P. 1
Improving Reception in the SparkNet WLAN Environment

Improving Reception in the SparkNet WLAN Environment

|Views: 86|Likes:
Published by huurretursas
Master's thesis from 2007.
Master's thesis from 2007.

More info:

Categories:Types, School Work
Published by: huurretursas on Oct 20, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less






Improving Reception in the SparkNet WLAN Environment

Master of Science in Technology Thesis University of Turku Department of Information Technology Communication Systems 2007 S. Sormunen Instructors Seppo Virtanen Jarkko Paavola Esa Aarnio Jens Mach

Index 1. Introduction.............................................................................................................. 1 1.1. SparkNet.................................................................................................... 2 1.1.1. Functionality and Security............................................................. 2 1.1.2. Authentication................................................................................ 2 2. The IEEE 802.11 Standard for Wireless Networks.................................................. 4 2.1. Fundamental Model of the WLAN............................................................ 6 2.2. 802.11 Services.......................................................................................... 8 2.2.1. Distribution System Services............................................................ 8 2.2.2. Station Services.................................................................................9 2.3. Logical Link Control..................................................................................10 2.4. MAC Layer................................................................................................ 11 2.4.1. Data Service Reliability and Error Handling.................................... 11 2.4.2. Access Control.................................................................................. 12 Distributed Coordination Function............................................. 12 Point Coordination Function....................................................... 15 2.4.3. MAC Frame Format..........................................................................16 2.4.4. MAC Frame Types............................................................................19 2.4.5 Synchronization................................................................................. 21 2.4.6 Security.............................................................................................. 21 Authentication.............................................................................. 21 WEP............................................................................................ 22 802.11i.........................................................................................23 2.5. Physical Layer............................................................................................ 24 2.5.1. Overview........................................................................................... 24 2.5.2. Spread Spectrum Systems................................................................. 25 Frequency-Hopping Spread Spectrum........................................ 25 Direct-Sequence Spread Spectrum..............................................26 2.5.3. Orthogonal Frequency Division Multiplexing.................................. 30 2.5.4. Infrared.............................................................................................. 33 2.5.5. Multiple Input Multiple Output OFDM............................................ 34 2.5.6. Convergence of the Physical Layer...................................................35 2.6. Rate Selection.............................................................................................37 2.7. 802.11 Protocol Types............................................................................... 37 2.7.1. 802.11a.............................................................................................. 37 2.7.2. 802.11b............................................................................................. 37 2.7.3. 802.11g..............................................................................................38 2.7.4. 802.11n..............................................................................................39 2.8. 802.11 Hardware........................................................................................ 40 2.9. Interference, Fading, and Signal Blocking.................................................42 3. Systematic Approach to Improving Network Coverage and SNR........................... 44 3.1. Optimal Access Point Lattice.....................................................................44 3.2. Common Problems and Example AP Scenarios........................................ 46 3.2.1. Ekahau Site Survey and Its Simulation Properties.........................46

3.2.2. Example Scenarios......................................................................... 48 3.3. Case Study: Creating a Well-Functioning WLAN for a Library............... 55 3.3.1. Initial Situation and First Simulation............................................. 55 3.3.2. First Phase of Implementation........................................................64 3.3.3. Second Phase..................................................................................69 3.3.4. Third Phase.....................................................................................75 3.4. Case Study Conclusions and AP Arrangement Guidelines........................79 4. Conclusions............................................................................................................... 81 5. References................................................................................................................. 84 6. Appendix 1. List of Acronyms..................................................................................87


1. Introduction
Building large-scale wireless network (WLAN) systems has become popular in the recent years due to the growing need for wireless Internet access and the drop in equipment prices. Such bodies as educational institutions and commercial corporations have implemented networks where, say, a multi-store penthouse may have a wireless link access practically everywhere. Some research has so far been done about the optimizing of such networks, and even a few commercial tools are available. However, often the staff managing and being responsible for the installation of such systems lack a methodical approach to constructing one from scratch or honing existing ones. How to place the access points, so that good signal coverage could be ensured everywhere? How to minimize interference? Is the system optimal? What is the worstcase situation? Questions like these may pop up when a new installation is planned. Nevertheless, often in the end the actual placement of the WLAN access points is done mostly manually, relying on guesswork and mentality similar to "I have a good feeling it will work here." This in most cases leads to sub-optimal systems, where interference is high and link quality poor even when maximum capacity is hardly reached. The University of Turku employs a WLAN strategy called SparkNet with 802.11b/g technologies [1]. Up to the date, there has not been a systematic approach to installing the access points and optimizing the reception. The purpose of this thesis is to propose such an approach, and give a proof of its efficient functionality through a practical implementation. Also, the major tool the University of Turku uses for measuring the various features of wireless signals, Ekahau Site Survey, is put into test as a simulation tool. The influences of different antenna types and construction materials -- such as walls, ceilings, etc. -- to signal-to-noise ratio (SNR) and coverage are also considered. A multiaccess, multi-user WLAN system is, after all, a complex entity where everything affects everything else. Hence it is not sufficient to merely take a theoretical outlook on these matters, but real-life tests are mandatory in order to suit an 'optimal' solution to nonoptimal circumstances. Real-life environment is always lossy, and it should be remembered that no theoretically optimal system will likely be able to perform ideally in such conditions. The thesis is divided in two parts. Firstly, the theoretical basis for 802.11 systems is considered. The second part is devoted to proposing, simulating, and implementing an


optimal WLAN system model. The conclusions gathered from this experiment will help pushing future system installations closer to optimal performance. 1.1. SparkNet SparkNet is, up to date, the largest wireless network system in Finland. It was established in April 2003 as a partnership project between the University of Turku and MPMasterPlanet Ltd. when they joined their virtual local area network (VLAN) segments. Hence the foundation for the wireless network was acquired. The first base stations were connected to the network in the following May, and thereafter SparkNet became operational. A cooperation agreement was made between the previous counterparts, City of Turku, and several municipalities (Åbo Akademi, etc.) fall 2003. [2] As SparkNet's operation increased, new products were introduced spring 2004. MPMasterPlanet Ltd. developed novel concepts for different kinds of organizations, which included for instance SparkNet Enterprise and Business Solution. [2] The network gained even more range spring 2005, when OpenSpark, a wireless network for home users, was introduced. First OpenSpark users could only use the specialized OpenSpark access points and a few public hotspots. Later however the whole functionality and services of SparkNet were extended to this subsystem. [2] Currently SparkNet has over 1100 access points, and serves over 100,000 users in both private and public communications. It supports such applications as video conferencing, VoIP, document sharing, and WebTV. [2] 1.1.1. Functionality and Security The SparkNet WLAN solution uses the existing wired backbone networks to establish either wired or wireless connections, the latter naturally made through a wireless access point. Virtual network segments have been separated from the backbone, and they have been combined into a single entity, SparkNet. Two wireless protocols are currently in use: IEEE 802.11b and 802.11g. This infrastructure network is of the open type, which means there is no encryption present to shield common data traffic outside SSLencrypted websites. If a need for encrypted connections arises, the setting up of a virtual private network or some other tunneling mechanism is recommended. [1], [3] 1.1.2. Authentication In order to utilize SparkNet, the user needs a private user ID and a password, which are automatically supplied by the University of Turku or a collaboration partner if the user belongs to the staff, student body, or some other privileged collaborator party. Also purchasable, temporal guest IDs are available for, say, guest lecturers and alike. SparkNet works both in wired and wireless mode, but in the context of this discussion the emphasis is on the wireless system. [3]


No additional software installations are necessary on the user's computer; only a functioning (wireless) network adapter, a suitable cable in the case of a wired connection, and a web browser are needed in order to connect to the network. The wireless adapter scans the area for available networks. If a strong enough SparkNet-connected wireless access point (AP) signal is preset, the user can connect to the network through a login procedure. The network presents itself always with the service set identifier 'Spark'. [3], [4] The login to SparkNet is handled via the web browser. When the network is used for the first time, the user is directed to a page requiring the choosing of a service provider. This depends on the user's attachment to the various parties employing the network: for instance, a user associated with the University of Turku would likely select the University of Turku. Thereafter the user can proceed to the login page. [3], [4] The correct password/ID combination is validated, and the client receives an IP address from a DHCP server. This of course requires that the client has automatic DHCP addressing enabled. After the connection is established, it is possible to connect to the internet and use other services provided by the hosts. The lease has to be renewed after the client has been offline for 20 minutes. [3], [4]


2. The IEEE 802.11 Standard for Wireless Networks
The 802.11 standard can be seen as a part of the Open Systems Interconnection (OSI) reference model by the International Organization for Standardization (ISO). The OSI model consists of seven protocol layers (figure 1), whose definitions and functions are as follows: • The physical layer defines the mechanical, functional, electrical, and procedural characteristics of the physical medium (e.g. a network). It is concerned with the transmission of unstructured bit streams over the physical medium. • The data link layer determines the access strategy for sharing the physical medium. It handles the flow control (synchronization), error control, and sequencing of data. • The network layer offers methods to establish, terminate, and maintain network connections. It also provides upper layers with independence from routing and switching technologies. • The transport layer offers reliable and transparent conveying of data between source and destination. It also has methods for end-to-end error recovery and flow management. • The session layer supplies the control mechanism for applications to exchange data with one another. It has the functions necessary to establish, manage, and terminate connections between applications. • The presentation layer handles the compression and encryption of data for applications and protocol conversions. • The application layer is the layer where the end-user and end-application protocols run. It provides entrance to the OSI system and distributed information services. [5], [6], [7]


Figure 1. The OSI reference model. [7] The IEEE (Institute of Electrical and Electronics Engineers) 802.11 standard employs primarily the physical and data link layers of the OSI model [5]. Hence the upper layers can be overall omitted in any of the following discussion. The topology of 802.11 does not completely follow even this small segment of the OSI model structure. In figure 2, a comparison between the OSI and 802.11 reference models is presented [8]. On the whole, no dominating network system heretofore has managed to comply perfectly with the OSI model, even if many useful protocols have been developed based on it [5]. The IEEE 802.11 reference model divides the system into two dominating parts: the medium access control (MAC) that lies on the data link layer and the physical layer (PHY). The MAC layer has three functional domains: data delivery reliability, access control to the shared wireless medium, and security. It is the most important part of the whole specification. Simply put, MAC manages the transmission of user data, handles the essential framing operations, and interacts with the wired backbone network. The PHY layer corresponds to such functions as the encoding and decoding of signals, preample arrangements for synchronization, and bit transmission and reception. A model for specifying the transmission medium and topology is included. [5], [8], [9], [10] The original data link layer in the OSI model is separated into two parts in the 802.11 reference model. Above the MAC layer is the logical link control (LLC) which provides an interface to access higher layers. It also manages data flow and error controls. Figure 3 presents the 802.11 protocol architecture in further detail. The functions and services of the layers are explained in greater precision in the upcoming sections. [5], [8]


Figure 2. A comparison between the OSI and 802.11 reference models. [8]

Figure 3. IEEE 802.11 protocol architecture. [10] 2.1. Fundamental Model of the WLAN Basic service set (BSS) is the elementary unit of the WLAN [11]. This is also the independent basic service set (IBSS), often called an ad-hoc network [12]. A minimum amount of stations (a station is defined as any device that contains an IEEE 802.11 compliant MAC and PHY interface) necessary to form a BSS is two. In the range of the


network, the clients recognize one another, and together establish a wireless connection [11]. To enhance the performance of a BSS, an AP can be added to it. This is a transceiver that is connected to the existing backbone distribution system (DS), and functions as a bridge. The DS can be a wired or a wireless network, or even a switch. The discussion in this thesis concentrates only on the wired-type backbone, and that assumption is used throughout the text. A BSS where clients communicate through an AP is called an infrastructure BSS. [5], [11], [12] When a BSS is connected to the wired network via an AP, the data transfers of the two independent networks become combined. Clients that use the WLAN build a wireless connection between one another through the AP, and hence they can also communicate with stations plugged into the wired network. [12] The signal range of a single transceiver is limited, and hence mobile clients may roam outside the connectivity area. To avoid such problems, the perimeter of the wireless network's coverage can be extended by adding more APs and combining a set of BSSs. As a result, the arrangement becomes an Extended Service Set (ESS), as there are now multiple clients and APs united with the DS. The ESS is seen by the LLC as a single logical LAN entity. Figure 4 shows how the various components of an ESS interact. [5], [11], [12] When a client moves inside the ESS, it looks for the strongest AP signal and establishes a connection with it. When the client enters a spot where the current AP's signal strength is exceeded by some other AP, it builds a new connection with the more powerful counterpart. [12] A BSS can overlap with others of the same kind, and thus it is possible for a station to belong to more than a single BSS. Dynamic association is used, which enables station mobility and a possibility for the stations to turn on and off. [11]

Figure 4. The roles of different components in an ESS. STA stands for a station. [11]


2.2. 802.11 Services The 802.11 standard defines nine services for the different components of the WLAN architecture. They are obligatory in order to establish functionality equivalent to the traditional LAN. The services can be divided into two categories according to the service provider: the station service (SS) and the distribution system service (DSS). Out of the services six are used to support MAC service data unit (MSDU) transportation between stations and three to control WLAN access and confidentiality. [11] 2.2.1. Distribution System Services Distribution services are offered between BSSs. They can be built into APs or in some other equivalent device plugged to the distribution system. [5] The distribution service is the fundamental service used by stations. It transports messages through the DS between stations which are in different BSSs. Say, station A in BSS1 wishes to send a message via the DS to station B in BSS2. The APs in BSS1 and BSS2 are different, named for instance AP1 for BSS1 and AP2 for BSS2. AP1 captures the message sent by station A, and then gives it to the distribution service of the DS. Next, the distribution service carries the message inside the DS in an appropriate manner, so that it reaches the desired destination, i.e. AP2 in BSS2 which then forwards it to station B. If station B had been located in BSS1, the distribution service would have transported the message from A to B only via AP1 (both source and destination BSS the same). [5], [11] The function of the integration service is to enable message exchange between stations connected to 802.11 and 802.x LANs. Integration here means that a wired LAN is plugged in to the DS and its stations may be logically connected to the wireless network through the integration service. Hence, messages obtained from a wired source by the DS for an 802.11 station will awaken the integration service before the message is passed on to the distribution service. The former handles any necessary address translation and media conversion logic obligatory for a successful data exchange. [5], [11] The association service provides the distribution service the information necessary for the latter to function correctly. Before a station is permitted to send or receive data messages through a certain AP, the station must become associated with it. A station must always associate itself in an infrastructure BSS. The concept of mobility has a heavy influence on association. [11] A station that has no transitions is either in a fixed physical state or moves merely inside the coverage of the current BSS. When a station has BSS-transitions, it moves from one BSS to another inside the same ESS. The novel placing of the station must be recognized, so that data can be carried between it and other stations. A station that has ESStransitions moves between different ESSs. [5], [11]


The various association services uphold these aforementioned mobility types, aside from ESS-transitions which are not fully supported and reliability of service cannot be guaranteed [11]. Simply put, the association service takes care of finding the right AP and its identity, so that the distribution service can deliver the messages to the 802.11 destination station [5]. The station must build a maintainable association with an AP belonging to some BSS. This act awakens the association service which gives the stationto-AP-mapping to the DS, and the routing and delivery of frames should be now done correctly. A station can be associated with only one AP (whereas an AP can be associated with several stations) on a certain instant, and the procedure is always initiated by the mobile station. The plain association service is sufficient for no-transitions mobility [11]. Association in general is handled through the recognition of service set identifier (SSID). A station willing to enter a certain network can scan the area for suitable networks and thereafter enter the one with the desired SSID. SSID is sometimes also referred to as the network name, even though it essentially just stamps a certain BSS with its own identification (BSSID) belonging to a wider-scale complex. After the association, the AP adds the MAC address of the client into a table containing the equivalent information of the other associates. [9], [12] Reassociation is needed when a mobile station moves from one BSS to another [11]. This service allows an already established association to be transferred from the current AP to a new one [5]. Initialized by the mobile station, this service enhances the functionality of the plain association to support BSS-transition mobility [11]. Disassociation notification terminates any existing association. It is invoked either by a station or an AP. When a station leaves the network or shuts down, it should attempt disassociating. The APs may disassociate stations at any time, so that they can be removed from the network for service or other reasons. [5], [11] 2.2.2. Station Services Station services are built-in functions in every 802.11 AP and AP station. The MAC sublayer entities utilize them. [5] The wireless LAN, as such, lacks certain access and privacy features inherent to the wired LAN. In the latter, the station is physically connected to the network. This, in itself, works as a form of authentication and privacy control, as the media is physically controlled and data delivery is limited only to the stations plugged into the network. This is not the case of the WLAN, wherein any station within the range of the BSS can transmit and receive data by solely having a properly tuned antenna (e.g. hear all traffic within range). Hence, separate authentication and privacy services are needed. The 802.11 standard provides these services as follows. [5] Authentication services are utilized by all stations that wish to communicate with one another in the WLAN. Via authentication, a unique identity is established for the station, so that other stations can recognize it. If no acceptable authentication has been set up


between two stations, association will not occur. A station may be authenticated with several others concurrently. [11] There is a support for several authentication schemes (also expansions are possible) in the standard. No particular arrangement is obligatory, and the authentication may vary from open system authentication (basically a handshaking system where any station can become authenticated) to Shared Key authentication with a WEP implementation. The latter requires a shared encryption key. [5], [11] Preauthentication may be needed if the used authentication protocol is slow or BSStransition mobility is involved (a station has to reassociate between APs). Here, the authentication service can be awoken independently of the association service. Preauthentication is usually conducted by a station while bearing an existing association with an AP. The use of it takes the authentication service overhead out of the time-critical reassociation operation. The standard does not mandate station-AP preauthentication, but an authentication is obligatory before an association can be established. [11] Deauthentication service is launched when an existing authentication is to be discontinued, and it cannot be refused either by the station or the AP. In an ESS the station becomes disassociated immediately after the procedure. [11] Privacy services, as such, are used to prohibit unauthorized stations from listening to the traffic in the WLAN [5]. The connection of a wireless link without constraints concerning privacy to an existing wired LAN may be a severe threat to the latter's security. 802.11 contains an optional message encryption service, WEP, to guarantee some data traffic privacy. It is not designed to be an optimal shield against all threats, but is rather there to bring the wired network's security aspects to the WLAN [11]. MSDU Delivery service is provided by stations to ensure that the data is delivered to the correct destination. The MSDU is a data block which is accepted by the current MAC layer to be transferred to another MAC user. If the block is of unsuitable size, it may be fragmented and transmitted as several MAC frames. [5] 2.3. Logical Link Control The LLC is the interface between the MAC layer and the higher layers associated with the OSI reference model. It defines the means of addressing stations across the medium and controlling data exchange between two users. Data from the upper layers is passed down to the LLC. The LLC adds control information to the data in the form of headers. Thus a LLC protocol data unit (PDU) becomes created. The general meaning of a PDU is to work as a communication means between layers. This LLC PDU is then handed down to the MAC layer, where the frame is processed further. [5] The LLC is mainly responsible for the transmission of link-level PDUs between stations in a fashion requiring no intermediate switching node. A typical LLC user is some protocol from the higher layers or a station's network management function. The source


and endpoint of the users must be specified in the addressing. The user addresses are called service access points. The 802.11 LLC supports multi-access to the link, and has some of its particulars concerning the functions of link access allocated to the MAC layer. [5] The LLC standard is built upon the high-level data link control (HDLC) which is a synchronous proprietary protocol used by routers to convey data over a serial line connection. LLC offers three services for the upper layers, and they are offered as optional for attached equipment using the LLC. The services stand as follows: • Unacknowledged connectionless service: A datagram-type service, which offers no flow and error control support, and hence the data delivery is not fail-safe. Usually a higher-layer application handles the reliability issues. • Connection-mode service: A logical connection is established between two users, and error and flow controls are provided. • Acknowledged connectionless service: A hybrid of the previous two, where datagrams are acknowledged, yet no prior logical setup is required. [5], [12] 2.4. MAC Layer The purpose of the MAC layer is to define data service reliability, access control to the shared wireless medium, and security services. The LLC sends data down to the MAC layer which then becomes responsible for executing operations linked to medium access and data transmission. These functions are wrapped into a PDU, a MAC frame. [5] 2.4.1. Data Service Reliability and Error Handling Reliable data delivery is a vital feature in any network solution, as they all are vulnerable to noise, interference, and other propagation factors that may contribute to a significant loss of MAC frames. Even error-correcting codes may fail in attempting to ensure a reliable service. It is therefore reasonable to deal with errors at the MAC level. Of course higher-layer mechanisms, such as TCP, might be utilized. However, due to the slow timers employed in retransmission in these protocols, efficiency becomes significantly reduced. [5] A frame exchange protocol is offered by the 802.11 standard, so that errors can be handled on the MAC level. In the basic transfer mechanism two frames are exchanged between stations. When a data frame is received by a station, it sends an acknowledgement frame (ACK) to the sender. If the source station does not receive an ACK after some timeout limit, it retransmits the frame. Also a four-frame arrangement can be used, if better reliability is sought after. This is based on a request to send/clear to send (RTS/CTS) exchange, which is explained later. [5]


2.4.2. Access Control The access control mechanisms of 802.11 do not significantly differ from the classic Ethernet solutions [5]. A carrier-sense multiple access (CSMA) algorithm is used to control access to the transmission medium. A collision avoidance (CA) function is added to CSMA, so that, unlike in Ethernet systems where collisions are merely detected, the collision probabilities can be altogether reduced to spare transmission capacity. This algorithm is called carrier-sense multiple access with collision avoidance (CSMA/CA) [9]. The MAC architecture is divided in two layers. The lower part is the distributed coordination function (DCF), and the upper the point coordination function (PCF). The centralized PCF algorithm is required for contention-free services (CF, non-asynchronous traffic), and DCF uses a contention algorithm providing access for all traffic. The optional centralized control is built directly on top of DCF, and it is provided only in infrastructure networks. [5], [11] Distributed Coordination Function The DCF makes use of CSMA/CA. It is employed in all stations, both within ad-hoc and infrastructure network systems. The station which has data to transmit listens to the network for other users. If the channel remains quiet, the station can transmit. However, if the channel is reserved, the station has to wait until the existing transmission ceases. The stations utilize a random back-off time to prevent them from trying to get access to the wireless channel immediately when it becomes free. [5], [11] A virtual CS mechanism known as the network allocation vector (NAV) works as a timer (milliseconds) to indicate when the medium is reserved. Stations set the NAV to a certain value, and during the countdown from that value to zero the traffic is expected to be handled. When the NAV reaches zero, the medium will be free again. With the NAV, it is guaranteed that uninterruptible traffic remains uniform. The whole CS system utilized in 802.11 networks is a combination of the NAV state, the physical CS, and the station's transmitter status. Figure 5 depicts how the NAV works in frame exchange and virtual CS; the rest of the terms and concepts in the figure are explained in the following discussion. [9], [11]


Figure 5. How the NAV works in virtual carrier sensing. [9] The DCF contains a set of delays that amount to a priority scheme to secure a reasonable and fluent functioning for the algorithm [5]. There are four delay schemes pertaining to the time intervals between frames. The overall technique is called interframe spacing (IFS). The IFS plays a significant role in managing access to the transmission medium, and the different spacings generate different priority levels regarding various types of traffic [11]. High-priority traffic can access the free channel by entering the network before any lower-priority frames get a chance to try the same [5]. The interframe space is not dependent on the transmission bitrate, and is a fixed gap of time in order to maximize interoperability between various bitrates. Different physical layers can yet have non-fixed interframe space times [9]. Excluding the finer details of the IFS algorithm, the MAC logic works as follows (see also figure 6): 1. A station that has a frame to send listens to the medium. If the medium is free, it waits a time equal to IFS to see whether the medium is still free after that time. The station can transmit straight away, if the condition if fulfilled. 2. If the medium is busy, the station remains in a listening state and does not send the frame. The medium may be reserved because the station sees it originally busy, or it becomes busy during the IFS idle time. The station will listen to the medium until it becomes idle again. 3. The station waits for another IFS when the ongoing transmission is over. If the medium stays free after the time, the station backs off a random time gap and listens to the medium again after that. The station can transmit if the medium is idle. If the medium becomes reserved during the backoff time, the backoff timer is stopped and starts over when the medium becomes free. [5]


Figure 6. MAC logic. [9] The backoff timing utilizes a technique called binary exponential backoff, which helps the handling of heavy loads in the medium. If there are repeated collisions, a station will try transmitting still. Yet after each collision, the mean value of the random delay is doubled. The backoff time gets longer after each unsuccessful transmission attempt, which smoothens the load. Without the backoff, several stations might try transmitting and retransmitting concurrently, only causing further collisions and finally a deadlock situation. [5] The variants of IFS are based on the aforementioned scheme. The different priority classes are listed as follows, and figures 5 and 7 represent how they are used in the access methods.


• Short IFS (SIFS): Used for transmissions which have the highest priority, such as RTS/CTS frames, ACKs, and poll responses. A station using SIFS will always precede over stations using PIFS and SIFS in the medium. • Point coordination function IFS (PIFS): A medium-length IFS used by the PCF during CF operation. Stations that have frames to send during the CF period can transmit after the elapsing of the PIFS and preempt any contention-based traffic. • Distributed coordination function IFS (DIFS): The longest IFS, used as the minimum idle time for contention-based traffic. • Extended IFS (EIFS): Not a fixed-interval IFS. It is used merely upon an error in the transmission of a frame. [5], [9], [11]

Figure 7. Basic access method. [11] Point Coordination Function Point coordination offers CF methods to the network, thus supporting applications that need almost real-time services. The CF service is only periodical, and it alternates with the usual DCF methods. The medium access time is hence divided into alternating, regular-interval contention-free and contention periods. Point coordinators, which are special functions, are implemented into the APs and they use polling. PIFS is used while issuing polls, as it is smaller than DIFS. Thus the point coordinator can grab the medium and close out all asynchronous traffic while it polls and gains responses. [5], [9], [11] To prevent the point coordinator from devouring all the medium access time for CF services only (it could do this in a scenario of constant polling), a period called superframe is used. At the beginning of the superframe, the point coordinator issues polls to all stations configured for polling by round-robin means. The beginning part may vary due to the changeable frame size issued by the answering stations. The point coordinator uses the residual part of the superframe for idle time, thus allowing a contention period. At the end of the superframe, the point coordinator attempts access to the medium with PIFS. It gains straight access to the medium if it is free, followed by a full superframe interval. If the medium is occupied at the end of a superframe, the point coordinator must


wait for the medium to become idle before being able to gain access. The result of this is a foreshortened superframe interval for the next cycle. Figure 8 explains the CF/contention period alternation with NAV. [5], [11]

Figure 8. CFP/CP alteration. [11] 2.4.3. MAC Frame Format A MAC frame is built up from three parts. Firstly, there is a header which consists of frame control, duration, address, and sequence control information. After that is placed a variable-length frame body enclosing information explicit to the type of the frame. Lastly, there is a frame check sequence containing a cyclic redundancy code. [11] The MAC frame (figure 9) consists of a set of fields that can be found in all frames, even if they are not used in certain types. Figure 10 presents the frame control field in greater detail. [5], [11]

Figure 9. MAC frame format. [11]

Figure 10. Frame control field in detail. [11]


Explanations on the individual fields can be found below: Frame control: Delivers information about control and the type of the frame. All subtypes are listed below. If not otherwise mentioned, all fields are one bit long. o Protocol version: 802.11 version, 2 bits in length. The current version is 0, whereas all other values are reserved for further revisions. o Type/Subtype: 2/4 bits in length, they recognize together the purpose of the frame. Three frame types can be identified: data, management, and control. All the valid combinations are collected into table 2. o To/From DS: The field is set to 1 when the frame's destination/source is the DS. Otherwise it is set to 0. See table 1 for all combinations. o More Fragments: Set to 1 in all data or management frames that have fragments to follow. o Retry: Set to 1 for any data/management frame which is a retransmission of a previous one. o Power Management: This is used to point out the sleeping mode of a station. The value remains constant in every frame emerging from a certain station during frame exchange. The value tells the state in which the station will fall after the ending of an errorless frame exchange chain. 1 indicates that the station will be put to sleep. In frames transmitted by an AP the value is always 0. o More Data: Tells a sleeping station that there is supplementary data yet to be sent, buffered in the AP. Block data can be sent as a single frame of as fragments within several frames. When set to 1, there is at least one frame present for the same station in the AP. o WEP: If the Frame Body field encloses data that has been encrypted by the WEP algorithm, the bit is set to 1. o Order: If a data frame is sent by utilizing the Strictly Ordered service, the field is set to 1. It informs the receiving station that the frames need to be processed orderly. • Duration/ID: 16 bits in length. In certain control frames, the field carries the association or connection identity of the station that transmitted the frame. Otherwise, when employed as a duration field, it tells the time (ms) the channel will be kept open for successful transmission of a MAC frame. • Addresses: The four fields are employed to point out the BSSID, destination, source, transmitting station, and receiving station. All frames do not necessarily contain all these fields. Each address field is 48 bits. The purpose of a particular address field is determined by the relative position of the field inside the MAC header. This does not depend on the address's type. •


There are two types of addresses. An individual address belongs to a certain single station. A group address is a multi-destination address linked to one or several stations. These are divided further into multicast-group addresses and broadcast addresses. • Sequence Control: Contains two subfields, Sequence Number (12 bits) and Fragment Number (4 bits). The former assigns a sequence number for a given frame transmitted by a station. The latter indicates the number of each fragment of a frame. • Frame Body: A variable-length field containing a MAC service data unit, MAC management protocol data unit, or a fragment of one. • FCS: A 32-bit field that contains the cyclic redundancy check (CRC). [5], [11] Table 1. To/From DS sets in data frames. [11]


Table 2. Valid type and subtype combinations. [11]

2.4.4. MAC Frame Types As indicated above, there are three types of MAC frames. Control frames make sure that the data frames are delivered correctly. Six types can be listed: • RTS: When a four-frame exchange scheme is used, this frame is sent first. With it, the source warns all stations within the reception area to refrain from simultaneous transmission to avoid collisions, as it is now about to send a data frame to the destination. • CTS: The second frame in the four-frame scheme. The station that received the RTS responds with CTS to the source. The source is now


• • • •

allowed to hand on the data frame to the destination. The collision avoidance method of RTS works vice-versa for CTS. ACK: Is sent from the destination to the source to tell that any information was received correctly. Power-Save Poll (PS-Poll): With this frame, a station that has previously been in sleeping mode asks the AP to transmit the frame the AP has buffered for it during the sleep. Contention-Free End (CF-End): This reports the cessation of a contention-free phase of the PCF. CF-End + CF-ACK: This accepts the CF-End. It finishes the phase of contention freedom. Stations are now stripped off the restrictions that govern that phase.

[5], [11] Data frames convey either data or other information from the source to the target. They are listed as follows. The first four items are frames that transport upper-level data to the destination from the source station. The last four carry no user data. • Data: The least complicated type; can be used both during contention and CF period. • Data + CF-ACK: This frame conveys both the data and an acknowledgement about formerly received data. Can be sent merely during a CF period. • Data + CF-Poll: With this frame, data is conveyed to a mobile station by a point coordinator. Any data buffered in the mobile station is also asked to be sent. • Data + CF-ACK + CF-Poll: Merges the two previous types into a single frame. • Null Function: Delivers the power management bit to the AP to point out that the station will fall into sleep mode. • CF-ACK, CF-POLL, CF-ACK + CF-Poll: These have the same purpose as their corresponding data-carrying frames, but they carry no data. [5] Management frames handle information exchange between stations and APs. The following can be listed: • Beacon: Transmitted on intervals to permit a mobile station to identify an AP where to connect. • Announcement Traffic Indication Message (ATIM): A mobile station transmits this to put other mobile stations -- which may have been previously in sleep -- on alert that it has buffered frames waiting to be sent to the station specified in the frame. • Association Request: A station requests association from the current BSS's AP with this. The frame includes capability information, for example if encryption is to be applied to communication.


• Association Response: The AP returns this upon the previous frame, and tells the station whether the association request has been accepted or not. • Disassociation: The station breaks up the association. • Reassociation Request: When a mobile station arrives at a new BSS from a former one, it needs to associate itself with the new BSS's AP. It is requested with this frame, and reassociation is employed, so that the old AP can forward any data frames to the new one. • Reassociation Response: The response to the previous, similar to association response. • Probe Request: A station acquires information about an AP or some other station. Also used to locate a BSS. • Probe Response: Response to the previous. • Authentication: With several of these used within an exchange procedure, a station authenticates itself to another. • Deauthentication: When a station wants to quit secure communications with another station or AP, this frame is transmitted. [5], [11] 2.4.5. Synchronization A common clocking mechanism synchronizes the stations and APs in an 802.11 network. In an infrastructure scheme, the APs work as the timing masters and run the timing synchronization function (TSF). The AP sends beacon frames at fixed intervals, and they contain a copy of the AP's own TSF function. Any station in the same BSS that receives the timing information has to clock itself to the same timestamp value. [11] 2.4.6. Security Authentication and Privacy Authentication happens every time a station enters the network. The basic method of 802.11's authentication, as such, should be considered more as an attachment to the network, since no encryption is used, and the infrastructure network itself does not necessarily need to authenticate itself separately to the station [9]. In the open system authentication the client sends a MAC control frame to the receiving station and the recipient responds with its own authentication frame [5]. There is also an encryption-employing authentication method known as shared key authentication. Up to the date, it is known to be fraught with vulnerabilities and is generally not recommended [9]. In this scheme, both sides share a common secret key. The client first sends a frame that announces its identity and that it uses the shared key method. The recipient responds with a frame containing a challenge text (128-octet sequence produced by the WEP PRNG, see chapter for further explanation), and the client replies to it with an encrypted frame containing the same text. The recipient decrypts the frame with the shared key. If the key is the correct one, the client is allowed to enter the network [5].

22 WEP As mentioned before, WLAN privacy and security issues are a severe concern due to stations' ability to listen to one another's unencrypted traffic freely. The optional WEP (wired equivalent privacy) algorithm is provided by the 802.11 standard to include a modest level of protection to link-level data during wireless transmission. The fundamental goals of WEP are the prevention of eavesdropping and unauthorized access to the network, and ensuring data integrity. Figure 11 depicts the concept of a confidential data channel. [5], [11], [13]

Figure 11. A confidential data channel. [11] WEP is based on the RC4 cryptographic algorithm. A 40-bit key protects the body section of a data frame. In the encryption process, the integrity algorithm is the 32-bit CRC that is attached to the end of the MAC frame. An initialization vector (IV) is concatenated to the key, and the result is inputted to the pseudorandom number generator (PRNG). The PNRG generates a keystream that is as long as the MAC frame and its CRC added together. The ciphertext is obtained by XOR'ing the keystream with the MAC frame bit-by-bit. The IV is then added to the ciphertext, and the resultant is transmitted. The IV and the PNRG sequences are changed from time to time. Figure 12 presents a WEP enciphering diagram. [5], [11]

Figure 12. WEP enciphering diagram. [11]


The receiver reverses the encryption process. The IV is retrieved from the incoming block of data, and it is concatenated with the key to obtain the same keystream as the sender used. That is XOR'ed with the data block to acquire the original plaintext. Then the incoming CRC is compared with the CRC calculated at the receiver's end to check the message's integrity. [5] As such, the WEP security scheme contains significant security flaws [9]. Firstly, as the usage is optional, many systems do not turn it on. Secondly, because the single shared key is the same for all users in a particular WLAN, it may not be too laborious to pick it up by accessing the key storage with software. The keys can also be recovered through crypt analysis, as the WEP uses the RC4 in a non-standard way [14]. The choice of the 32-bit CRC has also been proved to be a poor data integrity algorithm [13], [14]. Other issues have also surfaced, but they are out of the context of this discussion. Several improvements over the initial WEP solution have cropped up later. For instance, dynamic key refreshing was one of the first security enhancements. In that scheme, all stations share a common key for encrypting broadcast frames, but each station has its own key for unicast frames [9]. 802.11i A new security standard for WLAN, 802.11i which is also called Wi-Fi Protected Access 2 (WPA2), was ratified 2004. It introduced two new link-layer encryption protocols to the underlying specifications. [9] Temporal key integrity protocol (TKIP, also known as WEP2) incorporates a number of new protocol features to 'patch' WEP's weaknesses in the frames of pre-802.11 hardware capacities [9], [15]. For instance, TKIP utilizes master keys instead of a single one, and an exclusive RC4 key is assigned for each frame from the master key in order to lessen the success of an attack against feeble WEP keys [9], [16]. However, even TKIP was no profitable solution over WEP, since it remains vulnerable for basically the same flaws as its predecessor [9], [17]. Counter with Cipher Block Chaining Message Authentication Code Protocol (CCMP) instead is a security protocol designed from scratch. [9] It is based on the Advanced Encryption Standard (AES). It encapsulates the basic WEP traffic to mask the existing vulnerabilities. Both MPDU data field and some parts of the MPDU header are encrypted, and a 128-bit key is used on a 128-bit block size. A new, temporal key is required for every session, and so is a unique nonce value for each frame shielded by encryption. [9], [16] A set of means to construct a robust security network (RSN) also exists in 802.11i, and the use of CCMP is stamped as mandatory in it. These means determine the derivation and distribution of keys, and there are two key categories used in the link layer protocols. Data transfer between station and AP is protected by pairwise keys, and multicast/broadcast traffic from AP to clients is shielded by group keys. All the lowerlevel keys are derived from a single pairwise master key (PMK), and hence the stations


can easily renew their temporal encryption keys sans breaking up the existing authentication. A separate authentication server is needed in this strategy, and is mainly targeted to be used by large infrastructure networks. Figure 13 shows how key exchange between client and authenticator works in RSN. [9], [16]

Figure 13. Key exchange in RSN. PTK -- pairwise transient key, GTK -- group transient key, TK -- temporal key. [9] 2.5. Physical Layer 2.5.1. Overview The physical layer defines how the data is transmitted. The transmission channel can be either radio frequency (RF) or infrared (IR). [11], [12] The 802.11 standard originally classified three physical media specifications. However, there are four currently in use (see also table 3): • Direct-sequence spread spectrum (DSSS) that operates on the 2.4GHz industrial-scientific-medical (ISM) RF band. • Frequency-hopping spread spectrum (FHSS) operating on the same band as the one above. • Orthogonal frequency-division multiplexing (OFDM) operating on the 2.45GHz RF band. • IR operating on a wavelength between 850 and 950 nanometers. [5], [9], [10], [11], [12]


Table 3. IEEE 802.11 physical layer standards. [10]

2.5.2. Spread Spectrum Systems In a spread-spectrum system, the transmitted signal energy occupies a larger bandwidth than the information bitrate, and is also independent of the overall information bitrate. A narrow-band analog signal to be spread is modulated with a spreading code which is usually a sequence of pseudorandom digits. Despreading is achieved by correlating the received signal with a replica of the spreading code. Spread spectrum is used to improve a communication system's resistance to interference (especially multipath propagation) and signal jamming. [5], [9] A wideband spread-spectrum signal is formed from a data-modulated carrier by modulating the data-modulated carrier a second time by using a very wideband spreading signal. A DSSS signal is achieved when the spreading is produced by phase modulation. When the spreading is generated by rapid changing of the carrier frequency, an FHSS signal is achieved. [18] Frequency-Hopping Spread Spectrum The FHSS layer, in its essence, is defunct till the date [9]. In 802.11, the medium achieves data rates of 1Mbps and 2Mbps, where the previous is modulated with two-level Gaussian frequency shift keying and the latter with four-level [5], [11]. Frequency shift keying (FSK) is a modulation method where the elementary information unit (binary value) is represented by a signal on a different frequency than the center frequency. In transmission, the frequency of the carrier is increased or decreased by a certain deviation. The general form of an M-level FSK signal is as follows:


s i ( t ) = A cos 2 π f i t , where 1 ≤ i ≤ M and fi = f c + (2i − 1 − M ) f d f c = carrier frequency

f d = the difference frequency
M = the amount of signals (for example M=2 is used in binary FSK) L = the number of bits in one signal element. [5], [9] In the Gaussian variation, a Gaussian filter smooths out frequency deviations, and thus the emissions are confined to a fairly narrow band spectrum-wise. [11], [19] FHSS employs a number of carrier frequencies that form channels -- typically 2k where k is the amount of bits in the spreading signal -- where the signal hops from frequency to frequency at determined intervals (figure 14) [5], [9]. During this interval, the transmitter operates 300ms on one channel. The receiver hops in synch with the transmitter, and the pattern, along which the hopping is made, is determined by the spreading signal [5]. In 802.11, the band is divided into multiple 1MHz channels, whose exact amount varies depending on the country. Also the hopping sequence, which consists of permutations of all the frequency channels, is territory-specific. [5], [11]

Figure 14. An FHSS system where the signal hops from frequency to frequency at fixed time intervals. [9] Direct-Sequence Spread Spectrum DSSS, unlike FHSS, is an actively employed medium and implemented for instance in 802.11b [9]. Four data rate classes, 1Mbps, 2Mbps, 5.5Mbps, and 11Mbps can be achieved by using different modulation methods and spreading codes (in this context called chipping sequence) [5], [20]. The first two utilize Barker sequences of length 11, and the last two 8-length complementary code keying (CCK). The modulation scheme is


either a binary or quaternary phase shift keying (PSK) with a differential method included (DPSK) [5]. In PSK modulation, the information content is present in the signal as phase shifts of the carrier. BPSK shifts the phase by 180 degrees to represent binary 1 and 0. In QPSK, the shift is 90 degrees, and each signaling element consists of two bits instead of one. QPSK is used as an 'enhancer' to BPSK in the 2-11Mbps modes, as it allows a more efficient usage of the bandwidth. In practice, a QPSK signal usually consists of two BPSK signals modulated at half the data rate of the original input. [5], [9] A BPSK signal takes the form

s ( t ) = A cos( 2 π f c t ) for binary 1, and s ( t ) = − A cos( 2 π f c t ) for binary 0. [5]

The DPSK method varies from the basic PSK schemes in the means that it does not rely on a static reference signal, but places the next phase shift in accordance to the previous bit transmitted. Changes between consecutive symbols determine what kind of information will be sent next. Figure 15 shows the DPBSK and figure 16 the DQPSK encoding schemes. [5], [9]

Figure 15. DBPSK encoding. [9]


Figure 16. DQPSK encoding. [9] In the 1-2Mbps DS modulation the input signal is spread across the frequency band with a chipping sequence, so that every bit of the input is extended to multiple bits. One data bit is encoded with several chips into a series of chips for transmission. Here, an 11-bit Barker code serves as the spreading code. Generally Barker codes are binary {-1, +1} sequences with optimal autocorrelation properties, which is naturally important to the correct reception of the message at the receiver. The Barker code used in 802.11 is {+1, – 1, +1, +1, –1, +1, +1, +1, –1, –1, –1}. Figure 17 shows an example of how encoding can be done with the Barker word. In the context of the example, -1 is replaced with 0. [5], [9], [20]


Figure 17. An example of encoding with the 11-bit Barker code. [9] The DSSS medium has a smaller number of channels than the FHSS one, each being 5MHz wide. The amount of channels allocated depends on the country; European nations this is 13 [5]. In practice, equipment commonly limits the amount to 11, as many WLAN APs are manufactured according to the USA standard (11) [9], [21], [22]. of them in most channel channel

The DSSS has the property that if a signal with a low bitrate has been encoded with a high chip rate, the signal power becomes spread across a wide band. Most of the energy concentrates on a 22MHz band around the center frequency, and the side lobes extend themselves further in multiples of 11MHz (figure 18). This directly correlates with the possible amount of channels in parallel use: at the highest rate only three channels on the reserved spectrum can be used (i.e. at least five channels must be put between two operating networks) so that inter-channel interference could be kept minimal. Yet even then the -30dBr sidelobes overlap, as figure 19 points out. [9]

Figure 18. A DSSS signal. [9]


Figure 19. Channel separation in networks employing DSSS. [9] The basic form of the DSSS scheme can operate only on rates 1-2Mbps. For the higher rates, a modification or an alternate coding scheme is needed. 802.11 uses CCK. It resembles the 1-2Mbps chipping method, but now the spreading code itself bears also information, in addition to the fundamental signal spreading. The chip stream is divided into a sequence of 8-bit complementary code words of the form {1, -1, j, -j} employing the complex plane, whilst the chipping rate remains 11Mchip/s, thus retaining the same occupied channel bandwidth as with the lower bitrates. Complementary codes are characterized by the property that the sum of their autocorrelation sequences is zero at all points except for the main peak at zero shift. By using a few 8-bit sequences, 4-8 data bits can be encoded into a single code word. [8], [9], [20], [23], [24] The following formula is used for both bitrates, and it can be considered as a generalization of the Hadamard transform encoding:
c = { e j ( ϕ 1 + ϕ 2 + ϕ 3 + ϕ 4 ) , e j (ϕ 1 + ϕ 3 + ϕ 4 ) , e j ( ϕ 1 + ϕ 2 + ϕ 4 ) , − e j ( ϕ 1 + ϕ 4 ) , e j ( ϕ 1 + ϕ 2 + ϕ 3 ) , e j (ϕ 1 + ϕ 3 ) , − e j ( ϕ 1 + ϕ 2 ) , e j ϕ 1 } where C is the codeword and C={c0 to c7}. [20]

The channel specifications presented above in conjunction with the lower rate modulation apply to the higher rates also [9]. 2.5.3. Orthogonal Frequency-Division Multiplexing The concept of OFDM is to split the input data stream into N symbol streams with a fixed duration, and the N streams each then again modulate parallel-running synched subcarriers [18]. Thereafter the sub-carriers (see figure 20a for a general QAM signal) are


multiplexed into one high-speed channel [9], [25]. The carrier spacing is selected so, that the sub-carriers maintain spectral orthogonality with one another, i.e. they are arranged so, that one sub-carrier hits the spectral zero-crossing point of all the other sub-carriers (figure 20b) [25]. The highest amplitude peak of each sub-carrier encodes information. The composite waveform is achieved by applying the inverse fast Fourier transform (IFFT) to the sub-carriers. At the receiving end, the signal is stripped down to its original components again by performing the regular FFT [9].

Figure 20. (a) An unfiltered QAM signal spectrum, (b) OFDM signal spectrum. [25] OFDM is robust against such signal disturbance behavior as multipath interference and intersymbol interference (ISI) caused by it, impulse noise, and so on. ISI occurs when symbols inside the signal become smeared due to a delayed copy of the same symbol arriving via a different path and colliding with the previously arrived. However, the scheme is highly susceptible to a phenomenon called inter-carrier interference (ICI), as the sub-carriers are densely packed inside the channel and even minor frequency offsets in the sub-carriers may cause them to interfere with one another. [5], [9], [18] A prevention means called guard time has been added to OFDM to ward off both ICI and ISI. The transceiver addresses the first part of the symbol time as guard time and performs the FFT only on the non-guard time period of the symbol. Usually a cyclic prefix, which is simply a copy of the last part of the symbol, is attached to the guard time period. Other safeguard methods in OFDM are convolution coding to correct errors and windowing to reduce the effects of noise. [9], [25], [26] The OFDM spectrum is divided into a number of 20MHz channels, which for example on the 5GHz band can vary from a few tens (USA) to about 250 (Japan). 52 sub-carriers with 0.3125MHz spacing reside on each channel, out of which four are then again used as pilot carriers that make channel estimations. The rest are regular data containers. An example structure of an OFDM channel is presented in figure 21. Sub-carriers -21, -7, 7, and 21 are used as pilots. [9], [26]


Figure 21. Structure of an OFDM channel. [9] For sub-carrier modulation, OFDM uses the already familiar BPSK for the data rates of 6 and 9Mbps, and QPSK for 12 and 18Mbps. Quadrature amplitude modulation (QAM) is applied to the higher rates, 16-QAM for 24 and 36Mbps, and 64-QAM for 48 and 54Mbps. [5], [8] QAM is a derivation of PSK and amplitude phase keying (ASK). In the latter, two data values {0, 1} are represented by different amplitudes, usually arranged so that 0 is an absence of amplitude. QAM sends two different signals parallel on the same carrier by using a copy of the original carrier and a second one shifted by 90 degrees. Every carrier is modulated by ASK. Figure 22 shows the constellations used in 802.11 OFDM, except for 64-QAM. [5], [27]

Figure 22. BPSK, QPSK, and 16-QAM constellations.


As with DSSS, a transmit mask is applied to the symbol so that the transmitted spectral density falls within reasonable bounds (figure 23). Power leakage is limited to the side lobes. [27]

Figure 23. OFDM transmit spectrum mask. [27] 2.5.4. Infrared The 802.11 standard introduces an IR PHY, but no products have been implemented upon it [9]. The medium is defined as not needing clear line-of-sight (LOS) with an operation perimeter of 10-20m, indoors only. IR PHY achieves speeds 1 and 2Mbps with pulse-position modulation (PPM) [11]. PPM is an analog pulse modulation where the pulse's relative position is being modulated, and retains a constant amplitude and a fixed duration. N data bits are encoded into one pulse in one of the 2N time slots and the operation is repeated at regular intervals [28]. Figure 24 shows a typical 802.11 IR pulse [11].


Figure 24. Basic pulse shape. Quotation from [11], figure 102, page 233. (c) IEEE 1999. 2.5.5. Multiple Input Multiple Output OFDM Multiple input multiple output (MIMO) OFDM brings the use of multiple antennae into the wireless system. Several antennae are 'chained' together, the chains thus being able to receive and transmit data at the same time in spatial streams [9]. In the mechanism, X transmitters are coupled to Y receivers, and they form an array of N flat-fading channels out of which each has a dimension of X·Y [30]. For instance, a frame to be sent is split up and multiplexed across several spatial streams, and it is rebuilt at the receiver end [8], [29]. Figure 25 shows an example system [30]. The MIMO arrangement uses spatial multiplexing to for example fight signal fading [8], [29]. The real achievement of a MIMO system depends on the implementation, out of which three major trends can be considered. Firstly, power efficiency can be enhanced by maximizing the spatial diversity, and such systems employ delay diversity, space-time block, and trellis codes. The second means endeavors improving capacity gain by building itself upon a layered technique. In the third, knowledge on the channel at the transmitter is exploited to achieve a better capacity gain [30].


Figure 25. An X·Y MIMO-OFDM arrangement, X=input, Y=output. [30] 2.5.6. Convergence of the Physical Layer Before data can be sent into the network, MAC frames need to be prepared into a proper format by the physical layer convergence procedure (PLCP). PLCP depends on the actual PHY implementation. After the preparation, the data is modulated into the RF carrier. [9] The convergence elements in PHY are twofold. First, PLCP builds headers -- which contain for example such information as the speed of the transmission -- for the MAC frame. The headers are joined with the MAC frame, and the whole entity is scrambled. Thereafter the physical medium dependent layer (PMD) handles the actual data transmission. Certain parts of the frame ready to be released into the medium, like the preamble and header, are always sent at fixed speeds and modulation (usually the slowest forms) not dependent of the equivalent values of the actual data portion. Figure 26 shows a PLCP framing example, and figure 27 a PMD transceiver. [9]


Figure 26. PLCP framing example for a PHY supporting high-rate DSSS (b, g, n). [9]

Figure 27. Example of a PMD transceiver. This one uses the high-rate DSSS scheme. [9] A part of 802.11's carrier sense mechanism is specified on the PHY level, and it works hand in hand with the functions on the MAC layer. In DSSS/FSSS, the scheme is called carrier sense/clear channel assessment (CS/CCA). The actual implementation again depends on the protocol, but generally the energy detection thresholds of the medium are


scrutinized to determine whether a channel is busy or not. Above a certain energy limit the channel is reported as busy, and will remain so for the duration of the intended transmission. [9], [11] 2.6. Rate Selection The 802.11 standard does not specify exact word-to-word rules for data rate management and fallback. Yet infrastructure networks must adapt to the load and other variations in the environment. The stations may change speed, and the radio link quality may for example drop unexpectedly due to interference or some other factor. The implementing of these functions has been largely left to the hardware manufacturers, yet a few generic rules have been pinned down. For instance, every station must maintain a list which contains the operational rates that both the BSS and the station support, and every BSS has to uphold a record of those data rates that must be supported by every client joining the BSS. Speeds outside these lists will not be used. [9] When the signal quality decreases, the wireless system performs a fallback, i.e. reduces the data rate. Typically the algorithm, which decides the data rate, measures the signal SNR directly or implicitly by studying the frame loss. Conversely, when the signal quality improves, the data rate can be increased. [9] 2.7. 802.11 Protocol Types There are currently three functional wireless protocols, 802.11a-g that employ different characteristics of the aforementioned PHY features (see figure 3 and table 3 earlier). 802.11n is not yet in a stable state, even though draft-compliant hardware has already hit the market. [9], [10], [31], [32] 2.7.1. 802.11a The 802.11a protocol operating on the 5GHz frequency band was released 1999. The OFDM scheme is used with 52 sub-carriers, and the theoretical bitrate maximum is 54Mbps. The protocol requires LOS operation due to the carrier's high frequency and low material penetration ability. Typical data rates achieved by 802.11a are around 30Mbps. 802.11a equipment is not compatible with b/g, but can be used independently alongside as a non-interfering network, employing thus the upper frequency band. The protocol type has not been largely adopted into everyday use due to the parallel existence of the btype's cheaper equipment. [9], [27] 2.7.2. 802.11b Released 1999, 802.11b was the first variant to utilize the DSSS medium, and completely fulfills the specifications. Its theoretical maximum data rate is 11Mbps with CCK and QPSK, yet typically becomes downgraded to about 6Mbps due to protocol overhead. [9], [20]


2.7.2. 802.11g 802.11g was released 2003 as an improvement over 802.11b, providing also some backwards compatibility. The theoretical maximum rate is 54Mbps, typical 15-25Mbps depending on the presence of protection. Medium-wise, it is a hybrid between 802.11a and 802.11b. For speeds that are within the 802.11b specification it uses the same DSSS and CCK schemes as the latter, and vice versa for the previous, except that the operation band is now 2.4GHz on the extended rate PHY (ERP-OFDM, which is also the basic mode of 802.11g). The specifications have also been otherwise modified to support the co-existence of different modulation methods. One of the most notable alterations to the OFDM scheme is that there are merely three non-overlapping channels in use. [9], [33] 802.11g can co-exist with the b-type, and hybrid networks of those two protocols are common. However, if there is none kind of protection between the protocols, the overall performance becomes downgraded to that of the b-type, as 802.11b cannot understand g's higher-rate transmissions. 802.11g includes two protection mechanisms to allow the sending of OFDM frames in a hybrid network, and they are activated whenever it is necessary to guarantee that b-stations do not cause interference. In the first scheme, the station sends a CTS frame to itself, which thus forces all the stations within the network to update their NAVs and listen to CTS frames. In the self-sent CTS the station tells it will transmit OFDM-modulated content. This CTS is sent by employing modulation that every station can comprehend. The second method is a full RTS/CTS swap. Both methods are illustrated in figure 28. The protection frames are sent by using any b-type means. Overall, the protection mechanism slows down the throughput of the network. [9]


Figure 28. Overview of protection mechanisms. [9] 2.7.4. 802.11n Released January 2007 in first-draft form and in second-draft in the subsequent March, 802.11n is still in an incomplete state, and is not expected to achieve a stable state before 2008. There used to be three parallel competitors, WWiSE (World-Wide Spectrum Efficiency), TGnSync (Task Group N) and MITMOT (Mac and mImo Technologies for MOre Throughput) proposing different implementations for the protocol, but they decided to join their proposals July 2005. [31], [34], [35], [36] The basic new characteristic of 802.11n is that it employs MIMO-OFDM to achieve data rates up to a theoretical limit of 540Mbps. Like its predecessor 802.11g, it will have backwards support on two modes and a native mode that works only in a pure n-type network. A legacy mode operates in a, b, and g. A mixed-state mode adds the n protocol among them. The channel width is doubled up to 40MHz, and the signal range should double that of the earlier protocols. [8], [32], [36]


802.11n brings also improvements to the MAC layer to enhance the radio channel's throughput. In the earlier protocols, the large amount of overhead in transmission usually reduces the capacity of the PHY to about 60%. Now, frame bursting will be employed to cut down the number of ACKs. A method called frame aggregation will also be used to pack small frames together into one large frame to improve the data-to-overhead ratio. Small frames especially cause poor throughput, since normal frame headers become attached to them, and often the overhead in such frames tends to take more time than the data itself. [9], [37] Any current hardware available, such as Apple's Airport Extreme, is based on 802.11n's draft specifications [38]. Hardware built upon the stable version is expected to reach natural bitrates up to 200Mbps, whereas the presently existing ones have been reported to sustain speeds from 25 to 100Mbps [32], [36], [37]. Obviously, any such 'draft devices' may cause interoperability issues when the hardware based on the fully approved standard appears later on the market. 2.8. 802.11 Hardware Aside from the wired backbone network required in infrastructure systems, the functional part of a generic 802.11 system consists of an AP, and a wireless network card used by the client. The outline of a general wireless card together with the associated layers is illustrated in figure 29. The AP may be a single 'box' embedding both the modem and the antenna, or a two-piece construction where an external antenna is plugged with a suitable cable. An external antenna may provide a means to improve the coverage, but has the drawback that as an appendage to the main transceiver its lossy cable eats up power. In the end, an external antenna may not provide any improvement to the signal quality, and in the case of a poor-quality cable it may even deteriorate the original. Also, the technique of using multiple antennae to extend the signal reach of a single AP has become somewhat pointless since the cost of an extra antenna is about the same as that of a whole AP hardware. [9]


Figure 29. Outline of a generic 802.11 wireless card. [9] The AP's radiation pattern depends on the antenna type and pointing direction. The University of Turku has mostly acquired omnidirectional vertical antennae. They are the most usual models on the market, and generate a round, horizontal signal field when they are, in the typical fashion, installed to protrude vertically from the ceiling. Other crucial factors that determine the signal's useful coverage are gain and half-power beam width. The previous is the reach to which an antenna enhances the signal in its desired direction, and is measured in dBis. The latter decides the breadth of the radiation pattern, calculated in terms of the points where the radiation's peak value halves itself. [9] When it comes to large complexes such as the university in question, hardware costs need to be optimized heavily. With expensive hardware and specialized antennae, far more dazzling wireless systems compared to the existing ones of course could be built. But habitually the costs of buying APs in bulk and such factors as the risk of theft push the possibilities down to cheaper models. Hence, somewhat outdated or bargain hardware will always be used in institutions with limited supplies. Any further network optimizations, like the coverage improvement task that is the key issue in the upcoming practical part, are tied to these limiting factors. Moreover, it would be quite foolish to start changing existing systems to, say, costly pre-802.11n hardware just because they are available. Also, when large systems similar to SparkNet grow even broader by time and their old hardware is still kept functional, for example some AP models may vanish entirely from the market. The purchasing of new ones or replacements is equally limited to those available in the supply. Therewith, networks with hybrid configurations emerge gradually, and the result will be for instance a sub-optimal b/g network. However, when the situation has changed into such that, say, only a handful of b-type APs are coupled together with several tens of g-type ones, it would be reasonable to get rid of the b-types. The costs would be then negligent compared to the increase in efficiency.


2.9. Interference, Fading, and Propagation Losses With RF signals, interference and fading are key problems. As was shown priorly, both phenomena can be reduced with suitable modulation techniques. The 2.4GHz band is also problematic due to its crowded nature. For instance, operational devices such as Bluetooth may severely degrade the performance of b/g signals if set on a few-meter distance from the transmitter. The same can be said about the co-existence of the 5GHz band and ultra-wideband (UWB) networks. At least on the present signaling means these side-effects have a considerable influence, yet it remains to be seen how the 802.11n protocol will survive in practice. [9], [39], [40] The correct placement of APs and channel considerations are some of the most important aspects when functional, larger-scale wireless networks are constructed, such as inside a building consisting of several floors. Here, factors such as the reach of the signal, surface materials of walls, floors, etc. need to be taken seriously into account. [9] The signal of an AP becomes weaker as the distance to the transceiver grows [9]. This can be seen in figure 30. Alongside, the SNR and (figure 31) data rate (figure 32) also diminish. The AP presented in figures 31-33 is a real-life 802.11g AP set in lossy indoors conditions; the values in question have been measured with Ekahau Site Survey. See figures 36-38 for color code legends. When perfect LOS is available, say, in open-space outdoor conditions, the AP's coverage and throughput remain the most optimal. However, every obstacle appearing on the effective signal area contributes to attenuation and the diminishing of signal coverage. Indoor conditions, where walls and other surfaces attenuate, reflect, or completely block RF signals, are barely comparable to the aforementioned optimum. The area that a single AP can serve in outdoor conditions may require tens of transceivers in much smaller indoor environment [9]. Figures 30-32 show the influence of both attenuating and reflecting/conducting surfaces: on occasion a sharp drop from a brighter green to a more bluish tint indicates that some obstacle degrades the signal, and further to the left from the actual AP exist a few stronger signal islands caused by either conduction or signal amplification via reflection.

Figure 30. How an 802.11g AP's signal strength decreases by the distance.


Figure 31. The drop of SNR by the distance.

Figure 32. The drop of data rate by the distance. Both an AP and a client's wireless card have certain minimum sensitivity values (-dBm) for connectivity. If the link's sensitivity falls below the minimum, network connection cannot be established. [9] For instance, in 802.11g the borderline sensitivity to produce speeds of 22-32Mbps is -76dBm, and for speeds of 33Mbps and above it is -74dBm. This however means that lesser speeds, such as 1Mbps are available at much lower sensitivity values. In some equipment the smallest possible connectivity value is marked as low as 96dBm, while a usual value seems to hover around -94dBm. Also, the performance of a wireless network is always twofold: the client can also on its part improve the link by using a more sensitive wireless card. [9], [21], [22], [33] [41], [42] Adapter signal strength in itself does not tell the whole truth about the network's performance. For instance, if two APs operating on channels 1 and 2 are close to one another, their respective adapter signal strengths remain the same, but the actual link may be very poor due to strong ICI and thus a low SNR. Hence, SNR is one of the most important parameters to be considered when a network's overall functionality is studied.


3. Systematic Approach to Improving Network Coverage and SNR
This section is devoted to studying, simulating, and implementing a systematic means to install APs so that the coverage could be maximized and interference minimized. It will also be scrutinized how much power and functionality Ekahau Site Survey, the major tool used in mapping and measuring the properties of WLAN networks in the University of Turku, has when a new wireless network setup is designed with it from scratch and then installed. The comparison will grant valuable information about how much one can rely on simulations and how much manual planning actually needs to be done. 3.1. Optimal Access Point Lattice Let us imagine an optimal situation where a wireless network should be set up into an open office environment with very little attenuation-causing elements around (there may be some cubicle materials, etc. but their individual attenuation effect is on the scale of 12dB and hence can be regarded as negligible). To ensure the best coverage-SNR relation, the APs should be arranged into a continuous triangle formation where one triangle is equilateral, and the channels alternate as 1-6-11 in the vertices, so that two APs operating on the same channel are never adjacent to one another (see figure 34). This way the distance to any two same channels becomes maximized and the interference between APs minimized. Regarding network systems operating on several floors, the following should be kept in mind. The floor materials and the possible existence of pipes have a great influence on how the signals in one floor leak into other floors. In the case of low-to-medium attenuation surfaces, like dry wall, wood, thin-ish layers of concrete etc. it is perhaps not even necessary to have a separate AP arrangement in every floor, taking into account the fact that the frequencies now interfere with one another much easier since the vertical distance between the APs is much smaller than the horizontal. In cases like this, it is usually sufficient to build a network into every second floor. However, when there are thicker layers of concrete, stone, pipes, metal gridding, etc. present, the signals reaching out from other floors are usually too weak to allow efficient operation. Or, there may be a few 'pools' of network available in sporadic places if the floor or ceiling is not uniform, which is usually the case in reality. Here, one must pay


attention to the placing of the APs. The same triangle grouping works, if the surfaces are homogenous. Nonetheless, some leakage will even so exist, and hence the APs should be placed so that two overlapping APs never operate on the same channel. Consider figures 33 and 34 which in this context present two neighboring floors of the same building (first and second floors, respectively). The floor/ceiling materials between the floors, in this context, would have so much attenuation effect that the signals coming from the floor below would not have enough signal strength left in the floor above, but yet contribute to the interference. To ensure a sufficient SNR, the APs of the second floor should be arranged as in figure 24. Thereby, the APs should be set up almost on top of one another to again maximize the distance between two same channels.

Figure 33. Optimal AP arrangement to minimize interference between channels and maximize the reception coverage.


Figure 34. A second-floor arrangement on top of figure 34's scheme. The actual distance between two APs operating in the same floor depends very much on the running network load, architectural details, and of course the purpose of the arrangement. If there is a need only for a few low-load hotspots in certain strategic places like clusters of workrooms and no need for continuous connection while a station moves in-between them, the distance can be 35m and up. Nevertheless, as the network load increases and there is a direr need to assure a clear coverage (1Mbps and up) everywhere, the length of the sides of the triangle lattice needs to be reduced. 3.2. Common Problems and Example AP Scenarios In the following are presented a few scenarios concerning different capacity needs for a WLAN. As the 1-6-11 channel scheme is not free of interference, the nearer the APs are at one another, the greater the interference cost. 3.2.1. Ekahau Site Survey and Its Simulation Properties Ekahau Site Survey is an application that allows making site surveys and planning 802.11a/b/g networks. For the purpose of site surveys, the application usually has to be installed on a laptop which has a functioning wireless card. The plan of a building or other site is loaded into the program, and everything else happens on top of this. The parameters of existing networks can be surveyed by walking around the site the plan represents, and placing markers on the map at regular intervals. The software catches the


WLAN signals through the wireless card, and records such parameters as interference, SNR, signal strength, etc. Several kinds of graphs about the network's features can be output basing on the measurements, for example mutual interference caused by every AP in the site. All the simulations and on-the-spot measurements in the following sections are done with this application. [43] When it comes to designing networks from scratch, the software provides a means to place simulated APs of various types on the intended plan. Also, a selection of wall materials can be added in order to simulate attenuation. While trying out the feature, it cropped up that the program has some kind of bug within that places the material lines somewhat aside from the intended position. However, the wished-for placing should be clear. Figure 35 gives an explanation of the material colors and the associated signal attenuation. Figures 36-38 give color codes for the values of signal strength, bitrate, and SNR, respectively. [43]

Figure 35. Wall materials for simulation. Application quotation from [43], (c) 2000-2007 Ekahau Inc.

Figure 36. Signal strength legend (-dBm). Application quotation from [43], (c) 20002007 Ekahau Inc.

Figure 37. Bitrate legend (Mbps). Application quotation from [43], (c) 2000-2007 Ekahau Inc.

Figure 38. SNR legend (dB). Application quotation from [43], (c) 2000-2007 Ekahau Inc.


The strongest signals in the APs used in the upcoming case study are in the range of -3040dBm, and 60-65dB SNR-wise. In these (real-life) circumstances, it has been reported that around -75-80dBm or 15dB the signal becomes too weak to ensure proper functioning, i.e. frequent disconnections from the network follow. It was discussed before how some WLAN equipment has much lower sensitivity values, but a more of a worstcase scenario has to be taken as the borderline sensitivity here. In real life, it also cannot be taken for granted that all clients joining the network have top-notch wireless cards, since even the APs are not from the most expensive end. 3.2.2. Example Scenarios There are a few common mistakes often made when AP schemes are organized. When an heavy-usage 802.11g/b system under a load of 50% or more is in question, where a seamless data rate of at least 1Mbps has to be guaranteed almost everywhere, one may be tempted to place too many transmitters into the one and the same space. In the case of thick wall materials and abundant amounts of metal structures, this may be an optimal solution. But in an open office or hall environment with a 'long' LOS and little restraint elements, attempting to guarantee a strong SNR everywhere soon becomes a high-scale interference quandary when the network load increases. Consider the hypothetical case in figure 39. Five APs have been placed into a lowattenuation environment, and the distance between adjacent APs is about 12m. With hasty planning, the choice may seem 'good' in the SNR map. The system yet comes at a high interference cost, and is overall inefficient as the data rate and load grow. In figures 41-44 the system operates at increasing loads, and it can be seen how the SNR suffers at the cost of a very strong interference. With current technology, the existence of wired hotspots or a parallel-functioning 802.11a network is mandatory if higher speeds and seamless operability is essential. Excluding now the wired aids, a much better alternative to the 12m/5 APs arrangement would be both to increase the AP distance slightly and also drop a few. The scheme in figures 39-43 also suffers from the fact that AP3 creates a kind of discriminating 'island' outside which the connection is always poorer. This heavily suggests that one should always have an even number of all the channels represented in the same overlapping space to ensure the uniformity of the network everywhere. In figure 44 it can be seen that with only three transmitters, the throughput under 100% load at 1Mbps is much better than in the starting situation of the non-optimal one (50% load at 1Mbps). It is perhaps even a little more efficient under 100% load at 54Mbps, as seen in figure 45. In practice, this kind of system is not exactly possible and there will also be more interference than figure 46 would suggest, since real APs always have signal leakage to other bands as discussed before. In most real environments, there will also be significantly more attenuation-causing surfaces due to walls and alike. But it works as a demonstration as of why the number of APs should not be increased too much in the hopes of a better coverage and why the coefficient of the channel multiples should be 3, if possible.


Figure 39. 12m system's SNR at 50% load on 1Mbps.

Figure 40. Interference at 50% load.


Figure 41. 12m system's SNR under 100% load at 1Mbps.

Figure 42. 12m system's SNR at 100% load at 54Mbps.


Figure 43. 12m system's interference under 100% load.

Figure 44. 13m system's SNR under 100% load at 1Mbps.


Figure 45. 13m system's SNR under 100% load at 54Mbps.

Figure 46. 13m system's interference under 100% load. A more lifelike situation is created through a simulation that contains actual wall materials. The scenario is still more of the optimal nature, but the usefulness of the triangle scheme and channel arrangement shows its best results here. The surface materials in this case help decreasing the remaining channel interference with their inherent attenuation. Hence a robust arrangement that has minimal interference problems and a strong SNR even in 100% network load is acquired. The distance between each AP is about 30m. The scheme's functionality is presented in figures 47-50 at various bitrates.


Figure 47. SNR under 100% load at 1Mbps.

Figure 48. SNR under 100% load at 24Mbps.


Figure 49. SNR under 100% load at 54Mbps.

Figure 50. Interference under 100% load.


3.3. Case Study: Creating a Well-Functioning WLAN for a Library It is here necessary to remark upon the fact that this section has advanced very much parallel to 4.1. and 4.2., and hence obviously may contain some of the very errors that should be avoided in AP arrangements and which are listed in the aforementioned sections. 3.3.1. Initial Situation and First Simulation In the initial situation a two-floor library inside a larger campus building is equipped with a few 802.11g APs which here have been marked as 1A-1C for the 1st floor and 2A and 2B for the second. In the pictures, the channel is the last item in the name tag. The APs have been positioned without much pre-planning merely to create a wireless access to the most important places. The arrangement is nowhere near optimal, both channel- and placement-wise. The APs have been installed in the ceiling, wherefrom the antennae poke out 'upside down'. The original conditions have been mapped by walking through the rooms with a laptop with an 802.11b/g compatible wireless network adapter and the Ekahau Site Survey application. The network load is assumed to be 50% in all cases with at least a data rate of 1Mbps available in the functional areas of reception. This quite well corresponds to the 'worst-case' scenario, as the average load during the busiest time of the day is about 10%. The bitrate is not regarded as the most grievous problem here, but the network coverage and SNR. It is also essential to mention that these spaces encompass only a small part of the whole building's wireless network, i.e. there are other adapters 'nearby' affecting the signal spectrum in terms of for example interference. The initial situation of the first floor is presented in figures 51-54, the second's in figures 55-58, and the channel arrangements in table 4. As mentioned before, the SNR graphs tell the more accurate truth about the network's functionality than the signal strength ones. Table 4. Channel arrangements in the initial situation.
AP Channel 1A 1 1B 6 1C 11 2A 11 2B 1


Figure 51. Signal Strength.

Figure 52. SNR.


Figure 53. Interference.

Figure 54. Bitrate.


Figure 55. Signal strength.

Figure 56. SNR.


Figure 57. Interference.

Figure 58. Bitrate There are a few problematic irregularity spots around the library. These kinds of sites are altogether too common for just about any kind of larger building: elevator shafts, stairwells, machinery rooms, etc. This brings us back to the question of surface materials and signal leakage and why they should be seriously taken into account when APs are positioned.


In the following plan images, the major problem spots have been identified. In the corresponding SNR and interference maps concentrations of rapid attenuation and interference can be noticed. First floor (figure 59): 1. Elevator shaft and stairwell: concrete and metal structures. Some of the signals of the APs in the floors above (not shown here) leak through the stairwell to the lower floors, causing interference. The elevator shaft is 'on the way' of 1C's signal, so that it does not properly reach the rooms in the right and below. 2. An open stairwell connecting the first and the second floor. Both 1B and 2B affect one another's coverage areas and thus interfere. Overall they have been installed way too close to one another. 3. Elevator shaft and stairwell. 1B's signal becomes rapidly attenuated and does not reach the work rooms in the far left. 4. Machinery rooms with multiple metal structures; they block any signals almost completely. 5. and 6. Areas with tens of bookshelves. A single bookshelf causes about 2dB attenuation, so the signal fading is gradual but definite nonetheless.

Figure 59. The problem areas of floor 1. Floor 2 (figure 60): 1. Elevator shaft and stairwell. 2. Thick concrete pillar with possible metal structures within. 2B's effective signal range reaches about twice as far to the right than to the 'south-west' due to the blocking effect. 3. Stairwell.


4. Elevator shaft and stairwell. 5. Bookshelf space; gradual attenuation.

Figure 60. The problem areas of floor 2. A simulation of the optimal AP placing is made. The outside-area APs detected during the initial measurements are left in the background to create a more natural environment with actual interference. When a WLAN network is built into a, say, office space in an apartment, there most likely will be other private WLAN networks in the vicinity contributing to the total interference. Hence, the conception of 'optimal' will always become downgraded to 'the configuration that works as well as possible in the circumstances'. The issue of outside interference however is not within the scope of this case study, since the external, non-optimally-configured APs belong to the University of Turku and can be optimized further later on by the responsible operators. Therefore, the weaker signals left in the background serve more as a combination of natural background noise, real-life hardware defects, and further attenuation caused by architectural elements. Also, Site Survey's virtual APs do not exactly correspond to real ones, since there are no cable losses or other such signal degradation effects present. However, when the APs are installed according to the simulations and their properties observed later on, all outside signals not in the scope of the library will be eliminated. Attenuation-causing materials have been added to the simulation in the form of bookshelves and walls. In figures 61-64 the first simulation schemes can be seen. 1C has been left completely off for now to see whether the rooms below and to the right of it could be covered otherwise. It soon becomes clear that a simulation cannot handle everything, as Site Survey has no proper utilities for vertical areas. The pictures will not give an exactly correct view on how much for example the APs of the first floor will leak into the second floor. The ceiling in this case is quite inhomogeneous: There is a concrete layer which is partially covered with some sort of tiles and partially with a metal grid with pipes crisscrossing above. It however should have a fairly strong attenuation coefficient, except for the open stairwell in the middle. The AP arrangement on this particular spot has to be proceeded mostly with guesswork and manual tryouts.


Presently, 1H has been set into a place wherefrom its signal will likely leak into the above-lying rooms. However, this has to be tested manually, and it may be necessary to rearrange the scheme of the second floor completely. The channels used in the first simulation are listed in table 5. Table 5. Channel arrangements in the 1st simulation.
AP Channel 1H 1 1I 11 1J 6 1K 6 1L 11 2H 6 2I 11 2J 1 2K 11

Figure 61. First floor's SNR under 50% load at 1Mbps.


Figure 62. First floor's interference under 50% load.

Figure 63. Second floor's SNR under 50% load at 1Mbps.


Figure 64. Second floor's interference under 50% load. 3.3.2. First Phase of Implementation The APs are installed as a temporary configuration into the approximate locations pinned down in the simulation. 100% correctness was not possible due to unsuitable ceiling elements or a lack of sockets. The situation appears as in figures 65-68 and if not elsewise mentioned, the worst-case situation (1Mbps under 50% load) is scrutinized. Figure 65 presents the 1st floor's SNR together with the second floor's APs affecting the SNR spectrum and figure 69 only the 1st floor's adapters. A few problem spots can be identified which require manual correction: • The area between APs edu-kirjasto and edu-kirjasto5 falls into shadow. A pillar or another blockage probably attenuates Edu-kirjasto's signal --> will be moved more to the right. • A similar kind of area appears in-between edu-kirjasto7 and 6. The latter cannot be moved in this temporary arrangement due to the lack of suitable ceiling surfaces, so edu-kirjasto7 will be moved more to the left. The second floor is somewhat more problematic, and did not reach attainable optimality in the first scheme. When figures 70 and 71 are compared, it can be seen that the 1st floor's signals leak in a stronger fashion to the 2nd floor than vice versa. The 2nd floor is also smaller, so any necessary AP replacements to enhance the SNR in both floors are easier to do in the 2nd floor. Also, a general rule starts forming itself here: it would be a good idea to place the APs of one floor first, measure the leakages in the next one, and thereafter plan the placements of the APs to be put below/above. It could not be known beforehand how strongly edu-kirjasto's signal would be present in the areas around the 2nd floor's stairwell. By comparing figures 65 and 66 it can be seen


that its signal is not powerful enough to cover the rooms 'above' the stairwell. Also, edukirjasto7 leaks in quite a strong fashion to the second floor, whereas the effect of the one above it remains considerably weaker. This might be due to a weaker ceiling material. The network coverage in the middle of the 2nd floor (see figure 67, the darker green area crossing the floor from 'north' to 'southeast') remains poor, and the space certainly needs an adapter of its own. Since only 9 APs were available for the practical implementation, and the 1st floor's adapters cannot be reduced, the second floor's APs have to be moved so that some location will fall outside the effective signal field in the next phase. Figure 67 shows that edu-kirjasto9 covers sufficiently the corridor as-is, so it can be taken out of the current scheme and used elsewhere, which in this case means using it as the 'missing' AP needed much nearer the stairwell. The following changes are done: • • • • Edu-kirjasto4 is moved to the hall in the left 'behind' the rooms. Edu-kirjasto9 is moved near the stairwell. Edu-aula (former 1C) is enabled in the measurements. Edu-kirjasto7 is moved more to the left to see whether the 'thicker' ceiling would reduce the signal leakage. • The channels are changed to those listed in table 6. Table 6. Channel arrangements for the second implementation.
AP e-k Channel e-k2 1 11 e-k3 6 e-k4 6 e-k5 6 e-k6 6 e-k7 11 e-k8 1 e-k9 11 e-a 11

Figure 65. 1st floor's SNR.


Figure 66. 1st floor's interference.

Figure 67. 2nd floor's SNR.


Figure 68. 2nd floor's interference.

Figure 69. 1st floor's SNR without the influence of the 2nd floor's APs.


Figure 70. 2nd floor's signal leakages in the 1st floor.

Figure 71. 1st floor's signal leakages in the 2nd floor.


Figure 72. 2nd floor's SNR without the influence of the 1st floor's APs. 3.3.3. Second Phase The aforementioned changes to the implementation are made, and the new arrangement can be seen in figures 73-78. When the results are compared, it seems that while the network coverage of the second floor has improved, the first floor has suffered at the cost of it. The 2nd floor's interference has decreased, but is the opposite case for the 1st floor. The highest interference concentration has accumulated to the south of the stairwell (figure 74). It is partly responsible for the large area of poorer SNR extending southward and unto the far wall. Edu-kirjasto9's channel 11 leaks all too much down from the second floor, and thus narrows down Edu-kirjasto7's effective signal area (see figures 74, 79-80 ), while it is also sharply attenuated by some architectural element. Edu-kirjasto's signal does not seem to reach well enough the areas to the left of it, partly due to interference.


Figure 73. 1st floor's SNR.

Figure 74. 1st floor's interference.


Figure 75. 1st floor's SNR under 10% load.

Figure 76. 2nd floor's SNR.


Figure 77. 2nd floor's interference.

Figure 78. 2nd floor's SNR under 10% load.


Figure 79. 2nd floor's signal leakages in the 1st floor.

Figure 80. 2nd floor's signal leakages in the 1st floor without Edu-kirjasto9. When the experiments lead to this kind of results, the antenna types and ceiling materials need to be scrutinized better, in case issues causing further non-optimality might hide therein. Discarding the effects of Edu-kirjasto9's leakage (see figure 78), it can be seen from both the first (figures 70-71) and second phase's (figures 80-81) results that the first floor leaks rather more to the second than in the opposite case. It can only be assumed that the metal grid partly covering the ceilings works both as a mirror and an attenuator. The antennae, in the absence of other suitable installation places in this case, had to be placed to hang down from the grid. While an omnidirectional antenna's signal should follow the vertically flat doughnut-shape form, it apparently extends itself that much


above the grid that the metal can reflect and amplify it upwards. Signals coming from above experience the opposite effect. The antennae can be categorized as follows: Edu-kirjasto4-9 Buffalo WHR-G54S: • Nominal Output Power: 19dBm (802.11b), 16dBm (802.11g) [44] Edu-kirjasto-3 Buffalo Airstation WBR-type with an external antenna • Nominal Output Power 15 dBm • External antenna eats part of the power and weakens the signal [45] The WHR antennae are more efficient than those of the latter type. This can be also seen in figures 82 and 83 where the signal ranges of a WHR and WBR antenna are shown SNR-wise. The diameter of the effective coverage the WHR antenna is considerably longer than that of the WBR one.

Figure 81. 1st floor's signal leakages in the 2nd floor.

Figure 82. The SNR and coverage of a WBR antenna.


Figure 83. The SNR and coverage of a WHR antenna. 3.3.4. Third Phase After analyzing the results of the second phase and considering some details, the conclusion is that the system might work better with the following adjustments: • Edu-kirjasto will be disabled regarding the first floor, and shall be moved to the second floor to serve the empty north-east corridor. • Edu-kirjasto7 will be moved somewhere in the middle of its original place and the current one. • Edu-kirjasto5 will be moved somewhat to the south to see if the coverage in the areas below it could be improved. • Edu-kirjasto9 will be moved right above the stairwell, so that its signal would reach the 1st floor even better. In addition to its major service area, it thus might be able to handle also the beneath-lying section to such a degree that no additional APs are needed around the stairwell in the 1st floor. Figure 84 gives some insight into this. Edu-kirjasto1 is disabled, and yet there seems to be a sufficient SNR around the stairs, even when edukirjasto9 is not yet directly above the open shaft. • Edu-kirjasto4 will be moved into the hall outside the actual library. In the current configuration it is too close to the other APs of the 2nd floor. • The new channels are listed in table 7. Table 7. Channel arrangements for the 3rd implementation.
AP e-k e-k2 e-k3 e-k4 e-k5 channel 1 11 6 6 e-k6 6 6 e-k7 1 e-k8 1 e-k9 11 e-a 1

At this point it can be seen that the simulation tools do not really provide that much help, and the final adjustments need mostly manual tweaking. It is reasonable to believe the priorly configured systems may also suffer from the 'too many APs' -syndrome. Even one antenna may deteriorate the SNR considerably.


Figure 84. First floor's SNR. Edu-kirjasto is disabled. The aforementioned changes are made, along with a few other details that cropped up along the way: • Edu-kirjasto was dropped out of the antenna array entirely. After an installation in the suggested place and some preliminary measurements, it turned out that the AP's operation itself was poor. Most likely the old model and a lossy antenna cable were the reasons for this. • Edu-kirjasto4 was not installed in its intended place, but set to replace edukirjasto in the 2nd floor. Edu-kirjasto9's coverage area is just about large enough to give a sufficient SNR into the rooms originally under edukirjasto4's dominion. The corridor in the far left provided to be too cumbersome an area for test installations due to the lack of Ethernet and power sockets and suitable ceiling materials. Hence, if better SNR or coverage is desired to the border areas of the library, a separate, permanent antenna should be installed somewhere in the 2nd floor hall. • Edu-aula was disabled in the measurements. • The new channel arrangement is listed in table 8. Table 8. Channels after the 3rd implementation.
AP e-k2 e-k3 e-k4 e-k5 channel 11 6 1 e-k6 6 6 e-k7 1 e-k8 1 e-k9 11

Figures 85-90 show the corresponding results. Now, it can be seen that reasonable quality has been reached. The APs are about 8m apart from one another in the horizontal direction. The overall scheme is also as close as possible to the triangle lattice as proposed in chapter 4.1., with the exceptions required by non-symmetric building structures. The SNR is stronger than in any of the previous installations, and the


interference has dropped considerably. A few areas with poorer reception are bound to remain due to environmental aspects. For instance, the open area to the south-west from edu-kirjasto5 has plaster tiles with slight vertical protrusion as the ceiling material. Plaster contains water, which has a strong attenuation factor. For instance figure 86 shows the sharp attenuation edge of edu-kirjasto5's signal. However, due to interference problems, the particular AP cannot be much moved to the south either. The plaster ceiling is also responsible of the mid-floor 'canyon' of lesser reception between edu-kirjasto6 and edu-kirjasto7. The new placement of the latter AP allows the signal to spread somewhat more freely, so that the attenuation edge is not as sharp as in the previous undertakings.

Figure 85. 1st floor's SNR.

Figure 86. 1st floor's SNR under 10% load.


Figure 87. 1st floor's interference.

Figure 88. 2nd floor's SNR.


Figure 89. 2nd floor's SNR under 10% load.

Figure 90. Second floor's interference. 3.4. Case Study Conclusions and AP Arrangement Guidelines • The general triangle model should work almost optimally in a symmetrical, one-floor building or in a multi-store building that has a wireless network installed in only one floor. • The general triangle lattice model should function in a symmetric multi-store building where the floors and ceilings attenuate the signals enough, so that they do not leak to other floors. • Use only channels 1,6, and 11, since they non-overlap the least. All interference cannot be gotten rid of even this way, since real-word hardware lets the sidelobes leak


• • •

• •

to the other bands more than in theory. Using the intermediate channels is not recommended, as it has considerable effect to the increasing of interference. If open spaces pierce two or more floors (i.e. a stairwell, high halls), either try to install the APs as far as possible from the open area, or then try to take advantage of the vertical LOS and install as few APs as possible as high as possible. WHR-type APs are more efficient than those with external antennae. Discontinued/more inefficient APs can be reused to cover smaller (secluded) areas. If possible, avoid hanging APs down from metal-gridded ceiling, since it mirrors the signals upwards just enough to cause undesirable interference in the floor above. Sometimes this is not an option, however. Metal grid placed behind any floor/wall/ceiling element then again hinders the RF signals from leaking outside the space at hand. Corridors, etc. unidirectional spaces joining larger open spaces but yet separated by thick walls and/or elevator shaft -type constructions from one or more sides usually need their own AP(s). It is usually most efficient to place one adapter in the middle of the corridor. If it is a lengthy one, two can be installed so that they are not exactly at the far ends (at least in the case of the typical omnidirectional antennae, part of the signal range is 'lost'). Best performance is achieved, if the channels are as far off from one another as possible (1, 11). Make sure that the nearest signal radiating strongly from any open space nearby is always at least six channels apart. When the planning and configuring of a wireless network is started, simulations may aid somewhat, especially if wall materials can be added within. Nonetheless, manual, sporadic planning is always needed. Ekahau Site Survey, in itself, is only a mediocre simulation tool, as it does not even support multiple floors. Pipes, air conditioning shafts, etc. work as conductors, and sometimes they can carry RF signals into unwanted places. Take these into account in network plans, if possible. A non-homogenous ceiling with vertical protrusions may become an attenuation factor even in the floor at hand, if APs are installed to hang down from it. Even a few centimeters' difference may cause undesirable effects. Try to install the antenna to the lowest part of the ceiling, so that it does not remain inside an 'upside-down cauldron' where the surrounding layers force the range of the signal to become diminished. Another option is to attach the antenna some meters away from the border of the two ceiling materials with different heights. This way, the signal has more room to spread, and the attenuation becomes less steep. However, always avoid fixing the antenna right to the joint. When APs are placed manually, try to make sure that there is the maximum amount of LOS everywhere. Obstacles such as pillars and high bookshelves in the close proximity may cause surprisingly strong blocking effects. Plaster, which is often used in pillars, is one of the tricky surface materials. It may be of best practice to configure one floor first. When the initial floor is done, proceed to the next by first observing how much the signals leak through the elements. Also, if the following, yet empty floors are simulated with Ekahau Site Survey, leaving the signal leakages as existing interference to the background may help in finding out the best places for further APs.


4. Conclusions
The lack of a systematic approach to building IEEE 802.11 indoor networks, so that optimality could be reached in both coverage and reception, is a major problem that often emerges during the installation of new systems or improving existing ones. The correct placement of the APs and the parallel consideration of architectural details and surface materials in buildings are crucial to the proper functioning of the network. Yet, often the APs are placed in a rather random fashion, which may lead to high interference and poor link quality. The purpose of this thesis was to dig into some of the issues that most often hinder the proper operation of a WLAN network, and propose a systematic scheme where both coverage and reception reach optimality. A real-life case study where 802.11g-type transceivers were used and which followed as closely as possible to the suggested model was implemented in the frames of SparkNet, the WLAN system employed by the University of Turku. Ultimately, the approach was proven to grant quasi-optimal conditions to the functioning of 802.11 systems. The thesis was divided in two major parts. The first section, which enveloped the preface and chapter 2, was mainly literature-based. It introduced the system logic and theoretical properties of IEEE 802.11 protocols. Detailed glimpses into the operations of the MAC and PHY layers and their interactions with one another were provided. Additionally, such matters as for example security and future technologies were discussed alongside. A few sections were devoted to the upcoming 802.11n protocol which will undoubtedly begin replacing existing technologies in the near future, even if the type is still officially in a draft state. Its emergence will lead to more complicated kinds of hybrid networks as the ones currently in existence, and will contribute its own, yet largely unanalyzed share to the optimization problems. The second part, chapter 3, concentrated on studying whether an optimal, systematical AP arrangement could be created, and, if so, how. Likewise, the section can be separated into a more theory-oriented segment (sections 3.1. and 3.2.) and a practical part (section 3.3.). Firstly, a theoretical basis for the optimal AP placement model was proposed. In two dimensions, its topology consists of equilateral triangles, where one AP is placed at each vertex. The geometry can be extended into the third dimension, when the structure becomes a lattice-type formation composed of three-sided prisms in the vertical direction. In the text, it was commonly referred to as the 'triangle lattice'. Each AP operates on its own channel, which is either 1, 6, or 11, and the lattice never allows two same channels


to be adjacent to one another. This maximization of distance minimizes the interference. The theoretical scheme was simulated with Ekahau Site Survey in various imaginary indoor spaces with different kinds of wall materials. These made-up conditions used in the simulations had a theoretically optimal nature, and thus cannot be applied to realworld settings as such. Also some details relating to how many APs should be used and the suitable distance between two units were discussed alongside. The case study, section 3.3., advanced quite much parallel to the theory discussion of sections 3.1. and 3.2. Hence, a few of the very mistakes that were pointed out in the preceding section found its way into the practical implementation, and had to be rooted out on the way. A two-store library with some rather awkward and non-symmetrical architectural details (an open stairwell piercing the two floors, uneven ceiling with inhomogeneous building materials, among other particulars) was chosen for the case study. It had an operational WLAN network in the initial situation, but it was suboptimal, and the APs had been installed in the spur of the moment rather than with careful planning. A simulation of a replacement network, based on the triangle lattice model and which included wall materials and added interference, was made with Ekahau Site Survey. Thereafter, the actual implementations began. However, when the practical part progressed further through trial and error and much manual corrections, it soon became clear that Site Survey as a simulation application is rather mediocre. Whereas it performs well as a tool for measuring various properties of existing RF signals, the simulations could be used only as a partial aid in the case study. For instance, the application does not support networks in multiple layers. It is a serious drawback, since APs installed into adjacent floors commonly interfere with one another till some degree, unless the ceiling material is thick enough not to allow any signal leakages. The case study required three installations, where aspects such as the influence of antenna types to the overall functionality -- in addition to the expected ones concerning construction materials and signal leakage -- gradually cropped up. Signal leakage and undesirably attenuating or mirroring surfaces provided nevertheless to be the biggest problems. The open shaft piercing the floors caused the signals to leak so much to the different spaces that it was in the end better to take advantage of the LOS and install only one antenna right above the shaft, whereas in the first attempt two had been used on top of one another. Regarding surface annoyances, for instance the metal grid ceiling in the 1st floor mirrored the signals to the 2nd floor, and protruding plaster elements caused sharp attenuation. The latter could be somewhat circumvented by moving the APs away from the boundaries of such materials and guaranteeing the longest LOS everywhere. The previous, among other factors, however taught that optimality is relative in real environments, and that there is no way around every unfavorable detail. It might have been better if only one floor had been implemented first, and then the second simulated separately with the existing signal leakages added to the background interference. Yet, when this was comprehended, it was somewhat too late to start the case study from scratch any more. The gradual means is however better regarding equivalent


future installations in multi-store environments: plan and simulate one floor first, measure the signal properties in the current floor and the adjacent ones, and then plan on further. This guideline, among others, was documented in section 3.4., which contains conclusions and AP arrangement principles gathered from the results of the case study. In the third phase of the implementation the arrangement turned out to be very close to optimality, and resembled as much as possible to the proposed triangle lattice scheme. Regarding SNR, it would have been better if the APs could have been organized into perfect multiples of three. Thus the interference would have been evenly distributed. Even if this particular goal was not achieved, the experiments nevertheless prove that the suggested WLAN model really is functional. Hence can be used as an outline for systematic installation of larger-scale WLAN networks, and should furthermore quicken up planning and aid in achieving better reception and coverage. In homogenous, symmetric environment it will reach the highest optimum. Real-life buildings yet almost never fulfill these conditions, so some tweaks are undoubtedly needed case-by-case.


5. References [1] http://www.turkusciencepark.com/TSP/www_fi.nsf/SiteMap/D56076A78D9650 D9C2256FE3003ABD05 (accessed 14.3. 2007). http://www.sparknet.fi/ (accessed 14.3. 2007). http://www.cc.utu.fi/ (accessed 14.3. 2007). http://www.masterplanet.fi/sparknet-kayttoohje/kayttoohje_files/frame.htm (accessed 14.3. 2007). William Stallings, Wireless Communications and Networks, Prentice Hall, 2002. Hubert Zimmermann, "OSI Reference Model--The ISO Model of Architecture for Open Systems Interconnection," in IEEE Transactions on Communications, vol. com-28, no. 4, April 1980, pp. 425--432. Neil Briscoe, "Understanding the OSI 7-Layer Model," in PC Network Advisor, Issue 120 (July 2000), pp. 13--14. Fernandez et al, "An overview of the security of wireless networks," Nov 19, 2004, http://polaris.cse.fau.edu/~ed/WirelessSecSurv4.pdf (accessed 11.11. 2006). Matthew S. Gast, 802.11 Wireless Networks: The Definitive Guide, 2nd Edition, O'Reilly, April 2005. William Stallings, "IEEE 802.11: Wireless LANs from a to n," in IT Pro SepOct 2004, Published by the IEEE Computer Society, pp. 32--37. ANSI/IEEE Std 802.11, 1999 Edition, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications, IEEE 1999. Jeffrey S. Beasley, Networking, Pearson Prentice Hall, 2004. N. Borisov, I. Goldberg, and D. Wagner, "Intercepting mobile communications: The insecurity of 802.11," in Proceedings of the International Conference on Mobile Computing and Networking, July 2001, pp. 180–189. N. Cam-Winget et al, "Security Flaws in 802.11 Data Link Protocols in "Communications of the ACM, Vol. 46, No. 5, May 2003, pp. 35--39. Brandon Brown, "802.11: the security difference between b and i," in Potentials, IEEE, Vol. 22, No. 4, Oct-Nov. 2003, pp. 23--27. IEEE Std 802.11i-2004, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications, Amendment 6: Medium Access Control (MAC) Security Enhancements, IEEE 2004. J. C. Chen, M. C. Jiang, and Y. Liu, "Wireless LAN Security and IEEE 802.11i," in IEEE Wireless Communications, Feb. 2005, pp. 27--36. Rodger E. Ziemer and Roger L. Peterson, Introduction to Digital Communication, 2nd edition, Prentice Hall, 2001. N. Krishnapura et al, "A Baseband Pulse Shaping Filter for Gaussian Minimum Shift Keying," in Circuits and Systems, Proceedings of the IEEE, Vol. 1, 31 May--3 Jun 1998, pp. 249--252. IEEE Std 802.11b-1999, Supplement to IEEE Standard for Information technology, Part 11: Wireless LAN Medium Access Control (MAC) and

[2] [3] [4] [5] [6]

[7] [8]

[9] [10] [11] [12] [13]

[14] [15] [16]

[17] [18] [19]



[21] [22] [23] [24] [25]



[28] [29]

[30] [31]






Physical Layer (PHY) specifications: Higher-Speed Physical Layer Extension in the 2.4 GHz Band, IEEE 1999. http://www.buffalo-technology.com/ (accessed 28.5. 2007). http://www.cisco.com/ (accessed 28.5. 2007). R. Sivaswamy, "Multiphase Complementary Codes," in IEEE Transactions on Information Theory, Vol. IT-24, no. 5, Sep. 1978, pp. 546--552. Robert L. Frank, "Polyphase Complementary Codes," in IEEE Transactions on Information theory, Vol. IT-26, no. 6, Nov. 1980, pp. 641--647. Yiyan Wu and William Y. Zou, "Orthogonal Frequency Division Multiplexing: A Multi-Carrier Modulation Scheme," in IEEE Transactions on Consumer Electronics, Vol. 41, no. 3, Aug 1995, pp. 392--399. S. Coleri et al, "Channel Estimation Techniques Based on Pilot Arrangement in OFDM Systems", in IEEE Transactions on Broadcasting, Vol. 48, No. 3, September 2002, pp. 223--229. IEEE Std 802.11a-1999, Supplement to IEEE Standard for Information technology, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications: High-speed Physical Layer in the 5 GHZ Band, IEEE 1999. A. Bruce Carlson, Communication Systems: An Introduction to Signals and Noise in Electrical Communication, 3rd Edition, McGraw-Hill, 1986. H. Sampath et al, "A Fourth-Generation MIMO-OFDM Broadband Wireless System: Design, Performance, and Field Trial Results," in IEEE Communications Magazine, September 2002, pp. 143-149. G. L. Stüber et al, "Broadband MIMO-OFDM Wireless Communications," in Proceedings of the IEEE, Vol. 92, No. 2. Feb. 2004. Status of the 802.11n standard, http://grouper.ieee.org/groups/802/11/Reports/tgn_update.htm (accessed 19.3. 2007). Clint Ecker, "AirPort Extreme 802.11n Wi-Fi Wireless Base Station," in Ars Technica, February 21, 2007, http://arstechnica.com/reviews/hardware/airportn.ars (accessed 19.3. 2007). IEEE Std 802.11g-2003, Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications, Amendment 4: Further Higher Data Rate Extension in the 2.4 GHz Band, IEEE 2003. Official IEEE 802.11 Working Group Project Timelines - 01/19/07, http://grouper.ieee.org/groups/802/11/Reports/802.11_Timelines.htm (accessed 29.01.07). MITMOT IEEE802.11n proposal, http://www.ieee802.org/11/DocFiles/04/1104-1369-07-000n-mitmot-tgn-complete-proposal-presentation.ppt (accessed 28.5. 2007). Eric Bangeman, "802.11n Draft 2.0 gets thumbs up from Working Group," in Ars Technica, March 13, 2007, http://arstechnica.com/news.ars/post/20070313802-11n-draft-2-0-gets-thumbs-up-from-working-group.html (accessed 19.3. 2007).



[38] [39]


[41] [42]

S. Abraham et al, "802.11n MAC Design and System Performance," in IEEE International Conference on Communications, 2005, Vol. 5, May 2005, pp. 2957--2961. http://www.apple.com/airportextreme/specs.html (accessed 5.2. 2007). Carla F. Chiasserini and Ramesh R. Rao, "Coexistence Mechanisms for Interference Mitigation between IEEE 802.11 WLANs and Bluetooth," in IEEE Infocom, Vol. 2 2002, pp. 590--598. D. K. Borah et al, "Performance Evaluation of IEEE 802.11a Wireless LANs in the Presence of Ultra-Wideband Interference," in IEEE Wireless Communications and Networking, Vol. 1. March 2003, pp. 83--87. http://www.buffalo-technology.com/downloads/WHR-HP-G54_manual_EU.pdf (accessed 12.4. 2007). http://www.cisco.com/application/pdf/en/us/guest/products/ps6521/c1650/cdcco nt_0900aecd8031c844.pdf (accessed 2007). Ekahau Site Survey 2.2 User Guide and application, copyright 2000-2007, Ekahau Inc. http://www.buffalo-technology.com/downloads/WHR-G54S-Manual_EU.pdf (accessed 12.4. 2007). http://www.buffalo-technology.com/downloads/WBRG54Manual.pdf (accessed 12.4. 2007).

[43] [44] [45]


6. Appendix 1. List of Acronyms ACK: ADC: AP: ASK: BSS: CA: CCA: CCK: CCMP: acknowledgement analog-to-digital converter access point amplitude shift keying basic service set collision avoidance clear channel assessment complementary code keying Counter with Cipher Block Chaining Message Authentication Code Protocol contention-free cyclic redundancy check carrier sense carrier-sense multiple access clear to send digital-to-analog converter distributed coordination function dynamic host configuration protocol DCF IFS differential phase shift keying distribution system distribution system service direct sequence spread spectrum extended IFS extended service set fast Fourier transform frequency hopping spread spectrum frequency shift keying high-level data link control independent basic service set inter-carrier interference Institute of Electrical and Electronics Engineers inverse fast Fourier transform interframe spacing internet protocol infrared intersymbol interference ISO: IV: LLC: LOS: MAC: MIMO: MSDU: NACK: NAV: OFDM: OSI: PBCC: PCF: PIFS: PDU: PHY: PLCP: PPM: PRNG: PSDU: PSK: QAM: RSN: RTS: SFD: SIFS: SNR: SS: SSID: SSL: TCP: TKIP: TSF: UDP: UWB: VLAN: VoIP: International Organization for Standardization initialization vector logical link control line of sight medium access multiple input multiple output MAC service data unit no acknowledgement network allocation vector orthogonal frequency-division multiplexing Open Systems Interconnection packet binary convolution coding point coordination function PCF IFS protocol data unit physical layer physical layer convergence procedure pulse-position modulation pseudorandom number generator PLCP service data unit phase shift keying quadrature amplitude modulation robust security network request to send start of frame delimiter short interframe spacing signal-to-noise ratio station service service set identifier secure sockets layer transmission control protocol temporal key integrity protocol timing synchronization function user datagram protocol ultra-wideband virtual local area network voice over internet protocol



WEP: wired equivalent privacy WLAN: wireless local area network

WPA2: Wi-Fi Protected Access

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->