W4140 Network Laboratory Lecture 12 Dec 4 - Fall 2006 Shlomo
Hershkop Columbia University
Slide 2
Announcements Last week of classes Was going to have a wireless
lab DHCP wireless AP and peer wireless networks Wireless
eavesdropping Wireless attacks Rather you start to wrap up phase II
Will go over deliverables today
Slide 3
Overview Phase II Wireless technology Since we have been
dealing with wired network technology would like to contrast it to
wireless Lots to cover this is only a brief overview of relevant
technology
Slide 4
Final We will be having a short written final for the lab
course covering topics familiar from the labs. Straightforward exam
making sure you understand what we have covered Will be enough if
you look over your lab notes Either can have it next Monday during
class time or during final week when it would be convenient for
everyone
Slide 5
Phase II We will be having a pizza party for the phase II
presentations Sometime during final week when wont conflict Have
lunch and every group will give a 15 minute overview of what they
did Feedback Will work with you on wrapping up your report and help
you submit it to a conference proceedings if you want to get
published
Slide 6
Phase II Would also like to archive the work, so please while
generating the work capture traffic (tcpdump/ethereal) and will
post them next to your reports Try to use visualization to show a
point of your work, as opposed to huge log and some random point in
the log Picture still worth 1000 words
Slide 7
Phase II Presentation Overview of project Who What why Overview
of background info and tools used Experiments to show idea Results
Explanation of the results Where this work can be taken
Slide 8
Written report Should be pdf Outline a few paragraph on what
the goal and results of project Background info Tools Experiments
Results Results explanation Future work References and
code/tools/links etc
Slide 9
Any Questions ??
Slide 10
Credit Some of the following slides were taken from internet
sources Uconn - Prof. Lili Qiu, Prof. Jim Kurose, and Don Towsley
Others Purdue - Pascal Meunier, Ph.D., M.Sc., CISSP
Slide 11
Wireless Applications
Slide 12
Why Wireless? Flexible Low cost Easy to deploy Support
mobility
Slide 13
Wireless Technologies UWB Bluetooth WiFi 3G range BW WiMax
RFID
Slide 14
Basics of Wireless Communication Signal Frequency allocation
Signal propagation Antennas Multiplexing
Slide 15
Overview of Wireless Transmissions source decoding bit stream
channel decoding receiver demodulation source coding bit stream
channel coding analog signal sender modulation
Slide 16
Frequencies for Communication VLF = Very Low Frequency LF = Low
Frequency subs MF = Medium Frequency HF = High Frequency Radio
am/fm VHF = Very High Frequency TV UHF = Ultra High Frequency
Mobile phone 3G SHF = Super High Frequency Wifi microwave EHF =
Extra High Frequency UV = Ultraviolet Light 1 Mm 300 Hz 10 km 30
kHz 100 m 3 MHz 1 m 300 MHz 10 mm 30 GHz 100 m 3 THz 1 m 300 THz
visible light VLFLFMFHFVHFUHFSHFEHFinfraredUV optical transmission
coax cabletwisted pair
Slide 17
ITU-R holds auctions for new frequencies, manages frequency
bands worldwide (WRC, World Radio Conferences) Frequencies and
Regulations
Slide 18
distance sender transmission detection interference
Transmission range communication possible low error rate Detection
range detection of the signal possible no communication possible
Interference range signal may not be detected signal adds to the
background noise Ideal Signal Propagation Ranges
Slide 19
Propagation in free space always like light (straight line)
Receiving power proportional to 1/d (d = distance between sender
and receiver) Receiving power additionally influenced by fading
(frequency dependent) shadowing reflection at large obstacles
refraction depending on the density of a medium scattering at small
obstacles diffraction at edges
reflectionscatteringdiffractionshadowing refraction Signal
Propagation
Slide 20
Signal can take many different paths between sender and
receiver due to reflection, scattering, diffraction Time
dispersion: signal is dispersed over time interference with
neighbor symbols, Inter Symbol Interference (ISI) The signal
reaches a receiver directly and phase shifted distorted signal
based on the phases of different parts signal at sender Multipath
Propagation signal at receiver LOS pulses multipath pulses LOS:
Line Of Sight
Slide 21
Channel characteristics change over time & location e.g.,
movement of receiver and/or scatters quick changes in the power
received (short term/fast fading) Additional changes in distance to
sender obstacles further away slow changes in the average power
received (long term/slow fading) short term fading long term fading
t power Fading
Slide 22
Typical Picture
Slide 23
Real world example
Slide 24
Scanning in 802.11 Goal: find networks in the area Passive
scanning Not require transmission Move to each channel, and listen
for Beacon frames Active scanning Require transmission Move to each
channel, and send Probe Request frames to solicit Probe Responses
from a network
Slide 25
Association in 802.11 AP 1: Association request 2: Association
response 3: Data traffic Client
Slide 26
Reassociation in 802.11 New AP 1: Reassociation request 3:
Reassociation response 5: Send buffered frames Old AP 2: verify
previous association 4: send buffered frames Client 6: Data
traffic
Slide 27
Time Synchronization in 802.11 Timing synchronization function
(TSF) AP controls timing in infrastructure networks All stations
maintain a local timer TSF keeps timer from all stations in sync
Periodic Beacons convey timing Beacons are sent at well known
intervals Timestamp from Beacons used to calibrate local clocks
Local TSF timer mitigates loss of Beacons
Slide 28
Power Management in 802.11 A station is in one of the three
states Transmitter on Receiver on Both transmitter and receiver off
(dozing) AP buffers packets for dozing stations AP announces which
stations have frames buffered in its Beacon frames Dozing stations
wake up to listen to the beacons If there is data buffered for it,
it sends a poll frame to get the buffered data
Slide 29
Network Security Pascal Meunier, Ph.D., M.Sc., CISSP May 2004,
updated July 30, 2004 Developed thanks to the support of Symantec
Corporation, NSF SFS Capacity Building Program (Award Number
0113725) and the Purdue e-Enterprise Center Copyright (2004) Purdue
Research Foundation. All rights reserved.
Slide 30
Outline Architecture Physical and link layer Network layer
Transport layer Application layer: DNS, RPC, NFS Application layer:
Routing Wireless networks More secure protocols: DNSSEC, IPSEC,
IPv6
Slide 31
Wireless Networks Wireless Threats Antennas Directionality
Range Gain Design Weaknesses Implementation Weaknesses Automated
WEP crackers and sniffers Alternatives to WEP
Slide 32
Interesting Wireless Uses Burlington Northern and Santa Fe
Railway Company (BNSF) US railroad uses Wi-Fi to run 'driverless'
trains (Smith 2003). Home Depot (Luster 2002), BestBuy
(Computerworld 2002) and Lowes (Ashenfelter 2003) were famous for
being targetted by hackers sitting in the parking lots and
eavesdropping on traffic to cash registers, and even accessing
their networks through their wireless access points. The Navy was
reportedly interested in deploying 802.11b technology to control
warships (Cox 2003).
Slide 33
Wireless Threats Medium is open to most attackers in the
neighborhood of a wireless node Near-impossibility of establishing
a clear physical security boundary Higher gain antennas can be used
to overcome distance or a weak signal Remote attackers can aim at:
The physical layer The link layer Media Access Control (MAC)
Logical link The network layer
Slide 34
Threats DoS attacks Jamming Fake collisions (Request to send,
see slides on CSMA/CA) Amplification Integrity attacks Packets
captured, modified and reinjected Confidentiality attacks Capture
passwords, authentication tokens, etc... Authentication and
Accountability attacks Anonymity for attacker Reassign
accountability to network or account owners
Slide 35
Physical Layer CIA - confidentiality, integrity, availability
Coverage vs Risk Antenna gain vs transmission power
Slide 36
Question Which property of CIA (confidentiality, integrity,
availability) cant you guarantee in any wireless network? How about
a warship that is steered and controlled through wireless networks.
What could happen?
Slide 37
Answer You cant guarantee availability, because wireless
networks can be jammed. A warship controlled through a wireless
network could stop responding and continue on a bad course
(collision or otherwise)
Slide 38
Wireless Coverage is Risk The potential number of locations
from which attackers can operate is proportional to the area
covered. Areas you physically control may not be as risky The size
of the area is not completely under your control, because attackers
can use arbitrarily large antennas. However, you can control the
amount of power used. How does that affect the risk?
Slide 39
Wireless Power Area of a sphere = 4 r 2 Total power is constant
Power/area decreases 1/r 2 Big antennas capture more power (more
area) Analogy: Lenses The bigger the lens, the more light is
captured SourceReceiving Antenna
Slide 40
Wireless Power Antenna gain is measured in dB (decibels) as the
ratio of power captured compared to a reference antenna. Gain
usually comes at the cost of increased directionality Power is
concentrated in (and captured from) a narrower field
Slide 41
Antenna Gain (dB) Where P 2 is the power captured by the
reference antenna A gain of 3 dB means captured power is doubled. A
gain of 10 dB means captured power is increased 10 times. A gain of
20 dB means captured power is increased 100 times.
Slide 42
Variable Power Some access points and cards can use varying
amounts of power Uncommon feature (Cisco, Apple Airport Ex) How is
the range changed by power? How much power do you need to double
the range? "r" is the range
Slide 43
Power Calculations Double range needs 4x power Equivalent
statement: An increase in power of 6 dB doubles the range Triple
range needs 9x power Lower the power to decrease the risk area
Cisco Aironet Antennas Reference Guide
http://www.cisco.com/warp/public/cc/pd/witc/ao3
50ap/prodlit/agder_rg.htm
Slide 44
Question Your wireless network usually has a range of 100 feet.
However you are having a (confidential) meeting in a 10 diameter
(circular) room but want to use a wireless access point in the
room. By how much can you decrease the power to diminish the
threats?
Slide 45
Answer A 10x10 room approximately fits inside a 5 radius
sphere. 100/5 = 20x range reduction Power =1/(20x20) = 1/400 So if
the power was 400 mW, 1 mW should now be sufficient.
Slide 46
Question If you want to spy on the meeting mentioned
previously, from 100 feet away, what is the gain (in dB) of the
antenna you need?
Slide 47
Answer Gain (dB) = 10 log(400) = 10 log(4) + 10 log(100) = 6+20
= 26 dB
Slide 48
Link Layer 802.11b security is focused at the link layer Media
Access Control MAC address-based access control lists Refer to the
slides on Media Access Control in the link layer CSMA/CA (Collision
avoidance) Refer to the slides on spurious RTS (request to send)
Logical Link Logical organization of stations and access points WEP
encryption Network Management frames
Slide 49
Logical Link Wireless networks have two possible architectures
Ad-hoc networks Similar concept: Peer-to-Peer Access-point-based
networks (a.k.a. infrastructure mode) All traffic goes through the
access point. A station is a member of which network? Association
concept
Slide 50
Definitions BSS (Basic Service Set) A collection of stations
(a.k.a. nodes) communicating wirelessly together To differentiate
between closeby BSS and their own, they use a BSSID, which has the
format of a MAC address. All stations in one BSS use the same BSSID
to communicate ? Company A's Network Company B's Network
Slide 51
Infrastructure Mode The BSSID is usually the MAC address of the
AP (Access Point) Sophisticated APs have the capability of handling
several BSSes with different BSSIDs, and appear as several virtual
APs. AP Stations using the same BSSID Wired Network
Slide 52
Ad-hoc Mode The stations use a random number as the BSSID The
first station selects the BSSID and the others use it Stations
using the same BSSID
Slide 53
Definitions (cont.) ESS: Extended Service Set Composed of
several BSSes joined together. SSID: Service Set ID Commonly known
as the network name Human-readable name "ESSID" is sometimes used
to refer to the SSID used in the context of an ESS Transparent for
the end user Only aware of the SSID Traffic in an ESS may be using
several different BSSIDs if there are several APs in it.
Slide 54
Question The MAC address of an access point is used for: a)
SSID b) ESSID c) BSS d) BSSID
Slide 55
Question The MAC address of an access point is used for: a)
SSID b) ESSID c) BSS d) BSSID
Slide 56
Beacon Frames Beacon Frames broadcast the SSID Help users
locate available networks Layer 2 Management frames Networks
without BFs are called "closed networks" Simply means that the SSID
is not broadcast anymore Weak attempt at security through
obscurity, to make the presence of the network less obvious BSSIDs
are revealed as soon as a single frame is sent by any member
station Mapping between SSIDs and BSSIDs is revealed by several
management frames that are not encrypted
Slide 57
Is the SSID a Secret? Stations looking for an access point send
the SSID they are looking for in a "probe request" Access points
answer with a "probe reply" frame, which contains the SSID and
BSSID pair Stations wanting to become part of a BSS send an
association request frame, which also contains the SSID/BSSID pair
in clear text So do re-association requests (see next slides) and
their response Therefore, the SSID remains secret only on closed
networks with no activity Conclusion: Closed networks mainly
inconvenience legitimate users
Slide 58
Authentication and Association To become part of a BSS, a
station must first authenticate itself to the network Then request
association to a specific access point The access point is in
charge of authentication and accepting the association of the
station Unless an add-on authentication system (e.g., Radius) is
used MAC address is trusted as giving the correct identity of the
station or access point How can this be abused?
Slide 59
Abusing MAC Addresses A station doesn't know if it is talking
to a real access point, or to the same access point every time
Access points are not authenticated by stations Even if they were,
the MAC address can be faked An access point doesn't know if it is
talking to the same station every time
Slide 60
Authentication and (Dis)Association Attacks Any station can
impersonate another station or access point and attack or interfere
with the authentication and association mechanisms. As these frames
are not encrypted, the difficulty is trivial Disassociation and
deauthentication frames A station receiving one of those frames
must redo the authentication and association processes With a
single short frame, an attacker can delay the transmission of data
and require the station and real access point to redo these
processes takes several frames to perform.
Slide 61
Disassociation Exploit Efficiency was demonstrated by Bellardo
(2003) Seems to have been used in the "Black Hat" community prior
to that report The tool "KisMAC" implements it Availability is
affected can be selective against specific users
Slide 62
Authentication Modes Authentication is done by: a station
providing the correct SSID or through "shared key authentication"
Access point and all base stations share a secret encryption key
Hard to deploy Hard to change Hard to keep secret No accountability
Requires a station to encrypt with WEP (see next slides) a
challenge text provided by the access point An eavesdropper gains
both the plaintext and the cyphertext Perform a known plaintext
attack This authentication helps to crack WEP encryption!
Slide 63
802.11b and WEP Remind yourself through this presentation that
802.11b was designed by professional software and hardware
engineers and reviewed by many such. Be extremely careful and
skeptical about home-brewed security and encryption solutions. This
is an often repeated mistake
Slide 64
WEP: Wired Equivalent Privacy Cryptographic mechanism used to
defend against threats Developed without Academic or public review
Review from cryptologists Has significant vulnerabilities and
design flaws Only about a quarter to a third of wireless access
points use WEP Tam et al. 2002 Hamilton 2002 Pickard and Cracknell
2001, 2003
Slide 65
WEP WEP is a stream cipher Uses RC-4 to produce a stream of
bytes that are XORed with the plaintext The input to the stream
cipher algorithm is an "initial value" (IV) sent in plaintext, and
a secret key IV is 24 bits long Length of the secret is either 40
or 104 bits, for a total length for the IV and secret of 64 or 128
bits Marketing publicized the larger number, implying that the
secret was a 64 or 128 bit number, in a classical case of deceptive
advertising How else can you call a protection that is 16.8 million
times weaker than advertised?
Slide 66
XOR Encryption 0 XOR 0 = 0 1 XOR 0 = 1 1 XOR 1 = 0 (z XOR y)
XOR z = y (z XOR y) XOR y = z Works independently of which of z or
y is the plaintext, "pad" or the ciphertext
Slide 67
Stream Cipher Given an IV and secret key, the stream of bytes
(pad) produced is always the same Pad XOR plaintext = ciphertext If
an IV is ever reused, then the pad is the same Knowing all the pads
is equivalent to knowing the secret Application to WEP: The pad is
generated from the combination between the IV and the WEP key
passed through RC4 Knowing all the pads is equivalent to knowing
the 40 or 104- bit secret "Weak" IVs reveal additional information
about the secret
Slide 68
Pad-Collection Attacks There is (should be) a different pad for
every encrypted packet that is sent between AP and a station By
mapping pads to IVs, we can build up a table and skip the RC4 step
The stream is never longer than 1500 bytes (the maximum Ethernet
frame size) The 24 bit-IV provides 16,777,216 (256^3) possible
streams, so all the pads can fit inside 25,165,824,000 bytes (23.4
GB) We never have to have the WEP Key Once we have a complete
table, it's as good as having the WEP key.
Slide 69
Cracking WEP Passive attacks The presence of the attacker does
not change traffic, until WEP has been cracked Active attacks
Active attacks increase the risk of being detected, but are more
capable. If an active attack is reasonable (i.e., the risk of
detection is disregarded), the goal is to stimulate traffic Collect
more pads and uses of weak IVs Some attacks require only one
pad.
Slide 70
How Authentication Helps Collecting Pads Access point sends the
plaintext Station returns ciphertext Mallory computes plaintext XOR
ciphertext = pad The IV was in plain text in the packet Mallory now
has a pad and matching IV Mallory can now authenticate! Access
point sends another plaintext challenge Mallory chooses to use the
same IV and pad Returns Pad XOR plaintext = ciphertext
Slide 71
Disassociation Attack to Collect Pads Active attack Keep
forcing stations to re- authenticate and reveal more pads by using
different IVs
Slide 72
Faking Being an Access Point An attacker can also pretend to be
an access point Run a cycle of authentication and deauthentication
to collect all the pads from other stations Works even if the real
access points do not require shared key authentication Attacker can
require it while faking being an access point
Slide 73
"Single Pad" Attacks Exploits based on knowing a single
encryption pad and IV Smurf TCP SYN flood UDP attacks
Slide 74
Defeating Firewalls with Single Pad Attacks Access Point behind
a firewall Mallory sends packets to Victim, who believes they come
from Mallory's accomplice (replies) Mallory's accomplice forwards
packets to Mallory AP Wired Internal Network Mallory Internet
Mallory's Accomplice Victim Firewall
Slide 75
Results UDP replies can be obtained unencrypted TCP sessions
can be established with sensitive services intended to be protected
by the firewall Intrusion detection systems will most likely ignore
responses originating from internal hosts the attacks can proceed
undetected at this level For all practical purposes, in this
configuration WEP has been completely defeated.
Slide 76
Defenses Provide a firewall for the wireless network with a
rule to refuse packets that do not contain source addresses part of
the wireless network's range Connect access points outside the
internet firewall (as if they were part of the internet). Can also
negate some advantages of the wireless network for legitimate
users
Slide 77
Administrative Access Some access points allow administrative
access from the wireless network Or offer services on a UDP port
(e.g., Apple base stations listen on UDP port 192) One-packet
attacks directed against these services could exploit
vulnerabilities disable the access point or make it difficult to
use Administrative access to access point should be disabled from
the wireless network Not all access points support this
feature.
Slide 78
Pads collected by disassociation attacks have a limited length
Mallory sends packets to himself (or to another wireless station)
through an internet accomplice Mallory gets the matching encrypted
version More Pad Collection Attacks AP Wired Internal Network
Mallory Internet Mallory's Accomplice Firewall
Slide 79
Defense Requires a stateful firewall will distinguish and block
fake responses by keeping track of wether the destination host
really made a prior request to the source IP of the packets A
variation of the attack allows a more sophisticated attacker to
launch chosen plaintext attacks against the encryption itself this
attack may be useful against encryptions superseeding WEP as
well
Slide 80
Weak Keys (a.k.a. Weak IVs) Due to how RC4 is used in WEP, some
IVs can reveal information about the secret key Mathematical
details out of the scope of this material Attack FMS (Fluhrer et
al. 2001) cryptographic attack on WEP Practicality demonstrated by
Stubblefield et al. (2001) Collection of the first encrypted octet
of several million packets. Exploits WEPcrack (Rager 2001) Airsnort
(Bruestle et al. 2001) Key can be recovered in under a second
(after collecting the data).
Slide 81
Defenses Some wireless cards no longer generate weak IVs (given
a secret, weak IVs can be listed; WEPcrack can do this) Some Lucent
devices are known to have stopped generating weak IVs
(binaervarianz 2003) Other vendors should be able to do the same,
and make this attack ineffective
Slide 82
Integrity Attacks What if Mallory modified a captured packet
and resent it on the wireless network? IP destination address
always in the same location Modify packet so a copy is sent to
Mallory's accomplice Accomplice receives the decrypted packet Based
on a CRC checksum weakness (Borisov 2001) Given the knowledge of
(part of) the plaintext, a WEP- protected message can be changed at
will Mallory needs only to guess the relevant IP address Or part of
it, if Mallory's accomplice can sniff traffic on destination
network
Slide 83
Defenses Use another encryption layer, such as SSL (https) or
ssh
Slide 84
Implementation Weaknesses Restricted IV selection Some access
points (old Cisco firmware, notably) produced IVs using only 18 of
the 24-bit space Lowered the storage requirement for all pads from
23.4 GB to a mere 366 MB (Meunier et al. 2002) Poor randomness for
IVs IVs being used more often (reuses of the same pad) Sequential
generation allow complete collection faster Newsham 21-bit
attack
Slide 85
Implementation Issues Newsham 21-bit attack Some manufacturers
generate WEP keys from text, in an effort to increase ease-of-use
But the algorithm used produces only keys in a 21-bit space instead
of 40-bit Brute force cracking of WEP is 2^19 (524,288) times
faster Takes less than a minute on commodity hardware (Newsham
2001) Exploits The tool KisMAC implements this attack According to
the tool's documentation, Linksys and D- link products seemed to be
vulnerable, but not 3Com and Apple
Slide 86
Automated WEP Crackers and Sniffers AiroPeek (Commercial)
Easy-to-use, flexible and sophisticated analyzer WEPCrack, AirSnort
Implementations of the FMA attack NetStumbler This is a popular
network discovery tool, with GPS support. It does not perform any
cracking. A MacOS equivalent is named "iStumbler". KisMAC This is a
MacOS X tool for network discovery and cracking WEP with several
different methods Kismet swiss-army knife
Slide 87
LEAP: The Lightweight Extensible Authentication Protocol
Proprietary, closed solution was stated (without much details) by
Cisco as unaffected by WEP vulnerabilities (Cisco 2002). LEAP
conducts mutual authentication client is assured that the access
point is an authorized one Uses per-session keys that can be
renewed regularly Makes the collection of a pad or weak IVs more
difficult Secret key can be changed before the collection is
complete The user is authenticated, instead of the hardware MAC
address access control lists are not needed LEAP requires an
authentication server (RADIUS) to support the access points
Slide 88
LEAP Attacks Dictionary attacks Password-based scheme Requires
user passwords be guessable (Wright 2003) LEAP access points don't
use weak IVs Use MS-CHAP v2, show the same weaknesses as MS-CHAP
(Wright 2003) There are many variants of the Extensible
Authentication Protocol, such as EAP-TLS and PEAP.
Slide 89
WPA Wi-Fi Protected Access stop-gap solution that solves issues
related to the WEP encryption itself IVs are larger (48 bits
instead of 24) Shared key is used more rarely Used to negotiate and
communicate "temporal keys" "Temporal keys" are used to encrypt
packets instead Doesn't solve issues with the management frames
Collision Avoidance mechanism can still be exploited Can be
supported by most of the 802.11b hardware
Slide 90
Questions ??
Slide 91
About These Slides You are free to copy, distribute, display,
and perform the work; and to make derivative works, under the
following conditions. You must give the original author and other
contributors credit The work will be used for personal or
non-commercial educational uses only, and not for commercial
activities and purposes For any reuse or distribution, you must
make clear to others the terms of use for this work Derivative
works must retain and be subject to the same conditions, and
contain a note identifying the new contributor(s) and date of
modification For other uses please contact the Purdue Office of
Technology Commercialization. Developed thanks to the support of
Symantec Corporation
Slide 92
Pascal Meunier [email protected] Contributors: Jared
Robinson, Alan Krassowski, Craig Ozancin, Tim Brown, Wes Higaki,
Melissa Dark, Chris Clifton, Gustavo Rodriguez- Rivera
Slide 93
Questions ??
Slide 94
Slide 95
Slide 96
Slide 97
Slide 98
Slide 99
Slide 100
Slide 101
Multiplexing in 4 dimensions space (s i ) time (t) frequency
(f) code (c) Goal: multiple use of a shared medium Important: guard
spaces needed! Multiplexing
Slide 102
Space Multiplexing Assign each region a channel Pros no dynamic
coordination necessary works also for analog signals Cons
Inefficient resource utilization s2s2 s3s3 s1s1 f t c k2k2 k3k3
k4k4 k5k5 k6k6 k1k1 f t c f t c channels k i
Slide 103
Frequency Multiplexing Separation of the whole spectrum into
smaller frequency bands A channel gets a certain band of the
spectrum for the whole time Pros: no dynamic coordination necessary
works also for analog signals Cons: waste of bandwidth if the
traffic is distributed unevenly Inflexible guard spaces k2k2 k3k3
k4k4 k5k5 k6k6 k1k1 f t c
Slide 104
f t c Time Multiplex A channel gets the whole spectrum for a
certain amount of time Pros: only one carrier in the medium at any
time throughput high even for many users Cons: precise
synchronization necessary
Slide 105
f Time and Frequency Multiplexing Combination of both methods A
channel gets a certain frequency band for a certain amount of time
(e.g., GSM) Pros: better protection against tapping protection
against frequency selective interference higher data rates compared
to code multiplex Cons: precise coordination required t c k2k2 k3k3
k4k4 k5k5 k6k6 k1k1
Slide 106
Code Multiplexing Each channel has a unique code All channels
use the same spectrum simultaneously Pros: bandwidth efficient no
coordination and synchronization necessary good protection against
interference and tapping Cons: lower user data rates more complex
signal regeneration Implemented using spread spectrum technology f
t c
Slide 107
MAC Layer Coordinate access to a shared medium Requirements
Efficiency Reliability Fairness Support priority Support group
communication
Slide 108
MAC Layer (Cont.) Base technologies Frequency division multiple
access (FDMA) Time division multiple access (TDMA) Code division
multiple access (CDMA) Access schemes Centralized GSM IS-95
Distributed CSMA/CD (Ethernet) CSMA/CA (wireless LAN)
Slide 109
Example MAC Protocols Pure ALOHA Transmit whenever a message is
ready Retransmit when ACK is not received Slotted ALOHA Time is
divided into equal time slots Transmit only at the beginning of a
time slot Avoid partial collisions Increase delay, and require
synchronization Problem: do not listen to the channel.
Slide 110
Example MAC Protocols Carrier Sense Multiple Access (CSMA)
Listen before transmit Transmit only when no carrier is detected
Variants 1-persistent CSMA: transmit once no carrier is detected
CSMA/CD: abort the transmission when collision is detected
(Ethernet) Non-persistent CSMA: when carrier is detected, wait a
random time before a retry (WLAN)
Slide 111
ABC Hidden Terminal Problem B can communicate with both A and C
A and C cannot hear each other Problem When A transmits to B, C
cannot detect the transmission using the carrier sense mechanism If
C transmits, collision will occur at node B Solution Hidden sender
C needs to defer
Slide 112
ABC Solution for Hidden Terminal Problem: MACA When A wants to
send a packet to B, A first sends a Request-to-Send (RTS) to B On
receiving RTS, B responds by sending Clear-to- Send (CTS), provided
that A is able to receive the packet When C overhears a CTS, it
keeps quiet for the duration of the transfer Transfer duration is
included in both RTS and CTS
Slide 113
Reliability Wireless links are prone to errors. High packet
loss rate detrimental to transport-layer performance. Mechanisms
needed to reduce packet loss rate experienced by upper layers
Slide 114
A Simple Solution to Improve Reliability When B receives a data
packet from A, B sends an Acknowledgement (ACK) to A. If node A
fails to receive an ACK, it will retransmit the packet ABC
Slide 115
IEEE 802.11 Wireless MAC Support broadcast, multicast, and
unicast Uses ACK and retransmission to achieve reliability for
unicast frames No ACK/retransmission for broadcast or multicast
frames Distributed and centralized MAC access Distributed
Coordination Function (DCF) Basic CSMA/CA RTS/CTS extension Point
Coordination Function (PCF) contention-free polling for
time-bounded service
Slide 116
IEEE 802.11 DCF CSMA/CA Wireless MAC protocols often use
collision avoidance techniques, in conjunction with a (physical or
virtual) carrier sense mechanism Uses RTS-CTS exchange to avoid
hidden terminal problem Any node overhearing a CTS cannot transmit
for the duration of the transfer Once channel becomes idle, the
node waits for a randomly chosen duration before attempting to
transmit. Uses ACK to provide reliability
Slide 117
CFABED RTS RTS = Request-to-Send IEEE 802.11 Pretending a
circular range
Slide 118
CFABED RTS RTS = Request-to-Send IEEE 802.11 NAV = 10 NAV =
remaining duration to keep quiet
Slide 119
CFABED CTS CTS = Clear-to-Send IEEE 802.11
Slide 120
CFABED CTS CTS = Clear-to-Send IEEE 802.11 NAV = 8
Slide 121
CFABED DATA DATA packet follows CTS. Successful data reception
acknowledged using ACK. IEEE 802.11
Slide 122
CFABED ACK
Slide 123
CSMA/CA Carrier sense Physical carrier sense Carrier sense
threshold Virtual carrier sense using Network Allocation Vector
(NAV) NAV is updated based on overheard RTS/CTS/DATA/ACK packets
Nodes stay silent when carrier sensed (physical/virtual) Collision
avoidance Backoff intervals used to reduce collision
probability
Slide 124
Backoff Interval When transmitting a packet, choose a backoff
interval in the range [0, CW] CW is contention window Count down
the backoff interval when medium is idle Count-down is suspended if
medium becomes busy Transmit when backoff interval reaches 0
Slide 125
DCF Example data wait B1 = 5 (leftover) B2 = 15 B1 = 25 B2 = 20
data wait B1 and B2 are backoff intervals at nodes 1 and 2 cw = 31
B2 = 10 (leftover)
Slide 126
Backoff Interval The time spent counting down backoff intervals
is a part of MAC overhead Important to choose CW appropriately
large CW large overhead small CW may lead to many collisions (when
two nodes count down to 0 simultaneously) Dynamically change CW
depending on collision occurrence
Slide 127
Binary Exponential Backoff in DCF When a node fails to receive
CTS in response to its RTS, it increases the contention window CW
is doubled (up to an upper bound) More collisions longer waiting
time to reduce collision When a node successfully completes a data
transfer, it restores CW to CW min
Slide 128
MILD Algorithm in MACAW MACAW uses exponential increase linear
decrease to update CW When a node successfully completes a
transfer, reduces CW by 1 In 802.11 CW is restored to CW min In
802.11, CW reduces much faster than it increases MACAW can avoid
wild oscillations of CW when many nodes contend for the
channel
Slide 129
Random backoff Data Transmission/ACK RTS/CTS 802.11 Overhead
Channel contention resolved using backoff Nodes choose random
backoff interval from [0, CW] Count down for this interval before
transmission Backoff and (optional) RTS/CTS handshake before
transmission of data packet 802.11 has large room for
improvement
Slide 130
802.11 Frame Priorities Short interframe space (SIFS) For
highest priority frames (e.g., RTS/CTS, ACK) PCF interframe space
(PIFS) Used by PCF during contention free operation DCF interframe
space (DIFS) Minimum medium idle time for contention-based services
Time Busy SIFS PIFS DIFS content window Frame transmission
Slide 131
802.11 Management Operations Scanning Association/Reassociation
Time synchronization Power management
Slide 132
Scanning in 802.11 Goal: find networks in the area Passive
scanning Not require transmission Move to each channel, and listen
for Beacon frames Active scanning Require transmission Move to each
channel, and send Probe Request frames to solicit Probe Responses
from a network
Slide 133
Association in 802.11 AP 1: Association request 2: Association
response 3: Data traffic Client
Slide 134
Reassociation in 802.11 New AP 1: Reassociation request 3:
Reassociation response 5: Send buffered frames Old AP 2: verify
previous association 4: send buffered frames Client 6: Data
traffic
Slide 135
Time Synchronization in 802.11 Timing synchronization function
(TSF) AP controls timing in infrastructure networks All stations
maintain a local timer TSF keeps timer from all stations in sync
Periodic Beacons convey timing Beacons are sent at well known
intervals Timestamp from Beacons used to calibrate local clocks
Local TSF timer mitigates loss of Beacons
Slide 136
Power Management in 802.11 A station is in one of the three
states Transmitter on Receiver on Both transmitter and receiver off
(dozing) AP buffers packets for dozing stations AP announces which
stations have frames buffered in its Beacon frames Dozing stations
wake up to listen to the beacons If there is data buffered for it,
it sends a poll frame to get the buffered data
Slide 137
Wired Equivalent Privacy (WEP) Specified in 802.11 standard for
WLAN MAC Protocol goals: Confidentiality: prevent eavesdropping
Access control: prevent unauthorized access Data integrity: prevent
tampering of messages Failure: None of the security goals are
attained
Slide 138
WEP Authentication authentication procedure: host requests
authentication from AP AP sends 128 bit nonce host encrypts nonce
using shared symmetric key AP decrypts nonce, authenticates host no
key distribution mechanism authentication: knowing the shared key
is enough
Slide 139
WEP data encryption Host/AP share 40 bit symmetric key
(semi-permanent) Host appends 24-bit initialization vector (IV) to
create 64-bit key 64 bit key used to generate stream of keys, k i
IV k i IV used to encrypt i-th byte, d i, in frame: c i = d i XOR k
i IV IV and encrypted bytes, c i sent in frame
Slide 140
802.11 WEP encryption Sender-side WEP encryption
Slide 141
Breaking 802.11 WEP encryption Security hole: 24-bit IV, one IV
per frame, -> IVs eventually reused Common PCMCIA cards sets IV
to zero and increment it by 1 for each packet IV transmitted in
plaintext -> IV reuse detected Attack: Trudy causes Alice to
encrypt known plaintext d 1 d 2 d 3 d 4 Trudy sees: c i = d i XOR k
i IV Trudy knows c i d i, so can compute k i IV Trudy knows
encrypting key sequence k 1 IV k 2 IV k 3 IV Next time IV is used,
Trudy can decrypt!
Slide 142
802.11i: improved security numerous (stronger) forms of
encryption provides key distribution uses authentication server
separate from access point
Slide 143
AP: access point AS: Authentication server wired network STA:
client station 1 Discovery of security capabilities 3 STA and AS
mutually authenticate, together generate Master Key (MK). AP
servers as pass through 2 3 STA derives Pairwise Master Key (PMK)
AS derives same PMK, sends to AP 4 STA, AP use PMK to derive
Temporal Key (TK) used for message encryption, integrity 802.11i:
four phases of operation
Slide 144
wired network EAP TLS EAP EAP over LAN (EAPoL) IEEE 802.11
RADIUS UDP/IP EAP: extensible authentication protocol EAP: end-end
client (mobile) to authentication server protocol EAP sent over
separate links mobile-to-AP (EAP over LAN) AP to authentication
server (RADIUS over UDP)