Network Access Layer (2): Wireless Mobile LAN Technologies

Abstract

The days when access to the Internet was only possible from the home or office via a wired computer are long gone. For several years now, mobility has been the primary focus, whether it be using a laptop to access the company network while on the go or reading emails on a cell phone. This unlimited availability has been enabled by mobile communication technologies that make the normal LAN accessible anywhere. And all this without having to worry about bothersome cabling management. The wireless LAN (or WLAN) provides us today with a performance comparable to wired LAN technology. But this new found freedom is not without its darker side. With wired network technologies, unauthorized intruders and attackers had been forced to first gain physical access to the foreign network before intrusion could be carried out. The WLAN of today does away with fixed structural borders and can be received barrier-free by everyone within its transmission radius. This has made security technologies and encryption techniques inseparable with wireless network technologies. The present chapter introduces the foundations of the WLAN technology and will also look at the necessary security standards and encryption methods that allow the secure implementation of wireless technology. In addition to WLANs, close range networks, so-called Personal Area Networks (PANs), are gaining increasing importance. These have the capability of linking devices autonomously and wirelessly within the radius of only a few meters. Prominent examples of PAN technologies––Bluetooth and ZigBee––will be examined in detail.

“Such a crowd I’d like to see, stand on free soil among a people free.”

—Johann Wolfgang von Goethe, Faust II

Glossary

Ad hoc network

Radio network in which two or more subscribers are connected and configured to a meshed network. There is no fixed infrastructure necessary in the form of a stationary access point.

Authentication

Serves to establish the identity of a user. In authentication certificates of a trusted third instance are used for identification verification. For verification of message integrity, digital signatures are created and sent with it.

Beacon data packet (beacon frame)

An active WLAN makes itself known by sending out a beacon data packet. A beacon data packet contains all relevant information for connection establishment to the WLAN.

Broadcast

A broadcast transmission is a simultaneous transmission from one point to all participants. Classic broadcast applications are radio and television.

Computer network

A computer network offers autonomous computer systems, which each have their own storage, periphery and computation capacity, and are connected to the network, the infrastructure for data exchange. Because all subscribers are linked with one another, the computer network offers each participant the possibility to get into contact with all other subscribers.

Cryptography

Sub-area of computer science and mathematics that deals with the construction and evaluation of encryption methods. The goal of cryptography focuses on protecting confidential information and preventing unauthorized third parties from gaining access to it.

CSMA (Carrier Sense Multiple Access)

Access method in which a computer monitors a transmission channel (carrier sensing) and only proceeds with transmission when a channel is free

CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance)

A CSMA access procedure that attempts to avoid the collision of data packets, by exchanging a short packet between the sender and receiver prior to transmission of the data packet. This informs the computers within the network segments concerned about the length of the impending data transmission. It thus prompts them to discontinue their activities for this time. A simple representative of this protocol family is the MACA protocol (Multiple Access Collision Avoid), which is employed in the area of mobile communication.

CSMA/CD (Carrier Sense Multiple Access/Collision Detection)

In case of a collison, this CSMA access method detects it, stops transmission and waits a randomly selected period before carrying out further transmissions.

Denial-of-Service (DoS)

An attack in Internet with the intention of overloading the victim’s system through targeted manipulation. The system is overloaded to such an extent that it is no longer in a position to carry out regular communication tasks, or fails completely.

Directional radio

Directional radio is understood as the transmission of electromagnetic waves with bundling, sharp-focusing antennas, simply called directional antennas.

IEEE

The Institute of Electrical and Electronical Engineering, or “ I-triple-E” for short, is an international organization of engineers with its head office in the USA. There are currently approx. 350,000 engineers in the IEEE from a good 150 different countries. The main task of the IEEE is the development, discussion, adoption and ratification of standards in the network area. The working group IEEE 802 is responsible for the standardization of LAN technologies.

ISM frequency band

Frequency area that was originally reserved for use in the fields of industrial, scientific and medical bands and is now used for radio-based, wireless data communication networks, e.g., for WLANs and Bluetooth, both of which work in the 2.45 GHz frequency band.

Man-in-the-middle attack

An attack on a secure connection between two communication partners. Here, the attacker intercepts the communication between the two communication partners (man-in-the-middle) or impersonates each endpoint without being noticed.

Medium Access Control (MAC)

A lower sublayer of the data link layer in the TCP/IP reference model. Here, access is controlled on a shared transmission medium. This forms the interface between the physical layer and the LLC sublayer.

Mesh topology

A special form of network topology in which each terminal is connected with one or several other terminals. Information is forwarded from one network node to another until it reaches its goal. In the case of failure of a network node or a line, it is possible as a rule to communicate the data further through routing.

Modulation

Modulation in telecommunication describes a procedure in which a user signal (data) to be transmitted changes (modulates) a normally higher frequency carrier signal. In this way, transmission of the user signal over the carrier signal is made possible.

Multicast

A multicast transmission corresponds to a broadcast sent to a limited group of participants. It is thus a simultaneous transmission made from one point to a specific circle of network subscribers.

Multiple access

One speaks of multiple access when network devices share a common communication channel in a network.

Packet switching

The primary method of communication in digital networks. Here, the message is separated into individual data packets of a fixed size and transmitted—independent of each other—from the transmitter to the receiver, via possibly existing exchanges. A distinction is made between connection-oriented and connectionless packet switching networks (datagram network). In connection-oriented packet switching networks, a connection is established in the network over fixed chosen exchanges before the start of actual data transmission. In contrast, a fixed connection path is not chosen in connectionless packet switching networks.

Parking lot attack

Attack on a wireless network in which an unauthorized party attempts to gain access to a network by intercepting the periodically sent beacon data packets by means of a mobile antenna (often from a car window in the parking lot of a company).

Pure ALOHA

Access method in which every connected computer transmits its data when needed, without listening to the transmission channel. If a collision occurs, the transmission is interrupted and starts again after expiration of a randomly selected time interval.

Roaming

Designation for the ability of a radio network subscriber to transmit and receive data in a foreign network (cells), meaning other than its home network.

Slotted ALOHA

ALOHA access method in which the time axis is divided into fixed intervals (slots). The length of a data packet transmission may not exceed the length of a slot. A computer must always wait until the beginning of a new slot until it is allowed to start its transmission.

Snifing

Attack variation in a computer network in which a special software, or hardware (packet snifier) is implemented. It has the ability to receive the data traffic of a network, as well as to record, represent and sometimes even analyze it.

Throughput

This is a measurement for the performance ability of a communication system. Processed or transmitted messages/data are measured within a specific time span. The throughput is calculated from the quotient of the error-free transmitted data bits and the sum of all transmitted bits within a fixed time duration. It is expressed in e.g., bit/s or data packets.

Topology

The topology of a computer network is understood as the geometric form of the distribution of individual computer nodes within the network. Widespread topologies for computer networks are: bus topology, ring topology, mesh topology and star topology.