Professional Documents
Culture Documents
Chapter 1
Chapter 1
Chapter 1
Wogayehu Atilaw
2021
Lecture#1
Outlines
Applications
Introduction
What makes difference between wireless LAN vs wired LAN?
Basics of wireless networks
Wireless communication is a fast developing and evolving technology:-
Emerging new technologies
Number of subscribers has been growing tremendously
Information is transmitted over the open air using electromagnetic waves
Connects devices to another or to a network without the need of wires
Advantages
Mobility
Flexibility
Expandability
Lower installation cost
What is a Wireless network?
Wireless networks are computer networks that do not use conventional cables (Ethernet cables).
Instead it uses RF waves as a communication medium, in which data is transmitted over radio
signals operating typically between 2.4GHz -5.0GHz.
Devices stay connected and can roam within the wireless coverage area without being
physically tied to any fixed point.
Wireless LANs (WLANs) use radio frequencies (RFs) that are radiated into the air from an
antenna that creates radio waves.
These waves can be absorbed, refracted, or reflected by walls, water, resulting in low signal
strength.
So because of this essential vulnerability to surrounding environmental factors, wireless
networks will never offer us the same robustness as a wired network.
…
Wireless equipment lists that support WLAN/WMAN/WWAN connection
■ Wireless Voice over IP phones
■ Wireless print servers & Cordless phones
■ Wireless access points, routers, and bridges
■ Radio Frequency Identification devices
■ Wireless presentation gateways
■ Wireless conferencing systems
■ Laptop computers, PDAs, and other mobile wireless client devices
Organizations that guide the wireless industry
There are three primary categories of organizations that guide the wireless industry.
Channels 1, 6, and 11 are the only non-overlapping channels b/n 1 through 11.
Using channels that cause overlap may cause CRC errors, interference and collisions
We should have to use 1, 6, and 11 channels for compatibility of mobile users from other
countries also.
5GHz Channels
The 5 GHZ band
Services.
The Distribution System Medium (DSM) is the medium or set of media used for communications
among APs in the ESS. The most popular medium in use today is certainly Ethernet, but the IEEE
standard allows for the use of other media such as Token Ring or even another form of wireless.
The Distribution System Services (DSS) are composed of the services that provide the delivery of
frame payloads between stations that are in communication with each other over a shared
instance of WM and in the same infrastructure BSS.
WLAN architectures
Two modes of BSSs- the IBSS (Ad hoc network) & Infrastructure mode
When all of the stations in the BSS are mobile stations and there is no connection to a wired
network, the BSS is called an independent BSS (IBSS).
An IBSS is an ad hoc network that contains no access points, which means they cannot connect
to any other basic service set.
Infrastructure Mode
When a wireless AP station is used, an infrastructure BSS (simply called a BSS) is
implemented.
ESS
Two or more basic service sets are connected by a common distribution system.
Independent and Infrastructure basic service sets
Roaming
Roaming is the process or ability of a wireless client to move seamlessly from one cell (or
BSS) to another without losing network connectivity. Access points hand the client off from
one to another in a way that is invisible to the client, ensuring unbroken connectivity.
When any area in the building is within reception range of more than one access point, the
cells’ coverage overlaps.
Overlapping coverage areas are an important attribute of the wireless LAN setup, because it
enables seamless roaming between overlapping cells.
Roaming allows mobile users with portable stations to move freely between overlapping
cells, constantly maintaining their network connection.
Boundaries
A constraint of existing technology is that wired networks are often segmented for
manageability. Enterprises with multiple buildings, such as hospitals or large businesses, often
implement a LAN in each building and then connect these LANs with routers or switch-routers.
This layer 3 segmentation has two major advantages.
First, it contains broadcasts effectively, and second it allows access control between segments on
the network.
This type of segmentation can also be done at layer 2 using VLANs on switches.
The layer 2 connection is still maintained by the access points, but since the IP subnet has
changed while roaming, the connection to servers, will be broken.
Without subnet-roaming capability (such as with using a Mobile IP solution or using DHCP),
wireless LAN access points must all be connected to a single subnet.
(e.g., multi-building campuses, multi-floored high rises, or older or historical buildings) cannot
embrace a single subnet solution as a practical option.
Boundaries…
Access points can't hand off a session when a remote device moves across router
boundaries because crossing routers changes the client device's IP address.
The client is also discovering the WLAN, if it can associate with that wireless
LAN. This process of listening is called scanning.
Scanning occurs before any other process, since scanning is how the client finds
the network.
There are two kinds of scanning: passive scanning and active scanning.
Passive Scanning
Passive scanning is the process of listening for beacons on each channel for a
specific period of time after the station is initialized. These beacons are sent by
access points (infrastructure mode) or client stations (ad hoc mode).
The station searching for a network listening for beacons until it hears a beacon
listing the SSID of the network it wishes to join. The station then attempts to join
the network through the access point that sent beacon.
In configurations where there are multiple access points, the SSID of the network
that station wishes to join may be broadcast by more than one of these access
points. In this situation, the station will attempt to join the network through the
access point with the strongest signal strength and the lowest bit error rate.
Passive Scanning
Active Scanning
Active scanning involves the sending of a probe request frame from a wireless station.
Stations send this probe frame when they are actively seeking a network to join.
The probe frame will contain either the SSID of the network they wish to join or a broadcast SSID.
If a probe request is sent specifying an SSID, then only access points that are
servicing that SSID will respond with a probe response frame.
If a probe request frame is sent with a broadcast SSID, then all access points within reach will
respond with a probe response frame.
The point of probing in this manner is to locate access points through which the station
can attach to the network.
Once an access point with the proper SSID is found, the station initiates the authentication and
association steps of joining the network through that access point.
Active scanning
The information passed from the access point to the station in probe response frames is almost identical
to that of beacons.
Probe response frames differ from beacons only in that they are not time-stamped and they do not
include a Traffic Indication Map (TIM).
Authentication & Association
The process of connecting to a wireless LAN consists of two separate sub-processes.
authentication and association.
For example, when we speak of a wireless PC card connecting to a wireless LAN, we say that
the PC card has been authenticated and has associated with a certain access point.
Association =Layer 2 connectivity
Authentication is the process through which a wireless node (PC Card, USB Client, etc.) has
its identity verified by the network (usually the access point) to which the node is attempting
to connect.
Authentication--- pertains directly to the radio PC card, not to the user.
Understanding the steps involved in getting a client connected to an access point is crucial to
security, troubleshooting, and management of the wireless LAN.
Once a wireless client has been authenticated, the client then associates with the access point.
States of Authentication & Association
The complete process of authentication and association has three distinct states:
1. Unauthenticated and unassociated
2. Authenticated and unassociated
3. Authenticated and associated
Authentication Security
Wired Equivalent Privacy (WEP) protocol was the first IEEE 802.11 standard for the purpose of
providing security which was comparable to wired n/ws.
WEP-40 uses a 40-bit key for encryption. The encryption algorithm used in WEP is RC4.
WEP…
..42
With the rapid increase in processor speeds, cracking WEP has become a very short task, and it can no longer
be considered for protection against any organized attack. The attacks in WEP include the following:
■ Brute force attacks
■ Dictionary attacks
■ Weak IV attacks
■ Reinjection attacks
■ Storage attacks
The brute force attack method is a key-guessing method that attempts every possible key in order to crack the
encryption. With 104-bit WEP, this is really not a feasible attack method; however, 40-bit WEP can usually be
cracked in 1 or 2 days with brute force attacks using more than 20 distributed computers.
The dictionary attack method relies on the fact that humans often use words as passwords.
The key then is to use a dictionary cracking tool that understands the conversion algorithm used by a hardware
vendor to convert the typed password into the WEP key.
WEP..
43
The weak IV attacks are based on the faulty implementation of RC4 in the WEP protocols. The IV is
prepended to the static WEP key to form the full WEP encryption key used by the RC4 algorithm.
This means that an attacker already knows the first 24 bits of the encryption key, since the IV is sent in
clear-text as part of the frame header.
The 802.11 frames that use these weak IVs have come to be known as interesting frames. With enough
interesting frames collected, you can crack the WEP key in a matter of seconds. This reduces the total
attack time to less than 5–6 minutes on a busy WLAN.
What if the WEP-enabled network being attacked is not busy and you can’t capture enough interesting
frames in a short window of time? The answer is a reinjection attack. This kind of attack reinjects ARP
packets onto the WLAN. The program airplay can detect ARP packets by their unique size and does not
need to decrypt the packet. By reinjecting the ARP packets back onto the WLAN, it will force the other
clients to reply and cause the creation of large amounts of WLAN traffic very quickly.
WEP…
44
Storage attacks are those methods used to recover WEP or WPA keys from their storage locations. On
Windows computers, for example, WEP keys have often been stored in the registry in an encrypted form.
WPA & WPA2 (Personal mode)
45
It operates in an unmanaged mode that uses a pre-shared key (PSK) for authentication
Wi-Fi Protected Access Personal Mode (versions 1 and 2) are designed for home and small
office/ home office (SOHO) users who do not have authentication servers available.
A passphrase is manually entered on the access point to generate an encryption key (called the
PSK).
Consequently, it does not scale well in the enterprise.
A PSK of sufficient strength one that uses a mix of letters, numbers, and non-alphanumeric
characters is recommended.
WPA & WPA2 (Personal mode)
46
It supports per-user, per session, per-packet encryption via TKIP/RC4 with WPA or CCMP/AES
with WPA2.
Home and SOHO users should consult a vendor to learn more about deploying WPA-Personal or
WPA2-Personal and PSK for their environments.
WPA2 also supports TKIP v2, which is not compatible with the TKIP v1 used by WPA.
WPA & WPA2 were developed by the Wi-Fi Alliance based upon the IEEE 802.11i amendment.
WPA & WPA2 (Enterprise mode)
47
Enterprise Mode operates in a managed mode to meet the severe requirements of enterprise
security.
It leverages the IEEE 802.1X authentication framework that uses an Extensible Authentication
Protocol (EAP) method with an authentication server to provide strong mutual authentication
between the client and authentication server via the access point or WLAN controller.
In this mode, each user is assigned a unique key mechanism for access to the WLAN. This
affords a high level of individual privacy.
For WPA, TKIP/RC4 encryption is used. TKIP employs an encryption cipher that issues
encryption keys for each data packet communicated in each session of each user, making the
encryption code extremely difficult to break.
WPA & WPA2 (Enterprise mode)
48
For WPA2, CCMP/AES encryption is used. CCMP/AES is stronger than TKIP/RC4, thus
providing additional network protection; however, CCMP/AES requires more processing power
than many legacy WLAN devices provide.
A hardware upgrade to more modern equipment is usually required for CCMP/AES support.
TKIP uses the RC4 encryption cipher originally used in WEP, typically requiring only a
firmware upgrade to most legacy equipment.
WPA2 also supports TKIP v2, which is not compatible with the TKIP v1 used by WPA.
WPA and WPA2 were developed by the Wi-Fi Alliance based upon the IEEE 802.11i
amendment.
Mind u
Types Wireless networks
Types of wireless networks
The classification of wireless networks is similar to wired networks.
Four primary categories based on the area coverage of the wireless network.
Wireless network coverage is defined as the extent of the area to which the wireless signals are
transmitted.
1. Wireless PANs (WPANs)
2. Wireless LANs
3. Wireless MANs (WMANs)
4. Wireless WANs
Wireless network classifications’
WPAN
Wireless Personal-Area Networks (WPAN)
Operate based on the IEEE 802.15
Permit communication in a very short range, of about 10 meters.
Allows small, power efficient, inexpensive solutions to be implemented for a wide range of devices such as
a smartphone and a PDA.
Characterized by low power demands and a low bit rate.
Technologies such as Bluetooth, IrDA, ZigBee or UWB are examples.
Bluetooth is intended for a cordless mouse, keyboard, and hands-free headset.
IrDA is intended for point-to-point links between two devices for simple data transfers and file
synchronization. TV remote sensor
ZigBee is designed for reliable wirelessly networked monitoring and control networks.
UWB is oriented to high-bandwidth multimedia links.
Wireless Local Area Networks (WLANs)
53
Microwave Access).
WiMAX is a communications technology that supports point to multipoint architecture aimed at
station.
As it can operate in two frequency bands WiMAX can work by line-of-sight and non-line-of-
sight.
WWANs
Wireless Wide Area Networks
Extend beyond 50 kilometers and typically use licensed frequencies.
These types of networks can be maintained over large areas, cities, countries, via multiple
Under these circumstances, there is no reason to have the PC card conserve power.
Power Save Polling
Using power save polling (PSP) mode allows a wireless client to “sleep.”
By sleep, we mean that the client actually powers down for a very short amount of time,
perhaps a small fraction of a second.
This sleep is enough time to save a significant amount of power on the wireless client.
In turn, the power saved by the wireless client enables a laptop computer user, for example, to
work for a longer period of time on batteries, making that user more productive.
When using PSP, the wireless client behaves differently within basic service sets and
independent basic service sets.
The one similarity in behavior from a BSS to an IBSS is the sending and receiving of beacons.
Challenges
Co-Channel Interference
Adjacent-Channel Interference
Multipath
Data corruption
Signal nullification
Weather
Challenges
Wireless channel is an unpredictable
Experience‘s random fluctuations in time due to so many reasons (surrounding
objects)
Higher loss rates due to interference
Restrictive regulations of frequencies
Radio spectrum is a scared resource controlled by regulatory bodies– must be
allocated to many different applications and systems
Low transmission rates
can not compete with wired systems in terms of data rates and reliability
Security
Airwaves are susceptible to snooping from anyone with an RF antenna
Challenges…
Mobility management
Locating users
Routing information to users
Medium access
Shared access to the communication channel
Mechanisms that allow users to access a common channel is required
Maintaining quality of service over unreliable link
Disconnection
Low bandwidth
Low power and resource
Applications
Application…
Application….
Application…
N !
IO
N T
TE
AT
U R
YO
O R
F
O U
Y
K
AN
TH
67