WiFi, Bluetooth & Layers

Emmanuel Baccelli

Last week
Medium Access Control Basic example : Aloha

Wifi, Bluetooth: wireless LANs

Wifi, Bluetooth, Ethernet

Couche 5 Couche 4 Couche 3 Couche 2: Lien Couche 1: Physique

Protocol layers 1 et 2
Transfer packets over a link

Standardization body: IEEE

Standards: 802.11, 803.2, 802.15

= la norme IEEE 802.11

Norme = rgles, techniques, formats communs respecter
Protocole = norme de communication entre machines

IEEE = Institute of Electrical and Electronics Engineering

IEEE 803.2

IEEE 1394
IEEE 802.15.1

IEEE 802.11 standard

Communication between terminals and access point

Direct communication between terminals

Infrastructure mode in urban situation

IEEE 802.11 basic

Emission power 100 mW (1/10 of GSM)
Bursty packet emissions 2-5-10-..54 Mbits/s

Range: 100 m outdoor several ten meters

European ETS 300 328

Frequencies

52 MHz bandwidth around 2.4 GHz 11 channels with partial overlaps

coding IEEE 802.11b

Spread spectrum
Spread of 11MHz (11 bits Barker sequence) 1 Msymbols/s
1 Mbps: modulation PSK 1, 1 bit/ symbol (DSSS IEEE 802.11) 2 Mbps: mod QPSK, 2 bits/ symbol

Spread of 11 MHz (squence 8 bits CCK), 1,375 Msymbol/s

5,5 Mbps: 4 bits/symbole 11 Mbps: 8 bits/symbole

IEEE 802.11b,a,g,n
IEEE 802.11b (1-2-5,5-11 Mbps)
Bandwidth 2,4 GHz Modulation Direct Sequence Spread Spectrum (DSSS) No Forward Error Control (FEC)

IEEE 802.11a (6-54 Mbps)

Bande 5,2 GHz Mod. Orthogonal Frequency Division Multiplexing (OFDM) FEC rate , 2/3, 3/4 (convolutive code)

IEEE 802.11g (ERP-OFDM), IEEE 802.11n (MIMO)

Carrier Sense Multiple Access

Basic CSMA: listen before talk

node withdraws over signal detection
packet
emitter ack destination forbidden period

DIFS

forbidden zone

Hidden nodes collisions avoidance

Node withdraws over hidden nodes detection
RTS emitter destination CTS forbidden period packet ack

Collision management

CSMA/CA Carrier Sense Multiple Access with Collision Avoidance

Retransmissions
packet

DIF ack S

RTS CTS

packet ack

forbidden period

Forbidden Period

Random backoff of transmission over forbidden periods

Evite les collisions rptes The node selects a random backoff: a number of mini-slots between 0 and Cmax-1 (8) Mini-slots are not decremented during forbidden periods

Forbidden period slot slot Forbid. period Example: time for a backoff of 3 slots
Cmax double at each collision (lack of CTS or ACK) Retry number limited to max_retry (7-16). Slot<DIFS (Distributed Inter Frame Space)

slot

Terminology
Distribution system

ESS

AP

IBSS

terminal BSS

ad hoc mode
AP: Access Point BSS: Basic Set Service ESS: Extended Set Service IBSS: Independent Basic Set Service

Infrastructure mode

Formats (packets)
IEEE 802.11 packet
preamble MAC header Data part (IP packet) Check sum

Packet emission
packet

SISF ACK

Emitter node

Intended Receiver node

Format (Preamble)

Formats (MAC header)

control Address 1 Address 2 Address 3 sequence Address 4 Four addresses in infrastructure mode Only two in ad hoc mode Control field contains length and mode Sequence field for fragmentation

WEP security
Authentification and encryption (secret key K, symmetric)
The terminal requires the access point authentification The access point sends a challenge of 128 random bits The terminal returns the 128 bits xored by K The access point confirms authentification

Default: James Bond overhear the key K via direct comparison between challenge and terminal reply!

Packet encryption (algorithm RC4)

pseudo random sequence seed=K*IV (Initialisation Vector in packet header) Integrity check via an internal check sum RC4 is linear (RC4(xy)=RC4(x)RC4(y))!

WEP is very weak and only address unvolontary earsdropping.

improved security
WEP improvement with IEEE 802.11i
Introduction of IEEE 802.1x to manage the secret keys K (Extensible Authentification Protocol- Transport Layer Security, EAP-TLS). Authentification made indpendant of encryption Introduction of more sophisticated function : (K,IV)RC4 seed.
Authentification agent

IEEE 802.1x
IEEE 802.11

= IEEE 802.15.1
Communication between personnal devices Architecture piconet master slave:
7 slaves max per piconet
master slaves

Exclusive links slave-master Slotted time

piconet

IEEE 802.15.1
Wide area architecture : scatternet

esclaves
Several tiled piconets Frequency hopings differ certains nodes switch status master-slave

IEEE 802.15.1
Limited emission power
Class 1: 100 mW class 2: 2,5 mW class 3: 1 mW (1/1000 GSM)

Minimal signal processing

Periodic TDMA Throughput 1 Mbps max Few meters range.

Profiles
Standadized applications

IEEE 802.15.1
Slotted system managed by the master node over a single frequence

From master From slave

Adaptative FEC, rate: 1 (no correction), 2/3, 1/3 Frequency hopping (1600/sec)
One hop per slot over 79 channels (2,4 GHz) Throughput 1 Mbps, extensions for10 Mbps.

Bluetooh + WiFi

Formats
Format du paquet

Access Code (AC): synchro, pagination (slot #). Channel AC, Device AC, Inquiry AC. Header: address, sequence number, flow control, acquittement

frequency hoping

Periodic change of frequencies. Predetermined sequence fixed in standard. Goal: use uncongested frequencies.

Connection
Connection establishment
Inquiry for destination terminal identification (source, destination) paging for synchronization of emissions (source, master, destination) polling, the master prompts each slave emission. Out of connection, the slave can be in wake mode or in sleed mode, otherwise it looses its MAC address.

Scurity
Authentification (E1 algorithm)
Secret shared key (link key) (128 bits)

Encryption (algorithms KG, E0)

Secret key Kc (deduced from link key par KG) from 8 to 128 bits (negociated) Use of slot number in E0 (indicated in paging) E1 and E0 differ.

Default of Bluetooth security

Keys are too short link key and Kc are both function of device PIN (4 bits).

Authentification
Authentification of B byA
B sends its address (48 bits) A returns rand(A) to B (challenge 128 bits) E1(addr B, link key, rand(A))=(SRES,ACO) (32 bits, 96 bits) B returns SRES.

Encryption
mode 2
Packets are encrypted via individual keys Kc(B)=KG(,ACO(B)) Broadcast packets are not encrypted

mode 3
All packets are encrypted via the key of the master Kc=KG(,ACO(A))

encryption
Kc depends on link key, ACO and EN_RAND The pseudo random word Kstr depends on slot number and the addess of the master In packet crypted code=dataKstr