Wireless LAN

• WiFi does not rely on a medium

• -> electromagnetic waves through the vacuum…

• Full Duplex -> signal interference…

• frequency interval -> broadcast channel

• carrier signal : 2.426 GHz

• channel: 22MHz broad…

• -> overlapping channels

• => delimiting channels with band or low pass filters

=> channel: continuous subset of frequencies within band… (band 2.4GHz, 5GHz,)

• IEEE 802.11b

• IEEE 802.11a

• IEEE 802.11g

• IEEE 802.11n

• IEEE 802.11ac

• IEEE 802.11ax

• 2.4 GHz

• 11 MBit/s

• 100m optimum

• 5 GHz

• 54 MBit/s

• 50m optimum

• => advantage: 5GHz less used by other devices (e.g. cellular, bluetooth)

  
  

• 2.4 GHz

• 54 MBit/s

• uses orthogonal frequency division multiplex

• 2.4 and 5 GHz

• 600 MBit/s

• 250m optimum, 70m indoors

• MiMo (multiple in multiple out)

  • -> use multiple antennas

• 5 GHz

• 7 GBp/s

  
  

• 2.4 and 5 GHz

• 11 GBit/s

• about half of what is specified for a,b,g

• yes -> incresase signal strength over allowed limit

• -> several km possible

• overlapping continuous frequencies

• 2.412 GHz middle

• -> 22MHz width of channel

• -> next channel 5MHz to the right…

• => need 4 channels in between to not overlap

• overlap

• -> degrade signal quality…

• on the standard

• No -> b/g is restricted in channels depending on the country…

• => Europe no 14, japan all, US no 12-14

• make use of multiple channels to enhance throughput

• Half Duplex

• -> as can send in both ways but not at the same time (interference)

• 50m

• 4

• => 14 channels in general but require 4 channels in between

• 1, 6, 11, 14

• => channel 14 greater distance than the rest (12 MHz)

• ad-hoc

• infrastructure mode

• ad-hoc

  • devices communicate directly with each other

• infrastructure

  • device communicate over base station -> usually Acces Point

• wireless station -> e.g. devices like PC or server (communication end-points)

• basic service set

• -> STA together with AP in infrastructure mode

• SSID

• service set identifier

  
  

• Beacon Frame by AP

• -> transmits SSID to STAs in range

• associatoin request to the AP

• if any kind of authentication and authrization (optional) is succesful

• -> client granted access by association response

• over AP

• => never direct in infrastructure mode…

• Consider STA A and B

• -> A and B are not in reach of each other

• -> but in SAME BSS -> AP reaches both…

• => B/A is a hidden terminal for A/B

opposite:

• in direct reach: exposed terminal

• AP

• -> controls which STA is allowed to send data at a given time

• -> enforces media acess control

• often: AP connects WLAN to wired network

• -> possibly multiple BSS connected with wired connected AP

• => ESS identified by ESSID

• Single network in University with multiple AP

• => single AP is BSS

• -> multiple of these, each with same SSID form ESS

• with common ESSID

• transparent roaming

• -> change AP from same ESSID…

• => e.g. eduroam…

• no AP for communication

• -> at least two STA form independent basic service set (IBSS)

• => also identified by SSID

• first STA starting the service

• -> takes over some crucial responsibilities of the AP

• => sending beacon frames containing SSID to announce IBSS

• -> also handles associations and disassociations

• altough taking some responsibilities of the AP

• => in ad-hoc, it does not relay the messages as all STA communicate directly… (in the same IBSS)

• communication with hidden terminals not possible…

• MAC address of AP for given BSS

• The AP administers STAs' access to the medium.

• All STAs which are part of the BSS are exposed to the AP.

• The STAs transmit data always to the AP which forwards it to the receiver

• An ESS comprises of multiple APs and all their associated STAs, connected through a distribution system.

• An SSID is the conventional name for a BSS.

• A BSS comprises of one AP with all its connected STAs.

• A BSS is uniquely distinguished by its BSSID which is the MAC address of the AP.

• 
  

• control frames

• management frames

• data frames

• used to implement media access control

• request to send (RTS)

• clear to send (CTS)

• acknowledgement

• PS, CF

• sent by station to receiver

• request permission to send data

• contains duration field indicating estimated time to complete the transfer

• including subsequent acknowledgement

• => can be used by client in range to determine how long medium will be busy

• response to request to send

• -> grant permission for sending data to specific STA

• => also contains duration field

• sent by receiving wireless statoin to nitofy sender that data frame was submitted successfully

• Delivers basic wireless services

• like announcement of a BSS and to manage association and disassociation of STAs

• Beacons

• Association request/response

• disassociation request/response

• reassociation request/response

• probe request/response

• authentication / Deauthentication

• frames containing user data

• comparable to ethernet frames

• Periodically announce the SSID of a BSS.

• asociation:

  • Sent by STA/AP when a new STA wants to join a BSS.

• disassociation:

  • Sent by STA/AP when a STA is about to leave a BSS

• reasociation:

  • Sent by STA/AP when a STA lost connection to the BSS and wants to reconnect.

• Sent by a STA while looking for a BSS with a specific SSID

• Both the probe request and response contain the SSID in clear text (even if encryption is enabled)

• Since it is sent every time before a STA connects to a BSS the SSID can be discovered by observing the connection establishment.

• This is why hiding the SSID is pointless in regard to security.

• set NIC to monitor mode

• -> instaead of promiscuous mode (only data frames)

• distributed foundation wireless medium access control (DFWMAC)

  
  

• three

• two distributed control functions

• one point coordinated function

• => all based on CSMA/CA

• short inter-frame spacing (SIFS)

• PCF inter-frame spacing (PIFS)

• DCF inter-frame spacing

• shortest waiting time

• -> depends on physical implementation (i.e. 802.11ac -> 16 micro seconds)

• -> used if STA wants to send short control messages

• SIFS plus one slot time

• -> used for time-bounded services (PCF) only

• SIFS plus two slot times

• => therefore longest waiting time

• -> used for normal data transfers

• if medium not busy when STA want to transmit

• -> wait at least DIFS period

• -> afterwards allowd to send immediately if medium still free

• -> otherwise -> choose random backoff lying in contention window

• => wait for DIFS plus random backoff time

• if medium busy -> start over again

• otherwise send data

• if transmission successfull, RECEIVER waits only for SIFS and sends acknowledgement

• sender: try to resend if after one DIFS no ACK was received

• can be sent after SIFS

• -> if sending regular stuff, stations have to wait DIFS (longer thatn SIFS) to transmit after medium became idle…

• two stations coincidentially use same backoff time -> start sending at the same time

• two stations mutually out of range (hidden terminals) => may overlap and only be visible to other stations but not stations involved…

• exponential backoff algorithm

• -> STAs involved into collision increase sizue of contention window from wich number of backoff slots randomly chosen

• -> increases each colliuson (siumioar to CSMA/CD in ethernet…)

• DFWMAC-DCF with RTS/CTS extension

• => use additional control frames RTS and CTS (request to send, clear to send)

• Uses same waiting strategy as DFWMAC-DCF with CSMA/CA

• => but instead of sending data frame -> send RTS frame (due to same waiting time -> same priority…)

• -> receiver of RTS frame (often AP in infrastructure mode) answers with CTS frame

  
  

• receiver address

• time needed to transmit the data frame

• plus expected time to receive ACK from receiver

• adjust net allocation vector (NAV)

• in accordance with duration field in RTS frame

• NAV -> specifies earliest point in future at which station can try to access medium again

• duratoin field

• -> specifying estimated time untiul transmission of the data frame and the ack id complete

• ajdust NAV same way as ones receiving RTS

• -> as both the sender and receiver transmit sth. (RTS; CTS)

• => all from them reachable stations get notified

• -> thus, no hidden stations in proximity anymore…

• after SIFS

• RTS / CTS scheme

• -> “reserves” medium through time values in CTS RTS frames…

• yes

• -> if STA coincidentially chose same backoff time…

• -> or if RTS/CTS not sensed… => collision if RTS of other station is sent before ongoing data transfer is sensed…

• maximum access delay

• minimum available bandwidth

• an access point controlling media access

• => thus cannot be used in ad-hoc

• no is optional

• -> seldomly used

• access time split into super-frames

  • super-frames made up of contention-free and contention period

• during contention period:

  • STA may request sending according to RTS/CTS

• during conteiton-free period:

  • AP explicitly polls stations by sending specialized control frames (PS frame)

  • -> is allowed to send this after PIFS -> thus always priority before STAs (having to wait DIFS to send data)

  • => polled client allowed to send data after SIFS period

  • afterwards AP polls next client

• => AP guarantees both maximum access delay and minimum bandwidth to each client

• => furthermore, AP can prioritize some clients over others implementing some type of QoS

• through a beacon frame by the AP

• yes!

• connects several BSS into ESS

• (from DS / to DS) ; (A1, A1, A3, A4)

• (0/0); (DA, SA, BSSID, -)

• (0/1) ; (DA, BSSID, SA, -)

• (1/0); (BSSID, SA, DA, -)

• (1/1); (RA, TA, DA, SA)

• got exchanged in infrastructure network

• comes from an AP

• frames can be intercepted by anyone in range…

• wired equivalent privacy

• -> encryption suite

• stream cipher RC4

• shared key

• -> compressed to 48 or 96 bits

• IV + Shared Key into RC4 -> Keystream

• Keystream xor data -> encrypted data

• data in CRC -> ICV

• => transmitted frame contains IV, encrypted data and ICV

• Leayer 2 header is left unencrypted (only L3 payload encrypted…)

• IV fail

• RC4 fail

• ICV fail

• Reply fail

• IV used to encrypt frame

• -> after 16 million frames -> IV starts again…

• in case of 20 MBit/s -> in about 2 hours

• => same key used for multiple messages…

• => decryption of all messages with same IV is possible if only one is cracked…

• => often, contents of messages known (e.g. ARP or name resolutoin) -> find out about key-stream …

• => also: WEP does not demand that IV are reandomly chosen

• -> can happen that all clients start with IV at 0…

• known weakness in RC4 about first few bytes of random material that is generated

• => thus RC4 demanging that first few thousand bytes not used for encryption… (of keystream)

• -> !!!!! this is not considered by WEP!!!!!

• -> plain text of first few bytes can be guesses (e.g. common header fields of higher layer protocols)

• -> with siome probability, these provide information about certain byeetes of the WEP key

• -> can be used to crack the key…

• ICV used as kind of crypto. checksum

• -> CRC used and encrypted using same mehcanimsm as the payload

• -> possible to modify packet and the ICV such that cryptog. checksum remains valid to receiver “!!!

• WEP does not protect from replay attacks

• -> attack: KoreK’s chopchop

• => can be used to recover complete keystream of a packet by chopping last byte of payload

• adapting ICV, re-injecting

• -> if assumpotion correct -> AP will accept frame… otherwise chopped byte can be gueddes again….

• => around 300k injections per packet with full payload needed…

• WiFi protected access

• -> used to overcome deficiencies of WEP

• WPA-TKIP

  • temporal key integrity protocol

  • makes still use of TC4 but with new key scheduling algo

  • => advantage: can be used on existing hardware…

• WPA AES (advanced encryption standard)

  • replaces RC4 by AES

  • cannot be easily supported by older AP through SW updates

• TKIP only uses per packet re-keying with same cipher and hardware -> make sth more secure

• WPA2 uses Counter mode ciphre block chaining message authentication code protocol)

• => mroe secure…

• CR4 replkaced with AES-CTR and AES-CBC-MAC to provide data integrity

=> since 2006, all WiFi certified devices must support WPA2

• pre shared key (PSK) mode

  • i.e. use password to login…

• enterprise mode

• stronger authenticaion and security

• -> takes care of authentication, authorization and accounting

• authentication server (RADIUS server)

• encryption keys generated dynamically per session after presentation of peer credentials (unlike PSK)

• supplicant

  • client aiminmg to get access to network

• authenticator

  • forwards supplicants request to authenticaoin server and controls based on its decisions access to the network

• authentication server

  • The server is checking the supplicant's request and then informs the Authenticator about its decision. In our setup this will be the radius server

• supplicant (client) communicates with authenticator (AP) using WAP (extended authentcation protocol)

• -> in our case, it is PEAP

  • TLS used to encrypt the communication

• Packets are then forwarded from authenticator to authentication server (radius server) by encapsulating them in radius frames (EAP)

• authentication server will answer access request withe either access accept or reject

• -> if accepted, -> authentication server will hand pairwise master key to authenticator

• -> needed to later generate key for session with supplicant within 4-way handshake

  
  

• both client and authenticator know paiurwise master secret

• which is used for authentication between the two partners

• => Here, key from shared secret is derived

• half duplex operatoin

  • can cause self interference (i.e. through reflection…)

• interference in general ->only one shared medium

• signal strength decreasing quadratically with distance

• multipath propatagion due to reflection and refraction

• half duplex vs full duplex, high speed data transfer

• interference vs negligible interference

• CSMA/CS and MAC necesarry vs usually no MAC necesarry as switches limit collision domain

• security vs no built in security

  
  

• FDMA - Frequency Division Multiple Access

  • each data stream uses different frequency band

• TDMA - time dividion multiple access

  • each data stream uses different time slot

• CDMA Code Division Multiple Access

  • multiplexing based on spreading-codes

• SDMA - Space Division Multiple Access

  • frequency reuse in different physical areas

unlicensed:

• 13.56 MHz -> NFC; RFID

• 2.4 GHz -> WLAN, Bluetooth, ZigBee, microwave ovens, RFID…

Mobile Netowrks (licensed)

• GSM (2G) 900MHz, 1800MHz

• UMTS (3G) 2100MHz

• LTE (4G) 800, 1800, 2600 MHz

• 5G 2100, 3600MHz

• inftastructure less vs infrastructure based

• single hop vs multi hop

• WLAN ad-hoc

• Bluetooth

• ZigBee

• Mobile ad-hoc networks

• e.g. Car to Car

• WLAN infrastructure mode

• cellular netowkrs

• wireless mesh networks

• station

  • wireless host

• access point

  • base station

• basic service set

  • group of communicatoin partners that use same channel

• extended service set

  • group of multiple interconnected BSS with common service set identifier (SSID)

• distribution system

  • interconnection network to connect multiple BSS

• source and destination addresses

• receiver and transmitter addresses

• 4 scenarios:

• from / to ds (yes/no)

• Address 1:

  • Reciver Address = Destination Address (station)

• Address 2:

  • Transmitter Address = Source Address

• Address 3:

  • BSSID Mac of AP

• Address 4:

  • None

• Address 1:

  • Reciver Address = Destination Address (station)

• Address 2:

  • Transmitter Address = BSSID (AP)

• Address 3:

  • Source Address

• Address 4:

• Empty

• Address 1:

  • Reciver Address = BSSID (AP)

• Address 2:

  • Transmitter Address = Source Address

• Address 3:

  • Destination Address

• Address 4:

  • None

• Address 1:

  • Reciver Address

• Address 2:

  • Transmitter Address

• Address 3:

  • Destination Address

• Address 4:

  • Source Address

=> Basically simlar to MAC and IP in IP routing…

• collision detection not really possible….

  • -> sensing while sending is difficult

  • -> a collision may only be visible to part of the nodes

• a frame is always fully transmitted

• link layer acknowledgements

=> thus not really…

• no

• 10 or 16 micro seconds

• 28 micro seconds, 34 micro seconds or 50 micro seconds

• 9 or 20 micro seconds

• 15 <= CW <= 1023

• data link layer receives frame from upper layer

• chose random backofftime = Random([0, CW]) * SlotTime

• wait until channel is idle for DIFS

  • if it is again busy -> wait again and increase

• while backoff time is > 0, wait for one slot time, decrease it (basically wait for backoff time…)

• transmit frame (after / during backoff time medium not busy else wait for DIFS before decreasing backoff time again…)

• transmit frame

• is ACK received after 1 DIFS?

  • no -> Congestion window ? Congestion window * 2 -> go back to choosing backoff

• yes -> finish

• data link layer receives frame from physical layer

• is received frame okay?

  • yes

    • wait for SIFS

    • transmit ACK

  • no

• finish

• the backoff does not start again if medium is busy

• -> if busy, simply wait for DIFS before continue to decrase it….

• congestion window only increased in case no ACK received (-> for retransmission…)

• Backoff chosen from first time on… (min 15… max 1024..)

• ready to send -> not request to send…

• the protection of management frames

• -> strictly enforced

• authenticatoin -> still regular password used

• encryption uses simultaneous authentication of equals

  • possible weak passwords only for authenticatoin

  • 128bit AES for traffic encryoption with SAE exchanged keys

• external server for authentication

• -> advantage:

  • mutual authenticaoitn

  • centralized authentication

• older standards dont encrypt traffic of open WiFi networks

• => WPA3 does…

• AP -> transmits to both…

• but both canot reach each other as the NDP fails…

• connect to both

• try to estabilsh to both

• -> wrong sequence numbers leads to closing the connection…

• hostapd.conf

• PBKDF2(passphrase, ssid, 4096, 256)

• 4096 -> number of iterations

• 256 -> bit length of key

• brodacast deauthentication packets

• -> source MAC is the one of the AP

• -> uses receiver address of host to be deauthenticated…

• -> has reason code (e.g. unspecified reason, inactivity,…)

• generate keys for encryption between supplicant (station) and authenticator (base station / AP)

• AP transmits Key Nonce (ANonce) and replay counter

• based on Nonce, STA can create pairwise TRANSIENT key from (

  • pairwise master key (shared secret)

  • Anonce

  • Snonce

  • MAC supplicant

  • MAC authenticator

• Supplicant to Authenticator

• also transmits Nonce, Replay Counter and additionally MAC

• AP can now also generate pairwise transient key same way as supplicant

• replay value is same as in first message

• MAC for integrity and authenticity of message (can be verified after calc. PTK)

• also, contains information about WAP, such as used ciper and capabilities

• transmit Group Transient Key (encrypted) after verifying MAC, Replay and RSN information from previous message exchange

• STA checks previosu message (MIC and replay counter)

• if valid transmit confirmation to AP

• -> finish 4-way handshake…

• EAPOL (extended autehticaiton protocol over lan)

• beacons

• -> get more information about AP in surroundin

• -> can use info to spoof one

• dBm decibel-miliwatts

• can decrypt stuff

• contrary to sniffer

• (only on L2…)

• admin side:

  • use individual passwords

• client side:

  • use VPN

• EAP packet with request identity from AP to STA

• Client to AP response identnty in EAP

• -> provide its identity, e.g. client1

• EAP-TLS handshake

AP <-> Station

-> Request TLS EAP

<- Client Hello

-> Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done

<- Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, ERncrypted Handshake Message

-> Change Cipher Spec, Encrypted Handshake Message

<- EAP-TLS response

-> Success

=> then 4-way handshake

• first authentication between client and radius server

• => TLS handshake forwarded by authenticator by encapsulating it in RADIUS packets….

• -> then, client authenticates with AP using 4-way handshake and EAP protocol

  • -> results in key exchange for encryption…

AP <-> RADIUS

• Forwards for the request and response identity

• as well as the EAP-TLS handshake

• an access request and response between AP and RADIUS server

=> 4 request responses exchanged

• 1 for identity

• 3 for TLS handshake

• durint RADIUS

• -> TLS master secred established

• => EAP-TLS (WPA Handhsakle) requires such master secret to derive master session key and extended session key

• pairwise encryption between client and AP

• client 1 <-> client 2 communication:

  • AP decrypt from client 1 with pairwise key

  • re-encrypts to client 2 with their pairwise key

• Broadcast:

  • has group transient key that is shared with all stations in the BSS…

• CLient tries to connect to other AP in reach

• -> usually also done if other AP with same SSID but stonger signal strength in reach…