IEEE 802.11 WiFi
Paal E. Engelstad
• Overview • History
– Ethernet -‐> WiFi
• Physical layer • MAC layer • Security
A look at network structure • network edge:
– hosts: clients and servers – servers often in data centers
v access networks: § Wired (e.g. Ethernet) § Wireless (e.g. LTE and WiFi)
v network core: § interconnected routers § network of networks
mobile network
global ISP
regional ISP
home network
institutional network
Some Wireless Access networks
v access networks: § Wired (e.g. Ethernet) § Wireless (e.g. LTE and WiFi)
WiFi (and Ethernet) in home networks
to/from headend or central office
cable or DSL modem
router, firewall, NAT
wired Ethernet (100 Mbps)
wireless access point (54 Mbps)
wireless devices
often combined in single box
WiFi (and Ethernet) in Enterprise networks
v Typically used in companies, universities, etc v 10 Mbps, 100Mbps, 1Gbps, 10Gbps transmission rates v Today, end systems typically connect into Ethernet switch
Ethernet switch
institutional mail, web servers
institutional router
institutional link to ISP (Internet)
WLAN vs. WWAN • shared wireless access network connects end system to router
– via base station aka “access point”
Wireless LANs (WLANs): § within building (100 ft) § 802.11b/g (WiFi): 11, 54 Mbps
transmission rate
Wireless wide-area netwoks (WWAN) § provided by telco (cellular)
operator, 10’s km § between 1 and 10 Mbps § 3G, 4G: LTE
to Internet 1-7
to Internet
WLAN vs. WWAN
to Internet 1-8
WLAN/WiFI (802.11)
WWAN (1G, 2G, 3G,...) Range
(m)
Capacity (BW) Wireless Networking
Wireless sta0on Access point (AP)
Connects mul0ple wireless sta0ons to the wired network
WLAN components
Basic Service Set (BSS) -‐ One access point
Extended Service Set (ESS) -‐ Mul0ple cells, Two or more BSSs
WLAN operating modes: Infrastructure mode
Independent Basic Service Set (IBSS)
WLAN operating modes: Ad hoc mode
IBSS Independent BSS BSS
(Infrastructure BSS)
EBSS (Extended BSS)
DS (Distribution System)
BSS (Infrastructure BSS) BSS
(Infrastructure BSS)
“Portal”
Access Point (AP)
ID: BSSID
ID: SSID
Station (STA)
WLAN operating modes: Summary
• Overview • History
– Ethernet -‐> WiFi
• Physical layer • MAC layer • Security
History: Fixed networking
LAN (Ethernet)
Telco-‐network Range (m)
Capacity (BW) Fixed Networking
History: Fixed networking
LAN (Ethernet)
Telco-‐ network Range
(m)
Capacity (BW) Fixed Networking
Internet IEEE
IETF
ITU (U.N.) ETSI (industry)
History: Going wireless...
LAN (Ethernet)
Telco-‐ network Range
(m)
Capacity (BW) Fixed Networking
WLAN ?
WAN (1G, 2G, 3G,...) Range
(m)
Capacity (BW) Wireless Networking
IEEE Internet
History: HyperLAN vs 802.11
• Ethernet as a starWng point...
LAN (Ethernet)
Teleco-‐network Range (m)
Capacity (BW) Fixed Networking
? WAN
(1G, 2G, 3G,...) Range (m)
Capacity (BW) Wireless Networking
IEEE
802.11
ETSI
HyperLAN (ETSI) vs 802.11 (IEEE/WiFi)
• Market race in late 1990ies • Layering principles well established • Telecom: Top-‐down approach, include all
– Telecom wireless guys trying to datacom (Ethernet) • Datacom: Bo[om up, modular
– Data com (Ethernet) guys trying to do wireless – RFC 1925 The Twelve Networking Truths, 1 april ! 1996
• (12) In protocol design, perfecWon has been reached not when there is nothing le` to add, but when there is nothing le` to take away.
• (Originally from the French writer Antoine de Saint-‐Exupery)
Why IEEE won the market race
• Faster to market, partly due to datacom design philosophy, e.g.: • RFC 1958 Architectural Principles of the Internet June 1996
– ... – 3.4 Performance and cost must be considered as well as funcWonality. – 3.5 Keep it simple. When in doubt during design, choose the simplest
soluWon. – 3.6 Modularity is good. If you can keep things separate, do so – 3.7 In many cases it is be[er to adopt an almost complete soluWon
now, rather than to wait unWl a perfect soluWon can be found. – 3.8 Avoid opWons and parameters whenever possible. Any opWons and
parameters should be configured or negoWated dynamically rather than manually.
– ... etc ...
• This also explains the “alphabet soup” of 802.11
Learning from history
• You should understand the starWng point: – Ethernet
• They faced 3 main challenges: – New physical layer (PHY)
• Radio techniques, modulaWon etc
– Changes to MAC-‐layer • Due to radio features: CDMA/CD -‐> CDMA/CA
– Security • From wired network to open broadcast
Then keep on improving
• You should understand the starWng point: – Ethernet
• They faced 3 main challenges: – New physical layer (PHY)
• New PHYs with higher BW (eg 802.11a from HyperLAN)
– Changes to MAC-‐layer • CDMA/CA + new features (some from HyperLAN)
– Security • Replacing the original WEP with 802.1X
This is our OUTLINE:
• You should understand the starWng point: – Ethernet
• They faced 3 main challenges: – New physical layer (PHY)
• New PHYs with higher BW (e.g. 802.11a from HiperLAN)
– Changes to MAC-‐layer • CDMA/CA + new features (some from HyperLAN)
– Security • Replacing the original WEP with 802.1X
OUTLINE
• You should understand the starWng point: – Ethernet
• They faced 3 main challenges: – New physical layer (PHY)
• New PHYs with higher BW (802.11a from HiperLAN)
– Changes to MAC-‐layer • CDMA/CA + new features (some from HyperLAN)
– Security • Replacing the original WEP with 802.1X
De-Facto Ethernet today • LAN Switching and Full Duplex physical layer
– No collision detection in devices
• Optimized implementation of original Ethernet – Ethernet specification fits well as a WLAN starting
point ....
Switch
Switch
Same broadcast domain
Ethernet: Multiple-access links
• broadcast (shared wire or medium) – Old-fashioned Ethernet
• With old-fashioned bus (e.g. 10Mb 10Base-2 Coax) • Ethernet with a Hub-topology
– 802.11 wireless LAN
Shared wire (e.g.,
old-fasioned Ethernet) Shared Radio / Wireless
(e.g., 802.11 WiFi)
humans at a cocktail party
(shared air, acoustical)
HUB
Star-topology with hub or repeater (e.g. Ethernet)
MulWple access protocols • single shared broadcast channel • two or more simultaneous transmissions by nodes: interference
– collision if node receives two or more signals at the same time
multiple access protocol • distributed algorithm that determines how nodes share
channel, i.e., determines when node can transmit • communication about channel sharing must use channel itself!
– no out-of-band channel for coordination
3 classes of multiple access protocols
• channel partitioning – divide channel into smaller “pieces” (e.g. with time slots/TDMA,
frequency/FDMA, code/CDMA) – allocate piece to node for exclusive use
• “taking turns” – nodes take turns, but nodes with more to send can take longer
turns – Example1: Polling with a Master/Slave topology (e.g. Bluetooth) – Example2: Token passing with a Ring topology (e.g. IEEE 802.5)
• random access – channel not divided, allow collisions – Need to detect collisions and “recover” from collisions – Examples: Aloha, CSMA/CD (Ethernet), CSMA/CA (WLAN)
Ethernet designed for multiple access
• Designed for bus-topology and broadcast • Allows also use of star topology with hub • Each station must examine every frame to determine
whether the frame is destined for it or not • All stations see all frames placed on the network
– i.e. Broadcast domain = Collision Domain
Shared wire (e.g., old-fasioned Ethernet)
HUB
Star-topology with hub or repeater (e.g. Ethernet)
Ethernet uses CSMA/CD to control access to the transmission medium
– CSMA: Listen before sending, and do not send if channel is busy (Human analogy: don’t interrupt others!)
– CD: Listen while sending, • Not easy on wireless: 802.11 WiFi uses frame exchange (e.g. DATA/ACK) instead
– WiFi uses Collision Avoidance (CA) in addition
– Back off if collision is detected (Human analogy: the polite conversationalist)
• Exponential back-off
Shared wire (e.g., old-fasioned Ethernet)
HUB
Star-topology with hub or repeater (e.g. Ethernet)
OUTLINE
• You should understand the starWng point: – Ethernet
• They faced 3 main challenges: – New physical layer (PHY)
• New PHYs with higher BW (802.11a from HiperLAN)
– Changes to MAC-‐layer • CDMA/CA + new features (some from HyperLAN)
– Security • Replacing the original WEP with 802.1X
1997
31
…..
Standardiza0on of WLAN: IEEE approved 802.11, 2.4 GHz, 1-‐2 Mbps
2003
802.11g: 2.4 GHz, upto 54Mbps; Performance similar to 802.11a; Compa0ble with 802.11b devices
1999
802.11b: 2.4GHz, upto 11 Mbps; 802.11a: 5GHz, upto 54Mbps
2007-‐2009
IEEE approved 802.11n, upto 600 Mbps Op0mizes modula0on; Uses mul0ple antennas
Brief history of the 802.11 PHYs
PHYs • 802.11-‐1997 (802.11 legacy ”Standard”)
– 2.4 GHz, 1 Mbit/s or 2 Mbit/s.
• 802.11b-‐1999 (”Amendment”) – 2.4 GHz, 11 Mbps – On market: year 2000
• 802.11a-‐1999 (OFDM) – 5 GHz, 1.5 – 54 Mbps – Very slow market adopWon
• 802.11g-‐2003 – 2.4 GHz, 1.5 – 54 Mbps – On market: 2003 (hindered growth of 802.11a)
• 802.11-‐2007 (”Standard”) – Included amendments 802.11a, b, d, e, g, h, i, j
• 802.11n-‐2009 (MIMO) – Both 2.4 GHz and 5 GHz bands 54 – 600 Mbps – On market from 2007/2008 (based on dra` version)
• 802.11-‐2012 (”Standard”) – Included amendments 802.11k, r, y, n, w, p, z, v, u, s
• 802.11ac-‐2013 (MulW-‐user MIMO) – 5 GHz bands 1.3 Gbps – Products available on the market now
Physical layers: Example: 802.11
TODO: UPDATE
IEEE std Type/modulat. Year Max rate (Mbps)
Band (GHz)
802.11 FHSS (QPSK)
1997 2 2,4
802.11 DSSS (GFSK) 1997 2 2,4
802.11b HS-DSSS (CCK) 1999 11 2,4
802.11a OFDM 1999 54 5.0
802.11g OFDM/DSSS 2003 54 2,4
802.11j OFDM 54 4,9
802.11n OFDM 2009 350 2.4/5.0
802.11ac OFDM 2014? 1690 5.0
802.11ad OFDM 2012 7000 60 (LOS 10m)
Link Layer 5-33
Physical layers: Example: 802.11
TODO: UPDATE
IEEE std Type/modulat. Year Max rate (Mbps)
Band (GHz)
802.11 FHSS (QPSK)
1997 2 2,4
802.11 DSSS (GFSK) 1997 2 2,4
802.11b HS-DSSS (CCK) 1999 11 2,4
802.11a OFDM 1999 54 5.0
802.11g OFDM/DSSS 2003 54 2,4
802.11j OFDM 54 4,9
802.11n OFDM 2009 350 2.4/5.0
802.11ac OFDM 2014? 1690 5.0
802.11ad OFDM 2012 7000 60 (LOS 10m)
Link Layer 5-34
35
FHSS rapidly switches a carrier among many frequency channels
Highly resistant to narrowband interference
u FSK modula0on u 79 channels (2.4GHz-‐2.438 GHz) u 1 MHz Channel spacing
Frequency Hopping Spread Spectrum (FHSS)
36
System performance metrics used commonly used for TPC
FHSS Interference avoidance
FHSS: Concept of spread spectrum
Physical layers: Example: 802.11
TODO: UPDATE
IEEE std Type/modulat. Year Max rate (Mbps)
Band (GHz)
802.11 FHSS (QPSK)
1997 2 2,4
802.11 DSSS (GFSK) 1997 2 2,4
802.11b HS-DSSS (CCK) 1999 11 2,4
802.11a OFDM 1999 54 5.0
802.11g OFDM/DSSS 2003 54 2,4
802.11j OFDM 54 4,9
802.11n OFDM 2009 350 2.4/5.0
802.11ac OFDM 2014? 1690 5.0
802.11ad OFDM 2012 7000 60 (LOS 10m)
Link Layer 5-38
39
DSSS is a modula0on technique that transmits the message signal using a wide(r) bandwidth
DSSS is more robust to interference and noise/jamming
Direct Sequence Spread Spectrum (DSSS)
DSSS: Concept of spread spectrum
Below the noise level! (Analogy from technical museum)
DSSS: Analogy
Sound waves
Speak! Listen!
Below noise level
DSSS: Concept of spread spectrum
Tradi0onal way of sharing the spectrum would be like this (FDM)
DSSS: Concept of spread spectrum
The DSSS way of sharing the spectrum would be like this...
44
The message signal modulates a pseudorandom noise/code (PRN)
source.: Siemens
Direct Sequence Spread Spectrum (DSSS)
45
Graphical representa0on of WiFi Channels in 2.4 GHz band
Non-‐overlapping DSSS Channels in the ISM band
DSSS Channels
Physical layers: Example: 802.11
TODO: UPDATE
IEEE std Type/modulat. Year Max rate (Mbps)
Band (GHz)
802.11 FHSS (QPSK)
1997 2 2,4
802.11 DSSS (GFSK) 1997 2 2,4
802.11b HS-DSSS (CCK) 1999 11 2,4
802.11a OFDM 1999 54 5.0
802.11g OFDM/DSSS 2003 54 2,4
802.11j OFDM 54 4,9
802.11n OFDM 2009 350 2.4/5.0
802.11ac OFDM 2014? 1690 5.0
802.11ad OFDM 2012 7000 60 (LOS 10m)
Link Layer 5-46
47
Each RF carries a small part of the data
The carriers are very close to each other but are orthogonal
The data is divided into a large number of radio frequencies (RFs)
OFDM is highly robust to frequency selec0ve interference and fading, but it requires high processing power
Orthogonal Frequency Division Multiplexing (OFDM)
The Protocol Stack
• Mostly focusing on the MAC layer here.
• More management funcWons on the MAC-‐layer, than in other ”Wired” IEEE 802-‐standarder 802.11 Protokol Arkitektur
Note:
- FHSS is historic - IR not implemented (IrDA isteden) - 802.11b, 802.11a and 802.11g PHYs - 802.11n is the upcoming PHY
802.2 !!!
PHY – Below the MAC
• Three main funcWons: 1. Wrap in the MAC frames (PLCP) 2. Transmit and receive over the radio channel (PMD)
• E.g. the modulaWon presented in previous slides
3. Indicate to the MAC layer whether the channel is available or not (CCA)
PHY
PLCP Phys. Layer Convergence Proc.
PMD Phys. Medium Dependent
CCA is based on: - energy level - decoding over time - combination
CCA Clear Channel Assessment
PLCP – Allowing different BWs
• PLCP has its own header:
PHY
PLCP Phys. Layer Convergence Proc.
PMD Phys. Medium Dependent
Signal bits: Indicate the modulation used in the remaining part of the frame [Service bits (reserved in DSSS, but used in 802.11b): 1 bit increases the length, 1bit for symbol clock locked to transmit frequency, and 1 bit for the type of coding (CCK vs PBCC...)]
LLC: Above the MAC
• 802.11 uses 802.2 for logic link control, for encapsulaWon of IP and ARP
• 802.2 header appears between MAC header and e.g. the IP-‐packet:
Ne[verkslaget (IP)
Log. Link Ctrl. (802.2)
MAC-‐laget (802.11 MAC)
Fysisk lag (802.11 PHY)
802.11 MAC hdr
SNAP DSAP
SNAP SSAP Control Vendor
ID Type
(IP/ARP) IP Pakke FCS
24/30 1 1 1 3 2 4 0-2306 bytes
Like for Ethernet II
“SNAP-header“ 802.2 LLC header
3 0 OxAA OxAA
LLC specifies the general interface between the network layer (IP, IPX, etc) and the data link layer (Ethernet, Token Ring, etc).
SNAP header added for Ethernet II compaMbility. The protocol Types for IP/ARP etc > 1500, and there is not sufficient space for this within the 1-‐Byte SAP fields.
OUTLINE
• You should understand the starWng point: – Ethernet
• They faced 3 main challenges: – New physical layer (PHY)
• New PHYs with higher BW (802.11a from HiperLAN)
– Changes to MAC-‐layer • CDMA/CA + new features (some from HyperLAN)
– Security • Replacing the original WEP with 802.1X
Main funcWon of the MAC-‐layer • Reliable transmission => 2-‐way & 4.way handshake:
– ACK of each unicast data frame • 2 way / ”Minimal Frame Exchange”
– RTS/CTS handshake to avoid ”Hidden Node Problem” • 4 way
• Fair access to the channel – PCF (/HCF) – Polling-‐based, not treated here – DCF (Distributed CoordinaWon FuncWon)
• CSMA/CA • Timing Intervals
• ProtecWon of the data sent – WEP – WPA / WPA2 / 801.11i
Hidden Node Problem
Data Data
A B
SoluWon: CTS/RTS
• Before each data frame is sent, short RTS /CTS frames are exchanged – RTS = ”Request To Send”, CTS = ”Clear To Send”
• ”dot11RTSThreshold” set in MIB: – no CTS/RTS for frames shorter than the Threshold
• CTS also used for 802.11b/802.11g interoperability – To clear the channel
Data Data
RTS RTS
A B
CTS (A) CTS (A)
A B
Data ACK
Fair access to the channel – CSMA/CA
• CSMA = ”Listen before Talk”
• CA = “Collision Avoidance” – Less greedy: waiWng a random Wme before retransmission
• p-‐persistent – Physical Carrier Sense (Clear Channel Assessment) – ”Virtual” Carrier Sense
• Each frame contains ”DuraWon” informaWon • Each node maintains a NAV
– Network AllocaWon Vector updated by the ”DuraWon” info – Says how long the channel will be busy
• Every node must listen to every frame on the network – (or in Power Save Mode: must synch with Beacon from the AP)
Binary exponenWal backoff -‐ 1 1. MAC layer receives packet to be transmi[ed 2. MAC do a physical and virtual ”carrier sense” 3. The frame is transmi[ed if the channel is idle 4. Otherwise (i.e. if channel is busy):
a) MAC selects a random number of backoff slots (=Backoff Value) within the give ”ContenWon Window” interval
b) MAC increments the Retry Counter c) Then the Backoff value is decremented for each idle Wmeslot
MAC observed on the channel. The MAC transmits the frame when the Backoff Value = 0
d) If no ACK is received, the ContenWon Window is doubled; GOTO 4a)
Binary exponenWal backoff -‐ 1 5. Abort if ACK received (i.e. success) or if Retry Counter
exceeds the Retry Limit (i.e. give up) a) Retry Counter reset tp 0 b) ContenWon Window reset to its start value ”CWmin”
6. Post-‐Backoff: One backoff (with CWmin) must be carried out, before a new frame can be transmi[ed.
Note: The Post-‐backoff ensures fair access to the channel – Allows other STAs to enter the channel – Fairness is thus on a per-‐staWon and per-‐frame basis – This mechanism is tweaked in 802.11e in order to provide
differenWated QoS (EDCA)
Priority by the Timing Intervals • Short Inter-‐Frame Space (SIFS)
– The shortest Inter-‐Frame Space (IFS) interval – Used for “atomic” handshakes, etc.
• ACK, CTS, Poll-‐Response (PCF), Data • Priority IFS (PIFS = SIFS + 1 0meslot)
– AP uses PIFS to seize the channel under the contenWon-‐free period (CFP), and SIFS (+NAV) to withhold it
• Distributed IFS (DIFS = SIFS + 2 0meslots) – Minimum delay for the contenWon period (CP)
DIFS Contention Window
Slot time
Defer Access
Backoff-Window Next Frame
Select Slot and Decrement Backoff as long as medium is idle.
SIFS
PIFS DIFS
Free access when medium is free longer than DIFS
Busy Medium
(EIFS is not menWoned…)
Timing and NAV with ”Minimal Frame Exchange”
”Atomic” transmission unit where channel is busy
Timing and NAV with 4-‐way handshake
”Atomic” transmission unit
Timing and NAV with PCF
Frame format
• Frame Control – Type: – Data
• 8 types: Data / Null med CF-‐Poll and/or CF-‐ACK – Control
• RTS, CTS, ACK, PS-‐Poll (power save), CF-‐End, CF-‐End+ACK – Management
• Beacon, Probe Request/Response, • AuthenWcaWon, De-‐AuthenWcaWon • AssociaWon/Re-‐associaWon Request/Response, DisassociaWon • Announcement Traffic IndicaWon Map (ATIM)
Frame Control
Duration/ ID
Address 1
Address 2
Address 3
Sequence Control
Address 4 Data CRC
2 2 6 6 6 6 2 4 0-2312 bytes
Protocol version Type Subtype To
DS More Frag Retry Power
Mgmt More Data WEP
2 2 4 1 From DS
1
Order
bits 1 1 1 1 1 1
Some frame formats • Common frame format, e.g. for data in BSS:
• Special frame formats
Frame Control Duration Receiver
Address Transmitter
Address CRC
2 2 6 6 4 bytes
Frame Control Duration Receiver
Address CRC
2 2 6 4 bytes
Frame Control Duration Receiver
Address CRC
2 2 6 4 bytes
ACK
RTS
CTS
Frame Control
Duration/ ID
Address 1
Address 2
Address 3
Sequence Control Data CRC
2 2 6 6 6 2 4 0-2312 bytes
From AP: DA BSSID SA To AP: BSSID SA DA
OUTLINE
• You should understand the starWng point: – Ethernet
• They faced 3 main challenges: – New physical layer (PHY)
• New PHYs with higher BW (802.11a from HiperLAN)
– Changes to MAC-‐layer • CDMA/CA + new features (some from HyperLAN)
– Security • Replacing the original WEP with 802.1X
1. Probe_Request(SSID=’/0’, STA_rates) 2. Probe_Response(Timestamp, beacon_interval, AP_capabiliWes, SSID=”This-‐SSID”,
AP_rates, PHY-‐parameters) 3. AuthenWcaWon(Algorithm_no=1, sequence_no=0) 4. AuthenWcaWon(Algorithm_no=1, sequence_no=1, Challenge=”abcdefgh”) 5. AuthenWcaWon(Algorithm_no=1, sequence_no=2, Challenge=RC4(key, ”abcdefgh”)) 6. AuthenWcaWon(Algorithm_no=1, sequence_no=3, Status_code=Success) 7. AssociaWon_Request(STA_capabiliWes, listen_interval, SSID=”This-‐SSID”, STA_rates) 8. AssociaWon_Response(AP_capabiliWes, Status_code = ”Success”, AssociaWon_ID,
AP_rates) 9. DATA TRANSMISSIONS ? ? ? ? ? ? ? ?
Typical scenario -‐ I
ID: This-SSID ID: BSSID1 ID: BSSID2
?
i. Merk utvekslingen av kapabiliteter and supporterte data rater mellom STA and AP ii. Kun ensidig autenMsering av STA, dvs. STA kan ikke autenMsere AP iii. Punkt 4. and 5. uXøres ikke ved ”Open AuthenMcaMon” uten WEP. Da kjøres Null-‐algoritmen iv. Listen_interval = n betyr at STA vil ly_e Ml hvert n’te Beacon (i.e. i Power Save Mode) v. AssociaMon_ID (AID) brukes for polling
? ? ? ? ? ? ?
1. DATA TRANSMISSIONS 2. Beacon(Timestamp, beacon_interval, AP_capabiliWes, SSID=”This-‐SSID”, AP_rates, PHY-‐
parameters, etc...) 3. AuthenWcaWon(Algorithm_no=1, sequence_no=0) 4. AuthenWcaWon(Algorithm_no=1, sequence_no=1, Challenge=”abcdefgh”) 5. AuthenWcaWon(Algorithm_no=1, sequence_no=2, Challenge=RC4(key, ”abcdefgh”)) 6. AuthenWcaWon(Algorithm_no=1, sequence_no=3, Status_code=Success) 7. Re-‐AssociaWon_Request(STA_capabiliWes, listen_interval, SSID=”This-‐SSID”, STA_rates,
Current_AP_Address) 8. ReassociaWon message sent to Current_AP_Address using IAPP or proprietary protocol 9. Re-‐AssociaWon_Response(AP_capabiliWes, Status_code = ”Success”, AssociaWon_ID,
AP_rates) 10. DATA TRANSMISSIONS
? ? ?
Typical scenario -‐ II
ID: This-SSID
i. På forrige slide brukte STA akMv scanning, Her viser vi eksempelet med passiv scanning.
ii. STA kan pre-‐autenMsere seg i god Md med mange APer for sikkerhets skyld uten å må_e (re-‐)assosiere seg
iii. Noen implementasjoner vil ikke kreve ny authenMserMng, når STA allerede har authenMsert med et annet AP
? ? 1. DisassociaWon (Reason_code = 4 (i.e. ”Disassociated due to inacWvity”))
2. DeauthenWcaWon(Reason_code = 3 (i.e. ”DeauthenWcated because STA is leaving”))
Typical scenario -‐ III
ID: This-SSID
Power Saving -‐ Principle
• STA synchronizes using the Beacon from the AP • AP buffers incoming packets for the STA • AP sends a Traffic IndicaWon Map (TIM) in Beacon • STA ”wakes up” for every n’th Beacon
– Checks TIM for buffered packets waiWng at the AP – Might send a PS-‐Poll to receive buffered packets
• If the AP sends the buffered frame with a ”more data”-‐bit = 1, then the STA conWnues polling the AP for more buffered packets
• For mulW-‐/broad-‐cast frames the AP uses a Delivery TIM (DTIM)
All this requires synchronizaWon between the AP and the
STA...
SynchronizaWon: TSF
• The Timing SynchronizaWon FuncWon (TSF) • AP is responsible for maintaining the TSF • AP announces its Wme (TSF) periodically in Beacons • STAs adapt its locale Wme (TSF) to the TSF of the AP • Beacon also contains the Beacon interval
– STA can predict when the next Beacon will arrive • This point in Wme is referred to as the “Target Beacon Transmission Time” (TBTT)
– STA can therefore maintain the synchronizaWon, even if it misses some Beacons
• AP announces its Wme (TSF) also in Probe Responses – Scanning STAs can also synchronize
Other MAC-‐funcWons
• FragmentaWon • Scanning • …
Not dealt w
ith in this l
ecture
OUTLINE
• You should understand the starWng point: – Ethernet
• They faced 3 main challenges: – New physical layer (PHY)
• New PHYs with higher BW (802.11a from HiperLAN)
– Changes to MAC-‐layer • CDMA/CA + new features (some from HyperLAN)
– Security • Replacing the original WEP with 802.1X
73
BSS: Shared key is used between all sta0ons and the APs
ESS: All APs have the same shared key
No key management Shared key is manually entered into sta0ons and APs
Scalability issues are cri0cal
WEP is the original security model (1999), but has dis0nct weaknesses and is outdated
WLAN Security: Wired Equivalent Privacy (WEP) Model
74
WPA (2003) employs Temporary Key Integrity Protocol (TKIP) to enhance security of the keys used with WEP
WPA also uses RC4 stream cipher
WPA changes the way keys are derived and rotates keys more ogen for improved security
WPA has an addi0onal func0on called message integrity check func0on to prevent packet forgeries
WLAN Security Enhancement: Wi-‐Fi Protected Access (WPA)
75
The WLAN security model currently in use is WPA2 (802.11i)
WPA2 uses Advanced Encryp0on Standard (AES) block cipher
WPA2 uses an encryp0on device that encrypts the network with a 256-‐bit key
WLAN Security Enhancement: WPA2
OUTLINE
• You should understand the starWng point: – Ethernet
• They faced 3 main challenges: – New physical layer (PHY)
• New PHYs with higher BW (802.11a from HiperLAN)
– Changes to MAC-‐layer • CDMA/CA + new features (some from HyperLAN)
– Security • Replacing the original WEP with 802.1X