Document Details

SolicitousOklahomaCity

Uploaded by SolicitousOklahomaCity

null

Tags

wireless lan network protocols data communication technology

Summary

This document provides an overview of wireless LAN technology, including its introduction, IEEE 802.11 protocol, transmission methods (microwave, spread spectrum, and infrared), architecture, and security aspects.

Full Transcript

Wireless LAN CHAPTER - 6 WIRELESS LAN The following essential topics for the chapter “Wireless LAN” are discussed here. Introduction WLAN and Wi-Fi IEEE 802.11 Protocol layer Transmission Technology ○ Microwave...

Wireless LAN CHAPTER - 6 WIRELESS LAN The following essential topics for the chapter “Wireless LAN” are discussed here. Introduction WLAN and Wi-Fi IEEE 802.11 Protocol layer Transmission Technology ○ Microwave Transmission ○ Spread Spectrum Transmission ○ Infrared Transmission WLAN architecture IEEE WLAN Application and Standards ○ Types of Wireless LAN Wireless LAN security 6.0 Introduction Wireless local area networks (WLANs) are the same as the traditional LAN but they have a wireless interface. With the introduction of small portable devices such as PDAs (personal digital assistants), the WLAN technology is becoming very popular. WLANs provide high speed data communication in small areas such as a building or an office. It allows users to move around in a confined area while they are still connected to the network. Wi-Fi (Wireless Fidelity) and Access point Wi-Fi belongs to wireless local area network (WLAN) devices. Wi-Fi is often used as a synonym for IEEE 802.11 technology & it is also called as IP Radio. A Wi-Fi enabled device such as a personal computer, video game console, mobile phone, MP3 player or personal digital assistant can connect to the Internet when within range of a wireless network connected to the Internet. Access points are specially configured nodes on wireless local area networks (WLANs). Access points act as a central transmitter and receiver of WLAN radio signals. Access points used in home or small business networks are generally small, dedicated hardware devices featuring a built-in network adapter, antenna, and radio transmitter. Access points support Wi-Fi wireless communication standards. Wireless Application Protocol (WAP) WAP defines network architecture for content delivery over wireless networks. WAP implements several new networking protocols that perform functions similar to the well-known Web protocols HTTP, TCP and SSL. WAP protocol suite is meant to enable global wireless communication across different wireless technologies e.g. GSM, GPRS, UMTS and 3G. IEEE 802.11 defines the physical layer (PHY) and MAC (Media Access Control) layers based on CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance). This is in contrast to Ethernet which uses CSMA-CD (Carrier Sense Multiple Access with Collision Detection). The 802.11 specification includes provisions designed to minimize collisions, because two mobile units may both be in range of a common access point, but out of range of each other. IRISET 89 TA2 – Data Communication & Networking Wireless LAN 6.1 IEEE 802.11 layered protocol architecture The 802.11 standard defines layered protocol architecture to implement the services as given below. Association: Establishes an initial association between a station and an access point. Re-association: Enables an established association to be transferred from one access point to another, allowing a mobile station to move Dis-association: A notification from either a station or an access point that an existing association is terminated Authentication: Used to establish the identity of station to each other Privacy: used to prevent the content of message from being read by other than the intended recipient. The standard provides for the optional use of encryption to assure privacy. Network remains an important issue for WLANs. Authentication is done by the following identifiers. 6.1.1Service set identifier (SSID): It is a name that identifies a particular 802.11 wireless LAN. A client device receives broadcast messages from all access points within range advertising their SSIDs. The client device can then either manually or automatically—based on configuration—select the network with which to associate. The SSID can be up to 32 characters long. As the SSID displays to users, it normally consists of human-readable characters. However, the standard does not require this. The SSID is defined as a sequence of 1–32 octets each of which may take any value. It is legitimate for multiple access points to share the same SSID if they provide access to the same network as part of an extended service set 6.1.2 Basic service set identifier (BSSID) A related field is the BSSID or Basic Service Set Identifier, which uniquely identifies each BSS (the SSID however, can be used in multiple, possibly overlapping, BSSs). In an infrastructure BSS, the BSSID is the MAC address of the wireless access point (WAP). In an IBSS, the BSSID is a locally administered MAC address generated from a 48-bit random number. The individual/group bit of the address is set to 0. The universal/local bit of the address is set to 1. A BSSID with a value of all 1s is used to indicate the broadcast BSSID. A broadcast BSSID may only be used during probe requests. 6.2 Transmission Technology There are three main ways by which WLANs transmit information: microwave, spread spectrum and infrared. Microwave Transmission: Motorola's WLAN product transmits data by using low powered microwave radio signals. It operates at the 18GHz frequency band. Spread Spectrum Transmission: With this transmission technology, there are two methods used by wireless LAN products : frequency hopping and direct sequence modulation. IRISET 90 TA2 – Data Communication & Networking Wireless LAN Frequency Hopping: The signal jumps from one frequency to another within a given frequency range. The transmitter device "listens" to a channel, if it detects an idle time (i.e. no signal is transmitted), it transmits the data using the full channel bandwidth. If the channel is full, it "hops" to another channel and repeats the process. The transmitter and the receiver "jump" in the same manner. Direct Sequence Modulation: This method uses a wide frequency band together with Code Division Multiple Access (CDMA). Signals from different units are transmitted at a given frequency range. The power levels of these signals are very low (just above background noise). A code is transmitted with each signal so that the receiver can identify the appropriate signal transmitted by the sender unit. The frequency at which such signals are transmitted is called the ISM (industrial, scientific and medical) band. This frequency band is reserved for ISM devices. The ISM band has three frequency ranges: 902-928, 2400-2483.5 and 5725-5850 MHz. Infrared Transmission: This method uses infrared light to carry information. There are three types of infrared transmission: diffused, directed and directed point-to-point. Diffused: The infrared light transmitted by the sender unit fills the area (e.g. office). Therefore the receiver unit located anywhere in that area can receive the signal. Directed: The infrared light is focused before transmitting the signal. This method increases the transmission speed. Directed point-to-point: Directed point-to-point infrared transmission provides the highest transmission speed. Here the receiver is aligned with the sender unit. The infrared light is then transmitted directly to the receiver. 6.3 WLAN Architecture The components of an IEEE 802.11 architecture are WLAN Stations (STA) & Access Point (AP) as building blocks. WLAN Stations (STA) - Locate & connect to access points to reach network resources. - Identified by an IEEE 48-bit data link control address Access Point (AP) - Connect WLAN stations to the wired or “Distribution” network - Bridges frames to / from WLAN and Distribution network - Identifies by 48-bit data link control address - Range at which stations can communicate with AP is the Basic Service Area When two or more stations come together to communicate with each other, they form a Basic Service Set (BSS). The minimum BSS consists of two stations. 802.11 LANs use the BSS as the standard building block. A BSS that stands alone and is not connected to a base is called an Independent Basic Service Set (IBSS) or is referred to as an Ad-Hoc Network. When BSS's are interconnected the network becomes one with infrastructure. 802.11 infrastructure has several elements. Two or more BSS's are interconnected using a Distribution System or DS. This concept of DS increases network coverage. Creating large and complex networks using BSS's and DS's leads us to the next level of hierarchy, the Extended Service Set or ESS. Service sets are discussed below. IRISET 91 TA2 – Data Communication & Networking Wireless LAN 6.3.1 Independent Basic Services Set (IBSS) / Ad hoc network A single BSS can be used to form an ad hoc network, with 802.11 it is possible to create an ad- hoc network of client devices without a controlling Access Point as shown in fig 6.1 below called an Independent Basic Service Set (IBSS), in such case the SSID is chosen by the client device that starts the network, and broadcasting of the SSID is performed in a pseudo-random order by all devices that are members of the network. An ad-hoc network typically temporary in nature. They can be formed spontaneously anywhere and be dis-band after a limited period of time.An IBSS is a set of STAs configured in ad hoc (peer-to-peer)mode. 6.3.2 Basic Service Set (BSS): It is the basic building block of the IEEE 802.11 architecture. A BSS is defined as a group of stations that co-ordinate their access to the medium under a given instance of the medium access control as shown in fig 6.1 below. The geographical area covered by the BSS is known as the basic service area (BSA). A BSA may extend over an area with the diameter of tens of meters. Conceptually all the stations in a BSS can communicate directly with all other stations in a BSS. Fig. 6.1 Typical IBSS & BSS setup It consists of BSS Master & BSS Client i. BSS Master Access point connected to a wired LAN 802.11 functionality provided by the access point Acts as a gateway between the wireless clients and the wired network Clients on the WLAN communicate with one another through the access point BSS is identified by the Service Set Identity (SSID) - Alphanumeric, 2-32 characters, case sensitive - SSID appears in beacons, probe requests and probe responses. ii. BSS Clients Wireless stations Use the same SSID to connect to the BSS IRISET 92 TA2 – Data Communication & Networking Wireless LAN 6.3.3 Extended service set: An Extended Service Set is a set of one or more interconnected BSSs and integrated local area networks (LANs) as shown in fig 6.2 below that appear as a single BSS to the logical link control layer at any station associated with one of those BSSs.The set of interconnected BSSs must have a common service set identifier (SSID). They can work on the same channel, or work on different channels to boost aggregate throughput. This is also termed as Bridging mode. The beauty of the ESS is the entire network looks like an independent basic service set to the Logical Link Control layer (LLC). This means that stations within the ESS can communicate or even move between BSS′s transparently to the LLC. Fig. 6.2 Typical ESS setup Distribution system: A distribution system (DS) connects access points in an extended service set. The concept of a DS can be used to increase network coverage through roaming between cells. DS can be wired or wireless. Current wireless distribution systems are mostly based on WDS or MESH protocols, though other systems are in use. 6.4 WLAN Applications and Standards Wireless LANs have a great deal of applications. Modern implementations of WLANs range from small in-home networks to large, campus-sized ones to completely mobile networks on airplanes and trains. Users can access the Internet from WLAN hotspots in restaurants, hotels, and now with portable devices that connect to 3G or 4G networks. Often these types of public access points require no registration or password to join the network. Others can be accessed once registration has occurred and/or a fee is paid.Existing Wireless LAN infrastructures can also be used to work as indoor positioning systems with no modification to the existing hardware. 6.4.1 WLAN standards The IEEE Wireless LAN standards and their frequencies, bandwidths & performance are shown in table 6.1. IRISET 93 TA2 – Data Communication & Networking Wireless LAN Radio Standards Bandwidth Performance frequency 802.11 2.4 GHz 2 Mbps Too slow, now obsolete 802.11b 2.4GHz 11 Mbps In use, low cost 802.11a 5.0GHz 54 Mbps High cost, short range & easily obstructed 802.11g 2.4 GHz 54 Mbps Widely used, combination of all above standards but costly 802.11n 2.4 GHz 108 Mbps Standards not yet finalized 802.11 h & j 2.4 GHz 1 – 3 Mbps Very short distance (approx. 10 mtrs), suitable for (Blue tooth) handheld applications 802.16d 2.4 GHz 10 Mbps Long distance (approx. in Kilo Mtrs) ,known as fixed Wimax 802.16e 2.4 GHz 10 Mbps Long distance (approx. in Kilo Mtrs), known as mobile Wimax Table 6.1 IEEE wireless LAN standards 6.5 Wireless LAN (WLANs) Security: In wireless LANs security is a big concern because it uses a more open medium for communication in comparison to wired LANs, wireless networks are less stable, due to interference from other wire-less devices & networks. Whereas in wired LANs only authorized systems are connected by extending a dedicated physical cable to gain the access to that network. In Wireless networks, Access Points (APs) create the hot spot areas (wireless coverage area). The systems with appropriate wireless adopters of that hot spot area can gain access to those network services, since there is no need of physical connection. This is a very serious security problem in wireless network. The administrator as well as the users of wireless networks to be very strict vigilant to take appropriate precautions to prevent this serious problem of gaining unauthorized access to wireless networks. Otherwise their data security is under serious threat. Hence, the administrator as well users have to take the advance security precautions while configuring their wireless networks. There's no way to selectively hide the presence of your network from strangers, but you can prevent unauthorized people from connecting to it, and you can protect the data traveling across the network from prying eyes. By turning on a wireless network's encryption feature, you can scramble the data and control access to the network. Wireless network hardware supports several standard encryption schemes, but the most common are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and Wi-Fi Protected Access 2 (WPA2). 6.5.1 WEP It is a security algorithm for IEEE 802.11 wireless networks; its intention is to provide data confidentiality comparable to that of a traditional wired network. Although its name implies that it is as secure as a wired connection, WEP has been demonstrated to have numerous flaws & it is the oldest and least secure method and should be avoided. WPA and WPA2 are good choices, but provide better protection when you use longer and more complex passwords (all devices on a wireless network must use the same kind of encryption and be configured with the same password). IRISET 94 TA2 – Data Communication & Networking Wireless LAN Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. 6.5.2 WPA The WPA protocol implements much of the IEEE 802.11i standard. Specifically, the Temporal Key Integrity Protocol (TKIP) was adopted for WPA. WEP used a 40-bit or 104-bit encryption key that must be manually entered on wireless access points and devices and does not change. TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP. WPA also includes a message integrity check. This is designed to prevent an attacker from capturing, altering and/or resending data packets. This replaces the cyclic redundancy check (CRC) that was used by the WEP standard. CRC's main flaw was that it did not provide a sufficiently strong data integrity guarantee for the packets it handled. WPA uses a message integrity check algorithm called Michael to verify the integrity of the packets. Michael is much stronger than a CRC, but not as strong as the algorithm used in WPA2. Researchers have since discovered a flaw in WPA that relied on older weaknesses in WEP and the limitations of Michael to retrieve the key stream from short packets to use for re- injection and spoofing. 6.5.3 WPA2: WPA2 has replaced WPA. WPA2, which requires testing and certification by the Wi-Fi Alliance, implements the mandatory elements of IEEE 802.11i. In particular, it introduces CCMP, a new AES-based encryption mode with strong security. Unless you intend to provide public access to your wireless network — and put your business data or your own personal data at risk — you should consider encryption mandatory. 6.6 Securing Access Points (APs): 6.6.1 Administrator prospective: A wireless (Wi-Fi) administrator has to configure, the following on access points (APs). ❖ SSID (Service Set Identifier): APs broadcast their SSIDs to advertise themselves to the wireless clients and the client can see a list of all available APs and decide which one to join. Disabling SSID broadcasting makes APs harder to identify (invisible mode). This measure is the first and the easiest step toward securing a wireless network. ❖ Default IP, Username and Password of AP: APs come with default IP numbers like 192.168.0.1 or 192.168.1.1, default username like admin or user and default password like admin or user & sometimes without any password. Change the default IP and password with longest possible password with combination of lower case, upper case, numerical and special character and change it every month or so. ❖ DHCP service: In APs by default DHCP service will be enabled, with this any unauthorized user coming in the vicinity of AP will get a valid IP address and can access the services. To prevent unauthorized access it is advised to disable DHCP service. IRISET 95 TA2 – Data Communication & Networking Wireless LAN ❖ MAC Filtering: MAC is the unique hardware address of 48 bit usually embedded on the NIC. This address is used by the systems to communicate each other with in that network. Collect the list of MAC addresses of all authorized wireless systems and configuring the MAC filtering (white table) thereby prevent unauthorized access. ❖ Encryption Protocols (WEP, WPA): For more advance security encryption protocols like wired equivalent protocol (WEP) & Wi-Fi protected access (WPA) protocols are configured. These protocols exchange the data in the encrypted form and there by prevent unauthorized access. ❖ Firewall: Enabling firewall feature built in APs prevents hackers on the Internet from getting access to local services 6.6.2 User prospective: A wireless (Wi-Fi) user while using the services, the following security measures are to be taken for data security. ❖ Public hotspots generally don't use any encryption protocols or any other security measures; hence users are not advised to make important data transactions. ❖ Make sure it's a legitimate hotspot otherwise, user may be trapped by the fake public hotspots like (SSID) “airport", can capture users' log-on information and other valuable data. ❖ Verify PC's software firewall is turned on, and that Windows' file-sharing feature is off. ❖ While using wireless networks it is better not to do important bank transactions, credit card transactions, confidential e-mail access or any other sensitive data transactions unless you're sure you're on a secured network. ❖ Always turn off Wi-Fi service on your system when not in use, otherwise Hackers can use it to create peer-to-peer Wi-Fi connections. 6.7 Wi-MAX (Worldwide Interoperability for Microwave Access): Wi-MAX is a telecommunications technology that provides wireless transmission of data, designed for long-range networking (spanning miles or kilometers) as opposed to local area wireless networks, using a variety of transmission modes, from point-to-multipoint links to portable and fully mobile internet access as shown in fig 6.3 The technology provides up to 10 Mbps broadband speed without the need for cables. The technology is based on the IEEE 802.16 standard (also called Broadband Wireless Access). The name "WiMAX" was created by the WiMAX Forum, which was formed in June 2001 to promote conformity and interoperability of the standard. The forum describes WiMAX as "a standards-based technology enabling the delivery of last mile wireless broadband access as an alternative to cable and DSL". Wi-Max Standards & applications  802.16-2004 is also known as 802.16d, which refers to the working party that has developed that standard. It is sometimes referred to as "fixed WiMAX," since it has no support for mobility. IRISET 96 TA2 – Data Communication & Networking Wireless LAN  802.16e-2005, often abbreviated to 802.16e, is an amendment to 802.16-2004. It introduced support for mobility, among other things and is therefore also known as "mobile WiMAX". Fig. 6.3 Typical Wi-Max setup The bandwidth and range of WiMAX make it suitable for the following potential applications: Connecting Wi-Fi hotspots to the Internet. Providing a wireless alternative to cable and DSL for "last mile" broadband access. Providing data, telecommunications and IPTV services. Providing a source of Internet connectivity as part of a business continuity plan. That is, if a business has both a fixed and a wireless Internet connection, especially from unrelated providers, they are unlikely to be affected by the same service outage. Providing portable connectivity. WiMAX is a long range system, covering many kilometers that uses licensed or unlicensed spectrum to deliver a point-to-point connection to the Internet. Different 802.16 standards provide different types of access, from portable (similar to a cordless phone) to fixed (an alternative to wired access, where the end user's wireless termination point is fixed in location.) Wi-Fi uses unlicensed spectrum to provide access to a network. Wi-Fi is more popular in end user devices. WiMAX and Wi-Fi have quite different quality of service (QoS) mechanisms:  WiMAX uses a QoS mechanism based on connections between the base station and the user device. Each connection is based on specific scheduling algorithms.  Wi-Fi has a QoS mechanism similar to fixed Ethernet, where packets can receive different priorities based on their tags. For example VoIP traffic may be given priority over web browsing. Wi-Fi runs on the Media Access Control's CSMA/CA protocol, which is connectionless and contention based, whereas WiMAX runs a connection-oriented MAC. Both 802.11 and 802.16 define Peer-to-Peer (P2P) and ad hoc networks, where an end user communicates to users or servers on another Local Area Network (LAN) using its access point or base station. IRISET 97 TA2 – Data Communication & Networking

Use Quizgecko on...
Browser
Browser