bluetooth - monash university

Supercomputing 2002 June 22, 2002

T3: Bluetooth Vs. 802.11 1

P. Bhagwat 1

Bluetooth

A cable replacement technology1 Mb/s symbol rateRange 10+ metersSingle chip radio + baseband

at low power & low price point ($5)

Why not use Wireless LANs?- power- cost

P. Bhagwat 2

802.11

Replacement for EthernetSupported data rates

Current: 11, 5.5, 2, 1 MbpsFuture: 20+ Mbps in 2.4 GHz and up to 54 Mbps in 5.7 GHz band

Range Indoor 20 - 25 metersOutdoor: 50 – 100 meters

Transmit power up to 100 mWCost:

Chipsets $ 35 – 50AP $200 - $1000PCMCIA cards $100 - $150



P. Bhagwat 3

Cordlessheadset

Emerging Landscape

802.11 Bluetooth

AccessPoint

802.11b for PDAsBluetooth for LAN access

New developments areblurring the distinction

Designed for cablereplacement

Designed for wiredEthernet replacement

Which option is technically superior ?What market forces are at play ?What can be said about the future ?

P. Bhagwat 4

Questions I hope to answer

What are the key design differences between Bluetooth and 802.11 ?

At PHY, MAC, and System levelHow do Bluetooth and 802.11 compare ?

Cost, Range of communication, performanceWhy is Bluetooth supposed to be low cost and low power ? Can 802.11 achieve the same price and performance target ?Is Bluetooth more secure than 802.11 ?Reality Vs. hypeCan the two systems co-exist ?



P. Bhagwat 5

Tutorial Overview

2:00 – 3:00 pm Introduction, Bluetooth applications, basic radio concepts, Bluetooth RF

3:00 - 3:45 pm Bluetooth Baseband3:45 - 4:15 pm LMP, Security, Scatternets4:15 - 4:30 pm *Break* 4:30 - 5:30 pm 802.11 specifications overview, PHY & MAC5:30 - 6:00 pm Bluetooth & 802.11 comparison, Conclusion

P. Bhagwat 6

New Applications



P. Bhagwat 7

Synchronization

User benefitsAutomatic synchronization of calendars, address books, business cardsPush button synchronizationProximity operation

P. Bhagwat 8

Cordless Headset

User benefitsMultiple device access Cordless phone benefitsHands free operation

Cordlessheadset



P. Bhagwat 9

Usage scenarios examples

Data Access PointsSynchronizationHeadsetConference TableCordless ComputerBusiness Card ExchangeInstant PostcardComputer Speakerphone

P. Bhagwat 10

Bluetooth Specifications



P. Bhagwat 11

Bluetooth Specifications

RFBaseband

AudioLink ManagerL2CAP

Data

SDP RFCOMMIP

Single chip with RS-232,USB, or PC card interface

A hardware/software/protocol descriptionAn application framework

HCI

Applications

P. Bhagwat 12

Interoperability & Profiles

Profiles

Prot

ocol

s

ApplicationsRepresents default solution for a usage modelVertical slice through the protocol stackBasis for interoperability and logo requirementsEach Bluetooth device supports one or more profiles



P. Bhagwat 13

Bluetooth Radio Specification

RFBaseband


Data Cont

rolSDP RFCOMM

IP

Applications

P. Bhagwat 14

EM Spectrum

ν

Propagation characteristics are different in each frequency band

LF HF VHF UHF SHF EHFMF

AM radio

UV

S/W ra

dioFM

radio

TV TV cellu

lar

ν

1 MHz1 kHz 1 GHz 1 THz 1 PHz 1 EHz

infrared visibleX rays

Gamma rays

902 – 928 Mhz

2.4 – 2.4835 Ghz

5.725 – 5.785 Ghz

ISM band

λ30kHz 300kHz 3MHz 30MHz 300MHz 30GHz 300GHz

10km 1km 100m 10m 1m 10cm 1cm 100mm

3GHz



P. Bhagwat 15

Unlicensed Radio Spectrum

902 Mhz

928 Mhz

26 Mhz 83.5 Mhz 125 Mhz

2.4 Ghz

2.4835 Ghz5.725 Ghz

5.785 Ghz

cordless phonesbaby monitorsWireless LANs

802.11BluetoothMicrowave oven

unused

λ 33cm 12cm 5cm

P. Bhagwat 16

Bluetooth radio link

frequency hopping spread spectrum2.402 GHz + k MHz, k=0, …, 781,600 hops per second

GFSK modulation1 Mb/s symbol rate

transmit power0 dbm (up to 20dbm with power control)

. . .

1Mhz

1 2 3 79

83.5 Mhz



P. Bhagwat 17

Design considerations

• high bandwidth• conserve battery power• cost < $10

Data signal x(t) Recovereddata signal

Goal

cost

power

spectrum

Noise, interference

P. Bhagwat 18

Bluetooth Radio

Low CostSingle chip radio (minimize external components)Today’s technologyTime division duplex

Low PowerStandby modes Sniff, Hold, ParkLow voltage RF



P. Bhagwat 19

Radio architecture: 802.11b

Analog Digital

SiGe or GaAs CMOS

P. Bhagwat 20

Radio architecture: Bluetooth

CMOS



P. Bhagwat 21

Receiver sensitivity & range of comm.

1 mW

30 mW

100 mW

BT 80

2.11

C/I > 21dB

C/I > 12 dB

P. Bhagwat 22

Radio: cost, power, range tradeoff



P. Bhagwat 23

Review of basic concepts

P. Bhagwat 24

Understanding wireless communication

• How does signal propagate ?• How much attenuation take place ?• How does signal look like at the receiver ?

Tx

Rx



P. Bhagwat 25

Radio PropagationThree basic propagation mechanisms

• At 2.4 Ghz, leaves, lamp-posts can cause scattering

Reflection

λ << D

Diffraction

λ ≈ D

Scattering

λ >> D

P. Bhagwat 26

dB (relative measure)

dB = 10 log (times)

107

1011

104

Networth

$ 10K

Grad

$ 100B

Bill Steve

$ 10M

10,000 times

1,000 times

40 dB

30 dB

10,000 * 1,000 times= 10,000,000 times

40 dB + 30 dB= 70dB



P. Bhagwat 27

Path loss in dB

1 µW

d2

10 W

source d1

1 mW10-3

101

10-6

Power

dB = 10 log (----)P1

P2

Path loss from source to d2 = 70dB

1,000 times40 dB 30 dB

10,000 times

P. Bhagwat 28

dBm ( absolute measure of power)

1 µW

d2

10 W

source d1

1 mW

+ 10,000 times

- 1,000 times

= 40 dBm

= 0 dBm10-3

101

10-6

Power

dBm = 10 log (-------)P1

1mW

= -30 dBm



P. Bhagwat 29

Radio propagation: path loss

Pt

Pr

Prnear field

path loss = 10 log (4πr2/λ) r ≤ 8m

= 58.3 + 10 log (r3.3 /8) r > 8m

r

path loss in 2.4 Ghz band

near field far fieldr2∝

r ≤ 8m r > 8m

r3.3∝

P. Bhagwat 30

Radio Propagation: Fading and multipath

Tx

Rx

Fading: rapid fluctuation of the amplitude of a radio signal over a short period of time or travel distance

• Fading• Varying doppler shifts on different multipath signals• Time dispersion (causing inter symbol interference)

Effects of multipath



P. Bhagwat 31

RFBaseband


Data Cont

rol

Baseband

RFCOMMSDPIP

Applications

RFBaseband


Data Cont

rolSDP RFCOMM

IP

Applications

P. Bhagwat 32

Bluetooth Physical link

Point to point linkmaster - slave relationshipradios can function as masters or slaves m s

ss

m

s

PiconetMaster can connect to 7 slavesEach piconet has max capacity (1 Mbps)hopping pattern is determined by the master



P. Bhagwat 33

Connection Setup

Inquiry - scan protocolto lean about the clock offset and device address of other nodes in proximity

P. Bhagwat 34

Inquiry on time axis

Slave1

Slave2

Master

Inquiry hoppingsequence

f1 f2



P. Bhagwat 35

Piconet formation

Master

Active Slave

Parked Slave

Standby

Page - scan protocolto establish links with nodes in proximity

P. Bhagwat 36

AddressingBluetooth device address (BD_ADDR)

48 bit IEEE MAC address

Active Member address (AM_ADDR)3 bits active slave addressall zero broadcast address

Parked Member address (PM_ADDR)8 bit parked slave address



P. Bhagwat 37

Piconet channel

m

s1

s2

625 λsec

f1 f2 f3 f4

1600 hops/sec

f5 f6

FH/TDD

P. Bhagwat 38

Multi slot packets

m

s1

s2

625 µsec

f1

FH/TDD

Data rate depends on type of packet

f4 f5 f6



P. Bhagwat 39

Physical Link Types

m

s1

s2

SCO SCO SCO

Synchronous Connection Oriented (SCO) Link slot reservation at fixed intervals

Asynchronous Connection-less (ACL) LinkPolling access method

SCO SCO SCOACL ACL ACLACL ACL ACL

P. Bhagwat 40

Packet Types

Controlpackets

Data/voicepackets

ID*NullPollFHSDM1

Voice data

HV1HV2HV3DV

DM1DM3DM5

DH1DH3DH5



P. Bhagwat 41

Packet Format

72 bits 54 bits 0 - 2744 bitsAccess code

Header Payload

DataVoice CRC

No CRCNo retries

625 µs

master

slave

header

ARQ

FEC (optional) FEC (optional)

P. Bhagwat 42

Access Code

SynchronizationDC offset compensationIdentificationSignaling

Access code

Header Payload

72 bits

Purpose

Channel Access Code (CAC)Device Access Code (DAC)Inquiry Access Code (IAC)

Types

X



P. Bhagwat 43

Packet Header

Addressing (3)Packet type (4)Flow control (1)1-bit ARQ (1)Sequencing (1)HEC (8)

Access code

Header Payload

54 bits

Purpose

Encode with 1/3 FEC to get 54 bits

Broadcast packets are not ACKedFor filtering retransmitted packets

18 bitstotal

ss

m

s

16 packet types (some unused)

Max 7 active slaves

Verify header integrity

P. Bhagwat 44

Data Packet Types

DM1

DM3

DM5

DH1

DH3

DH5

2/3 FEC

No FEC

Symmetric Asymmetric

36.3477.8 286.7

54.4387.2258.1

108.8108.8108.8

Symmetric Asymmetric

57.6723.2 433.9

86.4585.6390.4

172.8172.8172.8



P. Bhagwat 45

Inter piconet communication

Cell phone Cordlessheadset

Cordlessheadset

Cell phone

Cordlessheadset

Cell phone

mouse

P. Bhagwat 46

Scatternet



P. Bhagwat 47

Scatternet, scenario 2

How to schedule presence in two piconets?

Forwarding delay ?

Missed traffic?

P. Bhagwat 48

Baseband: Summary

TDD, frequency hopping physical layerDevice inquiry and pagingTwo types of links SCO and ACL linksMultiple packet types (multiple data rates with and without FEC)

Baseband Baseband

L2CAPL2CAPLMPLMP

Physical

Data link

Device 2Device 1



P. Bhagwat 49

Link Manager Protocol

Setup and management of Baseband connections

• Piconet Management• Link Configuration• Security

LMP

RFBaseband


Data Cont

rolSDP RFCOMM

IP

Applications

P. Bhagwat 50

Piconet Management

Attach and detach slavesMaster-slave switchEstablishing SCO linksHandling of low power modes ( Sniff, Hold, Park)

req

response

Paging

Master

Slavess

m

s



P. Bhagwat 51

Low power mode (hold)

Slave

Hold duration

Hold offset

Master

P. Bhagwat 52

Low power mode (Sniff)

Master

Slave

Sniff period

Sniff offset

Sniff duration

Traffic reduced to periodic sniff slots



P. Bhagwat 53

Low power mode (Park)

Master

Slave

Beacon interval

Beacon instant

Power saving + keep more than 7 slaves in a piconetGive up active member address, yet maintain synchronizationCommunication via broadcast LMP messages

P. Bhagwat 54

Link Configuration

Quality of servicePolling intervalBroadcast repetition

Power controlPacket type negotiationMulti-slot packets

LMP_quality_of_service

LMP_not_Accepted

Paging

Master

Slave



P. Bhagwat 55

Connection establishment & Security

GoalsAuthenticated access

Only accept connections from trusted devices

Privacy of communicationprevent eavesdropping

ConstraintsProcessing and memory limitations

$10 headsets, joysticksCannot rely on PKISimple user experience

LMP_host_conn_req

LMP Accepted

Security procedure

Paging

Master

Slave

LMP_setup_complete

LMP_setup_complete

P. Bhagwat 56

Authentication

Authentication is based on link key (128 bit shared secret between two devices)How can link keys be distributed securely ?

Verifier

Claimant

challenge

response

accepted

Link key Link key



P. Bhagwat 57

Pairing (key distribution)

Pairing is a process of establishing a trusted secret channel between two devices (construction of initialization key Kinit)Kinit is then used to distribute unit keys or combination keys

Random number

Kinit

PIN + Claimant address

Randomnumber

PIN + Claimantaddress

Randomnumber

Verifier Claimant

Kinit

challenge

response

accepted

P. Bhagwat 58

Encryption

Encryption Key ( 8 – 128 bits)Derived from the Link key

Stop encryption

Encrypted traffic

Key size

Encryption mode

Start encryption



P. Bhagwat 59

Link Manager Protocol Summary

Piconet managementLink configuration

Low power modesQoSPacket type selection

Security: authentication and encryption

Baseband Baseband

L2CAPL2CAPLMPLMP

Physical

Data link

Device 2Device 1

P. Bhagwat 60

L2CAP

Logical Link Control andAdaptation Protocol

L2CAP provides• Protocol multiplexing• Segmentation and Re-assembly• Quality of service negotiation

RFBaseband


Data

SDP RFCOMMIP

Applications



P. Bhagwat 61

Bluetooth Service Discovery Protocol

RFBaseband


Data

SDP RFCOMMIP

Applications

P. Bhagwat 62

Serial Port Emulation using RFCOMM

Serial Port emulation on top of a packet oriented link• Similar to HDLC• For supporting legacy apps

RFBaseband


Data

SDP RFCOMMIP

Applications



P. Bhagwat 63

LAN access point profile

SecurityAuthenticationAccess control

Efficiencyheader and data compression

Auto-configurationLower barrier for deployment

Why use PPP?

Access Point

Baseband

L2CAP

RFCOMM

PPP

IP

P. Bhagwat 64

IP over Bluetooth v 1.1: BNEP

• BNEP defines • a frame format which includes IEEE

48 bit MAC addresses• A method for encapsulating BNEP

frames using L2CAP• Option to compress header fields to

conserve space • Control messages to activate filtering of

messages at Access Point

Bluetooth Network Encapsulation Protocol (BNEP) provides emulation of Ethernet over L2CAP

Access Point

Baseband

L2CAP

BNEP

IP



P. Bhagwat 65

802.11 specificationsoverview

P. Bhagwat 66

802.11 Specifications

MAC

Specification of layers below LLCAssociated management/control interfaces

MIB

Cont

rol

Applications

DSSS FH IR OFDMPHY

WEP

LLC

MAC Mgmt



P. Bhagwat 67


PLCP SublayerPHY layer ManagementPMD Sublayer

MAC sublayer

MAC LayerManagement

PHY ServiceInterface

PHY Mgmt ServiceInterface

LLCMAC ServiceInterface

MAC Mgmt ServiceInterface

LLC

MIB

DSSS FH IR OFDMPHY

MACWEP MAC

Mgmt

P. Bhagwat 68


PHY Layer PHY Management

MAC sublayer MAC Management

PHY ServiceInterface (clause 12)

PHY Mgmt ServiceInterface (clause 13)

LLCMAC ServiceInterface (clause 6)

MAC framing (clause 7)MAC operation (clause 9)WEP (clause 8)State Machines (Annex C)

Protocols (clause 11)State Machines (Annex C)MIBs (Annex D)

FH (clause 14)DSSS (clause 15)Infrared (clause 16)OFDM (clause 17)High rate DSSS (clause 18)

MAC Mgmt ServiceInterface (clause 10)

MIBs (Annex D)



P. Bhagwat 69

802.11 System ArchitectureBasic Service Set (BSS): a set of stations which communicate

with one another

Independent Basic Service Set (IBSS)

• only direct communication possible

• no relay function

Infrastructure Basic Service Set (BSS)

• AP provides • connection to wired network• relay function

• stations not allowed to communicate directly

P. Bhagwat 70

Extended Service Set

• ESS and all of its stations appear to be a single MAC layer• AP communicate among themselves to forward traffic • Station mobility within an ESS is invisible to the higher layers

ESS: a set of BSSs interconnected by a distribution system (DS)



P. Bhagwat 71

802.11 PHY

MIB

Cont

rol

Applications

DSSS FH IR OFDMPHY

MACWEP

LLC

MAC Mgmt

P. Bhagwat 72

802.11 PHY

MAC Protcol Data Unit (MPDU)


PLCP header MAC Protcol Data

Unit (MPDU)PLCP header


Sender Receiver

Physical Media Dependent (PMD) layer PMD layer

MACPHY

High rate (DSSS) PHY11, 5.5 Mbps802.11b

Direct Sequence Spread Spectrum (DSSS) PHY1,2 Mbps

Frequency Hopping Spread Spectrum (FHSS) PHY1, 2 Mbps

Infrared (IR) PHY1,2 Mbps

Higher rate (DSSS) PHY20+ Mbps802.11g

2.4 GHz

Orthogonal Frequency Division Multiplexing (OFDM) PHY6,9,12,18,24,36,48,54 Mbps802.11a

5.7 GHz



P. Bhagwat 73

DSSS PHY

Baseband signal is spread using Barker word (10 dB processing gain)Spread signal occupies approximately 22 Mhz bandwidthReceiver recovers the signal by applying the same Barker wordDSSS provides good immunity against narrowband interfererCDMA (multiple access) capability is not possible

MPDUPreamble Header

1 Mbps 1, 2 Mbps

DPSKmodulation

Transmitterbaseband signal

MPDUPreamble Header

1 Mbps 1, 2 Mbps

Received signal after despreading

DPSKde-modulationSpread the signal using Barker word (11 bits)

+1, -1, +1, +1, -1, +1, +1, +1, -1, -1, -1

Transmitted signal after spreading

P. Bhagwat 74

DSSS PHY

Direct sequence spread spectrumEach channel is 22 Mhz wide

Symbol rate1 Mb/s with DBPSK modulatio2 Mbps with DQPSK modulation11, 5.5 Mb/ps with CCK modulation

Max transmit power100 Mw

. . .

22 Mhz

83.5 Mhz

Ch 1 Ch 6 Ch 11



P. Bhagwat 75

802.11 MAC

MIB

Cont

rol

Applications

DSSS FH IR OFDMPHY

MACWEP

LLC

MAC Mgmt

P. Bhagwat 76

802.11 MAC

Carrier sensing (CSMA)Rules:

carrier ==> do not transmitno carrier ==> OK to transmit

But the above rules do not always apply to wireless.Solution: RTS/CTS

Collision detection (CD)Does not work over wirelessTherefore, use collision avoidance (CA)

random backoffpriority ack protocol



P. Bhagwat 77

802.11 MAC protocol: CSMA/CA

Use CSMA with collision AvoidanceBased on carrier sense function in PHY called Clear Channel Assessment (CCA)

Reduce collision probability where mostly neededEfficient backoff algorithm stable at high loadsPossible to implement different fixed priority levels

Busy medium

Defer access

DIFS

contentionwindow

slot timeNext Frame

P. Bhagwat 78

802.11 MAC : Contention window

63127

255

511

1023

CW min

CW max

Initial attemptFirst retransmission

Second retransmissionThird retransmission

Fourth retransmissionFifth retransmission

31

For DSSS PHYSlot time = 20 µs



P. Bhagwat 79

CSMA/CA + ACK protocol

Defer access based on carrier senseDirect access when medium is sensed free longer than DIFSReceiver of directed frames to return an ACK immediately when CRC is correct

When no ACK received then retransmit frame after a random backoff

SIFSSrc

DIFS

ACK

Data

Dest

Next Frame

contentionwindow

Other

DIFS

P. Bhagwat 80

Problems with carrier sensing

Z

W

YX

Exposed terminal problem

Z is transmittingto W

Y will not transmit to Xeven though it cannot interfere

Presence of carrier ===> hold off transmission/



P. Bhagwat 81

Problems with carrier sensing

Y

Z

W

Hidden terminal problem

W finds that medium is freeand it transmits a packet to Z

no carrier ===> OK to transmit/

P. Bhagwat 82

Solving Hidden Node problem with RTS/CTS

Y

ZX

W

RTS CTS

listen RTS ==> transmitter is close to melisten CTS ==> receiver is close to me

- listen RTS- wait long enough

for the requestedstation to respondwith CTS

- if (timeout) thenready to transmit

- listen CTS- wait long enough

for the transmitter to send its data

Note: RTS/CTS does not solve exposed terminal problem. In the example above, X can send RTS, but CTS from the responder will collide with Y’s data.



P. Bhagwat 83

802.11 MAC sublayer Management

MIB

Cont

rol

Applications

DSSS FH IR OFDMPHY

MACWEP

LLC

MAC Mgmt

P. Bhagwat 84

MAC Management: Beacon & ProbesA station can first scan the network and discover the presence of BSS in a given areaScanning

Passivelisten for beacons on each

channelActive

send probe and wait for response on each channel

Beacon and probe response packets contain:

AP timing information, Beacon period, AP capability information, SSID, PHY parameter set,Traffic Indication Map (TIM)

SSID (Service set identifier)identifies an ESS or IBSS

Access Point

Access Point

Access Point

Probe RequestProbe Response

Station



P. Bhagwat 85

UnauthenticatedUnassociated

MAC Mgmt : Authentication & Association

With respect to an access point, a station can be in one of the following three states

Unauthenticated/UnassociatedAuthenticated/UnassociatedAuthenticated/Associated

A station can pre-authenticate with several access points in advance to speedup roamingA station can be associated with only one AP at a given timeAssociation state is used by the distribution system to figure out the current location of the station within the ESS.

StationAccess Point 1

1) Auth exchg

2) Association exchg

3) Data exchg

AP2AP3

AuthenticatedUnassociated

AuthenticatedAssociated

To DS

AP2

P. Bhagwat 86

MAC Mgmt : Power Management

A station which is synchronized with an AP clock can wake up periodically to listen for beaconsBeacon packets contain Traffic Indication Map (TIM), a bit vector, which indicates whether a station has a packet buffered at APThe station sends a PS-Poll message to the AP asking the AP to release buffered packets for the stationAll broadcast and multicast frames are transmitted following beacons with DTIM flag set

Beacon interval

AP

Station

Listen interval

TIM TIM DTIM TIM



P. Bhagwat 87

802.11 Frame Format

802.11 frame has more fields than other media type frames30 bytes frame header appears too long!All fields are not present in all frames

802.11 MAC header (30 bytes)

2 0 - 2312

DurationID

Framecontrol

Addr 1 Addr 2 Addr 3 Seqctrl

Addr 4 CRC

2 6 6 6 2 6 4

Frame body

bytes

P. Bhagwat 88

Frame Control Field

2Frame

control

2ProtVer

Type SubtypeToDS

FromDS

MoreFrag

Order

2 4 1 1 1 1

RetryPwrMgmt

MoreData

1

WEP

1 1 1bitsbytes

01Control

00Mgmt

10Data

11Reserved

Association reqAssociation respRe-association reqRe-association respProbe reqProbe respBeaconAnnouncement Traffic

Indication Request (ATIM)DisassociationAuthenticationDe-authentication

Power save (PS)-pollRequest to Send (RTS)Clear to send (CTS)Acknowledgement (ACK)Contention free (CF)-ENDCF-END + CF-ACK

DataData + CF+ACKData + CF-PollData + CF-ACK + CF-PollNullCF-ACKCF-PollCF-ACK + CF-Poll



P. Bhagwat 89

802.11 Privacy and Authentication

MIB

Cont

rol

Applications

DSSS FH IR OFDMPHY

MACWEP

LLC

MAC Mgmt

P. Bhagwat 90

Wired Equivalent Privacy (WEP)

Design ObjectivesConfidentiality

Prevent others from eavesdropping trafficData Integrity

Prevent others from modifying traffic Access Control

Prevent unauthorized network access

Provide same level of security as a physical wire



P. Bhagwat 91

802.11 security design goalsAuthentication Access Control Accounting

Anonymity Confidentiality Audit trails

User concerns

No red tape No queues No fraud

ScalabilityEfficiencyLow cost

Equipment vendor’s concerns

Prevent masquerading,modification, and unauthorized access

Protect identity theft Accurate usage monitoring

Service Provider’sconcerns

Unfortunately, WEP fails on all three counts

P. Bhagwat 92

WEP design: adding privacy

A secret key is shared between a sender and a receiverUsing the secret key the sender generates a random key streamXOR plain text with the random key streamXOR the cipher text with the same random key stream to recovers the plain textAn eavesdropper cannot compute the plain text by inspecting the cipher text New key streams are refreshed periodically

Use initialization vector (IV) in conjunction with shared keytransmit IV in clear text along with the cipher text

Sender

KRandom

key stream

Plain text ⊕

KRandom

key stream

Plain text⊕Cipher text,

Receiver

IV

IV

IV



P. Bhagwat 93

WEP design: adding data integrity

The problem is that cipher text can be modified without any knowledge of the keyJust flip some bits in the cipher textAfter decrypting the cipher text, receiver will not know that the plain text has

been corruptedSolution:

Computer 32 bit CRC of plain text and append it with plain text before generating the cipher textIf cipher text is modified, CRC check will fail and the frame will be discarded

Sender

K, IVRandom

key stream

Plain text ⊕

K, IVRandom

key stream

Plain text⊕Cipher text, IV

Receiver

ICV ICV

P. Bhagwat 94

WEP design: adding Authentication

SummaryShared secret keys are distributed out of bandAP sends a challenge to the stationStation responds with a WEP encrypted packetAP verifies station’s response

Sender AP

K Kshared key

Distributed out of band

Challenge (Nonce)

Response (Nonce encrypted with secret key)

Decrypted response OK?



P. Bhagwat 95

Where is the problem ?

Two messages should never be encrypted using the same key streamsSuppose P1 and P2 are encrypted using the same key stream

C1 = P1 XOR bC2 = P2 XOR b

Adversary can compute C1 + C2 = P1 + b + P2 + b= P1 + P2

Usually XOR of two plain texts is enough to recover both plain textsMoreover, if one plain text is known other can be computed trivially

P1P2 ⊕ ⊕Cipher text, IV

C1C2

Problem #1: improper use of stream ciphers

key streamb

key streamb

K, IV K, IV

P. Bhagwat 96

Key stream reuse in WEP

Key stream is a function of secret key and initialization vectorIV vector is only 24 bits long; since there are only 16 million combinations, eventually key streams will be recycledSince IV vector is transmitted in clear text, Key stream reuse is easy detect by passive eavesdroppingAn eavesdropper can record all instances of key stream reuse

Require 1K * 16 million = 16 GB spaceWorse yet, most 802.11 cards when reset start counting IV from 0

so, key streams are recycled more frequently

K, IV224 possiblekey streams

b

P1P2 ⊕

K, IVb

⊕Cipher text, IV

C1C2



P. Bhagwat 97

Possible attack: Message decryption

Inject known plain text in the network by e-mail spamming, or pingPassively record encrypted packetsBy computing XOR of known plain text with encrypted packet, it is possible to compute the RC4 key stream that was used to encrypt the known plain textBuild a dictionary of key streams

Map each value to IV to its associated key streamOnce this dictionary is built, any packet can be decrypted

Record the packetInspect the IVPull out the key stream associated with the observed IV from thedictionaryXOR the key stream with the encrypted packet and obtain the plain text

The same dictionary can also be used to inject any message in the network

P. Bhagwat 98

Possible attack: Breaking Authentication

The previous attack relies on finding a known plain text and itsencrypted version to compute the key stream By snooping 802.11 Authentication protocol, this pair can be collected for freeUsing this key stream, an adversary station can respond to any new challenge from the AP !

Station

K Kshared key

Distributed out of band

Challenge (Nonce)

Response (Nonce encrypted with secret key)

Decrypted response OK?

AP



P. Bhagwat 99

More problems

Integrity check value (ICV) is good at detecting random bit errors, not intentional modifications to the packetAn adversary can modify an encrypted packet such that those changes cannot be detected by CRC test at the receiverThis is possible because encryption function (XOR) as well as CRC are both linear operations

(M, c(M)) XOR (R, c(R)) = (M XOR R, c(M XOR R))The modified message after decryption will pass the CRC test !

Problem #2: improper use of CRC

Frame body ICV Frame body ICV

encrypt decrypt

Sender Receiver

If CRC OKthen accept.

P. Bhagwat 100

WEP current statusNote that attacks don’t try to deduce the key. Knowledge of key stream is enough to launch all sorts of attacksPossible Solutions

Long IV’s which never repeat for the lifetime of the shared secretReplace CRC by a strong message authentication code which depends on the key and IV

WEP2 addresses the first problem, but not the otherA recent paper by Fluhrer, Mantin, and Shamir has discovered many inherent weaknesses in RC4 stream cipher. They have shown that RC4 is completely insecure when used used in a way prescribed by WEP, in which a fixed secret key is concatenated with known IV modifiers.802.11i working group is now looking into using AES instead of WEP. AES will fix both problems of WEP

AES is a block cipherAES includes a strong keyed message authentication code

Bill Arbaugh’s web-page (http://www.cs.umd.edu/~waa/wireless.html ) is good source of info on this topic.



P. Bhagwat 101

802.11 current status

MAC

MIB

DSSS FH IRPHY

WEP

LLC

MAC Mgmt

802.11b5,11 Mbps

802.11g20+ Mbps

802.11a6,9,12,18,24

36,48,54 Mbps

OFDM

802.11isecurity

802.11fInter Access Point Protocol

802.11eQoS enhancements

P. Bhagwat 102

Bluetooth Vs. 802.11

RFBaseband

Audio Link Manager

Bluetooth is a (top down) market driven consortiumBusiness interests take precedence over technical considerationsDesigned primarily for voice; data an afterthought

802.11 is a (bottom up) open standard effortGood piece of engineering except for WEPDesigned primarily for data; voice an afterthought

MIB

DSSS FH IR OFDM

PHY

MACWEP MAC

MgmtL2CAP

Data

SDP RFCOMMIP

HCI

Applications Profiles



P. Bhagwat 103

Bluetooth Vs. 802.11: Radio issuesRadio is typically the most costly component in a wireless network

interfaceBluetooth radio is (will be) inexpensive because

It is a frequency hopper (which is relatively easy to build)Its sensitivity is poorIt uses very simple modulation technique (GFSK) (requires less silicon)It is possible to package both baseband and radio in a single chipPotentially market for Bluetooth radios is (will be?) large if every mobile phone vendors decide to embed Bluetooth in their products

802.11 DSSS radios are costly today, butif market for 802.11 continues to grow, their price may become competitive to BluetoothDSSS radios are superior to Bluetooth in terms of range, speed, BER performanceDue to better range, it may be cheaper to cover an area with 802.11802.11 can be operated at 0 dBm to reduce power consumption

P. Bhagwat 104

802.11 Market drivers: Business Users

Inside office

Traveling

Trend #2: Growth of Wireless LAN access in hotels, airports, etc.

Trend #1: Need for wireless access inside office building

Trend #3: Replacement of wired phones with VOIP over wireless phones

X

Trend #4: dual mode phones



P. Bhagwat 105

Bluetooth Value chain

Radio

Silicon

Stackproviders

SoftwarevendorsIntegrators

WirelessCarriers

Conspicuously

missing

P. Bhagwat 106

Bluetooth Vs. 802.11: Market issues

TCP/IPStill looking for a killer app.Applications

802.11 is a more mature technology

The biggest problem of Bluetooth at present

Interoperability

Will reduce in the futureLower due to low power transmitter and tight integration

Power consumption

Multi chip solutionSmaller due to single chip integration

Form factor

It is unlikely that 802.11 will penetrate the cosumerelectronic device market in the near future

Potentially huge if every consumer electronic device is Bluetooth enabled

Market size

Technology advances and market growth can reduce cost, even if tight single integration is not achieved in the near term

Potential for low cost implementation exists but the market size will eventually determine the price point

Cost

802.11Bluetooth



P. Bhagwat 107

Concluding remarksWill Bluetooth survive?

Bluetooth is ideal for cable replacementInitial applications of Bluetooth will exploit its point-to-point or point-to-multipoint connectivity featureAttempts to turn it into a LAN technology will face a tough competition from 802.11Scatternet is still a difficult technical problemHigher chance of success in Europe and Asia

802.11Will continue to grow in

Public spaces, home, industry vertical, and enterprise market802.11 will provide a viable alternative to 3G in public places

P. Bhagwat 108

Thank you

bluetooth - monash university

Documents