chu02_2
TRANSCRIPT
Home Network Technologies
家庭網路相關網路技術
Computer
TV
Broadband Access Technology
Internet
ISP
Home Networking Technology
Home Network
Broadband Access Technologies
• Digital Subscriber Line (DSL)
• Cable Modem
• Broadband Over Power Line (BOPL)
• Fiber-to-the-Home (FTTH)
• IEEE 802.16 (WiMax)
• GPRS; 3.5G
Outlines
• Broadband Over Power Line
• Digital Subscriber Line (DSL) Technology
• Cable Modem
Broadband Over Power Line (BOPL)
• Use existing electrical lines to provide the medium for a high speed communications network
• Superimposing voice or data signals onto the line carrier signal using OFDM
• Two categories– In-house– access
In-House BPL
• connecting machines within a building
• HomePlug: an alliance for in-house BPL
Access BPL
• Delivers the last mile of broadband to the home
Access BPL Architecture
InternetVoIP
Medium-voltage lines
Low-voltage lines
Backhaul
Coupler
Bridge
Backhaul Point
Wireless link
Coupler
Bridge
Coupler
Backhaul Point
Coupler
Advantages of BPL
• Power lines are our most ubiquitous infrastructure
• Lower cost of deployment– Existing wires
Main Concerns
• Radio Frequency Interference (RFI) to licensed service
• power lines are inherently a very noisy environment
– Every time a device turns on or off, it introduces a pop or click into the line.
– Energy-saving devices often introduce noisy harmonics into the line
Digital Subscriber Line (DSL) Technology
• The key in DSL technology is modulation, a process in which one signal modifies a properties of another.
• Hardware: DSL requires modems and splitters for end-users; carriers use DSLAMs (digital subscriber line access multiplexers)
• Differences between xDSL technologies: speed, operating distance, applications, ratio between up and downstream
• Different approaches: ATM-based ADSL, ISDN DSL.
• The important thing is what is running over xDSL...
xDSL - Digital Subscriber Line Technology
ADSL: Asymmetric Digital Subscriber Line
• twisted pair copper (single loop)
• asymmetric: most commonly:
– downlink: 256 Kbps - 8 Mbps
– uplink : 64 Kbps - 2 Mbps
• limited distance (18000 feet over 26-gauge copper)
RADSL: Rate-Adaptive Digital Subscriber Line
• varying speeds depending upon line quality; asymmetric
– downlink: 1.5 Mbps - 8 Mbps
– uplink : 176 Kbps - 1 Mbps
• limited distance (18000 feet over 26-gauge copper)
HDSL: High-speed Digital Subscriber Line
• full-duplex, symmetric
– 1.544 Mbps or 2.048 Mbps in each direction
• two twisted pairs (for T1) and 3 pairs (for E1)
• max distance 12,000 feet
VDSL: Very-high-bit-rate Digital Subscriber Line (known as
BDSL)• asymmetric
– downlink: 12.96-51.84 Mbps
– uplink : 1.6 - 2.3 Mbps
• max 4,500 - 1,000 feet
• applications: High definition TV, multimedia
Cable Modem
• primarily used to deliver broadband Internet access on Hybrid Fibre-Coaxial (HFC)
Computer
TV
Cable Modem
Cable
TelevisionCompany
Cable
Internet
CMTS
Cable Modem Standards
• DOCSIS (Data Over Cable Service Interface Specification)
– 1.0 (1997): typical 2 Mbps upstream
– 1.1 (1999): 10 Mbps upstream
– 2.0 (2002) : 30 Mbps upstream
Hybrid Fibre-Coaxial (HFC)
• combines optical fiber and coaxial cable
The Downstream & Upstream Path• The downstream data path of the cable modem uses a SINGLE
6mhz TV channel, which is typically in the higher frequencies range (550 MHz and above) because higher frequencies can carry information faster.
• The lower end of the radio frequency spectrum (5MHz – 42 MHz) is used for the upstream or the return path.
• In terms of data bandwidth, the typical upstream channel usually has a capacity of around 5 Mbps.
• The total downstream bandwidth for a single channel is around 30 Mbps.
5-42MHz
Upstreamsignaling
50 MHz - 550 MHz 550 MHz - 750 and up MHz
. . .
Multiple TV Channels Downstream Channel
Cable TV Spectrum
Cable Modem: Modulation & Demodulation Phase
• Demodulation Phase: – tunes to the appropriate 6 MHz downstream channel (42 MHz –
850 MHz).
– demodulates the signal and extracts the downstream data that is destined for it
– converts the data into an Ethernet or USB signal to be fed into the user’s computer.
• Modulation Phase: The cable modem receives data on its Ethernet or USB interface and modulates the data onto the upstream carrier frequency, negotiates channel access with the CMTS and sends the data.
Protecting the Downstream Channel (and the upstream as well)
• A component of the DOCSIS 1.1 standard called Baseline Privacy Initiative+ (BPI+) is bi-directional encryption between cable modem and the CMTS
• Each DOCSIS 1.1 compliant cable modem has a digital certificate stored in its firmware. This allows for the cable modem to be authenticated onto the network.
• The authentication takes place when the CMTS verifies the certificate presented by the modem. (The certificate is signed by the manufacturer’s private key).
• Encryption is based on 56-bit Triple-DES
• This scheme effectively renders any sniffing attempts useless, unless cracking of the Triple-DES scheme is possible
DOCSIS Security OverviewDOCSIS Security Overview-- BPI+ ---- BPI+ --
CMTS
CM
PC
Internet
Data Encryption(DES)
Key Management(RSA, Tri-DES)
CM Authentication(X.509 Certificates)
Secure Software Download
(X.509 Certificate)
TFTP Server New CM Code
......
Digitally Signed by: Manufacturer
Mfg Certificate......
Digitally Signed by: DOCSCSIS Root CM Certificate......
Digitally Signed by: Mfg CA
CM Code File
x$a9E!
abcdef
abcdef
The Device
• The cable modem bridges Ethernet frames between a customer LAN and the coax cable network
• It does, however, also support functionalities at other layers– Ethernet PHY and DOCSIS PHY– IP address– UDP, port-based packet filtering– DHCP, SNMP, TFTP
Fiber-to-the-Home(FTTH)
CopperFiber
24 kbps - 1.5 MbpsOld networks, optimized for voice
CO/HE
19 Mbps - 1 Gbps +Optical networks, optimized for voice, video and data
CO/HE//
CO/HE//
//
Note: network may be aerial or underground
FTTH Characteristics
• FTTH is an optical access network in which the optical network unit is on or within the customer’s premise.
• Although the first installed capacity of a FTTH network varies, the upgrade capacity of a FTTH network exceeds all other transmission media.
CO/HE//
Optical Network
Unit
Optical Line Termination
Source: www.ftthcouncil.org
Optical Access Network
Why FTTH?
• Enormous information carrying capacity• Easily upgradeable• Ease of installation• Allows fully symmetric services• Reduced operations and maintenance costs • Benefits of optical fiber:
– Very long distances– Strong, flexible, and reliable– Allows small diameter and light weight cables– Secure – Immune to electromagnetic interference (EMI)
Fiber versus Copper
Glass• Uses light• Transparent• Dielectric material-
nonconductive– EMI immune
• Low thermal expansion• Brittle, rigid material• Chemically stable
Copper• Uses electricity• Opaque• Electrically conductive
material– Susceptible to EMI
• High thermal expansion• Ductile material• Subject to corrosion and
galvanic reactions• Fortunately, it’s
recyclable
Architecture and Transport
CO/HE
Architecture (Electronics)• PON• Active node• Hybrid
Transport:ATM orEthernet
//
FTTH Architectures
• Passive Optical Networks (PONs)– Shares fiber optic strands for a portion of the networks
distribution
– Uses optical splitters to separate and aggregate the signal
– Power required only at the ends
• Active Node– Subscribers have a dedicated fiber optic strand
– Many use active (powered) nodes to manage signal distribution
• Hybrid PONs– Literal combination of an Active and a PON architecture
FTTH Technical Considerations
• Data– How much per home?– How well can you share the channel?– Security – how do you protect the subscriber’s data?– What kind of QoS parameters do you specify?– Compatible business services?
• SLAs• T1
• Support for voice?• Support for video?
– Broadcast– IPTV
FTTH Technical Considerations
• Data– How much per home?– How well can you share the channel?– Security – how do you protect the subscriber’s
data?– What kind of QoS parameters do you specify?
FTTH Technical Considerations: Speed
• Data requirements– Competition: ADSL, cable modem ~0.5 to ~1.5
Mb/s shared, asymmetrical– FTTH ~10 to 30 Mb/s non-shared or several 100
Mb/s shared, symmetrical– SDTV video takes 2-4 Mb/s today at IP level– HDTV takes maybe 5 times STDV requirement– Pictures can run 1 MB compressed– 5.1 channel streaming audio would run ~380
kb/s
• Security– Data is shared in the downstream direction in most
systems– Your Gateway filters out all packets not intended for you– But there is fear that someone will snoop on your data– FSAN has a low-complexity, low-security encryption
scheme– 802.3ah has formed a committee to study security– Manufacturers have taken their own tacks on security,
from none to robust
FTTH Technical considerations: Security
FTTH Data Flow and Security: Downstream
//
//
//
//
////
//
Tom Dick
Harry
T D H
T D
HBox on side of home separates out only the data bound for that subscriber. But the fear is that someone will fool his box into giving data intended for another subscriber. Solution is to encrypt the data.
Time division multiplex (TDM) – each subscriber’s data gets its turn.
FTTH Data Flow and Security: Upstream
//
//
//
//
////
//
Tom Dick
Harry
T D H
HDue to the physics of the network, Harry’s data flows upstream but does not come to Tom’s box, so Tom cannot see Harry’s data
Time division multiple access (TDMA) – similar to downstream, with gap for
laser start/stop
FTTH Data Flow and QoS
//
//
//
//
////
//
Tom Dick
Harry
T D H
T D
H
If Dick has paid for more bandwidth, he gets more
If Tom’s packets need higher priority (e.g., telephone), they go first
• several different ways
– Broadcast (cable TV standards)
• Analog or Digital
• Benefit from high volume and rich applications of cable boxes
– IPTV – TV transmitted over Internet Protocol
• Feasible, and some people are doing it in place of broadcast
• Bandwidth hog, but statistics can work for you
– Interesting hybrid model awaits hybrid STTs, but can give the best of both worlds
Video Delivery with FTTH
IPTV Unicast (VOD)
Router A(headend)
Router B
Router C(network)
Router D(NID)
Router E
Program request
Program stream
In-home routing
In-home routing
In-home routing
Subscriber's TVSet top terminal
In-home routing
VOD server
Home Networking Technologies
• IEEE 802.3/Ethernet
• IEEE 802.11 a/b/g/n (WiFi)
• Bluetooth
• In-House BPL (HomePlug)
IEEE 802.3 Family
• Original IEEE 802.3 (Ethernet)– 10 Mbps
• Fast Ethernet– 1000 Mbps
• Gigabit Ethernet – 1 Gbps
• 10 G Ethernet– 10 Gbps
Gigabit Ethernet Networks
• 1000 Mbps transmission rate
• IEEE 802.3 CSMA/CD frame format
• Medium: Twisted pair (UTP, STP) or Fiber
• Hub- or switch-based topology
• Do not support priority scheme
• Bandwidth utilization is not guaranteed to be fair
• Do not support guaranteed delay service
• Low bandwidth utilization under heavy loads
• Suitable for multimedia communications
Gigabit Ethernet Architecture
1000 Mbps
10 Mbps 100 Mbps 1000 Mbps
Gigabit Ethernet Full-duplex Switch
100 Mbps 1000 Mbps
1000 Mbps
1000BaseT 100BaseT 1000BaseT
Gigabit Ethernet Communication Structure
1000BASE-LX1270-1355 nm 光傳送接收器
1000BASE-SX 770-860 nm 光傳送接收器
1000BASE-CX STP 傳送接收器
1000BASE-T 4-Pair 傳送接收器
SMF MMF MMF 50 um
MMF 62.5 um
Balance Shielded Copper
Cat-5 UTP
3 km 550m 550m 300m 25m 100m
8B/10B Coding/Decoding 1000BASE-T Codec
Gigabit Media Independent Interface (GMII)
Media Access Control (MAC)
Logical Link Control (LLC)
Ethernet Upper Layers
Gigabit Ethernet Physical Layer
• 1000BASE-T (UTP, IEEE 802.3ab)
• 1000BASE-CX (Short copper jumpers, IEEE 802.3z)
• 1000BASE-SX (Shortwave fiber, IEEE 802.3z)
• 1000BASE-LX (Longwave fiber, IEEE 802.3z)
Gigabit Ethernet Characteristics
• Good fault tolerance
– Hub/Repeater architecture
• Carrier Extension for short frames.
• Frame Bursting to increase performance (optional).
Half-Duplex vs. Full-Duplex
• Gigabit Ethernet can operate in either half-duplex or full-duplex mode.
• Half-duplex poses some difficult problems that can result in restrictions on the allowable topologies and/or changes to the Ethernet MAC algorithm.
• Full-duplex is simpler to implement than a half-duplex MAC.
Limitations of Half-duplex Operation
• CSMA/CD implies an intimate relationship between the minimum length of a frame (L, measured in bit-times, not absolute time) and the maximum round-trip propagation delay (2a) of the network: L > 2a
round trippropagation delay
transmission timerateontransmissi
sizeframe_
_
maximumdistance
time
space
A
B
hub
10 Mbps Ethernet
• For the original 10 Mbps Ethernet, a compromise was struck.
• Minimum frame = 512 bits (64 bytes), not including the preamble and Physical Layer overhead.
• Minimum data field = 46 bytes rarely imposes a significant padding overhead (IP header + TCP header = 40 bytes).
• At 10 Mbps, 512 bit-times is 51.2us. Depends on the type of cable used and the network configuration, the extent of a 10 Mbps Ethernet can be on the order of from 2-3 Km.
Preamble SFD DA SA LEN Data FCS
7 1 6 6 2 46 4 bytes
Minimum Frame Length (512 bits)
Network Extent
• For a given minimum-length frame, the extent of a network scales inversely with data rate.
10Mbps 100 Mbps 1000 Mbps
10,000 m
1,000 m
100 m
10m
~ 2800m
~ 205m
~ 20m
100 Mbps Fast Ethernet
• For 100 Mbps Fast Ethernet, a conscious choice had to be made to do one or more of the following:Increase the minimum frame length so that large
networks (with multiple repeaters) could be supported.
Change the CSMA/CD algorithm to avoid the conflict.
Leave the minimum frame as is, and decrease the extent of the network accordingly.
Limitations of Half-duplex Operation
• For Hub-based configuration (1995 ~), the only truly important distance was from the user to the wiring closet (<100m, 200m diameter).
• A change to the minimum frame length would have required changes to higher-layer software, including device driver and protocol suite implementation. Also difficult to seamlessly bridge between 10 Mbps and 100 Mbps network with different minimum frame lengths.
• A change to the CSMA/CD algorithm would have significantly delayed the release of the Fast Ethernet standard.
Limitations of Half-duplex Operation
• Fast Ethernet uses The same 512-bit minimum frame.Decrease the network extent to the order of
200m, using twisted-pair cabling.No change to the CSMA/CD algorithm.
• For Gigabit Ethernet, network extent is only about 20m!!, if the same approach is used.
Carrier Extension
• For Ethernet/Fast Ethernet, the minimum frame length = slotTime = 512 bits.
• Gigabit Ethernet keeps the 512-bit minimum frame length but sets slotTime to 512 bytes
• In Gigabit Ethernet, frames that shorter than slotTime are extended by appending a carrier-extension field so that they are exactly one slotTime long.
• Frames longer than slotTime are untouched
Carrier Extended Frame Format
Preamble/SFD DA SA LEN Data FCS Extension
8 6 6 2 46 - 493 4 448 - 1 bytes
Minimum Nonextended Frame Length (64 bytes)
512-byte Short Frame
Carrier-Extended Frame (64-511 Bytes)
Preamble/SFD DA SA LEN Data FCS
8 6 6 2 494 - 1500 4 bytes
Non-Carrier-Extended Frame ( 512 Bytes)
Channel Efficiency
• The use of carrier extension for short frames imposes a significant performance degradation.
• In the worst-case (a stream of minimum length frames of 512 bits with a 64-bit preamble/SFD and a 96-bit interframe gap), the channel efficiency is
• For Ethernet (Fast Ethernet),
5124096 + 64 + 96
= 12%
512512 + 64 + 96
= 76%
length ofslot time
Frame Bursting
• The solution is to allow a station to send multiple frames, while extending only the first one with carrier extension (Frame Bursting).
• No additional frames are sent if a collision occurs before the slotTime expires.
• After that time, the station can begin sending additional frames without contending again.
• The interframe gap is filled with non-data symbols.• The bursting station may continue to start new frames for
up to one burstLength, which limits the maximum time that a station is allowed to dominate the channel.
Frame Bursting
Maximum Time to start of Last frame in Burst (8192 Bytes)
SlotTime(512 Bytes)
傳送訊框 frame 1 frame 2 frame 3 frame 4
Inter-Frame Spacing (96 bit time)
Preamble SFD DA SA LEN LLC PAD FCS
Carrier extension
Carrier detection
Frame Bursting
• Transmitters are not required to implement frame bursting.
• A trade-off between complexity and performance.
• Receiver must be prepared to receive bursted frames.
• Even if the first frame in a burst is longer than a slotTime (no carrier-extension), a station may still continue to burst frames up to the burstLength time.
• Normally, no collision should occur after the first slotTime during a burst of frames.
Half-Duplex Operational Parameters
Parameters
SlotTime 512 512 512 4096(Bit times)
interFrameGap 9.6 96 0.96 0.096 (us)
attempLimit 16 16 16 16
backoffLimit 10 10 10 10
jamSize 32 32 32 32
maxFrameSize 1518 1518 1518 1518
minFrameSize 64 64 64 64
extendSize 0 0 0 448
burstLength - - - 65,536 (bits)
Ethernet Type 10Mbps 1 Mbps 100 Mbps 1000 Mbps
Full-Duplex MAC
• When an Ethernet operates in full-duplex mode, all of the complexity of carrier sense, collision detection, carrier extension, frame bursting, backoff algorithm, and so on, has no bearing !!
• Only shared medium needs these.
• The full-duplex MAC is not really a MAC at all.
• With a dedicated channel, a station may transmit at will.
Limitations of Full-duplex Operation
• The underlying physical channel must be capable of supporting simultaneous, bi-directional communications without interference (1000BASE-X and 1000BASE-T families).
• Exactly two devices on the LAN segment.
• The interfaces in both devices must be capable of and configured to use full-duplex mode.
• If all of these conditions are met, then full-duplex mode not only can be used, it should be used.
Operation of Full-Duplex MAC
• A station can send a frame any time there is a frame in its transmit queue and it is not currently sending a frame.
• Stations should similarly receive frames at any time, subject to interframe spacing.
• Do not defer transmissions to received traffic.• No need for carrier-extension in full-duplex mode !!• No explicit need for frame bursting !!• Full-duplex MAC can “burst” at any time (not just after an
extended carrier) and for any length of time (not just for a burstLength period) !!
Gigabit Ethernet Protocol Stack• CS: Convergence Sublayer• MDI: Medium Dependent Interface• MII: Medium Independent Interface• GMII: Gigabit Medium Independent Interface
Physical
LLC
MAC
CS
PCSPMAPMD
Medium
CS
PCSPMAPMD
Medium
CS
PLS
PMA
Medium
PLS
PMD
Medium
MII MII GMII
AUIAUI
MDI MDI MDIMDI
Data link
Higher Layers&
Netrotk
1 Mbps, 10 Mbps 10 Mbps 100 Mbps 1000 Mbps
PHY
10 Gigabit Ethernet Protocol Stack
Physical
LLC
MAC
Data link
Higher Layers&
Netrotk
Reconciliation Sublayer (RS)
64B/66B PCS
64B/66B PCS
8B/10B PCS
PMA
PMD
Medium
PMA
PMD
Medium
WIS
XGMIIXGMII
PMA
PMD
Medium
XGMII
Proposed IEEE 802.3ae Layers
10GBase-R 10GBase-W 10GBase-X
OSI Ref.
IEEE 802.11 Family
• Differs in Physical Layer• IEEE 802.11b
– 2.45 GHz / 11 Mbps (100 m)
• IEEE 802.11a– 5.8 GHz / 54 Mbps (70 m)
• IEEE 802.11g– 2.4 GHz / 54 Mbps (100 m)
• IEEE 802.11n– 2.4/5 GHz / 100+ (max. 600) Mbps (100+ m)
IEEE 802.11Standard for WLAN operations at data rates up to 2 Mbps in the 2.4 GHz ISM band. DSSS modulation.
IEEE 802.11a
Standard for WLAN operations at data rates up to 54 Mbps in the 5 GHz band. Proprietary “rate doubling" has achieved 108 Mbps. Realistic rating is 20-26 Mbps.
IEEE 802.11bWi-Fi™ or “high-speed wireless” 1, 2, 5.5 and 11 Mbps in the 2.4 GHz band. All 802.11b systems are backward compliant. Realistic rating is 2 to 4 Mbps.
IEEE 802.11g802.11a backward compatible to the 802.11b 2.4 GHz band using OFDM.
Direct Sequence Spread Spectrum
Orthogonal Frequency Division Multiplexing
2.4 GHz Radio Licenses NOT required in these bands 5 GHz
Adaptive Rate Selection
• Performance of the network will also be affected by signal strength and degradation in signal quality due to distance or interference.
• As the signal becomes weaker, Adaptive Rate Selection (ARS) may be invoked.
Access Point (AP)
• Usually connects wireless and wired networks– if not wired
• acts as an extension point (wireless bridge)
• consists of a radio, a wired network interface (e.g., 802.3), and bridging software conforming to the 802.1d bridging standard
• Number of clients supported– device dependent
AP as a Wireless Bridge
mobile terminal
access point
server
fixed terminal
application
TCP
802.11 PHY
802.11 MAC
IP
802.3 MAC
802.3 PHY
Application
TCP
802.3 PHY
802.3 MAC
IP
802.11 MAC
802.11 PHY
LLC
infrastructure network
LLC LLC
Basic Service Set (BSS)
BSS
Coordinatedfunction
Independent Basic Service Set (IBSS)
IBSS
A BSS withoutAccess Point
Ad hoc mode
Extended Service Set (ESS)
• ESS: one or more BSSs interconnected by a Distribution System (DS)
• Traffic always flows via Access Point• allows clients to seamlessly roam
between APs
Distributed System (DS)
• A thin layer in each AP
– embodied as part of the bridge function
– keeps track of AP-MN associations
– delivers frames between APs
• Three types:
– Integrated: A single AP in a standalone network
– Wired: Using cable to interconnect APs
– Wireless: Using wireless to interconnect APs
ESS: Single BSS (with integrated DS)
BSS
AccessPoint
A cell
91.44 to 152.4 meters
ESS: BSS’s with Wired Distribution System (DS)
BSS
BSS
Distribution
System
20-30% overlap
ESS: BSS’s with Wireless Distribution System (DS)
BSS
BSS
Distribution
System
ESSID in an ESS
• ESSID differentiates one WLAN from another
• Client must be configured with the right ESSID to be able to associate itself with a specific AP
• ESSID is not designed to be part of security mechanism, and it is unfitted to be one
• AP broadcast the SSID(s) they support
• Client association requests contain the ESSID
• Transmitted in the clear
ESSID
Connecting to the Network
Client Access Point
Probe Request
Probe Response
Authentication Response
Authentication Request
Association Response
Association Request
Probing
802.11Authentication
Association
Probing Phase
• Find an available AP
• APs may operate at different channels (11 channels in total in case of 802.11a)
• Should scan a channel at least MinChannelTime
• If an AP is found, should last MaxChannelTime
Active Scanning
probe request with SSID
probe responseIf SSID matches
Service Set Identifier (SSID)
APMN
Passive Scanning
beacon with SSID
Service Set Identifier (SSID)
APMN
Full Scanning
MN AP 1
Scan channel 1
AP 2 AP 3
Scan channel 2
Beacon or Probe Resp
MinChannelTime
MaxChannelTime
Scan channel 3
Scan channel 11
…
WLAN authentication occurs at Layer 2. It is the process of authenticating the device not the user.
Authentication and Association Types
Authentication request
Authentication response(Accept or Reject)
802.11 Authentication Methods
• Open Authentication (standard)
• Shared key authentication (standard)
• MAC Address authentication (commonly
used)
Open Authentication
• The authentication request contain a NULL authentication protocol. It must have the AP SSID.
• The access point will grant any request for authentication
Client Access Point
Authentication Request
Authentication response
Shared Key Authentication• Requires that the client configures a static WEP key
Client Access Point
Authentication Request
Authentication response (challenge)
Authentication response(Success/Failure)
Authentication Request(encrypted challenge)
MAC Address Authentication
• Not specified in the 802.11 standard, but supported by many vendors (e.g. Cisco)
• Can be added to open and shared key authentication
Access-Request(MAC sent as RADIUS req.)
Auth. Request
Auth. Response (Success/Reject) Access-Success/Reject
ClientRADIUS ServerAccess Point
實際驗證
Open Authentication
WEP Encapsulation
1. P = M || checksum(M) {p=plaintext}
2. KeyStream = RC4 (IV || k( {k=shared-key}
3. C = XOR (P, KeyStream) {c=ciphertext}
4. Transmit (IV, C) {IV=init-vector}
WEP Key
Initialization Vector (IV)
Plaintext
Ciphertext
IV
seed
Message
Key Stream
CRC-32 Integrity Check Value (ICV)
RC4 PRNG
P
C
WEP Decapsulation1. KeyStream = RC4 (IV || k(2. P’ = XOR (C, KeyStream) = M’ || checksum(M)3. If checksum(M’) = (checksum(M))’
Then P’ is accepted
WEP Key
Plaintext Key stream
Message
Ciphertext
IV
ICV' = ICV?
CRC 32
RC4 PRNG
ICV’
ICV
Seed
P’
M’
802.1X
• based on EAP (extensible authentication protocol, RFC 2284)
– still one-way authentication
– initially, MN is in an unauthorized port
– an “authentication server” exists
– after authorized, the MH enters an authorized port
– 802.1X ties it to the physical medium, be it Ethernet, Token Ring or wireless LAN.
Three Main Components
• supplicant: usually the client software
• authenticator: usually the access point
• authentication server: usually a Remote Authentication Dial-In User Service (RADIUS) server
Extensible Authentication Protocol (EAP)
• the AP does not provide authentication to the client, but passes the duties to a more sophisticated device, possibly a dedicated server, designed for that purpose.
Authenticationrequest
Authenticationresponse
Authenticationrequest
Authenticationresponse
Authenticationserver
802.1X – How it works
Auth Server“RADIUS”
APClient
Let me in! (EAP Start)
What’s your ID? (EAP-request identity message)
ID = [email protected] (EAP Response)Is [email protected] OK?
Prove to me that you are [email protected]
The answer is “47”
Let him in. Here is the session key.
Come in. Here is the session key.
http://yyy.local\index.htmnetwork
EAP Challenge/Authentication
Encryptedsession
Distributed Coordination Function: CSMA/CA
• CSMA: Carrier Sense Multiple Access– physical carrier sense: physical layer
– virtual carrier sense: MAC layer• network allocation vector (NAV)
• CA: Collision Avoidance– random backoff procedure
• shall be implemented in all stations and APs
Contention Window
DIFS
contention windowbusy
All stations must wait DIFSafter medium is free
The winnerdata frame
random 1
random 2
random 3time
SIFS: Giving Priority to RTS/CTS/ACK
busy
DIFS
ACK
data frame
SIFSSIFS
DIFS
contention window
Source
Destination
OthersDefer access
SIFS: Transmitting Fragments
Source
Destination
Others
ACK ACK
SIFS
DIFS
ContentionWindow
Defer access
SIFS
Fragment 1SIFS
SIFS
Fragment 2
EIFS: Low Priority Retransmission
busy
data frame
SIFS
DIFS
SIFS
DIFS
contention window
Source
Destination
OthersDefer access
EIFS
NoACK
canresend
contension
CSMA/CA with RTS/CTS
busy
DIFS
ACK
data frame
SIFSSIFS
Source
Destination
Others NAV (RTS)
RTS
CTS
NAV (CTS)
contentionwindow
SIFS SIFS
RTS/CTS is Optional
• system parameter RTSThread– RTS/CTS is used only when frame size
RTSThread
Throughput Issues
• When a source node sends a frame, the receiving node returns a positive acknowledgment (ACK). – This can consume 50% of the available bandwidth.
• This overhead, combined with the collision avoidance protocol (CSMA/CA) reduces the actual data throughput to a maximum of 5.0 to 5.5 Mbps on an 802.11b wireless LAN rated at 11 Mbps.
What is Bluetooth?
• Major joint computing and telecomm industry initiative
• Plan to deliver a revolutionary radio-based solution– Cable replacement, no line of sight restrictions– Prefect for mobile devices - small, low power, low cost– Open specification (license free)
Bluetooth Characteristics
• Data/voice access
• Cable replacement technology
• 1 Mbps symbol rate
• Range 10+ meters
• Low cost
• Low power
Ultimate Headset(Voice Access)
Cordless Computer(Cable Replacement)
Automatic Synchronization
In the Office
At Home
Bluetooth World
Application of Bluetooth
• Integrated in– mobile phones– PDA/handhelds– Computers– Wireless peripherals
• Handsets
• cameras
– Network access devices• universal bridge to other networks or internet
Masters and Slaves
• Each Bluetooth device may be either a Master or Slave at any one time, thought not simultaneously.
• Master — the device which initiates an exchange of data.
• Slave — the device which responds to the master.
s m
Piconet
• Two or more units sharing the same hopping sequence form a piconet (similar to a LAN).
• Each piconet can have – only one master.
– up to seven slaves.• Each piconet has max
capacity (1 Mbps).s s s
m
Piconet Structure
Master
Active Slave
Parked Slave
Standby
Scatternet
• Multiple piconets form a scatternet.
• Same device can be shard by two different piconets
s s
sms
mss
ss
s
m
Max 256 piconets
Frequency Hop Spread-Spectrum
• Bluetooth channel is represented by a pseudo random hopping sequence through the entire 79 RF frequencies
• Nominal hop rate of 1600 hops per second
• Channel Spacing is 1 MHz
Time Division Duplex (TDD)
• Bluetooth is a Time Division Multiplexed system• 625 s/slot
Slot k Slot k+1 Slot k+2
master
slave
625s
Multi-Slot Packets
• Bluetooth defines data packets which are 1, 3, or 5 slots long
f(k) f(k+1) f(k+2) f(k+3) f(k+4) f(k+5) f(k+6)1-slotpacket
3-slotpacket
5-slotpacket
Time Division Multiplexing
• Slaves must listen to the master• A slave can send only after receiving a poll
Master
Slave 1
Slave 2
RX
RX RX
RXTX
TX TX
TX
RX RX RX RX
1
TX
2
TX
2
TX
1
TX
Putting It Altogether
0123
78
757677
45
…
time
Master
Slave 1
Slave 2
channel
Asynchronous Connection-Less (ACL) Links
• One ACL link can exist between any two devices.
• No slots are reserved.
• Every even-slot is Master transmission & every old-slot is Slave response
• Broadcast packets are ACL packets not addressed to any specific slaves.
Synchronous Connection Oriented (SCO) Links
• a symmetric link between Master and Slave with reserved channel bandwidth and slots.
• Typically used for voice connection• A Master can support up to three SCO links.• A slave can support
– up to 3 SCO links from the same master– two SCO links if the links are originated from different
masters.
• SCO packets are never retransmitted.
SCO Traffics
• Master reserves slots for SCO links
master
Slave 1
Slave 2
Slot no 0
TX
TX
RX
RX
TX
TX RX
RX
0SCOTX
RXSCO
TXSCO
RXSCO
1 2 3 4 5 1SCOTX
RXSCO
TXSCO
RXSCO
2
Mixed Link Packets
MASTER
SLAVE 1
SLAVE 2
SLAVE 3
ACLSCO SCO SCO SCOACLACL ACL
RFID
• What is RFID?– RFID is an ADC (Automatic Data Capture)
technology that uses radio-frequency waves to transfer data between a reader and a movable item to identify, categorize, track …
– RFID is fast, reliable, and does not require physical sight or contact between reader/scanner and the tagged item
An RFID System
Reader
RF ModuleTag
Antenna
Host ComputerHost Computer
Interrogation UnitTx/RxMicro
Computer
Computer Network
AntennaOne or more RF tagsTwo or more antennasOne or more interrogatorsOne or more host computersAppropriate software
RF Tag
Chip
Antenna
Tag
Radio Tx/Rx
RAM ROM
CPU I/O
Pwr Supply
Radio Tx/Rx
RAM ROM
CPU I/O
Pwr Supply
Radio Tx/Rx
RAM ROM
CPU I/O
Pwr Supply
Radio Tx/Rx
RAM ROM
CPU I/O
Pwr Supply
Chip + Antennae + Packaging = Tag
Variations of RF Tags
• Basic types: active vs. passive• Memory
– Size (16 bits - 512 kBytes +)– Read-Only, Read/Write or WORM
• Arbitration (Anti-collision)• Ability to read/write one or more tags at a time• Frequency : 125KHz - 5.8 GHz• Physical Dimensions
– Thumbnail to Brick sizes– Incorporated within packaging or the item
• Price ($0.50 to $150)
RFID Frequencies
Frequency Regulation Range Data Speed Comments
125-150 kHz Basically unregulated
? 10 cm Low Animal identification and factory data collection systems
13.56 MHz ISM band, differing power levels and duty cycle
< 1 m Low to moderate
Popular frequency for I.C. Cards (Smart Cards)
433 MHz
Non-specific Short Range Devices (SRD), Location Systems
1 – 100 m Moderate DoD Active
860-960 MHz
ISM band (Increasing use in other regions, differing power levels and duty cycle
2 – 5 m Moderate to high
EAN.UCC GTAG, MH10.8.4 (RTI), AIAG B-11 (Tires), EPC (18000-6’)
2450 MHz ISM band, differing power levels and duty cycle
1 – 2 m High IEEE 802.11b, Bluetooth, CT, AIAG B-11
Regulating Authority : ITU and Geo Organizations