[PPT] - Internet Lab (iLab1) Wireless Networks Lars Wstrich PowerPoint Presentation

SLIDE 1

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Internet Lab (iLab1) Wireless Networks

Lars Wüstrich ilab1@net.in.tum.de

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Lab 9 – WiSe 2019/20

SLIDE 2

Outline

Meta Wireless Communication General Problems Channel Access Methods Types of Wireless Networks Wireless LAN (IEEE 802.11) Physical Layer Data Link Layer Medium Access Control WLAN Security

1/30

SLIDE 3

Outline

Meta Wireless Communication Wireless LAN (IEEE 802.11) WLAN Security

2/30

SLIDE 4

Attestation slots

How to get an attestation slot:

choose in Moodle

else we’ll choose for you

open until today, Wednesday, 8. Jan. 2020, 23:00
if you have not chosen a slot yet, please do so as soon as possible
2020-01-27 Mon
2020-01-28 Tue
2020-01-29 Wed
2020-01-30 Thu

3/30

SLIDE 5

Access to the Lab room

keys on key card expire after 24h or at midnight (not sure)
To regain access to the room, reload keys at white boxes at
the entrance of the FMI
the entrance of any chair

4/30

SLIDE 6

Outline

Meta Wireless Communication General Problems Channel Access Methods Types of Wireless Networks Wireless LAN (IEEE 802.11) WLAN Security

5/30

SLIDE 7

General Problems in Wireless Data Transmission

half-duplex operation (self interference)
interference – there is only one shared medium
signal strength decreasing quadratically with the distance
multipath propagation due to reflection and refraction

source: http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/82068-omni-vs-direct.html

6/30

SLIDE 8

Recap: Ethernet (IEEE 802.3)

full-duplex, high-speed data transmission
negligible interference
usually no medium access control (CSMA/CD) necessary

switches limit collision domains to only two endpoints

no built-in security

7/30

SLIDE 9

Channel Access Methods Frequency Division Multiple Access (FDMA)

each data stream uses a different frequency band

Time Division Multiple Access (TDMA)

each data stream uses a different time-slot

Code Division Multiple Access (CDMA)

multiplexing based on spreading-codes

Space Division Multiple Access (SDMA)

frequency reuse in different physical areas

8/30

SLIDE 10

FDMA: Frequency Spectrum (US, 3KHz – 30 GHz)

source: http://www.ntia.doc.gov/files/ntia/publications/spectrum_wall_chart_aug2011.pdf

9/30

SLIDE 11

FDMA: Frequency Spectrum (DE, cellular networks)

source: https://www.bundesnetzagentur.de/SharedDocs/Downloads/DE/Allgemeines/Presse/Pressemitteilungen/ 2010/100830VerlosungGraphikFrequenzspektrum_pdf.pdf?__blob=publicationFile&v=3

10/30

SLIDE 12

Frequency Spectrum Summary Unlicensed Operation

13.56 MHz NFC, RFID
2.4 GHz WLAN, Bluetooth, ZigBee, microwave ovens, RFID, etc.
5 GHz WLAN

Mobile Networks (Germany)

GSM (2G) 900, 1800 MHz
UMTS (3G) 2100 MHz
LTE (4G) 800, 1800, 2600 MHz

11/30

SLIDE 13

Space Division Multiple Access (SDMA)

CC BY-SA 2.5 by Andrew pmk source: https://upload.wikimedia.org/wikipedia/ commons/e/ee/Frequency_reuse.svg Cellular base stations in Munich source: http://emf3.bundesnetzagentur.de/karte/default.aspx

12/30

SLIDE 14

Types of Wireless Networks

single-hop multi-hop infrastructure- less WLAN (ad-hoc mode), Bluetooth, ZigBee Mobile ad-hoc networks e.g. car-to-car infrastructure- based WLAN (infrastructre mode), cellular networks (GSM, WIMAX, LTE) Wireless mesh networks

13/30

SLIDE 15

Outline

Meta Wireless Communication Wireless LAN (IEEE 802.11) Physical Layer Data Link Layer Medium Access Control WLAN Security

14/30

SLIDE 16

Terminology

Infrastructure Mode

station wireless host
access point base station
basic service set (BSS) group of communica-

tion partners that use the same channel

extended service set (ESS) group of multiple

interconnected BSS with common service set identifier (SSID)

distribution system interconnection network

15/30

SLIDE 17

Physical Layer: IEEE 802.11 PHY Standards

Name Frequency

Max. data rate

Published 802.11 2.4 GHz 2 Mbit/s 1997 802.11a 5 GHz 54 Mbit/s 1999 802.11b 2.4 GHz 11 Mbit/s 1999 802.11g 2.4 GHz 54 Mbit/s 2003 802.11n 2.4 + 5 GHz 600 Mbit/s 2009 802.11ac 5 GHz 6.77 Gbit/s 2013 802.11ax 2.4 + 5 Ghz 11 Gbit/s 2019

16/30

SLIDE 18

Data Link Layer: Frames Management Frames

beacon frame (periodical announcement by the AP

, e.g. SSID)

association request frame / association response frame (station joins the network)
authentication frame

Control Frames

acknowledgement (ACK) frame, reliability
request-to-send (RTS) frame (optional extension)
clear-to-send (CTS) frame (optional extension)

Data Frames

actual data transmission

17/30

SLIDE 19

Datagram Header

15 16 31

ver type

subtype to DS fr DS

... duration / ID address 1 address 1 address 2 address 2 address 3 address 3 sequence control address 4 address 4 data (0–2312 Byte) frame check seq.

18/30

SLIDE 20

Use of Address Fields

(0,0) data frame from station to station (ad-hoc mode)
(0,1) data frame from AP to station (infrastructure mode)
(1,0) data frame from station to AP (infrastructure mode)
(1,1) data frame in the DS from one AP to another AP (wireless distribution system)

to DS from DS A1 A2 A3 A4 RA = DA TA = SA BSSID 1 RA = DA TA = BSSID SA 1 RA = BSSID TA = SA DA 1 1 RA TA DA SA DA = destination address, SA = source address, RA = receiver address, TA = transmitter address, BSSID = AP MAC address

19/30

SLIDE 21

Medium Access Control Carrier Sense Multiple Access / Collision Avoidance (CSMA/CA)

collision detection not possible
sensing while sending is difficult
a collision may only be visible to a part of the nodes
a frame is always fully transmitted
link layer acknowledgements

20/30

SLIDE 22

Medium Access Control Carrier Sense Multiple Access / Collision Avoidance (CSMA/CA)

collision detection not possible
sensing while sending is difficult
a collision may only be visible to a part of the nodes
a frame is always fully transmitted
link layer acknowledgements
remember: collision != interference

20/30

SLIDE 23

CSMA/CA – Inter-Frame Spacing

prioritization of control traffic
SIFS (Short Interframe Spacing): highest priority for control frames: e.g. ACK, CTS
DIFS (DCF Interframe Spacing): lower priority (longer interframe spacing) for data traffic
backoff time tbo = Random([0, CW]) ∗ SlotTime

source: S. Günther, et al. “Analysis of Injection Capabilities and Media Access of IEEE 802.11 Hardware in Monitor Mode”, NOMS 2014

21/30

SLIDE 24

CSMA/CA – Inter-Frame Spacing Example

source: https://www.cs.purdue.edu/homes/park/cs536-wireless-3.pdf

SIFS = 10µs or 16µs
DIFS = 28µs, 34µs, or 50µs
slot time = 9µs or 20µs
15 ≤ CW ≤ 1023

22/30

SLIDE 25

Collison Avoidance Algorithm (sending side)

data link layer receives frame from upper layer choose random backoff time tbo = Random([0, CW]) ∗ SlotTime wait until channel is idle for DIFS while tbo > 0: wait for one slot time and decrement tbo transmit frame ACK received before timeout? CW = CW ∗ 2

loop no yes busy 23/30

SLIDE 26

Collison Avoidance Algorithm (receiving side)

data link layer receives frame from the physical layer is received frame ok? wait for SIFS transmit ACK

yes no 24/30

SLIDE 27

CSMA/CA – Backoff Example

source: IEEE Std 802.11-2012, http://standards.ieee.org/getieee802/download/802.11-2012.pdf

no acknowledgements shown for simplicity

25/30

SLIDE 28

Ready-to-Send and Clear-to-Send (CTS / RTS)

optional extension to IEEE 802.11
before any transmission the sender transmits a request-to-send (RTS) message

contains the expected duration of the transmission

the receiver has to confirm with a clear-to-send (CTS) message

everyone who received the CTS knows that the medium will be busy for the specified duration

solves the hidden terminal problem

26/30

SLIDE 29

Outline

Meta Wireless Communication Wireless LAN (IEEE 802.11) WLAN Security

27/30

SLIDE 30

Wireless LAN Security Protocols

WEP

standardized in 1999, first broken in 2001
N. Borisov et al., Intercepting Mobile Communications: The Insecurity of 802.11, MOBICOM 2001
many design flaws including:
nly 40 bit key length
initialization vector is too small (16 million possible values)
integrity check via CRC32 (linear function)
no replay-protection

WPA

standardized in 2003
stopgap replacement for WEP

WPA2

standardized in 2004 (IEEE 802.11i)
CCMP (CTR mode with CBC-MAC Protocol) encryption protocol uses AES with 128-bit block size

WPA3

announced in 2018 as replacement for WPA2

28/30

SLIDE 31

WPA2 Authentication

Pre-shared Key Mode (WPA-PSK)

256 bit key derived from 64 hexadecimal digits or an ASCII-String (8 to 63 characters) using the PBKDF2

key derivation function and the SSID as salt

External Authentication Server (WPA-802.1X)

relies on an external server for authentication
advantages: mutual authentication, centralized authentication

Wi-Fi Protected Setup (WPS)

goal: make adding new devices as simple as possible
push-button method
assumption: attacker has no physical access to the access point
PIN method is insecure (brute-force attack [1])

[1] https://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

29/30

SLIDE 32

WPA-802.1X

relies on an external server for authentication (via RADIUS or Diameter protocol)
supplicant (station) negotiates with an authentication server, the authenticator (access point) acts as a

relay

source: https://en.wikipedia.org/wiki/File:802.1X_wired_protocols.png