Wi-Fi Technology

Agenda

Introduction Wi-Fi Technologies Wi-Fi Architecture Wi-Fi Network Elements How a Wi-Fi Network Works Wi-Fi Network Topologies Wi-Fi Configurations Applications of Wi-Fi Wi-Fi Security Advantages/ Disadvantages of Wi-Fi

Introduction

Wireless Technology is an alternative to Wired Technology, which is commonly used, for connecting devices in wireless mode. Wi-Fi (Wireless Fidelity) is a generic term that refers to the IEEE 802.11 communications standard for Wireless Local Area Networks (WLANs). Wi-Fi Network connect computers to each other, to the internet and to the wired network.

Topology of a Wireless Network

Point-to-point Point-to-multipoint Mesh Smart Antenna Arrays

Topology of a Wireless Network

Point-to-point
Usually very high speed and high capacity Requires a clear line of sight to tower Backbone, or backhaul connectivity Corporate/Business Class service

Topology of a Wireless Network

Point-to-multipoint

Similar technology to point-to-point network

Topology of a Wireless Network

Mesh Network
Distributed gateway devices Self healing network Uses multiple radios in tight formation Micro cell concept Relatively easy to deploy

Topology of a Wireless Network

Smart Antenna Arrays

High powered & directional Switched Array of multiple access points Better obstruction penetration, but still limited Good for covering large open, or semiopen environments Coverage from high vantage points usually works best

Unlicensed vs. Licensed

Unlicensed: Share spectrum (frequencies) with other users. Licensed: Spectrum (frequencies) are allocated to license holder by the FCC

Propagation Characteristics

900MHz

Multipath: High Foliage: Pine (Absorb Radiation) Multipath: Very High (Concrete, Brick, Steel) Foliage: Any Absorbs Radiation (water resonance) Multipath: Very High (Concrete, Brick, Steel, Foliage) Foliage: Limited Absorption

2.4GHz

5GHz

As you increase the frequency, the coverage area decreases but potential data rates increase.

Wireless Technologies

802.11a 802.11b (Wi-Fi) 802.11g (Wi-Fi) 802.11i (Security) 802.16 2004, e & f (WiMAX) Bluetooth (802.15) GSM (Global System for Mobile Communications) 3GSM

GPRS (General Packet Radio Service) CDMA (Code Division Multiple Access) CDMA2000 CDPD (Cellular Digital Packet Data) TDMA (Time Division Multiple Access) EvDO (Evolution Data Only)

802.11a/b/g (Wi-Fi)
802.11a 5 GHz 54 Mbps
Less interference, more bandwidth Not as widely implemented, shorter range

802.11b 2.4 GHz 11 Mbps

Best over-all coverage range Not as fast as other technologies

802.11g 2.4 GHz 54 Mbps

Faster than 802.11b and better range than 802.11a Less range than 802.11b

802.11n 100Mbps, still in draft

802.16 (WiMAX)

802.16d Also known as 802.16-2004

Point-to-multipoint only implementation Equipment available for Europe now, U.S. unlicensed band equipment expected 3Q 2005

802.16e Adds mobility

Still waiting IEEE final approval Equipment available in 2006??

802.20
1 Mbps Mobile speeds of 100mph Could compete with 3G cellular Licensed band use only

802.11i
Will provide improvements to WiFi security Still on the IEEE drawing board Will address security short comings in WEP Will add user authentication

Evolution Data Only (EvDO)

Available in Larger Metro Areas

Offered by Sprint, Verizon, Other 700Mbps

Supports Streaming Video Monthly bit-per-second (bps) and Byte Charges

bps (demand) Bytes (total data transferred in a time period)

Applications Categories

Provider Viewpoint- Services no longer structured around a connectivity technology or controlled by a single entity User Viewpoint- Process redesign that takes advantage of ubiquitous IP based connectivity access

The starting point in selecting the connectivity technology is understanding the new applications that are enabled and that will transform the way government conducts business. Focusing on the enabled applications allow choices to be driven by needs, not the technology.

Applications Enabled With Wireless Technologies

High-speed Internet Access Remote Access to Internal Data Network Workforce Mobility/Portability Voice over IP (VoIP) Telephony Remote Training

Public Safety Efficiency Enhancements

Mobile Data Terminals vs. Laptops

MDTs are slow, cumbersome, and allow limited data transmission Laptops connected to a mobile high-speed network allow much greater data transmission rates and throughput.

Public Safety Efficiency Enhancements

Applications for Fire and Ambulance Services

Fire trucks can download floor plans before arriving at the site of a fire Ambulances can access medical records en route to the hospital Ambulances can send patient information including vital signs to hospital before arrival

The Wi-Fi Technology

Wi-Fi Networks use Radio Technologies to transmit & receive data at high speed:

IEEE 802.11b IEEE 802.11a IEEE 802.11g

IEEE 802.11b

Appear in late 1999 Operates at 2.4GHz radio spectrum 11 Mbps (theoretical speed) - within 30 m Range 4-6 Mbps (actual speed) 100 -150 feet range Most popular, Least Expensive Interference from mobile phones and Bluetooth devices which can reduce the transmission speed.

IEEE 802.11a

Introduced in 2001 Operates at 5 GHz (less popular) 54 Mbps (theoretical speed) 15-20 Mbps (Actual speed) 50-75 feet range More expensive Not compatible with 802.11b

IEEE 802.11g

Introduced in 2003 Combine the feature of both standards (a,b) 100-150 feet range 54 Mbps Speed 2.4 GHz radio frequencies Compatible with b

802.11 Physical Layer

There are three sublayers in physical layer:

Direct Sequence Spread Spectrum (DSSS) Frequency Hoping Spread Spectrum (FHSS) Diffused Infrared (DFIR) - Wide angle

DSSS

Direct sequence signaling technique divides the 2.4 GHz band into 11 22-MHz channels. Adjacent channels overlap one another partially, with three of the 11 being completely non-overlapping. Data is sent across one of these 22 MHz channels without hopping to other channels.

IEEE 802.11 Data Link Layer

The data link layer consists of two sublayers :

Logical Link Control (LLC) Media Access Control (MAC).

802.11 uses the same 802.2 LLC and 48-bit addressing as other 802 LANs, allowing for very simple bridging from wireless to IEEE wired networks, but the MAC is unique to WLANs.

802.11 Media Access Control

Carrier Sense Medium Access with collision avoidance protocol (CSMA/CA)

Listen before talking Avoid collision by explicit Acknowledgement (ACK) Problem: additional overhead of ACK packets, so slow performance

Request to Send/Clear (RTS/CTS) protocol

to

Send

Solution for hidden node problem Problem: Adds additional overhead by temporarily reserving the medium, so used for large size packets only retransmission would be expensive

802.11 Media Access Control(cont.)

Power Management

MAC supports power conservation to extend the battery life of portable devices Power utilization modes Continuous Aware Mode

Radio is always on and drawing power

Radio is dozing with access point queuing any data for it The client radio will wake up periodically in time to receive regular beacon signals from the access point. The beacon includes information regarding which stations have traffic waiting for them The client awake on beacon notification and receive its data

Power Save Polling Mode

802.11 Media Access Control(cont.)

Fragmentation CRC checksum

Each pkt has a CRC checksum calculated and attached to ensure that the data was not corrupted in transit

Association & Roaming

Elements of a WI-FI Network

Access Point (AP) -

The AP is a wireless LAN transceiver or base station that can connect one or many wireless devices simultaneously to the Internet.

Wi-Fi cards -

They accept the wireless signal and relay information.They can be internal and external.(e.g PCMCIA Card for Laptop and PCI Card for Desktop PC)

Safeguards -

Firewalls and anti-virus software protect networks from uninvited users and keep information secure.

How a Wi-Fi Network Works

Basic concept is same as Walkie talkies. A Wi-Fi hotspot is created by installing an access point to an internet connection. An access point acts as a base station. When Wi-Fi enabled device encounters a hotspot the device can then connect to that network wirelessly. A single access point can support up to 30 users and can function within a range of 100 150 feet indoors and up to 300 feet outdoors. Many access points can be connected to each other via Ethernet cables to create a single large network.

Wi-Fi Network Topologies

AP-based topology (Infrastructure Mode) Peer-to-peer topology (Ad-hoc Mode) Point-to-multipoint bridge topology

AP-based topology

The client communicate through Access Point. BSA-RF coverage provided by an AP. ESA-It consists of 2 or more BSA. ESA cell includes 10-15% overlap to allow roaming.

Peer-to-peer topology

AP is not required. Client devices within a cell can communicate directly with each other. It is useful for setting up of a wireless network quickly and easily.

Point-to-multipoint bridge topology

This is used to connect a LAN in one building to a LANs in other buildings even if the buildings are miles apart.These conditions receive a clear line of sight between buildings. The line-of-sight range varies based on the type of wireless bridge and antenna used as well as the environmental conditions.

Wi-Fi Configurations

Wi-Fi Configurations

Wi-Fi Configurations

Wi-Fi Applications

Home Small Businesses or SOHO Large Corporations & Campuses Health Care Wireless ISP (WISP) Travellers

Wi-Fi Security Threats

Wireless technology doesnt remove any old security issues, but introduces new ones

Eavesdropping Man-in-the-middle attacks Denial of Service

Eavesdropping

Easy to perform, almost impossible to detect By default, everything is transmitted in clear text

Usernames, passwords, content ... No security offered by the transmission medium Network sniffers, protocol analysers . . . Password collectors

Different tools available on the internet

With the right equipment, its possible to eavesdrop traffic from few kilometers away

MITM Attack
1.

2.

3.

Attacker spoofes a disassociate message from the victim The victim starts to look for a new access point, and the attacker advertises his own AP on a different channel, using the real APs MAC address The attacker connects to the real AP using victims MAC address

Denial of Service

Attack on transmission frequecy used

Frequency jamming Not very technical, but works

Spoofed deauthentication / disassociation messages can target one specific user SYN Flooding

Attack on MAC layer

Attacks on higher layer protocol (TCP/IP protocol)

Wi-Fi Security
The requirements for Wi-Fi network security can be broken down into two primary components: Authentication

User Authentication Server Authentication

Privacy

Authentication

Keeping unauthorized users off the network User Authentication

Authentication Server is used Username and password Risk:

Data (username & password) send before secure channel established Prone to passive eavesdropping by attacker Establishing a encrypted channel before sending username and password

Solution

Authentication (cont..)

Server Authentication

Digital Certificate is used Validation of digital certificate occurs automatically within client software

Wi-Fi Security Techniques

Service Set Identifier (SSID) Wired Equivalent Privacy (WEP)

802.1X Access Control

Wireless Protected Access (WPA) IEEE 802.11i

Service Set Identifier (SSID)

SSID is used to identify an 802.11 network It can be pre-configured or advertised in beacon broadcast It is transmitted in clear text

Provide very little security

Wired Equivalent Privacy (WEP)

Provide same level of security as by wired network Original security solution offered by the IEEE 802.11 standard Uses RC4 encryption with pre-shared keys and 24 bit initialization vectors (IV) key schedule is generated by concatenating the shared secret key with a random generated 24-bit IV 32 bit ICV (Integrity check value) No. of bits in keyschedule is equal to sum of length of the plaintext and ICV

Wired Equivalent Privacy (WEP) (cont.)

64 bit preshared key-WEP 128 bit preshared key-WEP2 Encrypt data only between 802.11 stations.once it enters the wired side of the network (between access point) WEP is no longer valid Security Issue with WEP Short IV Static key Offers very little security at all

802.1x Access Control

Designed as a general purpose network access control mechanism

Not Wi-Fi specific

Authenticate each client connected to AP (for WLAN) or switch port (for Ethernet) Authentication is done with the RADIUS server, which tells the access point whether access to controlled ports should be allowed or not

AP forces the user into an unauthorized state user send an EAP start message AP return an EAP message requesting the users identity Identity send by user is then forwared to the authentication server by AP Authentication server authenticate user and return an accept or reject message back to the AP If accept message is return, the AP changes the clients state to authorized and normal traffic flows

802.1x Access Control

Wireless Protected Access (WPA)

WPA is a specification of standard based, interoperable security

enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN system.

User Authentication

802.1x EAP RC4, dynamic encryption keys (session based)

TKIP (Temporal Key Integrity Protocol) encryption

48 bit IV per packet key mixing function

Fixes all issues found from WEP

Ensures data integrity

Uses Message Integrity Code (MIC) Michael

Old hardware should be upgradeable to WPA

Wireless Protected Access (WPA)(cont.)

WPA comes in two flavors

WPA-PSK

use pre-shared key For SOHO environments Single master key used for all users For large organisation Most secure method Unique keys for each user Separate username & password for each user

WPA Enterprise

WPA and Security Threats

Data is encrypted

Protection against eavesdropping and man-in-themiddle attacks

Denial of Service

Attack based on fake massages can not be used. As a security precaution, if WPA equipment sees two packets with invalid MICs within a second, it disassociates all its clients, and stops all activity for a minute Only two packets a minute enough to completely stop a wireless network

802.11i

Provides standard for WLAN security Authentication

802.1x AES protocol is used

Data encryption

Secure fast handoff-This allow roaming between APs without requiring client to fully reauthenticate to every AP. Will require new hardware

Advantages

Mobility Ease of Installation Flexibility Cost Reliability Security Use unlicensed part of the radio spectrum Roaming Speed

Limitations

Interference Degradation in performance High power consumption Limited range