Essential Wi-Fi

Wi-Fi Security: WPA

In the last two months, we covered WEP (802.11's original security technology) and LEAP (an initial attempt at improving 802.11's security). Even though LEAP was better than WEP, it was less than ideal: among other faults, its encryption and authentication were eventually broken and it was a proprietary standard (released by Cisco), so cross-vendor support was difficult. Although 802.11i, which used much stronger encryption and authentication than either WEP or LEAP was in development, it would be over a year before the IEEE finalized the 802.11i standard. To address the need for stronger, vendor-neutral authentication and encryption, the Wi-Fi Alliance released the WPA (Wi-Fi Protected Access) certification.

Like any standard, the 802.11 standard might be interpreted in slightly different ways by different vendors. This mixed interpretation can result in incompatibilities between 802.11 vendors, which would serve to fragment the marketplace and hamper 802.11's growth. The Wi-Fi Alliance was formed to ensure that vendors' equipment was minimally compliant with the 802.11 standard and that the equipment would interoperate with other vendors' 802.11 equipment. Vendors submit their 802.11 equipment to the Wi-Fi Alliance, which runs the equipment through a series of functionality tests. Once the equipment passes the tests, it receives Wi-Fi certification. Consumers can be assured that all Wi-Fi certified equipment will meet certain minimum standards of interoperability.

It's common for vendors to release technology that is based on a pre-release version of a standard. We saw this with 802.11g, when vendors released "pre-g" equipment six months or so before 802.11g was finalized. This tends to create the exact kind of fragmentation of the marketplace that the Wi-Fi Alliance was formed to prevent. To prevent that from happening with 802.11i, the Wi-Fi Alliance released the WPA certification. The WPA certification was essentially a "standard snap-shot" of a subset of the features defined in the pre-release 802.11i standard. Through WPA certification, vendors could have a standard reference for their "pre-802.11i" products. One advantage of WPA certification is that the majority existing hardware could be updated to support WPA with only firmware and driver upgrades. A second advantage was that the Wi-Fi Alliance required WPA support as a prerequisite of Wi-Fi certification. Since most vendors wanted Wi-Fi certification for their hardware, this meant that WPA's enhanced security was quickly rolled out to the marketplace.

WPA addressed some of the weaknesses in WEP. It provided per-station, dynamic WEP keys, meaning that administrators didn't have to manually assign keys and that keys would automatically change periodically. For users with a RADIUS authentication server, it provided for RADIUS authentication through the 802.1x protocol. This type of authentication is generally more secure than authentication based on WEP keys. Users without RADIUS servers (such as nearly all home and small-office users) could use a pre-shared key (PSK), which is essentially a password that is typed into the clients and the access points. The clients and access points then use the PSK to derive the keys that are used for encryption.

WPA greatly increased the security of 802.11 networks and is currently the strongest encryption and security method that is widely available. But WPA is still not as strong as the full 802.11i standard. For example, in order to retain compatibility with existing hardware, WPA continued to use the relatively-weak RC4 encryption that was specified by WEP. 802.11i uses the much-stronger AES encryption, but pre-802.11i hardware didn't have enough processor power to handle AES encryption.

 Technology and Engineering

Fade Margin, and Rain Fade

Fade margin is a standard telecommunications term that refers to the amount of “extra” energy in a communications channel. To put it another way, fade margin is the amount by which the signal can fade below its normal power level without disrupting the communications link. For example, if it’s determined that a certain point-to-point RF bridge link requires a minimum output power of 18 dBm, and the link is actually putting out 24 dBm, the link has a fade margin of 24 dBm – 18 dBm = 6 dBm.

In RF, fading is caused by changes in the environment between the transmitter and the receiver. For example, a person might walk between you and the AP, you might accidentally put your hand over the antenna of your PCMCIA card, you might turn in your chair so that your laptop is between the PCMCIA card and the access point, and so on. The environment between an 802.11 transmitter (an access point) and an 802.11 client is infinitely complex and constantly changing. RF interactions like reflection, refraction, and scattering mean that in indoor environments, there is never a single, simple line of sight between a transmitter and a receiver. Therefore, the signal strength that a client perceives can fade unpredictably, even when the client is sitting still.

Fade margin is important because the signal strength will vary due to changes in the environment. But it’s also important because the real implementation of a WLAN will always differ somewhat from even the best predictions. For example, the desired minimum signal strength for a certain WLAN installation might be -75 dBm. Based on certain factors, Connect802’s engineer might determine that a 10 dB fade margin is appropriate. Therefore, the entire WLAN would be planned based on a minimum signal strength of -65 dBm throughout. This ensures that, even if the real implementation differs from the predictions, it’s likely that coverage will still be as good or better than the desired minimum signal strength.

A spectrum user requires varying degrees of detail when estimating the coverage or reliability of a transmission system. For frequency management and general planning purposes it may be sufficient to make simple (and optimistic) assumptions based on Free Space Path Loss (which accounts for spatial spreading losses). Additional detail can be incorporated into a design model to improve the accuracy of the predictions. The International Telephony Union (ITU) has a number of recommendations described in the ITU Radio Regulations (ITU-R P.620-5, ITU-R P.837-4, ITU-R P.1546-1, and revisions in ITU-R P.620-5). Weather monitoring stations around the world report rainfall rates which are used to determine both average rain amounts as well as local gradients in rainfall (where, for example, a low-lying area receives more or less rainfall than a higher-elevation location a few miles away).

As the transmitted signal energy passes through water droplets it is both absorbed and scattered to varying degrees. Absorption is the aspect where part (or all) of the energy is converted to heat as it penetrates the water droplet. Scattering is the disruption of the direction of travel of the RF signal as it passes through the non-uniform shape, and differing density of the water droplet. Scattering may cause refraction of the wave (bending due to the difference in density between the air and the water) or diffraction (bending of the signal around the edges of an object that is smaller than 1 wavelength).

The loss of signal strength resulting from transmission through free, unobstructed space, can be estimated with a high degree of accuracy by applying one of several mathematical formulas called "free space propagation models." Modeling formulas have been created to represent a number of different situations including urban areas, areas with many hills and valleys, and generally flat, open areas. These models take into consideration the various effects of signal reflection, diffraction, and refraction, as well as the reduction in signal power resulting from the expanding spherical wavefront.

The Friis Free Space Equation (in decibel form) is used to derive the results obtained using the Connect802 Path Link Budget and Antenna Calculator. This model provides a good estimate of signal attenuation and received signal strength when a clear, unobstructed line-of-sight (LOS) exists between transmitter and receiver. The Friis equation is the most widely employed formula for calculating path loss and is often seen written in a form similar to the following:

dBLoss = 96.6 + 20 Log10 (distance in miles) + 20 Log10 (frequency in GHz)

You may see this equation presented with a different "constant of proportionality" (the "96.6" value) when the units (miles, GHz) are different. Of course, for a design involving obstructions, building interiors, or specific noise or interference sources, the Connect802 Suite Spot Predictive Site Survey, employing RF modeling and simulation software, provides a design that incorporates a more complete picture of the wireless network installation location.

To Infinity... and Beyond!

Rain Fade in the Jungles of Malaysia

Last month, Connect802 provided design specifications for a 120km (75 mile) point-to-point microwave link through the Malaysian jungle. In the town, the last tower hosted not only the 6-foot parabolic dish for the point-to-point microwave link but a FireTide Mesh Router with an 8 dBi omnidirectional antenna as well. The mesh router "cloud" was how the buildings in the town were interconnected, with in-building Wi-Fi access points for client connectivity. Frankly, we discovered that Rain Fade was significant beyond what much popular literature suggests. We found some very well-written reports and literature that suggested that Rain Fade was insignificant below 10 GHz, and in another case, the suggestion was that Rain Fade was insignificant below 7 GHz. With a sufficiently long link, however, we found Rain Fade considerations to be critical even at 2.4 GHz!

Be Careful About Pre-N MIMO Products!

This month, we continued to see many news stories about vendors releasing "pre-802.11n" products using "multiple-in/multiple-out" (MIMO) antenna technology. These products have been announced by, among others, Belkin, Airespace, and Linksys. Although MIMO shows enormous promise for increasing the range, reliability, and data rates of 802.11 networks, Connect802's position is that consumers should avoid "pre-802.11n" products if at all possible. There is no guarantee that these products will be compatible with the eventual 802.11n standard, and vendors will definitely stop producing "pre-n" equipment once 802.11n is finalized. This means that anyone who buys "pre-n" equipment today risks being unable to buy compatible equipment down the road. Imagine if you couldn't buy more PCMCIA cards to use with your 802.11g access points. That's the kind of position that you are potentially putting yourself in if you buy "pre-n" equipment today. On the other hand, if you can find a vendor who guarantees that its "pre-n" equipment will be firmware-upgradeable to the 802.11n standard, buying the "pre-n" equipment might be safe, but given that nobody knows what PHY the eventual 802.11n standard will use, we don't think vendors can possibly make that guarantee. We certainly haven't heard of any who do.

Vonage Offers Wi-Fi VoIP Phone

The Internet-based VoIP provider Vonage announced last month that it would ship its F-1000 Wi-Fi handset. The handset allows Vonage customers to make VoIP calls from any Wi-Fi connection with Internet access. Like all Vonage calls, calls from the F-1000 handset can terminate at both other Vonage customers and regular analog telephone numbers (Vonage provides bridging between their VoIP network and the analog phone network).

This development is quite exciting, and confirms Connect802's analysis that VoIP and 802.11 will continue to converge, but the F-1000 phone is not without its downside. It remains to be seen how the phone will authenticate to "captive portal" hotspots-- where the user must log in through a web browser before being allowed to access the Internet. In addition, the F-1000 doesn't address the fundamental issue that many people already have a cell phone with essentially unlimited minutes. In that case, why carry two handsets (the F-1000 and your cell phone) when you can just carry one (your cell phone)? We believe that, in order to truly take advantage of VoIP and Wi-Fi convergence, a vendor must release a handset that is capable of making calls over both the cellular networks and 802.11 networks.