Electromagnetic Waves & Radio Frequency Basics

Questions and Answers

At what rate does an Access Point (AP) typically send out beacon frames?

• Every 1.024 seconds
• Every 10.24 seconds
• Every 10.24 milliseconds
• Every 102.4 milliseconds (correct)

What is the primary function of semi-directional antennas in wireless networking?

• To direct transmission and/or reception in one primary direction. (correct)
• To radiate signals equally in all directions.
• To create multiple signal paths for increased bandwidth.
• To concentrate signals into a narrow, highly focused beam.

Which of the following best describes the role of the Federal Communications Commission (FCC) in the context of wireless communication?

• It regulates the use of the wireless spectrum, specifying which frequency bands are available for particular uses. (correct)
• It manufactures antennas for signal transmission and reception.
• It provides guidelines for constructing homemade antennas for improved Wi-Fi reception.
• It develops new wireless communication technologies.

In Wi-Fi communication, what is indicated when signals are described as being 'in-phase'?

The signals are aligned and amplify each other through constructive interference. (A)

What is the significance of MIMO (Multiple-Input and Multiple-Output) antennas in modern wireless communication?

They increase the capacity of a link by using multiple antennas to exploit multipath propagation. (C)

Which of the following Wi-Fi standards operates exclusively in the 5 GHz band?

802.11a (D)

What distinguishes a broadcast frame from other types of frames in 802.11 wireless networks?

Broadcast frames have a destination MAC address set to 'all'. (B)

How does a wireless client use passive scanning to connect to a Wi-Fi network?

By listening for beacon frames broadcast by access points. (C)

What is the main purpose of the Key Derivation Function (KDF) in WPA2 Personal security?

To derive the PMK(Pairwise Master Key) from the passphrase (D)

Why is WPA3's SAE (Simultaneous Authentication of Equals) method considered more secure than WPA2's PSK (Pre-Shared Key) authentication?

SAE derives a unique PMK per session using public-key protocols, making it immune to offline dictionary attacks. (B)

What is the primary role of the 'Integrity Check Value' (ICV) in the context of wireless communication security?

To ensure that data has not been altered during transmission (B)

Why does measuring attenuation involve relative measurement rather than absolute measurement?

Attenuation is determined by referencing the loss from the transmitted signal, not by an absolute metric (D)

What is the range of frequencies, in GHz, are considered the Radio Frequency (RF) portion of the spectrum?

3 kHz to 300 GHz (D)

What determines what types of frames are sent between a wireless client and an Access Point?

The client's state in the connection process. (D)

What is the purpose of the four-way handshake in WPA2?

To secure the communication channel through key exchange and user authentication. (C)

Which of the following frame types is primarily involved in ensuring the reliable delivery of data in Wi-Fi communication?

Control Frames (D)

What is indicated by a negative dBm value in the context of Wi-Fi signal strength?

The signal strength is decreasing or attenuating (C)

In WPA2, what is the function of the Pairwise Transient Key (PTK)?

To encrypt and authenticate data frames, ensuring secure communication. (A)

What is the main benefit of using Extended Service Set (ESS) in larger wireless networks?

It configures seamless roaming, allowing client stations to move between access points without disrupting their connection. (C)

Why is it necessary for an Access Point (AP) to re-frame 802.11 frames as 802.3 Ethernet frames?

To ensure compatibility with wired networks and allow Wi-Fi frames to be forwarded onto the wired network (C)

In wireless communication, what does 'attenuation' refer to?

The weakening or loss of a signal's strength. (D)

What is the purpose of the Logical Link Layer (LLC) in the context of the 802.11 protocol stack?

To provide the data link layer used by other 802 protocols (A)

What is indicated by the decibel-milliwatts(dBm) number?

The signal strength for receivers (D)

What is the Wi-Fi Topology?

Service sets or ways of forming a WLAN (B)

What is the process for capture, or AKA sniffing used for?

To store a record of network traffic for purposes protocol analysis, troubleshooting, vulnerability assessment (C)

What can reflection from a metal do to Wi-Fi performance?

It can cause waves to interfere with each other, contributing to signal corruption or attenuation (D)

Why is encryption important?

It ensures that the contents of eavesdropped packets cannot be determined (A)

What is WEP?

A Wired Equivalent Protocol authentication and Encryption method introduced with the original 802.11 standard that has since been replaced (A)

Which of the following is true about Wi-Fi chipsets in relation to transmission and receiving?

They switch between transmitting and receiving data very quickly. (A)

What is the name of the wireless network name?

SSID (C)

What does the four-way handshake accomplish?

Both the Passkey check and PTK generation (D)

In wireless communication, what does the term 'half duplex' refer to?

A communication channel that requires one party to stop talking before the other can start (B)

What is the key aspect of a wireless device?

Ability to transmit and receive(TX//RX), has an antenna and operates under 802.11 protocol (A)

To improve reception and transmission, how is the wire inside a Wi-Fi AP antenna arranged?

It is coiled to improve reception/transmit (B)

What is required of a client for wireless communication to be considered "half duplex"?

It must only transmit WHILE/WHILE the other device is receiving (D)

Which of these can cause an RF signal to bend?

Diffraction or Refraction (D)

Which of these IEEE 802.11 standards provides the most bandwidth?

IEEE 802.11ac (C)

Flashcards

Radio Frequency Signaling

Wireless communication using electromagnetic waves of varying frequencies.

Wavelength

The distance between successive peaks of a wave.

Amplitude

The maximum displacement of a wave, indicating signal strength.

Phase

Measures the alignment between two waves, in degrees.

Attenuation

Weakening of a signal as it travels, affected by distance and environment.

Propagation

Describes how RF waves spread out from their point of transmission.

Reflection

Bouncing off an object causing signal travel in a different direction.

Scattering

Multiple reflections of a signal in different directions.

Diffraction

Bending of an RF signal around an object.

Refraction

The bending of an RF signal as it passes through a medium of different density.

Measuring Attenuation in dB

Measured in decibels (dB), relative loss from transmitted signal.

Antenna

Device for transmitting and receiving wireless signals using electromagnetic waves.

Antenna Receiving Sensitivity

Minimum signal strength an antenna can receive, measured in dBm.

Antenna Transmission Gain

How much an antenna concentrates or directs the signal.

Semi-directional antennas

Direct transmission/reception in one primary direction.

Highly Directional Antennas

Tightly focused transmission with high gain and narrow beam, used in point-to-point communication.

MIMO antennas

Increase the capacity of a link using multiple antennas to utilize multipath propagation.

Access Point

The “provider”; typically a router translating wired to wireless signals.

Endpoint

The client device that connects wirelessly to an access point.

Transmission Medium

Broadcasting at a certain frequency on the electromagnetic spectrum.

Wireless Devices

Must have radio card, antenna, and operate under 802.11 standards.

Half Duplex

One device transmits while the other receives.

Full Duplex

Devices can both transmit and receive simultaneously.

Simplex

One device transmits and the other only receives.

Wi-Fi bands

Frequencies of 2.4GHz and 5GHz used by Wi-Fi standards.

2.4GHz Channels

Multiple channels within the bandwidth that each standard defines.

Amplitude Modulation (AM)

Increase or decrease the wave's amplitude to represent data.

Frequency Modulation (FM)

Modify the wave's frequency to represent data.

Phase Modulation

Shift the wave's phase to represent data.

SSID

Name of a Wi-Fi network.

Basic Service Set (BSS)

A single access point connects multiple clients.

Extended Service Set (ESS)

Connects multiple access points to an Ethernet LAN.

Independent Basic Service Set (IBSS)

Client stations form peer-to-peer relationships without an access point.

Mesh Basic Service Set (MBSS)

Coverage over a larger area without connecting every AP to the wired network.

Association with an AP

Wi-Fi client joins a network.

Wifi Frame Types

Used for joining and leaving a network. Includes beacon, probe, and management frames.

Passive and Active Scanning

The process a wireless client uses to find a network by listening for or requesting APs.

What is capture

In networking, capturing a packets to examin data traffic on a network

Study Notes

• All wireless communications use electromagnetic (EM) waves.
• EM radiation exhibits both particle-like and wave-like characteristics; the particle is a photon.
• Frequency of an EM wave is measured in Hertz (Hz), which is cycles per second (1 Hz = 1 cycle/second).
• Radio Frequency (RF) portion of the spectrum lies between 3 kHz and 300 GHz and is commonly used for communication.
• Visible light has a frequency between 4 × 10^14 and 8 × 10^14 Hz.
• RF waves are generated by running an Alternating Current (AC) through a conductor and radiated out from an antenna.
• Antennas are used for both signal transmission and reception.
• In the US, the FCC regulates spectrum use, specifying usable frequency bands for applications
• Wavelength (λ) is the distance between successive peaks of a wave, measured in meters.
• Wavelength is inversely proportional to frequency; higher frequency means shorter wavelength.
• EM wavelength = speed of light / frequency.
• Amplitude of a wave is its maximum displacement, representing signal strength or power (measured in watts - W).
• For 2.4GHz Wi-Fi, a transmitting AP's "full power" is 100mW, while for 5GHz, it's 200mW.
• Client devices use lower power to save battery, like smartphones that may transmit at 15mW.
• Consumer microwave ovens use RF emissions at 2.45 GHz with approximately 1000W.
• AM radio towers may transmit with a power up to 50,000 watts.
• Phase measures how much the peaks of two waves at the same frequency are aligned.
• Phase is measured in degrees between 0 (fully in phase) and 180 (fully out of phase).
• In-phase signals amplify each other (constructive interference), while out-of-phase signals weaken (attenuate) each other (destructive interference).
• Attenuation is the weakening or loss of a signal.

Propagation and Attenuation

• How RF waves propagate affects signal quality and data transmission speed.
• Attenuation happens naturally over increased distance as the wave spreads out.
• Physical environment also affects attenuation; physical materials absorb and deflect the wave’s energy.
• Denser materials cause more attenuation, while conductive materials cause more interference.
• Absorption: materials may absorb a portion of the RF signal.
• A drywall weakens a 2.4GHz Wi-Fi signal to 1/2 its original power, while a brick wall weakens it to 1/16.
• Reflection: a wave may bounce off an object and travel in a different direction; metal objects, glass, and concrete can reflect waves.
• Reflection is a major cause of Wi-Fi performance degradation; reflected waves can cause attenuation or corruption.
• Scattering: multiple reflections in multiple directions.
• Refraction: passing through mediums of different density can bend an RF signal.
• Diffraction: bending of an RF signal around an object partially blocking it.

Measuring Attenuation in dB

• Wi-Fi signal power at the reception point is measured as loss or attenuation from the transmitted signal.
• Measurements are relative, not absolute.
• Power of Wi-Fi signals is measured in decibels (dB) on a base-10 logarithmic scale.
• Receivers are measured in dBm (decibel-milliwatts).
• Logarithm of a fraction is a negative number; all signal strength values will be negative.
• Every -10 dB represents a reduction of the absolute power in mW by 1/10.
• Example: a signal of -30dBm.
• The practical maximum of a received Wi-Fi signal is -30dBm; -110dBm is effectively no signal.

Antennas

• Antennas are essential for both sending and receiving wireless signals.
• An antenna acts as a receiver: electromagnetic waves of the RF signal induce an electrical current in the antenna.
• Sending an electrical current through the antenna produces RF waves.
• The same antenna can both transmit and receive signals.
• The shape of an antenna affects its signaling characteristics.
• Most common Wi-Fi antennas are omnidirectional, radiating equally in horizontal directions.
• Angle of signal An omnidirectional Wi-Fi antenna radiates 360 degrees on the horizontal plane and between 7 and 80 degrees on the vertical plane.
• Having multiple antennas tilted at different angles can increase the coverage.
• Antenna in a laptop or mobile device is a wire loop that goes behind the screen, oriented vertically for better signal quality.
• Antenna Receiving Sensitivity: the minimum strength of the signal it can receive, in dBm. Typical consumer Wi-Fi products have an antenna sensitivity of around -90dBm.
• Antenna Transmission Gain: how much an antenna directs the signal; higher gain means a flatter radiation pattern.
• Gain is measured using a decibel scale (dBi, or decibels relative to isotropic).
• Standard Wi-Fi Antenna Gain Semi-directional antennas direct transmission/reception in one primary direction, with very little on the sides or back
• Sectional antennas radiate in a "pie slice” pattern and are used on towers.
• Highly Directional Antennas are tightly focused, with high gain and a narrow beam, for point-to-point communications.
• People can construct their own antennas and these are often directional and specifically pointed toward a source.
• MIMO Antennas increase capacity of a link using multiple transmission/receiving antennas to exploit multipath propagation.
• Multiple antennas detect signals from different directions and use signal processing to reconstruct weaker signals.

802.11 Basics

• Access Point: The wireless network “provider," translates wired network traffic into wireless signals and vice versa.
• Endpoint: The client device connecting wirelessly to an access point.
• Transmission Medium: The channel created by broadcasting at a frequency band on the electromagnetic spectrum.
• Wireless Devices must have a radio card/integrated transmit (TX) and Receive (RX), contains antenna/operates under 802.11 protocol standards.
• Half Duplex: Wi-Fi transmitters transmit or receive (TX/RX) but not at the same time.
• Simplex: One device only transmits, the other only receives, like a radio station.
• Full Duplex: Devices can both transmit and receive simultaneously, like Ethernet.
• Wi-Fi bands use 2.4GHz and 5GHz; higher frequency means higher data transmission rate but a shorter range.

Wi-Fi standards

• IEEE ratified all the the Wi-Fi standards.
• 802.11a (1999): 5 GHz, 1.5-54 Mbps
• 802.11b (1999): 2.4 GHz, 11 Mbps (first widely adopted standard)
• 802.11g (2003): 2.4 GHz, up to 54 Mbps, backward compatible with 802.11b
• 802.11n (Wi-Fi 4) (2009): 2.4 & 5 GHz, up to 600 Mbps, better range/throughput with MIMO and 64QAM modulation
• 802.11ac (Wi-Fi 5) (2013): extension of 802.11n in 5 GHz, 256QAM modulation, improved MIMO and wider channels, 6.9 Gbps max data rate
• 802.11ax (Wi-Fi 6) (2019, 2020): 9.6 Gbps max speed (multiple channels), 6GHz channels added from 2020 Addendum.
• Wi-Fi High Efficiency (HE): Improvements to throughout in high-density areas and allows more clients to transmit and receive at the same time.

2.4 GHz Channels

• The 2.4GHz range has 11 allowed channels in the US, and 13 in other countries.
• Channels vary in width (range of frequencies); 2.4Ghz channels overlap.
• Channels 1, 6, and 11 have no overlap and are frequently used.
• Multiple networks can exist on the same/overlapping channels; protocols compensate.

5 GHz Wi-Fi Channels

• 5GHz Wi-Fi uses frequency ranges from U-NII bands (defined by the FCC).
• Base channel width: 20MHz; channel bonding widens this to 160MHz.
• Wi-Fi 6 expands into the U-NII-4 channels at 5.9GHz; channel numbers range from 36 to 177.

Modulation

• Newer Wi-Fi standards combine amplitude and phase modulation to encode more bits:
• AM (Amplitude Modulation): varies a wave's amplitude
• FM (Frequency Modulation): varies a wave's frequency
• Phase Modulation: shifts a wave's phase to encode data
• Quadrature Amplitude Modulation (ex: 64QAM, 256QAM)

Wi-Fi Network Topology Service Sets

• Primary goal is to create a local area network (WLAN).
• Connection to the internet is by an "upstream" wired connection.
• Wi-Fi network's name: SSID (“Service Set Identifier”).
• Types of service sets: Basic service set (BSS) Extended service set (ESS) Independent basic service set (IBSS) Mesh basic service set (MBSS)
• Basic Service Set (BSS) is the most common Wi-Fi topology; a single access point connects and associates with stations (operate in infrastructure mode).
• Extended Service Set (ESS) connects multiple access points to an Ethernet LAN with the same SSID, for seamless roaming.
• Independent Basic Service Set (IBSS) Requires no access point: client form peer-to-peer relationships.
• Mesh Basic Service Set (MBSS) covers a larger area without connecting every AP to the wired distribution service

The Wi-Fi standards define topologies

• Basic service set (BSS)
• Extended service set (ESS)
• Independent basic service set (IBSS)
• Mesh basic service set (MBSS)

Wi-Fi Protocols

• The 802.11 is considered primarily as a physical (Layer 1) protocol, since its primary goal is to transmit Layer 2 (Ethernet) frames.
• The 802.11 protocols specify their own data link layer, the Media Access Control (MAC) layer.
• This is considered a sublayer within Layer 2.
• The traditional Layer 2 used by all 802 protocols (such as Ethernet) is now called the Logical Link Layer (LLC).
• Unit of transmission is called a Frame.
• 802.11 MAC Addresses, like Ethernet, use MAC addresses to identify interfaces, and Ethernet frame goes in the body of the 802.11 MAC frame.
• 802.11 frames use up to 4 addresses: Source Address (SA) Destination Address (DA) Transmitter Address (TA) Receiver Address (RA) and BSSID.
• Three types of Wi-Fi frames: Data, Control, Management types.
• Data Frames: Carry actual data from higher-layer protocols
• Control Frames: Assist with the delivery of data frames (only contain header information)
• Management Frames: Used for joining and leaving the network

Control Frame Subtypes

• Beamforming Report Poll
• VHT/HE NDP Announcement
• Control Frame Extension
• Control wrapper
• Block ACK Request
• Block ACK
• PS-Poll
• RTS
• CTS
• ACK. Wi-Fi is a broadcast technology, so when most types of frames are received, the receiver responds with an ACK control frame.

Data Frame Subtypes

• Data
• Null (no data)
• QoS Data
• QoS Null (no data)
• Reserved.
• QOS Frames: contain an access category field that prioritizes delivery (Voice , Video , Best Effort, Background)
• 802.11 AC requires that all data frames be QOS data frames.

Management Frame Subtypes

• Association request
• Reassociation request
• Probe request
• Timing advertisement
• Beacon
• Disassociation
• Deauthentication
• Authentication
• Action
• Association response
• Reassociation response
• Probe response
• Reserved

Beacon Frames

• APs transmit beacons on the selected RF band and channel to advertise its presence and configuration
• AP transmits beacons at a rate of one every 102.4 milliseconds
• Clients only transmit beacons in ad-hoc mode

Client Network Connection

• (Passive and Active) is the first step to connecting to a Wi-Fi network is to become aware of its existence and parameters. A client in the scanning process is in State 1.
• In passive scanning, the wireless client simply listens for beacon frames from APs on multiple channels.
• With active scanning, the client proactively scans the network by sending out probe request frames, to be answered by a probe response from the AP. The probe response has the same information as a beacon.
• A probe request may be directed (intended for a single SSID) or null (intended to be answered by any APs that receive it.)
• Joining a Wi-Fi network is a two-step process: first authentication, then association with an Access Point
• (Open) Authentication:
• The client listens for Beacon frames that match a selected SSID and with compatible protocol versions (or, in active scanning, sends probe request frames.)
• The client sends an authentication request frame with sequence number 1 to an AP, setting the authentication to “open”.
• The AP responds with an authentication response frame with sequence number 2, also set to "open.” At this point the mobile station is authenticated but not yet associated.
• The Association Sequence to reach State 3 Client sends an association request frame to the AP.
• The request contains chosen encryption types if required.
• If the request matches the capabilities of the AP, the AP will create an Association ID for the mobile station and respond with an association response with a success message. / The client is now Successfully associated with the AP and data transfer/ encrypted.

Additional Notes on Client Connection

• To multiple APs at the same time: Speeds up the association process when moving between APs.
• Besides open authentication, shared-key authentication was sometimes used in conjunction with WEP security, to verify the password and set up encryption Disassociation and Deauthentication, The polite form of kicking off a client, in terms of client handshakes

802.11 Cryptographic Security

• The imperative for encryption in Wi-Fi, is because Broadcast data can also be intercepted and modified or forged outright. Thankfully, the constructs of cryptography can give us strong security even in this setting.
• The adoption of wireless technology has itself driven the development and adoption of strong encryption protocols.
• Security Goals of Wi-Fi Cryptography, Ensuring that only authorized users may associate and exchange data = May be per-user or (more commonly) with one pre-shared key for the whole network = Achieved by a challenge-response protocol in which the client proves it knows a key or passphrase. Data Privacy Ensuring that the contents of eavesdropped packets cannot be determined / Achieved by symmetric encryption algorithms;
• data is not sent as plaintext, but ciphertext Data Integrity: Ensuring that wireless frames cannot be forged or modified without detection , Achieved by message integrity methods such as checksums.

Wired Equivalent Protocol (WEP)

• WEP Authentication and Encryption method introduced with the original 802.11 standard.
• Not intended to be perfectly secure, but as secure as a physical ethernet connection, hence "wired equivalent” Significant weaknesses were discovered early on.
• strictly a legacy protocol; not to be deployed: We study it to learn concepts, and see its weaknesses and the dangers of designing ad hoc cryptographic protocols.
• Main components, Challenge-response protocol to authenticate users data frame encryption with RC4 and integrity with CRC32 WEP shared-key Authentication Review.
• *Recall that open authentication is really not authentication at all, but just a handshake, in the form of authentication request and response frames. In Shared-key authentication, a challenge-response sequence is used instead to verify that the client knows the network key.

WEP Concepts

• Encryption and decryption with a (symmetric key: involves encrypting a message with an encryption algorithm that uses a secret key
• Only those who know the key can decrypt a message encrypted with the same key= servers generate random challenges
• Client then has to encrypt/decrypt depending and then get verified.

WEP Details

Clients send authentication, send authentication frame to the AP.

• AP sends the string to the client.
• The encrypted sting is sent back to the client in the body of another authentication, after doing his work on the code= if challenge matches success
• Payload of all subsequent frames will be encrypted/checked after this.

The weaknesses:

The 40-bit key short and can be cracked. The IV vector used to protect the code is not long The system is based on CRC and can be cracked

Secure Wi-Fi Encryption and Authentication: WPA/WPA2/WPA3

• • Confidentiality (only for interred users! Authentication (identify users! Integrity (no modification allowed replan Protection (no replay of packets!
• WPA = set of new 802.lli security standard, without AES encryption (uses RC4 + TKIP
• WPA2 = mandatory for M devices after 2006, umplements all of the 802.1 standard (mandatory)
• WPA3 = ratified 2020, Removes legacy protocols (ke TKIP, provides the security property of forward secrecy WPA2 Personal Enterprise modes Enterprise

WPA3 Details

• The AP and clients use pre-shared keys
• WPA2 Authentication: After association request is done, a 4 way handshake Is done to verify keys. Data frames, with protocol type EAPOL (Extensible Authentication Protocol Over LAN).
• 4 way handshake is done along with key exchnage

Enterprise Mode of WPA2 Details

• Wi-Fi has the pre shared key.
• The AP computes all the keys. Clients send messages for authentication purposes.
• 256 bit psk is performed using a PBKDF2
• With WPA3, there is less interuption, WPA3 makes it more difficult to perform all the auth procedures.
• The details use dragonfly technology, the PMK is stored for users

Wi-Fi Details

• 802.1X is is an extensible authentication protocol
• 4 message types are used in the protocol for encryption and to check authentication
• The RADIUS protocol is used that provides security from dialup users
• PMK cannot be precomputed, requires an interactive session
• Imune to offline