Lecture 6: Wireless

Local Area Networks

(IEEE 802.11)
Dr. Reynold Cheng

This lecture is based on the textbook “W. Stallings, Wireless Communications and Networks,
Prentice Hall, 2001”, the slides (prepared by Tom Fronckowiak) and figures provided at the
Web site of the textbook and the lecture slides of Prof. Henry Chan and Prof. Victor Leung.
Class Objectives
 Overview
 Protocol Layers and Frame Format
 Access Control
 Power, Handoff and Security

2
What is IEEE 802.11?
 A wireless LAN protocol operating in the license-free
spread-spectrum radios in the ISM (industrial, scientific
and medical) bands or infra-red transmissions
 A MAC protocol and physical medium specification
developed by the IEEE 802 Committee
 Wi-Fi Alliance: an industry group for certifying
interoperabilty of 802.11 products
 A certified 802.11 product is Wi-Fi certified
 The first widely accepted standard is 802.11b

3
IEEE 802.1 Standards (Table 14.1)

4
Key Features of 802.11 WLANs
 Enable flexible interconnections of workstations, PCs,
notebooks, PDAs, etc., via wireless links among
themselves (ad hoc networks) or to a backbone LAN
(infrastructure networks)
 Infrastructure networks have centralized (cellular)
architecture
 Distributed coordination function (DCF) for contention
services
 Point coordination function (PCF) for contention-free
access
 RTS/CTS exchange to handle hidden terminal and
exposed terminal issues
5
Distributed and Centralized Access
 DCF (Distributed Coordination Function)
 Distribute the decision to transmit over all the nodes using a
carrier-sense mechanism
 Used in ad hoc network of peer workstations
 Good for bursty traffic
 Used in Contention Period
 PCF: (Point Coordination Function)
 Allow regulation of transmission by a centralized decision maker
 natural for connecting wireless stations to a backbone wired LAN
 Useful if some data is time sensitive or high priority
 Used in Contention-free Period
 Stations can be configured in either modes

6
Architecture of 802.11 WLAN

7
Elements of 802.11 WLANs
 Station – device equipped with 802.11 conformant MAC
and physical layer
 Basic service set (BSS) – a set of stations controlled by a
single coordination function that determine when a station
may transmit or receive protocol data units/frames (PDU)
 Access point (AP) – a station that provides access to a
distribution system
 Distribution system (DS) – usually a LAN, that
interconnects a set of BSSs to create an extended service
set (ESS)
 ESS – DS interconnected BSSs that form one logical LAN

8
IEEE 802.11 Services
 Services provided by the station – implemented in every
station including AP
 MSDU delivery – accept MAC Service Data Units
from upper layer at transmitter and deliver them to
upper layer at receiver
 Privacy – data encryption/decryption
 Authentication/De-authentication – protect system from
unauthorized access
 Services provided by the distribution system –
implemented either in AP or special device inside DS
 Association/Dissociation/Re-association – enables
station to power up/down and move within an ESS
 Distribution – data transfer between different BSSs
 Integration – bridging with other IEEE 802.x LANs
9
Class Objectives
 Overview
 Protocol Layers and Frame Format
 Access Control
 Power, Handoff and Security

10
Reference Model for IEEE 802.x

11
IEEE 802.11 Protocol Architecture

LLC
Data link

management
layer MAC
MAC

Station
management

PLCP
Physical PHY
layer management
PMD

PLCP: Physical layer convergence protocol

PMD: Physical medium dependent

12
IEEE 802.11 Protocol Layers
 MAC (Medium access control) sublayer
 Access mechanism
 Fragmentation/reassembly of MSDUs
 MAC management sublayer
 Power management
 Connection management and roaming in ESS
 Physical layer convergence protocol (PLCP)
 Carrier sensing and channel assessment
 Frame formation for sending/receiving info using PMD sublayer
 Physical medium dependent (PMD) sublayer
 Defines modulation and coding techniques for signaling
 PHY management: selection of PHY layer options
 Station management for coordinating interaction between
MAC and PHY layers
13
IEEE 802.11 Services

14
Original 802.11
 Direct Sequence Spread Spectrum (DSSS)
 2.4 GHz ISM (instrumentation, scientific, medical) band
 Maximum 2 Mbps
 Frequency Hopping Spread Spectrum (FHSS)
 2.4 GHz ISM band
 Maximum 2 Mbps
 78 hopping channels for North America and Europe
 Infrared (IR)
 Diffuse infrared transmission for indoor environments at
wavelength between 850 and 950 nm
 1 Mbps (Basic Access Rate)
 2 Mbps (Enhanced Access Rate)
15
Enhanced 802.11
 IEEE 802.11b
 2.4 GHz ISM band, like the original 802.11 standard
 Maximum 11 Mbps
 IEEE 802.11a
 5 GHz U-NII band (Universal Networking Information
Infrastructure)
 Maximum 54 Mbps
 OFDM with up to 52 sub-carriers
 IEEE 802.11g
 2.4 GHz ISM band, backward compatible with 802.11b
 Maximum 54 Mbps

Reference: http://compnetworking.about.com/cs/wireless80211/a/aa80211standard.htm

16
IEEE 802.11 MAC Frame Format

Address: source/destination/sender/receiver address

17
Fields
 Frame control: frame type and control information
 Duration/Connection ID: time (in ms) the channel will be
assigned or the connection identifier
 Address: source/destination/sender/receiver address etc.
depending on the situation
 Sequence control: fragment number (4 bits) for fragment
identification and sequence number (12 bits) for
sequence identification
 Frame body: frame content
 Frame check sequence: error checking (32-bit CRC)

18
Frame Control Fields
 Protocol version: version of the 802.11 protocol
 Type: control, management or data frame
 Sub-type: function of the frame
 To DS: “the frame is sent to DS” (bit=1)
 From DS: “the frame is sent from DS” (bit=1)
 More fragments: more fragments to arrive
 Retry: retransmission of a previous frame
 Power management: the sender is in sleep mode
 More data: the sender has more data to transmit
 WEP: wired equivalent protocol is enabled
 Order: received frames must be handled in order

19
Control Frames Subtypes
 For reliable delivery of data frames
 Power-save-poll (PS-Poll)
 notifies the AP to send the frame(s) stored during the “sleep” period
 Request to send (RTS)
 requests to send data to the receiver (see later)
 Clear to send (CTS)
 allows the sender to transmit data
 Acknowledgment (ACK)
 acknowledges receipt of the previous frame
 Contention-free (CF)-end
 informs the end of the contention-free period
 CF-end + CF-ack
20
 acknowledges the CF-end frame
Data Frames Subtypes
 Data: carries user data (used for both contention and
contention free periods)
 Data + CF-ack: carries user data and acknowledges
receipt of the pervious frame
 Data + CF-poll: used by a point coordinator to send data
to a station and to request the station to transmit data if
any
 Data + CF-ack + CF-poll: all of the above
 Null: no data but notifies the AP that the station has
entered the sleep mode (i.e., the power management bit is
set to 1)
 CF-ack: same as the above but no data
 CF-poll: same as the above but no data
 CF-ack + CF-poll: same as the above but no data
21
Management Frames Subtypes
 For managing communications between stations and APs
 Association request
 a terminal requests to associate with an AP
 Association response
 the AP notifies acceptance or rejection
 Reassociation request
 a terminal requests to associate with an AP when it
moves to another BSS
 Reassociation response
 responds to the reassociation request
 Probe request
 gets information

22
Management Frames Subtypes (cont’d)
 Probe response
 responds to the probe request
 Beacon
 Transmitted periodically to allow mobile stations to
locate and identify a BSS
 Announcement traffic indication message
 announces that there are buffered frames to be sent (to
stations operating in sleep mode)
 Dissociation
 a terminal wants to end an association
 Authentication
 used for authentication purposes (see later)
 Deauthentication
 used for ending a secure session
23
Valid Type and Subtype Combinations

24
Valid Type and Subtype Combinations
(cont’d)

25
Class Objectives
 Overview
 Protocol Layers and Frame Format
 Access Control
 Power, Handoff and Security

26
IEEE 802.11 MAC Architecture
Required for Contention
Free Services
Used for Contention Services
Point and basis for PCF
Coordination
Function
MAC (PCF)
Extent

Distributed
Coordination Function
(DCF)

27
Two Transfer Modes
 Two-way transfer:
A sender transmits data to a receiver.
 The receiver returns an acknowledgement.
 Four-way transfer:
A sender transmits a Request-To-Send (RTS) to a
receiver.
 The receiver returns a Clear-To-Send (CTS).
 The sender transmits data.
 The receiver returns an acknowledgement.
 More reliable than two-way transfer

28
DCF Protocol: CSMA/CA
 Carrier sensing
 Physical sensing of radio frequency (RF) carrier
 Virtual carrier sensing using the network allocation
vector (NAV) signal (i.e., record how long the channel
will remain busy) – enables contention-free access
using RTS/CTS or PCF mechanisms
 Collision avoidance using inter-frame space (IFS) – a
certain amount of delay time to avoid collisions
 A frame is allowed to access the channel only if the
channel has been idle for longer than IFS
 3 types of IFS (discussed later)

29
Contention-based Access (Simplified)

30
Contention Access: Binary Exponential Backoff

 The station sets a random backoff timer (granularity =

time slot = 20 µsec for DSSS).
 The station transmits a frame if the backoff timer expires
and the channel is still idle.
 Binary exponential backoff: the mean value of the
random delay by the backoff time is doubled for each
retransmission.
 Stations with unexpired backoff timer freezes timer when
the channel becomes busy and resumes countdown in the
next contention window.
 Repeated failed attempts will result in longer backoff times
 Successful transmissions are acknowledged with ACKs.
 A frame is retransmitted if the ACK is not received.
31
Refined IFS Priority Scheme
 3 types of IFS:
 Short IFS (SIFS) for immediate response actions, e.g., ACK, CTS
(Clear-To-Send) and poll response (highest priority) – 10 µsec for
DSSS
 PCF IFS (PIFS), used by centralized controller in the PCF scheme
when issuing polls
 DCF IFS (DIFS) for DCF operation, used as a minimum delay for
asynchronous frames contending for access
 DIFS > PIFS > SIFS
 Each type of frame is allowed to access the channel only if the
channel has been idle for longer than the respective IFS

32
Basic Access Method
Immediate access for new
arrival when the medium
is free ≥

Contention Window

Backoff Window Next Frame

Busy Medium

Slot Time
Deferred Access
Select slot using binary
exponential backoff 33
Hidden & Exposed Terminals

Station
D A B C
 Station A wants to send data to station B.
 Station C is hidden from station A, i.e., unable to detect
carrier transmitted from station A.
 Station B is exposed to station C, i.e., transmission from
station C can interfere with reception of station A’s
transmission at station B.
 Station D is hidden from station B and station A is
exposed to station D. 34
 Directed Transfer Using RTS/CTS (four-way transfer)

RTS DATA
Source

CTS ACK
Destination

Contention Window
NAV (RTS)
Other Stations NAV (CTS)
Defer Access Backoff

35
Synchronization and Registration
 System timing synchronization function (TSF) is
maintained by quasi-periodic transmissions of beacon
frames by the AP or by the stations in a distributed
manner.
 Beacon is a broadcast management frame that includes
information such as timestamp, traffic indication message
(TIM), etc., which all stations must receive.
 Beacons can be deferred by data traffic.
 When powered up, a station searches for a beacon with the
largest received signal power.
 It then transmits an association request frame to the AP
that sent the selected beacon.
 The AP returns an association response frame to the station
36
to complete the registration.
Beacon Transmissions

F F F
Traffic

B B B B
Actual
beacons B = Beacon frame
F = Traffic frames

Expected
beacon time

37
Contention-Free Access in 802.11
 Directed transfer using CTS/RTS enables contention-free data
frame and ACK transmissions after initial contention.
 PCF allows AP to coordinate access on a contention-free
basis by polling the stations.
 Contention-free periods (CFP) are repeated at quasi-periodic
intervals – the CFP repetition interval, nominally at the same
interval as the beacons; they can be shortened due to ongoing
data traffic
 In each CFP, stations in PCF mode are polled for traffic.
 Stations in DCF mode set NAV and defer transmissions.
 CFP can be terminated early using a CF-end frame which
terminates the NAV at DCF stations.
38
IEEE 802.11 MAC Timing

39
Class Objectives
 Overview
 Protocol Layers and Frame Format
 Access Control
 Power, Handoff and Security

40
Power Management
 To save power, stations can inform the AP that they are
going to power-save (PS) mode that put them to sleep.
 Incoming data for stations in PS mode are buffered at AP.
 Each PS-mode station wakes up periodically at expected
beacon times to wait for beacon reception.
 TIM in each beacon indicates the set of stations in sleep
mode that have incoming data buffered at AP.
 DCF stations inform AP that they are active by sending a
PS-poll frame to AP and wait for data.
 PCF stations remain active after receiving TIM so that
they can be polled.

41
Handoff Support
 Three mobility types defined:
 No transition: stationary or movement limited to within BSS
 BSS transition: movement within ESS between different BSSs
 ESS transition: movement between different ESSs
 ESS transition usually requires re-registration; existing
connection may be lost.
 BSS transition supports handoff between APs.
 When the radio signal strength (RSS) of the current AP
falls below a threshold, the station scans for beacons of
other APs and compare the RSS to identify candidate APs
to handoff.
 This is called “station-controlled handoff”: a station
dissociates from the old AP and reassociates with the new
AP. 42
Wired Equivalent Privacy (WEP)
 WEP is the encryption technique employed by
802.11 for privacy.
 It employs the RC4 encryption algorithm with 40 or
128-bit secret key shared between the sender and
receiver.
 A secret key with 24-bit initialization vector (IV)
appended is used as the seed for a pseudorandom
number (PN) generator to generate a (PN) bit
sequence with the same length as the MAC frame.
 The PN sequence is bit-by-bit XORed with the
MAC frame and transmitted with the IV.
 The CRC in the MAC frame is used for integrity
check. 43
WEP Operations

44
IEEE 802.11 Authentication
 Open system authentication – simple exchange of
authentication frames with no security benefit.
 Shared key authentication employs WEP in the following
exchange of authentication frames:
 Station (STN) A sends a 128-byte challenge text,
generated using the RC-4 PN generator, to STN B.
 STN B encrypts the challenge text using the shared
secret key and an IV, and send the secret text to STN
A.
 STN A decrypts the text and compare with the original
challenge text – a match proves that STN B knows the
secret key.
 STN A returns a success/failure indication to STN B
and completes the authentication process.
 WPA (Wi-Fi Protected Access) as an improved 45
version over WEP and used in 802.11i