The IEEE 802.11 standard
Imad Aad
INRIA, Planete team
IN’Tech, May 31st, 2002
IEEE 802.11 – p.1
Outline
WLANs vs. Wired LANs
History
Working modes
MAC sub-layer
The PHY layer (1997)
The PHY Extensions (1999)
Security
IEEE 802.11 – p.2
WLANs vs. Wired LANs
No wires � Mobility
Scarse bandwidth (?)
Multipath, pathloss, interference / noise � BER
Rx
s1
s2
s0
s
Tx
s0 + s1 + s2
Obstacle 2
Obstacle 1
IEEE 802.11 – p.3
WLANs vs. Wired LANs
No wires � Mobility
Scarse bandwidth (?)
Multipath, pathloss, interference / noise � BER
Distance
Ave
rage
rec
eive
d po
wer
LOS
=2α
=4α
Distance
Ave
rage
rec
eive
d po
wer
No LOS
=2α
15−25 dB drop
=4−6α
IEEE 802.11 – p.3
WLANs vs. Wired LANs
IEEE 802.11 – p.3
WLANs vs. Wired LANs
No wires � Mobility
The hidden node problem
Scarse bandwidth (?)
Multipath, pathloss, interference / noise � BER
Protection / Privacy
IEEE 802.11 – p.3
WLANs vs. Wired LANs
IEEE 802.11 – p.3
WLANs vs. Wired LANs
PHY layer
MAC sub−layer
LLC sub−layer
Network layer
Application layer
IEEE 802.11 − IEEE 802.3
IEEE 802.2
IEEE 802.11 – p.3
Outline
WLANs vs. Wired LANs
History
Working modes
MAC sub-layer
The PHY layer (1997)
The PHY Extensions (1999)
Security
IEEE 802.11 – p.4
History
1970s: ALOHA
1972: Slotted ALOHA
IEEE 802.11 – p.5
History
1970s: ALOHA
1972: Slotted ALOHA
1975: Carrier Sense Multiple Access (CSMA)non persistentp-persistent
IEEE 802.11 – p.6
History
1970s: ALOHA
1972: Slotted ALOHA
1975: Carrier Sense Multiple Access (CSMA)non persistentp-persistent
CSMA with collision detections (CD): Ethernet (1976)
CSMA w/ coll. avoidance (CA): IEEE 802.11 (1997)
IEEE 802.11 – p.7
Outline
WLANs vs. Wired LANs
History
Working modes
MAC sub-layer
The PHY layer (1997)
The PHY Extensions (1999)
Security
IEEE 802.11 – p.8
Working modes
Ad-hoc mode vs. Infrastructure mode (IS)
Independent BSS (IBSS), Basic Service Set (BSS),Extended Service Set (ESS)
IBSSIEEE 802.11 – p.9
Working modes
Ad-hoc mode vs. Infrastructure mode (IS)
Independent BSS (IBSS), Basic Service Set (BSS),Extended Service Set (ESS)
Acess Point (AP)
BSS
IEEE 802.11 – p.9
Working modes
Ad-hoc mode vs. Infrastructure mode (IS)
Independent BSS (IBSS), Basic Service Set (BSS),Extended Service Set (ESS)
Distribution System (DS)
AP1 AP2 AP3
ESS
Handoff on the MAC sub-layer
IEEE 802.11 – p.9
Outline
WLANs vs. Wired LANs
History
Working modes
MAC sub-layer
The PHY layer (1997)
The PHY Extensions (1999)
Security
IEEE 802.11 – p.10
MAC sub-layer
DCF: Distributed Coordination Function (ad-hoc, IS modes)PCF: Polling Coordination Function (in IS mode, optional)
IEEE 802.11 – p.11
MAC sub-layer
DCF: Distributed Coordination Function (ad-hoc, IS modes)- Basic machanism ( � ���� ��� �� � ��� � ��� ��
)
Source
Destination
Other
DIFSTime
(Tx)
(Tx)
Data
ACK
NAV
Contention Window
Backoff
DIFS
SIFS
Defer access = NAV+DIFS
CW
IEEE 802.11 – p.11
MAC sub-layer
DCF: Distributed Coordination Function (ad-hoc, IS modes)- The hidden node problem
A B C
IEEE 802.11 – p.11
MAC sub-layer
DCF: Distributed Coordination Function (ad-hoc, IS modes)- RTS/CTS mechanism ( � ���� � � � � � � ��� � ��� ��
)
Source
Destination
Other
DIFS Time
(Tx)
(Tx)
SIFS
RTS
CTS
SIFS
Data
SIFS
ACK
DIFS
NAV (RTS)
NAV (CTS)
NAV (data)
Defer access
CW
Backoff
IEEE 802.11 – p.11
MAC sub-layer
DCF: Distributed Coordination Function (ad-hoc, IS modes)- Fairness ? ... depends on scenario- QoS ? ... not yet ... wait for 802.11e
IEEE 802.11 – p.11
MAC sub-layer
DCF: Distributed Coordination Function (ad-hoc, IS modes)PCF: Polling Coordination Function (in IS mode, optional)
SIFS
D2+ACK+Poll
PIFS
D1+Poll
SIFS
CFP repetition interval
CFP CP
PCFB
CFP repetition interval
CFP CP
PCFB DCFDCF
B
U1+ACK
SIFS
SIFS
D3+ACK+Poll
PIFS
D4+Poll
U2+ACK
SIFS
U4+ACK
SIFS
SIFS
CF−End
CP
IEEE 802.11 – p.11
MAC sub-layer
Packet fragmentation
Fragment 0
ACK0
(Tx)
(Tx)
Src.
Dest.
Fragment 1
ACK1
Fragment 2
ACK2
CW
TimeFragment burst
SIFSSIFS SIFS SIFS SIFS SIFS DIFS
NAV (CTS)
NAV (fragment 0)
NAV (fragment 1)
NAV(fr.2)Other
OtherNAV (ACK1)
NAV (ACK0)
IEEE 802.11 – p.11
Outline
WLANs vs. Wired LANs
History
Working modes
MAC sub-layer
The PHY layer (1997)
The PHY Extensions (1999)
Security
IEEE 802.11 – p.12
The PHY layer (1997)
PHY layer
MAC sub−layer
LLC sub−layer
Network layer
Application layer
3 PHY types:
− IR (unknown products)
− DSSS (most products)− FHSS (less products)
IEEE 802.11 – p.13
The PHY layer (1997)
the EM spectrum allocation
� �� ���� � �� ����� �� ���� � �� ���� � �� ����
�!! " "" "�## $ $$ $�%% & && &�'' ( (( (�)) * ** *�++, ,, ,�-- . .. .�//
0 00 0�1 2 22 2�3 4 44 4�56 66 6�7 8 88 8�9 : :: :�;300 KHz 3 MHz
LF MF(AM radio)
Freq.30 KHz 30 MHz 300 MHz
Freq.1 KHz 1 MHz 1 GHz 1 THz 1 PHz 1 EHz
Infr
ared
Vis
ible
UV
X r
ays
Gam
ma
rays
3 GHz 30 GHz
HF VHF UHF SHF(SW radio) (FM radio − TV) (TV − Cell.)
Freq.902 MHz 928 MHz
Cordless phonesBaby monitors
(old) Wireless LANs
5.785 GHz
IEEE 802.11aHiperlan II
2.4835 GHz
IEEE 802.11(b)Bluetooth
Microwave ovens
2.4 GHz 5.725 GHz
ISM U−NII
IEEE 802.11 – p.13
The PHY layer (1997)
DSSS (Direct Sequence Spread Spectrum)
FHSS (Freq. Hopping Spread Spectrum)
IR (Infra Red)
IEEE 802.11 – p.13
The PHY layer (1997)
DSSS: principle
1 0 Data
Periodic
Scrambled
11 BitBarker code
Carriermodulator
mod−2 adder
0 1 0 0 1 0 0 0 1 1 1
1 bit period
11 chips
1 0 1 1 0 1 1 1 0 0 0
Note:
single code (11-chips)
multiple access ? ... no
security ? ... noIEEE 802.11 – p.13
The PHY layer (1997)
DSSS: principle
1 0 Data
Periodic
Scrambled
11 BitBarker code
Carriermodulator
mod−2 adder
0 1 0 0 1 0 0 0 1 1 1
1 bit period
11 chips
1 0 1 1 0 1 1 1 0 0 0
Transmitter baseband signalbefore spreading
Transmitter baseband signalafter spreading
IEEE 802.11 – p.13
The PHY layer (1997)
DSSS: principle
after spreading before despreading after despreadingbefore spreading
@ Receiver@ Transmitter
narrowband
interference
IEEE 802.11 – p.13
The PHY layer (1997)
PSK (Phase Shift Keying)
x
2πω ϕ
ϕ = 0
0
S
time
Data spreading code
S(t) = A sin ( t + (t))
0 0 1 01
IEEE 802.11 – p.13
The PHY layer (1997)
DPSK (Differential PSK):no reference signal needed
x
2πω ϕ
0
S
time
Data spreading code
S(t) = A sin ( t + (t))
0 0 1 01
IEEE 802.11 – p.13
The PHY layer (1997)
DSSS: modulation
<<>== ??>@@
A AA A>B BB BC CC CC CD DD DD D
EE>FF GG>HHDBPSK DQPSK
0 180 0 180
90
270
(1)(0) (00) (01)
(10)
(11)
1 Mbps 2Mbps
IEEE 802.11 – p.13
The PHY layer (1997)
DSSS: Spectrum @ modulator output0dBr
−50dBr
−30dBr
fc
fc +
11M
Hz
fc +
22M
Hz
fc −
11M
Hz
fc −
22M
Hz
IEEE 802.11 – p.13
The PHY layer (1997)
in France (few months ago): allowed channels
(ch1
3) 2
.472
MH
z
(ch.
11)
2.46
2 M
Hz
(ch.
10)
2.45
7 M
Hz
(ch1
2) 2
.467
MH
z
IEEE 802.11 – p.13
The PHY layer (1997)
in France (few months ago): maximum channel separation
(ch1
3) 2
.472
MH
z
(ch.
10)
2.45
7 M
Hz
IEEE 802.11 – p.13
The PHY layer (1997)
in Europe
(ch1
3) 2
.472
MH
z
(ch.
1) 2
.412
MH
z
IEEE 802.11 – p.13
The PHY layer (1997)
Transmission power
GSM I wave IEEEoven 802.11
Typical 100 mW - 600 mW 0.2mW/ JK L
6.3 mWRegulations 1-5 mW/ JK L
100 mW@ 5cm (Eur.)
IEEE 802.11 – p.13
The PHY layer (1997)
DSSS (Direct Sequence Spread Spectrum)
FHSS (Frequency Hopping Spread Spectrum)
IR (Infra Red)
IEEE 802.11 – p.13
The PHY layer (1997)
FHSS
Modulation: GFSKbinary 0/1:
MON P QSR (for 1 Mbps)00, 01, 10, 11:
MON PT QSR (for 2 Mbps)MN sequence =
MOU V � WYX Z[ V � W]\ ^ _ K � � V`a W]\ bc
(France)[ V � W
: tables^: 3 sets
Fast-FH vs. Slow-FH: min 2.5 hops/s
Bluetooth interference ?... YES
IEEE 802.11 – p.13
The PHY layer (1997)
DSSS (Direct Sequence Spread Spectrum)
FHSS (Freq. Hopping Spread Spectrum)
IR (Infra Red)
IEEE 802.11 – p.13
The PHY layer (1997)
Infra Red (IR)Pulse Position Modulation (PPM)
1 Mbps: 4 data bits � 16-PPM symbol
2 Mbps: 2 data bits � 4-PPM symbol
ddddeeee ffffgggg00
01
10
11
0001
0010
0100
1000
Dat
a bi
ts
4−P
PM
sym
bol
1 0 1 1
1 0 0 0 0 1 0 0
Data
Txed Pulse
IEEE 802.11 – p.13
Outline
WLANs vs. Wired LANs
History
Working modes
MAC sub-layer
The PHY layer (1997)
The PHY Extensions (1999)
Security
IEEE 802.11 – p.14
PHY Extensions (1999)
IEEE 802.11b: 2.4 GHz. 1Mbps, 2Mbps, 5.5Mbps 11Mbps.
High Rate DSSS
Modulation: (backward compatible)DBPSK, DQPSKComplementary Code Keying (CCK) + DQPSK,(opt.) Packet Binary Convolutional Coding (PBCC) +(BPSK,QPSK)
Currently the most widely used one
IEEE 802.11 – p.15
PHY Extensions (1999)
IEEE 802.11a: 5.7 GHz, 6 Mbps � 54 Mbps!!
OFDM (Orthogonal Frequency Division Multiplexing)Principle:High-rate data is devided into several lower ratebinary signals.Each low-rate signal modulates a differentsub-carrier (48)Sub-carrier sets are orthogonal.Modulation: BPSK, QPSK, 16QAM and 64QAM
FEC: Convolutional encoding needed (Viterbi)
Close to Hiperlan 2 specs.
“coming soon”IEEE 802.11 – p.15
PHY Extensions (1999)
DataOut
Carriers FFT S/PRem Pre/
PostfixRem virtual
SignalMapper
DataIn
Carriers IFFT P/SS/PAdd Pre/Postfix
Add virtualp(t)
P/SEqualizer/Detector
MatchedFilter
IEEE 802.11 – p.15
Outline
WLANs vs. Wired LANs
History
Working modes
MAC sub-layer
The PHY layer (1997)
The PHY Extensions (1999)
Security
IEEE 802.11 – p.16
Security
WEP (Wired Equivalent Privacy)
EncryptionPlaintext
Key
CyphertextDecryption
Key
PlaintextOriginal
Eavesdropper
IEEE 802.11 – p.17
Security
WEP (Wired Equivalent Privacy)
Seed WEPKey
Sequence
PRNG
InitializationVector (IV)
Secret Key
Plaintext
Integrity Check
Value (ICV)
Integrity Algo.
XOR
Ciphertext
IV
Message
IEEE 802.11 – p.17
Security
WEP (Wired Equivalent Privacy)
default keys / established keys
40-128 bit key
Algorithm: RC4 (symmetric stream cypher)
Cracking tools: WEPcrack, AirSnort:if “100MB-1GB of data can be gathered” then one“can guess the encryption password in less than asecond”!!
Access control table ? ... inefficientNetwork ID ? ... inefficient
IEEE 802.11 – p.17
Conclusion
it works!
looks just like ethernet to higher layers
no QoS support... yet.
limited security management.
Planete team: http://www.inrialpes.fr/planeteImad AAD: [email protected]
IEEE 802.11 – p.18