The IEEE 802.11 standard Imad Aad INRIA, Planete team IN Tech, January 24th, 2002 IEEE 802.11 p.1
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.2
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.2
WLANs vs. Wired LANs No wires Mobility IEEE 802.11 p.3
WLANs vs. Wired LANs No wires Mobility Scarse bandwidth (?) IEEE 802.11 p.3
WLANs vs. Wired LANs No wires Mobility Scarse bandwidth (?) Multipath, pathloss, interference / noise BER Obstacle 1 s1 Tx s0 Rx s s2 s0 + s1 + s2 Obstacle 2 IEEE 802.11 p.3
WLANs vs. Wired LANs No wires Mobility Scarse bandwidth (?) Multipath, pathloss, interference / noise LOS BER No LOS Average received power α =2 α =4 Average received power α =2 15 25 db drop α =4 6 Distance Distance IEEE 802.11 p.3
WLANs vs. Wired LANs IEEE 802.11 p.3
WLANs vs. Wired LANs No wires Mobility The hidden node problem Scarse bandwidth (?) Multipath, pathloss, interference / noise Protection / Privacy BER IEEE 802.11 p.3
WLANs vs. Wired LANs IEEE 802.11 p.3
WLANs vs. Wired LANs Application layer Network layer LLC sub layer MAC sub layer PHY layer IEEE 802.2 IEEE 802.11 IEEE 802.3 IEEE 802.11 p.3
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.4
History 1970s: ALOHA IEEE 802.11 p.5
History 1970s: ALOHA 1972: Slotted ALOHA IEEE 802.11 p.5
History 1970s: ALOHA 1972: Slotted ALOHA 1975: Carrier Sense Multiple Access (CSMA) IEEE 802.11 p.5
History 1970s: ALOHA 1972: Slotted ALOHA 1975: Carrier Sense Multiple Access (CSMA) non persistent IEEE 802.11 p.5
History 1970s: ALOHA 1972: Slotted ALOHA 1975: Carrier Sense Multiple Access (CSMA) non persistent p-persistent IEEE 802.11 p.5
History 1970s: ALOHA 1972: Slotted ALOHA 1975: Carrier Sense Multiple Access (CSMA) non persistent p-persistent CSMA with collision detections (CD): Ethernet (1976) IEEE 802.11 p.5
History 1970s: ALOHA 1972: Slotted ALOHA 1975: Carrier Sense Multiple Access (CSMA) non persistent p-persistent CSMA with collision detections (CD): Ethernet (1976) CSMA w/ coll. avoidance (CA): IEEE 802.11 (1997) IEEE 802.11 p.5
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.6
Working modes Ad-hoc mode vs. Infrastructure mode (IS) IEEE 802.11 p.7
Working modes Ad-hoc mode vs. Infrastructure mode (IS) Independent BSS (IBSS), Basic Service Set (BSS), Extended Service Set (ESS) IEEE 802.11 p.7
Working modes Ad-hoc mode vs. Infrastructure mode (IS) Independent BSS (IBSS), Basic Service Set (BSS), Extended Service Set (ESS) IBSS IEEE 802.11 p.7
Working modes Ad-hoc mode vs. Infrastructure mode (IS) Independent BSS (IBSS), Basic Service Set (BSS), Extended Service Set (ESS) Acess Point (AP) BSS IEEE 802.11 p.7
Working modes Ad-hoc mode vs. Infrastructure mode (IS) Independent BSS (IBSS), Basic Service Set (BSS), Extended Service Set (ESS) AP1 AP2 AP3 ESS Distribution System (DS) IEEE 802.11 p.7
Working modes Ad-hoc mode vs. Infrastructure mode (IS) Independent BSS (IBSS), Basic Service Set (BSS), Extended Service Set (ESS) AP1 AP2 AP3 ESS Distribution System (DS) Handoff on the MAC sub-layer IEEE 802.11 p.7
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.8
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) PCF: Polling Coordination Function (in IS mode, optional) IEEE 802.11 p.9
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) PCF: Polling Coordination Function (in IS mode, optional) IEEE 802.11 p.9
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) - Basic machanism ( ) DIFS Time Source (Tx) Destination (Tx) CW Data SIFS ACK DIFS Other NAV Contention Window Defer access = NAV+DIFS Backoff IEEE 802.11 p.9
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) - The hidden node problem A B C IEEE 802.11 p.9
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) - RTS/CTS mechanism ( ) DIFS SIFS Time Source (Tx) RTS SIFS Data SIFS Destination (Tx) CTS ACK DIFS Other NAV (RTS) NAV (CTS) CW NAV (data) Defer access Backoff IEEE 802.11 p.9
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) - Fairness?... YES IEEE 802.11 p.9
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) - Fairness?... YES - QoS?... not yet IEEE 802.11 p.9
MAC sub-layer DCF: Distributed Coordination Function (ad-hoc, IS modes) PCF: Polling Coordination Function (in IS mode, optional) IEEE 802.11 p.9
MAC sub-layer PCF: Polling Coordination Function (in IS mode, optional) B IEEE 802.11 p.9
MAC sub-layer PCF: Polling Coordination Function (in IS mode) CFP B PCF IEEE 802.11 p.9
MAC sub-layer PCF: Polling Coordination Function (in IS mode) CFP repetition interval CFP CP B PCF DCF IEEE 802.11 p.9
MAC sub-layer PCF: Polling Coordination Function (in IS mode) CFP repetition interval CFP repetition interval CFP CP CFP CP B PCF DCF B PCF DCF IEEE 802.11 p.9
MAC sub-layer PCF: Polling Coordination Function (in IS mode) CFP repetition interval CFP repetition interval CFP CP CFP CP B PCF DCF B PCF DCF PIFS IEEE 802.11 p.9
MAC sub-layer PCF: Polling Coordination Function (in IS mode) CFP repetition interval CFP repetition interval CFP CP CFP CP B PCF DCF B PCF DCF SIFS B D1+Poll PIFS IEEE 802.11 p.9
MAC sub-layer PCF: Polling Coordination Function (in IS mode) CFP repetition interval CFP repetition interval CFP CP CFP CP B PCF DCF B PCF DCF SIFS B D1+Poll U1+ACK PIFS SIFS IEEE 802.11 p.9
MAC sub-layer PCF: Polling Coordination Function (in IS mode) CFP repetition interval CFP repetition interval CFP CP CFP CP B PCF DCF B PCF DCF SIFS SIFS B D1+Poll D2+ACK+Poll U1+ACK U2+ACK PIFS SIFS SIFS IEEE 802.11 p.9
MAC sub-layer PCF: Polling Coordination Function (in IS mode) CFP repetition interval CFP repetition interval CFP CP CFP CP B PCF DCF B PCF DCF SIFS SIFS SIFS B D1+Poll D2+ACK+Poll D3+ACK+Poll U1+ACK U2+ACK PIFS SIFS SIFS IEEE 802.11 p.9
MAC sub-layer PCF: Polling Coordination Function (in IS mode) CFP repetition interval CFP repetition interval CFP CP CFP CP B PCF DCF B PCF DCF SIFS SIFS SIFS PIFS B D1+Poll D2+ACK+Poll D3+ACK+Poll D4+Poll U1+ACK U2+ACK U4+ACK PIFS SIFS SIFS SIFS IEEE 802.11 p.9
MAC sub-layer PCF: Polling Coordination Function (in IS mode) CFP repetition interval CFP repetition interval CFP CP CFP CP B PCF DCF B PCF DCF SIFS SIFS SIFS PIFS SIFS CP B D1+Poll D2+ACK+Poll D3+ACK+Poll D4+Poll CF End U1+ACK U2+ACK U4+ACK PIFS SIFS SIFS SIFS IEEE 802.11 p.9
MAC sub-layer Packet fragmentation Fragment burst Time SIFS SIFS SIFS SIFS SIFS SIFS DIFS Src. (Tx) Fragment 0 Fragment 1 Fragment 2 CW Dest. (Tx) ACK0 ACK1 ACK2 Other NAV (CTS) NAV (fragment 0) NAV (fragment 1) NAV(fr.2) Other NAV (ACK0) NAV (ACK1) IEEE 802.11 p.9
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.10
The PHY layer (1997) Application layer Network layer LLC sub layer MAC sub layer PHY layer 3 PHY types: DSSS (most products) FHSS (less products) IR (unknown products) IEEE 802.11 p.11
The PHY layer (1997) the EM spectrum allocation Gamma rays X rays UV Visible Infrared! Freq. 1 KHz 1 MHz 1 GHz 1 THz 1 PHz 1 EHz IEEE 802.11 p.11
6 6 6 4 4 4 2 2 2 0 0 0...,,, : : : 8 8 8 * * * ( ( ( $ $ $ " " " & & & The PHY layer (1997) the EM spectrum allocation Gamma rays X rays UV Visible Infrared 67 45 23 01./,- Freq. 1 KHz 1 MHz 1 GHz 1 THz 1 PHz 1 EHz :; (SW radio) (FM radi TV) (TV Cell.) HF VHF UHF SHF 89 *+ () $% (AM radio) LF MF "# &' 30 KHz 300 KHz 3 MHz 30 MHz 300 MHz 3 GHz 30 GHz Freq. IEEE 802.11 p.11
P P P N N N L L L J J J H H H F F F T T T R R R D D D B B B > > > < < < @ @ @ X X X V V V The PHY layer (1997) the EM spectrum allocation Infrared Visible UV X rays Gamma rays JK FG HI NO LM PQ 1 KHz 1 MHz 1 GHz 1 THz 1 PHz 1 EHz Freq. LF @A (AM radio) MF <= (SW radio) (FM radi TV) (TV Cell.) HF VHF UHF SHF >? BC DE RS TU 30 KHz 300 KHz 3 MHz 30 MHz 300 MHz 3 GHz 30 GHz Freq. XY VW 902 MHz 928 MHz Freq. Cordless phones Baby monitors (old) Wireless LANs IEEE 802.11 p.11
n n n l l l j j j h h h f f f d d d r r r p p p b b b ` ` ` \ \ \ Z Z Z ^ ^ ^ z z z x x x v v v t t t The PHY layer (1997) the EM spectrum allocation Infrared Visible UV X rays Gamma rays hi de fg lm jk no 1 KHz 1 MHz 1 GHz 1 THz 1 PHz 1 EHz Freq. LF ^_ (AM radio) MF Z[ (SW radio) (FM radi TV) (TV Cell.) HF VHF UHF SHF \] `a bc pq rs 30 KHz 300 KHz 3 MHz 30 MHz 300 MHz 3 GHz 30 GHz Freq. tu vw ISM xy z{ 902 MHz 928 MHz 2.4 GHz 2.4835 GHz Freq. Cordless phones Baby monitors (old) Wireless LANs IEEE 802.11(b) Bluetooth Microwave ovens IEEE 802.11 p.11
Ž Ž Ž Œ Œ Œ Š Š Š ˆ ˆ ˆ ~ ~ ~ š š š ž ž ž œ œ œ The PHY layer (1997) the EM spectrum allocation Infrared Visible UV X rays Gamma rays Š ˆ Ž Œ 1 KHz 1 MHz 1 GHz 1 THz 1 PHz 1 EHz Freq. LF (AM radio) MF } (SW radio) (FM radi TV) (TV Cell.) HF VHF UHF SHF ~ ƒ 30 KHz 300 KHz 3 MHz 30 MHz 300 MHz 3 GHz 30 GHz Freq. ISM œ žÿ U NII š 902 MHz 928 MHz 2.4 GHz 2.4835 GHz 5.725 GHz 5.785 GHz Freq. Cordless phones Baby monitors (old) Wireless LANs IEEE 802.11(b) Bluetooth Microwave ovens IEEE 802.11a Hiperlan II IEEE 802.11 p.11
The PHY layer (1997) DSSS (Direct Sequence Spread Spectrum) FHSS (Freq. Hopping Spread Spectrum) IR (Infra Red) IEEE 802.11 p.11
The PHY layer (1997) DSSS: principle 1 bit period Scrambled 1 0 Data 1 0 1 1 0 1 1 1 0 0 0 11 chips Periodic 11 Bit Barker code mod 2 adder 0 1 0 0 1 0 0 0 1 1 1 Carrier modulator Note: single code (11-chips) multiple access?... no security?... no IEEE 802.11 p.11
The PHY layer (1997) DSSS: principle Transmitter baseband signal before spreading 1 bit period Scrambled 1 0 Data 1 0 1 1 0 1 1 1 0 0 0 11 chips Periodic 11 Bit Barker code mod 2 adder 0 1 0 0 1 0 0 0 1 1 1 Carrier modulator Transmitter baseband signal after spreading IEEE 802.11 p.11
The PHY layer (1997) DSSS: principle @ Transmitter @ Receiver before spreading IEEE 802.11 p.11
The PHY layer (1997) DSSS: principle @ Transmitter @ Receiver before spreading after spreading IEEE 802.11 p.11
The PHY layer (1997) DSSS: principle @ Transmitter @ Receiver before spreading after spreading before despreading IEEE 802.11 p.11
The PHY layer (1997) DSSS: principle @ Transmitter @ Receiver before spreading after spreading before despreading after despreading IEEE 802.11 p.11
The PHY layer (1997) DSSS: principle @ Transmitter @ Receiver before spreading after spreading before despreading after despreading narrowband interference IEEE 802.11 p.11
The PHY layer (1997) DSSS: principle @ Transmitter @ Receiver before spreading after spreading before despreading after despreading narrowband interference IEEE 802.11 p.11
The PHY layer (1997) PSK (Phase Shift Keying) Data x spreading code S 0 time S(t) = A sin ( 2πω t + ϕ(t)) ϕ = 0 IEEE 802.11 p.11
The PHY layer (1997) PSK (Phase Shift Keying) Data x spreading code 0 S 0 time S(t) = A sin ( 2πω t + ϕ(t)) ϕ = 0 IEEE 802.11 p.11
The PHY layer (1997) PSK (Phase Shift Keying) Data x spreading code 0 0 S 0 time S(t) = A sin ( 2πω t + ϕ(t)) ϕ = 0 IEEE 802.11 p.11
The PHY layer (1997) PSK (Phase Shift Keying) Data x spreading code 0 0 1 S 0 time S(t) = A sin ( 2πω t + ϕ(t)) ϕ = 180 IEEE 802.11 p.11
The PHY layer (1997) PSK (Phase Shift Keying) Data x spreading code 0 0 1 1 S 0 time S(t) = A sin ( 2πω t + ϕ(t)) ϕ = 180 IEEE 802.11 p.11
The PHY layer (1997) PSK (Phase Shift Keying) Data x spreading code 0 0 1 1 0 S 0 time S(t) = A sin ( 2πω t + ϕ(t)) ϕ = 0 IEEE 802.11 p.11
The PHY layer (1997) DPSK (Differential PSK): no reference signal needed Data x spreading code 0 0 1 1 0 S 0 time S(t) = A sin ( 2πω t + ϕ(t)) IEEE 802.11 p.11
ª ª ª ª ª The PHY layer (1997) DSSS: modulation DBPSK DQPSK 90 (11) ª (0) (1) (00) (01) ««0 180 0 180 (10) 270 1 Mbps 2Mbps IEEE 802.11 p.11
The PHY layer (1997) DSSS: Spectrum @ modulator output 0dBr 30dBr 50dBr fc 22MHz fc 11MHz fc fc + 11MHz fc + 22MHz IEEE 802.11 p.11
The PHY layer (1997) in France: allowed channels (ch.10) 2.457 MHz (ch.11) 2.462 MHz (ch12) 2.467 MHz (ch13) 2.472 MHz IEEE 802.11 p.11
The PHY layer (1997) in France: maximum channel separation (ch.10) 2.457 MHz (ch13) 2.472 MHz IEEE 802.11 p.11
The PHY layer (1997) in Europe (except France and Spain) (ch.1) 2.412 MHz (ch13) 2.472 MHz IEEE 802.11 p.11
² ± ² ± The PHY layer (1997) Transmission power GSM wave IEEE oven 802.11 Typical 100 mw - 600 mw 0.2mW/ 2.5 mw Regulations 1-5 mw/ 100 mw @ 5cm (Eur.) IEEE 802.11 p.11
² ± ² ± The PHY layer (1997) Transmission power GSM wave IEEE oven 802.11 Typical 100 mw - 600 mw 0.2mW/ 2.5 mw Regulations 1-5 mw/ 100 mw @ 5cm (Eur.) IEEE 802.11 p.11
The PHY layer (1997) DSSS (Direct Sequence Spread Spectrum) FHSS (Frequency Hopping Spread Spectrum) IR (Infra Red) IEEE 802.11 p.11
È ËÌ Ç Â Å The PHY layer (1997) FHSS Modulation: GFSK binary 0/1: (for 1 Mbps) 00, 01, 10, 11: (for 2 Mbps) sequence = : tables : 3 sets ³ ¾ ¼½ ¹ ³µ ¹ º ³µ ¾À ¼½ ³µ» ¾Äà ¼½ ÁÂ Æ ± Å Fast-FH vs. Slow-FH: min 2.5 hops/s Bluetooth interference?... YES ¾Äà ¼ÉÊ (France) IEEE 802.11 p.11
The PHY layer (1997) DSSS (Direct Sequence Spread Spectrum) FHSS (Freq. Hopping Spread Spectrum) IR (Infra Red) IEEE 802.11 p.11
Í Í Ñ Ï ÐÑ ÎÏ ÐÑ ÎÏ Ð Î The PHY layer (1997) Infra Red (IR) Pulse Position Modulation (PPM) 1 Mbps: 4 data bits 2 Mbps: 2 data bits 16-PPM symbol 4-PPM symbol Data bits 4 PPM symbol 00 0001 1 0 1 1 Data 01 0010 10 11 0100 1000 Î Ï Ð Ñ 1 0 0 0 0 1 0 0 Txed Pulse IEEE 802.11 p.11
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.12
PHY Extensions (1999) IEEE 802.11b: 2.4 GHz. 1Mbps, 2Mbps, 5.5Mbps 11 Mbps. High Rate DSSS Modulation: (backward compatible)dbpsk, DQPSK Complementary Code Keying (CCK) + DQPSK, (opt.) Packet Binary Convolutional Coding (PBCC) + (BPSK,QPSK) Currently the most widely used one IEEE 802.11 p.13
Í PHY Extensions (1999) IEEE 802.11a: 5.7 GHz, 6 Mbps 54 Mbps!! OFDM (Orthogonal Frequency Division Multiplexing) Principle: High-rate data is devided into several lower rate binary signals. Each low-rate signal modulates a different sub-carrier (48) Sub-carrier sets are orthogonal. Modulation: BPSK, QPSK, 16QAM and 64QAM FEC: Convolutional encoding needed (Viterbi) Close to Hiperlan 2 specs. coming soon IEEE 802.11 p.13
Outline WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security IEEE 802.11 p.14
Security WEP (Wired Equivalent Privacy) IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Plaintext IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Plaintext Encryption IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Key Plaintext Encryption IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Key Plaintext Encryption Cyphertext IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Key Plaintext Encryption Cyphertext Eavesdropper IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Key Plaintext Encryption Cyphertext Decryption Eavesdropper IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Key Key Plaintext Encryption Cyphertext Decryption Eavesdropper IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Key Key Plaintext Encryption Cyphertext Decryption Original Plaintext Eavesdropper IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Plaintext IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Plaintext Integrity Algo. IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Plaintext Integrity Algo. Integrity Check Value (ICV) IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Secret Key Plaintext Integrity Algo. Integrity Check Value (ICV) IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Initialization Vector (IV) Secret Key Plaintext Integrity Algo. Integrity Check Value (ICV) IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Initialization Vector (IV) Secret Key Seed Plaintext Integrity Algo. Integrity Check Value (ICV) IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Initialization Vector (IV) Secret Key Seed WEP PRNG Key Sequence Plaintext Integrity Algo. Integrity Check Value (ICV) IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Initialization Vector (IV) Secret Key Seed WEP PRNG Key Sequence XOR Plaintext Integrity Algo. Integrity Check Value (ICV) IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) Initialization Vector (IV) Secret Key Seed WEP PRNG Key Sequence XOR Plaintext Integrity Algo. Integrity Check Value (ICV) IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) IV Initialization Vector (IV) Secret Key Seed WEP PRNG Key Sequence XOR Ciphertext Plaintext Message Integrity Algo. Integrity Check Value (ICV) IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) default keys / established keys 40-128 bit key Algorithm: RC4 (symmetric stream cypher) Cracking tools: WEPcrack, AirSnort: if 100MB-1GB of data can be gathered then one can guess the encryption password in less than a second!! IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) default keys / established keys 40-128 bit key Algorithm: RC4 (symmetric stream cypher) Cracking tools: WEPcrack, AirSnort: if 100MB-1GB of data can be gathered then one can guess the encryption password in less than a second!! Access control table?... inefficient IEEE 802.11 p.15
Security WEP (Wired Equivalent Privacy) default keys / established keys 40-128 bit key Algorithm: RC4 (symmetric stream cypher) Cracking tools: WEPcrack, AirSnort: if 100MB-1GB of data can be gathered then one can guess the encryption password in less than a second!! Access control table?... inefficient Network ID?... inefficient IEEE 802.11 p.15
Conclusion it works! looks just like ethernet to higher layers no QoS support... yet. limited security management. Planete team: http://www.inrialpes.fr/planete Imad AAD: imad.aad@inrialpes.fr IEEE 802.11 p.16