MO DU L E 4

PREPARED BY:
MS. PRITI RUMAO
CONTENT

• Wireless local area networks : introduction, infrastructure and ad-hoc network

• IEEE 802.11:system architecture , protocol architecture , physical layer, medium access control layer, MAC
management, 802.11a, 802.11b

• Wi-fi security : WEP ,WPA, wireless LAN threats , securing wireless networks
• Hiperlan 1 & hiperlan 2
• Bluetooth: introduction, user scenario, architecture, protocol stack
WIRELESS LOCAL AREA NETWORKS
WIRELESS LOCAL AREA NETWORKS
• A wireless local-area network (WLAN) is a group of co-located computers or other devices that form a network based on
radio transmissions rather than wired connections.

• Like broadcast media, a WLAN transmits information over radio waves. Data is sent in packets. The packets contain layers
with labels and instructions that, along with the unique MAC (media access control) addresses assigned to endpoints,
enable routing to intended locations.

• The IEEE 802.11 group of standards defines the technologies for wireless LANs. For path sharing, 802.11 standard uses
the ethernet protocol and CSMA/CA (carrier sense multiple access with collision avoidance). It also uses an encryption
method i.e. Wired equivalent privacy algorithm.

• Wireless LANs provide high speed data communication in small areas such as building or an office. WLANs allow users to
move around in a confined area while they are still connected to the network.
CONT
• Components of wlans
• The components of WLAN architecture as laid down in IEEE 802.11 are −
• Stations (STA) − stations comprises of all devices and equipment that are connected to the wireless LAN. Each station has
a wireless network interface controller. A station can be of two types −
• Wireless access point (WAP or AP)
• Client

• Basic service set (BSS) − A basic service set is a group of stations communicating at the physical layer level. BSS can be of
two categories −
• Infrastructure BSS
• Independent BSS

• Extended service set (ESS) − it is a set of all connected BSS.

• Distribution system (ds) − it connects access points in ess.
CONT
Advantages of wlans:

• Flexibility: within radio coverage, nodes can communicate without further restriction. Radio waves can penetrate walls, senders
and receivers can be placed anywhere (also non-visible, e.G., Within devices, in walls etc.).

• Planning: only wireless ad-hoc networks allow for communication without previous planning, any wired network needs wiring
plans.

• Design: wireless networks allow for the design of independent, small devices which can for example be put into a pocket.
Cables not only restrict users but also designers of small notepads, pdas, etc.

• Robustness: wireless networks can handle disasters, e.G., Earthquakes, flood etc. Whereas, networks requiring a wired
infrastructure will usually break down completely in disasters.

• Cost: the cost of installing and maintaining a wireless lan is on average lower than the cost of installing and maintaining a
traditional wired lan, for two reasons. First, after providing wireless access to the wireless network via an access point for the
first user, adding additional users to a network will not increase the cost. And second, wireless LAN eliminates the direct costs
of cabling and the labor associated with installing and repairing it.

• Ease of use: wireless lan is easy to use and the users need very little new information to take advantage of wlans
CONT
Disadvantages of wlans:

• Quality of services: quality of wireless LAN is typically lower than wired networks. The main reason for this is the lower bandwidth due to
limitations is radio transmission, higher error rates due to interference and higher delay/delay variation due to extensive error correction and
detection mechanisms.

• Proprietary solutions: due to slow standardization procedures, many companies have come up with proprietary solutions offering
standardization functionality plus many enhanced features. Most components today adhere to the basic standards IEEE 802.11a or 802.11b.

• Restrictions: several govt. And non-govt. Institutions world-wide regulate the operation and restrict frequencies to minimize interference.

• Global operation: wireless lan products are sold in all countries so, national and international frequency regulations have to be considered.

• Low power: devices communicating via a wireless lan are typically power consuming, also wireless devices running on battery power.
Whereas the LAN design should take this into account and implement special power saving modes and power management functions.

• License free operation: lan operators don't want to apply for a special license to be able to use the product. The equipment must operate in
a license free band, such as the 2.4 ghz ISM band.

• Robust transmission technology: if wireless lan uses radio transmission, many other electrical devices can interfere with them (such as
vacuum cleaner, train engines, hair dryers, etc.).Wireless lan transceivers cannot be adjusted for perfect transmission is a standard office or
production environment.
ARCHITECTURE OF WLAN

Components of architecture:

• Stations
• Access points
• Basic service set(BSS)
• Extended service set(ESS)
• Distributed system
CONT…
Stations:

• All components that can connect into a wireless medium in a network are referred to as stations.
• Wireless stations can be mobile devices such as laptops, personal digital assistants, ip phones and other smartphones, or non-
portable devices such as desktop computers, printers, and workstations that are equipped with a wireless network interface.
Access points:

• Access points (aps), normally wireless routers, are base stations for the wireless network.
• Aps transmit and receive radio frequencies for wireless enabled devices to communicate with.
• It uses as central device in wlan architecture.
CONT…
Extended service set :

• An extended service set (ESS) is a set of connected bsss that communicate with each other.
• Access points in an ess are connected by a distribution system.
• Each ess has an id called the ssid which is a 32-byte (maximum) character string.
Basic service set:

• Basic service set(BSS) is the building block of wlan.

• BSS is a set of all stations that can communicate with each other at physical layer.
• Every BSS has an identification (id) called the BSSID, which is the mac address of the access point servicing the BSS.
• In BSS ,there wireless stations could be mobile or stationary .
• There are two types of BSS architecture in wlan:
• Adhoc network architecture
• Infrastructure network architecture
ADHOC NETWORK ARCHITECTURE

• There is no access point in WLAN architecture, then it will be

adhoc architecture.

• It have stand alone network.

• It cannot send the data to other bss.
• In adhoc architecture, stations can locate the another stations
in same bss but can communicate only if they have agreement
between them.

• It is peer to peer network topology.

• It supports direct communication within a limited range. Fig: Adhoc Network Architecture
INFRASTRUCTURE NETWORK ARCHITECTURE

• It have access point with basic service set.

• In infrastructure mode, a base station acts as a wireless access point hub, and nodes communicate through
the hub.

• It is star topology.
• In this architecture, signal come first to central device then passes to all stations.
• Wireless access points are usually fixed, and provide service to their client nodes within range.
CONT…

Fig: Infrastructure Network Architecture for WLAN

APPLICATIONS OF WLAN
Corporate

• Mobile networking for e-mail, file sharing, and web browsing.

Education

• Connectivity to the university network for collaborative class activities.

• Ability to access research sources without requiring a hard point.
Finance

• Traders can receive up-to-the-second pricing information.

• Facilitates electronic payments for goods and services.
• Improve the speed and quality of trades.
Healthcare

• Emergency medical information readily available.

• Access to schedule information.
IEEE 802.11
INTRODUCTION

• The IEEE standard 802.11 (IEEE, 1999) specifies the most famous family of WLANs in which many products
are available.

• The primary goal of the standard was the specification of a simple and robust WLAN which offers time-
bounded and asynchronous services.
SYSTEM ARCHITECTURE
ADHOC Network

• In addition to infrastructure-based networks, IEEE 802.11

allows the building of ad-hoc networks between stations,
thus forming one or more independent bsss (IBSS) as shown
in figure.
• Station (STA):
• Terminal with access mechanisms to the wireless
medium
• Independent basic service set (IBSS):
• Group of stations using the same radio frequency
Fig: Adhoc Network Architecture
CONT…

Infrastructure Network Architecture

• Station (STA): terminal with access mechanisms to the

wireless medium and radio contact to the access point

• Basic service set (BSS): group of stations using the same

radio frequency

• Access point: station integrated into the wireless LAN

and the distribution system portal, bridge to other
(wired) networks

• Distribution system: interconnection network to form

one logical network (EES: extended service set) based on
several BSS Fig: Infrastructure Network Architecture
of IEEE 802.11
PROTOCOL ARCHITECTURE

Fig2: Detailed IEEE 802.1 Protocol

architecture

Fig1: IEEE 802.11 Protocol Architecture

CONT…

• IEEE 802.11 fits seamlessly into the other 802.X standards for wired LANs.
• Previous fig1 shows the most common scenario: an IEEE 802.11 wireless LAN connected to a switched IEEE
802.3 ethernet via a bridge.

• Applications should not notice any difference apart from the lower bandwidth and perhaps higher access
time from the wireless LAN. The WLAN behaves like a slow wired LAN.

• Consequently, the higher layers (application, TCP, IP) look the same for wireless nodes as for wired nodes.
• The upper part of the data link control layer, the logical link control (LLC), covers the differences of the
medium access control layers needed for the different media.

• The IEEE 802.11 standard only covers the physical layer PHY and medium access layer MAC like the other
802.X LANs do.
CONT…
• The physical layer is subdivided into the physical layer convergence protocol (PLCP) and the physical medium dependent
sublayer (PMD) as shown in fig2.

• The basic tasks of the mac layer comprise medium access, fragmentation of user data, and encryption.
• PLCP sublayer provides a carrier sense signal, called clear channel assessment (CCA), and provides a common PHY service
access point (SAP) independent of the transmission technology.

• The PMD sublayer handles modulation and encoding/decoding of signals.

• Apart from the protocol sublayers, the standard specifies management layers and the station management.
• The mac management supports the association and re-association of a station to an access point and roaming between
different access points.

• It also controls authentication mechanisms, encryption, synchronization of a station with regard to an access point, and
power management to save battery power. MAC management also maintains the MAC management information base (MIB).

• The main tasks of the PHY management include channel tuning and phy mib maintenance.
• Station management interacts with both management layers and is responsible for additional higher layer functions.
PHYSICAL LAYER

• IEEE 802.11 supports three different physical layers: one layer based on infra red and two layers based on radio
transmission (primarily in the ISM band at 2.4 GHz, which is available worldwide).

• All PHY variants include the provision of the clear channel assessment signal (CCA). This is needed for the MAC
mechanisms controlling medium access and indicates if the medium is currently idle.

• The transmission technology determines exactly how this signal is obtained.

• The PHY layer offers a service access point (SAP) with 1 or 2 mbit/s transfer rate to the mac layer (basic version of the
standard).

• The three versions of a PHY layer defined are:

• Frequency hopping spread spectrum (FHSS)
• Direct sequence spread spectrum (DSSS)
• Infra red
CONT…
Frequency hopping spread spectrum (FHSS):
• Frequency hopping spread spectrum (FHSS) is a spread spectrum technique which allows for the coexistence of multiple
networks in the same area by separating different networks using different hopping sequences.

• The selection of a particular channel is achieved by using a pseudo-random hopping pattern.

• This standard specifies gaussian shaped FSK (frequency shift keying), GFSK, as modulation for the FHSS PHY. For 1 mbit/s a 2
level GFSK is used (i.E., 1 bit is mapped to one frequency), a 4 level GFSK for 2 mbit/s (i.E., 2 bits are mapped to one
frequency). While sending and receiving at 1 mbit/s is mandatory for all devices, operation at 2 mbit/s is optional.

• This facilitated the production of low-cost devices for the lower rate only and more powerful devices for both transmission rates
in the early days of 802.11.

Fig: IEEE 802.11 PHY frame using FHSS

CONT…
• Figure above shows a frame of the physical layer used with FHSS.
• The frame consists of two basic parts, the PLCP part (preamble and header) and the payload part. While the PLCP part is always
transmitted at 1 mbit/s, payload, i.E. MAC data, can use 1 or 2 mbit/s.

• Additionally, MAC data is scrambled using the polynomial s(z) = z7 + z4 + 1 for dc blocking and whitening of the spectrum.
• The fields of the frame, fulfill the following functions:
• Synchronization: the PLCP preamble starts with 80 bit synchronization, which is a 010101... Bit pattern. This pattern is used for
synchronization of potential receivers and signal detection by the CCA.

• Start frame delimiter (SDF): the following 16 bits indicate the start of the frame and provide frame synchronization.
• PLCP_PDU length word (PLW): this first field of the PLCP header indicates the length of the payload in bytes including the 32 bit CRC at
the end of the payload. PLW can range between 0 and 4,095.

• PLCP signalling field (PSF): this 4 bit field indicates the data rate of the payload following. All bits set to zero (0000) indicates the
lowest data rate of 1 mbit/s.

• Header error check (hec): finally, the plcp header is protected by a 16 bit checksum with the standard itu-t generator polynomial
g(x) = x16 + x12 + x5 + 1.
CONT…
Direct sequence spread spectrum (DSSS):

• Directsequence spread spectrum (DSSS) is the alternative spread spectrum method separating by code and not by
frequency.

• In the case of ieee 802.11 DSSS, spreading is achieved using the 11-chip barker sequence (+1, –1, +1, +1, –1, +1, +1, +1, –1, –
1, –1).

• The key characteristics of this method are its robustness against interference and its insensitivity to multipath propagation.
However, the implementation is more complex compared to FHSS.

• Ieee 802.11 DSSS PHY also uses the 2.4 ghz ISM band and offers both 1 and 2 mbit/s data rates. The system uses differential
binary phase shift keying (DBPSK) for 1 mbit/s transmission and differential quadrature phase shift keying (DQPSK) for 2
mbit/s as modulation schemes.

Fig: IEEE 802.11 PHY frame using DSSS

CONT…

• Figure above shows a frame of the physical layer using DSSS. The frame consists of two basic parts, the PLCP part (preamble and
header) and the payload part. While the PLCP part is always transmitted at 1 mbit/s, payload, i.E., MAC data, can use 1 or 2 mbit/s.

• The fields of the frame have the following functions:

• Synchronization: the first 128 bits are not only used for synchronization, but also gain setting, energy detection (for the CCA), and
frequency offset compensation. The synchronization field only consists of scrambled 1 bits.

• Start frame delimiter (SFD): this 16 bit field is used for synchronization at the beginning of a frame and consists of the pattern
1111001110100000.

• Signal: originally, only two values have been defined for this field to indicate the data rate of the payload. The value 0x0a indicates 1
mbit/s (and thus DBPSK), 0x14 indicates 2 mbit/s (and thus DQPSK). Other values have been reserved for future use.

• Service: this field is reserved for future use; however, 0x00 indicates an IEEE 802.11 compliant frame.
• Length: 16 bits are used in this case for length indication of the payload in microseconds.
• Header error check (HEC): signal, service, and length fields are protected by this checksum using the itu-t crc-16 standard
polynomial.
CONT…

Infra red:

• The PHY layer, which is based on infra red (IR) transmission, uses near visible light at 850–950 nm.
• Infra red light is not regulated apart from safety restrictions (using lasers instead of LEDs).
• The standard does not require a line-of-sight between sender and receiver, but should also work with diffuse
light.

• This allows for point-to-multipoint communication. The maximum range is about 10 m if no sunlight or heat
sources interfere with the transmission.

• Typically, such a network will only work in buildings, e.G., Classrooms, meeting rooms etc.
• Frequency reuse is very simple – a wall is more than enough to shield one IR based IEEE 802.11 network
from another.
MEDIUM ACCESS CONTROL LAYER
• MAC layer has to control medium access, but it can also offer support for roaming, authentication, and power
conservation.

• The basic services provided by the mac layer are the mandatory asynchronous data service and an optional time-
bounded service.

• While 802.11 only offers the asynchronous service in ad-hoc network mode, both service types can be offered using an
infrastructure-based network together with the access point coordinating medium access.

• The asynchronous service supports broadcast and multi-cast packets, and packet exchange is based on a ‘best effort’
model, i.e., No delay bounds can be given for transmission.

• The following three basic access mechanisms have been defined for IEEE 802.11: the mandatory basic method based on a
version of CSMA/CA, an optional method avoiding the hidden terminal problem, and finally a contention-free polling
method for time-bounded service.

• The first two methods are also summarized as distributed coordination function (DCF), the third method is called point
coordination function (PCF).
CONT…
• DCF only offers asynchronous service, while PCF offers both asynchronous and time-bounded service but needs an access
point to control medium access and to avoid contention.

• The mac mechanisms are also called distributed foundation wireless medium access control (DFWMAC).
• For all access methods, several parameters for controlling the waiting time before medium access are important.
• Figure below shows the three different parameters that define the priorities of medium access. The values of the
parameters depend on the PHY and are defined in relation to a slot time.

• Slot time is derived from the medium propagation delay, transmitter delay, and other phy dependent parameters. Slot
time is 50 μs for FHSS and 20 μs for DSSS.

Fig: Medium access

and Inter-frame
spacing
CONT…
• Short inter-frame spacing (SIFS): The shortest waiting time for medium access (so the highest priority) is
defined for short control messages, such as acknowledgements of data packets or polling responses. For DSSS
SIFS is 10 μs and for FHSS it is 28 μs.

• PCF inter-frame spacing (PIFS): A waiting time between DIFS and SIFS (and thus a medium priority) is used for
a time-bounded service. An access point polling other nodes only has to wait PIFS for medium access. PIFS is
defined as SIFS plus one slot time.

• DCF inter-frame spacing (DIFS): This parameter denotes the longest waiting time and has the lowest priority
for medium access. This waiting time is used for asynchronous data service within a contention period. DIFS is
defined as SIFS plus two slot times.

• Medium access control mechanism methods:

• Basic DFWMAC-DCF using CSMA/CA
• DFWMAC-DCF with RTS/CTS extension
• DFWMAC-PCF with polling
CONT…
Basic DFWMAC-DCF using CSMA/CA:

• This is mandatory access mechanism of IEEE 802.11, is based on carrier sense multiple access with collision avoidance
(CSMA/CA), which is a random access scheme with carrier sense and collision avoidance through random backoff.

• The basic CSMA/CA mechanism is shown in figure below. If the medium is idle for at least the duration of DIFS, a node can
access the medium at once.

• This allows for short access delay under light load. But as more and more nodes try to access the medium, additional
mechanisms are needed.

• If the medium is busy, nodes have to wait for the duration of DIFS, entering a contention phase afterwards. Each node now
chooses a random backoff time within a contention window and delays medium access for this random amount of time.

• The node continues to sense the medium. As soon as a node senses the channel is busy, it has lost this cycle and has to wait for
the next chance, i.e., until the medium is idle again for at least DIFS.

• But if the randomized additional waiting time for a node is over and the medium is still idle, the node can access the medium
immediately.
CONT…
DFWMAC-DCF with RTS/CTS extension:

• To deal with hidden terminal problem, the standard defines an additional mechanism using two control packets, RTS and CTS.
The use of the mechanism is optional; however, every 802.11 node has to implement the functions to react properly upon
reception of RTS/CTS control packets.

• After waiting for DIFS, the sender can issue a request to send (RTS) control packet. The RTS packet thus is not given any higher
priority compared to other data packets. The RTS packet includes the receiver of the data transmission to come and the duration
of the whole data transmission.

• This duration specifies the time interval necessary to transmit the whole data frame and the acknowledgement related to it.
Every node receiving this RTS now has to set its net allocation vector (NAV) in accordance with the duration field.

• The nav then specifies the earliest point at which the station can try to access the medium again.

• If the receiver of the data transmission receives the RTS, it answers with a clear to send (CTS) message after waiting for SIFS.
This CTS packet contains the duration field again and all stations receiving this packet from the receiver of the intended data
transmission have to adjust their NAV. The latter set of receivers need not be the same as the first set receiving the RTS packet.

• Now all nodes within receiving distance around sender and receiver are informed that they have to wait more time before
accessing the medium.
CONT…
DFWMAC-PCF with polling:
• The two access mechanisms presented so far cannot guarantee a maximum access delay or minimum transmission bandwidth. To
provide a time-bounded service, this standard specifies a point coordination function (PCF) on top of the standard DCF mechanisms.

• The point coordinator in the access point splits the access time into super frame periods. A super frame comprises a contention-free
period and a contention period.

• When medium is idle, the point coordinator has to wait for PIFS before accessing the medium. As PIFS is smaller than DIFS, no other
station can start sending earlier.

• The point coordinator now sends data downstream to the first wireless station. This station can answer at once after SIFS. After
waiting for SIFS again, the point coordinator can poll the second station by sending next data.

• This station may answer upstream to the coordinator with data.

• Polling continues with the third node. This time the node has nothing to answer and the point coordinator will not receive a packet
after SIFS.

• After waiting for PIFS, the coordinator can resume polling the stations. Finally, the point coordinator can issue an end marker
(CFend), indicating that the contention period may start again.
CONT…
MAC frames:
• Figure below shows the basic structure of an IEEE 802.11 MAC data frame together with the content of the frame control
field. The fields in the figure refer to the following:

• Frame control: The first 2 bytes serve several purposes. They contain several sub-fields as explained after the MAC frame.
• Duration/ID: If the field value is less than 32,768, the duration field contains the value indicating the period of time in
which the medium is occupied (in μs). This field is used for setting the NAV.

• Address 1 to 4: The four address fields contain standard IEEE 802 MAC addresses (48 bit each), as they are known from
other 802.x LANs.

• Sequence control: due to the acknowledgement mechanism frames may be duplicated. Therefore a sequence number is
used to filter duplicates.

• Data: the mac frame may contain arbitrary data (max. 2,312 byte), which is transferred transparently from a sender to the
receiver(s).
Fig: IEEE 802.11 MAC packet
structure
CONT…

• Checksum (CRC): finally, a 32 bit checksum is used to protect the frame as it is common practice in all 802.X networks.
• Protocol version: This 2 bit field indicates the current protocol version and is fixed to 0 by now.
• Type: The type field determines the function of a frame: management (=00), control (=01), or data (=10).
• Subtype: example subtypes for management frames are: 0000 for association request, 1000 for beacon.
• More fragments: This field is set to 1 in all data or management frames that have another fragment of the current
MSDU to follow.

• Retry: If the current frame is a retransmission of an earlier frame, this bit is set to 1.
• Power management: This field indicates the mode of a station after successful transmission of a frame. Set to 1 the
field indicates that the station goes into power-save mode.

• More data: This field is used to indicate a receiver that a sender has more data to send than the current frame.
• Wired equivalent privacy (WEP): This field indicates that the standard security mechanism of 802.11 is applied.
• Order: If this bit is set to 1 the received frames must be processed in strict order.
MAC MANAGEMENT
• MAC management plays a central role in an IEEE 802.11 station as it more or less controls all functions related to system
integration, i.e., Integration of a wireless station into a BSS, formation of an ESS, synchronization of stations etc.

• The following functional groups have been identified and will be discussed in more detail in the following sections:
• Synchronization: functions to support finding a wireless LAN, synchronization of internal clocks, generation of beacon
signals.

• Power management: functions to control transmitter activity for power conservation, eg., Periodic sleep, buffering,
without missing a frame.

• Roaming: functions for joining a network (association), changing access points, scanning for access points.
• Management information base (MIB): all parameters representing the current state of a wireless station and an access
point are stored within a MIB for internal and external access. A MIB can be accessed via standardized protocols such as
the simple network management protocol (SNMP).
CONT…
Synchronization:
• Each node of an 802.11 network maintains an internal clock. To synchronize the clocks of all nodes, IEEE 802.11 specifies a timing
synchronization function (TSF).

• Synchronized clocks are needed for power management, but also for coordination of the PCF and for synchronization of the hopping
sequence in an FHSS system.

• Using PCF, the local timer of a node can predict the start of a super frame, i.e., The contention free and contention period. FHSS
physical layers need the same hopping sequences so that all nodes can communicate within a BSS.

• Within a BSS, timing is conveyed by the periodic transmissions of a beacon frame. A beacon contains a timestamp and other
management information used for power management and roaming. The timestamp is used by a node to adjust its local clock.

• Within infrastructure-based networks, the access point performs synchronization by transmitting the (quasi)periodic beacon signal,
whereas all other wireless nodes adjust their local timer to the time stamp. This represents the simple case shown in figure below:
Fig: Beacon transmission
in a busy 802.11
Infrastructure network
CONT…
• The access point is not always able to send its beacon B periodically if the medium is busy. However, the access point always tries to
schedule transmissions according to the expected beacon interval (target beacon transmission time), i.e., Beacon intervals are not
shifted if one beacon is delayed.

• The timestamp of a beacon always reflects the real transmit time, not the scheduled time.
• For ad-hoc networks, the situation is slightly more complicated as they do not have an access point for beacon transmission.
• In this case, each node maintains its own synchronization timer and starts the transmission of a beacon frame after the beacon
interval.

• Figure below shows an example where multiple stations try to send their beacon.
• However, the standard random backoff algorithm is also applied to the beacon frames so only one beacon wins. All other stations
now adjust their internal clocks according to the received beacon and suppress their beacons for this cycle.

• If collision occurs, the beacon is lost. In this scenario, the beacon intervals can be shifted slightly because all clocks may vary as may
the start of a beacon interval from a node’s point of view.

Fig: Beacon transmission in a busy

802.11 ad-hoc network
CONT…
Power management:
• Wireless devices are battery powered. Therefore, power-saving mechanisms are crucial for the commercial success of such
devices.

• The basic idea of IEEE 802.11 power management is to switch off the transceiver whenever it is not needed.

• For the sending device this is simple to achieve as the transfer is triggered by the device itself. However, since the power
management of a receiver cannot know in advance when the transceiver has to be active for a specific packet, it has to ‘wake
up’ the transceiver periodically.

• The basic idea of power saving includes two states for a station: sleep and awake, and buffering of data in senders.

• If a sender intends to communicate with a power-saving station it has to buffer data if the station is asleep.

• The sleeping station on the other hand has to wake up periodically and stay awake for a certain time. During this time, all
senders can announce the destinations of their buffered data frames.

• If a station detects that it is a destination of a buffered packet it has to stay awake until the transmission takes place. Waking up
at the right moment requires the timing synchronization function (TSF).
CONT…
• Power management for infrastructure-based network:
• Power management in infrastructure-based networks is much simpler compared to ad-hoc networks. The access point buffers all frames
destined for stations operating in power-save mode.

• With every beacon sent by the access point, a traffic indication map (TIM) is transmitted. The TIM contains a list of stations for which
unicast data frames are buffered in the access point.

• The TSF assures that the sleeping stations will wake up periodically and listen to the beacon and TIM. If the TIM indicates a unicast frame
buffered for the station, the station stays awake for transmission. For multi-cast/broadcast transmission, stations will always stay awake.

• Additionally, the access point maintains a delivery traffic indication map (DTIM) interval for sending broadcast/multicast frames. The
DTIM interval is always a multiple of the TIM interval.

• Power management for ad-hoc network:

• For ad-hoc networks, there is no access point to buffer data in one location but each station needs the ability to buffer data if it wants to
communicate with a power-saving station.

• All stations now announce a list of buffered frames during a period when they are all awake. Destinations are announced using ad-hoc
traffic indication map (ATIMs) – the announcement period is called the ATIM window.
CONT…

Roaming:
• If a user walks around with a wireless station, the station has to move from one access point to another to provide
uninterrupted service. Moving between access points is called roaming.

• The term “handover” or “handoff” as used in the context of mobile or cellular phone systems would be more appropriate as it
is simply a change of the active cell. However, for WLANs roaming is more common.

• The steps for roaming between access points are:

1. A station decides that the current link quality to its access point AP1 is too poor. The station then starts scanning for another
access point.
2. Scanning involves the active search for another BSS and can also be used for setting up a new BSS in case of ad-hoc networks.
IEEE 802.11 specifies 2 scanning techniques, Passive scanning & Active scanning. Passive scanning simply means listening into
the medium to find other networks and Active scanning comprises sending a probe on each channel and waiting for a response.
3. The station then selects the best access point for roaming based on, e.g., signal strength, and sends an association request to
the selected access point AP2.
CONT…
4. The new access point AP2 answers with an association response. If the response is successful, the station has
roamed to the new access point AP2. Otherwise, the station has to continue scanning for new access points.
5. The access point accepting an association request indicates the new station in its BSS to the distribution system
(DS). The DS then updates its database, which contains the current location of the wireless stations. This database
is needed for forwarding frames between different BSSs, i.e. between the different access points controlling the
BSSs, which combine to form an ESS. Additionally, the DS can inform the old access point AP1 that the station is
no longer within its BSS.
802.11B

• 802.11b defines a new PHY layer. All the MAC schemes, management procedures etc. are used as previously designed.
• Depending on the current interference and the distance between sender and receiver 802.11b systems offer 11, 5.5, 2, or 1 Mbit/s.
• Maximum user data rate is approximately 6 Mbit/s. The lower data rates 1 and 2 Mbit/s use the 11-chip Barker sequence and
DBPSK or DQPSK, respectively.

• The new data rates, 5.5 and 11 Mbit/s, use 8-chip complementary code keying (CCK).
• This standard defines several packet formats for the physical layer. The mandatory format interoperates with the original versions of
802.11.

Fig: IEEE 802.11b PHY packet

formats
CONT…

• Two packet formats standardized for 802.11b. The mandatory format is called long PLCP PPDU. In this signal
field this is encoded in multiples of 100 kbit/s. Thus, 0x0A represents 1 Mbit/s, 0x14 is used for 2 Mbit/s,
0x37 for 5.5 Mbit/s and 0x6E for 11 Mbit/s.

• The preamble and the header are transmitted at 1 Mbit/s using DBPSK.
• The short PLCP PPDU synchronization field consists of 56 scrambled zeros instead of scrambled ones. The
short start frame delimiter SFD consists of a mirrored bit pattern compared to the SFD of the long format:
0000 0101 1100 1111 is used for the short PLCP PDU instead of 1111 0011 1010 0000 for the long PLCP
PPDU.

• Receivers that are unable to receive the short format will not detect the start of a frame. Only the preamble
is transmitted at 1 Mbit/s using DBPSK. The following header is transmitted at 2 Mbit/s usingDQPSK.
CONT…
• Figure below shows the non-overlapping usage of channels for an IEEE 802.11b installation with minimal interference in the
US/Canada and Europe.

• The spacing between the center frequencies should be at least 25 mhz. This results in the channels 1, 6, and 11 for the
US/Canada or 1, 7, 13 for Europe, respectively.

• It may be the case that, e.g., Travelers from the US cannot use the additional channels (12 and 13) in Europe as their hardware is
limited to 11 channels. Some European installations use channel 13 to minimize interference.

• Users can install overlapping cells for WLANs using the three non-overlapping channels to provide seamless coverage.

Fig: IEEE 802.11b non-

overlapping channel selection
802.11A
• IEEE 802.11a offers up to 54 Mbit/s using OFDM. The first products were available in 2001.
• The FCC (US) regulations offer three different 100 MHz domains for the use of 802.11a, each with a different legal
maximum power output: 5.15–5.25 GHz/50 mW, 5.25–5.35 GHz/250 mW, and 5.725–5.825 GHz/1 W.

• ETSI (Europe) defines different frequency bands for Europe: 5.15–5.35 GHz and 5.47–5.725 GHz and requires two
additional mechanisms for operation: dynamic frequency selection (DFS) and transmit power control (TPC).

• The physical layer of IEEE 802.11a and the ETSI standard HiperLAN2 has been jointly developed, so both physical
layers are almost identical. IEEE 802.11a uses the same MAC layer as normal 802.11.

• To be able to offer data rates up to 54 Mbit/s IEEE 802.11a uses many different technologies. The system uses 52
subcarriers (48 data + 4 pilot) that are modulated using BPSK, QPSK, 16-QAM, or 64-QAM. To mitigate transmission
errors, FEC is applied using coding rates of 1/2, 2/3, or 3/4.

• To offer a data rate of 12 Mbit/s, 96 bits are coded into one OFDM symbol. These 96 bits are distributed over 48
subcarriers and 2 bits are modulated per sub-carrier using QPSK.
CONT…
• Figure below shows the channel layout for the US U-NII bands. The center frequency of a channel is 5000 + 5*channel number
[MHz].

• This definition provides a unique numbering of channels with 5 MHz spacing starting from 5 GHz. Depending on national
regulations, different sets of channels may be used.

• Eight channels have been defined for the lower two bands in the U-NII (36, 40, 44, 48, 52, 56, 60, and 64); four more are available
in the high band (149, 153, 157, and 161). Using these channels allows for interference-free operation of overlapping 802.11a
cells.

• Channel spacing is 20 MHz, the occupied bandwidth of 802.11a is 16.6 MHz.

Fig: Operating channels of IEEE

802.11a in the U-NII bands
WIFI SECURITY
WEP (WIRED EQUIVALENT PRIVACY)

• Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard,
802.11b.

• That standard is designed to provide a wireless local area network (WLAN) with a level of security and privacy
comparable to what is usually expected of a wired LAN.

• The WEP protocol was introduced in 1997 but was plagued by several security issues. Standards bodies
began discouraging its use in the early 2000s, as more effective standards were introduced.

• WEP attempted to limit access to wireless network data in the same way wired local area networks (LANs)
protect data. Users with physical access to the network access points are the only ones with access to wired
networks. Wireless networks like Wi-Fi depend on encryption protocols like WEP to prevent unauthorized
access to network data.
CONT…
Working of WEP:
• The Wired Equivalent Privacy protocol adds security similar to a wired network's physical security by encrypting data transmitted over the WLAN. Data
encryption protects the vulnerable wireless link between clients and access points.

• After WEP secures wireless data transmissions, other LAN security mechanisms can ensure privacy and data confidentiality. These include password
protection, end-to-end encryption, virtual private networks and authentication.

• The basic network security services this protocol provides for wireless networks include the following:
• Privacy: WEP initially used a 64-bit key with the RC4 stream encryption algorithm to encrypt data transmitted wirelessly. Later versions of the protocol added
support for 128-bit keys and 256-bit keys for improved security. WEP uses a 24-bit initialization vector, which resulted in effective key lengths of 40, 104 and
232 bits.

• Data integrity: WEP uses the CRC-32 checksum algorithm to check that transmitted data is unchanged at its destination. The sender uses the CRC-32 cyclic
redundancy check to generate a 32-bit hash value from a sequence of data. The recipient uses the same check on receipt. If the two values differ, the
recipient can request a retransmission.

• Authentication: WEP authenticates clients when they first connect to the wireless network access point. It enables authentication of wireless clients with
these two mechanisms:
• Open System Authentication: With OSA, Wi-Fi-connected systems can access any WEP network access point, as long as the connected system
uses a service set identifier that matches the access point SSID.
• Shared Key Authentication: With SKA, Wi-Fi-connected systems use a four-step challenge-response algorithm to authenticate.
CONT…

Drawbacks to wired equivalent privacy:

• WEP is widely implemented and deployed, but it suffers from serious security weaknesses. These include:
• Stream cipher: Encryption algorithms applied to data streams, called stream ciphers, can be vulnerable to
attack when a key is reused. The protocol's relatively small key space makes it impossible to avoid reusing
keys.

• RC4 weaknesses: The RC4 algorithm itself has come under scrutiny for cryptographic weakness and is no
longer considered safe to use.

• Optional: As designed, the protocol use is optional. Because it's optional, users often failed to activate it
when installing WEP-enabled devices.

• Shared key: The default configuration for these systems uses a single shared key for all users. You can't
authenticate individual users when all users share the same key.
WPA (WI-FI PROTECTED ACCESS)
• WPA is a security protocol designed to create secure wireless (Wi-Fi) networks.
• Wi-Fi Protected Access is a Wi-Fi security technology developed in response to the weaknesses of Wired
Equivalent Privacy standards. It improves upon WEP's authentication and encryption features.

• For an encrypted data transfer to work, both systems on the beginning and end of a data transfer must use the
same encryption/decryption key.

• While WEP provides each authorized system with the same key, WPA uses the temporal key integrity protocol
(TKIP), which dynamically changes the key that the systems use.

• This prevents intruders from creating their own encryption key to match the one used by the secure network.
• WPA also implements the Extensible Authentication Protocol (EAP) for authorizing users. Instead of
authorizing computers based on their MAC address, WPA can use several other methods to verify each
computer's identity. This makes it more difficult for unauthorized systems to gain access to the wireless
network.
CONT…

• Working:
• The WPA protocol implements almost all of the IEEE 802.11i standard. The Temporal Key Integrity Protocol
(TKIP) was adopted for WPA.

• TKIP employs a per-packet key, which means that it dynamically generates a new 128-bit key for each packet
and thus prevents the types of attacks that compromised WEP.

• WPA included a Message Integrity Check, which is designed to prevent an attacker to alter or resend data
packets. This replaced the cyclic redundancy check (CRC) that was used by the WEP standard.

• WPA uses a message integrity check algorithm called TKIP to verify the integrity of the packets.
CONT…

WPA2:

• WPA2 is the replacement for WPA and is based on the IEEE 802.11i (ratified) standard. Certification began in
2004, and from march 13, 2006, it was mandatory for all devices if user wanted to use the wi-fi trademark.
The most significant upgrade is that WPA2 uses AES-CCMP encryption instead of the old RC4 encryption that
WEP and WPA use.

• WPA2 also introduced wi-fi protected setup (WPS). If user want to connect to a network that uses a pre-
shared key, then user need to know the SSID and the pre-shared key.

• With WPS, user only have to push a button or enter a pin code, and wireless device automatically configures
the SSID and pre-shared key. WPS makes it easier for non-tech savvy users to configure a wireless network,
especially when user use long, complex pre-shared keys.

• However, researchers discovered a vulnerability for WPS in 2011. An attack against WPS can brute force the
WPS PIN in a few hours, which results in an exposed pre-shared key.
CONT…

WPA3:

• The Wi-Fi Alliance introduced WPA3 the next-generation replacement for WPA2, in 2018. WPA3 still uses AES
but replaced CCMP with the Galois/Counter Mode Protocol (GCMP).

• The key length for AES has increased. WPA3-personal still uses 128-bit AES, but optionally can use 192-bit.
For WPA3-enterprise, it’s a requirement to use 192-bit keys.

• WPA2 introduced Protected Management Frames (PMF), but it was optional. WPA3 makes it a requirement.
PMF protects:
• Unicast management frames against eavesdropping and forging.
• Multicast management frames against forging.
WIRELESS LAN THREATS
• Configuration Problems (Misconfigurations or Incomplete Configurations):
• Simple configuration problems are often the cause of many vulnerabilities because many users grade access points
with no security configuration at all. Other potential issues with configuration include weak passwords, feeble
security deployments, and default SSID usage. A novice user can quickly set up one of these devices and gain access,
or open up a network to external use without further configuration. These acts allow attackers to steal an SSID and
connect to the WLAN.

• Denial of Service:
• Denial of service (DoS), also referred to as a “spoiler”, is one of the simplest network attacks to perpetrate because it
only requires limiting access to services. This can be done by placing viruses or worm programs on WLAN, or by
simply sending a large amount of traffic at a specific target with the intent of causing a slowdown or shutdown of
wireless services. This allows attackers to hijack resources, view unauthorized information disclosures, and introduce
backdoors into the system.
CONT…

• Passive Capturing:
• Passive capturing (or eavesdropping) is performed simply by getting within range of a target wireless LAN, then
‘listening to’ and capturing data which can be used for breaking existing security settings and analyzing non-secured
traffic. Such information that can be “heard” include SSIDs, packet exchanges, and files (including confidential ones).
When it comes down to it, passive capturing is possible nearly anywhere. There are also some go-arounds when an
attacker can’t be within normal broadcast range, such as using a big antenna or a wireless repeater device to extend
range by miles. An attacker can even use a packet sniffer application that captures all the outgoing packets, grabs
and analyzes them, then reveals its data payload.

• Rogue (or Unauthorized/Ad-Hoc) Access Points:

• One method often used by attackers involves setting up a rogue access point within the range of an existing wireless
LAN. The idea is to ‘fool’ some of the authorized devices in the area to associate with the false access point, rather
than the legitimate one. To really be effective, this type of attack requires some amount of physical access. This is
required because if a user associates with a rogue access point, then is unable to perform any of their normal duties,
the vulnerability will be short-lived and not that effective.
CONT…
• Evil Twin Attacks:
• An attacker can gather enough information about a wireless access point to impersonate it with their own, stronger
broadcast signal. This fools unsuspecting users into connecting with the evil twin signal and allows data to be read or sent
over the internet.

• Hacking of Lost or Stolen Wireless Devices:

• Often ignored because it seems so innocent, but if an user loses a smartphone, laptop, etc., that is authorized to be
connected to WLAN network, it's very easy for the finder or thief to gain full access. All that’s necessary is to get past the
password, which is quite simple to do.

• Freeloading:
• Sometimes unauthorized users will piggyback on your wireless network to gain free access. Usually this is not done
maliciously, but there are still security ramifications.
• Internet service may slow down.
• Illegal content or spam can be downloaded via mail server.
• “Innocent” snooping may take place.
SECURING WIRELESS NETWORKS
• Change default passwords:
• Most network devices, including wireless access points, are pre-configured with default administrator passwords to simplify setup. These default passwords are
easily available online, and so provide only marginal protection. Changing default passwords makes it harder for attackers to access a device. Use and periodic
changing of complex passwords is your first line of defense in protecting your device.

• Restrict access:
• Only allow authorized users to access your network. Each piece of hardware connected to a network has a media access control (MAC) address. One can restrict
access to the network by filtering these MAC addresses. One can also utilize the “guest” account, which is a widely used feature on many wireless routers. This
feature allows to grant wireless access to guests on a separate wireless channel with a separate password, while maintaining the privacy of primary credentials.

• Encrypt the data on network:

• Encrypting wireless data prevents anyone who might be able to access your network from viewing it. There are several encryption protocols available to provide
this protection. Wi-Fi Protected Access (WPA), WPA2, and WPA3 encrypt information being transmitted between wireless routers and wireless devices. WPA3 is
currently the strongest encryption. WPA and WPA2 are still available; however, it is advisable to use equipment that specifically supports WPA3, as using the other
protocols could leave your network open to exploitation.

• Protect Service Set Identifier (SSID):

• To prevent outsiders from easily accessing WLAN network, avoid publicizing SSID. All Wi-Fi routers allow users to protect their device’s SSID, which makes it more
difficult for attackers to find a network. At the very least, change SSID to something unique. Leaving it as the manufacturer’s default could allow a potential
attacker to identify the type of router and possibly exploit any known vulnerabilities.
CONT…
• Install a firewall:
• Consider installing a firewall directly on your wireless devices (a host-based firewall), as well as on your home network (a router- or modem-based firewall). Attackers
who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on
your computer.

• Maintain antivirus software:

• Install antivirus software and keep your virus definitions up to date. Many antivirus programs also have additional features that detect or protect against spyware and
adware.

• Use file sharing with caution:

• File sharing between devices should be disabled when not needed. You should always choose to only allow file sharing over home or work networks, never on public
networks. You may want to consider creating a dedicated directory for file sharing and restrict access to all other directories. In addition, you should password protect
anything you share. Never open an entire hard drive for file sharing.

• Keep access point software patched and up to date:

• The manufacturer of your wireless access point will periodically release updates to and patches for a device’s software and firmware. Be sure to check the
manufacturer’s website regularly for any updates or patches for your device.

• Connect using a Virtual Private Network (VPN):

• Many companies and organizations have a VPN. VPNs allow employees to connect securely to their network when away from the office. VPNs encrypt connections at
the sending and receiving ends and keep out traffic that is not properly encrypted. If a VPN is available to you, make sure you log onto it any time you need to use a
public wireless access point.
BLUETOOTH
INTRODUCTION
• Bluetooth technology is a high-speed low powered wireless technology link that is designed to connect phones or
other portable equipment together. It is a specification (IEEE 802.15.1) for the use of low-power radio
communications to link phones, computers, and other network devices over short distances without wires. Wireless
signals transmitted with Bluetooth cover short distances, typically up to 30 feet (10 meters).

• It is achieved by embedded low-cost transceivers into the devices. It supports the frequency band of 2.45GHz and
can support upto 721KBps along with three voice channels. This frequency band has been set aside by international
agreement for the use of industrial, scientific, and medical devices (ISM).

• It can connect up to “eight devices” simultaneously and each device offers a unique 48-bit address from the IEEE 802
standard with the connections being made a point to point or multipoint.
History of Bluetooth:

• Bluetooth wireless technology was named after a Danish Viking and King, Harald Blatand; his last name means
“Bluetooth” in English. He is credited with uniting Denmark and Norway, just as Bluetooth wireless technology is
credited with uniting two disparate devices.
CONT…

• The Bluetooth technology emerged from the task undertaken by Ericsson Mobile Communications in 1994 to
find an alternative to the use of cables for communication between mobile phones and other devices. In
1998, the companies Ericsson, IBM, Nokia, and Toshiba formed the Bluetooth Special Interest Group (SIG)
which published the 1st version in 1999.

• The first version was 1.2 standard with a data rate speed of 1Mbps. The second version was 2.0+EDR with a
data rate speed of 3Mbps. The third was 3.0+HS with a speed of 24 Mbps. The latest version is 4.0.
USER SCENARIO
Many user scenarios can be imagined for wireless communication within short range.
• Connection of peripheral devices: Today, most devices are connected to a desktop computer via wires (e.G., Keyboard,
mouse, joystick, headset, speakers). This type of connection has several disadvantages: each device has its own type of
cable, different plugs are needed, wires block office space. In a wireless network, no wires are needed for data
transmission. However, batteries now have to replace the power supply, as the wires not only transfer data but also supply
the peripheral devices with power.

• Support of ad-hoc networking: When several people coming together, discussing issues, exchanging data
(schedules, sales figures etc.). Wireless networks can support this type of interaction; small devices might
not have WLAN adapters following the IEEE 802.11 standard, but cheaper Bluetooth chips built in.

• Bridging of networks: Using wireless piconets, a mobile phone can be connected to a PDA or laptop in a
simple way. Mobile phones will not have full WLAN adapters built in, but could have a Bluetooth chip. The
mobile phone can then act as a bridge between the local piconet and, e.g., the global GSM network.
ARCHITECTURE
There are two types of Bluetooth network architectures−
• Piconets
• Scatternets

Piconets:

• Piconets are small Bluetooth networks, formed by at most 8 stations, one of which is the master node and the rest slave
nodes (maximum of 7 slaves).

• Master node is the primary station that manages the small network. The slave stations are secondary stations that are
synchronized with the primary station.

• Communication can take place between a master node and a slave node in either one-to-one or one-to-many manner.
However, no direct communication takes place between slaves.

• Each station, whether master or slave, is associated with a 48-bit fixed device address.
• Besides the seven active slaves, there can be up to 255 numbers of parked nodes. These are in a low power state for
energy conservation. The only work that they can do is respond to a beacon frame for activation from the master node.
CONT…
CONT…

Scatternet:
• A scatternet is an interconnected collection of two or more piconets. They are formed when a node in a piconet, whether a
master or a slave, acts as a slave in another piconet. This node is called the bridge between the two piconets, which
connects the individual piconets to form the scatternet.

• In two piconets, same station cannot be a master.

PROTOCOL STACK

Fig: Bluetooth Protocol

Architecture (Stack)
CONT…

• Radio (RF) layer:

• It performs modulation/demodulation of the data into RF signals. It defines the physical characteristics of bluetooth
transceivers. It defines two types of physical link: connection-less and connection-oriented.

• Baseband Link layer:

• It performs the connection establishment within a piconet.
• Link Manager protocol layer:
• Itperforms the management of the already established links. It also includes authentication and encryption
processes.

• Logical Link Control and Adaption protocol layer:

• It is also known as the heart of the bluetooth protocol stack. It allows the communication between upper and lower
layers of the bluetooth protocol stack. It packages the data packets received from upper layers into the form
expected by lower layers. It also performs the segmentation and multiplexing.
CONT…

• SDP layer:
• It is short for Service Discovery Protocol. It allows to discover the services available on another bluetooth enabled device.

• RF comm layer:
• It is short for Radio Frontend Component. It provides serial interface with WAP and OBEX.

• OBEX:
• It is short for Object Exchange. It is a communication protocol to exchange objects between 2 devices.

• WAP:
• It is short for Wireless Access Protocol. It is used for internet access.

• TCS:
• It is short for Telephony Control Protocol. It provides telephony service.

• Application layer:
• It enables the user to interact with the application.
CONT…
Advantages:

• Low cost.
• Easy to use.
• It can also penetrate through walls.
• It creates an adhoc connection immediately without any wires.
• It is used for voice and data transfer.

Disadvantages:

• It can be hacked and hence, less secure.

• It has slow data transfer rate: 3 mbps.
• It has small range: 10 meters.
HIPERLAN 1
INTRODUCTION
• HIPERLAN is a European (ETSI) standardization initiative for a HIgh PERformance wireless Local Area Network.
• Radio waves are used instead of a cable as a transmission medium to connect stations. Either, the radio transceiver is mounted to
the movable station as an add-on and no base station has to be installed separately, or a base station is needed in addition per
room.

• The stations may be moved during operation-pauses or even become mobile. The max. data rate for the user depends on the
distance of the communicating stations. With short distances (<50 m) and asynchronous transmission a data rate of 20 Mbit/s is
achieved, with up to 800 m distance a data rate of 1 Mbit/s are provided. For connection-oriented services, e.g. video-telephony, at
least 64 kbit/s are offered.

• The specifications are specified or managed by BRAN (broadband radio access network). There are four set of standards as
mentioned below.

• Hiperlan/1: radio LAN, 5.15 to 5.3 ghz , range: 50 meters, maximum rate of 23.5 mbps, mobility less than 10 m/s
• Hiperlan/2: 5.1 to 5.3 ghz, short range (50 to 100m), greater than 20 mbps, mobility less than 10 m/s.
• Hiperaccess: 5.1 ghz to 5.3 ghz, range of 5000 meters, data rate greater than 20 mbps, stationary mode
• Hiperlink: 17.1 to 17.3 ghz, range: up to 150m, rate upto 155 mbps, stationary mode
CONT…
Features of HiperLAN 1:

• Operates at 5GHz
• Supports data rate upto 19 mbps.
• It uses sc (single carrier) modulation such as GMSK.
• It uses complex equalizer to take care of delay spread.
Fig: HiperLAN 1 Reference Model
HiperLAN 1 Reference Model:

• HiperLAN 1 defines Data Link Layer and Physical Layer. For Local Area Networks, Data Link Layer is further
divided into two sublayers: the Logical Link Control (LLC) and the Medium Access Control (MAC). HiperLAN 1
only deals with MAC and PHY.
CONT…
• An intermediate layer, the channel access and control (CAC) sublayer, is introduced in the hiperlan 1 architecture to deal with the channel access
signaling and protocol operation required supporting packet priority.

• A pseudo-hierarchically independent access mechanism is achieved via active signaling in a listen-before-talk access protocol.
• The elimination-yield non-preemptive multiple access (EY-NPMA) mechanism codes priority level selection and contention resolution into a single,
variable length radio pulse preceding packet data.

• EY-NPMA provides good residual collision rate performance for even large numbers of simultaneous channel contenders.
• EY-NPMA divides the medium access of different competing nodes into three phases:
• Prioritization: Determine the highest priority of a data packet ready to be sent by competing nodes.
• Contention: Eliminate all but one of the contenders, if more than one sender has the highest current priority.
• Transmission: Finally, transmit the packet of the remaining node.

Fig: Phases of the

HIPERLAN 1 EY-NPMA
access scheme
CONT…

Physical Layer
• RF carriers:
• HiperLAN 1 uses the radio frequency band 5,150 MHz to 5,300 MHz. The
following table shows the nominal frequency of each carrier. It's required that all
transmissions shall be centered on one of the nominal carrier frequencies, and all
HiperLAN 1 equipments shall operate on all 5 channels.

• The carriers numbered 0, 1 and 2 are designated the "default" carriers.

• Clear channel assessment (CCA): Table: Nominal Carrier center
frequencies
• The hiperlan 1 clear channel assessment scheme is based on the measurement of
the received signal strength only. A threshold is used for determining whether the
channel is busy or idle. Because the signal strength will vary with time, the time-
domain variation of the received signal strength is used for threshold adaptation.
CONT…
Modulation:

• For hiperlan 1, gaussian minimum shift keying (GMSK) is used as the high bit rate modulation scheme to
modulate a high rate transmission. GMSK is a constant envelope modulation scheme, which means that the
amplitude of the transmitted signal is constant. This is important, because less stringent linearity can be
demanded of the RF amplifier, which in turn means the cost of the radio is lower and, more importantly, the
efficiency of the power amplifier (the ratio of actual RF energy transmitted compared to the electrical
energy consumed) is quite good. Frequency shift keying (FSK) is used as the low bit rate modulation scheme
to modulate a low rate transmission.
HIPERLAN 2
INTRODUCTION
• HiperLAN2 is one of a number of new generation standards supporting both asynchronous data and time critical services that
are bounded by specific time delays to achieve an acceptable Quality of Service (QoS) being developed under the auspices of
the ETSI’s Project BRAN.

• The HiperLAN2 standard is nearly identical to 802.11 in terms of its physical layers – both use OFDM technology to achieve their
data rates, for instance – but is very different at the MAC level and in the way the data packets are formed and devices are
addressed.

• HiperLAN2 is more similar to wireless Asynchronous Transfer Mode (ATM). It operates by sharing the 20MHz channels in the
5GHz spectrum in time, using Time Division Multiple Access (TDMA) to provide QoS through ATM-like mechanisms.
Features of HIPERLAN/2:

• Operates at 5ghz with 455mhz bandwidth.

• Supports data rate of 6 mbps to 54 mbps similar to 802.11a
• It uses multi carrier (i.E. OFDM) modulation like 802.11a
• It uses two bands one for indoor use and the other for outdoor use with power at 200 milliwatt and 1 watt respectively.
CONT…
Reference model and configurations:

• Figure shows the standard architecture of an infrastructure-based HiperLAN2 network. In the example, two access points
(AP) are attached to a core network. Core networks might be Ethernet LANs, Firewire connections between audio and video
equipment, ATM networks, UMTS 3G cellular phone networks etc.

• Each AP consists of an access point controller (APC) and one or more access point transceivers (APT). An APT can comprise
one or more sectors.

• Finally, four mobile terminals (MT) are also shown. MTs can move around in the cell area as shown.
• The system automatically assigns the APT/AP with the best transmission quality. No frequency planning is necessary as the
APs automatically select the appropriate frequency via dynamic frequency selection.

Fig: HiperLAN2 basic structure

and handover scenarios
CONT…

Three handover situations may occur:

• Sector handover (Inter sector): If sector antennas are used for an AP, which is optional in the standard, the
AP shall support sector handover. This type of handover is handled inside the DLC layer so is not visible
outside the AP.

• Radio handover (Inter-APT/Intra-AP): As this handover type, too, is handled within the AP, no external
interaction is needed. In the example of Figure above the terminal MT3, moves from one APT to another of
the same AP. All context data for the connections are already in the AP (encryption keys, authentication, and
connection parameters) and does not have to be renegotiated.

• Network handover (Inter-AP/Intra-network): This is the most complex situation: MT2 moves from one AP to
another. In this case, the core network and higher layers are also involved. This handover might be supported
by the core network. Otherwise, the MT must provide the required information similar to the situation
during a new association.
CONT…

Fig: Difference between

HiperLAN 1 & HiperLAN 2
THANK YOU!!!