Post on 01-Jan-2016
description
transcript
6: Wireless and Mobile Networks 6-1
Chapter 6 outline
6.1 Introduction
Wireless 6.3 IEEE 802.11
wireless LANs (“wi-fi”)
8.8 Securing wireless LANs
6: Wireless and Mobile Networks 6-2
Elements of a wireless network
network infrastructure
wireless hosts laptop, PDA, IP phone run applications may be stationary
(non-mobile) or mobile wireless does not
always mean mobility
6: Wireless and Mobile Networks 6-3
Elements of a wireless network
network infrastructure
base station typically connected to
wired network relay - responsible for
sending packets between wired network and wireless host(s) in its “area” e.g., cell towers,
802.11 access points
6: Wireless and Mobile Networks 6-4
Elements of a wireless network
network infrastructure
wireless link typically used to
connect mobile(s) to base station
multiple access protocol coordinates link access
various data rates, transmission distance
6: Wireless and Mobile Networks 6-5
Characteristics of selected wireless link standards
Indoor10-30m
Outdoor50-200m
Mid-rangeoutdoor
200m – 4 Km
Long-rangeoutdoor
5Km – 20 Km
.056
.384
1
4
5-11
54
IS-95, CDMA, GSM 2G
UMTS/WCDMA, CDMA2000 3G
802.15
802.11b
802.11a,g
UMTS/WCDMA-HSPDA, CDMA2000-1xEVDO 3G cellularenhanced
802.16 (WiMAX)
802.11a,g point-to-point
200 802.11n
Dat
a ra
te (
Mbp
s)
data
6: Wireless and Mobile Networks 6-6
Elements of a wireless network
network infrastructure
infrastructure mode base station
connects mobiles into wired network
handoff: mobile changes base station providing connection into wired network
6: Wireless and Mobile Networks 6-7
Elements of a wireless network
ad hoc mode no base stations nodes can only
transmit to other nodes within link coverage
nodes organize themselves into a network: route among themselves
6: Wireless and Mobile Networks 6-8
Wireless network taxonomy
single hop multiple hops
infrastructure(e.g., APs)
noinfrastructure
host connects to base station (WiFi,WiMAX, cellular)
which connects to larger Internet
no base station, noconnection to larger
Internet
host may have torelay through several
wireless nodes to connect to larger Internet: mesh net
no base station, noconnection to larger Internet. May have torelay to reach other a given wireless node
MANET, VANET
6: Wireless and Mobile Networks 6-9
Wireless Link Characteristics (1)
Differences from wired link ….
decreased signal strength: radio signal attenuates as it propagates through matter (path loss)
interference from other sources: standardized wireless network frequencies (e.g., 2.4 GHz) shared by other devices (e.g., phone); devices (motors) interfere as well
multipath propagation: radio signal reflects off objects ground, arriving ad destination at slightly different times
…. make communication across (even a point to point) wireless link much more “difficult”
6: Wireless and Mobile Networks 6-10
Wireless Link Characteristics (2) SNR: signal-to-noise ratio
larger SNR – easier to extract signal from noise (a “good thing”)
SNR versus BER (bit error rate) tradeoffs given physical layer:
increase power -> increase SNR->decrease BER
given SNR: choose physical layer that meets BER requirement, giving highest thruput
• SNR may change with mobility: dynamically adapt physical layer (modulation technique, rate)
10 20 30 40
QAM256 (8 Mbps)
QAM16 (4 Mbps)
BPSK (1 Mbps)
SNR(dB)B
ER
10-1
10-2
10-3
10-5
10-6
10-7
10-4
6: Wireless and Mobile Networks 6-11
Wireless network characteristicsMultiple wireless senders and receivers create
additional problems (beyond multiple access):
AB
C
Hidden terminal problem B, A hear each other B, C hear each other A, C can not hear each
othermeans A, C unaware of their
interference at B
A B C
A’s signalstrength
space
C’s signalstrength
Signal attenuation: B, A hear each other B, C hear each other A, C can not hear each other
interfering at B
6: Wireless and Mobile Networks 6-12
Chapter 6 outline
6.1 Introduction
Wireless 6.3 IEEE 802.11
wireless LANs (“wi-fi”)
8.8 Securing wireless LANs
6: Wireless and Mobile Networks 6-13
802.11 LAN architecture
wireless host communicates with base station base station = access
point (AP) Basic Service Set (BSS)
(aka “cell”) in infrastructure mode contains: wireless hosts access point (AP): base
station ad hoc mode: hosts
only
BSS 1
BSS 2
Internet
hub, switchor routerAP
AP
6: Wireless and Mobile Networks 6-14
802.11: Channels, association 802.11b: 2.4GHz-2.485GHz spectrum divided
into 11 channels at different frequencies AP admin chooses frequency for AP interference possible: channel can be same as
that chosen by neighboring AP! host: must associate with an AP
scans channels, listening for beacon frames containing AP’s name (SSID) and MAC address
selects AP to associate with may perform authentication [Chapter 8] will typically run DHCP to get IP address in
AP’s subnet
6: Wireless and Mobile Networks 6-15
802.11: passive/active scanning
AP 2AP 1
H1
BBS 2BBS 1
122
3 4
Active Scanning: (1) Probe Request frame broadcast
from H1(2) Probes response frame sent from
APs(3) Association Request frame sent:
H1 to selected AP (4) Association Response frame
sent: H1 to selected AP
AP 2AP 1
H1
BBS 2BBS 1
1
23
1
Passive Scanning: (1) beacon frames sent from APs(2) association Request frame sent:
H1 to selected AP (3) association Response frame sent:
H1 to selected AP
6: Wireless and Mobile Networks 6-16
IEEE 802.11: multiple access avoid collisions: 2+ nodes transmitting at same
time 802.11: CSMA - sense before transmitting
don’t collide with ongoing transmission by other node
802.11: no collision detection! difficult to receive (sense collisions) when transmitting
due to weak received signals (fading) can’t sense all collisions in any case: hidden terminal,
fading goal: avoid collisions: CSMA/C(ollision)A(voidance)
AB
CA B C
A’s signalstrength
space
C’s signalstrength
6: Wireless and Mobile Networks 6-17
IEEE 802.11 MAC Protocol: CSMA/CA
802.11 sender1 if sense channel idle for DIFS then
transmit entire frame (no CD)2 if sense channel busy then
start random backoff timetimer counts down while channel idletransmit when timer expiresif no ACK, increase random backoff
interval, repeat 2
802.11 receiver- if frame received OK
return ACK after SIFS (ACK needed due to hidden terminal problem)
sender receiver
DIFS
data
SIFS
ACK
6: Wireless and Mobile Networks 6-18
Avoiding collisions (more)
idea: allow sender to “reserve” channel rather than random access of data frames: avoid collisions of long data frames
sender first transmits small request-to-send (RTS) packets to BS using CSMA RTSs may still collide with each other (but they’re
short) BS broadcasts clear-to-send CTS in response to RTS CTS heard by all nodes
sender transmits data frame other stations defer transmissions
avoid data frame collisions completely using small reservation packets!
6: Wireless and Mobile Networks 6-19
Collision Avoidance: RTS-CTS exchange
APA B
time
RTS(A)RTS(B)
RTS(A)
CTS(A) CTS(A)
DATA (A)
ACK(A) ACK(A)
reservation collision
defer
6: Wireless and Mobile Networks 6-20
framecontrol
durationaddress
1address
2address
4address
3payload CRC
2 2 6 6 6 2 6 0 - 2312 4
seqcontrol
802.11 frame: addressing
Address 2: MAC addressof wireless host or AP transmitting this frame
Address 1: MAC addressof wireless host or AP to receive this frame
Address 3: MAC addressof router interface to which AP is attached
Address 4: used only in ad hoc mode
6: Wireless and Mobile Networks 6-21
Internetrouter
AP
H1 R1
AP MAC addr H1 MAC addr R1 MAC addr
address 1 address 2 address 3
802.11 frame
R1 MAC addr H1 MAC addr
dest. address source address
802.3 frame
802.11 frame: addressing
6: Wireless and Mobile Networks 6-22
framecontrol
durationaddress
1address
2address
4address
3payload CRC
2 2 6 6 6 2 6 0 - 2312 4
seqcontrol
TypeFromAP
SubtypeToAP
More frag
WEPMoredata
Powermgt
Retry RsvdProtocolversion
2 2 4 1 1 1 1 1 11 1
802.11 frame: moreduration of reserved transmission time (RTS/CTS)
frame seq #(for RDT)
frame type(RTS, CTS, ACK, data)
6: Wireless and Mobile Networks 6-23
hub or switch
AP 2
AP 1
H1 BBS 2
BBS 1
802.11: mobility within same subnet
router H1 remains in same
IP subnet: IP address can remain same
switch: which AP is associated with H1? self-learning (Ch. 5):
switch will see frame from H1 and “remember” which switch port can be used to reach H1
6: Wireless and Mobile Networks 6-24
Mradius ofcoverage
S
SS
P
P
P
P
M
S
Master device
Slave device
Parked device (inactive)P
802.15: personal area network (WPAN) less than 10 m diameter replacement for cables
(mouse, keyboard, headphones)
ad hoc: no infrastructure master/slaves:
slaves request permission to send (to master)
master grants requests
802.15: evolved from Bluetooth specification 2.4-2.5 GHz radio band up to 721 kbps
6: Wireless and Mobile Networks 6-25
802.16: WiMAX like 802.11 &
cellular: base station model transmissions to/from
base station by hosts with antenna
base station-to-base station with point-to-point antenna
unlike 802.11: range ~ 6 miles (“city
rather than coffee shop”)
~14 Mbps
point-to-multipoint
point-to-point
6: Wireless and Mobile Networks 6-26
Chapter 6 outline
6.1 Introduction
Wireless 6.3 IEEE 802.11
wireless LANs (“wi-fi”)
8.8 Securing wireless LANs
6: Wireless and Mobile Networks 6-27
IEEE 802.11 security
war-driving: drive around Bay area, see what 802.11 networks available? More than 9000 accessible from public
roadways 85% use no encryption/authentication packet-sniffing and various attacks easy!
securing 802.11 encryption, authentication first attempt at 802.11 security: Wired
Equivalent Privacy (WEP): a failure current attempt: 802.11i
6: Wireless and Mobile Networks 6-28
Wired Equivalent Privacy (WEP):
authentication as in protocol ap4.0 host requests authentication from access point access point sends 128 bit nonce host encrypts nonce using shared symmetric
key access point decrypts nonce, authenticates
host no key distribution mechanism authentication: knowing the shared key is enough
6: Wireless and Mobile Networks 6-29
WEP data encryption
host/AP share 40 bit symmetric key (semi-permanent)
host appends 24-bit initialization vector (IV) to create 64-bit key
64 bit key used to generate stream of keys, kiIV
kiIV used to encrypt ith byte, di, in frame:
ci = di XOR kiIV
IV and encrypted bytes, ci sent in frameFundamental problem: ki
IV should never be reused
WEP is based on RC4 that is secure if keys are used just once
6: Wireless and Mobile Networks 6-30
802.11 WEP encryption
IV (per frame)
KS: 40-bit secret
symmetric key k1
IV k2IV k3
IV … kNIV kN+1
IV… kN+1IV
d1 d2 d3 … dN
CRC1 … CRC4
c1 c2 c3 … cN
cN+1 … cN+4
plaintext frame data
plus CRC
key sequence generator ( for given KS, IV)
802.11 header IV
WEP-encrypted data plus CRC
Figure 7.8-new1: 802.11 WEP protocol Sender-side WEP encryption
6: Wireless and Mobile Networks 6-31
Breaking 802.11 WEP encryption
security hole: IV and ki
IV per frame, -> eventually reused IV transmitted in plaintext -> IV reuse detected attack:
Trudy causes Alice to encrypt known plaintext d1 d2 d3 d4 …
Trudy sees: ci = di XOR kiIV
Trudy knows ci di, so can compute kiIV
Trudy knows encrypting key sequence k1IV k2
IV k3IV …
Next time IV is used, Trudy can decrypt!
6: Wireless and Mobile Networks 6-32
802.11i: improved security
numerous (stronger) forms of encryption possible
provides key distribution uses authentication server separate
from access point
6: Wireless and Mobile Networks 6-33
AP: access point AS:Authentication
server
wirednetwork
STA:client station
1 Discovery ofsecurity capabilities
3
STA and AS mutually authenticate, togethergenerate Master Key (MK). AP servers as “pass through”
2
3 STA derivesPairwise Master
Key (PMK)
AS derivessame PMK, sends to AP
4 STA, AP use PMK to derive Temporal Key (TK) used for message
encryption, integrity
802.11i: four phases of operation
6: Wireless and Mobile Networks 6-34
wirednetwork
EAP TLSEAP
EAP over LAN (EAPoL)
IEEE 802.11
RADIUS
UDP/IP
EAP: extensible authentication protocol EAP: end-end client (mobile) to
authentication server protocol EAP sent over separate “links”
mobile-to-AP (EAP over LAN) AP to authentication server (RADIUS over UDP)