Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapters 6 & 8 WiFi and Its Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the.

Published byRosanna Blankenship Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapters 6 & 8 WiFi and Its Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the."— Presentation transcript:

1 Chapters 6 & 8 WiFi and Its Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you see the animations; and can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following:  If you use these slides (e.g., in a class) that you mention their source (after all, we’d like people to use our book!)  If you post any slides on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material. Thanks and enjoy! JFK/KWR All material copyright 1996-2012 J.F Kurose and K.W. Ross, All Rights Reserved Wireless, Mobile Networks 6-1

2 Wireless, Mobile Networks 6-2 Elements of a wireless network network infrastructure

3 Wireless, Mobile Networks 6-3 wireless hosts  laptop, smartphone  run applications  may be stationary (non- mobile) or mobile  wireless does not always mean mobility Elements of a wireless network network infrastructure

4 Wireless, Mobile Networks 6-4 base station  typically connected to wired network  relay - responsible for sending packets between wired network and wireless host(s) in its “area”  e.g., cell towers, 802.11 access points Elements of a wireless network network infrastructure

5 Wireless, Mobile Networks 6-5 wireless link  typically used to connect mobile(s) to base station  also used as backbone link  multiple access protocol coordinates link access  various data rates, transmission distance Elements of a wireless network network infrastructure

6 Wireless, Mobile Networks 6-6 infrastructure mode  base station connects mobiles into wired network  handoff: mobile changes base station providing connection into wired network Elements of a wireless network network infrastructure

7 Wireless, Mobile Networks 6-7 ad hoc mode  no base stations  nodes can only transmit to other nodes within link coverage  nodes organize themselves into a network: route among themselves Elements of a wireless network

8 Wireless, Mobile Networks 6-8 Wireless network taxonomy single hop multiple hops infrastructure (e.g., APs) no infrastructure host connects to base station (WiFi, WiMAX, cellular) which connects to larger Internet no base station, no connection to larger Internet (Bluetooth, ad hoc nets) host may have to relay through several wireless nodes to connect to larger Internet: mesh net no base station, no connection to larger Internet. May have to relay to reach other a given wireless node MANET, VANET

9 Wireless, Mobile Networks 6-9 Wireless Link Characteristics (1) important differences from wired link ….  decreased signal strength: radio signal attenuates as it propagates through matter (path loss)  interference from other sources: standardized wireless network frequencies (e.g., 2.4 GHz) shared by other devices (e.g., phone); devices (motors) interfere as well  multipath propagation: radio signal reflects off objects ground, arriving ad destination at slightly different times …. make communication across (even a point to point) wireless link much more “difficult”

10 Wireless, Mobile Networks 6-10 Wireless Link Characteristics (2)  SNR: signal-to-noise ratio  higher SNR – easier to extract signal from noise (a “good thing”)  SNR versus BER tradeoffs  given a physical layer (modulation scheme): increase power -> increase SNR->decrease BER  given a SNR: choose physical layer that meets BER requirement, giving highest thruput SNR may change with mobility: dynamically adapt physical layer (modulation technique, rate) 10 20 30 40 QAM256 (8 Mbps) QAM16 (4 Mbps) BPSK (1 Mbps) SNR(dB) BER 10 -1 10 -2 10 -3 10 -5 10 -6 10 -7 10 -4

11 Wireless, Mobile Networks 6-11 Wireless network characteristics Multiple wireless senders and receivers create additional problems (beyond multiple access): A B C Hidden terminal problem  B, A hear each other  B, C hear each other  A, C can not hear each other means A and C are unaware of their interference at B A B C A’s signal strength space C’s signal strength Signal attenuation:  B, A hear each other  B, C hear each other  A, C can not hear each other interfering at B

12 Wireless, Mobile Networks 6-12 IEEE 802.11 Wireless LAN 802.11b  2.4-5 GHz unlicensed spectrum  up to 11 Mbps  direct sequence spread spectrum (DSSS) in physical layer  all hosts use same chipping code 802.11a  5-6 GHz range  up to 54 Mbps 802.11g  2.4-5 GHz range  up to 54 Mbps 802.11n: multiple antennae  2.4-5 GHz range  up to 200 Mbps  all use CSMA/CA for multiple access  all have base-station and ad-hoc network versions

13 Wireless, Mobile Networks 6-13 802.11 LAN architecture  wireless host communicates with base station  base station = access point (AP)  Basic Service Set (BSS) (aka “cell”) in infrastructure mode contains:  wireless hosts  access point (AP): base station  ad hoc mode: hosts only BSS 1 BSS 2 Internet hub, switch or router

14 Wireless, Mobile Networks 6-14 802.11: Channels, association  802.11b: 2.4GHz-2.485GHz spectrum divided into 11 channels at different frequencies  AP admin chooses frequency for AP  interference possible: channel can be same as that chosen by neighboring AP!  host: must associate with an AP  scans channels, listening for beacon frames containing AP’s name (SSID) and MAC address  selects AP to associate with  may perform authentication  will typically run DHCP to get IP address in AP’s subnet

15 Wireless, Mobile Networks 6-15 802.11: passive/active scanning AP 2 AP 1 H1 BBS 2 BBS 1 1 2 3 1 passive scanning: (1)beacon frames sent from APs (2)association Request frame sent: H1 to selected AP (3)association Response frame sent from selected AP to H1 AP 2 AP 1 H1 BBS 2 BBS 1 1 2 2 3 4 active scanning: (1)Probe Request frame broadcast from H1 (2)Probe Response frames sent from APs (3)Association Request frame sent: H1 to selected AP (4)Association Response frame sent from selected AP to H1

16 Wireless, Mobile Networks 6-16 IEEE 802.11: multiple access  avoid collisions: 2 + nodes transmitting at same time  802.11: CSMA - sense before transmitting  don’t collide with ongoing transmission by other node  802.11: no collision detection!  difficult to receive (sense collisions) when transmitting due to weak received signals (fading)  can’t sense all collisions in any case: hidden terminal, fading  goal: avoid collisions: CSMA/C(ollision)A(voidance) space A B C A B C A’s signal strength C’s signal strength

17 Wireless, Mobile Networks 6-17 IEEE 802.11 MAC Protocol: CSMA/CA 802.11 sender 1 if sense channel idle for DIFS then transmit entire frame (no CD) 2 if sense channel busy then start random backoff time timer counts down while channel idle transmit when timer expires if no ACK, increase random backoff interval, repeat 2 802.11 receiver - if frame received OK return ACK after SIFS (ACK needed due to hidden terminal problem) sender receiver DIFS data SIFS ACK

18 Wireless, Mobile Networks 6-18 Avoiding collisions (more) idea: allow sender to “reserve” channel rather than random access of data frames: avoid collisions of long data frames  sender first transmits small request-to-send (RTS) packets to BS using CSMA  RTSs may still collide with each other (but they’re short)  BS broadcasts clear-to-send CTS in response to RTS  CTS heard by all nodes  sender transmits data frame  other stations defer transmissions avoid data frame collisions completely using small reservation packets!

19 Wireless, Mobile Networks 6-19 Collision Avoidance: RTS-CTS exchange AP A B time RTS(A) RTS(B) RTS(A) CTS(A) DATA (A) ACK(A) reservation collision defer

20 Wireless, Mobile Networks 6-20 frame control duration address 1 address 2 address 4 address 3 payloadCRC 226662 6 0 - 2312 4 seq control 802.11 frame: addressing Address 2: MAC address of wireless host or AP transmitting this frame Address 1: MAC address of wireless host or AP to receive this frame Address 3: MAC address of router interface to which AP is attached Address 4: used only in ad hoc mode

21 6-21 Internet router H1 R1 AP MAC addr H1 MAC addr R1 MAC addr address 1 address 2 address 3 802.11 frame R1 MAC addr H1 MAC addr dest. address source address 802.3 frame 802.11 frame: addressing Router R1 is not aware that there is an AP between itself and H1 From R1’s perspective, H1 is just a host in one of its subnets

22 Wireless, Mobile Networks 6-22 frame control duration address 1 address 2 address 4 address 3 payloadCRC 226662 6 0 - 2312 4 seq control Type From AP Subtype To AP More frag WEP More data Power mgt RetryRsvd Protocol version 2 2411111111 duration of reserved transmission time (RTS/CTS) frame seq # (for RDT) frame type (RTS, CTS, ACK, data) 802.11 frame: more

23 Network Security WEP design goals  Wired Equivalent Privacy  symmetric key crypto  confidentiality  end host authorization  data integrity  self-synchronizing: each packet separately encrypted  given encrypted packet and key, can decrypt; can continue to decrypt packets when preceding packet was lost (unlike Cipher Block Chaining (CBC) in block ciphers)  Efficient  implementable in hardware or software

24 Network Security End-point authentication w/ nonce Nonce: number (R) used only once – in-a-lifetime How to prove Alice “live”: Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key “I am Alice” R K (R) A-B Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!

25 Network Security WEP authentication authentication request nonce (128 bytes) nonce encrypted with shared key success if decrypted value equals nonce Notes:  not all APs do it, even if WEP is being used  AP indicates if authentication is necessary in beacon frame  done before association

26 Network Security Review: symmetric stream ciphers  combine each byte of keystream with one byte of plaintext to get ciphertext:  m(i) = ith unit of message  ks(i) = ith unit of keystream  c(i) = ith unit of ciphertext  c(i) = ks(i)  m(i) (  = exclusive or)  m(i) = ks(i)  c(i)  WEP uses RC4 keystream generator key keystream

27 Network Security Stream cipher and packet independence  recall design goal: each packet separately encrypted  if for frame n+1, use keystream from where we left off for frame n, then each frame is not separately encrypted  need to know where we left off for packet n  WEP approach: initialize keystream with key + new IV for each packet: keystream generator Key+IV packet keystream packet

28 Network Security WEP encryption (1)  sender calculates Integrity Check Value (ICV) over data  four-byte hash/CRC for data integrity  each side has 104-bit shared key  sender creates 24-bit initialization vector (IV), appends to key: gives 128-bit key  sender also appends keyID (in 8-bit field)  128-bit key inputted into pseudo random number generator to get keystream  data in frame + ICV is encrypted with RC4:  B\bytes of keystream are XORed with bytes of data & ICV  IV & keyID are appended to encrypted data to create payload  payload inserted into 802.11 frame encrypted dataICVIV MAC payload Key ID

29 Network Security WEP encryption new IV for each frame  24-bit (Initialization Vector) RC4 Stream Cipher

30 Network Security WEP decryption overview  receiver extracts IV  inputs IV, shared secret key into pseudo random generator, gets keystream  XORs keystream with encrypted data to decrypt data + ICV  verifies integrity of data with ICV  note: message integrity approach used here is different from MAC (message authentication code) and signatures (using PKI). encrypted dataICVIV MAC payload Key ID

31 Network Security Breaking 802.11 WEP encryption security hole:  24-bit IV, one IV per frame, -> IV’s eventually reused (2 24 unique keys): probability of choosing the same IV is more than 99% after 12,000 frames; with 1-KB frame size and transmission rate of 11 Mbps, only a few seconds  IV transmitted in plaintext -> IV reuse detected attack:  Trudy causes Alice to encrypt known plaintext d 1 d 2 d 3 d 4 …  Trudy sees: c i = d i XOR k i IV  Trudy knows c i d i, so can compute k i IV  Trudy knows encrypting key sequence k 1 IV k 2 IV k 3 IV …  Next time IV is used, Trudy can decrypt!

32 Network Security 802.11i: improved security  numerous (stronger) forms of encryption possible  provides key distribution  uses authentication server separate from access point  WPA and WPA2

33 Network Security AP: access point AS: Authentication server wired network STA: client station 1 Discovery of security capabilities STA and AS mutually authenticate, together generate Master Key (MK). AP serves as “a relay” 2 3 3 STA derives Pairwise Master Key (PMK) from MK AS derives same PMK, sends to AP 4 STA, AP use PMK to derive Temporal Key (TK) used for message encryption, integrity 802.11i: four phases of operation EAP: Extensible Authentication Protocol

34 Network Security EAP TLS EAP EAP over LAN (EAPoL) IEEE 802.11 RADIUS/DIAMETER UDP/IP EAP: extensible authentication protocol  EAP: end-end client (mobile) to authentication server protocol  EAP sent over separate “links”  mobile-to-AP (EAP over LAN)  AP to authentication server (RADIUS over UDP) wired network

Download ppt "Chapters 6 & 8 WiFi and Its Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the."

Similar presentations

Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.

Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.
Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.

Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.
IPsec Internet Headquarters Branch Office SA R1 R2

IPsec Internet Headquarters Branch Office SA R1 R2
6: Wireless and Mobile Networks6-1 Chapter 6 Wireless and Mobile Networks A note on the use of these ppt slides: We’re making these slides freely available.

6: Wireless and Mobile Networks6-1 Chapter 6 Wireless and Mobile Networks A note on the use of these ppt slides: We’re making these slides freely available.
Overview r Ethernet r Hubs, bridges, and switches r Wireless links and LANs.

Overview r Ethernet r Hubs, bridges, and switches r Wireless links and LANs.
Chapter 6 outline 6.1 Introduction Wireless

Chapter 6 outline 6.1 Introduction Wireless
20 – Collision Avoidance, 802.11 6: Wireless and Mobile Networks6-1.

20 – Collision Avoidance, : Wireless and Mobile Networks6-1.
6: Wireless and Mobile Networks6-1 Chapter 6: Wireless and Mobile Networks Background: r # wireless (mobile) phone subscribers now exceeds # wired phone.

6: Wireless and Mobile Networks6-1 Chapter 6: Wireless and Mobile Networks Background: r # wireless (mobile) phone subscribers now exceeds # wired phone.
1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may be stationary (non- mobile) or.

1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may be stationary (non- mobile) or.
6: Wireless and Mobile Networks6-1 Data Communication and Networks Lecture 5 Wireless Networks October 5, 2006.

6: Wireless and Mobile Networks6-1 Data Communication and Networks Lecture 5 Wireless Networks October 5, 2006.
6: Wireless and Mobile Networks6-1 19 - Wireless LANs.

6: Wireless and Mobile Networks Wireless LANs.
6/2/05CS118/Spring051 Chapter 6: Wireless and Mobile Networks r Cover the following sections only:  6.3: 802.11 wireless LANs  6.5: mobility management:

6/2/05CS118/Spring051 Chapter 6: Wireless and Mobile Networks r Cover the following sections only:  6.3: wireless LANs  6.5: mobility management:
5-1 Data Link Layer r Wireless Networks m Wi-Fi (Wireless LAN) Example Problems m RTS/CTS.

5-1 Data Link Layer r Wireless Networks m Wi-Fi (Wireless LAN) Example Problems m RTS/CTS.
5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.

5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.
8/7/20151 Mobile Computing COE 446 Wireless Multiple Access Tarek Sheltami KFUPM CCSE COE hthttp://faculty.kfupm.edu.sa/coe/tarek/coe446.htm Principles.

8/7/20151 Mobile Computing COE 446 Wireless Multiple Access Tarek Sheltami KFUPM CCSE COE hthttp://faculty.kfupm.edu.sa/coe/tarek/coe446.htm Principles.
1 Wireless and Mobile Networks EECS 489 Computer Networks Z. Morley Mao Monday March 12, 2007 Acknowledgement:

1 Wireless and Mobile Networks EECS 489 Computer Networks Z. Morley Mao Monday March 12, 2007 Acknowledgement:
6: Wireless and Mobile Networks6-1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may.

6: Wireless and Mobile Networks6-1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may.
Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.

Chapter 6 Wireless and Mobile Networks Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on.
OVERVIEW Lecture 2 Wireless Networks Lecture 2: Wireless Networks 1.

OVERVIEW Lecture 2 Wireless Networks Lecture 2: Wireless Networks 1.
Wireless, Mobile Networks6-1 Chapter 6: Wireless and Mobile Networks Background:  # wireless (mobile) phone subscribers now exceeds # wired phone subscribers!

Wireless, Mobile Networks6-1 Chapter 6: Wireless and Mobile Networks Background:  # wireless (mobile) phone subscribers now exceeds # wired phone subscribers!

Similar presentations

Ads by Google