Professional Documents
Culture Documents
Introduction Physical Layers MAC Layer Deployment Wireless Equivalent Privacy Wireless Protected Access
Mobile Networks
Wi-Fi Pierre Boulet
Master Informatique spcialit TIIR
20082009
Resources
Course page
http://www.lifl.fr/~boulet/ enseignement/wifi/ http://del.icio.us/pboulet/wifi
Bibliography
Wi-Fi, dploiement et scurit
Aurlien Gron, Dunod http://www.livre-wifi.com/
Why so Late?
Multiple Reasons
Boom of Wi-Fi
Public sensitization to wireless communications
mobile phones
Low bandwidth
today tens of Mb/s compared to several Gb/s for wire networks
A standard
IEEE 802.11 (1997)
theoretical data rate: 1 to 2 Mb/s infrared or RF 2.4GHz (no license in most countries)
No standard
no interoperability dependency on one supplier high prices
Regulations
dependent on the country limit usage, power, technology may impose a license
An association of suppliers
Wi-Fi Alliance quality label: Wi-Fi
WLAN
Wireless Local Area Network
Two modes
Ad Hoc networks
workstations communicate directly
Infrastructure networks
workstations communicate via access points
Wi-Fi at Home
Allow to use the Internet connection from anywhere in the house
usually one access point is enough to cover the whole area
Hotspots
Available in
airports, trains, hotels, restaurants, bars, universities, meeting points in enterprises
Roaming
Lots of WISPs partitioning of the networks Roaming partnerships
to allow the user to buy its connection from one WISP and use any partners network in France: W-Link (Orange, SFR, Bouygues, ...) international networks: Boingo, FatPort virtual WISPs: GRIC Communications, iPass, RoamPoint
Associative Wi-Fi
Idea
share the Internet connection with the other members of the association to cover a large area as a small town Paris sans l, Wi-Fi Montauban
Multi-WISP deployments
one society deploys the network and leaves the exploitation to others examples
Wixos of the Naxos society (RATP) to cover the outside of the Paris metro stations airport of Nantes
Point-to-point Connection
Useful to link to buildings where wiring is not practical Advantages of Wi-Fi
low cost
less than 500e to realize a point-to-point link of several hundred meters
Ethernet
Ethernet cheaper than Wi-Fi
most computers have ethernet connections but not all have Wi-Fi adapters Wi-Fi routers more expensive than classical Ethernet ones wire security much more easy
no license
no declaration, no monthly fee no way to forbid the neighbor to hamper your communications
Often Wi-Fi adds new connection possibilities as an extension to the wire network
Powerline
Data transport over the electrical network
no need for new wires frequency: 1.6 to 30MHz, low power
HomePlug
American standard duplex, 85Mb/s, several tens meters more powerful technologies exist
Advantages
LEDs are cheap data rate can reach 16Mb/s (Very Fast Infrared) secure because directional and low range no interference with radio waves
Drawbacks
low range sensible to obstacles
Laser
used for long distance connections very directional no need for an authorization sensible to weather conditions
Bluetooth
Main technology for WPAN
rst specication by the Bluetooth Special Interest Group in 1999 considered by the IEEE 802.15 group for WPAN frequency band: 2.4GHz
can pass through thin obstacles same as Wi-Fi 802.11b and 802.11g possible interference
ZigBee
Dened by the ZigBee Alliance and considered by the IEEE 802.15 group for WPAN Similar technology than Bluetooth
2.4GHz or 868MHz or 915MHz short distance but low data rate: 20 or 250kb/s
Advantages
great simplicity low cost very low power consumption
Advantages
automatic detection mechanism very easy conguration low power, small size, cheap
Drawbacks
low data rate: 1Mb/s low range
complementary to Wi-Fi
Ultra Wideband
Radio modulation technique
very large band: several GHz compared to Wi-Fi: few tens MHz
Wi-Fi-like Technologies
HiperLAN (High Performance LAN)
developed by ETSI very similar to Wi-Fi but no interoperability
Characteristics
very high data rate low emitting power low distance (less than 10 to 20m)
Enhanced Wi-Fi
802.11b+ and CCK-OFDM, enhancements of 802.11b led to 802.11g
Terrestrial Microwave
Point-to-point connections Need license
expensive extremely high quality reserved frequency no power limitation range > 10km
Under license
3.5GHz or 26GHz expensive and constrained
Characteristics
range: several km data rate: several tens Mb/s capacity: several thousands of user per base station
Mobile Telephony
1G: analog radio connection 2G: digital communication
GSM (Global System for Mobile Communication) in Europe CDPD (Cellular Digital Packet Data) and CDMA (Code Division Multiple Access) in the USA allow voice transport, SMS, WAP (very low data rate for web surng)
WiMAX
quality label for IEEE 802.16 and HiperMAN compatibility mostly point-to-point new versions will handle the hand-over
concurrent to mobile telephony?
2.5G: enhancements to 2G
GPRS (General Packet Radio Service)
max data rate: 171.2kb/s (rather 40 to 60kb/s in practice) expensive
802.11legacy
Three physical layers
infrared
not successful, better use IrDA
3G: others
CDMA2000 in North America and part of Asia TD-SCDMA in China
Evolutions of 802.11
802.11a
5GHz instead of 2.4GHz, OFDM modulation max data rate: 54Mb/s
Electromagnetic waves
Combined oscillation of electric and magnetic elds
radio waves, infrared, visible light, ultraviolet, X-rays, gamma rays transport energy without any physical support
802.11b
2.4GHz, DSSS or HR-DSSS modulation max data rate: 11Mb/s
Essential measures
frequency () = number of oscillations per second (Hz) period (T) = duration of an oscillation (s) = 1/ propagation speed (c) (m/s) in the vacuum: c = 299, 792, 459m/s in the air: c 299, 700, 000m/s wavelength () = travel distance during one oscillation (m) = cT strength
electrical strength (V/m) magnetic strength (A/m)
802.11g
2.4GHz, DSSS, HR-DSSS or OFDM modulation max data rate: 54Mb/s
802.11n
draft appeared in 2006 should not be standardized before July 2007 adds MIMO to 802.11a and 802.11g max data rate: 540Mb/s
Power
measured in Watts (W) depends on strength and frequency Wi-Fi usually limited to 100mW
10 times less than a mobile phone should present no danger for health
mW decibels (dBm)
PowerdBm = 10 log(PowermW ) PowermW = 10
PowerdBm 10
Example
20dBm 100mW
Data Rate
Decreases with SNR
so with distance
Proportional to the width of the frequency band Outside 100m 150m 200m 300m Indoor 10m 15m 20m 30m 802.11b 11Mb/s 5.5Mb/s 2Mb/s 1Mb/s 802.11a or g 54-48-36Mb/s 24-18Mb/s 12-9Mb/s 6Mb/s
Signal/Noise Ratio
very important parameter SNRdB = Power of received signaldBm Power of noisedBm usual 802.11b cards: 4dB for a 1Mb/s sustained communication
Noise sources
natural noise: -100dBm for Wi-Fi frequencies human activities the signal itself
multipath
Shannons Formula
Claude Shannon
has invented the information theory
Fundamental Modulations
Amplitude modulation (AM)
xed frequency carrier wave variation of carrier amplitude in function of the signal possible only if frequency of carrier frequency of signal
Phase modulation
phase corresponds to position in time
measured in
Differential Modulations
DPSK
Frequency-Shift Keying
FM with two frequencies basis of Wi-Fi modulations
Phase-Shift Keying
PM with two phases
Gaussian Filter
GFSK
Wi-Fi
16QAM with 4 bits per symbol (12 phases with 2 amplitudes for 4 of them) 64QAM
Overview
Frequency Hopping Spread Spectrum (FHSS)
used only by 802.11legacy
If unknown sequence
very difcult to intercept communications use by military communications unused by Wi-Fi
Interference resistance
avoid scrambled channels unused by Wi-Fi, used by Bluetooth and HomeRF
DSSS Modulation
802.11legacy
2DPSK for 1Mb/s 4DPSK for 2Mb/s 11bit spreading code: 10110111000 (Baker code) good for synchronization and to avoid multipath problems
Interest
spread spectrum higher data rate and better noise resistance redundancy to allow error correction
802.11b
Complementary Code Keying (CCK) HR-DSSS use up to 64 different spreading codes data rate adaptation
HR-DSSS at 11Mb/s: 8 bits of information for 8 chips HR-DSSS at 5.5Mb/s: 4 bits of information for 8 chips DSSS/Baker 4DPSK at 2Mb/s DSSS/Baker 2DPSK at 1Mb/s
Wi-Fi
14 channels of width 22MHz in the 2.4GHz frequency band need to choose a channel possibility of interferences
802.11 FHSS
Band: 2.4GHz 1MHz channels numbered from 2400MHz Usable channels
Europe: 2 to 83 USA: 2 to 80
Wi-Fi
52 carriers of 312.5kHz each 16.66MHz channel carrier modulation: 2PSK, 4PSK, 16QAM or 64QAM 4 carriers as pilots 48 symbols send simultaneously
No more in use
Usable channels
Europe: 1 to 13 USA: 1 to 11 14 only in Japan
In France
5GHz forbidden outside 8 channels without overlap
36, 40, 44, 48, 52, 56, 60 and 64
Recommendation
1, 6 and 11 available everywhere and do not overlap
Structure of a Frame
MAC layer
fragmentation MAC Protocol Data Unit (MPDU) packets
Preamble
used for synchronization FHSS
80bit for synchronization: 010101. . . 01 16bit Start Frame Delimiter: 0x0CBD
Physical layer
MPDU encapsulated in 802.11 frame Preamble PLCP header MPDU
DSSS
128bit or 56bit (optional for 802.11b) synchronization 16bit SFD: 0xF3A0
OFDM
12 predened symbols
PLCP Header
Physical Layer Convergence Procedure
Network Layer 2
Data Link
IP LLC 802.2 (Logical Link Control) MAC 802.11 (Wi-Fi) 802.11a 802.11b 802.11g
IPX
...
FHSS
Length 12 bits Data rate 4 bits Error control (CRC) 16 bits
... ...
LLC layer
layer 3 protocols independent of underlying protocol several layer 3 protocols can share same network
MAC layer
MAC address denition (same as Ethernet, token ring) wave sharing, association, error control, security
Reminder on Ethernet
Communication over wires
small packets (1500 bytes in general) direct connection or through hubs
Medium sharing
allows broadcast/multicast sensible to denial of service attacks bandwidth sharing
CSMA
Carrier Sense Multiple Access
CSMA/CD
CSMA with Collision Detection
Emission protocol
sense the network wait for silence of a predened duration
DIFS (Distributed Inter Frame Space)
if no equipment talks before the end of the countdown, send the packet otherwise,
interrupt countdown and wait for next DIFS restart countdown
Equal opportunity, simple, efcient under low load Sensitive to collisions under high load
DCF
Distributed Coordination Function
Several strategies
DCF, PCF 802.11e: EDCF, EPCF
DCF
before sending a packet send a very small RTS (Request To Send) packet
contains an estimate of packet emission duration
receiver waits for SIFS (Short Inter Frame Space) receiver sends CTS (Clear To Send) packet after SIFS, sender emits packet after SIFS, receiver sends ACK
DCF Discussion
Only for unicast
broadcast or multicast packets sent without RTS, CTS, ACK
PCF
Point Coordination Function
Advantage: detect most collisions Drawback: loss of bandwidth Why use DCF instead of CSMA/CD?
wireless device are usually half-duplex, so can not detect collisions non transitive view of the network
Does not work well in high load conditions One slow device slows down all the others No support for QoS
PCF Discussion
PCF more predictable and fair
good for synchronous data (multimedia)
802.11e Enhancements
Trafc Classes (TC)
priority (between 4 and 8 levels)
But
loss of bandwidth if many stations have nothing to send not all devices compatible
Enhanced DCF
Arbitration IFS (< DIFS) and CW dened by TC queue by TC on each station transmission opportunity (TXOP)
possibility to send several packets separated by SIFS duration indicated in beacon frames
Enhanced PCF
sequences PCF/EDCF during PCF, AP can decide the order during EDCF, AP can send CF-Poll to any station after PIFS TXOP local parameters sent in MAC header
SIFS < PIFS < DIFS PCF not mandatory and not included in Wi-Fi Alliance interoperability tests
Ad Hoc Mode
Direct communication
no access point Independent Basic Service Set (IBSS)
Infrastructure Mode
Clients connected to network via a Wi-Fi AP
1 AP + its clients = Basic Service Set (BSS) area covered: cell or Basic Service Area (BSA) identied by a 48bit number: BSSID
BSSID = AP MAC address
Drawbacks
difcult conguration
Wi-Fi setup manual IP setup
no dened routing
with a routing software, mesh network
Client/Server Detection
Beacon frame broadcast (by AP)
usually every 100ms contain BSSID, SSID, possible data rates, . . . synchronization information
Authentication
Identication needed before being associated to an AP Open authentication
client send authentication request with required SSID AP always answers success
WEP authentication
AP answers with a challenge
random 128bit number
Comparison
probe request ensures communication is possible in both directions too much probe requests may impact bandwidth
client encrypts the challenge with its WEP key send result to AP in a new authentication request AP can verify with its own WEP key
Association / Reassociation
After successful identication Send association request
list of the handled data rates
AP
allocates unique ID register information in allocation table send acknowledge
Security
SSID masking
weak: sniff probe packets
Fragmentation
error rate: FER = 1 (1 BER)size it can be interesting to fragment packets
threshold parametrized trade-off between FER and overhead
Power Saving
Wi-Fi communications can reduce autonomy up to 80%! Power Save Polling Mode
instead of Continuously Available Mode
Principle
turn off radio between emissions and receptions queue packets till wake up station warn AP of sleeping AP sends in beacon frames the list of stations it has queued some packets for (Trafc Indication Map) if stations has queued packets, ask the AP for them (PS-Poll) otherwise, go back to sleep mode
Special case for broadcast and multicast trafc Important power saving but no more QoS
Deployment
See http://www.jres.org/tutoriel/ Reseaux_sans_fil.livre.pdf by Daniel Azuelos, a tutorial made at JRES 2005.
Wireless Security
Fundamental qualities
condentiality integrity availability non repudiation
Common attacks
war-driving spying intrusion denial of service message modication
Solutions
First solutions
limit overowing deployment avoid pirate access points limit temptation by a good coverage radio supervision mask the SSID MAC address ltering VLANs WEP cryptography isolate the wireless network from the wired network use VPNs
Principle
Everybody shares a common key
key length: 40 or 104 bits key format: hexadecimal or text possibility of key generation from a password
New solutions
LEAP (Cisco) and proprietary solutions, WPA, 802.11i (WPA2) all based on 802.1x, itself based on EAP use an authenticating sever, nearly always RADIUS
Key Rotation
Mechanism to allow key changing
not possible to change all keys at the same time! solution: up to 4 keys at the same time
all can be used for reception only the active one can be used for emission
Individual Keys
Principle
each user has its own key APs know all the keys AP use MAC address to choose the key
Very heavy system Isolation of the communications from the other users Broadcast and multicast
users use individual key to AP AP use shared key for such trafc each station must know individual and shared key
Conguration
4 keys to allow changing of shared and individual keys few AP can handle individual keys key handling so heavy that nearly never used
RC4
Rivest Cipher 4
Integrity Control
CRC Used in SSL and WPA
a good tool! protects from transmission errors but not from pirates
can be recomputed for a modied message
Cryptographic Weaknesses
RC4 key repetition
length IV = 24 too small! as soon as two packets with same IV received, pirate knows part of the messages independent of WEP key length
Decryption dictionary
If pirate gets clear text and encrypted message
can deduce the RC4-generated bit stream for the used IV make a dictionary of these bit streams (less than 30GB) how to get these clear text messages?
Ping requests
response to a ping is an echo of the request different responses are encrypted with different IVs how to generated ping requests?
replay not very good method
Weak Keys
Weakness of RC4
rst bits of the pseudo random stream have a high probability to correspond to some bits of the key drop rst 256 bytes
Advantages
no need to send messages on the network can be faster than the dictionary attack at the end: WEP key vs 30GB dictionary
Conclusion on WEP
Free software tools exist to exploit attacks against
cryptographic weaknesses integrity check and dont forget authentication
Strong authentication
use 802.1x based on EAP necessitate an authentication server
RADIUS
General Presentation
Goals
solve the security problems of WEP in a way that old devices dont have to be replaced
rmware update use RC4
RC4 Key
16 last bits of IV + 8 bits against weak keys || changing part for each packet (104 bits)
104-bit part = hash(IV, PTK, MAC sender)
IV distribution
rst 32 bits send before encrypted data last 16 bits + 8 bits against weak keys in place of WEP IV
New features
more powerful integrity control (Michael protocol) 48 bit IV instead of 24 bits (no reuse of RC4 keys) mechanism to avoid weak RC4 keys encryption key different for each packet IV used to counter replay attacks better key distribution mechanism
computed on MSDU
before fragmentation
IEEE 802.11i
ratied in June 2004 names
802.11i, WPA2, WPA/AES
CCM
Counter-Mode + CBC-MAC
Counter-Mode
a counter is continuously incremented that counter is encrypted by AES resulting bit stream message
main drawback
necessitate new devices
CCMP
CCM Protocol
CCMP Details
MIC = CBC (
MAC header (with zeros replacing variable parts) CCMP header (with zeros replacing variable parts) clear text data zero padding)
MAC sender 6B
PN 6B
Counter 2B
ID
PN2
PN3
PN4
PN5 CRC 4B
CCMP packet structure MAC CCMP Encrypted header header data 30B 8B 0 to 2296B
Encrypted MIC 8B
Mixed Modes
Possibility to deploy mixed-mode Wi-Fi networks
WEP + WPA TKIP + AES
AAA Methodology
Authentication, Authorization, Accounting
Authentication
compare the references of the user with a database grant access to the network if data correspond
Authorization
control resource access by an authenticated user point of policy enforcement
Accounting
measure and log resource activities may be used for
billing analysis of the usage for capacity prevision or maintenance strategy
RADIUS Protocol
Remote Authentication Dial-In User Service
Key Mechanisms
Network security
communication between RADIUS client and server authenticated by shared secret user passwords encrypted
Involved entities
user trying to get access to the network network access server (NAS)
transmit the user informations to the RADIUS server grant access to the network if authorized by the RADIUS server
Extensible protocol
transaction = Attribute-Value-Length tuple possibility to dene new attributes attributes used for authorization and accounting
RADIUS server
handle the connection requests from the user give to the NAS all the needed informations to give access to the required resources can act as a proxy to other RADIUS servers
Architecture
3 participants
user, NAS, authentication server
EAP Origin
PPP (Point-to-Point Protocol) PPP authentication methods
PAP (Password Authentication Protocol): clear text password CHAP (Challenge Handshake Authentication Protocol): MD5 hash of challenge, counter, password MS-CHAP: password hashed on server by proprietary algorithm, security weaknesses MS-CHAP-v2: mutual authentication, widely used on windows networks since Windows 2000
EAP Packets
4 packet types
Request: S C, ask for an information based on an authentication method chosen by the server Answer: C S, if authentication method not handled, propose a list of alternatives Success Failure
Weaknesses
sensitive to off-line dictionary attacks no possibility to use non password based authentication
EAP Methods
EAP allows many authentication methods
list not closed
RADIUS encapsulation
between access point and RADIUS server
EAP/SIM: use the SIM card of the portable phone EAP/TLS: Transport Layer Security
new version of SSL (RFC 2246) mutual authentication by certicates in EAP: only authentication, no use of the TLS tunnel heavy deployment (PKI)
advantages
easy deployment (only server certicate) id of the user hidden
EAP Security
Attack of the EAP method
off-line dictionary attacks MD5, MS-CHAP-v2, OTP on-line dictionary attacks PEAP/MD5, PEAP/MS-CHAP-v2, PEAP/OTP
easy to protect
Man-in-the-Middle attacks
only protection: strong session encryption
pirate has no way to get the keys
WPA Personal
Pre-Shared Key (PSK)
manually congured in each equipment
WPA Enterprise
Use 802.1x
install and congure an EAP compatible RADIUS server congure every equipment with WPA/WPA2 and 802.1x choose one or several EAP method and congure the clients and server
Connection Sequence
Wi-Fi association
open authentication association with AP
802.1x authentication
client send EAPoL-Start authentication sequence accord on a 256-bit key: Pairwise Master Key (PMK) RADIUS server send PMK to AP RADIUS server send success to client (and AP)