ilab WLAN Wireless transmission problems Error rate is much higher - PowerPoint PPT Presentation

Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München ilab WLAN

Wireless transmission problems  Error rate is much higher  Interferences  multipath propagation  Receiving rate decreases quadratically with the distance  Collision detection is difficult  We can‘t distinghuish collisions from other errors  Not full duplex  No CSMA/CD possible  Aim: avoid collisions in the first place  Highest propability for collisions: • Station A is sending data • Stations B and C both get data to send out but the medium is busy • Once the medium is available, B and C start sending at the same time Ilab - WLAN 2

Hidden-Terminals and Exposed-Terminals  Hidden-Terminals  A is sending to B, C cannot hear A  C wants to send to B, C assumes the medium is free (CS fails)  Collision at B, A cannot detect the collision (CD fails)  A is a hidden terminal for C  Exposed-Terminals  B is sending to A, A B C C wants to send data to D  C detects a busy medium and waits  C is out of range from A -> could send to D right away A B C D Ilab - WLAN 3

Infrastructure- vs. Ad-hoc-Network Infrastructure network AP: Access Point AP Wired network AP AP Ad-hoc-Netzwork Ilab - WLAN 4

802.11 – Architecture of an Infrastructure network  Station (STA) 802.11 LAN  802.x LAN Terminal that is capable of accessing the medium STA 1  Basic Service Set (BSS) BSS 1  Group of stations that use the same Portal Access frequency Point Distribution System  Access Point  Access Allows wired devices to connect to a ESS Point wireless system BSS 2  Portal  Bridge to other (wired) networks STA 3 STA 2  Distribution System 802.11 LAN  Interconnection-Netzwerk ESS: group of multiple BSS Ilab - WLAN 5

802.11 – Layers  PMD - Physical Medium Dependent  MAC  Modulation, Coding  Access Control mechanisms,  FHSS fragmentation, encryption  DSSS  MAC Management  PLCP - Physical Layer Convergence  Synchronization, Roaming, Power- Management Protocol  Carrier-Sense  PHY Management  Channel selection Station Management LLC DLC Layer 2 MAC MAC Management PLCP PHY Layer 1 PHY Management PMD Ilab - WLAN 6

WLAN packets Layer 1 Header Layer 2 Header Ilab - WLAN 7

Example Infrastructure STA 1 STA 2 LAN 1 AP 1 AP 2 STA 5 STA 4 STA 3 LAN 2 STA 6 STA 7 Ilab - WLAN 8

Layer 2 addresses  Frame Control field To/From DS values Meaning To DS = 0, From DS = 0 A data frame direct from one STA to another STA within the same IBSS, as well as all management and control type frames -> Ad Hoc Mode To DS = 0, From DS = 1 Data frame exiting the DS To DS = 1, From DS = 0 Data frame destined for the DS. To DS = 1, From DS = 1 Wireless distribution system (WDS) frame being distributed from one AP to another AP.  Addresses To DS From DS Address 1 Address 2 Address 3 Address 4 0 0 RA = DA TA = SA BSSID N/A 0 1 RA = DA TA = BSSID SA N/A 1 0 RA = BSSID TA = SA DA N/A 1 1 RA TA DA SA DA: Destination Address RA: Receiver Address SA: Source Address TA: Transmitter Address Ilab - WLAN 9

Example STA1 to STA6 Addr1: STA1 STA 1 STA 2 Addr2: STA6 LAN 1 STA1 to STA6 to DS: 1 from DS: 1 Addr1: AP2 Addr2: AP1 AP 1 Addr3: STA6 Addr4: STA1 STA3 to STA4 AP 2 to DS: 1 from DS: 0 STA3 to STA4 Addr1: AP1 to DS: 0 from DS: 1 Addr2: STA3 Addr1: STA4 Addr3: STA4 Addr2: AP1 STA 5 Addr3: STA3 STA1 to STA6 Addr1: STA1 STA 4 Addr2: STA6 STA 3 LAN 2 STA 6 STA 7 Ilab - WLAN 10

802.11 – Physical Layer  3 variants: 2x radio (2.4 GHz Band), 1x IR  data rate 1 or 2 Mbit/s  Infrarot – standardized but not implemented  FHSS (Frequency Hopping Spread Spectrum) – outdated  1 Mbit/s  Channel hopping  DSSS (Direct Sequence Spread Spectrum)  Signal is spread using a random code  Various modulation techniques  max. transmission power 1 W (USA), 100 mW (EU), min. 1mW  Preamble and PHY-Header always: 1 Mbit/s, otherwise 1 or 2 Mbit/s  802.11b: Short Preamble and data up to 11 Mbit/s Ilab - WLAN 11

802.11 – Physical Layer  New: OFDM (Orthogonal Frequency-Division Multiplexing)  A large number of closely-spaced sub-carriers are used to carry data  Very robust and efficient  802.11a and 802.11g: up to 54 MBit/s  Very new: OFDM + MIMO  Multiple Antennas: Multiple input, multiple output  802.11n: 100 MBit/s netto  Frequency range  2,4 GHz ISM-Band • Not only WLAN but also : microwaves, bluetooth, ZigBee, wireless headphones…  5GHz Band  „more quiet“ Ilab - WLAN 12

802.11 – MAC-Layer - DFWMAC  Access control mechanisms  DFWMAC- DCF CSMA/CA (mandatory) • Distributed Foundation Wireless Medium Access Control – Distributed Coordination Function • Collision-Avoidance per random „Back-off“-mechanism • Minimal gap between two consecutive packets • Special ACK packet  DFWMAC- DCF w/ RTS/CTS (optional) – usually implemented • Distributed Foundation Wireless MAC with Request-to-Send / Clear-to-Send • RTS/CTS helps with the hidden terminal problem  DFWMAC- PCF (optional) – usually not implemented • Point Coordination Function • Access-Point polls the terminals  New: 802.11e  Quality of Service packet prioritization  New energy saving mechanisms Ilab - WLAN 13

802.11 – MAC-Layer  Priorities  By different inter frame spaces 802.11b DSSS:  SIFS (Short Inter Frame Spacing) SIFS: 10 µs Slot Time: 20 µs • Highest priority for ACK, CTS, Polling-answer  PIFS (PCF, Point Coordination Function IFS) • Medium priority for time-bounded services with PCF • PIFS = SIFS + 1 Slot Times  DIFS (DCF, Distributed Coordination Function IFS) • Lowest priority for asynchronous data transmission • DIFS = SIFS + 2 Slot Times DIFS DIFS PIFS SIFS medium busy contention next frame t direct access if medium is free ≥ DIFS Ilab - WLAN 14

802.11 – Access via CSMA/CA I contention window (randomized back-off DIFS DIFS mechanism) medium busy next frame t direct access if medium is free ≥ DIFS slot time  Once a station is ready to send out data, it checks the medium if it is free (carrier sense)  If the medium is available for the length of a DIFS, the station begins to send  (*) If the medium is busy, the station has to wait until the medium has been free for a whole DIFS. Then the station waits an additional random back-off-time (collision avoidance)  If another station uses the medium during the back-off time, the timer is stopped and we continue at (*) Ilab - WLAN 15

802.11 – Access via CSMA/CA II  Transmission of unicast packets  Receiver sends ACK (after SIFS) right after the packet has been received successfully (CRC check passed) • Highest priority for ACKs DIFS data sender SIFS ACK receiver DIFS data other stations t waiting time contention Ilab - WLAN 16

802.11 – multiple stations - simplyfied DIFS DIFS DIFS DIFS bo e bo r bo e bo r bo e busy station 1 bo e busy station 2 busy station 3 bo e bo e bo r busy station 4 bo e bo r bo e bo e bo r busy station 5 t medium not idle (frame, ack etc.) elapsed backoff time bo e busy packet arrival at MAC bo r residual backoff time Ilab - WLAN 17

Extension: RTS and CTS  Ready to Send (RTS) and Clear to Send (CTS) frames  RTS is sent before every transmission  contains the expected duration of the transmission  Receiver has to confirm via a CTS  Everyone who received the CTS known that the medium will be busy for the specified duration  Solves the hidden terminal problem  B‘s CTS is also received by C A B C Ilab - WLAN 18

Synchronization via beacon (Infrastructure) beacon interval B B B B access point busy busy busy busy medium t B value of the timestamp beacon frame  Synchronization needed for  Power Management  Quality of Service  FHSS  Beacon also contains BSS-ID  Helps new stations to join the network Ilab - WLAN 19

Synchronization via Beacon (Ad-hoc) beacon interval B 1 B 1 station 1 B 2 B 2 station 2 busy busy busy busy medium t B value of the timestamp beacon frame random delay Ilab - WLAN 20

WLAN-Security WEP & WPA Ilab - WLAN 21

WEP – Wired Equivalent Privacy  Encryption of the IEEE 802.11-Standards Authentication  Open System (= no authentication)  Shared Key  No key management, not suitable for large networks Confidentiality  Stream chipher RC4 Integrity  CRC32 Ilab - WLAN 22

Drawbacks of WEP Integrity  RC4 and CRC32 are linear, manipulation possible  CRC32(A XOR B) = CRC32(A) XOR CRC32(B) Confidentiality  Key length only 40 Bit (political reasons, export restrictions)  Too short  Extended to 128bit (WEP2)  Key stream is often reused  C 1 ⊕ C 2 = (P 1 ⊕ K) ⊕ (P 2 ⊕ K) = P 1 ⊕ P 2  In 2001, Scott Fluhrer, Itsik Mantin und Adi Shamir showed how to break WEP in a short period of time  Today: WEP keys can be broken within a few minutes Ilab - WLAN 23