在IEEE 802.11無線區域網路下支援服務品質的負載平衡與無接縫漫遊服務之研究 / Load Balance and Seamless Roaming with QoS support in IEEE 802.11 WLAN

連志峰, Lien, Chih-Feng

Unknown Date

本論文研究探討了在IEEE 802.11無線區域網路下支援服務品質的負載控制方法。我們所提出的ELB方法用動態的調整AP之間的網路負載分佈以達到負載平衡的目標。我們根據每個客戶端的統計特性進行負載平衡，並以允入控制來避免流量雍塞的情況發生。透過將使用者區分為三個等級，並控制每個使用者的使用頻寬來達到維持服務品質的目的。而進行漫遊的使用者，在我們的機制下，經由在新的AP上的頻寬預先保留，也可以維持一定的服務品質。除此之外，我們的ELB不需要修改任何的硬體機制，就可以運作在現存的802.11b無線區域網路中。最後，我們也對我們的機制做了模擬與實作，並量測、比較了我們的機制的表現。結果指出我們的結果可以有效的平衡AP間的負載，讓頻寬達到更大的使用效率，也能維持令人滿意的服務品質。 / This thesis presents and evaluates a mechanism for the load control with QoS supported in IEEE 802.11b Wireless LANs. Our mechanism named Enhanced Load Balance (ELB) dynamically adapts load distribution over APs to achieve load balance. The ELB mechanism balances the load by STAs’ statistical traffic load. This mechanism also performs admission control to avoid congestion. The ELB mechanism maintains QoS by classifying STAs into three classes and control the traffic flow of every STA. The roaming STAs can get enough bandwidth to maintain the QoS in the new AP by the bandwidth reservation mechanism of ELB. ELB can be used on top of the standard 802.11b access mechanism without requiring any modification or additional hardware. The performance of the IEEE 802.11 protocol with or without the ELB mechanism is investigated in the paper via simulation and implementation. The results indicate that our mechanism can balance the load effectively and the bandwidth can be fully utilized. Therefore, QoS can also be maintained.

802.11

load balance

QoS

admission control

Wireless Intrusion Detection Sytem

Vigo, John Louis, Jr.

17 December 2004

The decrease in price and the ease of use of wireless network devices make them an attractive alternative to standard wired networks. However, the intrinsic insecurity of wireless media and weaknesses in the standards for use of wireless media leave wireless networks vulnerable to attacks from unauthorized users. The intrinsic insecurity of wireless media results from radio signals extending beyond the networks intended coverage area and the weaknesses in the standards result from the methods used for authorization and privacy. These insecurities restrict the use of wireless networks by entities that need a high level of security. This paper describes a Wireless Intrusion Detection System (WIDS) that provides additional security for 802.11b wireless networks. WIDS provides intrusion detection that can react to potential threats and locate an intruder through the use of intelligent access points equipped with rotating directional antennas.

Wireless

802.11

802.11b

intrusion detection

security

Exposing the medium access control vulnerabilities in IEEE 802.11.

January 2007

Ma Yu Tak. / Thesis submitted in: October 2006. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2007. / Includes bibliographical references (leaves 70-73). / Abstracts in English and Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- IEEE 802.11 Standard --- p.4 / Chapter 3 --- Vulnerabilities of IEEE 802.11 --- p.8 / Chapter 3.1 --- Authentication Vulnerabilities --- p.8 / Chapter 3.2 --- Medium Access Control Vulnerabilities --- p.9 / Chapter 3.3 --- Proposed Counter-Measures --- p.10 / Chapter 4 --- Denial-of-Service Attacks by Exploiting the MAC protocol --- p.12 / Chapter 5 --- Simulation Results --- p.20 / Chapter 5.1 --- General DoS Attack Simulations --- p.21 / Chapter 5.1.1 --- Topology 1: A Simple Wireless Network --- p.21 / Chapter 5.1.2 --- Topology 2: Wireless Network in Ad-Hoc Mode --- p.24 / Chapter 5.1.3 --- Topology 3: Network with Hidden Node Problem --- p.29 / Chapter 5.2 --- Targeted DoS Attack Simulations --- p.32 / Chapter 5.2.1 --- Topology 4: A Simple Wireless Network --- p.32 / Chapter 5.2.2 --- Topology 4: A Simple Network with Reversed TCP Flows --- p.38 / Chapter 6 --- Detecting and Solving the Attacks --- p.41 / Chapter 6.1 --- Detection of Attacker --- p.41 / Chapter 6.1.1 --- Detecting General DoS Attackers --- p.41 / Chapter 6.1.2 --- Detecting Targeted DoS Attackers --- p.44 / Chapter 6.2 --- Possible Solutions to the DoS Attacks --- p.53 / Bibliography --- p.70 / Chapter A --- TCP Exponential Backoff with Non-Zero Throughput --- p.74 / Chapter A.1 --- TCP Exponential Backoff Background --- p.74 / Chapter A.2 --- Illustration by Simulation --- p.76 / Chapter A.3 --- Implication of the Finding --- p.77 / Chapter B --- Idle Sense in networks with Hidden Node Problem --- p.79 / Chapter B.1 --- Simulation findings --- p.79 / Chapter B.1.1 --- Four hidden nodes case --- p.79 / Chapter B.1.2 --- Analysis of the simulation results --- p.81 / Chapter B.1.3 --- Study of mixed node types --- p.82 / Chapter B.2 --- Possible approaches to use Idle Sense with Hidden Node Problem --- p.84 / Chapter B.2.1 --- Performance Evaluation --- p.88 / Chapter B.3 --- Conclusions --- p.91

IEEE 802.11 (Standard)

Wireless LANs--Access control

A Credit-based Home Access Point (CHAP) to Improve Application Quality on IEEE 802.11 Networks

Lee, Choong-Soo

23 June 2010

"Increasing availability of high-speed Internet and wireless access points has allowed home users to connect not only their computers but various other devices to the Internet. Every device running different applications requires unique Quality of Service (QoS). It has been shown that delay- sensitive applications, such as VoIP, remote login and online game sessions, suffer increased latency in the presence of throughput-sensitive applications such as FTP and P2P. Currently, there is no mechanism at the wireless AP to mitigate these effects except explicitly classifying the traffic based on port numbers or host IP addresses. We propose CHAP, a credit-based queue management technique, to eliminate the explicit configuration process and dynamically adjust the priority of all the flows from different devices to match their QoS requirements and wireless conditions to improve application quality in home networks. An analytical model is used to analyze the interaction between flows and credits and resulting queueing delays for packets. CHAP is evaluated using Network Simulator (NS2) under a wide range of conditions against First-In-First- Out (FIFO) and Strict Priority Queue (SPQ) scheduling algorithms. CHAP improves the quality of an online game, a VoIP session, a video streaming session, and a Web browsing activity by 20%, 3%, 93%, and 51%, respectively, compared to FIFO in the presence of an FTP download. CHAP provides these improvements similar to SPQ without an explicit classification of flows and a pre- configured scheduling policy. A Linux implementation of CHAP is used to evaluate its performance in a real residential network against FIFO. CHAP reduces the web response time by up to 85% compared to FIFO in the presence of a bulk file download. Our contributions include an analytic model for the credit-based queue management, simulation, and implementation of CHAP, which provides QoS with minimal configuration at the AP."

credit

aqm

qos

home network

ieee 802.11

Wireless LAN security.

January 2005

Chan Pak To Patrick. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 82-86). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iii / Contents --- p.iv / List of Figures --- p.vii / List of Tables --- p.viii / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivation --- p.1 / Chapter 1.2 --- The Problems --- p.3 / Chapter 1.3 --- My Contribution --- p.4 / Chapter 1.4 --- Thesis Organization --- p.5 / Chapter 2 --- Wireless LAN Security Model --- p.6 / Chapter 2.1 --- Preliminary Definitions on WLAN --- p.6 / Chapter 2.2 --- Security Model --- p.7 / Chapter 2.2.1 --- Security Attributes --- p.7 / Chapter 2.2.2 --- Security Threats in WLAN --- p.8 / Chapter 2.2.3 --- Attacks on Authentication Scheme --- p.10 / Chapter 2.2.4 --- Attacks on Keys --- p.10 / Chapter 2.3 --- Desired Properties of WLAN Authentication --- p.11 / Chapter 2.3.1 --- Security Requirements of WLAN Authentication --- p.11 / Chapter 2.3.2 --- Security Requirements of Session Keys --- p.12 / Chapter 2.3.3 --- Other Desired Properties of WLAN Authentication --- p.12 / Chapter 3 --- Cryptography --- p.14 / Chapter 3.1 --- Overview on Cryptography --- p.14 / Chapter 3.2 --- Symmetric-key Encryption --- p.15 / Chapter 3.2.1 --- Data Encryption Standard (DES) --- p.15 / Chapter 3.2.2 --- Advanced Encryption Standard (AES) --- p.15 / Chapter 3.2.3 --- RC4 --- p.16 / Chapter 3.3 --- Public-key Cryptography --- p.16 / Chapter 3.3.1 --- RSA Problem and Related Encryption Schemes --- p.17 / Chapter 3.3.2 --- Discrete Logarithm Problem and Related Encryption Schemes --- p.18 / Chapter 3.3.3 --- Elliptic Curve Cryptosystems --- p.19 / Chapter 3.3.4 --- Digital Signature --- p.19 / Chapter 3.4 --- Public Key Infrastructure --- p.20 / Chapter 3.5 --- Hash Functions and Message Authentication Code --- p.21 / Chapter 3.5.1 --- SHA-256 --- p.22 / Chapter 3.5.2 --- Message Authentication Code --- p.22 / Chapter 3.6 --- Entity Authentication --- p.23 / Chapter 3.6.1 --- ISO/IEC 9798-4 Three-pass Mutual --- p.23 / Chapter 3.6.2 --- ISO/IEC 9798-4 One-pass Unilateral --- p.24 / Chapter 3.7 --- Key Establishment --- p.24 / Chapter 3.7.1 --- Diffie-Hellman Key Exchange --- p.24 / Chapter 3.7.2 --- Station-to-Station Protocol --- p.25 / Chapter 3.8 --- Identity-Based Cryptography --- p.25 / Chapter 3.8.1 --- The Boneh-Franklin Encryption Scheme --- p.26 / Chapter 3.8.2 --- Au and Wei's Identification Scheme and Signature Scheme --- p.27 / Chapter 4 --- Basics of WLAN Security and WEP --- p.29 / Chapter 4.1 --- Basics of WLAN Security --- p.29 / Chapter 4.1.1 --- "Overview on ""Old"" WLAN Security" --- p.29 / Chapter 4.1.2 --- Some Basic Security Measures --- p.29 / Chapter 4.1.3 --- Virtual Private Network (VPN) --- p.30 / Chapter 4.2 --- WEP --- p.31 / Chapter 4.2.1 --- Overview on Wired Equivalent Privacy (WEP) --- p.31 / Chapter 4.2.2 --- Security Analysis on WEP --- p.33 / Chapter 5 --- IEEE 802.11i --- p.38 / Chapter 5.1 --- Overview on IEEE 802.11i and RSN --- p.38 / Chapter 5.2 --- IEEE 802.1X Access Control in IEEE 802.11i --- p.39 / Chapter 5.2.1 --- Participants --- p.39 / Chapter 5.2.2 --- Port-based Access Control --- p.40 / Chapter 5.2.3 --- EAP and EAPOL --- p.40 / Chapter 5.2.4 --- RADIUS --- p.41 / Chapter 5.2.5 --- Authentication Message Exchange --- p.41 / Chapter 5.2.6 --- Security Analysis --- p.41 / Chapter 5.3 --- RSN Key Management --- p.43 / Chapter 5.3.1 --- RSN Pairwise Key Hierarchy --- p.43 / Chapter 5.3.2 --- RSN Group Key Hierarchy --- p.43 / Chapter 5.3.3 --- Four-way Handshake and Group Key Handshake --- p.44 / Chapter 5.4 --- RSN Encryption and Data Integrity --- p.45 / Chapter 5.4.1 --- TKIP --- p.45 / Chapter 5.4.2 --- CCMP --- p.46 / Chapter 5.5 --- Upper Layer Authentication Protocols --- p.47 / Chapter 5.5.1 --- Overview on the Upper Layer Authentication --- p.47 / Chapter 5.5.2 --- EAP-TLS --- p.48 / Chapter 5.5.3 --- Other Popular ULA Protocols --- p.50 / Chapter 6 --- Proposed IEEE 802.11i Authentication Scheme --- p.52 / Chapter 6.1 --- Proposed Protocol --- p.52 / Chapter 6.1.1 --- Overview --- p.52 / Chapter 6.1.2 --- The AUTHENTICATE Protocol --- p.56 / Chapter 6.1.3 --- The RECONNECT Protocol --- p.59 / Chapter 6.1.4 --- Packet Format --- p.61 / Chapter 6.1.5 --- Ciphersuites Negotiation --- p.64 / Chapter 6.1.6 --- Delegation --- p.64 / Chapter 6.1.7 --- Identity Privacy --- p.68 / Chapter 6.2 --- Security Considerations --- p.68 / Chapter 6.2.1 --- Security of the AUTHENTICATE protocol --- p.68 / Chapter 6.2.2 --- Security of the RECONNECT protocol --- p.69 / Chapter 6.2.3 --- Security of Key Derivation --- p.70 / Chapter 6.2.4 --- EAP Security Claims and EAP Methods Requirements --- p.72 / Chapter 6.3 --- Efficiency Analysis --- p.76 / Chapter 6.3.1 --- Overview --- p.76 / Chapter 6.3.2 --- Bandwidth Performance --- p.76 / Chapter 6.3.3 --- Computation Speed --- p.76 / Chapter 7 --- Conclusion --- p.79 / Chapter 7.1 --- Summary --- p.79 / Chapter 7.2 --- Future Work --- p.80 / Bibliography --- p.82

Wireless LANs--Security measures

IEEE 802.11 (Standard)

Call admission control for adaptive bit-rate VoIP over 802.11 WLAN.

January 2009

Cui, Yuanyuan. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2009. / Includes bibliographical references (p. 64-68). / Abstract also in Chinese. / Chapter Chapter 1 --- Introduction --- p.1 / Chapter 1 .1 --- Motivations and Contributions --- p.1 / Chapter 1.2 --- Related Works --- p.3 / Chapter 1.3 --- Organization of the Thesis --- p.4 / Chapter Chapter 2 --- Background --- p.5 / Chapter 2.1 --- IEEE 802.11 --- p.5 / Chapter 2.1.1 --- IEEE 802.11 Topologies --- p.5 / Chapter 2.1.2 --- IEEE 802.11 MAC --- p.8 / Chapter 2.2 --- Voice over Internet Protocol (VoIP) --- p.11 / Chapter 2.2.1 --- A VoIP system --- p.11 / Chapter 2.2.2 --- QoS requirements for VoIP --- p.11 / Chapter 2.2.3 --- VoIP speech codecs --- p.12 / Chapter 2.3 --- VoIP over WLAN --- p.13 / Chapter 2.3.1 --- System Architecture of VoIP over WLAN --- p.14 / Chapter 2.3.2 --- VoIP Capacity over WLAN --- p.15 / Chapter 2.4 --- Skype --- p.16 / Chapter Chapter 3 --- Skype Rate Adaptation Mechanism --- p.17 / Chapter 3.1 --- Experimental Setting --- p.17 / Chapter 3.2 --- Overview --- p.19 / Chapter 3.3 --- Flow Rate Region --- p.20 / Chapter 3.4 --- Feedback: Receiver Report (RR) --- p.21 / Chapter 3.5 --- Bandwidth Usage Target (BM) --- p.24 / Chapter 3.6 --- Summary of Skype Rate Adaptation Mechanism --- p.28 / Chapter 3.7 --- Skype-emulating Traffic Generator --- p.28 / Chapter Chapter 4 --- "Call Admission, Fairness and Stability Control" --- p.32 / Chapter 4.1 --- Unfair and Instability problems for AVoIP --- p.32 / Chapter 4.1.1 --- Analysis --- p.32 / Chapter 4.1.2 --- Simulation Evaluation --- p.34 / Chapter 4.2 --- CFSC scheme --- p.37 / Chapter 4.2.1 --- Pre-admission Bandwidth-reallocation Call Admission Control (PBCAC) --- p.39 / Chapter 4.2.2 --- Fairness Control --- p.42 / Chapter 4.2.3 --- Stability Control --- p.43 / Chapter Chapter 5 --- Performance Evaluation of CFSC --- p.44 / Chapter 5.1 --- Evaluation of Fairness Control --- p.44 / Chapter 5.2 --- Evaluation of Stability Control --- p.46 / Chapter 5.3 --- Evaluation of PBCAC --- p.46 / Chapter 5.4 --- Evaluation of complete CFSC --- p.49 / Chapter Chapter 6 --- Conclusion --- p.51 / Appendices --- p.53 / References --- p.64

Internet telephony

IEEE 802.11 (Standard)

Wireless LANs

802.11 positioning using signal strength fingerprinting

Salter, James William, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2008

The effectiveness of location aware applications is dependent on the accuracy of the supporting positioning system. This work evaluates the accuracy of an indoors 802.11 positioning system based on signal strength fingerprinting. The system relies on an empirical survey of signal strength prior to positioning. During this survey, signal strength recordings are made at a set of positions across the environment. These recordings are used as training data for the system during positioning. In this thesis, two surveying methods, five positioning algorithms, and two spatial output averaging methods are trialled. Accuracy is determined by empirical testing in two separate environments: a 100m square domestic house and the 1,333m square third floor of the University of New South Wales Computer Science and Engineering building. In the two environments, the lowest mean distance errors are 1.25m and 2.86m respectively.

Positioning.

802.11.

Wifi.

Fingerprinting.

Radio.

Localization.

Signal

Mobile IP Handover for WLAN

Falade, Olumuyiwa, Botsio, Marcellus

January 2010

<p>The past few years have seen great increases in the use of portable devices like laptops, palmtops, etc. This has also led to the dramatic increase demand on wireless local area networks (WLAN) due to the flexibility and ease of use that it offers. Mobile IP and handover are important issues to be considered as these devices move within and between different networks and still have to maintain connectivity. It is, therefore, imperative to ensure seamless mobile IP handover for these devices as they move about.</p><p>In this thesis we undertake a survey to describe the real processes involved in mobile IP handover in WLAN environment for different scenarios. Our work also identifies individual sources of delay during the handoff process, the sum total of which makes up the total latency. Other factors that could militate against the aim of having a seamless handoff in an inter-subnet network roaming were also considered as well as some proposed solutions. These factors are security, packet loss and triangle routing.</p>

Handoff

Handover

WLAN

Mobile IP

Roaming

802.11

Trådlös kommunikation för Anybus

Heigren, Robert, Otterdahl, Björn

January 2007

<p>The industry struggles with problems concerning physical damage to wires</p><p>and communication in remote areas. Introducing a wireless network can</p><p>provide a solution to these issues. However, introducing wireless</p><p>communication comes with a whole new line of problems that will be</p><p>covered in this report. By utilizing the wireless communication standard</p><p>IEEE 802.11 a product can easily be integrated into an existing wired</p><p>Ethernet network (IEEE 802.3).</p><p>An introduction to the standard IEEE 802.11 and a summary of existing</p><p>products utilizing the standard for embedded systems will be given</p><p>throughout the report. This report also tries to explain key parameters for</p><p>wireless communication in an industrial environment.</p><p>This project also consists of a design and an implementation part, where the</p><p>chosen IEEE 802.11 standard will be integrated into the existing wired</p><p>Anybus-S Ethernet module from the company HMS Industrial Networks.</p><p>The integration part of the project has resulted in a working prototype called</p><p>Anybus-S Ethernet Wireless that utilizes the IEEE 802.11b/g standard for</p><p>transferring data.</p><p>The project has been really fun to participate in and it has been successful in</p><p>the terms that a working prototype exists, and the authors have gained the</p><p>knowledge in the subject as intended.</p>

802.11

WLAN

Anybus

HMS

Industrial

Wireless

Experimental Analysis of Opportunistic Communication for Vehicular Internet Access

Hadaller, David

January 2008

This thesis examines the problem of using 802.11 hotspots for vehicular Internet access. In this access paradigm, a user in a vehicle performs batch transfers by opportunistically communicating with roadside 802.11 access points while driving along a highway. Despite the short connection duration, a significant amount of data can be transferred. Because complete coverage is not needed, this method of Internet access provides a low-cost alternative to using cellular technology for applications that can tolerate some delay and require large data transfer such as sending or receiving music, movies, or digital photographs. Although vehicular opportunistic connections offer the potential to transfer a large of amount of data, utilizing this potential is non-trivial because existing transport and data-link layer network protocols were not designed for this use. This thesis presents an experimental analysis of transport and data-link layer protocol operation at a level of detail not previously explored. We identify ten problems that cause a reduction of up to 50% of the amount of data that could have been transferred in this scenario. Our primary finding is that transmission errors during connection setup and inadequate MAC data rate selection are the main causes of the under-utilization of the connection. Based on these findings we make preliminary recommendations for best practices for using vehicular opportunistic connections. In particular, we argue that overall throughput could be significantly improved if environmental information was available to the lower layer network protocols.

802.11 WiFi

Vehicular Internet Access

Computer Science