1 / 44

450 likes | 594 Views

Wireless networks. Philippe Jacquet INRIA Ecole Polytechnique France. Mobile phones. GSM network. « 1 km in the air, 1000 km in wires » BTS: Base station Transceiver System BSC: Base Station Controller MSC: Mobile Switching Center VLR: Visitor Location Register

Download Presentation
## Wireless networks

**An Image/Link below is provided (as is) to download presentation**
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.
Content is provided to you AS IS for your information and personal use only.
Download presentation by click this link.
While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

**Wireless networks**Philippe Jacquet INRIA Ecole Polytechnique France**GSM network**• « 1 km in the air, 1000 km in wires » • BTS: Base station Transceiver System • BSC: Base Station Controller • MSC: Mobile Switching Center • VLR: Visitor Location Register • HLR: Home Location Register VLR HLR MSC BTS BSC mobile Fixed networks**Wireless interface**• Uplink frequencies, downlink frequencies • Each frequency divided in eight periodic slots (channels) • One signalisation channel +seven voice channels.**Wireless interface**• Frequency organisation Burst=packet Middample: training sequence**Security in GSM**• Authentification: high level security • Impossibility of account parameter highjacking is contractual • Encryption: low level security • Possibility of eavedropping by government agencies**SIM chip: contains all security**• Subscriber Identity Module • Subscriber identifier IMSI • PIN code • Key Ki for authentification • last dialed numbers and areas**Security GSM Algorithms**• Algorithme A3 for authentification based on Ki key. • Ki 128 bits deposited in SIM, is known by operator • Algorithm A8 to create an encryption Kc key • Algorithm A5 for voice encryption from Kc.**on mobile terminal**• At request the network sends a 128 bits random number RAND. • SRES=A3(RAND,Ki) 32 bits • Ki impossible to get from SRES and RAND • Kc=A8(RAND,Ki) 64 bits • Ki impossible to get from Kc and RAND • code=A5(Kc,info) • Kc easy to get from clear 64 bits on air • breakable in less than 2 minutes on regular PC.**Authentification**• Operateur sends a number RAND • Operator and mobile terminal separately computes SRES • Mobile sends SRES to operator • If both SRES are identical, then user is authentified**authentification**SIM VLR Ki RAND Ki SRES=A3(RAND,Ki) SRES=A3(RAND,Ki) accepté SRES test =**Encryption**• Mobile and operator compute Kc. • Encrypt and decipher infos with same algorithm A5. • Add each data 114 bits block with pseudo-random 114 bits • Pseudo-random bits computed with Kc and info block number (algorithme A5). • Brute force attack costs 240**Data in voice: GPRS**• General Packet Radio System • Enable GSM modem for internet connection • Use idle slots on frequencies pour send and receive data • Charged on per volume basis (voice charged per duration) • Require a protocol stack and a security level and « IP ».**Additional elements in GSM for GPRS**internet • SGSN (Serving GPRS Support node) • GGSN (Gateway GPRS Support node) • Un tunnel protocol GTP • Specific authentification procedures SGSN VLR GGSN HLR MSC BTS BSC mobile Réseau fixe**Authentification**• First: GSM authentification • Second: GPRS authentification • Creation of a network identitier for IP**Encryption**• Regular wireless encryption • Unreliable but needs radio vicinity to break • Require IP encryption • SSH (Secure Shell)**Ipsec protocol**IPsec Authentification Header transport mode IPsec Encapsulating Security Payload (ESP) IPsec ESP-tunnel mode**UMTS and CDMA**• UMTS is the next generation mobile phone • 3G, (GSM=2G) • Based on CDMA/TDMA Frame=10ms Frame=12 slots of 0.666 ms each**UMTS and CDMA**• Slots are periodic • Many users can use the same slot • Sharing via code division frequencies codes GSM UMTS**Code Division Multiple Access**• Equivalent to digital fourier transform Fast code Separates transmitters Slow symbol Contains info**Code Division Multiple Access**• Basic hypothesis • Data extraction**Code Division Multiple Access**• Advantages • Many codes can be given to a single user • Flexibility of use • More bandwidth occupation • Drawback: • Sensitive to near-far effect • Must equalize power**CDMA in Wifi**• User modulate datas on a code • No Code division • Allow to fight inter-symbol fading**Wave propagation**• Signal attenuation with distance • P0 nominal power • Isotropic medium • =2 in vaccum**Wave propagation**• Antenna variation • Distance Fading • Non isotropic medium • Rayleigh fading: is gaussian**Wave propagation**• Inter-symbol fading • diffraction on obstacles creates delayed echos Emitted Signal echos Received Signal**Wave propagation**• Inter-symbol fading • Attenuation is now a convolution • T: most delayed echo • Average fading is distance fading:**Inter-symbol fading**• The typical echo delay T increases with distance • Depends on medium • in vaccum • in 1D homogenous medium • in 2D homogenous medium • with ½<h<1in « fractal » medium • Effect of inter-symbol fading • Does not affect significantly Shannon capacity limit • But: complicates the decoding when T is comparable to inter-symbol time (1/W)**Inter-symbol fading**• Example of fractal medium : urban area**Complexity of signal processing**• Signal processing • First level signal decoding • Mainly digital • Equalization • Reverse the convolution fading • With noise**Complexity of signal processing**• Equalization • Emission of a known training sequence x(t), received y(t) • Knowledge of both x(t) and y(t) gives (t) and -1(t) in theory. • Discretized sampling with frequency =1/ **Complexity of signal processing**• Resolution of a linear system • Of dimension • Resolution takes operations • Must be repeated every time fading changes: • If , then the processing computing power is**Complexity of signal processing**• In general a wireless interface is calibrated for • A minimal SNR and a fixed capacity I • A maximal signal processing power • Therefore for a limit range R • There exists a minimal nominal power P0.**Complexity of signal processing**• Diagram Capacity-Range Hiperlan1&2 IEEE802.11a-g Capacity in bit/s Wifi B IEEE 802.11 UMTS pico-cell UMTS micro-cell bluetooth GSM UMTS range in m**Error suppression**• Error Detection via check sum • Message=binary polynomial • Check sum is the rest of division of message polynomial by a known polynomial of degree 32. • The check sum is then 32 bits • The receiver compare with transmitted check sum (failed error detection probability 2-32) message Check sum**Error suppression**• Two kinds of error suppression • Forward Error Correction (FEC) • Automatic Repeat Query (ARQ)**Error suppression**• FEQ: forward error correction • Addition of extra bits to message to help correction of corrupted blocks. E.g. sum of all blocks. • Detection of corrupted blocks via local check sums. • Matrix n(n+r) has all n n sub-matrices reversible • Encoding rate = n/(n+r) 1 (0) (0) Encoded Message = Message 1 **Error suppression**• Data interleaving to spread error burts**Error suppression**• ARQ: Automatic Repeat Query • The receiver acknowledge correctly received blocks • Emitter repeats non acked blocks 1 2 3 4 5 6 7 8 ACK: 1,2,5,7 3 4 6 8 ACK: 4,8 3 6 ACK: 3,6 3 6 ACK: 3,6

More Related