5. Slotted ALOHA
Only 18.4% of transmission time used for
successful frame transmissions
Version 2
Slotted ALOHA
Used discreet time slots
Station can only send at the beginning of a
time slot
All collisions at the beginning of a frame
7. Slotted ALOHA
Low-data-rate tactical satellite comms by
military
Subscriber based satellite comms networks
Mobile telephony call setup
Set top box comms
RFID
36.8% of transmission time used for
successful frame transmissions
8. Wireless
Range Max. Speed Frequency Year of release
Legacy 100m 2MB/s 2.4GHz 1997
802.11a 120m 54MB/s 5GHz 1999
802.11b 140m 11MB/s 2.4GHz 1999
802.11g 140m 54MB/s 2.4GHz 2003
802.11n 250m 150MB/s(per
stream)
2.4GHz+5GHz 2009
802.11ac 866.7MB/s 5GHz 2014
10. WEP
Only used for legacy anymore
Neil still uses this at his home but shhhhh.
Very broken
11. WEP
How is a WEP connection made?
Probe request Client >>> AP
Probe response AP >>> Client
Authentication request Client >>> AP
Challenge AP >>> Client
Challenge Response Client >>> AP
Association request AP >>> Client
Association reponse Client >>> AP
12. How it works
24-bit IV
(initialisation Vector)
Secret key
(40Bit or 104Bit)
Result 64-Bit or 128-Bit
RC4 PRNG
Key Stream
Plaintext
Message
XOR’ed
CiphertextIV
13. Whys that broken?
• Only 16million possible IV’s
• On a 11MB/s link, with packets of 1500
bytes, can exhaust all possible IV’s in 5~
hours
• More collisions, easier for statistical
attacks to calculate the original keystream
• Once you have keystream, you already
have the IV, not hard to work out the
secret key
14. WPA
• Replaced WEP
• Comes in 2 types, WPA and WPA2
• Each type has 2 flavours
– PSK (personal)
– Enterprise (802.1x + radius)
• WPA Had to use the same hardware as
WEP, only firmware updates allowed
• Used TKIP
15. WEP Vs. WPA
WEP WPA
Static session keys (always same key used
for session start)
Dynamic session keys (different keys used
for every session start)
18. The bigger picture
Pass phrase(8-63
chars)
Password Based Key Derivation Function (SSID)
Pre-shared Key
(256-bit)
4-Way handshake
Snounce
Anounce
AP MAC
Client MAC
PTK (Pairwise
transient key,
unique to session)
Pass phrase(8-63
chars)
Verify using MIC
21. WPS
• Simplifies WPA security for users
• Gives us a better in ;)
• Router breaks the key down into 2 sets of
4 numbers
• Tells client if a set it correct, even if the
other is wrong
• So, we have a lot fewer possibilities