Slides

802.11 Networks 802.11 Networks

Olga AgnewOlga AgnewBryant LikesBryant LikesDaewon SeoDaewon Seo

AgendaAgenda

Bryant:Bryant: 802.11 Overview802.11 Overview Bryant:Bryant: 802.11b802.11b Olga:Olga: 802.11a802.11a Olga:Olga: Comparison - 802.11b Comparison - 802.11b

and 802.11aand 802.11a Daewon:Daewon: SecuritySecurity

Why wireless?Why wireless?

MobilityMobility FlexibilityFlexibility Can be more cost effectiveCan be more cost effective

802.3 Ethernet Networks802.3 Ethernet Networks

Ethernet networks make up 95% of LANsEthernet networks make up 95% of LANs Ethernet Ethernet

Network Interface Cards (NIC)Network Interface Cards (NIC) Network CablesNetwork Cables HubsHubs

802.11 Wireless Networks802.11 Wireless Networks

802.11 builds on Ethernet802.11 builds on Ethernet 802.11802.11

Network Interface Cards (NIC)Network Interface Cards (NIC) AirAir Access PointsAccess Points

802.11 Components802.11 Components

Distribution SystemDistribution System Access PointsAccess Points Wireless MediumWireless Medium StationsStations

DistributionSystem

Access Point

Station

WirelessMedium

802.11 Topologies802.11 Topologies

Independent networksIndependent networks

Infrastructure networksInfrastructure networksAccess Point

Wireless BridgingWireless Bridging

Can also be setup as a bridgeCan also be setup as a bridge

(Yagi directional antenna)(Yagi directional antenna)

Access PointAccess Point

802.11 Media Access Control802.11 Media Access Control

Ethernet uses CSMA/CDEthernet uses CSMA/CD 802.11 uses CSMA/CA802.11 uses CSMA/CA

Distributed Coordination Function (DCF)Distributed Coordination Function (DCF) Low overheadLow overhead

Point Coordination Function (PCF)Point Coordination Function (PCF) Avoids the hidden node problemAvoids the hidden node problem

802.11 Network Operations802.11 Network Operations

DistributionDistribution Deliver messages to their destinationDeliver messages to their destination All messages use this serviceAll messages use this service

IntegrationIntegration Connects the wireless network to the Connects the wireless network to the

wired networkwired network

802.11 Network Operations802.11 Network Operations

AssociationAssociation ““Plugs” stations into the networkPlugs” stations into the network

ReassociationReassociation Switching to another AP with better Switching to another AP with better

serviceservice

DisassociationDisassociation Association no longer neededAssociation no longer needed

802.11 Network Operations802.11 Network Operations

AuthenticationAuthentication Prevents unauthorized usePrevents unauthorized use

DeauthenticationDeauthentication Terminates authenticated relationshipTerminates authenticated relationship

PrivacyPrivacy Wired Equivalency Privacy (WEP)Wired Equivalency Privacy (WEP)

MAC Service Data Unit (MSDU) DeliveryMAC Service Data Unit (MSDU) Delivery Destination deliveryDestination delivery

802.11b802.11b

802.11b - Data Transmission802.11b - Data Transmission

Transmit 300 to 500 feetTransmit 300 to 500 feet Frequency-hopping spread-spectrum Frequency-hopping spread-spectrum

(FHSS)(FHSS) 1 or 2 Mbps1 or 2 Mbps

Direct-sequence spread-spectrum (DSSS)Direct-sequence spread-spectrum (DSSS) 1, 2, 5.5, or 11 Mbps1, 2, 5.5, or 11 Mbps

802.11b – 802.11b – Frequencies and BandwidthFrequencies and Bandwidth 2.4000 to 2.4835 GHz frequency2.4000 to 2.4835 GHz frequency 22 MHz bandwidth per channel22 MHz bandwidth per channel 3 MHz guardbands3 MHz guardbands Analog radio signal (NIC is modem)Analog radio signal (NIC is modem)

802.11b - Transmission802.11b - Transmission

1 and 2 Mbps speeds1 and 2 Mbps speeds Use 11-bit Barker sequenceUse 11-bit Barker sequence

5.5 and 11 Mbps speeds5.5 and 11 Mbps speeds Use complementary code keying (CCK)Use complementary code keying (CCK)

802.11a802.11a

802.11a802.11a Why did ‘a’ come before ‘b’?Why did ‘a’ come before ‘b’? Is it different?Is it different? Is it better?Is it better? Is it faster? Is it faster?

802.11a - Data Transmission802.11a - Data Transmission

Transmit 100 to 150 feetTransmit 100 to 150 feet Orthogonal Frequency-Division Orthogonal Frequency-Division

Multiplexing (OFDM)Multiplexing (OFDM) 6 to 54 Mbps6 to 54 Mbps

802.11a - 802.11a - Frequencies and BandwidthFrequencies and Bandwidth 5 - GHz frequency5 - GHz frequency 12 channels12 channels

20 MHz bandwidth per channel20 MHz bandwidth per channel Broken into 52 separate channelsBroken into 52 separate channels

48 transmit, 4 used for control48 transmit, 4 used for control

802.11a - Transmission802.11a - Transmission 6 and 9 Mbps speeds6 and 9 Mbps speeds

Use 24-bit Barker sequenceUse 24-bit Barker sequence Converted to 1 OFDM symbol of 48 Converted to 1 OFDM symbol of 48

bitsbits 12, 24 and 48 Mbps speeds12, 24 and 48 Mbps speeds

Use binary phase shift keying Use binary phase shift keying (BPSK)(BPSK)

ComparisonComparison Physical LayerPhysical Layer

802.11b802.11b 802.11a802.11a

DSSSDSSS3 - 22 MHz channels3 - 22 MHz channelsData Rates: up to 11Data Rates: up to 11

Mbps (5.5 is norm) Mbps (5.5 is norm)

OFDMOFDM12 – 20 MHz channels12 – 20 MHz channelsData rates: up to 54Data rates: up to 54

Mbps (12-24 is norm)Mbps (12-24 is norm)

Comparison (cont’d)Comparison (cont’d) Physical LayerPhysical Layer

802.11b802.11b 802.11a802.11a

DSSS (cont’d)DSSS (cont’d)Frequency RangeFrequency Range

up to 300 Feetup to 300 Feet

OFDM (cont’d)OFDM (cont’d)Frequency Range:Frequency Range:

up to 150 Feetup to 150 Feet

ConclusionConclusion Is faster really better? Is faster really better? What are the application needs?What are the application needs?

Better for higher end appsBetter for higher end apps Video, Voice, transmission of large image or Video, Voice, transmission of large image or

large files, etc.large files, etc.

Shorter distanceShorter distance Remember…“There’s always a trade-off” Remember…“There’s always a trade-off”

Conclusion (Cont’d)Conclusion (Cont’d) Additional factors to consider:Additional factors to consider:

2.4 GHz frequency shared by:2.4 GHz frequency shared by: wireless phones, microwave ovenswireless phones, microwave ovens Bluetooth devices, others…Bluetooth devices, others…

Combo-cards now availableCombo-cards now available Proxim’sProxim’s

802.11 Security Overview802.11 Security Overview

Overview of 802.11 SecurityOverview of 802.11 Security

Not long ago Not long ago Wireless security was an afterthought Wireless security was an afterthought

(new and rare)(new and rare)

NowNow Security issues became more vital Security issues became more vital

(available for anyone and cheap)(available for anyone and cheap)

Same risks as Wired-LANs?Same risks as Wired-LANs?

Threat to physical security of a networkThreat to physical security of a network Denial of service and sabotageDenial of service and sabotage

Unauthorized access and eavesdroppingUnauthorized access and eavesdropping Attacks form within the network’s user Attacks form within the network’s user

communitycommunity Employees have been known to read, Employees have been known to read,

distribute, and alter valuable company datadistribute, and alter valuable company data

802.11 Security Mechanisms802.11 Security Mechanisms

Authentication through…Authentication through… Open systemOpen system Shared key authenticationShared key authentication

Data confidentiality through…Data confidentiality through… Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)

AuthenticationAuthentication

Open systemsOpen systems Do not provide authenticationDo not provide authentication Only identification using the wireless Only identification using the wireless

adapter’s MAC addressadapter’s MAC address Access can be based on MAC addressAccess can be based on MAC address MAC address of wireless client can be MAC address of wireless client can be

spoofedspoofed

Overall, the open system is Overall, the open system is notnot secure. secure.

Authentication (Continued)Authentication (Continued)

Shared key authenticationShared key authentication

Authentication (Continued)Authentication (Continued) Shared key authentication…Shared key authentication…

It is delivered to participating station through a It is delivered to participating station through a secure channel that is independent of IEEE secure channel that is independent of IEEE 802.11802.11

The secret of shared key is manually The secret of shared key is manually configured for both the wireless AP and clientconfigured for both the wireless AP and client

Securing physical access to the network is Securing physical access to the network is difficultdifficult

Anyone within range of wireless AP can listen Anyone within range of wireless AP can listen other users’ dataother users’ data

In the overall, this authentication is not In the overall, this authentication is not secure and is not recommended for usesecure and is not recommended for use

WEP EncryptionWEP Encryption

802.11-Level of data confidentiality is 802.11-Level of data confidentiality is equivalent to a wired networkequivalent to a wired network

Use-RC4 symmetrical stream Use-RC4 symmetrical stream cipher(40-bit or 104-bit encryption cipher(40-bit or 104-bit encryption key)key)

WEP Encryption (Cont)WEP Encryption (Cont)

Provide data integrity from random Provide data integrity from random errors (Integrity Check Value)errors (Integrity Check Value)

The determination and distribution The determination and distribution of WEP keys are not defined text of WEP keys are not defined text string must be manually configuredstring must be manually configured

There is no defined mechanism to There is no defined mechanism to change the WEP keychange the WEP key

WEP Encryption (Cont)WEP Encryption (Cont)

All wireless APs and Clients use the All wireless APs and Clients use the same configured WEP key for multiple same configured WEP key for multiple connection and authentication-it is connection and authentication-it is possible for a malicious users to possible for a malicious users to remotely capture WEP cipher text- remotely capture WEP cipher text- problem of securityproblem of security

The lack of WEP key management – The lack of WEP key management – cause change in WEP key frequentlycause change in WEP key frequently

Security SummarySecurity Summary

The lack of automated authentication and The lack of automated authentication and key determination cause problems in key determination cause problems in shared communicationshared communication

WEP never be totally secure, and 802.11 WEP never be totally secure, and 802.11 security will not be secure eithersecurity will not be secure either

New versions of 802.11 is focus on new New versions of 802.11 is focus on new encryption, authentication and key encryption, authentication and key exchange algorithm for better securityexchange algorithm for better security

802.11 security is being investigated for 802.11 security is being investigated for better protection from all attacksbetter protection from all attacks

Questions?Questions?