-
8/2/2019 polyWi-Fi
1/28
Mobile NetworksWi-Fi
Pierre BouletMaster Informatique spcialit TIIR
20082009
Outline
Introduction
Physical Layers
MAC Layer
Deployment
Wireless Equivalent Privacy
Wireless Protected Access
Resources
Course page
http://www.lifl.fr/~boulet/
enseignement/wifi/
http://del.icio.us/pboulet/wifi
Bibliography Wi-Fi, dploiement et scurit
Aurlien Gron, Dunod http://www.livre-wifi.com/
Wi-Foo: protger son rseau sans fil du piratage
Andrew A. Vladimirov, Konstantin V. Gavrilenko and
Andrei A. Mikhailovsky, Campuspress http://www.wi-foo.com/
First Wireless Networks
Waves
electromagnetic waves discovered by Heinrich Hertz
in 1888
first radio transmission in 1898 between the Eiffel
tower and the Panthon in Paris (TSF)
image transmission in 1924 (television)
First data network
AlohaNet in Hawa (Norman Abramson) 1970
http://www.lifl.fr/~boulet/enseignement/wifi/http://del.icio.us/pboulet/wifihttp://www.livre-wifi.com/http://www.lifl.fr/~boulet/http://del.icio.us/pboulet/wifihttp://www.livre-wifi.com/http://www.lifl.fr/~boulet/http://www.lifl.fr/~boulet/enseignement/wifi/http://del.icio.us/pboulet/wifihttp://www.livre-wifi.com/http://www.wi-foo.com/http://www.lifl.fr/~boulet/http://del.icio.us/pboulet/wifihttp://www.livre-wifi.com/http://www.wi-foo.com/http://www.livre-wifi.com/http://del.icio.us/pboulet/wifihttp://www.lifl.fr/~boulet/enseignement/wifi/http://www.lifl.fr/~boulet/http://www.lifl.fr/~boulet/enseignement/wifi/
-
8/2/2019 polyWi-Fi
2/28
Why so Late?Multiple Reasons
Low bandwidth
today tens of Mb/s compared to several Gb/s for wire
networks
No standard
no interoperability dependency on one supplier
high prices
Regulations
dependent on the country
limit usage, power, technology may impose a license
Boom of Wi-Fi
Public sensitization to wireless communications
mobile phones
A standard IEEE 802.11 (1997)
theoretical data rate: 1 to 2 Mb/s infrared or RF 2.4GHz (no
license in most countries)
IEEE 802.11b (1999) data rate: 11Mb/s on RF 2.4GHz
An association of suppliers
Wi-Fi Alliance quality label: Wi-Fi
WLANWireless Local Area Network
IEEE 802.11 designed for WLAN
wireless ethernet
Two modes Ad Hoc networks
workstations communicate directly
Infrastructure networks
workstations communicate via access points
Extension to the Enterprise Network
Allows to connect easily
Portable computers PDAs
No additional wiring needed
Main concern: security
-
8/2/2019 polyWi-Fi
3/28
Wi-Fi at Home
Allow to use the Internet connection from anywhere
in the house
usually one access point is enough to cover the
whole area
Sharing the Internet connection
Connecting together various equipments screens printers
. . .
Hotspots
Available in
airports, trains,
hotels, restaurants, bars, universities, meeting points in
enterprises
Allow the user
to use its own equipment and environment
to access the Internet from any place
WISPs (Wireless Internet Service Providers)
Wifirst, Wifispot, HotCaf, Mtor Networks
Orange, SFR, Bouygues, Aroports de Paris Tlcom Swisscom, British
Telecom
Roaming
Lots of WISPs partitioning of the networks
Roaming partnerships
to allow the user to buy its connection from one
WISP and use any partners network
in France: W-Link (Orange, SFR, Bouygues, ...) international
networks: Boingo, FatPort
virtual WISPs: GRIC Communications, iPass,
RoamPoint
Multi-WISP deployments
one society deploys the network and leaves the exploitation to
others examples
Wixos of the Naxos society (RATP) to cover the
outside of the Paris metro stations airport of Nantes
Associative Wi-Fi
Idea
share the Internet connection with the other
members of the association
to cover a large area as a small town Paris sans fil, Wi-Fi
Montauban
main advantage: free
main concern: legality
the owner of the Internet connection is responsible
of its use
-
8/2/2019 polyWi-Fi
4/28
Point-to-point Connection
Useful to link to buildings where wiring is not
practical
Advantages of Wi-Fi low cost
less than 500e to realize a point-to-point link of
several hundred meters
no license no declaration, no monthly fee no way to forbid the
neighbor to hamper your
communications
Ethernet
Ethernet cheaper than Wi-Fi
most computers have ethernet connections but not
all have Wi-Fi adapters Wi-Fi routers more expensive than
classical Ethernet
ones wire security much more easy
Higher data rate Ethernet: 1Gb/s
Wi-Fi: 54Mb/s
Often Wi-Fi adds new connection possibilities as an
extension to the wire network
Powerline
Data transport over the electrical network
no need for new wires frequency: 1.6 to 30MHz, low power
HomePlug
American standard
duplex, 85Mb/s, several tens meters more powerful technologies
exist
comparison with Wi-Fi
no real mobility a little bit sensitive to electromagnetic
waves
bad security may be complementary: powerligne to link Wi-Fi
access points no wires
Infrared and Laser
Infrared wave length between 750nm and 1mm
used for many years to communicate at short
distance
Advantages LEDs are cheap
data rate can reach 16Mb/s (Very Fast Infrared) secure because
directional and low range no interference with radio waves
Drawbacks low range
sensible to obstacles
Laser used for long distance connections very directional
no need for an authorization
sensible to weather conditions
-
8/2/2019 polyWi-Fi
5/28
Bluetooth
Main technology for WPAN first specification by the Bluetooth
Special Interest
Group in 1999
considered by the IEEE 802.15 group for WPAN frequency band:
2.4GHz
can pass through thin obstacles
same as Wi-Fi 802.11b and 802.11g
possibleinterference
Advantages automatic detection mechanism very easy
configuration low power, small size, cheap
Drawbacks low data rate: 1Mb/s
low range
complementary to Wi-Fi
ZigBee
Defined by the ZigBee Alliance and considered by
the IEEE 802.15 group for WPAN
Similar technology than Bluetooth
2.4GHz or 868MHz or 915MHz
short distance
but low data rate: 20 or 250kb/s
Advantages
great simplicity
low cost very low power consumption
WPAN, not WLAN
Ultra Wideband
Radio modulation technique
very large band: several GHz compared to Wi-Fi: few tens MHz
Characteristics
very high data rate
low emitting power low distance (less than 10 to 20m)
Considered by the IEEE 802.15 group for WPAN
base to a new version of Bluetooth
Main problem: legality
forbidden in France to use large bands
regardless of the emitting power
Wi-Fi-like Technologies
HiperLAN (High Performance LAN)
developed by ETSI very similar to Wi-Fi but no
interoperability
HomeRF (Home Radio Frequency)
enhancement of DECT (Digitally Enhanced Cordless
Telephony)
Enhanced Wi-Fi
802.11b+ and CCK-OFDM, enhancements of 802.11b
led to 802.11g
-
8/2/2019 polyWi-Fi
6/28
Terrestrial Microwave
Point-to-point connections
Need license
expensive
extremely high quality
reserved frequency
no power limitation range > 10km
Wireless Local Loop
To link the customer to its telecoms supplier
concurrent to ADSL
Replace copper cable by wireless connection
simpler, can reach 9km
Under license
3.5GHz or 26GHz expensive and constrained
Characteristics
range: several km data rate: several tens Mb/s
capacity: several thousands of user per base station
Wireless Local Loop contd
Technologies
Local Multipoint Distribution Service Multichannel Multipoint
Distribution Service
IEEE 802.16 HiperMAN and HiperAccess from ETSI
WiMAX
quality label for IEEE 802.16 and HiperMAN
compatibility mostly point-to-point new versions will handle the
hand-over
concurrent to mobile telephony?
Mobile Telephony
1G: analog radio connection
2G: digital communication
GSM (Global System for Mobile Communication) in
Europe
CDPD (Cellular Digital Packet Data) and CDMA (Code
Division Multiple Access) in the USA
allow voice transport, SMS, WAP (very low data rate
for web surfing)
2.5G: enhancements to 2G GPRS (General Packet Radio Service)
max data rate: 171.2kb/s (rather 40 to 60kb/s in
practice) expensive
EDGE (Enhanced Data rates for GSM Evolution)
max data rate: 384kb/s
-
8/2/2019 polyWi-Fi
7/28
Mobile Telephony contd
3G: UMTS (Universal Mobile Telecommunication
System)
allow multimedia exchanges handle a large density of connected
users
max data rate: 2Mb/s
3G: others
CDMA2000 in North America and part of Asia TD-SCDMA in China
802.11legacy
Three physical layers infrared
not successful, better use IrDA
two radio waves
2.4GHz frequency band DSSS / FHSS modulation
max data rate: 2Mb/s One MAC layer
Evolutions of 802.11
802.11a
5GHz instead of 2.4GHz, OFDM modulation max data rate:
54Mb/s
802.11b
2.4GHz, DSSS or HR-DSSS modulation
max data rate: 11Mb/s
802.11g
2.4GHz, DSSS, HR-DSSS or OFDM modulation
max data rate: 54Mb/s
802.11n
draft appeared in 2006
should not be standardized before July 2007
adds MIMO to 802.11a and 802.11g
max data rate: 540Mb/s
Electromagnetic waves
Combined oscillation of electric and magnetic fields radio
waves, infrared, visible light, ultraviolet,
X-rays, gamma rays
transport energy without any physical support
Essential measures frequency () = number of oscillations per
second
(Hz) period (T) = duration of an oscillation (s) = 1/
propagation speed (c) (m/s)
in the vacuum: c=299,792,459m/s in the air: c299, 700,000m/s
wavelength () = travel distance during one
oscillation (m) = cT strength
electrical strength (V/m) magnetic strength (A/m)
-
8/2/2019 polyWi-Fi
8/28
Power
measured in Watts (W)
depends on strength and frequency
Wi-Fi usually limited to 100mW
10 times less than a mobile phone should present no danger for
health
mW decibels (dBm) PowerdBm =10 log(PowermW)
PowermW=10
Power
dBm
10
Example
20dBm100mW
Range of the Signal
decreases like the square of the distance to the
emitter
the range of a 100mW emitter is twice the range of
a 25mW emitter
in dBm?
lower frequencies have a better range at equal power 2.4GHz
waves have 50% greater
range than 5GHz waves legal power limit
2.4GHz: 100mW 5GHz: 200mW
Sensitivity and Noise
Sensitivity of the receiver usual 802.11b cards
-88dBm for 1Mb/s data rate -80dBm for 11Mb/s data rate
high end cards can go to -94dBm or better increase in range?
Signal/Noise Ratio very important parameter
SNRdB=
Power of received signaldBmPower of noisedBm usual 802.11b
cards: 4dB for a 1Mb/s sustained
communication
Noise sources natural noise: -100dBm for Wi-Fi frequencies
human activities the signal itself
multipath
Data Rate
Decreases with SNR
so with distance
Proportional to the width of the frequency band
Outside Indoor 802.11b 802.11a or g
100m 10m 11Mb/s 54-48-36Mb/s150m 15m 5.5Mb/s 24-18Mb/s
200m 20m 2Mb/s 12-9Mb/s
300m 30m 1Mb/s 6Mb/s
-
8/2/2019 polyWi-Fi
9/28
Shannons Formula
Claude Shannon
has invented the information theory
Max data rate in function of SNR and frequency
band width
C=H log2
1+
PS
PN
C, capacity of the channel in bits per second
H, frequency band width in hertz PS, power of the signal in
watts
PN, power of the noise in watts
Example: Wi-Fi at 2.4GHz
frequency band width: 22MHz
Fundamental Modulations
Amplitude modulation (AM)
fixed frequency carrier wave
variation of carrier amplitude in function of the
signal
possible only if frequency of carrier frequency of
signal
Frequency modulation (FM) fixed amplitude carrier
variation of carrier frequency in function of signal
Phase modulation phase corresponds to position in time
measured in
variation of phase of carrier in function of signal
Simple digital modulations
Digital signal = 0 or 1
Amplitude-Shift Keying
AM with only two amplitudes
very sensitive to noise and interferences
Frequency-Shift Keying
FM with two frequencies basis of Wi-Fi modulations
Phase-Shift Keying
PM with two phases
Differential ModulationsDPSK
Take into account the variation of phase instead of
phase itself
no change 0
180 change 1
Could be used for ASK or FSK
Properties
more sensitive to noise
simpler to implement
-
8/2/2019 polyWi-Fi
10/28
Multiple Bit Symbols
PSK using 4 phases instead of 2
codes: 00, 01, 10 and 11
doubling of the data rate Quadrature PSK(QPSK or 4PSK)
Rate in symbols per second = bauds
Combination of PSK with AM
4 phases (or phase transitions with DPSK) 2 amplitudes for each
phase
8 combinations 3 bits/symbol 8QAM (Quadrature Amplitude
Modulation)
Wi-Fi
16QAM with 4 bits per symbol (12 phases with 2
amplitudes for 4 of them) 64QAM
Gaussian FilterGFSK
Apply a Gaussian filter to the binary signal before
carrier modulation
square signal is softened
Any modulation can then be used
Less harmonics less interferences with neighbor channels
higher data rate higher frequency of state transitions more
harmonics larger spectrum of the signal
frequency band width 2 data rate of source
Overview
Frequency Hopping Spread Spectrum (FHSS)
used only by 802.11legacy
Direct Sequence Spread Spectrum (DSSS)
802.11legacy, 802.11b and 802.11g
Orthogonal Frequency Division Multiplexing (OFDM)
802.11a and 802.11g incompatibility between the 3
modulations
only compatibility: 802.11 DSSS, 802.11b and
802.11g
Frequency Hopping Spread Spectrum
Frequency band separated in several channels Communications by
hopping from one channel to
the other in a predefined sequence and rhythm
If unknown sequence very difficult to intercept
communications
use by military communications unused by Wi-Fi
Interference resistance avoid scrambled channels unused by
Wi-Fi, used by Bluetooth and HomeRF
Possibility to share the frequency band by using
different sequences 802.11
band: 2400MHz to 2483.5MHz, 1MHz channels
in each channel: 2GFSK or 4GFSK
-
8/2/2019 polyWi-Fi
11/28
Direct Sequence Spread Spectrum
Chipping
send a sequence of bits (chip) for each information
bit higher rate of state transitions spectrum spread
Interest
spread spectrum higher data rate and better
noise resistance redundancy to allow error correction
Wi-Fi
14 channels of width 22MHz in the 2.4GHz
frequency band
need to choose a channel possibility of interferences
DSSS Modulation
802.11legacy
2DPSK for 1Mb/s
4DPSK for 2Mb/s 11bit spreading code: 10110111000 (Baker
code)
good for synchronization and to avoid multipath
problems
802.11b Complementary Code Keying (CCK) HR-DSSS
use up to 64 different spreading codes data rate adaptation
HR-DSSS at 11Mb/s: 8 bits of information for 8 chips HR-DSSS at
5.5Mb/s: 4 bits of information for 8 chips DSSS/Baker 4DPSK at
2Mb/s DSSS/Baker 2DPSK at 1Mb/s
Orthogonal Freq. Division Multiplexing
Base on multiplexing Frequency Division Multiplexing
large spectrum divided in several sub-carriers simultaneous
emission on the sub-carriers
Possibility of inter-carrier interference use IFFT to
orthogonalize the sub-carriers
Wi-Fi 52 carriers of 312.5kHz each 16.66MHz channel carrier
modulation: 2PSK, 4PSK, 16QAM or 64QAM
4 carriers as pilots 48 symbols send simultaneously
Enhancement by using convulutive codes add redundancy in the
message
error detection and correction allows to resist to
interferences
Data rate adaptation
802.11 FHSS
Band: 2.4GHz
1MHz channels numbered from 2400MHz
Usable channels
Europe: 2 to 83
USA: 2 to 80
No more in use
-
8/2/2019 polyWi-Fi
12/28
802.11 DSSS, 802.11b, 802.11g
Band: 2.4GHz
14 22MHz channels numbered from 2400MHz
Centers spaced by 5MHz
overlap between channels
Usable channels
Europe: 1 to 13 USA: 1 to 11 14 only in Japan
Recommendation
1, 6 and 11
available everywhere and do not overlap
up to 3 simultaneous communications 162Mb/s
802.11a (and 802.11n)
Band: 5GHz
20MHz channels numbered from 5000MHz
Centers spaced by 5MHz
12 channels used by 802.11a in the world
34, 36, .. . , 48
52, 56, .. . , 64 In France
5GHz forbidden outside 8 channels without overlap
36, 40, 44, 48, 52, 56, 60 and 64
up to 8 simultaneous communications 432Mb/s
Structure of a Frame
MAC layer
fragmentation MAC Protocol Data Unit (MPDU) packets
Physical layer
MPDU encapsulated in 802.11 frame
Preamble PLCP header MPDU
Preamble
used for synchronization
FHSS
80bit for synchronization: 010101.. . 01
16bit Start Frame Delimiter: 0x0CBD
DSSS
128bit or 56bit (optional for 802.11b)synchronization
16bit SFD: 0xF3A0
OFDM
12 predefined symbols
-
8/2/2019 polyWi-Fi
13/28
PLCP HeaderPhysical Layer Convergence Procedure
Indicates frame length and data rate
always transmitted at 1Mb/s!
FHSS
Length Data rate Error control (CRC)
12 bits 4 bits 16 bits
DSSS and OFDM
similar to FHSS
a few additional fields
more bits for data rate error control of OFDM: parity bit
Network Layer 2Data Link
IP IPX . . .
LLC 802.2 (Logical Link Control)
MAC 802.11 (Wi-Fi) MAC 802.3(Ethernet) . . .
802.11a 802.11b 802.11g Fiber Copper . . . . . .
LLC layer layer 3 protocols independent of underlying
protocol
several layer 3 protocols can share same network
MAC layer
MAC address definition (same as Ethernet, token
ring)
wave sharing, association, error control, security
MAC Layer Evolutions
First 802.11 version defines the core functionality 802.11c:
precisions on the connection of an AP to
the wired network 802.11d: rule of emission by country
(legal
channels, power limitation) 802.11e: quality of service 802.11f:
Inter Access Point Protocol (withdrawn Feb.
2006) 802.11h: adaptation of 802.11a and MAC layer to
the European market (Transmit Control Power,
Dynamic Frequency Selection) 802.11i: security (WPA2) 802.11j:
adaptation of 802.11a and MAC layer to the
Japanese market 802.11k: Radio Resource Measurements (2007?)
Reminder on Ethernet
Communication over wires
small packets (1500 bytes in general) direct connection
or through hubs
Medium sharing
allows broadcast/multicast sensible to denial of service
attacks
bandwidth sharing
-
8/2/2019 polyWi-Fi
14/28
CSMACarrier Sense Multiple Access
Emission protocol
sense the network wait for silence of a predefined duration
DIFS (Distributed Inter Frame Space)
start a countdown ofrandom duration
max duration: CW (Collision Window) if no equipment talks before
the end of the
countdown, send the packet otherwise,
interrupt countdown and wait for next DIFS restart countdown
Equal opportunity, simple, efficient under low load
Sensitive to collisions under high load
CSMA/CDCSMA with Collision Detection
While sending a packet
sense the network to detect collision
interrupt immediately if detecting a collision wait for DIFS
restart with double CW
exponential back-off As soon as correct emission of a packet
CW back to initial duration
Wi-Fi Wave Sharing
Many common points with Ethernet
possibility of unicast, broadcast and multicast sharing of the
communication medium
sensing the medium is possible
Several strategies
DCF, PCF 802.11e: EDCF, EPCF
DCFDistributed Coordination Function
Based on CSMA/CA (CSMA with Collision Avoidance)
enhancement of CSMA/CD after emission of a packet, wait for
ACK
(Acknowledge)
goal: detect collision and ensure packet has arrived
DCF before sending a packet send a very small RTS (Request To
Send) packet
contains an estimate of packet emission duration
receiver waits for SIFS (Short Inter Frame Space)
receiver sends CTS (Clear To Send) packet
after SIFS, sender emits packet after SIFS, receiver sends
ACK
-
8/2/2019 polyWi-Fi
15/28
DCF Discussion
Only for unicast broadcast or multicast packets sent without
RTS,
CTS, ACK
Advantage: detect most collisions
Drawback: loss of bandwidth Why use DCF instead of CSMA/CD?
wireless device are usually half-duplex, so can notdetect
collisions
non transitive view of the network
For small packets dont use RTS/CTS
size RTS threshold (1000 bytes by default)
Does not work well in high load conditions
One slow device slows down all the others
No support for QoS
PCFPoint Coordination Function
The AP coordinates the other devices
impossible in Ad Hoc networks
contention free
For each station in turn
AP sends a CF-Poll with a time allocation If station accepts
reply with CF-ACK can send one or several packets during
allocated
time
If no answer after PIFS (PCF Inter Frame Space)
AP ask an other station in turn
PCF Discussion
PCF more predictable and fair
good for synchronous data (multimedia)
But
loss of bandwidth if many stations have nothing to
send
not all devices compatible
PCF is always combined with DCF in alternation
beacon frame indicates beginning of PCF/DCF
sequence, total duration and PCF stage max
duration
CF-End ends PCF stage at any moment
SIFS < PIFS < DIFS
PCF not mandatory and not included in Wi-Fi
Alliance interoperability tests
802.11e Enhancements
Traffic Classes (TC) priority (between 4 and 8 levels)
Enhanced DCF Arbitration IFS (< DIFS) and CW defined by TC
queue by TC on each station transmission opportunity (TXOP)
possibility to send several packets separated by SIFS duration
indicated in beacon frames
Wireless Multi-Media certification
Enhanced PCF sequences PCF/EDCF
during PCF, AP can decide the order
during EDCF, AP can send CF-Poll to any station after
PIFS
TXOP local parameters sent in MAC header
-
8/2/2019 polyWi-Fi
16/28
Ad Hoc Mode
Direct communication
no access point
Independent Basic Service Set (IBSS)
Drawbacks difficult configuration
Wi-Fi setup
manual IP setup no defined routing
with a routing software, mesh network
May be used to connect several AP
Infrastructure Mode
Clients connected to network via a Wi-Fi AP
1 AP + its clients = Basic Service Set (BSS)
area covered: cell or Basic Service Area (BSA) identified by a
48bit number: BSSID
BSSID = AP MAC address
Connection of several BSS by a Distribution System
(DS) DS can be wired Ethernet, point-to-point or wireless
Extended Service Set covering Extended Service
Area hand-over
connection maintained when going from BSS to BSS
in a same EBSS automatic choice of best quality AP identified by
SSID (max 32 characters)
Client/Server Detection
Beacon frame broadcast (by AP)
usually every 100ms contain BSSID, SSID, possible data rates, ..
.
synchronization information
Probe requests (by client)
send probe request on each canal with required
SSID and possible data rates AP answers with probe response
similar contents as beacon frame
Comparison
probe request ensures communication is possible in
both directions too much probe requests may impact bandwidth
Authentication
Identification needed before being associated to an
AP
Open authentication
client send authentication request with required
SSID AP always answers success
WEP authentication AP answers with a challenge
random 128bit number
client encrypts the challenge with its WEP key
send result to AP in a new authentication request
AP can verify with its own WEP key
-
8/2/2019 polyWi-Fi
17/28
WEP Authentication Weaknesses
Client does not authenticate AP possibility of pirate AP
What have we gained by authentication? AP knows that client with
xMAC address is
legitimate
pirate can sniff the communication add configure its
Wi-Fi adapter with this xMAC address no way for the AP to check
that MAC address x
belongs to the same adapter
Man in the middle attack replace authentication request
forward challenge and response no need to change MAC
address!
WEP authentication considered harmful not used anymore
Association / Reassociation
After successful identification
Send association request
list of the handled data rates
AP
allocates unique ID register information in allocation table
send acknowledge
Hand-over: if station detects a better AP
send a unassociation request to former AP send a reassociation
request to new AP
contains ID of former AP
completely transparent to the user
Security
SSID masking weak: sniff probe packets
MAC address filtering not feasible if several AP and lots of
stations
MAC spoofing
WEP (Wired Equivalent Privacy) shared key
free software allow to break WEP
802.1x and WEP key rotation needs a RADIUS server
802.11i and WPA (Wireless Protected Access) based on 802.1x
needs a RADIUS server
WPA: TKIP cryptography 802.11i: AES cryptography (WPA2
certification)
Error Control / Fragmentation
32bit CRC for each packet
high confidence in validated packets in case of interferences:
elimination of packets
Fragmentation
error rate: FER=1 (1BER)size
it can be interesting to fragment packets
threshold parametrized trade-off between FER and overhead
beacon frames, broadcast and multicast not
fragmented
-
8/2/2019 polyWi-Fi
18/28
Dispatching and WDS
Dispatch problem
where to forward received packets? to the BSS or to the DS?
Mechanism: 2 bits
toDS fromDS signification
0 0 Ad Hoc1 0 station AP
0 1 AP station
1 1 WDS: AP AP
Wireless Distribution Service
extension of a wireless network with AP not
connected to wired network
vague specification compatibility problems
discussion for mesh networks 802.11s
Power Saving
Wi-Fi communications can reduce autonomy up to
80%!
Power Save Polling Mode instead ofContinuously Available
Mode
Principle turn off radio between emissions and receptions queue
packets till wake up station warn AP of sleeping AP sends in beacon
frames the list of stations it has
queued some packets for (Traffic Indication Map) if stations has
queued packets, ask the AP for them
(PS-Poll)
otherwise, go back to sleep mode
Special case for broadcast and multicast traffic
Important power saving but no more QoS
Deployment
See http://www.jres.org/tutoriel/
Reseaux_sans_fil.livre.pdf by Daniel Azuelos, a
tutorial made at JRES 2005.
Wireless Security
Fundamental qualities
confidentiality integrity
availability non repudiation
Common attacks
war-driving
spying intrusion
denial of service message modification
http://www.jres.org/tutoriel/http://reseaux_sans_fil.livre.pdf/http://reseaux_sans_fil.livre.pdf/http://www.jres.org/tutoriel/http://reseaux_sans_fil.livre.pdf/http://www.jres.org/tutoriel/http://reseaux_sans_fil.livre.pdf/http://reseaux_sans_fil.livre.pdf/http://reseaux_sans_fil.livre.pdf/http://reseaux_sans_fil.livre.pdf/http://reseaux_sans_fil.livre.pdf/http://www.jres.org/tutoriel/http://reseaux_sans_fil.livre.pdf/http://reseaux_sans_fil.livre.pdf/http://reseaux_sans_fil.livre.pdf/http://www.jres.org/tutoriel/Reseaux_sans_fil.livre.pdfhttp://www.jres.org/tutoriel/http://www.jres.org/tutoriel/Reseaux_sans_fil.livre.pdf
-
8/2/2019 polyWi-Fi
19/28
Solutions
First solutions limit overflowing deployment avoid pirate access
points limit temptation by a
good coverage radio supervision
mask the SSID
MAC address filtering VLANs
WEP cryptography isolate the wireless network from the wired
network
use VPNs
New solutions LEAP (Cisco) and proprietary solutions, WPA,
802.11i
(WPA2)
all based on 802.1x, itself based on EAP use an authenticating
sever, nearly always RADIUS
Principle
Everybody shares a common key
key length: 40 or 104 bits
key format: hexadecimal or text possibility of key generation
from a password
Key handling problem
lots of copies of the key lots of potential security
leaks difficulty of key changing many enterprises never
change their WEP key
Key Rotation
Mechanism to allow key changing
not possible to change all keys at the same time! solution: up
to 4 keys at the same time
all can be used for reception only the active one can be used
for emission
Key changing procedure
at the beginning: only one active key in allequipments
add the new key in position 2 in all AP (key 1 is still
active) ask users to add the new key in position 2 in their
station and to activate it once all stations are updated,
activate key 2 in all AP
remove key 1
Individual Keys
Principle each user has its own key
APs know all the keys AP use MAC address to choose the key
Very heavy system Isolation of the communications from the
other
users Broadcast and multicast
users use individual key to AP
AP use shared key for such traffic each station must know
individual and shared key
Configuration 4 keys to allow changing of shared and
individual
keys few AP can handle individual keys
key handling so heavy that nearly never used
-
8/2/2019 polyWi-Fi
20/28
RC4Rivest Cipher 4
Used in SSL and WPA
a good tool!
Principle: generate a pseudo-random bit stream
initialized by a key reproducible
Encryption procedure (in WEP and WPA)
message RC4-generated-bit-stream
Need to avoid the same RC4 key for different
messages
simple solution: combine WEP key with a nonce
(Initialization Vector)
RC4 key = IV (24 bits) || WEP key (40 or 104 bits) need to
transmit IV to allow decryption
IV sent in clear form at the beginning of each packet
Integrity Control
CRC
protects from transmission errors but not from pirates
can be recomputed for a modified message
ICV (Integrity Check Value)
CRC computed on the clear text
added to the message to encrypt
Cryptographic Weaknesses
RC4 key repetition
length IV = 24 too small! as soon as two packets with same IV
received, pirate
knows part of the messages independent of WEP key length
Better ones exist
decryption dictionary
attacks on weak keys
Decryption dictionary
If pirate gets clear text and encrypted message can deduce the
RC4-generated bit stream for the
used IV
make a dictionary of these bit streams (less than
30GB)
how to get these clear text messages?
Ping requests response to a ping is an echo of the request
different responses are encrypted with different IVs how to
generated ping requests?
replay not very good method forge a ping request
intercept an ARP request (easy to guess contents) increase byte
by byte the size of the ping request
Dangerous as pirate acts on the network but
automatizable
-
8/2/2019 polyWi-Fi
21/28
Weak Keys
Weakness of RC4
first bits of the pseudo random stream have a high
probability to correspond to some bits of the key
drop first 256 bytes
Breaking the WEP key
first bits of the key determine if it is weak IV
pirate records weak key packets use an algorithm to get the WEP
key
complexity linear in the size of the WEP key
Advantages
no need to send messages on the network
can be faster than the dictionary attack at the end: WEP key vs
30GB dictionary
Counter measure: avoid IV leading to weak keys
makes the dictionary attack faster :-(
Integrity Check Weakness
CRC is linear
CRC(AB)=CRC(A)CRC(B)
Allows to modify packets transparently
add a sequence of the same length of the
message M
C= (M||CRC(M))R C =C(||CRC()) C
passes the integrity check!
Conclusion on WEP
Free software tools exist to exploit attacks against
cryptographic weaknesses integrity check
and dont forget authentication
But WEP is better than nothing
most attacks need to listen to a lot of traffic need to be in
range of the network
more dangerous threats: viruses on legitimate
computers
If you can, use WPA or WPA2
very strong security more difficult to install
once installed, more manageable network
Towards a Secure Wi-Fi
Strong encryption
key distribution during authentication solve all the problems of
WEP encryption two solutions
WPA: TKIP encryption (based on RC4) WPA2: CCMP encryption (based
on AES)
Strong authentication use 802.1x based on EAP necessitate an
authentication server
RADIUS
-
8/2/2019 polyWi-Fi
22/28
General Presentation
Goals
solve the security problems of WEP in a way that old devices
dont have to be replaced
firmware update use RC4
New features
more powerful integrity control (Michael protocol) 48 bit IV
instead of 24 bits (no reuse of RC4 keys)
mechanism to avoid weak RC4 keys encryption key different for
each packet
IV used to counter replay attacks better key distribution
mechanism
RC4 Key
16 last bits of IV + 8 bits against weak keys ||
changing part for each packet (104 bits)
104-bit part = hash(IV, PTK, MAC sender)
IV distribution
first 32 bits send before encrypted data
last 16 bits + 8 bits against weak keys in place of
WEP IV
Protect Against Replay
Use IV to date packets
IV is incremented at each packet old packet = IV < IV of last
received packet
Adaptation to burst ACK
possibility to send ACK for a group of packets (up to
16) keep the last 16 IVs
Michael Integrity Protocol
hash(PTK, MAC sender, MAC receiver, clear text
message)
20 bit
computed on MSDU
before fragmentation
added to clear text message before encryption weakness
20 bit is small a few hours for a brute force attack
if message fails integrity control, block AP for 1 min
more than 2 years
-
8/2/2019 polyWi-Fi
23/28
IEEE 802.11i
ratified in June 2004
names
802.11i, WPA2, WPA/AES
main drawback
necessitate new devices
encryption mode: CCMP integrity control: CBC
CCMCounter-Mode + CBC-MAC
Counter-Mode a counter is continuously incremented that counter
is encrypted by AES
resulting bit stream message
CBC-MAC: Cipher Block Chaining - Message
Authentication Code first bloc encrypted by AES
previous encrypted block current block result encrypted by AES
and so on
CCM = Counter-Mode + CBC same encryption key 48-bit nonce used
to encrypt and compute CBC
sequential packet number (PN)
CBC can be computed on encrypted message +
clear text data
CCMPCCM Protocol
Define how CCM is used in Wi-Fi context
Packet structure
MSDU fragmented in MPDU packets MPDU = MAC header + data
in case of WEP or TKIP: WEP header inserted
between MAC header and data in case of CCMP: idem
CCMP header
PN0 PN1 Rsv ID PN2 PN3 PN4 PN5
CCMP packet structure
MAC CCMP Encrypted Encrypted CRC
header header data MIC
30B 8B 0 to 2296B 8B 4B
CCMP Details
MIC = CBC (
MAC header (with zeros replacing variable parts) CCMP header
(with zeros replacing variable parts)
clear text data zero padding)
CCM Counter
Options Priority MAC sender PN Counter
1B 1B 6B 6B 2B
-
8/2/2019 polyWi-Fi
24/28
Mixed Modes
Possibility to deploy mixed-mode Wi-Fi networks
WEP + WPA
TKIP + AES
To allow old devices / to ease transition
Should be avoided
weakest mode use for broadcast/multicast
need compatible APs
AAA MethodologyAuthentication, Authorization, Accounting
Access control to resources informations needed to charge for
the resource
usage
central to control security policy application
Authentication compare the references of the user with a
database
grant access to the network if data correspond Authorization
control resource access by an authenticated user
point of policy enforcement
Accounting measure and log resource activities may be used
for
billing analysis of the usage for capacity prevision or
maintenance strategy
RADIUS ProtocolRemote Authentication Dial-In User Service
Concrete implementation of AAA methodology defined by IETF: RFC
2865
client-server approach authenticate distant users in an
heterogeneous
environment
Involved entities user trying to get access to the network
network access server (NAS)
transmit the user informations to the RADIUS server grant access
to the network if authorized by the
RADIUS server RADIUS server
handle the connection requests from the user give to the NAS all
the needed informations to give
access to the required resources can act as a proxy to other
RADIUS servers
Key Mechanisms
Network security
communication between RADIUS client and server
authenticated by shared secret
user passwords encrypted
Flexible authentication mechanisms
several possible authentication methods (PAP,
CHAP, EAP, ...) several data repositories (file, PAM, LDAP, SQL,
...)
Extensible protocol
transaction = Attribute-Value-Length tuple
possibility to define new attributes attributes used for
authorization and accounting
-
8/2/2019 polyWi-Fi
25/28
RADIUS Protocol Details
Transport protocol: UDP
authentication and authorization: port 1812
accounting: port 1813
6 principal packet types
Access-Request: C S, user id + id proof
Access-Challenge: S C, answer to Access-Request
Access-Accept: S C, may contain attributes Access-Reject: S
C
Accounting-Request: C S, Start, Stop,
Interim-Update
Accounting-Response: S C: ack
Accounting-Request
Architecture
3 participants
user, NAS, authentication server
Communication between user and NAS
EAP packets same LAN: EAPoL protocol
Communication between NAS and authentication
server
no precision
Full compatibility with RADIUS
de facto standard for Wi-Fi RADIUS/EAP defined in RFC 2869
EAP-Attribute to encapsulate EAP messages
EAP Origin
PPP (Point-to-Point Protocol)
PPP authentication methods PAP (Password Authentication
Protocol): clear text
password
CHAP (Challenge Handshake Authentication
Protocol): MD5 hash of challenge, counter, password
MS-CHAP: password hashed on server by proprietaryalgorithm,
security weaknesses
MS-CHAP-v2: mutual authentication, widely used on
windows networks since Windows 2000
Weaknesses
sensitive to off-line dictionary attacks no possibility to use
non password based
authentication
EAP (Extensible Authentication Protocol)
EAP Packets
4 packet types
Request: S C, ask for an information based on an
authentication method chosen by the server
Answer: C S, if authentication method not
handled, propose a list of alternatives
Success
Failure Only one authentication method in a dialog
once client has started an answer, can not change
-
8/2/2019 polyWi-Fi
26/28
EAP and 802.1x
EAP on LAN transport EAP packets over a LAN (e.g. Wi-Fi)
between user and access point
new packet types
EAPoL-Start: C notifies server of its wish of
connection EAPoL-Packet: encapsulate EAP packets EAPoL-Key:
allow encryption key exchange EAPoL-Logoff: C ask for end of
session
RADIUS encapsulation
between access point and RADIUS server
EAP Methods
EAP allows many authentication methods
list not closed
Password based methods
EAP/MD5: CHAP protocol with MD5 hash EAP/MS-CHAP-v2, included in
Windows EAP/OTP: One Time Password
use a generator hashing a challenge and apassphrase
S/Key, OPIE sensitive to off-line dictionary attacks
EAP Methods Contd
EAP/GTC: Generic Token Card
token sent in clear text in response to an optional
challenge
use of a token generator (token card) double factor security:
card + password
EAP/SIM: use the SIM card of the portable phone
EAP/TLS: Transport Layer Security
new version of SSL (RFC 2246) mutual authentication by
certificates
in EAP: only authentication, no use of the TLS tunnel heavy
deployment (PKI)
EAP Methods Contd
EAP/PEAP: Protected EAP
developped by Cisco and Microsoft first TLS negociation to setup
a tunnel
not necessary with real identity only the server needs a
certificate
new EAP authentication inside the tunnel
once authentication successful tunnel closed andsuccess packet
sent in clear text
advantages
easy deployment (only server certificate) id of the user
hidden
-
8/2/2019 polyWi-Fi
27/28
EAP Methods End
EAP/TTLS: Tunneled TLS
very similar to PEAP
allows any internal authentication, not only EAP possibility to
add AVP in TTLS packets
EAP/FAST: Flexible Authentication via Secure
Tunneling
similar to TTLS symmetric tunnel vs TLS tunnel
higher performance in hand-over
EAP Security
Attack of the EAP method off-line dictionary attacks MD5,
MS-CHAP-v2, OTP on-line dictionary attacks PEAP/MD5,
PEAP/MS-CHAP-v2, PEAP/OTP easy to protect
Attack of the session only the authentication is protected
session sensitive to MAC spoofing need to encrypt the data
exchanges
static key key negotiation during authentication
Man-in-the-Middle attacks only protection: strong session
encryption
pirate has no way to get the keys attack of PEAP and TTLS
pirate use a false certificate protection: server certificate
verification
WPA Personal
Pre-Shared Key (PSK)
manually configured in each equipment
Very simple
Drawbacks
sensitive to off-line dictionary attacks
key sharing high leakage risk no mechanism for key changing
WPA Enterprise
Use 802.1x
install and configure an EAP compatible RADIUS
server
configure every equipment with WPA/WPA2 and
802.1x
choose one or several EAP method and configure the
clients and server Use a key-generating EAP method
all TLS based methods
EAP/TLS, PEAP, TTLS, EAP/FAST
-
8/2/2019 polyWi-Fi
28/28
Connection Sequence
Wi-Fi association open authentication association with AP
802.1x authentication client send EAPoL-Start authentication
sequence
accord on a 256-bit key: Pairwise Master Key (PMK) RADIUS server
send PMK to AP
RADIUS server send success to client (and AP)
Temporary key negotiation client and AP negotiate new key
derived from PMK:
Pairwise Transient Key (PTK) secure tunnel established AP send
Group Transient Key (GTK) to client
used for broadcast and multicast changed regularly by AP (key
rotation)
