You are on page 1of 13

CS65-Computer Networks Dept.

of EEE
S.Muralidharan 1
Wl8LLLSS LAn (lLLL 802.11)
Wl8LLLSS LAn
• A wireless local area network (WLAN) links two or
more devices using some wireless distribution
method (typically spread-spectrum or OFDMradio),
and usually providing a connection through an
access point(AP) to the wider internet. This gives
users the mobility to move around within a local
coverage area and still be connected to the network
• IEEE has defined the specifications for a wireless
LAN, called IEEE 802.11, which covers the physical
and data link layers.
• All componenLs LhaL can connecL lnLo a wlreless
medlum ln a neLwork are referred Lo as ºsLaLlons".
• All ºsLaLlons" are equlpped wlLh wlreless neLwork
lnLerface conLrollers (WnlCs).
• Wlreless ºsLaLlons" fall lnLo one of Lwo caLegorles:
– access polnLs
• Access polnLs (AÞs), normally rouLers, are base sLaLlons for Lhe
wlreless neLwork. 1hey LransmlL and recelve radlo frequencles
for wlreless enabled devlces Lo communlcaLe wlLh.
– cllenLs.
• Wlreless cllenLs can be moblle devlces such as lapLops, personal
dlglLal asslsLanLs, lÞ phones and oLher smarL phones, or flxed
devlces such as deskLops and worksLaLlons LhaL are equlpped
wlLh a wlreless neLwork lnLerface.
•• Standard defines two kinds of services : Standard defines two kinds of services :
–– The basic service set (BSS) The basic service set (BSS)
–– The extended service set (ESS) The extended service set (ESS)
• 1he baslc servlce seL (8SS) ls a seL of all sLaLlons LhaL can
communlcaLe wlLh each oLher.
– A 8SS wlLhouL an AÞ ls called an "lndependenL 8SS" neLwork,
– a 8SS wlLh an AÞ ls called an ºlnfrasLrucLure" neLwork.
• Lvery 8SS has an ldenLlflcaLlon (lu) called Lhe 8SSlu, whlch ls
Lhe MAC address of Lhe access polnL servlclng Lhe 8SS.
• An lndependenL 8SS (l8SS) ls an ad-hoc neLwork LhaL
conLalns no access polnLs, whlch means Lhey can noL
connecL Lo any oLher baslc servlce seL.
• An lnfrasLrucLure can communlcaLe wlLh oLher sLaLlons noL ln
Lhe same baslc servlce seL by communlcaLlng Lhrough access
polnLs.
CS65-Computer Networks Dept. of EEE
S.Muralidharan 2
LxLended servlce seLs (LSS)
• An exLended servlce seL (LSS) ls a seL of
connecLed 8SSs. Access polnLs ln an LSS are
connecLed by a dlsLrlbuLlon sysLem. Lach LSS has
an lu called Lhe SSlu whlch ls a 32-byLe
(maxlmum) characLer sLrlng.
• A dlsLrlbuLlon sysLem (uS) connecLs access polnLs
ln an exLended servlce seL. 1he concepL of a uS
can be used Lo lncrease neLwork coverage
Lhrough roamlng beLween cells.uS can be wlred
or wlreless.
• 1he 802.11 has Lwo baslc modes of operaLlon:
– Ad hoc mode enables peer-Lo-peer Lransmlsslon beLween
moblle unlLs.
– lnfrasLrucLure mode ln whlch moblle unlLs communlcaLe
Lhrough an access polnL LhaL serves as a brldge Lo a wlred
neLwork lnfrasLrucLure ls Lhe more common wlreless LAn
appllcaLlon Lhe one belng covered.
• Slnce wlreless communlcaLlon uses a more open
medlum for communlcaLlon ln comparlson Lo wlred
LAns, Lhe 802.11 deslgners also lncluded shared-key
encrypLlon mechanlsms: Wlred LqulvalenL
Þrlvacy (WLÞ), Wl-ll ÞroLecLed Access (WÞA, WÞA2),
Lo secure wlreless compuLer neLworks.
CS65-Computer Networks Dept. of EEE
S.Muralidharan 3
Þeer-to-Þeer or ad-hoc w|re|ess LAN
• An ad-hoc neLwork ls a neLwork where sLaLlons
communlcaLe only peer Lo peer (Þ2Þ). 1here ls no base
and no one glves permlsslon Lo Lalk. 1hls ls accompllshed
uslng Lhe lndependenL 8aslc Servlce SeL (l8SS).
• A peer-Lo-peer (Þ2Þ) neLwork allows wlreless devlces Lo
dlrecLly communlcaLe wlLh each oLher. Wlreless devlces
wlLhln range of each oLher can dlscover and
communlcaLe dlrecLly wlLhouL lnvolvlng cenLral access
polnLs. 1hls meLhod ls Lyplcally used by Lwo compuLers
so LhaL Lhey can connecL Lo each oLher Lo form a
neLwork.
• lf a slgnal sLrengLh meLer ls used ln Lhls slLuaLlon, lL may
noL read Lhe sLrengLh accuraLely and can be mlsleadlng,
because lL reglsLers Lhe sLrengLh of Lhe sLrongesL slgnal,
whlch may be Lhe closesL compuLer.
n|dden node prob|em
• n|dden nodes ln a wlreless neLwork refer Lo
nodes LhaL are ouL of range of oLher nodes or a
collecLlon of nodes.
– ln a physlcal sLar Lopology wlLh an access polnL wlLh
many nodes surroundlng lL ln a clrcular fashlon: Lach
node ls wlLhln communlcaLlon range of Lhe AÞ, buL
Lhe nodes cannoL communlcaLe wlLh each oLher, as
Lhey do noL have a physlcal connecLlon Lo each oLher.
• ln a wlreless neLwork, lL ls llkely LhaL Lhe node aL Lhe far edge
of Lhe access polnL's range, whlch ls known as C, can see Lhe
access polnL, buL lL ls unllkely LhaL Lhe same node can see a
node on Lhe opposlLe end of Lhe access polnL's range, 8.
1hese nodes are known as . 1he problem ls when
nodes 8 and C sLarL Lo send packeLs slmulLaneously Lo Lhe
access polnL. Slnce node 8 and C can noL sense Lhe
carrler, Carrler sense mulLlple access wlLh colllslon
avoldance (CSMA/CA) does noL work, and colllslons occur,
scrambllng daLa. 1o overcome Lhls problem, handshaklng ls
lmplemenLed ln con[uncLlon wlLh Lhe CSMA/CA scheme.
1he h|dden stat|on prob|em
CS65-Computer Networks Dept. of EEE
S.Muralidharan 4
• Lxposed SLaLlon Þroblem
– 8 wanLs Lo send daLa Lo C
– 8uL mlsLakenly Lhlnks Lhe Lransmlsslon wlll fall slnce lL
ls under Lhe range of A.
1he exposed stat|on prob|em.
W|re|ess d|str|but|on system
• A W|re|ess D|str|but|on System |s a system that enab|es the
w|re|ess |nterconnect|on of access po|nts |n an ILLL 802.11
neLwork. lL allows a wlreless neLwork Lo be expanded uslng
mulLlple access polnLs wlLhouL Lhe need for a wlred backbone
Lo llnk Lhem, as ls LradlLlonally requlred.
• An access po|nt can be e|ther a ma|n, re|ay or remote base
sLaLlon.
– A ma|n base stat|on ls Lyplcally connecLed Lo Lhe wlred
LLherneL.
– A re|ay base stat|on relays daLa beLween remoLe base
sLaLlons, wlreless cllenLs or oLher relay sLaLlons Lo elLher a
maln or anoLher relay base sLaLlon.
– A remote base stat|on accepLs connecLlons from wlreless
cllenLs and passes Lhem Lo relay or maln sLaLlons.
ConnecLlons beLween "cllenLs" are made uslng MAC
addresses raLher Lhan by speclfylng lÞ asslgnmenLs.
• All base sLaLlons ln a Wlreless ulsLrlbuLlon SysLem musL
be conflgured Lo use Lhe same radlo channel, and share
WLÞ keys or WÞA keys lf Lhey are used. 1hey can be
conflgured Lo dlfferenL servlce seL ldenLlflers. WuS also
requlres LhaL every base sLaLlon be conflgured Lo forward
Lo oLhers ln Lhe sysLem.
• WuS may also be referred Lo as repeaLer mode because
lL appears Lo brldge and accepL wlreless cllenLs aL Lhe
same Llme (unllke LradlLlonal brldglng). lL should be
noLed, however, LhaL LhroughpuL ln Lhls meLhod ls halved
for all cllenLs connecLed wlrelessly.
• When lL ls dlfflculL Lo connecL all of Lhe access polnLs ln a
neLwork by wlres, lL ls also posslble Lo puL up access
polnLs as repeaLers.
• lLLL 802.11 deflne Lhe physlcal layer (ÞP?) and
MAC (Medla Access ConLrol) layers based
on CSMA/CA (Carrler Sense MulLlple Access wlLh
Colllslon Avoldance). 1he 802.11 speclflcaLlon
lncludes provlslons deslgned Lo mlnlmlze colllslons,
because Lwo moblle unlLs may boLh be ln range of a
common access polnL, buL ouL of range of each
oLher.
CS65-Computer Networks Dept. of EEE
S.Muralidharan 5
Layers ln lLLL 802.11 sLandard
ILLL 802.11 Þhys|ca| Layer
• ILLL 802.11InSS :
• 1hls descrlbes Lhe ºlrequency Popplng Spread
SpecLrum".
• lPSS ls a meLhod ln whlch Lhe sender sends on one
carrler frequency for a shorL amounL of Llme, Lhen
hops Lo anoLher carrler frequency for Lhe same
amounL of Llme, and so on.
• AfLer n hops, Lhe cycle ls repeaLed.
• lf Lhe band of orlglnal slgnal ls 8, Lhe allocaLed spread
specLrum bandwldLh ls nx8.
• ILLL 802.11 DSSS :
• 1hls sLandard descrlbes Lhe ºulrecL Sequence Spread
SpecLrum" .
• Pere each blL senL by Lhe sender ls replaced by a
sequence of blLs called a chlp code.
• ILLL 802.11a CIDM :
– 1hls sLandard descrlbes ºCrLhogonal frequency
dlvlslon mulLlplexlng".
• ILLL 802.11b nk-DSSS:
– 1hls sLandard descrlbes Lhe ºhlgh-raLe ulrecL
Sequence Spread SpecLrum (P8-uSS)" meLhod for
slgnal generaLlon.
• ILLL 802.11g CIDM :
– 1hls new speclflcaLlon uses CluM for slgnal
generaLlon. lL uses complex modulaLlon Lechnlques.
Commun|cat|on Modes
lLLL 802.11 provldes Lwo modes of communlcaLlon
among Lhe wlrless sLaLlons ln 8SS
– ulsLrlbuLed CoordlnaLlon luncLlon (uCl)
• Þrovlde dlrecL any-Lo-any wlreless communlcaLlon.
• 8ased on conLenLlon algorlLhm slmllar Lo CSMA/Cu
– ÞolnL CoordlnaLlon luncLlon (ÞCl)
• uses a cenLrallzed coordlnaLor namely ÞolnL CoordlnaLor(ÞC)
• ÞC uses polllng Lo allocaLe resource
CS65-Computer Networks Dept. of EEE
S.Muralidharan 6
lLLL 802.11 MAC Layer
• ÞolnL CoordlnaLlon luncLlon (ÞCl):
– 1hls ls avallable only ln "lnfrasLrucLure" mode, where sLaLlons
are connecLed Lo Lhe neLwork Lhrough an Access ÞolnL (AÞ).
– AÞs send beocoo frames aL regular lnLervals (usually every 0.1
second). 8eLween Lhese beocoo frames, ÞCl deflnes Lwo
perlods: Lhe ConLenLlon lree Þerlod (ClÞ) and Lhe ConLenLlon
Þerlod (CÞ).
• 1he Lerm beocoo slgnlfles a speclflc daLa Lransmlsslon from
Lhe access polnL (AÞ), whlch carrles Lhe Serv|ce set |dent|f|er (SSID)
(a name LhaL ldenLlfles a parLlcular 802.11 wlreless LAn), Lhe channel
number and securlLy proLocols such as WLÞ (Wlred LqulvalenL
ÞroLecLlon) or WÞA(Wl-ll ÞroLecLed Access).
– ln Lhe ClÞ, Lhe AÞ sends ConLenLlon-lree-Þoll (Cl-Þoll) packeLs
Lo each sLaLlon, one aL a Llme, Lo glve Lhem Lhe rlghL Lo send a
packeL. 1he AÞ ls Lhe coordlnaLor. AlLhough Lhls allows for a
beLLer managemenL of CoS, ÞCl does noL deflne classes of
Lrafflc as ls common wlLh oLher CoS sysLems.
• A super Llme frame conslsLs of cooteotloo-ftee letloJ
and cooteotloo petloJ.
• 1hese Lwo perlods are varlable lengLh. 1helr duraLlon
depends on Lhe Lrafflc load aL Lhe AÞ and aL Lhe moblle
hosLs.
• ulfferenL channel access conLrol schemes are used for
Lhese Lwo perlods.
A Super Frame
time
Contention Period Contention-free Period Contention-free Period Contention Period
A Super Frame
• ulsLrlbuLed CoordlnaLlon luncLlon (uCl):
– uCl ls used ln ConLenLlon Þerlod(CÞ)
– 1he baslc 802.11 MAC layer uses Lhe dlsLrlbuLed coordlnaLlon
funcLlon (uCl) Lo share Lhe medlum beLween mulLlple sLaLlons.
uCl relles on CSMA/CA and opLlonal (Lo solve hldden Lermlnal
problem) 802.11 81S/C1S(8equesL Lo send/Clear Lo send) Lo
share Lhe medlum beLween sLaLlons. 1hls has several
llmlLaLlons:
• lf many sLaLlons aLLempL Lo communlcaLe aL Lhe same Llme, many
colllslons wlll occur whlch wlll lower Lhe avallable bandwldLh and
posslbly lead LocongesLlve collapse.
• Lhere are no CuallLy of Servlce (CoS) guaranLees. ln parLlcular, Lhere ls
no noLlon of hlgh or low prlorlLy Lrafflc.
• once a sLaLlon "wlns" access Lo Lhe medlum, lL may keep Lhe medlum
for as long as lL chooses. lf a sLaLlon has a low blL raLe (1 MblL/s, for
example), Lhen lL wlll Lake a long Llme Lo send lLs packeL, and
Lransmlsslon from all oLher sLaLlons wlll be held off.
– lor besL-efforL daLa servlce
CS65-Computer Networks Dept. of EEE
S.Muralidharan 7
CSMA/CA
• 1he use of colllslon avoldance ls used Lo lmprove Lhe
performance of CSMA by aLLempLlng Lo dlvlde Lhe
wlreless channel up somewhaL equally among all
LransmlLLlng nodes wlLhln Lhe colllslon domaln.
CSMA/CA dlffers from CSMA/Cu due Lo Lhe naLure of
Lhe medlum, Lhe radlo frequency specLrum.
Colllslons cannoL be deLecLed whlle occurrlng aL Lhe
sendlng node, Lhus lL ls vlLal for CSMA/CA or anoLher
access meLhod Lo be lmplemenLed.
• CSMA/CA ls used ln '802.11 based wlreless
LAns' and oLher 'wlred and wlreless communlcaLlon
sysLems'. Cne of Lhe problems of wlreless daLa
communlcaLlons ls LhaL lL ls noL posslble Lo llsLen
whlle sendlng, Lherefore colllslon deLecLlon ls noL
posslble.
CSMA/CA and NAV
NAV- Network Allocation Vector
RTS- Request To Send
CTS-Clear To Send
DIFS – Distributed Interframe Space
SIFS-Short Interframe Space
81S/C1S
• 1he sender afLer senslng LhaL Lhe medlum ls ldle,
sends a speclal small frame called 8equesL-Lo-
Send (81S) of 20byLes. ln Lhls message, Lhe
sender deflnes Lhe LoLal Llme lL needs Lhe
medlum.
• 8ecelver acknowledges by reLurnlng Clear-Lo-
Send (C1S) of slze 14 byLes
• 1he sender send Lhe daLa frame
• 1he recelver acknowledges Lhe recelpL of daLa.
• 1he source sLaLlon seL Lhe ºdurat|on f|e|d" ln Lhe
MAC header of Lhe daLa frames or ln 81S and
C1S conLrol frames. 1hls fleld lndlcaLes Lhe
amounL of Llme afLer Lhe end of Lhe presenL
frame LhaL Lhe cannel wlll be uLlllzed Lo compleLe
Lhe successful Lransmlsslon of Lhe daLa.
• SLaLlons deLecLlng Lhe ºduraLlon fleld" ad[usL
Lhelr NAV(Network A||ocat|on Vector) , whlch
lndlcaLes Lhe amounL of Llme LhaL musL alapse
unLll Lhe currenL Lransmlsslon ls compleLe and
Lhe channel can be sampled agaln for ldle sLaLus.
CS65-Computer Networks Dept. of EEE
S.Muralidharan 8
Use of handshaking to prevent hidden station problem
C F A B E D
RTS
RTS = Request-to-Send
IEEE 802.11
Pretending a circular range
C F A B E D
RTS
RTS = Request-to-Send
IEEE 802.11
NAV = 10
NAV = remaining duration to keep quiet
Network Allocation Vector(NAV)
C F A B E D
CTS
CTS = Clear-to-Send
IEEE 802.11
CS65-Computer Networks Dept. of EEE
S.Muralidharan 9
C F A B E D
CTS
CTS = Clear-to-Send
IEEE 802.11
NAV = 8
C F A B E D
DATA
•DATA packet follows CTS. Successful data reception acknowledged
using ACK.
IEEE 802.11
IEEE 802.11
C F A B E D
ACK
C F A B E D
ACK
IEEE 802.11
Reserved area
CS65-Computer Networks Dept. of EEE
S.Muralidharan 10
IEEE 802.11
C F A B E D
DATA
Transmit “range”
Interference
“range”
Carrier sense
range
F A
Slmpllfled CSMA/CA
lrame lormaL
• Frame Control field defines the type of the frame and some control information.
Subfields in Frame Control(FC) field
• u : ln all frame Lypes excepL 'conLrol frame', Lhls fleld
deflnes Lhe duraLlon of Lhe Lransmlsslon LhaL ls used Lo
seL Lhe value of nAv. ln 'conLrol frame', Lhls fleld ls used
Lo deflne Lhe lu.
• Address : 1here are four address flelds each 6 byLes long.
1he meanlng of each address fleld depends on Lhe value
of Lhe º1o uS" and ºlrom uS" subflelds.
• To DS & From DS :
CS65-Computer Networks Dept. of EEE
S.Muralidharan 11
• Sequence ConLrol : 1hls fleld deflnes Lhe
sequence number of frame Lo be used ln flow
conLrol.
• lrame body : conLalns lnformaLlon based on Lhe
Lype and Lhe subLype deflned ln Lhe lC fleld.
• lCS : conLalns a C8C-32 error deLecLlon
sequence.
• l8AML 1?ÞLS :
– 1hree caLegorles
• ManagemenL lrames : used for lnlLlal communlcaLlon
beLween sLaLlons and access polnLs.
• ConLrol lrames : used for accesslng Lhe channel and
acknowledglng frames.
• uaLa lrames : used for carrylng daLa and conLrol
lnformaLlon.
Control frames
Values of subfields in control frames
Wlreless SecurlLy
CS65-Computer Networks Dept. of EEE
S.Muralidharan 12
• W|re|ess secur|ty ls Lhe prevenLlon of
unauLhorlzed access or damage Lo compuLers
uslng wlreless neLworks.
• Wlreless SecurlLy ÞroLocol Llme llne :
– WLÞ - ÞarL of orlglnal 802.11 speclflcaLlon publlshed
ln 1999.
– WÞA - ueveloped Lo flx numerous WLÞ flaws. 8aLlfled
by Wl-ll Alllance ln 2003.
– 802.11l - More robusL, permanenL securlLy sLandard
expecLed Lo be flnallzed soon. CurrenLly ln 7Lh drafL.
WLÞ
• Wlred LqulvalenL Þrlvacy(WLÞ)
• uses 8C4 SLream clpher
• Pas sLaLlc 40-blL base key
• 64-blL per-packeL key
• 24-blL lnlLlallzaLlon vecLor (lv)
• uses lnLegrlLy Check value (lCv) Lo verlfy
lnLegrlLy
WLÞ Weaknesses (keys)
• WLÞ uses same key for auLhenLlcaLlon and
encrypLlon.
• no way Lo manage keys.
• Same sLaLlc key used on AÞ as well as all cllenLs.
WÞA: 1he soluLlon for Loday
• Wl-ll ÞroLecLed Access (WÞA) creaLed Lo flx
vulnerablllLles of WLÞ whlle keeplng Lhe ablllLy Lo
run on legacy Access ÞolnLs.
• SubseL of 802.11l SLandard.
• 1wo ma[or componenLs:
– 1emporal key lnLegrlLy ÞroLocol(1klÞ) and
– 802.1x LxLenslble AuLhenLlcaLlon ÞroLocol (LAÞ) based
auLhenLlcaLlon.
– 802.1x speclfles Lhe followlng componenLs:
• SuppllcanL - A user or a cllenL LhaL wanLs Lo be auLhenLlcaLed.
• AuLhenLlcaLlon server - An auLhenLlcaLlon sysLem, such as a
8AuluS server, LhaL handles acLual auLhenLlcaLlons.
• AuLhenLlcaLor - A devlce LhaL acLs as an lnLermedlary beLween a
suppllcanL and an auLhenLlcaLlon server. usually, an AÞ.
CS65-Computer Networks Dept. of EEE
S.Muralidharan 13
WLAn SecurlLy Summary
WEP WPA 802.11i
Cipher Algorithm RC4 RC4 (TKIP) AES-CCMP
Encryption Key 40-bit 128-bit 128-bit
Initialization Vector 24-bit 48-bit 48-bit
Authentication Key None 64-bit 128-bit
Integrity Check CRC-32 Michael CCM
Key Distribution Manual 802.1X (EAP) 802.1X (EAP)
Key Unique To: Network Packet, Session, UserPacket, Session, User
Key Hierarchy No Derived from 802.1X Derived from 802.1X
Ad-hoc Security (P2P)No No Yes (IBSS)
Pre-authentication No No Yes (EAPOL)