unit1 wirless netwrok

8/9/2019 unit1 wirless netwrok

1/23

WIRELESS NETWORK:

Unit I

MEDIUM ACCESS ALTERNATIVES

SESSION TITLE

Session 1.1. Fixed access for voice oriented networks- TDMA,FDMA

Session 1.2. Code division multiple access

Session 1.3. Comparison of cdma ,tdma and fdma

Session 1.4. Comparison of cdma ,tdma and fdma

Session 1.5. Random access for data oriented networks

Session 1.6. Hand off

Session 1.7. Channel assignment schemes

Session 1.8. Roaming support

Session 1.9. Security & Privacy

MULTIPLE RADIOACCESS

Medium Access Alternatives: Fixed-assignment for Voice Oriented NetworksRandom Access for Data Oriented Networks , Handoff and Roaming Support,

Security and Privacy


2/23

Classification of Multiple Access Protocols

1. Fixed-Assignment Access for Voice-Oriented Networksa.Frequency Division Multiple Access (FDMA)

b.Time Division Multiple Access (TDMA)

c.Code-Division Multiple Access (CDMA)

2. Random Access for Data-Oriented Networksa.ALOHA-Based Wireless Random Access Techniques

b.CSMA-Based Wireless Random Access Techniques

Multiple access protocols

Contention-based Conflict-free

Random access Collision resolution

FDMA,

TDMA,

CDMA,

Token Bus,

DQDB, etc

ALOHA,CSMA,

BTMA,

ISMA,

etc

TREE,WINDOW,

etc

BTMA: Busy Tone Multiple Access

ISMA: Internet Streaming Media Alliance DQDB: Distributed Queue Dual Bus


3/23

Fixed-Assignment Access for Voice-Oriented Networks

Theavailablespectrumbandwidthforourwirelesscommunicationislimited.

Multipleaccesstechniquesenablemultiplesignalstooccupyasinglecommunicati

onschannel.

Major Types

Frequency division multiple access (FDMA)Time division multiple access (TDMA)

Code division multiple access (CDMA)

Frequency division multiple access (FDMA)

Itassignsindividualfrequencytoindividualusers.(i.e)accommodatesoneuseratatime.

EachuserisseparatedbyGuardBands.

ThecomplexityofFDMAmobilesystemsislowerwhencomparedtoTDMAsystems

Aguardbandisanarrowfrequencybandbetweenadjacentfrequencychannelstoavoidinterferenc

efromtheadjacentchannels


4/23

henumberofchannelsthatcanbesimultaneouslysupportedinaFDMA

systemisgivenby

BT->totalspectrumallocation,

BGUARD->theguardband

BC->thechannelbandwidth

Key Features

IfanFDMAchannelisnotinuse,thenitsitsidleandcannotbeusedbyotherusers

ThebandwidthsofFDMAchannelsarenarrow(30kHz)

Intersymbolinterferenceislow

Itneedsonlyafewsynchronizationbits

De Merits

FDMAsystemsarecostlierbecauseofthesinglechannelpercarrierdesign,

Itneedtousecostlybandpassfilterstoeliminatespuriousradiationatthebasestation.

TheFDMAmobileunitusesduplexerssinceboththetransmitterandreceiveroperat

eatthesametime.ThisresultsinanincreaseinthecostofFDMAsubscriberunitsandbasestations.

FDMArequirestightRFfilteringtominimizeadjacentchannelinterference.

Time Division Multiple Access


5/23

TDMA vs FDMA

Timedivisionmultipleaccess(TDMA)systemsdividetheradiospectrumintotimes

lots

Eachuseroccupiesacyclicallyrepeatingtimeslot

AsetofNslotsformaFrame.

Eachframeismadeupofapreamble,aninformationmessage,andtailbits

TDMAsystemstransmitdatainabuffer-and-burstmethod

TDMAsharesasinglecarrierfrequencywithseveralusers,whereeachusermakesu

seofnon-overlappingtimeslots

TDMAusesdifferenttimeslotsfortransmissionandreception

AdaptiveequalizationisusuallynecessaryinTDMAsystems,sincethetransmissio

nratesaregenerallyveryhighascomparedtoFDMAchannels

HighsynchronizationoverheadisrequiredinTDMAsystemsbecauseofbursttrans

missions

GuardBandsarenecessarytoensurethatusersattheedgeofthebanddonot"bleedove

r"intoanadjacentradioservice.


6/23

Frame Structure

Thepreamblecontainstheaddressandsynchronizationinformationthatboththebasestationandthesubscribersusetoidentifyeachother.

Trialbitsspecifythestartofadata.

Synchronizationbitswillintimatethereceiveraboutthedatatransfer.

GuardBitsareusedfordataisolation.

Effi ciency of TDMA

where

b0Hno over head bits per frame

br- no of overhead bits per

bp- no overhead bits per preamble in each slot

bg- no equivalent bits in each guard time interval

r- reference bursts per frame,

t- traffic bursts per frame


7/23

TheefficiencyofaTDMAsystemisameasureofthepercentageoftransmitteddatath

atcontainsinformationasopposedtoprovidingoverheadfortheacssscheme

The total number of bits per frame, bT, is

bT= TfR

Tfis the frame duration, andR is the channel bit rate

Then the frame efficiency is

And the no of frames

m-maximum number of TDMA users supported on each radio channel

Spread spectrum multiple access (SSMA)

Frequency Hopped Multiple Access (FHMA)

Direct Sequence Multiple Access (DSMA)

Direct sequence multiple access is also called code division multipleaccess (CDMA).

Frequency Hopped Multiple Access

Thecarrierfrequenciesoftheindividualusersarevariedinapseudorandomfashion

withinawidebandchannel

Thedigitaldataisbrokenintouniformsizedburstswhicharetransmittedondifferent

carrierfrequencies

FastFrequencyHoppingSystem->therateofchangeofthecarrierfrequencyisgreaterthanthesymbolrate

SlowFrequencyHopping-

>thechannelchangesataratelessthanorequaltothesymbolrate


8/23

Code Division Multiple Access (CDMA)

Thenarrowbandmessagesignalismultipliedbyaverylargebandwidthsignalcalled

thespreadingsignal(pseudo-noisecode)

Thechiprateofthepseudo-noisecodeismuchmorethanmessagesignal.

Eachuserhasitsownpseudorandomcodeword.

Message

PN sequence

CDMA uses CO-Channel Cells

Alltheusersusethesamecarrierfrequencyandmaytransmitsimultaneouslywithou

tanyknowledgeofothers.

Thereceiverperformsatimecorrelationoperationtodetectonlythespecificdesired

codeword.

All other code word appears noise

Multipathfadingmaybesubstantiallyreducedbecausethesignalisspreadoveralar

gespectrum

Channel data rates are very high in CDMA systems

CDMAsupportsSofthandoffMSCcansimultaneouslymonitoraparticularuserfro

mtwoormorebasestations.TheMSCmaychosethebestversionofthesignalatanytimewit

houtswitchingfrequencies.

In CDMA, the power of multiple users at a receiver determines the noise

floor.


9/23

InCDMA,strongerreceivedsignallevelsraisethenoiseflooratthebasestationdem

odulatorsfortheweakersignals,therebydecreasingtheprobabilitythatweakersignalswill

bereceived.ThisiscalledNear-Farproblem.

TocombattheNear-Farproblem,powercontrolisusedinmostCDMA

Random Access for Data-Oriented Networks

InallwirelessnetworkssuchascellulartelephonyorPCSservicesallvoice-orientedoperationsusefixed-assignmentchannelaccess.

AnddatarelatedtrafficiscarriedoutusingRandomAccessTechniques.

Randomaccessmethodsprovideamoreflexibleandefficientwayofmanagingchannelaccessforcommunicatingshortburstymessages.

Itprovideseachuserstationwithvaryingdegreesoffreedomingainingaccesstothenetworkwheneverinformationistobesent.

ALOHA-Based Wi reless Random Access Techniques

TheoriginalALOHAprotocolisalsocalledpureALOHA. ALOHAProtocolisdevelopedbyUniversityofHawaii.ThewordALOHAmeans"

hello"inHawaiian.

TheinitialsystemusedgroundbasedUHFradiostoconnectcomputersonseveraloftheislandcampuseswiththeuniversit

y'smaincomputercenteronOahu,byuseofarandomaccessprotocolwhichhassincebeenk

nownastheALOHAprotocol

Basic Concept

Amobileterminaltransmitsaninformationpacketwhenthepacketarrivesfromtheu

pperlayersoftheprotocolstack.

Auseraccessesachannelassoonasamessageisreadytobetransmitted.

Eachpacketisencodedwithanerror-detectioncode.

Afteratransmission,theuserwaitsforanacknowledgmentoneitherthesamechanneloraseparatefeedbackchannel.

TheBScheckstheparityofthereceivedpacket.Iftheparitychecksproperly,theBSsendsashortacknowledgmentpackettotheMS.

collision Themessagepacketsaretransmittedatarbitrarytimes,sothereisapossibilityofcolli

sionsbetweenpackets. Aftersendingapackettheuserwaitsalengthoftimemorethantheround-

tripdelayforanacknowledgmentfromthereceiver.

Ifnoacknowledgmentisreceived,thepacketisassumedlostinacollision,anditistra

nsmittedagainwitharandomlyselecteddelaytoavoidrepeatedcollisions.

Asthenumberofusersincrease,agreaterdelayoccursbecausetheprobabilityofcoll

isionincreases


10/23

Pure ALOHA

MERITS:

TheadvantageofALOHAprotocolisthatitisverysimple,anditdoesnotimposeany

synchronizationbetweenmobileterminals

DEMERITS Itshaslowthroughputunderheavyloadconditions.

ThemaximumthroughputofthepureALOHAis18percent.

Slotted ALOHA

ThemaximumthroughputofaslottedALOHAis36percent.

InslottedALOHA,timeisdividedintoequaltimeslotsoflengthgreaterthanthepack

etdurationt.

Thesubscribershavesynchronizedclocksandeachuserwillbesynchronizedwithth

eBSclock. Theusermessagepacketisbufferedandtransmittedonlyatthebeginningofanewti

meslot.Thispreventspartialcollisions.

New transmissions are started only at the beginning of new slot


11/23

Application;

InGSMtheinitialcontactbetweenBSandMSforvoicecommunicationiscarriedout

byslottedALOHA.

De-Merit;

EventhoughthethroughputishigherthanpureALOHAitisstilllowforpresentdaywirelesscommunicationneeds.

Reservation ALOHA ReservationALOHAisthecombinationofslottedALOHAandtimedivi

sionmultiplexing.

Inthiscertainpacketslotsareassignedwithpriority,anditispossibleforus

erstoreserveslotsforthetransmissionofpackets.

Forhightrafficconditions,reservationsonrequestoffersbetterthroughp

ut.

Packet Reservation Multiple Access (PRMA)

PRMAisamethodfortransmittingavariablemixtureofvoicepacketsanddatapacke

ts.

Thisallowseachtimeslottocarryeithervoiceordata,wherevoiceisgivenpriority.

PRMA merges characteristics of slotted ALOHA and TDMA protocols.

Itisusedforshort-rangevoicetransmissionwhereasmalldelayisacceptable.

ThetransmissionformatinPRMAisorganizedintoframes,eachcontainingafixedn

umberoftimeslots.

Eachslotasnamedaseither"reserved"or"available

Onlytheuserterminalthatreservedtheslotcanuseareservedslot.

Otherterminalsnotholdingareservationcanuseanavailableslot.

Terminalscansendtwotypesofinformation,referredtoasperiodicandrandom.

Speechpacketsarealwaysperiodic.Datapacketscanberandom.

Reservation ; Aterminalhavingperiodicinformationtosendstartstransmittingincontentionfort

henextavailabletimeslot.

Aftercompletionoftransmissionthebasestationgrantsthesendingterminalareserv

ationforexclusiveuseofthesametimeslotinthenextframe.

Thisframeisreservedtilltheterminalcompletesitstransmission.

Thereservationstatusisrevertedwhentheterminalsendsnothinginthatframe


12/23

CSMA-Based Wireless Random Access TechniquesDe-Merits of ALOHA

1. ALOHAprotocolsdonotlistentothechannelbeforetransmission,theuserswillstarttransmittingassoonasthemessageisready.

2. Efficiencyisreducedbythecollisionandretransmissionprocess.

3. Therearenomechanismstoavoidcollisions.

CSMA-Carrier Sense Multiple Access

Inthiseachterminalwillmonitorthestatusofthechannelbeforetransmittinginform

ation.

Ifthereisanotherusertransmittingonthechannel,itisobviousthataterminalshould

delaythetransmissionofthepacket.

Ifthechannelisidle,thentheuserisallowedtotransmitdatapacketwithoutanyrestri

ctions.

TheCSMAprotocolreducesthepacketcollisionsignificantlycomparedwithALO

HAprotocol.Butnoteliminateentirely.

ParametersinCSMAprotocols1. Detectiondelay-

isafunctionofthereceiverhardwareandisthetimerequiredforaterminaltosensewhethero

rnotthechannelisidle

2. Propagationdelay-isarelativemeasureofhowfastittakesforapackettotravelfromabasestationtoamobileterminal.

Propagationdelayisimportant,sincejustafterauserbeginssendingapacket,anothe

rusermaybereadytosendandmaybesensingthechannelatthesametime.

Ifthetransmittingpackethasnotreachedtheuserwhoispoisedtosend,thelatteruserwillsenseanidlechannelandwillalsosenditspacket,resultinginacollisionbetweenthetwopackets.


13/23

propagation delay(td)

where

tp-> propagation time in seconds,Rb-> channel bit rate

m -> expected number of bits in a data packet

Various strategies of the CSMA1. NON-PERSISTENTCSMAInthistypeofCSMAstrategy,afterreceivinganegativeacknowledgmentt

heterminalwaitsarandomtimebeforeretransmissionofthepacket.

2.

1-PERSISTENTCSMA

Theterminalsensesthechannelandwaitsfortransmissionuntilitfindsthechannelidle.Assoonasthechannelisidle,theterminaltransmitsitsmessage

withprobabilityone.

3.

p-PERSISTENTCSMA

Whenachannelisfoundtobeidle,thepacketistransmittedwithprobabilityp.Itmayormaynotbeimmediate.

4.

CSMA/CD

Inthistheusermonitorsthechannelforpossiblecollisions.Iftwoormoreterminalsst

artatransmissionatthesametimethetransmissionisimmediatelyabortedinmidwa

y.5. Datasensemultipleaccess(DSMA)-isaspecialtypeofCSMAthatisusedtoservethehiddenterminals.Cellularnetworksusesdifferentfrequenciesforforwardandreversechannel.EachMSmaynothavetheknow

ledgeaboutotherMSoperatinginthatarea.Soitmaynotknowwhenthechannelisidle.ForthistheBScanannouncetheavailabilityofthereversechannelthroughtheforwardco

ntrolchannel.TheBSusesBusy-Idlebittoannounce.

6. Busytonemultipleaccess(BTMA)-

thisisaspecialtypeoftechniquewherethesystembandwidthisdividedintomessagechannelandbusychannel.Wheneveraterminalsendsdatathroughmessagechanne

litwillalsotransmitsabusy-toneinbusychannel.Ifanotherterminalsensesthebusychannelitwillunderstandth

atthemessagechannelisbusyanditwillalsoturnsitsbusytone.Thisactsasanalarmforotherterminals.


14/23

Handoff

When a mobile user is engaged in conversation, the MS is connected to a

BS via a radio link.

If the mobile user moves to the coverage area of another BS, the radio

link to the old BS is eventually disconnected, and a radio link to the new BSshould be established to continue the conversation.

This process is variously referred to as automatic link transfer, handover,or handoff.

Three strategies have been proposed to detect the need for handoff:

mobile-controlled handoff (MCHO)

network-controlled handoff (NCHO)

mobile-assisted handoff (MAHO)

Mobile-Controlled Handoff (MCHO)

The MS continuously monitors the signals of the surrounding BSs and

initiates the handoff process when some handoff criteria are met. MCHO isused in DECT and PACS.

Network-Controlled Handoff (NCHO)

The surrounding BSs measure the signal from the MS, and the network initiates

the handoff process when some handoff criteria are met. NCHO is used in CT-2

Plus and AMPS.

Mobile-assisted handoff (MAHO)

The network asks the MS to measure the signal from the surrounding BSs. The

network makes the handoff decision based on reports from the MS. MAHO is usedin GSM and IS-95 CDMA.

Two types of handoff

The BSs involved in the handoff may be connected to the same MSC

(inter-cell handoff or inter-BS handoff)

The BSs involved in the handoff may be connected to two different MSCs

(intersystem handoff or inter-MSC handoff ).

Inter-BS Handoff

The new and the old BSs are connected to the same MSC.

Assume that the need for handoff is detected by the MS; the following actions

are taken:


15/23

The MS momentarily suspends conversation and initiates the handoff procedure

by signaling on an idle (currently free) channel in the new BS. Then it resumes the

conversation on the old BS.

Upon receipt of the signal, the MSC transfers the encryption information to the

selected idle channel of the new BS and sets up the new conversation path to theMS through that channel. The switch bridges the new path with the old path and

informs the MS to transfer from the old channel to the new channel.

After the MS has been transferred to the new BS, it signals the network, and

resumes conversation using the new channel.

Upon receipt of the handoff completion signal, the network removes the bridge

from the path and releases resources associated with the old channel.

This handoff procedure is used with the mobile-controlled handoff strategy.

Inter-BS link transfer

Inter-BS Handoff

For the network-controlled handoff strategy, all handoff signaling messages

are exchanged between the MS and the old BS though the failing link.

The whole process must be completed as quickly as possible, to ensure that

the new link is established before the old link fails.

If the new BS does not have an idle channel, the handoff call may be dropped

(or forced to terminate).

The forced termination probability is an important criterion in the performance

evaluation of a PCS network.Forced termination of an ongoing call is considered less desirable than blocking

a new call attempt.

Most PCS networks handle a handoff in the same manner as a new call attempt.

That is, if no channel is available, the handoff is blocked and the call is held on the


16/23

current channel in the old cell until the call is completed or when the failing link isno longer available.

This is referred to as the non-prioritized scheme.

Channel assignment schemes

To reduce forced termination and to promote call completion, three channel

assignment schemes have been proposed:

Reserved channel scheme.Queuing priority scheme.

Subrating scheme.

Intersystem Handoff

In intersystem handoff, the new and old BSs are connected to two different

MSCs.

We trace the intersystem handoff procedure of IS-41, where network-controlled

handoff (NCHO) is assumed.

In this figure, a communicating mobile user moves out of the BS served byMSC A and enters the area covered by MSC B.

Intersystem handoff requires the following steps:

Step 1. MSC A requests MSC B to perform handoff measurements on the call in

progress. MSC B then selects a candidate BS2, BS2, and interrogates it for signalquality parameters on the call in progress. MSC B returns the signal quality

parameter values, along with other relevant information, to MSC A.

Step 2. MSC A checks if the MS has made too many handoffs recently (this is

to avoid, for example, numerous handoffs between BS1 and BS2 a where the MS ismoving within the overlapped area) or if intersystem trunks are not available. If so,

MSC A exits the procedure. Otherwise, MSC A asks MSC B to set up a voicechannel. Assuming that a voice channel is available in BS2, MSC B instructs MSC

A to start the radio link transfer.


17/23


18/23

Registration Procedure

Visitor Location Register (VLR)

When the mobile user visits a PCS network other than the home system, a

temporary record for the mobile user is created in the visitor location register

(VLR) of the visited system.

The VLR temporarily stores subscription information for the visitingsubscribers so that the corresponding MSC can provide service.

In other words, the VLR is the "other" location register used to retrieve

information for handling calls to or from a visiting mobile user.

Home Location Register (HLR)

When a user subscribes to the services of a PCS network, a record is created

in the system's database, called the home location register (HLR).

This is referred to as the home system of the mobile user.

The HLR is a network database that stores and manages all mobile subscriptions

of a specific operator.Specifically, the HLR is the location register to which an MS identity is

assigned for record purposes, such as directory number, profile information, currentlocation, and validation period.

WIRELESS SECURITY AND PRIVACY

Thebroadcastnatureofwirelesscommunicationsrendersitverysusceptibletomali

ciousinterceptionandwantedorunintentionalinterference.

Analogtechniquesareextremelyeasytotap. DigitalsystemssuchasTDMAandCDMAaremuchhardertotap.

Wirelesssecurityisnecessarytopreventtheunauthorizedaccessordamagetocomp

utersusingwirelessnetworks.

o There are two names you need to know in a wirelessnetwork:

Station (STA) -> is a wireless network clienta desktop computer, laptop,

or PDA

Access point (AP)-> is the central point (like a hub) that creates a basic

service set to bridge a number of STAs from the wireless network to other

existing networks.


19/23

Modes of unauthorized access1. Accidental association

2.

Malicious association

3. Ad-hoc networks

4.Non-traditional networks

5.

Identity theft (MAC spoofing)

6. Man-in-the-middle attacks

7.

Denial of service

8.

Network injection

9. CaffeLatte attack

1.

AccidentalassociationViolationofsecurityperimeterofcorporatenetworkunint

entionally.

2. Maliciousassociationwhenwirelessdevicescanbeactivelymadebyattackerstoconnecttoacompanynetworkthroughtheircrackingcompanyaccesspoint(AP).

ThesetypesoflaptopsareknownassoftAPsandarecreatedwhenacybercriminalrunssomesoftwarethatmakeshis/herwirelessnetworkcardlooklikealegitimateacc

esspoint.Onceaccessisgained,he/shecanstealpasswords,launchattacksonthewirednetwork,orplantTrojans

3. Ad-hocnetworksAd-hocnetworksaredefinedaspeer-to-

peernetworksbetweenwirelesscomputersthatdonothaveanaccesspointinbetwee

nthem.Whilethesetypesofnetworksusuallyhavelittleprotection,encryptionmeth

odscanbeusedtoprovidesecurity.

4.

Non-traditionalnetworksNon-

traditionalnetworkssuchaspersonalnetworkBluetoothdevicesarenotsafefromcrackingandshouldberegardedasasecurityrisk.Evenbarcodereaders,handheldPD

As,andwirelessprintersandcopiersshouldbesecured

5.

Identitytheft(MACspoofing)IdentitytheftoccurswhenacrackerisabletolisteninonnetworktrafficandidentifytheMACaddressofacomputerwithnetworkprivile

ges.

6.

Man-in-the-middleattacksInthisthehackerwillincludeasoftAPintoanetwork.Oncethisisdone,thehackerconnectstoarealaccesspointthroughanotherwirelesscardofferingast

eadyflowoftrafficthroughthetransparenthackingcomputertoerealnetwork


20/23

7.

DenialofserviceADenial-of-Serviceattack(DoS)occurswhenanattackercontinuallybombardsatargetedAcce

ssPointornetworkwithbogusrequests,prematuresuccessfulconnectionmessages,failuremessages,andothercommands.Thesecauselegitimateuserstonotbeableto

getonthenetworkandmayevencausethenetworktocrash

8.

NetworkinjectionInanetworkinjectionattack,acrackercanmakeuseofaccesspoi

ntsthatareexposedtonon-filterednetworktraffic.Thecrackerinjectsbogusnetworkingre-configurationcommandsthataffectrouters,switches,andintelligenthubs.

Awholenetworkcanbebroughtdowninthismannerandrequirerebootingorevenreprogrammingofallintelligentnetworkingdevices

9. CaffeLatteattackTheCaffeLatteattackisanotherwaytodefeatWEP.

Itisnotnecessaryfortheattackertobeintheareaofthenetworkusingthisexploit.

ByusingaprocessthattargetstheWindowswirelessstack,itispossibletoobtainthe

WEPkeyfromaremoteclientBysendingafloodofencryptedAddressResolutionProtocol(ARP)requests,theassailanttakesadvantageofthesharedkeyauthenticatio

nandthemessagemodificationflawsinWEP.

The Attack Methodology1. Footprintthewirelessnetwork-Locateandunderstandyourtarget.

2.

Passiveattack-AnalyzethenetworktrafficorbreaktheWEP.

3.

Authenticationandauthorization-

Determinewhatmethodsareenforcedandhowtheycanbecircumvented.

4.

Activeattack-Launchdenialofservice(DoS)attacks.

efense Mechanisms

Wired Equivalent Privacy (WEP)

Wi-Fi Protected Access(WPA)

Wi-Fi Protected Access-2 (WPA-2)

Wired Equivalent Privacy (WEP)

WEPis a standard network protocol that adds security to wireless

networks at the data link layer. WEP utilizes a data encryption scheme calledRC4for data protection.

RC4(also known asARC4orARCFOUR) is the most widely used

softwarestream cipherand is used in popular protocols.

RC4generatesapseudorandomstreamofbits.

Standard64-bitWEPusesa40bitkey(WEP-40)anda24bitinitializationvector.


21/23

128-bitWEPprotocolusinga104-bitkeysize(WEP-

104)anda24bitinitializationvector.

Initializationvector(IV)isafixed-sizeinputwhichisusedforrandomizationofkey.ThepurposeofanIVistopreven

tanyrepetition.

Authentication TheclientsendsanauthenticationrequesttotheAccessPoint.

TheAccessPointreplieswithaclear-textchallenge.

Theclientencryptsthechallenge-

textusingtheconfiguredWEPkey,andsendsitbackinanotherauthenticationrequest.

TheAccessPointdecryptstheresponse.Ifthismatchesthechallenge-

texttheAccessPointsendsbackapositivereply.

DisAdvantages

Thesametraffickeymustneverbeusedtwice.

Buta24-bitIVisnotlongenoughtoensurethisonabusynetwork.

InAugust2001,ScottFluhrer,ItsikMantin,andAdiShamirpublishedacryptanalys

isofWEPthatdecodesthewaytheRC4cipherandIVisusedinWEP.

UsingapassiveattacktheywereabletorecovertheRC4keyaftereavesdroppingont

henetwork.

Asuccessfulkeyrecoverycouldtakeaslittleasoneminutedependingonthetraffic.

WEPisreplacedbyWPA(Wi-FiProtectedAccess)


TheWi-

FiAllianceintendedWPAasanintermediatemeasuretotaketheplaceofWEP.

WPAusesTemporalKeyIntegrityProtocol(TKIP)tobolsterencryptionofwireless

packets.


22/23


TKIP

TKIPencryptionreplacesWEP's40-bitor104-

bitencryptionkeythatmustbemanuallyenteredonwirelessaccesspointsanddevicesandd

oesnotchange

TKIPusesa128-bitper-

packetkey,itdynamicallygeneratesanewkeyforeachpacketandpreventscollisions

Ithasanextendedinitializationvector(IV)withsequencingrules,andare-keyingmechanism.

WPAwithTKIPprovides3levelsofsecurity1.

TKIPimplementsakeymixingfunctionthatcombinesthesecretrootkeywiththeini

tializationvectorbeforepassingittotheRC4initialization.

2.

WPAimplementsasequencecountertoprotectagainstreplayattacks.Packetsrecei

vedoutoforderwillberejectedbytheaccesspoint.

3. TKIPimplementsa64-bitMessageIntegrityCheck(MIC)

Merits and Demerits TKIPusesthesameunderlyingmechanismasWEP,andconsequentlyisvulnerable

toanumberofsimilarattacks.

Butthemessageintegritycheck,per-

packetkeyhashing,broadcastkeyrotation,andasequencecounterpreventsmanyattacks.

ThekeymixingfunctionalsoeliminatestheWEPkeyrecoveryattacks

Beck-Tewsattackhassuccessfullyextractedthekeystream

Ohigashi-Moriiattack Japanese researchers Toshihiro Ohigashi and Masakatu Morii reported a

simpler and faster implementation of a similar attack.

It utilizes similar attack method, but uses a man-in-the-middle attack


23/23

WPA 2 WPA2 (Wireless Protected Access 2) replaced the original WPA technology

on all certified Wi-Fi hardware since 2006.

WPA2 uses Pre-Shared Key(PSK) instead of TKIP

WPA2 Pre-Shared Key(PSK) utilizes keys with 256bits

There are two versions of WPA2

WPA2-Personal-protects unauthorized network access by utilizing

set-up password

WPA2-Enterprise-verifies network users through a server. WPA2 isbackward compatible with WPA.

unit1 wirless netwrok

Documents