Download Presentation
## Wireless networks

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Wireless networks**Philippe Jacquet INRIA Ecole Polytechnique France**GSM network**• « 1 km in the air, 1000 km in wires » • BTS: Base station Transceiver System • BSC: Base Station Controller • MSC: Mobile Switching Center • VLR: Visitor Location Register • HLR: Home Location Register VLR HLR MSC BTS BSC mobile Fixed networks**Wireless interface**• Uplink frequencies, downlink frequencies • Each frequency divided in eight periodic slots (channels) • One signalisation channel +seven voice channels.**Wireless interface**• Frequency organisation Burst=packet Middample: training sequence**Security in GSM**• Authentification: high level security • Impossibility of account parameter highjacking is contractual • Encryption: low level security • Possibility of eavedropping by government agencies**SIM chip: contains all security**• Subscriber Identity Module • Subscriber identifier IMSI • PIN code • Key Ki for authentification • last dialed numbers and areas**Security GSM Algorithms**• Algorithme A3 for authentification based on Ki key. • Ki 128 bits deposited in SIM, is known by operator • Algorithm A8 to create an encryption Kc key • Algorithm A5 for voice encryption from Kc.**on mobile terminal**• At request the network sends a 128 bits random number RAND. • SRES=A3(RAND,Ki) 32 bits • Ki impossible to get from SRES and RAND • Kc=A8(RAND,Ki) 64 bits • Ki impossible to get from Kc and RAND • code=A5(Kc,info) • Kc easy to get from clear 64 bits on air • breakable in less than 2 minutes on regular PC.**Authentification**• Operateur sends a number RAND • Operator and mobile terminal separately computes SRES • Mobile sends SRES to operator • If both SRES are identical, then user is authentified**authentification**SIM VLR Ki RAND Ki SRES=A3(RAND,Ki) SRES=A3(RAND,Ki) accepté SRES test =**Encryption**• Mobile and operator compute Kc. • Encrypt and decipher infos with same algorithm A5. • Add each data 114 bits block with pseudo-random 114 bits • Pseudo-random bits computed with Kc and info block number (algorithme A5). • Brute force attack costs 240**Data in voice: GPRS**• General Packet Radio System • Enable GSM modem for internet connection • Use idle slots on frequencies pour send and receive data • Charged on per volume basis (voice charged per duration) • Require a protocol stack and a security level and « IP ».**Additional elements in GSM for GPRS**internet • SGSN (Serving GPRS Support node) • GGSN (Gateway GPRS Support node) • Un tunnel protocol GTP • Specific authentification procedures SGSN VLR GGSN HLR MSC BTS BSC mobile Réseau fixe**Authentification**• First: GSM authentification • Second: GPRS authentification • Creation of a network identitier for IP**Encryption**• Regular wireless encryption • Unreliable but needs radio vicinity to break • Require IP encryption • SSH (Secure Shell)**Ipsec protocol**IPsec Authentification Header transport mode IPsec Encapsulating Security Payload (ESP) IPsec ESP-tunnel mode**UMTS and CDMA**• UMTS is the next generation mobile phone • 3G, (GSM=2G) • Based on CDMA/TDMA Frame=10ms Frame=12 slots of 0.666 ms each**UMTS and CDMA**• Slots are periodic • Many users can use the same slot • Sharing via code division frequencies codes GSM UMTS**Code Division Multiple Access**• Equivalent to digital fourier transform Fast code Separates transmitters Slow symbol Contains info**Code Division Multiple Access**• Basic hypothesis • Data extraction**Code Division Multiple Access**• Advantages • Many codes can be given to a single user • Flexibility of use • More bandwidth occupation • Drawback: • Sensitive to near-far effect • Must equalize power**CDMA in Wifi**• User modulate datas on a code • No Code division • Allow to fight inter-symbol fading**Wave propagation**• Signal attenuation with distance • P0 nominal power • Isotropic medium • =2 in vaccum**Wave propagation**• Antenna variation • Distance Fading • Non isotropic medium • Rayleigh fading: is gaussian**Wave propagation**• Inter-symbol fading • diffraction on obstacles creates delayed echos Emitted Signal echos Received Signal**Wave propagation**• Inter-symbol fading • Attenuation is now a convolution • T: most delayed echo • Average fading is distance fading:**Inter-symbol fading**• The typical echo delay T increases with distance • Depends on medium • in vaccum • in 1D homogenous medium • in 2D homogenous medium • with ½<h<1in « fractal » medium • Effect of inter-symbol fading • Does not affect significantly Shannon capacity limit • But: complicates the decoding when T is comparable to inter-symbol time (1/W)**Inter-symbol fading**• Example of fractal medium : urban area**Complexity of signal processing**• Signal processing • First level signal decoding • Mainly digital • Equalization • Reverse the convolution fading • With noise**Complexity of signal processing**• Equalization • Emission of a known training sequence x(t), received y(t) • Knowledge of both x(t) and y(t) gives (t) and -1(t) in theory. • Discretized sampling with frequency =1/ **Complexity of signal processing**• Resolution of a linear system • Of dimension • Resolution takes operations • Must be repeated every time fading changes: • If , then the processing computing power is**Complexity of signal processing**• In general a wireless interface is calibrated for • A minimal SNR and a fixed capacity I • A maximal signal processing power • Therefore for a limit range R • There exists a minimal nominal power P0.**Complexity of signal processing**• Diagram Capacity-Range Hiperlan1&2 IEEE802.11a-g Capacity in bit/s Wifi B IEEE 802.11 UMTS pico-cell UMTS micro-cell bluetooth GSM UMTS range in m**Error suppression**• Error Detection via check sum • Message=binary polynomial • Check sum is the rest of division of message polynomial by a known polynomial of degree 32. • The check sum is then 32 bits • The receiver compare with transmitted check sum (failed error detection probability 2-32) message Check sum**Error suppression**• Two kinds of error suppression • Forward Error Correction (FEC) • Automatic Repeat Query (ARQ)**Error suppression**• FEQ: forward error correction • Addition of extra bits to message to help correction of corrupted blocks. E.g. sum of all blocks. • Detection of corrupted blocks via local check sums. • Matrix n(n+r) has all n n sub-matrices reversible • Encoding rate = n/(n+r) 1 (0) (0) Encoded Message = Message 1 **Error suppression**• Data interleaving to spread error burts**Error suppression**• ARQ: Automatic Repeat Query • The receiver acknowledge correctly received blocks • Emitter repeats non acked blocks 1 2 3 4 5 6 7 8 ACK: 1,2,5,7 3 4 6 8 ACK: 4,8 3 6 ACK: 3,6 3 6 ACK: 3,6