802.11 Family of Standards
802.11 refers to a family of specifications developed by the IEEE for wireless LAN technology. The original 802.11 standard specifies an over−the−air interface between a wireless client and a base station or between two wireless clients.
The IEEE accepted the specification for 802.11 in 1997. The task groups within the 802.11 working group have produced few extensions to the original specification.
The products of these extensions are named after the task group and the original specification—for example, 802.11b is an extension developed by the task group b. The most popular extensions of 802.11 specifications are 802.11b, 802.11a, and 802.11g.
The 802.11 Standard Details
The 802.11 standard specifies wireless LANs that provide up to 2 Mbps of transmission speed and operate in the 2.4−GHz Industrial, Scientific, and Medical (ISM) band using either frequency−hopping spread spectrum (FHSS) or direct−sequence spread spectrum (DSSS).
The IEEE approved this standard in 1997. The standard defines a physical layer (PHY), a medium access control (MAC) layer, the security primitives, and the basic operation modes.
The Physical Layer
The 802.11 standard supports both radio frequency− and infrared−based physical network interfaces. However, most implementations of 802.11 use radio frequency, and we only discuss the radio frequency−based physical interface here.
802.11 Frequency Bandwidth
802.11 standard−compliant devices operate in the unlicensed 2.4−GHz ISM band. Due to the limited bandwidth available when the electromagnetic spectrum is used for data transmission, many factors have to be considered for reliable, safe, and high−performance operation.
These factors include the technologies used to propagate signals within the RF band, the time that a single device is allowed to have an exclusive transmission right, and the modulation scheme.
For these reasons, FCC regulations require that radio frequency systems must use spread spectrum technology when operating in the unlicensed bands.
Spread Spectrum Technology
The 802.11 standard mandates using either DSSS or FHSS. In FHSS, the radio signal hops within the transmission band. Because the signal does not stay in one place on the band, FHSS can elude and resist radio interference.
DSSS avoids interference by configuring the spreading function in the receiver to concentrate the desired signal, and to spread out and dilute any interfering signal.
Direct−Sequence Spread Spectrum (DSSS)
In DSSS the transmission signal is spread over an allowed band. The data is transmitted by first modulating a binary string called spreading code. A random binary string is used to modulate the transmitted signal.
This random string is called the spreading code. The data bits are mapped to a pattern of "chips" and mapped back into a bit at the destination. The number of chips that represent a bit is the spreading ratio.
The higher the spreading ratio, the more the signal is resistant to interference. The lower the spreading ratio, the more bandwidth is available to the user. The FCC mandates that the spreading ratio must be more than 10.
Most products have a spreading ratio of less than 20. The transmitter and the receiver must be synchronized with the same spreading code. Recovery is faster in DSSS systems because of the ability to spread the signal over a wider band.
Frequency−Hopping Spread Spectrum (FHSS)
This spread spectrum technique divides the band into smaller subchannels of usually 1 MHz. The transmitter then hops between the subchannels sending out short bursts of data for a given time. The maximum amount of time that a transmitter spends in a subchannel is called the dwell time.
In order for FHSS to work correctly, both communicating ends must be synchronized (that is, both sides must use the same hopping pattern), otherwise they lose the data. FHSS is more resistant to interference because of its hopping nature.
The FCC mandates that the band must be split into at least 75 subchannels and that no subchannel is occupied for more than 400 milliseconds. Debate is always ongoing about the security that this hopping feature provides.
Since there are only 75 subchannels available, the hopping pattern has to be repeated once all the 75 subchannels have been hopped. HomeRF FHSS implementations select the initial hopping sequence in a pseudorandom fashion from among a list of 75 channels without replacement.
After the initial 75 hops, the entire sequence is repeated without any replacement or change in the hopping order. An intruder could possibly compromise the system by monitoring and recording the hopping sequence and then waiting till the whole sequence is repeated.
Once the hacker confirms the hopping pattern, he or she can predict the next subchannel that hopping pattern will be using thereby defeating the hopping advantage altogether.
HomeRF radios, for example, hop through each of the 75 hopping channels at a rate of 50 hops per second in a total of 1.5 seconds, repeating the same pattern each time, enabling a hacker to guess the hopping sequence in 3 seconds. Nevertheless, this technique still provides a high level of security in that expensive equipment is needed to break it.
Many FHSS LANs can be colocated if an orthogonal hopping sequence is used. Since the subchannels in FHSS are smaller than DSSS, the number of colocated LANs can be greater with FHSS systems. The most commonly used standard based on FHSS is HomeRF.
The MAC Layer
The MAC layer controls how data is to be distributed over the physical medium. The main job of the MAC protocol is to regulate the usage of the medium, and this is done through a channel access mechanism.
A channel access mechanism is a way to divide the available bandwidth resource between subchannels—the radio channel—by regulating the use of it. It tells each subchannel when it can transmit and when it is expected to receive data.
The channel access mechanism is the core of the MAC protocol. With most wired LAN using the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) it was a logical choice for the 802.11 Working Group to apply the CSMA/CD technology when developing the MAC layer for the 802.11 standard.
The working group chose the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA), a derivative of CSMA/CD, as the MAC protocol for the 802.11 standard. CSMA/CA works as follows: The station listens before it sends.
If someone is already transmitting, it waits for a random period and tries again. If no one is transmitting, then it sends a short message. This message is called the ready−to−send message (RTS). This message contains the destination address and the duration of the transmission.
Other stations now know that they must wait that long before they can transmit. The destination then sends a short message, which is the clear−to−send message (CTS). This message tells the source that it can send without fear of collisions.
Upon successful reception of a packet, the receiving end transmits an acknowledgment packet (ACK). Each packet is acknowledged. If an acknowledgment is not received, the MAC layer retransmits the data. This entire sequence is called the four−way handshake.
802.11 Security
IEEE 802.11 provides two types of data security authentication and privacy. Authentication is the means by which one station verifies the identity of another station in a given coverage area.
In the infrastructure mode, authentication is established between an AP and each station. When providing privacy, a wireless LAN system guarantees that data is encrypted when traveling over the media.
There are two types of authentication mechanisms in 802.11: open system or shared key. In an open system, any station may request authentication. The station receiving the request may grant authentication to any request, or to only those from stations on a preconfigured user−defined list.
In a shared−key system, only stations that possess a secret encrypted key can be authenticated. Shared−key authentication is available only to systems having the optional encryption capability.
The 802.11 standard mandates the use of Wired Equivalent Privacy (WEP) for providing confidentiality of the data transmitted over the air at a level of security comparable to that of a wired LAN.
WEP is a security protocol, specified in the IEEE wireless fidelity (Wi-Fi) standard that is designed to provide a wireless LAN with a level of security and privacy comparable to what is usually expected of a wired LAN. WEP uses the RC4 Pseudo Random Number Generator (PRNG) algorithm from RSA Security, Inc. to perform all encryption functions.
A wired LAN is generally protected by physical security mechanisms (for example, controlled access to a building) that are effective for a controlled physical environment, but they may be ineffective for wireless LANs because radio waves are not necessarily bounced by the walls containing the network.
WEP seeks to establish protection similar to that offered by the wired network's physical security measures by encrypting data transmitted over the wireless LAN. This way even if someone listens in to the wireless packets, that eavesdropper will not be successful in understanding the content of the data being transmitted over the wireless LAN.
Operating Modes
The 802.11 standard defines two operating modes: the ad hoc and the infrastructure mode. To understand how an 802.11 wireless LAN operates, let's understand the basic terminologies used to describe the two modes.
Terminologies
The terminologies describing the two operating modes include a station, an independent basic service set (IBSS), a basic service set (BSS), an extended service set (ESS), an access point (AP), and a distribution system (DS).
- An 802.11 - Station An 802.11 station is defined as an 802.11−compliant device. This could be a computer equipped with an 802.11−compliant network card.
- Basic Service Set (BSS) - A BSS consists of two or more stations that communicate with each other.
- An Access Point (AP) - An AP is a station in an 802.11 wireless LAN that routes the traffic between the stations or among stations within a BSS. The AP can simply be a routing device with 802.11 capabilities.
An AP must have a network address, it must act like a regular station on the network, and it must be addressable by the other stations on the network.
An AP periodically sends beacon frames to announce its presence, it provides new information to all stations, authenticates users, manages transmitted data privacy, and keeps stations synchronized with the network.
- Independent Basic Service Set (IBSS) - A BSS that stands alone and is not connected to an AP is called an independent basic service set (IBSS).
- Distribution System (DS) - A distribution system interconnects multiple APs, forming a single network. A distribution system, therefore, extends a wireless network.
The 802.11 standard does not specify the architecture of a DS, but it does require that a DS must be supported by 802.11−compliant devices. Now that we know the basic terminologies, let's look at the operating modes of an 802.11 wireless LAN.
- 802.11 Ad−Hoc Mode - When a BSS−based network (two or more stations connected with each other over wireless) stands alone and is not connected to an AP, it is known as an ad−hoc network.
An ESS is formed when two or more BSSs operate within the same network. An ad−hoc network is a network where stations communicate only peer−to−peer. An example of a wireless LAN operating in ad−hoc mode would be a LAN with two computers communicating with each other using a wireless link.
- Infrastructure Mode - An 802.11 network is known to be operating in infrastructure mode when two or more BSSs are interconnected using an access point. Access points act like hubs for wireless stations.
An access point routes the traffic between the two BSSs. An access point is sometimes connected to a wired network to provide wired network resources to the wireless stations.
Each BSS becomes a component of an extended, larger network. An access point is a station, thus addressable. So data moves between the BSS and the wired network with the help of these access points.
A wireless LAN consisting of two computers and an AP, with each computer equipped with wireless LAN adapters, is an example of a wireless LAN operating in the infrastructure mode.
Roaming
The 802.11 standard does not define a standard mechanism for roaming. Roaming is a feature of wireless LAN that enables a station to travel between the APs without any gap or loss of connectivity during transit.
Though 802.11 does not define how roaming should be performed, it does provide the basic support functions that can be used to perform roaming. It is up to the individual implementers to choose how to support roaming in their devices.
In most cases, the station association and disassociation services are used to enable the roaming feature. The APs are installed such that they barely overlap their operating space.
When a roaming user approaches the functional boundary of the AP it is currently associated with, the network adapter, upon realization of weaker signal, starts looking for other APs in the area.
If the network adapter finds a stronger signal in the newly discovered APs, it disassociates itself from the AP with which it was associated and associates itself with the newly discovered AP.