What is a WLAN or Wi-Fi?
WLAN (wireless local area network) is a wireless data communication system to extend the LAN which uses radio waves to transmit and receive the wireless signals through the air between wireless client stations (i.e. laptops, android phones, tablets, wireless USB receivers, PDAs, etc.) and redistribution point (i.e. wireless access points or wireless router).
The redistribution point transmits the radio waves over a particular region which is called wireless coverage area or service set.
There are two types of wireless service sets, basic service set abbreviated as BSS and extended service set abbreviated as ESS. Let’s discuss each.
Basic Service Set BSS
Basic service set is a wireless coverage area consisting of a redistribution point (typically wireless access point WAP or wireless router) with one or more client stations communicating to each other with the same medium access characteristics.
BSS is further divided into two modes. One is infrastructure mode and second is ad-hoc mode. The overview of these two modes is given below.
BSS Infrastructure mode:
In infrastructure mode, an access point (single or multiple APs meshed together) and client stations are connected to each other. Infrastructure mode is identified with BSSID which is a 48-bit mac address of that servicing access point. The network traffic between the client stations is routed through the access point. It means that the client stations are dependent on the access point. Hence access point is a central point or heart of the wireless network and its failure will stop the network.
BSS Ad-hoc mode:
In ad-hoc mode, the stations are connected directly to each other without any dependency on distribution or access point AP to relay the network traffic. Hence there is no central point of failure. Since there is no access point they cannot connect to any other basic service set BSS. BSS ad-hoc is also referred as Independent Service Set IBSS
Extended service set ESS
Extended service set ESS is a collection of two or more basic service sets BSS with infrastructure mode on the same segment of a network (i.e. same VLAN or network subnet). The mobile stations can move seamlessly from an active BSS to next BSS within the ESS. This happens because all BSSs within the ESS appear as one network. Each ESS has an identifier which is called SSID (service set identifier). The SSID can be 32 byte long. It is also referred as network name and is convenient in English or any natural language. An ESS logically must contain common SSID for all included BSSs and physically ESS should be on a single broadcast domain.
Why WLAN is often known as Wi-Fi
Wireless LAN refer to any local area network (LAN) extended with the coverage of radio waves for portable devices to connect. Certain types of WLAN which follow the specifications of IEEE 802.11 standards are termed as Wi-Fi. Wi-Fi is short for “wireless fidelity”). Wi-Fi term was created by Wi-Fi Alliance which certifies the Wi-Fi products.
Distribution system DS
Distribution system provides the connectivity to all access points within the single ESS. It extends the network coverage by providing roaming services to portable devices between BSS cells. Distribution System can be wired or wireless. Current distribution systems are mostly based on WDS or Meshed protocols.
Private vs. Public Wireless LAN
There are two objectives to deploy wireless LAN. Secure private WLAN and insecure public WLAN. Secure or private WLAN requires authentication to enter the network. Secure wireless LANs can be deployed in a limited area such as hospitals, small or campus offices, homes, libraries, schools, etc. Unsecured Wi-Fi hotspot is opened for public access. Unsecured Wi-Fi hotspots are deployed in public places such as parks, airports lounges, train substations, guest houses, hotels, coffee shops etc.
WLAN authentication is a process to validate the identity of user device before connecting to the Wi-Fi network. The authentication is done on the basis of Wi-Fi network security key; if the user provides the correct security key then he will be given access to the network and if the key does not match then connection request will be discarded. The key is configured by the Wi-Fi administrator. Once the user is connected to the Wi-Fi, the next challenge is to protect the communication messages over a wireless medium. Let us see how wireless security methods work.
Wireless LAN Security
Security becomes an important concern in wireless communication. Hackers can easily interrupt and capture information traveling through the open air. They can intercept and extract passwords and credit card numbers. Therefore to combat with hackers, different security protocols were developed.
Security protocols use encryption techniques to cipher the message. Ciphering is the secret encoding of data which is scrambled over the wireless medium to hide information from intruders but wireless stations and the client can decipher the data at receiving end. The wireless access point and client station must use the same security protocol to code and decode the encrypted data.
There are two main types of security methods, Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WPA was further modified and named as WPA2 which includes more security features than original WPA. Most Wi-Fi access points come with these security options. We will discuss each in detail and understand how they work.
Wired Equivalent Privacy WEP
WEP is a security protocol which uses RC4 algorithm to secure the data from capturing by hackers. This protocol was used by many companies to ensure the data security. It was developed in the 1990s as the first encryption algorithm for IEEE 802.11 standard. RC4 stands for “Rivest Cipher 4” and was invented by “Ronald Linn Rivest” an institute professor at MIT. This algorithm is used for both authentication and encryption.
How RC4 works
Initially, RC4 was designed according to the limited processing power of access points at that time, therefore the design is simple. We can define RC4 authentication process in 4 simple steps.
1. The client station initiates the authentication request to AP to enter into the network.
2. The AP sends a clear text challenge message back to the client station.
3. The client station then uses RC4 to encrypt the message and sends back to AP.
4. At the receiving end, AP decrypts the message. If it matches to the sent message, then it means the requesting station is configured with the correct key, and finally, the client station is authorized to use the network resources.
Once the authentication is done, the client station and AP are now free to communicate to each other. During data transmission, every single data byte is encrypted using a different packet key (key-stream) ensuring that if an intruder manages to capture this packet key the only information that is leaked is that which is contained in that packet.
In 64-bit WEP, a 40-bit pre-configured master key is combined with 24-bit random value Initialization Vector IV to produce a 64- bit key stream. RC4 consists of two main components.
1. The Key Scheduling Algorithm KSA which takes the pre-configured master key and initialization vector IV and then creates scrambled state arrays for input to PRGA.
2. Pseudo-Random Generation Algorithm PRGA finally generates the keystream.
Each keystream byte is XORed (Exclusive OR) with corresponding plaintext bytes to produce a ciphered or encrypted data packet. On the packet a checksum is added with the help of CRC-32 algorithm, this checksum is also encrypted. Encrypted data is then transmitted on wireless channels of the WLAN.
The receiving station uses the pre-configured master key and the received random value IV to decrypt the ciphered packet and checksum. The checksum is calculated over the packet text. If the received checksum and calculated checksum are matched with each other, then RC4 concludes that the packet contents are not altered during data transmission.
As we know that the pre-shared key and 24-bit IV are combined to produce the keystream to build up the encryption. But the small size of the IV increases the possibility that keys will be reused, which, in turn, makes them predictable and easier to crack. This flaw, along with several other vulnerabilities i.e. problematic authentication mechanisms makes WEP a risky choice for wireless security. Also, WEP was the first design for security challenges, therefore it lacks the security. In 2001 many cyber-security experts identified several flaws in WEP and it was a driving factor to lead the large-scale industry and device consumers to phase out the WEP and look for a new solution. New Wi-Fi security protocol is WPA.
Wi-Fi Protected Access WPA
After the flaws revealed in WEP, Wi-Fi alliance released a new security protocol WPA in 2003. WPA is based on the draft of 802.11i standards. It was an interim solution as an urgent need. WPA provides more sophisticated method of data encryption compared to WEP and also it provides more reliable authentication then WEP. Therefore WEP was replaced by WPA. WPA retained the use of RC4 but added some features to overcome the deficiencies of WEP which are:
1- Stronger authentication WPA uses 802.1x RADIUS server and provides stronger authentication than WEP with the help of newly introduced security features.
2- Long Initialization Vector IV: WPA uses 48-bit IV and 128-bit master key to make it more difficult for hacking (as compared to WEP which used 24-bit IV and 40-bit master key).
3- Use of TKIP: Temporal Key Integrity Packet uses different keys for each client and changes the keys for each following packets.
4- Message integrity code: MIC checks that the original information in the transmitted packet has not been altered during traveling from one point to another. MIC also referred as cryptographic checksum which is generated by the cryptographic algorithm. The cryptographic algorithm converts the data into hash values by performing complicated series of mathematical operations. These hash values are used as the checksum. MIC provides much greater protection than CRC32.
WPA enabled Wi-Fi devices normally operate in two different modes.
WPA Personal Mode: This mode is appropriate for home and small office users. It commonly provides the option of a WPA-PSK security method. The PSK (pre-shared key) or passphrase is used for authentication. PSK is dynamically transmitted between wireless Access Point WAP and client. For encryption to work, both transmitting and receiving devices should use the same encryption key to decrypt the packet successfully.
In WPA-PSK mode, a wireless access point cannot be managed centrally or individually. If the key has been changed in the access point, then all clients must change the key manually. In WPA personal all clients are authenticated through passphrase or PSK, but WPA2 has something special to use for authentication.
WPA enterprise Mode: This security mode is useful for the business environment and it is more complicated to configure. WPA enterprise offers individual and centralized control over access to Wi-Fi network. The Access Point (AP) uses Extensible Authentication Protocol (EAP) for negotiation of pair-wire master key with all stations in the network; then client ID is verified by 802.1x or RADIUS server for authentication. The RADIUS server provides the centralized service of authentication. Therefore WPA enterprise mode is appropriate in the network where RADIUS server is deployed.
When the user tries to connect to the Wi-Fi, he needs to provide the login credentials (i.e. username and password). As the user provides the credentials, a separate user session is created and an encryption is assigned to that session in the background without dealing with the user.
How TKIP generates encryption
Temporal Key Integrity Protocol is an encryption protocol which is included as a part in the specifications of IEEE 802.11i standard. As it was designed to address the weaknesses of WEP, therefore TKIP uses some additional security protocols with WEP to provide more secure data transmission. In simple words TKIP works as a “wrapper”, it wraps the additional code on WEP programming at the beginning and end to encapsulate and modify the data so that the legacy devices may be upgraded without replacing hardware.
The new protocol encrypts each packet with a unique encryption key. To increase the key strength TKIP includes four additional algorithms.
- Cryptographic MIC, also called Michael to provide packet protection.
- New IV sequencing discipline, it includes hashing to avoid the attacks from hackers or intruders
- Per packet key mixing, to increase the cryptographic strength.
- Re-keying mechanism, to provide fresh encryption and integrity keys eliminating the threat of attacks on reusing of keys.
Following block diagram shows the ordered placement of TKIP components to generate the encrypted key per packet. Let us elaborate the each component.
Temporal key: It is a unique temporary key for each packet.
MAC Address: A 48-bit hardware address of the device.
SA: Source address of transmitting device.
DA: Destination address of the intended receiving device.
Plaintext MSDU: MSDU stands for MAC Service Data Unit. Plaintext is a payload of 802.11 data frame which contains data from “LLC” sub layer (LLC lies just above MAC sub-layer) and upper layers of OSI reference model.
MIC Key: Cryptographic checksum key to be used for verification of packet.
Phase 1 key mixing: Takes input of Temporal Key and MAC address and XORs them to generate the intermediate key.
Intermediate Key: As the name suggest an intermediate key is the mixture of temporal key and MAC address. Intermediate key is different for different stations and Access Points APs.
Michael: combines the MIC key with SA, DA and plaintext MSDU to create the TKIP sequence counter after fragmentation.
Phase 2 key mixing: It takes the TKIP sequence number of fragmented packet and encrypts it using the intermediate key from phase 1, producing finally a 128-bit per-packet key.
WEP Encapsulation: Encapsulates the per pocket key for physical layer transportation.
MPDU: MAC Packet Data Unit is a final ciphered information which is ready to be transported on physical layer of OSI reference model.
TKIP algorithm mixes the IV and master key with the MAC address of sender and adds a sequence counter. By including MAC address in the key insures that the same mixed key will not be used by all clients. By including the packet sequence number, TKIP generates a different combined key for each subsequent packet.
Wi-Fi Protected Access WPA2
Apart from WPA which is based on IEEE 802.11i draft, WPA2 follows the complete standard of IEEE 802.11i. The Wi-Fi Alliance applies WPA2 terminology to the implementation of the standard’s mandatory requirements.
WPA2 further improves the security of Wi-Fi network by using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) based on the Advanced Encryption Standard (AES) algorithm for stronger authentication and data encryption. CCMP is more secure than the combination of RC4 and TKIP but it requires more processing power than RC4, hence upgrade to WPA2 may require replacement of APs or client wireless interfaces.
WPA2 can work on both personal and enterprise mode.
WPA2 Personal mode: In WPA personal mode, pre-shared key is combined with wireless network SSID to generate the pairwise master key (PMK). PMK is used in message exchange between client station and access point to derive pairwise transient key (PTK).
WPA2 Enterprise mode: In enterprise mode, one of the EAP methods is used for client authentication. During the process of authentication, client station and access point receive messages from 802.1x server (or it may be also RADIUS server). These messages are used by both AP and client to create the PTK. The PTK is then used to encrypt and decrypt the messages.
In WPA2 modes, a group temporal key (GTK) is created during exchange of information between client and access point. GTK is used to decrypt the multicast and broadcast messages.
|SA||Station Address or Station MAC address|
|AA||AP Address or AP MAC address|
|ANonce||Based on known PMK, a message generated by AP to compute a secret session key without passing actual session key on wireless medium. It is a random Integer value of 256 bits.|
|SNonce||Based on known PMK, a message generated by client station to compute a secret session key without passing actual session key on wireless medium.|
|PMK||Pair-Wise Master Key, used to derive PTK based on ANonce and SNonce.|
|PTK||It is a value derived from PMK, ANonce, SNonce, AA and SA to encrypt all unicast messages between client and AP.|
|GTK||GTK encrypts all broadcast and multicast transmissions between AP and multiple client stations. GTK is constructed on AP and sent to client station.|
|EAPOL||EAPOL stands for Extensible Authentication Protocol (EAP) over LAN (EAPoL) is a network port authentication protocol used to encapsulate the messages on any LAN.|
As we know that the term Wi-Fi is owned by Wi-Fi alliance which certifies the Wi-Fi products to meet the IEEE 802.11 standards. The IEEE 802.11 standards define the specification of Wi-Fi communication with specific frequency bands (i.e. 900 MHz, 2.4 GHz, 3.6 GHz, 5 GHz and 60 GHz) on MAC and physical layer of OSI.
There are various standards developed by IEEE in past and the process is still continues to grow today to further improve the Wi-Fi technology in terms of speed, reliability and coverage.
Before the discussion of most commonly used IEEE standards of Wi-Fi, let us describe the parameters on which the IEEE 802.11 protocol versions are based.
|IEEE protocol:||It defines the protocol versions with alphabetical notations like a,b,g,n etc. The alphabet changes with the version.|
|Release:||It is the year in which IEEE protocol is released.|
|Frequency:||A carrier frequency as a medium of wireless communication to transmit the data.|
|Bandwidth:||The wireless channel width or the frequency range between lower and higher attainable frequency.|
|Data Rate:||The amount of data or bits moves successfully from transmitter to receiver. Also known as throughput.|
|MIMO:||Multiple Input Multiple Output is an antenna technology for wireless communication used at both transmitter and receiver to minimize errors and optimize the data speed.|
|Modulation:||Process of varying one or more properties of a periodic waveform known as carrier signal.|
|Range:||The coverage area of Wi-Fi device.|
In the below table, the list is in chronological order with older standards on top and newer standards on bottom.
|IEEE Protocol||Release||Frequency||Bandwidth||Data Rate||MIMO Support||Modulation||Range|
|802.11 legacy||June 1997||2.4 GHz||22 MHz||1, 2 mbps||NA||DSSS, FHSS||66 feet||330 feet|
|802.11a||Sep 1999||5 GHz||20 MHz||6, 9, 12, 18, 24, 36, 48, 54 mbps||NA||OFDM||115 feet||390 feet|
|802.11b||Sep 1999||2.4 GHz||22 MHz||1, 2, 5.5, 11 mbps||NA||DSSS||115 feet||460 feet|
|802.11g||June 2013||2.4 GHz||20 MHz||6, 9, 12, 18, 24, 36, 48, 54 mbps||NA||OFDM||125 feet||460 feet|
|802.11n||Oct 2009||2.4/5 GHz||20 MHz||Up to 288.8 mbps||4||MIMO-OFDM||230 feet||820 feet|
|802.11n||Oct 2009||2.4/5 GHz||40 MHz||Up to 600 mbps||4||MIMO-OFDM||230 feet||820 feet|
|802.11ac||Dec 2013||5 MHz||20 MHz||Up to 346.8 mbps||8||MIMO-OFDM||115 feet|
|802.11ac||Dec 2013||5 MHz||40 MHz||Up to 800 mbps||8||MIMO-OFDM||115 feet|
|802.11ac||Dec 2013||5 MHz||80 MHz||Up to 1733.2 mbps||8||MIMO-OFDM||115 feet|
|802.11ac||Dec 2013||5 MHz||160 MHz||Up to 3466.8 mbps||8||MIMO-OFDM||115 feet|
All devices following 802.11 Wi-Fi standards operate within the ISM (Industrial, Scientific and Medical) frequency bands. These frequency bands are shared by a variety of other users, but no license is required for operation within these frequencies. This freedom makes the Wi-Fi technology for widespread use.
There is a variety of applications which are made for the purpose of home automation, real-time multimedia streaming, Voice over IP etc. When these applications are used in Wi-Fi environment, their performance will be directly affected if Wi-Fi is deployed with poor planning. Especially real-time multimedia streaming and VoIP over Wi-Fi have become an integral part of home or small office connected with Wi-Fi. These applications are very delayed sensitive which require uninterruptible internet service with mobility.
While these new technologies are very convenient, implementation of underlying Wi-Fi network is not always a trouble-free job. Especially mobility is an extremely important aspect of Wi-Fi network. For example, if a person is walking through a facility while carrying a mobile phone and using video streaming on youtube or VoIP application e.g. Skype or Whatsapp messenger or downloading a long file from server. The Wi-Fi radio of the user device will automatically switch it’s connection from one access point to another access point to provide seamless connectivity during the movement. The connection switching is the job of roaming algorithm.
Roaming is defined in IEEE 802.11r standard. This standard provides the procedure of “Fast Transition Roaming” or “fast roaming”. This standard was released in 2008. According to IEEE the 802.11r standard ensures fast and secure hand-off with continuous connectivity. Another standard is IEEE 802.11k which provides the guidelines for radio resource measurements of neighboring access points. This standard was also released in 2008. Then in 2011 IEEE released the 802.11v standard for wireless network management. This standard studies the network topologies and monitors the state of a network.
What is roaming?
Wi-Fi Roaming is a process of connection switching of mobile device moving outside the usable range of one access point to another nearby access point having the stronger signals within the same ESS without losing connection within a defined time period
Generally, the decision to invoke the roaming process from one AP to another is the responsibility of wireless client device. Roaming algorithms used by wireless clients may vary from vendor to vendor but almost all roaming algorithms involve the Receive Signal Strength Indicator (RSSI). As wireless client moves away from connected AP, the signal strength drops. The wireless client compares the strength of received signal to a pre-defined minimum signal strength threshold limit and determines if a roaming process is required. 0Once the signal strength is dropped below the threshold, the device will perform the scanning of all available channels of candidate AP and selects the most appropriate channel having the acceptable signal strength and completes the roaming process by associating to new AP. The process is typically known as “hand-off”.
- In picture 1 the client connected to the wireless router and moving out to another access point.
- In picture 2 the client has detected another wireless access point with stronger signal and sends the disassociation signal to wireless router.
- In picture 3 the mobile device is connected to new AP. Hence hand-off is completed.
How to avoid connection drop in the hand-off
There are few common practices to avoid connection drop during hand-off.
- Keep 20% overlapping between adjacent cells which is a standard practice in the industry. The overlapping is necessary because roaming client needs more than one wireless network simultaneously for evaluation to choose the best wireless network to roam on. In non-overlapping cells, the connection will be dropped.
- Remember the rule 1, 6, 11 in 2.4 GHz spectrum. Use channels 1, 6 and 11 otherwise anything else in between will be considered as overlapping of channels which will lead to reducing the performance due to increased interference. In 5 GHz spectrum use non-overlapping channels to avoid interference.
Below diagram will show the concept of cell overlapping and non-overlapping of frequencies.
Technology alternatives to minimize hand-off delays
As we have discussed above that hand-off initiation is totally dependent on client, so there is a question that how can we achieve uninterruptable Wi-Fi services. Whenever there is hand-off there is a risk of packet dropping and service delays. To eliminate hand-off is not an option, therefore we some alternatives.
- Use same SSID and common security level. If multiple APs are set to common SSIDs and security level then the APs will act as a common logical zone which eventually results to reduce the number of hand-offs a device may require.
- Use of configuration controller. A configuration controller is used in combination with multiple APs of single vendor with low power. This method typically does little more to optimize the AP setup by pushing the settings to the APs on the network and ensures that they are all set to the same SSID and security levels.
- Management controller. In this method a controller device is used handle all APs connected it. The job of controller is to optimize the hand-off process between APs.
In all above methods, the client still need to determine at what time to trigger hand-off process when moving from one AP to other which typically takes more time than actual hand-of time.
- Wireless Network Virtualization. While still retaining the use of a controller, this method is significantly more sophisticated than the above controller solutions. In this case, the controller actively monitors and “listens” to all APs on the network and selects the best one for transmitting data to the client. Roaming is eliminated because the client sees all APs as a single AP. For certain enterprise applications, this is an effective solution, but for home and small office use, this costly solution.
Advantages and disadvantages of Wi-Fi
- Convenience in using shared resources
The wireless medium of Wi-Fi network allows the clients to connect with the network and access the shared resources nearly from any convenient location within the range of network. This feature is more convenient than wired network.
- Freedom of mobility
Wi-Fi provides freedom of movement to the user, hence there is no need to stick to the office desk and user can freely move around with their laptop and handheld devices with the access of internet. In office environment, many jobs require workers to be mobile such as inventory clerks, healthcare worker, emergency care specialists, etc. For such nature of job the wired network will make it impossible to access the network.
- Increased productivity for business
For business it implies that everyone should be more productive and focus on the assigned tasks regardless of location. This is only possible when employees are connected with an office Wi-Fi even while they move from one place to another and maintains nearly constant affiliation with the office network. In this way the employee can be more productive for business.
- Easy deployment in difficult to wire areas
In the areas or buildings where installation of physical wire is very difficult, wireless networking solves the problem and saves the tangible cost. If river, freeways, separate building or other obstacles you want to connect, a wireless solution is a smart decision instead of installing physical wire network or leasing the communication circuit.
- Less installation Cost
A single Wi-Fi device can provide connection to multiple users but multiple users cannot be connected to a single wire. Hence it means you can save the wire cost and labour charges. In large environment with many computers users, Wi-Fi is the only cost saving solution but the physical wiring.
Wireless network can serve the suddenly-increased number of users existing equipment but in wired network there is no such option and requires extra wiring. Secondly it is easy to expand the wireless LAN by just adding and connecting additional Wi-Fi device to the existing network.
- Reduced installation time
The installation of cable require more efforts then wireless LAN. For example physical cable installation requires to pull the twisted-pair wires above the ceiling and drop cables though walls to network outlet that must be affix to the wall. These tasks can take days to weeks or even months depending on the size of installation. The deployment of Wi-Fi greatly reduces the need for cable installation and makes the network available for use much sooner.
- Enables different handheld and other home devices to connect with
Unlike wired network, you can connect different devices to Wi-Fi network. The handheld devices or home appliances can be controlled by connecting them to Wi-Fi. The example of Wi-Fi enabled devices are smart phones, tablets, and today even refrigerators, baby alarms, smoke detectors, TVs, DVDs, speakers, etc.
- No cables – no mess
Ethernet cable, cables for keyboard and mouse can cause the big mess on your work place. The cables for speakers, and other audio and video devices can be problem at your home. Wireless connectivity of the devices eliminates all these problems.
For hackers, this is not easy to intercept the data from the medium in wired LAN, but they have bright chances to capture data from Wi-Fi network due to wireless nature of medium until and unless the most appropriate security option is not configured in the wireless router. Wireless router provides some security options to choose which may be confusing for a new or inexperienced user. Also some of the more common security options, however, are known to have weaknesses and vulnerable for user.
Normally the range of category 5-to 7 Ethernet cable is 100 meters but a common wireless router can have tens 30 meters range radius. Furthermore range may be further affected when more number of users are connected. This is suitable for home but for larger structure more devices like repeater or access points are needed to extend the range.
Unlike the data transmission via Ethernet cable or network wire, radio frequency is less reliable when compared to wire medium. This is because wireless nature of medium which is vulnerable due to external environment. The waves suffer the interference due to multipath propagation, external noise, sunlight (if outdoor used) or interference from same frequency being used by other home appliances. Due to interference a corrupted signal is received at receiver, hence resulting an increased error rate.
The data rate of wireless LAN is slower than wired network. Now-a-days the wireless LAN typically provide (1 to 54 mbps) which is much slower than wired network which provides 100 mbps to several gbps speed.