Agnel Charities

Fr. C. Rodrigues Institute of Technology, Vashi, Navi-Mumbai

Department of Computer Engineering

Mobile Communication and

Computing

3/27/2024
 Chapter 4

Wireless Local Area Networks

3/27/2024
 Roadmap

 Wireless Local Area Networks : Introduction, Infrastructure and ad-hoc

network

 IEEE 802.11:System architecture , Protocol architecture , Physical layer,

Medium access control layer, MAC management, 802.11a, 802.11b

 Wi-Fi security: WEP, WPA, Wireless LAN Threats, Securing Wireless

Networks

 HIPERLAN 1 & HIPERLAN 2

 Bluetooth: Introduction, User Scenario, Architecture, protocol stack

3/27/2024
 Wireless v/s Wired Networks
Regulations of frequencies
• Limited availability, coordination is required
• Useful frequencies are almost all occupied
Bandwidth and delays
• Low transmission rates
• Few Kbps to some Mbps.
• Higher delays
• Several hundred milliseconds
• Higher loss rates
• Susceptible to interference, e.g., engines, lightning
Always shared medium
• Lower security, simpler active attacking
• Radio interface accessible for everyone
• Fake base stations can attract calls from mobile phones
• Secure access mechanisms important
 Difference Between Wired and Wireless

Ethernet LAN Wireless LAN

B
A B C
A C

If both A and C sense the channel to be idle at the same time, they send
at the same time.
Collision can be detected at sender in Ethernet.
Half-duplex radios in wireless cannot detect collision at sender.
 Introduction to Wireless LANs
Wireless LANs provide a new layer of flexibility & services to
the environments & users that can not be served well by the
traditional wired LAN.

Especially for uses who are becoming highly mobile within their
environments , wireless LANs is most effective way to provide
them with their information & services .

Wireless LANs represent a broad spectrum of capability that

supports limited distance local coverage , moderate distance
metropolitan coverage & longer distance coverage.
 Design goals for wireless LANs
Global, seamless operation
Low power for battery use
No special permissions or licenses needed to use the LAN
Robust transmission technology
Simplified spontaneous cooperation at meetings
Easy to use for everyone, simple management
Security (no one should be able to read my data), privacy (no
one should be able to collect user profiles), safety (low
radiation)
Transparency concerning applications and higher layer
protocols, but also location awareness if necessary
 Characteristics of wireless LANs
Advantages:
Very flexible within the reception area

Ad-hoc networks without previous planning possible

No wiring difficulties (e.g. historic buildings, firewalls)
ore robust against disasters like, e.g., earthquakes, fire - or users
pulling a plug...
No wearing out of connections..

Scalability to number of users.

 Characteristics of Wireless LANs
Disadvantages:

 Typically very low bandwidth compared to wired networks

due to shared medium

 Products have to follow many national restrictions if working

wireless, it takes a very long time to establish global solutions .

 Security concerns since shared transmission medium is used.

 Lower QoS as compared to wired LANS

Comparison: Infrared vs. Radio Transmission
Infrared Radio
• Uses IR diodes, diffuse light, multiple • Typically using the license free ISM
reflections (walls, furniture etc.) band at 2.4 GHz

Advantages Advantages
• Simple, cheap, available in many • Experience from wireless WAN and
mobile devices mobile phones can be used
• No licenses needed • Coverage of larger areas possible
• Simple shielding possible (radio can penetrate walls, furniture
etc.)
Disadvantages
• Interference by sunlight, heat sources
Disadvantages
etc. • Very limited license free frequency
bands
• Many things shield or absorb IR light
• Shielding more difficult, interference
• Low bandwidth
with other electrical devices
Example Example
• IrDA (Infrared Data Association)
• Many different products
interface available everywhere
Comparison: Infrastructure vs. Ad-hoc Networks
Sr. No. Infrastructure Networks Ad-hoc Networks

1. Different computers connected Connection is independent of

each other via access point access point
2. Access points are responsible for Every node has to have
coordinating media access and mechanisms for medium access
routing. and routing.
3. Simpler to design as most of the Design is complex.
functionality is in the access
point, complexity of individual
node is lesser.
4. Less flexible. More flexible.
5 Less fault tolerant, access point is More fault tolerant , crash of
the single point of failure. single node does not affect the
entire network.
6. Example : GSM Example :Bluetooth
Comparison: Infrastructure vs. Ad-hoc Networks
Infrastructure
Network

AP AP: Access Point

AP Wired Network AP

Ad-hoc network
 Comparison: Infrastructure vs. Ad-hoc Networks
Infrastructure
Network

AP AP: Access Point

AP wired network AP

Ad-hoc Network
 802.11 - Architecture of an Infrastructure Network

802.11 LAN Station (STA)

802.x LAN
 It is a device that contains the
functionality of 802.11 protocol.
access mechanisms to the wireless
STA1
BSS1 medium and radio contact to the
Portal access point.
Access
Point Basic Service Set (BSS)
Distribution System  Group of stations and access point
using the same radio frequency
Access
ESS Point Access Point
 Controls medium access and allows
BSS2 access to other networks. station
integrated into the wireless LAN
and the distribution system

STA2 802.11 LAN STA3

802.11 - Architecture of an Infrastructure Network
Portal
◦ Bridge to other (wired) networks
Distribution System
◦ Interconnection between several BSS to form a single network.
◦ Consists of bridged IEEE LANS , wireless or other networks.
Services offered are:
Distribution service: used to exchange MAC frames between stations of
different BSS.
Integration service: data transfer between stations of IEEE 802.11 LAN and
IEEE 802.x LAN
 Extended Service Set (ESS)
◦ Formed by 2 or more basic service sets interconnected by distribution system.
 802.11 - Architecture of an Ad-hoc Network

802.11 LAN
Direct communication within a limited
range
STA1
IBSS1 STA3  Station (STA):
Terminal with access mechanisms to the
wireless medium
STA2
Independent Basic Service Set
(IBSS):
Group of stations using the same radio
IBSS2
frequency

STA5

STA4 802.11 LAN

IEEE standard 802.11 Protocol Architecture and Bridging

Fixed
terminal
Mobile terminal

Infrastructure
network

Access point
application application
TCP TCP
IP IP
LLC LLC LLC
802.11 MAC 802.11 MAC 802.3 MAC 802.3 MAC
802.11 PHY 802.11 PHY 802.3 PHY 802.3 PHY
 802.11 - Layers and Functions

MAC: PLCP (Physical Layer Convergence

Protocol)
 Access mechanisms, Fragmentation,  Clear channel assessment
Encryption of a user data signal (carrier sense)
MAC Management PMD (Physical Medium Dependent)
 Modulation, coding of signals
 Synchronization of station to access
PHY Management
point, roaming, MIB, power  Channel selection, MIB
management
Station Management
 Coordination with both
management layers

Station Management
LLC
DLC

MAC MAC Management

PLCP
PHY

PHY Management
PMD
 802.11 - Physical layer (Classical)
3 versions: 2 layer based on radio transmission and 1 layer based on infra red
FHSS (Frequency Hopping Spread Spectrum)
Spread spectrum technique allowing co-existence of multiple networks in the same area
by separating diff networks using diff hopping sequence
DSSS(Direct sequence spread spectrum)
Spread spectrum method separating by code and not by frequency.
Spreading is achieved using 11-chip Barker sequence(+1,-1,+1,+1,-1,+1,+1,+1,-1,-1,-
1).robust against interference.
Infrared
It uses infrared light with wavelength 850-950 nm to transmit binary data., max range is
10 m .with 1-2 Mbps data rate..
Point-to-multipoint communication , very low coverage area., interference due to
sunlight.
 FHSS-PHY Packet Format
Synchronization
• synch with 010101... Pattern , used for synchronization of potential receivers
SFD (Start Frame Delimiter)
• 0000110010111101 start of frame provides frame synchronization
PLW (PLCP_PDU Length Word)
• length of payload incl. 32 bit CRC of payload, PLW < 4096
PSF (PLCP Signaling Field)
• Data rate of payload . all bits set to zero(0000) indicates lowest data rate of 1 Mbit/s.(1111)
indicates maximum i.e. 8.5 Mbit/s.
HEC (Header Error Check)
• PLCP header is protected by 16 bit checksum CRC with x16+x12+x5+1
80 16 12 4 16 variable bits
synchronization SFD PLW PSF HEC payload

PLCP preamble PLCP header

 DSSS PHY packet format
Synchronization
• Synch., gain setting, energy detection, frequency offset compensation. Consists of scrambled 1 bits.
SFD (Start Frame Delimiter)
• 1111001110100000
Signal
• Data rate of the payload (0A: 1 Mbit/s DBPSK; 14: 2 Mbit/s DQPSK)
Service
• Future use,
Length
• Length of the payload in microseconds
HEC (Header Error Check)
• Protection of signal, service and length, x16+x12+x5+1
128 16 8 8 16 16 variable bits
synchronization SFD signal service length HEC payload

PLCP preamble PLCP header

802.11 - MAC layer (Medium Access Control layer)
Traffic services
 Asynchronous Data Service (mandatory)
• Exchange of data packets based on “best-effort” no delay bounds for transmission
• Support of broadcast and multicast
 Time-Bounded Service (optional)
• Implemented using PCF (Point Coordination Function)
• Needs an access point to control medium access and avoid contention.

Access methods
 DFWMAC-DCF CSMA/CA (mandatory)
• Collision avoidance via randomized “back-off“ mechanism
• Minimum distance between consecutive packets
• ACK packet for acknowledgements (not for broadcasts)
 DFWMAC-DCF w/ RTS/CTS (optional)
• Distributed Foundation Wireless MAC
• Avoids hidden terminal problem
 DFWMAC- PCF (optional)
• Access point polls terminals according to a list
802.11 - MAC layer (Medium Access Control layer)

DCF offers only an asynchronous data service and includes 2 methods:

 CSMA/CD
 RTS/CTS
PCF offers asynchronous and time bounded services via a contention free polling method
Priorities 802.11 – Medium Access parameters
• Defined through different inter frame spaces
 SIFS (Short Inter Frame Spacing)
• Shortest waiting time for medium access, highest priority packets eg ACK, CTS,
polling response can access medium after SIFS
 PIFS (PCF Inter Frame Spacing)
• Medium priority time-bounded service .It is SIFS plus one slot time
 DIFS (DCF, Distributed Coordination Function IFS)
• Longest waiting time for medium access
• lowest priority, for asynchronous data service
• SIFS+ 2 Slots
DIFS DIFS
PIFS
SIFS
medium busy contention next frame
t
direct access if
medium is free  DIFS
 802.11 - CSMA/CA Access Method I
contention window
DIFS DIFS (randomized back-off
mechanism)

medium busy next frame

direct access if t
medium is free  DIFS slot time
Station ready to send starts sensing the medium (Carrier Sense based on CCA, (Clear
Channel Assessment))
If the medium is free for the duration greater than DIFS ,the station directly access the
medium.
If the medium is busy, the station has to wait till medium free , once medium free, the
station waits for DIFS and then enter contention phase . each node chooses random back-
off timer (collision avoidance, multiple of slot-time) and does not access the medium till
timer expires
If another station occupies the medium during the back-off time of the station, the back-
off timer stops (fairness).
If a node senses medium is free , even after its timer expires, then node can immediately
access the medium.
 802.11 - competing stations - simple version
DIFS DIFS DIFS DIFS
boe bor boe bor boe busy
station1

boe busy
station2

busy
station3

boe busy boe bor

station4

boe bor boe busy boe bor

station5
t

busy medium not idle (frame, ack etc.) boe elapsed backoff time

packet arrival at MAC bor residual backoff time

 802.11 - CSMA/CA Access Method
Sending unicast packets
 Station has to wait for DIFS before sending data
 Receivers acknowledge at once (after waiting for SIFS) if the packet
was received correctly (CRC)
 Automatic retransmission of data packets in case of transmission
errors

DIFS
data
sender
SIFS
ACK
receiver
DIFS
other data
stations t
waiting time contention
 DFWMAC-DCF with RTS/CTS extension
Sending unicast packets
Station can send RTS with reservation parameter after waiting for DIFS (reservation
determines amount of time the data packet needs the medium)
Acknowledgement via CTS after SIFS by receiver (if ready to receive)
Sender can now send data at once, acknowledgement via ACK
Other stations store medium reservations distributed via RTS and CTS
NAV: Net allocation Vector
DIFS
RTS data
sender
SIFS SIFS
CTS SIFS ACK
receiver

NAV (RTS) DIFS

other NAV (CTS) data
stations t
defer access contention
 Fragmentation

DIFS
RTS frag1 frag2
sender
SIFS SIFS SIFS
CTS SIFS ACK1 SIFS ACK2
receiver

NAV (RTS)
NAV (CTS)
NAV (frag1) DIFS
other NAV (ACK1) data
stations t
contention
 DFWMAC-PCF with Polling

t0 t1
SuperFrame

medium busy PIFS SIFS SIFS

D1 D2
point
coordinator SIFS SIFS
U1 U2
wireless
stations
stations‘ NAV
NAV
 DFWMAC-PCF

t2 t3 t4

PIFS SIFS
D3 D4 CFend
point
coordinator SIFS
U4
wireless
stations
stations‘ NAV
NAV contention free period contention t
period
 802.11 - Frame format
Duration/ID: indicates period of time in which medium is occupied.
Types-function of the frame
◦ control frames(01), management frames(00), data frames(10)
◦ Subtype : management frame is e.g.0000 for association request, RTS is control frame with
subtype 1011
Sequence control
◦ Helps to identify duplicate frames due to lost ACKs
Addresses
◦ 1-receiver, 2-transmitter (physical), 3&4-logical assignment of frames BSS identifier,
(logical) sender & receiver
bytes 2 2 6 6 6 2 6 0-2312 4
Frame Duration/ Address Address Address Sequence Address
Data CRC
Control ID 1 2 3 Control 4

bits 2 2 4 1 1 1 1 1 1 1 1
Protocol To From More Power More
Type Subtype Retry WEP Order
version DS DS Frag Mgmt Data
 802.11 - Frame format
More Fragments: this field is set to1 if there is another fragment
attached to the current MSDU.
Retry : If the current frame is retransmission of earlier frame, this bit
is set to 1,hence duplicates can be eliminated.
Power management: mode of the station after successful transmission
of a a frame.
1-station is in power-save mode, 0-station is active.
More data- used to indicate to the receiver that sender has more data
than the current frame.
Wired equivalent privacy(WEP)-This field indicates that standard
security mechanism is applied.
Order- if this bit is 1the received frames must be processed in strict
order
 MAC Address Format
scenario to DS from address 1 address 2 address 3 address 4
DS
ad-hoc network 0 0 DA SA BSSID -
infrastructure 0 1 DA BSSID SA -
network, from AP
infrastructure 1 0 BSSID SA DA -
network, to AP
infrastructure 1 1 RA TA DA SA
network, within DS

DS: Distribution System SA: Source Address

BSSID: Basic Service Set Identifier AP: Access Point
DA: Destination Address RA: Receiver Address
TA: Transmitter Address

Address 1- identifies the physical receiver

Address2- identifies the physical transmitter of the frame
Address3-logical assignment of the frame
Address 4- to identify the original source of DS
 Special Frames: ACK, RTS, CTS
bytes 2 2 6 4
ACK Frame Receiver
Duration CRC
Control Address
Acknowledgement

bytes 2 2 6 6 4
Frame Receiver Transmitter
RTS Duration CRC
Control Address Address
Request To Send

bytes 2 2 6 4
Frame Receiver
CTS Duration CRC
Control Address
Clear To Send
 802.11 - MAC management
Synchronization
• Try to stay within a LAN, Synchronization of internal clocks
• Generation of beacon signals
Power management
•Sleep-mode without missing a message
•Frame buffering, traffic measurements
Roaming
•Joining a network
•Roaming, i.e. change networks by changing access points
•Scanning, i.e. active search for a network
MIB - Management Information Base
•All parameters representing current state of wireless station n
access point are stored n managed within a MIB
 Synchronization Using a Beacon (Infrastructure)

beacon interval

B B B B
access
point
busy busy busy busy
medium
t
value of the timestamp B beacon frame
 Synchronization using a Beacon (ad-hoc)

beacon interval

B1 B1
station1

B2 B2
station2

busy busy busy busy

medium
t
value of the timestamp B beacon frame random delay
 Power management
Idea: Switch the transceiver off if not needed . The transmitter goes into sleep
mode when there is no data to send . However , transmitter cannot receive data in
sleep mode
States of a station: sleep and awake
Infrastructure
•Traffic Indication Map (TIM) is transmitted along with the beacon
•Contains a list of unicast receivers for which data is buffered by AP
•TSF assures that sleeping stations weak up periodically and listen to TIM and
beacon
•Delivery Traffic Indication Map (DTIM)
•Contains a list of broadcast/multicast receivers transmitted by AP
Ad-hoc
•Ad-hoc Traffic Indication Map (ATIM)
•announcement of receivers by stations buffering frames
•more complicated - no central AP
•collision of ATIMs possible (scalability)
 Power saving with wake-up patterns
(infrastructure)
DTIM interval TIM interval

D B T T d D B
access
point
busy busy busy busy
medium

p d
station
t
T TIM D DTIM awake

B broadcast/multicast p PS poll d data transmission

to/from the station
Power saving with wake-up patterns (ad-hoc)
ATIM
window beacon interval

B1 A D B1
station1

B2 B2 a d
station2

t
B beacon frame random delay A transmit ATIM D transmit data

awake a acknowledge ATIM d acknowledge data

 802.11 - Roaming
Moving between access points is called roaming
No or bad connection? Then perform:
Scanning-active search for another BSS
• Passive- i.e., listen into the medium for beacon signals to find another
network. or
• Active- send probes into the medium and wait for an answer
Association Request
• Station sends a request to one or several AP(s) depending on signal strength.
Association Response
• Success: new AP has answered, station can now participate
• Failure: continue scanning for new access point
AP accepts association Request
• Signal the new station to the distribution system
• The distribution system updates its data base (i.e., location information)
• Typically, the distribution system now informs the old AP so it can release
resources
 HIPERLAN (historical)
Stands for high performance radio local area network
HIPERLAN 1 as a WLAN allowing for node mobility and supporting both
infrastructure n Adhoc topologies
Enhancement of local Networks and interworking with fixed networks
• integration of time-sensitive services from the early beginning
• HIPERLAN 1 standardized since 1996 – no products!

higher layers
medium access logical link
network layer
control layer control layer
channel access medium access
data link layer
control layer control layer
physical layer physical layer physical layer

HIPERLAN layers OSI layers IEEE 802.x layers

 HIPERLAN 1 - Characteristics
Data transmission
•Point-to-point, point-to-multipoint, connectionless
•23.5 Mbit/s, 1 W power, 2383 byte max. packet size
Services
•Synchronous and time-bounded services
Topology
•Infrastructure or ad-hoc networks
•Transmission range can be larger then coverage of a single
node
Further mechanisms
•Power saving, encryption, checksums
 HIPERLAN 1 - Physical layer
Scope
• Modulation, demodulation, bit and frame synchronization
• Forward error correction mechanisms
• Measurements of signal strength
• Channel sensing
Channels
• 3 mandatory and 2 optional channels (with their carrier frequencies)
• Mandatory
• Channel 0: 5.1764680 GHz
• Channel 1: 5.1999974 GHz
• Channel 2: 5.2235268 GHz
• Optional
• Channel 3: 5.2470562 GHz
• Channel 4: 5.2705856 GHz
 HIPERLAN 1 - CAC sub layer
Channel Access Control (CAC)
• Assure that terminal does not access forbidden channels
• Priority scheme, access with EY-NPMA(elimination-yield non preemptive
multiple access mechanism)
Priorities
• 5 priority levels for QoS support is offered to provide requested QOS
• QoS is mapped onto a priority level with the help of the packet lifetime (set
by an application)
• If packet lifetime = 0 it makes no sense to forward the packet to the receiver
any longer
• Standard start value 500ms, maximum 16000ms
• If a terminal cannot send the packet due to its current priority, waiting time
is permanently subtracted from lifetime
• Based on packet lifetime, waiting time in a sender and number of hops to
the receiver, the packet is assigned to one out of five priorities
 HIPERLAN 1 - MAC layer
Supports time-bounded services via a priority scheme
Packet forwarding
• Support of directed (point-to-point) forwarding and broadcast forwarding (if
no path information is available)
• Support of QoS while forwarding
Encryption mechanisms
• Encryption and decryption mechanisms integrated using a simple XOR
scheme together with random numbers.
Power conservation mechanisms
• Allows terminals to go to sleep mode when it do not have data to send.
• Mobile terminals can agree upon awake patterns (e.g., periodic wake-ups to
receive data)
• Some nodes in the networks must be able to buffer data for sleeping terminals
and to forward them at the right time (so called stores)
 Information bases(HIPERLAN networking)
Route Information Base (RIB) - how to reach a destination
◦ [destination, next hop, distance]
Neighbor Information Base (NIB) - status of direct neighbors
◦ [neighbor, status]
Hello Information Base (HIB) - status of destination (via next hop)
◦ [destination, status, next hop]
Alias Information Base (AIB) - address of nodes outside the net
◦ [original MSAP address, alias MSAP address]
Source Multipoint Relay Information Base (SMRIB) - current MP status
◦ [local multipoint forwarder, multipoint relay set]
Topology Information Base (TIB) - current HIPERLAN topology
◦ [destination, forwarder, sequence]
Duplicate Detection Information Base (DDIB) - remove duplicates
◦ [source, sequence]
 Ad-hoc networks using HIPERLAN
Information Bases (IB):
2 RIB RIB: Route
1 Forwarder NIB NIB: Neighbor
RIB HIB HIB: Hello
NIB AIB AIB: Alias
HIB DDIB SMRIB: Source Multipoint Relay
AIB
TIB: Topology
SMRIB
DDIB: Duplicate Detection
TIB
DDIB
4 Forwarder 3
RIB
5 NIB
RIB HIB
NIB RIB AIB
HIB NIB DDIB
AIB HIB
DDIB AIB RIB
SMRIB NIB 6
TIB HIB
DDIB AIB Forwarder
neighborhood SMRIB
TIB
(i.e., within radio range) DDIB
 HiperLAN2 (historical)
Official name: BRAN HIPERLAN Type 2(broadband radio access network)
H/2, HIPERLAN/2 also used
Operates at 5Ghz,High data rates for users
Connection oriented
QoS support
Dynamic frequency selection
Security support
Strong encryption/authentication
Mobility support
Network and application independent
Power save modes
Plug and Play
 HiperLAN2 Architecture and Handover
Scenarios
AP
MT1
APT APC Core
1 Network
MT2 (Ethernet,
Firewire,
3 AP ATM,
MT3 APT
UMTS)
APC
2
MT4 APT

• HIPERLAN operates in 2 modes:

• Centralized mode(CM)
• Direct mode(DM)
 Centralized vs. Direct mode(Basic structure)

AP AP/CC

control control
control
data
data
MT1 MT2 MT1 MT2 MT1 MT2 +CC
data control

Centralized Direct
 HiperLAN2 Protocol Stack

Higher layers

DLC control Convergence layer DLC user

SAP SAP

Radio link control sublayer Data link control -

basic data
Radio DLC
resource
Assoc.
conn.
transport function
control Scope of
control control
HiperLAN2
Error
standards
control
Radio link control

Medium access control

Physical layer
 HiperLAN2 Protocol Stack
Physical layer- handles modulation, synchronization, signal
detection, forward error correction.
Data link control layer- contains MAC functions, the RLC
sub layer and error control functions
DLC user part contains error control mechanisms
Radio link control sub layer- Contains
Association control function(ACF)- controls association and
authentication of new MTs as well as synchronization of the
radio cell via beacons.
DLC user connection control- controls connection setup ,
modification, and release.
Radio resource control(RRC)-handles handover between
AP’s and within an AP.
Highest Layers- segmentation and reassembly
 Overview: Original HIPERLAN protocol family
HIPERLAN 1 HIPERLAN 2 HIPERLAN 3 HIPERLAN 4
Application wireless LAN access to ATM wireless local point-to-point
fixed networks loop wireless ATM
connections
Frequency 5.1-5.3GHz 17.2-17.3GHz
Topology decentralized ad- cellular, point-to- point-to-point
hoc/infrastructure centralized multipoint
Antenna omni-directional directional
Range 50 m 50-100 m 5000 m 150 m
QoS statistical ATM traffic classes (VBR, CBR, ABR, UBR)
Mobility <10m/s stationary
Interface conventional LAN ATM networks
Data rate 23.5 Mbit/s >20 Mbit/s 155 Mbit/s
Power yes not necessary
conservation

HIPERLAN 1 never reached product status,the other standards have been

renamed/modified
 Handover Scenarios

Inter sector handover (sector handover)

•If APT makes use of sectorized antennas and if MT moves from
one sector to another controlled by same APT.
Inter APT/Intra AP(Radio handover)
•If MP moves from one sector controlled by one APT to another
sector controlled by another APT, within the same AP.
Inter AP/intra network(network handover)
•When MT moves from one AP to another AP but stays within
the same core network.
 Bluetooth
Idea
• Universal radio interface for ad-hoc wireless connectivity
• Interconnecting computer and peripherals, handheld devices, PDAs, cell
phones – replacement of IrDA
• Embedded in other devices,
• Short range (10 m), low power consumption, license-free 2.45 GHz ISM
• Voice and data transmission, approx. 1 Mbit/s gross data rate

One of the first modules (Ericsson).

Bluetooth
 Characteristics
2.4 GHz ISM band, 79 (23) RF channels, 1 MHz carrier spacing
•Channel 0: 2402 MHz … channel 78: 2480 MHz
•G-FSK modulation, 1-100 mW transmit power
FHSS and TDD
•Frequency hopping with 1600 hops/s
•Hopping sequence in a pseudo random fashion, determined by a master
•Time division duplex for send/receive separation
Voice link – SCO (Synchronous Connection Oriented)
•FEC (forward error correction), no retransmission, 64 Kbit/s duplex, point-to-
point, circuit switched
Data link – ACL (Asynchronous Connectionless)
•Asynchronous, fast acknowledge, point-to-multipoint, up to 433.9 Kbit/s
symmetric or 723.2/57.6 Kbit/s asymmetric, packet switched
Topology
•Overlapping piconets (stars) forming a scatternet
 Piconet
Collection of devices connected in an ad hoc
fashion
P
S
One unit acts as master and the others as
slaves for the lifetime of the piconet S
M P

Master determines hopping pattern, slaves

SB S
have to synchronize
P SB
Each piconet has a unique hopping pattern

Participation in a piconet = synchronization M=Master P=Parked

to hopping sequence S=Slave SB=Standby

Each piconet has one master and up to 7

simultaneous slaves (> 200 could be parked)
 Forming a Piconet
All devices in a piconet hop together
•Master gives slaves its clock and device ID
•Hopping pattern: determined by device ID (48 bit, unique worldwide)
•Phase in hopping pattern determined by clock
Addressing
•Active Member Address (AMA, 3 bit)
•Parked Member Address (PMA, 8 bit)
P 
SB  S
SB S
SB M P
SB SB
SB S
SB SB P 
SB  SB
SB
 Scatternet
Linking of multiple co-located piconets through the sharing of common master or
slave devices
Devices can be slave in one piconet and master of another
Communication between piconets
Devices jumping back and forth between the piconets
Piconets
(each with a
capacity of
P
S S 720 kbit/s)

S
P
P
M
M
SB S
M=Master P SB SB
S=Slave
P=Parked S
SB=Standby
 Scatternet

User scenarios

a) Connection of peripheral devices

b) Bridge to internet
 Bluetooth Protocol Architecture
 Bluetooth has a layered protocol architecture
• Core protocols
• Cable replacement and telephony control protocols
• Adopted protocols
 Core protocols
• Radio
• Baseband
• Link manager protocol (LMP)
• Logical link control and adaptation protocol (L2CAP)
• Service discovery protocol (SDP)

66
 Bluetooth Protocol Technology
The following MAC procedures support the asynchronous
connectionless or connection-oriented (ACL) and synchronous
connection-oriented (SCO) link delivery services:

• The baseband (BB) layer, specifying the lower level operations

at the bit and packet levels, e.g., forward error correction (FEC)
operations, encryption, cyclic redundancy check (CRC)
calculations, Automatic Repeat Request (ARQ) Protocol.

• The link manager (LM) layer, specifying connection

establishment and release, authentication, connection and
release of SCO and ACL channels, traffic scheduling, link
supervision, and power management tasks.

67
 Bluetooth Protocol Technology
The Logical Link Control and Adaptation Protocol (L2CAP)
layer, forming an interface to standard data transport protocols.
It handles the multiplexing of higher layer protocols and the
segmentation and reassembly (SAR) of large packets.
 The data stream crosses the LM layer, where packet scheduling
on the ACL channel takes place.
The audio stream is directly mapped on an SCO channel and
bypasses the LM layer.
The LM layer, though, is involved in the establishment of the
SCO link.
 Bluetooth Protocol Technology
Control messages are exchanged between the LM layer and
the application.
The 2.4 GHz industrial, scientific, and medical (ISM) band
PHY signaling techniques and interface functions that are
controlled by the IEEE 802.15.1-2005 MAC.
Above the L2CAP layer may reside the Serial Cable
Emulation Protocol based on ETSI TS 07.10 (RFCOMM),
Service Discovery Protocol (SDP), Telephone Control
Protocol specification (TCS), voice-quality channels for audio
and telephony, and other network protocols.
 These protocols are necessary for interoperability for end-
user products, but are outside the scope of this standard
Bluetooth Protocol Architecture

Protocol Stack

70
Bluetooth Protocol Architecture

Usage Models

71
Usage Models

72
 Security
User input (initialization)
PIN (1-16 byte) Pairing PIN (1-16 byte)

Authentication key generation

E2 E2
(possibly permanent storage)

link key (128 bit) Authentication link key (128 bit)

Encryption key generation

E3 E3
(temporary storage)

encryption key (128 bit) Encryption encryption key (128 bit)

Keystream generator Keystream generator

payload key Ciphering payload key

Cipher data
Data Data
Difference between IEEE 802.11, HYPERLAN, Bluetooth
Difference between IEEE 802.11, HYPERLAN, Bluetooth