Chapter_07_3

Semester 3 Chapter 7: Wireless LANs

Wirelless Access Points

An access point converts the TCP/IP data packets from their 802.11 frame encapsulation format in the air to the 802.3 Ethernet frame format on the wired Ethernet network.

CSMA/CA

Access points oversee a distributed coordination function (DCF) called Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). This simply means that devices on a WLAN must sense the medium for energy (RF stimulation above a certain threshold) and wait until the medium is free before sending. Because all devices are required to do this, the function of coordinating access to the medium is distributed.

The Hidden Node Problem (that CSMA/CA cannot address)

One means of resolving the hidden node problem is a CSMA/CA feature called Request to send/Clear to send (RTS/CTS). RTS/CTS was developed to allow a negotiation between a client and an access point. When RTS/CTS is enabled in a network, access points allocate the medium to the requesting station for as long as is required to complete the transmission. When the transmission is complete, other stations can request the channel in a similar fashion. Otherwise, normal collision avoidance function is resumed.

SSID (=Network Name)

A shared service set identifier (SSID) is a unique identifier that client devices use to distinguish between multiple wireless networks in the same vicinity. Several access points on a network can share an SSID. The figure shows an example of SSIDs distinguishing between WLANs, each which can be any alphanumeric, case-sensitive entry from 2 to 32 characters long.

site survey

802.11 Topologies:

Client and Access Point Association Process

A key part of the 802.11 process is discovering a WLAN and subsequently connecting to it. The primary components of this process are as follows:

· Beacons - Frames used by the WLAN network to advertise its presence.

· Probes - Frames used by WLAN clients to find their networks.

· Authentication - A process which is an artifact from the original 802.11 standard, but still required by the standard.

· Association - The process for establishing the data link between an access point and a WLAN client.

The 802.11 Join Process (Association)

Before an 802.11 client can send data over a WLAN network, it goes through the following three-stage process:

Stage 1 - 802.11 probing

Clients search for a specific network by sending a probe request out on multiple channels. The probe request specifies the network name (SSID) and bit rates. A typical WLAN client is configured with a desired SSID, so probe requests from the WLAN client contain the SSID of the desired WLAN network.

If the WLAN client is simply trying to discover the available WLAN networks, it can send out a probe request with no SSID, and all access points that are configured to respond to this type of query respond. WLANs with the broadcast SSID feature disabled do not respond.

Stage 2 - 802.11 authentication

802.11 was originally developed with two authentication mechanisms. The first one, called open authentication, is fundamentally a NULL authentication where the client says "authenticate me," and the access point responds with "yes." This is the mechanism used in almost all 802.11 deployments.

A second authentication mechanism is referred to as shared key authentication. This technique is based on a Wired Equivalency Protection (WEP) key that is shared between the client and the access point. In this technique, the client sends an authentication request to the access point. The access point then sends a challenge text to the client, who encrypts the message using its shared key, and returns the encrypted text back to the access point. The access point then decrypts the encrypted text using its key and if the decrypted text matches the challenge text, the client and the access point share the same key and the access point authenticates the station. If the messages do not match, the client is not authenticated.

Stage 3 - 802.11 association

This stage finalizes the security and bit rate options, and establishes the data link between the WLAN client and the access point. As part of this stage, the client learns the BSSID, which is the access point MAC address, and the access point maps a logical port known as the association identifier (AID) to the WLAN client. The AID is equivalent to a port on a switch. The association process allows the infrastructure switch to keep track of frames destined for the WLAN client so that they can be forwarded.

Once a WLAN client has associated with an access point, traffic is now able to travel back and forth between the two devices.

Wireless Security Standards

**IEEE 802.1x standard, which is simply a standard for passing EAP over a wired or wireless LAN. With 802.1x, you package EAP messages in Ethernet frames and don't use PPP. It's authentication and nothing more. That's desirable in situations in which the rest of PPP isn't needed, where you're using protocols other than TCP/IP, or where the overhead and complexity of using PPP is undesirable.

802.1x uses three terms that you need to know. The user or client that wants to be authenticated is called a supplicant. The actual server doing the authentication, typically a RADIUS server, is called the authentication server. And the device in between, such as a wireless access point, is called the authenticator. One of the key points of 802.1x is that the authenticator can be simple and dumb - all of the brains have to be in the supplicant and the authentication server. This makes 802.1x ideal for wireless access points, which are typically small and have little memory and processing power.

More info below:

http://www.netcraftsmen.net/welcher/papers/dot1x.html

TKIP has two primary functions:

· It encrypts the Layer 2 payload

· It carries out a message integrity check (MIC) in the encrypted packet. This helps ensure against a message being tampered with.

AES has the same functions as TKIP, but it uses additional data from the MAC header that allows destination hosts to recognize if the non-encrypted bits have been tampered with. It also adds a sequence number to the encrypted data header.

Securing methods for WLAN:

· SSID cloaking - Disable SSID broadcasts from access points

· MAC address filtering - Tables are manually constructed on the access point to allow or disallow clients based on their physical hardware address

· WLAN security implementation - WPA or WPA2

The 3 As of security:

“Authentication, Authorization and Accounting”