Internet Lab (iLab1) Wireless Networks Lars Wstrich - PowerPoint PPT Presentation

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLab1) Wireless Networks Lars Wüstrich ilab1@net.in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 9 – WiSe 2019/20

Outline Meta Wireless Communication General Problems Channel Access Methods Types of Wireless Networks Wireless LAN (IEEE 802.11) Physical Layer Data Link Layer Medium Access Control WLAN Security 1/30

Outline Meta Wireless Communication Wireless LAN (IEEE 802.11) WLAN Security 2/30

Attestation slots How to get an attestation slot: • choose in Moodle else we’ll choose for you • open until today, Wednesday, 8. Jan. 2020, 23:00 • if you have not chosen a slot yet, please do so as soon as possible • 2020-01-27 Mon • 2020-01-28 Tue • 2020-01-29 Wed • 2020-01-30 Thu 3/30

Access to the Lab room • keys on key card expire after 24h or at midnight (not sure) • To regain access to the room, reload keys at white boxes at the entrance of the FMI • the entrance of any chair • 4/30

Outline Meta Wireless Communication General Problems Channel Access Methods Types of Wireless Networks Wireless LAN (IEEE 802.11) WLAN Security 5/30

General Problems in Wireless Data Transmission • half-duplex operation (self interference) • interference – there is only one shared medium • signal strength decreasing quadratically with the distance • multipath propagation due to reflection and refraction source: http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/82068-omni-vs-direct.html 6/30

Recap: Ethernet (IEEE 802.3) • full-duplex, high-speed data transmission • negligible interference • usually no medium access control (CSMA/CD) necessary switches limit collision domains to only two endpoints • no built-in security 7/30

Channel Access Methods Frequency Division Multiple Access (FDMA) • each data stream uses a different frequency band Time Division Multiple Access (TDMA) • each data stream uses a different time-slot Code Division Multiple Access (CDMA) • multiplexing based on spreading-codes Space Division Multiple Access (SDMA) • frequency reuse in different physical areas 8/30

FDMA: Frequency Spectrum (US, 3KHz – 30 GHz) source: http://www.ntia.doc.gov/files/ntia/publications/spectrum_wall_chart_aug2011.pdf 9/30

FDMA: Frequency Spectrum (DE, cellular networks) source: https://www.bundesnetzagentur.de/SharedDocs/Downloads/DE/Allgemeines/Presse/Pressemitteilungen/ 2010/100830VerlosungGraphikFrequenzspektrum_pdf.pdf?__blob=publicationFile&v=3 10/30

Frequency Spectrum Summary Unlicensed Operation • 13.56 MHz NFC, RFID • 2.4 GHz WLAN, Bluetooth, ZigBee, microwave ovens, RFID, etc. • 5 GHz WLAN Mobile Networks (Germany) • GSM (2G) 900, 1800 MHz • UMTS (3G) 2100 MHz • LTE (4G) 800, 1800, 2600 MHz 11/30

Space Division Multiple Access (SDMA) CC BY-SA 2.5 by Andrew pmk source: https://upload.wikimedia.org/wikipedia/ commons/e/ee/Frequency_reuse.svg 12/30 Cellular base stations in Munich source: http://emf3.bundesnetzagentur.de/karte/default.aspx

Types of Wireless Networks single-hop multi-hop infrastructure- WLAN (ad-hoc mode), Mobile ad-hoc networks less Bluetooth, ZigBee e.g. car-to-car WLAN infrastructure- (infrastructre mode), Wireless mesh networks based cellular networks (GSM, WIMAX, LTE) 13/30

Outline Meta Wireless Communication Wireless LAN (IEEE 802.11) Physical Layer Data Link Layer Medium Access Control WLAN Security 14/30

Terminology Infrastructure Mode • station wireless host • access point base station • basic service set (BSS) group of communica- tion partners that use the same channel • extended service set (ESS) group of multiple interconnected BSS with common service set identifier (SSID) • distribution system interconnection network 15/30

Physical Layer: IEEE 802.11 PHY Standards Name Frequency Max. data rate Published 802.11 2.4 GHz 2 Mbit/s 1997 802.11a 5 GHz 54 Mbit/s 1999 802.11b 2.4 GHz 11 Mbit/s 1999 802.11g 2.4 GHz 54 Mbit/s 2003 802.11n 2.4 + 5 GHz 600 Mbit/s 2009 802.11ac 5 GHz 6.77 Gbit/s 2013 802.11ax 2.4 + 5 Ghz 11 Gbit/s 2019 16/30

Data Link Layer: Frames Management Frames • beacon frame (periodical announcement by the AP , e.g. SSID) • association request frame / association response frame (station joins the network) • authentication frame Control Frames • acknowledgement (ACK) frame, reliability • request-to-send (RTS) frame (optional extension) • clear-to-send (CTS) frame (optional extension) Data Frames • actual data transmission 17/30

Datagram Header 0 15 16 31 ... ver type to fr duration / ID subtype DS DS address 1 address 1 address 2 address 2 address 3 address 3 sequence control address 4 address 4 data (0–2312 Byte) frame check seq. 18/30

Use of Address Fields • (0,0) data frame from station to station (ad-hoc mode) • (0,1) data frame from AP to station (infrastructure mode) • (1,0) data frame from station to AP (infrastructure mode) • (1,1) data frame in the DS from one AP to another AP (wireless distribution system) to DS from DS A1 A2 A3 A4 0 0 RA = DA TA = SA BSSID 0 1 RA = DA TA = BSSID SA 1 0 RA = BSSID TA = SA DA 1 1 RA TA DA SA DA = destination address, SA = source address, RA = receiver address, TA = transmitter address, BSSID = AP MAC address 19/30

Medium Access Control Carrier Sense Multiple Access / Collision Avoidance (CSMA/CA) • collision detection not possible sensing while sending is difficult • a collision may only be visible to a part of the nodes • • a frame is always fully transmitted • link layer acknowledgements 20/30

Medium Access Control Carrier Sense Multiple Access / Collision Avoidance (CSMA/CA) • collision detection not possible sensing while sending is difficult • a collision may only be visible to a part of the nodes • • a frame is always fully transmitted • link layer acknowledgements • remember: collision != interference 20/30

CSMA/CA – Inter-Frame Spacing • prioritization of control traffic SIFS (Short Interframe Spacing): highest priority for control frames: e.g. ACK, CTS • DIFS (DCF Interframe Spacing): lower priority (longer interframe spacing) for data traffic • • backoff time t bo = Random ([0, CW ]) ∗ SlotTime source: S. Günther, et al. “Analysis of Injection Capabilities and Media Access of IEEE 802.11 Hardware in Monitor Mode”, NOMS 2014 21/30

CSMA/CA – Inter-Frame Spacing Example source: https://www.cs.purdue.edu/homes/park/cs536-wireless-3.pdf • SIFS = 10 µ s or 16 µ s • DIFS = 28 µ s , 34 µ s , or 50 µ s • slot time = 9 µ s or 20 µ s • 15 ≤ CW ≤ 1023 22/30

Collison Avoidance Algorithm (sending side) data link layer receives frame from upper layer choose random backoff time t bo = Random ([0, CW ]) ∗ SlotTime wait until channel is idle for DIFS busy while t bo > 0 : wait for one slot time and decrement t bo loop transmit frame no yes CW = CW ∗ 2 ACK received before timeout? 23/30

Collison Avoidance Algorithm (receiving side) data link layer receives frame from the physical layer yes no wait for SIFS is received frame ok? transmit ACK 24/30

CSMA/CA – Backoff Example source: IEEE Std 802.11-2012, http://standards.ieee.org/getieee802/download/802.11-2012.pdf • no acknowledgements shown for simplicity 25/30

Ready-to-Send and Clear-to-Send (CTS / RTS) • optional extension to IEEE 802.11 • before any transmission the sender transmits a request-to-send (RTS) message contains the expected duration of the transmission • the receiver has to confirm with a clear-to-send (CTS) message everyone who received the CTS knows that the medium will be busy for the specified duration • solves the hidden terminal problem 26/30

Outline Meta Wireless Communication Wireless LAN (IEEE 802.11) WLAN Security 27/30

Wireless LAN Security Protocols WEP • standardized in 1999, first broken in 2001 N. Borisov et al., Intercepting Mobile Communications: The Insecurity of 802.11, MOBICOM 2001 • many design flaws including: only 40 bit key length • initialization vector is too small (16 million possible values) • integrity check via CRC32 (linear function) • no replay-protection • WPA • standardized in 2003 • stopgap replacement for WEP WPA2 • standardized in 2004 (IEEE 802.11i) • CCMP (CTR mode with CBC-MAC Protocol) encryption protocol uses AES with 128-bit block size WPA3 • announced in 2018 as replacement for WPA2 28/30

WPA2 Authentication Pre-shared Key Mode (WPA-PSK) • 256 bit key derived from 64 hexadecimal digits or an ASCII-String (8 to 63 characters) using the PBKDF2 key derivation function and the SSID as salt External Authentication Server (WPA-802.1X) • relies on an external server for authentication • advantages: mutual authentication, centralized authentication Wi-Fi Protected Setup (WPS) • goal: make adding new devices as simple as possible • push-button method assumption: attacker has no physical access to the access point • • PIN method is insecure (brute-force attack [1]) [1] https://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf 29/30