Figure 3-2 depicts the basic topology of an IEEE 802.11 environment. A basic service set (BSS) consists of two or more wireless stations that have recognized each other and have established communications. Within a given cell coverage area, stations communicate directly with each other on a peer-to-peer basis; this type of network is usually established on a temporary timeframe and is commonly referred to as an ad hoc network or an independent basic service set (IBSS). More typically, the BSS contains an AP. The AP operates as a bridge between the wireless and wired LAN. APs are fixed-location network elements and are considered part of the wired network infrastructure. When an AP is present, the stations do not communicate on a peer-to-peer basis, but communicate through the AP instead. A BSS with APs is said to be operating in the infrastructure mode . All station clocks within a BSS are synchronized by the periodic transmission of timestamped beacons. Beacons are used to convey network parameters such as hop sequence. Probe requests and responses are utilized to join a network.

Figure 3-2: IBSS

There are two power-saving modes defined for stations: awake and doze . In the awake mode, stations can receive packets at any time. In the doze mode, stations must 'wake up' periodically to listen for beacons that indicate that the AP has queued messages. Stations must inform the AP before entering the doze state.

Figure 3-3 depicts an extended service set (ESS). The ESS consists of a group of overlapping BSSs (each containing an AP) connected together via a distribution system (DS). Although the DS can be any type of network, it is often an Ethernet LAN. Mobile stations can roam between APs and seamless coverage is maintained. The IEEE standard identifies the basic message formats to support roaming, but the details are left up to network vendors .

Figure 3-3: ESS

802.11 uses carrier sense multiple access/collision avoidance (CSMA/ CA). Although 802.3 uses carrier sense multiple access/collision detection (CSMA/CD), which has a 100 percent collision-detect mechanism to support reliable data transfer, the CA apparatus is better optimized to an environment where there are large differences in signal strengths. With CA, collisions can only be inferred after the fact. The transmitter fails to get a response and the receiver sees corrupted information via the cyclic redundancy check (CRC). This topic is revisited later in the section 'Multiple Access.'

Multipath fading can inhibit signal reception . Multiple antennas can be used to minimize this problem via spatial separation of orthogonality. This is called antenna diversity .

Wireless PHYs

Spread Spectrum   Most WLAN systems ^[3] use spread spectrum technology, a wideband radio frequency (RF) technique developed by the military for use in reliable, secure, mission-critical communications systems. Some PHYs provide only one channel, whereas others provide multiple channels; examples of channel types are shown in Table 3-2.

Spread spectrum is designed to trade off bandwidth efficiency for reliability, integrity, and security. That is, more bandwidth is consumed than in the case of narrowband transmission, but the trade-off produces a signal that is easier to detect, provided that the receiver knows the parameters of the spread spectrum signal being broadcast. If a receiver is not tuned to the correct frequency, a spread spectrum signal looks like background noise. As noted previously, there are two types of spread spectrum radio: FHSS and DSSS.

FHSS Technology   A narrowband radio system transmits and receives user information on a specific RF. Narrowband radio keeps the radio signal frequency as narrow as possible just to pass the information. Undesirable crosstalk between communications channels is avoided by coordinating different users on different channel frequencies. In a radio system, privacy and noninterference are accomplished by the use of separate radio frequencies. The radio receiver filters out all radio signals except the ones on its designated frequency. FHSS uses a narrowband carrier that changes frequency in a pattern known to both the transmitter and receiver. Properly synchronized, the net effect is to maintain a single logical channel. To an unintended receiver, FHSS appears to be short-duration impulse noise (see Figure 3-4).

Figure 3-4: FHSS

DHSS Technology   DHSS generates a redundant bit pattern for each bit to be transmitted. This bit pattern is called a chip (or chipping code ). The longer the chip, the greater the probability that the original data can be recovered (and, of course, the more bandwidth is required). Even if one or more bits in the chip are damaged during transmission, statistical techniques embedded in the radio can recover the original data without the need for retransmission. To an unintended receiver, DSSS appears as low-power wideband noise and is ignored by most narrowband receivers (see Figure 3-5).

Figure 3-5: DSSS

In a DSSS system, each information bit is combined via an exclusive OR (XOR) function with a longer pseudorandom numerical sequence. The result is a high-speed digital stream that is then modulated onto a carrier frequency using differential phase-shift keying (DPSK). Receive-end electronics remove the PN sequence and recover the original data stream. The high-rate modulation method is called CCK. The effects of using pseudorandom numerical sequence codes to generate the spread spectrum signal are shown in Figure 3-6. ^[4] As illustrated in Figure 3-6a, the pseudorandom numerical sequence spreads the transmitted bandwidth of the signal and reduces the peak power. (Note, however, that the total power is unchanged.) Upon reception, the signal is correlated with the same pseudorandom numerical sequence to reject narrowband interference and recover the original binary data (see Figure 3-6b).

Figure 3-6: DSSS signal operation

Infrared (IR) Technology   IEEE 802.11 also specifies an IR PHY. IR systems use very high frequencies just below visible light in the electromagnetic spectrum to carry data. Like light, IR cannot penetrate opaque objects; it is either directed (LOS) or diffuse technology. Inexpensive directed systems provide very limited range (three feet) and are typically used for PANs, but occasionally are used in specific WLAN applications. High-performance directed IR is impractical for mobile users and is therefore used only to implement fixed subnetworks. Diffuse (or reflective) IR WLAN systems do not require LOS, but cells are limited to individual rooms.

Multiple Access

The 802.11 MAC layer is based on two methods : the DCF for asynchronous contention-based access and the PCF for centralized contention -free access. The former is considered to be the default access mechanism; the latter is an optional function envisaged to support collision-free and time-bounded services. ^[5] DCF permits automatic medium sharing between compatible PHYs through the use of CSMA/CA and a random backoff time following a busy medium condition. In addition, all directed traffic uses an immediate positive acknowledgment (ACK) frame where retransmission is scheduled by the sender if no ACK is received. ^[6]

The CSMA/CA protocol is designed to reduce the collision probability between multiple stations accessing a medium at the point where collisions would most likely occur. Just after the medium becomes idle following a busy medium (as indicated by the Carrier Sense [CS] function) is when the highest probability of a collision exists. This is because multiple stations could have been waiting for the medium to become available again. This situation necessitates a random backoff procedure to resolve medium contention conflicts.

CSMA/CA mechanisms rely on physical carrier sense; namely, the underlying assumption is that each station can hear all other stations. CSMA/CA requires each station to listen for other users. If the channel is idle, the station is allowed to transmit; if the channel is busy, each station must wait until transmission stops and then can enter into a backoff procedure. The backoff randomization procedure prevents multiple stations from seizing the medium immediately after completion of the preceding transmission. Packet reception requires an acknowledgement procedure that entails the transmission of ACK frames (these frames have a higher priority than other traffic). The time interval between the completion of packet transmission and the transmission of the ACK frame is one short interframe space (SIFS). See Figure 3-7.

Figure 3-7: DCF procedure

Data frame transmissions (other than ACKs) can occur only after at least one DCF interframe space (DIFS). More specifically , if a transmitting station senses a busy channel, it determines a random backoff period. The timer is an integer number of slot times beyond the expiration of a DIFS; that is, the timer begins to decrement after one DIFS. When the timer reaches zero, the station may begin transmission. Note that if the channel is seized by another station before the timer at the station in question reaches zero, the timer is retained at the current decremented value for a subsequent transmission.

There are situations where every station cannot hear all other stations. In this hidden node situation, the probability of collision has significantly increased. To address this issue, an additional carrier sense mechanism is available. The virtual carrier sense mechanism enables a station to reserve the channel for a specified period of time through the use of Request to Send/Clear to Send (RTS/CTS) frames. Here, Station 1 (STA-1) sends an RTS frame to the AP, but the RTS is not heard by Station 2 (STA-2). The RTS frame contains a Duration/ID field that specifies the period of time that the channel is reserved for a follow-on transmission. The reservation information is maintained in the NAV of all stations receiving the RTS frame. When the AP receives an RTS, it responds with a CTS frame that also contains a Duration/ID field that specifies the period of time for which the channel is reserved. Although STA-2 did not receive the original RTS, it will be able to receive the CTS and update its NAV.

The RTS/CTS procedure is invoked based on a user-specified parameter. The procedure can always be used, never be used, or be used for packets that exceed a defined length. The RTS/CTS mechanism need not be used for every data frame transmission. Because the additional RTS and CTS frames add overhead inefficiency, the mechanism is not always justified, especially for short data frames.

Therefore, the virtual carrier sense mechanism is achieved by distributing reservation information announcing the impending use of the medium. The exchange of RTS and CTS frames prior to the actual data frame is one means of distributing this medium reservation information. The RTS and CTS frames contain a Duration/ID field, which defines the period of time that the medium is to be reserved to transmit the actual data frame and returning ACK frame. All stations within the reception range of either the originating station (which transmits the RTS) or the destination station (which transmits the CTS) can learn about the medium reservation. Thus, a station may be unable to receive from the originating station, yet it still knows about the impending use of the medium to transmit a data frame.

Another means of distributing the medium reservation information is the Duration/ID field in directed frames. This field gives the time that the medium is reserved, either to the end of the immediately following ACK or, in the case of a fragment sequence, to the end of the ACK following the next fragment. ^[6]

The RTS/CTS exchange also performs a type of fast collision inference and transmission path check. If the return CTS is not detected by the stations originating the RTS, the originating station may repeat the process (after observing the other medium-use rules) more quickly than if the long data frame had been transmitted and a return ACK frame had not been detected . Another advantage of the RTS/CTS mechanism can be found where multiple BSSs utilize the same channel overlap. The medium reservation mechanism works across the BSA boundaries. The RTS/CTS mechanism may also improve operation in a typical situation where all stations can receive from the AP, but cannot receive from all other stations in the BSA. The RTS/CTS mechanism cannot be used for MPDUs with broadcast and multicast immediate addresses because there are multiple destinations for the RTS and thus potentially multiple concurrent senders of the CTS in response.

The nominal peak throughput offered to the Internet Protocol (IP) layer for a maximum transmission unit (MTU) of 1,500 bytes is shown in Table 3-3 for four IEEE 802.11/11b rates.5 As the table indicates, 44 percent signaling rate consumption is encountered when 11 Mbps is used, mainly due to the overhead of the preamble and physical header in IEEE 802.11, which appears quite large in relation to the payload transmission time. In order to guarantee compatibility with lower rates, these 24 bytes of PHY preamble and header overhead have to be transmitted at 1 Mbps for the four supported rates, which consumes 192 ms for each data or acknowledgment frame. Because this overhead is constant for every data packet transmitted, the loss in throughput efficiency becomes more pronounced with shorter data packets. It has been recommended to implement the short preamble and header (which lasts only half as long as the long one) defined as an optional feature within the standard. ^[7]

Since the IEEE 802.11b specification was finalized in 1999, the 802.11 Work Group is also developing other specifications such as 802.11a for data rates up to 54 Mbps (using orthogonal frequency division multiplexing [OFDM] at the 5 GHz band) and 802.11e for quality of service (QoS) and multimedia traffic support. In particular, the aim of these last specifications is to add some new traffic management policies and error control mechanisms (such as forward error correction [FEC] and selective retransmission) to the high-rate extensions of the 802.11 standard.

IEEE 802.11 provides for security via two methods: authentication and encryption . Authentication is the mechanism by which one station is verified to have authorization to communicate with a second station in a given coverage area; in the infrastructure mode, authentication is established between an AP and each station. IEEE 802.11 defines two subtypes of authentication service: open system and shared key . The subtype invoked is indicated in the body of authentication management frames. Therefore, authentication frames are self-identifying with respect to the authentication algorithm. All management frames of subtype authentication are unicast frames as authentication is performed between pairs of stations (that is, multicast authentication is not allowed). Management frames of subtype deauthentication are advisory and may, therefore, be sent as group-addressed frames.

A mutual authentication relationship exists between two stations following a successful authentication exchange. Authentication is used between stations and the AP in an infrastructure BSS. Authentication may be used between two stations in an IBSS. In an open system, any station may request authentication. The station receiving the request may grant authentication to any request or only those from stations on a user-defined list. In a shared key system, only stations that possess a secret encrypted key can be authenticated. Shared key authentication is only available to systems having the optional encryption capability.

Next we discuss encryption. Eavesdropping is a familiar problem that users of other types of wireless technology face. IEEE 802.11 specifies a WEP data confidentiality algorithm. WEP was designed to protect authorized users of a WLAN from casual eavesdropping. This service is intended to provide functionality for the WLAN that is equivalent to that provided by the physical security attributes inherent to a wired medium. Data confidentiality depends on an external key management service to distribute data enciphering /deciphering keys. The IEEE 802.11 standards committee specifically discourages running an IEEE 802.11 LAN with privacy but without authentication. Although this combination is possible, it leaves the system open to significant security threats. Encryption (see Figure 3-8) is intended to provide integrity and confidentiality.

Figure 3-8: Basics of encryption

The following section is reprinted material from the ANSI/IEEE 802.11 standard, 1999 Edition. ^[6]

The WEP feature uses the Ron's Code 4 Pseudorandom Number Generator (RC4 PRNG) algorithm from RSA Data Security, Inc. The description that follows is based directly on the IEEE 802.11 specification. Viewing from left to right in Figure 3-9, enciphering begins with a secret key that has been distributed to cooperating stations by an external key management service. WEP is a symmetric algorithm in which the same key is used for coding and decoding. The secret key is concatenated with an initialization vector (IV) and the resulting seed is input to a PRNG. The PRNG outputs a key sequence k of pseudorandom octets equal in length to the number of data octets that are to be transmitted in the expanded MPDU plus four (because the key sequence is used to protect the integrity check value [ICV] as well as the data). Two processes are applied to the plaintext MPDU. To protect against unauthorized data modification, an integrity algorithm operates on the plaintext P to produce an ICV.

Figure 3-9: WEP

Enciphering is then accomplished by mathematically combining the key sequence with the plaintext concatenated with the ICV. The output of the process is a message containing the IV and ciphertext . The WEP PRNG is the key component of this process because it transforms a relatively short secret key into an arbitrarily long key sequence. This simplifies the task of key distribution as only the secret key needs to be communicated between stations. The IV extends the useful lifetime of the secret key and provides the self-synchronous property of the algorithm. The secret key remains constant while the IV changes periodically. Each new IV results in a new seed and key sequence; thus, there is a one-to-one correspondence between the IV and k . The IV may be changed as frequently as every MPDU and because it travels with the message, the receiver will always be able to decipher any message. The IV is transmitted in the clear because it does not provide an attacker with any information about the secret key and its value must be known by the recipient in order to perform the decryption.

When choosing how often to change IV values, implementers should consider that the contents of some fields in higher-layer protocol headers as well as certain other higher-layer information are constant or highly predictable. When such information is transmitted while encrypting with a particular key and IV, an eavesdropper can readily determine portions of the key sequence generated by that (key, IV) pair. If the same (key, IV) pair is used for successive MPDUs, it may substantially reduce the degree of privacy conferred by the WEP algorithm, enabling an eavesdropper to recover a subset of the user data without any knowledge of the secret key.

Changing the IV after each MPDU is a simple method of preserving the effectiveness of WEP in this situation. The WEP algorithm is applied to the frame body of an MPDU. The (IV, frame body, ICV) triplet forms the actual data to be sent in the data frame. For WEP-protected frames, the first four octets of the frame body contain the IV field for the MPDU. The PRNG seed is 64 bits. Bits 0 through 23 of the IV correspond to bits 0 through 23 of the PRNG seed, respectively. Bits 0 through 39 of the secret key correspond to bits 24 through 63 of the PRNG seed, respectively. The numbering of the octets of the PRNG seed corresponds to that of the RC4 key. The IV is followed by the MPDU, which is followed by the ICV. The WEP ICV is 32 bits. The WEP integrity check algorithm is CRC-32. As stated previously, WEP combines k with P using bitwise XOR.

As noted in Chapter 1, WEP has been found to have holes. Chapter 4, 'Security Considerations for Hotspot Services,' will explore the solutions available to control them.

^[1] Glenn Fleishman, 'New Wireless Standards Challenge 802.11b,' www.oreillynet.com/pub/a/wireless/2001/05/08/standards.html, June 8, 2001.

^[2] Princy C. Mehta, 'Wired Equivalent Privacy Vulnerability,' http://rr.sans.org/wireless/equiv.php, April 4, 2001.

^[3] Material for this subsection has been reprinted from promotional information from Wireless LAN Association (www.wlana.com/learn/ educate1.htm). The Wireless LAN Association is a nonprofit educational trade association comprised of the thought leaders and technology innovators in the local area wireless technology industry. Through the vast knowledge and experience of sponsor and affiliate members, WLANA provides a clearinghouse of information about wireless local area applications, issues, and trends, and serves as a resource to customers and prospects of wireless local area products and wireless personal area products and to industry press and analysts.

^[4] Jim Zyren and Al Petrick, 'IEEE 802.11 Tutorial,' www.wirelessethernet.org/downloads/IEEE_80211_Primer.pdf.

^[5] L. Munoz, M. Garcia, J. Choque, R. Aguero, and P. Mahonen, 'Optimizing Internet Flows over IEEE 802.11b Wireless Local Area Networks: A Performance-Enhancing Proxy Based on Forward Error Correction,' IEEE Communications Magazine (December 2001): 60 ff.

^[6] ANSI/IEEE 802.11 Standard, 1999 Edition [ISO/IEC 8802-11: 1999].