A REPORT ON WIRELESS LAN TECHNOLOGY Abstract Wireless LAN technology offers wireless connectivity that enables mobile computing in many different environments. Many new services will he provided by usage of wireless LANs in public, home and corporate scenarios. Example of remote services might be own loading a video stream from a remote server or accessing news from an e-magazine. Local services could consist in travel information at airports, hotel-facilities at hotels etc. Present wireless networks are based on IEEE 802.11 standard, operating in the unlicensed 2.4 GHz ISM band and providing a bit rate of 2 Mbps. A new version of the 802.11 standard (802.11b) already now allows a bit rate of up to 11 Mbps. Work is now in progress for a new high performance wireless LAN standard with initial data rates up to 54Mbps. It will operate in the license free 5 GHz band, which is globally available. Wireless networks are experiencing an explosive growth, with millions of users in the past few years. With current demands, Wireless Local Area Networks (WLANS) are being developed to provide better quality and higher bandwidth to users in a limited geographical area. But it is sorry to say that lower security, small coverage area and low data rates are the main disadvantages of WLAN. The main goal of this thesis is to study of Wireless Local Area Network to acquire knowledge about WLAN, problems of WLAN and possible solutions. I have also analysis the efficiency of Wireless LAN comparing with wired LAN. The study has been carried out in this report is that high gain antenna can be used to expand the coverage area and for security improvement a RADIUS server can be used to authenticate unauthorized access, a strong data encryption system should be employed so that attacker cannot change the content of the transmitted information. To avoid interference Guard Band (unused portion of spectrum can be used. To increase data rate OFDM modulation technique can be used instead of. DSSS in IEEE 802.11b and this is already under developed named IEEE 802.11g LAN. It has been earned out in this report is that Wireless LAN implementation is costly than a wired LAN. However, in some special cases we can get more facilities by implementing a wireless LAN than that of the ongoing wired LAN. 1.1
Introduction
In the past few years, wireless networks have experienced an explosive growth, with millions of subscribers. The current demands to access information anytime and anywhere, many researchers and developers have focused on designing better and higher bandwidth wireless networks. Wireless local area networks (WLAN) are being developed to provide higher bandwidth to users in a limited geographical area. As the installation and maintenance costs of traditional additions, deletions and changes experienced in the wired LAN infrastructure increases; WLAN can be viewed as an alternative. A through understanding of the Medium Access Control (MAC) and the data -link layer is critical for developing user applications over WLAN. It is the goal of this Thesis to design and implement a commercial WLAN. 1.1.1
Local Area Wireless Systems
For local area wireless systems, it is common for WLAN to offer a low bit rate of 1-2 Mbps. Some of the WLAN products do not fully support IEEE 802.11 because they were developed before IEEE 802.11 was completed. Error rates are lower than their wide-area counterparts, but are still high compared to wired technologies. The problems with handover and interference are still present. Since user movement in WLAN is usually at a walking pace, areas of poor coverage can be prevented. The majority of today’s applications depend on a reliable transport layer, TCP (Transmission Control Protocol), to provide end-to-end connectivity. Ideally, users would like to use their wired applications on the wireless networks without any modification. Thus, it is essential that applications running on wireless hosts have access to a well-behaved TCP implementation. However, TCP has been shown to perform very poorly over connections, which include a wireless link. It is important to study the behavior of TCP over wireless networks for improvement. 1.1.2
Wireless LAN History
Agere Systems has long driven the charge toward enabling wireless network connectivity. Since the early 1990’s, when it was the Microelectronics Group of Lucent Technologies, Agere has played a pivotal role in the development and commercialization of wireless local area network (Wireless LAN) technologies. Agere launched one of the first wireless LAN technologies (WaveLAN in 1990, before going on to co found the initial Wireless LAN standard, IEEE 802.l.l, and then the improved standard, 802.11b, also known as Wi-Fi. The standard commonly used in network connectivity today, Wi-Fi answered the industry’s call for longer range, higher data rates, assured interoperability, and increased user-density by employing direct sequence spread spectrum (DSSS), long one of Agere’s areas of expertise. Building upon its strong heritage, Agere’s patent portfolio has continued to feature numerous patents in the Wireless LAN application area. From its strong roots in Wireless LAN innovation to its commitment to 802.11b and even more powerful future standards, Agere pioneers the technologies that give you significant competitive advantages in the wireless marketplace. 1990: WaveLAN technology introduced. 900 MHz products begin shipping. 1994: 2.4 GHz products begin shipping. 1997: Agere (then the Microelectronics Group of Lucent technologies supports the ratification of the initial Wireless LAN standard, 802.11. 802.11 standard approved; 2.4 GHz 802.11 products begin shipping. 1999: Agere submits proposals for a high-rate Direct Sequence Spread Spectrum (DSSS)based 802.l1b standard. 802.11b products begin shipping. Agere helps form Wireless Ethernet Compatibility Alliance (WECA) to ensure vendor interoperability. 2000: WECA aggressively markets Wi-Fi as the common name for 802.11b. Agere introduces industry’s first 802.11b mPCI adapter card. 2001: Agere ships 10 million 802.11b products. Agere joins with multiple companies to submit proposals for high-speed OFDM standard, 802.11g, in 2.4 GHz band. Agere introduces single chip 802.11b direct conversion RF transceiver. Agere ships wireless LAN products with support for 802.1x security standard for Windows XP TM and legacy operating systems. 2002: Agere ships 15 millionth 802.11b products. Agere introduces security enhancements to prevent attacks on wireless LANs.
2003: 802.11g is an exciting new technology that offers additional performance, while providing investment protection for 802.11b clients through backward compatibility. 2005: Quality of Service at Layer 2 (MAC) of 802.11 using Wireless LAN System was improved. 1.2
Aims of the Thesis
The main goal of this Thesis has consisted in analyzing and defining a framework for wireless LAN networks. Advanced services have also been integrated in this framework. This analysis has finally lead to several author’s proposals, with special consideration of what needs to be modified or added to actual solutions in order to produce a system able to scale and be used in public areas. The most important results of this Thesis consisted of:
1.3
•
A complete and scalable architecture able to provide authentication, data confidentiality.
•
Detailed analysis of IEEE-802.11 and HiperLAN/2 standards, with particular attention to procedures for handover and security.
•
Several appendixes with literature information regarding network security and WLAN. Layout of Thesis This Thesis is divided into eight major parts. Thesis is organized as follows:
■
Chapter 2 presents various wireless LANs technologies;
■
Chapter 3 presents an Overview of IEEE 802.11 standard;
■
Chapter 4 presents multiple access and modulation techniques;
■
Chapter 5 presents Problems & their solutions relevant to the WLAN;
■
Chapter 6 represents the main issues of wireless security;
■
Chapter 7 presents Efficiency and Cost analysis of WLAN and at last the; and
■
Chapter 8 presents the Conclusion & Future works.
Wireless LANs 2.1Wireless LANs A wireless local area network (WLAN) is a flexible data communications system implemented as an extension to or as an alternative for a wired LAN. Using radio frequency (RF) technology, wireless LANs transmit and receive data over the air, minimizing the need for wired connections. Thus, wireless LANs combine data connectivity with user mobility. With wireless LANs, users can access shared information without looking for a place to plug in, and network managers can set up or augment networks without installing or moving wires. Wireless LANs offer increased productivity, convenience, and cost advantages over traditional wired networks. Wireless LANs have gained strong popularity in a number of vertical markets, including the health-care, retail, manufacturing, warehousing, and academia. These industries
have profited from the productivity gains of using hand-held terminals and notebook computers to transmit real-time information to centralized hosts for processing. Today wireless LANs are becoming more widely recognized as a general purpose connectivity alternative for a broad range of business customers. Wireless LAN (WLAN) products based on the different flavors of 802.11 are available from many different vendors. Depending on transmission scheme, products may offer bandwidths ranging from about 1 Mbit/s up to 11 Mbit/s. Prices are expected to fall, making WLAN more and more a serious alternative to fixed Ethernet access. To meet the networking requirements of tomorrow, a new generation of both WLAN and cellular network technologies are under development. These requirements include support for Q0S (to build multi service networks), security handover when moving between local area and wide areas as well as between corporate and public, environments, increased throughput for the ever-demanding need for better performance from both bandwidth demanding data corn as well as for instance video-streaming applications. 2.2
Networks Scenarios
Wireless LANs may be used, both in the case of private networks, e.g. corporate networks, and in the case of public networks, e.g. access to ISPs, as well as to create so called Virtual Private Networks (VPN). The home environment may he another profitable application scenario for future wireless LAN networks. Wireless LANs have been so far mainly used only for corporate networks. The lack of strong security in existing WLAN products has resulted in the development of IEEE- 802.11 security solution. This solution is studied for an environment where users are well defined and in a number that allows maintenance of a centralized users’ credentials database, i.e. only for securing corporate LANs. When it is desired o have Wireless LAN networks deployed in public or home, environments, it will be necessary to define new specific security policies. This is true also for the cases of remote access to corporate network at public hot spot areas, for ISP public access to the Internet, and for access to 3rd generation cellular networks. 2.2.1
Corporate Networks
There are many cases where it may be convenient to use wireless LAN in corporate environments, e.g. to avoid problems with wire installation in ancient prestigious building or to allow flexible re-planning of working groups. Small Office / Home Office (SOHO) applications may be another interesting area of corporate usage for wireless LANs. A special case of corporate access need is when a user works between different corporate campuses in different geographic areas. In this case wireless access might be integrated with an appropriate mobility management protocol, so that the customer can move from office to office and even from country to country without the need of manually changing the network setting (IP roaming). Although wireless access is not mandated out from user mobility, it would certainly facilitate the mobility aspect. Wireless LANs are usually used in corporate networks as last link segment between the MTs and the network wired LAN. The main security goal in corporate networks is to only allow authorized users to access the corporate networks LAN, at the same time providing confidentiality and integrity for on-the-air traffic. The wireless access network must support mobility within the same LAN/subnet (MAC Hand Over). IP mobility, i.e. movement and handover between different IP subnets, may also be provided
Fig. 2.1 Corporate Scenario of WLAN It is possible to make the following assumptions about a corporate environment, which ease the deployment of a secure network: •
User’s credentials can be easily located by means of a centralized database.
•
Access to the corporate LAN is controlled. Only authorized users are granted access.
•
Trusted system administrators take care of user registration, computer installation, network installation, long-term key generation and storage.
•
Out-of-band key distribution, e.g. manual key distribution, may be feasible.
•
Protection against unauthorized manipulation of computer hardware and network equipment is provided.
2.2.2
Public Hot Spots
Wireless LAN networks could be deployed at hot spot public areas, e.g. airports, hotels, conference centers, etc., where people may desire to have access to data com services. This would enable an easy way of offering remote access to the corporate network (VPN) and Internet services to business people. Access to Internet and Intranet has become as vital as voice telephony in business and many corporations may desire to offer data com services to their employees in these hot-spot areas. In a near future it is moreover forecasted that public users may as well be strongly interested in wireless data com access at these hot-spot areas. In this case it is foreseen that Internet will be the main driving service. Specific local services may also be offered to wireless visiting users, e.g. travel information at airports, hotel- facilities at hotels and conference update information at conference centers.
Fig. 2.2. Wireless LAN usage in Hot-Spot area An access server to which the wireless network is connected may route a connection request either to the corporate network (possibly via a preferred ISP) or perhaps to an ISP for Internet access.
Fig. 2.3. Remote access to the corporate network and to the internet It is possible to make the following assumptions about a public hot-spot environment, which strongly influence the deployment of a secure network: •
User’s credentials cannot be easily located by means of a centralized database. Some distributed system able to scale is required.
•
Access to public hot spots is free and non-authorized users might grant access.
•
Out-of-band key distribution, e.g. manual key distribution, is not feasible. Keys must be distributed through a public key infrastructure or some equivalent mean.
•
Out-of-band key distribution, e.g. manual key distribution, may be feasible.
•
Protection against, unauthorized manipulation of computer hardware and network equipment is not always provided.
2.2.3
Access to 3rd Generation Cellular Network
Wireless LAN should be used in the future as an alternative access technology to the 3 generation cellular network. One may think of the possibility to cover hot spots and city areas with wireless LAN and the wide area with W-CDMA technology. Combining wireless LANs and W-CDMA networks, a user can benefit from a high performance network wherever it is feasible to deploy wireless LANs and use W-CDMA elsewhere. The core network will provide to the user automatic and seamless hand-over between the two types of access networks. Future Wireless LANs (e.g. 1 are planned to provide this within the UMTS scope. The virtual private network case, described in section 3.5, might also be part of the 3rd generation solution. Wireless LAN networks may be either directly connected to the 3 rd generation cellular system through a SGSN or connected through a wired Ethernet network. The latter would collect the traffic from several WLANs and provide inter- operability with 3rd generation backbone networks. However these two different inter-connection schemes do not imply any significant change in the overall architecture. rd
Fig. 2.4. Wireless LAN direct radio access to a 3G backbone network It is possible to make the following assumptions regarding the use of wireless LANs to access 3rd generation networks, which makes this scenario very similar to the use of wireless LANs in any other public environment: •
Users’ credentials cannot be easily located by means of a centralized database.
•
Access to the physical medium is free and non-authorized users might grant access.
•
Out-of-band or centralized key distribution, e.g. manual key distribution, is not feasible.
•
Out-of-band key distribution, e.g. manual key distribution, may be feasible.
•
Protection against unauthorized manipulation of computer hardware and network equipment is usually provided.
2.2.4
Home Networks
The home environment is another possible example of wireless LANs usage. High speed access to Internet and multimedia applications (e.g. video and music entertainment distribution) would be in this case the killer applications. Remote home access to the corporate network (i.e. a Virtual Private Network (VPN) solution) and Voice-over-IP (VoIP) may be other driving services. Wireless LANs are also foreseen to have a major role in interacting with future W-CDMA services and so-called Personal Area Network (PAN), based on Bluetooth technology..
Fig. 2.5. Home Networks It may be even possible to create a wireless infrastructure for home devices (e.g. PC, VCRs, cameras, printers, etc). This infrastructure has been named Wireless Firewire. The high throughput and QoS features of future WLANs (i.e. HiperLAN/2) will support the transmission of video streams in conjunction with the datacom applications. The Access Point may in this case include an “uplink” to the public network, e.g. an ADSL or cable modem. It is possible to make the following assumptions about the home environment, which simplify the deployment of a secure network: •
Users’ credentials can be stored into the access points or easily located by means of a centralized database.
•
Access to the home environment is usually controlled hut there maybe possibility of interference between different home environments, due to the usually short distance between different houses or flats.
•
There is not a system administrator, who might take care of user registration, computer installation, network installation, long-term key generation and storage.
•
Out-of-band key distribution, e.g. manual key distribution, is feasible.
•
Protection against unauthorized manipulation of computer hardware and network equipment is not always provided.
2.2.5
Virtual Private Network (VPNs)
It is often required that a mobile user may access its corporate resources from a remote access network. The latter may be either a public, corporate or home network. This kind of remote access is usually named Virtual Private Network (VPN). In Virtual Private Network (VPN), security must be provided in the same trusted way as in a private network, even if access may be provided through a public access network and data may be transmitted over public links. The Virtual Private Networks case is not an autonomous network scenario. It is instead a special and indeed critical service, which may be provided over previously described network scenarios. 2.3
Specific Application Fields
All scenarios that have been so far described are very general and not relative to any specific application case. However, there are many usage cases where wireless LAN networks may be profitably used. The following is a partial list of some of these specific use cases. 2.3.1
Application Oriented Scenarios for Wireless LANs Place where it is difficult or even impossible to deploy wired connections: •
Historic buildings;
•
Remote buildings in public area (both building-to-building bridging and remote access to datacom services); and
• 2.3.2
2.3.3
2.3.4
2.4
Geographic areas inaccessible by wire (e.g. airport & harbor light beacon system, over rail links in railway stations).
Temporary Networks •
Emergency networks (Emergency service providers’ network at disaster site);
•
Disaster recovery (Reactivation of affected user’s network);
•
Offices with frequent changes in topology;
•
Temporary offices;
•
Point of sale; and
•
Point of entry (e.g. airports! harbors - ship to shore).
Permanent Networks •
Corporate, Public and Home generic networks;
•
Conference rooms (Immediate access to wired LAN resources, participant-toparticipant transfer of data, presentations accessed from network); and
•
University auditoriums (student-students, lecturer-student, lecturer/ studentsresources).
Networks for Mobile Users •
Manufacturing (Fast deployment of carts with on board computers);
•
Schools (Mobile carts with PC being moved from classroom to classroom when needed);
•
Warehouses (e.g. Barcode readers, mobile retailers);
•
Multimedia audio and video distribution;
•
University campus; and
•
Factory plants & Hospitals.
Various Operating Modes A wireless client operates in either infrastructure mode or peer-to-peer mode.
2.4.1
Infrastructure Mode
A wireless LAN (WLAN) with Access Points In infrastructure mode, wireless clients send and receive information through access points. When a wireless client communicates with another, it transmits to the access point. The access point receives the information and rebroadcasts it. Then the other device receives the information.
Fig. 2.6. Infrastructure Mode WLAN Access points are strategically located to provide optimal coverage for wireless clients. A large WLAN uses multiple access points to provide coverage over a wide area. Access points can connect to a LAN through a wired Ethernet connection. Access points send and receive information from the LAN through this wired connection. 2.4.2
Peer-to-Peer Mode
A WLAN without Access Points In peer-to-peer mode, also called Ad Hoc Mode, wireless clients exchange information with other wireless clients without using an access point. In contrast to infrastructure mode, this type of WLAN only contains wireless clients.
Fig 2.7. Ad-Hoc Mode WLAN Peer-to-peer mode can be used to connect computers in a home or small office, or to set up a temporary wireless network for a meeting. 2.5 2.5.1
Advanced Network Topologies Basic Network Configurations
Some basic network configurations have been shown in Fig. 2.8-Fig. 2.11. A single access point forms a single-cell wireless network
Fig. 2.8. Single-cell wireless network with a single access point A single access point can bridge between the Ethernet and wireless networks
Fig. 2.9. Single access point to bridge between the Ethernet and wireless network Multiple access points with individual network These can coexist as separate, individual networks at the same site using different network names (SSID). These separate wireless LANs can be configured to use different channel assignments to avoid RF interference.
Fig. 2.10. Multiple access points with individual network Multiple access points wired together Multiple access points wired together provide a network with a better coverage area and performance when using the same Network Names (SSIDs).
Fig. 2.11. Multiple access points wired together 2.5.2
Wireless LAN Access Point (WLAP) Mode
The following illustrations show possible options for access points operating in Wireless LAN Access Point (WLAP) mode. In WLAP mode, an access point forwards data to another access point using the wireless connection rather than Ethernet cabling. Access points can bridge between two Ethernet networks.
Fig. 2.12. Access points to bridge between two Ethernet networks An access point can operate as a repeater to extend coverage area without additional network cabling.
Fig. 2.13. An access point as a repeater to extend coverage Multiple access points can form a standalone wireless network. Each access point can connect with up to four other access points. 2.6
Various Wireless LANs
Wireless LANs are generally categorized according to the transmission technique that is used. All current wireless LAN products fall into one of the following categories:
Infrared (IR) LAN
Spread Spectrum LAN
Narrowband Microwave LAN
2.6.1
Infrared LAN
An individual cell of an IR LAN is limited to a does not penetrate opaque wall. This LAN never transmission speeds and small coverage area.
2.6.2
Spread Spectrum LAN
Spread Spectrum LAN the most popular wireless LAN. This type of LAN makes use of spread spectrum transmission technology. In most cases this LAN uses ISM bands so that no FCC licensing is required for their use. Configuration: Except for quite small offices, a spread spectrum wireless LAN makes use of a multiple cell arrangement as Figure 2.14.
Fig. 2.14. Multiple cell WLAN configuration Adjacent cells make use of different center frequencies within the same band to avoid interference. Within a given cell, the technology can be either hub or peer to peer, the hub technology is indicated as figure 2.8. In a hub topology, the hub is typically mounted on the ceiling and connected to a backbone wired LAN to provide connectivity to stations attached to the wired LAN and to stations that are part of wireless LANs in other cells. The hub may also control access, as in the IEEE 802.11 point coordination function. The hub may also control access by acting as a multi-port repeater with similar functionality to the multi-port repeater of 10Mbps and 100Mbps Ethernet. In this case, all stations in the cell transmit only to the hub and receive only from the hub. Alternatively, and regardless of access control mechanism, each station may broad cast using an omni directional antenna all other stations in the cell may receive; this corresponds to a logical bus configuration. One other potential function of a hub is automatic handoff of mobile stations. At any time, a numb of stations are dynamically assigned to a given hub based on proximity. When the hub sense a weakening signal, it can automatically hand off to the nearest adjacent hub. A peer-to- peer topology is one in which there is no hub. A MAC algorithm such as CSMA used to control access. This topology is appropriate for Ad hoc LANs. Transmission Issues: A desirable, though not necessary, characteristic of a wireless LAN is that it be usable without having though a licensing procedure. The licensing regulation defer from one country to another, which complicates this objective. Within the US, the FCC as authorized to unlicensed applications within the ISM bands: spread spectrum system, which can operate at up to 1W, and very low power system, which can operate at up to 0.5W. Since this band was opened by the FCC, its use for spread spectrum wireless LAN has become
popular. In the US, 3Îź wave bands have been set aside for unlicensed spread spectrum use: 902- 928MHz (91 MHz band), 2.4-2.4835GHz (2.4 GHz band), and 5.725-5.825 GHz (5.8 GHz band). Of these, the 2.4GHz is also used in the manner in the Europe and Japan. The higher the frequency, the higher the potential bandwidth, so the 3 bands are of increasing order of attractiveness from a capacity point of view. In addition the potential for interference must be considered. There are a no of devices that operate at around 900MHz, including cordless telephone, wireless microphone and amateur radio. There are fewer devices operating at 2.4 GHz; one notable example is the microwave oven, which tends to have grater leakage of radiation with increasing age. At present there is little competition at he 5.8 GHz band; however, the higher the frequency band, in general the more expensive the equipment. Recently, typical spread spectrum wireless LANs were limited to just 1 to 3 Mbps. 2.6.3
Narrowband microwave LAN
These LANs operate at microwave frequencies but do not use spread spectrum. Some of these products require FCC licensing, while others use one of the ISM unlicensed bands. So costly and also does not become popular. 2.6.4
Specifications of various Wireless LAN Technologies Specification of different types of wireless LAN technologies has been given in Table
2.1. Table 2.1: Specification of various WLAN technologies Infrared Parameter Diffused IR Data Rate 1 to 4 (Mbps) Range (m) 15 to 60 Modulation ASK Access CSMA Method License No required
Directed Beam IR 1 to 10
Spread Spectrum FHSS DSSS 1 to 3
25 30 to 100 ASK FSK Token ring CSMA CSMA No No
2 to 20 30 to 250 QPSK CSMA No
Radio Narrowband Microwave 10 to 20 10 to 40 FS/ QPSK ALOHA CSMA Yes unless ISM band
IEEE 802.11 Architecture Standards & Services 3.1 Background Digital wireless communication is not a new idea. As early as 1901, the Italian physicist Guglielmo Marconi demonstrated a ship to shore wireless telegraph, using Morse code (dots and dashes are binary, after all). Modern digital wireless systems have better performance, but the basic idea is the same. To a first approximation, wireless networks can be divided into three main categories: 1. System interconnection 2. Wireless LANs 3. Wireless WANs
System Interconnection is all about interconnecting the components of a computer using short-range radio. Almost every computer has a monitor, keyboard, mouse and printer connected to the main unit by cables. A short range wireless network called Bluetooth to connect these components without wires. Bluetooth also allows digital cameras, headsets, scanners and other devices to connect to a computer by merely being brought within range. The next step up in wireless networking is the wireless LANs. These are systems in which every computer has a radio modem and antenna with which it can communicate with other systems. However, if the systems are close enough, they can communicate directly with one another in a peer to peer configuration. Wireless LANs are becoming increasingly common in small offices and homes, where installing Ethernet is considered too much trouble, as well as in older office buildings, company cafeterias, conference rooms, and other places. There is a standard for wireless LANs, called IEEE802.11, which most systems implemented and which is becoming very widespread. The third kind of wireless network is used in wide area systems. The radio network used for cellular telephones is an example of a low bandwidth wireless system. Ideally, users of wireless networks want the same services and capabilities that they have commonly experienced with wired networks. However, the wireless community faces certain challenges and constraints such as interference and reliability. In order to adapt user applications to WLANs, an intensive understanding of the medium and the data-link layer of WLAN is critical. Although WLANs have been available commercially for several years, there was no international standard available until the recent approval of IEEE 802.11 by the IEEE Standards Board. Due to the fact that a large number of manufacturers announced the introduction of’ IEEE 802.11 — conforming products recently, we expect most of the WLANs to be IEEE 802.11 compatible in the near future. Thus, a thorough understanding of IEEE 802.11 will benefit the future development of user applications for the standard. 3.2
IEEE 802.11
Wireless computing is a rapidly emerging technology providing users with network connectivity without their being tethered to a wired network. WLANs are being developed to provide high bandwidth to users in a limited geographical area. IEEE 802.11 is a proposed IEEE standard for WLAN. This project was initiated in 1990, and approved by IEEE Standard Board in 1997. The scope of IEEE 802.11 is to develop a Medium Access Control (MAC) sub layer and Physical Layer (PHY) specification for wireless connectivity for fixed, portable and moving stations within a local area. in the remainder of this section, the architecture, PHY, and MAC of the IEEE 802.11 will be described. IEEE has defined the specification for a wireless LAN, called IEEE 802.11, which covers the physical and data link layers. Here we describe the architecture of the protocol in general. 3.2.1
Architecture of IEEE 802.11
The standard defines two kinds of services: the basic service set (BSS) and the extended service set (ESS). Basic Service Set IEEE802.11 defines the basic service set (BSS) as the building block of a wireless LAN. The BSS is made of stationary or mobile wireless stations and a possible central base station, known as the access point (AP). Figure shows two sets in this standard.
The BSS without an AP is a stand-alone network and cannot send data to other BSSs. It is what is called an ad hoc architecture. In this architecture, stations can form a network without the need of an AP; then can locate each other and agree to be part of a BSS. BSS: Basic Service Set AP: Access Point
Station Station
Station Station A P
Station Station
Station Station
Ad hoc network (BSS without an AP) Infrastructure (BSS with an AP)
Fig. 3.1. Basic Service Set Extended Service Set An ESS is made up of two or more BSSs with APs. In this case, the BSSs are connected through a distribution system, which is usually a wired LAN. The distribution system connects the APs in the BSSs. IEEE 802.11 does not restrict the distribution system; it can be any IEEE LAN such as Ethernet. ESS: Extended Service Set BSS: Basic Service Set AP: Access Point
Distribution System
Server Or Gateway
A P
A P
A P
BS S
BS S
BS S
Fig. 3.2. Extended Service Set When BSSs are connected, we have what is called an infrastructure network. In this network, the station within reach of one another can communicate without the use of an AP. However, communication between two stations in two different BSSs usually occurs via two
APs. The idea is similar to communication in a cellular network if we consider each BSS to be a cell and each AP to be a base station. 3.2.2
Station Type
IEEE 802.11 defines three type of stations based on their mobility in a wireless LAN: notransition, BSS transition and ESS transition. No-transition mobility: It is a station with no-transition mobility is either stationary or moving only inside a BSS. BSS transition mobility: It is a station with BSS transition mobility can move from one BSS to another, but the movement is confined inside one ESS. ESS transition mobility: It is a station with ESS transition mobility can move from one ESS to another. However, IEEE 802.11 does not guarantee that communication is continuous during the move. 3.2.3
IEEE 802.11 FHSS
IEEE 802.11 FHSS describes the frequency-hopping spread spectrum (FHSS) method for signal generation in a 2.4 GHz ISM band. FHSS is a method in which the sender sends on one carrier frequency for a short amount of time, and then hops to another carrier frequency for the same amount of time, hops again to still another for the same amount of time, and so on. After N hopping, the cycle is repeated. If the bandwidth of the original signal is B, the allocated spread spectrum bandwidth is NxB. 3.2.4
IEEE 802.11 DSSS
IEEE 802.11 DSSS describe the direct sequence spread spectrum (DSSS) method for signal generation in a 2.4 GHz ISM band. In DSSS, each bit sent by the sender is replaced by a sequence of bits called a chip code. To avoid buffering, however, the time needed to send one chip code must be the same as the time needed to send one original bit. If N is the number of bits in each chip code, then the data rate for sending chip codes is N times the data rate of the original bit stream. 3.2.5
MAC Layer
IEEE 802.11 defines two MAC sub layers: the distributed coordination function (DCF) and point coordination function (PCF). PCF is an optional and complex access method that can be implemented in an infrastructure network. 3.3
Sub-standards of IEEE 802.11 •
IEEE 802.1l
•
IEEE 802.11a
•
IEEE 802.11b
•
IEEE 802.11g
3.3.1
IEEE 802.11
It is the first WLAN standard, which is completed in 1997: It uses FrequencyHopping spread spectrum (FSSS) or Direct-Sequence spread spectrum (DSSS) for data transmission. Using DSSS it can transmit data up to 300ft distance. Its maximum data transmission speed is 2Mbps. It uses 24 GHz ISM bands. The other versions of WLAN standards are the extension of 802.11 only. 3.3.2
IEEE 802.1la
It uses Orthogonal Frequency Division Multiplexing (OFDM) for data transmissions, so its data transmission speed is comparatively high. And it has 64 orthogonal sub- carriers (48 for data, 4 for pilot 12 for other purposes). As it uses OFDM, SO cross talk in network become low. Operates in 5 0Hz UNIT band. It can transmit data up to 60 ft distance and maximum data transmission rate is 54Mbps. But due to frequency regulatory issues it cannot be used in Bangladesh. 3.3.3
IEEE 802.11b
The direct sequence spread spectrum (DSSS) IEEE 802.11b standard is announced in 1998 and has been named as Wi-Fi by the Wireless Ethernet Compatibility Alliance, a group that promotes adoption of 802.11b DSSS WLAN equipment and interoperability between vendors. It is the most popular wireless LAN standard and frequently used in the whole world. And also in Bangladesh this standard is used for WLAN design. Operates in 2.4 0Hz ISM bands. Data transmission rate is 11 Mbps and can transmit data up to 300ft distance. Due to interference and weakness of signal data transfer rate may goes do 5.5Mb per second. Although 802.11b is slower than 802.11a, its range is about 7 times greater, which is more important m many situations. However, reliable connectivity and for long distance coverage this standard is still popular. The IEEE 802.11(Wi-Fi) is the most successful implementation of IEEE 802.11. It is fast and easy to implement. 3.3.4
IEEE 802.11g
This standard is not permitted yet now. It may be permitted within 2003. The IEEE 802.11g is developing Complementary Code Keying Orthogonal Frequency Division Multiplexing (CCK-OFDM) standards in both the 2.4 GHz (802.11b) and 5 GHz (802.11a) bands and will support dual band use for public networks. Its data transmission rates will be about 22Mbps. From this high data transmission rate it can be assumed that its coverage area will be less than IEEE 802.llb standard. By using an enhanced protocol, 802.11g enables mixed network operation: Legacy 802.11b devices to operate at 11Mbps and New 80 devices operate at 54Mb on the same network. In theory it can operate at up to 54Mbps. It is not cleared whether this speed will be realized in practice. Four non-overlapping channels at 2.4 G11z ISM band has been proposed. 3.4
Bluetooth
Bluetooth is a wireless LAN technology designed to connect devices of difference such as telephones, notebooks, computers, cameras, coffee makers and so on. A Bluetooth LAN is an ad hoc network, which means network is formed spontaneously; the devices, sometimes called gadgets, and make a network called piconet. A Bluetooth LAN can even be connecting the internet if one of the gadgets has this capability. A Bluetooth LAN, by nature is not large. If there are many gadgets that try to connect, there is chaos.
Bluetooth technology has several applications. Peripheral devices of a computer communicate with the computer through this technology. Bluetooth technology is the implementation of a protocol defined by the IEEE 802.11 standard. 3.4.1
Architecture of Bluetooth
Bluetooth defines two types of networks; piconets and scatternet Piconets A Bluetooth network is called a piconet, or a small net. A piconet can have up to eight stations, one of which is called the master; the rest are called slaves. All the slave stations synchronize their clocks and hopping sequence with the master slave. A piconet can have only one master station. The communication between the master and the staves can be oneto-one or one-to-many. Piconet Primary
Secondary
Secondary
Fig. 3.3. Network set-up of Piconet Scatternet Piconets can be combined to form what is called a scatternet. A slave station is one piconet can become the master in another piconet. This station can receive messages from the master in the first piconet and acting as a master, deliver it to slaves in the second piconet. A station can be a member of two piconets. Figure 6.4 illustrates a scatternet. Piconet
Primary Secondary
Secondary Secondary
Primary/ Secondary Piconet
Fig. 3.4. Network set-up of Scatternet 3.4.2
Bluetooth Devices
A Bluetooth device has a built-in short range radio transmitter. The current data rate is 1 Mbps with a 2.4 GHz bandwidth. This means that there is a possibility of interference between the IEEE 802.11 wireless LANs and Bluetooth LANs. 3.5
The 802.11 Protocol Stack
The protocols used by all the 802.11 variants including Ethernet, have a certain commonality of structure. A partial view of the 802.11 protocol stack is given in Fig- 3.3. The physical layer corresponds of the OSI physical layer fairly well, but the data link layer in all the 802 protocols is split into two or more sub-layers. In 802.11, the MAC layer determines how the channel is allocated, that is, who gets to transmit next. Above it is the LLC Sub layer, whose job it is to hide the difference between the different 802 variants and make them indistinguishable as far as the network layer is concerned. We studied the EEC when examining Ethernet earlier in this chapter and wi1l not repeat the material here.
Fig. 3.3. Part of the 802.11 protocol stack The 1997, 802.11 standards specifies 3 transmissions techniques allowed in the physical layer the Infrared method uses much the same technology as Television remote controls do. The other two use short-range radio, using techniques called FHSS and DSSS. Both of these use a part of the spectrum that does not require licensing (2.4 GHz ISM Band). Radio-controlled garage door openers also use piece of the spectrum, so a notebook computer may find itself in competition with garage door. Cordless telephones, and microwave ovens also this band. All of these techniques operate at 1 or 2 Mbps and at low enough power that do not conflict too much. In 1999, two new techniques were introduced to achieve higher bandwidth. These are called OFDM and HR-DSSS. They operate at up to 54Mbps and 11 Mbps, respectively. In 2001, a second OFDM modulation was introduced, but in a different frequency band from the first one. Now we will examine each of them briefly. Technically, these belong to the physical layer. 3.6
Physical Layer (PHY)
The IEEE 802.11 PHY is responsible for mapping the IEEE 802.11 MAC frame unit into a format suitable for sending and receiving via a wireless medium, between two or more stations using one of the following implementations: Frequency Hopping Spread Spectrum (FHSS), Direct Sequence Spread Spectrum or Infrared (IR). The FHSS utilizes the 2.4 GHz
Industrial, Scientific and Medical (ISM) band. The band is divided into frequency channels with 1 MHz bandwidth each. A frequency hopping sequence consists of a permutation of all frequency channels. Three different hopping sequence sets are defined in the specification, with 26 hopping sequences per set. With the FHSS implementation, the carrier frequency is hopped with a pie-defined hop rate according to a hopping sequence. Different hopping sequences enable multiple BSSs to coexist in the same geographical area, which may become important to alleviate congestion and maximize the total throughput in a single BSS. The reason for having three different sets is to avoid prolonged collision periods between different hopping sequences in a set. Two access rates, 1 Mbit/s and 2 Mbit/s, are specified using 2level Gaussian Frequency Key (GFSK) and 4-level GFSK modulation respectively. The DSSS implementation also uses the 2.4 GHz ISM frequency band. The band is similarly divided into frequency channels, but with 11 MHz bandwidth each. The spreading is done chipping each data symbol at 11 MHz in one channel with a pre-defined 11-bit chip sequence. That is, a chip sequence and its one’s compliment are sent for bit values of 1 and 0 respectively, The DSSS also provides both 1 Mbit/s and 2 Mbit/s access rates with Differential Binary Phase Shift Keying (DBPSK) and Differential Quadrature Phase Shift Keying (DQPSK) modulation schemes respectively. The IR implementation uses wavelengths from 850nm to 950nm for signaling. It is designed for indoor use only and operates with non-directed transmissions. Two access rates are also specified for IR: l Mbit/s using 16-Pulse Position Modulation (PPM) and 4-PPM respectively. The first high speed wireless LANs, 802.lla, uses OFDM (Orthogonal Frequency Division Multiplexing) to deliver up to 54Mbps in the wider 50Hz ISM band. Transmissions are present on multiple frequencies at same time, this technique is considered a form of spread spectrum but different from FHSS. A complex encoding system is used, based on phase-shift keying modulation for speeds up to 18Mbps and on QAM above that. At 54Mbps, 216 data bits are encoded into 288-bit symbols. Next, I come to HR-DSSS (High Rate Direct Sequence Spread Spectrum), another spread spectrum technique, which uses 11 million chips/sec to achieve 11Mbps in the 2.4 GHz band. It is called 802.1 lb. It uses phase shift modulation. The operating speed of 802.11b is nearly always 11Mbps. 3.7
Medium Access Control (MAC) Sub layer
The IEEE 802.11 MAC Sub layer is responsible for frame addressing and form error checking, channel allocation procedures, fragmentation and reassembly. IEEE 802.11 MAC frame format is illustrated in Figure 3.4. The IEEE standard 48-bit MAC address is used to identify a station. The content of the four address fields is dependent upon the values of the To DS and From DS bits, and can be Destination Address (DA), Source Address (SA), Receiver Address (RA), Transmitter Address (TA) or BSS Identifier (BSSID). Bytes 2 2 6 Frame Duration Addrs Control / 1 ID
6 Addrs 2
2 Addrs 3
2 Sequenc e Control
6 Addrs 4
0-2312 4 Data FCS
Protocol Version Bits
Type Subty pe
2 2
4
To DS 1
Fro m DS 1
Mor e Frag 1
Retry Pwr Mgt
More WEP Order Data
1
1
1
1
1
Fig. 3.4. IEEE 802.11 MAC frame format DA and SA identify the MAC entities that are the final recipient and initiator of the frame respectively. RA identifies the intended immediate recipient on the wireless medium. TA contains the address of the station, which transmitted the frame onto the wireless medium. Note that RA and TA are often the address of an AP. BSSID uniquely identifies each BSS, which is the address of the AP in an infrastructure BSS, and a randomly generated address in an IBSS. The 2-bit type field identifies the frame as control, management or data. The subtype bits further identify the type of the frame, such as a Request to Send (RTS) control frame. A Frame Check Sequence • (FCS) contains a 32-bit Cyclic Redundancy Check (CRC) code, which is used for error detection.
Fig. 3.5. IEEE 802.11 MAC architecture Two channel allocation procedures are defined in the IEEE 802.11 MAC architecture: DCF for contention services and PCF for contention-free services (see Figure 3.5). The DCF is the fundamental access method, based on a Carrier Sense Multiple Access with Collision Avoidance (CSMAICA) scheme. As identified in the standard, all stations must support the DCF for use within both IBSS and infrastructure networks. A station wishing to transmit will sense the medium to determine whether another station is transmitting. If the medium is free, the transmission may proceed after ensuring that the medium is idle for a fixed duration, defined as DCF Interframe Space (DIPS). If the medium is determined to be busy, the station will defer until the end of the current transmission plus a DIFS delay. After the deferral or before attempting to transmit again immediately after a successful transmission. The station will apply a random back off procedure. To begin the procedure, the station will select a random back oil interval corresponding to a number of back off slots. Initially, the station selects a number of back off slots in the range of 0-7. The station performing the back off procedure will use the carrier sense mechanism to determine whether the medium is idle (luring each back off slot. If the medium is busy at any time during a back off slot. The hackoft procedure is suspended at the
beginning of the back off slot. The back off procedure is allowed to resume only if the medium is determined to be idle for a DIFS period again. If the medium is idle for the duration of a particular back off slot, the station will decrement its back off interval by one slot. After the back off procedure is completed, the station transmits its frame immediately. If two or more stations complete their back off procedure at the same time, a collision will occur and each station will have to select a new number of back off slots in the range of 0-15. For each retransmission attempt, the back off slot range doubles. Upon receipt of a correct packet, the receiving station waits an interval, the Short Interframe Space (SIFS), and transmits an acknowledgment frame (ACK) back to the source station, indicating that the transmission is successful. If the source station does not receive an ACK within an interval, ACK Timeout, the source station will invoke a back off procedure for retransmission. All stations except the source station in the BSS use the two duration octets to adjust their Network Allocation Vector (NAV), which indicates the amount of time that must elapse until the end of the current transmission, for deferring access to the channel. The medium operates under the DCF for a time known as Contention Period (CP) in the standard. A refinement of the DCF may be used under various circumstances to further minimize the amount of bandwidth wasted when collisions occur. The refinement is to exchange two short control frames, Request to Send (RTS) and Clear to Send (CTS), between the source and the destination stations prior to data transmission. As in the basic DCF, all stations except the source station in the BSS adjust their NAV using both RTS and CTS to avoid contending for the channel until the end of the current transmission. Figure 3.6 shows the transmission of a data frame with the DCF using RTS/CTS. Since all stat must contend for access to the channel for each transmission, the DCF provides fair access to the channel for all stations. In this example, A wants to send to. C is a station within range of A. D is a station within range of B but not within range of A.
Fig. 3.6. An example of transmissions of data among four stations in the BSS The protocol starts when A decides it wants to send data to B. It begins by sending an RTS frame to B to request permission to send it a frame. When B receives this request, it may decide to grand permission, in which case it sends a CTS frame back. Upon receipt of the CTS, A now sends its frame and starts an ACK timer. Upon correct receipt of the data frame, B responds with an ACK frame, terminating the exchange. If A’s ACK timer expires before
the ACK gets back to it, the whole protocol is run again. Now let us consider this exchange from the viewpoints of C and D. C is within range of A, so it may receive the RTS frame. If it does it realizes that someone is going to send data soon, so for the good of all it desists from transmitting anything until the exchange is completed. From the information provided in the RTS request, it can estimate how long the sequence will take including the final ACK, so it asserts a kind of virtual channel bus for itself, indicated by NAV (Network allocation vector). D does not hear RTS, but it does hear the CTS, so it also asserts the NAV signal for itself The NAV signals are not transmitted; they are just internal reminders to keep quit for a certain period of time. The PCF is an optional access method, which is only usable in an infrastructure network. The PCF is required to coexist with the DCF, and logically sits on top of it as shown in Figure 3.4. The PCF relies on the point coordinator, which will operate at the AP of the BSS, to perform polling and enabling a polled station to transmit without contending for the channel. The period of time when the medium operates under the control of PCF is known as a Contention-Free Period (CFP). The CFP repetition interval is used to determine the frequency with which the PCF occurs. Within a CFP repetition interval, a portion of the time is allocated to PCF traffic and the remainder is provided to DCF traffic. The CFP repetition interval is initiated by a beacon frame from the AP after the medium remains idle for a PCF Interframe Space (PIFS). The beacon frame contains the parameters for synchronization and the duration of the current CFP. All stations in the BSS will update their NAV to the maximum length of the CFP after receiving the beacon. The AP waits for an interval, SIFS, and transmits a poll frame. The polled station the only station allowed to respond can transmit after a SIFS idle period. The AP can terminate the CFP by transmitting a CFP-End frame. Upon receiving the CFP-End frame, all stations will reset their NAV. Large data frames from an upper protocol layer may require fragmentation to increase transmission reliability. If the size of the data frame exceeds a pre-defined value, the Fragmentation Threshold, the frame is broken into multiple fragments with a size of Fragmentation Threshold, except that the last fragment has a variable size not exceeding Fragmentation Threshold. When a data frame is fragmented, all fragments are transmitted sequentially. Upon receiving a fragment, the receiving station will send an ACK back to the source station after waiting for a SIFS period. After receiving an ACK, the source station will wait a SIPS period, and transmit the next fragment. The source station will not release the channel until all the fragments are successfully transmitted or the source fails to receive an ACK for a transmitted fragment. When an ACK is not received for a previously transmitted franc, the source station halts the transmission and re-contends for the channel. The source will start transmitting with the first unacknowledged fragment upon gaining access to the channel. The fragments of a data frame can be sent using either the basic DCF or the DCF with RTS/CTS. 3.7
The 802.11 Frame Structure
The 802.11 standard define three different classes of frames on the wire: data control, and management. Each of these has a header with a variety of fields used within the MAC Sub layer. In addition, there are some headers used by the physical layer but these mostly deal with the modulation techniques used, so we will not discuss them. Here. The format of the data frame is shown in Figure 3.4. First come to the Frame Control field. It itself has 11 sub fields. The first of these is the Protocol version, which allows two versions of the protocol to operate at the same time in the same cell. Then come to the Type (data, control, or management) and Subtype fields
(RTS 0r CTS). To DS and from DS bits indicate the frame is going to or coming from the inter cell distribution system. The MF bit-means that more fragments will follow. The Retry bit marks a retransmission of a frame sent earlier. The Power management bit it used by the base station to put the receiver into sleep state or take it out of sleep state. The more bit indicates that the sender has additional frames for the receiver. The W bit specifies that the frame body has been encrypted using the WEP (Wired Equivalent Privacy) algorithm. Finally, the 0 bit tells the receiver that a sequence of frames with this bit on must be processed strictly in order. The second field of the data frame, the Duration field tells how long the frame and its acknowledgement will occupy the channel. This field is also present in the control frames and is how other stations manage the NAV mechanism. The frame header contains four addresses, all in standard IEEE 802 format. The other two addresses are used for the source and destination base stations for inter cell traffic. The sequence field allows fragments to be numbered of the 16 bits 12 identities the frame and 4 identities the fragments. The Data field contains the payload, up to 2312 bytes, followed by the usual Checksum. Management frames have a format similar to that of data frames, except without one of the base station addresses, because management frames are restricted to a single cell. Control frames are shorter still, having only one or two addresses, no Data field, and no Sequence field. The key information here is in the Subtype field, usually RTS, CTS, or ACK. 3.9 International Channel Allocation Table 3.2 specifies the international channel allocations for DSSS and FHSS WLANs in the 2.4 GHz band. Table 3.1: IEEE 802.11 Channels for both DS-SS & FH-SS WKAN standard Country United States Canada Japan France Spain Reminder Europe
Frequency Range 2.4 GHz 2.4 GHz 2.4 GHz 2.4 GHz 2.4 GHz of 2.4 GHz
DSSS Channels 1 through 11 1 through 11 1 through 14 10 through 13 10 through 11 1 through 13
FHSS Channels 2 through 80 2 through 80 2 through 95 48 through 82 47 through 73 2 through 80
All WLANs are manufactured to operate on any one of the specified channels and are assigned to a particular channel by the network operator when the WLAN System is first installed. The channelization scheme used by the network in becomes very important for a very in density AN installation, since neighboring access points (AP) must be separated from one another in frequency to avoid interference and significantly degraded performance. 3.10 IEEE 802.11 Services The 802.Ilstandard states that each wireless LAN mast provides nine services. These services are divided into two categories: five distribution services and four station services. The distribution services relate to managing cell membership and interaction with station outside the cell. In constant, the station services relate to activity with single cell.
3.10.1 Distribution Services The five distribution services are provided by the base stations and deal with station mobility as they enter and leave cells; attaching themselves to and detaching themselves form base stations. They are as follows. (a) Association This service is used by mobile stations to connect themselves base stations. Typically, it is used just after a station moves with in the radio range of the base station. Upon arrival, it announces its identity and capabilities. The capabilities include the data rates supported, need for PCF services and power management requirements. The base station may accept or reject the mobile station. If the mobile station is accepted, it must the authenticate itself. (b) Disassociation Either the station or the base station may disassociate, thus breaking the relationship. A station should use this service before shutting down or leaving but tile base station may also use it before going down for maintenance. (c) Re association A station may change its preferred base station using the service. This facility is useful or mobile stations moving form one cell to another. If it is used cc no data with be lost as a consequence of the handover. (d) Distribution This service determines how to rout frames send to the base station. If the distribution is local to the base station, the frames can be sent out directly over the air. Otherwise they will have to be forwarded over the wired network. (e) Integration If a frame needs to be sent through a non-802.I 1 network with a different addressing scheme or frame format, this service handles the translation from the 802. 11 formats to the format required by the destination network. The remaining four services are Inter cell (that is, relate to actions within a single cell). They are used alter association has taken place and are as follows. 3.10.2 Station Services The remaining four services are Inter cell. They are as follows: (a) Authentication. Because wireless communication can easily be sent or received by unauthorized stations, a station must authenticate itself before it is permitted to send data. After a mobile station has been associated by the base station sends a special challenge frame to it to see if the mobile station knows the secret key that has been assigned to it. It proves its knowledge of the secret key by encrypting the challenge frame and sending it back to the base station. If
the result is correct, the mobile is fully enrolled in the cell. In the initial standard, the base station does not have to prove its identity to the mobile station, but work to repair this defect in the standard is underway. (b) De-authentication: When a previously authenticated station wants to leave the network, it is de authenticated. After de authentication, it may no longer use the network. (c) Privacy For information sent over a wireless LAN to be kept confidential, it must be encrypted. This service manages the encryption and decryption. The encryption algorithm specified is RC4, invented by Ronald Rivest of M.I.T. (d) Data Delivery Finally, data transmission is whit it is all about, so 802.11 naturally provides a way to transmit and receive data. Since 802.iiis modeled on Ethernet transmission over Ethernet is not guaranteed to be 100% reliable, transmission over 802.11 is not guaranteed to be reliable either. Higher layers must deal with detecting and correcting errors. An 802.11 cell has some parameters that can be inspected and, in some cases, adjusted: They relate to encryption, timeout intervals, data rates, beacon frequency, and so on. Wireless LANs based one 802.11 are starting to be deployed in office buildings, airports, hotels, restaurants, and campuses around the world. Rapid growth is expected for some experience about the widespread of 802.11 at CNIU. Multiple Access & Modulation Technique 4.1 Multiple Access Protocols There are various multiple access protocols such as ALOHA, FDMA, TDMA, CDMA, SDMA, CSMA etc. Here we will study a small sample of the more interesting ones. However it should be mentioned that CSMA is used in Wireless LAN to solve channel allocation problems. 4.1.1
ALOHA
In 1970s, Norman Abramson at the University of Hawaii devised new and elegant method to solve the channel allocation problem called the ALOHA system. There are two versions of ALOHA system: Pure ALOHA and Slotted ALOHA. Pure ALOHA: The pure ALOHA protocol is a random access protocol used for data transfer. A user accesses a channel as soon as message is ready to be transmitted. After transmission, the user waits for an acknowledgement on either the same channel or separate feedback channel. In case of collision (i.e. when a NACK is received), the terminal waits for a random period of time and transmits the message. As the no of users increase, a greater delay occurs because the probability of collision increases.
Slotted ALOHA: In slotted ALOHA, time is divided into equal time slots of length grater than the packet duration t (tau). The subscribers each have synchronized clocks and transmit a message only at the beginning of a new time slots, thus resulting in a discrete distribution of packet. This prevents partial collision, where one packet collides with a portion of another. As the no of users increase, a grater delay will occur due to complete collisions and the resulting repeated transmissions of those packets originally lost. 4.1.2
Carrier Sense Multiple Access Protocols
ALOHA protocols do not listen to the channel before transmission. But the CSMA protocols are based on the fact that each terminal on the network is able to monitor the status of the channel before transmitting information. If the channel is idle (i.e. no carrier is detected), then the user is allowed to transmit a packet based on a particular algorithm, which is common to all transmitters on the network. So, carrier-sense multiple access protocols are that in which stations listen for a carrier (i.e. a transmission) and act accordingly are called carrier sense-protocols. Persistent & Non-persistent CSMA 1-persistent CSMA The terminal listens to the channel and waits for transmission until it find- the channel idle. As soon as the channel is idle, the terminal transmits its message with probability one. Non-persistent CSMA In this type of CSMA strategy, after receiving a negative acknowledgement the terminal waits a random time before retransmission of the packet. This is popular wireless LAN applications, where the packet transmission interval is much greater than the propagation delay to the furthermost user. P-persistent CSMA P-persistent CSMA is applied to slotted channels. When a channel is found to be idle, the packet is transmitted in the first available slot with probability P or in the next slot with probability 1-p. CSMA with Collision Detection In CSMA with collision detection (CD), a user monitors its transmission for collision. If two or more terminals start a transmission at the same time, collision is detected, and the transmission is immediately aborted in midstream. This is handled by a user having both a transmitter and receiver which is able to support listen-while-talk-operation for a single radio channel, this is done by interrupting the transmission in order to sense the channel. For duplex systems a full duplex full transceiver is used. CSMA with Collision Avoidance Both physical channel & virtual channel sensing are used. When a station wants to transmit, it senses the channel. If the channel is idle then it starts transmitting. If the channel is busy the senders defers until it goes to idle and then starts transmitting. If collision occurs
then colliding stations wait a random amount of time & then try again. Used for multiple access in wireless LAN.
Fig. 4.1. Virtual Channel Sensing 4.2
Modulation
Very rarely base band transmission is used for long distance transmission. A technique called modulation is used for the purpose. In modulation there is a carrier signal. The carrier signal may be and analog sinusoidal signal of a fixed frequency or a train of pulses of certain frequency. The information signal is placed on the carrier. The information signal introduces certain change in the parameter of the carrier. In the case of analog sinusoidal carrier, it is possible to change the amplitude or frequency or phase or two of them or all of them by the information signal. The point to modulation is to take a message bearing signal and superimpose it upon a carrier signal for transmission. For ease of transmission carrier signals are generally high frequency for several reasons. •
For easy (low loss, low dispersion) propagation as electromagnetic waves.
•
So that they may be simultaneously transmitted without interference from other signals.
•
So as to enable the construction of small antennas (a fraction, usually a quarter of the wavelength).
•
So as to be able to multiplex that is to combine multiple signals for transmission at the same time.
Modulation is the process of putting an information signal on a carrier signal for some technical advantages. Demodulation is the opposite of modulation. That is separation of the information signal from the received modulation signal. For data transmission demodulation is the process of recovering the data signal from the received asked sinusoidal signal. Modulation is the process by which some characteristic of a carrier signal is varied in accordance with a modulating signal. Many ways exist to modulate a message signal m(t) to
produce a modulated (transmitted) signal x(t). For amplitude, frequency, and phase modulation, modulated signals can be expressed in the same form as: S (t) = A (t) cos (2
fc t +
(t))
Where A(t) is a real-valued amplitude function (a.k.a. the envelope), fc is the carrier frequency, and (t) is the real-valued phase function. Communication systems are often organized according to the following structure. Signal Processin g
Carrier Circuit
m(t) Transmitter Receiver
Transmissio n Medium
m(t)
Carrier Circuit
Signal Processin g
s(t)
r(t) Channel
Fig. 4.2. Communication Systems 4.2.1
Types of Analog Modulation
The basic idea here is to superimpose the message signal in analog form on a carrier which is a sinusoid of the form A cos (
c
t) +
)
There are three quantities that can be varied in proportion to the modulating signal: the amplitude, the phase, and frequency. The first scheme is called Amplitude Modulation and the second two are called Angle Modulation schemes. Analog Modulation
Amplitude Modulation (AM)
Angle Modulation
Frequency Modulation (FM) Phase Modulation (PM) Quadrature Amplitude Modulation (QAM) Fig. 4.3. Types of Analog Modulation There are two types of analog modulation. 1. Amplitude Modulation; and 2. Angle Modulation.
Angle Modulation is also has two different types. 1. Frequency Modulation (FM); and 2. Phase Modulation (PM). In amplitude modulation, the message signal will be present in the amplitude of the transmitted signal. Analog modulation is non linear modulation and requires high bandwidth and also has good performance in the presence of noise. In frequency modulation, the message signal will be present in the instantaneous frequency. In phase modulation, the message signal will be present in the phase. In quadrature amplitude modulation, the message will be present in both the amplitude and the phase. 4.2.2
Types of Digital Modulation
In digital modulation the carrier signal is a train of pulses. Pulses have amplitude, width and position. We have four types of modulation such as: (a) Pulse Amplitude Modulation (PAM); (b) Pulse Width Modulation (PWM); (c) Pulse Frequency Modulation (PFM) ;and (d) Pulse Position Modulation (PPM). 4.3
Multiplexing
The technique of transmitting more than one information signal through a single channel is called multiplexing. There are two types of multiplexing (a) Frequency Division Multiplexing (FDM); and (b) Time Division Multiplexing (TDM). When the information signal is digital and the carrier signal is Sinusoidal, modulation is called shift keying. According to the change of the parameter of the carrier (sinusoidal) by the digital signal we have are: (a) Amplitude Shift Keying (ASK); (b) Frequency Shift Keying (FSK); and (c) Phase Shift Keying (PSK). In addition, a combination of ASK and PSK is employed at high bit rates. This method is called Quadrature Amplitude Modulation (QAM).
4.4
Difference between Analog and Digital Modulation
In analog transmission, we transmit and receive analog waveforms. Examples include Amplitude Modulation (AM), Phase Modulation (PM), Frequency Modulation (FM), Quadrature Amplitude Modulation (QAM), and Pulse Amplitude Modulation (PAM). In digital transmissions, we treat the transmission and reception in the digitized domain, even though the actual transmission and reception will in practice involve analog waveforms. The sampled and quantized versions of the analog examples above are called Amplitude Shift Keying (ASK), Phase Shift Keying (PSK), Frequency Shift Keying (FSK), Quadrature Amplitude Modulation (QAM), and Pulse Amplitude Modulation (PAM). And additional example is spread spectrum. 4.5
Comparison of AM, FM, and Digital Modulation Techniques
A comparison of different types of modulation techniques has been given in Table 4.1. Table 4.1: Comparison of AM, FM, and Digital Modulation Techniques Parameter Signal-to-Noise Ratio Performance VS Attenuation Transmitter Cost
AM Low-to-Moderate
FM Moderate-High
Digital High
Sensitive
Tolerant
Invariant
Moderate-High
Moderate
High
Receiver Cost
Moderate
Moderate-High
High
Not Required
Not Required
Receiver Adjustment Installation
Gain Often Required
Adjustments Requires Multi Channel Require High Capabilities Linearity Optics Performance Over Moderate Time Environmental Moderate Factors
No Adjustments Adjustments Requires Requires Fewer Channels Good Excellent
Excellent
Excellent
Excellent
Another difference between analog and digital transmission deals with the hardware’s ability to recover the transmitted signal. Analog modulation, which is continuously variable by nature, can often require adjustment at the receiver end in order to reconstruct the transmitted signal. Digital transmission, however, because it uses only 1’s and 0’s to encode the signal, offers a simpler means of reconstructing the signal. Both types of modulation can incorporate error detecting and error correcting information to the transmitted signal. However, the latest trend in signal transmission is forward error correction (FEC). This scheme, which uses binary numbers, is suited to digital transmission. Extra bits of information are incorporated into the digital signal, allowing any transmission errors to be corrected at the receive end.
Secondly, Analog transmission is not concerned with content; regenerated by amplification; signal is analog or digital (modulated) and Digital transmission concerned with content of signal; regenerated by repeating; signal is digital or analog (CODEC). A third important difference related to the cost of analog transmission links compared to digital transmission links. Because the circuitry required for digital transmission is more complex, the cost is often much higher. In short distance applications, analog modulation will almost always be the most cost-effective system to specify. 4.6
Modulation Techniques for WLAN There are various modulation techniques, however wireless LAN uses Spread Spectrum modulation technique. In 1997, the first internationally sanctioned wireless LAN standard, 802.11 was approved by IEEE. This standard proposed three type of implementation for the physical layer, which are: •
Infrared (IR) pulse position modulation (is not commercially implemented);
•
Radio frequency (RF) signaling in the 2.4 GHz band using frequency hopping spread spectrum (FHSS); and
•
Radio frequency (RF) signaling in the 2.4 GHz band using direct sequence spread spectrum (DSSS).
4.6.1
Spread Spectrum Modulation
An important form of communications is known as spread spectrum. It can be used to transmit either analog or digital data, using an analog signal. The essential idea is to spread the information signal over a wider bandwidth. The first type of’ spread spectrum developed is known as Frequency Hopping Spread Spectrum (FUSS). A more recent type of spread spectrum is Direct Sequence Spread Spectrum (DSSS). The key characteristics of any spread spectrum system is the input is fed into a channel encoder that produces an analog signal with a relatively narrow bandwidth around some center frequency. This signal is further modulated using a sequence of digits known as a spreading code or spreading sequence. The effect of this modulation is to increase significantly the band of the signal to be transmitted. On the receiving end, the same sequence is used to demodulated the spread spectrum signal. Finally, the signal is fed into a channel decoder to recover the data. 4.6.2
Direct Sequence Spread Spectrum (DSSS)
A direct sequence spread spectrum system spreads the baseband data by directly multiplying the baseband data pulses with a pseudo-noise (PN) sequence that is product by a pseudo-noise code generator. A single pulse or symbol of the PN waveform is called a chip and each bit in DSSS is transmitted as Barker sequence. Figure 4.2 shows a functional block diagram of a DS system with binary phase modulation.
Fig. 4.4. Direct Sequence Spread Spectrum System 4.6.3
Frequency Hopping Spread Spectrum (FHSS)
With frequency hopping spread spectrum the signal is broadcast over a seemingly random series of radio frequency hopping from frequency to frequency at fixed intervals. A receiver, hopping between frequencies in synchronization with the transmitter, picks up the message. Over longer distances, multipath fading can be an issue and FHSS offers good resistance to it. It is also relatively insensitive to radio interference, which makes it popular for building-to-building links. Their main disadvantage is its low bandwidth. Basic Approach Figure 4.3 shows an example of a frequency-hopping signal a number of channels are allocated for the FH signal. Typically, there are 2 carrier frequencies forming channels. The spacing between carrier frequencies and hence the width of each channel usually corresponds to the bandwidth of the input signal. The transmitter operates in one channel at a time for a fixed interval; For example, the IEEE 802.11 standard uses a 300ms interval. During that interval, some no of bits are transmitted using some encoding scheme. The sequence of channel used is dictated by a spreading code. Both transmitter and receiver use the same code to tune into a sequence of channels in synchronization.
Fig. 4.5. Frequency Hopping example A typically block diagram for a frequency hopping system is shown in Figure 4.4 for transmission, binary data are fed into a modulator using some digital to analog encoding scheme, such as frequency shift keying (FSK) or Binary Phase Shift keying (BPSK). The resulting signal is centered on some base frequency. A pseudo noise, or pseudo random number, source serves as an index into a table of frequencies; this is the spreading code. Each
k. bit of the PN source specifies one of the 2 k carrier frequencies. At each successive interval, a new carrier frequency is selected. This frequency is then modulated by the signal product from the initial modulator to produce a new signal with the same shape but now centered on the selected carrier frequency. On receptions, the spread spectrum signal is demodulated using the same sequence of PN derived frequencies and then demodulator to produce the output data.
Fig. 4.6. Frequency Hopping Spread Spectrum System If only a single carrier frequency is used on each hop, digital data modulation is called single channel modulation. After frequency hopping has been removed from the received signal the resulting signal is said to be dehopped. Before the demodulation, the dehopped signal is applied to conventional receiver. In FH, whenever an undesired signal occupies a particular hopping channel, the noise and interference in that channel are translated in frequency so that they enter the demodulation. Thus, it is possible t0 have collisions in a FH system where an undesired user transmits in the same channel at the same time as the desired user. Problems & Solutions of WLAN 5.1 Problems & their Solutions The two major problems of WLAN are hidden station problem and exposed station problem. 5.1.1
Problems
Hidden Station Problem
The hidden station problem mentioned earlier and illustrated again in Fig. 5.1(a). Since not all stations are within radio range of each other, transmissions going on in one part of a cell may not be received elsewhere in the same cell. Station C is transmitting to station B. If A senses the channel, it will not hear anything and falsely conclude that it may new start transmitting to B. Exposed Station Problem Another major problem is the exposed station problem, illustrated in Fig. 5.1(b). Here B wants to send to C so it listens to the channel. When it hears a transmission, it falsely concludes that it may not send to C, even though A may be transmitting to D. But in addition, most radios are half duplex, meaning that they cannot transmit and listen for noise bursts at the same time on a single frequency. As a result of these problems, 802.11 does not CSMA/CD as Ethernet does. 5.1.2
Solutions
To deal with this problem, 802.11 support two modes of operation. The first called DCF (Distributed coordination function) does not use any kind of central control. The other called PCF (Point coordination function) uses the base station to control all activity in itself cell. All implementations must support DCF but PCF is optional. We will now discuss these two modes in turn. When DCF is employed, 802.11 uses a protocol called CSMA/CA. In this protocol, both physical channel sensing and virtual channel sensing are used. Two methods of operations are supported by CSMA/CA. In the first method when a station wants to transmit, it senses the channel. If it is ideal, it just starts transmitting. It does not sense the channel while transmitting but emits its entire frame, which may be destroyed at the receiver due to interference there. If the channel is busy, the sender defers until it goes ideal and then starts transmitting. If a collision occurs, the colliding stations wait a random time, using the Ethernet binary exponential back off algorithm, and they try again later. The other mode of CSMA/CA operation is based on MACAW and uses virtual channel sensing, as illustrated in Fig. 5.2.
Fig. 5.1. (a) The hidden station problem & (b) The exposed station problem In this example, A wants to send to B. C is a station within range of A. D is a station within range of B but not within range of A. The protocol start when A decides it wants to send data to B. It begins by sending an RTS frame to B to request permission to send it a frame. When B receives this request, it may decide to grand permission, in which case it sends a CTS frame back. Upon receipt of the CTS, A now sends its frame and starts an ACK timer. Upon correct receipt of the data frame, B responds with an ACK frame, terminating the exchange. If A’s ACK timer expires before the ACK gets back to it, the whole protocol is run again. Now let us consider this exchange from the viewpoints of C and D. C is within range of A, so it may receive the RTS frame. If it does it realizes that someone is going to send data soon, so for the good of all it desists from transmitting anything until the exchange is completed. From the information provided in the RTS request, it can estimate how long the sequence will take including the final ACK, so it asserts a kind of virtual channel busy for itself, indicated by NAV (Network allocation vector). D does not hear the RTS, but it does hear the CTS, so it also asserts the NAV signal for itself. The NAV signals are not transmitted; they are just internal reminders to keep quit for a certain period of time.
Fig. 5.2. The use of virtual channel sensing using CSMA/CA To deal with the problem of noisy channels, 802.11 allows frames to be fragmented into smaller pieces, each with its own checksum. The fragments are individually numbered and acknowledged using a stop-and-wait protocol. Once the channel has been acquired using RTS and CTS, multiple fragments can be sent in row as shown figure 5.3. Sequence of fragments is called a fragment burst.
Fig. 5.3. A fragment burst Fragmentation increases the throughput by restricting retransmission to the bad fragments rather than the entire frame. The fragment size is not fixed by the standard but is a parameter of each cell and can be adjusted by the base station. The NAV mechanism keeps other stations quiet only until the next acknowledgement, but another mechanism is used to allow a whole fragment burst to be sent without interference. The other allowed mode is PCF, which the base station polls the stations, asking them if they have any frames to send. Since transmission order is completely controlled by the base station in PCF mode, no collisions ever occur. The standard prescribes the mechanism for polling, but not the polling frequency, polling order or even whether all station need to get equal service. The basic mechanism is for the base station to broadcast a beacon frame periodically (10 to 100 times per second). PCF and DCF can co-exist within one cell. At first it might seem impossible to have central control and distributed control operating at the same time but 802.11 provide a way to achieve this goal. It works by carefully defining the inter frame time interval. After a frame has been sent, a certain amount of deal time is required before any station may send a frame. Four different intervals are defined, each for a specific purpose. The four intervals are depicted in Fig. 5.4
Fig. 5.4. Inter frame spacing in 802.11 The shortest interval is SIFS (Short Inter Frame Spacing). It is used to allow the parties in a single dialog the chance to go first. This includes letting the receiver send a CTS to respond to an RTS, letting the receiver send an ACK for a fragment or full data frame, and letting the sender of a fragment transmit the next fragment without having to send an RTS again. There is always exactly one station that is entitled to respond alter a SIFS interval. If it fails to make use of its chance and a time PIFS (PCF Inter Frame Spacing). Elapses, the base station may send a beacon frame or poll frame. This mechanism allows a station sending a data frame or fragment sequence to finish its frame without anyone else getting in the way, but gives the base station a chance to grab the channel when the previous sender is done without having to compete with eager users. If the base station has nothing to say and a time DIFS (DCE Inter Frame Spacing) elapses, any station may attempt to acquire the channel to send a new frame. The usual contention rules apply, and binary exponential back off may be needed if a collision occurs.
The last time interval, EIFS (Extended Inter Frame Spacing), is used only by a station that has just received a bad or unknown frame to report the bad frame. The idea of giving this event the lowest priority is that since the receiver may have no idea of what is going on, it should wait a substantial time to avoid interfering with an ongoing dialog between two stations. 5.2
Few Problems & their Solutions of Wi-Fi (802.11b)
Some problems related to wi-fi and their solutions have been briefly described in following paragraphs. 1. The standard of wi-fi is uncleared: The developers of wi-fi use unlicensed radio frequency as they wish. There are no fixed rules of using this radio frequency, so many companies do not agree in doing research on wi-fi. Solution: Now wi-fi equipment manufacturing companies are replacing transmitter by gear. For using gear it can cover the full wi-fi frequency spectrum. 2. Weak Security System: In the beginning of using wi-fi, invalid user could enter the network and harmed the data Solution: Strong data encryption system should he implemented. 3. Costly: Though wi-fi technology is cheaper than any other wireless technology to access Internet but for public uses wi-fi service provider had to pay more bills. Solution: If more organization becomes interested on wi-fi service, then monthly expenditure of wi-fi may become less. Not only that but also if the Telephone companies work as wi-fi service provider then in future telephone bill and wi-fi internet bill may be given combined. 4. Limited Coverage Area: The Hot-Spot of wi-fl is only 300ft. Solution: Using signal buster or amplifier coverage length may be expanded. An antenna already has been invented to coverage about a few miles. AP also can be used as a repeater to expand the coverage area. 5. High Installation Cost: Though using wi-fi to make a hot- spot is not so costly but the full installation cost, operation cost and maintenance cost is high. Solution: Installation expenditure may be reduced by using gear drive instead of transmitter for a large installation. 6. Inter Operability: To make big coverage area it is needed to take help from more than one wi-fi service provider. Solution: As like cell phone companies the wi-fi network users can do roaming agreement. It will provide interoperability and service area will be expanded.
Besides the above problems there are also some additional problems of WLAN. They are following: •
First, a computer on Ethernet always listens to the other before transmitting. Only if the ether is idle does the computer begin transmitting. With wireless LANs, that idea does not work so well. The 802.11 standard had to solve this problem.
•
The second problem that had to be solved is that a radio signal can be reflected off solid objects, so it may be received multiple times. This interference results in what is called multipath fading. However Spread Spectrum modulation technique is a resistance to multipath-fading interference.
•
The third problem is that a great deal of software is not aware of mobility and low security.
•
The forth problem is radio frequency interference. To solve this problem Guard Band (unused portion of spectrum) can be used. Adaptive equalization may be helpful to overcome the inter symbol interference.
•
The fifth problem is low data transmission speed. A new modulation technique has already been employed named OFDM. Using OFDM in the 802.11b’s physical layer is already under developed, named 802.1 1 g and the expected speed will be about 54Mbps.
Wireless LAN Security 6.1
Introduction
Organizations are rapidly developing wireless infrastructures based on the IEEE 802.11 standard. Unfortunately, the 802.11 standard provides only limited support for confidentiality through the wired equivalent privacy (WEP) protocol, which contains significant flaws in the design. Furthermore, the standards committee for 802.11 left many of the difficult security issues such as key management and a robust authentication mechanism as open problems. The access control mechanisms available with current access points contain serious flaws such that an adversary can easily subvert them. Organizations over the last few years have expended a considerable effort to protect their internal infrastructure from external compromise. As a result, the organizations have canalized their external network traffic through distinct openings protected by firewalls. The idea is simple. By limiting external connections to a few well- protected openings, the organization can better protect itself. Unfortunately, the deployment of a wireless network opens a “back door” into the internal network that permits an attacker access beyond the physical security perimeter of the organization. As a result, the attacker can implement the “parking lot” attack, see figure 6.2, where the attacker sits in the organization’s parking lot and accessed hosts on the internal network. Ironically in some cases, the existence of the firewall may make the organization’s hosts are immune from attack and potential compromise. This chapter describes some WLAN security threats for access control mechanisms and simple eavesdropping attack against the 802.11 etc. The use of encryption prevents an adversary from gaining immediate access, but combining our attacks with the weakness found in WEP by others provides such access. We have also given some recommendation to overcome the security threats.
6.2
Wireless Security Threats
All wireless computer systems face security threats that can compromise its system and services. Unlike the wired network, the intruder does not need physical access in order to pose the following security threats: 6.2.1
Eavesdropping
This involves attack against the confidentiality of the data that is being transmitted across the network. In the wireless network eavesdropping is the most significant threat because the attacker can intercept the transmission over the air from a distance away from the premise of the company. 6.2.2
Tampering
The attacker can modify the content of the intercepted packets from the wireless network and these results in a 1oss of data integrity. 6.2.3
Unauthorized Access and Spoofing
The attacker could gain access to privileged data and resources in the network by assuming the identity of a valid user. This kind of attack is known as spoofing. To overcome this attack, proper authentication and access control mechanisms need to be put up in the wireless network. 6.2.4
Denial of Service
In this attack, the intruder floods the network with either valid or invalid messages affecting the availability of the network resources. The attacker could also flood a receiving wireless station thereby forcing to use up its valuable battery power. 6.2.5
Other Security Threats
The other threats come from the weakness in the network administration and vulnerabilities of the wireless LAN standards, e.g. the vulnerabilities of the Wired Equivalent Privacy (WEP), which is supported in the IEEE 802.11 wireless LAN standard. Another security threat is parking lot attack, which is shown by the following Fig. 6.1.
Fig. 6.1. The parking lot attack Wireless LAN network headers (including the IV portion and key number) themselves are not encrypted. This is one of’ the vulnerability, which an attacker could exploit. Although the standard specifies support for the popular RC4 symmetric stream cipher, all new symmetric key encryption efforts should be based on the AES block cipher in Offset Codebook Mode. The OCB has been optimized to minimize the number of calls to lower level cryptographic primitives, and can both encrypt/decrypt and tag/verify a message in a single pass. With the recent discoveries of the WEP vulnerability, the WEP encryption should not be used as the only form of protection. Confidential or important information should be encrypted prior to transmission over the wireless LAN so as to protect its confidentiality and integrity. In additional, cryptographic hashing function such as MD-5 or SHA-1 can also be used to ensure the integrity of the information transmitted over the wireless LAN.
Fig. 6.2. WEP encryption & Decryption Process To overcome the parking lot attack a strong Firewall security system will have to be employed so that only the valid users get access to the network. 6.3
Security Guidelines for Wireless LAN
The following are some of the guidelines that could help to reduce the exposure of a network to the above security threats: 6.3.1
Access Point Physical Security
The access points should be properly secured within the office environment to prevent them from any unauthorized access and physical tampering. These access points should be placed in a well accessible location to allow easy security setting and maintenances especially if the company has a few hundreds of these access points to support. To avoid interferences to its services, these access points should be physically located away from external sources of electromagnetic interference, e.g. microwave ovens. In additional, they should be waterproof for external installation. 6.3.2
Information Confidentiality and Integrity
The IEEE 802.llb standard allows for an optional privacy facility known as Wired Equivalent Privacy (WEP). The technique uses shared keys and a pseudo random number (PRN) as an initial victor (IV) to encrypt the data portion of network packets. This is based on the use of secret keys with symmetric encryption algorithms. 6.3.3
Wireless LAN Key Management
The symmetric encryption keys, e.g. the WEP keys stored in the access points and wireless station, should be protected from unauthorized access. The unauthorized intruder could use the encryption keys to decipher the wireless LAN data traffic. When in operation, the default WEP encryption keys should be changes and these keys should he changed on daily to weekly basis. While existing wireless LAN products support WEP services using 40- or 64-bits keys, newer one can support the use of longer and more secure 128-bit keys. However, the longer keys may impact the overall performance of the wireless LAN. The symmetric encryption keys should be protected during the key distribution to the users. The new keys should be end to the users either in encrypted form or through other secure means to prevent unauthorized access to the keys. Instead on relying on the shared static symmetric base key, a session key tie to a particular session could be generated for the symmetric encryption. The advantages for these arrangements are: •
To prevent the shared static symmetric base key from direct attack
•
Each party accessing the wireless LAN has its own set of encryption key.
However, the session keys are till subject to spoofing if the base key is revealed to an intruder.
6.3.4
User Authentication Mechanism
Currently, only the Service Set Identifiers (SSID) and MAC address are the access control mechanisms supported by the wireless LAN technology, only verify authorized wireless stations but not the users. As such, unauthorized personnel can gain access to the wireless LAN and its network resources using a stolen wireless station. To authenticate the identity of the users accessing the wireless LAN, user authentication mechanisms such as users’ ids/passwords, smart cards, security token (e.g. RSA SecurID two-factor authenticator) should be used to stop unauthorized access to the company’s internal network via the wireless LAN. 6.3.5
Access Control
In addition to the above SSID and MAC access control mechanism, which are built into the IEEE 802.11 wireless LAN standard, the following mechanisms should be employed to further enhance the security of a wireless LAN: 6.3.5.1 Wireless Network Access ID Most wireless LAN products allow the configuration of a user-defined access ID that can be used to further restrict access of the radio adaptors to the specific access lots. Only when the access ID is the same can the adapter connect to that access point and join the cell. However, every access point and adapter can only use one network ID. This is unlike WEP, which allows every access point and adapter to be configured to use different secret keys for different transmissions. 6.3.5.2 Ethernet/MAC Address Restriction Every Ethernet adapter has a unique universal 12-digit hexadecimal MAC address and the wireless adapter has one too. This IEEE-controlled hardware address can be used to identify the wireless client on the network. We can make use of this “feature” by configuring each access point to only accept connections from adapters with registered MAC addresses. This provides a certain degree of security against unauthorized access. However, MAC addresses can still be spoofed, so this should not be used on its own but in combination with the other mechanisms to further reduce the likelihood of unauthorized access to the wireless LAN. 6.3.5.3 Network Authentication A good network operating system, such as Novell, Windows NT/2000, minimally requires the user to log on by supplying a correct user ID and password before he can gain access to the network. Wireless LAN users should be required to do the same. 6.3.5.4 Firewall Access Control Access control mechanisms such as firewalls should be implemented to segregate the wireless LAN from the internal wired network (Figure 6.3). The wireless LAN should be deployed in a different network segment, which is separate from the internal wired network. Network or IP filtering can be implemented at the gateway to ensure that only authorized network traffic from the wireless LAN or legitimate access points are allowed to enter the wired network. This is to prevent unauthorized access to the internal wired network via rogue access points.
Fig. 6.3. How a firewall is used to segregate the wireless LAN from the internal. Wired network 6.3.5.5 Wireless Station Security On the client wireless station, access control and intrusion detection mechanisms should be installed where possible to prevent and detect any unauthorized access over the wireless LAN. The attacker may compromise on the client station and uses it to access the internal wired network. The user’s privileges and access rights to the systems and network resources should be restricted if they access the wireless LAN using client computing devices where there are no controls available, e.g. PDAs. Software programs that can be used to configure the wireless station as access point should not be allowed so as to minimize the setup of rogue access points. This is to prevent unauthorized access to the internal wired network via the rogue access point due to insecure configurations (e.g. WEP not enabled, no MAC address control list). An access point authenticates a user, but a user does not and cannot authenticate an access point. If a rogue access point is placed on a wireless LAN, it can be a launch pad for denial-of-service attacks through the “hijacking” of the wireless station of legitimate users. Mutual authentication supported by the access point allows the mutual authentication between the client and the authentication server, where both sides prove their legitimacy. Mutual authentication also makes it possible to detect and isolate rogue access points. The wireless station should also not be configured for network file sharing without any protection to prevent any unauthorized access to his local files. 6.3.5.6 User Security Awareness Users within the company premise should not be allowed to set up their wireless stations in ad-hoc mode and communicate with each other without going through the access point. This is to prevent unauthorized access to the user’s files if they are not protected. The user should power down the wireless station where it is not being used for a long period of
time, e.g. after office hours. This will reduce the risk of attacks on the wireless station over the wireless LAN. When the user’s wireless station has made connected to the internal wired network, it should not have concurrent direct connection to any entrusted network, e.g. the. Internet. This is to prevent any unauthorized access to the internal wired network via the wireless station. 6.3.5.7 Access Points Administration and Maintenance Only administrators have access to the wireless LAN key distribution program for the distribution of the encryption keys. The built-in COM ports of access point should be disabled or password-protected to prevent any unauthorized access to the access points. All unnecessary services and ports in the access points should be removed or closed. Periodic scanning on the wireless LAN should be conducted to detect the presence of rogue access points, unauthorized ports/services or any security vulnerabilities in the network. Prior to the scanning process, written approval should be obtained from the management to allow the vulnerabilities scanning on the network. The password for remote management of access points can be captured and used to gain unauthorized access to the access points. As such, administration of access points should not be done over the wireless LAN. Instead, the access points should be administrated via the wired network or locally via the access point’s built-in COM ports. It is commonly to statically assign a WEP key to a client, either on the client’s disk storage or in the memory of the client’s wireless LAN adapter. When a wireless station is lost, the intended user of the wireless station no longer has access to the MAC address or WEP key, and an unintended user does. This should be reported immediately to the network administrator. This would allow prompt action to be taken to prevent any unauthorized access via the lost wireless equip e.g. render the MAC address and WEP key useless for wireless LAN access and decryption of transmitted data. The administrator must recode static encryption keys on all clients that use the same keys as the lost or stolen wireless station. The greater the number of clients, the larger the task of reprogramming WEP keys. To overcome this limitation is a security scheme that:
Bases wireless LAN authentication on device-independent items such as usernames and passwords, which users possess and use regardless of the wireless station on which they operate
Uses WEP keys that are generated dynamically upon user authentication, not static keys that are physically associated with a wireless station
6.3.5.8 Availability of Wireless LAN Spread spectrum was developed during World War II to provide security for military radio communications. It spreads a signal across a wide range of frequencies at very low power, transforming the original signal into a noise-like signal. This hides the signal and makes it difficult for the signal to be detected. In fact, spread spectrum was designed to be resistant to noise, interference, jamming and unauthorized detection, making this technology ideal for wireless networking. There are two math types of spread spectrum techniques: Dire Sequence Spread Spectrum (DSSS) and Frequency Hopping Spread Spectrum (FHSS). Each of the above spread spectrum techniques has its pros and cons and the IEEE 802.11b standard supports both o Both DSSS and FHSS make hard for anyone to intentionally or unintentionally in or jam the radio transmissions in a wireless LAN. To someone who does not have the correct frequency information, spread spectrum
transmissions look no different from static or background noise, it is therefore difficult to “wiretap” a wireless LAN and directly observe the raw data being carried in the network. Likewise, it is difficult to jam a spread spectrum transmission. To do that without knowing the correct frequency information, you will need to generate a signal that is strong enough to jam the entire frequency band. In comparison, FHSS is more secure and is therefore used more extensively in the military. This is because the carrier frequency used in DSSS is fixed and the security provided by the DSSS chipping code is limited. However, DSSS has better bandwidth (currently from 2 Mbps up to 11 Mbps) and range and is much more resilient to interferences than FHSS. DSSS is therefore more widely implemented in commercial wireless LAN products. The wireless LAN is still vulnerable to denial of service attacks such as network jamming. As such, it should not be used as the only means to access the company’s network and systems. In situation where there is a risk of a particular access point being inaccessible due to flooding of network packets, load balancing across multiple access points should be implemented to mitigate this vulnerability. 6.3.5.9 Logging and Audit Logging of the wireless LAN helps to detect unauthorized network traffic, e.g. using Intrusion Detection System, to detect attacks directed over the wireless LAN. Logging information such as source/destination IP addresses, MAC addresses, user’s logon names/ids and logon time/duration can be logged to aid analysis and investigation in the event of network problem. On periodical basics, audit should also be performed to detect any exceptions or abnormal network activities and alert should be sent to the network administrators. 6.4
Summary
Table 6.1 summarizes how all the above security mechanisms work together to reduce the vulnerability of a wireless LAN against the specific threats of eavesdropping, tampering, unauthorized access and spoofing, and denial of service. Table 6.1: Summary of the key security mechanisms that can be implemented in a wireless LAN Protective Mechanism Threat Eavesdropping Tampering Unauthorized Access & Spoofing Denial of Service
Spread Spectrum
WEP Wireless Encryption Network Access ID
Network Ethernet Authentication Address Restriction
In view of the major WEP vulnerabilities and security threats posed by wireless LAN, confidential or important information should not be transmitted unprotected over the wireless LAN. When there is a need to transmit such information via the wireless LAN, further control measure such as end-to-end encryption should be used to ensure the confidentiality and integrity of the information. This is also another mechanism that helps to ensure the confidentiality of the information. This is the virtual private network (VPN) that runs transparently over a wireless LAN. Another s feature of the VPN is that it allows authentication, which ensures that only authorized users can connect, send and receive information over the wireless LAN. There is also a need to treat the wireless LAN as a less trusted network as compared to the internal wired network. To address this need, proper network segregation and access control have to be implemented to protect the company’s internal network from the wireless LAN. Finally, as attacks can be targeted on the wireless station via the wireless LAN, the client computing devices should not be used to store or process confidential or important information unless proper and access control mechanisms have been implemented to ensure the client security. Efficiency & Cost Analysis Comparing Wired & Wireless Local Area Network 7.1 Introduction Mainly for various resource sharing & accesses the era of network was introduced. Within network each computer workstation communicates among them & one or more servers. In most of the network the server acts as central data storage device. The computers within a network not only share the data but also valuable resources like-color printer, scanner, plotter etc. Another reason for networking a corporate office is so that a officials can use Internet at the same time. Especially with the recent expansion of broadband technology the flexibility of using such type of multi- user network (Internet) has also increased. We are comparing two different types (wired & wireless) of LANs for three typical Labs for an Educational Institution. 7.2
Description of Lab
Suppose the three Labs are situated in three different rooms of the same building and they are in the same floor. For 60 PCs we assume each room size is to be 48 X 32 square feet. Now we will design the Labs for both wired and wireless LAN with respect to the scenario. For three different types of Labs we will use the same configuration. 7.3
Proposed Wired Design
The topology is used in the three labs is Star. We have used three 24-ports Fast Ethernet Switches (100Mbps) in each lab. So we have needed 9 switches to design the three labs. An additional switch has been used as Backbone Switch. The cable has been used is E. Cat. 5 UTP. The total no of 60 PCs are required for the three labs and all the computers are PTV. The necessary servers (Mail Server, Computing Server, File Server) and the Gateway have been connected to the Backbone switch.
Fig. 7.1. Wired LAN design 7.4
Proposed Wireless Design
The Infrastructure mode has been used for the three labs and two DWL 900AP+ access points have been used in each lab. The access points (APs) are connected to a Fast Ethernet switch (100Mbps), which is the Backbone Switch to the network. E. Cat. 5 UTP cable has been used to connect the APs to the switch. In wireless configuration, the necessary servers (Mail Server, Computing Server, File Server) and the Gateway have been also connected to the Backbone switch.
Fig. 7.2. Wireless LAN design
7.5 7.5.1
Comparison between Wired & Wireless LAN Mobility
It is the most powerful feature of wireless network. Many people are choosing wireless network only for its mobility. Within a wireless network a user can access the network although he is outside the main network, but for this he needs to stay within a certain range. 7.5.2
Data Rate
One of the major issues of wireless LANs is its data rate. The overall speed of WLAN is much less than wired LAN. The data rate of a wireless network is about 11 Mbps, then the data rate of a wired network is about 100 Mbps. The data rate of various WLAN standards is given in the following table. Table 7.1: The data rate of WLAN Standard
Data rate
IEEE 802.11 IEEE 802.11 a IEEE 802.11 b IEEE 802.11 g
2 Mbps 54 Mbps 5.5 or 11 Mbps 22 Mbps
7.5.3
Data Range 300 ft 60 ft 300 ft 300 ft
Transmission
Security
Security is also a major issue for a wireless LAN. The wired LAN is more secured than the wireless LAN. As wireless LAN uses radio transmission, so an attacker can intercept the transmission over the air from a distance. Not only that but also the attacker can modify the content of the intercepted packets and this results a loss of data integrity. An attacker also can flood the network with either valid or invalid messages affecting the availability of the network. But a wired LAN is free from these types of attacks. There are also some problems in data transmission of wired LAN, such as a weak point of wired LAN is that it may disconnect f various reason&. If the wire has some hole in it water & dust may enter the hole & interrupt the normal flow of data. It is not possible to transmit data through a wired network if the wire is defected. So the whole network is collapsed. On the other hand wireless LAN is free from these problems. 7.5.4
Maintenance
After setting up a wireless LAN the maintenance cost of the network is almost zero. But for a wired LAN minimum two or three experts are always needed to assist the arising problems. Sometimes it may happen that an organization needs to shift office from one place to another, then the computers & the networks of the Office need to be reconfigured. And to do so we need some network experts who will reconfigure the network successfully. Not only that but also it is very difficult & costly to reconfigure them. On the other hand wireless LAN is free from these problems. It needs only to rearrange those computers.
7.5.5
Cost Comparison
Practically it is cheaper to implement a wireless LAN than a wire LAN. Especially in cases where various computers or servers are situated in various buildings in such condition it is very costly & difficult to establish cable connection among them. Cost comparison between wired & wireless LAN is given in Table 7.2.
Table 7.2: Cost comparison between wired & wireless LAN Network Type
Wired LAN
Wireless LAN
Topology/ Mode
Star
Infrastructur e
Main Requirements
Cost (Tk.)
1. 60 X 3= 180 PCs (35000 Tk/PC) 2. 10/100 Mbps Fast Ethernet Cards, 180Pieces (800 Tk/Card) 3. 24 ports DES1024R Switch, 10 Pieces (17500 Tk/ Switch) 4. E. Cat. 5 UTP Cable 3600m (5500 Tk/300meter) 5. RJ45 Connectors, 400 Pieces (12 Tk/Connector) 6. Patch Panel, 3 pieces (6000 Tk/piece) 7. Rack pf Patch Panel, 3 Pieces (2000 Tk/ Piece) 8. Dual Face Plate, 30 Pieces (500 Tk/Face Plate) 9. 3m Patch Cords, 10 Pieces (300 Tk/Cord)
63,00,000
1. 60 X 3 =180 PCs (35000 Tk/PC) 2. DWL900AP+Access Point, 6 Pieces (12500 Tk/AP) 3. 180 pieces DWL 520+ PCI card (6500 Tk/ Card) 4. One 8 Port DES1008V switch 5. E. Cat. 5 UTP cable 300m 6. Six RJ45 Connectors
63,00,000
Total (Tk.)
1,44,000 1,77,500 66000 4800 67,31,800 18000 6000 15000 3000
75,000 11,70,000 5500 5500 72
75,56,072
7.5.6
Error Rate in Data Transmission
As wireless LAN uses radio transmission, so the chance of radio interference may lead to error in the data transmission. Besides this, multipath fading, rough weather, tampering etc. are also responsible for error in data rate of wireless LAN. However in wired LAN the data transmission rate is a hampered if there exists or creates a hole on wire. Water and dust enters by the hole into the wire and obstructs the data transmission. 7.6
Which One Should Be Chosen
Why people should use wireless LAN instead of on-going wired LAN depends completely on the type of organization they are working. Though the implementation cost of wireless LAN is few more than the wired LAN, but in overall people get some more facilities than usual wired network. The maintenance cost of wireless LAN is almost zero where we had to spend a fixed amount of money only its maintenance. Though the data rate of wireless LAN is much less than wired LAN, but I think 1/3Mbps speed is enough for an educational institution where only Programming and mail or files sharing services are needed. Another most important side of wireless LAN is the reconfiguration cost of the network almost zero where the reconfiguration cost of wired LAN is high. When the usage of wireless LAN will be available then the production cost of the wireless LAN equipment (especially the price of wireless LAN PCI card) will be decreased and then the implementation cost of wireless LAN also will be decreased. In a certain period the implementation cost of wireless LAN will be less than the wired LAN and this day is not so far away. Conclusion & Future Work 8.1 Conclusion Comparing to wired network, wireless networks are costly, noisy and unreliable. From my study I have also realized that security is a major issue of wireless LAN, so researchers should more study for the security development of Wireless LAN. As WLANs become popular and given the poor performance of TCP over wireless links becomes more relevant, more detail studies are necessary. I have also studied the efficiency of wireless local area network and not only that but also I found that though theoretically it can cover 300ft but it covers only 100ft. Wireless communication covers the fast-moving dynamic field of communications. This area of study involves the sending and receiving of information in digital format over distance ranging from a few inches to thousands of miles. This study is generally offered as part of an overall program in electronics technology. Prerequisites are a basic understanding of analog and digital circuits, signals, and concepts together with the mathematics necessary to understand these principles. Communication is defined as the transmitting of data from one site to another, formerly via telephone lines, but now including cable, microwave, optical fiber and satellite. The personal computer has become as ubiquitous as the telephone. The persona (computer has produced new demands for the communication of data inside a facility, within a company and globally. ' The goal of communication is to send a message from one point to another and to ensure that the message is received properly and under stood. Communication the ability to send and receive message reliably R predictably from the nervous system. The development
of the computer and the modern information oriented society has been both the incentive for improved communication and the result of communication capabilities. Electronic communication of data began with the telegraph perfected by Samuel Morse in 1884: This was relatively simple communication systems when the telegraph and telephone were invented. The only practical method for transferring the message was copper wire strung from one instrument to the other. The develop must of radio systems added another means of connecting the ends of the communications and also gave a great deal of flexibility to the system. In the last decade, another method of transferring the message has grown in prominent fiber optics as the pipe or conduit for the communications signals, which are sent by pulse of light through the fiber. Fiber optics brings some important technical advantages that could not be achieved with copper wire, Radio, or satellites. This study in the proper context and setting for data communication, it covers both the essential and the fundamental topics in data communications and at the same time, many of growing technical need. The use of electronic communications is much more extensive then many people realize. Beside the obvious examples of communications, such as the link between a central bank computer and an automated teller machine, there are many other types of electronic communications. There are many ways to build a communication system that will successfully send a message from one point to another. Regardless of the system design, every communication system has the same basic functional blocks. At one end, there is the sender of the message and the other end is the receiver of the message. But week these two ends are used a medium the message goes over the actual communication link, which is the Physical path but not the sending end and the receiving end. This communication system can also be classified into one of three categories of ability, Simplex, full duplex and half duplex. Traditionally, in Telephone and Radio system, the message consisted of information conveyed by voice. The voice signal is an analog signal. The growth of computer technology and digital logic circuitry has also caused a tremendous change in the way that communication is performed. In a digital or Computer system, all information is represented by a digital signal. A network uses a combination of hardware and software to send data from one location to another. The hardware consists of the physical equipment that carries signals from one point of the network to another. However, the services that we expect from a network are more complex than just sending a signal from a source computer to a destination computer. In addition to hardware, we need software. We can compare the task of networking to the task of solving a mathematics problem with a computer. The fundamental job of solving the problem in a computer is done by computer hardware. However, this is a very tedious task if only hardware is used. We would need switches for every memory location to store and manipulate data. The task is much easier if software is in the picture. Signal is one of the major concerns of the physical layer lies in moving data in tile electromagnetic signals across a transmission medium. Whether we are collectin0 numerical statistics from another computer, sending animated pictures from a design workstation or causing a bell to ring at a distant control center, we are working with the transmission of data across network connections. Both the data and signals the represent them can take either analog or digital form. Data can be analog or digital. The term
analog data refers to information that is Continuous; digital data refers to information that has discrete states. Analog data take on continuous values. Digital data take on discrete values. Very rarely base band transmission is used for long distance transmission. A technique called modulation is used for the purpose. In modulation there is a carrier signal. The carrier signal may be an analog sinusoidal signal of a fixed frequency or a train of Pulses of certain frequency. The information signal is placed on the carrier. The information signal introduces certain change in the parameter of the carrier. In the case of analog sinusoidal carrier, it is possible to change the amplitude or frequency or phase or two of them or all of them by the information signal. Transmission media are actually located below the physical layer and directly controlled by the physical layer. We can say that transmission media belong to layer zero. The following figure shows the position of transmission media in relation to the physical layer. A computer connected via a LAN to the internet needs all five layers of the network model. The three upper layers (network, transport, and application) are common to all LANs. The data link layer is divided into the logical link control (LLC) sublayer and the medium access control (MAC) sublayer. The LLC sublayer was originally designed to be the same for all LANs for interoperability, but it is not used often today. The local area networks differ only in their MAC sublayer and in their physical layers. While the MAC sublayer is slightly different for each Ethernet version, the physical layer is quite different. In the above discussed the function of a communication system, the importance of communication in modern society and the various structures that a communication system can have. 8.2
Future Works
Firstly, the poor performance of TCP in WLAN can be researched for further development. Another area of future research is to elimination of two major problems hidden station problem and exposed station problem. As there are many new features IEEE 802.11, such as CSMA/CA scheme with acknowledgement, Network Allocation Vector (NAV) for deferring access to the channel, and two short frames for reserving the channel. With all these new features, IEEE 802.11 theoretically provides better MAC services in terms of quality services. However, these features might increase the overhead and reduce throughput. It is also planned that wireless LAN will be finally used also as alternative access networks to 3rd generation cellular devices. Interoperability between future wireless LANs (HiperLAN/2) and Wide Band Cellular protocols (W-CDMA) will support this feature. So future research may be done on how to access from WLAN to 3G backbone network REFERENCES [1] [2] [3]
Andrew S. Tanenbaum, “Computer Networks”, 4th Edition. Theodore S. Rappaport, “Wireless Communication”, 2nd Edition. William Stallings, “Wireless Communications And Networks”.
[4] [5] [6] [7] [8] [9] [10] [11] [12]
Kenny King-Yin Fok, “A Simulator For Wireless Local Area Networks”, Master’s thesis, Department of Computer Science, University of Waterloo, Ontario, Canada, 1998 David Chye, Rock Quay “FORMULATING A WIRELESS LAN SECURITY POLICY: RELEVANT ISSUES, CONSIDERATIONS AND IMPLICATIONS”, 21 February 2002. Aboba, M. Beadles, “The Network Access Identifier” Brenner, “A Technical Tutorial On the IEEE 802.11 Protocol”. William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan,” Your 802.11 Wireless Network has No Clothes”, Department of Computer Science, University of Maryland. Fabio Moioli, “Security in Public Access Wireless LAN”, M.Sc. thesis, Department of Teleinformatics, Royal Institute of Technology, Stockholm,12 June 2000. William C. Y. Lee, “Mobile Cellular Telecommunications”. KPMG UK – Information Risk Management, Information Security Survey, 1998 By Dr. Wen-Ping Ying “A Security Enhancement Scheme for IEEE 802.11 WEP Standards”, February 2002.
[13] [14]
Calhoun R. et al, “DIAMETER Framework Document” Hiller et al, “3G Wireless Data Provider Architecture Using Mobile IP and AAA”, Internet draft (work in progress), draft-hiller-3gwireless-00.txt,
[15]
Bellovin, “Report of the IAB Security Architecture Workshop”, RFC 2316, April 1998.
APPENDICE Appendix A The Physical Layer Specification (a) Direct Sequence spread Spectrum Data rate 1 Mbps 2 Mbps 5.5 Mbps 11 Mbps
Chipping Code Length 11 (Barker seq) 11 (Barker seq) 8 (CCK) 8 (CCK)
Modulation
Symbol rate
Bits/Symbol
DBPSK DQPSK DBPSK DQPSK
1 Mbps 1 Mbps 1.375 Mbps 1.375 Mbps
1 2 4 8
(b) Frequency Hopping Spread Spectrum Data rate 1 Mbps 2 Mbps
Modulation 2- level GFSK 4- level GFSK
Symbol rate 1 Mbps 1 Mbps
Bits/Symbol 1 2
Modulation 16- PPM 4- PPM
Symbol rate 4 Mbps 4 Mbps
Bits/ Symbol 0.25 0.5
(c) Infrared Data rate 1 Mbps 2 Mbps (d) Orthogonal FDM Data rate
Modulation
Coding rate
6 Mbps 9 Mbps 12 Mbps 18 Mbps 24 Mbps 36 Mbps 49 Mbps 54 Mbps
BPSK BPSK QPSK QPSK 16- QAM 16- QAM 64- QAM 16- QAM
½ ¾ ½ ¾ ½ ¾ 2
/3
¾
Coded per carrier 1 1 2 2 4 4 6 6
bits Code bit per Data bits per sub OFDM OFDM symbol symbol 48 24 48 36 6 48 96 72 192 96 192 144 288 192 288 216
MAC access logic using CSMA/CA
IEEE 802.11 Wireless standards Overview & Bands: Unlicensed Bands for Wireless LAN: IEEE 802.11
2.4 GHz
FHSS
2 Mbps 4 GFSK
DSSS
1 Mbps 2 GFSK
1Mbps BPSK
1Mbps OPSK
IEEE 802.11 Extension 5.5 Mbps BPSK
11Mbps OPSK
850 to 950
Diffuse IR
Appendix B Kiviat Graph for Data Networks
Wired LANs
Wireless LANs
GLOSSARY Barker Sequence
In DSSS each bit is transmitted as 11 chips is called Barker Sequence.
Beacon Frame
The beacon frame contains system parameters, such as hopping sequences and dwell times (for FHSS), clock synchronization, etc. It also invites new stations to sign up for polling service. Once a station has signed up for pooling service at a certain rate, it is effectively guaranteed a certain fraction of the bandwidth, thus making it possible to give quality of service guarantees
Chip
A single pulse or symbol of PN (pseudo number sequence) is called a chip.
Data Rate
Not all bits carry user information. Each group (packet) of bits contains headers, trailers, echo control, destination information, and other data required by the transmission protocol. It is important to understand the difference between bit rate and data rate, since the overhead information may consume more than 40% of the total transmission. This difference is common to many, such data systems, including Ethernet.
FCC
The Federal Communications Commission. This is the U.S. Government agency that is responsible for the laws governing the use of radio frequencies. The FCC has designated specific bands in which products such as ours are permitted to operate legally. It is important to note that the FCC has also placed strict restrictions on power output, antenna configurations and other design and performance parameters for this class of equipment.
Frequencies
Strike a piano key and you generate a tone. Pick up the tone with a microphone and your tone turns in to a “vibrating” or “cycling” electronic signal. The rate of vibration depends on the key struck. In electronics we refer to this rate of vibration as the number of “cycles per second”. The formal term for this value is Hertz, abbreviated “Hz”. As we move up in rate, such as in the Broadcast Band, we can use Kilohertz (KHz) to represent 1 ,000 Hz, or Megahertz (MHz) to represent 1,000,000 Hz. Continuing much further upward, we finally reach 1 ,000,000,000 Hz, which we can fortunately shorten to a Gigahertz (GHz). This frequency band is the home of 802.11b (2.4 GHz).
IEEE
The Institute of Electrical and Electronic Engineers. A 370,000member standards organization has drawn from 150 countries. One of its primary function is to establish (with the cooperation of the FCC), and publish, product and protocol (signaling method) wired and wireless standards. One of these standards is IEEE 802.11b (which is discussed below).
ISM Bands
A series of frequency bands, set aside by the FCC for Industrial, Scientific and Medical applications. Users of these bands operate equipment on a shared basis, meaning that they must expect, and accept interference from other legal users. Products manufactured for ISM Band use must be approved by the FCC, but the user does not have to be licensed. In addition to WLAN, ISM bands support cordless phones, microwave ovens, baby monitors, toys, ham radio transceivers and other wireless services.
MD5
Message Digest 5 (MD5) is more conservative than MD4 in the sense that MD5 is more concerned with security than speed. This means that MD5 is slightly slower than MD4, at the same time providing a much greater security. MD5 algorithm takes as input a message of arbitrary length and produces as output a 128-bit Message Digest or Message Authentication Code of that input. It, being very similar to MD4, has been designed to be quite fast on 32-bit machines and it does not require any large substitution tables. MD5 may even be considered as an extension of the MD4 message-digest algorithm. The main differences between MD4 and MD5 are as follows: • MD4 makes three passes over each 16-byte chunk of the message. In MD5 a fourth round has been added, i.e. MD5 makes 4 passes instead of 3 over the 16-byte chunk. • The functions are slightly different and also the number of bit shift is different. • MD4 has one constant that is used for each message word in pass 2, and a different constant used for all the 16 message words in pass (no constant is used in pass 1). MD5 uses a different constant for each message word on each pass. Since there are 4 passes, each of which deals with 16 message words, there are 64 32-bit constants used in MD-5. The padding in MD5 is the same as it is in MD4 Padding is always performed, even if the length of the message is already congruent to the needed length (448 modulo 512). The message digest processing is also done in the same way as it is done in MD4 and it is a 128-bit quantity as well. The message is processed in 512-bit (sixteen 32-bit words). Each stage computes a function based on the 512-bit message chunk and the message digest that results in a value which is passed Onto the next stage. The value resulting from the final stage is the final message digest. Each stage in MD5 makes 4 passes over the message block (compared with 3 for MD4) As in MD4, the value resulting from the function applied to the 512-bit chunk is added to the message digest value obtained from the last stage. MD5 has been especially designed for digital signature applications, where a large file
PN
Portal
must be compressed in a secure manner before being encrypted with a private (secret) key with a public-key cryptosystem such as RSA. In Spread-Spectrum technique the spreading wave form is controlled by a binary sequence that appears random but can be produced in a deterministic manner by intended receivers is called a pseudo-noise (PN) sequence or pseudo noise code The connection between the 802.11 systems and the outside world is called a portal.
Range
The distance over which a given system can communicate.
RC4 algorithm
RC4 algorithm was designed by Ronal Rivest. It is a common symmetric key cryptographic algorithm. RC4 generates a key stream that is XORed with plaintext to form the chiphertext.
SHA-I
The Secure Hash Algorithm (SHA) has been derived from the MD4 algorithm and it may be considered as the present alternative to RIPEMD-160. A flaw was found in the original specification of this algorithm (SHA), and a second version of SHA has been published to address this flaw, named SHA-1. SHA-1 appears to be cryptographically stronger than MD5. MD5 has better computational performance. SHAs output (digest) length is 160 bits, usually 32-bit aligned. Key length in SHA-l is not constrained to any particular size. Lengths of up to 160 bits are usually supported in most implementations, although key length may be shorter. Long keys are encouraged when high level security is desired. There are no known flaws in the present version of the Secure Hash Algorithm. This means that there are no known attacks on SHA-1 or any of-its components that are better than brute force attacks. The 160-bit hash output in SHA-1 is substantially more resistant to brute force attacks than the 128-bit hash size of MD4 and MD5. SHA1 is 62% as fast as MD5 and 80% as fast as DES hashing, i.e. MD5<DES<SHA (computational cost).
UNII Bands
Unlicensed National Information Infrastructure. In contrast to the ISM bands, these are a group of frequency bands set aside by the FCC for WLAN type communications only. Users must accept interference from other legal WI.AN users, but the other sources of interference problems are, or legally should be, missing.
WEP
Wired Equivalent Privacy is an encryption method used to encrypt data in wireless LAN, It is based on RC4 algorithm.
Wireless
Strictly speaking, the term just means â&#x20AC;&#x153;without wiresâ&#x20AC;?, but its actual meaning usually depends on the authors intent. Here, for example, a wireless system would logically refer to a microwave transceiver system.