WLAN 802.

11 Power Save

Terminology

Traffic Indication Map

TIM shall identify the STAs for which traffic is pending and buffered in AP

AP can buffer all types of traffic such as unicast & multicast/broadcast traffic.

Delivery Traffic Indication Message (DTIM)

DTIM period is used to deliver broadcast/multicast traffic to STAs in PS mode

Listen Interval

This field is advertised in Association Response

TYPES of Power Save Techniques

Power Save Mode (PSM)

Unscheduled APSD (U-APSD)

WMM Power Save (WM-PS)

Power Save Multi-Poll (PSMP)

Why Power Save?

Battery powered devices aim for lower power

consumption
Usage of WLAN during standby state should be
at the minimum

How to communicate?
STATION

Informs that it goes to

sleep by setting PM
bit in Frame Control
field

Access Point

Indicates the
presence of data in
DTIM
Indicates the
presence of more
data in MD bit Frame
Control Field

PS-POLL

UAPSD
Access Categories and Quality of Service

AC Number Name Description

0 BE Best effort

1 BK Background

2 VI Video

3 VO Voice

UAPSD (cont)
UAPSD enables an STA to retrieve unicast QoS
traffic buffered in the AP by sending trigger
frames.

WMM Power Save Advertisement

U-APSD enabled STA association

STA sets Power Management

STA sends UAPSD trigger

WMM Power Save

U-APSD

S- APSD

Power Save Multi Poll

An extension to U-APSD and S-APSD, the

scheduled version reserves a time slot for a
given client station and thus temporarily
silences others associated. This technique may
be better with relatively heavy traffic loads.

IEEE 802.11 Security

Basic Security Mechanisms
Service Set Identifier (SSID)
MAC Address filtering
Wired Equivalent Privacy (WEP) protocol

SSID limitations
Limits access by identifying the service area covered by
the access points.
AP periodically broadcasts SSID in a beacon.
End station listens to these broadcasts and chooses an
AP to associate with based upon its SSID.
Use of SSID weak form of security as beacon
management frames on 802.11 WLAN are always sent
in the clear.
A hacker can use analysis tools (eg. AirMagnet,
Netstumbler, AiroPeek) to identify SSID.

MAC filtering limitations

The system administrator can specify a list of
MAC addresses that can communicate through
an access point.
Advantage :
Provides a little stronger security than SSID
Disadvantages :
Increases Administrative overhead
Reduces Scalability

WEP

WEP had three main security goals:

Confidentiality: Prevent eavesdropping
Access Control: Prevent inappropriate use of 802.11 network, such
as facilitate dropping of not-authorized packets
Data Integrity: Ensure that messages are not altered or tampered
with in transit
The basic WEP standard uses a 40-bit key (with 24bit IV)
Additionally, many implementations allow for 104-bit key (with 24bit
IV)
None of the three goals are provided in WEP due to serious security
design flaws and the fact that it is easy to eavesdrop on WLAN

WEP - limitations

Authentication and Encryption uses same

secret key!
Station authenticated only once and after
association a hacker
RC4 cryptography can be easily broken

IEEE 802.11i

Robust Secuity Network

Uses AES (Advanced Encryption System) cipher

Limitation: Hardware change

WPA (Wifi Protected Access) Uses RC4 but TKIP

(Temporal Key Integrity Protocol)
* RADIUS server Enterprise ( Authentication procedure
Extensible Authentication Protocol (EAP))
* PSK (Pre Shared Key) SOHO

WPA2 suppports both AES and TKIP

Wireless Attacks

Rogue Access point uncontrolled,

unmonitored access point installed on a
network

Wireless Hijack Man in the middle attack

Eavesdropping

Radio jamming

Network Analyzers

Airopeek

Omnipeek

Ethereal

Wireshark