Wireless Network Protocols
Wireless Network
Adhoc自组织网络 piconet微微网 :
- Bluetooth
- a master and up to seven slave devices, located within 10m from the master, with data rate 400 to 700kbps
Wireless LAN:
- Wifi (IEEE 802.11)
- up to 100m coverage, with data rate 11 to 54Mbps
- analogous相似的 function to wired LAN
Cellular radio network 蜂窝无线网络:
- mobile phone network, with area of coverage divided into a large number of small cells
- (e.g.) GSM
Bluetooth
General characters
- operates at ISM (industrial, scientific, medical) band.
– 2.4GHz, no license required for use - 79 separate carrier frequencies within the ISM band
– hopping from one frequency to another in a pseudo伪 random order, at a rate of 1600 hops per second (slot time of 625µs per hop) 伪随机码控制载波跳变。接收端发送端都有相同的跳频发生器
– minimising interference干扰 from other users
– transmissions within 1,3 or 5 consecutive连续的 slots,可以在后面的传输图里看出来 - modulation bit rate of 1MHz, using the FSK
- system timing provided by the master’s clock, and shared by all slaves within a piconet
– unique hopping sequence determined by the master - named after Bluetooth, 10C king of Denmark/Norway
Topology
SS: standby slaves device 备用从设备。无法参与到微微网中来
AS: active slaves,最多7个可以在一个微微网中同时操作
PS: parked slaves 停驻的从属服务器。最多可以255个,不是活跃状态。master知道它的存在,可以被重新激活reactivated。
中间的那个AS可以是两边任何一个微微网的成员,但是not both。由于不同的随即跳变序列,多个微微网可以同时操作。
每个设备可以在任何时间转换角色变成master
Packet transmission
所有的从master到slave的传输都是双数的frequency slot,从slave到master则是单数的。
Frame format (contains packet type)
- access code (68bits): 一定会有信道(哪个微微网),设备(呼唤的slave)和下一个要接入的neighbor
preamble plus synchronization for
– channel access code: identification of the piconet (derived派生的 from the master address)
– device access code: paging the slave by the master
– inquiry查询 access code: searching address for the neighbor - packet header (54):
– active member address: identification of one of the seven active slaves (0 is reserved保留 for the broadcast packet)
– packet type (后面会提): data structure
– flow control: 1(stop transmission) or 0 (resume继续) for the ACL mode
– acknowledgement type: 1(ACK) or 0(NAK)
– error check on the header field - data field (0-2744):
– additional header, data
– error check on the data field (CRC)
Packet Type
- Synchronous connection oriented link 面向同步链接的链路 (SCO)
for speech and audio applications - asynchronous connectionless link 异步无连接链路 (ACL)
for general data applications - poll packet 轮询数据包
used by the master to poll slaves - hopping synchronization packet 跳频同步包
for clock and hopping sequence synchronization 时钟和跳频序列的同步 - acknowledgement packet 确认包
for error control scheme 差错控制方案
Link manager protocol 链路管理器协议
-
establishes links between devices.
transitions between standby, active, and park states
-
responsible for security, synchronization, power control, etc.
Service discovery protocol 服务发现协议
- determines available services within the piconet
- operates in a client-server mode
– searching function: to find a particular service
– browsing浏览 function: to discover available services
Application
communication between devices in a small area, that does not require high bandwidth.
– PC input/output devices: mouse, keyboard, printer
– game consoles 游戏机: Sony PlayStation3, Nintendo Wii
simply setup and advertises all services it provides, thus making services more accessible 简化设置并且公布了它所提供的所有服务,使得服务更容易访问
Wifi
General characters
- operates at 2.4GHz (ISM band)
– the ISM band is license free but congested (e.g., microwave oven, bluetooth)
– bit rate of 11Mbps (802.11b) and 54Mbps (802.11g)
– coverage of up to 100 meters - consists of an access point (AP) and clients
– shares the same protocol above the MAC layer so that WiFi can work together with Ethernet
– cannot detect collision, instead relies on an < ACK > packet (i.e., retransmission if no acknowledgement is returned within a predefined time). - WiFi for ‘wireless fidelity’ 无线保真度、
Benefits:
- access network from convenient locations (wherever you want to)
- wireless LAN requires a single access point only, while traditional wired network needs physical cables which sometimes could be not possible
- cheaper than wired network, no need of cables and labor 劳动力
Disadvantages:
- poor quality antenna of the network card needs to be compensated by a powerful transceiver (网卡的劣质天线需要用一个强大的收发器来补偿)
- typical range with standard equipment is up to 100m. may not cover a large structure
- wireless signals will be influenced by interference and complex propagation effect. So important network resources like server, are rarely connected wirelessly
- slow (up to100Mbps) than wired networks (at least 100Mbps)
- security problems: hackers only need a good quality antenna, rather than physical limitation of tapping (窃听) into a real wire
Data flow Topology
CSMA/CA ( Carrier Sense Multiple Access / collision avoidance)
- a node listens the activity of the channel
- previous transmission is completed, all nodes wait for random number of slots (contention window)
– less slots, more chance to collision; more slots, longer delay
– basic idea is to prevent collision at the moment they are most likely to occur 在敌人最容易出现的地方驻守 - a node starts transmission
- a node waits for an < ACK > signal (packet received successfully)
Problems in the wireless channel:
- unable to use collision detection (CD): wireless LANs cannot see any signal but its own
- a hidden node: a node A, in the range of B but not C, cannot know whether C is transmitting to B
CSMA/CA with RTS/CTS:
- exchange of
– a request to send (RTS) packet by the sender
– a clear to send (CTS) by the intended预定的 receiver - alerting all nodes within the range to keep quiet for the duration of the main packet
Frame format
- frame control:
protocol version
– type: data (10), management (00), control (01).
– subtype: data (0000), RTS (1011), CTS (1100), ACK (1001).
– more fragments片段: set to 1, if another fragment of the frame is to follow.接下来是另一片段
– more data: set to 1, if there is more data to send after this frame.
– retry: set to 1, if the frame is a retransmission of the earlier frame.
– power management: set to 1 after the successful transmission, if the node goes into power save mode. - duration: indicates the frame length in microseconds.
- address 1−4: source and destination addresses, etc.
WiFi protected access (WPA) Wifi 保护访问
- RC4 stream cipher RC4流密码
- 128bit key/48 bit initialization vector
- enterprise mode企业模式: different keys to each other
pre-shared key mode: same pass to all users - temporal key integrity protocol (TKIP) 临时密钥完整性协议 to change keys dynamically as the system is used
- message integrity code (MIC) 信息完整性代码, prevent replay attacks
replay attack: a valid data transmission is captured捕获 and fraudulently欺诈性地 repeated in the later session, which can be prevented by using a one-time token
Application
full scale尺度 network connection
- uses the same ISM band as Bluetooth, but with higher power (i.e., wider range) and faster connection
- requires formal configuration配置 to set up links, transmit data, and share resources.
GSM (global system for mobile communication)
General characters
- 2nd generation of digital cellular radio network 第二代数字蜂窝无线网络
- handset手机 or mobile station (MS) searching for vicinity邻近 cells to connect network 通过搜索附近的cell连接网络
- 900 or 1800MHz band, maximum transmission powers 1 or 2 watts by handsets
- cell radius : few hundred meters (town centre) up to 35 kilometers (rural area)
- data rate 9.6 and 14.4 kbps
- moderate中等 level of service security
a pre-shared key and challenge-response
A5/1, A5/2 and A5/3 stream ciphers
Topology
MS: mobile station
BTS: base transceiver station
BSC: base station controller
MSC: mobile switching centre
radio subsystem:
- MS: user device
SIM (subscriber identity module)用户识别模块 holds the user specific data required for the network - BTS contains radio equipment that enables an MS to access the network
radio mast天线杆, antenna, transmitter, receiver - BSC allocates frequencies to BTS’s, and implements the handover移交 procedure as an MS moves from one cell to another
network subsystem:
- MSC connects the radio subsystem to the standard fixed networks
MSC sets up and releases the connection, handles mobility and handover requirements during the call
operation system
- operation and maintenance centre monitors and controls the network
traffic monitoring
status report
security management
accounting and billing information - authentication centre contains algorithms for authentication and the keys for encryption加密
SIM (subscriber identity module)用户模块识别
- SIM card
- detachable可拆卸, store the subscription information and phone book securely
- identify and authenticate the subscriber on MS
- keep the information after replacing handsets
- allow users to change operators运营商 just by changing SIM 而保留手机
SIM locking: some operators may block SIM by allowing a phone to use only one SIM or just their SIMs
Handover
- most basic form: when a phone call in progress is redirected from its current cell to a new cell
- switching from one cell frequency to a different cell frequency will be no interruption中断 since it is done electronically
- break-before-make: never release the current cell until engage the new cell. time is very short and not perceptible察觉的
除非接上新的,旧的不会断。时间很短 - make-before-break: current source cell channel and the channel in target cell will be used in parallel for a while. so the chance is small that handover failed the call terminated终止
两个信道一起用一段时间。因此移交失败而终止的可能性很小
Service security
- subscriber authentication: using pre-shared key and challenge-response
MSC (mobile switching centre) prepare a 128-bit random challenge (RAND), which is sent to BTS, then to MS; MS returns a 32-bit matching signed response (SRES) to the BTS, then verified at MSC; BTS also verifies 64bits session keys received from MSC and from MS
MSC—(random challenge)—>BTS—(random challenge)—>MS
MS return—(signed response)—>BTS—(signed response)—>MSC verifies
MS—(session keys)—>BTS virifies<—(session keys)—MSC - message encryption with A5 stream ciphers
A5/1 (used in Europe, US) is stronger than A5/2
possible to break A5/2 in realtime
supports multiple algorithms — operators may replace that cipher with a stronger one