Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 2 – IEEE 802.11.

Published byAvice Terry Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 2 – IEEE 802.11."— Presentation transcript:

1 Lecture 2 – IEEE

2 What we will learn in this lecture:
• Basics of IEEE • MAC layer – CSMA/CA • Security – WEP protocol

3 Wireless LAN • operate in a local area
– less than 100 m • provide access to wired LANs and the Internet • provide high data rates – currently, up to 54 Mbps

4 Major Standards for WLAN
• HIPERLAN – High Performance Radio LAN – European standard • IEEE – US standard – today, it holds the entire market – Only this standard will be discussed in our course

5 Two Modes of IEEE 802.11 • Infrastructure Mode • Ad Hoc Mode
– Terminals communicate to an access point. • Ad Hoc Mode – Terminals communicate in a peer-to-peer basis without any access point.

6 802.11 - Infrastructure Mode • Station (STA)
LAN 802.x LAN – Wireless terminals • Basic Service Area (BSA) STA 1 BSS 1 – Coverage area of one access point Portal Access • Basic Service Set (BSS) Point – group of stations controlled by the Distribution System same AP Access • Distribution System (DS) ESS Point – Fixed infrastructure used to connect several BSS to create an BSS 2 Extended Service Set (EES) • Portal – bridge to other (wired) networks STA 2 STA 3 LAN

7 – Ad Hoc mode • Terminals communicate in a peer-to-peer basis.
LAN STA 1 BSS 1 STA 3 • Terminals communicate in a peer-to-peer basis. STA 2 BSS 2 STA 5 STA 4 LAN

8 IEEE 802 Protocol Layers

9 Protocol Architecture
fixed terminal mobile terminal server A typical scenario Ethernet access point application application covers TCP Logical link TCP only PHY and control MAC IP IP Data LLC LLC LLC Link MAC MAC 802.3 MAC 802.3 MAC PHY PHY 802.3 PHY 802.3 PHY

10 Functions of Each Layer
• Physical Layer – Encoding/decoding of signals – Bit transmission/reception • Medium Access Control (MAC) Layer – On transmission, assemble data into a frame for transmission – On reception, disassemble frame and perform error detection – Coordinate users’ access to the transmission medium • Logical Link Control (LLC) Layer – Provide an interface to upper layers – Perform flow and error control

11 Physical Layer 802.11 supports 3 different PHY layers • Infrared
– simple and cheap – requires line of sight • Radio (2 types) – Frequency Hopping Spread Spectrum – Direct Sequence Spread Spectrum – can cover a larger area (e.g. penetrate walls)

12 IEEE 802.11 Standards Standard Spectrum Bit Rate Transmission
Compatibility 802.11 wavelength 2 Mbps Infrared / N/A between 850 FHSS / DSSS and 950 nm; 2.4 GHz 802.11a 5.0 GHz 54 Mbps OFDM None 802.11b 2.4 GHz 11 Mbps DSSS 802.11 (Wi-Fi) 802.11g 2.4 GHz 54 Mbps OFDM / 802.11b

13 How to join a network? Infrastructure Mode

14 Steps to Join a Network 1. Discover available network 2. Select a BSS
i.e. basic service set (BSS) 2. Select a BSS 3. Authentication 4. Association

15 1. Discovering Available Network
• Passive Scanning – Each AP broadcasts periodically a Beacon frame, which includes: • AP’s MAC address, Network name (aka (also known as) Service Set Identifier, SSID), etc. • Active Scanning – Station sends a Probe Request frame – AP responses with a Probe Response frame, which includes • AP’s MAC address, SSID, etc.

16 2. Choosing a Network • The user selects from available networks
• Common criteria: – User choice – Strongest signal – Most recently used

17 3. Authentication • Authentication • Two Mechanisms
– A station proves its identity to the AP. • Two Mechanisms – Open System Authentication – Shared Key Authentication

18 Open System Authentication
The default authentication protocol for Authenticates anyone who requests authentication. – NULL authentication (i.e. no authentication at all) Authentication Request (open system) Authentication Response Station Access Point

19 Shared Key Authentication
It is assumed that the station and the AP somehow agrees on a shared secret key via a channel independent of IEEE Authentication Request (shared key) 128-byte “Challenge” text string, generated randomly “Challenge” text string, encrypted with shared key Access Point Station Positive or negative response Note: “Challenge” is based on decryption result encrypted by WEP algorithm.

20 4. Association The station needs to register to the AP.
Association Request Association Response Station Access Point

21 How to transmit? The MAC layer

22 Media Access Control • How to share a common medium among the users?

23 Motivation • Can we apply media access methods from fixed networks?
• Example: CSMA/CD – C arrier S ense M ultiple A ccess with C ollision D etection – Method used in IEEE Ethernet

24 CSMA/CD • Carrier Sense: Listen before talk
– Sense the channel – If the channel is idle, transmit – If the channel is busy, • waits a random amount of time • sense the channel again • Collision Detection: Stop if collision occurs – If there is a collision, • stops transmission immediately, • waits a random amount of time • senses the channel again

25 Hidden Terminal Problem
• A , C cannot hear each other (CS fails) • Collisions at B , undetected (CD also fails) Obstacles Signal Attenuation

26 Exposed Terminal Problem
C wants to send to someone else (not A or B) A B C B sends to A • C has to wait, since CS signals a medium in use • But A is outside the radio range of C; therefore waiting is not necessary • C is “exposed” to B

27 (MACA) Multiple Access with Collision Avoidance
• IEEE is based on the idea of MACA • MACA uses a three-way handshake protocol • Short signaling packets are used – RTS (request to send) • a sender request the right to send – CTS (clear to send) • the receiver grants the right to send • The sender then sends the data.

28 An Illustration: 3-way handshake
RTS CTS Data B A Can it solve the hidden terminal problem? Can it solve the exposed terminal problem?

29 A Solution: Hidden Terminal
RTS CTS CTS A B C • MACA avoids the hidden terminal problem – Both A and C want to send to B – A sends RTS first – C waits after receiving CTS from B

30 A Solution: Exposed Terminal
RTS RTS CTS A B C • MACA avoids the exposed terminal problem – B wants to send to A, while C to another terminal – now C does not have to wait, for it cannot receive CTS from A

31 Packet Collision • Collisions may occur during RTS-CTS exchange. ……
occurs Next attempt: Transmit at a random slot over the contention window How large is the contention window?

32 Binary Exponential Backoff
• The contention window size is adjusted dynamically. – binary exponential backoff is used. • When a terminal fails to receive CTS in response to its RTS, it increases the contention window – cw is doubled (up to an upper bound, CW max ) • When a node successfully completes a data transfer, it restores cw to CW min

33 Binary Exponential Backoff
• The contention window size is doubled whenever a collision occurs. A packet experiences …… i collisions 2 i CW min slots

34 IEEE 802.11 MAC Protocols • Two traffic services are supported
– Asynchronous Data Service • Best-effort services – Time-bounded Service (optional) • Guarantee a maximum delay • Available only in infrastructure mode

35 Two Classes of Access Mechanisms
• Distributed Coordination Function (DCF) – Support asynchronous data services – CSMA/CA – CSMA/CA with RTS/CTS exchange (optional) • Point Coordination Function (PCF) (optional) – Support time-bounded services – Polling from AP

36 Inter-Frame Spacings • SIFS (Short Inter Frame Spacing)
– highest priority, for ACK, CTS, polling response • PIFS (PCF IFS) – medium priority, for time-bounded service using PCF • DIFS (DCF IFS) – lowest priority, for asynchronous data service DIFS DIFS PIFS SIFS medium busy contention next frame t direct access if  DIFS

37 Method 1a: CSMA/CA 802.11 CSMA/CA: sender
- if sense channel idle for DIFS sec. then transmit entire frame (no collision detection) -if sense channel busy then wait a random time CSMA/CA: receiver if received OK return ACK (16 bytes) after SIFS DIFS: Distributed Inter Frame Spacing SIFS: Short Inter Frame Spacing

38 Example 12 8 DIFS 4 4 4 10 8 4 12 DIFS DIFS DIFS busy busy busy
bo e bo r bo e bo r bo e busy station 1 bo e busy station 2 4 busy station 3 4 10 bo e busy bo e bo r station 4 bo e bo r bo e busy bo e bo r station 5 8 4 12 t busy medium not idle (frame, ack etc.) bo e elapsed backoff time packet arrival at MAC bo r residual backoff time

39 Method 1b: CSMA/CA with RTS-CTS
• CSMA/CA: explicit channel reservation – sender: send RTS (20 bytes) – receiver: reply with CTS (16 bytes) • CTS reserves channel for sender, notifying (possibly hidden) terminals 4-way handshake

40 No Collision during Data Transmission
DIFS data sender SIFS ACK receiver DIFS other data stations t waiting time contention How can other stations know how long the waiting time is?

41 Net Allocation Vector The RTS packet has a duration field,
DIFS RTS data sender SIFS SIFS CTS SIFS ACK receiver NAV (RTS) DIFS other data NAV (CTS) stations t defer access contention The RTS packet has a duration field, The CTS packet also has the which consists of information about duration field. the length of data packet. Other stations hear the CTS Other stations hear the RTS packet packet set their NAV set their NAV accordingly. accordingly.

42 Method 2: Point Coordination Function
• Polling by the access point (or point coordinator) • Sends polling message after waiting for PIFS • Since PIFS is smaller than DIFS, it can lock out all asynchronous traffic – To prevent this, an interval called superframe is defined.

43 Two parts of a Superframe
Contention-free Period: Contention Period: The point coordinator polls The point coordinator idles stations with time-bounded for the remainder of the service in a round-robin superframe, allowing for fashion asynchronous access.

44 Is it Secure? The IEEE Security Problem

45 WLAN Security Problem Conventionally, an organization protect itself by limiting external connections to a few well protected openings called firewall. For wireless networks, anyone within the radio range can eavesdrop on the communication. Internal network protected Wireless Access Point Valid User Access Only

46 Basic Security Mechanisms
1. Network Access Control based on SSID 2. MAC Address Filtering 3. Wired Equivalent Privacy (WEP) – Shared Key Authentication – Data Encryption

47 Mechanism 1: SSID • Only those stations with knowledge of the
network name, or SSID, can join. • The SSID acts as a shared secret. • Is it secure?

48 SSIDs are “useless”! • AP periodically broadcasts the SSID in a
beacon frame. • Beacon frames are sent unprotected. • A hacker can easily identify the SSID.

49 Mechanism 2: MAC Address Filtering
• A MAC address list is maintained at each AP. • Only those stations whose MAC addresses are listed are permitted access to the network. • Is it secure?

50 MAC Address as Identity is Weak
• MAC addresses are easily sniffed by an attacker since they must be sent unprotected. • Most wireless LAN cards allow changing of their MAC addresses by software.

51 Mechanism 3: WEP • Wired Equivalent Privacy (WEP)
– The objective is to provide confidentiality similar to wired LAN. • WEP is used to provide two types of security: – Authentication (to prevent unauthorized access to the network) – Encryption (to prevent eavesdropping) • WEP uses an encryption algorithm based on RC4.

52 Basic Idea of RC4 Pseudo-random Encryption Key K number generator
Random bit stream b Plaintext bit stream Ciphertext bit stream p c XOR  b

53 How WEP uses RC4? • Station and AP share a 40-bit secret key
– semi-permanent • Station appends a 24-bit initialization vector (IV) to create a 64-bit key • The 64-bit key is used to generate a key sequence, k i IV – k i IV is used to encrypt the i -th data bit, d i : c i = d i XOR k i IV – IV and encrypted bits, c i are sent.

54 802.11 WEP encryption Sender-side WEP encryption Note :
IV (per frame) K S : 40-bit key sequence generator secret ( for given K S , IV) symmetric … k N+1IV 802.11 WEP-encrypted data IV header plus CRC plaintext frame data d 1 d 2 d N … CRC 4 plus CRC c 1 c 2 c N … c N+4 Sender-side WEP encryption Figure 7.8-new1: WEP protocol Note : 1. IV changes from frame to frame. 2. IV is sent unencrypted.

55 Shared Key Authentication
• Shared key authentication is based on WEP. • AP sends challenge text d . • Station generates an IV and use the secret key to generate a key stream, k IV . • Station then computes the ciphertext c using the key sequence – c = d XOR k IV • Station sends IV and c to AP.

56 Authentication without a Key
• A hacker can record one challenge/response. – The hacker now knows d, c and IV. • The hacker can compute the key sequence k IV . – k IV = d XOR c • The hacker can use IV and k IV to encrypt any subsequent challenge. • The hacker can now authenticate to the target network – without knowing the shared secret key.

57 WEP Encrypted Traffic • Data encryption using WEP is NOT secure.
• Major reason: – IV has only 24 bits. – IV collisions (use of the same IV) occur frequently. • Details omitted.

58 Secure or Not? • WEP has serious security flaw.
• In actual deployment, WEP is usually disabled. • It is very easy to attack a wireless LAN.

59 We may capture all the packets…

60 We may even re-construct the TCP stream!

61 Lessons learned… • Encrypt your confidential data before ftp
• Use secure mode to check your

62 References • IEEE 802.11 Basics and MAC layer • IEEE 802.11 Security
– You can easily find relevant books in the library. – J. Schiller, Mobile communications , Addison-Wesley, 2000. • IEEE Security – W. A. Arbaugh, N. Shankar, and Y. C. J. Wan, “Your wireless network has no clothes,” – J. Williams, “The IEEE b security problem, Part 1,” pp , IEEE IT Professional , Nov/Dec 2001.

Download ppt "Lecture 2 – IEEE 802.11."

Similar presentations

Networks: Wireless LANs1 Wireless Local Area Networks.

Networks: Wireless LANs1 Wireless Local Area Networks.
Contents IEEE MAC layer operation Basic CSMA/CA operation

Contents IEEE MAC layer operation Basic CSMA/CA operation
Lecture 5: IEEE 802. 11 Wireless LANs (Cont.). Mobile Communication Technology according to IEEE (examples) Local wireless networks WLAN 802.11 802.11a.

Lecture 5: IEEE Wireless LANs (Cont.). Mobile Communication Technology according to IEEE (examples) Local wireless networks WLAN a.
802.11 – Wireless PHY and MAC Stallings 502-507. Types of 802.11 802.11 Infrared 802.11 FHSS (frequency hopping spread spectrum) 802.11 DSSS (direct sequence.

– Wireless PHY and MAC Stallings Types of Infrared FHSS (frequency hopping spread spectrum) DSSS (direct sequence.
© Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS591 – Wireless & Network Security.

© Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS591 – Wireless & Network Security.
Comp 361, Spring 20056:Basic Wireless 1 Chapter 6: Basic Wireless (last updated 02/05/05) r A quick intro to CDMA r Basic 802.11.

Comp 361, Spring 20056:Basic Wireless 1 Chapter 6: Basic Wireless (last updated 02/05/05) r A quick intro to CDMA r Basic
Network Technology CSE3020 - 2006 1 Network Technology CSE3020 Week 9.

Network Technology CSE Network Technology CSE3020 Week 9.
P. Bhagwat 802.11 Specification overview. P. Bhagwat 802.11 Specifications PLCP Sublayer PHY layer Management PMD Sublayer MAC sublayer MAC Layer Management.

P. Bhagwat Specification overview. P. Bhagwat Specifications PLCP Sublayer PHY layer Management PMD Sublayer MAC sublayer MAC Layer Management.
1 CSE401n:Computer Networks Lecture 16 Wireless Link & LANs WS: ch-14 KR: 5.7.

1 CSE401n:Computer Networks Lecture 16 Wireless Link & LANs WS: ch-14 KR: 5.7.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Wireless Networking So we talked about wired networks. What about wireless?

Wireless Networking So we talked about wired networks. What about wireless?
Networks: Wireless LANs1 Wireless Local Area Networks.

Networks: Wireless LANs1 Wireless Local Area Networks.
Wireless Local Area Networks

Wireless Local Area Networks
Spring 2002CS 4611 Shared Access Networks Outline Bus (Ethernet) Token ring (FDDI) Wireless (802.11)

Spring 2002CS 4611 Shared Access Networks Outline Bus (Ethernet) Token ring (FDDI) Wireless (802.11)
20 – Collision Avoidance, 802.11 6: Wireless and Mobile Networks6-1.

20 – Collision Avoidance, : Wireless and Mobile Networks6-1.
Networks: Wireless LANs1 Wireless Local Area Networks.

Networks: Wireless LANs1 Wireless Local Area Networks.
1 Introduction to Wireless Networks Michalis Faloutsos.

1 Introduction to Wireless Networks Michalis Faloutsos.
Rensselaer Polytechnic Institute © Shivkumar Kalvanaraman & © Biplab Sikdar1 ECSE-4730: Computer Communication Networks (CCN) Chapter 5: The Data Link.

Rensselaer Polytechnic Institute © Shivkumar Kalvanaraman & © Biplab Sikdar1 ECSE-4730: Computer Communication Networks (CCN) Chapter 5: The Data Link.
5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.

5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.
8/7/20151 Mobile Computing COE 446 Wireless Multiple Access Tarek Sheltami KFUPM CCSE COE hthttp://faculty.kfupm.edu.sa/coe/tarek/coe446.htm Principles.

8/7/20151 Mobile Computing COE 446 Wireless Multiple Access Tarek Sheltami KFUPM CCSE COE hthttp://faculty.kfupm.edu.sa/coe/tarek/coe446.htm Principles.

Similar presentations

Ads by Google