Campus Wireless

Dave Packham OIT Architecture Dave.packham@utah.edu

Agenda

IV.

Wireless 101 - Dave Packham (45 minutes) a. b. Overview of Wireless Technology (3500 foot level) U of U Wireless Direction, Standards i. ii. iii. c. ITC -> Wireless Committee White Paper: 802.1x, WPA Wireless Requirements for Task Force funding

Campus Today, Future

i.
ii. iii. iv.

Friday meetings, wireless list

Map of current zones Planned future zones Support via the Campus Help Desk

v.

WAP registration

The University of Utah

Credits and Noteworthy Contributors

Joe Breen and CHPC. For the wonderful lab facilities and dealing with us every Friday. Chris Hessing and Terry Simons and the Library folk. For designing and pushing 802.1x and security in the wireless arena, willing to test out live networks for us to watch (Library 802.1x) Pankos Business Data Networks and Telecommunications, 5th edition Copyright 2005 Prentice-Hall 5G Wireless for the campus wide coverage maps Cisco for some great slides on wireless antennas and spectrum Wayne Peay and the Wireless working group. That has facilitated us to unite and develop many new ideas. To work on campus wide deployment of COMMON authentication look and feel

Steve Hess and OIT for the resources to deploy products like Perfigo campus wide.

The University of Utah

Huge Number of 802.11-Enabled Devices and Growing

HP iPAQ PDA Cisco 7920 Epson Printer

Sharp M25X Projector

HHP Barcode Scanner

Compaq Tablet PC

The University of Utah

PDAs Printers Projectors Tablet PCs Barcode scanners Custom devices for vertical markets: Healthcare Manufacturing Retail Restaurants
4

Market Realities

802.11b

Dominates

the installed base but not for sale much longer because of 802.11g

802.11g dominates sales today 802.11a is not thriving in the market 802.11n is under development

100 Fast

Mbps or more in the 5 GHz band

enough for video

The University of Utah

Antennas

Yaggi Dish Directional

Unidirectional
Hemispherical Toroidal Active Antennas

Energy beams
Mass transfer conversion Transporters

Anti matter nacelles and warp drive

The University of Utah

Omnidirectional and Directional Antennas

Dish Antenna Concentrates incoming and outgoing signals in a narrow range ----Must point at receiver Good for fixed subscribers

Omnidirectional Antenna Signal spreads as a sphere Rapid signal attenuation ----No need to point at receiver Good for mobile subscribers

The University of Utah

Wireless Propagation Problems

2. Electromagnetic Interference (EMI) from Other stations, Microwave ovens, etc. Direct Signal 4. Multipath Interference Reflected Signal Direct and reflected signals may cancel out 1. Attenuation: signal gets weaker with distance Blocking 3. Object Shadow Zone (Dead Spot)

Laptop

The University of Utah

Radio Channels
What

are they? Why do the collide? B/G Why are there only 3 distinct channels with 11 available? A Why are there 56 channels?

The University of Utah

Wireless Technologies
WAN
(Wide Area Network)

MAN
(Metropolitan Area Network)

LAN
(Local Area Network)

PAN
(Personal Area Network)
PAN Standards
Bluetooth 802.15.3

LAN
802.11

MAN
802.11 802.16 802.20 10-100+ Mbps

WAN
GSM, CDMA, Satellite

Speed

< 1 Mbps

11 to 54 Mbps

10 Kbps2 Mbps

Range
Applications

Short
Peer-to-Peer Device-to-Device

Medium
Enterprise Networks

Medium-Long
Last Mile Access

Long
Mobile Data Devices

The University of Utah

802.11 Wireless LAN Standards (Table)

802.11a, operating at a higher frequency, has more attenuation Than 802.11b 802.11g if 802.11g access 802.11b 802.11a 802.11g point serves an 802.11b station Not 11 Mbps 54 Mbps 54 Mbps Specified 6 Mbps 25 Mbps 25 Mbps 6 Mbps 12 Mbps 20 Mbps 12 Mbps 11 Mbps

Rated Speed Actual Throughput, 3m Actual Throughput, 30 m

The University of Utah

802.11 Wireless LAN Standards (Table)

802.11g if 802.11g access 802.11g point serves an 802.11b station 2.4 GHz 2.4 GHz

802.11b

802.11a

Unlicensed Band Number of NonOverlapping Channels

2.4 GHz

5 GHz

8 to 14 3 In future, 19 to 24

2.4 GHz non-overlapping channels are 1, 6, and 11

The University of Utah

Using Different Channels in Nearby Access Points

Access Point A Channel 1 OK Access Point B Channel 6 Interference Interference Access Point C Channel 6

OK

OK

Interference Access Point D Channel 6 Access Point E Channel 6

OK Access Point F Channel 11

The University of Utah

Radio spectrum types

Frequency

hopping Spread spectrum

The University of Utah

Normal Radio Transmission and Spread Spectrum Transmission

Why Spread Spectrum Transmission?

Commercial

spread spectrum transmission reduces certain propagation effects (multipath interference and narrowband EMI);

These typically occur over a narrow range of frequencies

With spread spectrum transmission, most of the signal will get through

Does

not provide security as in military spread spectrum systems (common misconception)

The University of Utah

Frequency Hopping
2.483 GHz 8

9
7 6

Frequency

4 3
1 2

2.400 GHz

Time

79 Channels, 1 MHz Each Changes frequency (Hops) at least every 0.4 seconds Synchronized hopping required

The University of Utah

Spread Spectrum Transmission Methods, Continued

Direct Sequence Spread Spectrum (DSSS) Wideband but Low-Intensity Signal

Signal is spread over the entire bandwidth of the wideband channel

The power per hertz at any frequency is very low Interference will harm some of the signal, but most of the signal will still get through and will be readable Used in 802.11b (11 Mbps)
The University of Utah

IEEE 802.11b Direct Sequence @Channels 2.4 GHz

1 2 3 4 5 6 7 8 9 10 11 12 13 14

2.402 GHz

2.483 GHz

Up to (14) 22 MHz wide channels

3 non-overlapping channels (1, 6,11 in US and 1,7,13 in Europe) Up to 11 Mbps data rate 3 Access Points can occupy the same space for a total of 33 Mbps aggregate throughput, but not on same radio card

The University of Utah

Frequency Hopping vs. Direct Sequence: A Summary on Interference Handling Frequency

Direct Sequence
3

2.4835 GHz

2.4835 GHz

Hopping

Channel 1

Frequency

Frequency

Interference
2.4 GHz

2.4 GHz

2 1

Channel 2

Channel 3

Time

FH system hops around interference

The University of Utah

Data may be decoded from redundant bits Can move to an alternate channel to avoid interference

Wireless Security

How? What? Where? When?

The University of Utah

Overview of Wireless Security Technologies

No Security by Default

In

older products, the installation default was to have no security at all

No Security

No Security

The University of Utah

WarChalking, WarDriving.

Automated Drive-By Hacking

Can

read traffic from outside the building walls Can also send malicious traffic into the network

The University of Utah

Standard WEP

Wired Equivalent Privacy (WEP)

Initial

flawed security method developed by the 802.11 Working Group for 802.11 devices stations share the same encryption key with the access point

All

This

key is rarely changed because of the difficulty of coordinating the many users sharing it
is a shared static key

This

The University of Utah

Standard WEP

Wired Equivalent Privacy (WEP)

Shared

static keys means that a large volume of traffic is encrypted with the same key so much traffic generated with one unchanging key, cryptanalysts can crack the key by collecting data for a few days the key is cracked, the attacker can read all messages and send attack messages into the network without going through a firewall filter

With

Once

The University of Utah

Standard WEP

Wired Equivalent Privacy (WEP)

Software

that automates the hacking process is widely available

Locate vulnerable access points by driving around (war driving)

Collect traffic and crack the key

The University of Utah

VPNs

Virtual Private Network (VPN)

VPNs

protect transmission over the untrusted Internet (Chapter 1) can also be used to protect transmission over the untrusted WLAN

VPNs

Effective

but complex and therefore expensive to

set up

The University of Utah

802.11i

802.11i Security

Later,

802.11 Working Group introduced strong security

802.11i

802.11i

specifies the Temporal Key Integrity Protocol (TKIP)

Each station gets a separate key for confidentiality This key is changed frequently

The University of Utah

801.11i

802.11i Security

802.11i

Specifies the Extensible Authentication Protocol (EAP)

Authentication involves a device proving its identity to another device Authenticate with an authentication server (Figure 5-17)

The University of Utah

Authentication Protocol (EAP)

2. Switch EAP Data 3. EAP Data Authentication is stored on an authentication server, not in access points This simplifies access points, making them cheaper Central authentication data is easier to manage and change Access Point A Notebook

Client PC Authentication Server Large Wired Ethernet LAN

The University of Utah

Authentication Protocol (EAP)

4. Switch

OK

Access Point A Accept

Notebook

OK

4. Client PC
Authentication Server Large Wired Ethernet LAN

If an OK is sent back, the access point may accept an association request from the client If a bad report is sent back, the access point may decline an association request from the client

The University of Utah

The University of Utah

802.11 continued

802.11i Security

Products

started becoming available soon?

Wireless Protected Access (WPA)

Stopgap

security method introduced before full 802.11i security could be developed some parts of 802.11i in 2002 and 2003

Introduced

It

was often possible to upgrade older WEP products to WPA

The University of Utah

Stronger Security

The Transition to Strong Security

We

will soon have a mix of no security, WEP, 802.11i, WPA, and other security protocols as strong as the weakest link

Only

Legacy

equipment that cannot be upgraded to 802.11i will have to be discarded is sometimes called WPA2)

(802.11i

The University of Utah

Security?

Rogue Access Points

Unauthorized

access points set up by department

or individual
Often

have very poor security, leaving a big opening for hackers operate at high power, attracting many clients to these access points with weak security

Often

The University of Utah

BlueTooth?
Where

did this come from? Why is it here?

The University of Utah

BlueTooth

Wireless standard for personal area networks (PANs)

Replace A few

wired connections devices that a person carries

A few

devices on a users desktop

The University of Utah

802.11 vs BlueTooth
802.11 Focus Bluetooth Local Area Network Personal Area (LAN) Network (PAN) 722 kbps with back channel of 56 kbps. May increase. 10 meters

11 Mbps to 54 Rated Speed Mbps (Actual Throughput in both directions Will Be Lower) Distance 30 to 100 meters

Number of Devices

Limited in practice only by bandwidth and traffic

10 piconets (PANs), each with up to 8 devices

The University of Utah

802.11 vs BlueTooth
802.11 Scalability Good because allows multiple access points Bluetooth Poor

Cost
Battery Drain Application Profiles

Higher
Higher No

Lower
Lower Yes

The University of Utah

Should I BlueTooth?

Bluetooth Application Profiles

Devices

with compatible application profiles (a printer and PC, for instance) can work together automatically useful; nothing like it in 802.11

Extremely However,

few application profiles have been

designed
Also,

most Bluetooth devices only implement a few application profiles

The University of Utah

The University of Utah

Whats up Next?
Here

comes the solution to everything

The University of Utah

Emerging WLAN Technologies

Fourth-Generation (4G) Stations

Stations

that can support multiple radio methods

802.11a, b, and g Bluetooth 3G cellular Etc.

Choose

the best mode for a situation

E.g., 802.11g when in reach of WLAN (fast & cheap) Expensive 3G when nothing else is available
The University of Utah

Mesh Networks

Access points and wireless NICs self-organize

Move

frames to desired receiver peer-to-peer

(P2P) Adjust signal power, etc. when an element fails or is turned off

The University of Utah

The Wireless Switch

Ethernet Switch Expensive Directly-Manageable Smart Access Point

Dumb Access Point

Management Console

WLAN Switch Dumb Access Point

WLAN switch has the management intelligence for multiple inexpensive dumb access points

The University of Utah

Wireless on Campus
What Where When Why

The University of Utah

Friday meeting @ CHPC

Every Friday at 10 am CHPC lab/conf room Talk about hardware Talk about software Put together proposals for ITAC and Wireless working groups Design and workout kinks in wireless networks on campus

Continue Radius mesh design and integration

Join the wireless groups mailing list for see news on this.

The University of Utah

Campus WIDE Wireless Coverage

The University of Utah

Student Task Force Wireless Requirements

Campus Wireless rollouts may be Task Force funded Requirements are

Adhere

to the Wireless Whitepaper policy Agree to adopt to changing wireless environments Provide secure.utah.edu for clients with an 802.1x supplicant Provide insecure.utah.edu for device that dont support 802.1x Request approved AP and wireless hardware Provide these wireless services to every student
The University of Utah

The University of Utah

Wireless Links
http://www.it.utah.edu/leadership/committees/wireless/index.html http://www.it.utah.edu/leadership/committees/wireless/index.html http://www.it.utah.edu/services/networking/wireless/index.html http://www.it.utah.edu/services/networking/wireless/index.html

The University of Utah

ALL Wireless Problems Solved

Everyone's

problems are solved Nothing more can ever happen

I'm

just done talking now..

The University of Utah