Fundamentals of IEEE 802.11 Standards

Fundamentals of IEEE 802.11 Standards
Wireless LAN systems [472, 473, 481, 489] are different from wired LANs for a variety of reasons.
The addressing schemes (and hence the contents of frames) must take into account the mobility of
the network nodes, the PHY have to cope with the lower range and reliability of wireless media
(WM), and the MAC sublayers have to ensure that these adjustments are presented to every higher
layer (from the logical link layer on up) as a “generic” 802.11 LAN would. While one can easily
draw the architecture of a wired LAN, for wireless PHYs, well-defined coverage areas simply do not
exist. Propagation characteristics are dynamic and unpredictable (see Figure 4.2). Small changes in
position or direction may result in dramatic differences in signal strength. Similar effects occur whether
a station (STA) is stationary or mobile (as moving objects may impact station-to-station propagation).
The shapes used in IEEE WLAN architecture drawings are there as a matter of convenience. In
reality, the boundaries of WLANs are not well-defined from one moment to the next, mostly due to
the mobility of the nodes (the addressable units of the WLAN).
In IEEE 802.11, the addressable unit is a STA. The STA is a message destination, but not (in
general) a fixed location, as would be the case in a wired LAN. MAC frames are adjusted to take this
change into account. The IEEE makes these observations about 802.11 PHYs, noting that they (a) Use
a medium that has neither absolute nor readily observable boundaries outside of which stations with
conformal PHY transceivers are known to be unable to receive network frames; (b) Are unprotected
from outside signals; (c) Communicate over a medium significantly less reliable than wired PHYs;
(d) Have dynamic topologies; (e) Lack full connectivity, and therefore the assumption normally made
that every STA can hear every other STA is invalid (i.e., STAs may be “hidden” from each other);
(f) Have time-varying and asymmetric propagation properties [452].  Additionally, the specifications for the 802.11 PHYs must allow for both portable and mobile
stations. Portable stations may change location from one access time to another, but mobile stations
access the network while they are moving. Furthermore, the design of the PHYs recognizes that there
is no guarantee that a particular station will be powered up at any particular time [452].
The architectural components of an 802.11 network include STA, basic service sets (BSSs),
distribution systems (DS), WM, distribution system media (DSM), access points (AP) (also known
as base stations), extended service sets (ESS), and portals, as shown in Figure 4.2 [452].
Stations are addressable units in a network and can be clients or servers. While it is possible for
two personal computers to communicate with one another directly via a wireless connection, in a
wireless LAN a personal computer is more likely to connect with a base station (or AP) for access
to the rest of the network. Personal computers and personal digital assistants (PDAs) are the most
common types of stations in a WLAN [453].
A BSS is the fundamental set of devices in a WLAN, and can comprise as few as two stations. The
IEEE 802.11 (1999) documentation also uses the term BSS loosely to mean the coverage area within
which the member stations of the BSS may remain in communication, allowing for the notion that a
station can move “out” of its BSS, where it can no longer directly communicate with other members
of the BSS [452]. An independent basic service set (IBSS) is possible if stations can communicate
directly with one another. When an IBSS is created dynamically, for temporary use, it is referred to
as an ad hoc network. If a station is a member of the infrastructure of a BSS, it is “associated” with
the BSS by means of a distribution system service (DSS), which is discussed next. The associations
are permitted to be dynamic, since stations come into and move out of range of the BSS, and can be
turned off and back on [452].
A DS (not to be confused with a DSS) is the architectural element used to connect BSSs with
one another. The DS maps addresses to actual destinations for mobile devices in multiple BSSs. In
this type of architecture, the BSSs are not independent, but are components in a larger, extended
network. The DS uses DSM, while the BSSs use what is referred to as WM. The terms are kept
distinct because DSM and WM perform different jobs in the logical view of WLAN architecture.
However, there is no IEEE “rule” that says the media used must be different if employed as DSM
or WM. That is to say, one can use the same medium to perform both logical jobs (but, to allow for flexibility, one does not have to). The documentation expressly states that the IEEE 802.11 LAN
architecture is specified independently of the physical characteristics of any specific implementation.
APs are stations that provide DS services. Since they are stations, they are addressable. APs
connect STAs with their LAN. Administrators set parameters for APs, including the name of the
wireless network, the channel used by the AP, and which Wired Equivalent Privacy (WEP) key is
employed by the network for security [453]. Wireless networks use encryption to protect transmitted
data from eavesdroppers – the data is usually sent over open airwaves – and WEP keys are one way
to facilitate encryption and decryption. (As discussed in Section 4.3, WEP technology is vulnerable
to crackers.) In short, data moves from STAs in a BSS, via an AP, to the DS, and vice versa.
When you use an AP to combine a DS, one or more BSSs, and potentially one or more LANs,
the resulting network is called an ESS [453]. The IEEE 802.11 DS and BSSs allow IEEE 802.11 to
create a wireless network of arbitrary size and complexity. The key concept is that the ESS network
appears the same to an LLC layer as an IBSS network, and mobile stations may move from one BSS
to another (within the same ESS) transparent to the LLC [452].
In an ESS, all of the following are possible. (a) The BSSs may partially overlap. This is commonly
used to arrange contiguous coverage within a physical volume. (b) The BSSs could be physically
disjointed. Logically there is no limit to the distance between BSSs. (c) The BSSs may be physically
collocated. This may be done to provide redundancy. (d) One (or more) IBSS or ESS networks may
be physically present in the same space as one (or more) ESS network(s). This may occur for a
number of reasons. Two of the most common are when an ad hoc network is operating in a location
that also has an ESS network, and when physically overlapping IEEE 802.11 networks have been set
up by different organizations [452].
The last of the logical architectural units in an IEEE WLAN is the portal, which connects a
traditional wired LAN to the 802.11 WLAN. The device acting as a portal can also act as an AP
[452]. In very simple terms, a portal is the point where a wire (or cable) from a wired LAN meets
a device on the wireless LAN that can read from the portal wire and transmit to the WLAN via its
radio (or its wireless medium of choice). Needless to say, if no device on the WLAN is connected
by wire to a wired LAN, then communication between the two networks will not take place (see
Figure 4.3). Now that we are talking about joining wireless networks to other LANs, it is necessary to adopt
the convention that IEEE uses to portray this concept in the 802.11 standards. In the first place, the
DSS used by the joined networks do not have to be the same; in fact, IEEE 802.11 explicitly does
not specify the details of DS implementations. Instead, IEEE 802.11 specifies services. The MAC
sublayer of the WLAN utilizes these services while connecting the STAs on the network and to
protect the data they wish to exchange. The services are divided into two categories: Services that are
provided by every STA are called station services (SS), and services that are part of a DS are DSS, like
the association of STAs to the infrastructure of a BSS mentioned above. The SSs are authentication
(including preauthentication), deauthentication, privacy, and MAC service data unit (MSDU) delivery.
Since APs are also STAs, APs provide SSs. APs also provide the DSSs; the DS accesses its DSSs
from the APs. The DSSs are association, disassociation, distribution, integration, and reassociation
(as shown in Figure 4.4). In the drawings included with the IEEE 802.11 documentation, DSSs are
represented by arrows inside APs, and SSs are depicted as arrows between STAs [452].
IBSS networks do not have a physical DS and therefore must approach the provision of services
different from the way in which ESSs do. Simply put, IBSS networks cannot provide the DSSs. The
following descriptions of the SSs and DSSs assume a full-fledged ESS is in place.
Service 1: MSDU delivery: Networks are not much use without the ability to get the data to the
recipient. Stations provide the MSDU delivery service, which is responsible for getting the data to
the actual endpoint [456].
Service 2: Distribution: This is the primary service used by IEEE 802.11 STAs. It is conceptually
invoked by every data message to or from an IEEE 802.11 STA operating in an ESS (when the frame
is sent via the DS). Distribution is via a DSS [452]. When two BSSs are part of an ESS, STAs from
the first BSS transmit messages to STAs in the second BSS via their respective APs, which communicate
with each other via the DS. The IEEE 802.11 documentation refers to its Figure 7 and offers the example of STA 1 in that drawing, a unit in BSS 1, sending a transmission to STA 4 in BSS 2.
The two BSSs contain APs that are connected by the DS of the overall ESS. When STA 1 sends its
message, the data first travels to BSS 1’s AP. The AP forwards the data to the distribution service
of the DS, and the distribution service maintained by the DS passes the data to the next appropriate
recipient–in this case, BSS 2’s AP. Once “inside” BSS 2, the data is forwarded to STA 4, their ultimate
destination [452]. It must be stressed that any communication that uses an AP travels through
the distribution service, including communications between two mobile stations associated with the
same AP [456]. The DS makes use of its association-related services (the association, reassociation,
and disassociation services) to gather the information necessary for the distribution system to locate
the appropriate AP to receive a message being passed, as shown in Figure 4.4.
Service 3: Integration: If the distribution service finds that the appropriate next recipient of a
message should be a portal, then the DS will activate the integration service. This service does
whatever is needed to make the message compatible with the wire/cable/fiber that the portal will
transmit on. The integration service is also called upon in the reverse situation – when a portal is
passing a message to the DS – to make the message compatible with the wireless medium employed
by the DS. This occurs before the message is handled by the distribution system. The IEEE 802.11
standard leaves the implementation of whatever is needed up to the DS implementers. (Implementation
of the DS is outside the standards’ scope.)
Service 4: Association: The association, reassociation, and disassociation services all ensure that
the distribution service can do its job, which is to determine the next appropriate AP that a message
needs to go to. These three services provide the DS with a mapping of the network’s STAs to its
APs. One STA can map to only one AP, but an AP may be mapped to several STAs. On a wired
network this information can be keyed by an operator into a table and stored in a read-only format.
On a wireless network, however, the mapping is dynamic because the STAs are mobile and the APs
have limited ranges. The STAs are also fickle – they power down without bothering to inform the
network’s DS, or move out of range of the network entirely. A multitude of APs can improve the
chance that a moving STA will remain within a network’s transmission limits, but this scenario brings
up another complication – how to maintain the DS’s current “map” so that a STA is affiliated with
only one of the network’s APs (presumably the one with the strongest signal to the STA).
Before any STA can transmit messages on a network via a network AP, it must “join” the network.
The term used by IEEE for this “joining” is association, and a STA that has “joined” a network has
become associated with an AP on the network, in IEEE parlance. The actor in the network that
accomplishes this joining is the DS’s association service. It is invoked by an unassociated mobile
STA when that STA requests association with an AP on the network (this is managed in the MAC
sublayer). The DS stores the association – the STA-to-AP mapping – for use by the distribution
service, and the STA is on the network.
Service 5: Reassociation: When an already-associated mobile STA moves and discovers the need
to become associated with a different AP on the network, the reassociation service is invoked. Reassociations
are initiated by mobile stations when signal conditions indicate that a different association
would be beneficial. They are never initiated by the AP [456]. The reassociation service updates the
DS’s STA-to-AP map, and the distribution service has up-to-date information at its disposal.
Service 6: Disassociation: When a “polite” STA wishes to terminate its association, it calls upon
the disassociation service, which removes data about the terminating association from the DS’s map.
“Impolite” STAs ignore this courtesy, abandon their APs, and the network relies on functions of the
MAC sublayer to deal with the departed STAs’ information. Disassociation can also be initiated by
the partner AP (perhaps because the AP is leaving the network for maintenance service). Neither
party can refuse disassociation – it is a notification, not a request.
Service 7: Authentication (and Preauthentication): IEEE 802.11 does not mandate the use of
any particular authentication scheme, but it supports several authentication processes and allows
the expansion of the supported authentication schemes. In both ESS and IBSS networks, before an
association can be established, all STAs must confirm their identity. On a network with established associations, transmitting STAs must have authenticated themselves to the next logical destination
STA – but a STA from which a message originates does not necessarily need to authenticate itself to
the final destination STA. APs can be authenticated to numerous STAs at the same time.
Two authentication schemes are given in the 802.11 standards documentation: Shared Key and
Open System authentication. On a Shared Key network, a secret encryption key is used for a STA
to demonstrate that it has the right to be on the network. In this case the network must implement
the optional WEP option. On an Open System network, any STA may become authenticated, but this
may violate implicit assumptions made by higher network layers [452]. The authentication schemes
are discussed in the Section 4.3.1, and WEP’s vulnerability is covered in Section 4.3.
Preauthentication is a special case. It is also performed by the authentication service. Since STAs
are mobile, they may need to reassociate with new APs at any moment, but they must be authenticated
to the new AP before the new association is established, and authentication takes time. A STA can
be preauthenticated with APs other than the one they are already associated with, to save time when
they need to reassociate to another AP.
Service 8: Deauthentication: Deauthentication terminates an authenticated relationship. Because
authentication is needed before network use is authorized, a side effect of deauthentication is the termination
of any current association [456]. As with disassociation, deauthentication is not a request, it is
a notification, and either partner in a mobile STA-AP relationship may call upon the deauthentication
service – it is an SS. Deauthentication cannot be refused.
Service 9: Privacy: Even if an unauthenticated STA has no permission to send and receive messages
on a network, if it is 802.11-compliant, it can hear them. For this reason, messages sent via the
WM should be encrypted to be more secure. To this end, the optional WEP policy can be used by the
privacy service for data encryption. Since the privacy service is an SS, all STA can invoke it. If, for
some reason, unencrypted data frames arrive at a station configured to expect encrypted data, those
frames are discarded and the LLC is not informed. They are acknowledged, however, to save the bandwidth
that would be used to send duplicate frames in a Negative ACK (NACK) situation. The same is
true when encrypted data arrive at a STA that does not have the appropriate key to decrypt them [452].
Again, it should be noted that WEP is not ironclad security – in fact, it has been proven recently
that breaking WEP is easily within the capabilities of any laptop [456]. More details will be given
in Section 4.3.
Before turning to address the way that ad hoc networks provide these services, some characterization
of the 802.11 frame types is discussed. Frames are categorized as Class 1, Class 2, and Class
3 frames, and STAs are restricted as to which frame type they can send, on the basis of their authentication/
association status. A STA has the status “State 1” if it is unauthenticated and unassociated
with the network. A “State 2” STA is authenticated, but not associated, and a “State 3” STA is both
authenticated and associated. A State 1 STA can send Class 1 frames, State 2 STAs can send Class 1
and 2 frames, and State 3 STAs can send any type of frame. The states are summarized in the 802.11
documentation’s Figure 8 and shown in the Figure 4.5.
The 802.11 definitions of which kinds of frames (data, management, etc.) are considered to be
of Class 1, 2, or 3, are listed in Tables 4.3, 4.4, and 4.5, respectively.
If STA A receives a Class 2 frame with a unicast address in the Address 1 field from STA B that
is not authenticated with STA A, STA A should send a deauthentication frame to STA B.
If STA A receives a Class 3 frame with a unicast address in the Address 1 field from STA B that
is authenticated but not associated with STA A, STA A should send a disassociation frame to STA B.
This is an AP (STA A) receiving an illegal frame from a mobile, unassociated STA (STA B). The AP
in this situation explicitly informs the mobile STA that it is not associated, and only has permission
to send class 1 and 2 frames. In effect, the mobile STA is told that its status is presently State 2 [452].
If STA A receives a Class 3 frame with a unicast address in the Address 1 field from STA B that
is not authenticated with STA A, STA A should send a deauthentication frame to STA B [452]. In
this case, the AP receives an illegal frame from a STA that is not even authenticated, and tells the
STA that its status is State 1 [456]. The descriptions of the services (SS and DSS) presented above assumed that the network using
them was an infrastructure ESS, with APs to provide the DSSs and a physical DS. IBSS networks
do not have a DS and cannot support the DSSs, and in an IBSS, only frames of classes 1 and 2 are
allowed [452].