Reminder on frequencies and wavelenghts

twisted coax cable optical transmission

pair

1 Mm 10 km 100 m 1m 10 mm 100 m 1 m
300 Hz 30 kHz 3 MHz 300 MHz 30 GHz 3 THz 300 THz

VLF LF MF HF VHF UHF SHF EHF infrared visible light UV

VLF = Very Low Frequency UHF = Ultra High Frequency

LF = Low Frequency SHF = Super High Frequency
MF = Medium Frequency EHF = Extra High Frequency
HF = High Frequency UV = Ultraviolet Light
VHF = Very High Frequency

Frequency and wave length:

= c/f
wave length , speed of light c  3x108m/s, frequency f

1
 Frequencies for mobile communication
 VHF-/UHF-ranges for mobile radio
 simple, small antenna for handset
 deterministic propagation characteristics, reliable connections
 SHF and higher for directed radio links, satellite communication
 small antenna
 large bandwidth available
 Wireless LANs use frequencies in UHF to SHF spectrum
 some systems planned up to EHF
 limitations due to absorption by water and oxygen molecules
(resonance frequencies)
 Weather-dependent fading, signal loss caused by heavy rainfall etc.

2
 Frequency allocation
Europe USA Japan

Mobile Dig. Dividend AMPS, TDMA, CDMA PDC

phones 800MHz 824-849 MHz, 810-826 MHz,
GSM 890-915 MHz, 869-894 MHz; 940-956 MHz;
935-960 MHz; TDMA, CDMA, GSM 1429-1465 MHz,
1710-1785 MHz, 1850-1910 MHz, 1477-1513 MHz
1805-1880 MHz 1930-1990 MHz; UMTS
UMTS UMTS 1749.9-1784.9
1920-1980 MHz 1850-1910 MHz 1844.9-1879.9
2110-2170 MHz 1930-1990 MHz
LTE
2600MHz
Cordless CT1+ 885-887 MHz, PACS 1850-1910 MHz, PHS
telephones 930-932 MHz; 1930-1990 MHz 1895-1918 MHz
CT2 PACS-UB 1910-1930 MHz JCT
864-868 MHz 254-380 MHz
DECT
1880-1900 MHz
Wireless IEEE 802.11 IEEE 802.11 IEEE 802.11
LANs 2400-2483 MHz 2400-2483 MHz 2471-2497 MHz
5725–5875 MHz 5725–5875 MHz 5725–5875 MHz

Note: in the coming years, frequencies will become technology-neutral 3

 Characteristics of Wireless LANs
Advantages
 flexibility
 (almost) no wiring difficulties (e.g., historic buildings)
 more robust against disasters like, e.g., earthquakes, fire - or users
pulling a plug...
Disadvantages
 lower bitrate compared to wired networks
 More difficult to secure

4
 Scope of Various WLAN and WPAN Standards

Power consumption

802.11n
Complexity
802.11a

802.11g

802.11b
WLAN
802.11

802.15.I
Bluetooth

802.15.4
WPAN Data rate
5
WPAN: Wireless Personal Area Network
 Design goals for wireless LANs
 low power
 no special permissions or licenses needed to use the LAN
 robust transmission technology
 easy to use for everyone, simple management
 protection of investment in wired networks (internetworking)
 security, privacy, safety (low radiation)
 transparency concerning applications and higher layer protocols
 location awareness if necessary

6
 Comparison: infrared vs. radio transmission
Infrared Radio
 uses IR diodes  typically using the license free
Advantages ISM band at 2.4 GHz and 5 GHz
 simple, cheap, available in Advantages
many mobile devices  coverage of larger areas possible
 no licenses needed (radio can penetrate walls,
 simple shielding possible furniture etc.)

Disadvantages Disadvantages
 very limited license free
 interference by sunlight, heat
sources etc. frequency bands
 shielding more difficult,
 many materials shield or absorb
IR light interference with other electrical
devices
 low bandwidth
 more difficult to secure
Example
Examples
 IrDA (Infrared Data Association)
 IEEE 802.11, Bluetooth
interface used to be available
on many devices

7
 Infrastructure vs. ad hoc networks
infrastructure AP: Access Point
network

AP

AP wired network
AP

Ad hoc network

8
 IEEE 802.11 - Architecture of an
infrastructure network
Station (STA)
802.11 LAN  terminal with access mechanisms
802.x LAN
to the wireless medium and radio
contact to the access point
STA1 Basic Service Set (BSS)
BSS1  group of stations using the same
Access Portal
radio frequency
Point
Access Point
Distribution System  station integrated into the wireless
LAN and the distribution system
Access
ESS Point Portal
 bridge to other (wired) networks
BSS2 Distribution System
 interconnection network to form
one logical network (ESS:
Extended Service Set) based
STA2 802.11 LAN STA3 on several BSS

9
 802.11 - Architecture of an ad-hoc network
Direct communication within a
802.11 LAN limited range
STA1 STA3  Station (STA):
terminal with access
mechanisms to the wireless
BSS1 medium
 Basic Service Set (BSS):
group of stations using the
STA2 same radio frequency

802.11 LAN

BSS2

STA5

STA4

10
Interconnection of IEEE 802.11 with Ethernet

fixed terminal
mobile station

server

infrastructure network

access point

application application
TCP TCP
IP IP
802.11 MAC 802.11 MAC 802.3 MAC 802.3 MAC
802.11 PHY 802.11 PHY 802.3 PHY 802.3 PHY

11
 802.11 - Layers and functions
MAC
 access mechanisms,
fragmentation, encryption
MAC Management
 synchronization, roaming, MIB,
power management
PLCP (Physical Layer Convergence Protocol)
 clear channel assessment
signal (carrier sense)
PMD (Physical Medium Dependent)
 modulation, coding
PHY Management
 channel selection, MIB
Station Management
 coordination of all management
functions

Station Management
IP

MAC MAC Management

PLCP
PHY

PHY Management
PMD

12
 802.11b - Physical layer
3 versions: 2 radio: DSSS and FHSS (both typically at 2.4 GHz), 1 IR
 data rates 1, 2, 5 or 11 Mbit/s
DSSS (Direct Sequence Spread Spectrum)
 DBPSK modulation (Differential Binary Phase Shift Keying) or DQPSK
(Differential Quadrature PSK)
 chipping sequence: +1, -1, +1, +1, -1, +1, +1, +1, -1, -1, -1 (Barker code)
 max. radiated power 1 W (USA), 100 mW (EU), min. 1mW

FHSS (Frequency Hopping Spread Spectrum)

 spreading, despreading, signal strength
 min. 2.5 frequency hops/s, two-level GFSK modulation (Gaussian
Frequency Shift Keying)
Infrared (rarely used in practice)
 850-950 nm, diffuse light, around 10 m range
 carrier detection, energy detection, synchronization

13
 802.11 - MAC layer principles (1/2)
Traffic services
 Asynchronous Data Service (mandatory)
 exchange of data packets based on “best-effort”
 support of broadcast and multicast
 Time-Bounded Service (optional)
 implemented using PCF (Point Coordination Function)
Access methods (called DFWMAC: Distributed Foundation Wireless MAC)
 DCF CSMA/CA (mandatory)
 collision avoidance via randomized „back-off“ mechanism
 minimum distance between consecutive packets
 ACK packet for acknowledgements (not for broadcasts)
 DCF with RTS/CTS (optional)
 avoids hidden terminal problem
 PCF (optional and rarely used in practice)
 access point polls terminals according to a list

DCF: Distributed Coordination Function

PCF: Point Coordination Function

14
 802.11 - MAC layer principles (2/2)
Priorities
 defined through different inter frame spaces
 no guaranteed, hard priorities
 SIFS (Short Inter Frame Spacing)
 highest priority, for ACK, CTS, polling response
 PIFS (PCF IFS)
 medium priority, for time-bounded service using PCF
 DIFS (DCF, Distributed Coordination Function IFS)
 lowest priority, for asynchronous data service

DIFS DIFS
PIFS
SIFS
medium busy contention next frame
t
direct access if
medium is free  DIFS time slot

15
Note
Note: :IFS
IFSdurations
durationsare
arespecific
specifictotoeach
eachPHY
PHY
 802.11 - CSMA/CA principles
contention window
DIFS DIFS (randomized back-off
mechanism)

medium busy next frame

direct access if t
medium has been free time slot
for at least DIFS

 station ready to send starts sensing the medium (Carrier Sense

based on CCA, Clear Channel Assessment)
 if the medium is free for the duration of an Inter-Frame Space (IFS),
the station can start sending (IFS depends on service type)
 if the medium is busy, the station has to wait for a free IFS, then the
station must additionally wait a random back-off time (collision
avoidance, multiple of slot-time)
 if another station occupies the medium during the back-off time of
the station, the back-off timer stops (to increase fairness)

16
 802.11 – CSMA/CA broadcast
=
DIFS DIFS DIFS DIFS
boe bor boe bor boe busy
station1

boe busy
station2

busy
station3

boe busy (detection by upper layer)

station4

boe bor boe busy (detection by upper layer)

station5
t
Here St4 and St5 happen to have
the same back-off time

busy medium not idle (frame, ack etc.) boe elapsed backoff time

packet arrival at MAC bor residual backoff time

The
Thesizesizeofofthe
thecontention
contentionwindow
windowcan
canbebeadapted
adapted Note:
(if(ifmore Note:broadcast
broadcastisisnot
notacknowledged
acknowledged 17
morecollisions,
collisions,then
thenincrease
increasethe
thesize)
size)
 802.11 - CSMA/CA unicast
Sending unicast packets
 station has to wait for DIFS before sending data
 receiver acknowledges at once (after waiting for SIFS) if the packet
was received correctly (CRC)
 automatic retransmission of data packets in case of transmission
errors

DIFS
data
sender
SIFS
ACK
receiver
DIFS
other data
stations t
waiting time Contention
window

The
TheACK
ACKisissent
sentright
rightatatthe
theend
endofofSIFS
SIFS 18
(no
(nocontention)
contention)
 802.11 – DCF with RTS/CTS
Sending unicast packets
 station can send RTS with reservation parameter after waiting for DIFS
(reservation determines amount of time the data packet needs the medium)
 acknowledgement via CTS after SIFS by receiver (if ready to receive)
 sender can now send data at once, acknowledgement via ACK
 other stations store medium reservations distributed via RTS and CTS

DIFS
RTS data
sender
SIFS SIFS
CTS SIFS ACK
receiver

NAV (RTS) DIFS

other NAV (CTS) data
stations t
defer access Contention
window
RTS/CTS
RTS/CTScan
canbebepresent
presentfor
for 19
NAV:
NAV:Net
NetAllocation
AllocationVector
Vector some
somepackets
packetsand
andnot
notfor
forother
other
 Fragmentation mode

DIFS
RTS frag1 frag2
sender
SIFS SIFS SIFS
CTS SIFS ACK1 SIFS ACK2
receiver

NAV (RTS)
NAV (CTS)
NAV (frag1) DIFS
other NAV (ACK1) data
stations t
contention

• Fragmentation is used in case the size of the packets sent has to be

reduced (e.g., to diminish the probability of erroneous frames)
• Each fragi (except the last one) also contains a duration (as RTS does),
which determines the duration of the NAV
• By this mechanism, fragments are sent in a row
• In this example, there are only 2 fragments
20
 802.11 - MAC frame format
Types
 control frames, management frames, data frames
Sequence numbers
 important against duplicated frames due to lost ACKs
Addresses
 receiver, transmitter (physical), BSS identifier, sender (logical)
Miscellaneous
 sending time, checksum, frame control, data

bytes 2 2 6 6 6 2 6 0-2312 4
Frame Duration Address Address Address Sequence Address
Data CRC
Control ID 1 2 3 Control 4

version, type, fragmentation, security, ... detection of duplication

21
 MAC address format

scenario to DS from address 1 address 2 address 3 address 4

DS
ad-hoc network 0 0 DA SA BSSID -
infrastructure 0 1 DA BSSID SA -
network, from AP
infrastructure 1 0 BSSID SA DA -
network, to AP
infrastructure 1 1 RA TA DA SA
network, within DS

DS: Distribution System

AP: Access Point
DA: Destination Address
SA: Source Address
BSSID: Basic Service Set Identifier
- infrastructure BSS : MAC address of the Access Point
- ad hoc BSS (IBSS): random number
RA: Receiver Address
TA: Transmitter Address

22
 802.11 - MAC management
Synchronization
 Purpose
 for the physical layer (e.g., maintaining in sync the frequency hop
sequence in the case of FHSS)
 for power management
 Principle: beacons with time stamps
Power management
 sleep-mode without missing a message
 periodic sleep, frame buffering, traffic measurements

Association/Reassociation
 integration into a LAN
 roaming, i.e. change networks by changing access points
 scanning, i.e. active search for a network

MIB - Management Information Base

 managing, read, write

23
 Synchronization (infrastructure case)

beacon interval

B B B B
access
point
busy busy busy busy
medium
t
value of the timestamp B beacon frame

• The access point transmits the (quasi) periodic beacon signal

• The beacon contains a timestamp and other management information used for
power management and roaming
• All other wireless nodes adjust their local timers to the timestamp

24
 Synchronization (ad-hoc case)

beacon interval

B1 B1
station1

B2 B2
station2

busy busy busy busy

medium
t
value of the timestamp B beacon frame random delay (back-off)

• Each node maintains its own synchronization timer and starts the transmission
of a beacon frame after the beacon interval
• Contention  back-off mechanism  only 1 beacon wins
• All other stations adjust their internal clock according to the received beacon
and suppress their beacon for the current cycle
25
 Power management
Idea: switch the transceiver off if not needed
States of a station: sleep and awake
Timing Synchronization Function (TSF)
 stations wake up at the same time
Infrastructure case
 Traffic Indication Map (TIM)
 list of unicast receivers transmitted by AP
 Delivery Traffic Indication Map (DTIM)
 list of broadcast/multicast receivers transmitted by AP
Ad-hoc case
 Ad-hoc Traffic Indication Map (ATIM)
 announcement of receivers by stations buffering frames
 more complicated - no central AP
 collision of ATIMs possible (scalability?)

26
 Power saving (infrastructure case)
Here the access point announces
data addressed to the station
TIM interval DTIM interval

D B T T d D B
access
point
busy busy busy busy
medium

p d
station
t
T TIM D DTIM awake

B broadcast/multicast d data transmission

to/from the station

p Power Saving poll: I am awake, please send the data 27

 Power saving (ad-hoc case)

ATIM
window beacon interval

B1 A D B1
station1

B2 B2 a d
station2

t
B beacon frame random delay A transmit ATIM D transmit data

awake a acknowledge ATIM d acknowledge data

• ATIM: Ad hoc Traffic Indication Map (a station announces the list of buffered frames)
• Potential problem: scalability (high number of collisions)
28
 802.11 - Roaming
No or bad connection? Then perform:
Scanning
 scan the environment, i.e., listen into the medium for beacon
signals or send probes into the medium and wait for an answer
Reassociation Request
 station sends a request to one or several AP(s)
Reassociation Response
 success: AP has answered, station can now participate
 failure: continue scanning

AP accepts Reassociation Request

 signal the new station to the distribution system
 the distribution system updates its data base (i.e., location
information)
 typically, the distribution system now informs the old AP so it can
release resources

29
 Security of 802.11
 WEP: Wired Equivalent Privacy
 Objectives:
 Confidentiality
 Access control
 Data integrity

M k k
Integrity
checksum
IV RC4 IV RC4
C(M)

P= M C(M) P= M C(M)

Note: several security weaknesses have been identified and WEP should not be used
anymore.
30
 The new solution for 802.11 security:
standard 802.1x

EAPOL Encapsulated EAP,

(over Ethernet or 802.11) Typically on RADIUS

Supplicant Authenticator Authentication Server

EAP: Extensible Authentication Protocol (RFC 2284, 1998)

EAPOL: EAP over LAN
RADIUS: Remote authentication dial in user service (RFC 2138, 1997)

Features:
- Supports a wide range of authentication schemes, thanks to the usage of EAP
- One-way authentication
- Optional encryption and data integrity

31
 More on IEEE 802.1x
Example of authentication, using one-time passwords (OTP):

Supplicant Authenticator Authentication server

EAP-request/identity

EAP-response/identiy (MYID)

EAP-request/OTP,
OTP challenge
EAP-response/OTP,
OTPpassword
EAP-success
Authentication
Port authorized
successfully
completed

: exchange of EAPOL frame

: exchange of EAP frames in a higher layer protocol (e.g., RADIUS)

Notes
Notes: :
1.1. Weaknesses
Weaknesseshave
havebeen
beenfound
foundinin802.1x
802.1xas
aswell,
well,but
butare
arecorrected
correctedininthe
the
various implementations.
various implementations. 32
2.2. New
Newstandard
standardininthe
themaking
making: :IEEE
IEEE802.11i
802.11i
 IEEE 802.11 – Standardization efforts
IEEE 802.11b
 2.4 GHz band
 DSSS (Direct-sequence spread spectrum)
 Bitrates 1 – 11 Mbit/s
IEEE 802.11a
 5 GHz band
 Based on OFDM (orthogonal frequency-division multiplexing)
 transmission rates up to 54 Mbit/s
 Coverage is not as good as in 802.11b
IEEE 802.11g
 2.4 GHz band (same as 802.11b)
 Based on OFDM
 Bitrates up to 54Mb/s
IEEE 802.11n
 MIMO (multiple-input multiple-output)
 40MHz channel (instead of 20MHz)
 Can operate in the 5GHz or 2.4Ghz (risk of interference with other systems, however)
 Bitrates up to 600Mb/s
IEEE 802.11ac
 Extension of IEEE 802.11n, under development
IEEE 802.11e
 Enhanced DCF: to support differentiated service
IEEE 802.11i
 Security, makes use of IEEE 802.1x
IEEE 802.11p
 For vehicular communications
IEEE 802.11s
 For mesh networks

33
 Conclusion of Wireless LANs
 IEEE 802.11
 Very widespread
 Often considered as the system underlying larger scale ad hoc
networks (although far from optimal, not designed for this purpose)
 Tremendous potential as a competitor of 3G cellular networks in hot
spots
 Bluetooth
 Security perceived as a major obstacle; initial solutions were
flawed in both IEEE 802.11 (WEP) and Bluetooth
 Future developments
 Ultra Wide Band?

34
 References
 J. Schiller: Mobile Communications, Addison-Wesley, Second Edition,
2004
 Leon-Garcia & Widjaja: Communication Networks, McGrawHill, 2000
 IEEE 802.11 standards, available at www.ieee.org
 www.bluetooth.com
 J. Edney and W. Arbaugh: Real 802.11 Security, Addison-Wesley,
2003

35
Ad Hoc On-Demand Distance Vector Routing
(AODV)

Note: this and the following slides are provided here because
AODV is used in the hands-on exercises. We will come
back to this topic in a later module of the course.

36
 AODV : Route discovery (1)

F K
H
Q A

S E G D P
J

B M
R
I
L
C
N

37
 AODV : Route discovery (2)

F K
H
Q A

S E G D P
J

B M
R
I
L
C
N

: Route Request (RREQ) Note:

Note:ififone
oneofofthe
theintermediate
intermediatenodes
nodes(e.g.,
(e.g.,A)
38 A)
knows
knowsaaroute
routetotoD,
D,ititresponds
respondsimmediately
immediatelytotoSS
 AODV : Route discovery (3)

F K
H
Q A

S E G D P
J

B M
R
I
L
C
N

: represents a link on the reverse path 39

 AODV : Route discovery (4)

F K
H
Q A

S E G D P
J

B M
R
I
L
C
N

40
 AODV : Route discovery (5)

F K
H
Q A

S E G D P
J

B M
R
I
L
C
N

41
 AODV : Route discovery (6)

F K
H
Q A

S E G D P
J

B M
R
I
L
C
N

42
 AODV : Route discovery (7)

F K
H
Q A

S E G D P
J

B M
R
I
L
C
N

43
 AODV : Route reply and setup of the forward
path

F K
H
Q A

S E G D P
J

B M
R
I
L
C
N

: Link over which the RREP is transmitted

44
: Forward path
 Route reply in AODV
In case it knows a path more recent than the one previously known
to sender S, an intermediate node may also send a route reply
(RREP)
The freshness of a path is assessed by means of destination
sequence numbers
Both reverse and forward paths are purged at the expiration of
appropriately chosen timeout intervals

45
 AODV : Data delivery

F K
H
Q A

Data
S E G D P
J

B M
R
I
L
C
N

The
Theroute
routeisisnot
notincluded
includedininthe
thepacket
packetheader
header 46
 AODV : Route maintenance (1)

F K
H
Q A

Data
S E G D P
X J

B M
R
I
L
C
N

47
 AODV : Route maintenance (2)

F K
H
Q A

RERR(G-J)
S E G D P
X J

B M
R
I
L
C
N

When
Whenreceiving
receivingthetheRoute
RouteError
Errormessage
message(RERR),
(RERR),
SSremoves
removesthethebroken
brokenlink
linkfrom
fromits
itscache.
cache.
ItItthen 48
theninitializes
initializesaanew
newroute
routediscovery.
discovery.
 AODV (unicast) : Conclusion
Nodes maintain routing information only for routes that are in active
use
Unused routes expire even when the topology does not change
Each node maintains at most one next-hop per destination

49
 2011 Trial in MobNet with Nokia
http://lca.epfl.ch/projects/lca1-nokia
Adversary’s APs

186 m

66 m

50