//Cyber Battlefield/Networking – Wireless

In this lesson we will delve into the world of wireless networking. The most important lessons to take away from today are the differences between wired and wireless networking and how that impacts how we design and use our wireless networks.

Where does wireless fit?

To understand how wireless networks differ from wired networks (and what their similarities are) it helps to go back to our TCP/IP Stack:

 Data Link

It should be pretty obvious that the Physical Layer will be different with wireless networks: radios instead of wires. The important point is that the only other layer that changes is the Data Link Layer, everything else is the same. When a host is connected wirelessly, it still has an IP address, still uses TCP and UDP, still browses the web with HTTP and resolves host names with DNS. In other words:

    Wired                          Wireless
    -same-       Application        -same-
    -same-        Transport         -same-
    -same-         Network          -same-
e.g. Ethernet →   Data Link    ←  e.g. 802.11n
  e.g. cables →    Physical    ←  e.g. radios

Wi-Fi – 802.11

Just as Ethernet is the most common physical/link standard for wired networks, there is a standard called 802.11 that is the most common standard for wireless networking. If you've seen the term Wi-Fi, that refers to 802.11 wireless networking. We will restrict our discussion of wireless networks to 802.11 wireless networks, just as we restricted our discussion of wired networks to Ethernet.

In fact, 802.11 is a family of standards: now encompassing 802.11a, 802.11b, 802.11g, and 802.11n. The standard has evolved fairly quickly, and the letters further down in the alphabet are more recent (and faster!) versions. The next version of the standard, 802.11ac, was approved in January 2014, and will likely become mainstream in the coming years.

802.11 defines two "modes" of operation: ad hoc and infrastructure. Infrastructure mode is most relevant to your experience, so we'll stick to talking about it and ignore ad hoc mode entirely.

A wireless network: The basic setup

There is some terminology associated with 802.11 wireless networking. So a base station with a collection of host stations is very similar to a single, isolated wired network with hosts and a hub/switch. Just as with the wired network, the hosts must have their IP Address and subnet masks set. And just as with the wired network, in order to communicate with another host on the network, a host has to label each packet with the MAC address of the recipient host. And just as with a wired network, without a gateway router there is no communication with other networks. However, there are a few issues that arise with wireless networks that we don't have with wired networks.

Problem 1: Which Network?

What if there are multiple base stations within range of my radio ... which network am I on? There is no analogous problem in a wired network. What hub/switch you're plugged into is unambiguous. The solution to this is to give each wireless network a name, called its Service Set IDentifier (SSID), so that a host can identify by name which wireless network it wants to join when multiple base stations are within range. You may have seen a dialogue box pop up to ask you which wireless network you want to join. If so, what you got to choose from was a list of SSIDs.

Problem 2: Multiple Base Stations Same Network

What if a base station's (or host's) signal strength is insufficient to allow all the host stations I want on the network to communicate with the base station? In the wired world we can just grab a longer cable, but a radio transmission has a maximum detection range based on power output and is affected by environmental factors (just like AM/FM transmissions). To solve this, 802.11 allows multiple base stations to act as a single network. So although there are different base stations, they share a common Extended Service Set Identifier (ESSID), a common SSID, and all host stations connected to any one of these base stations are on the same network. Conceptually, this works as if we had one super base station, even if that isn't literally true, so we will continue as if there is always one base station for a network.

Problem 3: Who Else is in Range?

We can't effectively control who transmits on and receives our wireless network's frequency, so anyone within range can listen in on 802.11 traffic or broadcast 802.11 traffic. This means we can not:

  1. control who can join our network,
  2. provide privacy (Confidentiality Pillar of Cyber Security) from people who have not joined our network but are none-the-less snooping (i.e., listening to the radio traffic).

This problem doesn't really exist with wired networks, because we are so much better able to control what hosts are part of the network (simply by controlling physical access to rooms and equipment like switches), and because you have to be part of the network to monitor traffic. With wireless, however, anyone near enough to a base station can send and receive.

The most common solution to both these problems is to encrypt (encode) the data you broadcast in such a way that only the people you want on the network can decrypt (decode). To join/scramble/unscramble one needs a "key". Will learn more about encryption later, but in this context a bigger key means harder for outsiders to decrypt (unscramble).

There are three common standards for this, from oldest (and weakest) to newest (and strongest) they are:

Note that this encryption occurs at the Link Layer, so that all the layers above are unaware that anything was ever encrypted.

Connecting to an internet

Finally, we'd like the host stations on our wireless network to be able to communicate with hosts on other networks. To do this, the base station needs to be connected to a router — which will become the gateway router for the host stations on the network.

Note that for home use, one typically gets a single box that acts as router, switch, and Wi-Fi base station all at once.

is really

How does the wireless infrastructure at USNA relate to this lesson?

You might ask how your experience with the Naval Academy's wireless relates to what we've learned in this lesson?

Network protocol used by your CAC.

Communication between your CAC and the CAC reader only requires the Physical and Link Layers: the protocol that is used is ISO/IEC 7816-3. This is analogous to other Physical/Link Layer protocols like Ethernet (IEEE 802.3) and Wi-Fi (IEEE 802.11).

Listening to the many 802.11 radios out there!

During class hours on the second floor of Michelson, there are lots and lots of 802.11 radios broadcasting. It's instructive to try out some tools that allow you to see how many are broadcasting, how strong their signals are, what type of encryption they're using, and other information of that sort. One such tool is Xirrus Wifi Inspector Download . If you run the tool, you are presented with a variety of options for visualizing all the Wifi signals your host is receiving.

If you want to try it out, my suggestion is to first click on the Networks button on the Home tab. This shows a list of devices, each with a unique BSSID (MAC Address), along with their SSID's, signal strength, encryption type, etc. During class hours on the 2nd floor of Michelson, you'll probably want to filter out a lot of those entries. It's instructive to try this out: right-click on the SSID column heading and choose Filter Editor. Set the filter to
SSID Does not equal <Non-broadcasted>
... to filter out everything except base stations that are actually broadcasting an SSID — i.e., announcing their name to the world.