1、1,Wireless Communication and Network,Chapter 5 Wireless LAN IEEE 802.11,2,WLAN Basics of IEEE 802.11 MAC layer CSMA/CA Security WEP protocol,主要内容,3,WLAN (Wireless Local Area Network),指以无线信道作为传输介质的计算机局域网无线通信和无线网络的区别: 无线通信只要求两台计算机之间能传输数据 无线网络要求以无线方式相连的计算机能共享资源,具有有线网络系统所支持的各种功能。,4,WLAN的需求,吞吐量 节点数量 与主干L
2、AN连接 服务区域 电池能量消耗 鲁棒性和安全性 配置网络操作 非许可操作 切换/漫游 动态配置,无线LAN必须满足任何LAN一般需求: 高容量 覆盖短程距离 站点全联通 广播特性,5,Wireless LAN,operate in a local area less than 100 m provide access to wired LANs and the Internet provide high data rates currently, up to 54 Mbps,6,Characteristics of wireless LANs,Advantages very flexible
3、 within the reception area Ad-hoc networks without previous planning possible (almost) no wiring difficulties (e.g. historic buildings, firewalls) more robust against disasters like, e.g., earthquakes, fire - or users pulling a plug. Disadvantages typically very low bandwidth compared to wired netwo
4、rks (1-10 Mbit/s) many proprietary solutions, especially for higher bit-rates, standards take their time (e.g. IEEE 802.11) products have to follow many national restrictions if working wireless, it takes a vary long time to establish global solutions like, e.g., IMT-2000,7,Design goals for wireless
5、 LANs,global, seamless operation low power for battery use no special permissions or licenses needed to use the LAN robust transmission technology simplified spontaneous cooperation at meetings easy to use for everyone, simple management protection of investment in wired networks security (no one sh
6、ould be able to read my data), privacy (no one should be able to collect user profiles), safety (low radiation) transparency concerning applications and higher layer protocols, but also location awareness if necessary,8,Comparison: infrared vs. radio transmission,Infrared uses IR diodes, diffuse lig
7、ht, multiple reflections (walls, furniture etc.) Advantages simple, cheap, available in many mobile devices no licenses needed simple shielding possible Disadvantages interference by sunlight, heat sources etc. many things shield or absorb IR light low bandwidth Example IrDA (Infrared Data Associati
8、on) interface available everywhere,Radio typically using the license free ISM band at 2.4 GHz Advantages experience from wireless WAN and mobile phones can be used coverage of larger areas possible (radio can penetrate walls, furniture etc.) Disadvantages very limited license free frequency bands sh
9、ielding more difficult, interference with other electrical devices Example WaveLAN, HIPERLAN, Bluetooth,9,WLAN、蓝牙和3G,10,Comparison: infrastructure vs. ad-hoc networks,infrastructure network,ad-hoc network,11,Major Standards for WLAN,HIPERLAN High Performance Radio LAN European standard IEEE 802.11 U
10、S standard today, it holds the entire market This standard will be discussed in our course in details.,12,802.11与Wi-Fi,IEEE 802.11特点 提供异步/限时发送服务 多屏显示传递服务 网络管理服务 注册和认证 电源管理 宽带 安全性 寻址,什么是Wi-Fi? Wireless Fidelity, 无线相容性认证 IEEE 802.11a、802.11b、802.11g 无线连接计算机网络 通常用来访问Internet,13,Two Modes of IEEE 802.11
11、,Infrastructure Mode Terminals communicate to an access point.Ad Hoc Mode Terminals communicate in a peer-to-peer basis without any access point.,14,802.x LAN,AccessPoint,802.11 LAN,BSS2,802.11 LAN,BSS1,AccessPoint,802.11 - Infrastructure Mode,Station (STA) Wireless terminals Basic Service Area (BSA
12、) Coverage area of one access pointBasic Service Set (BSS) group of stations controlled by the same APDistribution System (DS) Fixed infrastructure used to connect several BSS to create an Extended Service Set (EES)Portal bridge to other (wired) networks,STA1,STA2,STA3,ESS,15,802.11 Ad Hoc mode,Term
13、inals communicate in a peer-to-peer basis.,802.11 LAN,BSS2,802.11 LAN,BSS1,STA1,STA4,STA5,STA2,STA3,16,IEEE 802 Protocol Layers,17,OSI模型,物理层 RF(Radio Frequency) FHSS(跳频) DSSS(直序扩频) OFDM(正交频分复用) IR(Infrared Red) 链路层 LLC MAC,18,Protocol Architecture,移动终端,接入点AP,server,固定终端,application,TCP,802.11 PHY,80
14、2.11 MAC,IP,802.3 MAC,802.3 PHY,application,TCP,802.3 PHY,802.3 MAC,IP,802.11 MAC,802.11 PHY,LLC,Ethernet-有线架构网络,LLC,LLC,Data Link,Logical link control,802.11 covers only PHY and MAC,A typical scenario,19,Functions of Each Layer,Physical Layer Encoding/decoding of signals Bit transmission/reception
15、Medium Access Control (MAC) Layer On transmission, assemble data into a frame for transmission On reception, disassemble frame and perform error detection Coordinate users access to the transmission medium Logical Link Control (LLC) Layer Provide an interface to upper layers Perform flow and error c
16、ontrol,20,Physical Layer,802.11 supports 3 different PHY layers Infrared simple and cheap requires line of sight Radio (2 types) Frequency Hopping Spread Spectrum Direct Sequence Spread Spectrum can cover a larger area (e.g. penetrate walls),21,802.11物理层系列标准,红外线(IR),2.4G FHSS,2.4G DSSS,5G OFDM,802.1
17、1 IR 1/2 Mbps,802.11 FHSS 1/2 Mbps,802.11 DSSS 1/2 Mbps,802.11b(1999) 5.5/11 Mbps,802.11g 最高速率大于20 Mbps,可达54Mbps,802.11a (1999) 最高速率达54Mbps,802.11b+,802.11h,Direct-sequence spread spectrum Frequency-Hopping Spread Spectrum Infrared Red,22,MAC,帧的类型 数据帧(传输数据) 控制帧 RTS,CTS,ACK 等 管理帧(station之间/station和AP
18、传输管理信息) Authentication and Response,De-Authentication Association/Re-Association and Response,Disassociation Beacon and Probe frames(连接度量、电源管理) 媒体访问控制: DCF: Distribution Coordination Function carrier sense multiple access with collision avoidance(DCF) PCF: Point Coordination Function 可选的接入方式,类似于轮询,R
19、TS: Request to Send CTS: Clear to Send,23,IEEE 802.11 Standards,24,How to join a network?,Infrastructure Mode,25,Steps to Join a Network,Discover available network i.e. basic service set (BSS) Select a BSS Authentication Association,26,1. Discovering Available Network,Passive Scanning Each AP broadc
20、asts periodically a Beacon frame, which includes: APs MAC address, Network name (i.e. Service Set Identifier, SSID), etc. Active Scanning Station sends a Probe Request frame AP responses with a Probe Response frame, which includes APs MAC address, SSID, etc.,27,2. Choosing a Network,The user selects
21、 from available networks Common criteria: User choice Strongest signal Most recently used,28,3. Authentication,Authentication A station proves its identity to the AP.Two Mechanisms Open System Authentication Shared Key Authentication,29,Open System Authentication,The default authentication protocol
22、for 802.11.Authenticates anyone who requests authentication. NULL authentication (i.e. no authentication at all),Authentication Request (open system),Authentication Response,Station,Access Point,30,Shared Key Authentication,Authentication Request (shared key),128-byte “Challenge” text string, genera
23、ted randomly,“Challenge” text string, encrypted with shared key,Positive or negative response based on decryption result,Station,Access Point,It is assumed that the station and the AP somehow agrees on a shared secret key via a channel independent of IEEE 802.11.,Note: “Challenge” is encrypted by WE
24、P algorithm.,31,4. Association,Association Request,Association Response,Station,Access Point,The station needs to register to the AP.,32,How to transmit?,The MAC layer,33,Media Access Control,How to share a common medium among the users?,34,Motivation,Can we apply media access methods from fixed net
25、works?Example: CSMA/CD Carrier Sense Multiple Access with Collision Detection Method used in IEEE 802.3 Ethernet,35,CSMA/CD,Carrier Sense: Listen before talk Sense the channel If the channel is idle, transmit If the channel is busy, waits a random amount of time sense the channel again Collision Det
26、ection: Stop if collision occurs If there is a collision, stops transmission immediately, waits a random amount of time senses the channel again,36,Hidden Terminal Problem,由于站点距离竞争者太远,从而不能发现潜在介质竞争者的问题称为隐藏站点问题。 A, C cannot hear each other (CS fails) Collisions at B, undetected (CD also fails),Obstacl
27、es,Signal Attenuation,37,Exposed Terminal Problem,B,A,D,由于非竞争者距离发送站点太近,从而导致介质非竞争者不能发送数据的问题称为暴露站点问题。C has to wait, since CS signals a medium in use But A is outside the radio range of C; therefore waiting is not necessary C is “exposed” to B,C wants to send to someone else (not A or B),C,38,MAC子层协议,传
28、统的CSMA协议不适合于无线局域网,需要特殊的MAC子层协议 CSMA 在电缆上,信号传播给所有站点 CSMA只判断本发送站点周围是否有活跃发送站点 冲突被发送站点发现 某一时刻,信道上只能有一个有效数据帧 无线局域网 信号只能被发送站点周围一定范围内的站点接收 MAC子层协议需要尽量保证接收站点周围一定范围内只有一个发送站点。 冲突被接收站点发现 某一时刻,信道上可以有多个有效数据帧,39,MACA(Multiple Access with Collision Avoidance),是IEEE 802.11无线局域网标准的基础 基本思想:发送站点刺激接收站点发送应答短帧,从而使得接收站点周围
29、的站点监听到该帧,并在一定时间内避免发送数据。,40,MACA,IEEE 802.11 is based on the idea of MACA MACA uses a three-way handshake protocol Short signaling packets are used RTS (request to send)a sender request the right to send CTS (clear to send) the receiver grants the right to send The sender then sends the data.,41,An I
30、llustration: 3-way handshake,A,RTS,CTS,B,Data,Can it solve the hidden terminal problem?,Can it solve the exposed terminal problem?,42,A Solution: Hidden Terminal,MACA avoids the hidden terminal problem Both A and C want to send to B A sends RTS first C waits after receiving CTS from B,C,RTS,CTS,CTS,
31、B,D,43,A Solution: Exposed Terminal,MACA avoids the exposed terminal problem B wants to send to A, while C to another terminal now C does not have to wait, for it cannot receive CTS from A,A,B,C,RTS,CTS,RTS,D,44,Packet Collision,Collisions may occur during RTS-CTS exchange.,packet collision occurs,N
32、ext attempt: Transmit at a random slot over the contention window,How large is the contention window?,45,Binary Exponential Backoff,The contention window size is adjusted dynamically. binary exponential backoff is used.When a terminal fails to receive CTS in response to its RTS, it increases the con
33、tention window cw is doubled (up to an upper bound, CWmax)When a node successfully completes a data transfer, it restores cw to CWmin,46,Binary Exponential Backoff,The contention window size is doubled whenever a collision occurs.,A packet experiences i collisions,2i CWmin slots,47,Backoff过程,当空闲时间 I
34、FS,立即传输 当介质忙,延迟直到当前传输结束+ IFS时间 开始随机后退过程 选择一个随机数( 0, Cwindow) 使用侦听确定每个时间槽是否有活动 如果没有活动则减少backoff时间 后退过程中介质为忙时挂起backoff过程 在当前帧传输结束后恢复后退过程,使用后退过程延迟发送的目的在于避 免多个站点同时传输引起的冲突,48,IEEE 802.11 MAC Protocols,Two traffic services are supported Asynchronous Data Service Best-effort services Time-bounded Service (
35、optional) Guarantee a maximum delay Available only in infrastructure mode,49,Two Classes of Access Mechanisms,Distributed Coordination Function (DCF) Support asynchronous data services CSMA/CA CSMA/CA with RTS/CTS exchange (optional)Point Coordination Function (PCF) (optional) Support time-bounded s
36、ervices Polling from AP,50,Inter-Frame Spacings-控制等待时间的优先级参数,用不同的帧间隔来定义优先级 SIFS (Short Inter Frame Spacing) 最高priority, 用于ACK, CTS, polling response PIFS (PCF IFS) 中等priority,用于使用 PCF时限服务 DIFS (DCF IFS) 最低priority, 用于异步数据服务,时间,medium busy,SIFS,PIFS,DIFS,DIFS,next frame,contention,介质空闲时间 DIFS时,直接访问,5
37、1,使用 CSMA/CA的基本DCF,802.11 CSMA/CA: sender 如果介质持续为空的时间大于DIFS,则节点可以立即访问介质。(no collision detection) 网络负载较轻时可缩短访问延迟 网络规模增大时需要其他机制的协助 如果介质为忙,则等待一段随机时间。802.11 CSMA/CA: receiver if received OK return ACK (16 bytes) after SIFS,DIFS: Distributed Inter Frame Spacing SIFS: Short Inter Frame Spacing,52,CSMA/CA是
38、否公平?,如果介质忙,则节点必须等待DIFS,然后进入竞争阶段; 每个节点在竞争窗口中选择一个随机backoff时间,延迟这段时间访问介质; 如果随机等待时间过后,介质仍然为空,则节点可立即访问介质; 如果介质为忙?,那些已经等待过的节点: 重新开始下一轮竞争 每个节点在下一次竞争时具有同样的发送数据机会,53,基本DCF特性,当网络负载大时 竞争窗口越小,站点选择的随机值越接近。 导致太多的冲突 当网络负载轻时 竞争窗口越大,站点等待时间越长。 导致不必要的延迟 指数后退算法 竞争窗口初始化为某个最小值,发生冲突时加大窗口。直到达到最大值。,系统应该自我适应目前想发送的站点数目,54,竞争窗
39、口,最大窗口,最小窗口,初始窗口,第一次重传,第二次重传,第三次重传,第四次重传,第五次重传,31,63,127,255,511,1024,55,无冲突的单播数据传输,t,SIFS,DIFS,data,ACK,等待时间,其他站,接收方,发送方,data,DIFS,竞争窗口,How can other stations know how long the waiting time is? “DIFS+各自后退时间“,CSMA/CA + ACK 接收方在CRC正确时立即返回ACK 没有收到ACK则在随机后退时间后重传数据帧,留给短控制报文时间确保不会产生冲突,56,802.11对CSMA/CA的改
40、进,t,busy,boe,站点1,站点2,站点3,站点4,站点5,分组抵达MAC层,DIFS,boe,boe,boe,busy,共用的backoff时间,bor,剩余的backoff时间,busy,媒体不空闲 (帧, 确认等.),bor,bor,DIFS,boe,boe,boe,bor,DIFS,busy,busy,DIFS,boe,busy,boe,boe,bor,bor,Backoff=12,12-4=8,8-4=4,增加了一个backoff计时器,Backoff=8,Backoff=4,8-4=4,Backoff=4,保留计数,延迟发送,Backoff=12,Backoff=10,57,
41、带有RTS-CTS的扩展CSMA/CA,RTS/CTS机制 机制的使用是可选的 每个802.11节点必须实现该功能 明确预留信道 发送者发送短的RTS(请求发送) 接收者用短的CTS(清楚发送) CTS为发送者预留了带宽同时通告所有的站点(包括隐藏的) RTS和CTS长度很短,冲突的概率减少,接收方地址 发送数据帧时间 发送ACK时间,针对“隐藏站点”问题!,58,如何解决“隐藏站点”问题?,CSMA/CA: explicit channel reservation sender: send RTS (20 bytes) receiver: reply with CTS (16 bytes)
42、CTS reserves channel for sender, notifying (possibly hidden) terminals,4-way handshake,避免“隐藏”终端冲突,解决办法:通过短控制分组预留带宽,59,隐藏站点问题的解决,t,SIFS,DIFS,data,ACK,延迟访问,其他站,接收方,发送方,data,DIFS,竞争窗口,RTS,CTS,SIFS,SIFS,NAV (RTS),NAV (CTS),The RTS packet has a duration field, which consists of information about the leng
43、th of data packet. Other stations hear the RTS packet set their NAV accordingly.,The CTS packet also has the duration field. Other stations hear the CTS packet set their NAV accordingly.,NAV=network allocation vertor,网络向量分配,60,Method 2: Point Coordination Function,Polling by the access point (or poi
44、nt coordinator) Sends polling message after waiting for PIFS Since PIFS is smaller than DIFS, it can lock out all asynchronous traffic To prevent this, an interval called superframe is defined.,61,Two parts of a Superframe,Contention-free Period: The point coordinator polls stations with time-bounde
45、d service in a round-robin fashion,Contention Period: The point coordinator idles for the remainder of the superframe, allowing for asynchronous access.,62,Is it Secure?,The IEEE 802.11 Security Problem,63,WLAN Security Problem,Internal network protected,Wireless Access Point,Valid User Access Only,
46、Conventionally, an organization protect itself by limiting external connections to a few well protected openings called firewall. For wireless networks, anyone within the radio range can eavesdrop on the communication.,64,WLAN的安全需求,无线链路的安全缺陷 物理信道的开放性 网上涌现出相关的攻击软件 除了信息的截取,还可以进行DoS攻击,对比有线网络,更易于攻击,甚至是物
47、理层 安全机制 SSID(Service Set Identifier, a 32-character 的唯一标识) Probe request/probe response /beacon帧中包含SSID 基于MAC的接入控制 AP上具有可接入的MAC地址列表 WEP,65,Basic Security Mechanisms,Network Access Control based on SSID MAC Address Filtering Wired Equivalent Privacy (WEP) Shared Key Authentication-接入认证 Data Encryptio
48、n 加密算法是可选的(Optional) 基于RC4 PRNG (Pseudo Random Number Generator, RSA DataSecurity Inc.发明) 一个40/104 bit 密钥 一个24 bit 的初始向量(IV) 完整性校验ICV(使用CRC32),66,Mechanism 1: SSID,Only those stations with knowledge of the network name, or SSID, can join.The SSID acts as a shared secret.Is it secure?,67,SSIDs are “u
49、seless”!,AP periodically broadcasts the SSID in a beacon frame.Beacon frames are sent unprotected.A hacker can easily identify the SSID.,68,Mechanism 2: MAC Address Filtering,A MAC address list is maintained at each AP.Only those stations whose MAC addresses are listed are permitted access to the network.Is it secure?,
