EE579S Computer Security - Worcester Polytechnic Institute
advertisement
ECE537 Advanced and High Performance Networks 4: Implementation Issues with Mobile Networking Professor Richard A. Stanley, P.E. Spring 2009 © 2000-2009, Richard A. Stanley ECE537/4 #1 Overview of Tonight’s Class • Student presentations/discussions on MANET • Review of last time • Issues in mobile networking implementations ECE537/4 #2 Last time… • Mobile networking needs are growing • Two basic networking needs: – Mobile nodes in established networks – Ad hoc networking • Coexistence of IPv4 and IPv6 complicates sharing of data across different mobile protocols ECE506/4 #3 MANET, etc. ECE506/4 #4 Mobile Networking Issues • Virtually all mobile networking involves wireless hosts and/or clients • Wireless, in turn, usually means radio links – Sometimes IR • Radio links bring their own problems into the mix, and we cannot ignore the effects of these Layer 1 issues on Layers 2 & 3 ECE506/4 #5 WiFi: IEEE 802.11x • The IEEE 802.11 protocol is an extension of the IEEE 802.3 protocol for wired networks. • The IEEE 802.3 protocol defines the Media Access Control (MAC) and physical layers for a wired network. ECE506/4 #6 802.3 • The IEEE 802.3 standard is most widely used standard for wired network which was developed out of the original work done on Ethernet. Ethernet was developed by Xerox corporation's Palo Alto research center (PARC) in the 1970s and was the technological basis for the IEEE 802.3 specification, which was initially released in 1980. Today, the term Ethernet is often used to refer to all carrier sense multiple access/collision detection (CSMA/CD) LAN’s that generally conform to Ethernet specifications, including IEEE 802.3. ECE506/4 #7 802.3 (Continued) • The 802.3 protocol has many implementations that are available and to distinguish between them the committee has developed a concise notation. • <data rate in Mbps><signaling method><maximum length in hundreds of meters> • The defined alternatives for a 10Mbps date rate are – – – – 10BASE5 10BASE2 10BASE-T (T= Twisted Pair) 10BASE-F (F= Optical Fiber) ECE506/4 #8 802.3 (Continued) • The defined alternatives for a 100Mbps data rate are – 100BASE-TX (two pairs of data grade twistedpair wire) – 100BASE-FX (a two-strand optical fiber cable) – 100BASE-T4 (four pairs of telephone twisted pair wire) ECE506/4 #9 802.11 Versus 802.3 The 802.11 standard is similar in most respects to the IEEE 802.3 Ethernet standard. Specifically, the 802.11 standard addresses: • Functions required for an 802.11 compliant device to operate either in a peer-to-peer fashion or integrated with an existing wired LAN • Operation of the 802.11 device within possibly overlapping 802.11 wireless LANs and the mobility of this device between multiple wireless LANs • MAC level access control and data delivery services to allow upper layers of the 802.11 network • Several physical layer signaling techniques and interfaces • Privacy and security of user data being transferred over the wireless media ECE506/4 #10 802.11 versus 802.3 • There are a number of characteristics that are unique to the wireless environment (as compared to a wired LAN) that the 802.11 standard must take into consideration. The physical characteristics of a wireless LAN introduce range limitations, unreliable media and dynamic topologies where stations move about, interference from outside sources, and lack of the ability for every device to ‘hear’ every other device within the WLAN. ECE506/4 #11 802.11 versus 802.3 • These limitations force the WLAN standard to create fundamental definitions for shortrange LANs made up of components that are within close proximity of each other. Larger geographic coverage is handled by building larger LANs from the smaller fundamental building blocks or by integrating the smaller WLANs with an existing wired network. ECE506/4 #12 Mobility • Mobility of wireless stations is the most important feature of a wireless LAN. A WLAN would not serve much purpose if stations were not able to move about freely from location to location either within a specific WLAN or between different WLAN ‘segments’. ECE506/4 #13 Mobility (Continued) • For compatibility purposes, the 802.11 MAC must appear to the upper layers of the network as a ‘standard’ 802 LAN. The 802.11 MAC layer is forced to handle station mobility in a fashion that is transparent to the upper layers of the 802 LAN stack. This forces functionality into the 802.11 MAC layer that is typically handled by upper layers. ECE506/4 #14 802.11 WLAN Architecture The 802.11 architecture is comprised of several components and services that interact to provide station mobility transparent to the higher layers of the network stack. Wireless LAN Station The station (STA) is the most basic component of the wireless network. A station is any device that contains the functionality of the 802.11 protocol, that being MAC, PHY, and a connection to the wireless media. Typically the 802.11 functions are implemented in the hardware and software of a network interface card (NIC). A station could be a laptop PC, handheld device, or an Access Point. Stations may be mobile, portable, or stationary and all stations support the 802.11 station services of authentication, de-authentication, privacy, and data delivery. ECE506/4 #15 802.11 WLAN Architecture • Basic Service Set (BSS) 802.11 defines the Basic Service Set (BSS) as the basic building block of an 802.11 wireless LAN. The BSS consists of a group of any number of stations. ECE506/4 #16 802.11 Topologies • Independent Basic Service Set (IBSS) The most basic wireless LAN topology is a set of stations, which have recognized each other and are connected via the wireless media in a peer-to-peer fashion. This form of network topology is referred to as an Independent Basic Service Set (IBSS) or an Ad-hoc network. ECE506/4 #17 IBSS • In an IBSS, the mobile stations communicate directly with each other. Every mobile station may not be able to communicate with every other station due to the range limitations. There are no relay functions in an IBSS therefore all stations need to be within range of each other and communicate directly. Independent Basic Service Set (IBSS) ECE506/4 #18 Infrastructure Basic Service Set • An Infrastructure Basic Service Set is a BSS with a component called an Access Point (AP). The access point provides a local relay function for the BSS. All stations in the BSS communicate with the access point and no longer communicate directly. All frames are relayed between stations by the access point. This local relay function effectively doubles the range of the IBSS. The access point may also provide connection to a distribution system. Distribution System ECE506/4 #19 Distribution System • The distribution system (DS) is the means by which an access point communicates with another access point to exchange frames for stations in their respective BSSs, forward frames, to follow mobile stations as they move from one BSS to another, and exchange frames with a wired network. • As IEEE 802.11 describes it, the distribution system is not necessarily a network nor does the standard place any restrictions on how the distribution system is implemented, only on the services it must provide. Thus the distribution system may be a wired network like 803.2 or a special purpose box that interconnects the access points and provides the required distribution services. ECE506/4 #20 Extended Service Set • Extending coverage via an Extended Service Set (ESS) 802.11 extends the range of mobility to an arbitrary range through the ESS. An extended service set is a set of infrastructure BSS’s, where the access points communicate amongst themselves to forward traffic from one BSS to another, to facilitate movement of stations between BSS’s. The access point performs this communication through the distribution system. The distribution system is the backbone of the wireless LAN and may be constructed of either a wired LAN or wireless network ECE506/4 #21 ESS • Typically the distribution system is a thin layer in each access point that determines the destination for traffic received from a BSS. The distribution system determines if traffic should be relayed back to a destination in the same BSS, forwarded on the distribution system to another access point, or sent into the wired network to a destination not in the extended service set. Communications received by an access point from the distribution system are transmitted to the BSS to be received by the destination mobile station. ECE506/4 #22 ESS • Network equipment outside of the extended service set views the ESS and all of its mobile stations as a single MAC-layer network where all stations are physically stationary. Thus, the ESS hides the mobility of the mobile stations from everything outside the ESS. This level of indirection provided by the 802.11 architecture allows existing network protocols that have no concept of mobility to operate correctly with a wireless LAN where there is mobility. ECE506/4 #23 ESS ECE506/4 #24 Distribution Services • Distribution services provide functionality across a distribution system. Typically, access points provide distribution services. The five distribution services and functions detailed below include: association, disassociation, re-association, distribution, and integration. ECE506/4 #25 Association • The association service is used to make a logical connection between a mobile station and an access point. Each station must become associated with an access point before it is allowed to send data through the access point onto the distribution system. The connection is necessary in order for the distribution system to know where and how to deliver data to the mobile station. The mobile station invokes the association service once and only once, typically when the station enters the BSS. Each station can associate with one access point though an access point can associate with multiple stations. ECE506/4 #26 Disassociation • Disassociation The disassociation service is used either to force a mobile station to eliminate an association with an access point or for a mobile station to inform an access point that it no longer requires the services of the distribution system. When a station becomes disassociated, it must begin a new association to communicate with an access point again. An access point may force a station or stations to disassociate because of resource restraints, the access point is shutting down or being removed from the network for a variety of reasons. When a mobile station is aware that it will no longer require the services of an access point, it may invoke the disassociation service to notify the access point that the logical connection to the services of the access point from this mobile station is no longer required. ECE506/4 #27 Disassociation • Stations should disassociate when they leave a network, though there is nothing in the architecture to assure this happens. Disassociation is a notification and can be invoked by either associated party. Neither party can refuse termination of the association. ECE506/4 #28 Re-association • Re-Association enables a station to change its current association with an access point. The reassociation service is similar to the association service, with the exception that it includes information about the access point with which a mobile station has been previously associated. A mobile station will use the re-association service repeatedly as it moves through out the ESS, loses contact with the access point with which it is associated, and needs to become associated with a new access point. ECE506/4 #29 Re-association • By using the re-association service, a mobile station provides information to the access point to which it will be associated and information pertaining to the access point which it will be disassociated. This allows the newly associated access point to contact the previously associated access point to obtain frames that may be waiting there for delivery to the mobile station as well as other information that may be relevant to the new association. The mobile station always initiates re-association. ECE506/4 #30 Distribution • Distribution is the primary service used by an 802.11 station. A station uses the distribution service every time it sends MAC frames across the distribution system. The distribution service provides the distribution with only enough information to determine the proper destination BSS for the MAC frame. The three association services (association, re-association, and disassociation) provide the necessary information for the distribution service to operate. Distribution within the distribution system does not necessarily involve any additional features outside of the association services, though a station must be associated with an access point for the distribution service to forward frames properly. ECE506/4 #31 Integration • The integration service connects the 802.11 WLAN to other LANs, including one or more wired LANs or 802.11 WLANs. A portal performs the integration service. The portal is an abstract architectural concept that typically resides in an access point though it could be part of a separate network component entirely. The integration service translates 802.11 frames to frames that may traverse another network, and vice versa. ECE506/4 #32 802.11 Media Access Control • The 802.11 MAC layer provides functionality to allow reliable data delivery for the upper layers over the wireless PHY media. The data delivery itself is based on an asynchronous, best-effort, connectionless delivery of MAC layer data. There is no guarantee that the frames will be delivered successfully. • The 802.11 MAC provides a controlled access method to the shared wireless media called Carrier-Sense Multiple Access with Collision Avoidance (CSMA/CA). CSMA/CA is similar to the collision detection access method deployed by 802.3 Ethernet LANs. ECE506/4 #33 802.11 Media Access Control • Another function of the 802.11 MAC is to protect the data being delivered by providing security and privacy services. Security is provided by the authentication services and by Wireless Equivalent Privacy (WEP), which is an encryption service for data delivered on the WLAN. ECE506/4 #34 CSMA/CA • The fundamental access method of 802.11 is Carrier Sense Multiple Access with Collision Avoidance or CSMA/CA. CSMA/CA works by a "listen before talk scheme". This means that a station wishing to transmit must first sense the radio channel to determine if another station is transmitting. If the medium is not busy, the transmission may proceed. ECE506/4 #35 CSMA/CA • The CSMA/CA protocol avoids collisions among stations sharing the medium by utilizing a random backoff time if the station’s physical or logical sensing mechanism indicates a busy medium. The period of time immediately following a busy medium is the highest probability of collisions occurring, especially under high utilization. ECE506/4 #36 CSMA/CA • The CSMA/CA scheme implements a minimum time gap between frames from a given user. Once a frame has been sent from a given transmitting station, that station must wait until the time gap is up to try to transmit again. Once the time has passed, the station selects a random amount of time (the backoff interval) to wait before "listening" again to verify a clear channel on which to transmit. If the channel is still busy, another backoff interval is selected that is less than the first. This process is repeated until the waiting time approaches zero and the station is allowed to transmit. This type of multiple access ensures judicious channel sharing while avoiding collisions. ECE506/4 #37 802.11 “Flavors” - 1 • • • • • • • • • • • • • IEEE 802.11 - The WLAN standard was originally 1 Mbps and 2 Mbps, 2.4 GHz RF and infrared [IR] standard (1997), all the others listed below are Amendments to this standard, except for Recommended Practices 802.11F and 802.11T. IEEE 802.11a - 54 Mbit/s, 5 GHz standard (1999, shipping products in 2001) IEEE 802.11b - Enhancements to 802.11 to support 5.5 and 11 Mbit/s (1999) IEEE 802.11c — Bridge operation procedures; included in the IEEE 802.1D standard (2001) IEEE 802.11d - International (country-to-country) roaming extensions (2001) IEEE 802.11e - Enhancements: QoS, including packet bursting (2005) IEEE 802.11F - Inter-Access Point Protocol (2003) Withdrawn February 2006 IEEE 802.11g - 54 Mbit/s, 2.4 GHz standard (backwards compatible with b) (2003) IEEE 802.11h - Spectrum Managed 802.11a (5 GHz) for European compatibility (2004) IEEE 802.11i - Enhanced security (2004) IEEE 802.11j - Extensions for Japan (2004) IEEE 802.11-2007 - A new release of the standard that includes amendments a, b, d, e, g, h, i & j. (July 2007) IEEE 802.11k - Radio resource measurement enhancements (2008) ECE506/4 #38 802.11 “Flavors” - 2 • • • • • • • • • • • • • • IEEE 802.11n - Higher throughput improvements using MIMO (multiple input, multiple output antennas) (September 2009) IEEE 802.11p - WAVE — Wireless Access for the Vehicular Environment (such as ambulances and passenger cars) (working — June 2010) IEEE 802.11r - Fast roaming Working "Task Group r" - (2008) IEEE 802.11s - Mesh Networking, Extended Service Set (ESS) (working — September 2010) IEEE 802.11T — Wireless Performance Prediction (WPP) - test methods and metrics Recommendation cancelled IEEE 802.11u - Interworking with non-802 networks (for example, cellular) (working — September 2010) IEEE 802.11v - Wireless network management (working — June 2010) IEEE 802.11w - Protected Management Frames (September 2009) IEEE 802.11y - 3650-3700 MHz Operation in the U.S. (2008) - Extensions to Direct Link Setup (DLS) (August 2007 - December 2011) - Robust streaming of Audio Video Transport Streams (March 2008 - June 2011) IEEE 802.11mb — Maintenance of the standard. Expected to become 802.11-2011. (ongoing) - Very High Throughput <6GHz (September 2008 - December 2012) - Extremely High Throughput 60GHz (December 2008 - December 2012) ECE506/4 #39 802.11 Physical Layer (PHY) • The 802.11 physical layer (PHY) is the interface between the MAC and the wireless media where frames are transmitted and received. The PHY provides three functions. First, the PHY provides an interface to exchange frames with the upper MAC layer for transmission and reception of data. Secondly, the PHY uses signal carrier and spread spectrum modulation to transmit data frames over the media. Thirdly, the PHY provides a carrier sense indication back to the MAC to verify activity on the media. ECE506/4 #40 802.11 Physical Layer (PHY) • 802.11 provides three different PHY definitions: Both Frequency Hopping Spread Spectrum (FHSS) and Direct Sequence Spread Spectrum (DSSS) support 1 and 2 Mbps data rates. ECE506/4 #41 802.11b • Operating in the 2.4GHz frequency range, 802.11b (aka Wi-Fi) has a nominal maximum data rate of 11Mbps, with the potential of three simultaneous channels. 802.11b has a great advantage in that it is accepted worldwide. One of the more significant disadvantages of 802.11b is that the frequency band is crowded, and subject to interference from other networking technologies, microwave ovens, 2.4GHz cordless phones (a huge market), and Bluetooth. There are drawbacks to 802.11b, including lack of interoperability with voice devices, and no QoS provisions for multimedia content. Interference and other limitations aside, 802.11b is the clear leader in business and institutional wireless networking and is gaining share for home applications as well. ECE506/4 #42 802.11a • Much faster than 802.11b – 54Mbps maximum data rate (actually increased to 72Mbps or 108Mbps in a non-standard double-speed mode depending on the chipset vendor and component manufacturer) – Operates in the 5GHz frequency range and allows eight simultaneous channels. One big advantage to 802.11a is that it isn't subject to interference from Bluetooth or any of the other 2.4GHz frequency denizens. ECE506/4 #43 802.11a • One big disadvantage is that it is not directly compatible with 802.11b, and requires new bridging products that can support both types of networks, although if you don't mind spending the money for access points for both 11a and 11b, you can plug them into hubs or better yet, switches on your network and they'll work just fine. Other clear disadvantages are that 802.11a is only available in half the bandwidth in Japan (for a maximum of four channels), and it isn't approved for use in Europe, where HiperLAN2 is the standard. • Like 802.11b, 802.11a has no provisions to optimize voice or multimedia content. ECE506/4 #44 802.11g • Operates in the 2.4GHz frequency band with mandatory compatibility with 802.11b but with a maximum data rate of 54Mbps • Uses a minimum of two modes (both mandatory) with two optional modes. – The mandatory modulation/access modes are the same CCK (Complementary Code Keying) mode used by 802.11b (hence the compatibility with Wi-Fi) and the OFDM (Orthogonal Frequency Division Multiplexing) mode used by 802.11a (but in this case in the 2.4GHz frequency band). The mandatory CCK mode supports 11Mbps and the OFDM mode has a maximum of 54Mbps. – There are also two modes that use different methods to attain a 22Mbps data rate--TI's PBCC-22 (Packet Binary Convolutional Coding, rated for 6 to 54Mbps) and Intersil's CCK-OFDM mode (with a rated max of 33Mbps). ECE506/4 #45 802.11g • The obvious advantage of 802.11g is that it maintains compatibility with 802.11b (and 802.11b's worldwide acceptance) and also offers faster data rates comparable with 802.11a. The number of channels available, however, is not increased, since channels are a function of bandwidth, not radio signal modulation and on that score, 802.11a wins with its eight channels, compared to the three channels available with either 802.11b or 802.11g. Another disadvantage of 802.11g is that the 2.4GHz frequency will get even more crowded ECE506/4 #46 Wireless Networking Challenges – Disconnection • User moves out of range, or obstacle comes in between • Techniques to cope with this: – Operate asynchronously: lazy-write-back, prefetching – Expose disconnection to the user ECE506/4 #47 Wireless Networking Challenges – Low Bandwidth • Result of shared channel, high attenuation • Techniques to cope with this: – – – – – More spectrum (but this is a limited resource) Smaller cells Compression Pre-fetching, lazy write-back Intelligent scheduling ECE506/4 #48 Wireless Networking Challenges – Variable Bandwidth • Sources of variability: – Moving from wired to wireless – Moving from one wireless network to another – Changing location • Techniques to cope with this: – Application has to adapt to changing bandwidth availability ECE506/4 #49 Wireless Networking Challenges – Security Risks • Problem: broadcast medium! – No well defined boundary • Techniques to cope with this: – Design system with security in mind • Problem: device can be stolen! • Techniques to cope with this – Protect data in the device (e.g. using PIN) ECE506/4 #50 Wireless Networking Challenges – Mobility • Network address has to change! • Techniques to cope with this: – Decouple identity from location – Need to keep track of user location – Paging mechanism ECE506/4 #51 Wireless Networking Challenges – Power Consumption • Portable devices cannot have large batteries • Techniques to cope with this: – Design system with power in mind – All protocols and applications must be poweraware ECE506/4 #52 Wireless Networking Challenges – User Interface • Wireless applications cannot expect a sophisticated interface: – Form factor & capability of device may be limited • Techniques to cope with this: – Application specific – Clever UI design (e.g. voice recognition) ECE506/4 #53 RF Propagation Questions: – How does RF propagate with distance? – Behavior under different environments – How to quantify these? Goals: – – – – Estimate coverage area, link performance Use: Determine network design parameters • Locations of transmitters • Transmit power • Types of antennae ECE506/4 #54 Three Basic Propagation Phenomena ECE506/4 #55 The Electromagnetic Spectrum ECE506/4 #56 Path Loss in Decibels (dB) ECE506/4 #57 Absolute Power in dBm ECE506/4 #58 Putting it Together ECE506/4 #59 Estimating Path Loss ECE506/4 #60 Frii’s Free-Space Equation ECE506/4 #61 Path Loss Example ECE506/4 #62 Remarks • Free space path loss is idealistic • In reality, there is more path loss – Proportional to d^3 or higher – Particularly true for moving terminals • Several path loss models are available – For indoor environments, outdoor metropolitan, etc. ECE506/4 #63 Some Path Loss Models • • • • Ground reflection (two-ray) model Knife-edge diffraction model Outdoor propagation models Indoor propagation models (site-specific) – Partition losses (measured) – Depends on material ECE506/4 #64 Received Signal Strength ECE506/4 #65 Fading and Multipath ECE506/4 #66 Short- and Long-Term Fading ECE506/4 #67 Channel Impulse Response ECE506/4 #68 Power Delay Spread ECE506/4 #69 ECE506/4 #70 RMS Delay Spread Examples ECE506/4 #71 Delay Spread Observations • RMS delay spread is a good measure of multipath – Urban environments: 2-10 µs – Indoors: 10-500 ns • Symbol time: time to transmit a bit (0/1) • Symbol time ~ RMS delay spread ==> Inter-Symbol Interference (ISI) – Equalization required – Generally, ISI results when symbol time < 10 x RMS-delay-spread • Thus, delay spread puts an upper bound on network signaling speed ECE506/4 #72 Summary • Wireless networking is growing rapidly in importance • There are many “special” considerations for wireless networking • Unlike most wired networking, physical layer effects play a large in proper design of a network and its protocols ECE506/4 #73 Homework • Choose a wireless network which you can discuss in class. Analyze the interaction(s) between network design, protocol(s), physical layer constraints, and performance bounds. Prepare a paper of approximately 1100 words describing your findings. • Be prepared to discuss your findings with the class for 5-10 minutes next week. You may use slides if you desire. Spring 2009 © 2000-2009, Richard A. Stanley ECE506/4 #74 Disclaimer Parts of the lecture slides contain original work of the Indian Institute of Technology Kanpur and remain copyrighted materials by the original owner(s). The slides are intended for the sole purpose of instruction of computer networks at Worcester Polytechnic Institute. Spring 2009 © 2000-2009, Richard A. Stanley ECE506/4 #75
