Generated by Foxit PDF Creator © Foxit Software

http://www.foxitsoftware.com For evaluation only.

With the development in technology, many solutions are being proposed to cater for increasing
demand of wireless connectivity in specified range. As wireless networks played a vital role in
future communication that’s why WLAN became one of the new solution for legacy LANs.

The mobility forced peoples’ attraction toward wireless networks. The radio signals move
through the air and network connection can be set from any place within range of the network
base station’s transmitter. The IEEE (Institute of Electrical and Electronics Engineers) form
working group (WG) to develop a standard for wireless equipment in 1990. It produced a set of
standards and specifications for wireless networks under the title IEEE 802.11 in June 26, 1997
that define the formats and structures of the relatively short-range signals that provide Wireless
Fidelity (Wi-Fi) service. Following table depicts the various aspects of IEEE 802.11 standard.

Protocol Release Frequency Net Bit Range Range Other Info

Date (GHz) Rate (Indoor (Outdoor
(Max. in in in
Mbps) Meters) Meters)
802.11 Jun 1997 2.4 1/ 2 i) diffuse infrared= 1 Mbps;
ii) frequency-hopping spread
spectrum operating = 1 / 2 Mbps;
and iii) direct-sequence spread
spectrum operating : 1 / 2 Mbps
802.11a Oct 1999 5 54 15-50 30-100
802.11b Oct 1999 2.4 11 45-150 90-300
802.11g Jun 2003 2.4 54/108 45-150 90-300
802.11n 11 Sep 2009 2.4/5 600 91-300 182-600 [1]

Every node of IEEE 802.11 is known as a Station (STA) and base station as Access Point (AP).
When various stations operate in ad hoc mode, is known as Independent Base Service Set (IBSS)
while on the other hand, infrastructure mode as Base Service Set (BSS). In extend to this, two or
more BSS are connected with a distribution system (DS) to a wide network (e.g. internet) is
called as extended service set (ESS).
IEEE 802.11 limits the modification to Physical (Phy) and Data Link (DL) Layers of Open
System Interconnection (OSI) reference model. DL Layer is bifurcated into Logical Link Control
(LLC) sub-layer and Medium Access Control (MAC) sub-layer.
 Generated by Foxit PDF Creator © Foxit Software
http://www.foxitsoftware.com For evaluation only.

MAC layer accepts data units from higher layers with interaction to service access points
(SAPs). The data units depend upon the structure of above protocols (e.g. IP, ATM). ATM Cell
and IP packet convergence sub-layer provide an interface to the above layers in the stack. It also
regulates service specification to form MAC service data units (SDUs) for MAC layer
understanding. Then the common parts sub-layer assign protocol attributes.

These also assist to construct PDUs. A SDU may fragment in many PDUs or multiple SDUs may
be packed into one PDU depending upon the size of SDU. The third possible scenario can be
occurred when SDU size relates to PDU. PDU is a complete unit to transmit on physical
medium.
The security sub-layer manages authentication, key management and encryption algorithm
issues. The hieratical structure of MAC layer is illustrated in figure 1.

Upper Layer IP Packet / ATM Cell

Service Access Points
(SAP)

Convergence … Convergence

MAC SDU

MAC Layer
Common Part
MAC PDU

Security

Physical Layer
Fig. 1: MAC layer overview [2]

Overall support to several multiplexing and duplexing schemes makes the MAC more versatile
and flexible. Another remarkable feature of MAC is dynamic allocation of bandwidth based on
subscriber station rather than individual connection. The feature enhances efficiency of channel
utilization.
There are two coordination functions defined. Distributed coordination function (DCF) is basic
MAC technique of 802.11 standard. DCF is based on carrier-sense multiple access with collision
avoidance (CSMA/CA). It is a contention-based channel access scheme which employs with
-2-
 Generated by Foxit PDF Creator © Foxit Software
http://www.foxitsoftware.com For evaluation only.

binary exponential backoff (BEB). The other optional one is point coordination function (PCF),
for a centralized, contention-free channel access, based on poll-and-response mechanism.
Stations those operate in DCF mode, transmit or listen channel status for a DCF Interframe
Spacing (DIFS) interval. The interframe space is the time interval between frames. A station
determines that the medium is idle through the use of the carrier-sense function for the interval
specified. The DIFS interval time can be calculated as:
DIFS = SIFS + 2 x Slot time [3]

The DIFS varies upon the variants of 802.11 standard.

Standard Slot time (us) DIFS (us)

IEEE 802.11b 20 50
IEEE 802.11a 9 34
IEEE 802.11g 9 or 20 28 or 50

DCF also specifies random backoff which increase the station defer time to access the channel if
channel found busy based on following equation:
BackoffTime = Random Number x One Slot Time

PCF mode always operates in infrastructure mode and resides in AP. This mechanism based on
poll and transmits so AP sends CF-Poll frame to the PCF capable station to permit it to transmit a
frame. If station is not willing to utilize this channel access time then it has to transmit null
frame. PCF mode operates using PCF Interframe Space (PIFS) time interval and can be
calculated as follows:
PIFS = SIFS + Slot time [3]
The PIFS interval specification is as under in different variants of 802.11:

Standard Slot time (us) PIFS (us)

IEEE 802.11b 20 30
IEEE 802.11a 9 25
IEEE 802.11g 9 or 20 19 or 30

Stations have to answer with an acknowledgement to the reception of some frames. This is
known as positive acknowledgement. If no acknowledgement arrives, the source station assumes
that an error occurred.

-3-
 Generated by Foxit PDF Creator © Foxit Software
http://www.foxitsoftware.com For evaluation only.

SIFS is small time interval between the data frame and its acknowledgment. It is used for the
highest priority transmissions enabling stations with this type of information to access the radio
link first. Examples of information which will be transmitted after the SIFS has expired include
ACK (acknowledgement), RTS and CTS messages. SIFS duration is constant value and it is
depends on the amendments.

Standard SIFS (us)

IEEE 802.11b 10
IEEE 802.11a 16
IEEE 802.11g 10

The use of different interframe spaces provides priority levels for access to the wireless media.

The wireless network descends in security issues. As communication is carried out using air
interface so it is vulnerable for interceptions and security maintenance in wireless networks is a
tough job for protocol designers. 802.11 has rogue clients and APs, service set identifier (SSID)
spoofing & Sniffing, denial of service (DOS) as major vulnerabilities. Wired Equivalent Privacy
(WEP) also has weak protection mechanism.

A rogue BS attack countermeasures took place by introducing mutual authentication at user-

network level. It performs after scanning, acquisition of channel description, ranging and
capability negotiation and based on Extensible Authentication Protocol with specific
authentication method as Extensible Authentication Protocol- Transport Layer Security (EAP-
TLS) (X.509 certificate based).[4]
MAC layer management messages use HMAC tuple that based on Advance Encryption Standard
(AES) with reply protection and One-Key Message Authentication Code (OMAC) tuple. Man-
in-the-middle and active attacks cause of the same weakness.
WEP key mechanism provides encrypted transmission between AP and Station in WLAN.
Integrity Check Algorithm (ICA) frame protection to generate Integrity Check Value (ICV) hash
before encryption. WEP may be exploiting by following reasons:-
1) WEP manual key assignment is time consuming and cumbersome task.
2) Use of WEP key for long time shows a way to attackers by decrypting dictionary method.
3) WEP standard uses 64 / 128 bit keys that can be cracked.
4) RC4 used for encryption in WEP that has nonrandom for first few bytes of output.

-4-
 Generated by Foxit PDF Creator © Foxit Software
http://www.foxitsoftware.com For evaluation only.

EAP framework gives no. of authentication methods. Wireless-Fidelity Protected Access (WPA)
introduced in IEEE 802.11i standard that contains Security Protocol. The Temporary Key
Integrity Protocol (TKIP) and Counter Mode with CBD-MAC (CCMP)/ WPA2. TKIP designed
to upgrade WEP-based software that’s way it follows WEP similar architecture while WPA
supposed to replace WEP. The automatic Key Change Mechanism with large Initialization
Vector (IV) and Message Integrity Check (MIC) makes it more robust and efficient.
Mile stone change that makes WPA2 successor of WPA is encryption method AES in contrast
with RC4. WPA2 is also backward compatible. Encryption and integrity is involved in same
process as in WPA.[4]

802.11n is latest specification approved by IEEE standards board in 11 September, 2009 to

improve data throughput and range. The publication of the standard is expected in mid October
2009. [1]

-5-
 Generated by Foxit PDF Creator © Foxit Software
http://www.foxitsoftware.com For evaluation only.

REFERENCES
[1] IEEE 802.11n, “IEEE Ratifies 802.11n, Wireless LAN Specification to Provide Significantly
Improved Data Throughput and Range”;
http://www.reuters.com/article/pressRelease/idUS183099+11-Sep-2009+BW20090911, Sep. 09.
[2] Michel Barbeau, “WiMAX/ 802.16 Threat Analysis”, Carleton University, ACM, Oct, 2005.
[3] IEEE Std 802.11-2007, http://standards.ieee.org/getieee802/download/802.11-2007.pdf, P-138,
June 2007.
[4] Mahmoud Nasreldin, Heba Aslan, Magdy El-Hennawy, Adel El-Hennawy, “WiMAX Security”,
IEEE - 22nd International Conference on Advanced Information Networking and Application –
Workshop, Mar, 2008, pp 199-202.

-6-