Introduction to IEEE 802.11 Wireless LANs (WLANs)
Introduction to IEEE 802.11 Wireless LANs (WLANs)
Introduction to IEEE 802.11 Wireless LANs (WLANs)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Introduction</strong> <strong>to</strong> <strong>IEEE</strong> <strong>802.11</strong><br />
<strong>Wireless</strong> <strong>LANs</strong> (W<strong>LANs</strong>)<br />
Li-Hsing Yen<br />
National University of Kaohsiung
Pro<strong>to</strong>col<br />
<strong>802.11</strong><br />
<strong>802.11</strong>a<br />
<strong>802.11</strong>b<br />
<strong>802.11</strong>g<br />
<strong>802.11</strong>n<br />
<strong>802.11</strong>y<br />
<strong>IEEE</strong> <strong>802.11</strong> Family<br />
Release<br />
1997<br />
1999<br />
1999<br />
2003<br />
2009<br />
2008<br />
Frequency<br />
(GHz)<br />
2.4<br />
5<br />
2.4<br />
2.4<br />
2.4 / 5<br />
3.7<br />
Typical<br />
throughput<br />
(Mbps)<br />
0.9<br />
23<br />
4.3<br />
19<br />
74<br />
23<br />
Max. data<br />
rate<br />
(Mbps)<br />
2<br />
54<br />
11<br />
54<br />
600<br />
54<br />
Modulation<br />
IR / FHSS/<br />
DSSS<br />
OFDM<br />
DSSS<br />
OFDM<br />
OFDM<br />
OFDM
<strong>802.11</strong> (Legacy Mode)<br />
• Data rate: 1 or 2 Mbps<br />
• One MAC specification<br />
– CSMA/CA<br />
• Three Physical specification<br />
– Radio<br />
• Frequency hopping spread spectrum (FHSS)<br />
• Direct sequence spread spectrum (DSSS)<br />
– Infrared Red (no implementation)
<strong>IEEE</strong> <strong>802.11</strong>b (1999)<br />
• Marketing name: Wi-Fi<br />
• Operates in 2.4 GHz (ISM band)<br />
• MAC: CSMA/CA<br />
• Adaptive Rate Selection: 11, 5.5, 2, 1<br />
Mbps<br />
• Channels are overlapping
<strong>802.11</strong>b Overlapping Channels
Adaptive Rate Selection<br />
• Performance of the<br />
network will also be<br />
affected by signal<br />
strength and degradation<br />
in signal quality due <strong>to</strong><br />
distance or interference.<br />
• As the signal becomes<br />
weaker, Adaptive Rate<br />
Selection (ARS) may be<br />
invoked.
<strong>IEEE</strong> <strong>802.11</strong>a (1999)<br />
• Operates in 5 GHz<br />
• MAC: CSMA/CA<br />
• Multiple data rates: 54, 48, 36, 24, 18,<br />
12, 9, or 6 Mbps<br />
• originally had 11 non-overlapping<br />
channels
<strong>IEEE</strong> <strong>802.11</strong>g (2003)<br />
• Operates in 2.4 GHz (like <strong>802.11</strong>b)<br />
• MAC: CSMA/CA<br />
• Supported data rates: 54, 48, 36, 24, 18,<br />
12, 9, or 6 Mbps (like <strong>802.11</strong>a)<br />
• hardware is fully backwards compatible<br />
with <strong>802.11</strong>b (11, 5.5, 2, 1 Mbps)
<strong>IEEE</strong> <strong>802.11</strong>n (2009)<br />
• Max. data rate: 600 Mbps (currently 300<br />
Mbps)<br />
• based on MIMO (multiple-input multipleoutput)<br />
technology<br />
– multiple transmitter and receiver antennas<br />
• adding Frame Aggregation <strong>to</strong> MAC:<br />
– Packing multiple data units <strong>to</strong>gether <strong>to</strong><br />
reduce overheads
Infrastructure Vs. Ad Hoc Mode<br />
• Infrastructure mode<br />
– wireless stations (WSs) are connected <strong>to</strong> a<br />
wired network through access points (APs)<br />
– all traffic from/<strong>to</strong> WSs are through APs<br />
• Ad hoc mode<br />
– WSs connect each other directly without<br />
the use of APs
<strong>Wireless</strong> NIC<br />
• NIC (Network Interface Card)
Access Point (AP)<br />
• Usually connects wireless and<br />
wired networks<br />
– if not wired<br />
• acts as an extension point<br />
(wireless bridge)<br />
• consists of a radio, a wired network interface (e.g.,<br />
802.3), and bridging software conforming <strong>to</strong> the 802.1d<br />
bridging standard<br />
• Number of clients supported<br />
– device dependent
<strong>Wireless</strong> network<br />
WS<br />
Application<br />
TCP<br />
IP<br />
<strong>802.11</strong> MAC<br />
<strong>802.11</strong> PHY<br />
AP as a Bridge<br />
AP<br />
<strong>802.11</strong> MAC<br />
<strong>802.11</strong> PHY<br />
server<br />
802.3 MAC<br />
802.3 PHY<br />
Fixed<br />
station<br />
infrastructure network<br />
Application<br />
TCP<br />
LLC LLC<br />
LLC<br />
IP<br />
802.3 MAC<br />
802.3 PHY
Basic Service Set (BSS)<br />
An AP and a set of WSs<br />
associated with that AP<br />
BSS<br />
AP<br />
Coordinated<br />
function
Coordinated Functions (MACs)<br />
• Two types of<br />
coordinated functions<br />
– Point Coordinated<br />
Function (PCF)<br />
• Polling based MAC;<br />
no implementation<br />
– Distributed Coordinated<br />
Function (DCF)<br />
• CSMA/CA<br />
Contentionfree<br />
service<br />
PCF<br />
LLC<br />
DCF<br />
Contentionbased<br />
service
Independent Basic Service Set<br />
A BSS without<br />
Access Point<br />
IBSS<br />
Ad hoc mode<br />
(IBSS)
Extended Service Set (ESS)<br />
• ESS: one or more BSSs<br />
interconnected by a Distribution<br />
System (DS)<br />
• Traffic always flows via AP<br />
• allows WSs <strong>to</strong> seamlessly roam<br />
between APs
Distributed System (DS)<br />
• A thin layer in each AP<br />
– embodied as part of the bridge function<br />
– keeps track of AP-WS associations<br />
– delivers frames between APs<br />
• Three types:<br />
– Integrated: A single AP in a standalone network<br />
– Wired: Using cable <strong>to</strong> interconnect APs<br />
– <strong>Wireless</strong>: Using wireless <strong>to</strong> interconnect APs
ESS:<br />
Single BSS (with integrated DS)<br />
A cell<br />
BSS<br />
AP<br />
91.44 <strong>to</strong> 152.4 meters
BSS<br />
ESS: BSS’s with Wired<br />
Distribution System (DS)<br />
Distribution<br />
System<br />
20-30% overlap<br />
BSS
BSS<br />
ESS: BSS’s with <strong>Wireless</strong><br />
Distribution System (DS)<br />
Distribution<br />
System<br />
BSS
BSSID<br />
• Each BSS has an ID, a 48-bit identifier <strong>to</strong><br />
distinguish from other BSS.<br />
• In an infrastructure BSS,<br />
– BSSID = MAC address of the AP.<br />
• In an IBSS, BSSID has<br />
– Universal/Local bit = 1<br />
– Individual/Group bit = 0<br />
– 46 randomly generated bits<br />
48-bit field of the same<br />
format as an <strong>IEEE</strong> 802<br />
MAC address<br />
• The all-1s BSSID is the broadcast BSSID.
ESSID in an ESS<br />
• ESSID (Extended Service Set<br />
Identification) differentiates one ESS<br />
from another<br />
– All APs within the same ESS must be<br />
configured with the same ESSID<br />
• WS must know the right ESSID <strong>to</strong> be<br />
able <strong>to</strong> associate itself with a specific<br />
WLAN
SSID (Service Set Identifier)<br />
• Service set ID used in an IBSS or<br />
ESS<br />
– An IBSS with no APs uses the BSSID<br />
– In an infrastructure wireless network,<br />
the ESSID is used
ESSID
Connecting <strong>to</strong> a WLAN<br />
WS AP<br />
Active or Passive Scanning<br />
Authentication Request<br />
Authentication Response<br />
Association Request<br />
Association Response<br />
802.1X (Optional)<br />
<strong>802.11</strong>i (Optional)<br />
Probing<br />
<strong>802.11</strong><br />
Authentication<br />
Association<br />
higher-layer<br />
Authentication
Probing Phase<br />
• Find an available AP<br />
• APs may operate at different channels<br />
(11 channels in <strong>to</strong>tal in case of <strong>802.11</strong>a)<br />
• Should scan a channel at least<br />
MinChannelTime<br />
• If an AP is found, should last<br />
MaxChannelTime
WS<br />
Active Scanning<br />
Probe Request with ESSID<br />
Probe Response<br />
Switch <strong>to</strong> a<br />
channel and<br />
send Probe Req.<br />
AP<br />
If ESSID<br />
matches<br />
or ESSID<br />
= NULL
WS<br />
Passive Scanning<br />
Beacon with ESSID<br />
Switch <strong>to</strong> a<br />
channel and<br />
wait for Beacon<br />
AP
WS AP 1<br />
Full Scanning<br />
Scan channel 1<br />
Scan channel 2<br />
Beacon or Probe Resp<br />
Scan channel 3<br />
…<br />
Scan channel 11<br />
AP 2 AP 3<br />
MinChannelTime<br />
MaxChannelTime
Association & Re-association<br />
• Association: The mapping between some<br />
AP’s port and an WS<br />
• Association must exist before network<br />
services can be used<br />
• WLAN Association replaces the physical link<br />
in a wired LAN<br />
• WS may later re-associate <strong>to</strong> another AP with<br />
higher signal quality (handoff)
<strong>802.11</strong> Authentication<br />
<strong>802.11</strong> authentication occurs at Layer 2.<br />
It is the process of authenticating the<br />
device not the user.<br />
WS<br />
Authentication request<br />
Authentication response<br />
(Accept or Reject)<br />
AP
<strong>802.11</strong> Authentication<br />
Methods<br />
• Open-system Authentication (standard)<br />
• MAC Address filtering (commonly used)<br />
• Shared key authentication (standard)
Open-System Authentication<br />
• The authentication request contain a NULL<br />
authentication pro<strong>to</strong>col. It must have the AP<br />
SSID .<br />
• The AP will grant any request for<br />
authentication<br />
WS<br />
Authentication Request<br />
Authentication response<br />
AP
Open-System Authentication<br />
Open-system<br />
Authentication<br />
實際驗證
MAC Address Filtering<br />
• Not specified in the <strong>802.11</strong> standard, but<br />
supported by many vendors (e.g. Cisco)<br />
• Can be added <strong>to</strong> open-system and shared<br />
key authentication<br />
WS<br />
(Client)<br />
Auth. Request<br />
Access Point<br />
Access-Request<br />
(MAC sent as RADIUS req.)<br />
Auth. Response (Success/Reject) Access-Success/Reject<br />
RADIUS<br />
Server
Shared Key Authentication<br />
• based on wired equivalent privacy (WEP)<br />
• Requires that the WS configures a static WEP key<br />
Client Access Point<br />
Authentication Request<br />
Authentication response (challenge)<br />
Authentication Request(encrypted challenge)<br />
Authentication response(Success/Failure)
WEP-Based Authentication<br />
• WEP is designed for data encryption<br />
• Used by <strong>IEEE</strong> <strong>802.11</strong> for authentication<br />
• AP generates a random bit patterns<br />
(challenges) and sends it <strong>to</strong> client<br />
• The client encrypts the challenges and<br />
returns the result <strong>to</strong> AP<br />
• If that result matches AP’s local encryption,<br />
the client is authenticated
Initialization<br />
Vec<strong>to</strong>r (IV)<br />
WEP Encapsulation<br />
1. P = 〈M || checksum(M)〉 {p=plaintext}<br />
2. KeyStream = RC4 (IV || k) {k=shared-key}<br />
3. C = XOR (P, KeyStream) {c=ciphertext}<br />
4. Transmit (IV, C) {IV=init-vec<strong>to</strong>r}<br />
WEP Key k<br />
M<br />
||<br />
RC4 key<br />
CRC-32<br />
RC4<br />
Algorithm<br />
KeyStream<br />
| |<br />
P<br />
Integrity Check Value (ICV)<br />
⊕ C<br />
IV<br />
Ciphertext<br />
Message
IV<br />
(3 octets)<br />
RC4 Algorithm<br />
Secret Key (5 or 13 octets)<br />
RC4 Key<br />
RC4 Algorithm<br />
0100111001…<br />
• Standard: 24 + 40 = 64 bits<br />
• Vendors: 24 + 104 = 128 bits<br />
pseudo-random sequences of bytes<br />
passes all usual randomness tests
WEP Decapsulation<br />
1. KeyStream = RC4 (IV || k)<br />
2. P’ = XOR (C, KeyStream) = 〈M’ || checksum(M)〉<br />
3. If checksum(M’) = (checksum(M))’<br />
Then P’ is accepted<br />
WEP Key<br />
IV<br />
Ciphertext<br />
Message<br />
||<br />
RC4<br />
key<br />
RC4<br />
Algorithm<br />
Key stream<br />
⊕<br />
P’<br />
Plaintext<br />
CRC 32<br />
ICV<br />
M’<br />
ICV’<br />
ICV' = ICV?
<strong>802.11</strong> WEP frame<br />
The IV sent with the ciphertext contains<br />
two fields: = IV & KeyID (4 bytes)<br />
<strong>802.11</strong><br />
header<br />
IV<br />
KEY ID<br />
Payload<br />
ICV<br />
(FCS)<br />
Unencrypted<br />
Encrypted<br />
ICV is a CRC-32 checksum<br />
over the Payload (802 Header<br />
and the Data)
WEP Key Management<br />
• What is “KeyID”?<br />
– Each entity in the wireless LAN (AP, WS) is<br />
configured with four static WEP keys<br />
• KeyIDs 0,1,2,3<br />
– The keys are shared by an AP and all the<br />
WSs accessing it<br />
– The ID of the key used for<br />
encryption/decryption appears in the<br />
packet WEP header
WEP Configurations<br />
Standard<br />
RC4 key<br />
Secret Key<br />
Key ID<br />
5 octets
Security Flaw in WEP:<br />
Keystream Reuse<br />
• The same keystream is used <strong>to</strong> encrypt<br />
multiple messages<br />
• Because k is fixed, the same keystream<br />
is derived when IVs collide<br />
• The chance of keystream reuse is<br />
further increased by sharing the key<br />
among multiple WSs and the AP.
Weaknesses of WEP:<br />
Overall Key Space is Too Small<br />
• IV change per packet is OPTIONAL<br />
– If the “IV || key” for RC4 is changed<br />
for every <strong>802.11</strong> packet, repeated<br />
patterns can occur more frequently<br />
– at the rate of 11 Mbps of 1,500<br />
bytes/packet, all key space will be<br />
exhausted in about 5 hours.
Weaknesses of WEP (cont.)<br />
• Poor key management<br />
– WEP uses same key for<br />
authentication/encryption<br />
– Provides no mechanism for session key<br />
refreshing<br />
• one-way authentication:<br />
– has no provision for WSs <strong>to</strong><br />
authenticate/verify the integrality of AP
Possible Attack <strong>to</strong> WEP<br />
• Suppose an attacker have plaintext P 1 and<br />
ciphered text C 1, and he also gets C 2<br />
• He can compute<br />
C 1 ⊕ C 2=(P 1 ⊕ K) ⊕ (P 2 ⊕ K) =(P 1 ⊕ P 2)<br />
where K is the keystream.<br />
• Although the attacker does not know K, he<br />
can get plaintext P 2 anyway.
Wi-Fi Protected Access (WPA)<br />
• WPA addresses the security flaws in WEP<br />
through the following primitives<br />
– Temporal Key Integrity Pro<strong>to</strong>col (TKIP)<br />
– message integrity codes (MICs)<br />
– 802.1x authentication<br />
• yet retains backward compatibility with legacy<br />
WEP devices<br />
– still based on RC4
• TKIP derives the<br />
keystream in a<br />
way different from<br />
WEP<br />
• IV is reset <strong>to</strong> 0<br />
whenever TK is<br />
changed, then<br />
incremented by<br />
one after each<br />
transmission.<br />
TKIP
<strong>802.11</strong> Key Management<br />
• Key Management:<br />
– BKR (broadcast key rotation)<br />
• AP periodically broadcasts WEP shared key<br />
• The initial WEP key only used for registration at<br />
the first time.<br />
– So the WEP key is used less frequently.<br />
– TKIP (temporal key integrity pro<strong>to</strong>col)<br />
• hashing the key before using it for encrypting a<br />
packet
WPA Configurations<br />
WPA
802.1X<br />
• based on EAP (extensible authentication<br />
pro<strong>to</strong>col, RFC 2284), which provides<br />
technology independent framework<br />
– still one-way authentication<br />
– initially, WS is in an unauthorized port<br />
– an “authentication server” exists<br />
– after authorized, the WS enters an<br />
authorized port<br />
– 802.1X.
Three Main Components<br />
– supplicant: usually the client<br />
(WS) software<br />
– authentica<strong>to</strong>r: usually the<br />
access point<br />
– authentication server: usually a<br />
Remote Authentication Dial-In<br />
User Service (RADIUS) server
Extensible Authentication<br />
Pro<strong>to</strong>col (EAP)<br />
• the AP does not provide authentication <strong>to</strong> the client,<br />
but passes the duties <strong>to</strong> a more sophisticated device,<br />
possibly a dedicated server, designed for that<br />
purpose.<br />
Authentication<br />
request<br />
Authentication<br />
response<br />
Authentication<br />
request<br />
Authentication<br />
response<br />
Authentication<br />
server
802.1X – How it works<br />
Client<br />
Let me in! (EAP Start)<br />
What’s your ID? (EAP-request identity message)<br />
ID = xxx@yyy.local (EAP Response)<br />
The answer is “47”<br />
Come in. Here is the session key.<br />
http://yyy.local\index.htm<br />
AP<br />
Is xxx@yyy.local OK?<br />
Prove <strong>to</strong> me that you are<br />
xxx@yyy.local<br />
Auth Server<br />
“RADIUS”<br />
Let him in. Here is the session key.<br />
EAP Challenge/<br />
Authentication<br />
Encrypted<br />
session<br />
network
Step 1<br />
• Initially, WS is in an unauthorized port<br />
– only 802.1X traffic from WS is forwarded.<br />
– Traffics such as Dynamic Host<br />
Configuration Pro<strong>to</strong>col (DHCP), HTTP,<br />
FTP, SMTP and Post Office Pro<strong>to</strong>col 3<br />
(POP3) are all blocked.<br />
• The client then sends an EAP-start<br />
message.
Step 2<br />
• The AP will then reply with an EAP-request<br />
identity message <strong>to</strong> obtain the client's identity.<br />
– The client's EAP-response packet containing the<br />
client's identity is forwarded <strong>to</strong> the authentication<br />
server.<br />
• The authentication server is configured <strong>to</strong><br />
authenticate clients with a specific<br />
authentication algorithm.<br />
– The result is an accept or reject packet from the<br />
authentication server <strong>to</strong> the access point.
Steps 3 and 4<br />
• Upon receiving the accept packet, the AP will<br />
transit the client's port <strong>to</strong> an authorized state,<br />
– then all traffic will be forwarded.<br />
• Notes:<br />
– 802.1X for wireless <strong>LANs</strong> makes NO mention of<br />
key distribution or management.<br />
• This is left for vendor implementation.<br />
– At logoff, the client will send an EAP-logoff<br />
message <strong>to</strong> force the AP <strong>to</strong> transit the client port<br />
<strong>to</strong> an unauthorized state.
MAC Management Layer<br />
• Synchronization<br />
– Time Synchronization Function (TSF)<br />
• Power Management<br />
– Sleeping without missing any messages<br />
– Power management functions<br />
• Periodic sleeping, frame buffering, traffic<br />
indication map<br />
• Association and reassociation<br />
– Joining a network<br />
– Roaming, moving from one AP <strong>to</strong> another
Traffic Flow: Inter-BSS<br />
STA-1<br />
Associate<br />
Bridge learn<br />
table<br />
STA-1<br />
2<br />
STA-2 2<br />
2為無線介面<br />
為無線介面<br />
Association table<br />
STA-1<br />
STA-2<br />
Inter-BSS<br />
Relay<br />
ACK<br />
Packet for STA-2 Associate<br />
ACK Packet for STA-2<br />
BSS-A<br />
STA-2
Traffic Flow: ESS Operation<br />
Bridge learn<br />
table<br />
STA-2 1<br />
STA-1<br />
Packet for STA-2<br />
STA-1<br />
2<br />
1為有線介面<br />
為有線介面<br />
Association table<br />
STA-1<br />
ACK<br />
BSS-A<br />
Backbone<br />
Bridge learn<br />
table<br />
STA-2<br />
STA-1<br />
Packet for STA-2<br />
BSS-B<br />
2<br />
1<br />
Association table<br />
STA-2<br />
STA-2<br />
ACK
STA-1<br />
Traffic Flow: WDS Operation<br />
Bridge learn<br />
table<br />
STA-2 2<br />
STA-1<br />
Packet for STA-2<br />
2<br />
ACK<br />
Association table<br />
STA-1<br />
WDS<br />
Relay<br />
BSS-A<br />
<strong>Wireless</strong><br />
Backbone<br />
Packet for STA-2<br />
ACK<br />
Bridge learn<br />
table<br />
STA-2<br />
STA-1<br />
2<br />
2<br />
BSS-B<br />
Association table<br />
STA-2<br />
Packet for STA-2<br />
ACK<br />
STA-2<br />
WDS<br />
Relay
Synchronization in <strong>802.11</strong><br />
• All stations maintain a local timer<br />
• Time Synchronization Function<br />
– Keeps timers from all stations in sync<br />
• Timing conveyed by periodic Beacon<br />
transmissions<br />
– Beacon contains Timestamp for the entire<br />
BSS<br />
– Timestamp from Beacons used <strong>to</strong> calibrate<br />
local clocks
<strong>802.11</strong> Time Synchronization<br />
Function (TSF)<br />
• Beacon的產生週期稱為Beacon Period<br />
• 可以傳送Beacon訊息的時間點稱為Target<br />
Beacon Transmission Times (TBTTs)<br />
– 每個TBTT間隔一個Beacon Period的時間<br />
• Beacon transmission may be delayed by<br />
CSMA deferral<br />
• Timestamp contains timer value at transmit<br />
time
Which One Generates Beacons?<br />
• In infrastructure mode,<br />
– APs generate beacon frames<br />
• In ad-hoc mode,<br />
– Any host can generate beacon<br />
frames<br />
– Collisions should be avoided
Avoiding Beacon Collisions in Ad<br />
Hoc Mode<br />
• 當TBTT時間點到時,每個節點並不立即送出<br />
Beacon訊息,而是等待t時槽的時間。t的值由<br />
節點個別從[0, w]之間的整數中隨機選出,其中<br />
w是一個固定的系統參數,稱為Beacon<br />
Contention Window Size。<br />
• 節點等待時同時監聽網路上的訊息。若節點在t<br />
時槽時間內未聽到其他節點送出的Beacon訊<br />
息,則在t時槽時間過後可送出自己的Beacon<br />
訊息。<br />
• 若節點在t時槽時間內聽到別的節點送出的<br />
Beacon訊息,則取消傳送,改為接收此訊息。<br />
• 每個接收到Beacon訊息的節點檢視其中的時間<br />
戳記。若發現Beacon訊息的時間戳記晚於自己<br />
本身時鐘的時間,則將自己的時鐘調整成時間<br />
戳記所示的時間。
Power Management<br />
• Power management is important <strong>to</strong> mobile devices<br />
that are battery powered.<br />
• Current LAN pro<strong>to</strong>col assumes stations are always<br />
ready <strong>to</strong> receive<br />
– Idle receive state dominates LAN adap<strong>to</strong>r power<br />
consumption over time<br />
• <strong>802.11</strong> Power Management Pro<strong>to</strong>col<br />
– allows transceiver <strong>to</strong> be off as much as possible<br />
– is transparent <strong>to</strong> existing pro<strong>to</strong>cols
Power Management in<br />
Infrastructure Mode<br />
• Allow idle stations <strong>to</strong> go <strong>to</strong> sleep<br />
– Station’s power-save mode is s<strong>to</strong>red<br />
in AP<br />
• APs buffer packets for sleeping stations<br />
– AP announces which stations have<br />
frames buffered in beacon frames<br />
– Traffic Indication Map (TIM) sent with<br />
every Beacon
Power Management in<br />
Infrastructure Mode (cont.)<br />
• Power saving WSs wake up periodically<br />
(every aListen_Interval period)<br />
– listen for Beacons<br />
• If it has packets buffered, it then sends a<br />
power-save poll request (PS-POLL) frame <strong>to</strong><br />
the AP<br />
• AP will send the buffered frame <strong>to</strong> the WS<br />
• The WS can sleep again
Power-Saving Mode<br />
• broadcast frame will be sent immediately<br />
after a DTIM (Delivery TIM) without receiving<br />
PS-poll first<br />
AP<br />
WS in<br />
PS mode<br />
Beacon Period<br />
TIM<br />
Data<br />
TIM TIM DTIM TIM<br />
PS-poll<br />
aListen_Interval<br />
Broadcast<br />
msg. arrives<br />
broadcast<br />
power-on<br />
period
Power Management in Ad Hoc<br />
Mode<br />
• Similar <strong>to</strong> the infrastructure mode<br />
• However, the buffering scheme is achieved<br />
by the sending station (as no AP here)<br />
• Sleeping station also wakes up periodically <strong>to</strong><br />
listen <strong>to</strong> Beacon and ATIM<br />
– If it has data buffered, sends an Ack and<br />
wakes up<br />
– Sending station sends the data <strong>to</strong> the<br />
sleeping station
Example of Power Saving in Ad<br />
Hoc Mode
Distributed Coordination<br />
Function (DCS): CSMA/CA<br />
• Largely based on MACAW<br />
• CSMA: Carrier Sense Multiple Access<br />
– physical carrier sense: physical layer<br />
– virtual carrier sense: MAC layer<br />
• network allocation vec<strong>to</strong>r (NAV)<br />
• CA: Collision Avoidance<br />
– random backoff procedure
Carrier Sensing in <strong>802.11</strong><br />
• Physical Carrier Sensing<br />
– Analyze all detected frames<br />
– Moni<strong>to</strong>r relative signal strength from other sources<br />
• Virtual Carrier Sensing at MAC sublayer<br />
– Source stations informs other stations of<br />
transmission time (in μsec) for a transmission<br />
– Carried in Duration field of RTS & CTS<br />
– Stations adjust Network Allocation Vec<strong>to</strong>r (NAV) <strong>to</strong><br />
indicate when channel will become idle<br />
• Channel busy if either sensing is busy
DCF: Basic Access<br />
• For an initial transmission<br />
– WS can transmit after the medium is idle<br />
(not busy) for at least DIFS period<br />
– Otherwise perform random backoff<br />
• For a retransmission<br />
– WS can transmit after the medium is idle<br />
for at least EIFS period<br />
– Otherwise perform random bakoff
Random Backoff<br />
• If channel becomes busy before DIFS/EIFS,<br />
then WS must schedule backoff time<br />
– Backoff period is integer # of idle contention time slots<br />
– Waiting station moni<strong>to</strong>rs medium & decrements<br />
backoff timer each time an idle contention slot<br />
transpires<br />
– Station can contend when backoff timer expires<br />
• A station that completes a frame transmission is<br />
not allowed <strong>to</strong> transmit immediately<br />
– Must first perform a backoff procedure
Setting Random Backoff Timer<br />
• When the backoff timer already contains a<br />
non-zero value<br />
– No change (this is a frozen time)<br />
• Otherwise<br />
– Backoff time = CW * aSlotTime<br />
– aCWmin ≦ CW ≦ aCWmax;<br />
– CW = aCWmin initially, doubles after each<br />
retry, and resets <strong>to</strong> aCWmin when success
Random Backoff Process<br />
busy<br />
DIFS<br />
random 1<br />
contention<br />
window<br />
random 2<br />
data frame<br />
All stations must wait DIFS<br />
after medium becomes idle<br />
random 3<br />
time<br />
The winner
Immediate access when<br />
medium is free >= DIFS<br />
DIFS<br />
Basic Access Method<br />
Busy medium<br />
Defer access<br />
DIFS<br />
PIFS<br />
SIFS<br />
Contention<br />
window<br />
Wait for<br />
reattempt time<br />
Next frame<br />
Decrement backoff timer<br />
as long as medium is dile<br />
Time
DIFS<br />
Priorities Through Interframe<br />
Busy medium<br />
Defer access<br />
Spacing (IFS)<br />
DIFS<br />
PIFS<br />
SIFS<br />
Contention<br />
window<br />
Wait for<br />
reattempt time<br />
• High-Priority frames wait Short IFS (SIFS)<br />
– Typically <strong>to</strong> complete exchange in progress<br />
– ACKs, CTS, data fragments, etc.<br />
Next frame<br />
Time<br />
• PCF IFS (PIFS) <strong>to</strong> initiate Contention-Free Periods<br />
• DCF IFS (DIFS) <strong>to</strong> transmit data & control frames
SIFS: Giving Priority <strong>to</strong> ACK<br />
Source<br />
busy<br />
Destination<br />
Others<br />
DIFS<br />
SIFS<br />
contention<br />
window<br />
data frame<br />
SIFS<br />
ACK<br />
Defer access<br />
DIFS
Source<br />
busy<br />
Destination<br />
Others<br />
SIFS: Giving Priority <strong>to</strong> RTS/CTS<br />
RTS<br />
contentions<br />
SIFS SIFS<br />
CTS<br />
data frame<br />
NAV (RTS)<br />
SIFS<br />
NAV (CTS)<br />
ACK<br />
DIFS<br />
contention<br />
window
Timing Relationship
EIFS: Low Priority <strong>to</strong><br />
Retransmission<br />
• A sender that fails <strong>to</strong> receive ACK from<br />
the receiver should retransmit the frame<br />
• The sender should wait at least EIFS ><br />
DIFS period<br />
• This gives low priority <strong>to</strong><br />
retransmissions
Source<br />
busy<br />
Destination<br />
Others<br />
EIFS: Low Priority<br />
Retransmission<br />
DIFS<br />
SIFS<br />
contention<br />
window<br />
data frame<br />
DIFS<br />
SIFS<br />
Defer access<br />
EIFS<br />
No<br />
ACK<br />
can<br />
resend<br />
contention
SIFS: Transmitting Fragments<br />
Source<br />
Destination<br />
Others<br />
Fragment 1<br />
SIFS<br />
SIFS<br />
Fragment 2<br />
SIFS<br />
ACK ACK<br />
Defer access<br />
DIFS<br />
SIFS<br />
Contention<br />
Window
RTS/CTS is Optional<br />
• system parameter RTSThread<br />
– RTS/CTS is used only when frame<br />
size ≥ RTS_Threshold
Throughput Issues<br />
• When a source node sends a frame, the<br />
receiving node returns a positive<br />
acknowledgment (ACK).<br />
– This can consume 50% of the available bandwidth.<br />
• This overhead, combined with the collision<br />
avoidance pro<strong>to</strong>col (CSMA/CA) reduces the<br />
actual data throughput <strong>to</strong> a maximum of 5.0<br />
<strong>to</strong> 5.5 Mbps on an <strong>802.11</strong>b wireless LAN<br />
rated at 11 Mbps.
Point Coordination Function<br />
• An alternative access method<br />
• Shall be implemented on <strong>to</strong>p of the DCF<br />
• A point coordina<strong>to</strong>r (polling master) is used <strong>to</strong><br />
determine which station currently has the<br />
right <strong>to</strong> transmit.<br />
• Shall be built up from the DCF through the<br />
use of an access priority mechanism.<br />
• Different accesses of traffic can be defined<br />
through the use of different values of IFS.
PIFS<br />
SIFS<br />
B<br />
D1+poll<br />
Contention Free Period<br />
SIFS<br />
U1+ack<br />
SIFS<br />
SIFS
<strong>IEEE</strong> <strong>802.11</strong> Frame Types<br />
• Management Frames:<br />
– Beacon<br />
– Probe Request/Response, Authentication Request/Resp.<br />
• Control Frames:<br />
– CFP-End<br />
– RTS, CTS<br />
– ACK<br />
• Data Frames:<br />
– data frames (in both CFP and CP)<br />
– data frames can be combined with polling and ACK during<br />
CFP
Bytes:<br />
MAC Frame Format<br />
• Each frame consists of three basic components:<br />
Frame<br />
Control<br />
– MAC Header (control information, addressing, sequencing<br />
fragmentation identification, duration, etc.)<br />
– Frame Body (0-2312 bytes)<br />
– <strong>IEEE</strong> 32-bit CRC<br />
2 2 6 6 6 6<br />
Pro<strong>to</strong>col<br />
Version<br />
Duration<br />
or ID<br />
<strong>802.11</strong> MAC Header<br />
2 0-2312 4<br />
Addr 1 Addr 2 Addr 3<br />
Sequence<br />
Control<br />
Addr 4 Frame<br />
Body<br />
CRC<br />
Bits: 2 2 4 1 1 1 1 1 1 1 1<br />
Type SubType<br />
To<br />
DS<br />
DS<br />
From More<br />
Frag<br />
Retry Pwr<br />
Mgt<br />
More<br />
Data<br />
WEP Rsvd
<strong>802.11</strong> MAC Header Fields<br />
• Duration/Connection ID<br />
– used <strong>to</strong> distribute a value (us) that shall update the<br />
Network Allocation Vec<strong>to</strong>r in stations receiving the<br />
frame.<br />
– Contention-based data uses duration <strong>to</strong> indicate the<br />
length of the transmission.<br />
– During the contention-free period, this field may be<br />
replaced with a connection ID field.<br />
• Address Fields<br />
– indicate the BSSID, SA, DA, TA (Transmitter address),<br />
RA (Receiver address), each of 48-bit address.
Pro<strong>to</strong>col<br />
Version<br />
Type Fields Descriptions<br />
Type SubType<br />
To<br />
DS<br />
• Type and subtype identify the function of the frame:<br />
• Type=00 Management Frame<br />
– Beacon (Re)Association<br />
– Probe (De)Authentication<br />
– Power Management<br />
• Type=01 Control Frame<br />
– RTS/CTS ACK<br />
• Type=10 Data Frame<br />
DS<br />
From More<br />
Frag<br />
Retry Pwr<br />
Mgt<br />
More<br />
Data<br />
WEP Rsvd
Address Field Description<br />
Pro<strong>to</strong>col<br />
Version<br />
IBSS Frame<br />
Frame from AP<br />
Frame <strong>to</strong> AP<br />
WDS Frame<br />
Type SubType<br />
To DS<br />
0<br />
0<br />
1<br />
1<br />
To<br />
Distributed<br />
System<br />
To<br />
DS<br />
From DS<br />
0<br />
1<br />
0<br />
1<br />
From More<br />
DS Frag<br />
From<br />
Distributed<br />
System<br />
Address 1<br />
DA<br />
DA<br />
BSSID<br />
RA<br />
Retry Pwr<br />
Mgt<br />
Address 2<br />
SA<br />
BSSID<br />
SA<br />
TA<br />
More<br />
Data<br />
Address 3<br />
BSSID<br />
SA<br />
DA<br />
DA<br />
WEP Rsvd<br />
DA = Destination Address<br />
SA = Source Address<br />
TA = Transmitter Address<br />
RA = Receiver Address<br />
Address 4<br />
N/A<br />
N/A<br />
N/A<br />
SA<br />
BSSID = AP’s MAC Address
MAC Addr = SA<br />
SSID in IBSS<br />
IBSS Frame<br />
DA<br />
SA<br />
BSSID<br />
ToDS = 0<br />
FromDS = 0<br />
Addr1<br />
Addr2<br />
Addr3<br />
IBSS<br />
MAC Addr = DA
Addr1<br />
Addr2<br />
Addr3<br />
Frame To/From AP<br />
BSSID<br />
SA<br />
DA<br />
MAC Addr = SA<br />
ToDS = 1<br />
FromDS = 0<br />
MAC Addr =<br />
BSSID<br />
DA<br />
BSSID<br />
SA<br />
ToDS = 0<br />
FromDS = 1<br />
Addr1<br />
Addr2<br />
Addr3<br />
MAC Addr = DA
MAC Addr<br />
= TA<br />
TA<br />
SA<br />
DA<br />
MAC Addr = SA<br />
WDS Frame<br />
ToDS = 1<br />
FromDS = 0<br />
WDS<br />
ToDS = 1<br />
FromDS = 1<br />
RA<br />
TA<br />
DA<br />
SA<br />
Addr1<br />
Addr2<br />
Addr3<br />
Addr4<br />
MAC Addr<br />
= RA<br />
ToDS = 0<br />
FromDS = 1<br />
DA<br />
RA<br />
SA<br />
MAC Addr = DA
Other Frame Control Fields<br />
Pro<strong>to</strong>col<br />
Version<br />
Type SubType<br />
• More Flag:<br />
• Retry: Indicates that the frame is a retransmission of<br />
an earlier frame.<br />
• Power Management:<br />
– Active Mode<br />
To<br />
DS<br />
– PS Mode (Power Save)<br />
DS<br />
From More<br />
Frag<br />
Retry Pwr<br />
Mgt<br />
More<br />
Data<br />
WEP Rsvd
Control Frames: RTS Frame<br />
Frame<br />
Control<br />
MAC Header<br />
RTS Frame<br />
Duration RA TA FCS<br />
• RA: the addr. of the STA that is the intended<br />
immediate recipient of the pending directed data or<br />
management frame<br />
• TA: the addr. of the STA transmitting the RTS frame<br />
• Duration: T(pkt.) + T(CTS) + T(ACK) + 3 * SIFS
Control Frames: CTS Frame<br />
MAC Header<br />
CTS Frame<br />
Frame<br />
Control Duration RA FCS<br />
• RA: is taken from the TA field of the<br />
RTS frame.<br />
• Duration: T(pkt.) + T(ACK) + 2 * SIFS
Control Frames: ACK Frame<br />
ACK Frame<br />
MAC Header<br />
Frame<br />
Control Duration RA FCS<br />
• RA: is taken from the address 2 field of the<br />
data, management, or PS-Poll frame
Control Frames: PS-POLL Frame<br />
Frame<br />
Control<br />
PS-Poll Frame<br />
MAC Header<br />
AID BSSID TA FCS<br />
• When a station wakes from a PS mode, it transmits a PS-Poll<br />
<strong>to</strong> the AP <strong>to</strong> retrieve any frames buffered while it was in the<br />
PS mode.<br />
• TA: the addr. of the STA transmitting the Poll frame<br />
• AID = association ID (a 2-byte numeric number <strong>to</strong> identify<br />
this association)<br />
• BSSID = MAC address of the AP
Summary<br />
• <strong>IEEE</strong> <strong>802.11</strong> <strong>Wireless</strong> LAN Architecture<br />
• <strong>IEEE</strong> <strong>802.11</strong> Physical Layer<br />
– DSSS<br />
– Authentication: WEP, 802.1x<br />
• <strong>IEEE</strong> <strong>802.11</strong> MAC<br />
– CSMA/CA<br />
– PCF