Documente Academic
Documente Profesional
Documente Cultură
11 Wireless LANs
Abhishek Karnik,
Dr. Ratan Guha
• Introduction
• 802.11 Basics
• 802.11e for QoS
• WEP
INTRODUCTION
• In 1997 the IEEE adopted IEEE Std. 802.11-1997
• Defines MAC and PHY layers for LAN and wireless connectivity.
STA
STA
peer-peer connections
STA
STA
Infrastructure Basic Service Set
Wired Backbone
AP
ESS (Extended Service Set)
Wired Backbone
AP AP
BSS1 BSS2
Beacon TBTT
PCF DCF
Super Frame
CWA
DIFS
DIFS SIFS
DIFS SIFS
DIFS
DIFS SIFS
DATAC
ACK DATAA
DIFS SIFS
DIFS
STAA DATA
STAB ACK
STAC ACK
DIFS SIFS
DIFS
NAVB and C
Hidden Node Problem and Exposed Node Problem
STAC
STAB
STAA
RTS/CTS :
RTS CTS
B C
A
CTS
CTS
D
DIFS CW SIFS SIFS SIFS DIFS
STAD NAV
New NAV
Node
Point Coordinated Function (PCF)
Beacon TBTT
PCF DCF
Super Frame
AP taking over the Wireless medium using PIFS
PIFS
DATA A B
DIFS - 34 µsec
PIFS - 25 µsec
SIFS - 16 µsec
Slot Time - 9 µsec
B - Beacon
Operation in CFP
CFP CP
SIFS
• Admission Control
• Purpose of having separate DCF and PCF
• Different 802.11 Working groups
• 802.11a (54Mpbs in 5GHz Band)
• 802.11b (11 Mbps in 2.4 GHz Band)
• 802.11c Wireless AP Bridge Operations
• 802.11d Internationalization
• 802.11e (QoS)
• 802.11f Inter-vendor AP hand-offs
• 802.11h Power control for 5Ghz region
• 802.11g (54Mbps in 2.4 GHz Band)
• 802.11i (Security)
802.11e for QoS
( Enhanced Station )
BSS QBSS
(Basic Service Set) (Basic Service Set
for QoS)
AIFSN 2 2 3 7
CWmin 3 7 15 15
Virtual Collision
Access Category based Back-offs
AIFS[AC3]
AIFS[AC2]
AIFS[AC1]
AIFS[AC0]
BackOff[AC3] + Frame
BackOff[AC2] + Frame
BackOff[AC1] + Frame
ACK BackOff[AC0] + Frame
QoS Parameter Set Element Format
CWmin[AC] CWmax[AC]
Element ID
CWmin[0]….CWmin[3] CWmax[0]….CWmax[3]
AIFSN[AC] TxOPLimit[AC]
AIFSN[0]….AIFSN[3] TxOP[0]….TxOP[3]
HC
PIFS
HCCA EDCA
PIFS
DATA A DATA
Maximum
Element ID Length TS info Nominal size
MSDU size
(1) (1) (2) MSDU (2)
(2)
AIFSN 2 4 7
CWmin 7 10 15
CWmax 7 31 255
PF 1 2 2
AIFS[AC] = AIFSN[AC] * aSlotTime + SIFS
• Optional in WLANS
• Uses the RC4 (Rivest Cipher 4) Stream Cipher generated with a
64bit/128 bit Key
• Key composed of 24 bit IV (Initialization Vector)
• Key = (24 Bit IV, 40 Bit WEP Key) = 64 Bits
• Key = (24 Bit IV, 104 Bit WEP Key) = 128 Bits
• Goal to provide authentication, confidentiality and data integrity
• Secret Key is shared between communicators
• The encrypted packet is generated with a bitwise exclusive OR
(XOR) of the original packet and the RC4 stream.
• 4-byte Integrity Check Value (ICV) is computed on the original
packet and appended to the end which is also encrypted with the
RC4 cipher stream.
• Encryption done only between 802.11 stations.
Encrypted WEP Frame
http://www-106.ibm.com/developerworks/security/library/s-wep/
Encryption / Decryption :
XOR :
0 0 0
0 1 1
1 0 1
1 1 0
Sender Receiver
PT K CT CT K PT
0 0 0 0 0 0
0 1 1 1 1 0
1 0 1 1 0 1
1 1 0 0 1 1
• IV repeats generating K
• Identical K used to encrypt MSG1 and MSG2
MSG1 K C ( MSG1 )
MSG2 K C ( MSG2 )
MSG1 MSG2
PT1 K CT1 PT2 K CT2
0 0 0 1 0 1
0 1 1 0 1 1
1 0 1 1 0 1
1 1 0 1 1 0
CT1 XOR CT2 MSG1 XOR MSG2
CT1 CT2 MSG1 MSG2
0 1 1 0 1 1
1 1 0 0 0 0
1 1 0 1 1 0
0 0 0 1 1 0
xx
Hi
Attacker
Active Attack :
• Attacker knows exact plain text for one encrypted packet
• Use this knowledge to construct correct encrypted packet
• Construct a new message , calculate CRC-32 and perform
bit flips on original encrypted packet to change the plaintext
to the new message.