Wireless LAN

A wireless local area network (WLAN) links two or more devices using some wireless
distribution method (typically spread-spectrum or OFDM radio), and usually providing
a connection through an access point to the wider internet. This gives users the mobility
to move around within a local coverage area and still be connected to the network.

Wireless LANs have become popular in the home due to ease of installation, and the
increasing popularity of laptop computers.

In 1970 Norman Abramson, a professor at the University of Hawaii developed the

world’s first wireless computer communication network, ALOHA net, using low-cost
ham-like radios. The bi-directional star topology of the system included seven computers,
was deployed over four islands to communicate with the central computer on the Oahu
Island without using phone lines.

Architecture:
Stations

All components that can connect into a wireless medium in a network are referred to as
stations.

All stations are equipped with wireless network interface cards (WNICs)

Wireless stations fall into one of two categories: access points, and clients.

Access points (APs), normally routers, are base stations for the wireless network. They
transmit and receive radio frequencies for wireless enabled devices to communicate with.

Wireless clients can be mobile devices such as laptops, personal digital assistants, IP
phones, or fixed devices such as desktops and workstations that are equipped with a
wireless network interface.

Basic service set

The basic service set (BSS) is a set of all stations that can communicate with each other.

There are two types of BSS: Independent BSS (also referred to as IBSS), and
infrastructure BSS.

Every BSS has an identification (ID) called the BSSID, which is the MAC address of the
access point servicing the BSS.
An independent BSS (IBSS) is an ad-hoc network that contains no access points, which
means they can not connect to any other basic service set.

An infrastructure can communicate with other stations not in the same basic service set
by communicating through access points.

Extended service set

An extended service set (ESS) is a set of connected BSSes. Access points in an ESS are
connected by a distribution system. Each ESS has an ID called the SSID which is a 32-
byte (maximum) character string.

Distribution system

A distribution system (DS) connects access points in an extended service set. The concept
of a DS can be used to increase network coverage through roaming between cells.

Types of wireless LANs

Peer-to-peer
An ad-hoc network is a network where stations communicate only peer to peer (P2P).
There is no base and no one gives permission to talk. This is accomplished using the
Independent Basic Service Set (IBSS)..

A peer-to-peer (P2P) network allows wireless devices to directly communicate with each
other. Wireless devices within range of each other can discover and communicate directly
without involving central access points. This method is typically used by two computers
so that they can connect to each other to form a network.

An Ad Hoc network uses a connection between two or more devices without using a
wireless access point: the devices communicate directly when in range. An Ad Hoc
network is used in situations such as a quick data exchange or a multiplayer LAN game
because setup is easy and does not require an access point. Due to its peer-to-peer layout,
Ad Hoc connections are similar to Bluetooth ones and are generally not recommended for
a permanent installation.

If a signal strength meter is used in this situation, it may not read the strength accurately
and can be misleading, because it registers the strength of the strongest signal, which may
be the closest computer. Devices A and C are both communicating with B, but are
unaware of each other IEEE 802.11 define the physical layer (PHY) and MAC (Media
Access Control) layers based on CSMA/CA (Carrier Sense Multiple Access with
Collision Avoidance). The 802.11 specification includes provisions designed to minimize
collisions, because two mobile units may both be in range of a common access point, but
out of range of each other.

The 802.11 has two basic modes of operation: Ad hoc mode enables peer-to-peer
transmission between mobile units.

Infrastructure mode in which mobile units communicate through an access point that
serves as a bridge to a wired network infrastructure is the more common wireless LAN
application the one being covered.
Since wireless communication uses a more open medium for communication in
comparison to wired LANs, the 802.11 designers also included shared-key encryption
mechanisms: Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA, WPA2),
to secure wireless computer networks

Bridge
A bridge can be used to connect networks, typically of different types. A wireless
Ethernet bridge allows the connection of devices on a wired Ethernet network to a
wireless network. The bridge acts as the connection point to the Wireless LAN.

Wireless distribution system

A Wireless Distribution System is a system that enables the wireless interconnection of

access points in an IEEE 802.11 network. It allows a wireless network to be expanded
using multiple access points without the need for a wired backbone to link them, as is
traditionally required. The notable advantage of WDS over other solutions is that it
preserves the MAC addresses of client packets across links between access points.[4]

An access point can be either a main, relay or remote base station. A main base station is
typically connected to the wired Ethernet. A relay base station relays data between
remote base stations, wireless clients or other relay stations to either a main or another
relay base station. A remote base station accepts connections from wireless clients and
passes them to relay or main stations. Connections between "clients" are made using
MAC addresses rather than by specifying IP assignments.

All base stations in a Wireless Distribution System must be configured to use the same
radio channel, and share WEP keys or WPA keys if they are used. They can be
configured to different service set identifiers. WDS also requires that every base station
be configured to forward to others in the system.

WDS may also be referred to as repeater mode because it appears to bridge and accept
wireless clients at the same time (unlike traditional bridging). It should be noted,
however, that throughput in this method is halved for all clients connected wirelessly.

When it is difficult to connect all of the access points in a network by wires, it is also
possible to put up access points as repeaters

Roaming

There are 2 definitions for wireless LAN roaming:

Internal Roaming (1): The Mobile Station (MS) moves from one access point (AP) to
another AP within a home network because the signal strength is too weak. The billing of
QoS is in the home network. A Mobile Station roaming from one access point to another

often interrupts the flow of data between the Mobile Station and an application connected
to the network. The Mobile Station, for instance, periodically monitors the presence of
alternative access points (ones that will provide a better connection). At some point,
based upon proprietary mechanisms, the Mobile Station decides to re-associate with an
access point having a stronger wireless signal. The Mobile Station, however, may lose a
connection with an access point before associating with another access point. In order to
provide reliable connections with applications, the Mobile Station must generally include
software that provides session persistence

• External Roaming (2): The MS (client) moves into a WLAN of another Wireless
Internet Service Provider (WISP) and takes their services (Hotspot). The user can
independently of his home network use another foreign network, if this is open for
visitors. There must be special authentication and billing systems for mobile
services in a foreign network.

Wired Equivalent Privacy (WEP)

It is a deprecated security algorithm for IEEE 802.11 wireless networks. Wireless

transmission is susceptible to eavesdropping and, so, WEP was introduced as part of the
original 802.11 protocol in 1997. It was intended to provide confidentiality comparable to
that of a traditional wired network.

WEP was included as the privacy of the original IEEE 802.11 standard ratified in
September 1999. WEP uses the stream cipher RC4 for confidentiality, and the CRC-32
checksum for integrity. It was deprecated as a wireless privacy mechanism in 2004, but
for legacy purposes is still documented in the current standard

Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated
with a 24-bit initialization vector (IV) to form the RC4 traffic key. At the time that the
original WEP standard was being drafted, U.S. Government export restrictions on
cryptographic technology limited the key size. Once the restrictions were lifted, all of the
major manufacturers eventually implemented an extended 128-bit WEP protocol using a
104-bit key size (WEP-104).

A 128-bit WEP key is almost always entered by users as a string of 26 hexadecimal (base
16) characters (0-9 and A-F). Each character represents four bits of the key. 26 digits of
four bits each gives 104 bits; adding the 24-bit IV produces the final 128-bit WEP key.
A 256-bit WEP system is available from some vendors, and as with the 128-bit key
system, 24 bits of that is for the IV, leaving 232 actual bits for protection. These 232 bits
are typically entered as 58 hexadecimal characters. (58 × 4 = 232 bits) + 24 IV bits =
256-bit WEP key.

Key size is not the only major security limitation in WEP.[10] Cracking a longer key
requires interception of more packets, but there are active attacks that stimulate the
necessary traffic. There are other weaknesses in WEP, including the possibility of IV
collisions and altered packets,[7] that are not helped at all by a longer key.

Authentication

Two methods of authentication can be used with WEP: Open System authentication and
Shared Key authentication.

For the sake of clarity, we discuss WEP authentication in the Infrastructure mode (that is,
between a WLAN client and an Access Point), but the discussion applies to the ad-Hoc
mode as well.

In Open System authentication, the WLAN client need not provide its credentials to the
Access Point during authentication. Thus, any client, regardless of its WEP keys, can
authenticate itself with the Access Point and then attempt to associate. In effect, no
authentication (in the true sense of the term) occurs. After the authentication and
association, WEP can be used for encrypting the data frames. At this point, the client
needs to have the right keys.

In Shared Key authentication, the WEP key is used for authentication. A four-way
challenge-response handshake is used:

1. The client station sends an authentication request to the Access Point.

2. The Access Point sends back a clear-text challenge.
3. The client has to encrypt the challenge text using the configured WEP key, and
send it back in another authentication request.
4. The Access Point decrypts the material, and compares it with the clear-text it had
sent. Depending on the success of this comparison, the Access Point sends back a
positive or negative response.

After the authentication and association, the pre-shared WEP key is also used for
encrypting the data frames using RC4.

At first glance, it might seem as though Shared Key authentication is more secure than
Open System authentication, since the latter offers no real authentication. However, it is
quite the reverse. It is possible to derive the keystream used for the handshake by
capturing the challenge frames in Shared Key authentication.[2] Hence, it is advisable to
use Open System authentication for WEP authentication, rather than Shared Key
authentication. (Note that both authentication mechanisms are weak.)
Flaws

Because RC4 is a stream cipher, the same traffic key must never be used twice. The
purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-
bit IV is not long enough to ensure this on a busy network. The way the IV was used also
opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same
IV will repeat after 5000 packets.

In August 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir published a cryptanalysis of
WEP that exploits the way the RC4 cipher and IV is used in WEP, resulting in a passive
attack that can recover the RC4 key after eavesdropping on the network. Depending on
the amount of network traffic, and thus the number of packets available for inspection, a
successful key recovery could take as little as one minute. If an insufficient number of
packets are being sent, there are ways for an attacker to send packets on the network and
thereby stimulate reply packets which can then be inspected to find the key. The attack
was soon implemented, and automated tools have since been released. It is possible to
perform the attack with a personal computer, off-the-shelf hardware and freely available
software such as aircrack-ng to crack any WEP key in minutes.

Cam-Winget et al. (2003) surveyed a variety of shortcomings in WEP. They write

"Experiments in the field indicate that, with proper equipment, it is practical to
eavesdrop on WEP-protected networks from distances of a mile or more from the target."
They also reported two generic weaknesses:

• the use of WEP was optional, resulting in many installations never even activating
it, and
• WEP did not include a key management protocol, relying instead on a single
shared key among users

802.11

A family of IEEE standards for wireless LANs that extend wired Ethernet (802.3) into
the wireless domain. The 802.11 standard is more widely known as "Wi-Fi" because the
Wi-Fi Alliance, an organization independent of IEEE, provides certification for products
that conform to 802.11 (see Wi-Fi Alliance).

The first 802.11 specifications were introduced in 1997 and included two spread
spectrum methods for transmission in the unlicensed 2.4GHz band: 1 Mbps frequency
hopping (FHSS) and 1 and 2 Mbps direct sequence (DSSS). It also included an infrared
method. Both FHSS and infrared were dropped by the Wi-Fi Alliance, but the 1 Mbps
DSSS method is still used by access points to advertise themselves (see beaconing).

802.11b (11b)
In 1999, 802.11b boosted speed to 11 Mbps using DSSS. The 1 and 2 Mbps DSSS modes
were retained so that devices could throttle down to lower speeds when signals become
weak.

802.11a and 802.11g - (11a and 11g)

Using the orthogonal FDM (OFDM) transmission method, two higher-speed standards
followed 802.11b that provide up to 54 Mbps: 802.11a transmits in the 5 GHz frequency
range and is not backward compatible with 11b, but 11g transmits in the same 2.4 GHz
range and is compatible with 11b. If 11b and 11g devices are communicating, it is done at
the slower 11b speed.

Multiple Channels
802.11 systems divide the spectrum into channels so that nearby access points can
operate on different channels without interference, but 11b and 11g use overlapping
channels. Out of the 11 channels (in the U.S.), only channels 1, 6 and 11 can be used,
effectively allowing only three access points to operate near each other. However, 11a
uses 12 non-overlapping channels, allowing 12 access points to operate in the same
vicinity.

802.11n (11n)
The 802.11n standard, expected in 2009, uses multiple antennas for speeds up to 100
Mbps and more. An interim specification was approved in 2007 so that equipment could
work together (see 802.11n).

Two Modes of Operation

An 802.11 system works in two modes. In "infrastructure" mode, wireless devices
communicate to a wired LAN via base stations known as "access points." Each access
point and its wireless devices are known as a Basic Service Set (BSS). An Extended
Service Set (ESS) is two or more BSSs in the same subnet.

In "ad hoc" mode, also known as "peer-to-peer" mode, wireless devices communicate
with each other directly without an access point. This is an Independent BSS (IBSS).

Throughput Varies
The speed of 802.11 systems is distance dependent. The farther away the remote device
from the base station, the lower the speed (see chart below). Also, the actual data
throughput is generally no more than half of the rated speed because 802.11 uses a
collision "avoidance" technology (CSMA/CA) rather than the collision "detection"
method (CSMA/CD) in wired Ethernet. Wired systems can detect a collision, but wireless
cannot, thus, the CSMA/CA method waits for an acknowledgment from the other end to
determine if the packet was transmitted properly. A 54 Mbps rated speed yields only
about 27 Mbps in real throughput.

In addition, access points that support a mixed 11b and 11g network drop the throughput
to 18 Mbps to start with and wind up with approximately 6 to 9 Mbps total when clients
are transmitting.

wireless access point (WAP)

In computer networking, a wireless access point (WAP) is a device that allows wired
communication devices to connect to a wireless network using Wi-Fi, Bluetooth or
related standards. The WAP usually connects to a router, and can relay data between the
wireless devices (such as computers or printers) and wired devices on the network.