IEEE 802.

11g
---

.
.
: .

2006




.





.


.

,

.

ABSTRACT
IEEE 802.11 wireless local area networks (WLANs) are widely deployed in corporate
and campus networks as well as public hotspots. However, their introduction is
accompanied by a number of issues, such as security and radio coverage. The purpose
of the thesis is to present an overview of the IEEE 802.11 technology with possible
application services, with emphasis given on location-based services. Furthermore, by
the installation of WLAN access point at the Technological Educational Institute of
Crete / Branch of Chania , we were concerned about network access and security. In
particular, we exploited an open source software for administration of our WLAN in
order to provide authentication of users and other related issues. Finally we present
the site survey results we got before planning and installation of the WLAN by the
use of the Netstumbler software.


1
IEEE 802.11
1.1 ....
1.2 ........
1.3 802.11.
1.4 802.11...........................................
1.5 ...........................
1.6 ..
1.7 802.11....
1.8 ................

1
3
3
4
5
6
7
15

2

802.11x
2.1 ..
2.2 WEP .
2.2.1 WEP
2.2.2 WEP.
2.2.3
2.2.4
2.2.5
2.2.6

WEP ......
WEP
.
..................

2.3 WPA - .......

2.3.1
2.3.2
2.3.3
2.3.4

..
IV..
TKIP .
802.1......

2.4 ..
2.5 EAP (LEAP).. .....
2.6 EAP .....

17
19
19
21
22
26
28
29
31
31
33
37
40
42
43
45

2.7 EAP-TLS... ......................

2.8 EAP (PEAP)..

47
50

3
WLAN

3.1 WLAN..
3.2 Kerio Winroute Firewall..
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5

IP Dhcp Server
.
Http Policy

Kerio..

3.3 Kerio.

52
53
54
55
62
63
64
66

4
LBS WLANs

4.1 .
4.2 .
4.3.1 RSS.
4.3.2
4.3.3 ..

4.4 SNMP.
4.5 IP MAC..
4.6 IP..
4.7 IP .
4.8 APs IP ..
4.9 WLAN LBSs.
4.10

71
72
73
73
74
75
77
78
79
80
81
83

 5
WLAN
5.1 WLAN - ,
..

85

5.2.1
5.2.2
5.2.3
5.2.4
5.2.5
5.3.1
5.3.2
5.3.3

89
89
89
90
90
90
92
95

Wardriving..
LAN ..
LAN
.
..
.
.
..

 1
IEEE 802.11
1.1

.
,
. ,

. .
.

.

.

:

, .

.


LAN.
.
.

LAN .
,
.

.
, ,

.
.
, , ,
.

,
. , 802.11

.
,
. ,

 802.11
. ,

.
802.11 1997, ,


. 802.11 2 Mbps
11 Mbps 54 Mbps.
.
,

802.11.
.

.

. ,
.

.
.
.
Ethernet.
, ,
. '
, .
, ,
, .
() ,
(),
.


(),
.

(Radio Frequency RF),

(Electromagnetic - EM). To RF
.
, ,
,
. ,
,
.

1.2

. ,
.

. , ,

. ,
20 kHz.

6 MHz.

. ,
(FCC).
CEPT (ERO).
(ITU).
,
,

1.3 IEEE 802.11

standard 802.11 standard WLAN
. standard 1987
IEEE 802.4 token bus standard IEEE 802.4L.
802.4 802.3 802.5
.
WLANs
.
GM(General Motors)
802.4L . 1990
802.4L IEEE 802.11
802.11 standard MAC
WLANs. 802.11 standard 1 2 Mbps
1997 DSSS , FHSS
(DFIR). standard ,
11bps
CCK (IEEE 802.11b) 54Mbps OFDM ( 802.11a)
. 802.11
MAC
(Carrier Sense Multiple Access with
Collision Avoidance - CSMA/CA) ,
/ (RTS/CTS)

(PCF)

 . 802.11 standard WLANs

ad hoc peers.
802.11 standard standard
standard
. LAN , WLANs
()
.

. ,
(multipath fading). WLAN
WLANs
( , ).
standard
,
standard LAN. IEEE 802.11
,
.
802. WLANs
( WLAN
) WLANs
standard
.
standards
10 IEEE 802.11
standard 802
.

802.11b 802.11a .

1.4 802.11
802.11
1Mbps 2Mbps. ISM
(2.4GHz 2.4835GHz),
850nm.
ISM
FSK 2 1Mbps FSK 4
2Mbps.
PPM (Pulse Position Modulation).
.
(FHSS)
(DSSS) .
ISM
20dBm , ,
80dBm FER 3%.

1.5
To IEEE 802.11
: (ad-hoc
mode) (infrastructure mode).
.

(ad-hoc)
,
'
. , ,
.
(peer-to-peer networks),
, .
,
(Independent Basic Service Set - IBSS). H
. 1.1.

1.1:

(access points), ,
. To
.
, ,
,
.

 (Basic Service
Set BSS). To
(Extended Service Set - ESS). H
. 1.2.

1.2:

1.6
IEEE 802.11
,
(payload). (frames)
: (management),
(control) (data). ,
,
(associate), (disassociate),
. ,
,
, .
,
IEEE 802.11,
(Service Set Identifier - SSID).
( )
IBSSID, BSSID ESSID,
,, IBSS, BSS ESS, .
, SSID
.

1.7 802.11
To IEEE 802.11
.
:

i. 802.11 a OFDM in 5GHz Band

802.11a
UNII 5GHz.
(OFDM)
54Mbps.
UNII ISM

802.11 802.11b.

ii. 802.11 b High Rate DSSS

802.11b ,
DSSS 802.11
5.5Mbps 11Mbps. ,
.
CCK, 1Mbps
2Mbps, 802.11,
DBPSK (Differential Binary) DQPSK (Differential Quadratic)
.

iii. 802.11 c Bridge Op Procedures

802.11c
bridges.

.

iv. 802.11 d Global Harmonization

802.11d

v. 802.11 e MAC Enhancements for QoS

QoS (Quality of Service) 802.11
video.
802.11e MAC
QoS .

vi. 802.11 F Inter Access Point Protocol

802.11

.
distribution system. ,

.
802.11f ,

.
F
.

vii. 802.11 g Union of .11a and .11b

802.11
54Mbps, 802.11a
802.11b. ISM
802.11b OFDM
802.11a .
802.11b CCK.

viii. 802.11 h UNII for Europe

MAC

5GHz.

(Transmission Power Control)
(Dynamic Frequency Selection).

ix. 802.11 i Enhanced Security

WEP 802.11.
RC4 RCA ,
,
.
TKIP (Temporal Key Integrity Protocol) AES
(Advanced Encryption Standard).

x. 802.11 j - Extensions for Japan (2004)

. 2004.
4.9 GHz 5GHz

.
802.11j APs

-- ,
.

xi. 802.11 k - Radio resource measurement enhancements

I 802.11k
.

WLAN.
802.11k IEEE 802.11r
Basic Service Set (BSS)
WLAN. 802.11k
.
802.11k
. LAN,
(AP) .
,

 AP
,
. 802.11k, AP
,
APs.
, throughput
.

xii. 802.11 m - Maintenance of the standard

I 802.11m ,
, , ,
802.11.
802.11m, "802.11 "
" 802.11" 1999 m
IEEE 802.11.

xiii. 802.11 n - Higher throughput improvements

2004 IEEE
(TaskGroup n) 802.11
WLAN. To throughput 540
MBIT/S, 40 802.11b, 10
802.11a 802.11g. 802.11n
.
802.11n: WWiSE
(World-Wide Spectrum Efficiency),
Broadcom, TGn Sync Intel Philips.
TGn Sync WWiSE, , MITMOT,
2005

.
2006.
802.11n 802.11
MIMO (multiple-input multiple-output). MIMO
throughput

,
Alamouti.
Enhanced Wireless Consortium (EWC)
802.11n

(WLAN) .

xiv. 802.11 p - WAVE - Wireless Access for the Vehicular Environment

802.11p Wireless Access for the Vehicular
Environment (WAVE) 802.11
(Intelligent
Transportation Systems (ITS).

ITS 5,9 GHz.
802.11p ..
, ,
.

.
, ASTN a2213-O3.

2007.

xv. 802.11 r Fast Roaming

802.11r I 802.11
BSS ("Basic Service Set") .
, handoffs
. Handoffs "a", "b" "g",
. handover
.

802.11r (Voice over IP (VOIP))

.
-PDAs
.
handoff
50msec ( ). ,
802.11
msec. ,
. handoffs
802.11
.
802.11
QoS
. ,

.
802.11r

QoS.
,


(APs).

xvi. 802.11 s - ESS Mesh Networking

802.11s 802.11
ESS Mesh. 802.11 MAC

multicast unicast.

SEEMesh
Mesh portals.
Wi-Mesh
.

xvii. 802.11 - Wireless Performance Prediction (WPP)

IEEE 802.11T
(Wireless Performance Prediction - WPP).
IEEE 802.11

.
.
802.11T
, ,
, ,
,
802.11.
2008.

xviii. 802.11 u - Interworking with External Networks

I 802.11u IEEE 802.11

.
IEEE 802.11
. IEEE 802.11u
.

(.. ),
,
.

 ,
laptop
. SSIDs,
,
,
..
IEEE 802.11u
, ,
, , .
802.11u .

xix. 802.11 v - Wireless Network Management

To Ieee 802.11v
(Wireless Network Management ) Ieee 802.11 .
TGv Ieee 802.11
802.11.
.
802.11v .

xx. 802.11 w - Protected Management Frames

Ieee 802.11w
o Ieee 802.11 . TGw
(Medium Access Control
layer) 802.11 .

, .
,

.
802.11w Ieee 802.11i
802.11 , .
Ieee 802.11r Ieee
802.11u. 802.11w .
2008.

xxi. 802.11 y - Contention Based Protocol (3.65-3.7GHz Operation in

USA)
Ieee 802.11y
(Contention Based Protocol) Ieee 802.11 .
2005, FCC 3.65-3.7GHz
,

. TGy Ieee
802.11 3.65-3.7GHz.
Ieee 802.11y

,
. 802.11y . (3/2006)

:

-l- , -o- , -q- ,
.

: 802.11x ,

802.11 ,
.

802.11
SI.

1.3: 802.11

1.8
802.11a, 802.11b
802.11g . :

 802.11
.


. ,

.
802.11
. 802.11g

OFDM 54 ..48 ..36 ..24 ..18 ..12 ..9, 6 Mbps,
CCK 11, 5.5 , 2, 1 Mbps.
,
802.11
. 802.11g
802.11b, 2.4-GHz.
802.11b 802.11g ,

.
5- GHZ
2.4-GHz, 802.11a
802.11b 802.11g.
(access point)
(throughput) .

1.4

1.4 802.11

 2
802.11x
2.1
wifi ,
,
. , ,
,
.
,
.
IEEE, (authentication)
, WEP (wired equivalent privacy),

. WEP
. ,
MAC . MAC
,
. Access Point
MAC . MAC
client ,
Access Point.
. ,
unix-like ,
MAC ,
MAC AP.
mac spoofing attacks.
(network sniffer), ,
WiFi MAC
Access Point-. ,
MAC ,
, .
To WEP
. , ,

, .
WEP, 40 . ,
WEP ,
MAC
, WEP.

. ,
.
,

Berkeley Maryland, ,
. Berkeley

, Maryland
, WEP.

, 802.11
WEP (
WEP:unsafe at any key length ).

. (RC4 RCA), ,
. Scott Fluhrer, Itsik
Mantin, Adi Shamir,
.
, WEP,
.
. , .
, AirSnort
WEP ,
- .
.
wifi
Access Points , WEP .
To ,
.
, web sites
.
netstumbler
,
SSID Access Point, WEP,
- .
, ,
wifi ,
.
, wardriving, o
broadband
. parking lot,
wifi ,
,
. , ,
network administrators ,
:
;.

.
,
(disassociation/deauthentication packets) Access
Point. MAC
, MAC-

. AP ,
,
.

, . , 802.11
i, WEP.
, WEP
.
, IPsec, SSL .

2.2 WEP
2.2.1 WEP
WEP
.
, WEP
RC4 ,
( ). ,
bits,
(keystream). To keystream
(ciphertext). ,
keystream. O RC4
(XOR) keystream .
2.1 .

2.1 /
o


keystream .
2.2. (PRNG)

 keystream.
,

.

2.2 /

keystream,
keystream . o RC4 802.11
, .
RC4 .

keystream one-time pad

. one-time pads
keystream ,

.

.
.
one-time pads.
,
pads ,
.

. ( ) one-time pad
,

.
keystream
.

 WEP
.


.


. .

.

.

.
.
,
() ().
WEP .
.


. WEP
. , WEP
. RC4
,
MAC ,
.
WEP .
.
, . ,
WEP .
WEP, ,

.

2.2.2 WEP
WEP :
- :

.
.
WEP (k) IV.
- :
WEP .

 ,

.
- :
WEP
.
- :

WEP ,
,
WEP.
- :
WEP 802.11 .

2.2.3 WEP
()
(encryption,
E). plaintext (
P) cipher text (
C).
chiphertext plaintext
(dencryption, D).
cipher
.
( k)
.
P C.

E k (P) = C
D
C P

D =P
k

2.3

D k (E k (P)) = P

 2.3
WEP plaintext XORed
.
WEP. 2.4
,
STAs . WEP

.

2.4 Block Diagram WEP

(IV)
(seed) PRNG. O PRNG k
octets octets
MPDU 4 (
(Integrity Check
Value ICV) ).
plaintext MPDU. ,
P ICV.

plaintext ICV.
IV (cipher).
O WEP PRNG ,

.
, STAs. IV

. IV
. IV seed
, IV
k. IV MPDU ,
,
. IV
,

.
IV,


.

 IV,

(, IV). (, IV)
MPDUs,
WEP,

. IV MPDU
WEP
.
WEP MPDU.
(IV, , ICV)
.
WEP , octets
IV MPDU. PRNG seed 64 bit.
bit 0 23 IV bit 0 23 PRNG seed, .
bit 0 39 bit 24 63 PRNG seed,
. octets PRNG seed RC4
. IV MPDU, ICV.
WEP ICV 32 bit.
, WEP k
XOR.

2.3
. IV

.

(plaintext) ICV.
plaintext
o ICV ICV .
ICV ICV, MPDU
MAC. MSDUs MPDUs (
) LLC.

WEP

, WEP
,
(pairwise), , .

.
, WEP.

. , WEP
pairwise .
.

 WEP
WEP RC4 64 bit.
64 bit, 40 .
WEP : WEP, 802.11-
WEP, 40-bit WEP, 40+24-bit WEP 64-bit WEP.
WEP
. 40-bit
,
.
,
. bit

.
WEP,
128-bit RC4 .
24 bit RC4 ,
104 bit . 104 bit ,
128-bit WEP. E

. 128 bit, 24
, 152 bit.
To WEP, , ,
bit .
WEP
.

WEP
WEP
bytes.
bytes
IV, ICV.
2.5.

2.5 E WEP
IV 3 bytes 24-bit IV, o o byte
(key identification).
, key-ID o
.
, key-ID 0.
6 bit byte 0.
32-bit, RC4.

 WEP
keystream

.
RC4 keystream, XOR
XOR plaintext.

,
plaintext. keystream, WEP
IV RC4
.
, IV
,
RC4 .
.
802.11 IV
.
IV , .
WEP ,
(CRC). CRCs
bit ,
.
. ,
bit ,
.

. CRCs ,
bit CRC. (

! bit ,
CRC).

, WEP .
WEP
802.11 WEP.
802.11 , ,
. .

. ,
.

 :
:
software firmware .
,
.
,
.
WEP 802.11

. WEP
.

.

2.2.4 WEP
WEP.
RC4,
. , ,

.
. WEP .

WEP SNMP,
. , ,
,
.

WEP
, , (ISAAC)
Berkeley
WEP.

RC4.
:
1. .

,
.
,
WEP
( , ,

).
. sniffing WEP,
. WEP,
sniffing .
2. , WEP
40 bit.
40-bit ,
128-bit
. ,
,
WEP
.
3.
keystream. IV WEP
keystream.
IV keystream.
,
IVs. Berkeley
IV 0 IV .
, IV ( 17 ),
.
4.
Berkeley
keystreams.
IV ,

.
.
5. WEP CRC .
RC4 keystream, CRCs
.
.
6.
.
WEP.

.
WEP,
.

2.2.5
2001, Scott Fluhrer, Itsik Mantin, Adi Shamir

RC4. ,
WEP.

RC4 keystream.
byte . , 802.11
LLC, cleartext byte
0xAA ( byte SNAP). byte
cleartext , byte keystream
XOR byte.

(B+3):ff:N. IV
byte RC4 .
bytes . , IV
byte 3:FF:N.
byte 0xFF. byte ,
.
WEP 40 bit, 5 bytes
0 4. IVs
WEP byte 3 (B=0)
7 (B=4) byte 255. byte
. 5 X 1 256=1,280
IVs WEP.

RC4 .
WEP ,
.
128-bit RC4 ,
IVs. 2.1
IVs .

40 bits
104 bits
128 bits

+3 Vs
IV
(+3:FF:N)
3<=B+3<8
1280
(0<=B<5)
3<=B+3<16
3328
(0<=B<13)
3<=B+3<19
4096
(0<=B<16)

IV

0.008%
0.020%
0.024%

2.1 IVs
Flurher, Mantin Shamir
60
byte . , ,
byte . ,
.
.
,
.

 2001 Adam Stubblefield, John Ioannidis, Avi Rubin

Fluhrer/Mantin/Shamir ,
, . , 60
byte 256
.
,
.
.
, .
, ,
.
Fluhrer/Mantin/Shamir RC4
. .
2001, Jeremy Bruestle Blake Hegerle AirSnort,
open-source WEP.

2.2.6
WEP
.

. 802.11
.
. ,

,
.
:
1. WEP
.
2001 ,
WEP
. , 802.11
. laptop
PC card IEEE 802.11.
2. .
(peer-to-peer)
WEP . pairwise

.
3. , .
WEP .
WEP
WEP.
4.

. IPSec SSH.

 , ,
, ( ,
, ).
5. .
802.11 LAN,
.
.
VPN IPSec. 802.11
,

VPN.
, IPSec

.
. . VPNs
,
(AP)
. IPSec
sniffing .
6. sniffing
. ,
.
. , (tunneling)
. Unix
PPP SSH , IPSec
tunneling
.
. IPSec LAN,
.
LAN WEP.
7. WEP .
WEP,
.
VPN
.
IPSec SSH
.
WEP
, IPSec SSH
.

2.3 WPA -
To IEEE 802.Hi
(Wi-Fi Protected Access - WPA)
WEP,

 .
, (Temporal
Key Integrity Protocol - TKIP), . To TKIP

.

2.3.1
WEP, , 2.1.
To ()
.
,
RC4 hardware, ,
hardware.
WEP 2.3,
2.2
.

1. IV
.
2. IV WEP

.
3.

( ).
4.To WEP
.
5. .
2.2: WEP

 2.3: WEP

,
. To WEP ICV
, , , .
,
.
,
byte
.
,
bit.
,

. , :
byte
(Message Integrity Code MIC)
. , , MIC

. ,
MIC, .
.
MIC,
,
. ,
.


, ,
, ,
, .
,
, , ,
.
Niels Ferguson (Michael). O
MIC
, .

. ,
(brute force),

.
(countermeasures).
:
. To

,
.
MIC

. ,
WEP.
MSDU MPDU.
. ' , ,
,
MSDU .
, ,
MIC (MPDU) . ,
MPDU.
, ,
.

.

2.3.2 IV
IV WEP, :
To IV

.
To IV IV
.
IV ,

( FMS).

 WEP,
IV, . IV
IV, , ,
16 . ,
IV. , WEP:
1. To IV 24 48 bit.
32 bit , IV 56 bit. ,
48 bit, byte
. ,
IV, ,
IV .
,
. , IV WEP

RC4. , IV 24 bit
40 bit, , RC4 64 bit. To hardware

88 bit
. , :
RC4 IV, IV
. 16 bit IV
24 , . 24
bit, WEP. ,
, " (mixed key)
32 bit IV.
IV ,
, . 2.6. ,
:
RC4
IV.
RC4 IV 24 bit
104 bit.

 2.6
2. To IV
.
WEP,
. ,
, ,
. ,
, ,
, ,
.
. To
, (TKIP Sequence
Counter - TSC).
, TSC IV .
. ,
, IV ,

TSC .

.

TSC 1
. ,
. ' ,
.
,
TSC 1.
,
. ,
ACK. ,
bit
. , TSC
. ,

TSC
. To TSC
.

-ack (burst-ack). IEEE 802.11,
, . ,
, , , ,
ACK .
-ack , 16
16 .
,
. -ack
, .
ACCEPT: TSC .

 REJECT: TSC -16.

WINDOW: TSC ,
( -16).
3. To IV ,
, WEP FMS,
.

.
Ron Rivest, RC4,
256 byte , ,
. hardware
,
:
.
.
FMS
. 60
bit ,

. ,
. ,
.
FMS
. To
. ,
.
bit IV ,
.
WEP
IV . ,
. ,
IV 24 bit.
IV,
.
, IV .
, IV
. , :
48 bit, IV ( TSC),
IV
WEP. H :
IV 48 bit ,
hardware
. , IV,
WEP.

2.3.3 TKIP
,
. , (master keys)
, (session keys)
.

,
(preshared) .
WEP, .
,
ad-hoc.
:
1. EAPOL-Key.
2. - (pairwise)
TKIP.
3. (broadcasts)
TKIP.
- :
(128 bit): ,
RC4.
MIC:

MIC (
).
RX MIC:
MIC
supplicant (
).
,
, (broadcasts)
supplicant.
, ,
,
, .
, :
IV
MIC


, . 2.7.
:
1.
2.
3.IV/TSC
4.RC4
MSDU
, . , byte
MPDU
. ( WEP), ICV,
MPDU,
.
MIC MSDU,
IV MIC . '
, MSDU ,
IV
MSDU. , IV,
. ,
, IEEE 802.11e


,
. , MSDU
MSDU
. To TKIP IV - -
IV
, . ,
, MIC.
MIC MSDU,
IV,
IV. To
IV , TSC,
. ,
,
. ,

. ,
TSC . ,
- (denial-of-service).

.
, . 2.7,
RC4
WEP.
firmware.

 WEP hardware
-S RC4.
, .

2.7
. '
, . , TSC (
IV) .
ICV
. ,
:

IV ICV.

To MIC
MSDU. MIC ,
MSDU, , , .
, ,
CRC
ICV.
MIC ,
.

2.8

2.3.4 To 802.1X
WEP
802.1X,
IETF (EAP). EAP

.

 802.1 .

. .
Supplicants,

Authenticator,

(Authentication Server),

(port).
, switched LAN
hub (connector) Ethernet .
supplicant , authenticator
.
. ,
,
authenticator. 802.1
2.9.

2.9 802.1

To 802.1X .
.
802.1X
.
,

. 802.1
.
"" .
,
.
"" . ,
,

 (, ,
) . 802.1

.
,
802.1.

2.4
,
(Extensible Authentication Protocol - ). To


. ,

.
To .

,
.
,
.

.

Request For Comment RFC.
, RFC
(EAP-TLS) TLS
(EAP-TTLS). To
.
:

Request:
supplicant
Response:
supplicant
Success: ,

Failure:


. , IEEE 802.IX,
,
RADIUS. ,
request, success failure,
supplicant.

 request response
. To
. ,
.
Identity () 1.
, , : EAPRequest/Identity
supplicant. EAP-Response/Identity,

.
6
. ,
. , .
2 ,
Notification ()
. 3 ,

.
IEEE 802.IX Identity
supplicant
.
:
1.EAP-Identity request ( )
2.EAP-Identity response ( supplicant)
3.EAP-Success ( )
,
, ''. ,
.
, (smart card)
,
.
(one-time password). H ,
,
( ),
.
EAP-Identity
,
, ,
.

EAP-Success EAP-Failure.
H ,
.

2.5 (LEAP)

To (Lightweight LEAP),
Cisco,

RADIUS.
IEEE 802.1X, LEAP
: supplicant,
. supplicant , ,
.
RADIUS.
RADIUS.
To LEAP -

.
MS-CHAPvl,
dial-up. MS-CHAP,
,
. ,
, .


, '' (man in the middle)
. ,

,

.
,

RADIUS.
.
. To
. To

EAPOL-Success .
EAPOL-Key.
, . 2.10:

 2.10 LEAP

1.
.

.
2.
, .
3.
EAP-Success
RADIUS.
4.To
EAPOL-Success.
.
5.To EAPOL-Key
.
, .
6.
WEP.
, LEAP IEEE 802.IX
EAPOL, , LEAP
RADIUS.
. To LEAP WEP,
. , LEAP
.
, LEAP MS-CHAPvl,
. , , LEAP
:

2.6 EAP
To (Transport Layer Security TLS)
TSN/RSN. ,
. TSN, RSN,
, AESCCMP ,

. , TLS
/ 802.1X.
TLS
, TLS
.
. 2.11.
,
(Client Hello/Server Hello), ,
.

2.11 TLS

 TLS :
1. (
).
2. (master key)
.
3.
.
TSN/RSN, TLS ,
, ,
, . To TSN/RSN
TLS
.
, TLS IEEE 802.IX
, .

2.7 EAP-TLS
To TLS
, TCP/IP. ,
TSN/RSN, TLS .
To . ,
/ EAP-Identity.


. , EAP-Success/Fail
. ,
. 2.12.

2.12:
TLS, RFC
13.
EAP-TLS
. , .
, . 2.13.

 2.13: EAP-TLS
To ,
EAP-TLS.
,
. , EAP-TLS
. ,
TLS . ,
EAP-TLS
.
To bit:
:
: .
:
EAPTLS . 2.14.
,
EAP-Start. :

1.{request} .
.

2.{response} .
,
.
, ,
' anonymous'.

3.{request} EAP-TLS
.
.

4.{response} Client Hello

TLS.

5.{request} O TLS
: Server Hello, ,
.

6.{response} TLS
:
( )
-



- ,
. ,

, ,
.
.

 2.14 EAP-TLS
7.{request} O

.
8.{response}

EAP-Response.
9. ,
EAP-Success, .
,
EAP-Failure .

 TLS TSN
RSN. ' , , IP,


. To TLS
, '
. To
EAP-Success
.

, RADIUS.

.
, .
TSN/RSN,
' .

2.8 EAP (PEAP)

To (Protected ),
, . To

. ,
.
.

. TLS
, . ,
EAP-Identity EAP-Success
EAP-Fail .
:
EAP-Identity ,, ,
.
To EAP-Success/Fail
.


(tunnel). Av ,

.
,
.
: .

To (privacy) (authenticity)
. To
. ( )
.
: .

. ,
,

. :
) ,
TLS.
.
) ,
, ,
.
To TLS
. ,
,

TLS.
,

.
.
.

.

 3
3.1 WLAN

802.11g .
, , ,
.

firewall ( 3.1). firewall
,

.

PC Server
Kerio Winroute Firewall

Access Point

Client 1 (Laptop, Pda, etc.)

Client 2 (Laptop, Pda, etc.)

3.1

Hardware
,
server Access Point.
. server
Access Point.
wireless
.

Software
Server windows xp professional sp2.
, trojans net attacks Kaspersky anti virus.
Kerio winroute ip
(Dhcp server), (authentication),
(traffic control) (administration) .

3.2 Kerio Winroute Firewall

Kerio
winroute firewall.

3.2 Kerio Winroute Firewall

3.2.1 IP Dhcp server

DHCP (Dynamic Host Configuration Protocol)
TCP/IP .


.


. (initialisation)
( )
(
). ,
. :

.

,
(..
/).
subnet (..
router) .
.
.


.
.
.

TCP/IP . DHCP
.

o
dhcp server Kerio winroute firewall ( 3.3):
configuration dhcp server.
dhcp server enabled.
add scope 192.168.1.10
192.168.1.254, gateway
Access Point.

 Domain Name Server DNS

194.177.198.2. OK
APPLY.

3.3 DHCP server

3.2.2

.

.

.

.

. web authentication
.
configuration advanced options
Web interface/SSL-VPN enable http web interface
enable https (SSL-secured) web interface apply.
users and groups users authentication options

 always require users to be authenticated when

accessing web pages enable user authentication automatically performed by
web browsers.

 3.4 Web Authentication

 :
Winroute users and groups,
users add.

3.5

1. -
username/password ( 3.5).
domain template
(
)
.

2.
group
( 3.6)

3.6

3.
( 3.7).
P2P
.

 3.7
4. .
transfer quota
. upload
download .
3
quota exceed action
:

Generate alert message only (
)

Do not allow the user to open new connections (
)

 3.8

Kill all user connections immediately (
)
notify user by email when quota exceeded
( 3.8).
5.
WWW .
ActiveX , java applets scripts
.
( 3.9).

6.

IP (Automatic Login-Specific host IP
Addresses) ( 3.10).

finish apply.

 3.9

3.10

3.2.3 Http Policy

.

.
mail sever .
:
configuration content
filtering http policy. , url
rules add. URL begins with:
action allow access to the web site deny access to
the web site
( 3.11).

.
, IP .

3.11

3.2.4
,
.

server. server
.
Kerio winroute
Kerio Administration console.
,
.

. server
,
Kerio Administration client-.
, configuration traffic policy
add
.
( 3.12). Service
KWF Admin, Destination Firewall Source
IP ,
IP .
IP
.

3.12

client Kerio
Administration Console. Host IP server
username password ( 3.13).

 3.13

server
.

3.2.5 Kerio

, ,
bandwidth .
Kerio winroute
.
Status statistics
Top 20 (
) 3.14,
(
ftp, mail, p2p, proxy, streams, web, other) 3.15
( 3.16).

.

 3.14 Top 20 users

3.15 User Statistics

 3.16 Interface Statistics

3.3 Kerio

.

.
-.
access point
, IP 192.168.1.xxx
DHCP pool. ,
IP
.
. captive portal.

Web o
. :
1)
2)
3)
4)

O ( 3.16)
( 3.17)
( 3.18)

. ( 3.19)

 3.16 - 1 4

3.17 - 2 4

 3.18 3 4

3.19 - 4 4
index page

( 3.20). ,

.

 3.20

3.21,
.
bandwidth
.
.
,
bytes ,
,
bandwidth .

 3.21

 4
LBS WLANs
4.1
(WLANs)
. ,
(ISPs)
(APs) hotspot ,
, , .

hotspot.
, Location-based (LBSs)
hotspot. Locationbased

WLAN. ,
IEEE 802.11 WLAN.
,
LBSs hotspot. hotspot
. IEEE 802.11 AP
, . ,
AP
AP.
LBS, LBS
AP.

.
hotspot,
AP .
I 802.11 WLAN,
,
AP.
(association service) 802.11,
(diassociation) (reassociation).

.
AP.

AP . AP
.
AP
AP ,

APs. APs
. , APs
-Simple Network Management Protocol-(SNMP)

. APs,
SNMP.
SNMP
() APs.

WEB. LBSs web, web browser

.
LBSs PDAs . ,
LBSs WEB.
web browser WEB LBSs, LBSs
IP
HTTP. , LBSs
IP . ' , AP
MAC .
, APs 2 .
AP MAC
. , IP
web server,
MAC . ,
MAC . ,
LBSs WWW,
IP-to-MAC . IP ,
SNMP MAC
(router). ,

LBS , WEB Hotspot.
WLAN
APs .
,
web LBSs Hotspot.
, (server)
.
WEB .
LB WEB
. , LBSs
WEB .

4.2
LBSs .
.
, LBSs ,
(RF)
GPS.
. ,
LBSs.
LBSs
WLANs

 802.11. ,

WLAN.

4.3.1 RSS


. (Triangulation)

(RSSs). ,
,
APs
. ,

,
.
,
.
,
. ,


.
RSS-based location fingerprinting.

.
, RSS-based location fingerprinting
APs
APs. APs
hotspot. , RSS-based

APs.

4.3.2
RSS-based ,
AP
. Koo sgm
, RADIUS,
RADIUS server. Remote Authentication Dial-In User Service (RADIUS)
, ,
. RADIUS RADIUS
server WLAN.
WLAN
AP. AP RADIUS server.
, , AP, MAC

 log file RADIUS server.

log file, RADIUS
AP . ,
RADIUS server. format
log file RADIUS ,
RADIUS servers. , RADIUS LBSs WLANs
RADIUS .
SNMP
. SNMP,
SNMP MAC
AP.
, APs .
, MAC AP
AP. , MAC
15 20
AP.
APs, MAC
APs.
SNMP. ,
SNMP
.

4.3.3
RADIUS SNMP
MAC
. , IP
LBSs WWW.
, IP-to-MAC .
IP-to-MAC : DHCP
SNMP. DHCP, log file DHCP server
WLAN .
DHCP server IP ,
IP MAC
log file. , IP-to-MAC
log file.
format log file DHCP server, DHCP
DHCP server. ,
DHCP servers
hotspot. MAC .
SNMP.
SNMP LAN LANs
(VLANs). (default gateways)
LAN VLANs. SNMP
MAC IP
. , IP
MAC network-to-media
ipNetToMediaTable. hotspot
. , .

 SNMP
MAC .

4.4 SNMP

LBSs hotspot. RSS-based
,
. RADIUS
WLANs RADIUS.
, ,
RADIUS server.
, SNMP
. , ,
SNMP
. ,
SNMP.
APs
SNMP
APs.

SNMP

AP, AP.
(association service)
IEEE 802.11,
.
AP
.
. AP
AP ,
WLANs. AP
,
AP.
, ,
. ,
APs SNMP ()
.
, IEEE 802.11 SNMP
. ,
APs ,
SNMP. ,

APs.
MAC

 . IP AP
SNMP.
APs,
AP .
4.1 SNMP.
, server . server
.
AP server .
server ,
APs. server
. , AP
AP,
(ID), IP ,
. ,
APs.
MAC (ID)
AP .

4.1

:
i) . MAC
AP .
ii) . ID AP
MAC .
iii) .
MAC .


.

WLAN. , ,

.
SNMP.
, SNMP
SNMP.
, SNMP
, MAC
SNMP .
,
WLAN .

4.5 IP MAC
, server MAC
. ' , LB IP
HTTP. ,
LB IP
server . ,
IP-to-MAC . ,
APs 2 , IP
IP . ,
IP APs. ,
IP
.
AP, AP
. , AP
. , APs hotspot.
, APs,

IP WLANs. ,
IP APs,
APs
. IP
LBS,
. ,
. , MAC
.

, .
: Subnet ID, Subnet Mask,
Default_Router, Interface_Index.
. Subnet ID
Subnet_Mask . Default Router
.

 . Interface Index
.
management information base - (MIB) APs. ,
AP, SNMP AP .
ipAdEntNetMask
ipAddrTable, MIB .
Subnet_Mask .
Subnet_Mask, Subnet_ID
-- IP AP.
,
. AP,
,
SNMP. ipRouteTable MIB , (. ),
" 0.0.0.0 " ipRouteDest
. ipRouteNextHop
IP .
, Default_Router . , SNMP,
Interface_Index MIB
. ipAddrTable,
MIB ,
IP . Interface Index
ipAdEntI - fIndex. APs
SNMP,
. 4.2 WLAN
. ,
IP-to-MAC
. IP ,

IP . ,
MAC .
MAC ipNetToMediaTable .
ipNetToMediaTable, MIB ,
IP . ,
Interface_Index
IP ,
SNMP get-request ipNetToMediaPhys Address
ipNetToMediaTable. MAC

.

4.6 IP
WLAN hotspot
P IP .
, WLAN hotspots
IP .
IP . ,
LBSs . LBSs,

 IP
IP NAT (Network Address Translation) .
IP IP-MAC
, IP
LBS IP
WLAN Hotspot.
IP
, LBS IP
. , IP
NAT WLAN hotspots,
IP --
Ip--MAC.

4.2 WLAN

4.7 IP -

. , IP
.
IP
IP ports. NAPT (Network Address Port
Translation). NAPT, port

LBS. , LBS

port IP
. , LBS web,
port HTTP. ,
. IP
IP.
IP -- ,
IP pool
WLAN hotspots LBSs. IP pool
NAT IP
NAT. ,
. ,
. IP
LBS, address pool
IP. address pool IP,

. ,
IP,
IP . ,
-- ,
IP--MAC. IP
address pool. ,
. ,
-- ,
IP
IP--MAC.
.
SNMP. ,

SNMP. ,
Cisco
MIB. natAddrBindTable MIB
. ,
SNMP
.
SNMP ,
.

4.8 APs IP
APs

. , AP
IP. ,
(association-related trap) AP,
AP trap message.
.
,
LBSs. , trap message
.

source ip address P ,
agent address . ,
AP.
-- ,
IP
. APs IP
,

AP IP .
APs
.
. ,
IP,
. IP
, IP
Default_Router .

4.9 WLAN LBSs

LBSs
WWW, LBSs WLAN hotspots.
, 4.3,
, WLAN APs ,
, web,
.
LBSs web browsers. WLAN APs

.
IP. WLANs
, . LBSs
web servers.

.
.
WLAN hotspots.
. ' , AP
WLAN
AP. , , IP
IP.
,
(latency) LBSs.
.

, .
SOAP
(Simple Object Access Protocol).
SOAP. SOAP

 XML web .
SOAP
HTTP. ,
SOAP. SOAP LocationRequest,
, muIP
IP
To SOAP LocationResponse,
,
. SOAP LocationResponse
: muIP . H muIP
SOAP LocationRequest.
.
4.3
. 4.4
, .

4.3 WLAN LBSs

1. (reassociation) AP.
2. (reassociation), AP
SNMP (SNMP association trap) .
MAC AP
.
3. web browser
LBS . LBS
HTTP.
4. O IP
HTTP SOAP LocationRequest
.

5. SOAP LocationRequest,
IP , address pool
IP. address pool, NAT
IP . ,
,
IP .
address pool
IP, . ,
IP IP .
6. IP ,

IP.
, SNMP get-request
MAC.
7. MAC ,
AP
. ,
SOAP
LocationResponse.
8. O
SOAP
.
HTTP.
9. AP.
10.To AP SNMP .

.
4.4 WLAN
LBSs
WLAN LBSs
, RADIUS DHCP servers

WLAN hotspots, APs

. ,

 SOAP. , LBSs
.

4.10

LBSs EI
.
.
.
AP
Simple Network Management Protocol (SNMP)

- .
LBSs
,
.

,
WLAN.

 5
WLAN
5.1 WLAN - ,

,
.
,
AP (rogue
APs)
. ,
,
.
: "
2.4GHz ( 5.8GHz);" ' ,
,
.
, Bluetooth ,
, ,
. , ,

, (backdoor entry)
.
NetStumbler Mario Milner hotspots,
o . hotspot
, (freeware).
hopping 14
.
, ,
.
802.11 ( OSI 1 "2).
NetStumbler ( 5.1 5.2),
,
,
.
internet
. .
22
, , , . 5.1
.

MAC
SSID
Name

Chan
Speed
Vendor
Type
Encryption
SNR
Signal+
NoiseSNR+
IP Addr
Subnet
Latitude
Longitude
First Seen

.

Ethernet.

.

" ."
.
,

.

. 802.11b, 1
14.

,
(Mbps).

.
: AP
, peer peer-to peer.

,
WEP.
RF.
microvolt decibels (dBm).

.
RF
dBm.
RF
dBm.
RF

dBm.

(Internet Protocol),
.
IP,
.
To
GPS NetStumbler
.

GPS NetStumbler
.
NetStumbler
.

Last Seen
Signal
Noise
Flags
Beacon Interval
Distance

NetStumbler
.
RF dBm.

.
RF dBm.

.
(flags) 802.11
(Base 16).

AP.

SNR.

5.1 -

5.1 - To

 5.2 -

, WEP WPA ,
. NetStumbler

.

Wardriving

WLANs

AP ("rogue AP")

WLANs

5.2.1 Wardriving
Wardriving
. NetStumbler
wardriving, (
GPS).

Auto Reconfigure,
LANs.
,
Network Control Panel TCP/IP
LAN .
GPS.

5.2.2 LAN

LAN .
LAN .
LANs ,
LAN.
NetStumbler LANs
(rogue).

Auto Reconfigure,
LANs.
LAN DHCP, DHCP
.
.

5.2.3 LAN
LAN NetStumbler
.
NetStumbler
.

SSID
.
Auto Reconfigure, SSID
.

5.2.4
WLAN ,

.
( , , )
LAN.
LAN,
.
RF,
NetStumbler
.

Auto Reconfigure,
LANs.

.
.

, Auto Reconfigure
.

, Network Control Panel TCP/IP
.

5.2.5
, NetStumbler
.

AP ( WLAN IBSS
)
SSID
.
Auto Reconfigure, SSID
.

5.3.1
Netstumbler
,
.
5.2.3,
.

 : server AP

.
5.3.

AP.
5.3 -
:
netstumbler. O

1 12. 1
12.
( 5.4),

( 5.5).

 5.4

5.5 -

5.3.2


. : Name, Encryption, Ip Addr,
Subnet, Latitude, Longitude, Distance.

Name: AP
.
.
Encryption:
encryption .

Ip Addr: IP
.
Subnet:
client.
Latitude, Longitude, Distance:
GPS.

- AP.

,
. : MAC, SSID,
CHAN, Speed, Vendor, Type, Flags Beacon Interval.
MAC MAC AP
netstumbler SSID
AP .
CHAN AP
.
1. 13
, 11 14
. AP
overlapping
AP MHz (
AP 1 AP
6). Speed
54Mbps
802.11g. AP
Vendor. Type
AP ( peer to peer
AP). Beacon
Interval
AP. AP o
10 ,
( 100, ms,
10 ).
Flags netstumbler

,
.

 .

, , .
: SNR, Signal+, Noise-, SNR+, Signal, Noise.
SNR: -
.

SNR.
Noise:
.
netstumbler,
.
SNR -100dbm.
Noise-: .
-100dbm hardware
.
Signal+:
-43dbm.
12
1,
AP 1.
AP .
SNR+: .
-43dbm
-100dbm. SNR
: SNR=Signal-Noise. SNR=-43dbm-(-100)=57dbm.

 5.6
Signal:
12 .
AP .
-47 -56dbm -64 -67
-79dbm ,
. 5.6
.

.

5.3.3 -

AP .
-79dbm 12
WIFI.

data rate.
:

-94 dBm 1 Mbps

-91 dBm 2 Mbps
-87 dBm 5.5 Mbps
-82 dBm 11 Mbps

, 11Mbps
-82dBm.
data rates.
-94 dBm .

-76dBm data rate 11Mbps.
,
. multipath effects (

.).
, . , ,
, /// .
10dB
.
.
,
.
wireless, , ,
, . -
. -95dBm
. 2.4GHz

 -50dBm
.


. : -75dBm
.
10dB .
-85dBm.
-95dBm.
-78dBm
data rate
.

.

. 12
SNR
.
,
,
.

[1] O Reilly, Matthew Gast 802.11 Wireless Networks: The Definitive Guide
(Second Edition April 2005)
[2] Addison Wesley, John Edney and William A. Arbaugh Real 802.11 Security:
Wi-Fi Protected Access and 802.11i (2003)
[3] O Reilly, Bruce Potter, Bob Fleck 802.11 Security (First Edition December
2002)
[4] McGraw-Hill, Frank Ohrtman and Konrad Roeder Wi-Fi Handbook: Building
802.11b Wireless Networks (2003)
[5] John Wiley & Sons , Ltd Enabling location-based services in wireless LAN
hotspots(2005)
[6] NetStumbler User Manual
http://www.netstumbler.com/downloads/netstumblerinstaller_0_4_0.exe (November
2006)
[7] Kerio Winroute Manual and guides http://www.kerio.com/supp_kwf_manual.html
(November 2006)
[8] CISCO Capacity Coverage & Deployment Considerations for IEEE 802.11g
http://www.cisco.com/application/pdf/en/us/guest/products/ps430/c1244/ccmigration_
09186a00801d61a3.pdf (November 2006)

[9] EAP-TLS Deployment Guide for Wireless LAN Networks

http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/acstl_wp.pdf (November 2006)
[10] IEEE 802.11
http://en.wikipedia.org/wiki/802.11g (November 2006)