In WLANs system to realize a data flow with access point, every station needed a connection set-up, afterwards, the transfer of data will be dependent on the mobility of the user, of the interference due to the radio channel characteristics and of the number of users in the WiFi coverage area. In this chapter, we show a technique to reduce the connection set-up time and develop a software to obtain this.
The connection set-up process consists of four phases: • Network discovery
• Authentication • Association
Figure 8.1: Connectin setup phases
• IP acquisition
all phases are showed in figure 8.1, we will discuss the different phases grouping them into two parts, they are:MAC level functionality and Network level functionality.
8.3.1
MAC level functionality
The first phase is Network discovery, in this phase, the stations can discover available access
points either passively or actively. Passive discovery uses beacon frames broadcasted by the wire- less access point (AP) at intervals of 100ms in generally.
We discuss the other two phases,Authentication and Association together, because, we consider
open and protected netwrork system, indeed,wpa_fast can managed both the solution. In the
case of open system, both, authentication and association phases are performed, but the procedure is very fast, because the association is not never deny. While, a security system uses different solu- tion, the most recent standard are WPA and WPA2. The WPA2 standards were created by the Wi-Fi Alliance industry group that promotes interoperability and security for the wireless LAN industry. The Wi-Fi Alliance WPA and WPA2 standards closely mirrors the official IEEE 802.11i wireless LAN security standards group, but incorporates additional IETF EAP standards that the Wi-Fi Alliance considers secure.
The WPA2 standard has two components, encryption and authentication which are crucial to a secure wireless LAN. The encryption piece of WPA2 mandates the use of AES (Advanced Encryp- tion Standard) but TKIP (Temporal Key Integrity Protocol) is available for backward compatibility with existing WAP hardware. The authentication piece of WPA2 has two modes: Personal and En- terprise. The Personal mode requires the use of a PSK (Pre-Shared Key) and does not require users to be separately authenticated. The Enterprise mode, which requires the users to be separately au- thenticated based on the IEEE 802.1X authentication standard, uses the Extended EAP (Extensible Authentication Protocol) which offers five EAP standards to choose from: EAP-Transport Layer Se- curity (EAP-TLS), EAP-Tunneled Transport Layer Security (EAP-TTLS), Protected EAP vo/EAP Mi- crosoft’s Challenge Handshake Authentication Protocol v2 (PEAPvo/EAP-MSCHAPv2), Protected EAP v1/EAP-Generic Token Card (PEAPv1/EAP-GTC) and EAP-Subscriber Identity Module of the
Global System of Mobile Communications (EAP-SIM)[52]. The Enterprise mode has the following hardware/software implementation requirements:
• Selection of EAP types that will be supported on stations, APs (Access Point), and authenti- cation servers.
• Selection and deployment of authentication servers typically RADIUS (Remote Authentica- tion Dial In User Service) based authentication servers.
• WPA2 software upgrades for APs and clients.
WPA2 establishes a secure communication context in four phases. In the first phase the
parties, AP and the client, will agree on the security policy (authentication method, protocol for unicast traffic, protocol for multicast traffic and pre-authentication method) to use that is sup- ported by the AP and the client. In the second phase (applicable to Enterprise mode only) 802.1X authentication is initiated between the AP and the client using the preferred authentication method to generate an MK (common Master Key). In the third phase after a successful authentication, tem- porary keys (each key has limited lifetime) are created and regularly updated; the overall goal of this phase is key generation and exchange. In the fourth phase all the previously generated keys are used by the CCMP protocol to provide data confidentiality and integrity.
8.3.2
Network level functionality
The last phase of the connection set-up is handled by network level and is the same for all low level, this phase provides aIP address.
DHCP provides an automated method for dynamic client configuration. This process occurs through a series of steps, illustrated in figure 8.1. Start with a broadcasting a "DHCP Discover message", the station sends this message at all DHCP servers available on the network to provide an address, all the DHCP server present in the network respond with a "DHCP Offer message". The client device may receive multiple offers if multiple servers are on the network. "DHCP Request message" is sended form a client that choose one offer. Since the client is not authorized to use the offered address yet, the "DHCP Request message" is still a broadcast. The client accepts the first offer received unless another offer matches the last IP address that the client had. With a "DHCP Ack message", the DHCP server finalizes the process with an acknowledgment, or Ack, allowing the client device to start using the address. In rare cases, the server issues a Negative Acknowledgment, because it may have decided that the address is not available in the milliseconds that have passed since it offered the address. Once an IP address is acquired, the connection set-up is complete and the data transfer can commence. The DHCP standard provides different latency time to ensure that all DHCP server can send the offer, and if no response is received for the DHCP Request or DHCP Discover messages, the sender waits for a period of time determined using an exponential back-off algorithm with an initial values of 4(±1) sec.