EECE 542

Wireless LANs
Fall 2003
Comparison of Common Wireless
Protocols
Protocol BW Max. Dist. Channel Cap.Comments
802.11b 2.4 Ghz 300 Ft 11 Mbps First & Common
802.11a 5 Ghz 60 Ft 54 Mbps Not compatable with 802.11b
802.11g 2.4 Ghz 300 Ft 54 Mbps Compatable with 802.11b
Bluetooth 2.4 Ghz 30 Ft 1 Mbps Good for PAN
 Basic Architecture
●
2 modes of operation
– Ad Hoc (peer to peer – no access point)
– Basic Service Set (BSS) NIC + AP
●
BSS with access points can be connected to form
a Extended Service Set (ESS)
●
Service Set Identifier (SSID)
●
Wireless to AP
●
AP's connected over a wired network
 Station Types
●
No-Transition Mobility (move within a single
BSS only)
●
BSS-Transition Mobility (move within one ESS)
●
ESS-Transition Mobility (move from one ESS to
another – standard does not guarantee continuous
communication while transition occurs.
 Physical Layer
●
Infrared PHY defined, but not common
●
Frequency-hopping spread spectrum (FHSS)
– Defined in 802.11 standard (PHY)
– Send using one carrier frequency for a set period of
time, then switch to another frequency for the same
period of time. Typically time period is around 400
ms
– 79 nonoverlapping channels each separated by 1 MHz
– Sender and receiver agree on the sequence with the
layer 2 connection is established
– Allows multiple devices to operate in the same area
– Also make it harder for an intruder to intercept data
 FHSS (cont.)
●
2400-2483.5 MHz (N. America)
●
Uses FSK (GFSK)
●
Data is scrambled by XORing with 127 bit LFSR
(Linear Feedback Shift Register)
●
PHY adds a header with a 16 bit CRC, Preamble
and Start delimiter
●
1 or 2 bits / baud (2 or 4 level FSK)
●
1 – 2 Mbps
 DSSS
●
Also from 802.11
●
Direct Sequence Spread Spectrum
●
Each bit replaced with a sequence of bits called a
chip code.
●
Time must send data faster because you are
sending more bits
●
1 – 2 Mbps (DBPSK or DQPSK)
– Differential Biphase Shift Keying
– Differential Quadrature Phase Shift Keying
 DSSS (cont.)
●
Chipping rate 11 MHz
●
2.4 – 2.4835 GHz
●
Adds preamble, SFD, 16 bit CRC
●
Also scrambles data
 802.11b
●
High-rate DSSS (HR-DSSS)
●
Similar to DSSS
– Different encoding method: complementary code
keying (CCK)
– Encodes 4 or 8 bits into one symbol
– Same Band as DSSS
– Supports 1, 2, 5.5, and 11 Mbps
●
1 & 2 Mbps connections are encoded like DSSS
●
5.5 Mbps uses BPSK to transmit at 1.375 Mbaud/s
(4 bit CCK)
●
11 Mbps transmits using a 8 bit CCK
 802.11a
●
Orthogonal Frequency-Division Multiplexing
(OFDM)
●
Similar to FDM, except all subbands are used by
one source at a given time.
●
5 GHz band (52 subbands)
●
4 control subbands
●
48 subbands for sending
●
Uses PSK (18 Mbps) and QAM (54 Mbps)
●
Not compatible with other wireless protocols
●
Also reduced range compared to a & g
 802.11g
●
2.4-2.497 GHz
●
54 Mbps
●
Uses HR-DSSS/CCK at 1, 2, 5.5, and 11 Mbps
for 802.11b compatibility
●
Uses OFDM at 6, 9, 12, 18, 24, 36, 48, and 54
Mbps
 MAC Layer
●
Why not use CSMA/CD?
– Stations must be able to detect collisions and send
collision notices at the same time (increases required
Bandwidth)
– Hidden station problem: I must see all stations in
order to detect collisions. Stations by be blocked by
another station, obstacles, or distance.
 CSMA/CA
●
1. Sense medium
– Use a persistence strategy with backoff until medium
is idle
●
2. When idle wait for a period of time equal to
the Distributed Interframe Space (DIFS)
●
3. Send an control frame (Request to Send –
RTS)
– Set a timer
●
4. Destination Station receives the RTS, and
waits for a period of time equal to the Short
Interframe Space (SIFS)
 CSMA/CA (cont.)
●
5. Destination station responds with a control
frame called a Clear to Send (CTS)
●
6. Source receives the CTS and waits a period of
time equal to the SIFS before sending data
– Set a timer for the ACK
●
7. Receiving station gets the data, and after
waiting a period of time equal to the SIFS, sends
an ACK
●
If either timer times out, a backup algorithm is
used before retrying the whole thing (starting
back at step 1)
 Collision Avoidance
●
Network Allocation Vector (NAV)
●
When RTS is sent, it includes the duration of the
time that it needs to occupy the channel.
●
Affected stations set a timer called a NAV that
shows how much time must pass before they are
allowed to try to transmit.
●
A station transmitting slowly may slow the entire
BSS.
 More MAC info
●
Fragmentation recommended to avoid
retransmission of large frames.
●
Three frame types:
– Management: initial communication between access
point and station
– Control: Media access, ACK's, etc
– Data: User data
 Frame Format
●
Frame Control (2 bytes)
– Protocol version (2 bits)
– type (00=mgmt,01=ctrl, 10=data)
– Subtype (1011=RTS, 1100=CTS, 1101=ACK)
– To/From DS (Distribution System -- AP)

To DS From DS Addr 1 Addr 2 Addr 3 Addr 4

0 0 Dest. Src BSS ID NA
0 1 Dest. Snd AP Src NA
1 0 Recv. AP Src Dest. NA
1 1 Recv. AP Snd AP Dest. Src
 Frame Format (cont)
●
FC (cont)
– More Flag (1 means more fragments)
– Retry ( 1 means this is a retransmission)
– Power Management (1 means station is in pwr Mgmt)
– More Data (1 means station has more data to send)
– WEP (1 means WEP enabled)
– Reserved (1 bit)
 Frame Format (cont)
●
D (2 bytes) NAV or Id of Frame
●
Addresses 1-3 (6 bytes each)
●
Sequence Control (2 bytes) Sequence number of
Frame
●
Frame Body (0 to 2312 bytes)
●
FCS (4 bytes) CRC-32
 Addressing
●
To/From DS:
– 00: Going from machine to machine, send ACK's directly to
station
– 01: Coming from a DS going to a station, send ACK's to AP
– 10: Going from a station to a DS, send ACK's to station
– 11: DS also wireless. Going from one AP to another. Need to
use all 4 addresses!
To DS From DS Addr 1 Addr 2 Addr 3 Addr 4
0 0 Dest. Src BSS ID NA
0 1 Dest. Snd AP Src NA
1 0 Recv. AP Src Dest. NA
1 1 Recv. AP Snd AP Dest. Src
 Encryption
●
WEP (Wired Equivalent Privacy)
– Shared key encryption scheme
– Headers not encrypted – just frame body and FCS
– Done at layer 2
– Initialization vector (IV of 24 bits)
– May use 64 or 128 bit key = 40 + IV or 104 + IV
– 128 bit was not part of the original standard
– Key may be used for access control (can also change
SSID and use MAC restrictions)
– Considered by some to be very weak
 WEP Issues
●
Relatively short keys
●
IV sent in cleartext – Reuse may cause problems
●
Weak implementation of RC4 algorithm may lead
to attacks that allow the key to be discovered
●
Keys are shared and may leak out
●
No user authentication
 Wi-FI Protected Access
●
WPA
●
IEEE 802.11i in the works
●
Fixes know WEP vulnerabilities
●
Includes better key management, data encryption,
message integrity, and user authentication