WiFi, Bluetooth & Layers Emmanuel Baccelli

Last week Wifi, Bluetooth: wireless LANs Medium Access Control Basic example : Aloha

Wifi, Bluetooth, Ethernet Couche 5 Couche 4 Couche 3 Couche 2: Lien Couche 1: Physique Protocol layers 1 et 2 Transfer packets over a link Standardization body: IEEE Standards: , 803.2, …

= la norme IEEE Norme = règles, techniques, formats communs à respecter Protocole = norme de communication entre machines IEEE = Institute of Electrical and Electronics Engineering IEEE IEEE 1394 IEEE

IEEE standard Communication between terminals and access point Direct communication between terminals

Infrastructure mode in urban situation

Emission power 100 mW (1/10 of GSM) Bursty packet emissions Mbits/s Range: 100 m outdoor several ten meters European ETS IEEE basic

Frequencies –52 MHz bandwidth around 2.4 GHz –11 channels with partial overlaps

Spread of 11MHz (11 bits Barker sequence) 1 Msymbols/s –1 Mbps: modulation PSK 1, 1 bit/ symbol (DSSS IEEE ) –2 Mbps: mod QPSK, 2 bits/ symbol Spread of 11 MHz (séquence 8 bits CCK), 1,375 Msymbol/s –5,5 Mbps: 4 bits/symbole –11 Mbps: 8 bits/symbole coding IEEE b Spread spectrum

IEEE b (1-2-5,5-11 Mbps) –Bandwidth 2,4 GHz –Modulation Direct Sequence Spread Spectrum (DSSS) –No Forward Error Control (FEC) IEEE a (6-54 Mbps) –Bande 5,2 GHz –Mod. Orthogonal Frequency Division Multiplexing (OFDM) –FEC rate ½, 2/3, 3/4 (convolutive code) IEEE g (ERP-OFDM), IEEE n (MIMO) IEEE b,a,g,n

Carrier Sense Multiple Access

Basic CSMA: listen before talk node withdraws over signal detection forbidden zone emitter destination packet ack forbidden period DIFS

Hidden nodes collisions avoidance Node withdraws over hidden nodes detection emitter destination packet ack forbidden period RTS CTS

Collision management CSMA/CA Carrier Sense Multiple Access with Collision Avoidance

Random backoff of transmission over forbidden periods –Evite les collisions répétées –The node selects a random backoff: a number of mini-slots between 0 and C max -1 (8) –Mini-slots are not decremented during forbidden periods –C max double at each collision (lack of CTS or ACK) –Retry number limited to max_retry (7-16). –Slot<DIFS (Distributed Inter Frame Space) Forbidden periodslot Forbid. period Example: time for a backoff of 3 slots Retransmissions packet ack Forbidden Period RTS CTS packet ack forbidden period DIF S

Infrastructure mode AP terminal Distribution system BSS ESS AP: Access Point BSS: Basic Set Service ESS: Extended Set Service IBSS: Independent Basic Set Service Terminology IBSS ad hoc mode

IEEE packet Packet emission preambleMAC headerData part (IP packet)Check sum packet ACK SISF Emitter node Intended Receiver node Formats (packets)

Format (Preamble)

–Four addresses in infrastructure mode –Only two in ad hoc mode –Control field contains length and mode –Sequence field for fragmentation Address 1Address 2Address 3Address 4controlsequence Formats (MAC header)

Authentification and encryption (secret key K, symmetric) –The terminal requires the access point authentification –The access point sends a challenge of 128 random bits –The terminal returns the 128 bits xored by K –The access point confirms authentification –Default: James Bond overhear the key K via direct comparison between challenge and terminal reply! WEP security Packet encryption (algorithm RC4) –pseudo random sequence seed=K*IV (Initialisation Vector in packet header) –Integrity check via an internal check sum –RC4 is linear (RC4(x  y)=RC4(x)  RC4(y))! WEP is very weak and only address unvolontary earsdropping.

WEP improvement with IEEE i –Introduction of IEEE 802.1x to manage the secret keys K (Extensible Authentification Protocol- Transport Layer Security, EAP-TLS). –Authentification made indépendant of encryption –Introduction of more sophisticated function : (K,IV)  RC4 seed. IEEE IEEE 802.1x Authentification agent improved security

= IEEE Communication between personnal devices Architecture piconet master slave: –7 slaves max per piconet –Exclusive links slave-master –Slotted time master slaves piconet

esclaves Wide area architecture : scatternet –Several tiled piconets –Frequency hopings differ –certains nodes switch status master-slave IEEE

Limited emission power –Class 1: 100 mW –class 2: 2,5 mW –class 3: 1 mW (1/1000 GSM) Minimal signal processing –Periodic TDMA –Throughput 1 Mbps max –Few meters range. Profiles –Standadized applications IEEE

From master Slotted system managed by the master node over a single frequence Adaptative FEC, rate: 1 (no correction), 2/3, 1/3 Frequency hopping (1600/sec) –One hop per slot over 79 channels (2,4 GHz) –Throughput 1 Mbps, extensions for10 Mbps. From slave IEEE

Bluetooh + WiFi

Format du paquet –Access Code (AC): synchro, pagination (slot #). Channel AC, Device AC, Inquiry AC. –Header: address, sequence number, flow control, acquittement Formats

frequency hoping Periodic change of frequencies. Predetermined sequence fixed in standard. Goal: use uncongested frequencies.

Connection establishment –Inquiry for destination terminal identification (source, destination) –paging for synchronization of emissions (source, master, destination) –polling, the master prompts each slave emission. –Out of connection, the slave can be in wake mode or in sleed mode, otherwise it looses its MAC address. Connection

Authentification (E1 algorithm) –Secret shared key (link key) (128 bits) Encryption (algorithms KG, E0) –Secret key Kc (deduced from link key par KG) from 8 to 128 bits (negociated) –Use of slot number in E0 (indicated in paging) –E1 and E0 differ. Sécurity Default of Bluetooth security –Keys are too short –link key and Kc are both function of device PIN (4 bits).

Authentification of B byA –B sends its address (48 bits) –A returns rand(A) to B (challenge 128 bits) –E1(addr B, link key, rand(A))=(SRES,ACO) (32 bits, 96 bits) –B returns SRES. Authentification

encryption –Kc depends on link key, ACO and EN_RAND –The pseudo random word Kstr depends on slot number and the addess of the master –In packet crypted code=data  Kstr Encryption mode 2 –Packets are encrypted via individual keys Kc(B)=KG(…,ACO(B)) –Broadcast packets are not encrypted mode 3 –All packets are encrypted via the key of the master Kc=KG(…,ACO(A))