Wireless LAN DESY Zeuthen 15 10 02 I

Wireless LAN @ DESY Zeuthen 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 1

Wireless LAN at DESY Zeuthen Agenda • • • 15. 10. 02 Applications (IEEE 802. 11) Wireless Technologies and Standards Components and Features Wireless LAN & Security WLAN ínstallation at DESY Zeuthen I. Meier: WLAN at DESY Zeuthen 2

Applications (IEEE 802. 11) 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 3

Wireless Connections Router Ethernet HUB 15. 10. 02 Router Access Point 10 Mbps shared bandwidth 11 Mbps shared bandwidth CSMA/CD CSMA/CA I. Meier: WLAN at DESY Zeuthen 4

Mobile Office Internet Ø Home Office Ø Head Office Ø Branch Office Ø Airports Ø Convention Center Ø Hotels Ø Industries Ø Education Ø. . . 15. 10. 02 I. Meier: WLAN at DESY Zeuthen Hot Spots IP anywhere anytime 5

15. 10. 02 I. Meier: WLAN at DESY Zeuthen 6

Why Wireless LAN Ø Office mobility Ø Common areas, meeting rooms Ø Temporary offices Ø Office expansion Ø Quick installation Ø Cost effective alternative § Minimale infrastructure costs § Flexible growth 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 7

Wireless Technologies and Standards 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 8

Wireless Technologies • Wireless Personal Area Network IEEE 802. 15 (100 m) Bluetooth (10 m) Home. RF 1. 2 (100 m) Home. RF 2. 0 (100 m) Bandwidth: 0. 8 - 10 Mbps • Wireless Local Area Network IEEE 802. 11 (100 m) 802. 11 b 802. 11 a 802. 11 g Hiper. LAN-1 Hiper. LAN-2 Bandwidth: 1 – 54 (100) Mbps • Wide Area Network (GSM, GPRS: 2 km, UMTS: 1 km) GSM (9. 6 kbps) GPRS (14. 4 – 115 kbps) CDMA UMTS (14. 4 kbps – 2 Mbps) 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 9

802. 11 Task Group Outline • • 802. 11 a 802. 11 b 802. 11 d 802. 11 e 802. 11 f 802. 11 g 802. 11 h • 802. 11 i • 802. 11 j 15. 10. 02 54 Mbps, 5 GHz (PHY for UNII), ratified in 1999 11 Mbps, 2. 4 GHz, ratified in 1999 additional regulatory domains MAC Enhancements, Quality of Service (Draft 4. 0) Inter Access Point Protocol (IAPP) (Draft 4. 0) higher datarate (> 20 Mbps), 2. 4 GHz (Draft 3. 0) Managed Spectrum for 802. 11 a, Dynamic Channel Selection and Transmit Power Control Mechanisms Authentication and Security 802. 11 a/Hiper. LAN Internetworking I. Meier: WLAN at DESY Zeuthen 10

802. 11 Task Group Outline Layer 3 and higher 802. 11 f 802. 11 WLAN Media Access Control (MAC) and Physical Layer (PHY) Specifications (1997, 1999) Inter Access Point Protocol MAC layer extensions 802. 11 d 802. 11 e 802. 11 i Regulatory Domains Quality of Service Security Extensions 2. 4 GHz PHYs 802. 11 b Physical Layer 2. 4 GHz, 11 Mbps 802. 11 g Physical Layer 2. 4 GHz, 54 Mbps 5 GHz PHYs 802. 11 a Highspeed Physical Layer, 5 GHz 15. 10. 02 802. 11 h Spectrum Managed 802. 11 a (DFS/TCP) I. Meier: WLAN at DESY Zeuthen 802. 11 j 802. 11 a/Hiperlan Internetworking 11

Wireless LAN Standards IEEE 802. 11 1 or 2 Mbps 2. 4 GHz IEEE WLAN IEEE 802. 11 b 1, 2, 5. 5, 11 Mbps (22+ Mbps in future) 2. 4 GHz IEEE WLAN IEEE 802. 11 g 1 – 54 Mbps 2. 4 GHz IEEE WLAN IEEE 802. 11 a 1 – 54 Mbps (100 Mbps in future) 5 GHz IEEE WLAN Hiper. LAN-1 24 Mbps 5. 2 GHz ETSI WLAN Hiper. LAN-2 20 - 54 Mbps 5. 2 GHz ETSI WLAN -- ATM Home. RF 1. 2 0. 8 or 1. 6 Mbps 2. 4 GHz Home. RF home Home. RF 2. 0 0. 8, 1. 6, 5, 10 Mbps 2. 4 GHz Home. RF home Bluetooth 1 Mbps 2. 4 GHz Bluetooth SIG personal 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 12

5 GHz Frequence Band – Hiper. LAN & IEEE 802. 11 a 5 GHz UNII – Unlicensed National Information Infrastructure (USA) IEEE 802. 11 a 1 W 250 m. W 5. 000 5. 100 5. 200 5. 300 5. 400 5. 500 5. 600 5. 700 5. 800 5. 900 6. 000 GHz Aeronautical Satellite Radar, Space Aeron. Radionavigation, Radiolocation, Navigation FSS Research Navigation Maritime Navig. Amateur 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 13

5 GHz Frequence Band – Hiper. LAN & IEEE 802. 11 a 5 GHz Spectrum Europe Hiper. LAN 1 W 200 m. W Indoor/Outdoor Indoor ISM 25 m. W 5. 000 5. 100 5. 200 5. 300 5. 400 5. 500 5. 600 5. 700 5. 800 5. 900 6. 000 GHz Aeronautical Satellite Radar, Space Aeron. Radionavigation, Radiolocation, Navigation FSS Research Navigation Maritime Navig. Amateur 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 14

5 GHz Frequence Band – Hiper. LAN & IEEE 802. 11 a • Hiper. LAN – – 15. 10. 02 ETSI (European Telecommunications Standards Institute) standard Ratified in 1996 Hiper. LAN-1 5 GHz radio band up to 24 Mbps Hiper. LAN-2 5 GHz radio band up to 54 Mbps connection-oriented protocol for sharing access among end-user devices I. Meier: WLAN at DESY Zeuthen 15

5 GHz Frequence Band – Hiper. LAN & IEEE 802. 11 a • IEEE 802. 11 a – 5 GHz radio band up to 54 Mbps (100 Mbps in future) – Orthogonal Frequency-Division Multiplexing (OFDM) – 3 UNII bands per 100 MHz bandwidth and 4 nonoverlapping channels of 20 MHz – each 20 MHz channel comprises 52 300 -k. Hz-wide subchannels – 48 subchannels for data transmission, 4 subchannels for error correction – UNII-1: 15. 10. 02 5. 15 -5. 25 GHz frequency range maximum transmit power: 50 m. W maximum antenna gain: 6 d. Bi only indoors I. Meier: WLAN at DESY Zeuthen 16

5 GHz Frequence Band – Hiper. LAN & IEEE 802. 11 a – UNII-2: 5. 25 -5. 35 GHz frequency range maximum transmit power: 250 m. W removeable antennas possible maximum antenna gain: 6 d. Bi indoors and outdoors – UNII-3: 5. 725 -5. 825 GHz frequency range maximum transmit power: 1 W removeable antennas maximum antenna gain: 23 d. Bi for point-to-point installations 6 d. Bi for point-to-multipoint inst. only outdoors 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 17

Hiper. LAN – IEEE 802. 11 a Implementation Comparison • Hiper. LAN/2 & 802. 11 a share common components – Similar Physical Layer (Orthogonal-Frequency-Division-Multiplexing modulation (OFDM), similar radio) • different MAC implementation – Hiper. LAN/2: – 802. 11 a: – Hiperlan/2: 15. 10. 02 Qo. S and Radio Link Control Features MAC classic Ethernet uses ATM like scheme I. Meier: WLAN at DESY Zeuthen 18

2. 4 GHz Frequence Band– IEEE 802. 11 g • • provides higher data rates at 2. 4 GHz similar speeds as 802. 11 a backward compatible with 802. 11 b modulation – – BPSK (Binary Phase Shift Keying) 1 Mbps QPSK (differential Quaternary Phase Shift Keying) 2 Mbps CCK (Complementary Code Keying) 5. 5 Mbps, 11 Mbps OFDM (Orthogonal Frequency Devision Multiplexing) 12 – 54 Mbps • same modulation as 802. 11 a (OFDM) • Draft-Status (3. 0) • more information: IEEE 802. 11 website www. ieee 802. org/11 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 19

2. 4 GHz Frequence Band– IEEE 802. 11 b • IEEE 802. 11 b Standard – 2. 4 GHz-ISM-Band (Industrial, Scientific and Medical) – frequency spectrum classed as unlicensed anyone can use it as it complies with FCC regulations (public radio spectrum) – max. transmit power of radios, type of encoding and frequency modulation – WECA (Wireless Ethernet Compatibilty Alliance) Wi-Fi (Wireless. Fidelity) compliant devices – LLC-Layer (Logical-Link-Control Layer 2) – 48 bit MAC address (classic Ethernet) – max. 11 Mbps – Wireless LAN Radio Frequency Methods • FHSS (Frequency Hopping Spread Spectrum) 2 Mbps • DSSS (Direct-Sequence-Spread-Spectrum) 1, 2, 5. 5, 11 Mbps 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 20

2. 4 GHz Frequence Band– IEEE 802. 11 b • spread spectrum technology – 2. 4 GHz ISM band has other primary owners, operates at 600 W power level; IEEE 802. 11 b: max. 100 m. W – spread-spectrum-technology power signal after spread spectrum F Spectrum after modulation F frequence – non-sensitive against narrow-band interference (e. g. noise) 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 21

2. 4 GHz Frequence Band– IEEE 802. 11 b • 2 different types of layer 1 physical interfaces – Frequency-hopping architecture – Direct-sequencing architecture (single-frequency approach) DSSS • Frequency Hopping – 2. 4 GHz ISM band provides 83. 5 MHz of available frequency spectrum – frequency-hopping-architecture: transmit radio on 1 of 79 x 1 -MHz-wide frequencies (channel) for max. 0. 4 sec – interference tolerant network – one channel stumbles across an interference => because frequencyhopping data retransmission is realized on another frequency – achievable data rate: 2 Mbps 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 22

2. 4 GHz Frequence Band– IEEE 802. 11 b • Direct-Sequence-Spread-Spectrum (DSSS) – 11 x 22 -MHz overlapping channels of 83. 5 MHz (2. 4 GHz – 2. 4835 GHz) – 3 x 22 -MHz-wide non-overlapping channels – large bandwidth & modulation based on Complementary Code Keying (CCK) primary reason for higher data rates (11 Mbps) – 3 channels without overlap 3 Access Points can be used to provide aggregate data rate of combination of the 3 available channels – 11/22/33 Mbps data rate 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 23

WLAN Media Access Control Router broadcast-domain 15. 10. 02 Router Ethernet HUB Access Point broadcast-domain 10 Mbps shared bandwidth 11 Mbps shared bandwidth CSMA/CD CSMA/CA I. Meier: WLAN at DESY Zeuthen 24

WLAN Media Access Control • CSMA/CA - Carrier-Sense-Multiple-Access with Collision Avoidence • frames – data frames – control frames (RTS, - CTS-, ACK-frames) – management frames (beacon frames) • frame format Praeambel PLCP-header MAC-data CRC – Praeambel: - 80 bit synchronization sequence - 16 bit start-delimeter-frame – PLCP-header: - contains information about encryption on physical layer, packet length 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 25

WLAN Media Access Control – MAC-data field frame duration address 1 address 2 address 3 control sequence control address 4 frame body CRC • control frames • RTS • CTS • ACK Request to Send packet Clear to Send packet Acknowledgement packet frame format Byte 2 Frame Control 15. 10. 02 2 Duration 6 Receiver 6 Sender I. Meier: WLAN at DESY Zeuthen 4 CRC 26

Wireless LAN Components and Features 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 27

WLAN Components • • Bridge Access Point Workgroup-Bridge NIC (WLAN Network Interface Card (ISA, PCI, PCMCIA)) • Router with WLAN-extension (x. DSL-Router, ISDN-Router) 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 28

WLAN Components and Features Wired LAN Building A WLAN Bridge Point-to-point WLAN Bridge L 2 Access Switch Access Point-to-multipoint Workgroup Bridge L 2 Access Switch Building B 15. 10. 02 ISA, PCI or PCMCI Building C I. Meier: WLAN at DESY Zeuthen 29

WLAN Components and Features • • • point-to-point and point-to-multipoint installation inline power over Ethernet, up to 100 m with Cat. 5 selectable transmit power (1, 5, 20, 30, 50, 100 m. W) antenna flexibility variable data rate (1, 2, 5. 5, 11 Mbps) aggregate bandwidth 33 Mbps hot standby implementation, increase availability roaming load balancing • but: – no Quality of Service – Voice over IP & multimedia applications supported on „best efford“ 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 30

Availability LAN active standby • access points with identical configuration • hot standby access point per RF channel • transparent failover from active to standby access point 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 31

Roaming • Media Access Control – CSMA/CA • Beacon Frames – are broadcast from access point at regular intervals – contain access-point information (e. g. Service Set Identifier (SSID), supported data rates and Radio Frequency Methods (FHSS, DSSS), capacity) AP-A AP-B – client triggers „Roaming Event“ (max. retries) starting scanning process for available access points – new association to AP-B based on criteria such • Signal strength 20% better? • Fewer hops to backbone? • Count of associations (AP-B) + 4 < count of associations (AP-A)? 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 32

Load Balancing • • • only 3 non-overlapping cells available max. Bandwidth for single client 11 Mbps load balance criteria – – 15. 10. 02 signal strength number of users transmit load hops to backbone AP AP AP 1 6 11 I. Meier: WLAN at DESY Zeuthen 33

Wireless LAN & Security 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 34

Wireless LAN & Security „. . . As standardized by the IEEE, security for 802. 11 networks can be simplified into two main components: encryption and authentication. The implementation of these components has been proven and documented as insecure by the security community at large. . “ SAFE: Wireless LAN Security in Depth, White Paper Cisco Systems, Inc. , 2001 http: //www. cisco. com/go/safe 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 35

Security Mechanisms SSID AP-Auth none WEP static SSID AP-Auth WEP static WEP dynamic WEP 15. 10. 02 VPN dynamic (EAP) Service Set Identifier Access Point Authentication (open/shared key authentication) Wired Equivalent Privacy (encryption) static key dynamic key derivation EAP (Extensible Authentication Protocol) / LEAP (Ligth EAP) I. Meier: WLAN at DESY Zeuthen 36

Network Selection Service Set Identifier (SSID) • defines the name of the network, ASCII-string • SSID is not a security mechanism • transmitted as clear text in Probe & Probe Response frames • „Broadcast SSID“ disabled stops SSID in beacon frames only • association to dedicated networks/access points 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 37

Access Point Authentication • Open authentication open authentication = „null“ authentication request packet authentication response packet • Shared Key Authentication and static WEP-encryption challenge text packet for authentication cryptographically insecure plaintext and corresponding encrypted text are visible 15. 10. 02 authentication request packet challenge text packet (plaintext) challenge response packet with predet. WEP authentication response packet I. Meier: WLAN at DESY Zeuthen 38

Static Wired Equivalent Privacy (WEP) header: use key 3 data: encrypted using key 3 trailer Key 1 = 123. . . Key 2 = 432. . . Key 3 = 987. . . trailer data: encrypted using key 2 header: use key 2 Key 1 = 123. . . Key 2 = 432. . . Key 3 = 987. . . • knowledge of WEP key required • key needs to be changed frequently • key distribution and management problematic 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 39

MAC Authentication • MAC address filter on Access Points • Cisco supports centralized configuration and management of permitted MAC addresses in RADIUS database (Remote Access Dial-In User Service) • easily spoofed 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 40

2 nd Generation Security Mechanisms • WLAN IEEE 802. 11 b is in secure • security extensions necessary Backend infrastructure (kerberos, RADIUS, . . . ) IEEE 802. 1 x TLS GSS_API IKE LEAP Method Layer EAP APIs VPN EAP Layer NDIS APIs PPP 15. 10. 02 802. 3 802. 11 . . . I. Meier: WLAN at DESY Zeuthen Media Layer 41

EAP/LEAP • EAP - Extensible Authentication Protocol (centralized authentication and dynamic key distribution) • LEAP – Ligth Extensible Authentication Protocol (Cisco) EAP/LEAP RADIUS Radius Sever client – – – 15. 10. 02 client authenticates to access point which disables all further IP requests next step: user network logon (username, password; Radius-Server) WEP session key calculation based on username/password Radius server sends key to access point Access point enables network connection I. Meier: WLAN at DESY Zeuthen 42

VPN - Virtual Private Network • support a variety of cryptographically strong options to authenticate the client at the VPN concentrator • encrypted IP-tunnel client – VPN concentrator • Triple DES encryption • connection access point – VPN concentrator is not authenticated 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 43

WLAN installation at DESY Zeuthen 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 44

deficits • security policies – – security zones Firewall Intrusion Detection System (IDS) mobile computing notebooks, PDA, Bluetooth • „Benutzerordnung“ • central notebook support (MS Windows/Linux) – – 15. 10. 02 system installation/administration security patches root password application software I. Meier: WLAN at DESY Zeuthen 45

Supported network features • network access - Ethernet analogous modem ISDN DSL WLAN DHCP - RADIUS - EAP - VLAN • IEEE 802. 11 b (11 Mbps, 2. 4 GHz) • support meetings, workshops, conferences • seminar room SR 1, SR 2, SR 3, Foyer 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 46

Network Structure (Phase I, August 2002) GWIN-Router 34 Mbit/s Remote Access Server 10/100 Mbit/s Telecom 100 Mbit/s dial-in/mobile user 56 kbit/s (anal. Modem) 64/128 kbit/s (ISDN) Backbone Router/Switch Gigabit Ethernet SAP-User Access Switch (Layer 2 Switch) 10/1000 Mbit/s PC-Cluster Batch-Farm 15. 10. 02 Server I. Meier: WLAN at DESY Zeuthen 47

Network Structure (Phase II, October 2002) GWIN-Router 34 Mbit/s Remote Access Server 100 Mbit/s Telecom Firewall dial-in/mobile user Gigabit Ethernet 56 kbit/s (anal. Modem) 64/128 kbit/s Gigabit Ethernet (ISDN) Backbone Router/Switch Gigabit Ethernet Access Switch (Layer 2 Switch) SAP-User 10/1000 Mbit/s PC-Cluster Batch-Farm 15. 10. 02 Server I. Meier: WLAN at DESY Zeuthen 48

Network Structure (Phase III) GWIN-Router 34 Mbit/s Remote Access Server 100 Mbit/s Telecom dial-in/mobile user 56 kbit/s (anal. Modem) 64/128 kbit/s Firewall Gigabit Ethernet (ISDN) Access Point Gigabit Ethernet Backbone Router/Switch WLAN user Gigabit Ethernet Access Switch (Layer 2 Switch) SAP-User 10/1000 Mbit/s PC-Cluster Batch-Farm 15. 10. 02 Server I. Meier: WLAN at DESY Zeuthen 49

Abbreviations • ETSI • • IEEE ITU Reg. TP TKG WRC Bluetooth SIG RR • • Wi-Fi ÍSM-Band • UNII-Band 15. 10. 02 European Telecommunication Standards Institute ( Hiperlan 1/2) Institute of Electrical and Electronic Engineers, Inc. International Telecommunication Union (CCITT, CCIR) Regulierungsbehörde für Telekommunikation und Post Telekommunikationsgesetz World Radio Conference (Verwaltung der Funkfrequenzen) Bluetooth Special Interest Group Radio Regulations (weltweit gültiges Regelwerk für den Funkverkehr, vom WRC erarbeitet) Wireless-Fidelity 2. 4 GHz Frequence-Band for Industrial, Scientific and Medical, unlicensed 5 -GHz Frequence-Band for Unlicensed-National-Information. Infrastructure I. Meier: WLAN at DESY Zeuthen 50

Abbreviations • • • DSSS WEP RC 4 • IPSec • • • VPN DES 3 DES 15. 10. 02 Direct Sequencing Spread Spectrum Wired Equivalent Privacy (40/128 bit encryption) encryption algorithm invented by Ron Rivest of RSA Data Security Inc. (RSADSI) IP Security Protocol (framework of open standards for secure communication over IP networks) Vitual Private Network Data Encryption Standard Triple DES, encrypts data 3 times with up to 3 different keys I. Meier: WLAN at DESY Zeuthen 51

Abbreviations • • • SSID AP CSMA/CD CSMA/CA EAP/802. 1 X • • • LEAP MIC TKIP EAP-TLS RADIUS DHCP 15. 10. 02 Service Set Identifier (32 char ASCII-string) Access Point Carrier-Sense-Multiple-Access with Collision Detection Carrier-Sense-Multiple-Access with Collision-Avoidence Extensible Authentication Protocol (centralized authentication and dynamic key distribution) Ligth Extensible Authentication Protocol (Cisco) Message-Integrity-Protocol Temporal-Key- Integrity-Protocol EAP Transport Level Security Remote Access Dial-In User Service Dynamic Host Configuration protocol I. Meier: WLAN at DESY Zeuthen 52