Lecture 6: Wireless Local Area Networks (IEEE 802.11) Dr. Reynold Cheng
This lecture is based on the textbook “W. Stallings, Wireless Communications and Networks, Prentice Hall, 2001”, the slides (prepared by Tom Fronckowiak) and figures provided at the Web site of the textbook and the lecture slides of Prof. Henry Chan and Prof. Victor Leung.
Class Objectives Overview Protocol Layers and Frame Format Access Control Power, Handoff and Security
2
What is IEEE 802.11?
A wireless LAN protocol operating in the license-free spread-spectrum radios in the ISM (industrial, scientific and medical) bands or infra-red transmissions A MAC protocol and physical medium specification developed by the IEEE 802 Committee Wi-Fi Alliance: an industry group for certifying interoperabilty of 802.11 products
A certified 802.11 product is Wi-Fi certified
The first widely accepted standard is 802.11b
3
IEEE 802.1 Standards (Table 14.1)
4
Key Features of 802.11 WLANs
Enable flexible interconnections of workstations, PCs, notebooks, PDAs, etc., via wireless links among themselves (ad hoc networks) or to a backbone LAN (infrastructure networks) Infrastructure networks have centralized (cellular) architecture Distributed coordination function (DCF) for contention services Point coordination function (PCF) for contention-free access RTS/CTS exchange to handle hidden terminal and exposed terminal issues 5
Distributed and Centralized Access
DCF (Distributed Coordination Function)
PCF: (Point Coordination Function)
Distribute the decision to transmit over all the nodes using a carrier-sense mechanism Used in ad hoc network of peer workstations Good for bursty traffic Used in Contention Period Allow regulation of transmission by a centralized decision maker natural for connecting wireless stations to a backbone wired LAN Useful if some data is time sensitive or high priority Used in Contention-free Period
Stations can be configured in either modes 6
Architecture of 802.11 WLAN
7
Elements of 802.11 WLANs
Station – device equipped with 802.11 conformant MAC and physical layer
Basic service set (BSS) – a set of stations controlled by a single coordination function that determine when a station may transmit or receive protocol data units/frames (PDU)
Access point (AP) – a station that provides access to a distribution system
Distribution system (DS) – usually a LAN, that interconnects a set of BSSs to create an extended service set (ESS)
ESS – DS interconnected BSSs that form one logical LAN 8
IEEE 802.11 Services
Services provided by the station – implemented in every station including AP MSDU delivery – accept MAC Service Data Units from upper layer at transmitter and deliver them to upper layer at receiver Privacy – data encryption/decryption Authentication/De-authentication – protect system from unauthorized access Services provided by the distribution system – implemented either in AP or special device inside DS Association/Dissociation/Re-association – enables station to power up/down and move within an ESS Distribution – data transfer between different BSSs Integration – bridging with other IEEE 802.x LANs
9
Class Objectives Overview Protocol Layers and Frame Format Access Control Power, Handoff and Security
10
Reference Model for IEEE 802.x
11
IEEE 802.11 Protocol Architecture
Physical layer
MAC PLCP PMD
MAC management PHY management
Station management
Data link layer
LLC
PLCP: Physical layer convergence protocol PMD: Physical medium dependent 12
IEEE 802.11 Protocol Layers
MAC (Medium access control) sublayer
MAC management sublayer
Carrier sensing and channel assessment Frame formation for sending/receiving info using PMD sublayer
Physical medium dependent (PMD) sublayer
Power management Connection management and roaming in ESS
Physical layer convergence protocol (PLCP)
Access mechanism Fragmentation/reassembly of MSDUs
Defines modulation and coding techniques for signaling
PHY management: selection of PHY layer options Station management for coordinating interaction between MAC and PHY layers 13
IEEE 802.11 Services
14
Original 802.11
Direct Sequence Spread Spectrum (DSSS) 2.4 GHz ISM (instrumentation, scientific, medical) band Maximum 2 Mbps Frequency Hopping Spread Spectrum (FHSS) 2.4 GHz ISM band Maximum 2 Mbps 78 hopping channels for North America and Europe Infrared (IR) Diffuse infrared transmission for indoor environments at wavelength between 850 and 950 nm 1 Mbps (Basic Access Rate) 2 Mbps (Enhanced Access Rate)
15
Enhanced 802.11
IEEE 802.11b 2.4 GHz ISM band, like the original 802.11 standard Maximum 11 Mbps IEEE 802.11a 5 GHz U-NII band (Universal Networking Information Infrastructure) Maximum 54 Mbps OFDM with up to 52 sub-carriers IEEE 802.11g 2.4 GHz ISM band, backward compatible with 802.11b Maximum 54 Mbps
Reference: http://compnetworking.about.com/cs/wireless80211/a/aa80211standard.htm 16
IEEE 802.11 MAC Frame Format Address: source/destination/sender/receiver address
17
Fields
Frame control: frame type and control information Duration/Connection ID: time (in ms) the channel will be assigned or the connection identifier Address: source/destination/sender/receiver address etc. depending on the situation Sequence control: fragment number (4 bits) for fragment identification and sequence number (12 bits) for sequence identification Frame body: frame content Frame check sequence: error checking (32-bit CRC)
18
Frame Control Fields
Protocol version: version of the 802.11 protocol Type: control, management or data frame Sub-type: function of the frame To DS: “the frame is sent to DS” (bit=1) From DS: “the frame is sent from DS” (bit=1) More fragments: more fragments to arrive Retry: retransmission of a previous frame Power management: the sender is in sleep mode More data: the sender has more data to transmit WEP: wired equivalent protocol is enabled Order: received frames must be handled in order
19
Control Frames Subtypes
For reliable delivery of data frames
Power-save-poll (PS-Poll)
Request to send (RTS)
acknowledges receipt of the previous frame
Contention-free (CF)-end
allows the sender to transmit data
Acknowledgment (ACK)
requests to send data to the receiver (see later)
Clear to send (CTS)
notifies the AP to send the frame(s) stored during the “sleep” period
informs the end of the contention-free period
CF-end + CF-ack
acknowledges the CF-end frame
20
Data Frames Subtypes
Data: carries user data (used for both contention and contention free periods)
Data + CF-ack: carries user data and acknowledges receipt of the pervious frame
Data + CF-poll: used by a point coordinator to send data to a station and to request the station to transmit data if any
Data + CF-ack + CF-poll: all of the above Null: no data but notifies the AP that the station has entered the sleep mode (i.e., the power management bit is set to 1) CF-ack: same as the above but no data CF-poll: same as the above but no data
CF-ack + CF-poll: same as the above but no data
21
Management Frames Subtypes
For managing communications between stations and APs Association request a terminal requests to associate with an AP Association response the AP notifies acceptance or rejection Reassociation request a terminal requests to associate with an AP when it moves to another BSS Reassociation response responds to the reassociation request Probe request gets information
22
Management Frames Subtypes (cont’d)
Probe response responds to the probe request Beacon Transmitted periodically to allow mobile stations to locate and identify a BSS Announcement traffic indication message announces that there are buffered frames to be sent (to stations operating in sleep mode) Dissociation a terminal wants to end an association Authentication used for authentication purposes (see later) Deauthentication used for ending a secure session 23
Valid Type and Subtype Combinations
24
Valid Type and Subtype Combinations (cont’d)
25
Class Objectives Overview Protocol Layers and Frame Format Access Control Power, Handoff and Security
26
IEEE 802.11 MAC Architecture Required for Contention Free Services
MAC Extent
Point Coordination Function (PCF)
Used for Contention Services and basis for PCF
Distributed Coordination Function (DCF) 27
Two Transfer Modes
Two-way transfer: A
sender transmits data to a receiver. The receiver returns an acknowledgement.
Four-way transfer: A
sender transmits a Request-To-Send (RTS) to a receiver. The receiver returns a Clear-To-Send (CTS). The sender transmits data. The receiver returns an acknowledgement. More reliable than two-way transfer 28
DCF Protocol: CSMA/CA
Carrier sensing Physical sensing of radio frequency (RF) carrier Virtual carrier sensing using the network allocation vector (NAV) signal (i.e., record how long the channel will remain busy) – enables contention-free access using RTS/CTS or PCF mechanisms Collision avoidance using inter-frame space (IFS) – a certain amount of delay time to avoid collisions A frame is allowed to access the channel only if the channel has been idle for longer than IFS 3 types of IFS (discussed later) 29
Contention-based Access (Simplified)
30
Contention Access: Binary Exponential Backoff
The station sets a random backoff timer (granularity = time slot = 20 µsec for DSSS). The station transmits a frame if the backoff timer expires and the channel is still idle. Binary exponential backoff: the mean value of the random delay by the backoff time is doubled for each retransmission. Stations with unexpired backoff timer freezes timer when the channel becomes busy and resumes countdown in the next contention window.
Repeated failed attempts will result in longer backoff times
Successful transmissions are acknowledged with ACKs. A frame is retransmitted if the ACK is not received. 31
Refined IFS Priority Scheme
3 types of IFS: Short IFS (SIFS) for immediate response actions, e.g., ACK, CTS (Clear-To-Send) and poll response (highest priority) – 10 µsec for DSSS PCF IFS (PIFS), used by centralized controller in the PCF scheme when issuing polls DCF IFS (DIFS) for DCF operation, used as a minimum delay for asynchronous frames contending for access DIFS > PIFS > SIFS
Each type of frame is allowed to access the channel only if the channel has been idle for longer than the respective IFS
32
Basic Access Method Immediate access for new arrival when the medium is free ≥ Contention Window
Busy Medium
Backoff Window Next Frame Slot Time
Deferred Access Select slot using binary exponential backoff
33
Hidden & Exposed Terminals Station D
A
B
C
Station A wants to send data to station B. Station C is hidden from station A, i.e., unable to detect carrier transmitted from station A. Station B is exposed to station C, i.e., transmission from station C can interfere with reception of station A’s transmission at station B. Station D is hidden from station B and station A is exposed to station D.
34
Directed Transfer Using RTS/CTS (four-way transfer) RTS Source
DATA
CTS
ACK
Destination
Other Stations
NAV (RTS) NAV (CTS) Defer Access
Contention Window
Backoff 35
Synchronization and Registration
System timing synchronization function (TSF) is maintained by quasi-periodic transmissions of beacon frames by the AP or by the stations in a distributed manner. Beacon is a broadcast management frame that includes information such as timestamp, traffic indication message (TIM), etc., which all stations must receive. Beacons can be deferred by data traffic. When powered up, a station searches for a beacon with the largest received signal power. It then transmits an association request frame to the AP that sent the selected beacon. The AP returns an association response frame to the station to complete the registration.
36
Beacon Transmissions F
F
F
Traffic B Actual beacons
B
B
B
B = Beacon frame F = Traffic frames
Expected beacon time 37
Contention-Free Access in 802.11
Directed transfer using CTS/RTS enables contention-free data frame and ACK transmissions after initial contention. PCF allows AP to coordinate access on a contention-free basis by polling the stations. Contention-free periods (CFP) are repeated at quasi-periodic intervals – the CFP repetition interval, nominally at the same interval as the beacons; they can be shortened due to ongoing data traffic In each CFP, stations in PCF mode are polled for traffic. Stations in DCF mode set NAV and defer transmissions. CFP can be terminated early using a CF-end frame which terminates the NAV at DCF stations. 38
IEEE 802.11 MAC Timing
39
Class Objectives Overview Protocol Layers and Frame Format Access Control Power, Handoff and Security
40
Power Management
To save power, stations can inform the AP that they are going to power-save (PS) mode that put them to sleep.
Incoming data for stations in PS mode are buffered at AP.
Each PS-mode station wakes up periodically at expected beacon times to wait for beacon reception.
TIM in each beacon indicates the set of stations in sleep mode that have incoming data buffered at AP.
DCF stations inform AP that they are active by sending a PS-poll frame to AP and wait for data.
PCF stations remain active after receiving TIM so that they can be polled. 41
Handoff Support
Three mobility types defined:
No transition: stationary or movement limited to within BSS
BSS transition: movement within ESS between different BSSs
ESS transition: movement between different ESSs
ESS transition usually requires re-registration; existing connection may be lost.
BSS transition supports handoff between APs.
When the radio signal strength (RSS) of the current AP falls below a threshold, the station scans for beacons of other APs and compare the RSS to identify candidate APs to handoff.
This is called “station-controlled handoff”: a station dissociates from the old AP and reassociates with the new AP.
42
Wired Equivalent Privacy (WEP)
WEP is the encryption technique employed by 802.11 for privacy. It employs the RC4 encryption algorithm with 40 or 128-bit secret key shared between the sender and receiver. A secret key with 24-bit initialization vector (IV) appended is used as the seed for a pseudorandom number (PN) generator to generate a (PN) bit sequence with the same length as the MAC frame. The PN sequence is bit-by-bit XORed with the MAC frame and transmitted with the IV. The CRC in the MAC frame is used for integrity check. 43
WEP Operations
44
IEEE 802.11 Authentication
Open system authentication – simple exchange of authentication frames with no security benefit. Shared key authentication employs WEP in the following exchange of authentication frames: Station (STN) A sends a 128-byte challenge text, generated using the RC-4 PN generator, to STN B. STN B encrypts the challenge text using the shared secret key and an IV, and send the secret text to STN A. STN A decrypts the text and compare with the original challenge text – a match proves that STN B knows the secret key. STN A returns a success/failure indication to STN B and completes the authentication process.
WPA (Wi-Fi Protected Access) as an improved version over WEP and used in 802.11i
45