Professional Documents
Culture Documents
Unit1 Wirless Netwrok
Unit1 Wirless Netwrok
Unit I
MEDIUM ACCESS ALTERNATIVES
SESSION
TITLE
Session 1.1.
Session 1.2.
Session 1.3.
Session 1.4.
Session 1.5.
Session 1.6.
Hand off
Session 1.7.
Session 1.8.
Roaming support
Session 1.9.
Conflict-free
Collision resolution
ALOHA,
TREE,
FDMA,
CSMA,
WINDOW,
etc
TDMA,
BTMA,
CDMA,
ISMA,
etc
Token Bus,
DQDB, etc
1.
2.
Theavailablespectrumbandwidthforourwirelesscommunicationislimited.
Multipleaccesstechniquesenablemultiplesignalstooccupyasinglecommunicati
onschannel.
Major Types
Frequency division multiple access (FDMA)
Time division multiple access (TDMA)
Code division multiple access (CDMA)
Itassignsindividualfrequencytoindividualusers.(i.e)accommodatesoneuseratatime.
EachuserisseparatedbyGuardBands.
ThecomplexityofFDMAmobilesystemsislowerwhencomparedtoTDMAsystems
Aguardbandisanarrowfrequencybandbetweenadjacentfrequencychannelstoavoidinterferenc
efromtheadjacentchannels
henumberofchannelsthatcanbesimultaneouslysupportedinaFDMA
systemisgivenby
BT->totalspectrumallocation,
BGUARD->theguardband
BC->thechannelbandwidth
Key Features
IfanFDMAchannelisnotinuse,thenitsitsidleandcannotbeusedbyotherusers
ThebandwidthsofFDMAchannelsarenarrow(30kHz)
Intersymbolinterferenceislow
Itneedsonlyafewsynchronizationbits
De Merits
FDMAsystemsarecostlierbecauseofthesinglechannelpercarrierdesign,
Itneedtousecostlybandpassfilterstoeliminatespuriousradiationatthebasestation.
TheFDMAmobileunitusesduplexerssinceboththetransmitterandreceiveroperat
eatthesametime.ThisresultsinanincreaseinthecostofFDMAsubscriberunitsandbasesta
tions.
FDMArequirestightRFfilteringtominimizeadjacentchannelinterference.
TDMA vs FDMA
Timedivisionmultipleaccess(TDMA)systemsdividetheradiospectrumintotimes
lots
Eachuseroccupiesacyclicallyrepeatingtimeslot
AsetofNslotsformaFrame.
Eachframeismadeupofapreamble,aninformationmessage,andtailbits
TDMAsystemstransmitdatainabuffer-and-burstmethod
TDMAsharesasinglecarrierfrequencywithseveralusers,whereeachusermakesu
seofnon-overlappingtimeslots
TDMAusesdifferenttimeslotsfortransmissionandreception
AdaptiveequalizationisusuallynecessaryinTDMAsystems,sincethetransmissio
nratesaregenerallyveryhighascomparedtoFDMAchannels
HighsynchronizationoverheadisrequiredinTDMAsystemsbecauseofbursttrans
missions
GuardBandsarenecessarytoensurethatusersattheedgeofthebanddonot"bleedove
r"intoanadjacentradioservice.
Frame Structure
Thepreamblecontainstheaddressandsynchronizationinformationthatboththeba
sestationandthesubscribersusetoidentifyeachother.
Trialbitsspecifythestartofadata.
Synchronizationbitswillintimatethereceiveraboutthedatatransfer.
GuardBitsareusedfordataisolation.
Efficiency of TDMA
where
b0H no over head bits per frame
TheefficiencyofaTDMAsystemisameasureofthepercentageoftransmitteddatath
atcontainsinformationasopposedtoprovidingoverheadfortheacssscheme
The total number of bits per frame, bT, is
bT= TfR
Tfis the frame duration, and R is the channel bit rate
Then the frame efficiency is
Thecarrierfrequenciesoftheindividualusersarevariedinapseudorandomfashion
withinawidebandchannel
Thedigitaldataisbrokenintouniformsizedburstswhicharetransmittedondifferent
carrierfrequencies
FastFrequencyHoppingSystem>therateofchangeofthecarrierfrequencyisgreaterthanthesymbolrate
SlowFrequencyHopping>thechannelchangesataratelessthanorequaltothesymbolrate
Thenarrowbandmessagesignalismultipliedbyaverylargebandwidthsignalcalled
thespreadingsignal(pseudo-noisecode)
Thechiprateofthepseudo-noisecodeismuchmorethanmessagesignal.
Eachuserhasitsownpseudorandomcodeword.
Message
PN sequence
Alltheusersusethesamecarrierfrequencyandmaytransmitsimultaneouslywithou
tanyknowledgeofothers.
Thereceiverperformsatimecorrelationoperationtodetectonlythespecificdesired
codeword.
Multipathfadingmaybesubstantiallyreducedbecausethesignalisspreadoveralar
gespectrum
CDMAsupportsSofthandoffMSCcansimultaneouslymonitoraparticularuserfro
mtwoormorebasestations.TheMSCmaychosethebestversionofthesignalatanytimewit
houtswitchingfrequencies.
InCDMA,strongerreceivedsignallevelsraisethenoiseflooratthebasestationdem
odulatorsfortheweakersignals,therebydecreasingtheprobabilitythatweakersignalswill
bereceived.ThisiscalledNear-Farproblem.
TocombattheNear-Farproblem,powercontrolisusedinmostCDMA
InallwirelessnetworkssuchascellulartelephonyorPCSservicesallvoiceorientedoperationsusefixed-assignmentchannelaccess.
AnddatarelatedtrafficiscarriedoutusingRandomAccessTechniques.
Randomaccessmethodsprovideamoreflexibleandefficientwayofmanagingchan
nelaccessforcommunicatingshortburstymessages.
Itprovideseachuserstationwithvaryingdegreesoffreedomingainingaccesstothen
etworkwheneverinformationistobesent.
ALOHA-Based Wireless Random Access Techniques
TheoriginalALOHAprotocolisalsocalledpureALOHA.
ALOHAProtocolisdevelopedbyUniversityofHawaii.ThewordALOHAmeans"
hello"inHawaiian.
Theinitialsystemusedground
basedUHFradiostoconnectcomputersonseveraloftheislandcampuseswiththeuniversit
y'smaincomputercenteronOahu,byuseofarandomaccessprotocolwhichhassincebeenk
nownastheALOHAprotocol
Basic Concept
Amobileterminaltransmitsaninformationpacketwhenthepacketarrivesfromtheu
pperlayersoftheprotocolstack.
Auseraccessesachannelassoonasamessageisreadytobetransmitted.
Eachpacketisencodedwithanerror-detectioncode.
Afteratransmission,theuserwaitsforanacknowledgmentoneitherthesamechann
eloraseparatefeedbackchannel.
TheBScheckstheparityofthereceivedpacket.Iftheparitychecksproperly,theBSs
endsashortacknowledgmentpackettotheMS.
collision
Themessagepacketsaretransmittedatarbitrarytimes,sothereisapossibilityofcolli
sionsbetweenpackets.
Aftersendingapackettheuserwaitsalengthoftimemorethantheroundtripdelayforanacknowledgmentfromthereceiver.
Ifnoacknowledgmentisreceived,thepacketisassumedlostinacollision,anditistra
nsmittedagainwitharandomlyselecteddelaytoavoidrepeatedcollisions.
Asthenumberofusersincrease,agreaterdelayoccursbecausetheprobabilityofcoll
isionincreases
Pure ALOHA
MERITS:
TheadvantageofALOHAprotocolisthatitisverysimple,anditdoesnotimposeany
synchronizationbetweenmobileterminals
DEMERITS
Itshaslowthroughputunderheavyloadconditions.
ThemaximumthroughputofthepureALOHAis18percent.
Slotted ALOHA
ThemaximumthroughputofaslottedALOHAis36percent.
InslottedALOHA,timeisdividedintoequaltimeslotsoflengthgreaterthanthepack
etdurationt.
Thesubscribershavesynchronizedclocksandeachuserwillbesynchronizedwithth
eBSclock.
Theusermessagepacketisbufferedandtransmittedonlyatthebeginningofanewti
meslot.Thispreventspartialcollisions.
Application;
InGSMtheinitialcontactbetweenBSandMSforvoicecommunicationiscarriedout
byslottedALOHA.
De-Merit;
EventhoughthethroughputishigherthanpureALOHAitisstilllowforpresentdayw
irelesscommunicationneeds.
Reservation ALOHA
ReservationALOHAisthecombinationofslottedALOHAandtimedivi
sionmultiplexing.
Inthiscertainpacketslotsareassignedwithpriority,anditispossibleforus
erstoreserveslotsforthetransmissionofpackets.
Forhightrafficconditions,reservationsonrequestoffersbetterthroughp
ut.
Packet Reservation Multiple Access (PRMA)
PRMAisamethodfortransmittingavariablemixtureofvoicepacketsanddatapacke
ts.
Thisallowseachtimeslottocarryeithervoiceordata,wherevoiceisgivenpriority.
Itisusedforshort-rangevoicetransmissionwhereasmalldelayisacceptable.
ThetransmissionformatinPRMAisorganizedintoframes,eachcontainingafixedn
umberoftimeslots.
Eachslotasnamedaseither"reserved"or"available
Onlytheuserterminalthatreservedtheslotcanuseareservedslot.
Otherterminalsnotholdingareservationcanuseanavailableslot.
Terminalscansendtwotypesofinformation,referredtoasperiodicandrandom.
Speechpacketsarealwaysperiodic.Datapacketscanberandom.
Reservation ;
Aterminalhavingperiodicinformationtosendstartstransmittingincontentionfort
henextavailabletimeslot.
Aftercompletionoftransmissionthebasestationgrantsthesendingterminalareserv
ationforexclusiveuseofthesametimeslotinthenextframe.
Thisframeisreservedtilltheterminalcompletesitstransmission.
Thereservationstatusisrevertedwhentheterminalsendsnothinginthatframe
ation.
Ifthereisanotherusertransmittingonthechannel,itisobviousthataterminalshould
delaythetransmissionofthepacket.
Ifthechannelisidle,thentheuserisallowedtotransmitdatapacketwithoutanyrestri
ctions.
TheCSMAprotocolreducesthepacketcollisionsignificantlycomparedwithALO
HAprotocol.Butnoteliminateentirely.
ParametersinCSMAprotocols
1.
Detectiondelayisafunctionofthereceiverhardwareandisthetimerequiredforaterminaltosensewhethero
rnotthechannelisidle
2.
Propagationdelayisarelativemeasureofhowfastittakesforapackettotravelfromabasestationtoamobileter
minal.
Propagationdelayisimportant,sincejustafterauserbeginssendingapacket,anothe
rusermaybereadytosendandmaybesensingthechannelatthesametime.
Ifthetransmittingpackethasnotreachedtheuserwhoispoisedtosend,thelatteruser
willsenseanidlechannelandwillalsosenditspacket,resultinginacollisionbetweenthetwo
packets.
propagation delay(td)
where
tp-> propagation time in seconds,
Rb-> channel bit rate
m -> expected number of bits in a data packet
Handoff
When a mobile user is engaged in conversation, the MS is connected to a
BS via a radio link.
If the mobile user moves to the coverage area of another BS, the radio
link to the old BS is eventually disconnected, and a radio link to the new BS
should be established to continue the conversation.
This process is variously referred to as automatic link transfer, handover,
or handoff.
Three strategies have been proposed to detect the need for handoff:
mobile-controlled handoff (MCHO)
network-controlled handoff (NCHO)
mobile-assisted handoff (MAHO)
Mobile-Controlled Handoff (MCHO)
The MS continuously monitors the signals of the surrounding BSs and
initiates the handoff process when some handoff criteria are met. MCHO is
used in DECT and PACS.
Network-Controlled Handoff (NCHO)
The surrounding BSs measure the signal from the MS, and the network initiates
the handoff process when some handoff criteria are met. NCHO is used in CT-2
Plus and AMPS.
Mobile-assisted handoff (MAHO)
The network asks the MS to measure the signal from the surrounding BSs. The
network makes the handoff decision based on reports from the MS. MAHO is used
in GSM and IS-95 CDMA.
Two types of handoff
The BSs involved in the handoff may be connected to the same MSC
(inter-cell handoff or inter-BS handoff)
The BSs involved in the handoff may be connected to two different MSCs
(intersystem handoff or inter-MSC handoff ).
Inter-BS Handoff
The new and the old BSs are connected to the same MSC.
Assume that the need for handoff is detected by the MS; the following actions
are taken:
Inter-BS Handoff
For the network-controlled handoff strategy, all handoff signaling messages
are exchanged between the MS and the old BS though the failing link.
The whole process must be completed as quickly as possible, to ensure that
the new link is established before the old link fails.
If the new BS does not have an idle channel, the handoff call may be dropped
(or forced to terminate).
The forced termination probability is an important criterion in the performance
evaluation of a PCS network.
Forced termination of an ongoing call is considered less desirable than blocking
a new call attempt.
Most PCS networks handle a handoff in the same manner as a new call attempt.
That is, if no channel is available, the handoff is blocked and the call is held on the
current channel in the old cell until the call is completed or when the failing link is
no longer available.
This is referred to as the non-prioritized scheme.
Channel assignment schemes
To reduce forced termination and to promote call completion, three channel
assignment schemes have been proposed:
Reserved channel scheme.
Queuing priority scheme.
Subrating scheme.
Intersystem Handoff
In intersystem handoff, the new and old BSs are connected to two different
MSCs.
We trace the intersystem handoff procedure of IS-41, where network-controlled
handoff (NCHO) is assumed.
In this figure, a communicating mobile user moves out of the BS served by
MSC A and enters the area covered by MSC B.
Roaming Management
Two basic operations in roaming management are
registration (or location update), the process whereby an MS informs the system
of its current location, and
location tracking, the process during which the system locates the MS. Location
tracking is required when the network attempts to deliver a call to the mobile user.
The roaming management strategies proposed in the IS-41 and GSM MAP
standards are two-level strategies in that they use a two-tier system of home
and visited databases.
Registration Procedure
Visitor Location Register (VLR)
When the mobile user visits a PCS network other than the home system, a
temporary record for the mobile user is created in the visitor location register
(VLR) of the visited system.
The VLR temporarily stores subscription information for the visiting
subscribers so that the corresponding MSC can provide service.
In other words, the VLR is the "other" location register used to retrieve
information for handling calls to or from a visiting mobile user.
Home Location Register (HLR)
When a user subscribes to the services of a PCS network, a record is created
in the system's database, called the home location register (HLR).
This is referred to as the home system of the mobile user.
The HLR is a network database that stores and manages all mobile subscriptions
of a specific operator.
Specifically, the HLR is the location register to which an MS identity is
assigned for record purposes, such as directory number, profile information, current
location, and validation period.
WIRELESS SECURITY AND PRIVACY
Thebroadcastnatureofwirelesscommunicationsrendersitverysusceptibletomali
ciousinterceptionandwantedorunintentionalinterference.
Analogtechniquesareextremelyeasytotap.
DigitalsystemssuchasTDMAandCDMAaremuchhardertotap.
Wirelesssecurityisnecessarytopreventtheunauthorizedaccessordamagetocomp
utersusingwirelessnetworks.
o There are two names you need to know in a wireless
network:
Station (STA) -> is a wireless network clienta desktop computer, laptop,
or PDA
Access point (AP)-> is the central point (like a hub) that creates a basic
service set to bridge a number of STAs from the wireless network to other
existing networks.
Accidental association
Malicious association
Ad-hoc networks
Non-traditional networks
Identity theft (MAC spoofing)
Man-in-the-middle attacks
Denial of service
Network injection
CaffeLatte attack
1. AccidentalassociationViolationofsecurityperimeterofcorporatenetworkunint
entionally.
2. Maliciousassociationwhenwirelessdevicescanbeactivelymadebyattackerstoc
onnecttoacompanynetworkthroughtheircrackingcompanyaccesspoint(AP).
ThesetypesoflaptopsareknownassoftAPsandarecreatedwhenacybercriminalr
unssomesoftwarethatmakeshis/herwirelessnetworkcardlooklikealegitimateacc
esspoint.Onceaccessisgained,he/shecanstealpasswords,launchattacksonthewir
ednetwork,orplantTrojans
3. Ad-hocnetworksAd-hocnetworksaredefinedaspeer-topeernetworksbetweenwirelesscomputersthatdonothaveanaccesspointinbetwee
nthem.Whilethesetypesofnetworksusuallyhavelittleprotection,encryptionmeth
odscanbeusedtoprovidesecurity.
4. Non-traditionalnetworksNontraditionalnetworkssuchaspersonalnetworkBluetoothdevicesarenotsafefromcr
ackingandshouldberegardedasasecurityrisk.Evenbarcodereaders,handheldPD
As,andwirelessprintersandcopiersshouldbesecured
5. Identitytheft(MACspoofing)Identitytheftoccurswhenacrackerisabletolisteni
nonnetworktrafficandidentifytheMACaddressofacomputerwithnetworkprivile
ges.
6. Man-in-themiddleattacksInthisthehackerwillincludeasoftAPintoanetwork.Oncethisisdon
e,thehackerconnectstoarealaccesspointthroughanotherwirelesscardofferingast
eadyflowoftrafficthroughthetransparenthackingcomputertoerealnetwork
7. DenialofserviceADenial-ofServiceattack(DoS)occurswhenanattackercontinuallybombardsatargetedAcce
ssPointornetworkwithbogusrequests,prematuresuccessfulconnectionmessages
,failuremessages,andothercommands.Thesecauselegitimateuserstonotbeableto
getonthenetworkandmayevencausethenetworktocrash
8. NetworkinjectionInanetworkinjectionattack,acrackercanmakeuseofaccesspoi
ntsthatareexposedtononfilterednetworktraffic.Thecrackerinjectsbogusnetworkingreconfigurationcommandsthataffectrouters,switches,andintelligenthubs.
Awholenetworkcanbebroughtdowninthismannerandrequirerebootingorevenre
programmingofallintelligentnetworkingdevices
9. CaffeLatteattackTheCaffeLatteattackisanotherwaytodefeatWEP.
Itisnotnecessaryfortheattackertobeintheareaofthenetworkusingthisexploit.
ByusingaprocessthattargetstheWindowswirelessstack,itispossibletoobtainthe
WEPkeyfromaremoteclientBysendingafloodofencryptedAddressResolutionPr
otocol(ARP)requests,theassailanttakesadvantageofthesharedkeyauthenticatio
nandthemessagemodificationflawsinWEP.
128-bitWEPprotocolusinga104-bitkeysize(WEP104)anda24bitinitializationvector.
Initializationvector(IV)isafixedsizeinputwhichisusedforrandomizationofkey.ThepurposeofanIVistopreven
tanyrepetition.
Authentication
TheclientsendsanauthenticationrequesttotheAccessPoint.
TheAccessPointreplieswithaclear-textchallenge.
TheclientencryptsthechallengetextusingtheconfiguredWEPkey,andsendsitbackinanotherauthenticationreque
st.
TheAccessPointdecryptstheresponse.IfthismatchesthechallengetexttheAccessPointsendsbackapositivereply.
DisAdvantages
Thesametraffickeymustneverbeusedtwice.
Buta24-bitIVisnotlongenoughtoensurethisonabusynetwork.
InAugust2001,ScottFluhrer,ItsikMantin,andAdiShamirpublishedacryptanalys
isofWEPthatdecodesthewaytheRC4cipherandIVisusedinWEP.
UsingapassiveattacktheywereabletorecovertheRC4keyaftereavesdroppingont
henetwork.
Asuccessfulkeyrecoverycouldtakeaslittleasoneminutedependingonthetraffic.
WEPisreplacedbyWPA(Wi-FiProtectedAccess)
Wi-Fi Protected Access(WPA)
TheWiFiAllianceintendedWPAasanintermediatemeasuretotaketheplaceofWEP.
WPAusesTemporalKeyIntegrityProtocol(TKIP)tobolsterencryptionofwireless
packets.
TKIP
TKIPencryptionreplacesWEP's40-bitor104bitencryptionkeythatmustbemanuallyenteredonwirelessaccesspointsanddevicesandd
oesnotchange
TKIPusesa128-bitperpacketkey,itdynamicallygeneratesanewkeyforeachpacketandpreventscollisions
Ithasanextendedinitializationvector(IV)withsequencingrules,andarekeyingmechanism.
WPAwithTKIPprovides3levelsofsecurity
1. TKIPimplementsakeymixingfunctionthatcombinesthesecretrootkeywiththeini
tializationvectorbeforepassingittotheRC4initialization.
2. WPAimplementsasequencecountertoprotectagainstreplayattacks.Packetsrecei
vedoutoforderwillberejectedbytheaccesspoint.
3. TKIPimplementsa64-bitMessageIntegrityCheck(MIC)
TKIPusesthesameunderlyingmechanismasWEP,andconsequentlyisvulnerable
toanumberofsimilarattacks.
Butthemessageintegritycheck,perpacketkeyhashing,broadcastkeyrotation,andasequencecounterpreventsmanyattacks.
ThekeymixingfunctionalsoeliminatestheWEPkeyrecoveryattacks
Beck-Tewsattackhassuccessfullyextractedthekeystream
Ohigashi-Moriiattack
WPA 2