1
TDC 363TDC 363Introductions to Introductions to
LANsLANs
02/21/08 1TDC363-07
Lecture 7Lecture 7Wireless LANWireless LAN
OutlineOutline
•• WLAN Markets and Business CasesWLAN Markets and Business Cases•• WLAN StandardsWLAN Standards•• WLAN Physical Layer WLAN Physical Layer
02/21/08 2TDC363-07
W N y yW N y y•• WLAN MAC LayerWLAN MAC Layer•• WLAN SecurityWLAN Security•• WLAN Design and DeploymentWLAN Design and Deployment
The Mobile Environment The Mobile Environment (ubiquitous)(ubiquitous)
Headquarters BranchOffices SOHO
02/21/08 3TDC363-07
Wireless LAN
Home HotSpots
ConventionCenters Hotel
CustomerSites
2
Why Wireless LAN?Why Wireless LAN?
MobilityMobilityFlexibilityFlexibilityEase of deploymentEase of deployment
Places where there is no cabling infrastructurePlaces where there is no cabling infrastructure
02/21/08 4TDC363-07
CostCostRelatively low cost of deploymentRelatively low cost of deploymentContinual drop in price for WLAN equipmentContinual drop in price for WLAN equipment
PerformancePerformanceHigher speed standardsHigher speed standards
802.11 Protocol standards802.11 Protocol standards
Logical Link Control (LLC)
02/21/08 5TDC363-07
802.11infrared
802.11FHSS
802.11DSSS
802.11aOFDM
802.11bHR-DSSS
802.11gOFDM
Media Access Control (MAC)
802.11nMIMO
802.11 Standards802.11 Standards802.11 802.11 –– operations at 2.4 GHzoperations at 2.4 GHz802.11a802.11a –– operations at 5GHzoperations at 5GHz802.11b802.11b –– operations at 2.4GHzoperations at 2.4GHz802.11d 802.11d –– aim to promote worldaim to promote world--wide use of 802.11wide use of 802.11802.11e802.11e –– Supplement of Supplement of QoSQoS over 802.11over 802.11802.11f 802.11f –– To achieve WAP interoperabilityTo achieve WAP interoperability802.11g802.11g –– Improvement of 802.11b with 54MImprovement of 802.11b with 54M802 11h802 11h S l i i i ES l i i i E
02/21/08 6TDC363-07
802.11h 802.11h –– Support regulatory provision in EuropeSupport regulatory provision in Europe802.11i802.11i –– Support WLAN security (802.1X + more)Support WLAN security (802.1X + more)802.11n802.11n -- Higher throughput improvements (theoretically up to 500M, Higher throughput improvements (theoretically up to 500M, practically up to 150M)practically up to 150M)802.11s 802.11s –– metro wirelessmetro wireless802.15 802.15 –– Personal Area NetworkPersonal Area Network
802.15.1802.15.1 -- BluetoothBluetooth802.16 802.16 –– Broadband Wireless (aka Broadband Wireless (aka WiMaxWiMax))802.20 802.20 –– Wireless Metro LANWireless Metro LAN
3
802.11 Physical layer802.11 Physical layerDiffused Infrared (IR)Diffused Infrared (IR)
850 850 –– 950nm 950nm Limitation: short physical distanceLimitation: short physical distanceLine of sight (direct) or ceiling reflection (diffused)Line of sight (direct) or ceiling reflection (diffused)
Spread Spectrum Spread Spectrum
02/21/08 7TDC363-07
p pp pUnlicensed Radio Frequency (RF)Unlicensed Radio Frequency (RF)
Industry, Scientific, and Medical Applications (ISM)Industry, Scientific, and Medical Applications (ISM)2.4 2.4 –– 2.485 GHz2.485 GHz
Frequency Hopping Spread Spectrum (FHSS)Frequency Hopping Spread Spectrum (FHSS)Direct Sequence Spread Spectrum (DSSS)Direct Sequence Spread Spectrum (DSSS)Orthogonal Frequency Division Multiplexing (OFDM)Orthogonal Frequency Division Multiplexing (OFDM)
Wireless Transmission
Infrared(IR)
Radio Frequency(RF)
S d
02/21/08 8TDC363-07
Spread Spectrum
FrequencyHopping
DirectSequence
OFDM MIMOOFDM: Orthogonal Frequency Division MultiplexingMIMO: Multiple Input and Multiple Output
Spread Spectrum
The bandwidth of spread spectrum is several times of the original bandwidth.
Original Bandwidth
Amplitude
02/21/08 9TDC363-07
Original Bandwidth
Spread Spectrum Bandwidth
Amplitude
4
Why Spread Spectrum?Why Spread Spectrum?
It is the foundation used in the ISM bands.It is the foundation used in the ISM bands.It is a requirement for unlicensed device.It is a requirement for unlicensed device.It makes the transmission look like noise to a It makes the transmission look like noise to a traditional narrowband receiver.traditional narrowband receiver.
02/21/08 10TDC363-07
traditional narrowband receiver.traditional narrowband receiver.It alleviates interference, but does not eliminate It alleviates interference, but does not eliminate it.it.How do you address the issue of interference:How do you address the issue of interference:
Limit the power of transmission.Limit the power of transmission.
Frequency Hopping Spread Spectrum (FHSS)
2.42
2.43
2.44
2.45
requ
ency
)GH
z)
1st
2nd
4th
5th
02/21/08 11TDC363-07
1. Use multiple frequencies to send the data.2. Instead of using a bandwidth of 10MHz, the above FHSS uses 50MHz.3. 1st bit (or group of bits) is sent on 2.44G, the 2nd bit is sent on 2.41G, and the
3rd bit is sent on 2.40G, etc.
1 2 3 4 5
2.40
2.41Fr 2nd
3rd
Direct Sequence Spread Spectrum (DSSS)Each bit (0 or 1) is replaced by a sequence of bits, called chip code, and then sent out.
0: 11001 1:00110 complement of 0’s chip code
0 1 1 0 1 0
02/21/08 12TDC363-07
If the original bit steam is 1M bps, the data rate will be 5M bps (chip code = 5 bits in the above diagram).
0 1 1 0 1 011001 11001 1100100110 00110 00110
5
Orthogonal Frequency Orthogonal Frequency Division Multiplexing (OFDM)Division Multiplexing (OFDM)
It is a technique to increase transmission speed It is a technique to increase transmission speed by multiplexing.by multiplexing.It uses one wide frequency channel by breaking It uses one wide frequency channel by breaking
02/21/08 13TDC363-07
it up into several subit up into several sub--channels. channels. All small subAll small sub--channels are multiplexed into one channels are multiplexed into one “fat” channel. “fat” channel. Orthogonal: overlapping but distinguishableOrthogonal: overlapping but distinguishable
OFDMOFDM
02/21/08 14TDC363-07
Ref. http://www.iec.org/online/tutorials/ofdm/
MIMOMIMO(multiple antennas for transmission and reception)(multiple antennas for transmission and reception)
0010110 0010110
02/21/08 15TDC363-07
Ref: http://www.dia.unisa.it/isit2000/tutorials/spacetime.pdf
6
WLAN Operation ModeWLAN Operation Mode
Wireless AccessPoint
02/21/08 16TDC363-07
Ad hoc Mode Infrastructure Mode
WLAN Topology (BSS and ESS)WLAN Topology (BSS and ESS)
(BSS) DS
BSSID1BSSID2
BSSID1
BSSID
02/21/08 17TDC363-07
Basic Service Set (BSS) – Single Cell (each AP is a BSS, and has a BSSID)Wireless stations selects the BSSID to associate with a single WAP.
Extended Service Set (ESS) – Multiple cellsDistribution System
BSSID2
Station MobilityStation Mobility
No transitionNo transitionStationary or moving within direct communication Stationary or moving within direct communication range of single BSSrange of single BSS
BSS transition mobilityBSS transition mobility
02/21/08 18TDC363-07
BSS transition mobility BSS transition mobility Moving between two BSSs within a single ESSMoving between two BSSs within a single ESS
ESS transition mobilityESS transition mobilityFrom a BSS in one ESS to a BSS in another ESSFrom a BSS in one ESS to a BSS in another ESSDisruption of service likelyDisruption of service likely
7
Wireless Access Point (WAP) Wireless Access Point (WAP) -- BridgeBridge
WirelessLAN
WiredLAN
02/21/08 19TDC363-07
802.3802.11
PHYPHYMAC (802.3)MAC (802.11)
Bridge
802.11 Frame Format802.11 Frame Format
02/21/08 20TDC363-07
Review: How many address fields in a 802.3 frame?Answer: 2Question: Why do we need four address fields in 802.11?
Ref. IEEE 802.11 standards
802.11 Addresses802.11 AddressesToToDSDS
FromFromDSDS
Address Address 11
Address Address 22
Address Address 33
Address Address 44
00 00 DADA SASA BSSIDBSSID N/AN/A
00 11 DADA Sending Sending APAP
SASA N/AN/A
02/21/08 21TDC363-07
DS: Distribution SystemBSSID: Basic Service Set ID
DA: Destination AddressSA: Source Address
APAP
11 00 Receiving Receiving APAP
SASA DADA N/AN/A
11 11 Receiving Receiving APAP
Sending Sending APAP
DADA SASA
8
Example Example -- 0000
11 22 33 01 01 01 11 22 33 02 02 02
02/21/08 22TDC363-07
11-22-33-01-01-01 11-22-33-02-02-02
A4: not used
A3: (BSSID)
A2: 11-22-33-02-02-02
A1: 11-22-33-01-01-01
Example Example -- 0101
11 22 33 01 01 01 11 22 33 02 02 02
wired802.3
wireless802.11
02/21/08 23TDC363-07
11-22-33-01-01-01 11-22-33-02-02-0299-88-77-09-09-09
SA: 11-22-33-02-02-02
DA: 11-22-33-01-01-01
A4: not used
A3: 11-22-33-02-02-02
A2: 99-88-77-09-09-09
A1: 11-22-33-01-01-01
Example Example -- 1010
11 22 33 01 01 01 11 22 33 02 02 02
wired802.3
wireless802.11
02/21/08 24TDC363-07
11-22-33-01-01-01 11-22-33-02-02-0299-88-77-09-09-09
SA: 11-22-33-01-01-01
DA: 11-22-33-02-02-02
A4: not used
A3: 11-22-33-02-02-02
A2: 11-22-33-01-01-01
A1: 99-88-77-09-09-09
9
InIn--Class DiscussionClass Discussion
99 88 77 09 09 0999-88-77-08-08-08
A
B C
D
02/21/08 25TDC363-07
11-22-33-01-01-01 11-22-33-02-02-02
99-88-77-09-09-09A D
Q: What is the content of MAC address fields at each point?Important note: 802.3 frame has only TWO address fields, and 802.11frame has FOUR address fields.
Example Example -- 1111
99 88 77 09 09 09 99-88-77-08-08-08
wired802.3
wireless802.11
wired802.3
02/21/08 26TDC363-07
11-22-33-01-01-01 11-22-33-02-02-0299-88-77-09-09-09
SA: 11-22-33-01-01-01
DA: 11-22-33-02-02-02
A4: 11-22-33-01-01-01
A3: 11-22-33-02-02-02
A2: 99-88-77-09-09-09
A1: 99-88-77-08-08-08SA: 11-22-33-01-01-01
DA: 11-22-33-02-02-02
99 88 77 08 08 08
Wireless BridgeWireless Bridge
Ethernet Backbone
Building A Building B
Ethernet Backbone
02/21/08 27TDC363-07
WirelessBridge
WirelessBridge
10
Wireless RepeaterWireless Repeater
LAN Backbone
Case 11
02/21/08 28TDC363-07
Wirelessrepeater
Case 01
802.11 MAC Layer802.11 MAC LayerAccess MethodsAccess Methods
Carrier Sense Multiple Access/Collision Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA)Avoidance (CSMA/CA)
Difference from CSMA/CD (802.3)Difference from CSMA/CD (802.3)
02/21/08 29TDC363-07
/ ( )/ ( )Cannot detect collision signal in wireless LANCannot detect collision signal in wireless LAN
Two access methods:Two access methods:Distributed Coordination Function (DCF)Distributed Coordination Function (DCF)Point Coordination Function (PCF)Point Coordination Function (PCF)
Distributed Coordination Function Distributed Coordination Function (DCF)(DCF)
The lower sublayer function of MACThe lower sublayer function of MACCSMA/CACSMA/CA
Collision AvoidanceCollision AvoidanceNo collision detection (A station cannot detect the No collision detection (A station cannot detect the
02/21/08 30TDC363-07
collision signal from other stations.)collision signal from other stations.)Also includes a set of delays which essentially Also includes a set of delays which essentially provides a set of priority levelsprovides a set of priority levelsInterframe space (IFS) Interframe space (IFS)
Short IFS (SIFS) for control framesShort IFS (SIFS) for control framesDCF IFS (DCFS) for data framesDCF IFS (DCFS) for data frames
11
DCF AlgorithmDCF Algorithm
If medium is idle, station waits to see if medium If medium is idle, station waits to see if medium remains idle for a time equal to IFS (interframe space). remains idle for a time equal to IFS (interframe space). If it is still idle, transmitIf it is still idle, transmitIf medium is busy (either initially found busy or If medium is busy (either initially found busy or
02/21/08 31TDC363-07
y ( y yy ( y ybecomes busy during IFS), station continues to listenbecomes busy during IFS), station continues to listenWhen medium becomes idle, station delays another When medium becomes idle, station delays another IFS. If it is still IFS. If it is still idleidle after IFS, station chooses a after IFS, station chooses a random backoff factor. When backoff counter reaches random backoff factor. When backoff counter reaches zero, transmit packet.zero, transmit packet.
CSMA/CA (DCF) CSMA/CA (DCF)
02/21/08 32TDC363-07
IEEE 802.11 Standard
MAC Level AcknowledgementMAC Level AcknowledgementSender Receiver
Frame1
ACK
F 2
02/21/08 33TDC363-07
Frame2
Frame2
TImeout
Question: what if data frame is OK but ACK is lost?
ACK
12
RTS/CTSRTS/CTS
An optional procedureAn optional procedureIt consumes a fair amount of resource and It consumes a fair amount of resource and introducers significant latency.introducers significant latency.
02/21/08 34TDC363-07
It is used only in network with highIt is used only in network with high--degree of degree of contention on transmission.contention on transmission.
Hand Shaking (optional)Hand Shaking (optional)
RTS
02/21/08 35TDC363-07
CTS
DataRTS: Request To SendCTS: Clear To SendACK: Acknowledgement
ACK
Network Allocation Vector (NAV)Network Allocation Vector (NAV)
Each RTS frame includes the duration of the Each RTS frame includes the duration of the time its needs to occupy the channel.time its needs to occupy the channel.NAV: a timer NAV: a timer to inform to inform other stations which other stations which h i NAV b f h ki if hh i NAV b f h ki if h
02/21/08 36TDC363-07
have to wait NAV before checking if the have to wait NAV before checking if the channel is free.channel is free.When a station sends RTS, other stations on the When a station sends RTS, other stations on the system start NAV. system start NAV.
13
Network Allocation Vector (NAV)
IEEE 802.11 Standard
02/21/08 37TDC363-07
Hidden Station ProblemHidden Station Problem
A B C
02/21/08 38TDC363-07
A talks to B. C does not know this communication and wants to talk to B.Collisions.
Hidden Station Problem (Solution)Hidden Station Problem (Solution)
B CA
02/21/08 39TDC363-07
RTSRTS
CTS
DataCTS/NAV
14
Busy MediumBusy Medium
Physically busyPhysically busy: a station senses the wireless : a station senses the wireless medium to determine if it is busy.medium to determine if it is busy.Virtually busyVirtually busy: a station receives a control : a station receives a control
02/21/08 40TDC363-07
message (RTS or CTS) which indicates the message (RTS or CTS) which indicates the wireless medium is busy for the duration of the wireless medium is busy for the duration of the NAV timer.NAV timer.
Point Coordination Function (PCF)Point Coordination Function (PCF)
Optional and implemented on top of DCFOptional and implemented on top of DCFA single AP controls access to the media, and a Point A single AP controls access to the media, and a Point Coordinator Agent resides in the AP. Coordinator Agent resides in the AP. AP polls each station for data, and after a given time interval AP polls each station for data, and after a given time interval moves to the next station.moves to the next station.
02/21/08 41TDC363-07
POLL is a control message sent from AP to individual stations.POLL is a control message sent from AP to individual stations.Guaranteed maximum latencyGuaranteed maximum latency
No stations are allowed to transmit unless it is pooled.No stations are allowed to transmit unless it is pooled.AP could have a priority scheme for stations.AP could have a priority scheme for stations.PCF is useful for PCF is useful for timetime--sensitivesensitive applications, but it …applications, but it …
New standard: 802.11e for Wireless Quality of Service (QoS)New standard: 802.11e for Wireless Quality of Service (QoS)
PCF (cont.)PCF (cont.)
02/21/08 42TDC363-07
NAV: network allocation vector
IEEE 802.11 Standard
15
Additional WLAN FeaturesAdditional WLAN Features
Positive AcknowledgementPositive AcknowledgementSequence ControlSequence Control
Wireless frame is guaranteed to beWireless frame is guaranteed to be
02/21/08 43TDC363-07
Wireless frame is guaranteed to be Wireless frame is guaranteed to be delivered in sequence, why do we need delivered in sequence, why do we need sequence control?sequence control?
FragmentationFragmentationErrorError--prone mediaprone media
IEEE 802.11bIEEE 802.11bFirst modification to the 802.11 standardFirst modification to the 802.11 standardHRHR--DSSS (High Rate DSSS) DSSS (High Rate DSSS)
Baker code (chipping code) and Complementary Code Keying (CCK)Baker code (chipping code) and Complementary Code Keying (CCK)Uses the 2.4 GHz band (ISM band)Uses the 2.4 GHz band (ISM band)
2.412 2.412 –– 2.4842.484Ch lCh l
02/21/08 44TDC363-07
Channel: Channel: up to 14 (channel bandwidth: 5 MHz per channel)up to 14 (channel bandwidth: 5 MHz per channel)NonNon--overlapping channel: 3overlapping channel: 3
Speed: 1 (Baker), 2 (Baker), 5.5 (CCK), and 11M bps (CCK) Speed: 1 (Baker), 2 (Baker), 5.5 (CCK), and 11M bps (CCK) Distance: 300 ftDistance: 300 ftInterference: cordless phone, microwave ovenInterference: cordless phone, microwave oven
IEEE 802.11aIEEE 802.11aHigher speed protocolHigher speed protocolTransmissions in the 5 GHz bandTransmissions in the 5 GHz bandSpread Spectrum Transmission: orthogonal frequency Spread Spectrum Transmission: orthogonal frequency division multiplexing (OFDM)division multiplexing (OFDM)D 6 9 12 18 24 36 48 54Mb MbD 6 9 12 18 24 36 48 54Mb Mb
02/21/08 45TDC363-07
Data rate: 6, 9, 12, 18, 24, 36, 48, or 54Mbps MbpsData rate: 6, 9, 12, 18, 24, 36, 48, or 54Mbps MbpsDistance: 60 ftDistance: 60 ftLess interference than 802.11bLess interference than 802.11bMore users per AP than 802.11b More users per AP than 802.11b More nonMore non--overlapping channels (8 vs. 3)overlapping channels (8 vs. 3)
16
IEEE 802.11gIEEE 802.11g
Two competing standards to improve 802.11bTwo competing standards to improve 802.11bCCK => PBCC, 22M bps (This is known as 802.11bCCK => PBCC, 22M bps (This is known as 802.11b+))DSSS => OFDM, 54M DSSS => OFDM, 54M
Frequency: 2.4 Frequency: 2.4 –– 2.483G Hz (same as 802.11b)2.483G Hz (same as 802.11b)Speed: up to 54M bpsSpeed: up to 54M bps
02/21/08 46TDC363-07
p p pp p pDistance: comparable to 802.11bDistance: comparable to 802.11b
Shorter distance at higher rateShorter distance at higher rateBackward compatible with 802.11bBackward compatible with 802.11bSpread Spectrum Transmission: OFDM (same as Spread Spectrum Transmission: OFDM (same as 802.11a)802.11a)
WLAN PerformanceWLAN Performance
802.11b802.11b 802.11a802.11a 802.11g802.11g
Link Rate Link Rate (max)(max)
11M bps11M bps 54M bps54M bps 54M bps54M bps
02/21/08 47TDC363-07
UDPUDP 7.1M bps7.1M bps 30.5M bps30.5M bps 30.5M bps30.5M bps
TCPTCP 5.9M bps5.9M bps 24.4M bps24.4M bps 24.4M bps24.4M bps
Ref. “WLAN Testing with IXIA IxChariot,” IXIA White Paper
The test was conducted in a lab environment, and the distance is expected to beless than 10m.
WLAN Performance (line rate)WLAN Performance (line rate)WLAN Performance
40
50
60
(Mbp
s)
02/21/08 48TDC363-07
0
10
20
30
0 100 200 300 400 500
Distance (ft)
Thro
ughp
ut (
802.11a
802.11g
802.11b
Data Source: Cisco Networking Professional On-Line Live Tech Talk
17
802.11n 802.11n –– example (Linksys WRT300N)example (Linksys WRT300N)
PrePre--N draft standardN draft standardMIMO technologyMIMO technology
Number of antennas: 3Number of antennas: 3
Backward compatible: 802.11b/gBackward compatible: 802.11b/g
02/21/08 49TDC363-07
2.4 GHz2.4 GHz
44×× range of 802.11grange of 802.11g12 12 ×× speed of 802.11gspeed of 802.11g
Line speed: Up to 250M bpsLine speed: Up to 250M bpsTCP performance: Up to 120MTCP performance: Up to 120M
Wireless LAN DesignWireless LAN Design
Frequency reuseFrequency reuseMax throughput for each userMax throughput for each userMinimize interferenceMinimize interference
02/21/08 50TDC363-07
SecuritySecurity
Very Bad Design Very Bad Design –– overlapping Channelsoverlapping Channels
CH 2CH 4 CH 1
02/21/08 51TDC363-07
CH 1 CH 11CH 3
18
Better Better –– but it would not work, why?but it would not work, why?still some channel overlappingstill some channel overlapping
CH 6CH 1
CH 11
02/21/08 52TDC363-07
CH 11 CH 1CH 6
Physical Coverage (II)Physical Coverage (II)(2M, 5.5M, and 11M)(2M, 5.5M, and 11M)
CH-1 CH-11CH-6
02/21/08 53TDC363-07
CH-11 CH-6 CH-1
RF Reuse (better design)RF Reuse (better design)
1
11
1
02/21/08 54TDC363-07
6
11
1
6
11
Hexagonal shape for each cell
19
WLAN SecurityWLAN SecurityService Set Identification (SSID)Service Set Identification (SSID)
For station associationFor station associationWired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)Shared key authenticationShared key authentication
Stations exchange the Stations exchange the keykey for encryption.for encryption.
02/21/08 55TDC363-07
RC4 encryption algorithmRC4 encryption algorithmKey: 40 bits or 128 bitsKey: 40 bits or 128 bits
User AuthenticationUser AuthenticationNot specified in 802.11.Not specified in 802.11.802.1X802.1XVPNVPN
WEP OperationWEP Operation
40-bit WEP Key
64-bit RC4
RC4Algorithm
RC4 Key Stream
24-bit IVIntegrity
check
02/21/08 56TDC363-07
Frame Header
IV Header
FrameBody
ICV Trailer
FCS
24-bit IV
IV: initialization vector ICV: integrity check value
4 bytes 4 bytes
randomly generated
WEP Key Distribution IssueWEP Key Distribution IssueKey is manually set in the driver.Key is manually set in the driver.The key cannot be protected from local users.The key cannot be protected from local users.When a user leaves the organization, technically When a user leaves the organization, technically you must change the key information on allyou must change the key information on all
02/21/08 57TDC363-07
you must change the key information on all you must change the key information on all stations.stations.
What if a station is stolen?What if a station is stolen?For a large organization, there is a need to For a large organization, there is a need to publishpublish the key which is a security problem.the key which is a security problem.
20
WEP Design IssueWEP Design Issue
“Weakness in the Key Scheduling Algorithm, “Weakness in the Key Scheduling Algorithm, “http://www.crypto.com/papers/others/rc4_ksaproc.pdf“http://www.crypto.com/papers/others/rc4_ksaproc.pdf
A weakness of RC4 in generating the keystream.A weakness of RC4 in generating the keystream.Hacker attack: using weak IV to attack a particular byte Hacker attack: using weak IV to attack a particular byte
02/21/08 58TDC363-07
of the secret portion of the RC4 key.of the secret portion of the RC4 key.The time to attack is a linear algorithm to the key The time to attack is a linear algorithm to the key length.length.This is a complete break for WEP.This is a complete break for WEP.
Solutions to Security IssueSolutions to Security Issue
NonNon--standard solutionsstandard solutionsLayer 3 Layer 3 –– VPNVPNLayer 4 Layer 4 –– IP Address Control and FirewallIP Address Control and FirewallL r 7L r 7 PrPr
02/21/08 59TDC363-07
Layer 7 Layer 7 ––ProxyProxyStandard solutionStandard solution
Extensible Authentication Protocol (EAP)Extensible Authentication Protocol (EAP)802.1X (including EAP)802.1X (including EAP)802.11i (including 802.1X)802.11i (including 802.1X)
VPN for WLAN (Layer3)VPN for WLAN (Layer3)
LAN
VPNGateway
Layer 2 tunnel over a layer 3 protocol
02/21/08 60TDC363-07
Wireless LAN LAN
VPN Tunnel IP
Ethernet RADIUSserver
IP
21
802.1X and EAP802.1X and EAP
Extensible Authentication Protocol (EAP) is an IETF Extensible Authentication Protocol (EAP) is an IETF standard and adopted by IEEE as the basis for 802.1X. standard and adopted by IEEE as the basis for 802.1X. It is called the port based network access control.It is called the port based network access control.It supports a mutual authentication processIt supports a mutual authentication process
STA and AP are authenticated to each other.STA and AP are authenticated to each other.
10/22/07 TDC564-0661
STA and AP are authenticated to each other.STA and AP are authenticated to each other.802.1X does not specify the key management, but most 802.1X does not specify the key management, but most implementations support a mechanism of dynamic key implementations support a mechanism of dynamic key management.management.
Extensible Authentication Protocol (EAP)Extensible Authentication Protocol (EAP)
EAP is an IETF standard and adopted by IEEE as the EAP is an IETF standard and adopted by IEEE as the basis for 802.1X. It is called the port based network basis for 802.1X. It is called the port based network access control.access control.EAP supports both wired and wireless authentication.EAP supports both wired and wireless authentication.
02/21/08 62TDC363-07
MD5 TLS TTLS LEAP
EAP
PPP 802.3 802.11
PEAP
802.5
TLS: Transport Layer Security TTLS: Tunnel TLS LEAP: Lightweight EAP PEAP: Protected EAP
802.1X802.1XPortPort--Based Network Access ControlBased Network Access Control
AuthenticationServer (AS)(RADIUS)AuthenticatorSupplicant
EAP overLAN
EAP overRADIUS
A i i
10/22/07 TDC564-0663
EAP Request/Identify
EAP Response/Identify
challenge
Response to the challengesuccess
Authenticator may set restrictions on the access.
Association
22
Protected EAP (PEAP)Protected EAP (PEAP)A secured A secured passwordpassword--basedbased authentication method.authentication method.Only the authentication server needs a certificate.Only the authentication server needs a certificate.AS sends a public key to the client.AS sends a public key to the client.The client generate a master encryption key and uses the public key to The client generate a master encryption key and uses the public key to encrypt the master key to the AS.encrypt the master key to the AS.This master key is used to establish a secure tunnel between AS and This master key is used to establish a secure tunnel between AS and
10/22/07 TDC564-06 64
y d b b w dy d b b w dthe client.the client.
Windows XPEAP
Configuration
802.11i Security Management802.11i Security Management
AuthenticationServer
(RADIUS)AuthenticatorSupplicant
EAP overLAN
EAP overRADIUS
02/21/08 65TDC363-07
Security discovery capability
802.1X Authentication
Key Management Key Distribution
Data Protection
802.11i Data Protection802.11i Data ProtectionTemporal Key Integrity Protocol (TKIP) Temporal Key Integrity Protocol (TKIP) –– WPA 1.0WPA 1.0
A wrapper around WEPA wrapper around WEPUse message Integrity Code (MIC) to check the integrity of the Use message Integrity Code (MIC) to check the integrity of the header informationheader informationUse MAC address to create unique key for each station.Use MAC address to create unique key for each station.Change temporal key every 10,000 packetsChange temporal key every 10,000 packets
bb dd
02/21/08 66TDC363-07
It is interoperable with WEPIt is interoperable with WEP--only deviceonly deviceAdvanced Encryption Standard (AEP) Advanced Encryption Standard (AEP) –– WPA 2.0WPA 2.0
Also known as CCMP (Counter Mode with CBCAlso known as CCMP (Counter Mode with CBC--MAC MAC Protocol)Protocol)This is to completely replace WEP.This is to completely replace WEP.It offers the strongest data protection, conforming to the It offers the strongest data protection, conforming to the government standardgovernment standardIt requires a new chip and won’t work with existing devices.It requires a new chip and won’t work with existing devices.
23
New Product: Wireless SwitchNew Product: Wireless Switch
What is the issue?It is not cost effective to implement 802.1X on all Access points. It is also a management issue.
Wireless Switch
02/21/08 67TDC363-07
RADIUSAuthenticator
Supplicant
Note that the wireless switch supports 802.1X, but does not support 802.11 as it does not have any wireless link.
Example: http://www.symbol.com/WS5000/
Other Wireless TechnologiesOther Wireless TechnologiesBluetooth™ Bluetooth™ -- IEEE 802.15.1 IEEE 802.15.1
short distance short distance (<10m(<10m), low data rate ), low data rate (<1M(<1M), ), low power low power consumptionconsumption
Ultra Wideband (UWB) Ultra Wideband (UWB) –– IEEE 802.15.3aIEEE 802.15.3aShort distance, muchShort distance, much higher data rate than Bluetoothhigher data rate than BluetoothShort distance, much Short distance, much higher data rate than Bluetooth higher data rate than Bluetooth (>>100M)(>>100M)
ZigBeeZigBee –– IEEE 802.15.4IEEE 802.15.4Cheaper and lower data rate than BluetoothCheaper and lower data rate than Bluetooth
WiMAX WiMAX –– IEEE 802.16IEEE 802.16long distance (up to 30 miles), pointlong distance (up to 30 miles), point--toto--point connection (not point connection (not broadcast), flexible data rates (1M to 75M)broadcast), flexible data rates (1M to 75M)
02/21/08 68TDC363-07
Review QuestionsReview QuestionsWhat are the advantages of wireless LAN?What are the advantages of wireless LAN?What is spread spectrum and why is it needed? What What is spread spectrum and why is it needed? What are different methods of spread spectrum used in are different methods of spread spectrum used in 802.11?802.11?Is there collision on WLAN (802.11)? If yes, can you Is there collision on WLAN (802.11)? If yes, can you detect it? How do you resolve the issue of collision?detect it? How do you resolve the issue of collision?
02/21/08 69TDC363-07
yyCan you use CSMA/CD for WLAN? Why?Can you use CSMA/CD for WLAN? Why?Illustrate the two operational modes of 802.11.Illustrate the two operational modes of 802.11.Describe the differences between DCF and PCF.Describe the differences between DCF and PCF.How many MAC addresses are in the 802.11 frame? How many MAC addresses are in the 802.11 frame? Describe how these addresses are used (four Describe how these addresses are used (four scenarios).scenarios).
24
Review Questions (cont.)Review Questions (cont.)Given a network diagram, show the address Given a network diagram, show the address information in the MAC frames at wireline and information in the MAC frames at wireline and wireless links.wireless links.What is the problem of hidden station and what is the What is the problem of hidden station and what is the solution to this problem?solution to this problem?Wh h bl i h WEP?Wh h bl i h WEP?
02/21/08 70TDC363-07
What are the problems with WEP?What are the problems with WEP?What are the solutions to address the problems with What are the solutions to address the problems with WEP? WEP? What is EAP? How is it used in wireless LAN?What is EAP? How is it used in wireless LAN?What are the two encryption methods of 802.11i?What are the two encryption methods of 802.11i?
Review Questions (cont.)Review Questions (cont.)
Compare 802.11a and 802.11g. Compare 802.11a and 802.11g. What are the differences between WAP, What are the differences between WAP, wireless bridge, wireless repeater, and wireless wireless bridge, wireless repeater, and wireless switch? Draw a network diagram to show howswitch? Draw a network diagram to show how
02/21/08 71TDC363-07
switch? Draw a network diagram to show how switch? Draw a network diagram to show how each one is used.each one is used.
Top Related