IEEE 802.11 WiFi Paal E. Engelstad •  Overview •  History –  Ethernet -­‐> WiFi •  Physical layer •  MAC layer •  Security A look at network structure
• 
network edge:
– 
– 
v 
mobile network
hosts: clients and servers
servers often in data centers
access networks:
global ISP
home
network
§  Wired (e.g. Ethernet)
§  Wireless (e.g. LTE and WiFi)
v 
network core:
§  interconnected routers
§  network of networks
institutional
network
regional ISP
Some Wireless Access networks
v 
access networks:
§  Wired (e.g. Ethernet)
§  Wireless (e.g. LTE and WiFi)
WiFi (and Ethernet) in home networks
wireless
devices
to/from headend or
central office
often combined
in single box
cable or DSL modem
wireless access
point (54 Mbps)
router, firewall, NAT
wired Ethernet (100 Mbps)
WiFi (and Ethernet) in Enterprise networks
institutional link to
ISP (Internet)
institutional router
Ethernet
switch
v 
v 
v 
institutional mail,
web servers
Typically used in companies, universities, etc
10 Mbps, 100Mbps, 1Gbps, 10Gbps transmission rates
Today, end systems typically connect into Ethernet switch
WLAN vs. WWAN
• 
shared wireless access network connects end system to router
–  via base station aka “access point”
Wireless LANs (WLANs):
§  within building (100 ft)
§  802.11b/g (WiFi): 11, 54 Mbps
transmission rate
Wireless wide-area netwoks (WWAN)
§  provided by telco (cellular)
operator, 10’s km
§  between 1 and 10 Mbps
§  3G, 4G: LTE
to Internet
to Internet
1-7
WLAN vs. WWAN
Capacity (BW) Wireless Networking WLAN/WiFI (802.11) WWAN (1G, 2G, 3G,...) Range (m) to Internet
1-8
WLAN components
Wireless sta0on Access point (AP) Connects mul0ple wireless sta0ons to the wired network WLAN operating modes: Infrastructure mode
Basic Service Set (BSS) -­‐ One access point Extended Service Set (ESS) -­‐  Mul0ple cells, Two or more BSSs WLAN operating modes: Ad hoc mode
Independent Basic Service Set (IBSS) WLAN operating modes: Summary
Access Point (AP)
IBSS
BSS
Independent BSS
(Infrastructure BSS)
“Portal”
DS (Distribution System)
Station (STA)
EBSS
(Extended BSS)
ID: SSID
BSS
BSS
(Infrastructure BSS)
(Infrastructure BSS)
ID: BSSID
•  Overview •  History –  Ethernet -­‐> WiFi •  Physical layer •  MAC layer •  Security History: Fixed networking Capacity (BW) Fixed Networking LAN (Ethernet) Telco-­‐network Range (m) History: Fixed networking Capacity (BW) Fixed Networking IETF LAN (Ethernet) IEEE ITU (U.N.) ETSI (industry) Telco-­‐ network Internet Range (m) History: Going wireless... Capacity (BW) Fixed Networking LAN (Ethernet) IEEE Capacity (BW) Telco-­‐ network Internet Range (m) Wireless Networking WLAN ? WAN (1G, 2G, 3G,...) Range (m) History: HyperLAN vs 802.11 Capacity (BW) Fixed Networking LAN (Ethernet) IEEE Teleco-­‐network Range (m) 802.11 Capacity (BW) Wireless Networking ? ETSI WAN (1G, 2G, 3G,...) •  Ethernet as a starWng point... Range (m) HyperLAN (ETSI) vs 802.11 (IEEE/WiFi) •  Market race in late 1990ies •  Layering principles well established •  Telecom: Top-­‐down approach, include all –  Telecom wireless guys trying to datacom (Ethernet) •  Datacom: Bo[om up, modular –  Data com (Ethernet) guys trying to do wireless –  RFC 1925 The Twelve Networking Truths, 1 april ! 1996 •  (12) In protocol design, perfecWon has been reached not when there is nothing le` to add, but when there is nothing le` to take away. •  (Originally from the French writer Antoine de Saint-­‐Exupery) Why IEEE won the market race •  Faster to market, partly due to datacom design philosophy, e.g.: •  RFC 1958 Architectural Principles of the Internet June 1996 –  ... –  3.4 Performance and cost must be considered as well as funcWonality. –  3.5 Keep it simple. When in doubt during design, choose the simplest soluWon. –  3.6 Modularity is good. If you can keep things separate, do so –  3.7 In many cases it is be[er to adopt an almost complete soluWon now, rather than to wait unWl a perfect soluWon can be found. –  3.8 Avoid opWons and parameters whenever possible. Any opWons and parameters should be configured or negoWated dynamically rather than manually. –  ... etc ... •  This also explains the “alphabet soup” of 802.11 Learning from history •  You should understand the starWng point: –  Ethernet •  They faced 3 main challenges: –  New physical layer (PHY) •  Radio techniques, modulaWon etc –  Changes to MAC-­‐layer •  Due to radio features: CDMA/CD -­‐> CDMA/CA –  Security •  From wired network to open broadcast Then keep on improving •  You should understand the starWng point: –  Ethernet •  They faced 3 main challenges: –  New physical layer (PHY) •  New PHYs with higher BW (eg 802.11a from HyperLAN) –  Changes to MAC-­‐layer •  CDMA/CA + new features (some from HyperLAN) –  Security •  Replacing the original WEP with 802.1X This is our OUTLINE: •  You should understand the starWng point: –  Ethernet •  They faced 3 main challenges: –  New physical layer (PHY) •  New PHYs with higher BW (e.g. 802.11a from HiperLAN) –  Changes to MAC-­‐layer •  CDMA/CA + new features (some from HyperLAN) –  Security •  Replacing the original WEP with 802.1X OUTLINE •  You should understand the starWng point: –  Ethernet •  They faced 3 main challenges: –  New physical layer (PHY) •  New PHYs with higher BW (802.11a from HiperLAN) –  Changes to MAC-­‐layer •  CDMA/CA + new features (some from HyperLAN) –  Security •  Replacing the original WEP with 802.1X De-Facto Ethernet today
•  LAN Switching and Full Duplex physical layer
–  No collision detection in devices
•  Optimized implementation of original Ethernet
–  Ethernet specification fits well as a WLAN starting
point ....
Switch
Switch
Same broadcast domain
Ethernet: Multiple-access links
•  broadcast (shared wire or medium)
–  Old-fashioned Ethernet
• 
• 
With old-fashioned bus (e.g. 10Mb 10Base-2 Coax)
Ethernet with a Hub-topology
–  802.11 wireless LAN
humans at a
cocktail party
(shared air, acoustical)
HUB
Shared wire (e.g.,
old-fasioned Ethernet)
Star-topology with hub
or repeater (e.g. Ethernet)
Shared Radio / Wireless
(e.g., 802.11 WiFi)
MulWple access protocols •  single shared broadcast channel
•  two or more simultaneous transmissions by nodes: interference
–  collision if node receives two or more signals at the
same time
multiple access protocol
•  distributed algorithm that determines how nodes share
channel, i.e., determines when node can transmit
•  communication about channel sharing must use channel itself!
–  no out-of-band channel for coordination
3 classes of multiple access protocols
•  channel partitioning
–  divide channel into smaller “pieces” (e.g. with time slots/TDMA,
frequency/FDMA, code/CDMA)
–  allocate piece to node for exclusive use
•  “taking turns”
–  nodes take turns, but nodes with more to send can take longer
turns
–  Example1: Polling with a Master/Slave topology (e.g. Bluetooth)
–  Example2: Token passing with a Ring topology (e.g. IEEE 802.5)
•  random access
–  channel not divided, allow collisions
–  Need to detect collisions and “recover” from collisions
–  Examples: Aloha, CSMA/CD (Ethernet), CSMA/CA (WLAN)
Ethernet designed for multiple access
•  Designed for bus-topology and broadcast
•  Allows also use of star topology with hub
•  Each station must examine every frame to determine
whether the frame is destined for it or not
•  All stations see all frames placed on the network
–  i.e. Broadcast domain = Collision Domain
HUB
Shared wire (e.g.,
old-fasioned Ethernet)
Star-topology with hub
or repeater (e.g. Ethernet)
Ethernet uses CSMA/CD to control
access to the transmission medium
–  CSMA: Listen before sending, and do not send if channel is
busy (Human analogy: don’t interrupt others!)
–  CD: Listen while sending,
•  Not easy on wireless: 802.11 WiFi uses frame exchange (e.g. DATA/ACK) instead
–  WiFi uses Collision Avoidance (CA) in addition
–  Back off if collision is detected (Human analogy: the polite
conversationalist)
•  Exponential back-off
HUB
Shared wire (e.g.,
old-fasioned Ethernet)
Star-topology with hub
or repeater (e.g. Ethernet)
OUTLINE •  You should understand the starWng point: –  Ethernet •  They faced 3 main challenges: –  New physical layer (PHY) •  New PHYs with higher BW (802.11a from HiperLAN) –  Changes to MAC-­‐layer •  CDMA/CA + new features (some from HyperLAN) –  Security •  Replacing the original WEP with 802.1X Brief history of the 802.11 PHYs
802.11g: 2.4 GHz, upto 54Mbps; Performance similar to 802.11a; Compa0ble with 802.11b devices Standardiza0on of WLAN: IEEE approved 802.11, 2.4 GHz, 1-­‐2 Mbps IEEE approved 802.11n, upto 600 Mbps Op0mizes modula0on; Uses mul0ple antennas 802.11b: 2.4GHz, upto 11 Mbps; 802.11a: 5GHz, upto 54Mbps 1997 1999 2003 2007-­‐2009 ….. 31 PHYs •  802.11-­‐1997 (802.11 legacy ”Standard”) –  2.4 GHz, 1 Mbit/s or 2 Mbit/s. •  802.11b-­‐1999 (”Amendment”) –  2.4 GHz, 11 Mbps –  On market: year 2000 •  802.11a-­‐1999 (OFDM) –  5 GHz, 1.5 – 54 Mbps –  Very slow market adopWon •  802.11g-­‐2003 –  2.4 GHz, 1.5 – 54 Mbps –  On market: 2003 (hindered growth of 802.11a) •  802.11-­‐2007 (”Standard”) –  Included amendments 802.11a, b, d, e, g, h, i, j •  802.11n-­‐2009 (MIMO) –  Both 2.4 GHz and 5 GHz bands 54 – 600 Mbps –  On market from 2007/2008 (based on dra` version) •  802.11-­‐2012 (”Standard”) –  Included amendments 802.11k, r, y, n, w, p, z, v, u, s •  802.11ac-­‐2013 (MulW-­‐user MIMO) –  5 GHz bands 1.3 Gbps –  Products available on the market now Physical layers: Example: 802.11
IEEE std
Type/modulat.
Year
Max rate
(Mbps)
802.11
FHSS
(QPSK)
1997
2
2,4
802.11
DSSS (GFSK)
1997
2
2,4
802.11b
HS-DSSS (CCK)
1999
11
2,4
802.11a
OFDM
802.11g
OFDM/DSSS
802.11j
OFDM
802.11n
OFDM
802.11ac
802.11ad
TODO:
1999
54
UPDATE
2003
54
Band (GHz)
5.0
2,4
54
4,9
2009
350
2.4/5.0
OFDM
2014?
1690
5.0
OFDM
2012
7000
60 (LOS 10m)
Link Layer 5-33
Physical layers: Example: 802.11
IEEE std
Type/modulat.
Year
Max rate
(Mbps)
802.11
FHSS
(QPSK)
1997
2
2,4
802.11
DSSS (GFSK)
1997
2
2,4
802.11b
HS-DSSS (CCK)
1999
11
2,4
802.11a
OFDM
802.11g
OFDM/DSSS
802.11j
OFDM
802.11n
OFDM
802.11ac
802.11ad
TODO:
1999
54
UPDATE
2003
54
Band (GHz)
5.0
2,4
54
4,9
2009
350
2.4/5.0
OFDM
2014?
1690
5.0
OFDM
2012
7000
60 (LOS 10m)
Link Layer 5-34
Frequency Hopping Spread Spectrum (FHSS)
u FSK modula0on u 79 channels (2.4GHz-­‐2.438 GHz) u 1 MHz Channel spacing FHSS rapidly switches a carrier among many frequency channels Highly resistant to narrowband interference 35 FHSS Interference avoidance
System performance metrics used commonly used for TPC 36 FHSS: Concept of spread spectrum
Physical layers: Example: 802.11
IEEE std
Type/modulat.
Year
Max rate
(Mbps)
802.11
FHSS
(QPSK)
1997
2
2,4
802.11
DSSS (GFSK)
1997
2
2,4
802.11b
HS-DSSS (CCK)
1999
11
2,4
802.11a
OFDM
802.11g
OFDM/DSSS
802.11j
OFDM
802.11n
OFDM
802.11ac
802.11ad
TODO:
1999
54
UPDATE
2003
54
Band (GHz)
5.0
2,4
54
4,9
2009
350
2.4/5.0
OFDM
2014?
1690
5.0
OFDM
2012
7000
60 (LOS 10m)
Link Layer 5-38
Direct Sequence Spread Spectrum (DSSS)
DSSS is a modula0on technique that transmits the message signal using a wide(r) bandwidth 39 DSSS is more robust to interference and noise/jamming DSSS: Concept of spread spectrum
Below the noise level! (Analogy from technical museum) DSSS: Analogy
Sound waves Speak! Listen! Below noise level DSSS: Concept of spread spectrum
Tradi0onal way of sharing the spectrum would be like this (FDM) DSSS: Concept of spread spectrum
The DSSS way of sharing the spectrum would be like this... Direct Sequence Spread Spectrum (DSSS)
The message signal modulates a pseudorandom noise/code (PRN) 44 source.: Siemens DSSS Channels
Non-­‐overlapping DSSS Channels in the ISM band 45 Graphical representa0on of WiFi Channels in 2.4 GHz band Physical layers: Example: 802.11
IEEE std
Type/modulat.
Year
Max rate
(Mbps)
802.11
FHSS
(QPSK)
1997
2
2,4
802.11
DSSS (GFSK)
1997
2
2,4
802.11b
HS-DSSS (CCK)
1999
11
2,4
802.11a
OFDM
802.11g
OFDM/DSSS
802.11j
OFDM
802.11n
OFDM
802.11ac
802.11ad
TODO:
1999
54
UPDATE
2003
54
Band (GHz)
5.0
2,4
54
4,9
2009
350
2.4/5.0
OFDM
2014?
1690
5.0
OFDM
2012
7000
60 (LOS 10m)
Link Layer 5-46
Orthogonal Frequency Division Multiplexing (OFDM)
The data is divided into a large number of radio frequencies (RFs) Each RF carries a small part of the data The carriers are very close to each other but are orthogonal OFDM is highly robust to frequency selec0ve interference and fading, but it requires high processing power 47 The Protocol Stack 802.2 !!!
802.11 Protokol Arkitektur
Note:
- FHSS is historic
- IR not implemented (IrDA isteden)
- 802.11b, 802.11a and 802.11g PHYs
- 802.11n is the upcoming PHY
•  Mostly focusing on the MAC layer here. •  More management funcWons on the MAC-­‐
layer, than in other ”Wired” IEEE 802-­‐
standarder PHY – Below the MAC • 
Three main funcWons: 1.  Wrap in the MAC frames (PLCP) 2.  Transmit and receive over the radio channel (PMD) •  E.g. the modulaWon presented in previous slides 3.  Indicate to the MAC layer whether the channel is available or not (CCA) PHY PLCP Phys. Layer Convergence Proc. PMD Phys. Medium Dependent CCA Clear Channel Assessment CCA is based on:
-  energy level
-  decoding over time
-  combination
PLCP – Allowing different BWs PHY PLCP Phys. Layer Convergence Proc. PMD Phys. Medium Dependent •  PLCP has its own header: Signal bits: Indicate the
modulation used in the
remaining part of the frame
[Service bits (reserved in DSSS,
but used in 802.11b): 1 bit
increases the length, 1bit for
symbol clock locked to transmit
frequency, and 1 bit for the type
of coding (CCK vs PBCC...)]
LLC: Above the MAC •  802.11 uses 802.2 for logic link control, for encapsulaWon of IP and ARP •  802.2 header appears between MAC header and e.g. the IP-­‐packet: Ne[verkslaget (IP) Log. Link Ctrl. (802.2) MAC-­‐laget (802.11 MAC) Fysisk lag (802.11 PHY) LLC specifies the general interface between the network layer (IP, IPX, etc) and the data link layer (Ethernet, Token Ring, etc). bytes 24/30
802.11
MAC hdr
802.2 LLC header
1
1
1
SNAP
SNAP
Control
DSAP
SSAP
OxAA
OxAA
3
SNAP header added for Ethernet II compaMbility. The protocol Types for IP/ARP etc > 1500, and there is not sufficient space for this within the 1-­‐Byte SAP fields. “SNAP-header“
3
2
0-2306
Vendor
Type
IP Pakke
ID
(IP/ARP)
0
Like for Ethernet II
4
FCS
OUTLINE •  You should understand the starWng point: –  Ethernet •  They faced 3 main challenges: –  New physical layer (PHY) •  New PHYs with higher BW (802.11a from HiperLAN) –  Changes to MAC-­‐layer •  CDMA/CA + new features (some from HyperLAN) –  Security •  Replacing the original WEP with 802.1X Main funcWon of the MAC-­‐layer •  Reliable transmission => 2-­‐way & 4.way handshake: –  ACK of each unicast data frame •  2 way / ”Minimal Frame Exchange” –  RTS/CTS handshake to avoid ”Hidden Node Problem” •  4 way •  Fair access to the channel –  PCF (/HCF) – Polling-­‐based, not treated here –  DCF (Distributed CoordinaWon FuncWon) •  CSMA/CA •  Timing Intervals •  ProtecWon of the data sent –  WEP –  WPA / WPA2 / 801.11i Hidden Node Problem Data
A
Data
B
SoluWon: CTS/RTS Data
Data
A
B
•  Before each data frame is sent, short RTS /CTS frames are exchanged –  RTS = ”Request To Send”, CTS = ”Clear To Send” RTS
CTS (A)
RTS
CTS (A)
Data
A
ACK
•  ”dot11RTSThreshold” set in MIB: –  no CTS/RTS for frames shorter than the Threshold •  CTS also used for 802.11b/802.11g interoperability –  To clear the channel B
Fair access to the channel – CSMA/CA •  CSMA = ”Listen before Talk”
•  CA = “Collision Avoidance” –  Less greedy: waiWng a random Wme before retransmission •  p-­‐persistent –  Physical Carrier Sense (Clear Channel Assessment) –  ”Virtual” Carrier Sense •  Each frame contains ”DuraWon” informaWon •  Each node maintains a NAV –  Network AllocaWon Vector updated by the ”DuraWon” info –  Says how long the channel will be busy •  Every node must listen to every frame on the network –  (or in Power Save Mode: must synch with Beacon from the AP) Binary exponenWal backoff -­‐ 1 1. 
2. 
3. 
4. 
MAC layer receives packet to be transmi[ed MAC do a physical and virtual ”carrier sense” The frame is transmi[ed if the channel is idle Otherwise (i.e. if channel is busy): a)  MAC selects a random number of backoff slots (=Backoff Value) within the give ”ContenWon Window” interval b)  MAC increments the Retry Counter c)  Then the Backoff value is decremented for each idle Wmeslot MAC observed on the channel. The MAC transmits the frame when the Backoff Value = 0 d)  If no ACK is received, the ContenWon Window is doubled; GOTO 4a) Binary exponenWal backoff -­‐ 1 5.  Abort if ACK received (i.e. success) or if Retry Counter exceeds the Retry Limit (i.e. give up) a)  Retry Counter reset tp 0 b)  ContenWon Window reset to its start value ”CWmin” 6.  Post-­‐Backoff: One backoff (with CWmin) must be carried out, before a new frame can be transmi[ed. Note: The Post-­‐backoff ensures fair access to the channel – 
– 
– 
Allows other STAs to enter the channel Fairness is thus on a per-­‐staWon and per-­‐frame basis This mechanism is tweaked in 802.11e in order to provide differenWated QoS (EDCA) Priority by the Timing Intervals •  Short Inter-­‐Frame Space (SIFS) –  The shortest Inter-­‐Frame Space (IFS) interval –  Used for “atomic” handshakes, etc. •  ACK, CTS, Poll-­‐Response (PCF), Data •  Priority IFS (PIFS = SIFS + 1 0meslot) –  AP uses PIFS to seize the channel under the contenWon-­‐free period (CFP), and SIFS (+NAV) to withhold it •  Distributed IFS (DIFS = SIFS + 2 0meslots) –  Minimum delay for the contenWon period (CP) Free access when medium
is free longer than DIFS
DIFS
(EIFS is not menWoned…) Contention Window
PIFS
DIFS
Busy Medium
SIFS
Backoff-Window
Next Frame
Slot time
Defer Access
Select Slot and Decrement Backoff as long as medium is idle.
Timing and NAV with ”Minimal Frame Exchange” ”Atomic” transmission unit where channel is busy Timing and NAV with 4-­‐way handshake ”Atomic” transmission unit Timing and NAV with PCF Frame format bytes
2
2
6
6
6
2
6
Frame Duration/ Address Address Address Sequence Address
Control
ID
1
2
3
Control
4
bits
2
2
4
1
1
1
1
1
1
1
0-2312
4
Data
CRC
1
Protocol
To From More
Power More
Type Subtype
Retry
WEP Order
version
DS DS Frag
Mgmt Data
•  Frame Control – Type: –  Data •  8 types: Data / Null med CF-­‐Poll and/or CF-­‐ACK –  Control •  RTS, CTS, ACK, PS-­‐Poll (power save), CF-­‐End, CF-­‐End+ACK –  Management • 
• 
• 
• 
Beacon, Probe Request/Response, AuthenWcaWon, De-­‐AuthenWcaWon AssociaWon/Re-­‐associaWon Request/Response, DisassociaWon Announcement Traffic IndicaWon Map (ATIM) Some frame formats •  Common frame format, e.g. for data in BSS: bytes
2
2
6
6
6
2
0-2312
Frame Duration/ Address Address Address Sequence
Data
Control
ID
1
2
3
Control
4
CRC
From AP: DA BSSID SA To AP: BSSID SA DA •  Special frame formats bytes
ACK
2
Frame
Control
bytes
RTS
2
Frame
Control
bytes
CTS
2
Frame
Control
2
6
Receiver
Duration
Address
4
CRC
2
6
6
Receiver Transmitter
Duration
Address Address
2
6
Receiver
Duration
Address
4
CRC
4
CRC
OUTLINE •  You should understand the starWng point: –  Ethernet •  They faced 3 main challenges: –  New physical layer (PHY) •  New PHYs with higher BW (802.11a from HiperLAN) –  Changes to MAC-­‐layer •  CDMA/CA + new features (some from HyperLAN) –  Security •  Replacing the original WEP with 802.1X Typical scenario -­‐ I ID: This-SSID
ID: BSSID2
ID: BSSID1
i. 
ii. 
iii. 
iv. 
v. 
Merk utvekslingen av kapabiliteter and supporterte data rater mellom STA and AP Kun ensidig autenMsering av STA, dvs. STA kan ikke autenMsere AP Punkt 4. and 5. uXøres ikke ved ”Open AuthenMcaMon” uten WEP. Da kjøres Null-­‐algoritmen Listen_interval = n betyr at STA vil ly_e Ml hvert n’te Beacon (i.e. i Power Save Mode) AssociaMon_ID (AID) brukes for polling 1. 
2. 
Probe_Request(SSID=’/0’, STA_rates) Probe_Response(Timestamp, beacon_interval, AP_capabiliWes, SSID=”This-­‐SSID”, AP_rates, PHY-­‐parameters) AuthenWcaWon(Algorithm_no=1, sequence_no=0) AuthenWcaWon(Algorithm_no=1, sequence_no=1, Challenge=”abcdefgh”) AuthenWcaWon(Algorithm_no=1, sequence_no=2, Challenge=RC4(key, ”abcdefgh”)) AuthenWcaWon(Algorithm_no=1, sequence_no=3, Status_code=Success) AssociaWon_Request(STA_capabiliWes, listen_interval, SSID=”This-­‐SSID”, STA_rates) AssociaWon_Response(AP_capabiliWes, Status_code = ”Success”, AssociaWon_ID, AP_rates) DATA TRANSMISSIONS ? ? 3. 
4. ? 5. ? 6. ? 7. ? 8. ? ? 9. 
? Typical scenario -­‐ II ID: This-SSID
i. 
ii. 
? ? 3. 
? 4. 
? 5. 
? 6. 
? 7. 
? 8. 
? 9. 
? 10. 
? 1. 
2. 
iii. 
På forrige slide brukte STA akMv scanning, Her viser vi eksempelet med passiv scanning. STA kan pre-­‐autenMsere seg i god Md med mange APer for sikkerhets skyld uten å må_e (re-­‐)assosiere seg Noen implementasjoner vil ikke kreve ny authenMserMng, når STA allerede har authenMsert med et annet AP DATA TRANSMISSIONS Beacon(Timestamp, beacon_interval, AP_capabiliWes, SSID=”This-­‐SSID”, AP_rates, PHY-­‐
parameters, etc...) AuthenWcaWon(Algorithm_no=1, sequence_no=0) AuthenWcaWon(Algorithm_no=1, sequence_no=1, Challenge=”abcdefgh”) AuthenWcaWon(Algorithm_no=1, sequence_no=2, Challenge=RC4(key, ”abcdefgh”)) AuthenWcaWon(Algorithm_no=1, sequence_no=3, Status_code=Success) Re-­‐AssociaWon_Request(STA_capabiliWes, listen_interval, SSID=”This-­‐SSID”, STA_rates, Current_AP_Address) ReassociaWon message sent to Current_AP_Address using IAPP or proprietary protocol Re-­‐AssociaWon_Response(AP_capabiliWes, Status_code = ”Success”, AssociaWon_ID, AP_rates) DATA TRANSMISSIONS Typical scenario -­‐ III ID: This-SSID
(Reason_code = 4 (i.e. ”Disassociated due to inacWvity”)) ? DisassociaWon ? DeauthenWcaWon(Reason_code = 3 (i.e. ”DeauthenWcated because STA is leaving”)) 1. 
2. 
Power Saving -­‐ Principle • 
• 
• 
• 
STA synchronizes using the Beacon from the AP AP buffers incoming packets for the STA AP sends a Traffic IndicaWon Map (TIM) in Beacon STA ”wakes up” for every n’th Beacon –  Checks TIM for buffered packets waiWng at the AP –  Might send a PS-­‐Poll to receive buffered packets •  If the AP sends the buffered frame with a ”more data”-­‐bit = 1, then the STA conWnues polling the AP for more buffered packets •  For mulW-­‐/broad-­‐cast frames the AP uses a Delivery TIM (DTIM) All this requires synchronizaWon between the AP and the STA... SynchronizaWon: TSF • 
• 
• 
• 
• 
The Timing SynchronizaWon FuncWon (TSF) AP is responsible for maintaining the TSF AP announces its Wme (TSF) periodically in Beacons STAs adapt its locale Wme (TSF) to the TSF of the AP Beacon also contains the Beacon interval –  STA can predict when the next Beacon will arrive •  This point in Wme is referred to as the “Target Beacon Transmission Time” (TBTT) –  STA can therefore maintain the synchronizaWon, even if it misses some Beacons •  AP announces its Wme (TSF) also in Probe Responses –  Scanning STAs can also synchronize Other MAC-­‐funcWons h in
t
i
w
ealt
d
t
No
th
re u
t
c
is le
•  FragmentaWon •  Scanning •  … OUTLINE •  You should understand the starWng point: –  Ethernet •  They faced 3 main challenges: –  New physical layer (PHY) •  New PHYs with higher BW (802.11a from HiperLAN) –  Changes to MAC-­‐layer •  CDMA/CA + new features (some from HyperLAN) –  Security •  Replacing the original WEP with 802.1X WLAN Security: Wired Equivalent Privacy (WEP) Model BSS: Shared key is used between all sta0ons and the APs ESS: All APs have the same shared key No key management Shared key is manually entered into sta0ons and APs Scalability issues are cri0cal WEP is the original security model (1999), but has dis0nct weaknesses and is outdated 73 WLAN Security Enhancement: Wi-­‐Fi Protected Access (WPA) WPA (2003) employs Temporary Key Integrity Protocol (TKIP) to enhance security of the keys used with WEP WPA also uses RC4 stream cipher WPA changes the way keys are derived and rotates keys more ogen for improved security WPA has an addi0onal func0on called message integrity check func0on to prevent packet forgeries 74 WLAN Security Enhancement: WPA2 The WLAN security model currently in use is WPA2 (802.11i) WPA2 uses Advanced Encryp0on Standard (AES) block cipher WPA2 uses an encryp0on device that encrypts the network with a 256-­‐bit key 75 OUTLINE •  You should understand the starWng point: –  Ethernet •  They faced 3 main challenges: –  New physical layer (PHY) •  New PHYs with higher BW (802.11a from HiperLAN) –  Changes to MAC-­‐layer •  CDMA/CA + new features (some from HyperLAN) –  Security •  Replacing the original WEP with 802.1X