sabita maharjan simula research laboratory 24 april 2015 wireless lan (wlan) networks
TRANSCRIPT
Sabita MaharjanSimula Research Laboratory
24 April 2015
Wireless LAN (WLAN) Networks
2
Agenda
WLAN Overview
Modulation Techniques
Security Protocols
Channel Access Mechanisms
3
Agenda
WLAN Overview
Modulation Techniques
Security Protocols
Channel Access Mechanisms
4
Wireless Local Area Network (WLAN)
WLAN is a wireless network that connects devices mainly using spread spectrum or OFDM techniques
Fig. 1: Typical WLAN Architecture (source.: Siemens)
5
Encapsulation
Fig. 2: Encapsulation (source.: Siemens)
6
History of WLANs
1997 …..
Standardization of WLAN: IEEE approved 802.11,2.4 GHz, 1-2 Mbps
2003
802.11g: 2.4 GHz, upto 54Mbps;Performance similar to 802.11a;Compatible with 802.11b devices
1999
802.11b: 2.4GHz, upto 11 Mbps;802.11a: 5GHz, upto 54Mbps
2007-2009
IEEE approved 802.11n, upto 600 Mbps Optimizes modulation; Uses multiple antennas
Wireless LAN Components
Wireless stationAccess point (AP)
Connects multiple wireless stations to the wired network
Wireless LAN Operating Modes: Infrastructure mode
Basic Service Set (BSS)- One access point
Extended Service Set (ESS)- Multiple cells, Two or more BSSs
Wireless LAN Operating Modes: Ad-hoc mode
Independent Basic Service Set (IBSS)
10
WLAN Characteristics
MediumInterference/NoiseVariable quality (space/time)Shared with unwanted WiFi devicesShared with non-WiFi devices
Connectivity issues (Hidden node problem)
MobilityVariation in link reliabilityPower management: battery usageSecurity issues
11
Agenda
WLAN Overview
Modulation Techniques
Security Protocols
Channel Access Mechanisms
Direct Sequence Spread Spectrum (DSSS)
12
DSSS is a modulation technique that transmits the message signal using a wide(r) bandwidth
DSSS is more robust to interference and noise/jamming
Direct Sequence Spread Spectrum (DSSS)
13
The message signal modulates a pseudorandom noise/code (PRN)
source.: Siemens
DSSS Channels
14
Graphical representation of WiFi Channels in 2.4 GHz band
Non-overlapping DSSS Channels in the ISM band
15
Frequency Hopping Spread Spectrum (FHSS)
FHSS rapidly switches a carrier among many frequency channels
Highly resistant to narrowband interference
FSK modulation79 channels (2.4GHz-2.438 GHz)1 MHz Channel spacing
16
FHSS Interference Avoidance
System performance metrics used commonly used for TPC
17
Orthogonal Frequency Division Multiplexing (OFDM)
Each RF carries a small part of the data
The carriers are very close to each other but are orthogonal
The data is divided into a large number of radio frequencies (RFs)
OFDM is highly robust to frequency selective interference and fading, but it requires high processing power
18
Agenda
WLAN Overview
Modulation Techniques
Security Protocols
Channel Access Mechanisms
19
WLAN Medium Access Methods
As the medium is shared, IEEE 802.11 standard ensures that all nodes implement channel access methods
These methods address issues such as RF interference, denial-of-service attacks, and improve network throughput
IEEE 802.11 mandates the use of DCF, a form of CSMA-CA
RF: Radio Frequency, DCF: Distributed Coordination Function, CSMA-CA: Carrier Sense Multiple Access with Collision Avoidance
CSMA-CA is a contention based protocol that all stations sense the medium before transmitting
20
Carrier sense multiple access with collision avoidance (CSMA-CA)
If a station that wants to transmit a frame, detects the energy in the channel above a certain threshold, it waits
It transmits only if the medium is free for more than DIFS
Collision AvoidanceThe stations make use of the acknowledgements that a receiver sends to a sender to verify the error-free reception
DIFS: DCF Interframe Space; DCF: Distributed Coordination Function
21
Carrier sense multiple access with collision avoidance (CSMA-CA)
The size of the exponential backoff window increases with the number of retransmissions
DIFS: DCF Interframe Space; DCF: Distributed Coordination Function
22
Virtual carrier sense
Two stations belonging to the same BSS may not be within the radio range of each other
Neither of them can do a clear channel assessment through physical sensing: Hidden terminal problem
Virtual carrier sense mechanisms consists of a NAV maintained by each client
NAV: Network Allocation Vector
NAV: Client’s prediction of how long the medium will be busy
23
Virtual carrier sense
RTS: Request To Send; CTS: Clear To Send
24
DCF Protocol
RF: Radio Frequency
A station utilizes the value in the duration field in the control field of others’ frames, indicating, how long the sender needs the medium
Stations must also check the duration field in addition to ensuring that no physically transmission is active
DCF supports the transmission of asynchronous signals
IssuesRF Interference – incidentalDenial-of-service attack - Intentional
25
PCF Protocol
PCF: Point Coordination Function
As an optional method, IEEE 802.11 defines the PCF, that enables the transmission of time sensitive information
A point control within the AP controls which stations can transmit within a given period of time
PCF is a contention-free protocol and enables frames to transmit data synchronously with regular time delays
PCF thus effectively supports information flows requiring stricter synchronization such as video
26
Agenda
WLAN Overview
Modulation Techniques
Security Protocols
Channel Access Mechanisms
27
Types of Unauthorized Access
Accidental associationA terminal latches to an AP from a neighboring overlapping network
Malicious association- Malicious terminals act as “Soft APs”- Steal passwords, launch attacks to
the wired n/w, plant trojans
Ad-hoc networks- Ad-hoc networks provide bridge to other
networks, while they have little protection
Identity Thefts (MAC Spoofing)- Despite MAC filtering, programs and
techniques exist to identify/steal the MAC address of the devices
Man-in-the-Middle AttacksDenial-of-Service Attacks
…..
WLAN Security
Authentication
Open System Authentication
Shared Key Authentication
Authentication Request
Authentication Response
Authentication Request
Challenge (Random number)
Encrypted Challenge
Authentication Response
29
WLAN Security: Wired Equivalent Privacy (WEP) Model
BSS: Shared key is used between all stations and the APs
ESS: All APs have the same shared key
No key management Shared key is manually entered into stations and APs
Scalability issues are critical
WEP is the original security model (1999), but has distinct weaknesses and is outdated
30
WLAN Security Enhancement: Wi-Fi Protected Access (WPA)
WPA (2003) employs Temporary Key Integrity Protocol (TKIP) to enhance security of the keys used with WEP
WPA also uses RC4 stream cipher
WPA changes the way keys are derived and rotates keys more often for improved security
WPA has an additional function called message integrity check function to prevent packet forgeries
31
WLAN Security Enhancement: WPA2
The WLAN security model currently in use is WPA2 (802.11i)
WPA2 uses Advanced Encryption Standard (AES) block cipher
WPA2 uses an encryption device that encrypts the network with a 256-bit key
32
Discussion/Consideration: What is important in WLAN?
Throughput?
Latency?
Energy efficiency?
Reliability?
Robustness?
Scalability and Complexity?
Reliability?
“One size fits all” solution does not exist
Cyber Physical Systems: Security, Reliability and Robustness?
33
Thank you!
34
CDMA
35
WLAN Standards
36
Active Scanning
37
Fragmentation
Long fragments higher probability of error Microwave ovens interfere (4ms/4ms duty cycle)Collision recovery is less expensive if we use fragmentationRetransmission of fragments
MSDU
Hdr Body CRC Hdr Body CRC Hdr Body CRC
WLAN Security
Wireless LAN uses radio signal
Attacker needs equipment capable of:– monitoring (passive attacks) and transmitting (active attacks) encrypted traffic
passive attacks can be carried out using off-the-shelf equipment by modifying driver settings
active attacks are more difficult but not beyond reach and easy when firmware of PCMCIA cards can be upgraded
Prudent to assume that motivated attackers have full access to link layer for passive and active attacks