higher layer protocol (e.g., RADIUS)

34 IEEE – Standardization efforts IEEE b  2.4 GHz band  DSSS (Direct-sequence spread spectrum)  Bitrates 1 – 11 Mbit/s IEEE a  5 GHz band  Based on OFDM (orthogonal frequency-division multiplexing)  transmission rates up to 54 Mbit/s  Coverage is not as good as in b IEEE g  2.4 GHz band (same as b)  Based on OFDM  Bitrates up to 54Mb/s IEEE n  MIMO (multiple-input multiple-output)  40MHz channel (instead of 20MHz)  Can operate in the 5GHz or 2.4Ghz (risk of interference with other systems, however)  Bitrates up to 600Mb/s IEEE ac  Extension of IEEE n, under development IEEE e  Enhanced DCF: to support differentiated service IEEE i  Security, makes use of IEEE 802.1x IEEE p  For vehicular communications IEEE s  For mesh networks

35 Conclusion of Wireless LANs  IEEE  Very widespread  Often considered as the system underlying larger scale ad hoc networks (although far from optimal, not designed for this purpose)  Tremendous potential as a competitor of 3G cellular networks in hot spots  Bluetooth  Security perceived as a major obstacle; initial solutions were flawed in both IEEE (WEP) and Bluetooth  Future developments  Ultra Wide Band?

36 References  J. Schiller: Mobile Communications, Addison-Wesley, Second Edition, 2004  Leon-Garcia & Widjaja: Communication Networks, McGrawHill, 2000  IEEE standards, available at   J. Edney and W. Arbaugh: Real Security, Addison-Wesley, 2003

37 Ad Hoc On-Demand Distance Vector Routing (AODV) Note: this and the following slides are provided here because AODV is used in the hands-on exercises. We will come back to this topic in a later module of the course.

38 AODV : Route discovery (1) E G M H R F A B C I DS K N L P J Q

39 AODV : Route discovery (2) E G M H R F A B C I DS K N L P J Q Note: if one of the intermediate nodes (e.g., A) knows a route to D, it responds immediately to S : Route Request (RREQ)

40 AODV : Route discovery (3) E G M H R F A B C I DS K N L P J Q : represents a link on the reverse path

41 AODV : Route discovery (4) E G M H R F A B C I DS K N L P J Q

42 AODV : Route discovery (5) E G M H R F A B C I DS K N L P J Q

43 AODV : Route discovery (6) M D K L P J E G H R F A B C I S N Q

44 AODV : Route discovery (7) M D K L P J E G H R F A B C I S N Q

45 AODV : Route reply and setup of the forward path M D K L P J E G H R F A B C I S N Q : Link over which the RREP is transmitted : Forward path

46 Route reply in AODV In case it knows a path more recent than the one previously known to sender S, an intermediate node may also send a route reply (RREP) The freshness of a path is assessed by means of destination sequence numbers Both reverse and forward paths are purged at the expiration of appropriately chosen timeout intervals

47 AODV : Data delivery M D K L P J E G H R F A B C I S N Q Data The route is not included in the packet header

48 AODV : Route maintenance (1) M D K L P J E G H R F A B C I S N Q Data X

49 AODV : Route maintenance (2) M D K L P J E G H R F A B C I S N Q X RERR(G-J) When receiving the Route Error message (RERR), S removes the broken link from its cache. It then initializes a new route discovery. When receiving the Route Error message (RERR), S removes the broken link from its cache. It then initializes a new route discovery.

50 AODV (unicast) : Conclusion Nodes maintain routing information only for routes that are in active use Unused routes expire even when the topology does not change Each node maintains at most one next-hop per destination

2011 Trial in MobNet with Nokia 51 Adversary’s APs 66 m 186 m