1. 1 Module B WLAN – Engineering Aspects Prof. JP Hubaux Mobile Networks http://mobnet.epfl.ch

2. 2 Reminder on frequencies and wavelenghts VLF = Very Low FrequencyUHF = Ultra High Frequency LF = Low Frequency SHF = Super High Frequency MF = Medium Frequency EHF = Extra High Frequency HF = High Frequency UV = Ultraviolet Light VHF = Very High Frequency Frequency and wave length:  = c/f wave length, speed of light c  3x10 8 m/s, frequency f 1 Mm 300 Hz 10 km 30 kHz 100 m 3 MHz 1 m 300 MHz 10 mm 30 GHz 100  m 3 THz 1  m 300 THz visible light VLFLFMFHFVHFUHFSHFEHFinfraredUV optical transmission coax cabletwisted pair

3. 3 Frequencies for mobile communication  VHF-/UHF-ranges for mobile radio  simple, small antenna for cars  deterministic propagation characteristics, reliable connections  SHF and higher for directed radio links, satellite communication  small antenna  large bandwidth available  Wireless LANs use frequencies in UHF to SHF spectrum  some systems planned up to EHF  limitations due to absorption by water and oxygen molecules (resonance frequencies) weather dependent fading, signal loss caused by heavy rainfall etc.

4. 4 Frequency allocation

5. 5 Characteristics of wireless LANs Advantages  flexibility  (almost) no wiring difficulties (e.g., historic buildings)  more robust against disasters like, e.g., earthquakes, fire - or users pulling a plug... Disadvantages  lower bitrate compared to wired networks (1-10 Mbit/s)  More difficult to secure

6. 6 Design goals for wireless LANs  low power  no special permissions or licenses needed to use the LAN  robust transmission technology  easy to use for everyone, simple management  protection of investment in wired networks (internetworking)  security (no one should be able to read my data), privacy (no one should be able to collect user profiles), safety (low radiation)  transparency concerning applications and higher layer protocols, but also location awareness if necessary

7. 7 Comparison: infrared vs. radio transmission Infrared  uses IR diodes Advantages  simple, cheap, available in many mobile devices  no licenses needed  simple shielding possible Disadvantages  interference by sunlight, heat sources etc.  many things shield or absorb IR light  low bandwidth Example  IrDA (Infrared Data Association) interface available everywhere Radio  typically using the license free ISM band at 2.4 GHz Advantages  coverage of larger areas possible (radio can penetrate walls, furniture etc.) Disadvantages  very limited license free frequency bands  shielding more difficult, interference with other electrical devices  more difficult to secure Examples  IEEE 802.11, Bluetooth

8. 8 Infrastructure vs. ad hoc networks infrastructure network Ad hoc network AP wired network AP: Access Point

9. 9 Distribution System Portal 802.x LAN Access Point 802.11 LAN BSS 2 802.11 LAN BSS 1 Access Point IEEE 802.11 - Architecture of an infrastructure network Station (STA)  terminal with access mechanisms to the wireless medium and radio contact to the access point Basic Service Set (BSS)  group of stations using the same radio frequency Access Point  station integrated into the wireless LAN and the distribution system Portal  bridge to other (wired) networks Distribution System  interconnection network to form one logical network (ESS: Extended Service Set) based on several BSS STA 1 STA 2 STA 3 ESS

10. 10 802.11 - Architecture of an ad-hoc network Direct communication within a limited range  Station (STA): terminal with access mechanisms to the wireless medium  Basic Service Set (BSS): group of stations using the same radio frequency 802.11 LAN BSS 2 802.11 LAN BSS 1 STA 1 STA 4 STA 5 STA 2 STA 3

11. 11 Interconnection of IEEE 802.11 with Ethernet mobile station access point server fixed terminal application TCP 802.11 PHY 802.11 MAC IP 802.3 MAC 802.3 PHY application TCP 802.3 PHY 802.3 MAC IP 802.11 MAC 802.11 PHY infrastructure network

12. 12 802.11 - Layers and functions PLCP (Physical Layer Convergence Protocol)  clear channel assessment signal (carrier sense) PMD (Physical Medium Dependent)  modulation, coding PHY Management  channel selection, MIB Station Management  coordination of all management functions PMD PLCP MAC IP MAC Management PHY Management MAC  access mechanisms, fragmentation, encryption MAC Management  synchronization, roaming, MIB, power management PHY Station Management

13. 13 802.11 - Physical layer 3 versions: 2 radio: DSSS and FHSS (both typically at 2.4 GHz), 1 IR  data rates 1, 2, 5 or 11 Mbit/s DSSS (Direct Sequence Spread Spectrum)  DBPSK modulation (Differential Binary Phase Shift Keying) or DQPSK (Differential Quadrature PSK)  chipping sequence: +1, -1, +1, +1, -1, +1, +1, +1, -1, -1, -1 (Barker code)  max. radiated power 1 W (USA), 100 mW (EU), min. 1mW FHSS (Frequency Hopping Spread Spectrum)  spreading, despreading, signal strength  min. 2.5 frequency hops/s, two-level GFSK modulation (Gaussian Frequency Shift Keying) Infrared  850-950 nm, diffuse light, around 10 m range  carrier detection, energy detection, synchronization

14. 14 802.11 - MAC layer principles (1/2) Traffic services  Asynchronous Data Service (mandatory) exchange of data packets based on “best-effort” support of broadcast and multicast  Time-Bounded Service (optional) implemented using PCF (Point Coordination Function) Access methods (called DFWMAC: Distributed Foundation Wireless MAC)  DCF CSMA/CA (mandatory) collision avoidance via randomized „back-off“ mechanism minimum distance between consecutive packets ACK packet for acknowledgements (not for broadcasts)  DCF with RTS/CTS (optional) avoids hidden terminal problem  PCF (optional) access point polls terminals according to a list DCF: Distributed Coordination Function PCF: Point Coordination Function

15. 15 802.11 - MAC layer principles (2/2) Priorities  defined through different inter frame spaces  no guaranteed, hard priorities  SIFS (Short Inter Frame Spacing) highest priority, for ACK, CTS, polling response  PIFS (PCF IFS) medium priority, for time-bounded service using PCF  DIFS (DCF, Distributed Coordination Function IFS) lowest priority, for asynchronous data service t medium busy SIFS PIFS DIFS next framecontention direct access if medium is free  DIFS time slot Note : IFS durations are specific to each PHY

16. 16 t medium busy DIFS next frame contention window (randomized back-off mechanism) 802.11 - CSMA/CA principles  station ready to send starts sensing the medium (Carrier Sense based on CCA, Clear Channel Assessment)  if the medium is free for the duration of an Inter-Frame Space (IFS), the station can start sending (IFS depends on service type)  if the medium is busy, the station has to wait for a free IFS, then the station must additionally wait a random back-off time (collision avoidance, multiple of slot-time)  if another station occupies the medium during the back-off time of the station, the back-off timer stops (to increase fairness) time slot direct access if medium has been free for at least DIFS

17. 17 802.11 – CSMA/CA broadcast t busy bo e station 1 station 2 station 3 station 4 station 5 packet arrival at MAC DIFS bo e busy elapsed backoff time bo r residual backoff time busy medium not idle (frame, ack etc.) bo r DIFS bo e bo r DIFS busy DIFS bo e busy The size of the contention window can be adapted (if more collisions, then increase the size) The size of the contention window can be adapted (if more collisions, then increase the size) Here St4 and St5 happen to have the same back-off time = Note: broadcast is not acknowledged (detection by upper layer)

18. 18 802.11 - CSMA/CA unicast Sending unicast packets  station has to wait for DIFS before sending data  receiver acknowledges at once (after waiting for SIFS) if the packet was received correctly (CRC)  automatic retransmission of data packets in case of transmission errors t SIFS DIFS data ACK waiting time other stations receiver sender data DIFS Contention window The ACK is sent right at the end of SIFS (no contention)

19. 19 802.11 – DCF with RTS/CTS Sending unicast packets  station can send RTS with reservation parameter after waiting for DIFS (reservation determines amount of time the data packet needs the medium)  acknowledgement via CTS after SIFS by receiver (if ready to receive)  sender can now send data at once, acknowledgement via ACK  other stations store medium reservations distributed via RTS and CTS t SIFS DIFS data ACK defer access other stations receiver sender data DIFS Contention window RTS CTS SIFS NAV (RTS) NAV (CTS) NAV: Net Allocation Vector RTS/CTS can be present for some packets and not for other

20. 20 Fragmentation mode t SIFS DIFS data ACK 1 other stations receiver sender frag 1 DIFS contention RTS CTS SIFS NAV (RTS) NAV (CTS) NAV (frag 1 ) NAV (ACK 1 ) SIFS ACK 2 frag 2 SIFS Fragmentation is used in case the size of the packets sent has to be reduced (e.g., to diminish the probability of erroneous frames) Each frag i (except the last one) also contains a duration (as RTS does), which determines the duration of the NAV By this mechanism, fragments are sent in a row In this example, there are only 2 fragments

21. 21 802.11 – Point Coordination Function (1/2) PIFS stations‘ NAV wireless stations point coordinator D1D1 U1U1 SIFS NAV SIFS D2D2 U2U2 SuperFrame t0t0 medium busy t1t1 Purpose: provide a time-bounded service Not usable for ad hoc networks D i represents the polling of station i U i represents transmission of data from station i contention free period

22. 22 802.11 – Point Coordination Function (2/2) t stations‘ NAV wireless stations point coordinator D3D3 NAV PIFS D4D4 U4U4 SIFS CF end contention period contention free period t2t2 t3t3 t4t4 In this example, station 3 has no data to send

23. 23 802.11 - MAC frame format Types  control frames, management frames, data frames Sequence numbers  important against duplicated frames due to lost ACKs Addresses  receiver, transmitter (physical), BSS identifier, sender (logical) Miscellaneous  sending time, checksum, frame control, data Frame Control Duration ID Address 1 Address 2 Address 3 Sequence Control Address 4 DataCRC 2 26666240-2312 bytes version, type, fragmentation, security,...detection of duplication

24. 24 MAC address format DS: Distribution System AP: Access Point DA: Destination Address SA: Source Address BSSID: Basic Service Set Identifier - infrastructure BSS : MAC address of the Access Point - ad hoc BSS (IBSS): random number RA: Receiver Address TA: Transmitter Address

25. 25 802.11 - MAC management Synchronization  Purpose for the physical layer (e.g., maintaining in sync the frequency hop sequence in the case of FHSS) for power management  Principle: beacons with time stamps Power management  sleep-mode without missing a message  periodic sleep, frame buffering, traffic measurements Association/Reassociation  integration into a LAN  roaming, i.e. change networks by changing access points  scanning, i.e. active search for a network MIB - Management Information Base  managing, read, write

26. 26 Synchronization (infrastructure case) beacon interval t medium access point busy B BBB value of the timestamp B beacon frame The access point transmits the (quasi) periodic beacon signal The beacon contains a timestamp and other management information used for power management and roaming All other wireless nodes adjust their local timers to the timestamp

27. 27 Power management Idea: switch the transceiver off if not needed States of a station: sleep and awake Timing Synchronization Function (TSF)  stations wake up at the same time Infrastructure case  Traffic Indication Map (TIM) list of unicast receivers transmitted by AP  Delivery Traffic Indication Map (DTIM) list of broadcast/multicast receivers transmitted by AP Ad-hoc case  Ad-hoc Traffic Indication Map (ATIM) announcement of receivers by stations buffering frames more complicated - no central AP collision of ATIMs possible (scalability?)

28. 28 Power saving (infrastructure case) TIM interval t medium access point busy D TTD T TIM D DTIM DTIM interval BB B broadcast/multicast station awake p Power Saving poll: I am awake, please send the data p d d d data transmission to/from the station Here the access point announces data addressed to the station

29. 29 802.11 - Roaming No or bad connection? Then perform: Scanning  scan the environment, i.e., listen into the medium for beacon signals or send probes into the medium and wait for an answer Reassociation Request  station sends a request to one or several AP(s) Reassociation Response  success: AP has answered, station can now participate  failure: continue scanning AP accepts Reassociation Request  signal the new station to the distribution system  the distribution system updates its data base (i.e., location information)  typically, the distribution system now informs the old AP so it can release resources

30. 30 Security of 802.11  WEP: Wired Equivalent Privacy  Objectives:  Confidentiality  Access control  Data integrity M C(M) Integrity checksum MC(M) P = RC4 k IV RC4 k IV Note: several security weaknesses have been identified MC(M) P =

31. 31 The new solution for 802.11 security: standard 802.1x Supplicant AuthenticatorAuthentication Server EAPOL (over Ethernet or 802.11) Encapsulated EAP, Typically on RADIUS EAP: Extensible Authentication Protocol (RFC 2284, 1998) EAPOL: EAP over LAN RADIUS: Remote authentication dial in user service (RFC 2138, 1997) Features: - Supports a wide range of authentication schemes, thanks to the usage of EAP - One-way authentication - Optional encryption and data integrity

32. 32 More on IEEE 802.1x Example of authentication, using one-time passwords (OTP): SupplicantAuthenticatorAuthentication server EAP-request/identity EAP-response/identiy (MYID) EAP-request/OTP, OTP challenge EAP-response/OTP, OTPpassword EAP-success Port authorized Authentication successfully completed Notes : 1.Weaknesses have been found in 802.1x as well, but are corrected in the various implementations. 2.New standard in the making : IEEE 802.11i Notes : 1.Weaknesses have been found in 802.1x as well, but are corrected in the various implementations. 2.New standard in the making : IEEE 802.11i : exchange of EAPOL frame : exchange of EAP frames in a higher layer protocol (e.g., RADIUS)

33. 33 IEEE 802.11 – Standardization efforts IEEE 802.11b  2.4 GHz band  Bitrates 1 – 11 Mbit/s IEEE 802.11a  5 GHz band  transmission rates up to 54 Mbit/s  close cooperation with BRAN (ETSI Broadband Radio Access Network)  Coverage is not as good as in 802.11b IEEE 802.11g  Available since 2003, highly popular  2.4 GHz band (same as 802.11b)  Bitrates up to 54Mb/s IEEE 802.11i  Security, makes use of IEEE 802.1x IEEE 802.11p  For vehicular communications IEEE 802.11s  For mesh networks + many other…

34. 34 ETSI - HIPERLAN ETSI standard  European standard, cf. GSM, DECT,...  Enhancement of local Networks and interworking with fixed networks  integration of time-sensitive services from the early beginning HIPERLAN family  HIPERLAN 1 standardized since 1996  HIPERLAN 2 under standardization Very uncertain future: few products available so far…

35. 35 Conclusion on Wireless LANs  IEEE 802.11  Very widespread  Often considered as the system underlying larger scale ad hoc networks (although far from optimal, not designed for this purpose)  Tremendous potential as a competitor of 3G cellular networks in hot spots  Hiperlan  Too ambitious standard?  Bluetooth  Products available  Not as successful as initially thought  Security perceived as a major obstacle; initial solutions were flawed in both IEEE 802.11 (WEP) and Bluetooth  Future developments  Ultra Wide Band?

36. 36 References  J. Schiller: Mobile Communications, Addison-Wesley, Second Edition, 2004  Leon-Garcia & Widjaja: Communication Networks, McGrawHill, 2000  IEEE 802.11 standards, available at www.ieee.org  www.bluetooth.com www.bluetooth.com  J. Edney and W. Arbaugh: Real 802.11 Security, Addison-Wesley, 2003