MULTIPLE RADIO ACCESS
ES S NE
Oriented Networks Random Access for Data Oriented Networks , Handoff and Roaming Support, Security and Privacy
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
Medium Access Alternatives: Fixed-Assignment for Voice
OR
KS
Ananth.R
EC
20 43
Visit www.agniece.blog.com for further details
W IR
ALTERNATIVES
EL
ES S
NE
WIRELESS MEDIUM ACCESS
TW
OR
Ananth.R
KS
WIRELESS MEDIUM ACCESS
c.
Code-Division Multiple Access (CDMA)
b. CSMA-Based Wireless Random Access Techniques
EC
20 43
a. ALOHA-Based Wireless Random Access Techniques
Visit www.agniece.blog.com for further details
W IR
2. Random Access for Data-Oriented Networks
EL
ES S
NE
b. Time Division Multiple Access (TDMA)
TW
a. Frequency Division Multiple Access (FDMA)
OR
KS
1. Fixed-Assignment Access for Voice-Oriented Networks
Ananth.R
EC
20 43
Fixed-Assignment Multiple Access Techniques
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
KS
Ananth.R
• Multiple access techniques enable multiple signals to
EC
20 43
Visit www.agniece.blog.com for further details
W IR
occupy a single communications channel.
EL
ES S
NE
communication is limited.
TW
• The available spectrum bandwidth for our wireless
OR
KS
Ananth.R
Major Types
TW
• Frequency division multiple access (FDMA)
EC
20 43
Visit www.agniece.blog.com for further details
W IR
• Code division multiple access (CDMA)
EL
ES S
• Time division multiple access (TDMA)
NE
OR
KS
Ananth.R
Frequency Division Multiple Access
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
Ananth.R
KS
Frequency Division Multiple Access
(i.e ) accommodates one user at a time.
EC
20 43
Visit www.agniece.blog.com for further details
W IR
compared to TDMA systems
EL
• The complexity of FDMA mobile systems is lower when
ES S
• Each user is separated by Guard Bands.
NE
TW
• It assigns individual frequency to individual users.
OR
KS
Ananth.R
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
• A guardband is a narrow frequency band between adjacent frequency channels to avoid interference from the adjacent channels
KS
Ananth.R
EC
20 43
• • •
Visit www.agniece.blog.com for further details
W IR
BT ->
total spectrum allocation, BGUARD -> the guard band BC -> the channel bandwidth
EL
ES S
NE
TW
OR
Ananth.R
KS
• The number of channels that can be simultaneously supported in a FDMA system is given by
Key Features
• Intersymbol interference is low • It needs only a few synchronization bits
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
kHz)
ES S
• The bandwidths of FDMA channels are narrow (30
NE
cannot be used by other users
TW
OR
• If an FDMA channel is not in use, then it sits idle and
KS
Ananth.R
De Merits
• It need to use costly bandpass filters to eliminate spurious radiation at the base station.
EC
• FDMA requires tight RF filtering to minimize adjacent channel interference.
Visit www.agniece.blog.com for further details Ananth.R
20 43
• The FDMA mobile unit uses duplexers since both the transmitter and receiver operate at the same time. This results in an increase in the cost of FDMA subscriber units and base stations.
W IR
EL
ES S
NE
TW
OR
• FDMA systems are costlier because of the single channel per carrier design,
KS
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
Time Division Multiple Access
ES S NE TW
OR
KS
Ananth.R
Time division multiple access
TW EC 20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
OR
Ananth.R
KS
TDMA vs FDMA
TW EC 20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
OR
TDMA
KS
FDMA
Ananth.R
message, and tail bits
• TDMA systems transmit data in a buffer-and-burst method
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
• Each frame is made up of a preamble, an information
ES S
• A set of ‘N’ slots form a Frame.
NE
• Each user occupies a cyclically repeating time slot
TW
OR
Ananth.R
spectrum into time slots
KS
• Time division multiple access (TDMA) systems divide the radio
• TDMA shares a single carrier frequency with several overlapping time slots
• Adaptive equalization is usually necessary in TDMA systems, since the transmission rates are generally very high as compared to FDMA channels
Visit www.agniece.blog.com for further details Ananth.R
EC
20 43
W IR
EL
reception
ES S
• TDMA uses different time slots for transmission and
NE
TW
OR
users, where each user makes use of non-
KS
EC
20 43
Visit www.agniece.blog.com for further details
W IR
over" into an adjacent radio service.
EL
users at the edge of the band do not "bleed
ES S
NE
• Guard Bands are necessary to ensure that
TW
OR
TDMA systems because of burst transmissions
KS
• High synchronization overhead is required in
Ananth.R
Frame Structure
TW EC 20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
OR
Ananth.R
KS
• The preamble contains the address and base station and the subscribers use to • Trial bits specify the start of a data. about the data transfer. • Guard Bits are used for data isolation.
Visit www.agniece.blog.com for further details Ananth.R
EC
20 43
• Synchronization bits will intimate the receiver
W IR
EL
ES S
identify each other.
NE
TW
OR
synchronization information that both the
KS
Efficiency of TDMA
TW
• The efficiency of a TDMA system is a measure of the percentage of transmitted data that overhead for the access scheme contains information as opposed to providing
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
OR
KS
Ananth.R
EC
20 43
where b0H – no over head bits per frame br - no of overhead bits per bp - no overhead bits per preamble in each slot bg - no equivalent bits in each guard time interval Nr - reference bursts per frame, Nt- traffic bursts per frame
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
Ananth.R
KS
• Tf is the frame duration, and R is the channel bit rate
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
• Then the frame efficiency is
ES S
NE
TW
bT = T f R
OR
Ananth.R
KS
• The total number of bits per frame, bT, is
m - maximum number of TDMA users supported on each radio
EC
20 43
channel
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
Ananth.R
• And the no of frames
KS
EC
multiple access (CDMA).
20 43
Direct sequence multiple access is also called code division
Visit www.agniece.blog.com for further details
W IR
EL
• Direct Sequence Multiple Access (DSMA)
ES S
NE
• Frequency Hopped Multiple Access (FHMA)
TW
OR
Ananth.R
KS
Spread spectrum multiple access (SSMA)
Frequency Hopped Multiple Access
TW
• The carrier frequencies of the individual users wideband channel
EC
carrier frequencies
Visit www.agniece.blog.com for further details Ananth.R
20 43
bursts which are transmitted on different
W IR
• The digital data is broken into uniform sized
EL
ES S
NE
are varied in a pseudorandom fashion within a
OR
KS
the symbol rate
changes at a rate less than or equal to the symbol rate
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
• Slow Frequency Hopping -> the channel
ES S
NE
TW
change of the carrier frequency is greater than
OR
KS
• Fast Frequency Hopping System -> the rate of
Ananth.R
Code Division Multiple Access (CDMA)
• The narrowband message signal is multiplied by a very large bandwidth signal called the spreading signal (pseudo-noise code)
EC
20 43
• Each user has its own pseudorandom codeword.
Visit www.agniece.blog.com for further details
W IR
• The chip rate of the pseudo-noise code is much more than message signal.
EL
ES S
NE
TW
OR
KS
Ananth.R
Message
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
PN sequence
ES S
NE
TW
OR
Ananth.R
KS
• CDMA uses CO-Channel Cells transmit simultaneously without any knowledge of
• All other code words appear as noise
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
to detect only the specific desired codeword.
ES S
• The receiver performs a time correlation operation
NE
others.
TW
OR
KS
• All the users use the same carrier frequency and may
Ananth.R
• Multipath fading may be substantially reduced • Channel data rates are very high in CDMA systems
version of the signal at any time without switching frequencies.
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
more base stations. The MSC may chose the best
ES S
simultaneously monitor a particular user from two or
NE
• CDMA
supports
Soft
handoff
TW
OR
KS
because the signal is spread over a large spectrum MSC can
Ananth.R
• In CDMA, the power of multiple users at a receiver • In CDMA, stronger received signal levels raise the
Near- Far problem.
• To combat the Near- Far problem, power control is
EC
used in most CDMA
Visit www.agniece.blog.com for further details Ananth.R
20 43
W IR
EL
that weaker signals will be received. This is called
ES S
weaker signals, thereby decreasing the probability
NE
noise floor at the base station demodulators for the
TW
OR
KS
determines the noise floor.
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
Random Access for DataOriented Networks
NE
TW
OR
Ananth.R
KS
Random Access for Data-Oriented Networks
• In all wireless networks such as cellular telephony or PCS services all voice-oriented operations use fixed-assignment channel access. • And data related traffic is carried out using Random Access Techniques. • Random access methods provide a more flexible and efficient way of managing channel access for communicating short bursty messages. • It provides each user station with varying degrees of freedom in gaining access to the network whenever information is to be sent.
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
KS
Ananth.R
ALOHA-Based Wireless Random Access Techniques
ALOHA protocol
Visit www.agniece.blog.com for further details Ananth.R
EC
random access protocol which has since been known as the
20 43
university's main computer center on Oahu, by use of a
W IR
computers on several of the island campuses with the
EL
• The initial system used ground-based UHF radios to connect
ES S
word ALOHA means "hello" in Hawaiian.
NE
• ALOHA Protocol is developed by University of Hawaii. The
TW
OR
• The original ALOHA protocol is also called pure ALOHA.
KS
Basic Concept
arrives from the upper layers of the protocol stack.
• The BS checks the parity of the received packet. If the parity checks properly, the BS sends a short acknowledgment packet to the MS.
Visit www.agniece.blog.com for further details Ananth.R
EC
20 43
either the same channel or a separate feedback channel.
W IR
• After a transmission, the user waits for an acknowledgment on
EL
• Each packet is encoded with an error-detection code.
ES S
transmitted.
NE
• A user accesses a channel as soon as a message is ready to be
TW
OR
KS
• A mobile terminal transmits an information packet when the packet
Collision
a possibility of collisions between packets.
• After sending a packet the user waits a length of time more than the round-trip delay for an acknowledgment from the receiver.
collision, and it is transmitted again with a randomly selected delay to avoid repeated collisions.
probability of collision increases
Visit www.agniece.blog.com for further details Ananth.R
EC
• As the number of users increase, a greater delay occurs because the
20 43
W IR
• If no acknowledgment is received, the packet is assumed lost in a
EL
ES S
NE
TW
OR
• The message packets are transmitted at arbitrary times, so there is
KS
Pure ALOHA
TW EC 20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
OR
Ananth.R
KS
Merits :
between mobile terminals
• Its has low throughput under heavy load conditions. • The maximum throughput of the pure ALOHA is 18 percent.
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
De-Merits:
ES S
NE
TW
simple, and it does not impose any synchronization
OR
• The advantage of ALOHA protocol is that it is very
KS
Ananth.R
Slotted ALOHA
• The subscribers have synchronized clocks and each user will be synchronized with the BS clock. • The user message packet is buffered and transmitted only at the beginning of a new time slot. This prevents partial collisions.
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
length greater than the packet duration t.
TW
• In slotted ALOHA, time is divided into equal time slots of
OR
• The maximum throughput of a slotted ALOHA is 36 percent.
KS
Ananth.R
New transmissions are started only at the beginning of new slot
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
Ananth.R
KS
Application;
voice communication is carried out by slotted ALOHA.
• Even though the throughput is higher than pure ALOHA it is still low for communication needs.
Visit www.agniece.blog.com for further details Ananth.R
20 43
W IR
EL
De-Merit;
ES S
present day wireless
EC
NE
TW
OR
• In GSM the initial contact between BS and MS for
KS
Reservation ALOHA
• Reservation ALOHA is the combination of slotted ALOHA and time division multiplexing.
packets.
• For high traffic conditions, reservations on request offers
EC
better throughput.
20 43
Visit www.agniece.blog.com for further details
W IR
EL
possible for users to reserve slots for the transmission of
ES S
• In this certain packet slots are assigned with priority, and it is
NE
TW
OR
KS
Ananth.R
Packet Reservation Multiple Access (PRMA)
EC
20 43
• It is used for short-range voice transmission where a small delay is acceptable.
Visit www.agniece.blog.com for further details
W IR
• PRMA merges characteristics of slotted ALOHA and TDMA protocols.
EL
ES S
• This allows each time slot to carry either voice or data, where voice is given priority.
NE
TW
• PRMA is a method for transmitting a variable mixture of voice packets and data packets.
OR
KS
Ananth.R
EC
• Speech packets are always periodic. Data packets can be random.
Visit www.agniece.blog.com for further details Ananth.R
20 43
• Terminals can send two types of information, referred to as periodic and random.
W IR
EL
• Other terminals not holding a reservation can use an ‘available’ slot.
ES S
NE
• Only the user terminal that reserved the slot can use a reserved slot.
TW
OR
• Each slot as named as either "reserved" or "available“
KS
• The transmission format in PRMA is organized into frames, each containing a fixed number of time slots.
Reservation ;
EC
• The reservation status is reverted when the terminal sends nothing in that frame
Visit www.agniece.blog.com for further details Ananth.R
20 43
• This frame is reserved till the terminal completes its transmission.
W IR
EL
• After completion of transmission the base station grants the sending terminal a reservation for exclusive use of the same time slot in the next frame.
ES S
NE
TW
OR
•
A terminal having periodic information to send starts transmitting in contention for the next available time slot.
KS
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
Techniques
ES S
NE
TW
CSMA-Based Wireless Random Access
OR
KS
Ananth.R
De-Merits of ALOHA
EC
3. There are no mechanisms to avoid collisions.
20 43
retransmission process.
Visit www.agniece.blog.com for further details
W IR
2. Efficiency
is
reduced
EL
ES S
soon as the message is ready. by
NE
transmission, the users will start transmitting as
TW
the
OR
1. ALOHA protocols do not listen to the channel before
KS
collision
and
Ananth.R
CSMA- Carrier Sense Multiple Access
TW EL ES S NE
transmitting information.
• If there is another user transmitting on the channel, it is obvious that a terminal should delay the transmission of the packet.
packet without any restrictions. • The CSMA protocol reduces the packet collision significantly
EC
compared with ALOHA protocol. But not eliminate entirely.
20 43
Visit www.agniece.blog.com for further details
W IR
• If the channel is idle, then the user is allowed to transmit data
OR
• In this each terminal will monitor the status of the channel before
KS
Ananth.R
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
Ananth.R
KS
Parameters in CSMA protocols
1. Detection delay - is a function of the receiver sense whether or not the channel is idle
EC
a mobile terminal.
20 43
it takes for a packet to travel from a base station to
Visit www.agniece.blog.com for further details
W IR
2. Propagation delay- is a relative measure of how fast
EL
ES S
NE
hardware and is the time required for a terminal to
TW
OR
KS
Ananth.R
be sensing the channel at the same time.
EC
20 43
two packets.
Visit www.agniece.blog.com for further details
W IR
will also send its packet, resulting in a collision between the
EL
poised to send, the latter user will sense an idle channel and
ES S
• If the transmitting packet has not reached the user who is
NE
TW
OR
sending a packet, another user may be ready to send and may
KS
• Propagation delay is important, since just after a user begins
Ananth.R
EC
where • tp -> propagation time in seconds, • Rb -> channel bit rate • m -> expected number of bits in a data packet
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
Ananth.R
KS
Propagation delay (td)
Various strategies of the CSMA
TW OR
1. CSMA — In this type of CSMA strategy, after receiving a negative acknowledgment the terminal waits a random time before retransmission of the packet.
NON-PERSISTENT
2. 1-PERSISTENT CSMA — The terminal senses the channel and waits for transmission until it finds the channel idle. As soon as the channel is idle, the terminal transmits its message with probability one. 3. p-PERSISTENT CSMA —When a channel is found to be idle, the packet is transmitted with probability p . It may or may not be immediate.
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
KS
Ananth.R
4. CSMA/CD – In this the user monitors the channel for possible
same time the transmission is immediately aborted in midway.
can announce the availability of the reverse channel through the
EC
forward control channel. The BS uses Busy-Idle bit to announce.
Visit www.agniece.blog.com for further details Ananth.R
20 43
area. So it may not know when the channel is idle. For this the BS
W IR
may not have the knowledge about other MS operating in that
EL
different frequencies for forward and reverse channel. Each MS
ES S
that is used to serve the hidden terminals. Cellular networks uses
NE
5.
Data sense multiple access (DSMA) - is a special type of CSMA
TW
OR
KS
collisions. If two or more terminals start a transmission at the
EC
20 43
6. Busy tone multiple access (BTMA)- this is a special type of technique where the system bandwidth is divided into message channel and busy channel. Whenever a terminal sends data through message channel it will also transmits a busy-tone in busy channel. If another terminal senses the busy channel it will understand that the message channel is busy and it will also turns its busy tone. This acts as an alarm for other terminals.
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
KS
Ananth.R
Handoff
TW
• Process of transferring a moving active user from one base station to another without disrupting the call.
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
OR
KS
Ananth.R
Handoff Strategies
1. 2. 3. 4. 5. 6. 7. 8. Ist generation handoff MAHO (Mobile Assisted HandOff) Inter system handoff Guard channel concept Queuing Umbrella approach Soft and hard handoff Cell dragging.
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
KS
Ananth.R
Ist generation handoff• In this almost all the work were carried out by MSC with the help of Base Station.
EC
20 43
• If the level decreases it will perform handoff by its own.
Visit www.agniece.blog.com for further details
W IR
EL
ES S
• Using the Locator Receiver the MSC will measure the signal strength of the moving mobile.
NE
TW
OR
KS
Ananth.R
MAHO (Mobile Assisted HandOff)
• Since all the measurements were done by the mobile, the
EC
load of the MSC is reduced considerably
Visit www.agniece.blog.com for further details Ananth.R
20 43
period of time a handoff is initiated.
W IR
the current base station by a certain level or for a certain
EL
neighboring cell begins to exceed the power received from
ES S
• When the power received from the base station of a
NE
results of these measurements to the serving base station.
TW
from surrounding base stations and continually reports the
OR
• In this every mobile station measures the received power
KS
• Inter system handoff -occurs if a mobile moves from
• Queuing – If more number of users request handoff the they will be placed in queue before allotting channels
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
reserved only for handoff.
ES S
• Guard channel concept – In this some channels are
NE
while roaming
TW
OR
controlled by a different MSC (service provider) or
KS
one cellular system to a different cellular system
Ananth.R
Umbrella approach
• In urban areas the cell size will be very small and high
EC
use Micro and Macro cells concurrently.
Visit www.agniece.blog.com for further details Ananth.R
20 43
• To perform handoff on these high speed users we
W IR
speed users will cross quickly.
EL
ES S
NE
successful handoff.
TW
• Speed of the user is a main factor in deciding a
OR
KS
Umbrella approach
TW EC 20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
OR
Ananth.R
KS
Cell dragging
• Cell dragging occurs in an urban environment when there is a line-of-sight (LOS) radio path between the pedestrian subscriber and the base station. • Even after the user has traveled well beyond the designed range of the cell, the received signal at the base station does not decay rapidly resulting in Cell Dragging
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
KS
Ananth.R
Soft and hard handoff
will be assigned with a new set of channels. • Soft Handoff- when the user moves to a new cell, the station. CDMA uses soft Handoff.
EC
20 43
Visit www.agniece.blog.com for further details
W IR
channel itself will be switched to the new base
EL
ES S
NE
TW
• Hard handoff- when the user moves to a new cell, he
OR
KS
Ananth.R
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
PRIVACY
NE
TW
WIRELESS SECURITY AND
OR
KS
Ananth.R
• The broadcast nature of wireless communications wanted or unintentional interference.
• Analog techniques are extremely easy to tap. • Digital systems such as TDMA and CDMA are much • Wireless security harder to tap. unauthorized
W IR
20 43
is
EL
ES S
necessary or damage
NE
TW
to prevent to
OR
renders it very susceptible to malicious interception and
KS
the
access
computers
using wireless networks.
Visit www.agniece.blog.com for further details Ananth.R
EC
• Access point (AP)-> is the central point (like a hub) that creates a basic service set to bridge a number of STAs from the wireless network to other existing networks.
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
computer, laptop, or PDA
ES S
• Station (STA) -> is a wireless network client—a desktop
NE
TW
OR
Ananth.R
network:
KS
There are two names you need to know in a wireless
Modes of unauthorized access
1. 2. 3. 4. 5. 6. 7. 8. 9. Accidental association Malicious association Ad-hoc networks Non-traditional networks Identity theft (MAC spoofing) Man-in-the-middle attacks Denial of service Network injection Caffe Latte attack
http://en.wikipedia.org/wiki/Wireless_security
Visit www.agniece.blog.com for further details
EC
20 43
W IR
EL
ES S
NE
TW
OR
Ananth.R
KS
1. Accidental association
– Violation of security perimeter of corporate network unintentionally.
when a cyber criminal runs some software that makes his/her wireless network card look like a legitimate access point. attacks on the wired network, or plant Trojans
Visit www.agniece.blog.com for further details Ananth.R
EC
– Once access is gained, he/she can steal passwords, launch
20 43
W IR
– These types of laptops are known as “soft APs” and are created
EL
access point (AP).
ES S
connect to a company network through their cracking company
NE
– when wireless devices can be actively made by attackers to
TW
2. Malicious association
OR
KS
3. Ad-hoc networks
between wireless computers that do not have an access point little protection, encryption methods can be used to provide
should be regarded as a security risk. Even barcode readers, secured
EC
handheld PDAs, and wireless printers and copiers should be
20 43
network Bluetooth devices are not safe from cracking and
Visit www.agniece.blog.com for further details
W IR
– Non-traditional
networks
EL
4. Non-traditional networks
ES S
such
security.
NE
TW
in between them. While these types of networks usually have
OR
KS
–
Ad-hoc networks are defined as peer-to-peer networks
as
personal
Ananth.R
5. Identity theft (MAC spoofing)
offering a steady flow of traffic through the transparent hacking computer to the real network
Visit www.agniece.blog.com for further details Ananth.R
EC
20 43
real access point through another wireless card
W IR
network. Once this is done, the hacker connects to a
EL
– In this the hacker will include a soft AP in to a
ES S
6. Man-in-the-middle attacks
NE
TW
a computer with network privileges.
OR
in on network traffic and identify the MAC address of
KS
–
Identity theft occurs when a cracker is able to listen
7. Denial of service
attacker continually bombards a targeted Access
on the network and may even cause the network to crash
EC
20 43
– These cause legitimate users to not be able to get
Visit www.agniece.blog.com for further details
W IR
and other commands.
EL
ES S
successful connection messages, failure messages,
NE
Point or network with bogus requests, premature
TW
OR
KS
– A Denial-of-Service attack (DoS) occurs when an
Ananth.R
8. Network injection
and require rebooting or even reprogramming of all intelligent networking devices
Visit www.agniece.blog.com for further details Ananth.R
EC
20 43
– A whole network can be brought down in this manner
W IR
intelligent hubs.
EL
commands
that
affect
ES S
– The cracker injects bogus networking re-configuration routers, switches, and
NE
network traffic.
TW
OR
of access points that are exposed to non-filtered
KS
– In a network injection attack, a cracker can make use
9. Caffe Latte attack
– It is not necessary for the attacker to be in the area of – By using a process that targets the Windows wireless stack, it is possible to obtain the WEP key from a remote client Protocol (ARP) requests, the assailant takes advantage of the shared – By sending a flood of encrypted
EL
ES S
NE
TW
Address Resolution and the message
the network using this exploit.
20 43
key
EC
modification flaws in WEP.
Visit www.agniece.blog.com for further details Ananth.R
W IR
authentication
OR
KS
– The Caffe Latte attack is another way to defeat WEP.
The Attack Methodology
your target.
WEP.
4. Active attack - Launch denial of service (DoS) attacks.
http://technet.microsoft.com/en-us/library/bb457019.aspx
Visit www.agniece.blog.com for further details Ananth.R
EC
20 43
methods are enforced and how they can be circumvented.
W IR
3. Authentication and authorization - Determine what
EL
ES S
NE
2. Passive attack - Analyze the network traffic or break the
TW
OR
KS
1. Footprint the wireless network- Locate and understand
Wired Equivalent Privacy (WEP)
wireless networks at the data link layer.
widely used software stream cipher and is used in popular protocols.
Visit www.agniece.blog.com for further details Ananth.R
EC
20 43
• RC4 (also known as ARC4 or ARCFOUR ) is the most
W IR
data protection.
EL
ES S
• WEP utilizes a data encryption scheme called RC4 for
NE
TW
• WEP is a standard network protocol that adds security to
OR
KS
is to prevent any repetition.
Visit www.agniece.blog.com for further details Ananth.R
EC
used for randomization of key. The purpose of an IV
20 43
• Initialization vector (IV) is a fixed-size input which is
W IR
104) and a 24 bit initialization vector.
EL
ES S
• 128-bit WEP protocol using a 104-bit key size (WEP-
NE
a 24 bit initialization vector .
TW
OR
• Standard 64-bit WEP uses a 40 bit key (WEP-40) and
KS
• RC4 generates a pseudorandom stream of bits.
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
Ananth.R
KS
Authentication
OR W IR EL ES S NE TW
Ananth.R
Access Point.
2. The Access Point replies with a clear-text challenge. 3. The client encrypts the challenge-text using the configured WEP key, and sends it back in another authentication request. 4. The Access Point decrypts the response. If this matches positive reply.
Visit www.agniece.blog.com for further details
EC
the challenge-text the Access Point sends back a
20 43
KS
1. The client sends an authentication request to the
Dis Advantages
• The same traffic key must never be used twice. • In August 2001, Scott Fluhrer, • But a 24-bit IV is not long enough to ensure this on a busy network.
TW
Itsik
OR
KS
Mantin, and
RC4 cipher and IV is used in WEP. eavesdropping on the network. •
A successful key recovery could take as little as one minute
• WEP is replaced by WPA(Wi-Fi Protected Access)
Visit www.agniece.blog.com for further details Ananth.R
EC
depending on the traffic.
20 43
W IR
• Using a passive attack they were able to recover the RC4key after
EL
ES S
Shamir published a cryptanalysis of WEP that decodes the way the
NE
Adi
Wi-Fi Protected Access(WPA)
TW
• The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of
packets.
EC
(TKIP) to bolster encryption of wireless
Visit www.agniece.blog.com for further details Ananth.R
20 43
• WPA uses Temporal Key Integrity Protocol
W IR
EL
WEP.
ES S
NE
OR
KS
Wi-Fi Protected Access(WPA)
TW EC 20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
OR
Ananth.R
KS
TKIP
TW
encryption key that must be manually entered on
• TKIP uses a 128-bit per-packet key, it dynamically collisions
sequencing rules, and a re-keying mechanism.
Visit www.agniece.blog.com for further details Ananth.R
EC
• It has an extended initialization vector (IV) with
20 43
W IR
generates a new key for each packet and prevents
EL
ES S
NE
wireless access points and devices and does not change
OR
KS
• TKIP encryption replaces WEP's 40-bit or 104-bit
WPA with TKIP provides 3 levels of security
combines the secret root key with the initialization
(MIC)
Visit www.agniece.blog.com for further details Ananth.R
EC
3. TKIP implements a 64-bit Message Integrity Check
20 43
will be rejected by the access point.
W IR
against replay attacks. Packets received out of order
EL
2. WPA implements a sequence counter to protect
ES S
NE
vector before passing it to the RC4 initialization.
TW
OR
KS
1. TKIP implements a key mixing function that
Merits and Demerits
• TKIP uses the same underlying mechanism as WEP, and consequently is vulnerable to a number of similar attacks. • But the message integrity check, per-packet key hashing, broadcast key rotation, and a sequence counter prevents many attacks. • The key mixing function also eliminates the WEP key recovery attacks • Beck-Tews attack has successfully extracted the keystream
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
KS
Ananth.R
EC
20 43
Ohigashi-Morii attack • Japanese researchers Toshihiro Ohigashi and Masakatu Morii reported a simpler and faster implementation of a similar attack. • It utilizes a similar attack method, but uses a man-in-the-middle attack
Visit www.agniece.blog.com for further details
W IR
EL
ES S
NE
TW
OR
KS
Ananth.R
WPA 2
original WPA technology on all certified Wi-Fi hardware
• WPA2 Pre-Shared Key (PSK) utilizes keys with 256 bits
EC
20 43
Visit www.agniece.blog.com for further details
W IR
EL
• WPA2 uses Pre-Shared Key (PSK) instead of TKIP
ES S
since 2006.
NE
TW
OR
• WPA2 (Wireless Protected Access 2) replaced the
KS
Ananth.R
1. WPA2-Personal2. WPA2-Enterprisethrough
protects
TW
There are two versions of WPA2
W IR
EL
network access by utilizing a set-up password verifies network users WPA2 is backward