The IEEE 802.11 standard Imad Aad INRIA, Planete team IN Tech, May 31st, 2002 IEEE 802.11 p.1
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.2
WLANs vs. Wired LANs No wires Mobility Scarse bandwidth (?) Multipath, pathloss, interference / noise BER Obstacle 1 s1 Tx s0 Rx s s2 s0 + s1 + s2 Obstacle 2 IEEE 802.11 p.3
WLANs vs. Wired LANs No wires Mobility Scarse bandwidth (?) Multipath, pathloss, interference / noise LOS BER No LOS Average received power α =2 α =4 Average received power α =2 15 25 db drop α =4 6 Distance Distance IEEE 802.11 p.3
WLANs vs. Wired LANs IEEE 802.11 p.3
WLANs vs. Wired LANs No wires Mobility The hidden node problem Scarse bandwidth (?) Multipath, pathloss, interference / noise Protection / Privacy BER IEEE 802.11 p.3
WLANs vs. Wired LANs IEEE 802.11 p.3
WLANs vs. Wired LANs Application layer Network layer LLC sub layer MAC sub layer PHY layer IEEE 802.2 IEEE 802.11 IEEE 802.3 IEEE 802.11 p.3
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.4
History 1970s: ALOHA 1972: Slotted ALOHA IEEE 802.11 p.5
History 1970s: ALOHA 1972: Slotted ALOHA 1975: Carrier Sense Multiple Access (CSMA) non persistent p-persistent IEEE 802.11 p.6
History 1970s: ALOHA 1972: Slotted ALOHA 1975: Carrier Sense Multiple Access (CSMA) non persistent p-persistent CSMA with collision detections (CD): Ethernet (1976) CSMA w/ coll. avoidance (CA): IEEE 802.11 (1997) IEEE 802.11 p.7
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.8
Working modes Ad-hoc mode vs. Infrastructure mode (IS) Independent BSS (IBSS), Basic Service Set (BSS), Extended Service Set (ESS) IBSS IEEE 802.11 p.9
Working modes Ad-hoc mode vs. Infrastructure mode (IS) Independent BSS (IBSS), Basic Service Set (BSS), Extended Service Set (ESS) Acess Point (AP) BSS IEEE 802.11 p.9
Working modes Ad-hoc mode vs. Infrastructure mode (IS) Independent BSS (IBSS), Basic Service Set (BSS), Extended Service Set (ESS) AP1 AP2 AP3 ESS Distribution System (DS) Handoff on the MAC sub-layer IEEE 802.11 p.9
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.10
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) PCF: Polling Coordination Function (in IS mode, optional) IEEE 802.11 p.11
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) - Basic machanism ( ) DIFS Time Source (Tx) Destination (Tx) CW Data SIFS ACK DIFS Other NAV Contention Window Defer access = NAV+DIFS Backoff IEEE 802.11 p.11
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) - The hidden node problem A B C IEEE 802.11 p.11
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) - RTS/CTS mechanism ( ) DIFS SIFS Time Source (Tx) RTS SIFS Data SIFS Destination (Tx) CTS ACK DIFS Other NAV (RTS) NAV (CTS) CW NAV (data) Defer access Backoff IEEE 802.11 p.11
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) - Fairness?... depends on scenario - QoS?... not yet... wait for 802.11e IEEE 802.11 p.11
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) PCF: Polling Coordination Function (in IS mode, optional) CFP repetition interval CFP repetition interval CFP CP CFP CP B PCF DCF B PCF DCF SIFS SIFS SIFS PIFS SIFS CP B D1+Poll D2+ACK+Poll D3+ACK+Poll D4+Poll CF End U1+ACK U2+ACK U4+ACK PIFS SIFS SIFS SIFS IEEE 802.11 p.11
MAC sub-layer Packet fragmentation Fragment burst Time SIFS SIFS SIFS SIFS SIFS SIFS DIFS Src. (Tx) Fragment 0 Fragment 1 Fragment 2 CW Dest. (Tx) ACK0 ACK1 ACK2 Other NAV (CTS) NAV (fragment 0) NAV (fragment 1) NAV(fr.2) Other NAV (ACK0) NAV (ACK1) IEEE 802.11 p.11
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.12
The PHY layer (1997) Application layer Network layer LLC sub layer MAC sub layer PHY layer 3 PHY types: DSSS (most products) FHSS (less products) IR (unknown products) IEEE 802.11 p.13
** (( && $$ ""..,, 44 :: 88 22 66 00 The PHY layer (1997) the EM spectrum allocation +**+ )(() '&&' %$$% #""#!! Infrared Visible UV X rays Gamma rays 1 KHz 1 MHz 1 GHz 1 THz 1 PHz 1 EHz Freq. LF (AM radio) MF (SW radio) (FM radio TV) (TV Cell.) HF VHF UHF SHF /../ -,,- 30 KHz 300 KHz 3 MHz 30 MHz 300 MHz 3 GHz 30 GHz Freq. 445 889 223 001 ISM 667 U NII ::; 902 MHz 928 MHz 2.4 GHz 2.4835 GHz 5.725 GHz 5.785 GHz Freq. Cordless phones Baby monitors (old) Wireless LANs IEEE 802.11(b) Bluetooth Microwave ovens IEEE 802.11a Hiperlan II IEEE 802.11 p.13
The PHY layer (1997) DSSS (Direct Sequence Spread Spectrum) FHSS (Freq. Hopping Spread Spectrum) IR (Infra Red) IEEE 802.11 p.13
The PHY layer (1997) DSSS: principle 1 bit period Scrambled 1 0 Data 1 0 1 1 0 1 1 1 0 0 0 11 chips Periodic 11 Bit Barker code mod 2 adder 0 1 0 0 1 0 0 0 1 1 1 Carrier modulator Note: single code (11-chips) multiple access?... no security?... no IEEE 802.11 p.13
The PHY layer (1997) DSSS: principle Transmitter baseband signal before spreading 1 bit period Scrambled 1 0 Data 1 0 1 1 0 1 1 1 0 0 0 11 chips Periodic 11 Bit Barker code mod 2 adder 0 1 0 0 1 0 0 0 1 1 1 Carrier modulator Transmitter baseband signal after spreading IEEE 802.11 p.13
The PHY layer (1997) DSSS: principle @ Transmitter @ Receiver before spreading after spreading before despreading after despreading narrowband interference IEEE 802.11 p.13
The PHY layer (1997) PSK (Phase Shift Keying) Data x spreading code 0 0 1 1 0 S 0 time S(t) = A sin ( 2πω t + ϕ(t)) ϕ = 0 IEEE 802.11 p.13
The PHY layer (1997) DPSK (Differential PSK): no reference signal needed Data x spreading code 0 0 1 1 0 S 0 time S(t) = A sin ( 2πω t + ϕ(t)) IEEE 802.11 p.13
D D CD CD C C A A The PHY layer (1997) DSSS: modulation DBPSK DQPSK 90 (11) CCD D (0) (1) (00) (01) =<>=< @?>@? FE>FE 0 180 0 180 (10) 270 B BAA>B B HG>HG 1 Mbps 2Mbps IEEE 802.11 p.13
The PHY layer (1997) DSSS: Spectrum @ modulator output 0dBr 30dBr 50dBr fc 22MHz fc 11MHz fc fc + 11MHz fc + 22MHz IEEE 802.11 p.13
The PHY layer (1997) in France (few months ago): allowed channels (ch.10) 2.457 MHz (ch.11) 2.462 MHz (ch12) 2.467 MHz (ch13) 2.472 MHz IEEE 802.11 p.13
The PHY layer (1997) in France (few months ago): maximum channel separation (ch.10) 2.457 MHz (ch13) 2.472 MHz IEEE 802.11 p.13
in Europe The PHY layer (1997) (ch.1) 2.412 MHz (ch13) 2.472 MHz IEEE 802.11 p.13
I L KJ L KJ The PHY layer (1997) Transmission power GSM wave IEEE oven 802.11 Typical 100 mw - 600 mw 0.2mW/ 6.3 mw Regulations 1-5 mw/ 100 mw @ 5cm (Eur.) IEEE 802.11 p.13
The PHY layer (1997) DSSS (Direct Sequence Spread Spectrum) FHSS (Frequency Hopping Spread Spectrum) IR (Infra Red) IEEE 802.11 p.13
Z[ [ ^ The PHY layer (1997) FHSS Modulation: GFSK binary 0/1: (for 1 Mbps) 00, 01, 10, 11: (for 2 Mbps) M N sequence = : tables : 3 sets WV QSR P MON QSR PT MON V W]\ V WYX MOU Fast-FH vs. Slow-FH: min 2.5 hops/s Bluetooth interference?... YES bc W]\ _K^ V`a (France) IEEE 802.11 p.13
The PHY layer (1997) DSSS (Direct Sequence Spread Spectrum) FHSS (Freq. Hopping Spread Spectrum) IR (Infra Red) IEEE 802.11 p.13
d d d The PHY layer (1997) Infra Red (IR) Pulse Position Modulation (PPM) 1 Mbps: 4 data bits 2 Mbps: 2 data bits 16-PPM symbol 4-PPM symbol Data bits 4 PPM symbol 00 0001 1 0 1 1 Data 01 0010 10 11 0100 1000 fg fg fg fg de e e e 1 0 0 0 0 1 0 0 Txed Pulse IEEE 802.11 p.13
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.14
PHY Extensions (1999) IEEE 802.11b: 2.4 GHz. 1Mbps, 2Mbps, 5.5Mbps 11 Mbps. High Rate DSSS Modulation: (backward compatible)dbpsk, DQPSK Complementary Code Keying (CCK) + DQPSK, (opt.) Packet Binary Convolutional Coding (PBCC) + (BPSK,QPSK) Currently the most widely used one IEEE 802.11 p.15
PHY Extensions (1999) IEEE 802.11a: 5.7 GHz, 6 Mbps 54 Mbps!! OFDM (Orthogonal Frequency Division Multiplexing) Principle: High-rate data is devided into several lower rate binary signals. Each low-rate signal modulates a different sub-carrier (48) Sub-carrier sets are orthogonal. Modulation: BPSK, QPSK, 16QAM and 64QAM FEC: Convolutional encoding needed (Viterbi) Close to Hiperlan 2 specs. coming soon IEEE 802.11 p.15
PHY Extensions (1999) Data In Signal Mapper S/P Add virtual Carriers IFFT P/S Add Pre/ Postfix p(t) Data Out P/S Equalizer/ Detector Rem virtual Carriers FFT S/P Rem Pre/ Postfix Matched Filter IEEE 802.11 p.15
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.16
Security WEP (Wired Equivalent Privacy) Key Key Plaintext Encryption Cyphertext Decryption Original Plaintext Eavesdropper IEEE 802.11 p.17
Security WEP (Wired Equivalent Privacy) IV Initialization Vector (IV) Secret Key Seed WEP PRNG Key Sequence XOR Ciphertext Plaintext Message Integrity Algo. Integrity Check Value (ICV) IEEE 802.11 p.17
Security WEP (Wired Equivalent Privacy) default keys / established keys 40-128 bit key Algorithm: RC4 (symmetric stream cypher) Cracking tools: WEPcrack, AirSnort: if 100MB-1GB of data can be gathered then one can guess the encryption password in less than a second!! Access control table?... inefficient Network ID?... inefficient IEEE 802.11 p.17
Conclusion it works! looks just like ethernet to higher layers no QoS support... yet. limited security management. Planete team: http://www.inrialpes.fr/planete Imad AAD: imad.aad@inrialpes.fr IEEE 802.11 p.18