1.12k likes | 1.33k Views
Wireless LANS & PANS. Lecture # 3. Differences Between Wireless and Wired LAN. Address is no equivalent to physical location Wireless nodes are not stationary, address may not always refer to a particular geographical location
E N D
Wireless LANS & PANS Lecture # 3
Differences Between Wireless and Wired LAN • Address is no equivalent to physical location • Wireless nodes are not stationary, address may not always refer to a particular geographical location • Station (STA) is a message destination, but not (in general) a fixed location • Dynamic topology • Mobiles nodes may often go out of reach of each other, connectivity is partial at times
Differences Between Wireless and Wired LAN • PHYs used are fundamentally different from wired media • Use a medium that has neither absolute nor readily observable boundaries • Unprotected from other signals that may be sharing the medium • Communicate over a medium less reliable than wired PHYs • Lack full connectivity, every STA can not hear every other STA all the times • Have time-varying and asymmetric propagation properties • May experience interference from logically disjoint IEEE 802.11 networks operating in overlapping areas
Differences Between Wireless and Wired LAN • Handling mobile and portable STAs • Portable STAs • Moved from location to location, but only used while at a fixed location • Mobile STAs • Actually access the LAN while in motion • Propagation effects blur the distinction between portable and mobile STAs • Stationary STAs often appear to be mobile due to propagation effects • Power management • Mobile STAs may often be battery powered • STA’s receiver may not be always powered on
Design Goals • Operational simplicity • Quickly setup and efficient access to mobile users • Power efficient operations • Operate with minimal power consumptions • Must incorporate • Power-saving features • Use appropriate technologies • Power efficient protocols etc • License free operation • Consider ISM band for its operation which do not require an explicit licensing
Design Goals • Tolerance to interference • Should take appropriate measures by way of selecting technologies and protocols to operate in the presence of interferences • Global usability • Both in terms of hardware and software • Should take into account the prevailing spectrum restrictions in countries across the world • Security • Inherent broadcast nature of wireless medium adds to the requirement of security features
Design Goals • Safety requirements • Interference to medical and other instrumentation devices • Increased power level of transmitters that can lead to health hazards • Should follow the power emission restrictions that are applicable in the given frequency spectrum • Quality of Service requirement • Should take into considerations the possibility of supporting a wide variety of designated levels of performance for multimedia traffic • Compatibility with other technologies and applications • Inter-operability among different LANs (wired and wireless) • Inter-operability among different protocols
Design Goals • Handoff/roaming • MAC protocols used in the wireless LAN should enable mobile stations to move from one cell to another • Dynamic configuration • MAC addressing and network management aspects of the LAN should permit dynamic and automated addition, deletion, and relocation of end systems with disruption to other users • Throughput • MAC protocols should make as efficient use as possible of the wireless medium to maximum capacity • Number of nodes • Wireless LANs may need to support hundred of nodes across without compromising over the performance
Important • Wireless is inherently unreliable channel • One of the Solution • Develop reliable protocols at the MAC layer • It hides the unreliability that is present at the physical layer
Interaction with Other IEEE 802 Layers • Requirement • IEEE 802.11 to appear to higher layers (LLC) as a wired IEEE 802 LAN • Why it is required? • Modularity, less changes at upper layer, inter-operatibility etc • Solution • IEEE 802.11 network handle STA mobility within the MAC sublayer • Effect on MAC layer • Incorporate functionality that is untraditional for MAC sublayers • It may be necessary for certain higher layer management entities to be “WLAN aware” in QoS and secure environment (key management) • Bandwidth and other QoS characteristics of a WLAN are subject to frequent, and sometimes substantial, dynamic changes
Interaction with non-IEEE-802 Protocols • An robust security network association (RSNA)utilizes non-IEEE-802 protocols for its authentication and key management (AKM) services • Some of these protocols are defined by other standards organizations, such as the Internet Engineering Task Force (IETF)
Components of the IEEE 802.11 Architecture • Basic service set (BSS) • Set of stations that can remain in contact with an AP • Executing the same MAC protocol • Basic service area (BSA) • Coverage area of an AP within which STAs remain in communication • If a STA moves out of its BSA, it can no longer directly communicate with other STAs present in the BSA • Independent basic service set (IBSSs) • STAs communicate directly • Often referred to as ad hoc network
STA Membership in a BSS • A STA’s membership in a BSS is dynamic • STAs turn on, turn off, come within range, and go out of range • To become a member of a BSS, a STA joins the BSS using the synchronization procedure • To access all the services of an infrastructure BSS, a STA shall become “associated” • These associations are dynamic and involve the use of the distribution system service (DSS)
Components in a Typical IEEE 802.11 Network • Distribution system (DS) • An architectural component used to interconnect BSSs • IEEE 802.11 logically separates the WM from the distribution system medium (DSM) • Enables mobile device support by providing the logical services necessary to handle address to destination mapping and seamless integration of multiple BSSs
Access Point (AP) • An entity that has STA functionality and enables access to the DS, via the WM for associated STAs • Data move between a BSS and the DS via an AP • APs are addressable entities • Addresses used by an AP for communication on the WM and on the DSM are not necessarily the same • Data sent to the AP’s STA address by one of the STAs associated with it are always received at the uncontrolled port for processing by the IEEE 802.1X port access entity • In addition, if the controlled port is authorized, these frames conceptually transit the DS
Extended Service Set (ESS) • An ESS is the union of the BSSs connected by a DS • ESS does not include the DS • Appears the same to LLC layer as an IBSS network • STAs within an ESS may communicate and mobile STAs may move from one BSS to another (within the same ESS)
Extended Service Set (ESS) • Nothing is assumed by IEEE Std 802.11 about the relative physical locations of the BSSs • BSSs may partially overlap • Commonly used to arrange contiguous coverage within a physical volume • BSSs could be physically disjoint • Logically there is no limit to the distance between BSSs • BSSs may be physically collocated • This may be done to provide redundancy • One (or more) IBSS or ESS networks may be physically present in the same space as one (or more) ESS networks • An ad hoc network is operating in a location that also has an ESS network • Physically overlapping IEEE 802.11 networks set up by different organizations • Two or more different access and security policies are needed in the same location
Extended Service Set Wired Network Portal
Wireless Network Architecture Infrastructure based Infrastructure less (Ad hoc LANs) Does not need any fixed infrastructure Network can be established on the fly Nodes directly communicate with each other or forward messages through other nodes that are directly accessible • Contains Access Points (APs) which are connected via existing networks • AP can interact with wireless nodes as well as with existing wired network • Other wireless nodes, known as mobile stations (STAs), communicate via APs • APs also act as bridge with other networks
Robust Security Network Association (RSNA) • Defines a number of security features in addition to wired equivalent privacy (WEP) and IEEE 802.11 authentication • Enhanced authentication mechanisms for STAs • Key management algorithms • Cryptographic key establishment • An enhanced data cryptographic encapsulation mechanism, called Counter mode with Cipher-block chaining Message authentication code Protocol (CCMP), and, optionally, Temporal Key Integrity Protocol (TKIP)
Components of RSNA • Port access entity (PAE) • Present on all STAs in an RSNA • Control the forwarding of data to and from the medium access control (MAC) • An AP always implements the Authenticator PAE and Extensible Authentication Protocol (EAP) Authenticator roles • A non-AP STA always implements the Supplicant PAE and EAP peer roles • In an IBSS, each STA implements both the Authenticator PAE and Supplicant PAE roles and both EAP Authenticator and EAP peer roles
Components of RSNA • Authentication Server (AS) • Authenticate the elements of the RSNA itself • Non-AP STAs; and APs may provide material that the RSNA elements can use to authenticate each other • AS communicates through the IEEE 802.1X Authenticator with the IEEE 802.1X Supplicant on each STA, enabling the STA to be authenticated to the AS and vice versa • An RSNA depends upon the use of an EAP method that supports mutual authentication of the AS and the STA • In certain applications, the AS may be integrated into the same physical device as the AP, or into a STA in an IBSS
Components of the IEEE 802.11 Network • Portals • All data from non-IEEE-802.11 LANs enter the IEEE 802.11 architecture via a portal • A logical point at which the integration service is provided • Responsible for any addressing or frame format changes that might be required when frames pass between the DS and the integrated LAN • One device can offer both the functions of an AP and a portal • Implemented in bridge or routers, that is a part of the wired LAN and also attached to the DS
Logical Service Interface • IEEE 802.11 does not constrain the DS to be of • Same technology • Either data link or network layer based • Either centralized or distributed in nature • IEEE 802.11 explicitly does not specify the details of DS implementations, instead, specifies services, associated with different components of the architecture • Two categories of IEEE 802.11 service • Station service (SS) • Part of every STA • Distribution system service (DSS) • Provided by DS • Both are used by the IEEE 802.11 MAC sublayer • Authentication • Association • Deauthentication • Disassociation • Distribution • Integration • Data confidentiality • Reassociation • MSDU delivery • DFS • TPC • Higher layer timer synchronization (QoS facility only) • QoS traffic scheduling (QoS facility only
Overview of the Services • Six of the services are used to support medium access control (MAC) service data unit (MSDU) delivery between STAs • Three of the services are used to control IEEE 802.11 LAN access and confidentiality • Two of the services are used to provide spectrum management • One of the services provides support for LAN applications with QoS requirements • Another of the services provides support for higher layer timer synchronization
Overview of the Services • All of the messages gain access to the WM via the IEEE 802.11 MAC sublayer medium access method • Each of the services is supported by one or more MAC frame types • Data messages • Handled via the MAC data service path • MAC management messages • Used to support the IEEE 802.11 services and are handled via the MAC management service path • MAC control messages • Used to support the delivery of IEEE 802.11 data and management messages
Station Service (SS) • Service provided by STAs is known as the SS • SS is present in every IEEE 802.11 STA (including APs, as APs include STA functionality) • SS is specified for use by MAC sublayer entities • Authentication • Deauthentication • Data confidentiality • MSDU delivery • DFS • TPC • Higher layer timer synchronization (QoS facility only) • QoS traffic scheduling (QoS facility only)
Distribution System Service (DSS) • Service provided by the DS is known as the DSS • Services that comprises the DSS are as follows • Association • Disassociation • Distribution • Integration • Reassociation • QoS traffic scheduling (QoS facility only) • DSSs are specified for use by MAC sublayer entities
Distribution of Messages within a DS Two main services are involved: Distribution and Integration
Distribution • Primary service used by IEEE 802.11 STAs • Invoked by every data message to or from an IEEE 802.11 STA operating in an ESS (when the frame is sent via the DS) • If the two stations that are communicating are within the same BSS, then the DS logically goes through the single AP of that BSS • How message is distributed within DS is not specified by IEEE 802.11 • IEEE 802.11 provides, DS with enough information to be able to determine the “output” point that corresponding to desired recipient • Three association related services provides this information • Association • Reassociation • Disassociation • IEEE 802.11 does recognize and support the use of the WM as DSM • Specifically supported by the MAC frame format
Integration • If the DS determines that the intended recipient of a message is a member of an integrated LAN, the “output” point of the DS would be a portal instead of an AP • Messages that are distributed to a portal cause the DS to invoke the Integration function (conceptually after the distribution service) • Integration function is responsible for accomplishing whatever is needed to deliver a message from the DSM to the integrated LAN media (including any required media or address space translations) • Messages received from an integrated LAN (via a portal) by the DS for an IEEE 802.11 STA shall invoke the Integration function before the message is distributed by the distribution service • Details of an Integration function are dependent on a specific DS implementation
QoS Traffic Scheduling • QoS traffic scheduling provides intra-BSS QoS frame transfers under the Hybrid coordination function (HCF), using either contention based or controlled channel access • At each transmission opportunity (TXOP), a traffic scheduling entity at the STA selects a frame for transmission, from the set of frames at the heads of traffic queues, based on requested UP and/or parameter values in the traffic specification (TSPEC) for the requested MSDU
Services that Support the DS • Primary purpose of a MAC sublayer is to transfer MSDUs between MAC sublayer entities • Information required for the DS to operate is provided by the association services • Before a data message can be handled by the DS, a STA shall be “associated”
STA Mobility Types • No-transition • Static—no motion • Local movement • Movement within a basic service area (BSA) • BSS-transition • Movement from one BSS in one ESS to another BSS within same ESS • ESS-transition • Movement from a BSS in one ESS to a BSS in a different ESS • Maintenance of upper-layer connections cannot be guaranteed by IEEE Std 802.11 • Disruption of service is likely to occur
Association • To deliver a message within a DS, the distribution service needs to know which AP to access for the given IEEE 802.11 STA • This information is provided to the DS by the concept of association • Association is necessary, but not sufficient, to support BSS-transition mobility • Association is sufficient to support notransition mobility • Association is one of the services in the DSS • Before a STA is allowed to send a data message via an AP, it shall first become associated with the AP • AP can then communicate this information to other AP within the ESS • The act of becoming associated invokes the association service, which provides the STA to AP mapping to the DS • DS uses this information to accomplish its message distribution service • How the information provided by the association service is stored and managed within the DS is not specified by this standard
Association Within RSN • IEEE 802.1X Port determines when to allow data traffic across an IEEE 802.11 link • A single IEEE 802.1X Port maps to one association, and each association maps to an IEEE 802.1X Port • An IEEE 802.1X Port consists of an IEEE 802.1X Controlled Port and an IEEE 802.1X Uncontrolled Port • IEEE 802.1X Controlled Port is blocked from passing general data traffic between two STAs until an IEEE 802.1X authentication procedure completes successfully over the IEEE 802.1X Uncontrolled Port • Once the AKM completes successfully, data protection is enabled to prevent unauthorized access, and the IEEE 802.1X Controlled Port unblocks to allow protected data traffic
Association Within RSN • IEEE 802.1X Supplicants and Authenticators exchange protocol information via the IEEE 802.1X Uncontrolled Port • It is expected that most other protocol exchanges will make use of the IEEE 802.1X Controlled Ports • However, a given protocol may need to bypass the authorization function and make use of the IEEE 802.1X Uncontrolled Port • At any given instant, a STA may be associated with no more than one AP • Association is always initiated by the mobile STA, not the AP • An AP may be associated with many STAs at one time • A STA learns what APs are present and what operational capabilities are available from each of those APs and then invokes the association service to establish an association
Reassociation • Association is sufficient for no-transition message delivery • Reassociation • One of the services in the DSS • Provides additional functionality needed to support BSS-transition mobility • Invoked to “move” a current association from one AP to another • Keeps the DS informed of the current mapping between AP and STA as the STA moves from BSS to BSS within an ESS • Also enables changing association attributes of an established association while the STA remains associated with the same AP • Always initiated by the mobile STA • No facilities are provided to move an RSNA during reassociation, therefore, the old RSNA will be deleted, and a new RSNA will need to be constructed
Disassociation • Invoked when an existing association is to be terminated • In an ESS, this tells the DS to void existing association information • Disassociation service • May be invoked by either party to an association (non-AP STA or AP) • It is a notification, not a request • Cannot be refused by either party to the association • APs may need to disassociate STAs to enable the AP to be removed from a network for service or for other reasons • STAs shall attempt to disassociate when they leave a network • MAC protocol does not depend on STAs invoking disassociation service • MAC management is designed to accommodate loss of communication with an associated STA
Station Service (SS) • Service provided by STAs is known as the SS • SS is present in every IEEE 802.11 STA (including APs, as APs include STA functionality) • SS is specified for use by MAC sublayer entities • Authentication • Deauthentication • Data confidentiality • MSDU delivery • DFS • TPC • Higher layer timer synchronization (QoS facility only) • QoS traffic scheduling (QoS facility only)
Access Control and Data Confidentiality Services • Wired LAN design assumes the physically closed and controlled nature of wired media • Physically open medium nature of an IEEE 802.11 LAN violates those assumptions • Two services are required for IEEE 802.11 to provide functionality equivalent to that which is inherent to wired LANs • Authentication • Used instead of the wired media physical connection • Data confidentiality • Used to provide the confidential aspects of closed wired media
Access Control and Data Confidentiality Services • An RSNA uses the IEEE 802.1X authentication service along with TKIP and CCMP to provide access control • IEEE 802.11 station management entity (SME) provides key management via an exchange of IEEE 802.1X EAPOL-Key frames • Data confidentiality and data integrity are provided by RSN key management together with the TKIP and CCMP
Authentication • Authentication operates at the link level between IEEE 802.11 STAs • IEEE 802.11 • Does not provide either end-to-end or user-to-user authentication • Attempts to control LAN access via the authentication service • Used by all STAs to establish their identity to STAs with which they communicate, in both ESS and IBSS networks • If a mutually acceptable level of authentication has not been established between two STAs, an association shall not be established • IEEE 802.11 defines two authentication methods • Open System authentication • Admits any STA to the DS • Shared Key authentication • Relies on WEP to demonstrate knowledge of a WEP encryption key • IEEE 802.11 authentication mechanism also allows definition of new authentication methods
Authentication • An RSNA also supports authentication based on IEEE 802.1X-2004, or preshared keys (PSKs) • IEEE 802.1X authentication utilizes the EAP to authenticate STAs and the AS with one another • This standard does not specify an EAP method that is mandatory to implement • In an RSNA, IEEE 802.1X Supplicants and Authenticators exchange protocol information via the IEEE 802.1X Uncontrolled Port • IEEE 802.1X Controlled Port is blocked from passing general data traffic between two STAs until an IEEE 802.1X authentication procedure completes successfully over the IEEE 802.1X Uncontrolled Port
Authentication • Open System authentication algorithm is used in RSNs based on infrastructure BSS and IBSS, although Open System authentication is optional in an RSN based on an IBSS • RSNA disallows the use of Shared Key authentication • Management information base (MIB) functions are provided to support the standardized authentication schemes • A STA may be authenticated with many other STAs at any given instant
Preauthentication • Because the authentication process could be time-consuming (depending on the authentication protocol in use), the authentication service can be invoked independently of the association service • Preauthentication is typically done by a STA while it is already associated with an AP (with which it previously authenticated) • IEEE 802.11 does not require that STAs preauthenticate with APs • However, authentication is required before an association can be established • If the authentication is left until reassociation time, this may impact the speed with which a STA can reassociate between APs, limiting BSS-transition mobility performance • The use of preauthentication takes the authentication service overhead out of the time-critical reassociation process
Deauthentication • Invoked when an existing Open System or Shared Key authentication is to be terminated • In an ESS, deauthentication cause STA to be disassociated • Deauthentication • An SS • May be invoked by either authenticated party (non- AP STA or AP) • Not a request; it is a notification • Shall not be refused by either party • When an AP sends a deauthentication notice to an associated STA, the association shall also be terminated