WiFi, Bluetooth & Layers

Emmanuel Baccelli

Last week

• Wifi, Bluetooth: wireless LANs

• Medium Access Control

• Basic example : Aloha

Wifi, Bluetooth, Ethernet

Couche 5Couche 5

Couche 4Couche 4

Couche 3Couche 3

Couche 2: LienCouche 2: LienCouche 1: PhysiqueCouche 1: Physique

• Protocol layers 1 et 2

• Transfer packets over a link

• Standardization body: IEEE

• Standards: 802.11, 803.2, 802.15…

= la norme IEEE 802.11

• Norme = règles, techniques, formats communs à respecter

• Protocole = norme de communication entre machines

• IEEE = Institute of Electrical and Electronics Engineering

• IEEE 803.2

• IEEE 1394

• IEEE 802.15.1

IEEE 802.11 standard

• Communication between terminals and access point

• Direct communication between terminals

Infrastructure mode in urban situation

• Emission power 100 mW (1/10 of GSM)

• Bursty packet emissions 2-5-10-..54 Mbits/s

• Range: 100 m outdoor several ten meters

• European ETS 300 328

IEEE 802.11 basic

Frequencies

– 52 MHz bandwidth around 2.4 GHz

– 11 channels with partial overlaps

• Spread of 11MHz (11 bits Barker sequence) 1 Msymbols/s– 1 Mbps: modulation PSK 1, 1

bit/ symbol (DSSS IEEE 802.11)

– 2 Mbps: mod QPSK, 2 bits/ symbol

• Spread of 11 MHz (séquence 8 bits CCK), 1,375 Msymbol/s– 5,5 Mbps: 4 bits/symbole– 11 Mbps: 8 bits/symbole

coding IEEE 802.11b

• Spread spectrum

• IEEE 802.11b (1-2-5,5-11 Mbps)– Bandwidth 2,4 GHz– Modulation Direct Sequence Spread Spectrum (DSSS)– No Forward Error Control (FEC)

• IEEE 802.11a (6-54 Mbps)– Bande 5,2 GHz– Mod. Orthogonal Frequency Division Multiplexing

(OFDM)– FEC rate ½, 2/3, 3/4 (convolutive code)

• IEEE 802.11g (ERP-OFDM), IEEE 802.11n (MIMO)

IEEE 802.11b,a,g,n

Carrier SenseMultiple Access

Basic CSMA:listen before talk

• node withdraws over signal detection

forbidden zone

emitter

destination

packet

ack

forbidden period

DIFS

Hidden nodes collisionsavoidance

• Node withdraws over hidden nodes detection

emitter

destination

packet

ack

forbidden period

RTS

CTS

Collision management

• CSMA/CA Carrier Sense Multiple Access with Collision Avoidance

• Random backoff of transmission over forbidden periods– Evite les collisions répétées– The node selects a random backoff: a number of mini-slots between 0

and Cmax-1 (8)

– Mini-slots are not decremented during forbidden periods

– Cmax double at each collision (lack of CTS or ACK)

– Retry number limited to max_retry (7-16).– Slot<DIFS (Distributed Inter Frame Space)

Forbidden period slot slot slotForbid. period

Example: time for a backoff of 3 slots

Retransmissions

packet

ack

Forbidden Period

RTS

CTS

packet

ack

forbidden period

DIFS

• Infrastructure mode

AP

terminal

Distribution system

BSS

ESS

AP: Access PointBSS: Basic Set ServiceESS: Extended Set ServiceIBSS: Independent Basic Set Service

Terminology

IBSS

• ad hoc mode

• IEEE 802.11 packet

• Packet emission

preamble MAC header Data part (IP packet) Check sum

packet

ACK

SISF Emitter node

Intended Receiver node

Formats (packets)

Format (Preamble)

– Four addresses in infrastructure mode – Only two in ad hoc mode – Control field contains length and mode– Sequence field for fragmentation

Address 1 Address 2 Address 3 Address 4control sequence

Formats (MAC header)

• Authentification and encryption (secret key K, symmetric)– The terminal requires the access point authentification

– The access point sends a challenge of 128 random bits

– The terminal returns the 128 bits xored by K

– The access point confirms authentification

– Default: James Bond overhear the key K via direct comparison between challenge and terminal reply!

WEP security

• Packet encryption (algorithm RC4)– pseudo random sequence seed=K*IV (Initialisation Vector in packet header)– Integrity check via an internal check sum– RC4 is linear (RC4(xy)=RC4(x)RC4(y))!

• WEP is very weak and only address unvolontary earsdropping.

• WEP improvement with IEEE 802.11i– Introduction of IEEE 802.1x to manage the secret keys K

(Extensible Authentification Protocol- Transport Layer Security, EAP-TLS).

– Authentification made indépendant of encryption – Introduction of more sophisticated function : (K,IV)RC4

seed.

IEEE 802.11

IEEE 802.1x

Authentificationagent

improved security

= IEEE 802.15.1

• Communication between personnal devices• Architecture piconet master slave:

– 7 slaves max per piconet

– Exclusive links slave-master– Slotted time

master

slaves

piconet

esclaves

• Wide area architecture : scatternet

– Several tiled piconets– Frequency hopings differ– certains nodes switch status master-slave

IEEE 802.15.1

• Limited emission power– Class 1: 100 mW– class 2: 2,5 mW– class 3: 1 mW (1/1000 GSM)

• Minimal signal processing– Periodic TDMA– Throughput 1 Mbps max– Few meters range.

• Profiles– Standadized applications

IEEE 802.15.1

From master

• Slotted system managed by the master node over a single frequence

• Adaptative FEC, rate: 1 (no correction), 2/3, 1/3• Frequency hopping (1600/sec)

– One hop per slot over 79 channels (2,4 GHz)– Throughput 1 Mbps, extensions for10 Mbps.

From slave

IEEE 802.15.1

Bluetooh + WiFi

• Format du paquet

– Access Code (AC): synchro, pagination (slot #). Channel AC, Device AC, Inquiry AC.

– Header: address, sequence number, flow control, acquittement

Formats

frequency hoping

Periodic change of frequencies. Predetermined sequence fixed in standard. Goal: use uncongested frequencies.

• Connection establishment

– Inquiry for destination terminal identification (source, destination)

– paging for synchronization of emissions (source, master, destination)

– polling, the master prompts each slave emission.– Out of connection, the slave can be in wake mode or in

sleed mode, otherwise it looses its MAC address.

Connection

• Authentification (E1 algorithm)– Secret shared key (link key) (128 bits)

• Encryption (algorithms KG, E0)– Secret key Kc (deduced from link key par KG) from 8 to 128

bits (negociated)– Use of slot number in E0 (indicated in paging)– E1 and E0 differ.

Sécurity

• Default of Bluetooth security– Keys are too short– link key and Kc are both function of device PIN (4

bits).

• Authentification of B byA

– B sends its address (48 bits)– A returns rand(A) to B (challenge 128 bits)– E1(addr B, link key, rand(A))=(SRES,ACO) (32

bits, 96 bits)– B returns SRES.

Authentification

• encryption– Kc depends on link key, ACO and EN_RAND– The pseudo random word Kstr depends on slot

number and the addess of the master– In packet crypted code=dataKstr

Encryption

• mode 2– Packets are encrypted via individual keys Kc(B)=KG(…,ACO(B))– Broadcast packets are not encrypted

• mode 3– All packets are encrypted via the key of the master

Kc=KG(…,ACO(A))