Paper8

INTRODUCTION

W ireless LAN ( WLAN ) is a flexible data communication system implemented as an extension to a wired
LAN within a building or campus. WLANs transmit and receive data over the air by electrical signals,
minimizing the need for wired connections. The advent of WLAN opened up a whole new definition of what
a network infrastructure can be. No longer does an infrastructure need to be solid and fixed, difficult to
move and expensive to change. Instead it can move with the user and change as fast as the organization
does.

Thus WLANs combine data connectivity with user mobility. Today it provides wireless access to vital
network resources such as large, multi location enterprises, small and medium enterprises as well as
hotels and hospitals, airports and homes. They are being widely recognized as viable, cost effective
general purpose solution in providing real-time access to information and are reshaping the local area
network landscape.

Wireless LANs are based on a set of technologies known by the IEEE specification number, 802.11 or by its
synonymous trademarked name, Wi-Fi™ and is gaining popularity due to fact that it operates in the
unlicensed ISM(Industrial Scientific & Medical) band (2.40 GHz to 2.484 GHz, 5.725 GHz to 5.850 GHz)

CHOICE OF WIRELESS TECHNOLOGY

The widespread reliance on networking in business and the meteoric growth of the Internet and online
services are strong testimonials to the benefits of shared data and shared resources. With wireless LANs,
users can access shared information without looking for a place to plug-in. Wireless LAN offers the
following productivity and convenience over Wired Networks:

? Mobility

? Installation Speed and Simplicity

? Installation Flexibility

? Reduced C ost of Ownership

? Scalability

THE TECHNOLOGY

Wireless LANs are based on a set of technologies known by the IEEE specification number, 802.11 which
was finalized in June 1997.The figure indicates the model developed by the 802.11 working group.

Wireless LANs use electromagnetic airwaves (radio or infrared) to communicate information from one point
to another without relying on any physical connection. Radio waves are responsible for delivering energy to
a remote receiver. The data being transmitted is superimposed on the radio carrier so that they can be
easily

extracted at the receiving end. Once data is superimposed (modulated) onto the radio carrier, the radio
signal occupies more than a single frequency, since the frequency or bit rate of the modulating information
adds to the carrier.

Multiple radio carriers can exist in the same space at the same time without inferring with each other if the
radio waves are transmitted on different radio frequencies. To extract data a radio receiver tunes in one
radio frequency while rejecting all other frequencies.

The smallest building block of a wireless LAN is a Basic Service Set (BSS), which consists of some number
of stations executing the same MAC protocol and competing for the access to the same shared medium. A
BSS may be isolated or it may connect to a backbone distribution system through an Access Point (AP)
which in a typical LAN configuration, is a transmitter/receiver (transceiver) device. The Access Point
functions as a bridge. It receives buffers and transmits data between the wireless LAN and the wired
network infrastructure. A single Access Point can support a small group of users and can function within a
range of less than one hundred to several hundred feet. The Access Point (or the antenna attached to the
AP) is usually mounted high but may be mounted essentially anywhere as long as radio coverage is
obtained. End user access the Wireless LAN through Wireless-LAN adapters, which are implemented as PC
cards.

An Extended Service Set (ESS) consists of two or more basic service sets interconnected by a
distribution system. The ESS appears as a single logical LAN to the Logical Link Control (LLC ) level.

The standard defines three types of stations based on mobility:

? No Transition

? BSS Transition

? ESS Transition

The typical IEEE 802.11 protocol stack for WLAN is shown as below

Typical 802.11 protocol stack

IEEE has also given some standards for Wireless LAN. They are as follows

Standard Operating frequency Maximum Data Rate

IEEE 802.11 ? Frequency Hopping Spread

Spectrum in 2.4 GHz Band

? Direct Sequence Spread 1 or 2 Mbps

Spectrum in 2.4 GHz Band

? Infra Red

IEEE 802.11b ? Direct Sequence Spread 5.5 or 11 Mbps

Spectrum in 2.4 GHz Band

IEEE802.11a ? Orthogonal Frequency Division Up to 54 Mbps

Multiplexing in 5 GHz Band

Just as wired 802.3 Ethernet network, stations in an IEEE 802.11 wireless LAN must coordinate their access
and use shared communication media. Once again this is the job of the Medium Access C ontrol (MAC
protocol). In the 802.11 specification the physical layer monitors the energy level on the radio frequency to
determine whether or not another station is transmitting and provides this information to MAC protocol. If
channel is sensed idle for an amount of time equal to or greater than the Distributed Inter Frame Space
(DIFS), a station is then allowed to transmit. This frame will be successfully transmitted to the destination if
no interference occurs.

When a receiving station receives the complete frame it waits for a short period of time and sends an
explicit acknowledgement frame back to the sender. This Data Link Layer acknowledgement lets the
sender know that the receiver has indeed correctly received the sender's data frame. The transmission of
a frame by a sending station and its subsequent acknowledgement by the destination station is as shown in
figure.

Data Transmission and acknowledgement in IEEE 802.11

Wireless LANs are generally categorized according to the transmission technique that is used. Each
technique comes with its own set of advantages and limitations.

They fall under the following categories:

Narrowband Technology

Narrowband radio system transmits and receives user information on a specific radio frequency.
Undesirable crosstalk between communication channels is avoided by carefully coordinating different users
on different channel frequencies. In this system privacy and noninterference are accomplished by the use
of separate radio frequencies. The receiver filters out all radio signals except the ones on its distinguished
frequency.

SPREAD SPECTRUM TECHNOLOGY

Most wireless LAN systems use spread spectrum technology. Designed to trade off band-width efficiency
for reliability, integrity, and security. More bandwidth is consumed as compared to Narrowband Technology
but the signal produced is louder and thus easier to detect provided that the receiver knows the
parameters of the spread spectrum signal being broadcast.

frequency hopping spread SPECTRUM TECHNOLOGY

F requency hopping spread spectrum (FHSS) uses a narrowband carrier that changes frequency in a
pattern known to both transmitter and receiver. Properly synchronized, the net effect is to maintain a
single logical channel. To an unintended receiver, FHSS appears to be short-duration impulse noise.

DIRECT-SEQUENCE SPREAD SPECTRUM TECHNOLOGY

Direct-Sequence spread spectrum (DSSS) generates a redundant bit pattern for each bit to be transmitted.
This bit pattern is called CHIP (C hipping C ode). The longer the chip the greater the probability that the
original data can be recovered. To an unintended receiver, DSSS appears as low power wide band noise
and is rejected by most narrowband receivers.

INFRARED TECHNOLOGY

Infrared (IR) systems use very high frequencies just below visible light in the electromagnetic spectrum to
carry data. IR is either directed or diffused technology. Inexpensive directed systems provide very limited
range and are used for personal area networks.

Wireless-LAN Configuration

A WLAN can be configured in two basic ways:

? Peer- to –Peer (ad hoc mode):

An ad hoc network is peer-to-peer network (no centralized server) set up temporarily to meet some
immediate need. This mode consists of two or more PC s equipped with wireless adapter control but with no
connection to a wired network.

Ad-hoc LAN

? Client/Server (infrastructure networking):

Offering fully distributed data connectivity, this mode typically consists of multiple PC s linked to a central
hub that acts as a bridge to the resources of the wired network. The carrier waves transporting the data
will not interfere with each other, as long as they are sent out on different frequencies. At the other end of
the communication, a radio receiver tuned to a specific frequency will "hear" only the messages on that
frequency. All other signals will be treated as noise and ignored. Most WLANs use the 2.4 Gigahertz (GHz)
frequency band. C ountries around the world have set aside this portion of the airwaves for unlicensed
devices.

Infrastructure Networking

THE WLAN TOPOLOGY

The basic building block of the wireless LAN is the cell. This is the area in which the wireless
communication takes place. The coverage area of a cell depends on the strength of the propagated radio
signal and the type and construction of the walls, partitions and other physical characteristics of the indoor
environment. PC-based workstations can move freely in the cell.

Wireless LAN C onnectivity

Each Wireless LAN cell requires some communications traffic management. This is coordinated by an
Access Point which communicates with each wireless station in its coverage area. Stations also
communicate with each other via the AP so communicating stations can be hidden from one another. In
this way, the AP functions as a relay, extending the range of the system.

The AP functions as a bridge between the wireless stations and the wired network and the other wireless
cells. C onnecting the AP to the backbone or the other wireless cells can be extended by cascading several
wireless links one after the other. When any area in the building is within the reception range of more than
one access point the cells' coverage is said to overlap. Each wireless station automatically establishes the
best possible connection with one of the access point.

The Roaming facility allows mobile users with portable stations to move freely between overlapping cells,
constantly maintaining their network connection. Roaming is seamless; a work session can be maintained
while moving from one cell to another. Multiple access points can provide wireless coverage for an entire
building or campus. When coverage area of two or more APs overlap, the best possible connection is
established. In order to minimize packet loss during switch over, the “old” and “new” APs communicate to
co-ordinate the process.

THE SECURITY ISSUE

One of the most frequently asked questions put to wireless local-area network (WLAN) vendors is, " what
about security? "

The normal Wired LAN is highly secured since the communication medium is well guided by a cable usually
inside a building. But that is not the case for wireless medium since the radio waves penetrate outside the
building & spread out in the atmosphere, creating a risk that their network can be hacked from anywhere
outside. Hence WLAN expects WLAN user to be authenticated. The designers of IEEE802.11b tried to
overcome the security issue by devising a user Authentication and Data Encryption system known as
Wired Equivalent Privacy (WEP). WEP has got the following properties for providing adequate security
to Wireless LAN:

? Reasonably Strong Encryption ? Self Synchronizing

? Efficient ? Exportable

WEP – THEORY OF OPERATION

The process of disguising (binary) data in order to hide its information content is called encryption (denoted
by E). Data that is not enciphered is called plaintext (denoted by P) and data that is enciphered is called
ciphertext (denoted by C ). The process of turning ciphertext back into plaintext is called decryption
(denoted by D). A cryptographic algorith m, or cipher, is a mathematical function used for enciphering or
deciphering data. Modern cryptographic algorithms use a key sequence (denoted by k) to modify their out-
put. The encryption function E operates on P to produce C:

E k (P) = C

In the reverse process, the decryption function D operates on C to produce P:

D k (C) = P

As illustrated in the figure below, note that if the same key can be used for encryption and decryption then

D k (E k (P)) = P

Generic Encryption / Decryption

Referring to above figure and viewing from left to right, encipherment begins with a secret key that has
been distributed to cooperating STAs by an external key management service. WEP is a symmetric
algorithm in which the same key is used for encipherment and decipherment.

The secret key is concatenated with an initialization vector (IV) and the resulting seed is input to a
PRNG. The PRNG outputs a key sequence k of pseudorandom octets equal in length to the number of
data octets that are to be transmitted in the expanded MPDU plus 4 [since the key sequence is used to
protect the integrity check value (IC V) as well as the data]. Two processes are applied to the plaintext
MPDU. To protect against unauthorized data modification, an integrity algorithm operates on P to produce
an IC V. Encipherment is then accomplished by mathematically combining the key sequence with the
plaintext concatenated with the IC V. The output of the process is a message containing the IV and cipher
text. The WEP PRNG (WEP uses the RC 4 PRNG algorithm from RSA Data Security, Inc.6) is the critical
component of this process, since it transforms a relatively short secret key into an arbitrarily long key
sequence. This greatly simplifies the task of key distribution, as only the secret key needs to be
communicated between STAs. Apart from WEP, WLAN security may be enhanced using several
mechanisms end to end security such as Remote Authentication Dial-In User Service (RADIUS), Firewall
etc. or some proprietary encryption.

One of the standards that IEEE has drafted for enhancing security is 802.1 x which is designed to provide
enhanced security for users of 802.11b WLAN.

IEEE 802.1x (Port based authentication)

WLAN security can be broken down into three components –

? Authentication Mechanism,

? Authentication Algorithm ,

? Data Frame Encryption .

IEEE defines a port based authentication. The IEEE 802.1x frames are treated as authentication message
carriers. When the client starts establishing wireless connection it sends the authentication messages inside
the IEEE frame to the Access Point (AP). The AP then forwards the authentication message to the
authentication server. The authentication server is configured with the required information to authenticate
the client. It accepts or rejects the packets and thus replies to the AP whether the client is an authorized
user or not.

The AP accepts the messages only when the authentication server authenticates the client. IEEE 802.11
also has a built in key management protocol that dynamically distributes the WEP keys. This feature can be
used by the AP to periodically pass on a new key to client. The new key is used both by the client & by the
AP for WEP encryption/decryption of the subsequent data packets exchanged, thus achieving higher
security.

IEEE 802.11i (Advanced encryption standard)

Another WLAN security specification IEEE802.11i is under development. This standard also called as
Advanced Encryption Standard (AES) is replacement for WEP.IEEE 802.11i incorporates an entirely new
privacy algorithm & authentication mechanism. It uses the properties of RC 4 & WEP algorithms. The AES
standard relies on Rijndael symmetric encryption algorithm. It supports key sizes of 128 bit, 192 bit, 256
bit.

REAL WORLD APPLICATIONS OF WLAN

Wireless LAN frequently augment rather than replace wired LAN networks often providing the final few
meters of connectivity. The following list describes the applications made possible through the power and
flexibility of wireless LANs:

? Network managers implement wireless LAN to provide backup for mission-

critical application running on wired network.

? Training sites at corporations and students at universities use wireless

connectivity to ease access to information.

? Doctors and nurses in hospitals are more productive because hand held

computers with wireless LAN capability deliver patient information instantly.

? Students holding class on a campus access the catalog of the library.

? Warehouse workers use wireless LANs to exchange information with central

database, thereby increasing productivity.

? Network managers installing networked computers in order buildings find that

wireless LANs are a cost-effective network infrastructure solution.

CONCLUSION

Thus wireless LANs has gained strong popularity in a number of vertical markets, including the health care,
retail, manufacturing, warehousing and academia. Today Wireless LANs are becoming more widely
recognized as a general purpose connectivity alternative for a broad range of people.

As wireless LANs (WLANs) continue to grow in popularity, particularly in enterprise networks, the ability to
do away with massive amounts of cabling to the desktop is one very obvious advantage. There are many
more. Mobile, ubiquitous access to enterprise IT systems throughout the global enterprise yields a more
productive and efficient workforce, allowing employees to access resources without being tethered to a
traditionally static wired network connection.

The diligent management of security is essential to the operation of local-area networks, regardless of
whether they have wireless segments or not. It¹s important to point out here that absolute security is an
abstract, theoretical concept - it does not exist anywhere. All LANs are vulnerable to insider curiosity,
outsider attack, and eavesdropping. No one wants to risk having the LAN data exposed to the casual
observer or open to malicious mischief. Regardless of whether the networks are wired or wireless, steps
can and should always be taken to preserve network security and integrity.

It should be clear from the discussion above that wireless LANs can take advantage of all of the security
measures available on wired LANs, and then add additional security features not available in the wired
world. The result? That surprising conclusion that wireless LANs can be, in fact, more secure than their
wired counterparts.

With the emergence of a converged standard for wireless local area networks (WLAN), the stage is set for
a multimode marketplace. Much like its wired predecessor, wireless Ethernet (802.11) will flourish in an
environment characterized by multimode operation. C onverging the separate 10- and 100-megabit per
second technologies of wired Ethernet into the now familiar 10/100 networks accelerated the market's
acceptance of wired Ethernet. The same should be expected of WLAN technology and the merging of the
802.11b and 802.11a versions of the standard into 802.11g.

BIBLIOGRAPHY

? Data & C omputer C ommunications by William Stallings.

? C omputer Networking A Top Down Approach by James F. Kurose

? Website utdallas.edu.

C ollected and C reated by youtrick.com .....