Wireless Local Area Networks

CS5440 Wireless Access Networks

Dilum Bandara

Dilum.Bandara@uom.lk

Some slides extracted from Dr. Muid Mufti, ID Technologies

2

Outlines Motivation IEEE 802.11 Practical issues Security

Wireless Technology Landscape

3

4

Wireless Local Area Network (WLAN) As a cable replacement Motivating factors

Mobility Old buildings Rapid deployment Rapid reconfiguration Small devices

Applications

5

Why Not Wireless Ethernet? Ethernet is simple, widely used, & cheap But

Collision detection Not possible in wireless Would require a full duplex radio Receiver sensitivity

Carrier sense Hidden stations

Mobility Power saving

6

Elements of a WLAN Client Access point – base station Modes

Ad-hoc infrastructure

Source: www.technologyuk.net

7

WLAN Topologies Peer-to-peer Access point based Point-to-multipoint bridge

Source: www.cisco.com

8

IEEE 802.11 Standard Standard for MAC & Physical Layer for WLANs

IEEE 802.11 Standards

9

DSSS – Direct Sequence Spread Spectrum OFDM – Orthogonal Frequency-Division MultiplexingMIMO – Multiple Input Multiple Output

10

IEEE 802.11 Versions 802.11 – 1997

2 Mbps max 2.4 GHz band 20 m – Indoor 100 m – outdoor Wide range of Physical layers

IR, UHF Narrowband, spread spectrum

802.11a – 1999 54 Mbps max 5.1 - 5.8GHz band 35 m – indoor 120 m – outdoor

11

IEEE 802.11 Versions (Cont.) 802.11b – 1999

11 Mbps max 2.4 GHz band 35 m – indoor 140 m – outdoor

802.11g – 2003 Most current deployments 54 Mbps max 2.4 GHz band 38 m – indoor 140 m – outdoor

12

IEEE 802.11 Versions (Cont.) 802.11n – 2009

Current industry adopted specification 320 Mbps 2.4/5 GHz band MIMO Enhanced security 70 m – indoor 250 m – outdoor

802.11ac – 2012 (approved in Jan 2014) 0.5+ Gbps (per links) 5 GHz band MIMO, 256 - QAM

Comparison

13Source: http://electronicdesign.com/communications/understanding-ieee-80211ac-vht-wireless

Comparison

14

15

Source: http://www.os2warp.be/index2.php?name=wifi1

16

IEEE 802.11 Topologies Independent Basic Service Set (IBSS) – ad-hoc Basic Service Set (BSS) Extended Service Set (ESS)

SSID – Service Set ID

BSSID – MAC of AP

ESSID – 32-byte String

17

Services Station services

Authentication De-authentication Privacy Delivery of data

Distribution services Association Disassociation Reassociation Distribution Integration

Association in 802.11

AP

1: Association request

2: Association response

3: Data traffic

Client

18

Reassociation in 802.11 – Roaming

New AP

1: Reassociation request

3: Reassociation response

5: Send buffered frames

Old AP

2: verifypreviousassociation

4: sendbufferedframes

Client6: Data traffic

19

• 802.11 – Roaming algorithm not defined• 802.11f – Inter Access Point Protocol (IAPP)• 802.11r – Fast roaming• Still no solution for roaming across different domains

20

Roaming Among Wi-Fi Hotspots Hotspots may be operated by different providers

WISP – Wireless Internet Service Provider WISPr – best practices for WISPs Authentication through web browser

Source: www.truconnect.com/blog/how-to-create-a-wi-fi-hotspot-with-a-mifi-device/

21

Issues – Hidden Terminal B doesn’t know C exist

22

Issues – Exposed Terminal A can’t communicate with D while B & C are

communicating

23

Handshake Protocol Address hidden & exposed terminal problems RTS – Request To Send frame CTS – Clear To Send frame

24

Virtual Channel Sensing in CSMA/CA

C (in range of A) receives RTS & based on information in RTS creates a virtual channel busy NAV NAV – Network Allocation Vector NAV indicates how long a station must defer from accessing

medium Saves power

D (in range of B) receives CTS & creates a shorter NAV

25

802.11 Overhead

Channel contention resolved using backoff Nodes choose random backoff interval from [0, CW] Count down for this interval before transmission

Backoff & (optional) RTS/CTS handshake before transmission of data frame

Random backoff

Data Transmission/ACKRTS/CTS

26

Fragmentation in 802.11

High wireless error rates long packets have less probability of being successfully transmitted

Solution MAC layer fragmentation with stop-and-wait protocol on

fragments

27

Physical Layer DSSS

SYNC - Receiver uses to acquire incoming signal & synchronize receiver’s carrierSFD – Start of Frame DelimiterSignal – Which modulation scheme

11 channels – North America13 channels – Europe

28Source: wikipedia.org

29

802.11 Wireless MAC

Support broadcast, multicast, & unicast Uses ACK & retransmission to achieve reliability for

unicast frames No ACK/retransmission for broadcast or multicast

frames Distributed & centralized MAC access

Distributed Coordination Function (DCF) Point Coordination Function (PCF)

30

IEEE 802.11 Mobility Standard defines following mobility types

No-transition – no movement or moving within a local BSS BSS-transition – station movies from one BSS in one ESS to another

BSS within the same ESS ESS-transition – station moves from a BSS in one ESS to a BSS in a

different ESS (continues roaming not supported)

ESS 1ESS 2

- Address to destination mapping- seamless integration of multiple BSS

31

Why Security is More of a Concern in Wireless? No inherent physical protection

Physical connections between devices are replaced by logical associations

Broadcast communications Eavesdropping – transmissions can be overheard by anyone in

range Bogus message – anyone can transmit DoS – Jamming/interference Replaying previously recorded messages

32

Further Issues

Access point configuration Default community strings, default passwords

Evil twin access points Stronger signal, capture user authentication

Renegade access points Unauthorised wireless LANs

33

Authentication & Privacy To prevent unauthorized access & eavesdropping Realized by authentication service prior to access Open system authentication

Station wanting to authenticate sends authentication management frame

Receiving station sends back frame for successful authentication Supported in WEP

Shared-key authentication Secret, shared key received by all stations by a separate, 802.11

independent channel Stations authenticate by a shared knowledge of the key properties

34

MAC ACLs & SSID Hiding

Access points have Access Control Lists (ACL) List of allowed MAC addresses

E.g., allow access to 00:01:42:0E:12:1F 00:01:42:F1:72:AE 00:01:42:4F:E2:01

But MAC addresses are sniffable & spoofable AP beacons without SSID

A client knowing a SSID may join AP A client send PROBE REQUEST with SSID, AP

MUST send a RESPONSE with its SSID

35

802.11b Security Services

2 security services1. Authentication

Shared Key Authentication

2. Encryption Wired Equivalence Privacy (WEP)

36

Wired Equivalence Privacy (WEP)

Shared key between stations & an AP Extended Service Set (ESS)

All APs will have same shared key No key management

Shared key entered manually into Stations APs Key management nightmare in large wireless LANs

37

WEP – Shared Key Authentication When station requests association with an AP

AP sends random no to station Station encrypts random no

Uses RC4, 40-bit shared secret key & 24-bit initialization vector RC4 – software stream cipher

Encrypted random no sent to AP AP decrypts received message AP compares decrypted random no to transmitted random no

If numbers match, station has shared secret key RC4 subsequently used for data encryption Checksum for integrity But management traffic still broadcast in clear containing

SSID

38

WEP – Shared Key Authentication

Source: technet.microsoft.com

39

Wi-Fi Protected Access (WPA) Works with 802.11b, a, & g

Works with legacy hardware Fixes WEP’s problems 802.1x user-level authentication Temporal Key Integrity Protocol (TKIP)

RC4 session-based dynamic encryption keys Per-packet key derivation Unicast & broadcast key management 48-bit initialization vector with new sequencing method

Counter replay attacks Michael 64-bit Message Integrity Code (MIC)

Optional AES support to replace RC4

40

WPA & 802.1x 802.1x is a general purpose network access control

mechanism WPA has 2 modes

1. Pre-shared mode, uses pre-shared keys

2. Enterprise mode, uses Extensible Authentication Protocol (EAP) with a RADIUS server making the authentication decision EAP is a transport for authentication, not authentication itself EAP allows arbitrary authentication methods For example, Windows supports

41

802.11i – WPA2

Full implementation Adopted in September 2004

Replaced WPA with WPA2-AES in 2004 Backwards compatible with WPA

Uses AES-CCMP Advanced Encryption Standard – Counter Mode with

Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Very Strong

42

WPA2 (Cont.)

Robust Security Network (RSN) protocol for establishing secure communications Based on a mode of AES, with 128-bits keys & 48 bit

IV Adds dynamic negotiation of authentication &

encryption algorithms Allows for future changes

Requires new hardware

43

RSN Protocol Wireless NIC sends a Probe Request Access point sends a Probe Response with an

RSN Information Exchange (IE) frame Wireless NIC requests authentication via one of

the approved methods Access point provides authentication for the

wireless NIC Wireless NIC sends an Association Request with

an RSN Information Exchange (IE) frame Access point send an Association Response

44

WLAN Network Planning Network planning target

Maximize system performance with limited resources Including

coverage throughput capacity interference roaming security

Planning process Requirements for project management personnel Site investigation Computer-aided planning practice Testing & verifying planning

45

Basic tools – power levels, throughput, error rate Laptop, tablet, & PDA Utility come with radio card Supports channel scan, station search Indicate signal level, SNR, transport rate

Advanced tools – detailed protocol data flows Special designed for field measurement Support PHY & MAC protocol analysis Integrated with network planning tools

Examples Procycle™ from Softbit, Oulu, Finland SitePlaner™ from WirelessValley, American

Field Measurements

46

Capacity Planning – Example 802.11b can have 6.5 Mbps rate throughput due to

CSMA/CA MAC protocol PHY & MAC management overhead

More users connected, less capacity offered Example of supported users in different application cases

Environment Traffic content Traffic Load No of simultaneous users

11Mbps 5.5Mbps 2Mbps

Corporation Wireless LAN

Web, Email, File transfer

150 kbits/user 40 20 9

Branch Office Network

All application via WLAN

300 kbits/user 20 10 4

Public Access Web, Email, VPN tunneling

100 kbits/user 60 30 12

47

Frequency Planning Interference from other WLAN systems or cells IEEE 802.11 operates at uncontrolled ISM band 14 channels of 802.11 are overlapping, only 3 channels are

disjointed, e.g., Ch 1, 6, & 11 Throughput decreases with less channel spacing Example of frequency allocation in multi-cell network

0

1

2

3

4

5

6

Offset25MHz

Offset20MHz

Offset15MHz

Offset10MHz

Offset5MHz

Offset0MHz

Mbit/s 11Mb if/frag 512

2Mb if/frag 512

2Mb if/frag 2346

48

WLAN Technology Problems Data Speed

Effective throughput is still not enough Better with IEEE 802.11g/n

Interference Works in ISM band Share same frequency with microwave oven, Bluetooth, & others

Security Current WEP algorithm is weak – usually not ON!

Roaming No industry standard is available & propriety solution aren’t

interoperable Inter-operability

Only few basic functionality are interoperable, other vendor’s features can’t be used in a mixed network

49

WLAN Implementation Problems Lack of wireless networking experience for most IT

engineer Lack of well-recognized operation process on network

implementation Selecting access points with “best guess” method Unaware of interference from/to other networks Weak security policy As a result, a WLAN may have

Poor performance (coverage, throughput, capacity, & security) Unstable service Customer dissatisfaction

50

Summary Emerged as a replacement for wired LAN IEEE 802.11g is popular Many IEEE 802.11n devices are being deployed Data rate & security continue to improve Only a small subset of the available channels

can be effectively used No roaming access across different domains