Basic Concepts of

Digital Communications & WLAN

Presentation by:
Dr. AV RAMANA

9th July 2013

Topics
 Analog and Digital Modulation Techniques
 AM, FM, PM
 ASK, FSK, M-ary PSK, QAM
 Physical Layer Technologies
 Spread Spectrum
 OFDM
 MIMO
 IEEE 802.11 standards
 802.11 a / b / g / n / ac / ad
 WLAN packet format
 WLAN Security
 Analog & Digital
Modulation Schemes
Electro-Magnetic (EM) Spectrum
Types of Communication
 Line (Wireline) Communication
 The media of transmission is a pair of conductors called
transmission line.
 In this technique, signals are directly transmitted through the
transmission lines.
 The installation and maintenance of a transmission line is not
only costly and complex, but also overcrowds the open space

 Radio (Wireless) Communication

 Transmission media is open space or free space.
 In this technique signals are transmitted by using antenna
through the free space in the form of EM waves
Why Modulation?
 For transmitting and receiving a signal of wavelength λ, the
antenna size should be of the order of at least λ/10.
 For sending a wave which is 3-kHz (speech), the antenna size (λ/10)
given the speed of the EM wave c is λ = c / f (3*108 / 3*103 =
100km)
 The antenna size we will find is not practicable. (λ/10 ~ 10 km )
 Therefore modulation is done to modulate a very high frequency (low
λ) signal with the actual signal so that a feasible antenna can be made
and operated for communication
 Modulation is required to transmit signals from various
sources simultaneously over a common channel by means
of 'multiplexing'.
 For ex., the bandwidth of speech signals is 3.3KHz., and transmitting
N no. of speech signals simultaneously each of BW 3.3KHz causes
interference.
 Hence, to overcome this problem, each speech signal is modulated
onto one of N carriers of frequencies like 60KHz, 64KHz, 68KHz etc...
Typical Communication System
Analog Modulation
 Modulation is defined as the process by which some
characteristics (i.e. amplitude, frequency, and phase) of a
carrier are varied in accordance with a modulating wave
Amplitude Modulation (AM)
 A carrier signal is modulated only in amplitude value
 The modulating signal is the envelope of the carrier
 The required bandwidth is 2B, where B is the bandwidth of the
modulating signal
 Since on both sides of the carrier freq. fc, the spectrum is
identical, we can discard one half, thus requiring a smaller
bandwidth for transmission (DSB Vs. SSB).
Frequency Modulation (FM)
 The modulating signal (fm) changes the freq. (fc ) of the carrier
signal
 The bandwidth for FM is high
 It is approx. 10x the signal frequency
 The total bandwidth required for FM can be determined from the bandwidth of
the audio signal: BFM = 2(1 + β)B. Where  is usually 4.
Phase Modulation (PM)
 The modulating signal only changes the phase of the carrier
signal.
 The phase change manifests itself as a frequency change but the
instantaneous frequency change is proportional to the derivative
of the amplitude.
 The total bandwidth required for PM can be determined from the
bandwidth and maximum amplitude of the modulating signal:
BPM = 2(1 + β)B where  = 2 most often.
Analog Modulation
Digital Modulation
 Information Capacity, Bits, and Bit Rate
 I ∞ B x t where
 I= information capacity (bits per second)
 B = bandwidth (hertz)
 t = transmission time (seconds)

 The higher the signal-to-noise ratio, the better the

performance and the higher the information capacity.
 Mathematically stated, the Shannon limit for information
capacity is
 I = B log2(1+S/N) where
 I = information capacity (bps)
 B = bandwidth (hertz)
 S/N = signal-to-noise power ratio (unit less)
Digital Modulation
 For a standard telephone circuit with a signal-to-noise power ratio of
1000 (30 dB) and a bandwidth of 2.7 kHz, the Shannon limit for
information capacity is
 I = (3.32)(2700) log10 (1 + 1000) = 26.9 kbps
 Shannon's formula is often misunderstood.
 The results of the preceding example indicate that 26.9 kbps can be propagated
through a 2.7-kHz communications channel. This may be true, but it cannot be done
with a binary system.
 To achieve an information transmission rate of 26.9 kbps through a 2.7-kHz channel,
each symbol transmitted must contain more than one bit.

 The minimum theoretical bandwidth necessary to propagate a signal

is called the minimum Nyquist bandwidth or sometimes the minimum
Nyquist frequency.
 Thus, fb = 2B, where fb is the bit rate in bps and B is the ideal Nyquist bandwidth.
 For example, a standard telephone circuit has a bandwidth of approximately 2700 Hz,
which has the capacity to propagate 5400 bps through it. However, if more than two
levels are used for signalling (M-ary, higher-than-binary, encoding), more than one
bit may be transmitted at a time, and it is possible to propagate a bit rate that
exceeds 2B.
Digital Modulation
 Bit Rate / Baud Rate
 Bit rate is the number of bits (symbols) per second.
 Baud rate is the number of signal units per second.
 Baud rate is important in data transmission.
 Baud rate determines the bandwidth required to send signal

 Baud rate = bit rate / # bits per symbol unit

 An analog signal carries 4 bits in each symbol unit. If 1000 symbol
units are sent per second, the baud rate and the bit rate are
 Baud rate = 1000 bauds per second (baud/s)
 Bit rate = 1000 x 4 = 4000 bps
Digital Modulation Schemes
Amplitude Shift Keying (ASK)
 The strength of the carrier signal is varied to represent binary 1
and 0.
 Frequency and phase remains the same.
 Highly susceptible to noise interference.
 Used up to 1200 bps on voice grade lines, and on optical fiber.
 In ASK the baud rate and bit rate are the same

 A cos( 2f c t ) binary1

s(t )  
 0 binary 0
Frequency Shift Keying (FSK)
 Frequency of the carrier is varied to represent digital data
(binary 0/1)
 Peak amplitude and phase remain constant.

 A cos(2f1t ) binary1
s(t )  
 A cos(2f 2 t ) binary 0
Phase Shift Keying (BPSK)
 Phase of the carrier is varied to represent digital data (binary 0 or 1)
 Amplitude and frequency remains constant.
 If phase 0 deg to represent 0, 180 deg to represent 1. (2-PSK)
 PSK is not susceptible to noise degradation that affects ASK or
bandwidth limitations of FSK
4-PSK (QPSK)
 QPSK Modulator
 Two bits (a dibit) are clocked into the bit
splitter. After both bits have been serially
inputted, they are simultaneously
parallel outputted.
 The I bit modulates a carrier that is in
phase with the reference oscillator (hence
the name "I" for "in phase" channel), and
the Q bit modulate, a carrier that is 90°
out of phase
 For a logic 1 = + 1 V and a logic 0= - 1
V, two phases are possible at the output
of the I balanced modulator (+sin ωct and
- sin ωct), and two phases are possible at
the output of the Q balanced modulator
(+cos ωct), and (-cos ωct)
 When the linear summer combines the
two quadrature (90° out of phase)
signals, there are four possible resultant
phasors given by these expressions:
+ sin ωct + cos ωct, + sinωct - cos ωct,
-sin ωct + cos ωct, and -sin ωct - cos ωct
 (for 11, 10, 01, 00 combinations)
QPSK Modulator
 Example:

 For a binary data input of Q = 0

and I= 0, the two inputs to the I
balanced modulator are -1 and
sin ωct, and the two inputs to the
Q balanced modulator are -1 and
cos ωct.

 Consequently, the outputs are

I balanced modulator =
 (-1)(sin ωct) = -1 sin ωct
 Q balanced modulator =
 (-1)(cos ωct) = -1 cos ωct
 and the output of the linear
summer is
 -1 cos ωct - 1 sin ωct =
 1.414 sin(ωct - 135°)
QPSK Receiver
 The carrier recovery circuit
reproduces the original transmit
carrier oscillator signal.
 The recovered carrier must be
frequency and phase coherent with
the transmit reference carrier.
 The QPSK signal is demodulated in
the I and Q product detectors,
which generate the original I and Q
data bits.
Offset QPSK
 Offset QPSK (OQPSK) is a modified
form of QPSK where the bit
waveforms on the I and Q channels
are offset or shifted in phase from
each other by one-half of a bit time.
 Because changes in the I channel
occur at the midpoints of the Q
channel bits and vice versa, there is
never more than a single bit change
in the dibit code and, therefore, there
is never more than a 90° shift in the
output phase.
 In conventional QPSK, a change in the
input dibit from 00 to 11 or 01 to 10 causes
a corresponding 180° shift in the output
phase.
 Therefore, an advantage of OQPSK is the
limited phase shift that must be imparted
during modulation
8-PSK
 We can extend, by varying the signal by shifts of 45 deg (instead of
90 deg in 4-PSK)
 With 8 = 23 different phases, each phase can represents 3 bits
(tribit)
8-PSK Modulator
 The bits in the I and C channels enter the I channel 2-to-4-level converter
and the bits in the Q and C channels enter the Q channel 2-to-4-level
converter
 The I or Q bit determines the polarity of the output analog signal (logic
1=+V and logic 0 = -V), whereas the C bit determines the magnitude
(logic 1= 1.307 V and logic 0 = 0.541 V)
8-PSK
8-PSK Receiver
16-PSK
 With 16-PSK, four bits (called
quadbits) are combined, producing 16
different output phases
 With 16-PSK, the angular separation
between adjacent output phases is
only 11.25° (1800 / 16 ).

 For an M-ary PSK system with 64

output phases (n = 6) (64-PSK), the
angular separation between adjacent
phases is only 5.6° (1800 /32). This is
an obvious limitation in the level of
encoding (and bit rates) possible with
PSK, as a point is eventually reached
where receivers cannot discern the
phase of the received signalling
element.
Quadrature Amplitude Modulation (QAM)
 PSK is limited by the ability of the equipment to distinguish
between small differences in phases.
 Limits the potential data rate.
 Quadrature amplitude modulation is a combination of ASK
and PSK so that a maximum contrast between each signal
unit (bit, dibit, tribit, and so on) is achieved.
 We can have x variations in phase and y variations of amplitude
 x • y possible variation (greater data rates)
 Numerous variations. (4-QAM, 8-QAM)
8-QAM and 16-QAM
8-QAM
 As with 8-PSK, the incoming data are divided into groups of three bits
(tribits): the I, Q, and C bit streams, each with a bit rate equal to one-
third of the incoming data rate.
 Because the C bit is fed un-inverted to both the I and the Q channel 2-to-
4-level converters. the magnitudes of the I and Q PAM signals are always
equal. Their polarities depend on the logic condition of the I and Q bits
and, therefore, may be different.
8-QAM
16-QAM
16/64/256 QAM
• More problems in separation of
constellation points as the number
of points increase!
Baud Rate Comparison

Bit
Modulation Units Bits/Baud Baud rate
Rate
ASK, FSK, 2-PSK Bit 1 N N
4-PSK, 4-QAM Dibit 2 N 2N
8-PSK, 8-QAM Tribit 3 N 3N
16-QAM Quadbit 4 N 4N
32-QAM Pentabit 5 N 5N
64-QAM Hexabit 6 N 6N
128-QAM Septabit 7 N 7N
256-QAM Octabit 8 N 8N
I/Q Offset Modulation
 Take, for example, a QPSK signal where
the normalized value changes from 1, 1 to
–1, –1.
 When changing simultaneously from I and Q
values of +1 to I and Q values of –1, the
signal trajectory goes through the origin (the
I/Q value of 0,0).
 The origin represents 0 carrier magnitude.
 A value of 0 magnitude indicates that the
carrier amplitude is 0 for a moment.
 If I changes value but Q does not (or vice-
versa) the carrier amplitude changes a
little, but it does not go through zero.

 In Offset QPSK (OQPSK), the I and Q bit

streams are offset in their relative
alignment by one bit period (one half of a
symbol period). Since the transitions of I
and Q are offset, at any given time only
one of the two bit streams can change
values. This creates a dramatically
different constellation, even though there
are still just two I/Q values. This has
power efficiency advantages
 Differential Modulation (DBPSK)
 Differential phase-shift keying (DPSK) is an alternative form of digital
modulation where the binary input information is contained in the difference
between two successive signalling elements rather than the absolute phase.
 An incoming information bit is XNORed with the preceding bit prior to entering
the BPSK modulator (balanced modulator).
 The first data bit is XNORed with the reference bit, if they are the same, the
XNOR output is a logic 1; if they are different, the XNOR output is a logic 0.
 The balanced modulator operates the same as a conventional BPSK
modulator; a logic I produces +sin ωct at the output, and a logic 0 produces
-sin ωct at the output.
 Differential Modulation (DQPSK)
 Differential means that the information is not carried by the absolute state, it is
carried by the transition between states
 A DQPSK transmission system can transition from any symbol position to any
other symbol position.
 The Π/4 DQPSK modulation format uses two QPSK constellations offset by 45
degrees (Π /4 radians).
 Transitions must occur from one constellation to the other.
 This guarantees that there is always a change in phase at each symbol, making clock recovery
easier.
 The data is encoded in the magnitude and direction of the phase shift, not in the absolute position on
the constellation.
 One advantage of Π /4 DQPSK is that the signal trajectory does not pass through the origin, thus
simplifying transmitter design.
 Constant Amplitude Modulation (MSK)
 In constant-envelope modulation the amplitude of the carrier is constant,
regardless of the variation in the modulating signal.
 It is a power-efficient scheme that allows efficient class-C amplifiers to be used
without introducing degradation in the spectral occupancy of the transmitted
signal.
 However, constant-envelope modulation techniques occupy a larger bandwidth
than schemes which are linear. In linear schemes, the amplitude of the
transmitted signal varies with the modulating digital signal as in BPSK or
QPSK.
 GMSK is a derivative of MSK where the bandwidth required is further reduced
by passing the modulating waveform through a Gaussian filter. The Gaussian
filter minimizes the instantaneous frequency variations over time.
GMSK
 In FSK, the frequency of the carrier is changed as a function of the
modulating signal (data) being transmitted.
 Amplitude remains unchanged.
 In binary FSK (BFSK or 2FSK), a “1” is represented by one frequency and a “0” is
represented by another frequency.
 The minimum frequency shift which yields orthogonality of I and Q is
that which results in a phase shift of ± Π/2 radians per symbol (90
degrees per symbol). FSK with this deviation is called MSK (Minimum
Shift Keying).
 The deviation must be accurate in order to generate repeatable 90 degree phase
shifts.
 MSK is used in the GSM (Global System for Mobile Communications) cellular standard.
 A phase shift of +90 degrees represents a data bit equal to “1,” while –90 degrees
represents a “0.”
 The peak-to-peak frequency shift of an MSK signal is equal to one-half of the bit rate.
 FSK and MSK produce constant envelope carrier signals, which have
no amplitude variations. This is a desirable characteristic for
improving the power efficiency of transmitters.
Shaping the Pulse
 Pulse shaping is required to reduce the bandwidth
 The square pulses are not practical to send, as they require
lot of bandwidth.
 Shaped pulses are sent that convey the same information but use
smaller bandwidths and provide inter symbol interference rejection.
 Common pulse shaping methods are:
 Root Raised Cosine (used with QPSK)
 Half-Sinusoid (used with MSK)
 Gaussian (used with GMSK)
OQPSK, MSK, GMSK
 Offset QPSK is created from QPSK by delaying the Q
channel by half a symbol from I channel.
 This delay reduces the phase shifts the signal goes through at any one
time and results in an amplifier friendly signal
 OQPSK I and Q channels use Root Raised Cosine (RRC)
shaping method.
 MSK can be derived from OQPSK by making one further
change i.e. it uses the Half-Cycle Sinusoid shaping
method instead of RRC
 GMSK uses Gaussian pulse shape instead of Half-Pulse
method.
 The results can be improved further
Physical Layer
Technologies
Spread Spectrum
 Applications
 GPS (Satellite Positioning Systems)
 3G Mobile
 WLAN – 802.11a / b / g
 Bluetooth
 Shannon and Hartley channel-capacity theorem:
 C = B × log2 (1 + S/N)
 There is an elegant interpretation of this equation, applicable for difficult
environments, for example, when a low S/N ratio is caused by noise and
interference.
 This approach says that one can maintain or even increase communication
performance (high C) by allowing or injecting more bandwidth (high B), even when
signal power is below the noise floor
 Modify the equation by changing the log base from 2 to e (the Napierian number)
and applying the MacLaurin series, Shannon's expression becomes simply:
 C/B ≈ 1.433 × S/N
 Very roughly: C/B ≈ S/N or N/S ≈ B/C
 To send error-free information for a given noise-to-signal ratio in the channel,
therefore, one need only perform the fundamental spread-spectrum signal-
spreading operation: increase the transmitted bandwidth
 Spread Spectrum
 Different spread-spectrum techniques are available, but all have one idea in common: the
key (also called the code or sequence) attached to the communication channel.
 The manner of inserting this code defines precisely the spread-spectrum technique.

 The formal definition of spread spectrum is more precise: an RF communications system in

which the baseband signal bandwidth is intentionally spread over a larger bandwidth by
injecting a higher frequency signal.
 To apply a spread-spectrum technique, simply inject the corresponding spread-spectrum code
somewhere in the transmitting chain before the antenna (TX). (That injection is called the
spreading operation.) The effect is to diffuse the information in a larger bandwidth.
 Conversely, you can remove the spread-spectrum code (called a de-spreading operation) at a
point in the receive chain before data retrieval. A de-spreading operation reconstitutes the
information into its original bandwidth.
 Obviously, the same code must be known in advance at both ends of the transmission channel. (In
some circumstances, the code should be known only by those two parties.)
BW effects of Spread Spectrum
 Spread-spectrum modulation is applied on top of a conventional
modulation such as BPSK or direct conversion
 A spread-spectrum demodulation has been made on top of the
normal demodulation operations
BW effects of Spread Spectrum
 Waste of Bandwidth due to Spreading is offset by Multiple
Users
 Spread-spectrum process is a wideband technology, that require
a relatively large frequency bandwidth, compared to narrowband
radio.
 Spreading results directly in the use of a wider frequency band
by a factor that corresponds exactly to the "processing gain".
 Therefore spreading does not spare the limited frequency
resource. That overuse is well compensated, however, by the
possibility that many users will share the enlarged frequency
band.
Benefits of Spread Spectrum
 Resistance to Interference and Anti-jamming Effects
 Intentional or unintentional interference and jamming signals are rejected because
they do not contain the spread-spectrum key.
 Only the desired signal, which has the key, will be seen at the receiver when the
de-spreading operation is exercised.
 Different spread-spectrum communications can be active simultaneously in the
same band, such as CDMA, with different keys.
 Resistance to Interception
 Without the right key, the spread-spectrum signal appears as noise or as an
interferer
 Signal levels can be below the noise floor, because the spreading operation reduces
the spectral density. (Total energy is the same, but it is widely spread in
frequency.)
 Other receivers cannot "see" the transmission; they only register a slight increase
in the overall noise level!
Spread Spectrum allows CDMA
 Spread spectrum is not a modulation scheme, and should not be
confused with other types of modulation.
 One can, for example, use spread-spectrum techniques to transmit a signal
modulated by FSK or BPSK
 Spread spectrum can also be used as another method for
implementing multiple access (i.e., the real or apparent coexistence
of multiple and simultaneous communication links on the same
physical media)

 So far, three main methods are available:

 FDMA – Frequency Division Multiple Access
 TDMA - Time Division Multiple Access
 CDMA – Code Division Multiple Access
Spread Spectrum
 FDMA allocates a specific carrier
frequency to a communication channel.
 The number of different users is limited to the
number of "slices" in the frequency spectrum.
 Of the three methods for enabling multiple
access, FDMA is the least efficient in term of
frequency-band usage

 With TDMA the different users speak

and listen to each other according to a
defined allocation of time slots.
 Different communication channels can then be
established for a unique carrier frequency.

 CDMA access to the air is determined

by a key or code.
 In that sense, spread spectrum is a CDMA
access.
 The key must be defined and known in
advance at the transmitter and receiver ends.
Spread Spectrum Keys
 In modern communications the codes are digital sequences that
must be as long and as random as possible to appear as "noise-like"
as possible.
 Such a code is called a pseudo-random number (PRN) or sequence.
The method most frequently used to generate pseudo-random codes
is based on a feedback shift register.
Spread Spectrum Techniques
 Different spread-spectrum techniques are
distinguished according to the point in the system
at which a PRN is inserted in the communication
channel
 If the PRN is inserted at the data level, this is the
direct-sequence form of spread spectrum
(DSSS).
 (In practice, the pseudo-random sequence is mixed
or multiplied with the information signal, giving an
impression that the original data flow was "hashed"
by the PRN.)
 If the PRN acts at the carrier-frequency level, this
is the frequency-hopping form of spread
spectrum (FHSS).
 Applied at the LO stage, FHSS PRN codes force the
carrier to change or "hop" according to the pseudo-
random sequence.
 If the PRN acts as an on/off gate to the
transmitted signal (PA), this is a time-hopping
spread-spectrum technique (THSS).
 One can mix all the above techniques to form a
hybrid spread-spectrum technique, such as DSSS
+ FHSS. DSSS and FHSS are the two techniques
most in use today.
Direct Sequence Spread Spectrum
 With the DSSS technique, the PRN is applied directly to data entering the
carrier modulator.
 The modulator, therefore, sees a much larger bit rate, which corresponds to
the chip rate of the PRN sequence.
 Modulating an RF carrier with such a code sequence produces a direct-
sequence-modulated spread spectrum with ((sin x)/x)² frequency spectrum,
centered at the carrier frequency.
 The main lobe of this spectrum (null to null) has a bandwidth twice the clock
rate of the modulating code, and the side lobes have null-to-null bandwidths
equal to the code's clock rate.
DS-SS
Frequency Hopping Spread Spectrum
 FHSS causes the carrier to hop from frequency to frequency over
a wide band according to a sequence defined by the PRN.
 The speed at which the hops are executed depends on the data
rate of the original information
 The transmitted spectrum of a frequency-hopping signal is quite
different from that of a direct-sequence system. Instead of a ((sin
x)/x)²-shaped envelope, the frequency hopper's output is flat over
the band of frequencies used
FH-SS
 Whereas in a DS system, the carrier frequency remains constant,
and the data is spread over a wide band of frequencies, in a
frequency hopped system, the data is transmitted using a
conventional narrow-band technique, but the carrier frequency is
changed in discrete hops over a wide bandwidth.
 Hybrid Spread Spectrum
 A hybrid spread spectrum system generally consists of a combination of a
direct sequence system, and a frequency hopping system
 A hybrid system can be thought of as a direct sequence system in which the
carrier frequency is changed periodically.
 The information to be transmitted is spread by mixing with a PN sequence, but
the band of frequencies over which the data is spread is changed at a rapid
rate.
 It is very difficult for a narrow band listener to intercept and gather
information from a direct sequence transmission, but when the entire spread
bandwidth is hopping around the spectrum, this task becomes almost
impossible.
Time Hopping & Chirp
 The time axis has been divided into
intervals known as frames, with each
frame divided into M time slots.
 During each frame only one time slot
may be modulated by a message, with
each particular time slot being chosen
according to the output of a PN
generator.

 A spread spectrum system using chirp

modulation varies the frequency of the
carrier in a linear fashion to spread the
bandwidth.
 Linear frequency modulation (LFM) is a
technique very common in radar
systems, and is occasionally used for
communications systems.
Orthogonal Frequency Division Multiplexing
(OFDM)
 Modulation: Mapping of information on changes in
amplitude, frequency, phase or combination
 Multiplexing: Method of sharing bandwidth with other
independent channels

 OFDM = Modulation + Multiplexing

 Simplified Recipe
 Split signal into multiple channels
 Modulate each channel by data
 Re-multiplex to form a single carrier
OFDM
 OFDM is a special case of FDM.
 As an analogy, a FDM channel is like water flow out of facet, in
contrast the OFDM signal is like a shower.
 In a faucet all water comes in one big stream and cannot be
sub-divided. OFDM shower is made up of a lot little streams.
 Both methods carry the exact amount of data, but in case of
loss, only few streams of data is lost in OFDM!

 In OFDM, the question of multiplexing is applied to

independent signals but these independent signals
are a sub-set of the one main signal
 In OFDM, the signal itself first split into independent channels,
modulated by data and then re-mutliplexed to create the
OFDM carrier.
 The independent channels can be multiplexed by FDM, called
multi-carrier transmission or it can be based on CDM, in this
case it is multi-code transmission.
OFDM: Orthogonality
 The main concept in OFDM is orthogonality of the sub-
carriers.
 Since the carriers are all sine/cosine waves, we know that
the area under one period of a sine or cosine wave is zero.
 In general for all the integers n and m, sinmx, cosmx,
sinnx, cosnx are all orthogonal to each other, i.e. these
frequencies are called harmonics.

 The orthogonality allows simultaneous transmission on a lot

of sub-carriers in a tight frequency space without
interference from each other.
OFDM: Example
 Serial-to-Parallel conversion
of data bits
 Arrange the bits in columns
(w.r.t. N carriers)
 Each column represents the bits
that will be carried by one sub-
carrier

 Modulate the input streams

with selected modulation and
carriers
 BPSK (e.g.)
 C1, C2, C3 and C4 (Orthogonal
or harmonics i.e. f, 2f, 3f and 4f)
 If QPSK is selected, the same
operation will happen on both I
and Q channels!
OFDM: Example
 Add all four of these modulated
carriers and create the OFDM
signal, often produced by IFFT
Multiple Input Multiple Output
(MIMO)
 Modern radio communication systems have to provide higher and
higher data rates.
 As conventional methods like using more bandwidth or higher
order modulation types are limited, new methods of using the
transmission channel have to be used.
 Multiple antenna systems (Multiple Input, Multiple Output –
MIMO) gives a significant enhancement to data rate and channel
capacity.
 Several different diversity modes are used to make radio
communications more robust, even with varying channels. These
include
 time diversity (different timeslots and channel coding),
 frequency diversity (different channels, spread spectrum, and OFDM), and also
 spatial diversity.
 Spatial diversity requires the use of multiple antennas at the transmitter or the receiver
end.
 Multiple antenna technology can also be used to increase the data rate (spatial
multiplexing) instead of improving robustness.
MIMO
 Conventional systems use one transmit
and one receive antenna.
 In MIMO terminology, this is called Single
Input, Single Output (SISO)
 According to Shannon, the capacity C of a radio
channel is dependent on bandwidth B and the
signal-to-noise ratio S/N

 A MIMO system typically consists of m

transmit and n receive antennas.
 By using the same channel, every antenna
receives not only the direct components
intended for it, but also the indirect
components intended for the other antennas.
 Theoretically, the capacity C increases linearly
with the number of streams M.
MIMO: Spatial Diversity
 The purpose of spatial diversity is to make
the transmission more robust. There is no
increase in the data rate. This mode uses
redundant data on different paths

 RX diversity uses more antennas on the

receiver side than on the transmitter side.
 The simplest scenario consists of two RX and one TX
antenna (SIMO, 1x2).
 Because of the different transmission paths, the
receiver sees two differently faded signals.
 Switched diversity always uses the stronger signal,
while maximum ratio combining uses the sum signal
from the two signals
 When there are more TX than RX antennas,
this is called TX diversity.
 The simplest scenario uses two TX and one RX
antenna (MISO, 2x1).
 In this case, the same data is transmitted redundantly
over two antennas.
MIMO: Spatial Multiplexing
 Spatial multiplexing is not intended to
make the transmission more robust;
rather it increases the data rate. To do
this, data is divided into separate
streams; the streams are transmitted
independently via separate antennas.
 Because MIMO transmits via the same channel,
transmissions using cross components not equal
to 0 will mutually influence one another

 When the data rate is to be increased for

a single UE, this is called Single User
MIMO (SU-MIMO)

 When the individual streams are assigned

to various users, this is called Multi User
MIMO (MU-MIMO).
SU-MIMO Channel
 All signals sent at the same
frequency at the same time
MU-MIMO Channel
MIMO
 It takes advantage of the separate transmit/receive chains to
either improve the link robustness or increase the data rate.
 IEEE introduced MIMO to 802.11n and expands the capability to
support up 8 spatial streams and Multi-User MIMO (MU-MIMO) in
802.11ac.
 As opposed to single-user MIMO, MU-MIMO allows a terminal to
transmit/receive signal to/from multiple users in the same frequency
band simultaneously
SU-MIMO
 MIMO capabilities were introduced in 802.11n.
 Radios spread a user’s data into multiple spatial streams, and
they are transmitted through multiple antennas, propagating over
the air along different paths. When all streams reach the client,
the data are recombined.
 802.11n’s “single-user” MIMO will only benefit a single device at a
time.
 2x2 MIMO, for example, indicates two Tx antennas and two Rx
antennas.
MU-MIMO
 802.11ac MU-MIMO allows multiple streams to be assigned to
different clients, increasing the total bandwidth that can be
transmitted simultaneously.
 In the example, an 802.11ac AP with 4 antennas could transmit a
2x2:2 stream to a 2x2:2 client, while using the other two
antennas to transmit 1x1:1 streams to 2 mobile devices
simultaneously.
 In addition, MU-MIMO builds upon the transmit beam forming
(TxBF) option in the 802.11n standard, a technique used to focus
RF energy in a given direction to improve signal strength and,
thus, throughput of individual client devices
IEEE 802.11 Standards
 IEEE 802.11 in Big Picture

• Three different
physical layers in
the 2.4 GHz band:
•FHSS, DSSS and IR

• OFDM based PHY

layer in the 5 GHz
band (802.11a)
 IEEE 802.11Spectrum
 Unlicensed frequency spectrum: 900MHz, 2.4GHz, 5.1GHz, 5.7GHz

The Industrial Scientific and Medical (ISM) Bands in N. America

IEEE 802.11Spectrum
IEEE 802.11
 802.11 Standards cover the MAC sub layer and PHY layers

application application
TCP TCP
IP IP
LLC LLC LLC
802.11 MAC 802.11 MAC 802.3 MAC 802.3 MAC
802.11 PHY 802.11 PHY 802.3 PHY 802.3 PHY
5-GHz Channel Overview
5-GHz Channel Overview
IEEE 802.11
802.11i LLC
security
WEP MAC
802.11f MAC Mgmt
Inter Access Point Protocol

802.11e MIB
PHY
QoS enhancements
DSSS FH IR

OFDM
802.11b
5,11 Mbps
802.11a
6,9,12,18,24
802.11g 36,48,54 Mbps
20+ Mbps
WLAN Standards Family
IEEE 802.11a
 Release Date: 1997
 Frequency = 5 GHz
 Channel BW = 20 MHz
 Encoding Scheme = OFDM
 Spatial Streams = 1
 Modulation Techniques
 BPSK: 6, 9 Mbps
 QPSK: 12, 18 Mbps
 16-QAM: 24, 36 Mbps
 64-QAM: 48, 54 Mbps
 Maximum Speed = 54 Mbps
 Range = about 30 meters
 The limited range that 802.11a provides relative to alternative 802.11-standard
technologies means more access points are needed to provide coverage.
 802.11a is best suited for environments where high throughput is needed for a
relatively small coverage area.
 Fewer devices use 5 GHz, resulting in a less crowded frequency band (when compared
to 2.4 GHz band) with fewer potential sources of interference
IEEE 802.11b
 Release Date: 1997
 Frequency = 2.4 GHz (ISM band)
 Channel BW = 20 MHz
 Encoding Scheme = DSSS / CCK (Complementary Code Keying)
 Spatial Streams = 1
 Modulation Technique
 DBPSK with DSSS (1 Mbps),
 DQPSK with DSSS (2 Mbps),
 DQPSK with CCK (11Mbps)
 Maximum Speed =11 Mbps
 Range = about 100 meters

 802.11b is the dominant protocol used in factories and distribution centres and is fully
capable of handling applications other than data collection, including voice
communication by VoIP.
 802.11b also supports unified communications, where phone calls, pages, text and e-mail
messages are delivered to mobile computers, PDAs and smart phones used in industrial
and office environments.
IEEE 802.11g
 Frequency= 2.4 GHz
 Channel BW = 20 MHz
 Encoding Scheme = DSSS / CCK / OFDM
 Spatial Streams = 1
 Modulation Techniques
 DBPSK with DSSS: (1 Mbps),
 DQPSK with DSSS: (2 Mbps),
 DQPSK with CCK: (11Mbps)

 BPSK with OFDM: 9 Mbps

 QPSK with OFDM : 18 Mbps
 16-QAM with OFDM : 36 Mbps
 64-QAM with OFDM : 54 Mbps
 Maximum Speed = 54 Mbps
 Range = about 100 meters

 802.11g delivers the bandwidth advantages of 802.11a without the range

and reliability limitations of 5 GHz technology
IEEE 802.11n
 Frequency = 5 GHz, 2.4 GHz
 Channel BW = 20 or 40 MHz
 Encoding Scheme = DSSS / CCK / OFDM
 Addition of MIMO
 Spatial Streams = 4 (1,2,3, or 4)
 Modulation Techniques
 64QAM, 5/6 code rate, 20 MHz BW, 1 spatial stream: 65 Mbps
 64QAM, 5/6 code rate, 40 MHz BW, 2 spatial stream: 300 Mbps
 64QAM, 5/6 code rate, 40 MHz BW, 3 spatial stream: 450 Mbps
 64QAM, 5/6 code rate, 40 MHz BW, 4 spatial stream: 600 Mbps
 Maximum Speed = 600 Mbps
 Range = about 70 meters (Varies)

 802.11n can be implemented as either 2.4 GHz or 5 GHz technology, and will provide
backwards compatibility with 802.11b/g and 802.11a systems, respectively.
 The signature characteristic of 802.11n technology is its data transmission speed of up
to 600 mbps, which is more than 10 times faster than 802.11a / g and about 55 times
faster than 802.11b.
IEEE 802.11ac
 Frequency = 5 GHz only
 Wider channel BW: 20, 40, 80, 160 and 80+80 MHz
 802.11ac introduces both 80 MHz and 160 MHz—contiguous 160 MHz or non-
contiguous 80+80 MHz—channel bandwidths, providing 4.5x and 9x higher data
rates, respectively.
 80 MHz support is mandatory for 802.11ac, while 160 MHz is optional, according to
the IEEE.
 Encoding Scheme = OFDM with multiple user MIMO (MU-
MIMO)
 More spatial streams: up to 8
 More efficient modulation schemes: BPSK, QPSK, 16QAM,
64QAM and 256-QAM
 Coding Rates = 1/2, 2/3, 3/4, 5/6
 Simplified transmit beam forming
 Larger aggregated data frames
IEEE 802.11ac
 Higher Data Rates:
 First Generation
 64QAM, 5/6 code rate, 80 MHz BW, 1 spatial stream: 293 Mbps
 256QAM, 5/6 code rate, 80 MHz BW, 1 spatial stream: 433 Mbps
 256QAM, 5/6 code rate, 80 MHz BW, 2 spatial stream: 867 Mbps
 256QAM, 5/6 code rate, 80 MHz BW, 3 spatial stream: 1300 Mbps
 256QAM, 5/6 code rate, 80 MHz BW, 8 spatial stream: 3470 Mbps

 Second Generation
 256QAM, 5/6 code rate, 160 MHz BW, 1
 256QAM, 5/6 code rate, 160 MHz BW, 2
 256QAM, 5/6 code rate, 160 MHz BW, 3
 256QAM, 5/6 code rate, 160 MHz BW,
spatial stream: 867 Mbps
spatial stream: 1730 Mbps
spatial stream: 2600 Mbps
8 spatial stream: 6930 Mbps
IEEE 802.11
IEEE 802.11ac: Very High Throughput
 5-GHz Frequency
 Wider Channels (80 / 160 MHz)
 More Spatial streams (up to 8)
 256 QAM
 Bigger Frames
 MU-MIMO
 Transmit Beam forming
IEEE 802.11ac
IEEE802.11ac MCS
 802.11ac will use the 802.11n modulation, interleaving and coding
architecture.
 However, there are a few differences to the 11n specification.
 11ac and 11n requires device support for BPSK, QPSK, 16QAM and
64QAM modulation, but 11ac adds an optional 256 QAM.
 The second difference is in the number of defined Modulation Coding Set
(MCS) Indices.
 10 single user MCS are defined in 11ac.
 Note that this is significantly lower than the 77 MCS indices specified in 11n.
 11n required 77 because 11n supported "unequal" modulations, e.g. a single
user might get BPSK on one stream and 16QAM on another.
 11ac only allow “equal” modulations!
IEEE 802.11ad
 New WLAN Usage Model that require higher data throughput to
support today’s “unwired office”.
IEEE 802.11ad
 802.11ad providing up to 7 Gbps throughput using approximately
2 GHz of spectrum at 60 GHz over a short range.
 (60 GHz transmission suffers from large attenuation through physical barriers.)

 Bearing in mind the number of existing devices, backward

compatibility with existing standards using the same frequency
range is a “must”.
 The goal is for all the 802.11 series of standards to be backward
compatible, and for 802.11ac and 11ad to be compatible at the Medium
Access Control (MAC) or Data Link layer, and differ only in physical
layer characteristics
 Devices could then have three radios:
 2.4 GHz for general use which may suffer from interference,
 5 GHz for more robust and higher speed applications, and
 60 GHz for ultra-high-speed within a room – and
 support session switching amongst them
IEEE 802.11ad: Why 60 GHz?
 Data capacity is ultimately tied to modulation bandwidth, so the
extreme gigabit data-rates required for uncompressed high-
definition multimedia transmissions must be accommodated,
including known features such as 2048x1080 and 4096x2160
(Digital Cinema) or 3D.
 The unlicensed frequency allocations at around 60 GHz in each
region do not match exactly, but there is substantial overlap; at
least 3.5GHz of contiguous spectrum is available in all regions
that have allocated spectrum.
 Unlike the 2.4 GHz and 5 GHz unlicensed bands, the 60 GHz area
is also relatively uncongested.
 Transmission at 60 GHz covers less distance for a given power,
mainly due to the increased free space path loss (loss over 1 m at
60 GHz is 68 dB, which is 21.6 dB worse than at 5 GHz).
 High path loss can be mitigated by increasing antenna gain.
IEEE 802.11ad
 The ITU-R recommended
channelization comprises four
channels, each 2.16 GHz wide,
centered on 58.32 GHz, 60.48
GHz, 62.64 GHz and 64.80 GHz
respectively

 The P802.11ad DBand (60GHz)

PHY supports three distinct
modulation methods:
 Control modulation; the Control
PHY.
 Single carrier (SC) modulation; the
Single Carrier PHY and the Low
Power Single Carrier PHY.
 Orthogonal Frequency Division
Multiplex (OFDM) modulation; the
OFDM PHY.
IEEE 802.11ad
WLAN Packet Formats
WLAN Packet Format

• Service Data Unit (SDU)

• MAC SDU (MSDU)
• PHY SDU (PSDU)

• Protocol Data Unit (PDU)

• MAC PDU (MPDU)
• PHY PDU (PPDU)
PHY Layer
 The PHY provides three levels of
functionality:
 First, the PHY layer provides a frame
exchange between the MAC and PHY
under the control of the physical
layer convergence procedure (PLCP)
sublayer.

 Secondly, the PHY uses signal carrier

and spread spectrum modulation to
transmit data frames over the media
under the control of the physical
medium dependent (PMD) sublayer.

 Thirdly, the PHY provides a carrier

sense indication back to the MAC to
verify activity on the media
DSSS PHY
 The scrambling polynomial for the DSSS PHY is: G(z) = z-7 + z-4 + 1
 The DSSS PMD transmits the PLCP preamble and PLCP header 1 Mbps using
differential binary phase shift keying (DBPSK). The MPDU is sent at either 1
Mbps DBPSK or 2 Mbps differential quadrature phase shift keying (DQPSK)
 In the transmitter, the 11-bit Barker word is applied to a modulo-2 adder (Ex-
Or function) together with each of the information bits in the PPDU.
 The PPDU is clocked at the information rate, 1 Mbps for example, and the 11-Barker word at 11
Mbps (the chipping block).
 The output of the modulo-2 adder results in a signal with a data rate that is 10x higher than the
information rate.
 At the receiver, the DSSS signal is convolved with the 11-bit Barker word and
correlated.
 The correlation operation recovers the PPDU information bits at the transmitted information rate,
and the undesired interfering in-band signals are spread out-of-band.
DSSS PHY
 Each DSSS PHY channel occupies
22 MHz of bandwidth, and the
spectral shape of the channel
represents a filtered SinX/X function
OFDM PHY
General MAC Frame Format
 Each MAC frame consists of the following:
 a MAC header
 a variable length frame body that contains information specific to the frame type or
subtype
 a frame check sequence or FCS that contains a 32-bit CRC
General MAC Frame Format
 Frame Types:
 Data Frames: Used for data transmission
 Management Frames: Used to exchange the management information, but are not forwarded
to the upper layers, transmitted the same way as data frames
 Control Frames: Used to control access to the medium (e.g. RTS, CTS and ACK)

Data frames:

Management frames:

Control frames (RTS):

Frame Type
 NAV information
Or
 Short Id for PS- Upper layer data
Poll  2048 byte max
 256 upper layer
header

Duration Address Address Address Sequence Address

FC DATA FCS
/ID 1 2 3 Control 4

 Protocol Version  IEEE 48 bit  MSDU

 Frame Type and address  Sequence  CCIT CRC-32
Sub Type  Individual/Group Number Polynomial
 To DS and From  Universal/Local  Fragment
DS  46 bit address Number
 More Fragments
 Retry  BSSID –BSS
 Power Identifier
Management  TA - Transmitter
 More Data  RA - Receiver
 WEP  SA - Source
 Order  DA - Destination
MAC Frame Aggregation
 The IEEE 802.11n
allows combining
MSDUs, referred to
as A-MSDU, or
combining MPDUs,
referred to as A-
MPDU to provide
more efficient
transmission.
 The aggregation will
pack multiple MSDUs
or MPDUs together to
reduce the protocol
overheads and
increase the overall
performance.
 A-MPDU also allows
ACK for a group of
frames instead of one
ACK frame. This is
referred to as Block
ACK
Aggregate MSDU (A-MSDU)
 With A-MSDU, MAC service data units (MSDUs) received from the LLC and destined for
the same receiver and of the same service category (same traffic identifier or TID) may
be accumulated and encapsulated in a single MAC protocol data unit (MPDU)
 The MSDU as received from the LLC is prefixed with a 14 byte sub frame header
consisting of the destination address (DA), source address (SA), and a length field giving
the length of the SDU in bytes.
 The header together with the SDU is padded with 0 to 3 bytes to round the sub frame to
a 32-bit word boundary. Multiple such sub frames may be concatenated together to form
the payload of the QoS Data frame, provided the total length of the data frame does not
exceed the maximum MPDU size.
 The maximum length A-MSDU that a station can receive is declared in its HT Capabilities
information element as either 3839 bytes or 7935 bytes
Aggregate MPDU (A-MPDU)
 A short MPDU delimiter is prepended to each MPDU and the aggregate presented to
the PHY as the PSDU for transmission in a single PPDU
 The MPDU delimiter is 32 bits in length and consists of a 4-bit reserved field, a 12-bit
MPDU length field, an 8-bit CRC field, and an 8-bit signature field
 The MPDU is padded with 0–3 bytes to round it up to a 32-bit word boundary
 The advertised A-MPDU (HT Capabilities) maximum length may be one of the
following: 8191, 16 383, 32 767, or 65 535 octets
WLAN Security
IEEE 802.11 Security
 Physical layer
 Physical security of data transmission is gained by using spread spectrum
technology which makes it less vulnerable to interference
 MAC (Medium Access Control) layer
 Encryption algorithm called Wired Equivalent Privacy (WEP) is used
 2 part process - WEP encrypts the plaintext data (RC4) & protects against unauthorized
data modification (CRC-32)
 WEP is only supplied between stations & not on an end-to-end basis

 MAC Authentication Mechanism

 Aids in access control
 Performed by assigning a ESSID (Extended Service Set ID) to each Access Point (AP) in the
network
 The network does not provide anonymity
 The source & destination information is visible in the frames despite of the optional
encryption
 The WEP only encrypts the data field of a frame while leaving headers
unencrypted
 Gives an eavesdropper the ability to gather information about the usage of APs & work routines in a
building using WLANs
 Has provisions for “OPEN”, and “Shared Key” or proprietary authentication
extensions
WLAN Security
 Wireless LANs, because of their broadcast nature, require the
addition of:
 User authentication to prevent unauthorized access to network resources
 Data privacy to protect the integrity and privacy of transmitted data

 The 802.11 specification stipulates two mechanisms for

authenticating wireless LAN clients:
 open authentication and shared key authentication.
 Two other mechanisms—the Service Set Identifier (SSID) and authentication by
client Media Access Control (MAC) address—are also commonly used.

 The use of Wired Equivalent Privacy (WEP) keys can function as a

type of access control because a client that lacks the correct WEP
key cannot send data to or receive data from an access point.
 WEP, the encryption scheme adopted by the IEEE 802.11 committee, provides
encryption with 40 bits or 104 bits of key strength
 However, key distribution or key negotiation is not mentioned in the standard
and left to the individual manufacturers of IEEE 802.11 equipment.
Service Set Identifier (SSID)
 The SSID is a construct that allows logical separation of wireless
LANs.
 In general, a client must be configured with the appropriate SSID
to gain access to the wireless LAN.
 The SSID does not provide any data-privacy functions, nor does it
truly authenticate the client to the access point.

 The SSID is advertised in plain-text in the access point beacon

messages.
 Although beacon messages are transparent to users, an eavesdropper can easily
determine the SSID with the use of an 802.11 wireless LAN packet analyzer, like
Sniffer Pro.

 The SSID is not designed, nor intended for use, as a security

mechanism.
802.11 Station Authentication
 Authentication in the 802.11 specification is based on authenticating
a wireless station or device instead of authenticating a user.
 The specification provides for two modes of authentication: open
authentication and shared key authentication.
 The 802.11 client authentication process consists of the following
transactions:
1. Client broadcasts a probe request frame on every channel
2. Access points within range respond with a probe response frame
3. The client decides which access point (AP) is the best for access and sends an
authentication request
4. The access point will send an authentication reply
5. Upon successful authentication, the client will send an association request frame to the
access point
6. The access point will reply with an association response
7. The client is now able to pass traffic to the access point
802.11 Station Authentication
 Open Authentication
 Open System Authentication allows any device to join the network, assuming that
the device SSID matches the access point SSID. Alternatively, the device can use
the “ANY” SSID option to associate with any available access point within range,
regardless of its SSID.
 Open authentication is a null authentication algorithm
 Many 802.11-compliant devices are hand-held data-acquisition units like bar code readers.
They do not have the CPU capabilities required for complex authentication algorithms.
 If no encryption is enabled on the network, any device that knows the SSID of the
access point can gain access to the network.
 Open authentication provides no way for the access point to determine whether a
client is valid. This is a major security vulnerability if WEP encryption is not
implemented in a wireless LAN
802.11 Station Authentication
 Shared Key Authentication
 Shared key authentication requires that the client configure a static WEP key.
 Following steps describes the shared key authentication process.
1. The client sends an authentication request to the access point requesting shared key
authentication
2. The access point responds with an authentication response containing challenge text
3. The client uses its locally configured WEP key to encrypt the challenge text and reply with
a subsequent authentication request
4. If the access point can decrypt the authentication request and retrieve the original challenge
text, then it responds with an authentication response that grants the client access
 The process of exchanging the challenge text occurs over the wireless link and is
vulnerable to a man-in-the-middle attack. An eavesdropper can capture both the plain
challenge text and the cipher-text response and can derive the key stream
802.11 Station Authentication
 MAC Address Authentication
 MAC address authentication is not specified in the 802.11 standard, but many
vendors support it.
 MAC address authentication verifies the client’s MAC address against a locally
configured list of allowed addresses or against an external authentication server.
 MAC authentication is used to augment the open and shared key authentications
provided by 802.11, further reducing the likelihood of unauthorized devices
accessing the network.

 MAC addresses are sent in the clear text as required by the 802.11 specification.
As a result, in wireless LANs that use MAC authentication, a network attacker
might be able to subvert the MAC authentication process by “spoofing” a valid
MAC address.
Evolution WLAN Security
 WEP – Wired Equivalent Privacy
 EAP – Extensible Authentication Protocol
 WPA – Wi-Fi Protected Access
WEP Encryption
 Wired Equivalent Privacy (WEP) is based on the RC4 algorithm,
which is a symmetric key stream cipher.
 The encryption keys must match on both the client and the access
point for frame exchanges to succeed.
 Stream Ciphers and Block Ciphers
 A stream cipher encrypts data by generating a key stream from the key and
performing the XOR function on the key stream with the plain-text data. The key
stream can be any size necessary to match the size of the plain-text frame to
encrypt.
 Block ciphers deal with data in defined blocks, rather than frames of varying
sizes. The block cipher fragments the frame into blocks of predetermined size and
performs the XOR function on each block. Each block must be the predetermined
size, and leftover frame fragments are padded to the appropriate block size
WEP Encryption
 IEEE 802.11 standard introduced the WEP protocol in order to
bring the security of the wireless systems closer to that of wired
ones.
 Provides encryption
 Uses RSA Data Security Inc.'s 40-bit RC4 algorithm for encrypting data (plain
text) contained in the frames
 PRNG algorithm & output of the generator (key) is XORed with the data stream
(stream cipher)
 Based on 40-bit secret key & has a 24 bit initialization vector (IV) that is sent
with the data (total key size is 64-bit)
 128-bit RC4 keys can be used
 Using a 40-bit symmetric cipher is not secure because its key space so small that a
brute-force attack is feasible

 Provides protection against unauthorized data modification

 Integrity algorithm (CRC-32) operates on the plaintext to produce the integrity
check value
 Produces the cipher text
WEP
 WEP bit in Frame Control Field indicates WEP used
 Each frame can have a new IV, or IV can be reused for a limited time
 If integrity check fails then frame is ACKed but discarded
 Limited for Station-to-Station traffic, so not “end to end”
 Embedded in the MAC entity
WPA and WPA2
 Today, 802.11i has been ratified, and Advanced Encryption Standard
(AES) has replaced WEP as the latest and most secure method of
encrypting data
 The Wi-Fi Alliance certifies 802.11i devices under WPA2.
 WPA provides authentication support via 802.1x and a pre-shared
key (PSK)
 WPA provides encryption support via TKIP.
 TKIP (Cisco implemented Temporal Key Integrity Protocol) includes MIC (Cisco
Message Integrity Check) and per-packet keying (PPK) via initialization vector
hashing and broadcast key rotation.
 In comparison to WPA, WPA2 authentication is not changed, but the
encryption used is AES-Counter with CBC MAC Protocol (AES-CCMP).
Q&A

THANK YOU