The IEEE 802.

11 standard
Imad Aad INRIA, Planete team

INTech, May 31st, 2002

IEEE 802.11 p.1

Outline

WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security

IEEE 802.11 p.2

WLANs vs. Wired LANs

No wires Mobility

Scarse bandwidth (?) Multipath, pathloss, interference / noise

Obstacle 1 s1

BER

Tx s

s0

Rx s0 + s1 + s2 s2

Obstacle 2

IEEE 802.11 p.3

WLANs vs. Wired LANs

No wires Mobility

Scarse bandwidth (?) Multipath, pathloss, interference / noise

LOS =2 =2

BER

Average received power

Average received power

No LOS

1525 dB drop

=4

=46

Distance

Distance

IEEE 802.11 p.3

WLANs vs. Wired LANs

IEEE 802.11 p.3

WLANs vs. Wired LANs

No wires Mobility

The hidden node problem Scarse bandwidth (?) Multipath, pathloss, interference / noise Protection / Privacy BER

IEEE 802.11 p.3

WLANs vs. Wired LANs

IEEE 802.11 p.3

WLANs vs. Wired LANs

Application layer

Network layer LLC sublayer MAC sublayer PHY layer IEEE 802.2 IEEE 802.11 IEEE 802.3

IEEE 802.11 p.3

Outline
WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security

IEEE 802.11 p.4

History

1970s: ALOHA 1972: Slotted ALOHA

IEEE 802.11 p.5

History

1970s: ALOHA 1972: Slotted ALOHA 1975: Carrier Sense Multiple Access (CSMA) non persistent p-persistent

IEEE 802.11 p.6

History

1970s: ALOHA 1972: Slotted ALOHA 1975: Carrier Sense Multiple Access (CSMA) non persistent p-persistent CSMA with collision detections (CD): Ethernet (1976) CSMA w/ coll. avoidance (CA): IEEE 802.11 (1997)

IEEE 802.11 p.7

Outline
WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security

IEEE 802.11 p.8

Working modes

Ad-hoc mode vs. Infrastructure mode (IS) Independent BSS (IBSS), Basic Service Set (BSS), Extended Service Set (ESS)

IBSS
IEEE 802.11 p.9

Working modes

Ad-hoc mode vs. Infrastructure mode (IS) Independent BSS (IBSS), Basic Service Set (BSS), Extended Service Set (ESS)

Acess Point (AP)

BSS
IEEE 802.11 p.9

Working modes

Ad-hoc mode vs. Infrastructure mode (IS) Independent BSS (IBSS), Basic Service Set (BSS), Extended Service Set (ESS)

AP1

AP2 Distribution System (DS)

AP3

ESS Handoff on the MAC sub-layer

IEEE 802.11 p.9

Outline
WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security

IEEE 802.11 p.10

MAC sub-layer

DCF: Distributed Coordination Function (ad-hoc, IS modes) PCF: Polling Coordination Function (in IS mode, optional)

IEEE 802.11 p.11

MAC sub-layer

DCF: Distributed Coordination Function (ad-hoc, IS modes) - Basic machanism ( )

         

DIFS Data CW SIFS ACK DIFS

Time

Source (Tx) Destination (Tx) Other

Contention Window NAV

Defer access = NAV+DIFS

Backoff

IEEE 802.11 p.11

MAC sub-layer

DCF: Distributed Coordination Function (ad-hoc, IS modes) - The hidden node problem

IEEE 802.11 p.11

MAC sub-layer

DCF: Distributed Coordination Function (ad-hoc, IS modes) - RTS/CTS mechanism ( )

        

DIFS RTS SIFS CTS

SIFS Data SIFS ACK DIFS NAV (RTS) NAV (CTS) NAV (data) Defer access

Time

Source (Tx) Destination (Tx) Other

CW

Backoff

IEEE 802.11 p.11

MAC sub-layer

DCF: Distributed Coordination Function (ad-hoc, IS modes) - Fairness ? ... depends on scenario - QoS ? ... not yet ... wait for 802.11e

IEEE 802.11 p.11

MAC sub-layer

DCF: Distributed Coordination Function (ad-hoc, IS modes) PCF: Polling Coordination Function (in IS mode, optional)
CFP repetition interval CFP CP CFP repetition interval CFP CP

PCF

DCF

PCF

DCF

SIFS B D1+Poll U1+ACK PIFS SIFS

SIFS D2+ACK+Poll U2+ACK SIFS

SIFS D3+ACK+Poll

PIFS D4+Poll U4+ACK SIFS

SIFS CP CFEnd

IEEE 802.11 p.11

MAC sub-layer

Packet fragmentation
Fragment burst SIFS SIFS Fragment 0 SIFS SIFS Fragment 1 SIFS SIFS Fragment 2 Time DIFS

Src. (Tx) Dest. (Tx) Other

CW

ACK0

ACK1

ACK2

NAV (CTS) NAV (fragment 0)

NAV (fragment 1) NAV(fr.2)

Other

NAV (ACK0) NAV (ACK1)

IEEE 802.11 p.11

Outline
WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security

IEEE 802.11 p.12

The PHY layer (1997)

Application layer

Network layer LLC sublayer MAC sublayer PHY layer 3 PHY types: DSSS (most products) FHSS (less products) IR (unknown products)

IEEE 802.11 p.13

The PHY layer (1997)

the EM spectrum allocation
8 8 98 98 # Infrared
Gamma rays Visible X rays UV

2 2 32 32 #

4 4 54 54 #

6 6 76 76 #

@ @ A@ A@ #

1 KHz

1 MHz

1 GHz

1 THz

1 PHz

1 EHz

B B CB CB #

Freq.

(AM radio)

(SW radio)

(FM radio TV)

(TV Cell.)

LF

MF

HF

VHF

UHF

SHF

& & '& '& #

! ! "! "! #

$ $ %$ %$ #

( ( )( )( #

0 0 10 10 #

D D ED ED #

30 KHz

300 KHz

3 MHz

30 MHz

300 MHz

3 GHz

30 GHz

F F GF GF #
Freq.

ISM

UNII

H H IH H #

P P QP P #

T T UT T #

V V WV V #

X X YX X #

902 MHz

928 MHz

2.4 GHz

2.4835 GHz

5.725 GHz

5.785 GHz

R R SR R #
Freq.

Cordless phones Baby monitors (old) Wireless LANs

IEEE 802.11(b) Bluetooth Microwave ovens

IEEE 802.11a Hiperlan II

IEEE 802.11 p.13

The PHY layer (1997)

DSSS (Direct Sequence Spread Spectrum) FHSS (Freq. Hopping Spread Spectrum) IR (Infra Red)

IEEE 802.11 p.13

The PHY layer (1997)

DSSS: principle
1 bit period

Scrambled Data

mod2 adder Carrier modulator

10110111000

Periodic 11 Bit Barker code

01001000111

11 chips

Note: single code (11-chips) multiple access ? ... no security ? ... no

IEEE 802.11 p.13

The PHY layer (1997)

DSSS: principle
Transmitter baseband signal before spreading

1 bit period

Scrambled Data

mod2 adder Carrier modulator

10110111000

Periodic 11 Bit Barker code

01001000111

11 chips

Transmitter baseband signal after spreading

IEEE 802.11 p.13

The PHY layer (1997)

DSSS: principle
@ Transmitter
before spreading after spreading

@ Receiver
before despreading after despreading

narrowband interference

IEEE 802.11 p.13

The PHY layer (1997)

PSK (Phase Shift Keying)

Data x spreading code

time

S(t) = A sin ( 2 t + (t))

=0

IEEE 802.11 p.13

The PHY layer (1997)

DPSK (Differential PSK): no reference signal needed

Data x spreading code

time

S(t) = A sin ( 2 t + (t))

IEEE 802.11 p.13

The PHY layer (1997)

DSSS: modulation
DBPSK DQPSK 90 (11)
g hg hg hg g g

(0)
a` a` b

(1)
dc dc b

(00)
pi pi b

(01) 180
e fe fe b rq rq b

180

0 (10) 270
e f f

1 Mbps

2Mbps

IEEE 802.11 p.13

The PHY layer (1997)

DSSS: Spectrum @ modulator output

0dBr

30dBr 50dBr
fc 22MHz fc 11MHz fc fc + 11MHz fc + 22MHz

IEEE 802.11 p.13

The PHY layer (1997)

in France (few months ago): allowed channels

(ch.10) 2.457 MHz (ch.11) 2.462 MHz (ch12) 2.467 MHz (ch13) 2.472 MHz

IEEE 802.11 p.13

The PHY layer (1997)

in France (few months ago): maximum channel separation

(ch.10) 2.457 MHz

(ch13) 2.472 MHz

IEEE 802.11 p.13

The PHY layer (1997)

in Europe

(ch13) 2.472 MHz

(ch.1) 2.412 MHz

IEEE 802.11 p.13

The PHY layer (1997)

Transmission power GSM Typical Regulations 100 mW - 600 mW wave oven 0.2mW/ 1-5 mW/ @ 5cm
s tu

IEEE 802.11 6.3 mW 100 mW (Eur.)

tu

IEEE 802.11 p.13

The PHY layer (1997)

DSSS (Direct Sequence Spread Spectrum) FHSS (Frequency Hopping Spread Spectrum) IR (Infra Red)

IEEE 802.11 p.13

The PHY layer (1997)

FHSS Modulation: GFSK binary 0/1: (for 1 Mbps) 00, 01, 10, 11: (for 2 Mbps)
x y w x y w u

sequence = : tables : 3 sets

(France)

y w

Fast-FH vs. Slow-FH: min 2.5 hops/s Bluetooth interference ?... YES

IEEE 802.11 p.13

The PHY layer (1997)

DSSS (Direct Sequence Spread Spectrum) FHSS (Freq. Hopping Spread Spectrum) IR (Infra Red)

IEEE 802.11 p.13

The PHY layer (1997)

Infra Red (IR) Pulse Position Modulation (PPM) 1 Mbps: 4 data bits 2 Mbps: 2 data bits
4PPM symbol

16-PPM symbol 4-PPM symbol

Data bits

00 01 10 11

0001 0010 0100 1000

1 0 1 1

Data

ed

ed

gf

gf

Txed Pulse
IEEE 802.11 p.13

ed

ed

10000100

gf

gf

Outline
WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security

IEEE 802.11 p.14

PHY Extensions (1999)

IEEE 802.11b: 2.4 GHz. 1Mbps, 2Mbps, 5.5Mbps 11 Mbps. High Rate DSSS Modulation: (backward compatible)DBPSK, DQPSK Complementary Code Keying (CCK) + DQPSK, (opt.) Packet Binary Convolutional Coding (PBCC) + (BPSK,QPSK) Currently the most widely used one

IEEE 802.11 p.15

PHY Extensions (1999)

IEEE 802.11a: 5.7 GHz, 6 Mbps

54 Mbps!!

OFDM (Orthogonal Frequency Division Multiplexing) Principle: High-rate data is devided into several lower rate binary signals. Each low-rate signal modulates a different sub-carrier (48) Sub-carrier sets are orthogonal. Modulation: BPSK, QPSK, 16QAM and 64QAM FEC: Convolutional encoding needed (Viterbi) Close to Hiperlan 2 specs. coming soon
IEEE 802.11 p.15

PHY Extensions (1999)

Data In

Signal Mapper

S/P

Add virtual Carriers

IFFT

P/S

Add Pre/ Postfix

p(t)

Data Out

P/S

Equalizer/ Detector

Rem virtual Carriers

FFT

S/P

Rem Pre/ Postfix

Matched Filter

IEEE 802.11 p.15

Outline
WLANs vs. Wired LANs History Working modes MAC sub-layer The PHY layer (1997) The PHY Extensions (1999) Security

IEEE 802.11 p.16

Security

WEP (Wired Equivalent Privacy)

Key Key Original Plaintext

Plaintext

Encryption

Cyphertext

Decryption

Eavesdropper

IEEE 802.11 p.17

Security

WEP (Wired Equivalent Privacy)

IV Initialization Vector (IV) Secret Key WEP PRNG XOR Message Key Sequence

Seed

Ciphertext

Plaintext

Integrity Algo. Integrity Check Value (ICV)

IEEE 802.11 p.17

Security

WEP (Wired Equivalent Privacy) default keys / established keys 40-128 bit key Algorithm: RC4 (symmetric stream cypher) Cracking tools: WEPcrack, AirSnort: if 100MB-1GB of data can be gathered then one can guess the encryption password in less than a second!! Access control table ? ... inefcient Network ID ? ... inefcient
IEEE 802.11 p.17

Conclusion
it works! looks just like ethernet to higher layers no QoS support... yet. limited security management.

Planete team: http://www.inrialpes.fr/planete Imad AAD: imad.aad@inrialpes.fr

IEEE 802.11 p.18