Wireless networks Philippe Jacquet INRIA Ecole Polytechnique France.
-
Upload
ada-hudson -
Category
Documents
-
view
218 -
download
0
Transcript of Wireless networks Philippe Jacquet INRIA Ecole Polytechnique France.
GSM network
• « 1 km in the air, 1000 km in wires »
• BTS: Base station Transceiver System• BSC: Base Station Controller• MSC: Mobile Switching Center• VLR: Visitor Location Register• HLR: Home Location Register
mobile BTS BSC MSC
VLR
HLR
Fixed networks
Wireless interface
• Uplink frequencies, downlink frequencies
• Each frequency divided in eight periodic slots (channels)
• One signalisation channel +seven voice channels.
Security in GSM
• Authentification: high level security– Impossibility of account parameter highjacking
is contractual
• Encryption: low level security– Possibility of eavedropping by government
agencies
SIM chip: contains all security
• Subscriber Identity Module– Subscriber identifier IMSI– PIN code– Key Ki for authentification– last dialed numbers and areas
Security GSM Algorithms
• Algorithme A3 for authentification based on Ki key. – Ki 128 bits deposited in SIM, is known by
operator
• Algorithm A8 to create an encryption Kc key
• Algorithm A5 for voice encryption from Kc.
on mobile terminal
• At request the network sends a 128 bits random number RAND.• SRES=A3(RAND,Ki) 32 bits
– Ki impossible to get from SRES and RAND
• Kc=A8(RAND,Ki) 64 bits– Ki impossible to get from Kc and RAND
• code=A5(Kc,info)– Kc easy to get from clear 64 bits on air
– breakable in less than 2 minutes on regular PC.
Authentification
• Operateur sends a number RAND
• Operator and mobile terminal separately computes SRES– Mobile sends SRES to operator
• If both SRES are identical, then user is authentified
Encryption
• Mobile and operator compute Kc.
• Encrypt and decipher infos with same algorithm A5.– Add each data 114 bits block with pseudo-
random 114 bits– Pseudo-random bits computed with Kc and
info block number (algorithme A5).– Brute force attack costs 240
Data in voice: GPRS
• General Packet Radio System– Enable GSM modem for internet connection– Use idle slots on frequencies pour send and receive
data– Charged on per volume basis (voice charged per
duration)
• Require a protocol stack and a security level and « IP ».
Additional elements
in GSM for GPRS • SGSN (Serving GPRS Support node)• GGSN (Gateway GPRS Support node)• Un tunnel protocol GTP• Specific authentification procedures
mobileBTS BSC MSC
VLR
HLR
Réseau fixe
internet
SGSN
GGSN
Authentification
• First: GSM authentification• Second: GPRS authentification• Creation of a network identitier for IP
Encryption
• Regular wireless encryption– Unreliable but needs radio vicinity to break
• Require IP encryption– SSH (Secure Shell)
Ipsec protocol
IPsec Encapsulating Security Payload (ESP)
IPsec Authentification Headertransport mode
IPsec ESP-tunnel mode
UMTS and CDMA
• UMTS is the next generation mobile phone– 3G, (GSM=2G)– Based on CDMA/TDMA
Frame=10msFrame=12 slots of 0.666 ms each
UMTS and CDMA
• Slots are periodic– Many users can use the same slot– Sharing via code division
freq
uenc
ies
GSM
code
s
UMTS
Code Division Multiple Access
• Equivalent to digital fourier transform
€
y(t) = x × c(t)
Slow symbolContains info
Fast codeSeparates transmitters
Code Division Multiple Access
• Basic hypothesis
• Data extraction
€
y(t) = x1c1(t) + x2c2(t) +L
€
c i(θ)c j (θ)dθ = δij∫
€
c i(θ)c j (θ + t)dθ ≈ δij (t)∫
€
x i = y(θ)c i(θ)dθ∫
Code Division Multiple Access
• Advantages– Many codes can be given to a single user– Flexibility of use– More bandwidth occupation
• Drawback:– Sensitive to near-far effect– Must equalize power
CDMA in Wifi
• User modulate datas on a code– No Code division– Allow to fight inter-symbol fading
€
y(t) =α (t)∗xc(t)
€
xα (t) ≈ c(θ + t)y(θ)dθ∫
Wave propagation
• Signal attenuation with distance
– P0 nominal power
– Isotropic medium=2 in vaccum
€
r
€
x
€
y =αx + β
€
α =P0F(r)
€
F(r) =1
rγ
Wave propagation
• Antenna variation
• Distance Fading– Non isotropic medium
– Rayleigh fading: is gaussian
€
u =r
r
€
F(r) =G(u)
rγ
€
F(r) =H(r)
rγ
€
logH(r)
Wave propagation
• Inter-symbol fading– diffraction on obstacles creates delayed echos
Emitted Signalechos
Received Signal€
x(t)
€
y(t) =α ∗x(t) + β (t)
Wave propagation
• Inter-symbol fading– Attenuation is now a convolution
• T: most delayed echo• Average fading is distance fading:€
α ∗x(t) = α (θ)x(t −θ)dθ0
T
∫
€
α = α(θ)dθ = P0F(r)0
T
∫
Inter-symbol fading
• The typical echo delay T increases with distance• Depends on medium
– in vaccum– in 1D homogenous medium– in 2D homogenous medium– with ½<h<1 in « fractal » medium
• Effect of inter-symbol fading– Does not affect significantly Shannon capacity limit– But: complicates the decoding when T is comparable to inter-
symbol time (1/W)
€
T = 0
€
T ∝ r c−1
€
T ∝ r c−1
€
T ∝ ( r c−1)h
Inter-symbol fading
• Example of fractal medium : urban area
Parc central
Eglise
Boulevard nord
Boulevard sud
Complexity of signal processing
• Signal processing– First level signal decoding– Mainly digital
• Equalization– Reverse the convolution fading
– With noise
€
α−1∗y(t) = α −1(−θ)y(t +θ)dθ = x(t)∫
€
α−1∗y(t) = x(t) +α −1∗β (t)
Complexity of signal processing
• Equalization– Emission of a known training sequence x(t), received
y(t)
– Knowledge of both x(t) and y(t) gives α(t) and α-1(t) in theory.
– Discretized sampling with frequency
=1/
Complexity of signal processing
• Resolution of a linear system
• Of dimension– Resolution takes operations– Must be repeated every time fading changes:
• If , then the processing computing power is
€
x(j
ν) = α −1(−
i
ν)y(j − i
ν)
i
k
∑
€
k > νT >WT
€
k 2 =O(T 2W 2)
€
T ∝ rh
€
O( r2hW 2) =O( r
2hI2)
Complexity of signal processing
• In general a wireless interface is calibrated for– A minimal SNR and a fixed capacity I – A maximal signal processing power
• Therefore for a limit range R– There exists a minimal nominal power P0.
Complexity of signal processing
• Diagram Capacity-Range
GSMUMTS
Wifi BIEEE 802.11
Hiperlan1&2IEEE802.11a-g
UMTS pico-cell UMTS
micro-cell
Capacityin bit/s
range in m
bluetooth
Error suppression
• Error Detection via check sum– Message=binary polynomial
– Check sum is the rest of division of message polynomial by a known polynomial of degree 32.
– The check sum is then 32 bits– The receiver compare with transmitted check sum
(failed error detection probability 2-32)
message Check sum
∑k
kzk)(bit
Error suppression
• Two kinds of error suppression – Forward Error Correction (FEC)– Automatic Repeat Query (ARQ)
Error suppression
• FEQ: forward error correction– Addition of extra bits to message to help correction
of corrupted blocks. E.g. sum of all blocks.– Detection of corrupted blocks via local check
sums.– Matrix n(n+r) has all n n sub-matrices
reversible– Encoding rate = n/(n+r)
=
1
1
(0)
(0)Message Encoded Message