department of: technology programs and customer service ... · • provides qos: allows...
TRANSCRIPT
Department of: technology programs and customer service
WiMAX Survey
1 WiMAX Introduction Pages (1-20)
2 WiMAX Architecture Pages (1-8)
3 WiMAX Standardization Pages (1-8)
4 PHY and MAC Layer Pages (1-38)
5 WiMAX Security Pages (1-40)
6 WiMAX Implementations Pages (1-13)
7 Future Outlook Pages (1-4)
8 Technical Aspects Pages (1-47)
Sub ‐ Sections WiMAX Survey
This document consists of 178 pages.
Chapter 1: WiMAX Introduction
TS09TEC09En 1
Chapter 1 WiMAX Introduction
Aim of study This chapter introduces coverage of WiMAX.
Contents Pages
1 Basic Terms and Ideas 2
2 Market Analysis 7
3 Physical Aspects 11
Chapter 1: WiMAX Introduction
TS09TEC09En 2
Chapter 1
WiMAX Introduction 1 Basic Terms and Ideas
BWA - Broadband Wireless Access
There are three main BWA technologies in the market:
• HSDPA (High Speed Downlink Packet Access).
• WiMAX (Worldwide Interoperability for Microwave Access).
• FLASH-OFDM (Fast Low-latency Access with Seamless Handoff – Orthogonal Frequency Division Multiplexing).
Wireless Technology Positioning
Fig. 1
Chapter 1: WiMAX Introduction
TS09TEC09En 3
1.1 What is WiMAX?
WiMAX: Worldwide Interoperability for Microwave Access
• A true MAN area coverage technology able to cover distances over several kilometers (typical cell diameters: < 7 km).
• WiMAX standard IEEE802.16: „Air Interface for Fixed Broadband Wireless Access Systems“.
• Radio system with point-to-multipoint architectures.
• Three frequency bands:
- 5.8 GHz
- 3.5 GHz
- 2.5 GHz
• The 802.16e standard will support moving users with a speed up to 120km/h.
• Standards-based technology for delivery of last mile wireless broadband access.
• Provides QoS: allows transmission realtime sensitive services like VoIP or IP-TV.
• An alternative to cable DSL („wireless DSL“).
• Provides wireless broadband connectivity without the need for line-of-sight, for the following user groups:
- Fixed.
- Nomadic or portable.
- Soon also mobile.
Chapter 1: WiMAX Introduction
TS09TEC09En 4
WiMAX – Evolution Phases (Phase 1)
Phase 1: WiMAX as fixed technology (based on IEEE 802.16-2004)
Fixed wireless can be used for high-throughput enterprise connections and
hotspot network backhaul.
Fig. 2
WiMAX – Evolution Phases (Phase 2)
Phase 2: WiMAX gets nomadic (placed on Subscriber Terminals)
Thus WiMAX will be available on ST linked to PC and to antenna.
Moreover, the antenna could be placed in the same desktop with PC and ST or
could be placed outdoor. In this model WiMAX will be applicable as
residential broadband deployment.
Chapter 1: WiMAX Introduction
TS09TEC09En 5
Fig. 3 WiMAX – Evolution Phases (Phase 3)
Phase 3: WiMAX gets mobile
Thus WiMAX (based on IEEE 802.16e) will be integrated into commercial
laptops, PDAs and mobile phones.
Roaming between WiMAX areas is another important issue.
Fig. 4
Chapter 1: WiMAX Introduction
TS09TEC09En 6
1.2 WiMAX Forum
• Wimax- Forum (www.wimaxforum.org) is responsible for:
- Marketing.
- Interoperability with other products.
• Non-profit organization.
• Was founded in April 2001
- In conjunction with IEEE 802.16 standard (10-66 GHz applications).
• Comprised of system manufacturers, component suppliers, software developers and carriers.
• Since 2005 more than 200 members (Intel, Fujitsu, Alvarion etc.).
• Planned for July 2005: testing and certification program
- WiMAX Forum Certified™: for Interoperability.
Network Definitions – Portable Network
Portable Network
“Nomadic or portable operation, synonymous with Metrozone is an
enhancement over basic fixed indoor/outdoor operation enabling access from
multiple network access points but without seamless mobility (roaming) “.
Network Definitions – Mobile Network
Mobile Network
“...supports low packet loss handoffs (handovers) and latencies to support
applications such as near top-quality VoIP or IP-TV. “.
Chapter 1: WiMAX Introduction
TS09TEC09En 7
2 Market Analysis
One View on the 802.16 Market
802.16 Fixed Indoor/ Outdoor Wireless Subscribers Forecast
Fig. 5
• Large variation between analysts forecasts.
• Upside for 802.16e (laptop integration) not captured. Another View on the BWA/802.16 Market
Fig. 6
Chapter 1: WiMAX Introduction
TS09TEC09En 8
• Frequency spectrum: 2.5 & 3.5 GHz spectrum represents biggest opportunity.
• Regional behavior: APAC (Asia Pacific) region biggest in 2006; followed by EMEA (Europe/Middle East/Africa) and NA (North America).
• Subscriber types: Majority of Subscribers are Residential and SOHO; followed by SMB (Small & Medium Business); Nomadic/Portable segment will start growing in 2006.
Time Horizon
Fig. 7
Overview Wireless Data Technologies
Fig. 8
Chapter 1: WiMAX Introduction
TS09TEC09En 9
LOS (Line of Sight) - Fresnel Zone
• Direct path from transmitter to receiver.
• Fresnel zone must be free of obstruction.
• Obstruction reduces signal strength.
• Fresnel clearance zone depends on frequency and distance.
Fig. 9
NLOS (Non Line of Sight)
• Signal reaches receiver through reflections and scattering.
• Multipath: signal consists of direct path, multiple reflections, scattered energy and diffracted propagation paths.
Chapter 1: WiMAX Introduction
TS09TEC09En 10
Fig. 10
LOS or NLOS?
• NLOS deployment, e.g. if antenna height restrictions.
• NLOS: reduced installation expenses; no site survey.
-> NLOS often preferred solution!
Fig. 11
Chapter 1: WiMAX Introduction
TS09TEC09En 11
3 Physical Aspects
Physical Aspects – 802.16 History
• Initially (802.16-2001) frequency spectrum was planned for 10 – 66 GHz
- In this area a LOS connection is requested because of physical properties of electromagnetic waves.
- ->not very flexible usage.
• 802.16a (later re-named as 802.16-2004) was extended to use spectrum from 2 GHz
- Allows NLOS implementations.
- Also appropriate for indoor applications (Laptops, PDAs).
• 802.16e should support mobility using spectrum < 6 GHz.
3.1 Frequencies
Modulation and Multiple Access
• WiMAX devices according to 802.16-2004 operate similar to existing WLAN technology: using Spread Spectrum technology.
• Based on OFDM (Orthogonal Frequency Division Multiplexing) using sub-carriers instead of broadband signal (also WiFi 802.11g).
• Allows saving of bandwidth through overlapping.
• Single sub-carriers use PSK (Phase Shift Keying) or QAM (Quadrature Amplitude Modulation).
• Separation between different subscribers based on TDMA.
• Separation between UL and DL based on FDD or TDD.
• Note: WLAN is using CSMA/CA access method.
TDMA Time Division Multiplexing Access
Chapter 1: WiMAX Introduction
TS09TEC09En 12
UL/DL Uplink/Downlink
FDD Frequency Division Duplex
TDD Time Division Duplex
CSMA/CA Carrier Sense Multiple Access/Collision Avoidance
Spectrum Bands
• Licensed 2.5 GHz (2.5 – 2.7 GHz)*.
• Licensed 3.5 GHz** (3.4 – 3.6 GHz; extension from 3.3 – 3.8 possible).
• License–Exempt 5 GHz (5.25 - 5.85 GHz).
- Especially interesting in underserved, low population density rural and remote markets.
- From 5.75 – 5.85 GHz many countries allow higher output power (4 W).
- For EU: 802.16h to harmonize frequency utilization.
* Especially used in Americas and South-East Asia
** Not used in U.S
2.5 GHz Spectrum
• Most European Countries: ISM-Band (2.4 – 2.5 GHz)
- Unlicensed frequency spectrum; no registration necessary.
- Also used for WLAN and others.
- very restricted transmit power: 100 Mw
-> Very restricted coverage.
- Not very interesting for economic use.
Chapter 1: WiMAX Introduction
TS09TEC09En 13
• Some countries (e.g. U.S.): licensed spectrum (2.5 – 2.7 GHz)
- Allows higher transmit power.
• Uses TDD for UL/DL separation.
ISM Industrial, Scientific and Medical
3.5 GHz Spectrum
• Licensed spectrum.
• Actually most interesting for European providers.
• Frequency allows stable NLOS connections.
• Higher transmit power allowed.
• Transmit power specified by national regulations authorities, e.g. RegTP in Germany.
• Draft for European recommendation (ECC-Recomm. 05):
- +13 dBW/MHz for Base Stations.
- +23 dBW/MHz for Subscriber Terminals.
Assuming a bandwidth of 3,5 MHz per channel (max. 20 MHz) this would
mean a max. Transmit power of 70(!)W for Base Stations and about 700(!!)W
for Subscriber Terminals.
3.5 GHz Spectrum – Example Austria
• Austria was ratifying in July 2004 (frequency independent) maximum transmit power of
- +18 dBW (= 63 W) for Subscriber Terminals.
- +35 dBW (=3,2 kW) for Base Station.
Chapter 1: WiMAX Introduction
TS09TEC09En 14
Note:
This on the first look, surprisingly high transmit powers are a result of the use
of directed antenna. Those allow an antenna gain of about 30 dBi, i.e. a factor
of 1000 (!). This value can only be reached with fixedly installed antenna.
• Alternative European Standard EN 301 021 and EN 301 080
- +35 dBm (= 3,1 W) for antenna output.
3.5 GHz Spectrum – Example Germany
• In Germany two frequency blocks can be used:
- 3410 – 3452 MHz.
42 MHz each block
- 3510 – 3552 MHz.
• Overall capacity:
84 MHz (e.g. 4 channels with 20 MHz each).
3.5 GHz Spectrum – Current Situation
Current Situation:
Subscriber Terminals (ST):
• Transmit power from 100 mW up to 4 W.
Base Stations (BS):
• Up to 40 W (antenna gain: 10-12 dBi; 10dBi = factor 10).
• Allows coverage up to 1 km.
Chapter 1: WiMAX Introduction
TS09TEC09En 15
Uses FDD and TDD (optional)
FDD Frequency Division Duplex
TDD Time Division Duplex
5 GHz Spectrum
• EU*: frequency range 5.1 – 5.8 GHz offers some license-exempt bands.
• Some used by WiFi (802.11a).
• Max. Transmit Power (Germany):
- 5.1 – 5.3 GHz: PTr,max. = 200 mW.
- 5.8 GHz**: PTr,max. = 1 W.
• Max. coverage: < 1 km
• Use of TDD
* EU: 802.16h to harmonize frequency utilization in license-exempt spectrum
** Frequency Band 5.75 – 5.85 GHz: many countries allow higher output
power (4 W)
3.2 Coverage of WiMAX
• Dependent on:
- External conditions (building geometry, building material, weather, etc.).
- Frequency (higher frequency = higher attenuation).
• LOS: up to 50 km.
• NLOS: up to 8 km.
Chapter 1: WiMAX Introduction
TS09TEC09En 16
Estimation of WiMAX Performance
LOS Line of Sight
NLOS Non Line of Sight
3.3 Data Rates
WiMAX Performance –Different Modulation Methods
Line of Sight
QPSK Quadrature Phase Shift Keying
QAM Quadrature Amplitude Modulation
Chapter 1: WiMAX Introduction
TS09TEC09En 17
Calculation of Free Field Damping D
D = 20 * log (4 * π * d / λ)
d Distance from the transmitter unit
λ Wavelength (= 0.12 m at 2.5 GHz)
Free Field Damping D for Different Distances
Wavelength λ = 0.12 m (2.5 GHz)
Chapter 1: WiMAX Introduction
TS09TEC09En 18
Indoor-Usage: Damping Properties of Building Materials
Radiation Characteristics of Omnidirectional Antenna
Fig. 12
Chapter 1: WiMAX Introduction
TS09TEC09En 19
Radiation Characteristics of Directed Antenna
Fig. 13
Interactions with other Devices
For the ISM-Band:
• WiFi IEEE 802.11 b,g.
• Microwave Ovens (ISM-Band).
• Cordless telephones (DECT: 1,9 GHz; Others: ISM-Band).
• Bluetooth (ISM-Band).
Avoid spatial and frequency-related overlaps!
ISM Industrial, Scientific & Medical
Chapter 1: WiMAX Introduction
TS09TEC09En 20
Health Risks from WiMAX Radiation
• Radiation power from WiMAX systems in comparison to other technologies:
- Outdoor use: typically approx. 3 W.
- Indoor use: TPC (Transmit Power Control).
• Power diminishes very quickly with increasing distance from the source (P ~ 1 / r²).
• No health damage observed yet.
Chapter 2: WiMAX Architecture
TS09TEC09En 1
Chapter 2 WiMAX Architecture
Aim of study This chapter introduces network architecture & components.
Contents Pages
1 Network Architecture 2
2 Components 3
Chapter 2: WiMAX Architecture
TS09TEC09En 2
Chapter 2
WiMAX Architecture
1 Network Architecture
WiMAX E2E Network Architecture Aspects – Basic principles and
requirements
• WiMAX end-to-end architecture framework shall be modular and flexible enough to include a broad range of flexible implementation and deployment options ranging from:
- Centralized or fully distributed or hybrid architectures.
- Cost effective small-scale to large-scale (sparse to dense radio coverage and capacity) deployments.
- Urban, suburban and rural radio propagation environments shall be accommodated.
- Licensed and/or licensed exempt frequency bands.
- Hierarchical, non-hierarchical or flat access topologies.
- Co-existence of fixed, nomadic, portable and mobile usage models.
• Architecture framework shall enable vendor-interoperability without reducing implementation flexibility and avoid over-specification.
WiMAX Network Architecture Business model
Fig.1
Chapter 2: WiMAX Architecture
TS09TEC09En 3
2 Components
WiMAX System Development
The simplest WiMAX based system consists of two parts:
• Base Station (BS), usually on a tower
- For the necessary over-the-air standards-compliant functionality.
- Beams high-speed Internet connections to homes and businesses in a radius of up to 50 km*.
Fig.2
*) theoretical maximum • Subscriber Station (SS)
- Receiver (box or PCMCIA card) and antenna.
Fig.3
Chapter 2: WiMAX Architecture
TS09TEC09En 4
2.1 Base Station (BS)
Base Station (BS) – Task Description
• 802.16 air interface handling (e.g. PHY, MAC, CS, Scheduler)
- Handover.
- Power control.
- Network entry (SS initialization).
• QoS providing for traffic via air interface.
• Micro Mobility Handover.
• Radio Resource Management Update.
• MSS Activity Status update (Active, Idle).
• Traffic classification.
• DHCP Proxy.
• Key Management.
• Session Management.
Fig.4
Chapter 2: WiMAX Architecture
TS09TEC09En 5
2.2 Subscriber Station (SS)
Subscriber Station Requirements
• Allows the subscribers to connect to the network.
• Indoor or outdoor.
• Integrated or external antenna.
• Access to voice, video and high-speed data services.
• Different interfaces to the user equipment.
• Self or simple installation.
Fig.5
Antennae Examples
Fig.6
Chapter 2: WiMAX Architecture
TS09TEC09En 6
2.3 Air Interface
Air Interface Requirements
• Compliant with WiMAX standard.
• Configurable QoS parameters.
• Scheduling services support.
• Advanced functions such as power management (paging), compression, data reliability.
• Adaptive Modulation and Coding.
• Over-the-air and End-to-End Security.
• Message exchanges for mobility support.
• SS connectivity provisioning and admission control.
• Mobility management.
• Device management.
• UL and DL data exchange.
• Authorization and tunnelling for specialized IP services.
Chapter 2: WiMAX Architecture
TS09TEC09En 7
WiMAX Reference E2E Network Architecture
Fig.7 Interworking with 3G – WiMAX Interworking is like WLAN
Interworking
Fig.8
Chapter 2: WiMAX Architecture
TS09TEC09En 8
WiMAX Interworking model
Fig.9
Chapter 3: WiMAX Standardization
TS09TEC09En 1
Chapter 3 WiMAX Standardization
Aim of study This chapter introduces positioning of IEEE wireless standards.
Contents Pages
1 Active IEEE 802 Wireless Working Groups 2
2 IEEE 802.16 History 2
3 Positioning of IEEE Wireless Standards 3
4 Completed/active IEEE 802.16 Projects 4
5 Alternative Standards (ETSI, 802.20 etc.) 6
6 FAQ 7
Chapter 3: WiMAX Standardization
TS09TEC09En 2
Chapter 3
WiMAX Standardization
1 Active IEEE 802 Wireless Working Groups
• 802.11: Wireless LAN (WLAN).
• 802.15: Wireless Personal Area Network (WPAN; Bluetooth).
• 802.16 Broadband Wireless Access (BWA).
• 802.20: Mobile Broadband Wireless Access (MBWA; FLASH-OFDM)
- Mobile Broadband Wireless Access Network Operating in Licensed Frequency Bands and Supporting Mobility at Vehicular Speeds.
• 802.21: Multi-Media Independent Handoff (Handover)
- Optimization of handoff between networks of different media types or networks of the same media type but of different operational entities.
=>generic handoff (GSM term: Hand-Over) support for all 802.x-interfaces.
2 IEEE 802.16 History
WiMAX Forum and IEEE
Fig.1
Chapter 3: WiMAX Standardization
TS09TEC09En 3
3 Positioning of IEEE Wireless Standards
From PAN to WAN – Continuum of Wireless Standards
Fig.2 • IEEE 802.20 – Emerging Standard for Mobile Broadband Wireless
Access.
• IEEE 802.21 – Emerging Standard to address inter-network handoffs.
Chapter 3: WiMAX Standardization
TS09TEC09En 4
IEEE 802.16 Standard Overview
4 Completed/active IEEE 802.16 Projects
Completed IEEE 802.16 Projects (Status: 04/2005)
Chapter 3: WiMAX Standardization
TS09TEC09En 5
• IEEE 802.16 – 2001
For Fixed Wireless Access Systems for 10 – 66 GHz.
• IEEE 802.16a (802.16 REVd)
For Fixed Wireless Access Systems –
Amendment 2: MAC and PHY Modifications for 2 - 11 GHz.
• IEEE 802.16d
PHY extension and improved NLOS with up to 20 MHz sub-channels.
• IEEE 802.16 – 2004
Active IEEE 802.16 Projects (Status: 04/2005)
• IEEE 802.16e
Mobile Extension (< 120 km/h) with Roaming (Hand-over) Agreement.
• IEEE 802.16f
MIB (Management Information Base) Extension.
• IEEE 802.16g
Definition of Management Plane (Power Management, Roaming, Accounting, Security).
• IEEE 802.16 – 2004
Conformance Test Specs. 1 for vendor inter-operability.
• IEEE 802.16h
Extension for coexistence and non-interference with other occupiers in unlicensed bands.
Chapter 3: WiMAX Standardization
TS09TEC09En 6
802.16g Management Plane Procedures and Services
• „Baseline Document“ from NetMan Task Group 802.16g
(Still in a Pre-Draft Version).
• Scope
- Provides enhancements to the MAC and PHY management entities of IEEE Standard 802.16-2004 to create standardized procedures and interfaces for the management of conformant 802.16 devices.
• Content
- Management Interfaces and Procedures: For PHY/MAC/CS Interworking between MSS (Mobile Subscriber Station) and BS (Base Station), e.g.
o Mobility and Handover Management.
o Roaming Management.
o Security Management.
o Accounting Management.
5 Alternative Standards
Alternative Standards – ETSI HIPERMAN
• 2003 released by European Telecommunication Standards Institute (ETSI).
• Targeted to SME (Small & Medium Enterprise) and Residential users.
• Operating at frequencies between 2 – 11 GHz.
• Was developed in close cooperation with IEEE 802.16.
• Capable to support ATM -> offers full QoS (comp. to HIPERLAN).
• Supports PtP- and PtMP-connections.
Chapter 3: WiMAX Standardization
TS09TEC09En 7
• Using MAC-Layer of 802.16 standard.
• Supports UL/DL separation by FDD and TDD (see 802.16).
6 FAQ
FAQ - Will WiMAX compete with Wi-Fi?
• WiMAX and Wi-Fi will coexist.
• WiMAX complements Wi-Fi by extending its reach and providing a "Wi-Fi like” user experience on a larger geographical scale.
• Wi-Fi designed for LAN; WiMAX for MAN.
• Future Outlook:
For 2006-2008, it is expected that both 802.16 and 802.11 will be available in end user devices (laptops, PDAs, mobile phones).
FAQ - Interworking between WiMAX and Wi-Fi Alliance?
• WiMAX-Forum is working with some industry groups, including the Wi-Fi Alliance.
• Idea: to enable seamless handoffs between multiple wireless standards.
FAQ - Interworking between WiMAX-Forum and ETSI?
• The IEEE 802.16-2004 (256 OFDM PHY) and ETSI HiperMAN standards share the same PHY and MAC specifications.
• WiMAX-Forum is active in both standards organizations to ensure that a single global standard for Wireless MAN is adopted.
Chapter 3: WiMAX Standardization
TS09TEC09En 8
FAQ - Comparison between 802.16 and 802.20?
• 802.16 and 802.20 (FLASH-OFDM) are two different technology approaches targeted at distinct markets:
-> 802.20 is targeted to WAN market.
• 802.20 is still in the very early stages of standards development.
• 802.20 is not expected to be completed before 2007.
• 802.20 does not have industry support yet
-> Interoperability out of scope yet.
Chapter 4: PHY and MAC Layer
TS09TEC09En
1
Chapter 4 PHY and MAC Layer
Aim of study This chapter introduces MAC Layer addressing & MAC-Frame, QOS in WiMAX and
modulation methods.
Contents Pages
1 OSI Reference Model 2
2 The MAC Layer (Media Access Control) 5
3 Privacy Sublayer 25
4 The PHY Layer (Physical) 29
Chapter 4: PHY and MAC Layer
TS09TEC09En
2
Chapter 4
PHY and MAC Layer
1 OSI Reference Model
Communication according to the OSI Reference Model
Fig. 1
Shell-type Structure of the Communication Process
Fig. 2
Chapter 4: PHY and MAC Layer
TS09TEC09En
3
IEEE 802.16 – Protocol Stack
The IEEE standard 802.16 specifies
• Medium Access Control layer (MAC).
• Physical layer (PHY).
Of fixed Point-to-Multipoint Broadband Wireless Access (BWA) Systems
providing multiple services.
The MAC layer is structured to support MULTIPLE Physical layers
Specifications.
IEEE 802.16 – PHY and MAC Overview
Fig. 3
Chapter 4: PHY and MAC Layer
TS09TEC09En
4
WIMAX Bridging Functionality
Fig. 4
IEEE 802.16 – Protocol Stack
Fig. 5
Chapter 4: PHY and MAC Layer
TS09TEC09En
5
IEEE 802.16 – PHY and MAC Alternatives
PHY Alternatives
• OFDM (Wireless MAN-OFDM Air Interface)
- 256-point FFT with TDMA (TDD/FDD).
• OFDMA (Wireless MAN-OFDMA Air Interface)
- 2048-point FFT with OFDMA (TDD/FDD).
• Single-Carrier (Wireless MAN-SCa Air Interface) TDMA.
MAC Overview
• Point-to-Multipoint.
• Connection-oriented.
• Higher Layer protocol independent (IP, Ethernet, ATM …).
• Flexible QOS offering:
- CBR, rt-VBR, nrt-VBR, BE, with granularity within classes.
FFT Fast Fourier Transformation
2 The MAC Layer (Media Access Control)
MAC Overview
• MAC independent of PHY.
• DL works on a PTMP-basis (sector zed antennae).
• Connection-oriented
- 16 Bit Connection ID (CID).
• MAC covers Network Entry of SS.
• Provides QOS using scheduled service flows.
Chapter 4: PHY and MAC Layer
TS09TEC09En
6
CS - Service Specific Convergence Sub layer
Fig. 6
Types of Convergence Sub layers
• CS used to adapt higher layers to MAC.
• IEEE 802.16 specifies two different Convergence Sub layers:
- ATM CS (for ATM).
- Packet CS (for IP, Ethernet).
ATM Asynchronous Transfer Mode
ATM CS
Fig. 7
Chapter 4: PHY and MAC Layer
TS09TEC09En
7
Three Options for ATM Header:
• Normal ATM cell header (5 bytes): transparent transmission of ATM cells.
• Suppression of VPI (header size: 3 bytes): VP switching.
• Suppression of VPI and VCI (header size: 1 byte): VC switching.
Note:
Whether or not payload header suppression (PHS) is used, is signaled at MAC
connection creation. If suppression is used, VPI/VCI can be reconstructed at
the end of the peer, through mapping of the CID (see MAC-Layer).
PDU Protocol Data Unit
VPI Virtual Path Identifier
VCI Virtual Channel Identifier
Packet CS
• Used for encapsulation of IP or Ethernet Packets.
• Allows header suppression (optional!)
- PHS (Payload Header Suppression) can be used
-> Ethernet/IP-Header will be suppressed.
• If PHS is used, then receiver needs a mapping table for reconstructing the original header.
Fig. 8
Chapter 4: PHY and MAC Layer
TS09TEC09En
8
MAC – Common Part Sublayer
Fig. 9
Downlink – Point-to-Multipoint Concept
• DL (BS -> SS) operates a PTMP basis (using sectorized antennae).
• Within antenna sector: broadcast („to all“).
• SS check for CID.
Fig. 10
Chapter 4: PHY and MAC Layer
TS09TEC09En
9
Uplink – Concept
• UL (SS -> BS) is shared on a demand basis.
• right to send:
- Issued continuously (UGS service class).
- Must be requested by user and granted by BS.
Fig. 11
MAC PDU Frame Format
Fig. 12
Chapter 4: PHY and MAC Layer
TS09TEC09En
10
MAC Header Formats
• Generic MAC Header
- Used for data or MAC management messages.
• Bandwidth Request (BR) MAC Header
- Used by SS to request more bandwidth on UL.
Outlook of MAC Header
Fig. 13
• HT (Header Type): = 0 (Generic MAC Header).
= 1 (Bandwidth Request Header).
• Type: indicates sub-headers, e.g. for fragmentation, packing, etc.
• CID (Connection Identifier).
• Options: e.g. EC (Encryption Control): if payload is encrypted.
• CI (CRC Indicator): indicates CRC.
• LEN (Length): in bytes of the MAC PDU including the MAC header.
• BR (Bandwidth Request): number of bytes of uplink bandwidth requested by the Subscriber Station.
Chapter 4: PHY and MAC Layer
TS09TEC09En
11
MAC PDU for Bandwidth Request
Fig. 14
• Doesn't contain payload information.
• Header length: 6 bytes.
• Type:
- Incremental request: add BR bytes to the requirements for CID.
- Full request (called aggregate): total number of BR bytes for CID.
• BR indicates the number of bytes requested.
• CID indicates the connection for which the uplink bandwidth is required.
MAC PDU for Data Message
Possible sub-headers (described by Type field):
• Fragmentation sub-header.
• Packing sub-header.
• Automatic Repeat Request (ARQ).
• Grant Management sub-header – see graphic (only uplink).
Chapter 4: PHY and MAC Layer
TS09TEC09En
12
Fig. 15
Fragmentation and Fragmentation Rules
• MAC SDUs (e.g. IP packets) are divided into one or more MAC PDUs.
• Idea: to reduce risk of packet loss.
• Initiators: BS for DL and SS for UL.
• The fragmentation must be active for the specific connection via signaling.
Fig. 16
Chapter 4: PHY and MAC Layer
TS09TEC09En
13
Packing
• Packing combines multiple higher layer SDUs.
• Allows better bandwidth utilization.
Fig. 17
Automatic Repeat Request (ARQ) Protocol
• TCP-like reliable protocol using ACK; operating on MAC layer.
• Uses sliding-window (# of MAC SDU blocks w/o ACK is specified).
• Receiver sends ACK or negative ACK message.
• Re-transmission of lost or error blocks.
Chapter 4: PHY and MAC Layer
TS09TEC09En
14
Fig. 18
MAC Addressing
• Subscriber Station (SS)
- MAC-Address (48 Bit).
- Used during initial ranging process to establish the appropriate connection for an SS.
• Base Station (BS)
- Base Station ID (programmable – 64 Bit).
• Connection
- Connection ID (CID – 16 Bit).
- Used for user data connections and for management connections (basic, primary, secondary).
Chapter 4: PHY and MAC Layer
TS09TEC09En
15
Network Entry – Subscriber Station Initialization
1) DL-Channel Synchronization
SS searches for DL-frames and synchronizes using preamble.
2) Initial Ranging
Setting sending parameters (power, code parameters, phase).
3) Capability Exchange
Modulation method, coding rates, duplex method.
4) Authentication
Establishing authentication and encryption.
5) Registration
IP-Version, ARQ parameters, flow control, error correction.
6) IP-Connectivity
Management connection between BS and SS.
7) Creation of Data Connection.
8) Periodic Ranging.
Chapter 4: PHY and MAC Layer
TS09TEC09En
16
Subscriber Station Initialization
Fig. 19
Network Entry –
1) DL-Channel Synchronization
• SS scans for a channel in the pre-defined frequency list (compare to WLAN).
• Normally SS will be configured to use specific BS (given set of
operational parameters - frequency, power - when operating in a licensed
band).
• If SS finds DL channel:
- Synchronizes at PHY (detects the periodic frame preamble).
- MAC looks for DCD and UCD (to get information on modulation and other DL and UL parameters.
Chapter 4: PHY and MAC Layer
TS09TEC09En
17
DCD DL Channel Descriptor
UCD UL Channel Descriptor
Network Entry –
2) Initial Ranging
• Sending Ranging Request MAC Message (during initial ranging interval) using minimum transmission power.
• If no response
- SS sends the ranging request again using higher transmission power.
• If SS receives response, response either indicates
- Success, i.e. SS is ready to send data on the UL.
- Power and timing corrections for SS.
• If response indicates corrections, SS sends another ranging request after making these corrections.
Network Entry –
3) Capability Exchange
• SS sends a Capability Request Message to the BS.
• this message describes capabilities in terms of
- Supported modulation levels.
- Coding schemes.
- Coding rates.
- Duplexing methods.
• BS accepts or denies the SS, based on its capabilities.
Chapter 4: PHY and MAC Layer
TS09TEC09En
18
Network Entry –
4) Authentication
• BS authenticates SS and provides key material to enable data ciphering.
• SS sends to BS
- X.509 certificate (provided by SS manufacturer).
- Description of supported cryptographic algorithms.
• BS
- Validates identity of SS.
- Determines cipher algorithm and protocol.
- Sends an authentication response to SS.
• SS periodically performers authentication and key exchange procedures to refresh its key material.
Network Entry –
5) Registration
• SS sends a Registration Request Message to BS.
• BS sends a Registration Response to SS.
• Registration exchange includes
- IP version support.
- ARQ parameters support.
- CRC support.
- Flow control.
ARQ Automatic Repeat Request
Chapter 4: PHY and MAC Layer
TS09TEC09En
19
Network Entry –
6) IP Connectivity
• SS starts DHCP to get IP-address and other parameters to establish IP connectivity (SN-mask, default gateway).
• BS and SS maintain current date and time using Time of the Day protocol (RFC 868).
• SS then downloads operational parameters using TFTP.
DHCP Dynamic Host Configuration Protocol
TFTP Trivial File Transfer Protocol
Network Entry –
7) Creation of Data Connection
• For pre-provisioned service flows, connection creation process is initiated by the BS
- BS sends a dynamic service flow Addition Request Message to SS.
- SS sends a response to confirm creation of connection.
• Non-pre-provisioned service flows are initiated by the SS
- SS is sending a dynamic service flow Addition Request Message to BS.
- BS responds with a confirmation.
Chapter 4: PHY and MAC Layer
TS09TEC09En
20
QOS in WI MAX
• WiMAX works with a polling-based MAC layer
- More deterministic than the contention-based MAC Used by 802.11.
• Each connection is associated with a single scheduling data service
- Each scheduling data service is associated with a set of QoS parameters.
• IEEE 802.16 specifies four types of scheduling data services.
Scheduling Data Services
• UGS: Unsolicited Grant Service
- Guarantees fixed size data packets on a periodic basis (CBR).
- Used for TDM emulation, VoIP (w/o silence suppression).
• rtPS: real-time Polling Service
- Supports variable size data packets on a periodic basis (rt-VBR).
- Used for MPEG video, VoIP with silence suppression.
• nrtPS: non-real-time Polling Service
- Supports variable size data packets on a quite regular basis (nrt-VBR).
- Used e.g. for TFTP.
• BE: Best Effort
- Provides best effort traffic (UBR).
- Used for e-mailing, web surfing etc.
CBR Constant Bit Rate
rt-VBR Realtime Variable Bit Rate
Chapter 4: PHY and MAC Layer
TS09TEC09En
21
nrt-VBR Non-realtime Variable Bit Rate
UBR Unspecified Bit Rat
Scheduling Data Services
• Each UL connection is assigned to a service class as Part of the creation of the connection.
-> see „Network Entry“description – „Creation of Data Connection“.
Service Classes for different Services
Fig. 20
Chapter 4: PHY and MAC Layer
TS09TEC09En
22
Traffic Descriptors in 802.16
• Maximum Sustained Rate (MSR)
- Peak Information Rate (PIR) - specified in bps.
- Wireless link must be policed to check for conformance (discard if MSR exceeded!).
- Tolerated (best effort).
• Minimum Reserved Rate (MRR)
- Minimum Rate reserved per service flow – in bps.
- Also Latency, Jitter according to Traffic Contract.
- MRR ≤ MSR.
- Guaranteed.
QoS guarantees
- Max. latency, max. jitter, Bit Error Rate.
QoS Parameter Set – Service Class
• Each Service Flow has some assigned QoS parameters.
• specifies e.g.
- maximum delay
Jitter (delay variation)
- minimum delay
- Bit Error Rate (default threshold: 10-6).
• Service Classes or Service Class Names (SCN) defines a common set of QoS parameters.
• At Service Flow level QoS parameters of Service Classes can be overwritten.
Chapter 4: PHY and MAC Layer
TS09TEC09En
23
• Service Classes also used for billing.
Service Flows
• Dynamic Service Flows using 802.16 Management Messages:
- Create a new flow (DSA - Dynamic Service Addition).
- Change an existing flow (DSC - Dynamic Service Change).
- Delete an existing (DSD - Dynamic Service Deletion).
• Static Service Flows
- Provisioned through the network management system.
Note:
These mentioned protocols are critical to carriers, as they eliminate the need to
schedule changes during a maintenance window and therefore reduce the
mean time to provision new services.
They allow providers to add new subscribers, modify traffic contracts and/or
reclaim resources on the fly without interfering with other Existing
subscribers.
Example of a Dynamic Service Flow –
Creation of a new Service Flow using DSA
• DSA request (DSA-REQ) can be initiated by either the Base Station or the Subscriber Station.
• DSA-REQ from Subscriber Station contains Service Flow reference and QoS parameters.
• Base Station (after sending a DSX-Receive message) responds with DSA-RSP either accepting or rejecting the request.
Chapter 4: PHY and MAC Layer
TS09TEC09En
24
• If request is rejected because of a non-supported parameter, that specific parameter may be indicated with the RSP.
Fig. 21
MAC Management Messages
• Broad set of Management Messages (not all fixed yet; IEEE 802.16g).
• Carried in the payload part of the MAC PDU.
• Three types of MAC management messages are pairwise (UL/DL) established between SS and BS (can be recognized by the user via CID):
- Basic Management Messages: short, time urgent messages.
- Primary Management Messages: long and more tolerant messages.
- Secondary Management Messages: standard based messages, e.g. DHCP, TFTP, SNMP etc.
• Additionally: some types of broadcast messages, e.g. UCD, DCD etc.
DCD DL Channel Descriptor
UCD UL Channel Descriptor
Chapter 4: PHY and MAC Layer
TS09TEC09En
25
Examples for MAC Management Messages
Fig. 22
3 Privacy Sublayer
Fig. 23
Chapter 4: PHY and MAC Layer
TS09TEC09En
26
Privacy Sublayer
• Authentication.
• Authorization.
• Encapsulation (Encryption).
• Key Management.
Fig. 24
PKI Public Key Infrastructure
PKM Public Key Management
EAP Extensible Authentication Protocol
Encapsulation Protocol
• Encryption services defined as set of capabilities within the MAC Privacy Sub layer.
• Encryption is always applied to the MAC PDU payload
- Generic MAC Header always unencrypted.
- EC-bit specifies if payload PDU is encrypted or not.
- CRC is calculated after payload encryption.
Chapter 4: PHY and MAC Layer
TS09TEC09En
27
Fig. 25
Privacy Key Management
• Privacy Key Management Protocol (PKM) used by Subscriber Station
- To obtain authorization from Base Station.
- To obtain traffic keying material from the Base Station.
- To support periodic re-authorization and key refresh.
• PKM uses
- X.509 digital certificates [Public Key Infrastructure; RFC 2459].
- Public Key Encryption.
- Strong algorithms to perform key exchange between SS and BS (e.g. EAP-AKA, EAP-MSCHAPv2).
Initial Authorization
• Base Station authenticates a Subscriber Station during the Initial Authorization process.
• Each Subscriber Station carries a unique X.509 digital certificate issued by the Subscriber Station’s manufacturer. This digital certificate contains
- Subscriber Station’s Public Key.
- Subscriber Station MAC address.
• Initial Authorization
- SS presents its digital certificate to BS.
Chapter 4: PHY and MAC Layer
TS09TEC09En
28
- BS verifies the digital certificate, using the verified Public Key to encrypt the Authorization Key.
- Authorization Key sent back from BS to requesting SS.
Re-Authorization
• Re-Authorization (periodically, after achieving initial authorization)
- To refresh aging encryption keys.
Note:
At all times the Base Station maintains two active sets of keying material per
subscriber station. The lifetimes of the two generations overlap such that each
generation becomes active halfway through the life of it predecessor and
expires halfway through the life of its successor.
802.16 Security Concept Overview
Fig. 26
Chapter 4: PHY and MAC Layer
TS09TEC09En
29
4 The PHY Layer (Physical)
PHY – Physical Layer
Fig. 27
PHY Overview
• 10 – 66 GHz
- Single Carrier SC.
• 2 - 11 GHz
- Single Carrier SC (equalizer necessary for NLOS).
- OFDM-256 (with 256 sub-carriers).
- OFDMA-2048 (with 2048 sub-carriers).
- Scalable-OFDMA from Intel and Samsung (implementation with 802.16e). • Variable number of sub-carriers with constant bandwidth.
• Adaption of coding methods according to SNR
- QPSK.
- 16-QAM.
Chapter 4: PHY and MAC Layer
TS09TEC09En
30
- 64-QAM.
OFDM(A) Orthogonal Frequency Division Multiplexing (Access)
SNR Signal to Noise Ratio
PHY Mechanisms
• OFDM(A) achieves high data rate and efficiency by using Multiple orthogonal (overlapping) carrier signals.
• By using multiple carriers reliable communication can be maintained: kind of carrier redundancy (if one carrier is interrupted some others still can be used).
• Spectral Efficiency (no. of bits carried by the channel): 5 bits/Hz i.e. 70 Mbit/s of usable data in a 20 MHz-channel.
• Adaptive Modulation and Coding (AMC) dependent on quality of signal (based on SNR).
OFDM (A) Orthogonal Frequency Division Multiplexing (Access)
SNR Signal to Noise Ratio
OFDM Basics
• A maximum of one carrier frequency lies precisely at the zero position of all other carrier frequencies in the frequency range
- The frequencies do not interfere with each other.
- Overlaying of the frequencies in the same frequency range is possible.
- -> Bandwidth Save.
Chapter 4: PHY and MAC Layer
TS09TEC09En
31
Fig. 28
Comparison OFDM – FDM
Fig. 29
OFDM Basics
• 802.16 preferred OFDM mode requires 256 point FFT.
• Optional: OFDMA with 2048 point FFT.
• Advantage: Especially suitable for NLOS (multipath environment).
FFT Fast Fourier Transformation
Chapter 4: PHY and MAC Layer
TS09TEC09En
32
256 OFDM
• 192 subcarriers for data (1 user!).
• 8 subcarriers for pilot (phase reference).
• 56 subcarriers for null (guard).
Fig. 30
• Note: Multi-user support with TDD or FDD.
OFDMA
• Orthogonal Frequency Division Multiplexing Access.
• „Multi-User OFDM“.
• Sub-carriers form Sub-channels.
• Sub-channels can be used by one user or a group of users.
Fig. 31
Chapter 4: PHY and MAC Layer
TS09TEC09En
33
SOFDMA
• Scalable OFDMA.
• Will be implemented with 802.16e.
• Allows reduction of FFT size (from 2048 to 128).
• Bandwidth range: 1.25 – 20 MHz.
Modulation Methods
• Modulation of sub-carriers
- PSK: Phase Shift Keying.
- QAM: Quadrature Amplitude Modulation.
Adaptive Modulation and Coding (AMC)
• Modulation and Coding is adapted to signal strength (SNR).
Fig. 32
Chapter 4: PHY and MAC Layer
TS09TEC09En
34
Modulation Methods
Fig. 33
Example for Data Rate Dependency on Modulation Method
Fig. 34
Frequency/Time Division Duplex
• For separation of
- Users in OFDM.
- DL and UL.
Chapter 4: PHY and MAC Layer
TS09TEC09En
35
• FDD: UL and DL transmissions are simultaneous use different sequences.
• TDD: UL and DL transmissions occur at different times but may share the same frequency.
Fig. 35
OFDM Frame Structure for TDD
Fig. 36
Chapter 4: PHY and MAC Layer
TS09TEC09En
36
IEEE 802.16e
IEEE 802.16e – Mobile Enhancements.
• MAC and PHY Enhancements (SOFDMA).
• Power consumption reduction.
• Hand-Off (Hand-over).
• L2.5 Routing.
• Power Consumption Reduction
- SS often will use Battery Power.
- Introduction of two modes for the SS: Awake-mode and Sleep-Mode.
• Awake-mode: SS is receiving and transmitting PDUs in a normal way.
• Sleep-Mode: allows the SS to power down
- Sleep-interval.
- Listening-interval.
The Sleep-Mode
Fig. 37
Chapter 4: PHY and MAC Layer
TS09TEC09En
37
The Sleep-Mode 2
Fig. 38
IEEE 802.16e – Mobile Enhancements
• Challenges for Hand-Off
- Optimize L2 hand-off.
- Provide trigger to L3.
- Allows mobile SS to move efficiently between BSs.
- Smoothes BS transitions with minimal loss of PDUs.
- Fast BS transition to guarantee QoS.
• Communication link between terminal and Internet must be preserved.
• IP address should stay the same even if a terminal is moving.
Chapter 4: PHY and MAC Layer
TS09TEC09En
38
Fig. 39
• IEEE 802.16e proposes to use L2.5 label to set up tunnel (path).
• Comparing to MPLS.
• Switching faster than Routing.
• QoS possible.
Fig. 40
Chapter 5: WiMAX Security
TS09TEC09En 1
Chapter 5 WiMAX Security
Aim of study This chapter introduces security expectations From WiMAX network.
Contents Pages
1 Definitions 2
2 Cryptography 5
3 Hash Functions vs. MAC 19
4 Introduction IEEE 802.16 Security 21
5 Security Expectations From WiMAX Network 23
6 WiMAX security functions and OSI 7-layer model 24
7 WiMAX Data Link Layer Security 25
8 Summary of WiMAX standard addresses the
security requirements
32
9 WiMAX Network Reference Model (NRM) 34
Chapter 5: WiMAX Security
TS09TEC09En 2
Chapter 5
WiMAX Security
1 Definitions
Security Services
• Authentication - assurance that the communicating entity is the one claimed.
• Access Control - prevention of the unauthorized use of a resource.
• Data Confidentiality –protection of data from unauthorized disclosure.
• Data Integrity - assurance that data received is as sent by an authorized entity.
• Non-Repudiation - protection against denial by one of the parties in a communication.
Definitions
• Plaintext: easy to understand form (original message).
• Ciphertext: difficult to understand form.
• Encryption: encoding (plaintext -> ciphertext).
• Decryption: decoding (ciphertext -> plaintext).
• Cryptology: study of encryption.
• Cryptography: use of encryption.
• Cryptanalysis: breaking encryption.
Chapter 5: WiMAX Security
TS09TEC09En 3
Group of individuals
• Hacker – is a general term that has historically been used to describe a computer programming expert. More recently, this term is commonly used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.
• Cracker – is the term that is generally regarded as the more accurate word that is used to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.
• Phreaker – is an individual that manipulates the phone network in order to cause it to perform a function that is normally not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls.
• Spammer – is an individual that sends large quantities of unsolicited email messages. Spammers often use viruses to take control of home computers in order to use these computers to send out their bulk messages.
• Phisher – uses email or other means in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords. The phisher will masquerade as a trusted party that would have a legitimate need for the sensitive information.
• White hat – is a term used to describe individuals that use their abilities to find vulnerabilities in systems or networks, and then report these vulnerabilities to the owners of the system so that they can be fixed.
• Black hat – is another term for individuals that use their knowledge of computer systems to break into systems or networks that they are not authorized to use.
• Alice—she is an end user/computer without malicious intentions, one of the main users of cryptography.
• Bob—he is Alice’s friend and is also a main user of cryptography, without malicious intentions.
• Cathy—another user of cryptography; she does not usually have a large roll nor malicious intentions.
Chapter 5: WiMAX Security
TS09TEC09En 4
• Eve—a malicious user that does not interfere with communications.
She simply wants to eavesdrop on the conversation between two other
characters, typically Alice and Bob, but does not actively try to attack
the communication.
• Mallory— the malicious user. Always trying to thwart attempts by
other characters to communicate securely.
• Trent—he is a trusted third party. He only communicates with Alice,
Bob, or Cathy when they ask for his help. He can always be trusted to
do what he says he will do.
Definitions
• Key— a random piece of data used with encryption and decryption.
Encryption and decryption algorithms require a key and plain text or
cipher text to produce cipher text or plain text, respectively.
• Security Association— a set of information that describes how the
communicating entities will utilize security.
Chapter 5: WiMAX Security
TS09TEC09En 5
2 Cryptography
Fig. 1
Fig. 2
Chapter 5: WiMAX Security
TS09TEC09En 6
Mode of Operation
Fig. 3
There are several block cipher modes including:
1. Electronic Code Book (ECB).
2. Cipher Block Chaining (CBC).
3. Cipher Feedback Mode (CFB).
4. Output Feedback (OFB).
5. Counter (CTR).
Electronic Codebook Book (ECB)
Fig. 4
Chapter 5: WiMAX Security
TS09TEC09En 7
Each block is encoded independently of the other blocks
Ci = Ek(Pi).
Uses: secure transmission of single values.
Cipher Block Chaining (CBC)
Fig. 5
Each previous cipher blocks is chained with current plaintext block, hence
name.
Use Initial Vector (IV) to start process.
Ci = Ek(Pi XOR Ci-1)
C-1 = IV
Uses: bulk data encryption, authentication.
Chapter 5: WiMAX Security
TS09TEC09En 8
Cipher Feed Back (CFB)
Fig. 6
• Message is treated as a stream of bits.
• Added to the output of the block cipher.
• Result is feed back for next stage (hence name).
Output FeedBack (OFB)
Fig. 7
Chapter 5: WiMAX Security
TS09TEC09En 9
Message is treated as a stream of bits, output is then feed back (hence name).
Feedback is independent of message.
Can be computed in advance.
Ci = Pi XOR Oi
Oi = Ek(Oi-1)
O-1 = IV
Uses: stream encryption on noisy channels.
Counter (CTR)
Fig. 8
Similar to OFB but encrypts counter value rather than any feedback value.
Must have a different key & counter value for every plaintext block (never
reused).
Chapter 5: WiMAX Security
TS09TEC09En 10
Ci = Pi XOR Oi
Oi = Ek(i)
Uses: high-speed network encryptions.
Fig. 9
Cryptographic System Usages
Cryptographic algorithms can be used for:
• Encryption: for confidentiality (privacy).
• Authentication: for data origin authentication and data integrity.
Chapter 5: WiMAX Security
TS09TEC09En 11
Fig. 10
Types of Cryptographic Systems
• Symmetric-key cryptosystems.
• Asymmetric-key or Public-key cryptosystems.
• Hybrid (Symmetric-key and Asymmetric-key) cryptosystems.
Fig. 11
Symmetric Encryption
• Uses conventional / secret-key / single-key.
• Sender and recipient share a common key.
• All classical encryption algorithms are private-key.
• The only type prior to invention of public-key in 1970’s.
Chapter 5: WiMAX Security
TS09TEC09En 12
Fig. 12
Symmetric-key cryptosystems
Examples of symmetric key algorithms are as follows:
• Data Encryption Standard (DES).
• Triple DES (3DES).
• Advanced Encryption Standard (AES).
• International Data Encryption Algorithm (IDEA).
• CAST.
Fig. 13
Chapter 5: WiMAX Security
TS09TEC09En 13
Triple DES
• Private Key symmetric block cipher.
• 3DES uses the same basic machinery of DES three times over, using three keys k1, k2, and k3.
• The plaintext (M) is encrypted using k1. This result is encrypted with k2 and the result is then further encrypted with k3 to get the cipher text (C). This mode of using 3DES is called the DES–EEE mode.
• The other mode is called DES–EDE, where the second stage is run in decryption mode.
• The three keys may or may not be independent.
• For the DES–EDE mode, three options are defined:
- The keys k1, k2, and k3 are independent.
- k1 and k2 are independent but k1 = k3.
- k1 = k2 = k3; in this case, 3DES becomes backward compatible with DES.
• Hence must use 3 encryptions
- Would seem to need 3 distinct keys.
• But can use 2 keys with E-D-E sequence
- C = Ek1 [DK2 [EK1 [P]]].
- If K1=K2 then can work with single DES.
• No current known practical attacks.
• Has been adopted by some Internet applications, e.g., PGP.
Chapter 5: WiMAX Security
TS09TEC09En 14
Triple DES (3DES)
Fig. 14
Advanced Encryption Standard (AES)
• Private Key symmetric block cipher.
• 128-bit data, 128/192/256-bit keys.
• Stronger & faster than Triple-DES.
• Active life of 20-30 years.
• Provide full specification & design details.
• Both C & Java implementations.
• The AES standard was developed to replace DES and 3DES.
• AES uses the Rijndael algorithm.
Chapter 5: WiMAX Security
TS09TEC09En 15
International Data Encryption Algorithm (IDEA)
• Xuejia Lai and James Massey, ETH (Swiss Federal Institute of Technology), 1991.
• Patented
- Patent is held by Ascom-Tech.
- Non-commercial use of IDEA is free. Commercial licenses can be obtained by contacting Ascom-Tech.
• Used in PGP.
• 128-bit key, 64-bit block.
• Eight rounds + final transformation.
CAST Encryption Algorithm
• CAST is a block cipher with a 128-bit key size.
• CAST is very fast, and it’s free.
• Its name is derived from the initials of its designers, Carlisle Adams and Stafford Tavares of Northern Telecom (Nortel).
• CAST appears to be exceptionally well designed, by people with good reputations in the field.
• CAST is too new to have developed a long track record, but its formal design and the good reputations of its designers will undoubtedly attract the attentions and attempted cryptanalytic attacks of the rest of the academic cryptographic community.
Asymmetric-key or Public Key Encryption
Fig. 15
Chapter 5: WiMAX Security
TS09TEC09En 16
• Based on mathematical algorithms.
• Asymmetric: Use two separate keys.
• Public Key issues
- Plain text.
- Encryption algorithm.
- Public and private key.
- Cipher text.
- Decryption algorithm.
Fig. 16
Fig. 17
Chapter 5: WiMAX Security
TS09TEC09En 17
Public Key Encryption
• One key made public and the other kept private.
• Infeasible to determine decryption key given encryption key and algorithm.
• Either key can be used for encryption, the other for decryption. Asymmetric-key or Public-key Cryptosystems
• There are many examples of commonly used public-key systems including:
- Diffie-Hellman.
- Rivest, Shamir, Adleman (RSA).
- Digital Signature Algorithm (DSA).
- Al Gamal.
- Elliptic Curve Cryptosystem (ECC). Digital certificates
• Digital certificates include:
- A public key.
- An individual or organisation’s details.
- A digital signature from a certifying authority (CA)
This states that the CA has seen proof of identity.
• Common certifying authorities:
- VeriSign, Thawte, Equifax Secure, British Telecom.
- CAs are themselves certified by other CAs.
- A few “root” CAs are usually trusted.
Chapter 5: WiMAX Security
TS09TEC09En 18
Fig. 18
Message Authentication
Fig. 19
Chapter 5: WiMAX Security
TS09TEC09En 19
3 Hash Functions vs. MAC
Hash functions • Hash Function
- Generate a fixed length “Fingerprint” for an arbitrary length message.
- No Key involved.
- Must be at least One-way to be useful.
• Constructions
- Iterated hash functions (MD4-family hash functions): MD5, SHA1, …
Fig. 20
Message Authentication Code
• MAC
- Generate a fixed length MAC for an arbitrary length message.
- A keyed hash function.
- Message origin authentication.
Chapter 5: WiMAX Security
TS09TEC09En 20
- Message integrity.
- Entity authentication.
- Transaction authentication.
Fig. 21 Comparison of Hash Function & MAC
• Easy to compute.
• Compression: arbitrary length input to fixed length output.
• Unkeyed function vs. Keyed function.
Fig. 22
Chapter 5: WiMAX Security
TS09TEC09En 21
SHS Algorithm Properties
Fig. 23
4 Introduction IEEE 802.16 Security IEEE 802.16 WiMAX
• Wireless Metropolitan Area Network (WMAN).
• Standard, Broadband Wireless Access (BWA).
• Last mile connectivity.
• Range up to 50 km.
• Provide high speed connectivity that supports data, voice and video.
• Fast deployment, cost saving.
Chapter 5: WiMAX Security
TS09TEC09En 22
IEEE 802.16 Applications
Fig. 24 Introduction IEEE 802.16 Security
• Security is an important topic in telecom.
• Wireless systems easier to attack than wireline systems.
• Lessons learnt from weaknesses in Wi-Fi security have been incorporated into the WiMAX standard.
Chapter 5: WiMAX Security
TS09TEC09En 23
5 Security Expectations from WiMAX Network
Security expectations from WiMAX network (user point of view)
Chapter 5: WiMAX Security
TS09TEC09En 24
6 WiMAX security functions and OSI 7-layer model
WiMAX security functions can be mapped to different layers of the OSI
7-layer model
Fig. 25
Security Sublayer Specified by the IEEE 802.16e-2005
• The security sublayer specified by the IEEE 802.16e-2005 only deals with the Data Link Layer security.
- Link Layer authentication and authorization ensures that the network is only accessed by permitted users.
- Link Layer encryption ensures privacy and protects traffic data from eavesdropping by unauthorized third parties.
Chapter 5: WiMAX Security
TS09TEC09En 25
WiMAX Network Layer Security Measures
• Network Layer security measures protect the network from malicious attacks achieved through the use of firewalls and AAA servers.
• RADIUS is the most widely used protocol for AAA interactions.
• Mobile WiMAX network architecture addresses the use of these techniques by providing an AAA based secure roaming model.
WiMAX Transport and Application Layers security measures
The Transport and Application layers provide additional security measures as
deemed appropriate by:
• Network operator.
• Application service providers (ASPs).
• End users.
7 WiMAX Data Link Layer Security
IEEE 802.16 Data Link Layer Security
Fig. 26
Chapter 5: WiMAX Security
TS09TEC09En 26
WiMAX Security Procedure
Fig. 27
WiMAX Data Link Layer Security “Authentication”
• Authentication comes in two forms:
- Unilateral authentication where the BS authenticates the MS.
- Mutual authentication where the BS authenticates the MS and the MS authenticates the BS.
• Every WiMAX implementation must have unilateral authentication.
• Experience has shown that mutual authentication is also extremely useful.
Privacy Key Management (PKM) Protocol
• WiMAX 802.16e-2005 standard defines a Privacy Key Management (PKM) protocol
• An SS uses the PKM protocol to obtain authorization and traffic keying material from the BS, and to support periodic reauthorization and key refresh.
Chapter 5: WiMAX Security
TS09TEC09En 27
• PKM allows for three types of authentication:
- RSA based authentication - X.509 digital certificates together with RSA encryption.
- EAP based authentication (optional).
- RSA based authentication followed by EAP authentication.
Keys used in PKM
• 5 keys are used to secure WiMAX communications:
- Authentication (Authorization) Key (AK).
- Key Encryption Key (KEK).
- Downlink hash function-based message authentication code (HMAC) key.
- The uplink (HMAC) key.
- Traffic Encryption Key (TEK).
IEEE 802.16 Authentications
Fig. 28
Chapter 5: WiMAX Security
TS09TEC09En 28
IEEE 802.16 Data Key Exchange
Fig. 29 Data Key Exchange
• Traffic Encryption Key (TEK).
• TEK is generated by BS randomly.
• TEK is encrypted with
- Triple-DES (use KEK).
- RSA (use SS’s Public key).
- AES (use KEK).
• Key Exchange message is authenticated by HMAC-SHA1.
• TEK is then used for encrypting the data traffic.
Privacy Key Management (PKM) Protocol
• SS uses the PKM protocol to obtain authorization and traffic keying material from the BS, and to support periodic reauthorization and key refresh.
Chapter 5: WiMAX Security
TS09TEC09En 29
• PKM allows for three types of authentication:
- RSA based authentication - X.509 digital certificates together with RSA encryption.
- EAP based authentication (optional).
- RSA based authentication followed by EAP authentication.
Authentication between BS and MS in WiMAX
RSA based authentication
• BS authenticates the MS by its unique X.509 digital certificate issued by the MS manufacturer.
• X.509 certificate contains the MS’s Public Key (PK) and its MAC address.
• When requesting an AK, the MS sends its digital certificate to the BS which validates the certificate and then uses the verified PK to encrypt an AK which is then sent back to the MS.
• All MSs that use RSA authentication have factory installed private/public key pairs (or an algorithm to generate the keys dynamically) together with factory installed X.509 certificates.
EAP based authentication
• MS is authenticated either through a unique operator issued credential, such as a SIM or though an X.509 certificate.
• The choice of authentication method depends on the operator’s choice of type of EAP as follows:
- EAP-AKA (Authentication and Key Agreement) for SIM based authentication.
- EAP-TLS for X.509 based authentication.
- EAP-TTLS for MS-CHAPv2 (Microsoft-Challenge Handshake Authentication Protocol).
Chapter 5: WiMAX Security
TS09TEC09En 30
Authorization
• After authentication, MS requests authorization from BS.
• This is a request for an AK as well as for an SA identity (SAID).
• The Authorization Request includes MS’s X.509 certificate, encryption algorithms and cryptographic ID.
• In response, the BS carries out the necessary validation (by interacting with an AAA server in the network) and sends back an Authorization reply which contains the AK encrypted with the MS’s public key, a lifetime key and an SAID.
• After the initial authorization, the AAA via the BS periodically reauthorizes the MS.
Traffic Encryption
• As previous, the authentication and authorization process results in the assignment of and Authorization Key, which is 160 bits long.
• The Key Encryption Key is derived directly from the AK and is 128 bits long.
• The KEK is not used for encrypting traffic data; for this we require the Traffic Encryption Key which is generated as a random number in the BS using the TEK encryption algorithm where KEK is used as the encryption key.
• TEK is then used for encrypting the data traffic.
Security Flaws in PKMv1
• Need for mutual authentication: authentication is one way
- BS authenticates SS.
- No way for SS authenticate BS.
- Rouge BS.
Chapter 5: WiMAX Security
TS09TEC09En 31
• Authentication Key (AK) generation
- BS generates AK.
- No contribution from SS.
- SS must trust BS for the generation of AK.
PKMv2
• PKMv2, defines in IEEE 802.16e-2005, enhances PKMv1 by requiring mutual authentication between SS and BS.
• PKMv2 has also more enhanced security features such as new key hierarchy for AK derivation and Extensible Authentication Protocol (EAP).
PKMv2: The mutual authorization process
Fig. 30
Chapter 5: WiMAX Security
TS09TEC09En 32
PKMv2: authorization messages
8 Summary of WiMAX standard addresses the security
requirements
Network User
Chapter 5: WiMAX Security
TS09TEC09En 33
Network Operator
Access Control Architecture in WiMAX
Fig. 31
• EAP runs between MS and BS over the WiMAX PHY and MAC utilizing the PKMv2 protocol as defined in 802.16e-2005.
• If the authenticator function is not in the BS, the BS relays the authentication protocol to the authenticator (in the Access Services Network).
Chapter 5: WiMAX Security
TS09TEC09En 34
• From the authenticator to the authentication server (typically in the Home Connectivity Service Network) EAP is carried over RADIUS.
• RADIUS is a widely used standard. It has client/server architecture and utilizes UDP messages.
• The authentication server is also the RADIUS server, whereas the authenticator acts as a RADIUS client.
• In addition to authentication, RADIUS also supports authorization and accounting functions.
9 WiMAX Network Reference Model (NRM)
WiMAX Network Reference Model
Fig. 32
WiMAX network divided into two main parts:
• Access Service Network (ASN).
• Connectivity Service Network (CSN).
Chapter 5: WiMAX Security
TS09TEC09En 35
ASN consists of
• WiMAX base stations.
• ASN Gateway:
• Controls and aggregates the traffic from one or more WiMAX base stations.
• Managing handover between them, which includes:
- Maintaining authentication.
- Service flows.
- Key distribution between base stations.
CSN is the core of the network providing control and management functions
such AAA, DHCP, FTP and IMS.
NRM Reference Points
Chapter 5: WiMAX Security
TS09TEC09En 36
ASN Profile C and Security
• The NRM was developed by WiMAX Forum’s Network Working Group (NWG).
• NWG has defined three ASN profiles, referred as profile A, B and C from which vendors and service providers can select their preferred solution.
• Profile A and C both use centralized ASN Gateways, however, in Profile C the base stations are responsible for implementing the Radio Resource Management (RRM) and Handover management functions.
• Profile B embeds the key ASN functionality inside the base station, which removes the need for a centralized ASN gateway.
• Recently Profile A has been withdrawn leaving just Profiles B and C.
ASN profile C implementation between BS and ASN Gateway
Chapter 5: WiMAX Security
TS09TEC09En 37
ASN Profile C security architecture
Fig. 33
ASN and CSN Interaction for Security
• Connectivity Service Network (CSN) is the core of the network.
• It controls and manages the ASNs and the subscribers with a variety of services such as AAA, Home Agent functions, DHCP server, etc.
• CSN is also responsible for connecting to other operator’s networks and enables inter-operator and inter-technology roaming.
Chapter 5: WiMAX Security
TS09TEC09En 38
Protocol stack for AAA in mobile WiMAX network implementation
Fig. 34
EAP ‘layer’ operates over the R1/R3/R5 reference points and the EAP
methods (AKA, TSL/TTLS) operate over R2.
When authentications of both the end user and the device need to be
performed and these authentications terminate in different AAA servers, the
favored approach in PKMv2 is to use EAP-TTLS instead of double
authentication.
In double authentication, first device authentication then user EAP
authentication takes place before the MS is allowed access to IP services. In
EAP-TTLS authentication however, double authentication is dispensed with
and by virtue of tunnelling to the appropriate AAA server, the same AAA
server is used for both, thus shortening the authentication process.
Chapter 5: WiMAX Security
TS09TEC09En 39
Service Flow Management and Authorization
• Service Flow Management (SFM) and Service Flow Authorization (SFA) are the logical functional entities, closely associated with QoS, located in the ASN that act as policy enforcement and policy decision points.
• For ASN Profile C, the SFM function is located in the BS and the SFA function is located at the ASN GW.
• SFM located in the BS is responsible for the creation, admission, activation, modification, and deletion of IEEE 802.16e-2005 service flows.
• It consists of an Admission Control (AC) function, data path function and the associated local resource information.
• AC decides whether a new service flow can be admitted to the system.
• SFA is located at the ASN GW and is responsible for evaluating any service request against the subscriber's QoS profile.
• If the SFA already has the user QoS profile then it evaluates the incoming service requests against the user’s profile.
• If the SFA does not have the user profile then it sends the service request to the Policy Function (PF) for decision making.
• The Policy Functions (PFs) and its associated database reside in the CSN of both the home and the visited network.
Security Association
• Data SA - 16-bit SA identifier.
- Cipher to protect data: DES-CBC.
- 2 TEK.
- TEK key identifier (2-bit).
- TEK lifetime.
- 64-bit IV.
Chapter 5: WiMAX Security
TS09TEC09En 40
• Authorization SA
- X.509 certificate SS.
- 160-bit authorization key (AK).
- 4-bit AK identification tag.
- Lifetime of AK.
- KEK for distribution of TEK
= Truncate-128(SHA1(((AK| 044) xor 5364).
- Downlink HMAC key
= SHA1((AK|044) xor 3A64).
- Uplink HMAC key
= SHA1((AK|044) xor 5C64).
- A list of authorized data SAs.
Chapter 6: WiMAX Implementations
TS09TEC09En 1
Chapter 6 WiMAX Implementations
Aim of study This chapter introduces general WiMAX Implementation Scenarios.
Contents Pages 1 Implementations Scenarios 2
2 Siemens WiMAX products 4
Chapter 6: WiMAX Implementations
TS09TEC09En 2
Chapter 6
WiMAX Implementations
1 General Implement Scenarios
• Range Extension DSL.
• Wireless DSL for Low User Densities.
• Wireless Backhaul for Remote DSLAM.
• Wireless Backhaul for Hot Spots. WiMAX Integration:
Range Extension DSL (Wireless DSL)
Fig.1
Fig. 1
Chapter 6: WiMAX Implementations
TS09TEC09En 3
Wireless DSL for Low User Densities
Fig.2
Access Backhaul of Remote DSLAM
Fig.3
Chapter 6: WiMAX Implementations
TS09TEC09En 4
Wireless Backhaul for Hot Spots
Fig .4 2 Siemens WiMAX Products:
SkyMAX Portfolio
Fig.5
Chapter 6: WiMAX Implementations
TS09TEC09En 5
SkyMAX Access System
• Compliant with IEEE802.16-2004/ETSI HiperMAN OFDM 256 FFT size.
• Seamless upgradeable to IEEE802.16e SOFDMA (Scalable OFDM Access).
• Triple Play (HSIA, VoIP, video) services with guaranteed QoS.
• Platinum, Gold, Silver, Bronze user groups.
• Non-Line of Sight and Line of Sight operation.
• Multiple frequency bands, FDD, H-FDD and TDD duplex.
• Highest range (>30 km in LOS).
• Seamless integration into existing IP network.
• Different Subscriber Terminal models, indoor and outdoor installation.
• High data rate (30 Mbps per user). HSIA High Speed Internet Access
2.1 SkyMAX Base Station
Shelf Layout and Functional Units
• Carrier-Grade Redundancy
- Hot swappable functionality.
- Centralized management.
- Supports up to 4 sectors.
• 100/1000 Base-T Interface.
• ODU: HighPower remote OutDoor Unit (35 dBm = ca. 3,1 W).
Chapter 6: WiMAX Implementations
TS09TEC09En 6
• CU: Connector Unit.
• SMU: Sector Modem Unit.
• CSU: Controller & Switching Unit.
Fig.6
Basic Technical Data
Chapter 6: WiMAX Implementations
TS09TEC09En 7
SkyMAX Micro-Basestation
Overview and Main Technical Data
• Functional Units
- One SMU.
- One ODU.
• Networking
- 10/100 Base T network interface.
• Performance
- One Sector.
- Max net throughput 80 Mbps.
- Up to 16 Service Flows per ST.
• Physical & Mechanical
- 1U high, ETSI/19” rack mounting.
- Max power consumption 120 W. SMU Sector Modem Unit
ODU Outdoor Unit
Fig.7
Chapter 6: WiMAX Implementations
TS09TEC09En 8
SkyMAX Basestation Summary
• SkyMAX Base station
- WiMAX Compliant, upgradeable towards IEEE802.16e SOFDMA.
- SW Configurable RF Channel (up to 14MHz).
- Robust error correction technique for reliable data transmission.
- Flexible Architecture (split indoor-outdoor part).
- Maximize coverage (High Power ODU DL, RX Div./Sub-chann. UL).
- RX Diversity solution (integrated in one ODU).
- Redundancy concept (all units are protected).
- Synchronisation concept (GPS, external synch).
- Seamless Integration into existing network (Simple networking concept).
- Sophisticated scheduling algorithm for Grade of Service (GoS) Management.
• SkyMAX Micro-Base station
- Low capacity, low cost version.
- Same features set as SkyMAX BS.
2.2 SkyMAX Subscriber Terminal
Different CPE models for the different users:
• SkyMAX Residential
- Fully indoor, self-installing.
- For SOHO and residential users.
Chapter 6: WiMAX Implementations
TS09TEC09En 9
- Three versions with different numbers and type of interface:
• SkyMAX Residential Modem.
• SkyMAX Residential Multi-User.
• SkyMAX Residential Portable Modem.
Fig.8
• SkyMAX Business
- Fully outdoor.
- For business customers and Gold residential users.
Fig.9
SkyMAX Subscriber Terminal
SkyMAX Residential
• SkyMAX Residential
- Fully indoor, self-installing, small-form-factor.
- Non-Line-Of-Sight operation (NLOS).
Chapter 6: WiMAX Implementations
TS09TEC09En 10
- Several antenna options (omni directional, desktop, window, external antenna).
- Multi-level QoS via traffic classification.
- Networking features, Ethernet interface.
- Remote configuration, management and software upgrades.
Fig.10
SkyMAX Residential Versions
• SkyMAX Residential Modem: Ethernet 10/100 Base T.
• SkyMAX Residential Multi-User:
- Multiple Ethernet 10/100 Base T interface (RJ45).
- POTS interface (RJ11) for voice transport (SIP/H.323).
- Optional WiFi access point.
Fig.11
• SkyMAX Residential portable modem: battery, SIM cardholder for nomadic and portable usage.
Chapter 6: WiMAX Implementations
TS09TEC09En 11
Fig.12
SkyMAX Business
• SkyMAX Business Modem provides cost efficient Broadband wireless access to SME/SOHO customers
- Fully outdoor unit with indoor connector box.
- Integrated high gain antenna (no feeder loss).
- Advanced routing functionalities.
- Single drop cable for power and subscriber interface.
- Non-Line-Of-Sight operation (NLOS).
- Multi-level QoS via traffic classification and SLA enforcement.
- Ethernet user interface, optional TDM interface.
- Remote configuration, management and software upgrades.
Fig.13
Chapter 6: WiMAX Implementations
TS09TEC09En 12
Technical Data
2.3 SkyMAX Air Interface
Main features
• Compliant to IEEE802.16-2004 OFDM 256 FFT size.
• SkyMAX provides main IEEE802.16-2004 air-interface features
- BPSK, QPSK, 16QAM, 64QAM automatic modulation and coding Scheme.
- Subchanneling (up to 16 sub-channels).
- Automatic Repeat Request (ARQ).
- Payload Header Suppression (PHS).
- QoS (UGS, rt-PS, nrt-PS, BE scheduling services):
- Dynamic Services (DSx).
- PDU Concatenation, Packing and Fragmentation.
- Unicast, contention based and piggyback BW requests.
Chapter 6: WiMAX Implementations
TS09TEC09En 13
- Automatic Transmit Power Control for UL (initial calibration and periodic adjustment).
- ST Authentication according to standard Security Sublayer.
• Different SLA’s supported with guaranteed QoS. SLA Service Level Agreement
SkyMAX Access System
E2E Reference Architecture
Fig.14
Chapter 7: Future Outlook
TS09TEC09En 1
Chapter 7 Future Outlook
Aim of study This chapter introduces general WiMAX Alternative Broadband Wireless Access
Technologies.
Contents Pages
1 Alternative Broadband Wireless Access
(BWA) Technologies
2
Chapter 7: Future Outlook
TS09TEC09En 2
Chapter 7
Future Outlook
1 Alternative Broadband Wireless Access (BWA)
Technologies
1.1 HSDPA –Overview
• HSDPA: High Speed Downlink Packet Access.
• Evolution of the Wideband Code Division Multiple Access (WCDMA).
• „Turbo-UMTS“.
• Software upgrade of UMTS.
• Standardized by the 3GPP (Third Generation Partnership Project) in Release 5 of the 3G specification.
• Jan. 2005: Siemens NodeB 8080 supports HSDPA.
• Pre-Series PC-Cards available.
• Peak downlink data rate: up to 4Mbit/s.
• Modulation scheme: QPSK, 16QAM.
• Adaptive modulation and coding (AMC).
• Typical applications:
- High volume data transfer.
- Realtime video streaming.
Chapter 7: Future Outlook
TS09TEC09En 3
1.2 FLASH-OFDM –Overview
• FLASH-OFDM: Fast Low-latency Access with Seamless Handoff – Orthogonal Frequency Division Multiplexing
• Developed by Flarion (partnership with Siemens): proprietary solution.
• Operates on 450 MHz.
• Directed to China, USA and Eastern Europe.
• Products will be available in 2005.
• Standard: IEEE 802.20 (not released yet).
1.3 FLASH-OFDM – Technical Overview
• Designed for IP transmission (VoIP etc.).
• Delay < 50 msec.
• Low costs due to usage of standard IP components.
• typical data rates with one carrier:
- Downlink: 1-1.5 MBit/s with a burst rate up to 3.2 Mbit/s*.
- Uplink: 300-500 kbit/s with a burst rates of 900 kbit/s.
• Supports moving users with speed up to 250km/h.
• Uses FDD.
• 1.25 MHz channel frequency.
Chapter 7: Future Outlook
TS09TEC09En 4
Positioning of WiMAX, HSDPA and FLASH-OFDM
Fig. 1
Comparison between BWA Alternatives
Chapter 8: Technical Aspects
TS09TEC09En 1
Chapter 8 Technical Aspects
Aim of study This chapter introduces MAC Protocol Data Unit & OFDM technology.
Contents Pages
1 Comparisons 2
2 802.16 Layered Architecture 6
3 Traffic Connection Set-up 15
4 Mac Protocol Data Unit 19
5 Bandwidth Allocation and Request Mechanism 26
6 802.16 Framing 32
7 OFDM Technology 36
8 Adaptive Modulation 39
9 Network Entry 40
Chapter 8: Technical Aspects
TS09TEC09En 2
Chapter 8
Technical Aspects 1 Comparisons 1.1 WIMAX versus WLAN
Points of comparison WIMAX WLAN
MAC layer
Grant request mechanism to authorize the exchange of data to facilitate resources sharing
Simple mechanism
security
Full range of securityTerminal authentication by exchanging certificates to prevent rogue devices and user authentication (EAP)
Poor of first release WEP
speed
Could be able to handle up to 70MB/S among users (up to DSL rate per user)
Can transmit up to 54MB/S
distance In KM in range of 50Km
In meter range(about30 m)
Chapter 8: Technical Aspects
TS09TEC09En 3
1.2 Comparison between WIMAX and WI-FI
802.16 802.11b(WI -FI) Technical difference
rangeUp to 30 miles typical cell size (4-6miles)
Sub -300 feet(add access points for greater coverage)
802.16 tolerates greater multipath delay spread via 256 FFT vs. 64 FFT
coverage
Outdoor NLOS performance standard support for advanced antenna techniques
Optimized for indoor performance ,short range
802.16 systems has an overall higher system gain delivering greater penetration through obstacles at longer distances
scalability
Designed to support hundreds of CPES with unlimited subscribers behind each CPE
Intended for LAN applications ,users scale from one to tens with one subscriber for each CPE device
802.16 can use all available BW ,multiple channel support cellular deployment,802.11 is limited to license exempt spectrum
Bit rate
Up to 100 MB/S in 20 MHZ channel
Up to 54 MB/S in 20MHZ channel
Higher modulation coupled with flexible error correction
QOSBuilt in to MAC voice/video service levels
No QOS support
802.11 is contention based MAC (CSMA/CA) ,802.16 dynamic TDMA-based MAC with on-demand BW allocation
MAC Polling –based MAC layer
Contention based MAC
Chapter 8: Technical Aspects
TS09TEC09En 4
802.16 802.16a 802.16e.
completed DEC 2001 802.16a JAN 2003
Estimated Q3 05
spectrum 10-66 GHZ Around 11 GHZ
Around 6 GHZ
Channel conditions L.O.S (PTP) N.L.O.S(PMP) NLOS
Bit rate 32-134 MB/S at 28 MHZ
Up to 75 MB/S at 20 MHZ
Up to 15 MB/S at 5MHZ channel
modulation QPSK,16QAM and 64QAM
OFDM(256 sub carriers ) QPSK ,16 QAM,64 QAM SC(optional)
Scalable OFDMA
mobility Fixed Fixed-nomadic
Pedestrian mobility (regional roaming)
Channel B.W
20,25and 28 MHZ
Selectable channel BW between 1.25 and 20MHZ
Same as 802.16a with UL-sub channels (1.25 -20 MHZ)
Typical cell radius 2-5 KM
5-8 KM max range 50KM based on power height antenna gain and transmit power
2-5 KM
Chapter 8: Technical Aspects
TS09TEC09En 5
1.3 Broadband wireless technology
W-CDMA HSDPA WIMAX FLASH OFDM
system cellular
Fixed /nomadic wireless broadband internet access (incl mobility variant)
Cellular high speed wideband data mobility packed switched air interface TCP/IP (core)
mobility Global (around Km/h) Limited (around 120Km/h)(16e)
Global (around 250 Km)
Peak data rate 14 MB/S1.5MB/S at 5MHZ paired
Up to 70 MB/S (UL/DL) at 20 MHZ(BW scalable)
3MB/S DL 800KB/S UL at 1.25 MHZ paired
spectrum IMT-2000 FDD
Licensed and exempt around 6GHZ NLOS(2.5,3.5,2.4,5.8 GHZ)
Licensed bands around 3.5 GHZ
standardization 3GPP rel .5 802.16 complete 802.16e mid 2005
802.20 (2005)
technology CDM,FDD.CDMA/TDMAOFDM,FDD OR TDD TDMA/OFDMA
OFDM, FDDOFDMA
Chapter 8: Technical Aspects
TS09TEC09En 6
2 802.16 Layered Architecture 2.1 WiMAX 802.16 Layered Architecture
The protocol architecture of WiMAX/802.16 is structure into two main layers:
the MEDIUM ACCESS CONTROL (MAC) LAYER and the PHYSICAL
LAYER.
MAC LAYER is formed by three sub layers: The CONVERGENCE SUB
LAYER, the COMMON SUB LAYER and the SECURITY SUB LAYER.
Fig.1 2.1.1 WiMax 802.16 MAC Convergence Sub Layer
The CONVERGENCE SUB LAYER (CS) adapts units of data (e.g. IP
packets or ATM cells) of higher level protocols to the MAC Service Data Unit
(SDU) format, and vice versa. The CONVERGENCE LAYER also sorts the
incoming MAC SDUs by the connection to which they belong.
Chapter 8: Technical Aspects
TS09TEC09En 7
Fig.2
WayMax 802.16 MAC Convergence Sub Layer
In the present SVR three Convergence Sub-layers are supported:
• Ethernet or 802.3.
• IPv4 over 802.3 / Ethernet (same as previous but with additional classifier rules).
• 802.1Q VLAN.
WayMax MAC Convergence Sub Layer: Forwarding
BS Forwarding
• WiMAX adapts a connection oriented packet forwarding scheme on air interface: user data is assigned to a data traffic connection.
• According to the frame destination MAC address, the BS identifies the destination ST and the pool of CIDs associated to the ST.
Chapter 8: Technical Aspects
TS09TEC09En 8
ST Forwarding
• Connections are activated by the BS only.
• The ST listens DL sub-frames, checks the CIDs in the received PDUs and retains only those PDUs addressed to them.
• ST builds its own a MAC address table.
• FILTERING (UL direction): the ST does not forward to the radio interface he UL local traffic (traffic directed to hosts connected to the ST LAN interface).
MAC Convergence Sub Layer: Classification
Quality of service handling requires that the User or Terminal Station is
identified and a Service Level Agreement is defined for that User or that
Terminal Station.
The Base Station shall be able to associate more than one connection to the
same User/Terminal Station and to differentiate connection parameters.
The base station shall classify the downlink traffic according to classification
criteria (such as IPv4 ToS, 802.1p priority field).
The same classification process is also supported in the Terminal Station.
Classification: IPv4 ToS
ToS values are in the range 0 to 63, considering only the 6 bits used to encode
the value and not taking into account the two least significant and unused bits
of the byte (DSCP). Considering the complete byte, the classical ToS values
(between 0 and 63) shall be multiplied by four.
Chapter 8: Technical Aspects
TS09TEC09En 9
Fig.3 ToS field of one IPv4 packet
Classification: 802.1Q VLAN
Fig.4
2.1.2 WiMax 802.16 MAC Common Part Sub layer
The central element of the layer architecture is the COMMON PART SUB
LAYER (CPS). In this layer, MAC Protocol Data Units (PDUs) are
constructed, connections are established and bandwidth is managed.
The COMMON PART exchanged MAC Service Data unit (SDUs) with the
CONVERGENCE LAYER.
Chapter 8: Technical Aspects
TS09TEC09En 10
Fig.5 2.1.3 WiMax 802.16 MAC Security Sub layer
The SEQURITY SUBLAYER is tightly integrated with the COMMON
PART. The SEQURITY SUBLAYER addresses authentication, establishment
of keys and encryption.
Fig.6
Chapter 8: Technical Aspects
TS09TEC09En 11
2.1.4 WiMax 802.16 MAC Physical Layer
The PHYSICAL LAYER (PHY) is a two way mapping between MAC PDUs
and PHYSICAL LAYER frames received and transmitted through coding and
modulation of RF signal.
Fig.7
2.2 WiMax 802.16 MAC Connection Oriented
802.16 MAC is connection oriented. Every service is mapped to a connection,
and every connection is referenced with 16-bit connection identifier (CID) and
may require continuously granted bandwidth on demand {4}. MAC layer
connections can be seen in a way like TCP connections. Like TCP
connections, in which a computer may have simultaneously many different
active connections in different ports, in MAC connections the SS may have
many connections to a BS for different services like network management or
user data transport. The major different though, is that in MAC connections,
every connection may have different parameters for bandwidth, security and
priority.
Chapter 8: Technical Aspects
TS09TEC09En 12
Every connection is identified by its CID- the CID is assigned by the BS.
When a SS is joining the network three CID's are assigned to it and each one
has different QoS requirements used by different management levels: Basic,
Primary Management and Secondary Management connections.
In WayMAX the SS can support 12 connections for traffic and 4 connections
for management (one is broadcast).
2.3 WiMax 802.16 connection Setup
Fig.8 2.4 WiMax 802.16 Quality of Service
The IEEE 802.16 supports many traffic types (data, voice, video) with
different QoS requirements.
Chapter 8: Technical Aspects
TS09TEC09En 13
The standard defines four types of DATA FLOW, each one with distinct QoS
requirements.
1. UNSOLICED GRANT SERVICES (UGS): designed to support constant Bit Rate (CBR), such as T1/E1 link or delay-jitter dependent services like VOIP. They need constant bandwidth allocation.
3. NON REAL TIME PS (nrtPS): to support variable grant burst profiles: FTP. They require a minimum bandwidth allocation.
Supported by the WayMAX 1.1 = ــــــــــــــــ
2.4.1 Quality of Service Architecture: Base Station
Fig.9
2. REAL TIME POLLING SERVICES (rtPS): to support variable data packets on periodic basis, like MPEG video. They have specific bandwidth requirements.
4. BEST EFFORT (BE): access to Web Surfing. BE applications receive the remaining bandwidth after the allocation to the three previous type of service.
Chapter 8: Technical Aspects
TS09TEC09En 14
• All incoming packets are forwarded according to their MAC addresses.
• Classifier function put the incoming frames onto one 802.16 connection within the CID pool selected by the forwarding function.
• Each connection is associated to a dedicated buffer (queue).
• Each queue has an associated priority.
• The Scheduler manages the CID queues determining which connection shall take the current transmit opportunity.
2.4.2 Quality of Service Architecture: Terminal Station
• Connections are activated by the BS only.
• The TS listens DL sub-frames, checks the CIDs in the received PDUs and retains only those PDUs addressed to them.
• TS builds its own a MAC address table.
• FIL TERING (UL direction): the TS does not forward to the radio interface he UL local traffic (traffic directed to hosts connected to the ST LAN interface).
Fig.10
Chapter 8: Technical Aspects
TS09TEC09En 15
Resume
CONNECTIONS
• 802.16/WiMAX is connection oriented.
• For each direction, a connection identified with a 16 bit CID will be created.
• Each CID is associated with a Service Flow that QoS parameters for that CID.
MANAGEMENT MESSAGES
Management messages are broadcast or sent on three CIDs in each direction:
• Uplink Channel Descriptor.
• Downlink Channel Descriptor.
• UL-MAP.
• DL-MAP.
• DSA-REQ.
• DSA-RSP.
3 Traffic Connections set-up
Profiles
The Network Operator defines for each Base Station a set of PROFILES that
intends to adapt: they are all listed in a table and some of them will be
associated, by the Network Operator, to the connections that will be created
for each Terminal Station.
Chapter 8: Technical Aspects
TS09TEC09En 16
Profile is defined as a set of the following information:
• Profile Name.
• Class of Service of radio connection (UGS, rtPS, nrtPS, BE).
• List of QoS rules.
For each direction is possible to specify the following parameters:
• Class of Service.
• MSTR.
• MRTR.
• CRC enabling.
• Fragmentation enabling.
• Packing enabling.
MSTR = Maximum Sustained Traffic Rate
MRTR = Minimum Reserved Traffic Rate
CRC = Cyclic Redundancy Check
Example of Terminal Station connections set up (1)
Step 1: The End User subscribes the Service Level Agreement (SLA)
proposed by the service provider and it receives a new Terminal Station
identified by the MAC address
Ex: 00:01:E3: FA: 86:70.
Chapter 8: Technical Aspects
TS09TEC09En 17
Step 2: The Network operator inserts the MAC address of the new Terminal
Station inside the Base Station (Sector 1). TID 3 is assigned automatically by
the BS to this entry.
Fig.11
Example of Terminal Station connections set up (2)
Step 3: according to the subscribed SLA, the Network Operator assigns the
Profile 1 and 3. The Network Operator assigns the profile 1 as the default one.
The provisioned Service Flows have been created.
Fig.12
Chapter 8: Technical Aspects
TS09TEC09En 18
Example of Terminal Station connections set up (3)
Step 4: Each Profile assigned to TID 3 is associated to a different Service
Flow Identifier (SFID) by the Base Station.
Fig.13
Step 5: During the Ranging procedure, the Terminal Station announces its
MAC address. The Base Station uses The Terminal MAC 00:01:E3:FA:86:70
to identify the associated TID (TID=3).
Step 6: TID value is used to identify all the SFIDs defined for the associated
Terminal Station.
Example of Terminal Station connections set up (4)
Step 7: Each SFID of this Terminal Station is uniquely assigned to a CID that
activates a specific Service Flow having the specified set of traffic parameters
and classifiers.
Step 8: The Base Station now can forward the user traffic directed to the
Terminal Station 3 using the CIDs applying, to the incoming packets, the set
of defined QoS rules for those CIDs.
Chapter 8: Technical Aspects
TS09TEC09En 19
Example of Terminal Station connection set up (Downlink)
Fig.14
4 MAC Protocol Data Unit
Because the 802.16 PHY is a wireless PHY layer, the main focus of the MAC
layer is to manage the resources of the air-link in an efficient manner.
Data Frames
Fig.15
Chapter 8: Technical Aspects
TS09TEC09En 20
Generic Mac Header
The Generic MAC Header (GMH) contains details of the MAC Protocol Data
Units (MPDUs).
Fig.16
The sub headers are used to implement the signaling necessary for
fragmentation, packing, ARQ and mesh features of the MAC.
A 32 bit CCITT standard CRC of the entire MPDU may be appended to the
frame if required.
Payload field
The payload can either contain a management message or transport data.
A payload in a transport connection can contain:
• A MAC Service Data Unit (MSDU).
• Bandwidth requests.
• Fragments of MSDUs (Fragmentation).
• Aggregates of MDSUs (Packing).
• Automatic Retransmission Requests (ARQ).
Chapter 8: Technical Aspects
TS09TEC09En 21
Generic MAC PDUs (1)
Generic MPDUs carry transport and management information, dependent on
which connection the CID in the header indicated. Each generic MPDU begins
with a Generic Mac Header (GMH).
HT bit is set to 0 in order that the header is a GMH.
The EG bit indicates that the frame is encrypted.
The CRC indicator CI indicates the presence of the optional CRC at the end of
the MPDU.
The encryption Key sequence EKS indicates which key was used to encrypt
the frame.
The 11 bits of the LEN field indicate the number of bytes in the MPDU
including the header and the CRC.
This limits the frame length to a total of 2047 bytes.
The CID indicates which connection the MPDU is serving.
The HCS is a 8-byte CRC of the first 5 bytes of the GMH.
The Type field contains 6 bits that indicate what is present in the payload.
The sub headers are used to implement the signaling necessary for
fragmentation, packing, ARQ and mesh features of the MAC.
Chapter 8: Technical Aspects
TS09TEC09En 22
Generic MAC PDUs (2)
Fig.17
Type Field:
• Bit 0 is set when a grant management sub header is present in the payload.
• Bit 1 is set when a packing sub header is present in the payload.
• Bit 2 is set when a fragmentation sub header is present in the payload.
• Bit 3 is set when the fragmentation or packing headers are extended.
• Bit 4 is set when the frame contains an ARQ feedback payload.
• Bit 5 is set when a mesh sub header is present.
Bandwidth Request PDUs
To request changes to the granted characteristics of a connection, a 6-byte
bandwidth request is transmitted from the SS to the Bs in place of the Generic
Mac Header.
The Header Type (HT) bit is set to 1 to indicate that the header is a bandwidth
request header and not a GMH.
The Encryption control bit (EC) must be set 0.
Chapter 8: Technical Aspects
TS09TEC09En 23
The 6-bit Type field takes the value 0 to indicate an incremental bandwidth
request or a value of 1 to indicate an aggregate request that is the SS informs
the BS of its total current bandwidth needs for a connection. This allows the
BS to reset its perception of the SSs needs, acknowledging the use of granted
bandwidth.
The CID field indicates the connection for which the bandwidth request is
being mode.
The BR field indicates the number of uplink bytes of bandwidth being
requested.
The HCS field is an 8 bit CRC of the first 5 bytes of the bandwidth request
header. No payload is transmitted.
Fig.18
Grant Management Sub-Header (1)
The GRANT management sub header is a lightweight way to attach a request
uplink bandwidth. Each connection, identified by the 16 bit CID, has a
particular class of scheduling service assigned to it. If the CID in the GMH
indicates a channel that is using the Unsolicited Grant Service (UGS) then the
following grant management sub-header format is used.
Chapter 8: Technical Aspects
TS09TEC09En 24
Fig.19
The Slip Indicator (SI) bit is used by the Terminal station to inform the Base
Station that the uplink buffer servicing a flow has filled up, generally due to
the rate of arrival of the data to be sent being slightly faster than the granted
uplink rate. It acts as a request to the Base Station to make additional uplink
grants.
The Poll Me (PM) bit is used to request that the Base Station sends a
bandwidth poll.
Grant Management Sub-Header (2)
In the case of any of the other scheduling services (rtPS, nrtPS, or BE), the
following format is used:
Fig.20
The PIGGYBACK request is a 16 bit number that represent the number of
uplink bytes of bandwidth being requested for the connection. The piggyback
request is used to explicitly indicate the amount of uplink bandwidth that the
Terminal Station wants to be granted to it.
Chapter 8: Technical Aspects
TS09TEC09En 25
Fragmentation
As MSDU may be divided into fragments that are transmitted independently.
To signal this, a Fragment Sub Header (FSH) is included at the start of the
payload.
Fig.21
The FSH describes a fragment of an MSDU.
The Fragment Control (FC) bits indicate whether the fragment is the first
fragment of an MSDU (10), the last fragment (01) or a fragment somewhere in
the middle (11). The Fragment Sequence Number (FSN) increases by one for
each fragment of an MSDU so the receiver can reassemble fragments
appropriately.
Fig.22
Packing
Multiple MSDUs or multiple MSDU fragments can be packet into a single
MSDU. This is sometimes referred to as MAC-level PACKET
AGGREGATION.
Chapter 8: Technical Aspects
TS09TEC09En 26
To indicate that packing is used in an MPDU, a bit in the GMH indicates the
presence of a packing sub header. An MPDU can contain multiple packing
sub header, each followed by either an MSDU or a fragment of an MSDU.
Fig.23
Since an MSDU can be broken into fragments and transmitted in packed
frames, this enables the Base station to make better use of the available slots
and the channel. For instance, an MSDU that does not fit into the remainder of
an MPDU can be allocated to occupy the remainder of the current MPDU and
the rest will be send in the subsequent MPDUs.
The length field enables the receiver to identify where the start are of next
PSH begins in the MSDU payload.
5 Bandwidth Allocation and Request Mechanism
Bandwidth allocation and request mechanism
BANDWIDTH RERQUES From SS to Bs
GRANT From BS to SS
POLLING From BS to SS
The request-grant mechanism is designed to be scalable, efficient, and self-
correcting. The 802.16 access system does not lose efficiency when presented
with multiple connections per Terminal, multiple QoS levels per terminal and
a large number of statistically multiplexer users.
Chapter 8: Technical Aspects
TS09TEC09En 27
It takes advantage of a wide variety of request mechanisms, balancing the
stability of connection-less access with the efficiency of connection-oriented
access.
Polling
Polling is the process by which the BS allocates to the SSs bandwidth
specifically for the purpose of making bandwidth requests.
Bs transmits inside the UL-MAP (Phy Frame), messages to the SSs in order to
receive from them bandwidth requests.
Polling may be:
UNICAST The SS receives in the UL-MAP a bandwidth
allocation from BS. If SS does not need bandwidth, it
returns a stuff byte. A SS with UGS service, can be
polled only after the Poll Me Bit has set. The SS is
polled individually.
CONTENTION-
BASED
Connection-based bandwidth request is used when
insufficient bandwidth is available to individually poll
many inactive SS's. The allocation is multicast or
broadcast to a group of SS's that have to contend for
the opportunity to send bandwidth requests. Due to
the non-deterministic delay that can be caused by
collision and retries, contention based request are
allowed only for certain lower QoS classes of
services.
Chapter 8: Technical Aspects
TS09TEC09En 28
Request The BS schedules regularly, in a preemptive manner, grants of the size negotiated at connection setup, without an explicit request from the SS.
The GRANT SUB-HEADER includes the POLL ME BIT as well as the SLIP INDICATOR FLAG.
The BS, upon detecting the slip indicator flag can allocate some additional capacity to the SS, allowing it to recover the normal queue state.
Connections configured with UGS are not allowed to utilize random access opportunities for request. The SS needs not request bandwidth. The BS grants it UNSOLICATED.
To short circuit the normal polling cycle, any SS with a connection running UGS can use the POLL ME BIT to let the BS know it needs to be polled for bandwidth needs on another connection.
They are services that are dynamic in nature, but the BS offers PERIODIC dedicated bandwidth request opportunities to meet Real Time Requirements. The capacity is granted only according to the real need of the connection.
It ia almost identical to the real time polling service except that connections may utilize RANDOM access transmit opportunities for sending bandwidth requests.
UGS Service
CONSTANT BIT RATE
VOICE over IP, STREEMING VIDEO or AUDIO
REAL TIME POLLING SERVICE
Delay tolerant with variable packet size and a periodic transmission. E.G. : FTP
NON REAL TIME POLLING SERVICE
Chapter 8: Technical Aspects
TS09TEC09En 29
The SS sends requests for bandwidth in either RANDOM access slots or DEDICATED transmission opportunities. The occurrence of dedicated opportunities is subject to network load, and the SS cannot rely on their presence.
Fig.24
A more conventional way to request bandwidth is to send a Bandwidth request
MAC PDU that consists of simply the Bandwidth Request Header and no
payload.
WEB Surfing
BEST EFFORT service
Chapter 8: Technical Aspects
TS09TEC09En 30
A closely method of requesting data is to use a GRANT Management Sub
Header to PIGGYBACK a request for additional bandwidth for the SAME
connection within a PDU.
GRANT
Fig.25
The IEEE 802.16 MAC accommodates two classes of SS, differentiated by
their ability to accept bandwidth grants simply for a connection or for the SS
as a whole. Both classes of SS request BW per connection to allow the BS
uplink scheduling algorithm to properly consider QoS when allocating BW.
With the GPC class of SS, bandwidth is granted explicitly to a connection,
and the SS uses the grant only for that connection.
With GPSS class, SSs are granted bandwidth aggregated into a single grant to
the SS itself. The GPSS SS needs to be more intelligent in its handling of
QoS. All the services will use the SS base CID.
Chapter 8: Technical Aspects
TS09TEC09En 31
QoS Mechanism for multimedia Services
Fig.26
Fig.27
Chapter 8: Technical Aspects
TS09TEC09En 32
6 802.16 Framing
WiMax 802.16 Framing: FDD
At the PHYSICAL LAYER, the flow of bits is structured as a sequence of
frames of equal length. There is a DOWNLINK subframe and an uplink
subframe. Two modes of operation are possible: FREQUENCY DIVISION
DUPLEX (FDD) and TIME DIVISION DUPLEX (TDD).
In FDD, the downlink subframe and uplink subframe are simultaneous, but
don't interfere because they are sent on different frequencies. The uplink is
TIME DIVISION MULTIPLE Access (TDMA) which means that the
bandwidth is divided into time slots. Each time slot is allocated to an
individual Terminal Station being served by the Base Station.
Fig.28
WiMax 802.16 Framing: TDD (1)
In TDD, the downlink subframe and the uplink subframe are consecutive. TX
and RX frequencies are the same.
Chapter 8: Technical Aspects
TS09TEC09En 33
Fig.29 WiMax 802.16 Framing: TDD (2)
In TDD, it is interesting to note the adaptive subframe boundary whereby
allocation of downlink and uplink resources can be carefully controlled. This
is ideal for asymmetric services.
Fig.30
WiMax 802.16 Framing
A DOWNLINK SUBFRAME consists of two main parts. The first part
contains control information while the second part contains data. The control
information consists of a REAAMPLE and MAPS. The PREAMPLE is for
frame synchronization purposes.
Chapter 8: Technical Aspects
TS09TEC09En 34
The data part consists of a sequence of bursts. Each burst is transmitted
according to a profile of modulation and a kind of forward error correction.
They are sent in an increasing degree of demodulation difficulty. Hence, a
Terminal Station may only receive the bursts while it has the capability to do
it and ignores the bursts it cannot demodulate.
Fig.31 WiMax 802.16 Framing: more details
Fig.32
Chapter 8: Technical Aspects
TS09TEC09En 35
• The present SVR supports FDD mode. The frame duration is 5ms.
• Base Station periodically transmits DCD and UCD message.
• DCD Interval is set to 4 s. In order to support also H-FDD Terminal
Stations, the same message shall be repeated, without any modification,
in two consecutives frames.
• UCD Interval is set to 4 s. Like the previous, it shall be repeated in two consecutives frames.
• DL-MAP and UL-MAP shall be transmitted in every frame.
• Base Station periodically allocates an Initial Ranging Window in the uplink, allowing Terminal Stations not yet aligned with the Base Station to transmit and acquiring both timing and transmission power level alignment. Bursts transmitted by Terminal Stations for network entry purposes shall use PHY mode based on BPSK modulation format.
The default value of the Initial Ranging Interval parameter is set to 1s. It
shall be possible configuring this parameter between 20 ms and 2 s, with 20
ms granularity.
Each Initial Ranging Window shall be formed by a fixed number of
transmission opportunities.
The time length of each opportunity depends on the OFDM symbol period
and on the delay introduced by the Cell. For this reason via LCT will be
necessary to specify the Maximum Cell Size.
Transmission opportunities are broadcast in downlink.
Chapter 8: Technical Aspects
TS09TEC09En 36
7 ODFM Technology
WiMax 802.16 OFDM (1)
Orthogonal Frequency division Multiplexing (OFDM) technology provides
operators with an efficient means to overcome the challenges of NLOS
propagation. The WiMAX OFDM waveform offers the advantage of being
able to operate with larger delay spread of the NLOS environment. By virtue
of the OFDM symbol time and use of a cyclic prefix, the OFDM waveform
eliminates the inter-symbol interference (ISI) problems and the complexities
of adaptive equalization. Because the OFDM waveform is composed of
multiple narrowband orthogonal carriers, selective fading is localized to a
subset of carriers that are relatively easy to equalize. As example is shown
below as a comparison between an OFDM signal and a single carrier signal,
with the information being sent in parallel for OFDM and in serial foe single
carrier.
Fig.33
Chapter 8: Technical Aspects
TS09TEC09En 37
WiMax 802.16 OFDM (2)
The ability to overcome delay spread, multi-path, and ISI in an efficient
manner allows for higher data throughput. As example, it is easier to equalize
the individual OFDM carriers than it is to equalize the broader single carrier
signal.
Fig.34
WiMax 802.16 OFDM (3)
Sub Channelization in the uplink is an option within WiMAX. Without sub
channelization, regulatory restrictions and the need for cost effective CPEs,
typically cause the link budget to be symmetrical, this cause the system range
to be up limited. Sub channeling enables the link budget to be balanced such
that the system gains are similar for both the up and down links. Sub
channeling concentrates the transmit power into fewer OFDM carriers; this is
what increase the system gain that can either be used to extend the reach of the
system, overcome the building penetration losses, and or reduce the power
consumption of the CPE. The use of sub-channeling is further expanded in
orthogonal frequency division multiple access (OFDMA) to enable a more
flexible use of resources that can support nomadic or mobile operation.
Chapter 8: Technical Aspects
TS09TEC09En 38
Fig.35
WiMax Parameters (802.16d)
OFDM SYMPOL
MODULATION AND CODING Seven combinations of modulation and coding scheme:
Chapter 8: Technical Aspects
TS09TEC09En 39
All the sub-carrier are allocated for the transmission of a single Terminal
Station
Examples of Thresholds
8 Adaptive Modulation
The use of adaptive modulation and adaptive coding enables each end-user
link to dynamically adapt to the propagation path conditions for that particular
link. When received signal levels are low, as would be the case for users more
distant from the base station, the link automatically throttles down to a more
robust, but less efficient, modulation scheme. Since each modulation scheme
has a different modulation efficiency the effective channel capacity can only
be determined by knowing what modulation and coding scheme is being used
for each end-user link sharing that particular channel.
Chapter 8: Technical Aspects
TS09TEC09En 40
Fig.36
9 Network Entry
Intro
Each Subscriber Station has an a standard MAC address, but this serves
mainly as an equipment identifier, since the primary addresses used during
operation are the CIDs.
Upon entering the network, the Subscriber Station is assigned three
management connections in each direction.
The first of these is the BASIC CONNECTION for short like MAC and Radio
Link Control (RLC).
The second is the PRIMARY MANAGEMENT CONNECTION, used to
transfer longer messages like authentication and connection set-up.
Chapter 8: Technical Aspects
TS09TEC09En 41
The last is the SECONDARY MANAGEMENT CONNECTION used for the
transfer of other standard-based management messages such as Dynamic Host
Configuration Protocol (DHCP), Trivial File Transfer Protocol (TFTP) and
Simple Network Management Protocol (SNMP).
In addition to these management connections, SSs are allocated transport
connections for the contracted services. Transport connections are
unidirectional to facilitate different uplink and downlink QoS and traffic
parameters; they are typically assigned in pair.
Subscriber Station Network Entry
Fig.37
Terminal Station Identifier
The Ranging Request Message from the Terminal Station to the Base Station
contains the MAC address of the Terminal Station, which is unique in the
world.
Chapter 8: Technical Aspects
TS09TEC09En 42
The MAC address shall be associated to a shorter identifier to identify a
specified Terminal Station, called TID (Terminal Station Identifier)
TID is 2 byte long.
Downlink Channel Synchronization
When a Terminal Station wishes to enter the network, it scans for a channel in
the defined frequency list. Normally a Terminal Station is configured to use a
specific Base Station with a given set of operational parameters, when
operating in a licensed band. If the Terminal finds a DL channel and is able to
synchronize at the physical level (it detects the periodic frame preamble), then
the MAC layer looks for Down link Channel Descriptor (DCD) and Uplink
Channel Descriptor (UCD) to get information on modulation and other DL
and UL parameters.
Fig.38
Chapter 8: Technical Aspects
TS09TEC09En 43
Initial Ranging
When a Terminal Station has synchronized with the DL channel and received
the DL and UL MAP for a frame, it begins the initial ranging process by
sending a ranging request MAC message on the initial ranging interval using
the minimum transmission power. If it does not receive a response, the
Terminal Station sends the ranging request again in a subsequent frame, using
higher transmission power. Eventually the terminal Station receives a ranging
response. The response either indicates power and timing corrections that the
Terminal Station must make or indicates success. If the response indicates
corrections, the Terminal Station makes these corrections and sends another
ranging request. I the response indicates success, the Terminal Station is ready
to send data on the UL.
Fig.39
Capabilities Negotiation
After successful completion of initial Ranging, the Terminal Station sends a
capability request message to the Base Station describing its capability in
terms of the supported modulation levels, coding schemes and rates, and
duplexing methods. The Base Station accepts or denies the Terminal Station,
based on its capabilities.
Chapter 8: Technical Aspects
TS09TEC09En 44
Fig.40
Authentication
After capability negotiation, the Base Station authenticates the Terminal
Station and provides key material to enable the ciphering of data. The
Terminal Station sends the X.509 certificate of the Terminal Station
manufacturer and a description of the supported cryptographic algorithms to
its Base Station. The Base Station validates the identify of the Terminal
Station, determines the cipher algorithm and protocol that should be used, and
sends an authentication response to the Terminal Station. The response
contains the key material to be used by the Terminal Station.
Fig.41
Chapter 8: Technical Aspects
TS09TEC09En 45
Registration
After successful completion of authentication, the Terminal Station registers
with the network. The Terminal Station sends a registration request message
to the Base Station and the Base Station sends a registration response to the
Terminal Station. The registration exchange includes IP version support,
Terminal Station managed or non-managed support, ARQ parameters support,
classification option support, CRC support, and flow control.
Fig.42
IP Connectivity (Optional)
The Terminal Station then starts DHCP to get the IP address and other
parameters to establish IP connectivity. The Base Station and Terminal Station
maintain the current data and time using the time of the day protocol. The
Terminal Station then downloads operational parameters using TFTP.
Chapter 8: Technical Aspects
TS09TEC09En 46
Fig.43
Transport Connection Creation After completion of registration and the transfer of operational parameters,
transport connection is created. For pre provisioned service flows, the
connection creation process is initiated by the Base Station. The Base Station
sends a dynamic service flow addition request message to the Terminal
Station and the Terminal Station sends a response to confirm the creation of
the connection.
Fig.44
Chapter 8: Technical Aspects
TS09TEC09En 47
Periodic Ranging
After the connection is establish, Periodic ranging is necessary to maintain a
link. The ranging operation is the basis of control loops that synchronize the
timing and power of the SSs transmission to the BS.
Fig.45