slides
TRANSCRIPT
802.11 Networks 802.11 Networks
Olga AgnewOlga AgnewBryant LikesBryant LikesDaewon SeoDaewon Seo
AgendaAgenda
Bryant:Bryant: 802.11 Overview802.11 Overview Bryant:Bryant: 802.11b802.11b Olga:Olga: 802.11a802.11a Olga:Olga: Comparison - 802.11b Comparison - 802.11b
and 802.11aand 802.11a Daewon:Daewon: SecuritySecurity
Why wireless?Why wireless?
MobilityMobility FlexibilityFlexibility Can be more cost effectiveCan be more cost effective
802.3 Ethernet Networks802.3 Ethernet Networks
Ethernet networks make up 95% of LANsEthernet networks make up 95% of LANs Ethernet Ethernet
Network Interface Cards (NIC)Network Interface Cards (NIC) Network CablesNetwork Cables HubsHubs
802.11 Wireless Networks802.11 Wireless Networks
802.11 builds on Ethernet802.11 builds on Ethernet 802.11802.11
Network Interface Cards (NIC)Network Interface Cards (NIC) AirAir Access PointsAccess Points
802.11 Components802.11 Components
Distribution SystemDistribution System Access PointsAccess Points Wireless MediumWireless Medium StationsStations
DistributionSystem
Access Point
Station
WirelessMedium
802.11 Topologies802.11 Topologies
Independent networksIndependent networks
Infrastructure networksInfrastructure networksAccess Point
Wireless BridgingWireless Bridging
Can also be setup as a bridgeCan also be setup as a bridge
(Yagi directional antenna)(Yagi directional antenna)
Access PointAccess Point
802.11 Media Access Control802.11 Media Access Control
Ethernet uses CSMA/CDEthernet uses CSMA/CD 802.11 uses CSMA/CA802.11 uses CSMA/CA
Distributed Coordination Function (DCF)Distributed Coordination Function (DCF) Low overheadLow overhead
Point Coordination Function (PCF)Point Coordination Function (PCF) Avoids the hidden node problemAvoids the hidden node problem
802.11 Network Operations802.11 Network Operations
DistributionDistribution Deliver messages to their destinationDeliver messages to their destination All messages use this serviceAll messages use this service
IntegrationIntegration Connects the wireless network to the Connects the wireless network to the
wired networkwired network
802.11 Network Operations802.11 Network Operations
AssociationAssociation ““Plugs” stations into the networkPlugs” stations into the network
ReassociationReassociation Switching to another AP with better Switching to another AP with better
serviceservice
DisassociationDisassociation Association no longer neededAssociation no longer needed
802.11 Network Operations802.11 Network Operations
AuthenticationAuthentication Prevents unauthorized usePrevents unauthorized use
DeauthenticationDeauthentication Terminates authenticated relationshipTerminates authenticated relationship
PrivacyPrivacy Wired Equivalency Privacy (WEP)Wired Equivalency Privacy (WEP)
MAC Service Data Unit (MSDU) DeliveryMAC Service Data Unit (MSDU) Delivery Destination deliveryDestination delivery
802.11b802.11b
802.11b - Data Transmission802.11b - Data Transmission
Transmit 300 to 500 feetTransmit 300 to 500 feet Frequency-hopping spread-spectrum Frequency-hopping spread-spectrum
(FHSS)(FHSS) 1 or 2 Mbps1 or 2 Mbps
Direct-sequence spread-spectrum (DSSS)Direct-sequence spread-spectrum (DSSS) 1, 2, 5.5, or 11 Mbps1, 2, 5.5, or 11 Mbps
802.11b – 802.11b – Frequencies and BandwidthFrequencies and Bandwidth 2.4000 to 2.4835 GHz frequency2.4000 to 2.4835 GHz frequency 22 MHz bandwidth per channel22 MHz bandwidth per channel 3 MHz guardbands3 MHz guardbands Analog radio signal (NIC is modem)Analog radio signal (NIC is modem)
802.11b - Transmission802.11b - Transmission
1 and 2 Mbps speeds1 and 2 Mbps speeds Use 11-bit Barker sequenceUse 11-bit Barker sequence
5.5 and 11 Mbps speeds5.5 and 11 Mbps speeds Use complementary code keying (CCK)Use complementary code keying (CCK)
802.11a802.11a
802.11a802.11a Why did ‘a’ come before ‘b’?Why did ‘a’ come before ‘b’? Is it different?Is it different? Is it better?Is it better? Is it faster? Is it faster?
802.11a - Data Transmission802.11a - Data Transmission
Transmit 100 to 150 feetTransmit 100 to 150 feet Orthogonal Frequency-Division Orthogonal Frequency-Division
Multiplexing (OFDM)Multiplexing (OFDM) 6 to 54 Mbps6 to 54 Mbps
802.11a - 802.11a - Frequencies and BandwidthFrequencies and Bandwidth 5 - GHz frequency5 - GHz frequency 12 channels12 channels
20 MHz bandwidth per channel20 MHz bandwidth per channel Broken into 52 separate channelsBroken into 52 separate channels
48 transmit, 4 used for control48 transmit, 4 used for control
802.11a - Transmission802.11a - Transmission 6 and 9 Mbps speeds6 and 9 Mbps speeds
Use 24-bit Barker sequenceUse 24-bit Barker sequence Converted to 1 OFDM symbol of 48 Converted to 1 OFDM symbol of 48
bitsbits 12, 24 and 48 Mbps speeds12, 24 and 48 Mbps speeds
Use binary phase shift keying Use binary phase shift keying (BPSK)(BPSK)
ComparisonComparison Physical LayerPhysical Layer
802.11b802.11b 802.11a802.11a
DSSSDSSS3 - 22 MHz channels3 - 22 MHz channelsData Rates: up to 11Data Rates: up to 11
Mbps (5.5 is norm) Mbps (5.5 is norm)
OFDMOFDM12 – 20 MHz channels12 – 20 MHz channelsData rates: up to 54Data rates: up to 54
Mbps (12-24 is norm)Mbps (12-24 is norm)
Comparison (cont’d)Comparison (cont’d) Physical LayerPhysical Layer
802.11b802.11b 802.11a802.11a
DSSS (cont’d)DSSS (cont’d)Frequency RangeFrequency Range
up to 300 Feetup to 300 Feet
OFDM (cont’d)OFDM (cont’d)Frequency Range:Frequency Range:
up to 150 Feetup to 150 Feet
ConclusionConclusion Is faster really better? Is faster really better? What are the application needs?What are the application needs?
Better for higher end appsBetter for higher end apps Video, Voice, transmission of large image or Video, Voice, transmission of large image or
large files, etc.large files, etc.
Shorter distanceShorter distance Remember…“There’s always a trade-off” Remember…“There’s always a trade-off”
Conclusion (Cont’d)Conclusion (Cont’d) Additional factors to consider:Additional factors to consider:
2.4 GHz frequency shared by:2.4 GHz frequency shared by: wireless phones, microwave ovenswireless phones, microwave ovens Bluetooth devices, others…Bluetooth devices, others…
Combo-cards now availableCombo-cards now available Proxim’sProxim’s
802.11 Security Overview802.11 Security Overview
Overview of 802.11 SecurityOverview of 802.11 Security
Not long ago Not long ago Wireless security was an afterthought Wireless security was an afterthought
(new and rare)(new and rare)
NowNow Security issues became more vital Security issues became more vital
(available for anyone and cheap)(available for anyone and cheap)
Same risks as Wired-LANs?Same risks as Wired-LANs?
Threat to physical security of a networkThreat to physical security of a network Denial of service and sabotageDenial of service and sabotage
Unauthorized access and eavesdroppingUnauthorized access and eavesdropping Attacks form within the network’s user Attacks form within the network’s user
communitycommunity Employees have been known to read, Employees have been known to read,
distribute, and alter valuable company datadistribute, and alter valuable company data
802.11 Security Mechanisms802.11 Security Mechanisms
Authentication through…Authentication through… Open systemOpen system Shared key authenticationShared key authentication
Data confidentiality through…Data confidentiality through… Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)
AuthenticationAuthentication
Open systemsOpen systems Do not provide authenticationDo not provide authentication Only identification using the wireless Only identification using the wireless
adapter’s MAC addressadapter’s MAC address Access can be based on MAC addressAccess can be based on MAC address MAC address of wireless client can be MAC address of wireless client can be
spoofedspoofed
Overall, the open system is Overall, the open system is notnot secure. secure.
Authentication (Continued)Authentication (Continued)
Shared key authenticationShared key authentication
Authentication (Continued)Authentication (Continued) Shared key authentication…Shared key authentication…
It is delivered to participating station through a It is delivered to participating station through a secure channel that is independent of IEEE secure channel that is independent of IEEE 802.11802.11
The secret of shared key is manually The secret of shared key is manually configured for both the wireless AP and clientconfigured for both the wireless AP and client
Securing physical access to the network is Securing physical access to the network is difficultdifficult
Anyone within range of wireless AP can listen Anyone within range of wireless AP can listen other users’ dataother users’ data
In the overall, this authentication is not In the overall, this authentication is not secure and is not recommended for usesecure and is not recommended for use
WEP EncryptionWEP Encryption
802.11-Level of data confidentiality is 802.11-Level of data confidentiality is equivalent to a wired networkequivalent to a wired network
Use-RC4 symmetrical stream Use-RC4 symmetrical stream cipher(40-bit or 104-bit encryption cipher(40-bit or 104-bit encryption key)key)
WEP Encryption (Cont)WEP Encryption (Cont)
Provide data integrity from random Provide data integrity from random errors (Integrity Check Value)errors (Integrity Check Value)
The determination and distribution The determination and distribution of WEP keys are not defined text of WEP keys are not defined text string must be manually configuredstring must be manually configured
There is no defined mechanism to There is no defined mechanism to change the WEP keychange the WEP key
WEP Encryption (Cont)WEP Encryption (Cont)
All wireless APs and Clients use the All wireless APs and Clients use the same configured WEP key for multiple same configured WEP key for multiple connection and authentication-it is connection and authentication-it is possible for a malicious users to possible for a malicious users to remotely capture WEP cipher text- remotely capture WEP cipher text- problem of securityproblem of security
The lack of WEP key management – The lack of WEP key management – cause change in WEP key frequentlycause change in WEP key frequently
Security SummarySecurity Summary
The lack of automated authentication and The lack of automated authentication and key determination cause problems in key determination cause problems in shared communicationshared communication
WEP never be totally secure, and 802.11 WEP never be totally secure, and 802.11 security will not be secure eithersecurity will not be secure either
New versions of 802.11 is focus on new New versions of 802.11 is focus on new encryption, authentication and key encryption, authentication and key exchange algorithm for better securityexchange algorithm for better security
802.11 security is being investigated for 802.11 security is being investigated for better protection from all attacksbetter protection from all attacks
Questions?Questions?