Session 1: IEEE 802.11 (WIFI) Flashcards
In what bandwidth does WiFi operate?
Most versions of WiFi operate in the unregulated 2.4 GHz spectrum. This spectrum is shared by several other technologies stretching from Bluetooth to microwave ovens.
Newer versions of WiFi enable the utilization of the 5 GHz spectrum which offers greater speed at the cost of significantly reduced range.
Some are now looking into utilizing the 60 GHz spectrum. This will enable extreme transmission speeds of up to 20 Gbit/s, this however will only work when there is line of sight between the nodes (no physical medium in between).
What is the channel access problem?
As wifi communicates wirelessly all nodes share the medium in which all communications occur. Consequently, simply transmitting without ensuring that no one else is using the channel of communication is naive and will most likely lead to collisions (which makes all communication undecipherable).
A possible solution for avoiding collisions is to implement the “listen before you talk” strategy seen in ethernet. This will however not function as well in WiFi as you cannot send and listen simultaneously. Another key issue is that some nodes may be to far away from one another to be able to detect if the other is transmitting. Consider the scenario in which A and C tries to transmit to B, but A cannot hear C and vice versa. This is known as the hidden terminal problem. In such a scenario, both A and C will always deem the channel as open and transmit whenever possible, hence, listening before transmitting will prove insufficient.
How is the channel access problem solved in wireless networks?
WiFi solves the channel access problem through utilizing a explicit protocol known as RTS CTS. Every node looking to transmit must send out a request to send (RTS). Every node has an internal unique countdown which, once it reaches zero, allows the node to send an RTS. If another node sends an RTS, the countdowns at all the other nodes freezes. The RTS itself contains a period of time requested for transmission.
The reciever will reply with a CTS (confirm to send) with a time allocated for transmission. This is also known as a NAV (network allocation vector). Once the transmitter has sent the data, the reciever replies with and ACK. When the ACK is sent, other nodes unfreeze their countdown.
How is the hidden terminal problem dealt with?
WiFi is not protected from the hidden terminal problem when using the RTS CTS protocol. RTS and data transmission can collide. When this happens the transmitting nodes chooses a new countdown peroid using a technique known as exponential backoff where we increase the countdown by some amount to reduce the probability of a future collision.
What is jamming?
Jamming is a technique used for disruptive purposes. In wireless networks, jamming can be accomplished by intentionally creating as much noise in the channel as possible to ensure that no other node can transmit data. One technique is to simply flood the channel with RTS’ to always keep the other nodes’ countdown timer frozen. WiFi jamming can easily be carried out as you only need a small device easily acquired for a small fee. This can be a rather effective DoS attack as many organizations are completely dependant on wireless data transmissions. One example are grocery stores where all the payment terminals are connected wirelessly. Through simply putting a WiFi jammer in the proximity of such terminals, you can effectively deny the store from selling its inventory (when not using cash).
What are the different communication structures used in WiFi?
IEEE.11 allows multiple modes of operation. Ad-hoc mode allows all nodes to be treated equally. This however not as commonly used.
A structured setup using an access point (AP) where the AP functions as the backbone providing access to another structured network is the most frequently used. The combination of an AP and hosts is known in 802.11 terminology as a Basic Service Set (BSS). When there are multiple access points in a network, it is known as Extended service set (ESS). When there are more than one AP, roaming becomes possible (connect to the AP with the best service at a given physical location).
How does association and disassociation with APs work?
APs will periodically send out beacon signals to inform other hosts of their existence. This allows nodes to associate with the AP or switch AP to obtain a better connection.
If there is only a single AP in the network, association is only required once. Most devices remember the AP once connected to through saving their SSID. For networks with a single AP, this is known as a BSSID.
If there are several APs in the network the device can roam between the different APs based which offers the best connection. Even though all APs have their own BSSID, a node can reassociate using the ESSID.
When a node is moving to another ESS it will need to disassociate before associating with the other ESS.
What are rouge access points?
A rouge access point is an additional access point added to a network which has not been put in place by the network administrators. Such access points may be installed by attacker to enable them to route traffic from hosts and onto specially crafted web-sites. This is a very powerful technique for stealing credentials. One of the strongest way of implementing a rouge AP is to give it a well known SSID, e.g., EDUROAM. If a device has ever connected to an AP with an SSID equal to that of the crafted SSID of the rouge AP, it will try to connect automatically making the user blissfully unaware of what just happened. This is a common attack strategy often seen in areas with heavy tourism as it can easily be installed in restaurants and other public networks.
What is WEP and how does it work?
Wireless Equivalent Privacy was originally a part of IEEE 802.11 as a means to provide data confidentiality similar to that found in wired networks.
WEP provided authentication of clients, not of access points, which made the detection of rouge APs impossible.
WEP uses a 40-bit key (later 104) and the RFC4 stream cipher encryption algorithm to encrypt traffic. This was later proved to be easily broken, where the probability of a collision being 50 % after just 4823 packets. A collision makes it possible to perform roll-back of the encryption, i.e., make crypt analysis significantly easier. This was first accomplished in 2001.
Due to its limitations, WEP was replaced by WPA in 2004.
What does the RADIUS protocol offer?
The RADIUS protocol runs on the application layer and can be utilized for authentication, authorization, and accounting between and access point and an authentication server.
RADIUS provides stronger network security as it places stronger limitations on the ones that can access a network. When a host wishes to connect to a RADIUS protected network, he must provide certain credentials to the AP which functions as the RADIUS client. Once received, the AP checks the provided credentials against a RADIUS server. The AP must also provide the necessary keys to establish an encrypted connection with the authentication server. The host will only be able to connect if the RADIUS server locates the provided credentials in the list of hosts allowed to connect. Consequently, there is much stronger control on which hosts that can connect to the network, while there is a much greater chance you will be able to detect rouge access points.
