1. CO5023 Wireless Networks

2. Varieties of wireless network Wireless LANs: the main topic for this week. Consists of making a single-hop connection to an existing wired LAN, e.g. wifi Wireless WANs: Operates over long distances, can be used for connectivity between sites or broadband internet access, e.g WiMAX Wireless PANs: short range networks (personal area). Most common example is Bluetooth Cellular broadband: subscriber network covering large areas, normally for mobile phones. Gives single hop connectivity to the network providers infrastructure Satellite: Connects users by relaying signals from satellites in orbit around the earth.

3. Wireless LAN (802.11) Standards Wireless LANs operate at microwave frequencies (2.4GHz, 5GHz, 60GHz). 802.11n requires multiple antennas (MIMO) to achieve the 600Mbps rate, up to 4 antennas at 150Mbps each. The newer 802.11ac uses MIMO with up to 8 antennas. 802.11ad uses the 60GHz band, which requires line of sight to achieve a theoretical 7Gbps.

4. WLAN components and topologies Components NICS Home Routers (combined, access point, router and Ethernet switch) Access points Autonomous Controller based Cloud managed Topologies Ad-hoc Devices connect directly without need of an access point, very useful in military and search and rescue applications Infrastructure Basically just a one hop set up communicating with a wired network BSS: system with one AP ESS: more than one AP covered by the same distribution system. Roaming is possible between APs

5. 802.11 frame Frame Control - Identifies the type of wireless frame and contains subfields for protocol version, frame type, address type, power management, and security settings. Duration - Typically used to indicate the remaining duration needed to receive the next frame transmission. Address1 - Usually contains the MAC address of the receiving wireless device or AP. Address2 - Usually contains the MAC address of the transmitting wireless device or AP. Address3 - Sometimes contains the MAC address of the destination, such as the router interface (default gateway) to which the AP is attached. Sequence Control - Contains the Sequence Number and the Fragment Number subfields. The Sequence Number indicates the sequence number of each frame. The Fragment Number indicates the number of each frame sent of a fragmented frame. Address4 - Usually missing because it is used only in ad hoc mode. Payload - Contains the data for transmission. FCS - Frame Check Sequence; used for Layer 2 error control.

6. 802.11 frame Protocol Version - Provides the current version of the 802.11 protocol used. Receiving devices use this value to determine if the version of the protocol of the received frame is supported. Frame Type and Frame Subtype - Determines the function of the frame. A wireless frame can either be a control frame, data frame, or a management frame. There are multiple subtype fields for each frame type, which determine the function to perform for its associated frame type. ToDS and FromDS - Indicates whether the frame is going to or exiting from the DS, and is only used in data frames of wireless clients associated with an AP. More Fragments - Indicates whether more fragments of the frame, either data or management type, are to follow. Retry - Indicates whether or not the frame, for either data or management frame types, is being retransmitted. Power Management - Indicates whether the sending device is in active mode or power-save mode. More Data - Indicates to a device in power-save mode that the AP has more frames to send. It is also used for APs to indicate that additional broadcast/multicast frames are to follow. Security/Protected - Indicates whether encryption and authentication are used in the frame. It can be set for all data frames and management frames, which have the subtype set to authentication. Reserved/Order - Can indicate that all received data frames must be processed in order.

7. CSMA/CA WiFi sytems are half duplex – devices cannot send to each other at the same time: this means that collision detection, as used in some wired Ethernet networks, is impossible. Because of this, a collision avoidance technique is used with Request to Send (RTS) and Clear to Send (CTS) frames. The CTS frame includes a time duration in which the node is allowed to transmit. Other devices will back off for this time period.

8. Wireless AP association Wireless devices connect to the network by a 3 stage process Discovery Authentication Association Client and AP must agree on certain parameters, configurable at the AP or server. SSID - Unique ID, 2-32 characters long: the AP may advertise the SSID (passive mode) or the client may be required to know it in advance (active mode) Password - or key, prevents unwanted access Network mode - Refers to the 802.11a/b/g/n/ac/ad WLAN standards (or a mixed mode with more than one). Security mode - e.g WEP, WPA, or WPA2. Channel settings - The frequency bands being used to transmit wireless data.

9. Channels Wireless signals are propagated using one of 3 encoding schemes, all of which fall under the concept of “spread spectrum” Spread spectrum is a technique which sends different bits (or even different parts of the signal) over different frequencies within a band. Direct Sequence Spread Spectrum (DSSS): multiply signal by spreading code Frequency Hopping Spread Spectrum (FHSS): switch carrier signal across frequency channels Orthogonal Frequency-Division Multiplexing (OFDM): rather clever use of non-interfering subchannels. Used in most 802.11 implementations When using more than one AP within an ESS, you can modify the channels on each access point so they do not interfere. A good approach is to have them 5 channels apart.

10. Wireless Security THREATS: Denial of Service (DoS) Spoofed Disconnect CTS flood Rogue APs Can gain access to a network by installing a rogue access point The ‘Evil Twin’ method Creates duplicate AP which steals all your data when you log in to it Solutions: MAC address filtering Authentication (ideally WPA2 with AES, WEP is awful) Configure on AP or use a RADIUS server