UNIT I - WIRELESS LAN

WLAN technologies
Infra red, UHF Narrowband, Spread spectrum
Infra red:
• Needs clear line-of-sight exists between the transmitter and the receiver
• Two types of infrared WLAN solutions: diffused-beam and direct-beam
• direct-beam WLANs offer a faster data rate and is more directional
• diffused-beam technology uses reflected rays to transmit/receive a data signal, achieves
lower data rates in the 1–2 Mbps range.
Pros:
• Immune to EMI, Cost effective
Cons:
• Short-range technology, Low Bandwidth, Signals affected by light, snow, fog, etc.
UHF Narrowband:
• transmit in the 430 to 470 MHz freq range
• 430–450 MHz- unlicensed & 450–470 MHz- licensed
• RF signal is sent in a very narrow bandwidth 12.5 kHz or 25 kHz.
• Power levels : 1- 2 Watts
• Narrow bandwidth combined with high power results in larger transmission distances
Pros:
 Longest range
Cons:
 Low throughput, RF site license required for protected bands
Spread spectrum:
Spread spectrum (SS) is a means of transmission in which:
1. The transmitted signal occupies a bandwidth which is much greater than the minimum
necessary to send the information.
2. Spreading is accomplished by means of a spreading signal called a ‘code’ signal, which is
independent of the data.
3. At the receiver, despreading is done by correlating the received SS signal with a synchronized
replica of the spreading signal.

 Immunity to interference, eavesdropping and jamming

• Data rates- 2 Mbps
• Two modulation schemes used: direct sequence spread spectrum(DSSS) and frequency
hopping spread spectrum (FHSS).
• In DSSS the data is multiplied with a spreading code at the Tx. to produce a wideband
signal which is then de-spread at the Rx to recover the data. To an unintended receiver
DSSS appears as low-power wideband noise
 • FHSS uses a narrowband carrier that changes frequency in a pattern known to both
transmitter and receiver
Direct Sequence Spread Spectrum (DSSS)
This is the most widely recognized technology for spread spectrum. This method generates a
redundant bit pattern for each bit to be transmitted. This bit pattern is called a chip. The longer the
chip, the greater the probability that the original data can be recovered, but more bandwidth is
required. Even if one or more bits in the chip are damaged during transmission, it can be recovered
the original data by using statistical techniques without the necessary for retransmission. To an
unintended receiver, DSSS signals are received as low-power wideband noise. In a spread
spectrum system, the process gain (or ‘processing gain') is the ratio of the spread bandwidth to the
unspread bandwidth. It is usually expressed in decibels (dB). The process gain is the ratio by which
unwanted signals or interference can be suppressed relative to the desired signal when both share
the same frequency channel.
One technique combines digital information stream with the spreading code bit stream using
exclusive-OR. This technique is depicted below:

The basic Block diagram of the DSSS system is given below as:
Frequency hopping

• Data signal is modulated with a narrowband carrier signal that hops from frequency to
frequency as a function of time over a wide band of frequencies
• Relies on frequency diversity to combat interference
 This is accomplished by multiple frequencies, code selection and Frequency Shift Keying
methods

Advantage:
 Now error correcting codes are not needed.
 Diversity can be applied. Every frequency hop a decision is made whether a -1 or a 1 is
transmitted, at the end of each data bit a majority decision is made.
 Disadvantage:
 Coherent data detection is not possible because of phase discontinuities. The applied
modulation technique should be FSK or MFSK.
Advantages of Spread Spectrum Technique:
 Resists intentional and non-intentional interference
 Has the ability to eliminate or alleviate the effect of multipath interference
 Can share the same frequency band (overlay) with other users
 Privacy due to the pseudo random code sequence (code division multiplexing)
Disadvantages of Spread Spectrum Technique:
 Bandwidth inefficient
 Implementation is somewhat more complex.
IEEE 802.11
IEEE 802.11 Terminologies
1. Access point (AP) - Any entity that has station functionality and provides access to the
distribution system via the wireless medium for associated stations
2. Basic service set (BSS) - A set of stations controlled by a single coordination function.
3. Coordination function - The logical function that determines when a station operating within
a BSS is permitted to transmit and may be able to receive PDUs.
4. Distribution System (DS) - A system used to interconnect a set of BSSs and integrated LANs
to create an ESS.
5. Extended service set (ESS) - A set of one or more interconnected BSSs and integrated LANs
that appear as a single BSS to the LLC layer at any station associated with one of these BSSs.
6. MAC protocol data unit (MPDU) - The unit of data exchanged between two peer MAC
entities using the services of the physical layer.
7. MAC service data unit (MSDU) - Information that is delivered as a unit between MAC users.
IEEE 802.11 Architecture
Figure 14.4 illustrates the model developed by the 802.11 working group. The smallest building
block of a wireless LAN is a basic service set (BSS), which consists of some number of stations
executing the same MAC protocol and competing for access to the same shared wireless medium.
A BSS may be isolated or it may connect to a backbone distribution system (DS) through an access
point (AP). The access point functions as a bridge. The MAC protocol may be fully distributed or
controlled by a central coordination function housed in the access point. The DS can be a switch,
a wired network, or a wireless network.
The simplest configuration is shown in Figure below:
Each station belongs to a single BSS; that is, each station is within wireless range only of other
stations within the same BSS. It is also possible for two BSSs to overlap geographically, so that a
single station could participate in more than one BSS. Further, the association between a station
and a BSS is dynamic. Stations may turn off, come within range, and go out of range. An extended
service set (ESS) consists of two or more basic service sets interconnected by a distribution system.
Typically, the distribution system is a wired backbone LAN but can be any communications
network. The extended service set appears as a single logical LAN to the logical link control (LLC)
level. An access point (AP) is implemented as part of a station; the AP is the logic within a station
that provides access to the DS by providing DS services in addition to acting as a station.
IEEE PROTOCOL ARCHITECTURE
Logical Link Control
The LLC layer for LANs is similar in many respects to other link layers in common use. Like all
link layers, LLC is concerned with the transmission of a link-level PDU between two stations,
without the necessity of an intermediate switching node. LLC has two characteristics not shared
by most other link control protocols:
1. It must support the multi access, shared-medium nature of the link (this differs from a
multidrop line in that there is no primary node).
2. It is relieved of some details of link access by the MAC layer.
Addressing in LLC involves specifying the source and destination LLC users. Typically, a user is
a higher-layer protocol or a network management function in the station. These LLC user addresses
are referred to as service access points (SAPs), in keeping with OSI terminology for the user of a
protocol layer.
LLC Services
LLC specifies the mechanisms for addressing stations across the medium and for controlling the
exchange of data between two users. The operation and format of this standard is based on HDLC.
Three services are provided as alternatives for attached devices using LLC:
• Unacknowledged connectionless service: This service is a datagram-style service. It is a
very simple service that does not involve any of the flow- and error control mechanisms.
Thus, the delivery of data is not guaranteed. However, in most devices, there will be some
higher layer of software that deals with reliability issues.
• Connection-mode service: This service is similar to that offered by HDLC. A logical
connection is set up between two users exchanging data, and flow control and error control
are provided.
• Acknowledged connectionless service: This is a cross between the previous two services.
It provides that datagrams are to be acknowledged, but no prior logical connection is set
up.
IEEE 802.11 MEDIUM ACCESS CONTROL
The IEEE 802.11 MAC layer covers three functional areas: reliable data delivery, access control,
and security.
Reliable Data Delivery
As with any wireless network, a wireless LAN using the IEEE 802.11 physical and MAC layers
is subject to considerable unreliability. Even with error-correction codes, a number of MAC frames
may not successfully be received. This situation can be dealt with by reliability mechanisms at a
higher layer, such as TCP. However, timers used for retransmission at higher layers are typically
on the order of seconds. It is therefore more efficient to deal with errors at the MAC level.
For this purpose, IEEE 802.11 includes a frame exchange protocol. When a station receives a data
frame from another station it returns an acknowledgment (ACK) frame to the source station. If the
source does not receive an ACK within a short period of time, either because its data frame was
damaged or because the returning ACK was damaged, the source retransmits the frame.
Thus, the basic data transfer mechanism in IEEE 802.11 involves an exchange of two frames. To
further enhance reliability, a four-frame exchange may be used. In this scheme, a source first issues
a request to send (RTS) frame to the destination. The destination then responds with a clear to send
(CTS). After receiving the CTS, the source transmits the data frame, and the destination responds
with an ACK. The RTS alerts all stations that are within reception range of the source that an
exchange is under way; these stations refrain from transmission in order to avoid a collision
between two frames transmitted at the same time. Similarly, the CTS alerts all stations that are
within reception range of the destination that an exchange is under way.
Access Control
The 802.11 working group considered two types of proposals for a MAC algorithm: distributed
access protocols, which, like Ethernet, distribute the decision to transmit over all the nodes using
a carrier-sense mechanism; and centralized access protocols, which involve regulation of
transmission by a centralized decision maker. A distributed access protocol makes sense for an ad
hoc network of peer workstations and may also be attractive in other wireless LAN configurations
that consist primarily of bursty traffic. A centralized access protocol is natural for configurations
in which a number of wireless stations are interconnected with each other and some sort of base
station that attaches to a backbone wired LAN; it is especially useful if some of the data is time
sensitive or high priority.
The end result for 802.11 is a MAC algorithm called DFWMAC (distributed foundation wireless
MAC) that provides a distributed access control mechanism with an optional centralized control
built on top of that.
Distributed Coordination Function
The DCF sublayer makes use of a simple CSMA (carrier sense multiple access) algorithm. If a
station has a MAC frame to transmit, it listens to the medium. If the medium is idle, the station
may transmit; otherwise the station must wait until the current transmission is complete before
transmitting. Using an IFS, the rules for CSMA access are as follows:
Security Considerations
IEEE 802.11 provides both privacy and authentication mechanisms.
The Wired Equivalent Privacy Algorithm
With a wireless LAN, eavesdropping is a major concern because of the ease of capturing a
transmission. IEEE 802.11 incorporates WEP to provide a modest level of security. To provide
privacy, as well as data integrity, WEP uses an encryption algorithm based on the RC4 encryption
algorithm.
Authentication
IEEE 802.11 provides two types of authentication: open system and shared key. Open system
authentication simply provides a way for two parties to agree to exchange data and provides no
security benefits. In open system authentication, one party sends a MAC control frame, known as
an authentication frame, to the other party. The frame indicates that this is an open system
authentication type. The other party responds with its own authentication frame and the process is
complete.
Thus, open system authentication consists simply of the exchange of the identities between the
parties. Shared key authentication requires that the two parties share a secret key not shared by any
other party. This key is used to assure that both sides are authenticated to each other.
MAC Frame
Figure below shows the 802.11 frame format. This general format is used for all data and control
frames, but not all fields are used in all contexts. The fields are as follows:
• Frame control: Indicates the type of frame and provides control information, as explained
presently.
 • Duration/connection ID: If used as a duration field, indicates the time (in microseconds)
the channel will be allocated for successful transmission of a MAC frame. In some control
frames, this field contains an association, or connection, identifier.
• Addresses: The number and meaning of the address fields depend on context. Address
types include source, destination, transmitting station, and receiving station.
• Sequence control: Contains a 4-bit fragment number subfield, used for fragmentation and
reassembly, and a 12-bit sequence number used to number frames sent between a given
transmitter and receiver.
• Frame body: Contains an MSDU or a fragment of an MSDU. The MSDU is a LLC
protocol data unit or MAC control information.
• Frame check sequence: A 32-bit cyclic redundancy check. The frame control field, shown
in Figure below, consists of the following fields:
 Protocol version: 802.11 version, currently version 0.
 Type: Identifies the frame as control, management, or data.
 Subtype: Further identifies the function of frame. Table 14.3 Defines the valid
combinations of type and subtype.
 To DS: The MAC coordination sets this bit to 1 in a frame destined to the distribution
system.
 From DS: The MAC coordination sets this bit to 1 in a frame leaving the distribution
system.
 More fragments: Set to 1 if more fragments follow this one.
 Retry: Set to 1 if this is a retransmission of a previous frame.
 Power management: Set to 1 if the transmitting station is in a sleep mode.
 More data: Indicates that a station has additional data to send. Each block of data may
be sent as one frame or a group of fragments in multiple frames.
 WEP: Set to 1 if the optional wired equivalent protocol is implemented. WEP is used
in the exchange of encryption keys for secure data exchange.
 Order: Set to 1 in any data frame sent using the Strictly Ordered service, which tells
the receiving station that frames must be processed in order.

IEEE 802.11 PHYSICAL LAYER

Three physical media are defined in the original 802.11 standard:
  Direct-sequence spread spectrum operating in the 2.4-GHz ISM band, at data rates of 1
Mbps and 2 Mbps.
 Frequency-hopping spread spectrum operating in the 2.4-GHz ISM band, at data rates of 1
Mbps and 2 Mbps.
 Infrared at 1 Mbps and 2 Mbps operating at a wavelength between 850 and 950nm.
Direct-Sequence Spread Spectrum
Up to seven channels, each with a data rate of 1 Mbps or 2 Mbps, can be used in the DS-SS system.
The number of channels available depends on the bandwidth allocated by the various national
regulatory agencies. This ranges from 13 in most European countries to just one available channel
in Japan. Each channel has a bandwidth of 5 Mhz. The encoding scheme that is used is DBPSK
for the 1-Mbps rate and DQPSK for the 2-Mbps rate. A DS-SS system makes use of a chipping
code, or pseudonoise sequence, to spread the data rate and hence the bandwidth of the signal. For
IEEE 802.11, a Barker sequence is used. Only the following Barker sequences are known:
 n=2 ++
 n=3 ++-
 n=4 +++-
 n=5 +++-+
 n=7 +++--+-
 n=11 +-++-+++---
 n=13 +++++--++-+-+
The 11-chip Barker sequence is used. Thus, each data binary 1 is mapped into the sequence {+ - +
+ - + + + - - -}, and each binary 0 is mapped into the sequence {- + - - + - - - + + +}.
Important characteristic of Barker sequences are their robustness against interference and their
insensitivity to multipath propagation.
Frequency-Hopping Spread Spectrum
A FH-SS system makes use of a multiple channels, with the signal hopping from one channel to
another based on a pseudonoise sequence. In the case of the IEEE 802.11 scheme, 1-MHz channels
are used. For modulation, the FH-SS scheme uses two-level Gaussian FSK for the 1-Mbps system.
The bits zero and one are encoded as deviations from the current carrier frequency. For 2 Mbps, a
four-level GFSK scheme is used, in which four different deviations from the center frequency
define the four 2-bit combinations.
Infrared
The IEEE 802.11 infrared scheme is omnidirectional rather than point to point. A range of up to
20 m is possible. The modulation scheme for the 1- Mbps data rate is known as 16-PPM (pulse
position modulation). In this scheme, each group of 4 data bits is mapped into one of the 16-PPM
symbols; each symbol is a string of 16 bits. Each 16-bit string consists of fifteen 0s and one binary
1. For the 2-Mbps data rate, each group of 2 data bits is mapped into one of four 4-bit sequences.
Each sequence consists of three 0s and one binary 1. The actual transmission uses an intensity
modulation scheme, in which the presence of a signal corresponds to a binary 1 and the absence
of a signal corresponds to binary 0.

IEEE 802.11a
The IEEE 802.11a specification makes use of the 5-GHz band. Unlike the 2.4-GHz specifications,
IEEE 802.11 does not use a spread spectrum scheme but rather uses orthogonal frequency division
multiplexing (OFDM). OFDM is also called multicarrier modulation, uses multiple carrier signals
at different frequencies, sending some of the bits on each channel. This is similar to FDM.
However, in the case of OFDM, all of the subchannels are dedicated to a single data source.
The possible data rates for IEEE 802.11a are 6, 9, 12, 18, 24, 36, 48, and 54 Mbps.
The system uses up to 52 subcarriers that are modulated using BPSK, QPSK, 16-QAM, or 64-
QAM, depending on the rate required. Subcarrier frequency spacing is 0.3125 MHz. A
convolutional code at a rate of 1/2, 2/3, or 3/4 provides forward error correction.
IEEE 802.11b
IEEE 802.11b is an extension of the IEEE 802.11 DS-SS scheme, providing data rates of 5.5 and
11 Mbps. The chipping rate is 11 MHz, which is the same as the original DS-SS scheme, thus
providing the same occupied bandwidth. To achieve a higher data rate in the same bandwidth at
the same chipping rate, a modulation scheme known as complementary code keying (CCK) is
used.
The CCK modulation scheme is quite complex and is not examined in detail here.
Figure below provides an overview of the scheme for the 11-Mbps rate. Input data are treated in
blocks of 8 bits at a rate of 1.375 MHz (8 bits/symbol _ 1.375 MHz _ 11 Mbps). Six of these bits
are mapped into one of 64 codes sequences based on the use of the 8 _ 8 Walsh matrix. The output
of the mapping, plus the two additional bits, forms the input to a QPSK modulator.

HIPERLAN 1
HIPERLAN stands for high performance local area network. HIPERLAN 1 is a wireless LAN
supporting priorities and packet life time for data transfer at 23.5 Mbit/s, including forwarding
mechanisms, topology discovery, user data encryption, network identification and power
conservation mechanisms. HIPERLAN 1 operates at 5.1–5.3 GHz with a range of 50 m in
buildings at 1 W transmit power.
Elimination-yield non-preemptive priority multiple access (EY-NPMA) is not only a complex
acronym, but also the heart of the channel access providing priorities and different access schemes.
EY-NPMA divides the medium access of different competing nodes into three phases:
● Prioritization: Determine the highest priority of a data packet ready to be sent by competing
nodes.
● Contention: Eliminate all but one of the contenders, if more than one sender has the highest
current priority.
● Transmission: Finally, transmit the packet of the remaining node.
Prioritization phase
HIPERLAN 1 offers five different priorities for data packets ready to be sent. After one node has
finished sending, many other nodes can compete for the right to send. The first objective of the
prioritization phase is to make sure that no node with a lower priority gains access to the medium
while packets with higher priority are waiting at other nodes.
Elimination phase
Several nodes may now enter the elimination phase. Again, time is divided into slots, using the
elimination slot interval IES = 212 high rate bit periods. The length of an individual elimination
burst is 0 to 12 slot intervals long, the probability of bursting within a slot is 0.5. The probability
PE(n) of an elimination burst to be n elimination slot intervals long is given by:
● PE(n) = 0.5n+1 for 0 ≤ n < 12
● PE(n) = 0.512 for n = 12
The elimination phase now resolves contention by means of elimination bursting and elimination
survival verification.
Yield phase
During the yield phase, the remaining nodes only listen into the medium without sending any
additional bursts. Again, time is divided into slots, this time called yield slots with a duration of
IYS = 168 high rate bit-periods. Each node now listens for its yield listening period. If it senses
the channel is idle during the whole period, it has survived the yield listening. Otherwise, it
withdraws for the rest of the current transmission cycle.
Transmission phase
A node that has survived the prioritization and contention phase can now send its data, called a
low bit-rate high bit-rate HIPERLAN 1 CAC protocol data unit (LBR-HBR HCPDU). This PDU
can either be multicast or unicast.
WATM

Figure above shows a generic reference model for wireless mobile access to an ATM network. A
mobile ATM (MATM) terminal uses a WATM terminal adapter to gain wireless access to a
WATM RAS (Radio Access System). MATM terminals could be represented by, e.g., laptops
using an ATM adapter for wired access plus software for mobility. The WATM terminal adapter
enables wireless access, i.e., it includes the transceiver etc., but it does not support mobility. The
RAS with the radio transceivers is connected to a mobility enhanced ATM switch (EMAS-E),
which in turn connects to the ATM network with mobility aware switches (EMAS-N) and other
standard ATM switches. Finally, a wired, non-mobility aware ATM end system may be the
communication partner in this example.
Handover
 Handover of multiple connections
 Handover of point-to-multi-point connections
 QoS support
 Data integrity and security
 Signaling and routing support
 Performance and complexity
WATM services:
Office environments: This includes all kinds of extensions for existing fixed networks offering a
broad range of Internet/Intranet access, multi-media conferencing, online multi-media database
access, and telecommuting.
Universities, schools, training centres: The main foci in this scenario are distance learning,
wireless and mobile access to databases, internet access, or teaching in the area of mobile multi-
media computing.
Industry: WATM may offer an extension of the Intranet supporting database connection,
information retrieval, surveillance, but also real-time data transmission and factory management.
Hospitals: Due to the quality of service offered for data transmission, WATM was thought of
being the prime candidate for reliable, high-bandwidth mobile and wireless networks.
Home: Many electronic devices at home (e.g., TV, radio equipment, CD-player, PC with internet
access) could be connected using WATM technology.
Networked vehicles: All vehicles used for the transportation of people or goods will have a local
network and network access in the future.
BRAN
The broadband radio access networks (BRAN) is standardized by the European
Telecommunications Standards Institute (ETSI). BRAN standardization has a rather large scope
including indoor and campus mobility, transfer rates of 25–155 Mbit/s, and a transmission range
of 50 m–5 km. BRAN has specified four different network types (ETSI, 1998a):
 HIPERLAN 1: This high-speed WLAN supports mobility at data rates above 20 Mbit/s.
Range is 50 m, connections are multi-point-to-multi-point using ad-hoc or infrastructure
networks.
 HIPERLAN 2: This technology can be used for wireless access to ATM or IP networks and
supports up to 25 Mbit/s user data rate in a point-to-multi-point configuration. Transmission
range is 50 m with support of slow (< 10 m/s) mobility. This standard has been modified over
time and is presented as a high performance WLAN with QoS support.
 HIPERACCESS: This technology could be used to cover the ‘last mile’ to a customer via a
fixed radio link, so could be an alternative to cable modems or xDSL technologies.
Transmission range is up to 5 km, data rates of up to 25 Mbit/s are supported. However, many
proprietary products already offer 155 Mbit/s and more, plus QoS.
 HIPERLINK: To connect different HIPERLAN access points or HIPERACCESS nodes with
a high-speed link, HIPERLINK technology can be chosen. HIPERLINK provides a fixed
point-to-point connection with up to 155 Mbit/s.
To cover special characteristics of wireless links and to adapt directly to different higher layer
network technologies, BRAN provides a network convergence sublayer. This is the layer which
can be used by a wireless ATM network, Ethernet, Firewire, or an IP network. In the case of BRAN
as the RAL for WATM, the core ATM network uses services of the BRAN network convergence
sublayer.
HiperLAN2
This wireless network works at 5 GHz (Europe: 5.15–5.35 GHz and 5.47–5.725 GHz license
exempt bands. The basic Handover and structure of HiperLAN 2 is given below:

Three handover situations may occur:

 Sector Handover
 Radio Handover
 Network Handover
HiperLAN2 networks can operate in two different modes given below:
 Centralized mode (CM): This infrastructure-based mode is shown again in a more abstract
way in Figure below. All APs are connected to a core network and MTs are associated with
APs. Even if two MTs share the same cell, all data is transferred via the AP. In this
mandatory mode the AP takes complete control of everything.
 Direct mode (DM): The optional ad-hoc mode of HiperLAN2 is illustrated on the ight side
of Figure below. Data is directly exchanged between MTs if they can receive each other,
but the network still has to be controlled. This can be done via an AP that contains a central
controller (CC) anyway or via an MT that contains the CC functionality.
Physical Layer
The main functions are to modulate the data stream, interleave it, and scramble it and to transmit
it.
The Radio Link Control Sublayer does three main services:
 Association control function (ACF): ACF contains all procedures for association,
authentication, and encryption.
 Radio resource control (RRC): The RLC offers procedures to inform all MTs. To
minimize interference with other radio sources operating at the same frequency
(HiperLAN2s or other WLANs) transmission power control (TPC) must be applied by the
RRC.
 DLC user connection control (DCC or DUCC): This service is used for setting up,
releasing, or modifying unicast connections. Multi-cast and broadcast connections are
implicitly set-up by a group/broadcast join during the association procedure.
Convergence layer
HiperLAN2 supports two different types of CLs: cell-based and packet-based. The cell-based CL
expects data packets of fixed size (cells, e.g., ATM cells), while the packet-based CL handles
packets that are variable in size (e.g., Ethernet or Firewire frames). For the packet-based CL
additional functionality is necessary for segmentation and reassembling of packets that do not fit
into the DLC payload of HiperLAN 2.
Bluetooth
Bluetooth wireless technology is a short-range radio technology, which is developed for Personal
Area Network (PAN).
Architecture
Bluetooth operates in the 2.4 GHz ISM band. Bluetooth operates on 79 channels in the 2.4 GHz
band with 1 MHz carrier spacing. Each device performs frequency hopping with 1,600 hops/s in a
pseudo random fashion. Bluetooth applies FHSS for interference mitigation. A piconet is a
collection of Bluetooth devices which are synchronized to the same hopping sequence. One device
in the piconet can act as master (M), all other devices connected to the master must act as slaves
(S). The master determines the hopping pattern in the piconet and the slaves have to synchronize
to this pattern. Each piconet has a unique hopping pattern.

The core protocols of Bluetooth comprise the following elements:

 Radio: Specification of the air interface, i.e., frequencies, modulation, and transmit power.
 Baseband: Description of basic connection establishment, packet formats, timing, and
basic QoS parameters.
 Link manager protocol: Link set-up and management between devices including security
functions and parameter negotiation.
 Logical link control and adaptation protocol (L2CAP): Adaptation of higher layers to the
baseband.
 Service discovery protocol: Device discovery in close proximity plus querying of service
characteristics.
Radio Layer
Bluetooth uses the license-free frequency band at 2.4 GHz. A frequency-hopping/time-division
duplex scheme is used for transmission, with a fast hopping rate of 1,600 hops per second. The
time between two hops is called a slot, which is an interval of 625 μs. Each slot uses a different
frequency. Bluetooth uses 79 hop carriers equally spaced with 1 MHz.
Baseband Layer
The functions of the baseband layer are quite complex; it performs frequency hopping for
interference mitigation and medium access, and also defines physical links and many packet
formats. This layer’s packet format is shown below:
Link manager protocol
The link manager protocol (LMP) manages various aspects of the radio link between a master and
a slave and the current parameter setting of the devices. LMP enhances baseband functionality,
but higher layers can still directly access the baseband. The functions of Link Manager Protocol
are given below:
 Authentication, pairing and encryption
 Synchronization
 Capability Negotiation
 QoS Negotiation
 Power Control
 Link Supervision
 State and Transmission Mode Change
L2CAP
The logical link control and adaptation protocol (L2CAP) is a data link control protocol on top of
the baseband layer offering logical channels between Bluetooth devices with QoS properties.
L2CAP is available for ACLs only. Audio applications using SCOs have to use the baseband layer
directly. L2CAP provides three different types of logical channels that are transported via the ACL
between master and slave:
 Connectionless
 Connection-oriented
 Signalling

From the above figure, the master has a bi-directional signalling channel to each slave. The CID
at each end is 1. Additionally, the master maintains a connectionless, unidirectional channel to
both slaves. The CID at the slaves is 2, while the CID at the beginning of the connectionless
channel is dynamically assigned. L2CAP provides mechanisms to add slaves to, and remove slaves
from, such a multicast group. The master has one connection oriented channel to the left slave and
two to the right slave.
Security
The main security features offered by Bluetooth include a challenge response routine for
authentication, a stream cipher for encryption, and a session key generation. Each connection may
require a one-way, two-way, or no authentication using the challenge-response routine. All these
schemes have to be implemented in silicon, and higher layers should offer stronger encryption if
needed. The security features included in Bluetooth only help to set up a local domain of trust
between devices.
The security algorithms use the public identity of a device, a secret private user key, and an
internally generated random key as input parameters. For each transaction, a new random number
is generated on the Bluetooth chip. Key management is left to higher layer software.
WiMAX
Goal:
 Provide high-speed Internet access to home and business subscribers, without wires.
 Base stations (BS) and subscriber stations (SS)
 Centralized access control to prevents collisions
 Supports applications with different QoS requirements
 WiMAX is a subset of IEEE 802.16 standard
Architecture
Physical Layer
The PHY specification defined for 10–66 GHz uses burst single-carrier modulation with adaptive
burst profiling in which transmission parameters, including the modulation and coding schemes,
may be adjusted individually to each subscriber station (SS) on a frame-by-frame basis.
 Allows use of directional antennas
 Allows use of two different duplexing schemes:
 Frequency Division Duplexing (FDD)
 Time Division Duplexing (TDD)
 Support for both full and half duplex stations
 Adaptive Data Burst profiles
 Transmission parameters (e.g. Modulation, FEC) can be modified on a
frame-by-frame basis for each SS
 Profiles are identified by ”Interval Usage Code”
Medium Access Control
The ATM convergence Sublayer is defined for ATM services, and the packet convergence
sublayer is defined for mapping packet services such as IPv4, IPv6, Ethernet, and virtual local area
network (VLAN). The primary task of the sublayer is to classify service data units (SDUs) to the
proper MAC connection, preserve or enable QoS, and enable bandwidth allocation. Under
Common part Sublayer, three connections reflect the three different QoS requirements used by
different management levels. The first of these is the basic connection, which is used for the
transfer of short, time-critical MAC and radio link control (RLC) messages. The secondary
management connection is used for the transfer of standards-based management messages such as
Dynamic Host Configuration Protocol (DHCP), Trivial File Transfer Protocol (TFTP), and Simple
Network Management Protocol (SNMP). The MAC reserves additional connections for other
purposes.
WiMAX Frame Structure