technology and challenges in wireless lanfacweb.cs.depaul.edu/jyu/technology/wlan-challenge.pdfzfrom...

1

01/12/2004 IEEE Communications Society 1

Technology and Challenges Technology and Challenges inin

Wireless LANWireless LANJames Yu, Ph.D.

School of CTIDePaul [email protected]


OutlineOutlineIntroductionFrom LAN (802.3) to Wireless LAN (802.11)Security – IEEE 802.11i (draft)QoS – IEEE 802.11e (draft)Mobility – RFC 2002, 2003, 2006Conclusions

2


Advantages of Wireless LANAdvantages of Wireless LAN

MobilityFlexibilityEase of deployment– Places where there is no cabling infrastructure

Cost– Continual drop in price for WLAN equipment

Performance– Higher speed standards


Customer Sites

Anytime/Anywhere Anytime/

Anywhere

Hotels Airports

Convention Centers

Office atHome

Head Office

Branch Offices

4© 2000, Cisco Systems, Inc.

Wireless on the Move: Wireless on the Move: The Mobile Office The Mobile Office

WMT-210

3


WLAN Operation ModeWLAN Operation Mode

Ad hoc Mode Infrastructure Mode

Wireless AccessPoint


WLAN Topology (BSS and ESS)WLAN Topology (BSS and ESS)

Basic Service Set (BSS) – Single CellExtended Service Set (ESS) – Multiple cellsDistribution System

(BSS) DS

4


Complex MAC AddressComplex MAC Address((802.11 has four address fields)802.11 has four address fields)

A3A1A2A44

A3 (wireless)

A1A2 3

A1A2A3 (wireless)

2

A1 (wireless)

A2 (wireless)

1(Ad Hoc)

Recv’erRecv’erAP

Sender AP

SenderCase

Channel 1Channel 1

Channel 1Channel 1

Wireless RepeaterWireless Repeater

WirelessrepeaterWirelessrepeater

WirelessClients

WirelessClients

LAN BackboneLAN Backbone

Case 2Case 3

Case 4

5


ClosetSwitch

Printer

Workstations

Backboneswitch

Access Point

Building One Building Two

Building-to-BuildingWireless Bridge

BuildingBuilding--toto--Building Wireless LANBuilding Wireless LANInstant Access to InformationInstant Access to Information

Case 4


WLAN Standard ActivitiesWLAN Standard Activities802.11802.11a - 5GHz- Ratified in 1999802.11b - 11Mb 2.4GHz- ratified in 1999802.11d - Additional regulatory domains 802.11e - Quality of Service802.11f - Inter-Access Point Protocol (IAPP)802.11g - Higher Data rate at 2.4GHz802.11h - Dynamic Frequency Selection and

Transmit Power Control mechanisms802.11i - Authentication, security, and key managementBluetooth (IEEE 802.15.1)HiperLAN/2

6


Standard Spread Spectrum

Radio Frequency

Max Speed (bps)

Max Distance (ft)

802.11 DSSS 2.4GHz 2M ----------------

802.11a OFDM 5 GHz 54M 60 ft

802.11b HR-DSSS 2,4GHz 11M/22M 300 ft

802.11g OFDM 2.4GHz 54M 300 ft

Bluetooth FHSS 2.4G Hz <1M 30 ft

HiperLAN OFDM 5 GHz 54M 60 ft

Note: distance varies for different vendor products.


IEEE 802.11 MAC LayerIEEE 802.11 MAC LayerCarrier Sense Multiple Access/Collision Avoidance (CSMA/CA)– Different from CAMA/CD (802.3)– STA cannot hear the collision signal as in the

wired world.Two access methods:– Distributed Coordination Function (DCF)– Point Coordination Function (PCF) - optional

7


Distributed Coordination Function Distributed Coordination Function (DCF)(DCF)

– The lower sublayer function of MAC– CSMA/CA

Collision Avoidance

– No collision detection (A station cannot hear the collision signal from other stations.)

– Also includes a set of delays which essentially provides a set of priority levels

– Interframe space (IFS) Short IFS (SIFS) for control framesDCF IFS (DCFS) for data frames


DCF AlgorithmDCF AlgorithmIf medium is idle, station waits to see if medium remains idle for a time equal to IFS (interframespace). If still idle, transmitIf medium is busy (either initially found busy or becomes busy during IFS), station continues to listenWhen medium becomes idle, station delays another IFS. If it is still idle after IFS, station chooses a random backoff factor. When backoffcounter reaches zero, transmit packet

8


CSMA/CA (DCF) CSMA/CA (DCF)


BackoffBackoff TimeTimeBackoff Time = Random() × SlotTime

whereRandom( ) = [0, CW]

CWmin ≤ CW ≤ CWmax. SlotTime = The value of the corresponding PHY characteristic.CWnew = (CWold + 1) × PF – 1 (where PF=2)

PF: persistence factor

9


Point Coordination Function (PCF)Point Coordination Function (PCF)Optional and implemented on top of DCFA single AP controls access to the media, and a Point Coordinator (PC) Agent resides in the AP. AP polls each station for data, and after a given time interval moves to the next station.– Guaranteed maximum latency

No stations are allowed to transmit unless it is pooled.AP could have a priority scheme for stations.PCF is useful for time-sensitive applications.


PCFPCF

NAV: network allocation vector

10


Other Important WLAN FeaturesOther Important WLAN Features

Control signaling – Request to Send (RTS)– Clear to Send (CTS)– Hidden Station Problem

FragmentationAcknowledgementSecurity


Outline (2)Outline (2)IntroductionFrom LAN (802.3) to Wireless LAN (802.11)Security – IEEE 802.11i (draft)QoS – IEEE 802.11eMobility – RFC 2002, 2003, 2006Conclusions

11


WLAN SecurityWLAN SecurityService Set Identification (SSID)Wired Equivalent Privacy (WEP)Shared key authentication– Stations exchange the key for encryption.– RC4 encryption algorithm– Key: 40 bits or 128 bits

User Authentication– Not specified in 802.11. (SSID)– 802.1X– VPN– Gateway/Proxy


WEP OperationWEP Operation

Frame Header

IV Header

FrameBody

ICV Trailer

FCS

40-bit WEP Key

24-bit IV

64-bit RC4

RC4Algorithm

RC4 Key Stream

IV: initialization vector ICV: integrity check value

24-bit IVIntegrity

check

4 bytes 4 bytes

randomly generated

12


WEP Key Distribution IssueWEP Key Distribution IssueKey is manually set in the driver.The key cannot be protected from local users.When a user leaves the organization, technically you must change the key information on all stations.For a large organization, there is a need to publish the key which is a security problem.


WEP Design IssueWEP Design Issue

“Weakness in the Key Scheduling Algorithm, “http://www.crypto.com/papers/others/rc4_ksaproc.pdf

A weakness of RC4 in generating the keystream.Hacker attack: using weak IV to attack a particular byte of the secret portion of the RC4 key.The time to attack is a linear algorithm to the key length.This is a complete break for WEP.

13


VPN for WLAN (LayerVPN for WLAN (Layer--3)3)

LAN

Wireless LAN LAN

VPN Tunnel IP

Ethernet

VPNGateway

RADIUSserver

Layer 2 tunnel over a layer 3 protocol

IP


Proxy/Gateway (LayerProxy/Gateway (Layer--7)7)

LAN

Gateway

SecurityServer

Internet1. User types any URL2. User gets a web page for service request3. After entering account info or credit card,

the user is authenticated.4. User can surf the Internet now.5. Issue: how about non-HTTP applications?

14


Extensible Authentication Protocol (EAP)Extensible Authentication Protocol (EAP)

EAP is an IETF standard (RFC 2284)and adopted by IEEE as the basis for 802.1X. It is called the port based network access control.EAP supports both wired and wireless authentication.

MD5 TLS TTLS LEAP

EAP

PPP 802.3 802.11

PEAP

802.5

TLS: Transport Layer Security TTLS: Tunnel TLS LEAP: Lightweight EAP PEAP: Protected EAP


EAP Authetication MethodsEAP Authetication MethodsEAP-MD5 - Username/Password (unsafe). This is similar to MS_CHAP.EAP-TLS (Transport Layer Security) - PKI (certificates), strong authentication. RFC2716EAP-TTLS (Tunnel TLS) - Username/Password (safe)LEAP - Cisco proprietary lightweight EAP. It is engineered into Aironet APs and NICs.PEAP – Protected EAP. Cisco, Microsoft, and RAS

15


802.1X802.1XPortPort--Based Network Access ControlBased Network Access Control

AuthenticationServer

(RADIUS)AuthenticatorSupplicant

EAP Request/Identify

EAP Response/Identify

EAP overLAN

EAP overRADIUS

challenge

Response to the challengesuccess

Authenticator may set restrictions on the access.

Association


Issue: It is not cost effective Issue: It is not cost effective to implement 802.1X in AP.to implement 802.1X in AP.

RADIUS

Authenticator

Supplicant

Solution: Wireless switch

16


802.11i Security Management802.11i Security Management

AuthenticationServer

(RADIUS)AuthenticatorSupplicant

EAP overLAN

EAP overRADIUS

Security discovery capability

802.1X Authentication

Key Management Key Distribution

Data Protection


802.11i Data Protection802.11i Data ProtectionNeeds to replace or improve WEPWi-Fi Protected Access (WPA)– This is included in 802.11i.– WPA uses TKIP for encryption.

Temporal Key Integrity Protocol (TKIP)– A wrapper around WEP– Use MAC address to create unique key for each station.– Change temporal key every 10,000 packets– It is interoperable with WEP-only device

Advanced Encryption Standard (AEP)– This is to completely replace WEP.

802.11i is work-in-progress.

17


Outline (3)Outline (3)IntroductionFrom LAN (802.3) to Wireless LAN (802.11)Security – IEEE 802.11iQoS – IEEE 802.11eMobility – RFC 2002, 2003, 2006Conclusions


QoS QoS NeedsNeeds

Priority ServicesMultimedia services– VoIP– Stream Audio– Stream Video

It is a more critical issue for WLAN because WLAN has limited bandwidth than wired network.

18


QoSQoS Limitations of 802.11Limitations of 802.11DCF (Distributed Coordination Function)– Only support best-effort services– No guarantee in bandwidth, packet delay and jitter– Throughput degradation in the heavy load

PCF (Point Coordination Function)– Inefficient central polling scheme (no polling

differentiation)– Unpredictable beacon frame delay due to incompatible

cooperation between CP and CFP modes– Transmission time of the polled stations is unknown– PCF is not widely supported.


Overview of 802.11eOverview of 802.11eFormed in Sep. 1999. The QoS baseline document was approved in November 2000. The first draft was available in late 2001.Aim to support both IntServ and DiffServThe new standard is still in debate and unstableWireless Multimedia Enhancement (WME)– Subset of 802.11e to be implemented by the industry

New QoS mechanisms– EDCF (Enhanced DCF)– HCF (Hybrid Coordination Function)

Backwardly compatible with the DCF and PCF

19


QoSQoS level in 802.11elevel in 802.11e

Video24Video25

Video Probe13

Voice36

7

0

2

1

Priority

Voice3

Best Effort0

Best Effort0

Best Effort0

DesignationAccess Category


QoSQoS classes in 802.11eclasses in 802.11eImplement 8 different traffic classes

20


EDCF (Enhanced DCF)EDCF (Enhanced DCF)Enhanced DCFAlso support burstingDifferent parameters for different TC/ACReplace DIFS with AIFS (AIFS>DIFS) which is shorter for audio and video traffic.

Audio = Video < Data

CWmin and CWmaxAudio < Video < Data

Different Persistence Factor (PF)AIFS: Arbitration Inter Frame Space


EDCF (Cont.)EDCF (Cont.)

21


Typical Typical QoSQoS ParametersParameters

1(CWmin+1)/2-1(CWmin+1)/4-13

1CWmin(CWmin+1)/2 –12

1CWmaxCWmin1

2CWmaxCWmin0

AIFSCWmaxCWminAC


HCF (Hybrid CF)HCF (Hybrid CF)

Provides policing and deterministic channel access by controlling the channel through the HC (Hybrid Coordinator)Operate in CFP and CP

22


HCF (Cont.)HCF (Cont.)Detecting the channel as being idle for PIFS, shorter than DIFS, gives the HC high priority over EDCFHCF model can provide Guaranteed Services with a much higher probability than pure EDCFA signaling protocol can be used to facilitate admission control and specify service rate requirement


Challenges in Challenges in QoSQoSWho shall decide the QoS policy?– EDCF: station may give itself high priority.

HCF: QoS per station vs. per flowUsing higher layer info to determine the TC (traffic category)Can we get better QoS with multiple access points?

23


Outline (4)Outline (4)IntroductionCSMA/CASecurity – IEEE 802.11iQoS – IEEE 802.11e

MobilityConclusions


Requirement of IP MobilityRequirement of IP Mobility

Applications are built on TCP/UDP sockets.TCP/UDP sockets are bound to IP addresses.If an IP address change, sockets are lost along with the applications.IP address must stay the same.

24


Mobility typesMobility types• Pico – same Basic Service Set (BSS)• Micro – different BSS/AP, but same IP subnet

• from one AP to another AP• Macro –

• different IP subnets administrative domain• different IP gateway

• Global –• different carriers, or different data link layers• 802.3 to/from 802.11• 802.11 to/from Cellular network


DHCP Server

192.168.1.10 192.168.1.10

192.168.1.1

IP Mobility - Micro

25


DHCP Server

192.168.100.10 192.168.100.10

172.26.10.1

192.168.1.0 192.168.2.0

IP Mobility - Macro

Mobile IP (RFC 2002): TerminologyMobile IP (RFC 2002): Terminology

Underlying Approach: separate host identifier and location identifier maintain multiple IP addresses for mobile host

Terminology:Mobile Node (MN) with fixed IP address IP1 (home address)Home Network: subnet that contains IP1 Home Agent (HA): node in home network, responsible for packet forwarding to MNVisited Network: new subnet after roaming / handoverCare-of Address (CoA): temporary IP address within visited networkForeign Agent (FA): node in visited network, responsible for packet forwarding to CoA

Home network

Visited network

IP networkMobile Node

Home Address IP1

HA

FA Home Address IP1

Care of Address: CoA1Correspondent Node

26


Home Network

Mobile IP: TunnelingMobile IP: Tunneling

CN sends packets to the MN using its Home Address IP1 HA tunnels them to FA, using CoA1; FA forwards them to MNMN sends packets back to the CN using IP2 (without any tunneling)Home Agent needs to contain mapping of care-of address to home address (location register)

Mobile NodeIP1, CoA1

Home Agent Subnet

Correspondent Node (CN)IP2

Visited Network

FA

←IP1

CoA1→

IP2 →

Source: Mobile IPv4 illustrated


ChallengesChallengesRouting Optimization – Triangular routing– direct communication path from correspond node to mobile node?

SecurityIngress Filtering– Ingress router of the visited network may not accept source IP

address of different network.Why is so sacred of IP address? If sockets can be reconstructed quickly (quicker than the new IP registration at the home network), will it be better? Why does mobile node have to get the IP address from the home network? (Mobile*IP) The IP address can be registered with the home network and maintain its FQDN.Is layer 2 tunnel protocol (L2TP) better than the layer 3 tunnel?

27


ConclusionsConclusionsContinue growth of Wireless LAN products and servicesNew WLAN-based applicationsNeeds for improved securityNeeds for better QoSMobility – driven by new applicationsCan you maintain QoS and security for mobile stations?


DHCP Server

192.168.100.10 192.168.100.10

172.26.10.1

192.168.1.0 192.168.2.0

E1 E2

192.168.2.0E2

192.168.100.10E1

192.168.1.0E1

192.168.2.0E2

192.168.100.10E2

192.168.1.0E1

IP MobilityRouting Solution

28


DHCP Server

192.168.100.10 192.168.100.10

172.26.10.1

192.168.1.0192.168.2.0

E31

E32

E11

E12E21 E22

IP MobilityRouting Solution (2)

technology and challenges in wireless lanfacweb.cs.depaul.edu/jyu/technology/wlan-challenge.pdfzfrom...

Documents