Presentation is loading. Please wait.

Presentation is loading. Please wait.

802.11 Wireless LANs Abhishek Karnik, Dr. Ratan Guha University Of Central Florida.

Published byRaymond Dixon Modified over 9 years ago

Similar presentations

Presentation on theme: "802.11 Wireless LANs Abhishek Karnik, Dr. Ratan Guha University Of Central Florida."— Presentation transcript:

1 802.11 Wireless LANs Abhishek Karnik, Dr. Ratan Guha University Of Central Florida

2 OVERVIEW Introduction 802.11 Basics 802.11e for QoS WEP

3 In 1997 the IEEE adopted IEEE Std. 802.11-1997 Defines MAC and PHY layers for LAN and wireless connectivity. Facilitate ubiquitous communication and location independent computing 802.11b operates at 11Mbps in the 2.4 GHz ISM Band (‘99) 802.11a operates at 54Mbps in the 5 GHz Band (’99) 802.11g operates at 54Mbps in the 2.4 GHz Band (’02) Increased deployment and popularity lead to introduction of QoS 802.11e for QoS – Draft Supplement – Nov 2002 INTRODUCTION

4 Wireless LAN Station The station (STA) is any device that contains the functionality of the 802.11 protocol, that being MAC, PHY, and a connection to the wireless media. Typically the 802.11 functions are implemented in the hardware and software of a network interface card (NIC). Ex : PC, Handheld, AP (Access Point) Basic Service Set (BSS) 802.11 defines the Basic Service Set (BSS) as the basic building block of an 802.11 wireless LAN. The BSS consists of a group of any number of stations. 802.11 BASICS

5 STA IBSS (Independent Basic Service Set – Ad-hoc Mode) peer-peer connections

6 AP Wired Backbone Infrastructure Basic Service Set

7 AP Wired Backbone AP ESS (Extended Service Set) BSS1 BSS2

8 PCFDCF Super Frame DCF - Distributed Coordinated Function (Contention Period - Ad-hoc Mode) PCF - Point Coordinated Function (Contention Free Period – Infrastructure BSS) Beacon - Management Frame Synchronization of Local timers Delivers protocol related parameters TBTT - Target Beacon Transition Time BeaconTBTT

9 Distributed Coordinated Function (DCF) Also known as the Contention Period STAs form peer-peer connections. No central authority First listen and then speak Uses CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) ACK indicates successful delivery Each node has one output buffer

10 Inter-Frame Spacing : DIFS - 34 µsec PIFS - 25 µsec ( Used in PCF ) SIFS - 16 µsec Slot Time - 9 µsec DIFS = SIFS + (2 * Slot Time) SIFS required for turn around of Tx to Rx and vice versa

11 DATA A ACK B ACK DIFSSIFS DIFS CW A Data Transmission from Node A to B CW – Contention Window. Starts only after DIFS. Random number ‘r’ picked form range ( 0-CW ) CW min minimum value of CW CW max maximum value the CW can grow to after collisions ‘r’ can be decremented only in CW CW doubles after every collision

12 DATA A ACK B ACK DIFSSIFS DIFS CW A What if some node C wanted to send data while A was transmitting data to B ? What about during SIFS ? What if after ACK, more than one say B,C,D,E nodes are waiting to transmit data ?

13 Example : r A = 4 and r C = 6 DATA A ACK B ACK DIFSSIFS DIFS DATA C What if r A and r C had both been picked as 4 ? What if r A and r C has collided and DATA A length was 10 while DATA C length were 15 ?

14 DATA A ACK DIFS DATA C SIFS DIFS A Collision between nodes A and C Length (DATA A ) = 10 Slot times Length (DATA C ) = 15 Slot times CW after Collision 1  0 – 7 CW after Collision 2  0 – 15 CW after Collision 3  0 – 31 CW after Collision 4  0 – 63

15 NAV – Network Allocation Vector DATA ACK STA A STA B STA C ACK DIFS SIFS DIFS NAV B and C

16 STA A STA B STA C Hidden Node Problem and Exposed Node Problem

17 RTS/CTS : RTS (Request To Send) - (Approx 20 bytes) CTS (Clear To Send) - (Approx 16 bytes) Use of RTS/CTS is optional Solves two problems : 1.Hidden Node Problem 2.Wastage of time due to collisions Maximum MSDU is 2304 bytes

18 A C D B RTS CTS Preventing a collision at STA B

19 RTS STA A STA B STA C STA D CTS DATA ACK NAV New Node DIFSSIFS DIFSCW

20 Point Coordinated Function (PCF) Also known as the CFP (Contention Free Period) Operation in an Infrastructure BSS STAs communicate using central authority known as PC (Point Coordinator) or AP (Access Point) No Collisions take place AP takes over medium after waiting a period of PIFS Starts with issue of a Beacon

21 PCFDCF Super Frame BeaconTBTT Beacon Management Frame Synchronization of Local timers Delivers protocol related parameters TBTT - Target Beacon Transition Time

22 DATAA DIFS SIFSDIFS PIFS B DIFS - 34 µsec PIFS - 25 µsec SIFS - 16 µsec Slot Time - 9 µsec B - Beacon AP taking over the Wireless medium using PIFS

23 BD1 + Poll U1 + ACK D2 + ACK + Poll U1 + ACK CF_End Operation in CFP CP CFP SIFS

24 Admission Control Purpose of having separate DCF and PCF Different 802.11 Working groups 802.11a (54Mpbs in 5GHz Band) 802.11b (11 Mbps in 2.4 GHz Band) 802.11c Wireless AP Bridge Operations 802.11d Internationalization 802.11e (QoS) 802.11f Inter-vendor AP hand-offs 802.11h Power control for 5Ghz region 802.11g (54Mbps in 2.4 GHz Band) 802.11i (Security)

25 802.11e for QoS QoS (Quality of Service) 802.11e for QoS – Draft Supplement – Nov 2002 Introduction of new QoS mechanism for WLANs

26 PC BSS (Basic Service Set) QBSS (Basic Service Set for QoS) HC ( Enhanced Station ) HCCAEDCAPCFDCF

27 QoS Support Mechanisms of 802.11e : EDCA : Introduction of 4 Access Categories ( AC ) with 8 Traffic Classes ( TC ) MSDU are delivered through multiple back offs within one station using AC specific parameters. Each AC independently starts a back off after detecting the channel being idle for AIFS After waiting AIFS, each back off sets counter from number drawn from interval [1,CW+1] newCW [AC] >= ((oldCW[TC] + 1 ) * PF ) - 1

28 Prioritized Channel Access is realized with the QoS parameters per TC, which include : AIFS[AC] CWmin[AC] PF[AC] AC_VO [0]AC_VI [1]AC_BE [2]AC_BK [3] AIFSN2237 CWmin3715 CWmax7151023

29 EDCA Virtual Collision AC1AC2AC3AC4TC

30 ACK BackOff[AC0] + Frame BackOff[AC1] + Frame BackOff[AC2] + Frame AIFS[AC0] AIFS[AC1] AIFS[AC2] BackOff[AC3] + Frame AIFS[AC3 ] Access Category based Back-offs

31 Element ID CWmin[AC] CWmin[0]….CWmin[3] CWmax[AC] CWmax[0]….CWmax[3] AIFSN[AC] AIFSN[0]….AIFSN[3] TxOPLimit[AC] TxOP[0]….TxOP[3] QoS Parameter Set Element Format AIFS [AC] = AIFSN [AC] * aSlotTime + SIFS

32 HCCA ( Hybrid Coordination Function Controlled Channel Access ) Extends the EDCA access rules. CP : TxOP After AIFS + Back off QoS Poll ; After PIFS CFP : TxOP Starting and duration specified by HC using QoS Poll.

33 HCCAEDCA HC PIFS DATAA AIFSSIFSAIFS PIFS DATA Hybrid Coordinator

34 802.11e Operation in the CFP Guaranteed channel access on successful registration Each node will receive a TxOP by means of polls granted to them by the HC TxOP based on negotiated Traffic specification (TSPEC) and observed node activity TxOP is at least the size of one Maximum sized MSDU at the PHY rate. Access Point advertises polling list

35 Traffic Specification (TSPEC) Element ID (1) Length (1) Maximum MSDU size (2) TS info (2) Nominal size MSDU (2) Minimum Service Interval (4) Maximum Service Interval (4) Mean Data Rate (4) Inactivity Interval (4) Minimum Data Rate (4) Maximum Burst Size (4) Minimum PHY Rate (4) Surplus Bandwidth Allowed (2) Peak Data Rate (2) Delay Bound (2)

36 AC[0]AC[1]AC[2] AIFSN247 CWmin71015 CWmax731255 PF122 Example :

37 AIFS[AC] = AIFSN[AC] * aSlotTime + SIFS PIFS - 25 µsec ( Used in HCCA) SIFS - 16 µsec Slot Time - 9 µsec AIFS[0] = (2 * 9) + 16 = 34 µsec = DIFS AIFS[1] = (4 * 9) + 16 = 52 µsec  (52 – 34) / 9 = 18/9 = 2 Slots AIFS[2] = (7 * 9) + 16 = 79 µsec  (79 – 34) / 9 = 45/9 = 5 Slots

38 Back-off Algorithm : 802.11 : CW RANGE = [ 0, 2 2+i – 1 ] 802.11e : newCW[AC] = [(oldCW[AC] + 1) * PF] - 1 Collision1Collision2Collision3 AC[0][(7+1)*1]-1 = 7 ( 0 - 7 ) AC[1][(10+1)*2]-1 = 21 ( 0 - 21 ) [(21+1)*2]-1 = 43 ( 0 – 31 ) AC[2][(15+1)*2]-1 = 31 ( 0 – 31 ) [(31+1)*2]-1 = 63 ( 0 – 63 ) [(63+1)*2]-1 = 127 ( 0 – 127 )

39 WEP (Wired Equivalent Privacy) Optional in WLANS Uses the RC4 (Rivest Cipher 4) Stream Cipher generated with a 64bit/128 bit Key Key composed of 24 bit IV (Initialization Vector) Key = (24 Bit IV, 40 Bit WEP Key) = 64 Bits Key = (24 Bit IV, 104 Bit WEP Key) = 128 Bits Goal to provide authentication, confidentiality and data integrity Secret Key is shared between communicators The encrypted packet is generated with a bitwise exclusive OR (XOR) of the original packet and the RC4 stream. 4-byte Integrity Check Value (ICV) is computed on the original packet and appended to the end which is also encrypted with the RC4 cipher stream. Encryption done only between 802.11 stations.

40 Encrypted WEP Frame http://www-106.ibm.com/developerworks/security/library/s-wep/

41 Encryption / Decryption : M – Original Data Frame CRC-32 (c) applied to M to obtain c (M) c (M) and M are concatenated to get Plain Text P = (M, c (M)) WEP produces a Key-stream as a function 24 bit IV and 40-bit WEP Key using RC4; equal to the length of P. Key Stream and the Plaintext are XORed to produce the Cipher Text The IV is transmitted in the clear (unencrypted) The receiver uses the IV and the shared key to decrypt the message

42 Draw Backs of WEP: A number of attacks can be used against WEP Passive Attacks based on statistical analysis Active Attacks based on known plain text WEP relies on a Shared Key to ensure that packets are not modified in transit. There is no discussion on how these keys are distributed and hence usually a single key is used which is shared amongst all STA’s and the AP

43 Shared Key is long lived – May last a week, month, even a year or more Consider a busy AP which constantly sends packets of length 1500 bytes at 11Mbps Since IV on 24 bits in length and Shared key is unchanged, IV gets exhausted after 2^24 * (1500 * 8) / (11 * 10^6) = 18000 secs = 5 hours Lucent wireless cards All in a days work :

44 PT  Key  CT CT  Key  PT XOR : 00  0 01  1 10  1 1 1  0 XORing a Bit with itself gives 0

45 Sender PT K CT 00  0 01  1 10  1 11  0 Receiver CT K PT 00  0 11  0 10  1 01  1 PASSIVE ATTACK

46 MSG1  K  C ( MSG1 ) MSG2  K  C ( MSG2 ) IV repeats generating K Identical K used to encrypt MSG1 and MSG2 Obtain C( MSG1) and C( MSG2) and XOR them XORing causes Key Stream to cancel which yields the XOR of MSG1 and MSG2 i.e. XOR of Plain Text packets This XOR can now be used to apply Statistical Analysis

47 Example : MSG1  0 0 1 1 MSG2  1 0 1 1 MSG1 PT1 K CT1 00  0 01  1 10  1 11  0 MSG2 PT2 K CT2 10  1 01  1 10  1 11  0

48 CT1 XOR CT2 CT1 CT2 01  1 11  0 00  0 MSG1 XOR MSG2 MSG1 MSG2 01  1 00  0 11  0 Apply Statistical analysis on last three bits and educated guess on the rest

49 Attacker AP Wired Network Hi xx

50 Active Attack : Attacker knows exact plain text for one encrypted packet Use this knowledge to construct correct encrypted packet Construct a new message, calculate CRC-32 and perform bit flips on original encrypted packet to change the plaintext to the new message.

Download ppt "802.11 Wireless LANs Abhishek Karnik, Dr. Ratan Guha University Of Central Florida."

Similar presentations

Contents IEEE MAC layer operation Basic CSMA/CA operation

Contents IEEE MAC layer operation Basic CSMA/CA operation
Introduction to IEEE 802.11 Wireless LAN Standard Huafeng Lü Sep 10, 2002.

Introduction to IEEE Wireless LAN Standard Huafeng Lü Sep 10, 2002.
Lecture 5: IEEE 802. 11 Wireless LANs (Cont.). Mobile Communication Technology according to IEEE (examples) Local wireless networks WLAN 802.11 802.11a.

Lecture 5: IEEE Wireless LANs (Cont.). Mobile Communication Technology according to IEEE (examples) Local wireless networks WLAN a.
Session: 1 0.1 IT 601: Mobile Computing IEEE 802.11e Prof. Anirudha Sahoo IIT Bombay.

Session: IT 601: Mobile Computing IEEE e Prof. Anirudha Sahoo IIT Bombay.
802.11 – Wireless PHY and MAC Stallings 502-507. Types of 802.11 802.11 Infrared 802.11 FHSS (frequency hopping spread spectrum) 802.11 DSSS (direct sequence.

– Wireless PHY and MAC Stallings Types of Infrared FHSS (frequency hopping spread spectrum) DSSS (direct sequence.
© Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS591 – Wireless & Network Security.

© Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS591 – Wireless & Network Security.
1 Medium Access Control Enhancements for Quality of Service IEEE Std 802.11e TM -2005 November 2005.

1 Medium Access Control Enhancements for Quality of Service IEEE Std e TM November 2005.
14.1 Chapter 14 Wireless LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

14.1 Chapter 14 Wireless LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Network Technology CSE3020 - 2006 1 Network Technology CSE3020 Week 9.

Network Technology CSE Network Technology CSE3020 Week 9.
P. Bhagwat 802.11 Specification overview. P. Bhagwat 802.11 Specifications PLCP Sublayer PHY layer Management PMD Sublayer MAC sublayer MAC Layer Management.

P. Bhagwat Specification overview. P. Bhagwat Specifications PLCP Sublayer PHY layer Management PMD Sublayer MAC sublayer MAC Layer Management.
1 CSE401n:Computer Networks Lecture 16 Wireless Link & LANs WS: ch-14 KR: 5.7.

1 CSE401n:Computer Networks Lecture 16 Wireless Link & LANs WS: ch-14 KR: 5.7.
IEEE 802.11e QoS on WLANs Speaker : Min-Hua Yang Advisor : Ho-Ting Wu Date: 10/25/05.

IEEE e QoS on WLANs Speaker : Min-Hua Yang Advisor : Ho-Ting Wu Date: 10/25/05.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
CWNA Guide to Wireless LANs, Second Edition Chapter Five IEEE 802.11 Media Access Control and Network Layer Standards 1.

CWNA Guide to Wireless LANs, Second Edition Chapter Five IEEE Media Access Control and Network Layer Standards 1.
Wireless Networking So we talked about wired networks. What about wireless?

Wireless Networking So we talked about wired networks. What about wireless?
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
Spring 2005UCSC CMPE2571 CMPE 257: Wireless Networking SET 3: Medium Access Control Protocols.

Spring 2005UCSC CMPE2571 CMPE 257: Wireless Networking SET 3: Medium Access Control Protocols.
802.11g & 802.11e Presenter : Milk. Outline 802.11g  Overview of 802.11g  802.11g & 802.11b co-exist QoS Limitations of 802.11 802.11e  Overview of.

802.11g & e Presenter : Milk. Outline g  Overview of g  g & b co-exist QoS Limitations of e  Overview of.
IEEE 802.11 Wireless LAN Standard Chapter 14. IEEE 802 Protocol Layers.

IEEE Wireless LAN Standard Chapter 14. IEEE 802 Protocol Layers.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN

Similar presentations

Ads by Google