Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Maximilian Riegel <[email protected]> Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 WLAN Standardization WLAN application architecture IEEE802.11 standards family Physical layer 5 GHz considerations Configurations MAC layer functions Power Management Roaming Privacy and access control 5 GHz Harmonization WECA Access control for public hot spots A last word about WLAN security... Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Outline WLAN has taken of… WLAN is more than just cable replacement! It provides hastlefree broadband Internet access everywhere. Office Airport Public WLAN Office Corporate WLAN Plant Remote Access Home WLAN Campus Today’s road worriers require access to the Internet everywhere. Only coverage in ‘hot-spots’ needed. IEEE802.11b meets the expectations for easyness, cost and bandwidth. Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Railway Station Hospital Congress hall, Hotel Semi-public WLAN Wireless LAN IEEE802.11 Basic Architecture Netscape http tcp ip 802.2 ppp Bluetooth 802.11 Client 802.2 802.11802.3 IEEE802.11 Access Point Information and Communication internet ip 802.2 802.2 802.3 802.3 Access Router apache http tcp ip 802.2 ppp Bluetooth 802.3 Server WLAN Standardization / 2001-09-05 / © Siemens AG 2001 local distribution network Approved June 1997 802.11b approved Sept. 1999 Information and Communication Operation in the 2.4GHz ISM band USA: FCC part 15.247-15.249 Europe: ETS 300-328 Japan: RCR-STD-33A Supports three PHY layer types: DSSS, FHSS, Infrared MAC layer common to all 3 PHY layers Supports peer-to-peer and infrastructure configurations High data rate extension IEEE802.11b with 11 Mbps using existing MAC layer IEEE802.11a for operation in the 5 GHz band using the same MAC layer with up to 54 Mbit/s WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Wireless IEEE802.11 Standard IEEE802.11 Protocol Architecture MAC Entity MAC Layer Management Entity synchronization power management roaming MAC MIB Physical Layer Convergence Protocol (PLCP) LLC = 802.2 MAC MAC Sublayer Station Management PLCP Sublayer PHY PMD Sublayer PHY-specific, supports common PHY SAP provides Clear Channel Assessment signal (carrier sense) Physical Medium Dependent Sublayer (PMD) modulation and encoding PHY Layer Management channel tuning PHY MIB Station Management interacts with both MAC Management and PHY Management Information and Communication MAC Layer Management PHY Layer Management WLAN Standardization / 2001-09-05 / © Siemens AG 2001 basic access mechanism fragmentation encryption IEEE802.11 Architecture Overview One MAC supporting multiple PHYs currently Frequency Hopping, Direct Sequence and Infrared PHYs Two configurations “Independent” (ad hoc) and “Infrastructure” Transfer data on a shared medium without reservation data comes in bursts user waits for response, so transmit at highest speed possible is the same service as used by Internet Isochronous Service reserve the medium for a single connection and provide a continues stream of bits, even when not used works only when cells (using the same frequencies) are not overlapping. Robust against noise and interference (ACK) Hidden Node Problem (RTS/CTS) Mobility (Hand-over mechanism) Power savings (Sleep intervals) Security (WEP) Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 CSMA/CA (collision avoidance) with optional “point coordination” Connectionless Service IEEE 802.11 – 2.4 & 5 GHz Physical Layers Frequency Baseband IR, 1 and 2Mbps, 16-PPM and 4-PPM 2.4 GHz Frequency Hopping Spread Spectrum 2/4 FSK with 1/2 Mbps 79 non overlapping frequencies of 1 MHz width (US) 2.4 GHz Direct Sequence Spread Spectrum DBPSK/DQPSK with 1/2 Mbps Spreading with 11 Bit barker Code spreading 11/13 channels in the 2.4 GHz band 2.4 GHz High Rate DSSS Ext. (802.11b) Frequency CCK/DQPSK with 5.5/11 Mbps Frequency WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Power Information and Communication Frequency Power Power 5 GHz OFDM PHY (802.11a) Basic parameters identical to HiperLAN2 PHY European regulatory issues unsolved Time IEEE802.11g Further Speed Extension for the 2.4GHz Band Range vs. throughput rate comparison of CCK (802.11b), PBCC, OFDM(802.11a), CCK-OFDM (Batra, Shoemake; Texas Instruments; Doc: 11-01-286r2) Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 PBCC proposal for 22 Mbit/s from Texas Instruments CCK-OFDM proposal for up to 54 Mbit/s from Intersil Selection process showed only a 55:45 majority for CCK-OFDM; >75 % necessary for acceptance as IEEE standard. Spectrum Designation in the 5 GHz range 5.250 5.150 USA 5.350 5.725 Indoor 200 mW / Outdoor 1 W EIRP 5.150 Europe DFS & TPC 5.350 Outdoor 4 W EIRP 5.200 5.300 DFS & TPC 5.470 Indoor 200 mW EIRP 5.100 5.825 5.725 Max mean Tx power Outdoor 1W EIRP 5.400 DFS: Dynamic Frequency Selection TPC: Transmit Power Control Information and Communication 5.500 5.600 5.700 Max peak Tx power 5.800 5.900 Freq./GHz WLAN Standardization / 2001-09-05 / © Siemens AG 2001 5.150 Japan TPC (Transmission power control) supports interference minimisation, power consumption reduction, range control and link robustness. TPC procedures include: — AP‘s define and communicate regulatory and local transmit power constraints — Stations select transmit powers for each frame according to local and regulatory constraints DFS (Dynamic Frequency Selection) AP‘s make the decision AP 2 STA‘s provide detailed reports AP 1 about spectrum usage at their STA locations. AP 3 Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 IEEE802.11h Spectrum and Transmit Power Management IEEE802.11b (2.4 GHz) is now taking over the market. There are developments to enhance IEEE802.11b for more bandwidth (up to 54 Mbit/s) QoS (despite many applications do not need QoS at all) network issues (access control and handover). 5 GHz systems will be used when the 2.4 GHz ISM band will become too overcrowded to provide sufficient service. TCP/IP based applications are usually very resilient against ‘error proune’ networks. Issues of 5 GHz systems: Cost: 5 GHz is more expensive than 2.4 GHz Power: 7dB more transmission power for same distance Compatibility to IEEE802.11b/g necessary Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 When will 5 GHz WLANs come... Peer-to-Peer Network Independent networking Use Distributed Coordination Function (DCF) Forms a Basic Service Set (BSS) Direct communication between stations Coverage area limited by the range of individual stations Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 IEEE802.11 Ad Hoc Mode IEEE802.11 Infrastructure Mode Wired Network BSS-B Access Points (AP) and stations (STA) BSS (Basic Service Set): a set of stations controlled by a single coordination function Distribution system interconnects multiple cells via access points to form a single network Extends wireless coverage area and enables roaming Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 BSS-A Server IEEE802.11f Inter-Access Point Protocol (IAPP) across Distribution Systems IAPP defines procedures for automatic configuration of additional access points context transfer between APs when stations move Server IAPP-ADD Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Wired Network CSMA/CA Explained Free access when medium is free longer than DIFS DIFS IFS: Inter Frame Space Contention Window PIFS DIFS Busy Medium SIFS Backoff-Window Next Frame Defer Access Select Slot and Decrement Backoff as long as medium is idle. Reduce collision probability where mostly needed. Stations are waiting for medium to become free. Select Random Backoff after a Defer, resolving contention to avoid collisions. Efficient Backoff algorithm stable at high loads. Exponential Backoff window increases for retransmissions. Backoff timer elapses only when medium is idle. Implement different fixed priority levels Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Slot time IEEE802.11 Distributed Coordination Function (DCF) Station 1 Tx Data to STA 2 Short interval ensures ACK is sent while other stations wait longer ACK to STA1 Station 2 Rx data from STA 1 STA 3’s back-off is shorter than STA 4’s therefore it begins transmission first Distributed inter-frame deferral Detects channel busy Station 3Detects channel busy Distributed interframe deferral Random back-off Tx Data Distributed inter-frame deferral Station 4Detects channel busy Information and Communication Detects channel busy Distributed interframe deferral Random back-off Detects channel busy WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Short deferral IEEE802.11 Point Coordination Function (PCF) CFP repetition interval Contention Period Contention Free Period Beacon D1+Poll Stations D2+Poll U1+ACK CF end U2+ACK Optional PCF mode provides alternating contention free and contention operation under the control of the access point The access point polls stations for data during contention free period Network Allocation Vector (NAV) defers the contention traffic until reset by the last PCF transfer PCF and DCF networks will defer to each other PCF improves the quality of service for time bounded data Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Access Point CSMA/CA + ACK protocol DIFS Src Data SIFS Dest Ack Contention Window DIFS Defer Access Backoff after Defer Defer access based on Carrier Sense. CCA from PHY and Virtual Carrier Sense state. Direct access when medium is sensed free longer then DIFS, otherwise defer and backoff. Receiver of directed frames to return an ACK immediately when CRC correct. When no ACK received then retransmit frame after a random backoff (up to maximum limit). Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Next MPDU Other “Hidden Node” Provisions Problem – Stations contending for the medium do not Hear each other Solution – Optional use of the Duration field in RTS and CTS frames with AP CTS-Range STA “B” cannot receive data from STA “A” STA A AP STA “B” Access Point Data RTS Ack CTS STA “B” cannot detect carrier from STA “A” STA B STA“A” Time period to defer access is based on duration in CTS Information and Communication Next MPDU Back off after defer WLAN Standardization / 2001-09-05 / © Siemens AG 2001 DIFS RTS-Range IEEE802.11e EDCF (Enhanced Distributed Coordination Function) differentiated DCF access to the wireless medium for prioritized traffic categories (8 different traffic categories) output queue competes for TxOPs using EDCF wherein — the minimum specified idle duration time is a distinct value — the contention window is a variable window — lower priority queues defer to higher priority queues AIFS [j] AIFS [i] Immediate access when Medium is free >= DIFS/AIFS [i] DIFS/A IFS DIFS /AIFS Contention Window PIFS SIFS Busy Medium Backoff-Window Next Frame Slot time Defer Access Information and Communication Select Slot and De crement Backoff as long as medium is idle WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Medium Access Control Enhancements for Quality of Service IEEE802.11e HCF (Hybrid coordination function) only usable in infrastructure QoS network configurations (QBSS). allow a uniform set of frame exchange sequences to be used during both the contention period (CP) and contention free period (CFP) uses a QoS-aware point coordinator, called a hybrid coordinator (HC) — by default collocated with the enhanced access point (EAP) — uses the point coordinator's higher priority to allocate transmission opportunities (TxOPs) to stations provides limited-duration contention free bursts (CFBs) to transfer QoS data. meets predefined service rate, delay and/or jitter requirements of particular traffic flows. QoS traffic from the EAP/HC can be based on the HC's QBSS-wide knowledge of the traffic ... „Quite complex method still under definition“ Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Medium Access Control Enhancements for Quality of Service Allow idle stations to go to sleep station’s power save mode stored in AP APs buffer packets for sleeping stations. AP announces which stations have frames buffered Traffic Indication Map (TIM) sent with every Beacon Power Saving stations wake up periodically listen for Beacons TSF assures AP and Power Save stations are synchronized stations will wake up to hear a Beacon TSF timer keeps running when stations are sleeping synchronization allows extreme low power operation Independent BSS also have Power Management similar in concept, distributed approach Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Power Management Approach Infrastructure Power Management TIM-Interval DTIM interval Time-axis TIM Busy Medium DTIM TIM AP activity TIM TIM DTIM Broadcast Broadcast PS-Poll Tx operation Broadcast frames are also buffered in AP. all broadcasts/multicasts are buffered broadcasts/multicasts are only sent after Delivery Traffic Indication Message (DTIM) DTIM interval is a multiple of TIM interval Stations wake up prior to an expected DTIM. If TIM indicates frame buffered station sends PS-Poll and stays awake to receive data else station sleeps again Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 PS Station Station decides that link Access Point B to its current AP is poor Station 6 Station uses scanning Station 2 Station 5 function to find another AP Access Point A Access Point C or uses information from previous scans Station 4 Station 7 Station 3 Station sends Reassociation Station 1 Request to new AP If Reassociation Response is successful then station has roamed to the new AP else station scans for another AP If AP accepts Reassociation Request AP indicates Reassociation to the Distribution System Distribution System information is updated normally old AP is notified through Distribution System Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Roaming Approach Goal of 802.11 is to provide “Wired Equivalent Privacy” (WEP) Usable worldwide 802.11 provides for an authentication mechanism To aid in access control. Has provisions for “OPEN”, “Shared Key” or proprietary authentication extensions. Shared key authentication is based on WEP privacy mechanism Limited for station-to-station traffic, so not “end to end”. Uses RC4 algorithm based on: — a 40 bit secret key — and a 24 bit IV that is send with the data. — includes an ICV to allow integrity check. Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 IEEE802.11 privacy and access control WEP privacy mechanism Secret Key IV Secret Key WEP PRNG TX + Plaintext IV Ciphertext WEP PRNG Plaintext + Ciphertext Integrity Algorithm ICV Integrity Algorithm Preamble PLCP Header MAC Header IV (4)K-ID ICV Payload Encrypted Cyphertext CRC ICV (4) WEP bit in Frame Control Field indicates WEP used. Each frame can have a new IV, or IV can be reused for a limited time. Information and Communication ICV'=ICV? WLAN Standardization / 2001-09-05 / © Siemens AG 2001 IV Shared key authentication Station Station sends authentication request Access Point Station encrypts challenge text and sends it to the AP Secret Key Loaded Locally AP decrypts the encrypted challenge text. Authentication successful if text matches original Shared key authentication requires WEP Key exchange is not specified by IEEE802.11 Only one way authentication Information and Communication Secret Key Loaded Locally WLAN Standardization / 2001-09-05 / © Siemens AG 2001 AP sends challenge text generated with the WEP algorithm WEP unsecure at any key length IV space too small, lack of IV replay protection known plaintext attacks No user authentication Only NICs are authenticated No mutual authentication Only station is authenticated against access point Missing key management protocol No standardized way to change keys on the fly Difficult to manage per-user keys for larger groups WEP is no mean to provide security for WLAN access, … but might be sufficient for casual cases. Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Shortcomings of plain WEP security IEEE802.11i Enhanced security Associate Authentication Server EAP Identity Request EAP Identity Response EAP Request Access Request Access Challenge EAP Response Access Request EAP Success Access Accept Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Enhanced encryption WEP2 w/ increase IV space to 128bit, key length 128bit optional: Advanced Encryption Standard (AES) Authentication and key management by adoption of IEEE802.1X Standard for Port Based Network Access Control Wireless LAN Standardization ETSI BRAN IEEE 802.11 UMTS Integration 802.11f: Inter Access Point Protocol MAC 802.11i: Security Enhancements HiperLAN/2 IEEE 802.11 802.11h DFS & TPC DFS & TPC PHY 802.11a 5 GHz 54Mbit/s 5 GHz 54 Mbit/s 802.11g 802.11b 2,4 GHz 2,4 GHz 2,4 GHz >20Mbit/s 11Mbit/s 2 Mbit/s Current standardization topics Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 802.11e: QoS Enhancements Harmonization of 5 GHz WLAN Standards HiperLAN/2 IEEE802.11a -MAC -PHY MMAC -MAC -PHY Information and Communication 5GSG „coexistance issues“ 5GWING -MAC -PHY WLAN Standardization / 2001-09-05 / © Siemens AG 2001 -MAC -PHY Mission - Certify interoperability of IEEE 802.11 products - Promote Wi-FiTM as the global Wireless LAN standard for home, enterprise and public applications Wi-Fi certification started in March 2000. More than 80 certified products within 1 year. Founding organizations: Lucent, Aironet (Cisco), 3Com, Intersil, Nokia, Symbol 78 member companies today. Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 WECA Serving customers in public hot spots... Hospital Congress hall, Hotel Railway Station Airport Do not touch customer equipment Address all customers Campus Information and Communication Make access procedure self explaining WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Office Probably to consider … To much security might hinder your business! Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 How does your favorite storefront look like? Free local content services Authentication for Internet access Selection of billing method Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Using a web page for initial user interaction Web based authentication html Username: [email protected] Password: ********** RADIUS client auth N Mobile Client DHCP Server Access Gateway internet AAA Server Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 auth A last word about WLAN security: Netscape http tcp IPSEC, TLS, SSL ip ip 802.2 ppp 802.2 802.2 802.2 802.11 WEP 802.11 802.3 802.3 802.3 apache http tcp ip 802.2 ppp Bluetooth 802.3 Only VPN technologies (IPSEC, TLS, SSL) will fulfil end-to-end security requirements. VPN technologies might even be used in corporate networks. Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 WEP/WEP2 is probably not sufficient in public hot-spots: The end Thank you for your attention. Maximilian Riegel <[email protected]> http://www.max.franken.de Information and Communication WLAN Standardization / 2001-09-05 / © Siemens AG 2001 Questions and comments?