1 / 54

present: A Wireless Tutorial by Chris Tracy

present: A Wireless Tutorial by Chris Tracy. The Pittsburgh SAGE Group and. Before We Get Started. Testing: can everyone hear and see OK? Stop me and ask questions if anything seems confusing or incorrect.

fulbright-skylar
Download Presentation

present: A Wireless Tutorial by Chris Tracy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. present:A Wireless Tutorialby Chris Tracy The Pittsburgh SAGE Group and

  2. Before We Get Started • Testing: can everyone hear and see OK? • Stop me and ask questions if anything seems confusing or incorrect. • There will be a Questions & Answers session afterwards, but feel free to ask questions during the presentation.

  3. Meeting Contents • What we will discuss in this meeting: • IEEE 802.11 wireless LAN (WLAN) services • Understanding wireless networking services for laptops and some handheld devices • Security, configuration and usage of wireless networking services • IEEE 802.11[ag] high-speed WLAN services • The upcoming high-speed physical layer(s) • Features & usage of a few select 802.11b devices

  4. Meeting Contents • What we will not discuss in this meeting: • In-depth Radio Frequency (RF) concepts • Cellular wireless services/protocols • i.e. AMPS, IMPS, CDMA, CDPD, PCS, TDMA • Non-IEEE 802.11 wireless standards • i.e. GSM, Bluetooth, HomeRF, satellite • An exhaustive evaluation of every wireless device and provider

  5. Meeting Objectives • After this meeting, we are hoping that you are able to: • Understand the major protocols and standards used by wireless LANs (WLANs) • Identify important features and configuration options associated with access points (APs) and client cards • Recognize the major security threats to wireless IP networks

  6. What is IEEE 802.11? • IEEE: • Institute of Electrical and Electronics Engineers • 802.11: • Family of standards set forth by the IEEE to define the specifications for wireless LANs • Defines: • Medium Access Control (MAC) • Physical Layer (PHY) Specifications

  7. IEEE 802.11 and the ISO stack

  8. What is IEEE 802.11? • Local, high-speed wireless connectivity for fixed, portable and moving stations • stations can be moving at pedestrian and vehicular speeds • Standard promises interoperability • vendors products on the same physical layer should interoperate • Targetted for use in • inside buildings, outdoor areas, anywhere!

  9. IEEE 802.11 • Uses Direct Sequence spread spectrum (DSSS) technology • Frequency-Hopping spread spectrum (FHSS) can only be used for 1 or 2Mbps in US due to FCC regulations • Operates in unlicensed 2.4 GHz ISM band • ISM: Industrial, Scientific and Medical • ISM regulatory range: • 2.4 GHz to 2.4835 GHz for North America

  10. IEEE 802.11 • Supported Speeds and Distances • 1, 2, 5.5, 11 Mbps at distances of 150-2000 feet without special antenna • Greater distances can be achieved by using special antennas • Distance (or signal strength) greatly depends on obstructions such as buildings and other objects • Maximum speed obtained depends on signal strength

  11. IEEE 802.11b • ‘b’ in IEEE 802.11b • September 1999, 802.11b “High Rate” amendment was ratified by the IEEE • 802.11b amendment to 802.11 only affects the physical layer, basic artitecture is the same • Added two higher speeds • 5.5 and 11 Mbps • More robust connectivity • 802.11b is the current ‘favorite’ in 802.11 • also known as Wi-Fi (Wireless Fidelity)

  12. IEEE 802.11a • “Fast Ethernet” standard of wireless LANs • Speeds of up to 54 Mbps • 5 GHz (U-NII band) instead of 2.4 GHz • Unlicensed National Information Infrastructure • OFDM instead of DSSS for encoding • Orthogonal Frequency Division Multiplexing • 802.11a products are now on the market • SMC 2735W AP, $128 • Lucent Orinoco 802.11a/b AP-2000, $799

  13. IEEE 802.11a • Advantages • higher speed • less RF interference than 2.4 GHz • 2.4 GHz used by Bluetooth, cordless/cellular phones, etc. • some interoperability, vendors currently have “dual-standard” 802.11a/b equipment • Disadvantages • shorter range, need to increase AP density or power 4X to compensate

  14. IEEE 802.11g • Another high-speed standard • Viewed as a ‘step’ towards 802.11a • Speeds of up to 54 Mbps • may be more like 20+ Mbps • Still works at 2.4 GHz • not in the 5 GHz range like 802.11a • Advantages • compatible with 802.11b • better range than 802.11a, for now

  15. IEEE 802.11e • Another upcoming standard for WLANs • adds quality-of-service features to MAC layer of 802.11b compatible networks • error correction • better bandwidth management • significantly improves multimedia performance • works around RF interference • handles interference by moving away from it • i.e., moves to a new frequency when interferenece from a 2.4 GHz cordless phone is detected • research has been going on for a little over a year

  16. IEEE 802.11 and the ISO stack

  17. IEEE 802.11 Physical Layer • 802.11 Physical Layer Specifications • include FHSS, DSSS, IR • PLCP: Physical Layer Convergence Protocol • interface used by the other physical layer specs • maps data units into a suitable framing format • PMD system: Physical Medium Dependent • defines the characteristics/method of Tx/Rx data through a wireless medium between 2 or more stations

  18. IEEE 802.11 Physical Layer • Spread Spectrum • spreads the transmitted signal over a wide range of spectrum • avoids concentrating power in a single narrow frequency band • noise makes this necessary so that receiver can accurately decode the transmitted signal • 2 major approaches to spread spectrum: • FHSS: Frequency Hopping Spread Spectrum • DSSS: Direct Sequence Spread Spectrum

  19. IEEE 802.11 Physical Layer • FHSS • hop to other frequencies at a fixed time interval using a predetermined sequence • the “hopping” allows the system to avoid noise • DSSS • a different approach: artifically broaden the bandwidth needed to transmit a signal by modulating the data with a spreading code • allows for error detection

  20. IEEE 802.11 Physical Layer • DSSS • modules the data (XOR’d) with an 11-bit sequence called the Barker code • 10110111000 • a good pattern for generating radio waves • moduated sequence is a series of data objects called chips • chips are sent out by the wireless radio • wireless radio modulates a 2.4 GHz wave • modulation techniques: Binary PSK, Quadrature PSK

  21. IEEE 802.11 Data Link Layer • 2 Sublayers • Logical Link Control (LLC) • Media Access Control (MAC) • 802.11 uses the same 802.2 LLC • same 48-bit addressing as other 802 LANs • MAC address is 6 bytes or 48 bits • allows for simple bridging to wired networks • MAC sublayer is unique in 802.11

  22. IEEE 802.11 MAC Sublayer • MAC: Regulates access to the medium • Wired IEEE 802 LANs use CSMA/CD • 802.11 uses CSMA/CA • CSMA: carrier sense multiple access • CD: with collision detection • CA: with collision avoidance • Collision detection is not possible in 802.11 • near/far problem: can’t transmit and “hear” a collision at the same time

  23. IEEE 802.11 MAC Sublayer • CSMA/CA avoids collisions by explicit packet acknowledgment (ACK) • station wishing to transmit first senses the medium • if no activity detected, station waits an additional, random amount of time then transmits if the medium is still free • ACK packet is sent by receiving station to confirm the data packet arrived intact • collision assumed if sending station doesn’t get ACK, data is retransmitted after a random time

  24. IEEE 802.11 MAC Sublayer • Other unique features in 802.11 • IFS: Inter Frame Space • time interval between frames • Handling hidden stations (hidden-node problem) • virtual carrier sense • Power management functions • Data security (MAC address, WEP) • WEP: Wired Equivalent Privacy • Multirate support • Fragmentation / Defragmentation

  25. IEEE 802.11: A Closer Look

  26. IEEE 802.11 Frame Types • Three types of frames • Control • RTS, CTS, ACK, Contention-Free (CF), PS-Poll • Management • Probe request/response • Beacon • supported rates, timestamp, traffic indication map • Authentication / deauthentication • Announcement traffic indication message (ATIM) • sent after each frame • Data

  27. IEEE 802.11 Topologies • Three basic topologies for WLANs • IBSS: Independent Basic Service Set • BSS: Basic Service Set • ESS: Extended Service Set • Independent of type of PHY chosen

  28. IEEE 802.11 IBSS • IBSS: Independent Basic Service Set • Peer-to-peer or ad-hoc network • Wireless stations communicate directly with one another • Generally are not connected to a larger network • No Access Point (AP)

  29. IEEE 802.11 BSS • BSS: Basic Service Set • Infrastructure mode • An AP connects clients to a wired network

  30. IEEE 802.11 ESS • ESS: Extended Service Set • Infrastructure mode • Consists of overlapping BSSs (each with an AP) • DS connects APs together, almost always Ethernet • ESS allows clients to seamlessly roam between APs

  31. Access Points (APs) • Broadcasts service • uses beacon management frames • Number of clients supported • device dependent • memory size, congestion, • SMC2652W - 128 clients • Cisco Aironet 340 - 2,048 clients

  32. Access Points (APs) • Usually connects wireless and wired networks • if not wired • acts as an extension point (wireless bridge) • Creation of ESS by overlapping AP coverage • allows roaming operation • APs should be on different channels • more coming up on this setup...

  33. Access Points (APs) • Capacity and Bandwidth • Advertised maximum of 11 Mbps • Physical Layer Convergence Protocol (PLCP) is always transmitted at 1 Mbps. • Therefore, 802.11b will never be 100% efficient at the physical layer • Normally, 802.11b is about 85% efficient at the PHY • Other degrading factors include • distance, barriers, collisions, interference, congestion

  34. Access Points (APs) • Capacity and Bandwidth • Possible to keep these higher by using these techniques • Reducing size of coverage areas • Reducing client-to-AP ratio • Using bandwidth aggregation • AP-to-client ratio • load balancing

  35. Access Points (APs) • Roaming • More than 1 AP provides signals to a single client • Client is responsible for choosing the best AP • first, signal strength. second, network utilization. • When signal in use degrades, client tries to find another AP • if found, tries to authenticate and associate

  36. Access Points (APs) • Configuration • Management usually done via • HTTP, Telnet, SNMP, serial interface • Configuring Security Settings • SSID: Service Set Identifier • WEP: Wired Equivalent Privacy • EAP: Extensible Authentication Protocol • Configuring Network Settings • DHCP: Dynamic Host Configuration Protocol • NAT: Network Address Translation

  37. Access Points (APs) • How to setup a secure access point • Enable WEP or EAP • Change SSID and disable broadcast • Change the management password of your AP • some have 2: read-only as well as read-write • Use MAC address filtering • Consider not using DHCP • instead use fixed IP addresses for wireless NICs • Consider other mechanisms for privacy • PPTP, VPN, SSL, SSH

  38. IEEE 802.11 Security • Authentication • Open system • Shared key • Authorization • MAC address • Privacy • WEP: Wired Equivalent Privacy • not going to talk about the details of how WEP works • see references at the end of this document for info

  39. IEEE 802.11 Security • WEP: Wired Equivalent Privacy • many debates over its “secureness” • doesn’t encrypt the SSID • can be broken with brute-force attacks • need several million packets • WEP keys • can be decrypted from the Windows registry for Lucent Orinoco cards • are stored directly onto Cisco cards • can be easily retrieved in most situations if you are determined enough

  40. IEEE 802.11 Security

  41. IEEE 802.11 Security • WEP: Wired Equivalent Privacy • covers station-to-station transmission • uses RC4 security algorithm from RSA • relies on either 40-bit key to encrypt payload • Major weaknesses with WEP • key generators • keystream reuse • RC4 key scheduling algorithm • message authentication

  42. IEEE 802.11 Security • Current WEP status • WEP2 • Enhanced security at the MAC layer • Use AES instead of RC4 • Advanced Encryption Standard • http://csrc.nist.gov/encryption/aes • New standard for encrypted communication used by the government and government organizations • Still a work in progress, for more information see: • http://grouper.ieee.org/groups/802/11/Reports/tgi_update.htm • Won’t be available for mainstream use for awhile

  43. AirSnort and WepCrack • WLAN tool that recovers encryption keys • Exploits weakness in Key Scheduling Algorithm of RC4 • Requires 5-10 million encrypted packets • Once enough packets have been gathered, can guess the encryption key in under a second • Runs under Linux, requires wlan-ng drivers • For more information: • http://airsnort.sourceforge.net/ • http://wepcrack.sourceforge.net/

  44. Antenna Basics • 2.4 GHz ISM Band • doesn’t require a license to transmit • antenna must be able to accept interference from other devices or users • Antenna placement • radiation pattern of antenna • determines where the signal can be picked up at • finding best place for antenna is not always easy • want to pick places that will maximize range for clients • minimize stray RF signals and interference

  45. Antenna Basics • Ideal antennas • radiate equally in all directions • called “isotropic” or “isotropic radiator” • Real antennas • real world antennas are not ideal • have radiation patterns that concentrate the RF energy in different ways • omnidirectional antennas, also called a dipole • radiate in a donut shape, very common on APs • directional antennas, i.e., biquad • concentrates energy into a cone or a beam

  46. PCMCIA Antennas • Tend to be very directional • Effective gain is very low • This is one reason your signal strength will change drastically with small changes in position • Nearly all client cards have only 1 radio • can’t listen and talk at the same time • half-duplex • Getting external antennas makes a big difference

  47. Antenna Positioning • In general, should be mounted: • as high as possible • as clear from obstructions as possible • Best performance achieved when: • direct line of sight • Tx/Rx antennas are at the same height • Gaining coverage is achieved thru gain, • gain is measured in decibels (dBi)

  48. Building Your Own AP • More than one method • Recipe for a Linux 802.11b home network • http://www.oreillynet.com/pub/a/wireless/2001/03/06/recipe.html • detailed explanation on setting up a Linux machine to perform AP functions • Floppy based wireless gateway • http://nocat.net/ezwrp.html • turns a machine with a wireless adapter and an ethernet card into a wireless gateway • many features

  49. Building Your Own AP • Advantages • Great for educational and experience purposes • Some functionality is enhanced • firewalling features • authentication/authorization • Disadvantages • Some functionality is limited • some hardware/software combos only support IBSS • setup is time-consuming, requires a lot of experience • may not support as many clients as some APs

  50. References • IEEE 802.11 Working Group Page • http://www.ieee802.org/11/ • Can download the 802 standards here for FREE • Has links to all the latest 802.11 developments • Sniffing • http://www.sniffer.com/products/wireless/ • http://www.robertgraham.com/pubs/sniffing-faq.html • http://www.wildpackets.com/products/airopeek

More Related