What’s New in Wireless

Brad Noblet

10/3/2002

Where are we today?• 802.11 - A standard for propagating packet based

communication over a wireless medium between clients (computers, network appliances, etc.)– Founds its roots in Ethernet (802.3)– Replaces the physical and link layers with a more

“airworthy” equivalent– Allows the network (IP) and above layers to remain– Also known as Wi-Fi, coined by WECA

• Uses ISM bands (2.4GHz/5GHz)– No primary allocation– Power & modulation defined– Limited power (100mw)

What is 802.11?

• Data rates started at 1Mbps and have evolved to support up to 54Mbps

• Delivered by four main standards • 802.11

• 802.11a

• 802.11b

• 802.11g (not yet final)

• Supports seamless device roaming– Maintains client connections while mobile

• Dependent on network topology

Basic System Architecture

• Ad Hoc– Peer to peer communications between wireless clients– Clients must be within range of one another– Limited number of clients

• No external network connections

• Infrastructure– Clients “associate” with an Access Point or repeater to propagate

the signal to other wireless and wired clients and define service– Access Points (AP) also participate in handing off connections

between themselves as clients roam between APs providing seamless connectivity

– Many logical networks can share common physical channels• Service Set Identifier

Basic System Architecture

• Employs a signal sense/collision avoidance & enforcement scheme– Listen before talk– Random back-off before talk– Listen & enforce to neighbors

• Range varies from 300’ to 2000’ depending on geography– Supports wireless bridging up to 10 miles

Access Point• Essentially a repeater for clients

– Bridges clients between themselves and the AP’s wired backbone

• Keeps track of clients– Hands off nodes to other APs during roaming

• Provides a wired connection to the backbone• Provides security access/control mechanisms to

determine client connectivity boundaries• Provides antenna diversity to help with multi-path• Some allow AP power via Ethernet port

– Allows optimal mounting reducing cable loss to antenna

Client adapter

• Includes the radio, antenna and associated link layer access components to allow connection to an 802.11 network

• Packaged in many formats– PCMCIA (or Mini PC) adapters– ISA/PCI adapters– External USB and Ethernet converters

• Software drivers required to link the adapter to the OS logical I/O– 802.2 model

802.11 Wireless Appliances

• Wireless VOIP phones– Symbol

– SpectraLink

• Personal communicators– Vocera

Bridges & Gateways

• Wirelessly link wired or wireless network segments– Wireless linking up to 10 miles

• Provide another means for connecting wired networks to a wireless infrastructure

• Provide a translation mechanism to other mediums/networks

Antennas• ERP limited by the standard• Client antennas

– Typically omni (patches & verticals)• AP antennas

– Omni or sectored• Bridges/Gateways

– Yagi or parabolic• Reverse polarity connectors

– TNC & SMA• Bi-directional amplifiers

– Restore cable loss (about 0.5 watts)

802.11b

• Direct Sequence SS (HR/DSSS)• 14 channels worldwide, 11 allocated in US

– Roughly 2400 MHz to 2450 MHz

• 11Mbps data rate– Rate degrades as conditions deteriorate– Actual throughput varies between manufacturer

implementations• Cisco & OriNOCO (Lucent) the best at better than

4Mbps

802.11a

• Orthogonal Frequency Division Multiplexing (OFDM)

• 8 channels, 20 MHz wide available in the US– 4 channels @ 5150 MHz to 5350 Mhz– 4 channels @ 5725 MHz to 5825 MHz

• Data rates from 6 to 54 Mbps• Not well suited for portable/mobile use

– Increased power consumption– Antenna considerations– Better suited for linking

802.11g

• Orthogonal Frequency Division Multiplexing (OFDM)

• Operates in the same spectrum as 802.11b– Slated to co-exist with 802.11b

• Data rates up to 54 Mbps

• Standard not finalized

WEP

• Wired Equivalent Privacy– Wireless Eliminates Privacy!

• Uses RC4 cryptographic cipher• WEP systems around RC4 not robust

– Manual key management open to attack– 40 bit keys to short– Re-use of key stream– Infrequent re-keying– Use of a CRC that’s not encrypted– AP spoofing

• WEP can degrade AP and client performance

802.1x

• Access control– Based on Extensible Authentication Protocol

(EAP) initially developed for PPP

• Comprised of challenges and responses between the client and a backend service such as Radius to provide client authentication

• Not interoperable today between vendors

Evolution of 802.11

• 802.11d– Study worldwide regulatory requirements to effect

worldwide interoperability

• 802.11e– Quality of Service (QOS) provisions for latency

sensitive applications such as streaming audio and video

• 802.11f– Standardize the Inter-Access Point Protocol (IAPP) to

allow roaming inside a multi-vendor AP deployed network

Evolution of 802.11

• 802.11h– Adds dynamic channel selection and transmit

power control for 802.11a• A European requirement

• 802.11i– Improved security, not well defined to date

Related Services

• Authentication– Bluesocket

• Class of Service, security across subnets

• Location dependent services– Newbury Networks

• Position enabled access & push services

• Total mobility– Cisco Mobile Access Router– Seamless connectivity while the mobile user roams

between infrastructures

Tools/Analysis• Ethereal

– Packet Network analyzer• Net Stumbler

– Wireless analyzer– Features similar to vendor supplied tools

• Kismet– Passive wireless sniffer– Mates well with the Sharp Zaurus PDA

• AirSnort– Wireless sniffer/decryption engine

• Kotz paper – A live study at Dartmouth– Over 500 APs installed, over 2000 users– http://www.cs.dartmouth.edu/reports/abstracts/TR2002-423/

Emerging Systems & Technology

Bluetooth – Personal Area Network

• Proposed by Ericsson as a replacement for wires to/from cell phones

• Emerging as a low cost alternative to 802.11– Lower speed (1Mbps)– 2.4 GHz

• Slow to gain acceptance– Momentum is rising

Converged Cellular/PCS Systems

• 3G systems– CDMA 2000– GSM/Edge– W-CDMA– UMTS

• Share voice bandwidth with data– Data rates up to 150Kbps

• Enabling new services– Personal location (Wherify)– IM appliances (Hiptop)

• 4G? – Flarion– All IP based– 1Mbps+ using only 1.25MHz of spectrum

Metropolitan Area Network Canopy

• TDMA system clocked from GPS– Each node given a transmission slot

• Efficient use of available system bandwidth• Roughly 3Mbps end user throughput• Micro-cell approach

– Range of 2-3 miles

• Wireless backhaul• Operates at 5GHz allowing co-location with in-

building 802.11b networks

Two-Way Systems

• ICOM D-Star

• Motorola APCO25

• Digital Wireless

Ultra-Wideband

• No more wires!

• Hundreds of MHz wide

• Many Mbps of bandwidth

• Utility for the home/office– Voice, data, entertainment

• Fostering a movement towards total spectrum deregulation

Wireless is Back!

• We are a mobile society

• Wireless (RF) is the only viable technology that allows total mobility regardless of location

Manufacturers - Equipment

• Equipment – APs, bridges/gateways, clients– Cisco (Aironet), OriNOCO/Agere (Lucent)– Linksys, Netgear, D-Link, Proxim, 3Com, SMC, ICOM, Sony

• Antennas– Pacific wireless– Radiall/Larsen– Cuschcraft– Homebrew – websites abound!– Most equipment mfgs offer antennas

• Bi-directional amps– HyperLink Technologies– SSB Electronics– RF Linx

References

• O’Reilly– http://safari.oreilly.com– Special thanks to Mike Loukides and O’Reilly for book donations

• Ethereal – Network analyzer– http://www.ethereal.com

• Net Stumbler – Wireless Analyzer– http://www.netstumbler.com

• Kismet – Passive wireless sniffer– http://www.kismetwireless.net

• AirSnort – Wireless sniffer/decryption engine– http://airsnort.shmoo.com

• Dartmouth study – David Kotz– http://www.cs.dartmouth.edu/reports/abstracts/TR2002-423/