Mobile Networks

Module B

WLAN Engineering Aspects

Prof. JP Hubaux

http://mobnet.epfl.ch
1

Reminder on frequencies and wavelenghts

twisted pair coax cable optical transmission

1 Mm 300 Hz

10 km 30 kHz

100 m 3 MHz

1m 300 MHz

10 mm 30 GHz

100 m 3 THz

1 m 300 THz

VLF

LF

MF

HF

VHF

UHF

SHF

EHF

infrared

visible light UV

VLF = Very Low Frequency LF = Low Frequency MF = Medium Frequency HF = High Frequency VHF = Very High Frequency

UHF = Ultra High Frequency SHF = Super High Frequency EHF = Extra High Frequency UV = Ultraviolet Light

Frequency and wave length:

= c/f
wave length , speed of light c 3x108m/s, frequency f
2

Frequencies for mobile communication

VHF-/UHF-ranges for mobile radio

simple, small antenna for handset deterministic propagation characteristics, reliable connections

SHF and higher for directed radio links, satellite communication

small antenna large bandwidth available

Wireless LANs use frequencies in UHF to SHF spectrum

some systems planned up to EHF limitations due to absorption by water and oxygen molecules (resonance frequencies)

Weather-dependent fading, signal loss caused by heavy rainfall etc.

Frequency allocation
Europe Mobile phones Dig. Dividend 800MHz GSM 890-915 MHz, 935-960 MHz; 1710-1785 MHz, 1805-1880 MHz UMTS 1920-1980 MHz 2110-2170 MHz LTE 2600MHz CT1+ 885-887 MHz, 930-932 MHz; CT2 864-868 MHz DECT 1880-1900 MHz IEEE 802.11 2400-2483 MHz 57255875 MHz USA AMPS, TDMA, CDMA 824-849 MHz, 869-894 MHz; TDMA, CDMA, GSM 1850-1910 MHz, 1930-1990 MHz; UMTS 1850-1910 MHz 1930-1990 MHz Japan PDC 810-826 MHz, 940-956 MHz; 1429-1465 MHz, 1477-1513 MHz UMTS 1749.9-1784.9 1844.9-1879.9

Cordless telephones

PACS 1850-1910 MHz, 1930-1990 MHz PACS-UB 1910-1930 MHz

PHS 1895-1918 MHz JCT 254-380 MHz

Wireless LANs

IEEE 802.11 2400-2483 MHz 57255875 MHz

IEEE 802.11 2471-2497 MHz 57255875 MHz

Note: in the coming years, frequencies will become technology-neutral

Characteristics of Wireless LANs

Advantages

flexibility (almost) no wiring difficulties (e.g., historic buildings) more robust against disasters like, e.g., earthquakes, fire - or users pulling a plug...

Disadvantages

lower bitrate compared to wired networks More difficult to secure

Scope of Various WLAN and WPAN Standards

Power consumption
802.11n 802.11a 802.11g 802.11b 802.11

Complexity

WLAN

802.15.I Bluetooth

802.15.4

WPAN

Data rate
6

WPAN: Wireless Personal Area Network

Design goals for wireless LANs

low power no special permissions or licenses needed to use the LAN robust transmission technology easy to use for everyone, simple management protection of investment in wired networks (internetworking) security, privacy, safety (low radiation) transparency concerning applications and higher layer protocols location awareness if necessary

Comparison: infrared vs. radio transmission

Infrared

Radio

uses IR diodes

Advantages

typically using the license free ISM band at 2.4 GHz and 5 GHz

simple, cheap, available in many mobile devices no licenses needed simple shielding possible

Advantages

coverage of larger areas possible (radio can penetrate walls, furniture etc.)

Disadvantages

Disadvantages

interference by sunlight, heat sources etc. many materials shield or absorb IR light low bandwidth

Example

very limited license free frequency bands shielding more difficult, interference with other electrical devices more difficult to secure

IrDA (Infrared Data Association) interface used to be available on many devices

Examples

IEEE 802.11, Bluetooth

Infrastructure vs. ad hoc networks

infrastructure network
AP AP wired network AP AP: Access Point

Ad hoc network

IEEE 802.11 - Architecture of an infrastructure network

Station (STA)
802.11 LAN 802.x LAN

terminal with access mechanisms to the wireless medium and radio contact to the access point group of stations using the same radio frequency station integrated into the wireless LAN and the distribution system bridge to other (wired) networks interconnection network to form one logical network (ESS: Extended Service Set) based on several BSS

STA1

BSS1

Basic Service Set (BSS)

Access Point
Portal

Access Point

Distribution System ESS BSS2

Access Point

Portal

Distribution System

STA2

802.11 LAN

STA3

10

802.11 - Architecture of an ad-hoc network

802.11 LAN STA1 BSS1 STA3

Direct communication within a limited range

STA2

Station (STA): terminal with access mechanisms to the wireless medium Basic Service Set (BSS): group of stations using the same radio frequency

802.11 LAN BSS2 STA5 STA4

11

Interconnection of IEEE 802.11 with Ethernet

fixed terminal mobile station server

infrastructure network
access point

application TCP IP 802.11 MAC 802.11 PHY 802.11 MAC 802.11 PHY 802.3 MAC 802.3 PHY

application TCP IP 802.3 MAC 802.3 PHY

12

802.11 - Layers and functions

MAC

PLCP (Physical Layer Convergence Protocol)

access mechanisms, fragmentation, encryption synchronization, roaming, MIB, power management

clear channel assessment signal (carrier sense)

MAC Management

PMD (Physical Medium Dependent)

modulation, coding
channel selection, MIB coordination of all management functions

PHY Management Station Management

IP MAC PHY PLCP PHY Management PMD MAC Management

Station Management

13

802.11b - Physical layer

3 versions: 2 radio: DSSS and FHSS (both typically at 2.4 GHz), 1 IR

data rates 1, 2, 5 or 11 Mbit/s

DSSS (Direct Sequence Spread Spectrum)

DBPSK modulation (Differential Binary Phase Shift Keying) or DQPSK (Differential Quadrature PSK) chipping sequence: +1, -1, +1, +1, -1, +1, +1, +1, -1, -1, -1 (Barker code) max. radiated power 1 W (USA), 100 mW (EU), min. 1mW

FHSS (Frequency Hopping Spread Spectrum)

spreading, despreading, signal strength min. 2.5 frequency hops/s, two-level GFSK modulation (Gaussian Frequency Shift Keying)

Infrared (rarely used in practice)

850-950 nm, diffuse light, around 10 m range carrier detection, energy detection, synchronization

14

802.11 - MAC layer principles (1/2)

Traffic services

Asynchronous Data Service (mandatory)

exchange of data packets based on best-effort support of broadcast and multicast

Time-Bounded Service (optional)

implemented using PCF (Point Coordination Function)

Access methods (called DFWMAC: Distributed Foundation Wireless MAC)

DCF CSMA/CA (mandatory)

collision avoidance via randomized back-off mechanism minimum distance between consecutive packets ACK packet for acknowledgements (not for broadcasts)

DCF with RTS/CTS (optional)

avoids hidden terminal problem access point polls terminals according to a list

PCF (optional and rarely used in practice)

DCF: Distributed Coordination Function PCF: Point Coordination Function

15

802.11 - MAC layer principles (2/2)

Priorities

defined through different inter frame spaces no guaranteed, hard priorities SIFS (Short Inter Frame Spacing)

highest priority, for ACK, CTS, polling response medium priority, for time-bounded service using PCF lowest priority, for asynchronous data service

PIFS (PCF IFS)

DIFS (DCF, Distributed Coordination Function IFS)

DIFS

DIFS PIFS SIFS

medium busy

contention

next frame
t

direct access if medium is free DIFS Note : IFS durations are specific to each PHY

time slot
16

802.11 - CSMA/CA principles

DIFS DIFS contention window (randomized back-off mechanism) next frame t time slot

medium busy direct access if medium has been free for at least DIFS

station ready to send starts sensing the medium (Carrier Sense based on CCA, Clear Channel Assessment) if the medium is free for the duration of an Inter-Frame Space (IFS), the station can start sending (IFS depends on service type) if the medium is busy, the station has to wait for a free IFS, then the station must additionally wait a random back-off time (collision avoidance, multiple of slot-time) if another station occupies the medium during the back-off time of the station, the back-off timer stops (to increase fairness)
17

802.11 CSMA/CA broadcast

=
DIFS station1 station2 busy station3 station4 station5 boe bor boe busy boe busy (detection by upper layer) DIFS boe boe bor busy DIFS boe bor DIFS boe busy

(detection by upper layer)

t Here St4 and St5 happen to have the same back-off time busy

medium not idle (frame, ack etc.)

packet arrival at MAC

boe elapsed backoff time bor residual backoff time Note: broadcast is not acknowledged 18

The size of the contention window can be adapted (if more collisions, then increase the size)

802.11 - CSMA/CA unicast

Sending unicast packets

station has to wait for DIFS before sending data receiver acknowledges at once (after waiting for SIFS) if the packet was received correctly (CRC) automatic retransmission of data packets in case of transmission errors

DIFS sender receiver other stations

data
SIFS ACK DIFS waiting time data t Contention window
19

The ACK is sent right at the end of SIFS (no contention)

802.11 DCF with RTS/CTS

Sending unicast packets

station can send RTS with reservation parameter after waiting for DIFS (reservation determines amount of time the data packet needs the medium) acknowledgement via CTS after SIFS by receiver (if ready to receive) sender can now send data at once, acknowledgement via ACK other stations store medium reservations distributed via RTS and CTS
DIFS

sender
receiver

RTS SIFS CTS SIFS

data SIFS ACK

other stations

NAV (RTS) NAV (CTS)

defer access

DIFS

data
t

Contention window RTS/CTS can be present for some packets and not for other
20

NAV: Net Allocation Vector

Fragmentation mode
DIFS sender receiver

RTS SIFS

frag1

frag2 SIFS

CTS SIFS

ACK1 SIFS

SIFS

ACK2

NAV (RTS) NAV (CTS) other stations NAV (frag1) NAV (ACK1) DIFS contention data t

Fragmentation is used in case the size of the packets sent has to be reduced (e.g., to diminish the probability of erroneous frames) Each fragi (except the last one) also contains a duration (as RTS does), which determines the duration of the NAV By this mechanism, fragments are sent in a row In this example, there are only 2 fragments

21

802.11 - MAC frame format

Types

control frames, management frames, data frames

Sequence numbers

important against duplicated frames due to lost ACKs

receiver, transmitter (physical), BSS identifier, sender (logical)

Addresses

Miscellaneous

sending time, checksum, frame control, data

bytes

2 Frame Control

2 6 6 6 2 6 Duration Address Address Address Sequence Address ID 1 2 3 Control 4 version, type, fragmentation, security, ...

0-2312 Data

4 CRC

detection of duplication

22

MAC address format

scenario ad-hoc network infrastructure network, from AP infrastructure network, to AP infrastructure network, within DS to DS from DS 0 0 0 1 1 1 0 1 address 1 address 2 address 3 address 4 DA DA BSSID RA SA BSSID SA TA BSSID SA DA DA SA

DS: Distribution System AP: Access Point DA: Destination Address SA: Source Address BSSID: Basic Service Set Identifier - infrastructure BSS : MAC address of the Access Point - ad hoc BSS (IBSS): random number RA: Receiver Address TA: Transmitter Address
23

802.11 - MAC management

Synchronization

Purpose

for the physical layer (e.g., maintaining in sync the frequency hop sequence in the case of FHSS) for power management

Principle: beacons with time stamps

Power management

sleep-mode without missing a message periodic sleep, frame buffering, traffic measurements

Association/Reassociation

integration into a LAN roaming, i.e. change networks by changing access points scanning, i.e. active search for a network

MIB - Management Information Base

managing, read, write

24

Synchronization (infrastructure case)

beacon interval

access point medium

B busy busy

B busy

B busy

value of the timestamp

beacon frame

The access point transmits the (quasi) periodic beacon signal The beacon contains a timestamp and other management information used for power management and roaming All other wireless nodes adjust their local timers to the timestamp

25

Synchronization (ad-hoc case)

beacon interval

station1
station2 medium

B1
B2 busy busy busy B beacon frame B2 busy

B1

t
value of the timestamp random delay (back-off)

Each node maintains its own synchronization timer and starts the transmission of a beacon frame after the beacon interval Contention back-off mechanism only 1 beacon wins All other stations adjust their internal clock according to the received beacon and suppress their beacon for the current cycle
26

Power management
Idea: switch the transceiver off if not needed States of a station: sleep and awake Timing Synchronization Function (TSF)

stations wake up at the same time

Traffic Indication Map (TIM)

Infrastructure case

list of unicast receivers transmitted by AP list of broadcast/multicast receivers transmitted by AP

Delivery Traffic Indication Map (DTIM)

Ad-hoc case

Ad-hoc Traffic Indication Map (ATIM)

announcement of receivers by stations buffering frames more complicated - no central AP collision of ATIMs possible (scalability?)

27

Power saving (infrastructure case)

Here the access point announces data addressed to the station TIM interval DTIM interval

access point medium station

D B busy busy

T busy

d busy p d

D B

t T TIM D DTIM awake

broadcast/multicast

d data transmission to/from the station

28

p Power Saving poll: I am awake, please send the data

Power saving (ad-hoc case)

ATIM window

beacon interval

station1

B1

B1

station2

B2

B2

t B beacon frame awake random delay a acknowledge ATIM A transmit ATIM D transmit data

d acknowledge data

ATIM: Ad hoc Traffic Indication Map (a station announces the list of buffered frames) Potential problem: scalability (high number of collisions)
29

802.11 - Roaming
No or bad connection? Then perform: Scanning

scan the environment, i.e., listen into the medium for beacon signals or send probes into the medium and wait for an answer station sends a request to one or several AP(s)

Reassociation Request

Reassociation Response

success: AP has answered, station can now participate failure: continue scanning

AP accepts Reassociation Request

signal the new station to the distribution system the distribution system updates its data base (i.e., location information) typically, the distribution system now informs the old AP so it can release resources
30

Security of 802.11

WEP: Wired Equivalent Privacy Objectives:

Confidentiality Access control Data integrity

M Integrity checksum IV C(M)

RC4

IV

RC4

P=

C(M)

P=

C(M)

Note: several security weaknesses have been identified and WEP should not be used anymore.

31

The new solution for 802.11 security: standard 802.1x

EAPOL (over Ethernet or 802.11) Encapsulated EAP, Typically on RADIUS

Supplicant

Authenticator

Authentication Server

EAP: Extensible Authentication Protocol (RFC 2284, 1998) EAPOL: EAP over LAN RADIUS: Remote authentication dial in user service (RFC 2138, 1997)

Features: - Supports a wide range of authentication schemes, thanks to the usage of EAP - One-way authentication - Optional encryption and data integrity
32

More on IEEE 802.1x

Example of authentication, using one-time passwords (OTP): Supplicant Authenticator
EAP-request/identity

Authentication server

EAP-response/identiy (MYID)
EAP-request/OTP, OTP challenge EAP-response/OTP, OTPpassword EAP-success

Authentication successfully completed

Port authorized

: exchange of EAPOL frame

: exchange of EAP frames in a higher layer protocol (e.g., RADIUS)

Notes : 1. Weaknesses have been found in 802.1x as well, but are corrected in the various implementations. 2. New standard in the making : IEEE 802.11i

33

IEEE 802.11 Standardization efforts

IEEE 802.11b

2.4 GHz band DSSS (Direct-sequence spread spectrum) Bitrates 1 11 Mbit/s 5 GHz band Based on OFDM (orthogonal frequency-division multiplexing) transmission rates up to 54 Mbit/s Coverage is not as good as in 802.11b 2.4 GHz band (same as 802.11b) Based on OFDM Bitrates up to 54Mb/s MIMO (multiple-input multiple-output) 40MHz channel (instead of 20MHz) Can operate in the 5GHz or 2.4Ghz (risk of interference with other systems, however) Bitrates up to 600Mb/s Extension of IEEE 802.11n, under development Enhanced DCF: to support differentiated service Security, makes use of IEEE 802.1x For vehicular communications 34 For mesh networks

IEEE 802.11a

IEEE 802.11g

IEEE 802.11n

IEEE 802.11ac IEEE 802.11e IEEE 802.11i IEEE 802.11p

IEEE 802.11s

Conclusion of Wireless LANs

IEEE 802.11

Very widespread Often considered as the system underlying larger scale ad hoc networks (although far from optimal, not designed for this purpose) Tremendous potential as a competitor of 3G cellular networks in hot spots

Bluetooth Security perceived as a major obstacle; initial solutions were flawed in both IEEE 802.11 (WEP) and Bluetooth Future developments

Ultra Wide Band?

35

References

J. Schiller: Mobile Communications, Addison-Wesley, Second Edition, 2004 Leon-Garcia & Widjaja: Communication Networks, McGrawHill, 2000 IEEE 802.11 standards, available at www.ieee.org www.bluetooth.com J. Edney and W. Arbaugh: Real 802.11 Security, Addison-Wesley, 2003

36

Ad Hoc On-Demand Distance Vector Routing (AODV)

Note: this and the following slides are provided here because AODV is used in the hands-on exercises. We will come back to this topic in a later module of the course.

37

AODV : Route discovery (1)

F Q A

G
J

R C N

M I

38

AODV : Route discovery (2)

F Q A

G
J

R C N

M I

: Route Request (RREQ)

Note: if one of the intermediate nodes (e.g., A) 39 knows a route to D, it responds immediately to S

AODV : Route discovery (3)

F Q A

G
J

R C N

M I

: represents a link on the reverse path

40

AODV : Route discovery (4)

F Q A

G
J

R C N

M I

41

AODV : Route discovery (5)

F Q A

G
J

R C N

M I

42

AODV : Route discovery (6)

F Q A

G
J

R C N

M I

43

AODV : Route discovery (7)

F Q A

G
J

R C N

M I

44

AODV : Route reply and setup of the forward path

F Q A

G
J

R C N

M I

: Link over which the RREP is transmitted : Forward path

45

Route reply in AODV

In case it knows a path more recent than the one previously known to sender S, an intermediate node may also send a route reply (RREP) The freshness of a path is assessed by means of destination sequence numbers Both reverse and forward paths are purged at the expiration of appropriately chosen timeout intervals

46

AODV : Data delivery

F Q A Data

G
J

R C N

M I

The route is not included in the packet header

47

AODV : Route maintenance (1)

F Q A Data

X
I

D
J M

R C N

48

AODV : Route maintenance (2)

F Q A RERR(G-J) G

X
I

D J

R
C N

M
L

When receiving the Route Error message (RERR), S removes the broken link from its cache. 49 It then initializes a new route discovery.

AODV (unicast) : Conclusion

Nodes maintain routing information only for routes that are in active use Unused routes expire even when the topology does not change Each node maintains at most one next-hop per destination

50

2011 Trial in MobNet with Nokia

http://lca.epfl.ch/projects/lca1-nokia
Adversarys APs

186 m

66 m

51