iLab Wireless Networks Florian Wohlfart wohlfart@in.tum.de Chair - - PowerPoint PPT Presentation

ilab
SMART_READER_LITE
LIVE PREVIEW

iLab Wireless Networks Florian Wohlfart wohlfart@in.tum.de Chair - - PowerPoint PPT Presentation

Oct 29, 2022 524 likes •829 views

iLab Wireless Networks Florian Wohlfart wohlfart@in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 10 17ws 1 / 28 Outline Wireless Communication General Problems

slide-1
SLIDE 1

iLab

Wireless Networks Florian Wohlfart wohlfart@in.tum.de

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Lab 10 – 17ws

1 / 28

slide-2
SLIDE 2

Outline

Wireless Communication General Problems Channel Access Methods Types of Wireless Networks Wireless LAN (IEEE 802.11) Physical Layer Data Link Layer Medium Access Control WLAN Security

2 / 28

slide-3
SLIDE 3

Outline

Wireless Communication General Problems Channel Access Methods Types of Wireless Networks Wireless LAN (IEEE 802.11) Physical Layer Data Link Layer Medium Access Control WLAN Security

3 / 28

slide-4
SLIDE 4

General Problems in Wireless Data Transmission

◮ half-duplex operation (self interference) ◮ interference – there is only one shared medium ◮ signal strength decreasing quadratically with the distance ◮ multipath propagation due to reflection and refraction

source: http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/82068-omni-vs-direct.html

4 / 28

slide-5
SLIDE 5

Recap: Ethernet (IEEE 802.3)

◮ full-duplex, high-speed data transmission ◮ negligible interference ◮ usually no medium access control (CSMA/CD) necessary

switches limit collision domains to only two endpoints

◮ no built-in security 5 / 28

slide-6
SLIDE 6

Channel Access Methods

Frequency Division Multiple Access (FDMA)

◮ each data stream uses a different frequency band

Time Division Multiple Access (TDMA)

◮ each data stream uses a different time-slot

Code Division Multiple Access (CDMA)

◮ multiplexing based on spreading-codes

Space Division Multiple Access (SDMA)

◮ frequency reuse in different physical areas 6 / 28

slide-7
SLIDE 7

FDMA: Frequency Spectrum (US, 3KHz – 30 GHz)

source: http://www.ntia.doc.gov/files/ntia/publications/spectrum_wall_chart_aug2011.pdf

7 / 28

slide-8
SLIDE 8

FDMA: Frequency Spectrum (DE, cellular networks)

source: https://www.bundesnetzagentur.de/SharedDocs/Downloads/DE/Allgemeines/Presse/Pressemitteilungen/ 2010/100830VerlosungGraphikFrequenzspektrum_pdf.pdf?__blob=publicationFile&v=3

8 / 28

slide-9
SLIDE 9

Frequency Spectrum Summary

Unlicensed Operation

◮ 13.56 MHz NFC, RFID ◮ 2.4 GHz WLAN, Bluetooth, ZigBee, microwave ovens, RFID,

etc.

◮ 5 GHz WLAN

Mobile Networks (Germany)

◮ GSM (2G) 900, 1800 MHz ◮ UMTS (3G) 2100 MHz ◮ LTE (4G) 800, 1800, 2600 MHz 9 / 28

slide-10
SLIDE 10

Space Division Multiple Access (SDMA)

CC BY-SA 2.5 by Andrew pmk source: https://upload.wikimedia.org/wikipedia/ commons/e/ee/Frequency_reuse.svg Cellular base stations in Munich source: http://emf3.bundesnetzagentur.de/karte/default.aspx

10 / 28

slide-11
SLIDE 11

Types of Wireless Networks

single-hop multi-hop infrastructure- less WLAN (ad-hoc mode), Bluetooth, ZigBee Mobile ad-hoc networks e.g. car-to-car infrastructure- based WLAN (infrastructre mode), cellular networks (GSM, WIMAX, LTE) Wireless mesh networks

11 / 28

slide-12
SLIDE 12

Outline

Wireless Communication General Problems Channel Access Methods Types of Wireless Networks Wireless LAN (IEEE 802.11) Physical Layer Data Link Layer Medium Access Control WLAN Security

12 / 28

slide-13
SLIDE 13

Terminology

◮ station wireless host ◮ access point base station ◮ basic service set (BSS)

group of communication partners that use the same channel

◮ extended service set

(ESS) group of multiple interconnected BSS with common service set identifier (SSID)

◮ distribution system

interconnection network

13 / 28

slide-14
SLIDE 14

Physical Layer: IEEE 802.11 PHY Standards

Name Frequency

  • Max. data rate

Published 802.11 2.4 GHz 2 Mbit/s 1997 802.11a 5 GHz 54 Mbit/s 1999 802.11b 2.4 GHz 11 Mbit/s 1999 802.11g 2.4 GHz 54 Mbit/s 2003 802.11n 2.4 + 5 GHz 600 Mbit/s 2009 802.11ac 5 GHz 6.77 Gbit/s 2013

14 / 28

slide-15
SLIDE 15

Data Link Layer: Frames

Management Frames

◮ beacon frame (periodical announcement by the AP, e.g. SSID) ◮ association request frame / association response frame (station

joins the network)

◮ authentication frame

Control Frames

◮ acknowledgement (ACK) frame, reliability ◮ request-to-send (RTS) frame (optional extension) ◮ clear-to-send (CTS) frame (optional extension)

Data Frames

◮ actual data transmission 15 / 28

slide-16
SLIDE 16

Datagram Header

15 16 31

ver

type subtype to DS fr DS

... duration / ID address 1 address 1 address 2 address 2 address 3 address 3 sequence control address 4 address 4 data (0–2312 Byte) frame check seq.

16 / 28

slide-17
SLIDE 17

Use of Address Fields

◮ (0,0) data frame from station to station (ad-hoc mode) ◮ (0,1) data frame from AP to station (infrastructure mode) ◮ (1,0) data frame from station to AP (infrastructure mode) ◮ (1,1) data frame in the DS from one AP to another AP

(wireless distribution system) to DS from DS A1 A2 A3 A4 RA = DA TA = SA BSSID 1 RA = DA TA = BSSID SA 1 RA = BSSID TA = SA DA 1 1 RA TA DA SA DA = destination address, SA = source address, RA = receiver address, TA = transmitter address, BSSID = AP MAC address

17 / 28

slide-18
SLIDE 18

Medium Access Control

Carrier Sense Multiple Access / Collision Avoidance (CSMA/CA)

◮ collision detection not possible

◮ sensing while sending is difficult ◮ a collision may only be visible to a part of the nodes

◮ a frame is always fully transmitted ◮ link layer acknowledgements 18 / 28

slide-19
SLIDE 19

Medium Access Control

Carrier Sense Multiple Access / Collision Avoidance (CSMA/CA)

◮ collision detection not possible

◮ sensing while sending is difficult ◮ a collision may only be visible to a part of the nodes

◮ a frame is always fully transmitted ◮ link layer acknowledgements ◮ remember: collision != interference 18 / 28

slide-20
SLIDE 20

CSMA/CA – Inter-Frame Spacing

◮ prioritization of control traffic

◮ SIFS (Short Inter Frame Spacing): highest priority for control

frames: e.g. ACK, CTS

◮ DIFS (DCF Interframe Spacing): lower priority (longer

interframe spacing) for data traffic

◮ backoff time tbo = Random([0, CW ]) ∗ SlotTime

source: S. Günther, et al. “Analysis of Injection Capabilities and Media Access of IEEE 802.11 Hardware in Monitor Mode”, NOMS 2014

19 / 28

slide-21
SLIDE 21

CSMA/CA – Inter-Frame Spacing Example

source: https://www.cs.purdue.edu/homes/park/cs536-wireless-3.pdf

◮ SIFS = 10µs or 16µs ◮ DIFS = 28µs, 34µs, or 50µs ◮ slot time = 9µs or 20µs ◮ 15 ≤ CW ≤ 1023 20 / 28

slide-22
SLIDE 22

Collison Avoidance Algorithm (sending side)

data link layer receives frame from upper layer choose random backoff time tbo = Random([0, CW ]) ∗ SlotTime wait until channel is idle for DIFS while tbo > 0: wait for one slot time and decrement tbo transmit frame ACK received before timeout? CW = CW ∗ 2

no yes busy

21 / 28

slide-23
SLIDE 23

Collison Avoidance Algorithm (receiving side)

data link layer receives frame from the physical layer is received frame ok? wait for SIFS transmit ACK

yes no

22 / 28

slide-24
SLIDE 24

CSMA/CA – Backoff Example

source: IEEE Std 802.11-2012, http://standards.ieee.org/getieee802/download/802.11-2012.pdf

◮ no acknowledgements shown for simplicity 23 / 28

slide-25
SLIDE 25

Ready-to-Send and Clear-to-Send (CTS / RTS)

◮ optional extension to IEEE 802.11 ◮ before any transmission the sender transmits a request-to-send

(RTS) message contains the expected duration of the transmission

◮ the receiver has to confirm with a clear-to-send (CTS) message

everyone who received the CTS knows that the medium will be busy for the specified duration

◮ solves the hidden terminal problem 24 / 28

slide-26
SLIDE 26

Outline

Wireless Communication General Problems Channel Access Methods Types of Wireless Networks Wireless LAN (IEEE 802.11) Physical Layer Data Link Layer Medium Access Control WLAN Security

25 / 28

slide-27
SLIDE 27

Wireless LAN Security Protocols

WEP

◮ standardized in 1999, first broken in 2001

  • N. Borisov et al., Intercepting Mobile Communications: The Insecurity of 802.11, MOBICOM 2001

◮ many design flaws including:

◮ only 40 bit key length ◮ initialization vector is too small (16 million possible values) ◮ integrity check via CRC32 (linear function) ◮ no replay-protection

WPA

◮ standarized in 2003 ◮ stopgap replacement for WEP

WPA2

◮ standardized in 2004 (IEEE 802.11i) ◮ CCMP (CTR mode with CBC-MAC Protocol) encryption

protocol uses AES with 128-bit block size

26 / 28

slide-28
SLIDE 28

WPA2 Authentication

Pre-shared Key Mode (WPA-PSK)

◮ 256 bit key derived from 64 hexadecimal digits or an

ASCII-String (8 to 63 characters) using the PBKDF2 key derivation function and the SSID as salt

External Authentication Server (WPA-802.1X)

◮ relies on an external server for authentication ◮ advantages: mutual authentication, centralized authentication

Wi-Fi Protected Setup (WPS)

◮ goal: make adding new devices as simple as possible ◮ push-button method

◮ assumption: attacker has no physical access to the access point

◮ PIN method is insecure (brute-force attack [1])

[1] https://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

27 / 28

slide-29
SLIDE 29

WPA-802.1X

◮ relies on an external server for authentication (via RADIUS or

Diameter protocol)

◮ supplicant (station) negotiates with an authentication server,

the authenticator (access point) acts as a relay

source: https://en.wikipedia.org/wiki/File:802.1X_wired_protocols.png

28 / 28