IE 419/519 Wireless Networks Lecture Notes #4 IEEE 802.11 Wireless LAN Standard

advertisement
IE 419/519
Wireless Networks
Lecture Notes #4
IEEE 802.11 Wireless LAN Standard
Part #2
IEEE 802.11 MAC Layer

Key to the 802.11 specification




It “rides” on every PHY layer and controls the
transmission of user data into the air
Provides core framing operations
Provides interaction with a wired network
backbone
Covers three functional areas



Reliable data delivery
Medium access control
Security
2
MAC – Reliable Data Delivery



WLAN using the IEEE 802.11 PHY and MAC layers is
subject to considerable unreliability
Even with error-correction codes, a number of MAC
frames may not be received successfully
More efficient to deal with errors at the MAC level
than higher layer (e.g., TCP)
3
MAC – Reliable Data Delivery



(cont.)
802.11 incorporates positive acknowledgement
Frame exchange protocol
 Source station transmits data
 Destination responds with acknowledgment (ACK)
 If source does not receive ACK, it retransmits
frame
Four frame exchange
 Source issues request-to-send (RTS)
 Destination responds with clear-to-send (CTS)
 Source transmits data
 Destination responds with ACK
4
MAC – Reliable Data Delivery

(cont.)
Atomic Operation

802.11 allows stations to lock out contention during atomic
operations so that atomic sequences are not interrupted by
other stations attempting to use the transmission medium
5
MAC – Medium Access Control

The 802.11 working group considered two types of
proposals for a MAC algorithm



Distributed (like Ethernet), or
Centralized
The end result is a MAC algorithm called Distributed
Foundation Wireless MAC (DFWMAC)

The DFWMAC architecture provides a distributed access
control mechanism with an optional centralized control built
on top of that
6
MAC – Medium Access Control

(cont.)
DFWMAC architecture
7
802.11 MAC Frame Format
8
MAC Frame – Address Fields
Function
ToDS FromDS Address 1 Address 2 Address 3 Address 4
IBSS
Function
ToDS FromDS Address 1 Address 2 Address 3 Address 4
To AP (infra.)
802.11
Client
DS
AP
Server
9
MAC Frame – Address Fields
Function
(cont.)
ToDS FromDS Address 1 Address 2 Address 3 Address 4
From AP (infra.)
WDS (bridge)
802.11
DS
Server
AP
Client
802.11
AP
AP
Client
Server
10
MAC – Security


In wireless networks, the word “broadcast”
takes on an entirely new meaning
Original 802.11 standard

Privacy



Authentication


Wired Equivalent Privacy (WEP) algorithm
RC4 algorithm using a 40-bit key ( 104-bit key later)
Shared-key authentication
For more information, go to

http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
11
MAC – Security

WEP only addressed protection for the radio
link



Nothing beyond the AP
Did not include a framework for
authentication & authorization
Employed a pre-shared key for encryption



(cont.)
Suffered from severe weaknesses
Key had to be manually entered/changed on the
APs and all the stations
Used CRC for data integrity
12
MAC – Security

(cont.)
Types of Attacks

Unauthorized association with the AP

Man-in-the-middle

Rogue AP

Eavesdropping

MAC Spoofing

Denial of Service
13
MAC – Security


(cont.)
The 802.11i task group developed a set of
security mechanisms that eliminates most
802.11 security issues
802.11i addresses several security areas







Access Control
Authentication
Authorization
Confidentiality
Data Integrity
Key management
Protection against known attacks
14
MAC – Security

(cont.)
Security for WLANs focuses on

Access Control (i.e., authentication)



To prevent unauthorized users from communicating with
APs
To ensure that legitimate client units associate only with
trusted APs (not rogue or unauthorized APs)
Privacy


Only intended audience understands transmitted data
Encryption is key
15
MAC – Security

(cont.)
Four distinct WLAN security solutions exist



Open Access
Basic Security
Enhanced Security



Requires a Remote Authentication Dial-In User Service
(RADIUS) server
Also known as an Authentication, Authorization and
Accounting (AAA) server
Remote Access Security

Uses a VPN to allow access to corporate network and
access business applications
16
MAC – Security

(cont.)
Basic Security

SSID



Open or Shared-Key
Static WEP keys




“Sniffing” is a problem
40 or 128 bits
Very time consuming process, especially if they change
Stolen devices are a problem
MAC Authentication



Optional
APs have access to a list
MACs can be forged
17
MAC – Security

(cont.)
Basic Security II


WPA or WPA2 Pre-Shared Key (PSK)
Uses a password or identification code

Passphrase
Network Type
WPA
WPA2
Enterprise mode
(business,
government,
education)
Authentication:
IEEE 802.1x/EAP
Encryption:
TKIP/MIC
Authentication:
IEEE 802.1x/EAP
Encryption:
AES-CCMP
Personal mode
(SOHO,
home/personal)
Authentication:
PSK
Encryption:
TKIP/MIC
Authentication:
PSK
Encryption:
AES-CCMP
18
IEEE 802.11 PHY Layer

PHY media defined by original 802.11 standard
 Direct-sequence spread spectrum
 Operating in 2.4 GHz ISM band
 Data rates of 1 and 2 Mbps
 11 channels in the US, 13 in Europe, 1 in Japan
 Frequency-hopping spread spectrum
 Operating in 2.4 GHz ISM band
 Data rates of 1 and 2 Mbps
 70 channels in the US, 23 in Japan
 Infrared
 1 and 2 Mbps
 Wavelength between 850 and 950 nm
19
IEEE 802.11 PHY Layer
(cont.)
20
IEEE 802.11 PHY Layer
(cont.)
21
IEEE 802.11a

Channel structure


Makes use of the U-NII frequency bands
Standard specifies a transmit spectrum mask

Purpose is to constrain the spectral properties of the
transmitted signal such that signals in adjacent channels
do not interfere with one another
22
IEEE 802.11a

(cont.)
Channel structure

Available channels
23
IEEE 802.11a

(cont.)
Channel structure
A
FDM
OFDM
OFDM
f
f
f
24
IEEE 802.11a

(cont.)
Coding and Modulation

Uses Orthogonal Frequency Division Multiplexing
(OFDM)



Also called multicarrier modulation
Uses multiple carrier signals at different frequencies,
sending some of the bits in each channel
Subcarrier modulated using BPSK, QPSK, 16-QAM or 64QAM
25
IEEE 802.11a

(cont.)
Coding and Modulation
26
IEEE 802.11b




Extension of the 802.11 DSSS scheme
Provides data rates of 5.5 and 11 Mbps in the
ISM band
Uses chipping rate of 11 MHz thus occupying
the same bandwidth as original DSSS scheme
Higher data rate is achieved by using
complementary code keying (CCK) as
modulation scheme
27
IEEE 802.11b

(cont.)
Channel structure
1
2
3
4
5
6
7
8
9
10 11 12 13 14
1
2
3
4
5
6
7
8
9
10 11 12 13 14
28
IEEE 802.11g

Extension of 802.11b



Achieves data rates above 20 Mbps up to 54 Mbps
Operates in the 2.45 GHz range
Compatible with 802.11b
29
Other IEEE 802.11 Standards

802.11f


802.11i


Multi-vendor AP interoperability (IAPP)
Security and authentication mechanisms at the
MAC layer
802.11n

Range of enhancements to both PHY and MAC
layers to improve throughput



Multiple antennas
Smart antennas
Changes to MAC access protocols
30
References

The following references were used to
complement the material presented in this
module:


Gast, M.S., 802.11 Wireless Networks: The
Definitive Guide, 1st Edition, O’Reilly, 2002
Rivero, J., Porter, J.D., Puthpongsiriporn, T.,
Lemhachheche, R., Layton, W.T., Campus
Wireless Environment Deployment Guide, 2005.
31
Download