Mobile Networks

Module B

WLAN Engineering Aspects

Prof. JP Hubaux

http://mobnet.epfl.ch
1

Reminder on frequencies and wavelenghts

twisted pair 1 Mm 300 Hz 10 km 30 kHz coax cable optical transmission

100 m 3 MHz

1m 300 MHz

10 mm 30 GHz

100 m 3 THz infrared

1 m 300 THz

VLF

LF

MF

HF

VHF

UHF

SHF

EHF

visible light UV

VLF = Very Low Frequency LF = Low Frequency MF = Medium Frequency HF = High Frequency VHF = Very High Frequency

UHF = Ultra High Frequency SHF = Super High Frequency EHF = Extra High Frequency UV = Ultraviolet Light

Frequency and wave length:

= c/f

wave length , speed of light c 3x108m/s, frequency f

2

Frequencies for mobile communication

VHF-/UHF-ranges for mobile radio

simple, small antenna for handset deterministic propagation characteristics, reliable connections

SHF and higher for directed radio links, satellite communication

small antenna large bandwidth available

Wireless LANs use frequencies in UHF to SHF spectrum

some systems planned up to EHF limitations due to absorption by water and oxygen molecules (resonance frequencies)

Weather-dependent fading, signal loss caused by heavy rainfall etc.

Frequency allocation

Mobile phones

Characteristics of Wireless LANs

Advantages
flexibility (almost) no wiring difficulties (e.g., historic buildings) more robust against disasters like, e.g., earthquakes, fire - or users pulling a plug...

Disadvantages
lower bitrate compared to wired networks (1-100 Mbit/s) More difficult to secure

Design goals for wireless LANs

low power no special permissions or licenses needed to use the LAN robust transmission technology easy to use for everyone, simple management protection of investment in wired networks (internetworking) Security, privacy, safety (low radiation) transparency concerning applications and higher layer protocols location awareness if necessary

Comparison: infrared vs. radio transmission

Infrared

Radio

uses IR diodes

Advantages
simple, cheap, available in many mobile devices no licenses needed simple shielding possible

typically using the license free ISM band at 2.4 GHz and 5 GHz coverage of larger areas possible (radio can penetrate walls, furniture etc.)

Advantages

Disadvantages
interference by sunlight, heat sources etc. many things shield or absorb IR light low bandwidth

Disadvantages
very limited license free frequency bands shielding more difficult, interference with other electrical devices more difficult to secure

Example

IrDA (Infrared Data Association) interface used to be available on many devices

Examples

IEEE 802.11, Bluetooth

Infrastructure vs. ad hoc networks

infrastructure network
AP AP wired network AP AP: Access Point

Ad hoc network

IEEE 802.11 - Architecture of an infrastructure network

802.11 LAN

Station (STA)
802.x LAN

terminal with access mechanisms to the wireless medium and radio contact to the access point group of stations using the same radio frequency station integrated into the wireless LAN and the distribution system bridge to other (wired) networks interconnection network to form one logical network (ESS: Extended Service Set) based on several BSS
9

STA1

BSS1 Access Point Portal

Basic Service Set (BSS)

Access Point

Distribution System ESS BSS2 Access Point

Portal

Distribution System

STA2

802.11 LAN

STA3

802.11 - Architecture of an ad-hoc network

802.11 LAN STA1 BSS1 STA3

Direct communication within a limited range

Station (STA): terminal with access mechanisms to the wireless medium Basic Service Set (BSS): group of stations using the same radio frequency

STA2

802.11 LAN BSS2 STA5 STA4

10

Interconnection of IEEE 802.11 with Ethernet

fixed terminal mobile station server infrastructure network access point

application TCP IP 802.11 MAC 802.11 PHY 802.11 MAC 802.11 PHY 802.3 MAC 802.3 PHY

application TCP IP 802.3 MAC 802.3 PHY

11

802.11 - Layers and functions

MAC

PLCP (Physical Layer Convergence Protocol)

access mechanisms, fragmentation, encryption synchronization, roaming, MIB, power management

clear channel assessment signal (carrier sense) modulation, coding channel selection, MIB coordination of all management functions

MAC Management

PMD (Physical Medium Dependent)

PHY Management

Station Management

IP MAC MAC Management PHY Management

PHY

PLCP

a Mnot a S i t

PMD

12

802.11 - Physical layer

3 versions: 2 radio: DSSS and FHSS (both typically at 2.4 GHz), 1 IR

data rates 1, 2, 5 or 11 Mbit/s

DSSS (Direct Sequence Spread Spectrum)

DBPSK modulation (Differential Binary Phase Shift Keying) or DQPSK (Differential Quadrature PSK) chipping sequence: +1, -1, +1, +1, -1, +1, +1, +1, -1, -1, -1 (Barker code) max. radiated power 1 W (USA), 100 mW (EU), min. 1mW

FHSS (Frequency Hopping Spread Spectrum)

spreading, despreading, signal strength min. 2.5 frequency hops/s, two-level GFSK modulation (Gaussian Frequency Shift Keying)

Infrared
850-950 nm, diffuse light, around 10 m range carrier detection, energy detection, synchronization

13

802.11 - MAC layer principles (1/2)

Traffic services

Asynchronous Data Service (mandatory)

exchange of data packets based on best-effort support of broadcast and multicast implemented using PCF (Point Coordination Function)

Time-Bounded Service (optional)

Access methods (called DFWMAC: Distributed Foundation Wireless MAC)

DCF CSMA/CA (mandatory)

collision avoidance via randomized back-off mechanism minimum distance between consecutive packets ACK packet for acknowledgements (not for broadcasts) avoids hidden terminal problem access point polls terminals according to a list

DCF with RTS/CTS (optional)

PCF (optional)

DCF: Distributed Coordination Function PCF: Point Coordination Function

14

802.11 - MAC layer principles (2/2)

Priorities
defined through different inter frame spaces no guaranteed, hard priorities SIFS (Short Inter Frame Spacing)

highest priority, for ACK, CTS, polling response medium priority, for time-bounded service using PCF lowest priority, for asynchronous data service

PIFS (PCF IFS)

DIFS (DCF, Distributed Coordination Function IFS)

DIFS medium busy

DIFS PIFS SIFS

contention

next frame t

direct access if medium is free DIFS Note : :IFS durations are specific to each PHY Note IFS durations are specific to each PHY

time slot
15

802.11 - CSMA/CA principles

DIFS medium busy direct access if medium has been free for at least DIFS

DIFS

contention window (randomized back-off mechanism) next frame t time slot

station ready to send starts sensing the medium (Carrier Sense based on CCA, Clear Channel Assessment) if the medium is free for the duration of an Inter-Frame Space (IFS), the station can start sending (IFS depends on service type) if the medium is busy, the station has to wait for a free IFS, then the station must additionally wait a random back-off time (collision avoidance, multiple of slot-time) if another station occupies the medium during the back-off time of the station, the back-off timer stops (to increase fairness)
16

802.11 CSMA/CA broadcast

= DIFS station1 station2 station3 station4 station5 boe bor busy boe busy boe busy (detection by upper layer) (detection by upper layer) DIFS boe boe bor busy DIFS boe bor DIFS boe busy

t Here St4 and St5 happen to have the same back-off time busy medium not idle (frame, ack etc.) packet arrival at MAC boe elapsed backoff time bor residual backoff time Note: broadcast is not acknowledged 17 Note: broadcast is not acknowledged

The size of the contention window can be adapted The size of the contention window can be adapted (if more collisions, then increase the size) (if more collisions, then increase the size)

802.11 - CSMA/CA unicast

Sending unicast packets
station has to wait for DIFS before sending data receiver acknowledges at once (after waiting for SIFS) if the packet was received correctly (CRC) automatic retransmission of data packets in case of transmission errors

DIFS sender receiver other stations

data SIFS ACK DIFS waiting time data t Contention window

18

The ACK is sent right at the end of SIFS The ACK is sent right at the end of SIFS (no contention) (no contention)

802.11 DCF with RTS/CTS

Sending unicast packets
station can send RTS with reservation parameter after waiting for DIFS (reservation determines amount of time the data packet needs the medium) acknowledgement via CTS after SIFS by receiver (if ready to receive) sender can now send data at once, acknowledgement via ACK other stations store medium reservations distributed via RTS and CTS

DIFS sender receiver

RTS SIFS CTS SIFS

data SIFS ACK

other stations

NAV (RTS) NAV (CTS) defer access

DIFS

data t

Contention window RTS/CTS can be present for RTS/CTS can be present for some packets and not for other some packets and not for other
19

NAV: Net Allocation Vector NAV: Net Allocation Vector

Fragmentation mode
DIFS sender receiver RTS SIFS CTS SIFS frag1 SIFS ACK1 SIFS frag2 SIFS ACK2

NAV (RTS) NAV (CTS) other stations

NAV (frag1) NAV (ACK1)

DIFS contention

data t

Fragmentation is used in case the size of the packets sent has to be reduced (e.g., to diminish the probability of erroneous frames) Each fragi (except the last one) also contains a duration (as RTS does), which determines the duration of the NAV By this mechanism, fragments are sent in a row In this example, there are only 2 fragments 20

802.11 Point Coordination Function (1/2)

t0 t1 medium busy PIFS D1 point SIFS coordinator wireless stations stations NAV SuperFrame SIFS SIFS SIFS U1 U2

D2

NAV contention free period

Purpose: provide a time-bounded service Not usable for ad hoc networks Di represents the polling of station i Ui represents transmission of data from station i
21

802.11 Point Coordination Function (2/2)

t2 D3 PIFS D4 SIFS U4 NAV contention free period SIFS CFend

t3

t4

point coordinator wireless stations stations NAV

contention period

In

this example, station 3 has no data to send

22

802.11 - MAC frame format

Types

control frames, management frames, data frames important against duplicated frames due to lost ACKs receiver, transmitter (physical), BSS identifier, sender (logical) sending time, checksum, frame control, data
2 6 6 6 2 6 Duration Address Address Address Sequence Address ID 1 2 3 Control 4 version, type, fragmentation, security, ... 0-2312 Data 4 CRC

Sequence numbers

Addresses

Miscellaneous

bytes

2 Frame Control

detection of duplication

23

MAC address format

scenario ad-hoc network infrastructure network, from AP infrastructure network, to AP infrastructure network, within DS to DS from DS 0 0 0 1 1 1 0 1 address 1 address 2 address 3 address 4 DA DA BSSID RA SA BSSID SA TA BSSID SA DA DA SA

DS: Distribution System AP: Access Point DA: Destination Address SA: Source Address BSSID: Basic Service Set Identifier - infrastructure BSS : MAC address of the Access Point - ad hoc BSS (IBSS): random number RA: Receiver Address TA: Transmitter Address
24

802.11 - MAC management

Synchronization

Purpose
for the physical layer (e.g., maintaining in sync the frequency hop sequence in the case of FHSS) for power management

Principle: beacons with time stamps

Power management
sleep-mode without missing a message periodic sleep, frame buffering, traffic measurements

Association/Reassociation
integration into a LAN roaming, i.e. change networks by changing access points scanning, i.e. active search for a network

MIB - Management Information Base

managing, read, write

25

Synchronization (infrastructure case)

beacon interval

access point medium

B busy busy

B busy B

B busy

t value of the timestamp beacon frame

The access point transmits the (quasi) periodic beacon signal The beacon contains a timestamp and other management information used for power management and roaming All other wireless nodes adjust their local timers to the timestamp

26

Synchronization (ad-hoc case)

beacon interval

station1 station2 medium

B1 B2 busy busy busy B beacon frame B2 busy

B1

value of the timestamp

t random delay (back-off)

Each node maintains its own synchronization timer and starts the transmission of a beacon frame after the beacon interval Contention back-off mechanism only 1 beacon wins All other stations adjust their internal clock according to the received beacon and suppress their beacon for the current cycle
27

Power management
Idea: switch the transceiver off if not needed States of a station: sleep and awake Timing Synchronization Function (TSF)

stations wake up at the same time Traffic Indication Map (TIM)

Infrastructure case

list of unicast receivers transmitted by AP list of broadcast/multicast receivers transmitted by AP

Delivery Traffic Indication Map (DTIM)

Ad-hoc case

Ad-hoc Traffic Indication Map (ATIM)

announcement of receivers by stations buffering frames more complicated - no central AP collision of ATIMs possible (scalability?)

28

Power saving (infrastructure case)

Here the access point announces data addressed to the station TIM interval DTIM interval

access point medium station

D B busy busy

T busy

d busy p d

D B

t T TIM D DTIM awake

broadcast/multicast

d data transmission to/from the station

29

p Power Saving poll: I am awake, please send the data

Power saving (ad-hoc case)

ATIM window

beacon interval

station1 station2

B1 B2 B2

B1

t B beacon frame awake random delay A transmit ATIM D transmit data

a acknowledge ATIM d acknowledge data

ATIM: Ad hoc Traffic Indication Map (a station announces the list of buffered frames) Potential problem: scalability (high number of collisions)
30

802.11 - Roaming
No or bad connection? Then perform: Scanning

scan the environment, i.e., listen into the medium for beacon signals or send probes into the medium and wait for an answer station sends a request to one or several AP(s)

Reassociation Request

Reassociation Response
success: AP has answered, station can now participate failure: continue scanning

AP accepts Reassociation Request

signal the new station to the distribution system the distribution system updates its data base (i.e., location information) typically, the distribution system now informs the old AP so it can release resources

31

Security of 802.11

WEP: Wired Equivalent Privacy Objectives:

Confidentiality Access control Data integrity

M Integrity checksum C(M) P= M C(M) IV

RC4

IV

RC4

P=

C(M)

Note: several security weaknesses have been identified and WEP should not be used anymore.

32

The new solution for 802.11 security: standard 802.1x

EAPOL (over Ethernet or 802.11) Encapsulated EAP, Typically on RADIUS

Supplicant

Authenticator

Authentication Server

EAP: Extensible Authentication Protocol (RFC 2284, 1998) EAPOL: EAP over LAN RADIUS: Remote authentication dial in user service (RFC 2138, 1997)

Features: - Supports a wide range of authentication schemes, thanks to the usage of EAP - One-way authentication - Optional encryption and data integrity
33

More on IEEE 802.1x

Example of authentication, using one-time passwords (OTP): Supplicant Authenticator
EAP-request/identity EAP-response/identiy (MYID) EAP-request/OTP, OTP challenge

Authentication server

EAP-response/OTP, OTPpassword

EAP-success

Authentication successfully completed

Port authorized

: exchange of EAPOL frame : exchange of EAP frames in a higher layer protocol (e.g., RADIUS) Notes : : Notes 1. Weaknesses have been found in 802.1x as well, but are corrected in the 1. Weaknesses have been found in 802.1x as well, but are corrected in the various implementations. various implementations. 2. New standard in the making : :IEEE 802.11i 2. New standard in the making IEEE 802.11i

34

IEEE 802.11 Standardization efforts

IEEE 802.11b

2.4 GHz band DSSS (Direct-sequence spread spectrum) Bitrates 1 11 Mbit/s

IEEE 802.11a

5 GHz band Based on OFDM (orthogonal frequency-division multiplexing) transmission rates up to 54 Mbit/s Coverage is not as good as in 802.11b

IEEE 802.11g

2.4 GHz band (same as 802.11b) Based on OFDM Bitrates up to 54Mb/s

IEEE 802.11n

MIMO (multiple-input multiple-output) 40MHz channel (instead of 20MHz) Can operate in the 5GHz or 2.4Ghz (risk of interference with other systems, however) Bitrates up to 600Mb/s Security, makes use of IEEE 802.1x For vehicular communications For mesh networks

IEEE 802.11i IEEE 802.11p IEEE 802.11s

35

Conclusion of Wireless LANs

IEEE 802.11
Very widespread Often considered as the system underlying larger scale ad hoc networks (although far from optimal, not designed for this purpose) Tremendous potential as a competitor of 3G cellular networks in hot spots

Bluetooth Security perceived as a major obstacle; initial solutions were flawed in both IEEE 802.11 (WEP) and Bluetooth Future developments

Ultra Wide Band?

36

References

J. Schiller: Mobile Communications, Addison-Wesley, Second Edition, 2004 Leon-Garcia & Widjaja: Communication Networks, McGrawHill, 2000 IEEE 802.11 standards, available at www.ieee.org www.bluetooth.com J. Edney and W. Arbaugh: Real 802.11 Security, Addison-Wesley, 2003

37

Ad Hoc On-Demand Distance Vector Routing (AODV)

Note: this and the following slides are provided here because AODV is used in the hands-on exercises. We will come back to this topic in a later module of the course.

38

AODV : Route discovery (1)

F Q A

R C N

I L

39

AODV : Route discovery (2)

F Q A

R C N

I L

: Route Request (RREQ)

Note: if one of the intermediate nodes (e.g., A) Note: if one of the intermediate nodes (e.g., A) 40 knows aaroute to D, it responds immediately to S knows route to D, it responds immediately to S

AODV : Route discovery (3)

F Q A

R C N

I L

: represents a link on the reverse path

41

AODV : Route discovery (4)

F Q A

R C N

I L

42

AODV : Route discovery (5)

F Q A

R C N

I L

43

AODV : Route discovery (6)

F Q A

R C N

I L

44

AODV : Route discovery (7)

F Q A

R C N

I L

45

AODV : Route reply and setup of the forward path

F Q A

R C N

I L

: Link over which the RREP is transmitted : Forward path

46

Route reply in AODV

In case it knows a path more recent than the one previously known to sender S, an intermediate node may also send a route reply (RREP) The freshness of a path is assessed by means of destination sequence numbers Both reverse and forward paths are purged at the expiration of appropriately chosen timeout intervals

47

AODV : Data delivery

F Q A Data

R C N

I L

The route is not included in the packet header The route is not included in the packet header

48

AODV : Route maintenance (1)

F Q A Data

X
I

R C N

M L

49

AODV : Route maintenance (2)

F Q A RERR(G-J) G

X
I

R C N

M L

When receiving the Route Error message (RERR), When receiving the Route Error message (RERR), S removes the broken link from its cache. S removes the broken link from its cache. 50 It then initializes aanew route discovery. It then initializes new route discovery.

AODV (unicast) : Conclusion

Nodes maintain routing information only for routes that are in active use Unused routes expire even when the topology does not change Each node maintains at most one next-hop per destination

51