Wireless LAN Chapter 6 PDF

Summary

This document provides an overview of wireless LAN technology, including its introduction, IEEE 802.11 protocol, transmission methods (microwave, spread spectrum, and infrared), architecture, and security aspects.

Full Transcript

Wireless LAN

CHAPTER - 6

WIRELESS LAN
The following essential topics for the chapter “Wireless LAN” are discussed here.

Introduction WLAN and Wi-Fi
IEEE 802.11 Protocol layer
Transmission Technology
○ Microwave Transmission
○ Spread Spectrum Transmission
○ Infrared Transmission
WLAN architecture
IEEE WLAN Application and Standards
○ Types of Wireless LAN
Wireless LAN security

6.0 Introduction
Wireless local area networks (WLANs) are the same as the traditional LAN but they have a
wireless interface. With the introduction of small portable devices such as PDAs (personal
digital assistants), the WLAN technology is becoming very popular. WLANs provide high speed
data communication in small areas such as a building or an office. It allows users to move
around in a confined area while they are still connected to the network.

Wi-Fi (Wireless Fidelity) and Access point
Wi-Fi belongs to wireless local area network (WLAN) devices. Wi-Fi is often used as a synonym
for IEEE 802.11 technology & it is also called as IP Radio. A Wi-Fi enabled device such as a
personal computer, video game console, mobile phone, MP3 player or personal digital assistant
can connect to the Internet when within range of a wireless network connected to the Internet.

Access points are specially configured nodes on wireless local area networks (WLANs). Access
points act as a central transmitter and receiver of WLAN radio signals. Access points used in
home or small business networks are generally small, dedicated hardware devices featuring a
built-in network adapter, antenna, and radio transmitter. Access points support Wi-Fi wireless
communication standards.

Wireless Application Protocol (WAP)
WAP defines network architecture for content delivery over wireless networks. WAP implements
several new networking protocols that perform functions similar to the well-known Web
protocols HTTP, TCP and SSL. WAP protocol suite is meant to enable global wireless
communication across different wireless technologies e.g. GSM, GPRS, UMTS and 3G.

IEEE 802.11 defines the physical layer (PHY) and MAC (Media Access Control) layers based
on CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance). This is in contrast to
Ethernet which uses CSMA-CD (Carrier Sense Multiple Access with Collision Detection). The
802.11 specification includes provisions designed to minimize collisions, because two mobile
units may both be in range of a common access point, but out of range of each other.

IRISET 89 TA2 – Data Communication & Networking
Wireless LAN

6.1 IEEE 802.11 layered protocol architecture

The 802.11 standard defines layered protocol architecture to implement the services as given
below.

Association: Establishes an initial association between a station and an access point.
Re-association: Enables an established association to be transferred from one access point
to another, allowing a mobile station to move
Dis-association: A notification from either a station or an access point that an existing
association is terminated
Authentication: Used to establish the identity of station to each other
Privacy: used to prevent the content of message from being read by other than the intended
recipient. The standard provides for the optional use of encryption to assure privacy.

Network remains an important issue for WLANs. Authentication is done by the following
identifiers.

6.1.1Service set identifier (SSID):

It is a name that identifies a particular 802.11 wireless LAN. A client device receives broadcast
messages from all access points within range advertising their SSIDs. The client device can
then either manually or automatically—based on configuration—select the network with which to
associate. The SSID can be up to 32 characters long. As the SSID displays to users, it normally
consists of human-readable characters. However, the standard does not require this. The SSID
is defined as a sequence of 1–32 octets each of which may take any value.

It is legitimate for multiple access points to share the same SSID if they provide access to the
same network as part of an extended service set

6.1.2 Basic service set identifier (BSSID)

A related field is the BSSID or Basic Service Set Identifier, which uniquely identifies each BSS
(the SSID however, can be used in multiple, possibly overlapping, BSSs). In an infrastructure
BSS, the BSSID is the MAC address of the wireless access point (WAP). In an IBSS, the BSSID
is a locally administered MAC address generated from a 48-bit random number. The
individual/group bit of the address is set to 0. The universal/local bit of the address is set to 1.

A BSSID with a value of all 1s is used to indicate the broadcast BSSID. A broadcast BSSID may
only be used during probe requests.

6.2 Transmission Technology

There are three main ways by which WLANs transmit information: microwave, spread spectrum
and infrared.

Microwave Transmission: Motorola's WLAN product transmits data by using low powered
microwave radio signals. It operates at the 18GHz frequency band.

Spread Spectrum Transmission: With this transmission technology, there are two methods
used by wireless LAN products : frequency hopping and direct sequence modulation.

IRISET 90 TA2 – Data Communication & Networking
Wireless LAN

Frequency Hopping: The signal jumps from one frequency to another within a given
frequency range. The transmitter device "listens" to a channel, if it detects an idle time (i.e.
no signal is transmitted), it transmits the data using the full channel bandwidth. If the
channel is full, it "hops" to another channel and repeats the process. The transmitter and
the receiver "jump" in the same manner.

Direct Sequence Modulation: This method uses a wide frequency band together with
Code Division Multiple Access (CDMA). Signals from different units are transmitted at a
given frequency range. The power levels of these signals are very low (just above
background noise). A code is transmitted with each signal so that the receiver can identify
the appropriate signal transmitted by the sender unit.

The frequency at which such signals are transmitted is called the ISM (industrial, scientific and
medical) band. This frequency band is reserved for ISM devices. The ISM band has three
frequency ranges: 902-928, 2400-2483.5 and 5725-5850 MHz.

Infrared Transmission: This method uses infrared light to carry information. There are three
types of infrared transmission: diffused, directed and directed point-to-point.

Diffused: The infrared light transmitted by the sender unit fills the area (e.g. office).
Therefore the receiver unit located anywhere in that area can receive the signal.

Directed: The infrared light is focused before transmitting the signal. This method
increases the transmission speed.

Directed point-to-point: Directed point-to-point infrared transmission provides the highest
transmission speed. Here the receiver is aligned with the sender unit. The infrared light is
then transmitted directly to the receiver.

6.3 WLAN Architecture
The components of an IEEE 802.11 architecture are WLAN Stations (STA) & Access Point (AP)
as building blocks.

WLAN Stations (STA)
- Locate & connect to access points to reach network resources.
- Identified by an IEEE 48-bit data link control address
Access Point (AP)
- Connect WLAN stations to the wired or “Distribution” network
- Bridges frames to / from WLAN and Distribution network
- Identifies by 48-bit data link control address
- Range at which stations can communicate with AP is the Basic Service Area

When two or more stations come together to communicate with each other, they form a Basic
Service Set (BSS). The minimum BSS consists of two stations. 802.11 LANs use the BSS as the
standard building block.

A BSS that stands alone and is not connected to a base is called an Independent Basic Service
Set (IBSS) or is referred to as an Ad-Hoc Network. When BSS's are interconnected the network
becomes one with infrastructure. 802.11 infrastructure has several elements. Two or more
BSS's are interconnected using a Distribution System or DS. This concept of DS increases
network coverage. Creating large and complex networks using BSS's and DS's leads us to the
next level of hierarchy, the Extended Service Set or ESS. Service sets are discussed below.

IRISET 91 TA2 – Data Communication & Networking
Wireless LAN

6.3.1 Independent Basic Services Set (IBSS) / Ad hoc network

A single BSS can be used to form an ad hoc network, with 802.11 it is possible to create an ad-
hoc network of client devices without a controlling Access Point as shown in fig 6.1 below called
an Independent Basic Service Set (IBSS), in such case the SSID is chosen by the client device
that starts the network, and broadcasting of the SSID is performed in a pseudo-random order by
all devices that are members of the network. An ad-hoc network typically temporary in nature.
They can be formed spontaneously anywhere and be dis-band after a limited period of time.An
IBSS is a set of STAs configured in ad hoc (peer-to-peer)mode.

6.3.2 Basic Service Set (BSS):

It is the basic building block of the IEEE 802.11 architecture. A BSS is defined as a group of
stations that co-ordinate their access to the medium under a given instance of the medium
access control as shown in fig 6.1 below.

The geographical area covered by the BSS is known as the basic service area (BSA). A BSA
may extend over an area with the diameter of tens of meters. Conceptually all the stations in a
BSS can communicate directly with all other stations in a BSS.

Fig. 6.1 Typical IBSS & BSS setup

It consists of BSS Master & BSS Client

i. BSS Master
Access point connected to a wired LAN
802.11 functionality provided by the access point
Acts as a gateway between the wireless clients and the wired network
Clients on the WLAN communicate with one another through the access point
BSS is identified by the Service Set Identity (SSID)
- Alphanumeric, 2-32 characters, case sensitive
- SSID appears in beacons, probe requests and probe responses.
ii. BSS Clients
Wireless stations
Use the same SSID to connect to the BSS

IRISET 92 TA2 – Data Communication & Networking
Wireless LAN

6.3.3 Extended service set:

An Extended Service Set is a set of one or more interconnected BSSs and integrated local area
networks (LANs) as shown in fig 6.2 below that appear as a single BSS to the logical link control
layer at any station associated with one of those BSSs.The set of interconnected BSSs must
have a common service set identifier (SSID). They can work on the same channel, or work on
different channels to boost aggregate throughput. This is also termed as Bridging mode. The
beauty of the ESS is the entire network looks like an independent basic service set to the
Logical Link Control layer (LLC). This means that stations within the ESS can communicate
or even move between BSS′s transparently to the LLC.

Fig. 6.2 Typical ESS setup

Distribution system: A distribution system (DS) connects access points in an extended service
set. The concept of a DS can be used to increase network coverage through roaming between
cells. DS can be wired or wireless. Current wireless distribution systems are mostly based on
WDS or MESH protocols, though other systems are in use.

6.4 WLAN Applications and Standards

Wireless LANs have a great deal of applications. Modern implementations of WLANs range
from small in-home networks to large, campus-sized ones to completely mobile networks on
airplanes and trains.

Users can access the Internet from WLAN hotspots in restaurants, hotels, and now with
portable devices that connect to 3G or 4G networks. Often these types of public access points
require no registration or password to join the network. Others can be accessed once
registration has occurred and/or a fee is paid.Existing Wireless LAN infrastructures can also be
used to work as indoor positioning systems with no modification to the existing hardware.

6.4.1 WLAN standards

The IEEE Wireless LAN standards and their frequencies, bandwidths & performance are shown
in table 6.1.
IRISET 93 TA2 – Data Communication & Networking
Wireless LAN

Radio
Standards Bandwidth Performance
frequency
802.11 2.4 GHz 2 Mbps Too slow, now obsolete
802.11b 2.4GHz 11 Mbps In use, low cost
802.11a 5.0GHz 54 Mbps High cost, short range & easily obstructed
802.11g 2.4 GHz 54 Mbps Widely used, combination of all above
standards but costly
802.11n 2.4 GHz 108 Mbps Standards not yet finalized
802.11 h & j 2.4 GHz 1 – 3 Mbps Very short distance (approx. 10 mtrs), suitable for
(Blue tooth) handheld applications
802.16d 2.4 GHz 10 Mbps Long distance (approx. in Kilo Mtrs) ,known as
fixed Wimax
802.16e 2.4 GHz 10 Mbps Long distance (approx. in Kilo Mtrs), known as
mobile Wimax

Table 6.1 IEEE wireless LAN standards

6.5 Wireless LAN (WLANs) Security:
In wireless LANs security is a big concern because it uses a more open medium for
communication in comparison to wired LANs, wireless networks are less stable, due to
interference from other wire-less devices & networks. Whereas in wired LANs only authorized
systems are connected by extending a dedicated physical cable to gain the access to that
network.

In Wireless networks, Access Points (APs) create the hot spot areas (wireless coverage area).
The systems with appropriate wireless adopters of that hot spot area can gain access to those
network services, since there is no need of physical connection. This is a very serious security
problem in wireless network.

The administrator as well as the users of wireless networks to be very strict vigilant to take
appropriate precautions to prevent this serious problem of gaining unauthorized access to
wireless networks. Otherwise their data security is under serious threat.

Hence, the administrator as well users have to take the advance security precautions while
configuring their wireless networks.

There's no way to selectively hide the presence of your network from strangers, but you can
prevent unauthorized people from connecting to it, and you can protect the data traveling across
the network from prying eyes. By turning on a wireless network's encryption feature, you can
scramble the data and control access to the network.

Wireless network hardware supports several standard encryption schemes, but the most
common are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and Wi-Fi
Protected Access 2 (WPA2).

6.5.1 WEP
It is a security algorithm for IEEE 802.11 wireless networks; its intention is to provide data
confidentiality comparable to that of a traditional wired network. Although its name implies that it
is as secure as a wired connection, WEP has been demonstrated to have numerous flaws & it is
the oldest and least secure method and should be avoided. WPA and WPA2 are good choices,
but provide better protection when you use longer and more complex passwords (all devices on
a wireless network must use the same kind of encryption and be configured with the same
password).
IRISET 94 TA2 – Data Communication & Networking
Wireless LAN

Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols
and security certification programs developed by the Wi-Fi Alliance to secure wireless computer
networks.

6.5.2 WPA
The WPA protocol implements much of the IEEE 802.11i standard. Specifically, the Temporal
Key Integrity Protocol (TKIP) was adopted for WPA. WEP used a 40-bit or 104-bit encryption
key that must be manually entered on wireless access points and devices and does not change.
TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for
each packet and thus prevents the types of attacks that compromised WEP.

WPA also includes a message integrity check. This is designed to prevent an attacker from
capturing, altering and/or resending data packets. This replaces the cyclic redundancy check
(CRC) that was used by the WEP standard. CRC's main flaw was that it did not provide a
sufficiently strong data integrity guarantee for the packets it handled.

WPA uses a message integrity check algorithm called Michael to verify the integrity of the
packets. Michael is much stronger than a CRC, but not as strong as the algorithm used in
WPA2. Researchers have since discovered a flaw in WPA that relied on older weaknesses in
WEP and the limitations of Michael to retrieve the key stream from short packets to use for re-
injection and spoofing.

6.5.3 WPA2:
WPA2 has replaced WPA. WPA2, which requires testing and certification by the Wi-Fi Alliance,
implements the mandatory elements of IEEE 802.11i. In particular, it introduces CCMP, a new
AES-based encryption mode with strong security.

Unless you intend to provide public access to your wireless network — and put your business
data or your own personal data at risk — you should consider encryption mandatory.

6.6 Securing Access Points (APs):
6.6.1 Administrator prospective:
A wireless (Wi-Fi) administrator has to configure, the following on access points (APs).
❖ SSID (Service Set Identifier): APs broadcast their SSIDs to advertise themselves to the
wireless clients and the client can see a list of all available APs and decide which one to
join. Disabling SSID broadcasting makes APs harder to identify (invisible mode). This
measure is the first and the easiest step toward securing a wireless network.

❖ Default IP, Username and Password of AP: APs come with default IP numbers like
192.168.0.1 or 192.168.1.1, default username like admin or user and default password like
admin or user & sometimes without any password. Change the default IP and password
with longest possible password with combination of lower case, upper case, numerical and
special character and change it every month or so.

❖ DHCP service: In APs by default DHCP service will be enabled, with this any unauthorized
user coming in the vicinity of AP will get a valid IP address and can access the services. To
prevent unauthorized access it is advised to disable DHCP service.

IRISET 95 TA2 – Data Communication & Networking
Wireless LAN

❖ MAC Filtering: MAC is the unique hardware address of 48 bit usually embedded on the
NIC. This address is used by the systems to communicate each other with in that network.
Collect the list of MAC addresses of all authorized wireless systems and configuring the
MAC filtering (white table) thereby prevent unauthorized access.

❖ Encryption Protocols (WEP, WPA): For more advance security encryption protocols like
wired equivalent protocol (WEP) & Wi-Fi protected access (WPA) protocols are configured.
These protocols exchange the data in the encrypted form and there by prevent
unauthorized access.

❖ Firewall: Enabling firewall feature built in APs prevents hackers on the Internet from
getting access to local services

6.6.2 User prospective:
A wireless (Wi-Fi) user while using the services, the following security measures are to be taken
for data security.

❖ Public hotspots generally don't use any encryption protocols or any other security
measures; hence users are not advised to make important data transactions.

❖ Make sure it's a legitimate hotspot otherwise, user may be trapped by the fake public
hotspots like (SSID) “airport", can capture users' log-on information and other valuable
data.

❖ Verify PC's software firewall is turned on, and that Windows' file-sharing feature is off.

❖ While using wireless networks it is better not to do important bank transactions, credit card
transactions, confidential e-mail access or any other sensitive data transactions unless
you're sure you're on a secured network.

❖ Always turn off Wi-Fi service on your system when not in use, otherwise Hackers can use it
to create peer-to-peer Wi-Fi connections.

6.7 Wi-MAX (Worldwide Interoperability for Microwave Access):
Wi-MAX is a telecommunications technology that provides wireless transmission of data,
designed for long-range networking (spanning miles or kilometers) as opposed to local area
wireless networks, using a variety of transmission modes, from point-to-multipoint links to
portable and fully mobile internet access as shown in fig 6.3 The technology provides up to 10
Mbps broadband speed without the need for cables. The technology is based on the IEEE
802.16 standard (also called Broadband Wireless Access).

The name "WiMAX" was created by the WiMAX Forum, which was formed in June 2001 to
promote conformity and interoperability of the standard. The forum describes WiMAX as "a
standards-based technology enabling the delivery of last mile wireless broadband access as an
alternative to cable and DSL".

Wi-Max Standards & applications
 802.16-2004 is also known as 802.16d, which refers to the working party that has
developed that standard. It is sometimes referred to as "fixed WiMAX," since it has no
support for mobility.

IRISET 96 TA2 – Data Communication & Networking
Wireless LAN

 802.16e-2005, often abbreviated to 802.16e, is an amendment to 802.16-2004. It
introduced support for mobility, among other things and is therefore also known as "mobile
WiMAX".

Fig. 6.3 Typical Wi-Max setup

The bandwidth and range of WiMAX make it suitable for the following potential applications:

Connecting Wi-Fi hotspots to the Internet.
Providing a wireless alternative to cable and DSL for "last mile" broadband access.
Providing data, telecommunications and IPTV services.
Providing a source of Internet connectivity as part of a business continuity plan. That is, if a
business has both a fixed and a wireless Internet connection, especially from unrelated
providers, they are unlikely to be affected by the same service outage.
Providing portable connectivity.
WiMAX is a long range system, covering many kilometers that uses licensed or unlicensed
spectrum to deliver a point-to-point connection to the Internet.
Different 802.16 standards provide different types of access, from portable (similar to a
cordless phone) to fixed (an alternative to wired access, where the end user's wireless
termination point is fixed in location.)
Wi-Fi uses unlicensed spectrum to provide access to a network.
Wi-Fi is more popular in end user devices.
WiMAX and Wi-Fi have quite different quality of service (QoS) mechanisms:
 WiMAX uses a QoS mechanism based on connections between the base station and the
user device. Each connection is based on specific scheduling algorithms.
 Wi-Fi has a QoS mechanism similar to fixed Ethernet, where packets can receive
different priorities based on their tags. For example VoIP traffic may be given priority
over web browsing.
Wi-Fi runs on the Media Access Control's CSMA/CA protocol, which is connectionless and
contention based, whereas WiMAX runs a connection-oriented MAC.
Both 802.11 and 802.16 define Peer-to-Peer (P2P) and ad hoc networks, where an end
user communicates to users or servers on another Local Area Network (LAN) using its
access point or base station.

IRISET 97 TA2 – Data Communication & Networking