Module 1

19EEC342
Wireless Communication Networks

Dr.M.Sashiganth

Department of EECE,
GITAM School of Technology,
mail-id: smurugan@gitam.edu

December 5, 2022
Overview
1 Wireless LAN Technology
2 Wireless LAN Requirements
3 IEEE Protocol Layers
4 IEEE 802.11 Architecture
5 IEEE 802.11 Services
6 IEEE 802.11 Medium Access Control
IEEE 802.11 MAC Access Timing
MAC protocol data unit- MPDU
Frame Control Field
7 IEEE 802.11 Physical Layer
8 Gigabit WiFi
IEEE 802.11ac
IEEE 802.11ad
9 Other IEEE Standards
10 IEEE 802.11 Wireless LAN Security
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 2 / 75
Introduction to Wireless LAN Technology

Wireless LANs (WLANs) uses wireless transmisson medium.There is a

backbone wired LAN,such as Ethernet, that supports servers,
workstations, and one or more bridges or routers to link with other
networks.
In addition, there is a control module (CM) that acts as an interface
to a wireless LAN.
The control module includes either bridge or router functionality to
link the wireless LAN to the backbone.
It includes some sort of access control logic, such as a polling or
token passing scheme, to regulate the access from the end systems.
Note that some of the end systems are stand- alone devices, such as a
workstation or a server. Hubs or other user modules (UMs) that
control a number of stations off a wired LAN may also be part of the
wireless LAN configuration.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 3 / 75

Single Cell Wireless LAN Configuration

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 4 / 75

Multiple cell-Wireless LAN Configuration

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 5 / 75

Contd..

Single-cell wireless LAN- All of the wireless end systems are within
the range of a single control module. This may be true of a small
office or a home.
Another common configuration is a Multiple-cell wireless LAN .
In this case, there are multiple control modules interconnected by a
wired LAN. Each control module supports a number of wireless end
systems within its transmission range.
For example, with IEEE 802.11ad WLAN, transmission is limited to a
single room due to its use of 60 GHz frequencies; therefore, one cell is
needed for each room in an office building that requires wireless
support..

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 6 / 75

Ad Hoc Wireless LAN Configuration

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 7 / 75

Contd..

An ad hoc network is a peer-to-peer network (no centralized server)

set up temporarily to meet some immediate need. For example, a
group of devices in a home may connect to share multimedia content.
This may be a temporary network just for the duration of the
multimedia session.
A peer collection of stations within the range of each other may
dynamically configure themselves into a temporary network.
WLANs can provide a wireless connectivity for an ad hoc network, as
may Bluetooth, ZigBee, and other technologies depending on range,
throughput, and power requirements.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 8 / 75

Motivation to Wireless LAN
Cellular data offloading-The spectrum available in mobile cellular
networks is limited and costly to consumers. Mobile devices such as
smartphones, laptops,and tablets can use higher capacity WLANs.
This is especially helpful in high density locations such as shopping
malls, enterprises, universities, and even sporting venues.
Sync/file transfer-Multi-gigabit Wi-Fi(Wireless Fidelity) allows
synchronization between devices 10 times faster than previous Wi-Fi.
For example, this eliminates the need to use cables to synchronize
mobile devices.
Internet Access- Multi-gigabit Wi-Fi enables faster Internet access,
eliminating any significant bottlenecks from the WLAN.
Multimedia Streaming-Streaming uncompressed video can require 3
Gbps,and streaming of compressed video has issues of quality and
latency. Wi-Fican be more suitable than other proposed wireless
approaches because of its larger deployment, user awareness, support
for IP networking, ease ofconnection, and standardized security
mechanism.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 9 / 75
Wireless LAN Requirements
A WLAN must meet the same sort of requirements typical of any LAN,
including high capacity, ability to cover short distances, full connectivity
among attached stations and broadcast capability.
Throughput-The medium access control (MAC) protocol should
make as efficient use as possible of the wireless medium to maximize
capacity.
Number of nodes-WLANs may need to support hundreds of nodes
across multiple cells.
Connection to backbone LAN- In most cases, interconnection with
stations on a wired backbone LAN is required. For infrastructure
WLANs, this is easily accomplished through the use of control
modules that connect to both types of LANs. There may also need to
be accommodation for mobile users with ad hoc wireless networks.
Service area A typical coverage area for a WLAN has a diameter of
100 to 300 m.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 10 / 75
Contd..

Battery power consumption-Mobile workers use battery-powered

smartphones,tablets, and workstations that need to have a long
battery life.
This suggests that a MAC protocol that requires mobile nodes to
monitor access points constantly or engage in frequent handshakes
with a base station is inappropriate.
Typical WLAN implementations have features to reduce power
consumption, such as sleep modes, while not using the network.
Transmission robustness and security - Unless properly designed,
a WLAN may be especially vulnerable to interference and network
eavesdropping. The design of a WLAN must permit reliable
transmission even in a noisy environment and should provide security
from eavesdropping.
Handoff/roaming-The MAC protocol used in the WLAN should
enable mobile stations to move from one cell to another.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 11 / 75
Contd..

Collocated network operation - It is common for two or more

wireless LANs to operate in the same area or in some area where
interference between the WLANs is possible. Such interference may
thwart the normal operation of a MAC algorithm and may allow
unauthorized access to a particular WLAN.
License-free operation - Users need to buy and operate WLAN
products without having to secure a license for the frequency band
used by the WLAN.
Dynamic configuration- The MAC addressing and network
management aspects of the WLAN should permit dynamic and
automated addition, deletion,and relocation of end systems without
disruption to other users.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 12 / 75

IEEE Protocol Layers
ÿ5
7

745694

039694
&&&ÿ'()
5
334 7

639 %
762
9573 ÿ"45
5533ÿ049
9 #0$
#ÿÿ$ #ÿÿ$ #ÿÿ$
4567ÿ4 ÿ97
8696ÿ4 4ÿ5533
97 5
01234567ÿ762ÿ5! 
01234567 "5ÿ5 &&&ÿ'()
01234567ÿ4 9663
9
4 4

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 13 / 75

Contd..

This architecture was developed by the IEEE 802 committee and has been
adopted by all organizations working on the specification of LAN
standards.
The physical layer of the OSI model and includes such functions as
Encoding/decoding of signals (e.g., PSK, QAM, etc.).
Preamble generation/removal (for synchronization)-
Bit transmission/reception

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 14 / 75

Contd..

In the case of IEEE 802.11, two sublayers are defined:

Physical layer convergence procedure (PLCP): Defines a method
of mapping 802.11 MAC layer protocol data units (MPDUs) into
a framing format suitable for sending and receiving user data and
management information between two or more stations using the
associated PMD sublayer.
Physical medium dependent (PMD) sublayer: Defines the
characteristics of, and method of transmitting and receiving, user
data through a wireless medium between two or more stations.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 15 / 75

Logical Link and Medium Accesss Control

The logical layer of the OSI model and includes such functions as
On transmission, assemble data into a frame with address and error
detection fields.
On reception, disassemble frame and perform address recognition and
error detection.
Govern access to the LAN transmission medium.- Medium Access
Control
Provide an interface to higher layers and perform flow and error
control-Logical Link Control

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 16 / 75

Relationship between Levels of Architecture

01123456378ÿ565 01123456378ÿ25

5 ÿ25

 ÿ25
5


5  ÿ25

0 0
5 6532 0 ÿ25

ÿ86
ÿ5655
 ÿ1767472ÿ565ÿ836
0 ÿ5

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 17 / 75

Contd..

Higher-level data are passed down to LLC, which appends control

information as a header, creating an LLC protocol data unit
(PDU).
This control information is used in the operation of the LLC protocol.
The entire LLC PDU is then passed down to the MAC layer, which
appends control information at the front and back of the packet,
forming a MAC frame. Again, the control information in the frame
is needed for the operation of the MAC protocol.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 18 / 75

MAC Frame Format

012 012 75 47 55 22

34567 4 012ÿ59947 012ÿ59947

ÿ7 ÿ4ÿ! 545"7

882 1 1 882ÿ4 #465


 1ÿ57 2 1ÿ57 882

19947 ÿ79
ÿÿ9954 1ÿÿ975ÿ747ÿ57 ÿ
2ÿÿ6659477 1ÿÿ47ÿ747ÿ57 ÿ

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 19 / 75

Contd..

MAC: This field contains any protocol control information needed for
the functioning of the MAC protocol. For example, a priority level
could be indicated here.
Destination MAC Address: The destination physical attachment
point on the LAN for this frame.
Source MAC Address: The source physical attachment point on the
LAN for this frame.
Data: The body of the MAC frame. This may be LLC data from the
next higher layer or control information relevant to the operation of
the MAC protocol.
CRC: The cyclic redundancy check field (also known as the frame
check sequence, FCS, field). The CRC is used in virtually all data link
protocols, such as highlevel data link control (HDLC)

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 20 / 75

Contd..

In most data link control protocols, the data link protocol entity is
responsible not only for detecting errors using the CRC but for
recovering from those errors by retransmitting damaged frames.
In the LAN protocol architecture, these two functions are split
between the MAC and LLC layers. The MAC layer is responsible for
detecting errors and discarding any frames that are in error.
The LLC layer optionally keeps track of which frames have been
successfully received and retransmits unsuccessful frames.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 21 / 75

LLC Layer

LLC
LLC is concerned with the transmission of a link-level PDU between two
stations, without the necessity of an intermediate switching node.

It must support the multiaccess, shared-medium nature of the link

(this differs from a multidrop line in that there is no primary node).
It is relieved of some details of link access by the MAC layer.
The LLC layer optionally keeps track of which frames have been
successfully received and retransmits unsuccessful frames.
Addressing in LLC involves specifying the source and destination LLC
users. Typically, a user is a higher-layer protocol or a network management
function in the station. These LLC user addresses are referred to as
Service Access Points (SAPs)

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 22 / 75

LLC Services

Unacknowledged connectionless service:

This is a datagram-style service. It is a very simple service that does not
involve any flow- and error-control mechanisms. Thus, the delivery of data
is not guaranteed. However, in most devices, there will be some higher
layer of software that deals with reliability issues.

Connection-mode service:
This service is similar to that offered by HDLC. A logical connection is set
up between two users exchanging data, and flow control and error control
are provided.

Acknowledged connectionless service:

This is a cross between the previous two services. It provides that
datagrams are to be acknowledged, but no prior logical connection is set
up.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 23 / 75
LLC Protocol

LLC makes use of the asynchronous balanced mode of operation of

HDLC, to support connection-mode LLC service Type 2 operation.
LLC supports an unacknowledged connectionless service using the
unnumbered information PDU Type 1 operation.
LLC supports an acknowledged connectionless service by using two
new unnumbered PDUs-Type 3 operation.
LLC permits multiplexing by the use of LLC service access points
(LSAPs)

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 24 / 75

IEEE 802.11 architecture

"%((ÿÿ !"""ÿ9#4$%ÿ&2'
)*+,-.
ÿ

2 ÿ4012ÿ
2 ÿ012ÿ ÿ
ÿ00
ÿ 012ÿ7
ÿ00 012ÿ
012ÿ4
012ÿ6ÿ 012ÿ8 012ÿ9
012ÿ5

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 25 / 75

Contd..

The smallest building block of a WLAN is a Basic service set

(BSS), which consists of some number of stations executing the
same MAC protocol and competing for access to the same shared
wireless medium.
A BSS may be isolated or it may connect to a backbone Distribution
System (DS) through an Access Point (AP).
The AP functions as a bridge and a relay point.
In a BSS, client stations do not communicate directly with one
another. Rather, if one station in the BSS wants to communicate
with another station in the same BSS, the MAC frame is first sent
from the originating station to the AP, and then from the AP to the
destination station.
Similarly, a MAC frame from a station in the BSS to a remote station
is sent from the local station to the AP and then relayed by the AP
over the DS on its way to the destination station.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 26 / 75
Contd..

The BSS generally corresponds to what is referred to as a cell in the

literature.
The DS can be a switch, a wired network, or a wireless network.
When all the stations in the BSS are mobile stations, with no
connection to other BSSs, the BSS is called an Independent BSS
(IBSS).
An IBSS is typically an ad hoc network. In an IBSS, the stations all
communicate directly, and no AP is involved.

Extended Service Set (ESS)

It consists of two or more BSSs interconnected by a distribution system.
Typically, the distribution system is a wired backbone LAN but can be any
communications network. The ESS appears as a single logical LAN to the
LLC level.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 27 / 75

IEEE 802.11 Services

0123451 62734812 9 18ÿ7ÿ0 72

 ÿ  !ÿ"#$
%  &'ÿÿ"ÿ
%  &'ÿÿ"ÿ
 ÿ  !ÿ"#$
 ÿ  !ÿ"#$
() ÿ  !ÿ"#$
 !ÿ"#$   !ÿ"#$
*$  &'ÿÿ"ÿ
+ ÿ  !ÿ"#$

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 28 / 75

Distribution of Messages with in a DS

The two services involved with the distribution of messages within a DS

are distribution and integration.
Distribution :
It is the primary service used by stations to exchange MAC frames
when the frame must traverse the DS to get from a station in one
BSS to a station in another BSS.
For example, suppose a frame is to be sent from station 2 (STA 2) to
STA 7 in Figure. The frame is sent from STA 2 to STA 1, which is
the AP for this BSS.
The AP gives the frame to the DS, which has the job of directing the
frame to the AP associated with STA 5 in the target BSS.
STA 5 receives the frame and forwards it to STA 7.
If the two stations that are communicating are within the same BSS, then
the distribution service logically goes through the single AP of that BSS.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 29 / 75

Contd..
Integration :
The integration service enables transfer of data between a station on
an IEEE 802.11 LAN and a station on an integrated IEEE 802.x LAN.
The term integrated refers to a wired LAN that is physically
connected to the DS and whose stations may be logically connected
to an IEEE 802.11 LAN via the integration service.
The integration service takes care of any address translation and
media conversion logic required for the exchange of data.
Association-Related Service :
The primary purpose of the MAC layer is to transfer MSDUs between
MAC entities; this purpose is fulfilled by the distribution service.
For that service to function, it requires information about stations
within the ESS, which is provided by the association-related services.
Before the distribution service can deliver data to or accept data from
a station, that station must be associated.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 30 / 75
Transition Types Based on Mobility
No transition:
A station of this type is either stationary or moves only within the direct
communication range of the communicating stations of a single BSS.

BSS transition:
This is defined as a station movement from one BSS to another BSS
within the same ESS. In this case, delivery of data to the station requires
that the addressing capability be able to recognize the new location of the
station.

ESS transition:
This is defined as a station movement from a BSS in one ESS to a BSS
within another ESS. This case is supported only in the sense that the
station can move. Maintenance of upper-layer connections supported by
802.11 cannot be guaranteed. In fact, disruption of service is likely to
occur.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 31 / 75
Association :
Establishes an initial association between a station and an AP.
Before a station can transmit or receive frames on a WLAN, its
identity and address must be known. For this purpose, a station must
establish an association with an AP within a particular BSS.
The AP can then communicate this information to other APs within
the ESS to facilitate routing and delivery of addressed frames.
Reassociation:
Enables an established association to be transferred from one AP to
another, allowing a mobile station to move from one BSS to another.
Disassociation:
A notification from either a station or an AP that an existing
association is terminated.
A station should give this notification before leaving an ESS or
shutting down.
However, the MAC management facility protects itself against
stations that disappear without notification.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 32 / 75
IEEE 802.11 Medium Access Control
The IEEE 802.11 MAC layer covers three functional areas: Reliable Data
Delivery, Access Control and Security
Reliable Data Delivery :
Noise, interference, and other propagation effects result in the loss of
a significant number of frames. Even with errorcorrection codes, a
number of MAC frames may not successfully be received.
This situation can be dealt with by reliability mechanisms at a higher
layer, such as TCP. However, timers used for retransmission at higher
layers are typically on the order of seconds.
IEEE 802.11 includes a Frame Exchange Protocol. When a station
receives a data frame from another station, it returns an
acknowledgment (ACK) frame to the source station.
If the source does not receive an ACK within a short period of time,
either because its data frame was damaged or because the returning
ACK was damaged, the source retransmits the frame.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 33 / 75
Contd..

To further enhance reliability, a four-frame exchange may be used.

In this scheme, a source first issues a Request to Send (RTS) frame
to the destination.
The destination then responds with a Clear to Send (CTS).
After receiving the CTS, the source transmits the data frame, and the
destination responds with an ACK.
The RTS alerts all stations that are within reception range of the
source that an exchange is under way; these stations refrain from
transmission in order to avoid a collision between two frames
transmitted at the same time.
Similarly, the CTS alerts all stations that are within reception range of
the destination that an exchange is under way. The RTS/CTS portion
of the exchange is a required function of the MAC but may be
disabled.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 34 / 75

IEEE 802.11 Protocol Architecture

0123456ÿ6389ÿ418 16ÿ00 
188318 188318
34 34
138ÿ411385318ÿ84318
  
65
33ÿ411385318ÿ84318ÿ 
!!5 !! !!2 !!8 !!54 !!5
"ÿ#$% )ÿ#$% )ÿ#$% )ÿ58 "ÿ#$% +ÿ#$%
& ''' '''ÿ58 "ÿ#$% ' & '3826ÿ1
ÿ$% ÿ$% & & !+ÿ$% &
'('& '('& ÿ$% )ÿ$% (& !+ÿ$%
")ÿ* !!ÿ* '('& (& ,ÿ#* '('&
")ÿ* +ÿ* +-+ÿ#*

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 35 / 75

DFWMAC- Distributed foundation Wireless MAC)

It provides a distributed access control mechanism with an optional

centralized control.
The lower sublayer of the MAC layer is the Distributed
Co-ordination Function (DCF). DCF uses a contention algorithm
to provide access to all traffic. Ordinary asynchronous traffic directly
uses DCF.
The Point Co-ordination Function (PCF) is a centralized MAC
algorithm used to provide contention-free service. PCF is built on top
of DCF and exploits features of DCF to assure access for its users.
The DCF sublayer makes use of a simple CSMA (carrier sense
multiple access) algorithm.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 36 / 75

CSMA

If a station has a MAC frame to transmit, it listens to the medium. If

the medium is idle, the station may transmit; otherwise the station
must wait until the current transmission is complete before
transmitting.
The DCF does not include a collision detection function (i.e., CSMA/
CD) because collision detection is not practical on a wireless network.
The dynamic range of the signals on the medium is very large, so that
a transmitting station cannot effectively distinguish incoming weak
signals from noise and the effects of its own transmission.
To ensure the smooth and fair functioning of this algorithm, DCF
includes a set of delays that amounts to a priority scheme.
-Inter-Frame Space (IFS)

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 37 / 75

IEEE 802.11 MAC Control Logic
0123ÿ567ÿ57189
36ÿ371 823

928 6
29
9
0123ÿ

32 6 0123ÿ 32ÿ7793

29 371 8226ÿ9
9
71 823ÿ57189 0123ÿ

32 6
29
9
69321ÿ16
29ÿ8928ÿ29

71 823ÿ57189

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 38 / 75

IFS Rules for CSMA
A station with a frame to transmit senses the medium. If the medium
is idle, it waits to see if the medium remains idle for a time equal to
IFS. If so, the station may transmit immediately.
If the medium is busy (either because the station initially finds the
medium busy or because the medium becomes busy during the IFS
idle time), the station defers transmission and continues to monitor
the medium until the current transmission is over.
Once the current transmission is over, the station delays another IFS.
If the medium remains idle for this period, then the station backs off
a random amount of time and again senses the medium.
If the medium is still idle, the station may transmit. During the
backoff time, if the medium becomes busy, the backoff timer is halted
and resumes when the medium becomes idle.
If the transmission is unsuccessful, which is determined by the
absence of an acknowledgment, then it is assumed that a collision has
occurred.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 39 / 75
Binary exponential backoff

To ensure that backoff maintains stability, a technique known as binary

exponential backoff is used.
A station will attempt to transmit repeatedly in the face of repeated
collisions, but after each collision, the mean value of the random
delay is doubled up to some maximum value.
The binary exponential backoff provides a means of handling a heavy
load. Repeated failed attempts to transmit result in longer and longer
backoff times, which helps to smooth out the load.
Without such a backoff, the following situation could occur. Two or
more stations attempt to transmit at the same time, causing a
collision.
These stations then immediately attempt to retransmit, causing a
new collision.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 40 / 75

Contd..

SIFS
The shortest IFS, used for all immediate response actions.

PIFS
Point Co-ordination Function IFS: A midlength IFS, used by the
centralized controller in the PCF scheme when issuing polls.

DIFS
Distributed Co-ordination Function IFS: The longest IFS, used as a
minimum delay for asynchronous frames contending for access.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 41 / 75

IEEE 802.11 MAC Access Timing

1445 67895ÿ875ÿ55
5ÿ45
5ÿ96784ÿ
ÿ0123 0123 9597ÿ76
123
0123
ÿ5674 3123 8ÿ76 59ÿ845
9745
39ÿ9745
055ÿ8 5 3559ÿ9ÿ7ÿ78ÿ55978ÿ8
!"#ÿ%"&'(ÿ"(()&&ÿ*)+,-.
35845ÿ/356ÿ478ÿ590
35845ÿ/356ÿ478ÿ590 259556ÿ898ÿ5845ÿ576
9559776155 9597ÿ576
2ÿ/9780 02 ÿ45674 2ÿ/9780
2878  5 ÿ
/5ÿ584505 9
2194
652
5 8985ÿ655
!6#ÿ789ÿ&:;)<=<"*)ÿ(->&+<:(+'->

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 42 / 75

SIFS Used Circumstances
Acknowledgement :
When a station receives a frame addressed only to itself (not
multicast or broadcast), it responds with an ACK frame after waiting
only for an SIFS gap.
This has two desirable effects. First, because collision detection is not
used, the likelihood of collisions is greater than with CSMA/CD, and
the MAC-level ACK provides for efficient collision recovery.
Second, the SIFS can be used to provide efficient delivery of an LLC
PDU that requires multiple MAC frames.
In this case, the following scenario occurs. A station with a
multiframe LLC PDU to transmit sends out the MAC frames one at a
time. Each frame is acknowledged by the recipient after SIFS.
When the source receives an ACK, it immediately (after SIFS) sends
the next frame in the sequence. The result is that once a station has
contended for the channel, it will maintain control of the channel
until it has sent all of the fragments of an LLC PDU.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 43 / 75
 Clear to Send-CTS :A station can ensure that its data frame will
get through by first issuing a small RTS frame. The station to which
this frame is addressed should immediately respond with a CTS frame
if it is ready to receive.
All other stations receive the RTS and defer using the medium.
The next longest IFS interval is the PIFS. This is used by the
centralized controller in issuing polls and takes precedence over
normal contention traffic.
Finally, the DIFS interval is used for all ordinary asynchronous traffic.
Point coordination Function : PCF is an alternative access method
implemented on top of the DCF.
The operation consists of polling by the centralized polling master
(point coordinator). The point coordinator makes use of PIFS when
issuing polls.
Because PIFS is smaller than DIFS, the point coordinator can seize
the medium and lock out all asynchronous traffic while it issues polls
and receives responses.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 44 / 75
IEEE 802.11 MAC Frame Format

012324 7 7 7 7 8 ÿ20ÿ9987 8
 #$ ?%%344 ?%%344 ?%%344  ?%%344 A0 @ "2" 
@3"%3 "3ÿ50% "63
ÿÿ!"3ÿ1020 ÿ ÿ43&313ÿ1020 ?*"4ÿ3432
#$ÿÿ%"260#1031260ÿ$ ÿÿ!"3ÿ1'31(ÿ43&313
A0ÿÿA0ÿ1020 @ÿÿ'6)'ÿ2'0)'2ÿ1020 3432ÿ0ÿ6ÿ132"6ÿ!"3ÿ234
ÿ"%ÿ45B234
+,-ÿ/01ÿ23,45
5624 7 7 8 9 9 9 9 9 9 9 9
02010 3 523 0 0
3460        
ÿ ÿ%64265260ÿ4423 ÿÿ03ÿ%"2"
ÿÿ03ÿ!")324 ÿ ÿ*63%ÿ3&6"32ÿ6"1ÿ562
ÿ ÿ32 ÿ ÿ0%3
ÿÿ0*3ÿ"")332
+6-ÿ73,45ÿ89:;39<ÿ=5<>

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 45 / 75

MAC protocol data unit- MPDU

Frame Control: Indicates the type of frame (control, management,

or data) and provides control information. Control information
includes whether the frame is to or from a DS, fragmentation
information, and privacy information.
Duration/Connection ID: If used as a duration field, indicates the
time (in microseconds) the channel will be allocated for successful
transmission of a MAC frame. In some control frames, this field
contains an association, or connection, identifier.
Addresses: The number and meaning of the 48-bit address fields
depend on context. The transmitter address and receiver address are
the MAC addresses of stations joined to the BSS that are
transmitting and receiving frames over the WLAN.
Service Set Identifier-SSID identifies the WLAN over which a
frame is transmitted. For an IBSS, the SSID is a random number
generated at the time the network is formed.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 46 / 75
Contd..

Finally the source address and destination address are the MAC addresses
of stations, wireless or otherwise, that are the ultimate source and
destination of this frame.
Sequence Control: contains a 4-bit fragment number subfield, used
for fragmentation and reassembly, and a 12-bit sequence number used
to number frames sent between a given transmitter and receiver
QoS Control: contains information relating to the IEEE 802.11
quality of service (QoS) facility
High Throughput Control: This field contains control bits related
to the operation of 802.11n, 802.11ac, and 802.11ad.
Frame Body: contains an MSDU or a fragment of an MSDU. The
MSDU is a LLC protocol data unit or MAC control information.
Frame Check Sequence: A 32-bit cyclic redundancy check.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 47 / 75

Frame Control Field
Protocol Version: 802.11 version, currently version 0.
Type: Identifies the frame as control, management, or data.
Subtype: Further identifies the function of frame.
To DS: The MAC coordination sets this bit to 1 in a frame destined
to the distribution system.
From DS: The MAC coordination sets this bit to 1 in a frame leaving
the distribution system.
More Fragments: Set to 1 if more fragments follow this one.
Retry: Set to 1 if this is a retransmission of a previous frame.
Power Management: Set to 1 if the transmitting station is in a
sleep mode.
More Data: Indicates that a station has additional data to send.
Each block of data may be sent as one frame or a group of fragments
in multiple frames.
WEP: Set to 1 if the optional wired equivalent privacy is
implemented. WEP is used in the exchange of encryption keys for
secure data exchange.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 48 / 75
Control Frames

Control frames assist in the reliable delivery of data frames. There are six
control frame subtypes:
Power Save-Poll (PS-Poll): This frame is sent by any station to the
station that includes the AP (access point). Its purpose is to request
that the AP transmit a frame that has been buffered for this station
while the station was in power saving mode.
Request to Send: This is the first frame in the four-way frame
exchange discussed under the subsection on reliable data delivery.
The station sending this message is alerting a potential destination,
and all other stations within reception range, that it intends to send a
data frame to that destination.
Clear to Send: This is the second frame in the four-way exchange. It
is sent by the destination station to the source station to grant
permission to send a data frame.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 49 / 75

Control Frames Contd..

Acknowledgment: Provides an acknowledgment from the

destination to the source that the immediately preceding data,
management, or PS-Poll frame was received correctly.
Contention-Free (CF)-End: Announces the end of a contention-free
period that is part of the point coordination function.
CF-End + CF-Ack: Acknowledges the CF-end. This frame ends the
contention-free period and releases stations from the restrictions
associated with that period.
Data Frames : There are eight data frame subtypes, organized into two
groups. The first four subtypes define frames that carry upper-level data
from the source station to the destination station.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 50 / 75

Data Frames
The four data-carrying frames are as follows:
Data: This is the simplest data frame. It may be used in both a
contention period and a contention-free period.
Data + CF-Ack: May only be sent during a contention-free period.
In addition to carrying data, this frame acknowledges previously
received data.
Data + CF-Poll: Used by a point coordinator to deliver data to a
mobile station and also to request that the mobile station send a data
frame that it may have buffered.
Data + CF-Ack + CF-Poll: Combines the functions of the Data +
CF-Ack and Data + CF-Poll into a single frame.
Null Function data frame carries no data, polls, or acknowledgments.
It is used only to carry the power management bit in the frame
control field to the AP, to indicate that the station is changing to a
low-power operating state.
The remaining three frames (CF-Ack, CF-Poll, CF-Ack + CF-Poll) have
the same functionality as the corresponding data frame subtypes.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 51 / 75
Management Frames
It is used to manage communications between stations and APs. The
following subtypes are included:
Association Request: Sent by a station to an AP to request an
association with this BSS. This frame includes capability information,
such as whether encryption is to be used and whether this station is
pollable.
Association Response: Returned by the AP to the station to
indicate whether it is accepting this association request.
Reassociation Request: Sent by a station when it moves from one
BSS to another and needs to make an association with the AP in the
new BSS. The station uses reassociation rather than simply
association so that the new AP knows to negotiate with the old AP
for the forwarding of data frames.
Reassociation Response: Returned by the AP to the station to
indicate whether it is accepting this reassociation request.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 52 / 75
Management Frames Contd..
Probe Request: Used by a station to obtain information from
another station or AP. This frame is used to locate an IEEE 802.11
BSS.
Probe Response: Response to a probe request.
Beacon: Transmitted periodically to allow mobile stations to locate
and identify a BSS.
Announcement Traffic Indication Message: Sent by a mobile
station to alert other mobile stations that may have been in low
power mode that this station has frames buffered and waiting to be
delivered to the station addressed in this frame.
Dissociation: Used by a station to terminate an association.
Authentication: Multiple authentication frames are used in an
exchange to authenticate one station to another.
Deauthentication: Sent by a station to another station or AP to
indicate that it is terminating secure communications.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 53 / 75
IEEE 802.11 Physical Layer Standards

01234ÿ6678ÿ ÿÿÿÿ 

!"1#$1%$ &'(7661 &'(7662 &'(766) &'(766# &'(7661* &'(7661$
+41%ÿ,#"%-$.*4$ /// /// 0   1
213,4.4ÿ$1"1ÿ 81ÿ9:; ÿ9:; 81ÿ9:; <8ÿ=ÿ<ÿ >ÿ9:;ÿ <><ÿ
"%1#564%ÿ5744$ 9:; =ÿ0ÿ ?:;
?:;
@%4A.4#*Bÿ21#$ 8ÿ?CD 1ÿ?CD 1ÿ?CD 1ÿ=ÿ8ÿ 8ÿ?CD <ÿ?CD
?CD
EF1##43ÿ21#$G,$"F ÿ9CD ÿ9CD ÿ9CD Hÿ1ÿ 1HÿHÿ <ÿ
9CD <ÿ9CD 9CD
I,)F45"ÿ-%$4%ÿ <1ÿJK9 ÿLLM <1ÿJK9 <1ÿJK9 8<ÿJK9 <1ÿJK9
4-$.31",-#
!74*"%.4ÿ.51)4 NOP9 P PHÿ NOP9 ÿLQÿ LHÿ
NOP9 ÿNOP9 NOP9
R#"4##1ÿ Sÿ Sÿ Sÿ T;ÿ=ÿ T;ÿ=ÿ Sÿ
*-#6,).%1",-# N N N 1S1ÿ Sÿ N
9 9N 9 9NHÿ
ÿ9TQÿ
ÿ9 9N

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 54 / 75

IEEE 802.11 Physical PDU

ÿ$6ÿ"5 ÿ$6 .4145ÿ3/ ÿ"2ÿ$6ÿ"5

"5
89 8ÿ8 45 012345 6474

"#$6 "#$6
%&80'(ÿÿ)ÿ#* %47ÿ1ÿ13147ÿ13ÿ012345*
47 9327 8 !415 0 1 86 !415 84
ÿ17 ÿ17  ÿ17 ÿ17 ÿ17
345ÿÿ7888ÿ9:;<==4ÿ>?@ABC4DÿEFG
+ÿ17ÿ47 ÿ17ÿ47 .4145ÿ3/ ÿ17ÿ47
ÿ,ÿ6&80' ÿ,ÿ6-80' ÿ,ÿ6-80'0ÿ1ÿ,ÿ6&80'0ÿÿ,ÿ6-80'
89 8ÿ8 45 89 8ÿ 4 86

03 06 0123450 1 9327 

ÿ17 ÿ17 ÿ17 ÿ17 ÿ17 ÿ17

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 55 / 75

Physical-Layer Frame structure-IEEE 802.11a

The PLCP Preamble field enables the receiver to acquire an incoming

OFDM signal and synchronize the demodulator. Next is the Signal field,
which consists of 24 bits encoded as a single OFDM symbol. The
Preamble and Signal fields are transmitted at 6 Mbps using BPSK.
Rate: Specifies the data rate at which the data field portion of the
frame is transmitted.
r: reserved for future use.
Length: Number of octets in the MAC PDU.
P: An even parity bit for the 17 bits in the Rate, r, and Length
subfields.
Tail: Consists of 6 zero bits appended to the symbol to bring the
convolutional encoder to zero state.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 56 / 75

Contd..

The Data field consists of a variable number of OFDM symbols

transmitted at the data rate specified in the Rate subfield. Prior to
transmission, all of the bits of the Data field are scrambled.
The Data field consists of four subfields:
Service: Consists of 16 bits, with the first 7 bits set to zeros to
synchronize the descrambler in the receiver, and the remaining 9 bits
(all zeros) reserved for future use.
MAC PDU: Handed down from the MAC layer.
Tail: Produced by replacing the six scrambled bits following the
MPDU end with 6 bits of all zeros; used to reinitialize the
convolutional encoder.
Pad: The number of bits required to make the Data field a multiple
of the number of bits in an OFDM symbol (48, 96, 192, or 288).

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 57 / 75

Physical-Layer Frame structure-IEEE 802.11b

IEEE 802.11b defines two physical-layer frame formats, which differ only in
the length of the preamble.
The long preamble of 144 bits is the same as used in the original
802.11 DSSS scheme and allows interoperability with other legacy
systems.
The short preamble of 72 bits provides improved throughput efficiency.
Preamble field enables the receiver to acquire an incoming signal
and synchronize the demodulator. It consists of two subfields: a
56-bit Sync field for synchronization and a 16-bit Start-of-frame
delimiter (SFD). The preamble is transmitted at 1 Mbps using
differential BPSK and Barker code spreading.
Following the preamble is the PLCP Header, which is transmitted at 2
Mbps using DQPSK. It consists of the following subfields:

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 58 / 75

Contd..

Signal: Specifies the data rate at which the MPDU portion of the
frame is transmitted.
Service: Only 3 bits of this 8-bit field are used in 802.11b. One bit
indicates whether the transmit frequency and symbol clocks use the
same local oscillator. Another bit indicates whether CCK or PBCC
encoding is used. A third bit acts as an extension to the Length
subfield.
Length: Indicates the length of the MPDU field by specifying the
number of microseconds necessary to transmit the MPDU. Given the
data rate, the length of the MPDU in octets can be calculated.
CRC: A 16-bit error-detection code used to protect the Signal,
Service, and Length fields.
The MPDU field consists of a variable number of bits transmitted at the
data rate specified in the Signal subfield. Prior to transmission, all of the
bits of the physical layer PDU are scrambled
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 59 / 75
GIGA BIT WIFI-IEEE 802.11ac

2343ÿ6748
9 ÿ868 76
# !" #$
ÿ0 !" #$
3
6374
01 1 1 1 
01

13
93473ÿ84 38
%&'()*ÿÿ,,-,.ÿ/000ÿ234566ÿ789:;9<=>?8ÿ@=?A;9B

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 60 / 75

IEEE 802.11ac

IEEE 802.11ac operates in the channels in the 5 GHz band. It is designed

to provide a smooth evolution from 802.11n. The new standard achieves
much higher data rates than 802.11n by means of enhancements in three
areas
Bandwidth: The maximum bandwidth of 802.11n is 40 MHz; the
maximum bandwidth of 802.11ac is 160 MHz.
Signal encoding: 802.11n can use 64 QAM with OFDM, and
802.11ac can use 256 QAM with OFDM. Thus, more bits can be
encoded per symbol. Both schemes use forward error correction with
a code rate of 5/6 (ratio of data bits to total bits).
MIMO: With 802.11n, there can be a maximum of 4 channel input
and 4 channel output antennas. 802.11ac increases this to 8 x 8.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 61 / 75

IEEE 802.11ac Contd..

Data rate
×( number of spatial streams )×( data bits per subcarrier )
= (number of data subcarriers)
(time per OFDM symbol, in seconds)
Using this equation, we have the following maximum data rates:

108 × 4 × (5/6 × log2 64)

802.11n : = 600 × 106 bps = 600Mbps
3.6 × 10−6
468 × 8 × (5/6 × log2 256)
802.11ac : = 6937 × 106 bps = 6.937Gbps
3.6 × 10−6
Note:Increasing the channel bandwidth by a factor of 4 increases the data
rate by a factor of 4.33, because the number of subcarriers expands from
108 to 468.
The transmit power must now be spread over four times as many
subcarriers, however, resulting in a slight reduction in range. Going from
64 QAM to 256 QAM increases the data rate by a factor of 1.33.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 62 / 75

IEEE 802.11ad

IEEE 802.11ad, using the name WiGig, is a version of 802.11 operating in

the 60 GHz frequency band.
This band offers the potential for much wider channel bandwidth than
the 5 GHz band, enabling high data rates up to 7 Gbps with relatively
simple signal encoding and antenna characteristics.
This enables a series of high bandwidth applications; WiGig also
supplies Protocol Adaptation Layers (PALs). There are
audio/visual PALs to support HDMI and DisplayPort, and there are
input/output PALs for SD, USB, and PCIe.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 63 / 75

IEEE 802.11ad Contd..

802.11ad is operating in the millimeter range, which has some undesirable

propagation characteristics:
Free space loss increases with the square of the frequency; thus losses
are much higher in this range (20 dB more from 6 GHz and 60 GHz)
than in the ranges used for traditional microwave systems.
Multipath losses can be quite high. Reflection occurs when an
electromagnetic signal encounters a surface that is large relative to
the wavelength of the signal; scattering occurs if the size of an
obstacle is on the order of the wavelength of the signal or less;
diffraction occurs when the wavefront encounters the edge of an
obstacle that is large compared to the wavelength.
Millimeter-wave signals generally don’t penetrate solid objects.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 64 / 75

IEEE 802.11ad Modulation and Coding Schemes

01234ÿÿ6678ÿ9 ÿ ÿÿÿÿ !
"#$%&'13ÿ(1$4) *+,&-. /+,0311&+- 213ÿ4&1ÿ2114
5ÿ6789: ;ÿ<=7>ÿ?@ÿ B;C=D7E FGÿHA!
!A5
ÿ555ÿ ;ÿ<=7ÿ;ÿ<=7>ÿ B;CD7E>ÿB;Cÿ ?GÿHA!ÿÿIJÿMHA!
6789: G;ÿ<=7ÿ?;Iÿ<=7ÿ K7E>ÿBÿCJÿKL
?;Jÿ<=7
NO=ÿ ;ÿ<=7>ÿG;ÿ<=7ÿ ÿNO=CÿNK7Eÿ JP?ÿHA!ÿÿJFJÿMHA!
6NO=789: ?;Iÿ<=7ÿ?;Jÿ<=7 ÿNO=CÿK7Eÿ
ÿNO=CÿJÿKLÿ
ÿNO=CÿJIÿKL
ÿ<QCÿAQ5ÿ!ÿ R6I> :SDTÿ B;CD7E>ÿB;Cÿ J?JÿHA!ÿÿGÿMHA!
555ÿ6<7789: 6J;;P;>: K7E
D7E UH5VÿA!W!XÿTV
=D7E UXX5ÿH5VÿA!W!XÿTV
<=7UQÿ!VÿA5VÿTÿ
NO= U5ÿX5YVWZ!ÿ A[
NK7E UXX!ÿY55ÿA!W!XÿTV
KL UY55ÿ Aÿ 
K7E UY55ÿA!W!XÿTV
RURW 
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 65 / 75
Other IEEE Standards
IEEE 802.11e makes revisions to the MAC layer to improve quality of
service and address some security issues.
It accommodates time-scheduled and polled communication during
null periods when no other data are being sent. In addition, it offers
improvements to the efficiency of polling and enhancements to
channel robustness.
These enhancements should provide the quality required for such
services as IP telephony and video streaming. Any station
implementing 802.11e is referred to as a QoS station, or QSTA.
In a QSTA, the DCF and PCF (Figure 11.9) modules are replaced
with a hybrid coordination function (HCF). The HCF consists of
enhanced distributed channel access (EDCA) and HCF controlled
channel access (HCCA).
EDCA is an extension of the legacy DCF mechanism to include
priorities. As with the PCF, HCCA centrally manages medium access,
but does so in a more efficient and flexible manner.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 66 / 75
Other IEEE Standards Contd..

IEEE 802.11i defines security and authentication mechanisms at the

MAC layer. This standard is designed to address security deficiencies
in the wire equivalent privacy (WEP) mechanism originally designed
for the MAC layer of 802.11.
IEEE 802.11k defines Radio Resource Measurement enhancements
that provide mechanisms available to higher protocol layers for radio
and network measurements.
The standard defines what information should be made available to
facilitate the management and maintenance of wireless and mobile
LANs.
IEEE 802.11m is an ongoing task group activity to correct editorial
and technical issues in the standard. The task group reviews
documents generated by the other task groups to locate and correct
inconsistencies and errors in the 802.11 standard and its approved
amendments.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 67 / 75
Other IEEE Standards Contd..

802.11p provides wireless access for the vehicular environment. It

allows for communication between devices moving up to 200 km/hr
(124.3 mi/hr).
Devices do not need to associate or authenticate with each other.
Instead, they just join the overall WAVE (Wireless Access in Vehicular
Environments) network in the area. Lower data rates are used,
because movement can cause more packet errors.
802.11p also allows for greater output power to accommodate longer
distances
IEEE 802.11r provides a fast roaming capability. Devices may
register in advance with a neighbor AP, so security and quality of
service settings can be negotiated before the device needs to switch
to a new AP. The duration of connectivity loss can be substantially
reduced.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 68 / 75

 IEEE 802.11s defines MAC procedures for 802.11 devices to use
multi-hop communication to support a wireless LAN mesh topology.
Devices mutually serve as wireless routers. The amendment supports
unicast, multicast, and broadcast packet delivery.
IEEE 802.11z provides Tunneled Direct Link Setup, which allows
devices to avoid the delays and contention process for going through
an AP.
Higher order modulation schemes could also be used if the devices are
closer to each other than with an AP.
IEEE 802.11aa provides improved multimedia performance to
enhance 802.11e capabilities. The enhancements include groupcast
with retries for new transmission policies for group addressed frames
and intra-access category prioritization to further clarify and create
subcategories. It also includes a stream classification service to
arbitrarily map streams to queues and solutions to overlapping BSS
management problems by performing channel selection and
cooperative resource sharing.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 69 / 75

IEEE 802.11 Wireless LAN Security
Wireless networks, and the wireless devices that use them, introduce a
host of security problems over and above those found in wired networks.
Some of the key factors contributing to the higher security risk of wireless
networks compared to wired networks include the following
Channel: Wireless networking typically involves broadcast
communications, which is far more susceptible to eavesdropping and
jamming than wired networks. Wireless networks are also more
vulnerable to active attacks that exploit vulnerabilities in
communications protocols.
Mobility: Wireless devices are, in principal and usually in practice, far
more portable and mobile than wired devices. This mobility results in
a number of risks, described subsequently.
Resources: Some wireless devices, such as smartphones and tablets,
have sophisticated operating systems but limited memory and
processing resources with which to counter threats, including denial of
service and malware.
Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 70 / 75
Contd..

Accessibility: Some wireless devices, such as sensors and robots, may

be left unattended in remote and/or hostile locations. This greatly
increases their vulnerability to physical attacks.
The wireless environment consists of three components that provide point
of attack.
Client: The wireless client can be a cell phone, a Wi-Fi-enabled
laptop or tablet, a wireless sensor, a Bluetooth device, and so on.
Access Point: The wireless access point provides a connection to the
network or service. Examples of access points are cell towers, Wi-Fi
hotspots, and wireless access points to wired local or wide area
networks.
Wireless Medium: The transmission medium, which carries the radio
waves for data transfer, is also a source of vulnerability.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 71 / 75

IEEE 802.11i Phases of Operation
 0  ÿ29

01234ÿ6ÿ7ÿ893 4

01234ÿÿ7ÿ14929

01234ÿÿ7ÿ4ÿ2244

01234ÿÿ7ÿ0 44ÿ22ÿ234

01234ÿÿ7ÿ 49ÿ4929

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 72 / 75

IEEE 802.11i RSN

The operation of an IEEE 802.11i RSN- can be broken down into five
distinct phases of operation as seen in Figure.
Discovery: An AP uses messages called Beacons and Probe
Responses to advertise its IEEE 802.11i security policy.
The STA uses these to identify an AP for a WLAN with which it
wishes to communicate. The STA associates with the AP, which it
uses to select the cipher suite and authentication mechanism when
the Beacons and Probe Responses present a choice.
Authentication: During this phase, the STA and AS prove their
identities to each other. The AP blocks non-authentication traffic
between the STA and AS until the authentication transaction is
successful.
The AP does not participate in the authentication transaction other
than forwarding traffic between the STA and AS.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 73 / 75

IEEE 802.11i RSN Contd..

Key generation and distribution: The AP and the STA perform

several operations that cause cryptographic keys to be generated and
placed on the AP and the STA. Frames are exchanged between the
AP and STA only.
Protected data transfer: Frames are exchanged between the STA
and the end station through the AP.
As denoted by the shading and the encryption module icon, secure
data transfer occurs between the STA and the AP only; security is
not provided end-to-end.
Connection termination: The AP and STA exchange frames.
During this phase, the secure connection is torn down and the
connection is restored to the original state.

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 74 / 75

 Thank you

Dr.M.Sashiganth (GITAM, Bengaluru) EEC342 December 5, 2022 75 / 75