Local Area Networks LANs IEEE 802 Ethernet Wireless

Local Area Networks (LANs) - IEEE 802 - Ethernet - Wireless LAN

1. IEEE 802. 1 Higher layer LAN protocols IEEE 802. 2 Logical link control IEEE 802. 3 Ethernet IEEE 802. 4 Token bus IEEE 802. 5 Token Ring IEEE 802. 6 Metropolitan Area Networks IEEE 802. 7 Broadband LAN using Coaxial Cable IEEE 802. 8 Fiber Optic TAG IEEE 802. 9 Integrated Services LAN IEEE 802. 10 Interoperable LAN Security IEEE 802. 11 Wireless LAN (Wi-Fi) IEEE 802. 12 demand priority IEEE 802. 14 Cable modems IEEE 802. 15 Wireless PAN IEEE 802. 15. 1 (Bluetooth) IEEE 802. 15. 4 (Zig. Bee) IEEE 802. 16 Broadband Wireless Access (Wi. MAX) IEEE 802. 16 e (Mobile) Broadband Wireless Access IEEE 802. 17 Resilient packet ring IEEE 802. 18 Radio Regulatory TAG IEEE 802. 19 Coexistence TAG IEEE 802. 20 Mobile Broadband Wireless Access IEEE 802. 21 Media Independent Handoff IEEE 802. 22 Wireless Regional Area Network

IEEE 802 LAN Protocol Architecture • Lower layers of OSI model • IEEE 802 reference model —Physical —Logical link control (LLC) —Media access control (MAC)

IEEE 802 Protocol Layers Compared to OSI Model

802 Layers - Physical • • Encoding/decoding Preamble generation/removal (for sync. ) Bit transmission/reception Transmission medium and topology

802 Layers – Medium Access Control • Assemble data into frame • Disassemble frame, and perform address recognition and error detection • Govern access to the LAN transmission medium 802 Layers - Logical Link Control • Interface to higher levels • Flow and error control

LAN Protocols in Context

Logical Link Control • Transmission of link level PDUs between two stations • Relieved of some link access details by MAC layer • Based on HDLC (High-Level Data Link Control) • Three services —Unacknowledged connectionless service —Connection mode service —Acknowledged connectionless service

Medium Access Control • Multiple devices shares the network’s transmission capacity/medium • Means of controlling access to the transmission medium • MAC layer receives data from LLC layer • LLC PDU is enclosed in a MAC frame

2. Ethernet • Developed by Xerox • IEEE 802. 3 • Classical Ethernet — 10 Mbps —Bus topology —Medium Access Control • CSMA/CD (carrier sense multiple access with collision detection)

Bus Topology • • Stations attach to linear transmission medium (bus), via a tap Full-duplex between station and tap Transmission propagates length of medium in both directions Received by all other stations At each end of bus: terminator, to absorb signal Need to indicate for whom transmission is intended Need to regulate transmission — If two stations attempt to transmit at same time, signals will overlap and become garbled — If one station transmits continuously access blocked for others • Transmit data in small blocks (frames) • Each station assigned unique address — Destination address included in frame header

Frame Transmission on a Bus LAN

CSMA/CD • With CSMA, collision occupies medium for duration of collision transmission • Stations listen whilst transmitting 1. If medium idle, transmit, otherwise, step 2 2. If busy, listen for idle, then transmit 3. If collision detected, send a jamming signal and then cease transmission 4. After jam, wait random time (backoff) then start from step 1 • Binary exponential backoff — Random delay is doubled (the first 10 retransmission) — After 16 unsuccessful attempts, give up

IEEE 802. 3 Frame Format Max. frame size: 1518 = 18 + 1500 Preamble: 1010… 1010 SFD: 10101011

Ethernet Physical Layer • • • Ethernet (10 Mbps) Fast Ethernet (100 Mbps) Gigabit Ethernet (Gb. E) 10 gigabit Ethernet (10 Gb. E) 100 gigabit Ethernet (100 Gb. E)

10 Mbps Ethernet (Mbps) (hundreds of meters) • <data rate><Signaling method><Max segment length> (100 m) • • • 10 Base 5 10 Base 2 10 Base-T Medium Coaxial UTP Signaling Baseband Manchester Topology Bus Star Nodes 100 30 -

10 BASE-T • Unshielded twisted pair (UTP) medium — Also used for telephone • Star-shaped topology — Stations connected to central point, (multiport repeater) — Two twisted pairs (transmit and receive) — Repeater accepts input on any one line and repeats it on all other lines • Link limited to 100 m on UTP — Optical fiber 500 m • Central element of star is active element (hub) • Physical star, logical bus • Multiple levels of hubs can be cascaded

Fast Ethernet • 100 Mbps Fast Ethernet — Star-wire topology (Similar to 10 BASE-T) — 100 BASE-T Options: T: twisted-pair wire X: 2 pair (transmit, receive)

100 BASE-TX • 100 BASE-TX runs over two pairs of wires —Uses one pair of twisted wires in each direction — 100 Mbit/s of throughput in each direction (full-duplex) • STP and Category 5 UTP allowed 1 White/Orange 2 Orange 3 White/Green 4 5 6 Green 7 8

Full Duplex Operation • Traditional Ethernet half duplex — Either transmit or receive but not both simultaneously • With full-duplex, station can transmit and receive simultaneously • 100 -Mbps Ethernet in full-duplex mode, theoretical transfer rate 200 Mbps • Attached stations must have full-duplex adapter cards • Must use switching hub — Each station constitutes separate collision domain — In fact, no collisions — CSMA/CD algorithm no longer needed — 802. 3 MAC frame format used — Attached stations can continue CSMA/CD

Gigabit Ethernet S = 850 nm (Short wavelength) L = 1, 310 nm (Long wavelength) (log scale)

10 -Gbps Ethernet (log scale)

Virtual LAN (VLAN) with Ethernet Switches Server Broadcasting without VLANS Servers Sometimes Broadcast; Goes To All Stations; Latency Results Server Broadcast Client C Client B Client A Server D Destination MAC address: FF-FF-FF-FF Server E

Virtual LAN (VLAN) with Ethernet Switches, Continued With VLANs, Broadcasts Only Go To a Server’s VLAN Clients; Less Latency Server Broadcasting with VLANS Server Broadcast No No Client C on VLAN 1 Client A on VLAN 1 Client B on VLAN 2 Server D on VLAN 2 Server E on VLAN 1

Tagged Ethernet Frame (802. 1 Q) Basic 802. 3 MAC Frame Tagged 802. 3 MAC Frame Preamble (7 octets) Start-of-Frame Delimiter (1 Octet) Destination Address (6 Octets) Source Address (6 Octets) Length (2 Octets) Length of Data Field in Octets 1, 500 (Decimal) Maximum Tag Protocol ID (2 Octets) 100000000 81 -00 hex; 33, 024 decimal. Larger than 1, 500, So not a Length Field

Tagged Ethernet Frame (802. 1 Q) Basic 802. 3 MAC Frame Tagged 802. 3 MAC Frame Data Field (variable) Tag Control Information (2 Octets) Priority Level (0 -7) (3 bits); VLAN ID (12 bits) 1 other bit PAD (If Needed) Length (2 Octets) Frame Check Sequence (4 Octets) Data Field (variable) PAD (If Needed) Frame Check Sequence (4 Octets)

Hub Versus Switch Hub Broadcasts Each Bit Out All Other Ports --If A Is Transmitting, B Must Wait to Transmit Ethernet Hub X A B C D

Hub Versus Switch Sends Frame Out One Port If A Is Transmitting to C, B Can Transmit to D Simultaneously Ethernet Switch A B C D

Bus Hub Switch

3. Wireless LANs • A wireless LAN uses wireless transmission medium • To satisfy requirements for — mobility — relocation — ad hoc networking — coverage of locations difficult to wire • Applications — LAN Extension — Cross-Building Interconnect — Nomadic Access — Ad Hoc Networking

IEEE 802. 11 WLAN (Wi-Fi) • 無線區域網路 —Wireless Local Area Network (WLAN) • Wi-Fi (Wireless Fidelity) —Wi-Fi Alliance (http: //wi-fi. org/) • IEEE 802. 11 — 802. 11 a/b/g/n

WLAN存取點/基地台 (Access Point) AP Switch Router Internet/ Intranet Access Point Router Switch AP Access Router

WLAN 熱點 (Hotspots) Coffee Shop Airport WLAN Adapter Internet : Access Point Conference Center

MIT i. SPOTS – http: //ispots. mit. edu/ # APs : ~ 2800 # Users per 15 min: ~1000

支援WLAN之各式產品 • • • PDA / Laptop PC PDA/Smart Phone Printer Digital Camera Wireless Audio Projector Surveillance Camera Wireless Skype Phone Wii … Nintendo Wii $100 OLPC Dopod Linksys CHT 9100 Video Camera Nikon Coolpix S 50 c NEC LT 265 Projector

Ad Hoc模式 Infrastructure Mode Ad Hoc Mode

4 2 1 3

IEEE 802. 11標準 # of Non. Overlapping Channels Range (Indoor) 2 Mbps 3 ? 25 Mbps 54 Mbps 24 ~30 m 2. 4 -2. 5 GHz 6. 5 Mbps 11 Mbps 3 ~50 m 2003 2. 4 -2. 5 GHz 25 Mbps 54 Mbps 3 ~30 m 2006 draft 2. 4 GHz or 5 GHz bands 200 Mbps 540 Mbps 3 / 24 ~50 m - Data Rate - Protoco l Release Date Op. Frequency (Unlicensed Band) Typ Max Legacy 1997 2. 4 -2. 5 GHz 1 Mbps 802. 11 a 1999 5. 15 -5. 35 / 5. 475. 725 /5. 725 -5. 875 GHz 802. 11 b 1999 802. 11 g 802. 11 n

IEEE 802. 11 Architecture • MAC protocol and physical medium specification for wireless LANs • Smallest building block is basic service set (BSS) — Number of stations — Same MAC protocol — Competing for access to same shared wireless medium — BSS generally corresponds to cell • May be isolated or connect to backbone distribution system (DS) through access point (AP) — AP functions as bridge — DS can be switch, wired network, or wireless network • MAC protocol may be distributed (DCF) or controlled (PCF) by central coordination function in AP

IEEE 802. 11架構 ESS BSS

Nominal Frequency (MHz) Minimum (MHz) Maximum (MHz) 1 2412 2401 2423 2 2417 2405 2428 3 2422 2411 2433 4 2427 2416 2438 5 2432 2421 2443 6 2437 2426 2448 7 2442 2431 2453 8 2447 2436 2458 9 2452 2441 2463 10 2457 2446 2468 11 2462 2451 2473 Channel 5 MHz 22 MHz

AP間之頻道干擾 OK Access Point A Channel 1 OK Access Point D Channel 6 In 802. 11 b and 802. 11 g nonoverlapping channels are 1, 6, and 11 Access Point B Channel 6 Interference Access Point E Channel 6 Interference Access Point C Channel 6 OK Interference OK Access Point F Channel 11

Typical 802. 11 WLAN Operation Ethernet Switch 802. 3 Frame 802. 11 Frame UTP AP 802. 3 Frame Radio Transmission Laptop Access points (APs) bridge the networks Client PC Server Large Wired LAN Translates between the 802. 11 wireless frame and the Ethernet 802. 3 frame used within the LAN

Typical 802. 11 WLAN Operation, Continued Ethernet Switch UTP 802. 3 Frame Client PC Server Large Wired LAN AP A AP B 802. 11 Frame Laptop Handoff or Roaming (if mobile computer moves to another access point, it switches service to that access point)

IEEE 802. 11 Services • Association: —Establish an initial association between a station and an AP • Reassociation: —Enables an established association to be transferred from one AP to another • Disassociation: —Terminate an existing association • Authentication: —Establish the identity of stations to each other • Privacy: —Prevent eavesdropping

A Scenario Internet AP #2 AP #1 (1) Associate move (1) Association (2) Reassociation (3) Disassociation Reassociate (2) Disassociate (3) leave

Stations and Access Points Transmit in a Single Channel Collision if 2 Devices send Simultaneously

Medium Access Control • Reliable data delivery — Noise, interference, and other propagation effects result in loss of frames • Multiple Access — Only one station or the access point can transmit at a time • Security — Authorized access • Two MAC methods: — CSMA/CA+ACK (mandatory) — RTS/CTS (optional)

CSMA/CA+ACK • CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) —If there has been no traffic for a sufficiently long time, station or access point may send immediately. —If there is current traffic or collision, • the station sets a random timer • If there is no traffic when the timer finishes, may send —Receiver immediately sends back an acknowledgement (ACK) when it receives a frame.

CSMA/CA+ACK • ACK (Acknowledgement) —Receiver immediately sends back an acknowledgment when it receives a frame • Does not wait to send an ACK • This avoids interference with other stations, which must wait —If sender does not receive the acknowledgement, it retransmits the frame using CSMA/CA — 802. 11 with CSMA/CA+ACK is a reliable protocol!

RTS/CTS CSMA/CA D A RTS B CTS C http: //media. pearsoncmg. com/aw/aw_kurose_network_2/applets/csma-ca/withhidden. html

Four Frame Exchange • Basic data transfer involves exchange of two frames • To further enhance reliability, four-frame exchange may be used — Source issues a Request to Send (RTS) frame to destination — Destination responds with Clear to Send (CTS) — After receiving CTS, source transmits data — Destination responds with ACK • RTS alerts all stations within range of source that exchange is under way • CTS alerts all stations within range of destination

Request to Send/Clear to Send (RTS/CTS) Switch RTS Client PC Access Point B Radio Link Laptop Server Large Wired LAN 1. Device that wishes to transmit may send a Request-to-Send message

Request to Send/Clear to Send (RTS/CTS) Must Wait Switch CTS WAP Client PC Server Large Wired LAN Radio Link May Send Frames 2. Wireless access point broadcasts a Clear-to-Send message. Station that sent the RTS may transmit unimpeded. Other stations hearing the CTS must wait

WLAN安全威脅 • • 竊聽 非法存取網路 阻斷服務 (Denial of Service, Do. S) WEP Key攻擊 中間人攻擊 (Man in the Middle) 非法基地台 (Rouge AP) 連線截奪 (Session Hijacking)

Man-In-Middle攻擊 • 原因：缺乏雙方認證( Mutual Authentication) Legitimate Client Legitimate AP 1. Associates 2. Associates As Legitimate Client Evil Twin AP

非法基地台 (Rouge AP) Switch Router Internet/ Intranet 合法 AP SSID = 7 Eleven Rouge AP SSID = 7 Eleven Router Switch

Session Hijacking

WLAN安全機制 • 停用SSID廣播 • MAC位址過濾 • Shared Key 認證 • WEP (Wired Equivalent Privacy) • WPA (Wi-Fi Protected Access) • 802. 11 i (WPA 2)

Wii Wireless Connection Setting http: //www. nintendo. com/consumer/systems/wii/en_na/online. jsp WPA: Wi-Fi Protected Access PSK: pre-shared key WEP: Wired Equivalent Privacy TKIP: Temporal Key Integrity Protocol Reference: IEEE 802. 11 i Wi-Fi Alliance

Shared Key 認證 Open System: 無任何認證

Shared Key 認證

WEP (Wired Equivalent Privacy)

WEP Encryption 0011 0101 0110 ⊕: XOR (A⊕B⊕B=A) Plain Text: key IV RC 4 01011100101001101. . . ⊕ 11010110010101001001. . . Cipher Text: IV key IV RC 4 100010101110110110000100. . . ⊕ 11010110010101001001. . . Plain Text: 01011100101001101. . .

WPA (Wi-Fi Protected Access) - PSK (Pre-Shared Key) 5 j 6 g 0 is "Chu Shan". WPA-PSK - Encryption: TKIP

• Key • Password —Dictionary attack • Passphrase — Phrase — life is good in NCNU

WPA (Wi-Fi Protected Access) - 802. 1 X

IEEE 802. 1 X • EAP-MD 5 • EAP-TLS EAP: Extended Authentication Protocol RADIUS: Remote Authentication Dial In User Service

802. 11 i (WPA 2) - PSK WPA 2 -PSK: Encryption: AES-CCMP: AES-Counter Mode CBC-MAC Protocol CBC-MAC: Cipher Block Chaining-Message Authentication Code

802. 11 i (WPA 2) - 802. 1 X