Transcript Wi-Fi

無線區域網路協定(Wi-Fi)
童曉儒
教授
國立屏東科技大學 資管系
Outline









Wi-Fi Introduction
802.11 Family
802.11 Operation Mode
Inter-Access Point Protocol
Network Services
Mobility Support
The Hidden Node Problem
System Management Entity
802.11 Security
Wi-Fi




Wi-Fi (short for “Wireless Fidelity") is the popular term for a highfrequency wireless local area network (WLAN)
 Promoted by the Wi-Fi Alliance (Formerly WECA - Wireless
Ethernet Carriers Association)
Used generically when referring to any type of 802.11 network,
whether 802.11a, 802.11b, 802.11g, dual-band, etc. The term is
promulgated by the Wi-Fi Alliance
Wi-Fi users can roam from their networks to cellular networks. For
example, let users begin working at an airport on a laptop via a
Wi-Fi hotspot and then continue via a cellular network until they
get to their office and can switch to a traditional LAN.
Business networking no longer happens just in offices. It occurs in
coffee shops, airports, hotels, and convention centers. Thus, as
Wi-Fi equipped laptops and PDAs become commonplace, the
demand for public Wi-Fi access points—also called hotspots—will
grow.
Wi-Fi


Wi-Fi standards use the Ethernet protocol and
CSMA/CA (carrier sense multiple access with collision
avoidance) for path sharing
The 802.11b (Wi-Fi) technology operates in the 2.4
GHz range offering data speeds up to 11 megabits
per second.
Wi-Fi Channels



If two access points that use the same RF channel are too close, the overlap in
their signals will cause interference, possibly confusing wireless cards in the
overlapping area.
To avoid this potential scenario, it is important that wireless deployments be
carefully designed and coordinated.
It is also critical to make sure that deployment does not cause conflicts with
other pre-existing wireless implementations.
Three channels on a single floor
Wireless LAN Topology

Wireless LAN is typically deployed as an extension of an
existing wired network as shown below.
What Is 802.11?


802.11 refers to a family of specifications developed by the IEEE
for wireless LAN technology. 802.11 specifies an over-the-air
interface between a wireless client and a base station or between
two wireless clients.
The IEEE accepted the specification in 1997.
802.11 Family
802.11 Standards
802.11
The original WLAN Standard. Supports 1 Mbps to 2 Mbps.
802.11a High speed WLAN standard for 5 Ghz band. Supports 54 Mbps.
802.11b WLAN standard for 2.4 Ghz band. Supports 11 Mbps.
802.11e Address quality of service requirements for all IEEE WLAN radio
interfaces.
802.11f
Defines inter-access point communications to facilitate multiple
vendor-distributed WLAN networks.
802.11g Establishes an additional modulation technique for 2.4 Ghz
band. Intended to provide speeds up to 54 Mbps. Includes
much greater security.
802.11h Defines the spectrum management of the 5 Ghz band for use in
Europe and in Asia Pacific.
802.11i
Address the current security weaknesses for both authentication
and encryption protocols. The standard encompasses 802.1X,
TKIP, and AES protocols.
Ad Hoc Network



An ad hoc network or an IBSS consists of stations within mutual
communication range of each other via the wireless medium.
Such a network is created spontaneously, without preplanning,
for ad hoc temporary situations with limited needs to access the
Internet.
If a station moves out of its IBSS, meaning out of range, it can
no longer communicate with the other IBSS members.
Infrastructure Network


The infrastructure network or BSS includes an access point (AP)
in addition to the stations. This AP acts as the BSS arbitrator,
meaning that the AP will handle all the BSS traffic.
The AP integrates the BSS within the distribution network. For
example, all traffic between the BSS participants and the
Internet will be delivered through the AP.
Distribution System

The distribution system provides mobility by connecting
access points. When a frame is given to the distribution system,
it is delivered to the right access point and relayed by that
access point to the intended destination.
Most access points currently on the market operate as bridges.
They have at least one wireless network interface and at least
one Ethernet network interface.
The Ethernet side can be connected to an existing network,
and the wireless side becomes an extension of that network.
Relaying frames between the two network media is controlled
by a bridging engine.
Distribution System


The access point has two interfaces connected by a
bridging engine. Arrows indicate the potential paths to and
from the bridging engine.
Each associated station can transmit frames to the access
point. Finally, the backbone port on the bridge can interact
directly with the backbone network.
Inter-Access Point Protocol


A wireless station is associated with only one access point at a
time. If a station is associated with one access point, all the
other access points in the ESS need to learn about that station.
In Figure, AP4 must know about all the stations associated
with AP1. If a wireless station associated with AP4 sends a
frame to a station associated with AP1, the bridging engine
inside AP4 must send the frame over the backbone Ethernet to
AP1 so it can be delivered to its ultimate destination
Network Boundaries


Because of the nature of the wireless medium, 802.11
networks have fuzzy boundaries. In fact, some degree of
fuzziness is desirable.
A station moving from BSS2 to BSS4 is not likely to lose
coverage; it also means that AP3 (or, for that matter, AP4) can
fail without compromising the network too badly. On the other
hand, if AP2 fails, the network is cut into two disjoint parts,
and stations in BSS1 lose connectivity when moving out of
BSS1 and into BSS3 or BSS4.
Network Services
Service
Station or
distribution
service?
Description
Distribution
Distribution
Service used in frame delivery to determine
destination address in infrastructure
networks
Integration
Distribution
Frame delivery to an IEEE 802 LAN outside the
wireless network
Association
Distribution
Used to establish the AP which serves as the
gateway to a particular mobile station
Reassociation
Distribution
Used to change the AP which serves as the
gateway to a particular mobile station
Disassociation
Distribution
Removes the wireless station from the network
Authentication
Station
Establishes identity prior to establishing
association
Deauthenticatio
n
Station
Used to terminate authentication, and by
extension, association
Privacy
Station
Provides protection against eavesdropping
MSDU delivery
Station
Delivers data to the recipient
Mobility Support


Stations continuously monitor the signal strength and quality
from all access points administratively assigned to cover an
extended service area. Within an extended service area, 802.11
provides MAC layer mobility.
When the laptop moves out of AP1's basic service area and into
AP2's at t=2, a BSS transition occurs. The mobile station use
the reassociation service to associate with AP2, which then
starts sending frames to the mobile station.
Mobility Support


An ESS transition refers to the movement from one ESS to a
second distinct ESS. 802.11 does not support this type of
transition, except to allow the station to associate with an access
point in the second ESS once it leaves the first.
Maintaining higher-level connections requires support from the
protocol suites in question. In the case of TCP/IP, Mobile IP is
required to seamlessly support an ESS transition.
RF Link Quality



On a wired Ethernet, it is reasonable to transmit a frame and
assume that the destination receives it correctly. Radio links
are different, especially when the frequencies used are
unlicensed ISM bands
In addition to the noise, multipath fading may also lead to
situations in which frames cannot be transmitted because a
node moves into a dead spot.
Unlike many other link layer protocols, 802.11 incorporates
positive acknowledgments. All transmitted frames must be
acknowledged, as shown in Figure 3-1. If any part of the
transfer fails, the frame is considered lost.
The Hidden Node Problem




In the figure, node 2 can communicate with both nodes 1 and 3, but
something prevents nodes 1 and 3 from communicating directly.
The obstacle itself is not relevant; it could be as simple as nodes 1
and 3 being as far away from 2 as possible, so the radio waves
cannot reach the full distance from 1 to 3.
From the perspective of node 1, node 3 is a "hidden" node. If a
simple transmit-and-pray protocol was used, it would be easy for
node 1 and node 3 to transmit simultaneously, thus rendering node
2 unable to make sense of anything.
Furthermore, nodes 1 and 3 would not have any indication of the
error because the collision was local to node 2.
The Hidden Node Problem




In Figure , node 1 has a frame to send; it initiates the process by sending an
RTS frame. If the target station receives an RTS, it responds with a CTS.
Once the RTS/CTS exchange is complete, node 1 can transmit its frames
without worry of interference from any hidden nodes.
The multiframe RTS/CTS transmission procedure consumes a fair amount
of capacity, especially because of the additional latency incurred before
transmission can commence.
RTS/CTS procedure by setting the RTS threshold if the device driver for
your 802.11 card allows you to adjust it.
Passive Scanning



Passive scanning saves battery power because it does not
require transmitting.
In the passive scanning procedure, the station sweeps from
channel to channel and records information from any Beacons
it receives
Beacons are designed to allow a station to find out everything
it needs to match parameters with the basic service set (BSS)
and begin communications
Active Scanning



Move to the channel and wait for either an indication of an
incoming frame or for the ProbeDelay timer to expire
If the medium was never busy, there is no network. Move to
the next channel.
In infrastructure networks, the access points transmit Beacons
and thus are also responsible for responding to itinerant
stations searching the area with Probe Requests.
IBSSs may pass around the responsibility of sending Beacon
frames, so the station that transmits Probe Response frames
may vary.
Joining



After compiling the scan results, a station can elect to join one
of the BSSs. Joining is a precursor to association
Choosing which BSS to join is an implementation-specific
decision and may even involve user intervention.
Common criteria used in the decision are power level and signal
strength.
Open-System Authentication

In open-system authentication, the access point accepts the
mobile station at face value without verifying its identity.
Shared-Key Authentication

Shared-key authentication makes use of WEP and therefore can
be used only on products that implement WEP.
Preauthentication


Stations can authenticate with several access points during the
scanning process so that when association is required, the
station is already authenticated.
As a result of preauthentication, stations can reassociate with
access points immediately upon moving into their coverage
area, rather than having to wait for the authentication exchange.
Association


Once a mobile station has authenticated to an access point, it can
issue an Association Request frame.
When the association request is granted, the access point
responds with a status code of 0 (successful) and the Association
ID (AID). The AID is a numerical identifier used to logically
identify the mobile station to which buffered frames need to be
delivered
Basic 802.11 Security

MAC filters
 Some APs provide the capability for checking the MAC address
of the client before allowing it to connect to the network.
 Using MAC filters is considered to be very weak security
because with many Wi-Fi client implementations it is possible to
change the MAC address by reconfiguring the card.
 An attacker could sniff a valid MAC address from the wireless
network traffic .
Recommended 802.11 Security Practices


•
•
•
•


•
•
•
•
Change the default password for the Admin account
SSID
Change the default
Disable Broadcast
Make it unique
If possible, Change it often
Enable MAC Address Filtering
Enable WEP 128-bit Data Encryption. Please note that this will
reduce your network performance
Use the highest level of encryption possible
Use a “Shared” Key
Use multiple WEP keys
Change it regularly
WEP – What?


WEP (Wired Equivalent Privacy) referring to the intent to provide
a privacy service to wireless LAN users similar to that provided
by the physical security inherent in a wired LAN.
WEP is the privacy protocol specified in IEEE 802.11 to provide
wireless LAN users protection against casual eavesdropping.
IV Key Hashing/Temporal Key
WEP Encryption Today
IV
BASE KEY
PLAINTEXT DATA
RC4
XOR
STREAM CIPHER
CIPHERTEXT DATA
End

Thank you~