ieee 802.11 wireless lans presented by peng ge september 12, 2001

49
IEEE 802.11 Wireless LANs Presented by Peng Ge September 12, 2001

Upload: virgil-harris

Post on 27-Dec-2015

220 views

Category:

Documents


1 download

TRANSCRIPT

IEEE 802.11 Wireless LANs

Presented by Peng Ge

September 12, 2001

Wireless LAN v.s. Wired LAN

Similarity• From the beginning, 802.11 was designed to look and feel

like other IEEE 802 wired LAN

• 802.11 operates under 802.2 LLC layer (same as 802.3)

Difference• using air link (that is, no real link)

– Everything around is either a reflector or an attenuate of the signal

– location-dependent: some change in position can cause large changes in the received signal strength

– security problem: packets broadcast in air

• Mobility– protocols to deal with mobility : DHCP, mobile-IP

– no fixed physical location, “what is the nearest printer?”

History of IEEE 802.11

The first version was adopted in 1997• MAC sub-layer

• MAC management protocols and services

• Three physical layers: all operate on 1M or 2Mbps– infrared-based PHY

– Frequency Hopping Spread Spectrum (FHSS) radio in 2.4GHz

– Direct Sequence Spread Spectrum (DSSS) radio in 2.4GHz

Revised in 1999, add 2 new PHY layers• Orthogonal Frequency Domain Multiplexing (OFDM)

– 802.11a, radio in UNII bands, delivering up to 54Mbps

• extension to DSSS PHY – 802.11b, in 2.4GHz, delivering up to 11Mbps

IEEE 802 Architecture

Overview

IEEE 802.11 Architecture and ServicesMedium Access ControlMAC ManagementThe Physical layer

Component in 802.11 Architecture

Station : mobile/portable/stationary node• provide station-services :

– authentication, de-authentication, privacy, and delivery of data

Basic Service Set (BSS)• a group of stations connect to each other

• Independent BSS (IBSS) : no connection to wired network– e.g., short-lived ad-hoc network

– no relay function in an IBSS(in MAC layer)

• when a BSS includes a Access Point (AP)– it’s no longer independent.

– called Infrastructure BSS, or BSS

Component in 802.11 Architecture

Access Point (AP)• A station provides distribution services

• All mobile stations communicate with AP

• AP provides connection to wired LAN if any, and local relay function in BSS

• A little waste for local communication – up-link and down-link consume twice of bandwidth

– benefits outweigh the cost, such as

» buffering at AP when the station is in low power state

Component in 802.11 Architecture

Extended Service Set (ESS)• a set of BSSs while APs communicate among themselves to

forward traffic and to facilitate the mobility

• Distribution System (DS) : – an abstract medium for the communication among APs

– 802.11 didn’t define how to implement DS

» APs from different vendors may not be used in one ESS

» could be wired LAN (802.3), or purpose-built box

Services• Station services :

– authentication, de-authentication, privacy, delivery of data

• Distribution services : – association, re-association, de-association, distribution, integration

Station ServicesAuthentication

• to prove the identity of one station to another

De-authentication• to eliminate a previously authorized user from further use

Privacy• to provide an equivalent level of protection for data on

WLAN as that provided by Wired network

Delivery of data• similar to other 802 LANs

• to provide reliable delivery of data frames in MAC layers, with minimal duplication and minimal reordering.

Distribution ServicesAssociation

• to make a logical connection between mobile station and AP

Re-association• similar to association, except including the info about

previously associated AP (for roaming, data forwarding, etc.)

De-association• either to force a mobile node to associate or just announce

the association is no longer available/required

Distribution• An AP to determine how to deliver the frames

– within its own BSS, into DS to another AP, outside WLAN

Integration• translation between 802.11 frames and other LAN frames

Interaction between some services

State 1:Unauthenticated,

Unassociated

State 2:Authenticated,Unassociated

State 3:Authenticated,and Associated

Successful Authentication

Successful Association or Re-Association

De-AuthenticationNotification

De-AuthenticationNotification

Class 1Frames

Class 1 & 2Frames

Class 1, 2 & 3Frames

De-AssociationNotification

Interaction between some servicesEach station maintains 2 variables

• state of authentication and state of association– A station may be authenticated with many stations simultaneously– A station may be associated with only one other station at a time

• Multiple instances of the variables are needed– to maintain a unique copy for each station it communicates

If a station is a part of an IBSS (ad hoc)• it’s allowed to implement data service in state 1

– because neither authentication nor association is used in IBSS, no station can leave state 1

A station must react to every frame it receives• even if the frame type is not allowed for a particular state• A state 1(2) station will send back de-authentication(de-

association) upon receiving an illegal frame, to force the other station transit to proper state

Overview

IEEE 802.11 Architecture and ServicesMedium Access ControlMAC ManagementThe Physical layer

MAC functionalityTo provide reliable data delivery service

• through a frame exchange protocol at MAC level

• Reliability is improved as compared to earlier WLANs

To fairly control access to the wireless medium• Distribution Coordination Function : basic access

• Point Coordination Function : centrally controlled access

To protect the data it delivers• a privacy service, Wired Equivalent Privacy (WEP)

• the same level of protection the data might have on a wired LAN that prevents unauthorized connection

MAC Frame Exchange ProtocolThe minimal protocol has two frames

• The two frames are an atomic unit of the MAC protocol• The frame will be retransmitted if ACK is missing

– reduce the inherent error rate at the cost of extra bandwidth

• more efficient in MAC layer than in higher layer– to determine the lost packet, higher layer timeout is often in seconds

Snd Rcvframe

ACK

Hidden Node Problem

A B C

MAC Frame Exchange ProtocolTwo more frames to solve Hidden Node Problem

• Request To Send (RTS) and Clear To Send (CTS)

To address the Hidden Node Problem

Snd Rcvframe

ACK

RTSCTS

• The four frames are an atomic unit– if fails at any point, the station can recover and regain control of the medium in

minimum time

RTS

Area clearedby RTS

CTS

Area clearedby CTS

AB C

MAC Frame Exchange Protocoldot11RTSThreshold attribute (0-2339)

• The value defines the minimum length of the frame that RTS and CTS are required before sending the frame.

– all frames with greater length use 4-way protocol– all frames with equal or less length use 2-way protocol– In some cases, 4-way protocol is unnecessary, such as

» low bandwidth demand» concentrated area where everyone can hear the others.

Retry counters• long retry counter and short retry counter

– long or short? Compare the frame length with dot11RTSThreshold– each retransmission will increment the corresponding retry counter– the frame has to be discarded if the retry counter reaches the limit

• There is also a lifetime timer associate with each frame

MAC Basic Access MechanismCSMA/CA with binary exponential backoff

• Carrier Sense Multiple Access– partly implemented by a physical sensing mechanism by PHY layer– Network Allocation Vector (NAV)

» a value that indicates to a station the amount of time it remains before the medium become available to use

» to provide a virtual carrier sensing» a station may avoid transmitting, even when medium seems free

• CA(Collision Avoidance) instead of CD(Collision Detection)– Wireless device can hardly send and receive at the same time

• Contention Window in Binary Exponential Backoff– When the transmission is deferred because the medium is busy, sender

waits a random time within “contention window”– Contention window double its size every time the sender is deferred– Contention window reset to minimal size when transmission succeed

Timing Intervals5 timing intervals recognized by 802.11 MAC

• 2 basic intervals determined by PHY– Short Inter-Frame Space (SIFS) – Slot Time– SIFS < Slot Time, but they are close.

• 3 additional intervals– Priority Inter-Frame Space (PIFS) = Slot Time + SIFS

» used in PCF– Distributed Inter-Frame Space (DIFS) = Slot Time + SIFS * 2

» used in DCF– Extended Inter-Frame Space (EIFS)

» much larger than any other intervals» used when a frame received by MAC contains error, allowing

MAC frame exchange protocol to complete correctly

DCF Operation

When MAC is about to send a frame,• it checks if the medium is not in use for an interval of DIFS

(EIFS if last frame received contained errors)– if in use, the MAC will

» choose a backoff number and double the contention window» increment the appropriate retry counter

• Otherwise, every interval of slot time the medium is idle, MAC will decrement the backoff value.

• Once backoff interval expires, the frame is transmitted– if no ACK received, assume collision, backoff again

• till the transmission is successful or is cancelled.

End of Previous Transmission

NextTransmission

DIFSSlot time

PCF OperationPCF uses a “Poll and Response” protocol

• to eliminate the possibility of contention for the medium• PCF is built over DCF, they can operate simultaneously

– PCF uses PIFS to seize and keep the medium (PIFS < DIFS)

• A Point Coordinator (PC) controls PCF– the PC is always located in an AP

» stations request PC to register them on a polling list» PC regularly polls the stations for traffic and delivers traffic to

– PC begins a Contention-Free Period (CFP) periodically» medium is completely controlled by PC, no DCF allowed

– PC sends out a Beacon frame to notify the other stations » the Beacon provided the maximum length of the coming CFP» All stations have to update their NAV so that DCF is prohibited

– PC ensures that the interval between frames is no longer than PIFS» another way to prevent DCF from gaining access to the medium

PCF Operation

– PC expects a response frame in SIFS after sending a Poll» If no response in SIFS, PC will send its next frame in PIFS

– PC will send a CF-End frame to conclude the CFP

• To make the use of the medium more efficient, it’s possible to piggyback both ACK and CF-Poll onto data frames

– station to PC: data frame with ACK of last frame received– PC to station: CF-Poll, ACK, and data can be in one frame

• After the CF-End is heard, each station reset its NAV– DCF starts working

Data+ CF-Poll

Data+ CF-Ack from station 1

Data+ CF-Ack+CF-Poll to station 2

ACK from station 2

SIFS

PIFS

CF-Poll to station n

Data+CF-Poll to station n+1

CF-End

Control Frame subtypes6 control frame subtypes

• request to send (RTS) and clear to send (CTS)» 20 bytes for RTS, 14 bytes for CTS

– duration information of coming traffic, allow other stations to update their NAV, to prevent the collision

• acknowledgement (ACK) 14 bytes– as a receipt, no need of retransmission– in fragmentation, ACK contains the duration information of next

fragment, act like a CTS

• power save poll (PS-Poll) 20 bytes– to request an AP to deliver a frame buffered when this station was

in power-saving mode

• contention-free end (CF-End) 20 bytes– to conclude a CFP by PC, let stations to compete the medium

• contention-free end plus ACK (CF-End+ACK) 20 bytes– combination of two frame subtypes

Data Frame subtypes8 data frame subtypes

– variable length frame: 29-2346 bytes

• Data– encapsulate the upper layer protocol packet

• Data+CF-ACK, Data+CF-Poll, Data+CF-ACK+CF-Poll– sent only during CFP, never used in IBSS– combination of frames, which may target to different stations

• Null function (no data)– Zero data length, but needed to complete the frame exchange– The sole purpose of the frame is to carry “power management” BIT

• CF-ACK (no data)– more efficient if use ACK control frame (14 bytes v.s. 29 bytes)

• CF-Poll (no data), CF-Poll+CF-ACK (no data)

Management Frame subtypes11 management frame subtypes

• Beacon – transmitted periodically for others to locate and identify a BSS– also convey information of buffered frame for stations– Other information includes

» service set identity (SSID), supported rates, PHY parameters,...

• Probe Request – transmitted by a mobile station to quickly locate an 802.11 WLAN– either locate a WLAN with a particular SSID, or locate any WLAN

» Our SSID is “tsunami”

• Probe Response– In IBSS, the station who sent the latest Beacon answers the request– In BSS, AP always answers the Probe Request– A Probe Response is similar to a Beacon

Management Frame subtypes• Authentication

– to conduct a multi-frame exchange stations– The ultimately result is the verification of the identity to each other

• De-authentication– notify the termination of an authentication relationship

• Association Request and Response– for a mobile station to join the BSS, and the result

• Re-association Request and Response– Association Request with additional information of current AP– Re-association Response is the same as Association Response

• De-association– notify the termination of an association relationship

• Announcement Traffic Indication Message (ATIM)– A mobile station in IBSS to notify others that it has frame buffered

to a target mobile station who may be in low power mode.

Privacy in IEEE 802.11 MACWired Equivalent Privacy

• A wired LAN has to be physically compromised (tap line)– A WLAN can be compromised by anyone with an antenna – WEP provides the same security as wired LAN

• The frame body of the data frame is encrypted– by RC4, developed by RSA Data Security, Inc.

» a symmetric stream cipher that support variable length key» RC4 supports up to 256 bytes key. 802.11 has chosen 40 bits.

– No encryption for frame header and other frame types.» Protect only the content of data frame» Vulnerable to other threats, like traffic analysis

• Key distribution or key negotiation is not included in 802.11 Two ways to select a key for use

– up to 4 default keys, or– a station to establish a key-mapping with another station

Fragmentation in 802.11 MACdot11FragmentationThreshold attribute(256-2338)

• Default value is such that no frame will be fragmented• A frame is divided into fragments according to threshold• When a frame is fragmented, “more fragment” bit is used• Subsequent fragment is sent out immediately upon receiving

previous fragment’s ACK» no competition for medium, “fragment burst”

Source

Destination

RTS

CTS

Fragment 0

ACK 0

Fragment 1

ACK 1

SIFS

General Frame Format

Frame Control field (16bits)• frame type and subtype: control, data, management• To DS bit and From DS bit

– 00: direct communication between two mobile stations– 01 or 10: a frame sent from AP to mobile station, or the opposite– 11: wireless DS, sharing the medium with BSS, from AP to AP

• Other 1-bit sub-fields– More Data: There is at least one frame buffered here– More Fragment : This isn’t the last fragment in the fragmented frame– Retry: This is the retransmission, instead of first-time transmission– Power management: The station will enter low power mode, and

won’t be available– WEP: The frame body is encrypted using WEP algorithm– Order: The content of data frame is provided to MAC with a request

of strictly ordered service

General Frame Format

Duration/ID field (16bits)• Association ID (AID) in PS-Poll frame subtype

– 0-2007, the ID a mobile station got when Association– A Beacon includes Traffic Indication Map (TIM), up to 256 bytes,

to tell who have buffered frame in AP» each bit in TIM corresponding to a mobile station’s AID

• Duration Information to update NAV, in other frame types– the length of the time the medium will be used after this frame– 32768 (1 for highest bit, 0 for others) for all frames sent in CFP

» No station can interfere with CFP– 0 for all multicast data frames

» There is no response in multicast

Address fields (IEEE 48-bit format for each)• up to 4 addresses: source, destination, receiver, transmitter,

or BSSID

General Frame Format

Sequence Control field• Sequence Number subfield (12bits)

– 0 to 4095 and wrap around.– Incremented after assignment to each MSDU

• Fragment Number subfield (4bits)– incremented after assignment to each fragment

Frame Body field• variable length field, can be as long as

– 2304 bytes without WEP, 2312 bytes with WEP– 2304 was chosen to allow application send 2048-byte pieces of data

Frame Check Sequence field (32bits)• applying CCITT CRC-32 polynomial to MAC header and

frame body• The same used in other IEEE 802 LAN standards

Overview

IEEE 802.11 Architecture and ServicesMedium Access ControlMAC ManagementThe Physical layer

MAC Management

The first in 802.x to include MAC management• 802.11 WLAN has more complex the environment

– Many other users to share the medium» Microwave Oven operates in 2.4GHz band (because one

excitation frequency of water molecule lies in that band)» Radio frequency ID (RFID) tag uses microwave power, i.e.

tracking retail inventory, identify rail cars, …» Other WLANs than 802.11 that share the medium» Other 802.11 WLANs that share the medium

– Security: the medium is connectable to anyone– Mobility: to provide the reliable service like wired LAN– Power management: to save the battery life.

• Defined MAC management capabilities in 802.11– Authentication, Association, Address filtering, Privacy, Power

management, and Synchronization

MAC Management

Authentication• for one station to prove its identity to another station

– frame exchanges: questions, answers, and results

• Two authentication algorithm available– Open system authentication

» always return “success” as the result– Shared key authentication

» depends on both stations share the same WEP key» encrypt and decrypt a “challenge text” to prove it owns the key

• There is no limit on the number of authentication.– one station can pre-authenticate with many stations

• Usually a AP initiate the authentication to a mobile station– assumed AP has a more privileged position– some subtle security problem

» A rogue AP can adopt the SSID, take the place of old AP, and intercept the content of frames in plain text.

MAC Management

Association• to provide transparent mobility to stations

– Association is the process of a mobile station “connecting” to AP– only after a successful authentication– Only one association is permitted for each station– Once associated, AP is responsible for forwarding the data frames

• The procedure of association– Mobile station send a request, including its information

» data rate supported, contention-free abilities, support of WEP … – AP decides to grant or deny the service request

» 802.11 doesn’t define what policy the AP should use

• Re-association– DS must maintain the location of each mobile station– association request + last AP address– New AP contacts old AP, gets buffered data frame, terminates the old

association

MAC Management

Address filtering (MAC function)• more complicated than other 802 LANs

– not only based on destination address

• each data/management frame has at least 3 addresses– and a BSS identifier (BSSID)

• A station must use addresses and BSSID when making receive decisions, according to the standard

– Filtering on BSSID is important to minimize the multicast frames with which the station must deal

Privacy (MAC function)• WEP mechanism, as described earlier

MAC Management

Power management• the most complex part in 802.11 standard

– allows mobile stations to enter low power modes» turn off receiver and transmitter to conserve power

– Two different mechanism for IBSS and BSS, respectively

• Independent BSS– The station enters low power state after notifying another station– This station must wake up periodically to receive the beacon, and

stay awake for a period after the beacon, called “ad hoc traffic indication message(ATIM) window”

– A station who wants to send to a low-power station should use ATIM to inform the targeted receiver

– The receiver should acknowledge it and stay awake till next ATIM window

» In multicast, no ACK expected, each receiver must stay awake till next ATIM window

MAC Management

Power management• Infrastructure BSS

– each station should inform AP, in association request, the number of the beacon periods that the station will be in low power mode

– Each beacon includes Traffic Indication Map(TIM)» data frame will remain buffered no less than the number of

beacon periods determined in association– for multicast, AP will send out the frame right after the Beacon

» a station to join multicast must wake up every beacon period– An AP that is running CFP will use CFP to deliver buffered frames

to stations that are CF-Pollable» it may also use CFP to deliver multicast frame

• Power saving is deeper in Infrastructure BSS than in IBSS– station is not required to wake up every beacon period– it doesn’t have to stay awake after the beacon

MAC Management

Synchronization• the process of stations in a BSS getting in step to each other

– to allow support of PHY layers that use time-based mechanisms» e.g., frequency hopping

– the process involves » beaconing, to announce the presence of a BSS, and» scanning, to find a BSS

– the process is entirely distributed

• Timer Synchronization Fucntion (TSF)– maintains a 64-bit timer running at 1MHz, synchronized by beacons– current TSF timer = the value in beacon + processing time

• Independent BSS– each beacon contains the TSF timer of the sender– TSF timer can only be incremented– All stations will synchronize to the fastest timer in BSS, eventually

MAC Management

Synchronization• Infrastructure BSS

– only AP sends beacon, so all stations synchronize to AP‘s timer

• Beacon frame may not be received by some stations– may be delayed, from competing the medium– The broadcast of beacon may be corrupted, and no retry is attempted– There is no degradation to the WLAN operation

• Scanning– passive scanning: switch to a channel, and listen for beacon

» save the power, take longer time if no BSS in current channel– active scanning: switch to a channel, send a probe request, and wait for

the beacon or probe response» save the time to find a BSS, need more power

• Join a BSS– after finding a BSS, synchronize all MAC and PHY parameters with th

e BSS, and start to use the service

Overview

IEEE 802.11 Architecture and ServicesMedium Access ControlMAC ManagementThe Physical layer

PHY Layer

To provide 3 levels of functionality• Physical layer convergence procedure (PLCP) sub-layer

– controls frame exchange between the MAC and PHY

• Physical medium dependent (PMD) sub-layer – transmit data frames over the medium

• PHY provides a carrier sense indication back to MAC– to verify the activity on medium

MAC Layer

PLCP Sub-layer

PMD Sub-layerPHY Layer

DSSS PHYDirect Sequence Spread Spectrum

• one of three PHY layers defined in IEEE 802.11– operates at 2.4GHz band

• PLCP protocol data unit (PPDU) in DSSS– PLCP preamble and PLCP header: are always sent at 1Mbps– MAC protocol data unit (MPDU) may be sent in 1 or 2Mbps

• Each DSSS channel occupies 22MHz of bandwidth– 11 channels available in North America, with 5MHz intervals– At most 3 non-interfering channels spaced 25MHz apart

FHSS PHYFrequency Hopping Spread Spectrum

• one of three PHY layers defined in IEEE 802.11– operates at 2.4GHz band– PLCP preamble and PLCP header are always sent at 1Mbps

• In North America and Europe (excluding Spain and France)– 79 channels are chosen over a span of 84.3MHz

» Each channel covers 1MHz bandwidth– 3 Set of hopping sequences

» designed to minimize the interference

• According to FCC regulation in US– Every second, FHSS radio must hop at least 2.5 hops and 6MHz

distance

IR PHYInfrared

• one of three PHY layers defined in IEEE 802.11– uses near-visible light as the transmission media– restricted to indoor environment, cannot pass through walls

» different from DSSS or FHSS

• PPDU consists of PLCP preamble, PLCP header, and PSDU– PLCP preamble and PLCP header are always sent at 1Mbps– PSDU can be sent at 1 or 2Mbps

OFDM PHYOrthogonal Frequency Division Multiplexing

• defined in IEEE 802.11a, 1997– operates at 5GHz U-NII frequency– PLCP preamble and PLCP header are always sent at 1Mbps– PSDU can use 6, 9, 12, 18, 24, 36, 48, 54Mbps

» 6, 12, 24MHz are mandatory rates for 802.11a-compliant system

HR/DSSS PHYHigh Rate DSSS

• defined in IEEE 802.11b, 1997– extend the PSDU data rates to 5.5 and 11Mbps– provides a rate shift mechanism, which allows 11Mbps networks to

fall back to 1 and 2Mbps, and inter-operate with 802.11 PHY layers

• Two kind of PLCP preamble– long preamble with 128-bits SYNC field (same as old DSSS PHY)

» is backward compatible with existing 802.11 DSSS» sent at 1Mbps, PSDU may be sent at 1, 2, 5.5, and 11Mbps

– short preamble with 56-bit SYNC field» sent at 2Mbps, PSDU may be sent at 2, 5.5, and 11Mbps» higher speed than “long preamble”» cannot inter-operate with 802.11 2Mbps network

• The same channel allocation with old DSSS

The END