19CS697 -

Wireless Networks
Unit II - WIRELESS LOCAL
AND PERSONAL AREA
NETWORKS
Dr.S.Kavi Priya
[email protected]
9842295563
Wireless LAN Technology
 Wireless LAN
 Use of a wireless transmission medium for a local area network
 Backbone wired LAN, such as Ethernet, that supports servers,
workstations, and one or more bridges or routers to link with
other networks
 Control Module (CM) – interface (bridge or router) to a
wireless LAN and uses access control logic, like polling or
token-passing
 Hubs or other user modules (UMs) - control a number of
stations off a wired LAN, a part of wireless LAN configuration
Single-cell Wireless LAN
Multiple-cell Wireless LAN
Wireless LAN Applications
 LAN Extension
 Cross-building interconnect
 Nomadic Access
 Ad hoc networking
LAN Extension
 Wireless LAN linked into a wired LAN on
same premises
 Wired LAN
 Backbone
 Support servers and stationary workstations
 Wireless LAN
 Stations in large open areas
 Manufacturing plants, stock exchange trading
floors, and warehouses
Cross-Building Interconnect
 Connect LANs in nearby buildings
 Wired or wireless LANs
 Point-to-point wireless link is used
 Devices connected are typically bridges or
routers
Nomadic Access
 Wireless link between LAN hub and mobile
data terminal equipped with antenna
 Laptop computer or notepad computer
 Uses:
 Transfer data from portable computer to office
server
 Extended environment such as campus
 Ad Hoc Networking
 Temporary peer-to-peer network set up to meet immediate need
 peer collection of stations within the range of each other may
dynamically configure themselves into a temporary network using
Bluetooth, ZigBee etc.
 Example: Group of employees with laptops convene for a meeting; employees
link computers in a temporary network for duration of meeting
 WLAN Capabilities
 Cellular data offloading: Spectrum available in mobile cellular networks is limited and
costly to consumers. Mobile devices such as smartphones, laptops, and tablets can use
higher capacity WLANs in high density locations such as shopping malls, enterprises,
universities, and even sporting venues.
 Sync/file transfer: Multi-gigabit Wi-Fi (Wireless Fidelity) allows synchronization between
devices 10 times faster than previous Wi-Fi that eliminates the need to use cables to
synchronize mobile devices
 Internet Access: Multi-gigabit Wi-Fi enables faster Internet access, eliminating any
significant bottlenecks from the WLAN.
 Multimedia Streaming: Streaming uncompressed video can require 3 Gbps, and streaming
of compressed video has issues of quality and latency. Wi-Fi can be more suitable than
other proposed wireless approaches because of its larger deployment, user awareness,
support for IP networking, ease of connection, and standardized security mechanism.
Wireless LAN Requirements
 Throughput
 Number of nodes
 Connection to backbone LAN
 Service area
 Battery power consumption
 Transmission robustness and security
 Collocated network operation
 License-free operation
 Handoff/roaming
 Dynamic configuration
 Wireless LAN Physical Layer
 Use unlicensed spread spectrum and OFDM techniques shared by many users
 Except for quite small offices, a wireless LAN makes use of a multiple-cell arrangement
 Adjacent cells make use of different center frequencies within the same band to avoid
interference
 Within a given cell, the topology can be either hub or peer to peer
 In a hub topology, the hub is typically mounted on the ceiling and connected to a
backbone wired LAN to provide connectivity to stations
 The hub may also control access, as in the IEEE 802.11 point coordination by acting as a multiport repeater
 In this case, all stations in the cell transmit only to the hub and receive only from the hub
 Alternatively, and regardless of access control mechanism, each station may broadcast using an
omnidirectional antenna so that all other stations in the cell may receive; this corresponds to a logical bus
configuration.
 One other potential function of a hub is automatic handoff of mobile stations
 A peer-to-peer topology is one in which there is no hub. A MAC algorithm such as
carrier sense multiple access (CSMA) is used to control access. This topology is
appropriate for ad hoc LANs.
 Wireless LAN Physical Layer
 Necessary characteristic of a wireless LAN is
licensing regulations that differ from one country
to another, which complicates
 Spread spectrum wireless LANs operate using
either direct sequence spread spectrum (DSSS) or
OFDM
 Recent advances using OFDM, along with
channel bonding and multiuser multiple-input-
multiple-output (MIMO), have increased channel
rates to well over 1 Gbps.
 IEEE 802 Architecture
 working group developed for prominent specifications of WLANs
 Protocol Architecture
 Functions of physical layer:
 Encoding/decoding of signals (e.g., PSK, QAM, etc.)
 Preamble generation/removal (for synchronization)
 Bit transmission/reception
 Includes specification of the transmission medium and the topology
 Physical layer subdivided into sublayers in IEEE 802.11:
 Physical layer convergence procedure (PLCP): Defines a method of mapping
802.11 MAC layer protocol data units (MPDUs) into a framing format suitable for
sending and receiving user data and management information between two or more
stations using the associated PMD sublayer.
 Physical medium dependent (PMD) sublayer: Defines the characteristics of, and
method of transmitting and receiving, user data through a wireless medium between
two or more stations.
 Protocol Architecture
 Functions of Medium Access Control (MAC) Layer:
 On transmission, assemble data into a frame with address and error detection fields
 On reception, disassemble frame and perform address recognition and error detection
 Govern access to the LAN transmission medium
 Functions of Logical Link Control (LLC) Layer:
 Provide an interface to higher layers and perform flow and error control

Note: Separation of MAC & LLC is done for the following reasons:
 The logic required to manage access to a shared-access medium is not found
intraditional layer 2 data link control
 For the same LLC, several MAC options may be provided
Protocol Architecture
 MAC Frame Format
 MAC control
 Contains Mac protocol information E.g. Priority level
 Destination MAC address
 Destination physical attachment point on LAN for this frame
 Source MAC address
 Source physical attachment point
 CRC
 Cyclic Redundancy Check (Also called Frame Check Sequence
(FCS) error-detecting code to detect errors and discarding any
frames that are in error
 Logical Link Control
 Keeps track of which frames have been successfully received and
retransmits unsuccessful frames
 Concerned with the transmission of a link-level PDU between two
stations, without the necessity of an intermediate switching node
 Specifies the mechanisms for addressing stations across the
medium and for controlling the exchange of data between two
users based on HDLC
 Characteristics of LLC not shared by other control protocols:
 Must support multiaccess, shared-medium nature of the link
 Relieved of some details of link access by MAC layer
 LLC Services
 Unacknowledged connectionless service
 datagram-style service that requires minimum logic
 No flow and error control mechanisms
 Data delivery not guaranteed
 Useful since allow higher layers of software like TCP to provide the necessary
reliability and flow control mechanism and avoids duplicating them
 Useful since it avoids overhead of connection establishment and maintenance
 Connection-mode service
 Similar to HDLC
 Logical connection set up between two users
 Flow and error control provided
 Implemented in very simple devices
 LLC Services
 Acknowledged connectionless service
 Cross between previous two
 Datagrams acknowledged
 No prior logical connection is setup
 LLC maintain table for each active connection, to keep track of the
status of that connection
 Example: automated factory environment where a central site
communicate with a large number of processors and programmable
controllers and handling of important time-critical alarm or emergency
control signals in which user might not want to take the time to
establish a logical connection and then send the data.
Vendor provide these services as options that customer can select when purchasing the equipment
 Differences between LLC and HDLC
 LLC uses asynchronous balanced mode of operation of
HDLC (type 2 operation) to support connection-mode
LLC service
 LLC supports unacknowledged connectionless service
(type 1 operation) using unnumbered information PDU
with error detection and discard at the MAC level
 LLC supports acknowledged connectionless service (type
3 operation) using two new unnumbered PDUs
 LLC permits multiplexing using LLC Service Access
Points (LSAPs)
LLC PDU
 LLC
 Destination Service Access Point (DSAP) - 7-bit destination address and source -
One bit of DSAP indicates whether DSAP is an individual or group address
 Service Access Point (SSAP) - 7-bit source address - One bit of the SSAP indicates
whether the PDU is a command or response PDU
 Two other PDU types, XID and TEST, are used to support management functions
associated with all three types of operation:
 An LLC entity may issue a command (C/R bit = 0) XID or TEST
 Receiving LLC entity issues a corresponding XID or TEST in response
 XID PDU is used to exchange two types of information: types of operation supported
and window size
 TEST PDU is used to conduct a loopback test of the transmission path between two
LLC entities
 Upon receipt of a TEST command PDU, the addressed LLC entity issues a TEST
response PDU as soon as possible.
IEEE 802.11 Standards
IEEE 802.11 Standards
IEEE 802.11 Standards
IEEE 802.11 Architecture
 IEEE 802.11 Architecture
 Basic Service Set (BSS) (also referred cell)
 Smallest building block of WLAN
 Consists of number of stations executing the same MAC protocol and competing for access to same
shared wireless medium
 Isolated or connected to backbone DS through AP
 Client stations do not communicate directly with one another
 Association between station and BSS is dynamic since stations may turn off, come within range and
go out of range.
 Access point (AP)
 Functions as a bridge and a relay point
 if one station in BSS wants to communicate with another station in the same BSS, the MAC frame
is first sent from the originating station to the AP, and then from the AP to the destination station
 MAC frame from a station in the BSS to a remote station is sent from the local station to the AP and
then relayed by the AP over the DS on its way to the destination station
 IEEE 802.11 Architecture
 Distribution System (DS)
 Can be a switch, a wired network (wired backbone LAN), or a wireless network
 Independent BSS (IBSS)
 Ad hoc network, When all the stations in the BSS are mobile stations, with no connection to
other BSSs
 All stations communicate directly, and no AP is involved
 Extended Service Set (ESS)
 Two or more basic service sets interconnected by DS
 Appears as a single logical LAN to the LLC level
 Portal
 Integrate the IEEE 802.11 architecture with a traditional wired LAN
 Implemented in a device, such as a bridge or router, that is part of the wired LAN and attached to
the DS
 IEEE 802.11 Services
 Two ways of categorizing services
1. Service provider can be either the station or the DS. Station services are
implemented in every 802.11 station, including AP stations. Distribution
services are provided between BSSs; these services may be implemented
in an AP or in another special-purpose device attached to the distribution
system
2. Three of the services are used to control IEEE 802.11 LAN access and
confidentiality. Six of the services are used to support delivery of MAC
service data units (MSDUs) between stations. The MSDU is the block of
data passed down from the MAC user to the MAC layer; typically this is
an LLC PDU. If the MSDU is too large to be transmitted in a single MAC
frame, it may be fragmented and transmitted in a series of MAC frames
IEEE 802.11 Services
 Distribution of Messages Within a DS
 Distribution service
 Used by stations to exchange MAC frames from station in one BSS to station in another
BSS through DS. Example: To send frames from STA 2 to STA 7; Frame sent from
STA 2 to STA 1(AP for this BSS), AP gives frame to DS, DS directs frame to AP
associated with STA 5 in the target BSS, STA 5 receives frame and forwards it to STA
7
 If communicating two stations are within the same BSS, then distribution service goes
single AP of that BSS.
 Integration service
 Transfer of data between station on wired IEEE 802.11 LAN (physical connection) and
station on integrated IEEE 802.x LAN (logical connection)
 Takes care of any address translation and media conversion logic required for exchange
of data
 Association-Related Services
 Primary purpose of MAC layer is to transfer MSDUs between MAC entities by distribution service
that requires information about stations within the ESS, which is provided by the association-
related services.
 Before distribution service can deliver data to or accept data from a station, that station must be
associated.
 Transition Types Based On Mobility
 No transition
 Stationary or moves only within BSS (direct communication range)
 BSS transition
 Station moving from one BSS to another BSS within same ESS
 Delivery of data to the station requires addressing capability to recognize new location of station
 ESS transition
 Station moving from BSS in one ESS to BSS within another ESS
 disruption of service likely to occur
 Association-Related Services
 To deliver message within DS, the distribution service needs to know where destination
station is located i.e DS needs to know the identity of the AP to which the message should be
delivered to reach the destination station. To meet this requirement, a station must maintain
an association with the AP within its current BSS. Three services relate to this requirement:
 Association
 Establishes initial association between station and AP within BSS
 AP communicate with other APs within ESS to facilitate routing and delivery of addressed frames
 Reassociation
 Enables transfer of association from one AP to another, allowing station to move from one BSS to
another
 Disassociation
 Association termination notice from AP or station before leaving an ESS or shutting down. MAC
management facility protects itself against stations that disappear without notification
 IEEE 802.11 Medium Access Control
 MAC layer covers three functional areas:
 Reliable data delivery
 Access control
 Security
 Reliable Data Delivery
 Noise, interference, and other propagation effects result in the loss of a significant number
of frames. Even with error-correction codes
 More efficient to deal with errors at the MAC level than higher layer(like TCP)
 Frame exchange protocol
 Source station transmits data
 Destination responds with acknowledgment (ACK)
 If source doesn’t receive ACK within short time, it retransmits frame
 Exchange treated as atomic unit, not interrupted other station transmission
 Four frame exchange
 Source issues Request To Send (RTS)
 Destination responds with Clear To Send (CTS)
 Source transmits data
 Destination responds with ACK
 RTS/CTS alerts all other stations within range to avoid transmission in order to avoid
collision
 Medium Access Control
 Distributed Access Protocols:
 distribute the decision to transmit over all the nodes using a
carrier-sense mechanism
 Good for ad hoc network of peer workstations with bursty
traffic
 Centralized Access Protocols:
 involve regulation of transmission by a centralized decision
maker
 good for base station that attaches to a backbone wired LAN
which have time sensitive or high priority data
IEEE 802.11 Protocol Architecture
 IEEE 802.11 Protocol Architecture
 Distributed Foundation Wireless MAC (DFWMAC)
 Distributed Coordination Function (DCF):
 Lower sublayer of the MAC layer uses a contention algorithm (like

CSMA (carrier sense multiple access) algorithm) to provide access to

all traffic
 If a station has a MAC frame to transmit, it listens to the medium. If the

medium is idle, the station may transmit; otherwise the station must
wait until the current transmission is complete before transmitting
 Does not include a collision detection function

 Ordinary asynchronous traffic directly uses DCF

 Dynamic range of the signals on the medium is very large

 Includes a set of delays that amounts to a priority scheme like

InterFrame Space (IFS)

Rules for CSMA using IFS
 Interframe Space (IFS) Values
 Short IFS (SIFS)
 Shortest IFS

 Used for immediate response actions

 Any station using SIFS to determine transmission opportunity has, in

effect, the highest priority, because it will always gain access in

preference to a station waiting an amount of time equal to PIFS or DIFS
 Point coordination function IFS (PIFS)
 Midlength IFS

 Used by centralized controller in PCF scheme when issuing polls

 Distributed coordination function IFS (DIFS)

 Longest IFS

 Used as minimum delay of asynchronous frames contending for access

 IFS Usage
 SIFS
 Acknowledgment (ACK)
 Clear to send (CTS)
 Poll response
 PIFS
 Used by centralized controller in issuing polls
 Takes precedence over normal contention traffic
 DIFS
 Used for all ordinary asynchronous traffic
 IEEE 802.11 Protocol Architecture
 Point Coordination Function (DCF):
 Centralized MAC algorithm used to provide contention-free service

 PCF is built on top of DCF and exploits features of DCF to assure

access for its users

 Polling by the centralized polling master (point coordinator)

 Point coordinator makes use of PIFS when issuing polls because PIFS is

smaller than DIFS, the point coordinator can seize the medium and lock
out all asynchronous traffic while it issues polls and receives responses
 Point coordinator lock out all asynchronous traffic by repeatedly issuing

polls. To prevent this, an interval known as superframe is defined.

During the first part of this interval, the point coordinator issues polls in
a round-robin fashion to all stations configured for polling. The point
coordinator then idles for the remainder of the superframe, allowing a
contention period for asynchronous access
 MAC Frame - MAC protocol data unit
(MPDU) Fields
 Frame Control – Frame type (Control, management or type), control information (frame is to or from
a DS, fragmentation privacy information)
 Duration/connection ID – Channel allocation time for successful transmission of frames in ms. In
control frames it denotes association, or connection, identifier
 Addresses – context dependent 48 bit address, types include transmitter/source and
receiver/destination. service set identifier (SSID) identifies the WLAN over which a frame is
transmitted
 Sequence control – 4-bit fragment number subfield, used for fragmentation and reassembly, and a 12-
bit sequence number used to number frames sent between a given transmitter and receiver.
 QoS Control: IEEE 802.11 quality of service (QoS) information
 High Throughput Control: Control bits related to the operation of 802.11n, 802.11ac, and 802.11ad
 Frame Body: Contains an MSDU (LLC protocol data unit or MAC control information) or a
fragment of an MSDU
 Frame Check Sequence: 32-bit cyclic redundancy check
 Frame Control Fields
 Protocol version – 802.11 version
 Type – frame type as control, management, or data
 Subtype – identifies function of frame (refer figure in next slide)
 To DS – 1 if destined for DS
 From DS – 1 if leaving DS
 More fragments – 1 if fragments follow
 Retry – 1 if retransmission of previous frame
 Power management – 1 if transmitting station is in sleep mode
 More data – Indicates that station has more data to send
 WEP – 1 if wired equivalent protocol is implemented
 Order – 1 if any data frame is sent using the Strictly Ordered service
MAC Frame Types
 Control Frame Subtypes
 Data Frame Subtypes
 Management Frame Subtypes
 Control Frame Subtypes
assist in the reliable delivery of data frames
Power save – poll (PS-Poll) , request that the AP transmit a frame that has
been buffered for this station while the station was in power-saving mode
Request to send (RTS)


Clear to send (CTS)



Acknowledgment


Contention-free (CF)-end - Announces the end of a contention-free period

i.e part of PCF
CF-end + CF-ack - Acknowledges the CF-end and ends the contention-free
period and releases stations from the restrictions associated with that period
 Data Frame Subtypes
 Data-carrying frames
 Data - data frame used in both contention and contention-free period
 Data + CF-Ack - only sent during a contention-free period, carries data and acknowledges
previous received data
 Data + CF-Poll - Used by a point coordinator to deliver data to a mobile station and
request that the mobile station send a data frame that it may have buffered
 Data + CF-Ack + CF-Poll - Combines the functions of the Data + CF-Ack and Data + CF-
Poll into a single frame
 Other subtypes (don’t carry user data)
 Null Function - data frame carries no data, polls, or acknowledgments and used to carry
the power management bit in the frame control field to the AP, to indicate that the station is
changing to a low-power operating state
 CF-Ack – Same functionality as above without carrying data
 CF-Poll – Same functionality as above without carrying data
 CF-Ack + CF-Poll – Same functionality as above without carrying data
 Management Frame Subtypes
manage communications between stations and APs
Association Request - Sent by a station to an AP to request an association with this BSS and
includes capability information, such as whether encryption is used /whether this station is
pollable
Association Response - Returned by the AP to the station to indicate whether it is accepting this
association request
Reassociation Request - Sent by a station when it moves from one BSS to another and needs to
make an association with the AP in the new BSS so that the new AP negotiate with old AP for the
forwarding of data frames
Reassociation Response - Returned by the AP to the station to indicate whether it is accepting
this reassociation request
Probe Request - Used by a station to obtain information from another station or AP and used to
locate an IEEE 802.11 BSS
Probe Response - Response to a probe request
 Management Frame Subtypes
 Beacon - Transmitted periodically to allow mobile stations to locate and
identify a BSS
 Announcement traffic indication message - Sent by a mobile station
to alert other mobile stations that may have been in low power mode
that this station has frames buffered and waiting to be delivered to the
station addressed in this frame
 Dissociation - Used by a station to terminate an association
 Authentication- Multiple authentication frames are used in an
exchange to authenticate one station to another
 Deauthentication- Sent by a station to another station or AP to indicate
that it is terminating secure communications
IEEE 802.11 Physical Layer
IEEE 802.11b Physical-Layer Frame
Structure
 Physical-Layer Frame Structure
 PLCP (Physical Layer Convergence Protocol): Preamble field enables the receiver to
acquire an incoming signal and synchronize the demodulator
 Subfields: a 56-bit Sync field for synchronization and a 16-bit start- of-frame delimiter (SFD)
 Preamble-transmitted at 1Mbps using differential BPSK/Barker code spreading
 PLCP Header, is transmitted at 2 Mbps using DQPSK with subfields:
 Signal: Specifies data rate at which MPDU part of frame transmitted
 Service: 3 bits of 8-bit field is used in 802.11b - One bit indicates whether transmit frequency
and symbol clocks use same local oscillator - Another bit indicates whether CCK or PBCC
encoding is used - A third bit acts as an extension to the Length subfield
 Length: Indicates length of MPDU in number of microseconds to transmit MPDU. For data
rate > 8 Mbps, length extension bit in Service field is needed to resolve a rounding ambiguity
 CRC: 16-bit error-detection code used to protect Signal, Service, and Length fields
 MPDU - consists of a variable number of bits transmitted at the data rate specified in the
Signal subfield.
 Prior to transmission, all of the bits of the physical layer PDU are scrambled
 IEEE 802.11a Channel Structure
 IEEE 802.11a, developed To meet the needs OF
truly high-speed WLAN
 Uses frequency band, Universal Networking
Information Infrastructure (UNNI), i.e divided
into three parts:
 UNNI-1band (5.15 to 5.25 GHz) - intended for indoor use
 UNNI-2 band (5.25 to 5.35 GHz) - used either indoor or
outdoor
 UNNI-3 band (5.725 to 5.825 GHz) – used for outdoor use
 IEEE 802.11a Advantages over IEEE 802.11b/g
 Utilizes more available bandwidth than 802.11b/g
since each UNNI band provides four nonoverlapping
channels for a total of 12 across the allocated
spectrum
 IEEE 802.11a provides much higher data rates than
802.11b and the same maximum data rate as 802.11g.
 IEEE 802.11a uses a different, relatively uncluttered
frequency spectrum (5 GHz)
IEEE 802.11a Channel Structure
 IEEE 802.11a Coding and Modulation
 Unlike 2.4 GHz, IEEE 802.11a do not use spread spectrum scheme but rather uses
OFDM (multicarrier modulation), uses multiple carrier signals at different frequencies,
sending bits on each channel
 OFDM is similar to FDM but all of the subchannels are dedicated to single data source
in OFDM
 To complement OFDM, the specification supports variety of modulation and coding
alternatives
 System uses up to 48 subcarriers that are modulated using BPSK, QPSK, 16-QAM, or
64-QAM
 Subcarrier frequency spacing is 0.3125 MHz
 Each subcarrier transmits at a rate of 250 kbaud
 Convolutional code at a rate of 1/2, 2/3, or 3/4 provides forward error correction
(FEC)
 Combination of modulation technique and coding rate determines the data rate.
IEEE 802.11a Physical-Layer Frame
Structure
 IEEE 802.11a Physical-Layer Frame
Structure
 Physical layer transmits MPDUs directed by 802.11 MAC layer
 PLCP Preamble- enables receiver to acquire incoming OFDM signal and synchronize demodulator
transmitted at 6Mbps using BPSK
 Signal field - 24 bits encoded as a single OFDM symbol transmitted at 6 Mbps using BPSK with subfields:
– Rate: data rate at which frame data transmitted
– r: reserved for future use
– Length: Number of octets in the MAC PDU
– P: Even parity bit for the 17 bits in the Rate, r, and Length subfields
– Tail: 6 zero bits appended to symbol to bring convolutional encoder to zero state
 Data field - Variable number of OFDM symbols transmitted at data rate specified in Rate subfield. Prior to
transmission, all of the bits of the Data field are scrambled and has four subfields:
‾ Service: 16 bits, with first 7 bits set to zeros to synchronize descrambler in receiver, and remaining 9 bits (all zeros)
reserved for future use
‾ MAC PDU: Handed down from the MAC layer
‾ Tail: Produced by replacing six scrambled bits following MPDU end with 6 bits of all zeros to reinitialize the
convolutional encoder
‾ Pad: Number of bits required to make Data field a multiple of number of bits in an OFDM symbol (48, 96, 192, or
288)
 IEEE 802.11g
 Supports 20 Mbps to 54 Mbps data rates
 Operates in 2.4 GHz range and thus compatible with 802.11b/g specifying the same
modulation and framing schemes
 Data rates 1, 2, 5.5, and 11 Mbps are directly compatible
 At data rates of 6, 9, 12, 18, 24, 36, 48, and 54 Mbps, 802.11g adopts 802.11a OFDM scheme,
adapted for the 2.4 GHz rate referred as ERP- OFDM (Extended Rate Physical layer)
 ERP- PBCC scheme provides data rates of 22 and 33 Mbps
 IEEE 802.11n
 Increases the data throughput, effective
throughput and overall capacity of 802.11
networks altering antenna architecture and the
MAC frame structure
 Operates in both 2.4 GHz and 5 GHz bands, hence
upwardly compatible with 802.11a or 802.11b/g
 Uses MIMO, enhancements in radio transmission,
and MAC
 IEEE 802.11n MIMO
 Transmitter employs multiple antennas; benefits by using multiple parallel streams,
beamforming, diversity, or multiuser MIMO
 Source data stream is divided into n substreams, one for each of the n transmitting antennas
 Individual substreams are input to transmitting antennas (multiple input)
 At receiving end, m antennas receive transmissions from n source antennas via a
combination of line-of-sight transmission and multipath
 Outputs from m receiving antennas (multiple output) are combined
 No. of different combinations for no. of transmitters and the no. of receivers, from 2 * 1 to
4*4
 Four parallel streams increase total transmitted data rate approx. by a factor of 4
 Additional transmitter/receiver increases SNR
 only one spatial stream is required from the AP station
 Supports optional features such as four streams in both directions, transmit beamforming,
and space-time block coding to improve diversity reliability
 IEEE 802.11n Radio Transmission
Schemes Enhancements
 Channel bonding, combines two 20 MHz channels to create a 40 MHz channel to
increase capacity with 108 carriers per 40 MHz, 2.25 times the original bandwidth
 Uses 4μs symbol like 802a/g, in cases where multipath is not significant, 400ns
guard interval is used, reducing symbol time to 3.6 μs and improves data rate by
11%; for another 11% increase, increase highest encoding rate to 5/6 to achieve
maximum of 150 Mbps per 40 MHz, and 600 Mbps for 4 parallel streams
 32 different modulation and coding (MCS) combinations where AP and station
work together to estimate channel conditions and find the best fit
 Supports, high throughput mode (known as greenfield operation), where these
headers (to recognize 802.11n devices using channel) and RTS/CTS messages do
not need to be included if an environment is free of legacy devices
 IEEE 802.11n MAC Enhancements
 Aggregate multiple MAC frames into a single block for transmission. Once a station acquires
transmission medium, transmit long packets without significant delays between transmissions
significantly improved transmission capacity
 Receiver send single block acknowledgment, Since Throughput is affected if every frame requires an
ACK, along with the DIFS and SIFS times between every frame
 Physical header associated with transmission is sent only at the beginning of aggregated frame, rather
than one physical header per individual frame. Each frame no longer requires its own ACK and the
associated IFS times
 Three forms of aggregation:
 A MSDU aggregation combines multiple MSDUs into a single MPDU to get single MAC header and single FCS for
all of the MSDUs rather than for each of the MSDUs. However, if a bit error occurs in one of the MSDUs, all of the
aggregated MSDUs must be retransmitted
 A MPDU aggregation combines multiple MPDUs in a single physical transmission, only a single physical-layer
header is needed which is less efficient since each MPDU includes the MAC header and FCS. However, if a bit error
occurs in one of the MPDUs, only that MPDU needs to be retransmitted
 A-MPDU of A- MSDU, the two forms of aggregation can be combined
 If aggregation not used, 802.11n use a new 2 μs reduced interframe space (RIFS) between packets
when transmitted in a group, instead of an SIFS of 10 μs for 2.4 GHz or 16 μs for 2.4 GHz
IEEE 802.11n Forms of Aggregation
 GIGABIT WI-FI
 Provide Wi-Fi networks that operate
at well in excess of 1 Gbps
 802.11ac
 802.11ad
 IEEE 802.11ac
 Operates in channels in 5 GHz with enhancements in:
 Bandwidth: maximum bandwidth of 802.11n is 40 MHz; the maximum
bandwidth of 802.11ac is 160 MHz
 Signal encoding: 802.11n can use 64 QAM with OFDM, and 802.11ac can
use 256 QAM with OFDM, more bits can be encoded per symbol and use
forward error correction with code rate of 5/6 (ratio of data bits to total bits)
 MIMO: With 802.11n, there can be a maximum of 4 channel input and 4
channel output antennas; 802.11ac increases this to 8 * 8
IEEE 802.11ac
 IEEE 802.11ac - Bandwidth Expansion
 CSMA Techniques: 802.11ac devices set primary channels and perform standard clear
channel assessment procedures over those channels. Then see if additional secondary channels
can be used to expand the bandwidth to up to 160 MHz. If the full bandwidth is not available,
the device may restart the contention and backoff process. 802.11ac devices may also
dynamically adjust their bandwidth allocations in every frame according to channels that are
available.
 Spectrum Considerations: The 5 GHz ISM bands are less congested, which helps limit
interference for 802.11ac supports an 80 + 80 MHz format where two noncontiguous 80 MHz
bands can be combined
 RTS- CTS: To test if requested channel is available, the initiator senses activity on each of
those four 20 MHz channels and sends an RTS on each (hence 8 RTSs for 160 MHz). The
receiver of the RTS also senses if anyone is actively using any of those channels. The receiver
will respond with CTSs to indicate available bandwidth (20, 40, or 80 MHz, but not 60 MHz);
these CTSs will also be sent in 802.11a format on each free 20 MHz channel to respond to the
RTS. All 802.11a/n/ac devices will see and decode this CTS message so they can wait
IEEE 802.11ac - Bandwidth Expansion
IEEE 802.11ac - Bandwidth Expansion
 IEEE 802.11ac - Multiuser MIMO Expansion
 MU- MIMO AP can simultaneously communicate with multiple single- antenna devices
on the same frequency downlink, transmitter use its antenna resources to transmit
multiple frames to different stations, all at the same time and over the same frequency
spectrum to ensure interoperability
 Directional antennas also point antenna pattern nulls in other directions
 AP sends a “Very High Throughput Null Data Packet Announcement” (VHT
NDPA) that simply sends address of AP to intended recipients
 After an SIFS, a “VHT Null Data Packet” (VHT NDP) is sent to perform sounding,
which involves the AP sending training symbols that receivers use to measure channel
conditions
 The intended recipients use preamble of VHT NDP to measure the RF channel
 Then they respond with “VHT Compressed Beamforming” messages that are used to
adjust the MIMO steering matrix
 To avoid high overhead, measurement information is compressed and an AP must send
an appropriate number of messages
 IEEE 802.11ac - Phy and Mac Enhancements
 FEC is implemented in using required PBCC or optional
low density parity check (LDPC) codes or Space-time
Block Coding along with MIMO
 Every transmission is required to be sent as an A-MPDU
aggregate
 Wi- Fi Alliance taken in two- phases; “Wave 1” products
provide rates up to 1.3 Gbps using 256 QAM, 80 MHz
channels, and 3 spatial streams whereas “Wave 2”
products are likely to additionally provide 160 MHz
channels,4 spatial streams, and MU-MIMO
 IEEE 802.11ad (WiGig)
 Operating in 60 GHz frequency band enabling high data rates up to 7
Gbps with simple signal encoding and antenna characteristic enabling
high bandwidth applications with less interference
 Protocol Adaptation Layers (PALs) :
 Audio/visual PALs to support HDMI and DisplayPort
 Input/output PALs for SD, USB, and PCIe
 Operating in the millimeter range has some undesirable propagation
characteristics
 802.11ad has a huge channel bandwidth of 2160 MHz, centered at
58.32, 60.48, 62.64, and 64.8 GHz
 Adaptive beamforming of high gain directional antennas in 802.11ad
overcome the propagation loss
 IEEE 802.11ad Propagation Characteristics
 Free space loss increases with the square of the frequency thus losses are much
higher in this range (20 dB more from 6 GHz and 60 GHz) than in the ranges used for
traditional microwave systems
 Multipath losses can be quite high.
 Reflection occurs when an electromagnetic signal encounters a surface relatively larger to
wavelength of the signal
 Scattering occurs if size of an obstacle is on the order of wavelength of signal or less
 Diffraction occurs when wavefront encounters the edge of an obstacle that is large compared to the
wavelength
 Millimeter-wave signals don’t penetrate solid objects useful only within a single
room
 Applications:
 Replacing wires in a home entertainment system, or streaming high- definition movies from
your cell phone to your television
 Office environment for streaming video to a projector or between laptops and tablets in a
conference room
IEEE 802.11ad PHY Layer
 IEEE 802.11ad MAC Layer Enhancements
 Network architecture: Personal BSS (PBSS) is provided that easily
enables devices to talk directly with each other. Peer-to-peer 802.11
communication is also possible through an IBSS, but in the PBSS one node
assumes the role of a PBSS control point to provide basic timing and
allocation of service periods and contention-based access periods common
b/w multimedia distribution and display devices
 Seamless multiband operation: Allow seamless switching to and from 60
and 2.4/5GHz operation to adapt availability of 60GHz channels
 Power management: Devices can schedule between themselves when they
are to communicate, then sleep otherwise to reduce power consumption
 Advanced security: WiGig devices will use Galois/Counter mode, which
supports higher speed communication through highly efficient calculations
Other IEEE 802.11 Standards
 IEEE 802.11e & IEEE 802.11i
 IEEE 802.11e: Accommodates time-scheduled and polled communication
during null periods when no other data are being sent and offers increased
efficiency of polling and enhancements to channel robustness to provide
quality required for IP telephony and video streaming services.
 Any station implementing 802.11e is referred to as a QoS station, or QSTA.
In a QSTA, the DCF and PCF modules are replaced with a hybrid
coordination function (HCF)
 HCF consists of enhanced distributed channel access (EDCA) that includes
priorities and HCF controlled channel access (HCCA) that centrally
manages medium access in efficient and flexible manner
 IEEE 802.11i: Defines security (stronger encryption) and authentication
mechanisms at the MAC layer to address security deficiencies in the wire
equivalent privacy (WEP)
 IEEE 802.11k
 Defines Radio Resource Measurement enhancements that provide mechanisms available
to higher protocol layers for radio and network measurements to manage and maintain
wireless and mobile LANs
 To improve roaming decisions, an AP can provide a site report to a station when it
determines that the station is moving away from it. The site report is an ordered list of
APs, from best to worst service that a station can use in changing over to another AP
 An AP can collect channel information from each station on the WLAN. Each station
provides a noise histogram that displays all non-802.11 energy on that channel as
perceived by the station. The AP also collects statistics on how long a channel is used
during a given time to regulate access to a given channel
 APs can query stations to collect statistics, such as retries, packets transmitted, and
packets received to get more complete view of network performance
 802.11k extends the transmit power control procedures defined in 802.11h to other
regulatory domains and frequency bands, to reduce interference and power consumption
and to provide range control
 IEEE 802.11m, 802.11p & 802.11r
 IEEE 802.11m is an ongoing task group activity to correct editorial and
technical issues, to locate and correct inconsistencies and errors in the 802.11
standard and its approved amendments
 802.11p provides wireless access for the vehicular environment; allows device
communication moving up to 200 km/hr; Devices do not need to associate or
authenticate with each other; Instead, they just join the overall WAVE
(Wireless Access in Vehicular Environments) network in the area; Lower data
rates are used to avoid packet errors due to movement; allows greater output
power to accommodate longer distances
 IEEE 802.11r provides fast roaming capability; Devices may register in
advance with a neighbor AP, so security and quality of service settings can be
negotiated before the device needs to switch to a new AP with reduced
connectivity loss
 IEEE 802.11s, 802.11z & 802.11aa
 IEEE 802.11s MAC procedures for 802.11 devices to use multi-hop
communication for wireless LAN mesh topology; Devices mutually serve as
wireless routers; Supports unicast, multicast, and broadcast packet delivery
 IEEE 802.11z provides Tunneled Direct Link Setup, which allows devices to
avoid the delays and contention process for going through an AP; Higher order
modulation schemes used if the devices are closer to each other than with an AP;
defines a special Ethertype frame to tunnel setup messages through a legacy AP;
Frequency offloading can also be used to switch to empty frequencies
 IEEE 802.11aa provides improved multimedia performance to enhance 802.11e
capabilities that include groupcast with retries for new transmission policies for
group addressed frames and intra-access category prioritization to further clarify
and create subcategories; Includes stream classification service to arbitrarily map
streams to queues and solutions to overlapping BSS management problems by
performing channel selection and cooperative resource sharing
 IEEE 802.11i Wireless Lan Security
 key factors contributing higher security risk of wireless networks
 Channel: Broadcast communications i.e more susceptible to eavesdropping and jamming and vulnerable to active
attacks
 Mobility: Far more portable and mobile that results in a number of risks
 Resources: Some wireless devices, such as smartphones and tablets, have sophisticated operating systems but limited
memory and processing resources with which to counter threats, including denial of service and malware
 Accessibility: Some wireless devices, such as sensors and robots, may be left unattended in remote and/or hostile
locations that greatly increases vulnerability to physical attacks
 Wireless components that provide point of attack
 Client: Cell phone, Wi-Fi-enabled laptop or tablet, wireless sensor, Bluetooth device etc.
 Access Point: Provides a connection to the network or service like cell towers, Wi-Fi hotspots, and wireless access
points to wired local or wide area networks
 Wireless Medium: The transmission medium, which carries the radio waves for data transfer, is also a source of
vulnerability
 Two characteristics of a wired LAN that are not inherent in a wireless LAN
1. To transmit in wired LAN, station must physically connected to LAN i.e authentication With wireless LAN, any
station within radio range of other devices on LAN can transmit
2. To receive transmission from station in wired LAN, the receiving station must be attached to the wired LAN provides
a degree of privacy, limiting reception of data to stations connected to the LAN. With wireless LAN, any station
within the radio range can receive
 IEEE 802.11i Services
 For privacy, 802.11 defined the Wired Equivalent Privacy (WEP) algorithm, strong
security with Wi-Fi Protected Access (WPA), finally with Robust Security Network
(RSN) that provides services like:
 Authentication: A protocol defines an exchange between a user and an authentication
server (AS) that provides mutual authentication and generates temporary keys to be used
between the client and the AP over the wireless link
 Access control: Uses authentication function, routes the messages properly, and
facilitates key exchange that works with variety of authentication protocols
 Privacy with message integrity: MAC- level data (e.g., an LLC PDU) are encrypted
along with a message integrity code that ensures that the data have not been altered
 IEEE 802.11i Nature of the phases
Depends on the configuration and the end points of the communication:
1.Two wireless stations in the same BSS communicating via the access point

(AP) for that BSS in which secure communication is assured if each STA
establishes secure communications with AP
2.Two wireless stations (STAs) in the same ad hoc IBSS communicating

directly with each other i.e security is only provided within STA
3.Two wireless stations in different BSSs communicating via their respective

APs across a distribution system which provides security only within each
BSS
4.A wireless station communicating with an end station on a wired network

via its AP and the distribution system i.e security is only provided between
the STA and its AP
IEEE 802.11i Phases of Operation
 IEEE 802.11i Phases of Operation
1. Discovery: An AP uses messages called Beacons and Probe Responses to advertise its
IEEE 802.11i security policy; STA uses these to identify an AP for a WLAN with which
it wishes to communicate; Select cipher suite and authentication mechanism when the
Beacons and Probe Responses present a choice; Has three exachanges:
a) Network and security capability discovery - STAs discover the existence of a network with which to
communicate. The AP either periodically broadcasts its security, indicated by RSN IE (Robust Security
Network Information Element), in a specific channel through the Beacon frame, or it responds to a
station’s Probe Request through a Probe Response frame. A wireless station may discover available access
points and corresponding security capabilities by either passively monitoring the Beacon frames or
actively probing every channel
b) Open system authentication - maintain backward compatibility with the IEEE 802.11 state machine, as
implemented in existing IEEE 802.11 hardware. In essence, the two devices (STA and AP) simply
exchange identifiers
c) Association - agree on a set of security capabilities to be used. The STA then sends an Association
Request frame to the AP. In this frame, the STA specifies one set of matching capabilities from among
those advertised by the AP. If there is no match in capabilities between the AP and the STA, the AP
refuses the Association Request. The STA blocks it too, in case it has associated with a rogue AP or
someone is inserting frames illicitly on its channel
 IEEE 802.11i Phases of Operation
2. Authentication: STA and AS prove their identities to each other; AP blocks non-
authentication traffic between STA and AS until authentication transaction is successful;
AP does not participate in authentication transaction other than forwarding traffic between
the STA and AS; Has three phases:
a)Connect to AS - STA sends a request to its AP (the one with which it has an association)

for connection to the AS. The AP acknowledges this request and sends an access request to
the AS
b)EAP exchange - authenticates the STA and AS to each other. A number of alternative
exchanges are possible
c)Secure key delivery - Once authentication is established, the AS generates a master

session key (MSK), also known as the Authentication, Authorization, and Accounting
(AAA) key, and sends it to the STA. All the cryptographic keys needed by the STA for
secure communication with its AP are generated from this MSK. Whatever method is used,
it involves the transmission of an MPDU containing an encrypted MSK from the AS, via
the AP, to the STA.
 IEEE 802.11i Phases of Operation
3. Key generation and distribution: AP and STA perform operations to generate cryptographic keys
and placed on the AP and STA that only exchanges frames
4. Protected data transfer: Frames are exchanged between the STA and the end station through the
AP; Encryption module icon, secure data transfer occurs between the STA and the AP only; security is
not provided end-to-end. two schemes for protecting data transmitted in 802.11 MPDUs:
Temporal Key Integrity Protocol (TKIP) - require only software changes to devices that are

implemented with WEP and provides two services:

 Message integrity: TKIP adds a message integrity code (MIC) to the 802.11 MAC frame after the data field. The MIC is
generated by an algorithm, called Michael, which computes a 64-bit value using as input the source and destination MAC
address values and the Data field, plus key material
 Data confidentiality: Data confidentiality is provided by encrypting the MPDU plus MIC value using the RC4 encryption
algorithm
Counter Mode-CBC MAC Protocol (CCMP) - newer IEEE 802.11 devices that are equipped with
hardware to support this scheme and provides two services:
 Message integrity: CCMP uses the cipher-block-chaining message authentication code (CBC-MAC)
 Data confidentiality: CCMP uses the CTR block cipher mode of operation and the AES algorithm for encryption. The
same 128-bit AES key is used for both integrity and confidentiality.
5. Connection termination: The AP and STA exchange frames; During this phase, the secure
connection is torn down and the connection is restored to the original state
BLUETOOTH AND
IEEE 802.15
 IEEE 802.15
• Wireless Personal Area Networks
– Short-range communication
– Low-cost, low-energy to provide long battery life
• Several standards have been provided
• We focus on 802.15 technologies
– Other viable WPAN alternatives exist
 INTERNET OF THINGS
• Key application area for short-range communications
• Future Internet
– Large numbers of wirelessly connected objects
– Interactions between the physical world and computing, digital
content, analysis, and services.
– Called the Internet of Things
• And many other “Internet of …” titles
– Useful for health and fitness, healthcare, home monitoring and
automation, energy savings, farming, environmental monitoring,
security, surveillance, education, and many others.
• Machine-to-machine communications (MTM, M2M, D2D,
etc.), also machine-type communications (MTC)
– Devices working together for data analysis and automated
control
 BLUETOOTH
• Universal short-range wireless capability
• Uses 2.4-GHz band
• Available globally for unlicensed users
• Devices within 10 m can share up to 2.1 Mbps or 24
Mbps of capacity
• Supports open-ended list of applications
– Data, audio, graphics, video
• Started as IEEE 802.15.1
– New standards come from the Bluetooth Special
Interest Group (Bluetooth SIG)
• Industry consortium
– Bluetooth 2.0, 2.1, 3.0, and 4.0
BLUETOOTH APPLICATION AREAS

• Data and voice access points

– Real-time voice and data transmissions
• Cable replacement
– Eliminates need for numerous cable attachments
for connection
• Ad hoc networking
– Device with Bluetooth radio can establish
connection with another when in range
 TOP USES OF BLUETOOTH
• Mobile handsets
• Voice handsets
• Stereo headsets and speakers
• PCs and tablets
• Human interface devices, such as mice and
keyboards
• Wireless controllers for video game consoles
• Cars
• Machine-to-machine applications: credit-card
readers, industrial automation, etc.
 BLUETOOTH STANDARDS
DOCUMENTS
• Core specifications
– Details of various layers of Bluetooth protocol
architecture
• Profile specifications
– Use of Bluetooth technology to support various
applications
• We first focus on
– 2.1 Basic/Enhanced Data Rate (BR/EDR)
• Later standards
– 3.0 Alternative MAC/PHY (AMP)
– 4.0 Bluetooth Smart (Bluetooth Low Energy)
12.1 BLUETOOTH PROTOCOL
STACK
 PROTOCOL ARCHITECTURE
• Bluetooth is a layered protocol architecture
– Core protocols
– Cable replacement and telephony control protocols
– Adopted protocols
• Core protocols
– Radio
– Baseband
– Link manager protocol (LMP)
– Logical link control and adaptation protocol
(L2CAP)
– Service discovery protocol (SDP)
 PROTOCOL ARCHITECTURE
• Cable replacement protocol
– RFCOMM
• Telephony control protocol
– Telephony control specification – binary (TCS
BIN)
• Adopted protocols
– PPP
– TCP/UDP/IP
– OBEX
– WAE/WAP
 PROFILES
• Over 40 different profiles are defined in Bluetooth
documents
– Only subsets of Bluetooth protocols are required
– Reduces costs of specialized devices
• All Bluetooth nodes support the Generic Access
Profile
• Profiles may depend on other profiles
– Example: File Transfer Profile
• Transfer of directories, files, documents, images, and streaming
media formats
• Depends on the Generic Object File Exchange, Serial Port, and
Generic Access Profiles.
• Interfaces with L2CAP and RFCOMM protocols
 PICONETS AND SCATTERNETS
• Piconet
– Basic unit of Bluetooth networking
– Master and one to seven slave devices
– Master determines channel and phase
• Scatternet
– Device in one piconet may exist as master or slave
in another piconet
– Allows many devices to share same area
– Makes efficient use of bandwidth
12.2 MASTER/SLAVE
RELATIONSHIPS
12.3 WIRELESS NETWORK
CONFIGURATIONS
 FORMING A PICONET
• All devices in a piconet hop together
– Master gives slaves its clock and device ID
• Hopping pattern: determined by device ID (48 bit, unique worldwide)
• Phase in hopping pattern determined by clock
• Addressing
– Active Member Address (AMA, 3 bit)
– Parked Member Address (PMA, 8 bit)

P 
S
 SB  S
SB
 SB M P
 SB  SB  S
  SB
SB

SB P
  SB
SB SB

Prof. Dr.-Ing. Jochen H. www.jochenschiller.d MC - 2013

 SCATTERNET
• Linking of multiple co-located piconets through the sharing
of
common master or slave devices
– Devices can be slave in one piconet and master of another
• Communication between piconets
– Devices jumping back and forth between the piconets
Piconets
P (each with a
S S capacity of
720 kbit/s)
S
P
P
M
M
SB S
M=Master P SB SB
S=Slave
P=Parked S
SB=Standby

Prof. Dr.-Ing. Jochen H. www.jochenschiller.d MC - 2013

 RADIO SPECIFICATION
• Classes of transmitters
– Class 1: Outputs 100 mW for maximum range
• Power control mandatory
• Provides greatest distance
– Class 2: Outputs 2.4 mW at maximum
• Power control optional
– Class 3: Nominal output is 1 mW
• Lowest power
 FREQUENCY HOPPING IN
BLUETOOTH
• Provides resistance to interference and
multipath effects
• Provides a form of multiple access among
co- located devices in different piconets
 FREQUENCY HOPPING
• Total bandwidth divided into 1MHz physical
channels
• FH occurs by jumping from one channel to another in
pseudorandom sequence
• Hopping sequence shared with all devices on piconet
• Piconet access:
– Bluetooth devices use time division duplex (TDD)
– Access technique is TDMA
– FH-TDD-TDMA
9.2 FREQUENCY HOPPING
EXAMPLE
12.4 FREQUENCY-HOP TIME-DIVISION
DUPLEX
12.5 EXAMPLES OF MULTISLOT PACKETS
 PHYSICAL LINKS BETWEEN
MASTER AND SLAVE
• Synchronous connection oriented (SCO)
– Allocates fixed bandwidth between point-to-point connection
of master and slave
– Master maintains link using reserved slots
– Master can support three simultaneous links
• Asynchronous connectionless (ACL)
– Point-to-multipoint link between master and all slaves
– Only single ACL link can exist
• Extended Synchronous connection oriented (eSCO)
– Reserves slots just like SCO
– But these can be asymmetric
– Retransmissions are supported
Active Mode

12.6 BLUETOOTH BASEBAND

FORMATS
 BLUETOOTH PACKET FIELDS
• Access code(CAC .,DAC, IAC) – used
for timing synchronization, offset
compensation, paging, and inquiry
• Header – used to identify packet type and
carry protocol control information
• Payload – contains user voice or data and
payload header, if present
 TYPES OF ACCESS CODES
• Channel access code (CAC) – identifies a
piconet
• Device access code (DAC) – used for
paging and subsequent responses
• Inquiry access code (IAC) – used for inquiry
purposes
 PACKET HEADER FIELDS
• AM_ADDR – contains “active mode” address of one
of the slaves
• Type – identifies type of packet
• Flow – 1-bit flow control
• ARQN – 1-bit acknowledgment
• SEQN – 1-bit sequential numbering schemes
• Header error control (HEC) – 8-bit error detection
code
 PAYLOAD FORMAT
• Payload header
– L_CH field – identifies logical channel
– Flow field – used to control flow at L2CAP
level
– Length field – number of bytes of data
• Payload body – contains user data
• CRC – 16-bit CRC code
 ERROR CORRECTION SCHEMES

• 1/3 rate FEC (forward error correction)

– Used on 18-bit packet header, voice field in
HV1 packet
• 2/3 rate FEC
– Used in DM packets, data fields of DV packet,
FHS packet and HV2 packet
• ARQ
– Used with DM and DH packets
 SCO PAYLOAD TYPES

payload (30)

HV1 audio (10) FEC (20)

HV2 audio (20) FEC (10)

HV3 audio (30)

DV audio (10) header (1) payload (0-9) 2/3 FEC CRC (2)

(bytes)

Prof. Dr.-Ing. Jochen H. www.jochenschiller.d MC - 2013

 ACL PAYLOAD TYPES
payload (0-343)

header (1/2) payload (0-339) CRC (2)

DM1 header (1) payload (0-17) 2/3 FEC CRC (2)

DH1 header (1) payload (0-27) CRC (2) (bytes)

DM3 header (2) payload (0-121) 2/3 FEC CRC (2)

DH3 header (2) payload (0-183) CRC (2)

DM5 header (2) payload (0-224) 2/3 FEC CRC (2)

DH5 header (2) payload (0-339) CRC (2)

AUX1 header (1) payload (0-29)

Prof. Dr.-Ing. Jochen H. www.jochenschiller.d MC - 2013

 BASEBAND LINK TYPES
• Polling-based TDD packet transmission
– 625µs slots, master polls slaves
• SCO (Synchronous Connection Oriented) – Voice
– Periodic single slot packet assignment, 64 kbit/s full-duplex, point-to-point
• ACL (Asynchronous ConnectionLess) – Data
– Variable packet size (1, 3, 5 slots), asymmetric bandwidth, point-to-
multipoint

SCO ACL SCO SCO ACL SCO

MASTER f0 ACL
f4 f6 f8 ACL
f12 f14 f18 f20

SLAVE
f1 f7 f9
1 f13 f19

SLAVE
f5
2 f17 f21

Prof. Dr.-Ing. Jochen H. www.jochenschiller.d MC - 2013

 ARQ SCHEME ELEMENTS
• Error detection – destination detects errors, discards
packets
• Positive acknowledgment – destination returns
positive acknowledgment
• Retransmission after timeout – source retransmits if
packet unacknowledged
• Negative acknowledgment and retransmission –
destination returns negative acknowledgement for
packets with errors, source retransmits
12.7 AN EXAMPLE OF RETRANSMISSION
OPERATION
 LOGICAL CHANNELS
• Link control (LC)
• Link manager (LM)
• User asynchronous (UA)
• User isochronous (UI)
• User synchronous (US)
• User extended synchronous
(UeS)
 LINK MANAGER
• Manages various aspects of the radio link between a
master and a slave
• Involves the exchange LMP PDUs (protocol data
units)
• Procedures defined for LMP are grouped into 24
functional areas, which include
– Authentication
– Pairing
– Encryption
– Clock offset request
– Switch master/slave
– Name request
– Hold or park or sniff mode
 BASEBAND STATES OF A
BLUETOOTH DEVICE
standby unconnected

detach inquiry page connecting

transmit connected active

AMA AMA

park hold sniff low power

PMA AMA AMA

Standby: do nothing Park: release AMA, get PMA

Inquire: search for other devices Sniff: listen periodically, not each slot
Page: connect to a specific device Hold: stop ACL, SCO still possible, possibly
Connected: participate in a piconet participate in another piconet

Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2013

 LOGICAL LINK CONTROL AND
ADAPTATION PROTOCOL (L2CAP)
• Provides a link-layer protocol between entities with a
number of services
• Relies on lower layer for flow and error control
• Makes use of ACL links, does not support SCO links
• Provides two alternative services to upper-layer
protocols
– Connectionless service
– Connection-mode service
 L2CAP LOGICAL CHANNELS
• Connectionless
– Supports connectionless service
– Each channel is unidirectional
– Used from master to multiple slaves
• Connection-oriented
– Supports connection-oriented service
– Each channel is bidirectional
• Signaling
– Provides for exchange of signaling messages
between L2CAP entities
L2CAP LOGICAL CHANNELS
 L2CAP PACKET FORMATS

CID = Channel Identifier

PSM = Protocol/Service Multiplexer
L2CAP SIGNALLING COMMAND
CODES
L2CAP SIGNALLING
 FLOW SPECIFICATION
PARAMETERS
• Service type
• Token rate (bytes/second)
• Token bucket size (bytes)
• Peak bandwidth (bytes/second)
• Latency (microseconds)
• Delay variation (microseconds)
12.8 TOKEN BUCKET
SCHEME
 BLUETOOTH HIGH SPEED
• Bluetooth 3.0+HS
• Up to 24 Mbps
• New controller compliant with 2007 version of
IEEE 802.11
• Known as Alternative MAC/PHY (AMP)
– Optional capability
• Bluetooth radio still used for device discovery,
association, setup, etc.
• Allows more power efficient Bluetooth modes to
be used, except when higher data rates are needed
 BLUETOOTH SMART
• Bluetooth 4.0
• Previously known as Bluetooth Low Energy
• An intelligent, power-friendly version of Bluetooth
• Can run long periods of time on a single battery
– Or scavenge for energy
• Also communicates with other Bluetooth-enabled devices
– Legacy Bluetooth devices or Bluetooth-enabled smartphones
– Great feature
• Possible successful technology for the Internet of Things
– For example, health monitoring devices can easily integrate with
existing smartphones
 BLUETOOTH SMART
• Same 2.4 GHz ISM bands as Bluetooth BR/EDR
– But uses 40 channels spaced 2 MHz apart instead of 79
channels spaced 1 MHz apart
• Devices can implement a transmitter, a receiver, or
both
• Implementation
– Single-mode Bluetooth Smart functionality
• Reduced cost chips that can be integrated into compact devices.
– Dual-mode functionality to also have the Bluetooth
BR/EDR capability
• 10 mW output power
• 150 m range in an open field
 BLUETOOTH SMART:
MASTER/SLAVE CONNECTIONS
 IEEE 802.15
• After 802.15.1, work went two directions
• 802.15.3
– Higher data rates than 802.15.1
– But still low cost, low power compared to 802.11
• 802.15.4
– Very low cost, very low power compared to
802.15.1
• Figure 12.9 shows different options
• Figure 12.10 shows relative distances and
rates
12.9 IEEE 802.15 PROTOCOL
ARCHITECTURE
12.10 WIRELESS LOCAL
NETWORKS
 IEEE 802.15.3
• High data rate WPANs
– Digital cameras, speakers, video, music
• Piconet coordinator (PNC)
– Sends beacons to devices to connect to the network
– Uses superframes like 802.11
– QoS based on TDMA
– Controls time resources but does not exchange
data
• 802.15.3c
– Latest standard
– Uses 60 GHz band, with same benefits as 802.11ad
– Single-carrier and OFDM PHY modes
 IEEE 802.15.4
• Low data rate, low complexity
– Competitor to Bluetooth Smart
• PHY options in 802.15.4 and 802.15.4a
– 868/915 MHz for 20, 40, 100, and 250 kbps
– 2.4 GHz for 250 kbps
– Ultrawideband (UWB)
• Uses very short pulses with wide bandwidth
– Low energy density for low interference with others
• 851 kbps and optionally 110 kbps, 6.81 Mbps, or 27.234 Mbps
– 2.4 GHz chirp spread spectrum for 1 Mbps and optionally
250 kbps
• Sinusoidal signals that change frequency with time
 IEEE 802.15.4
• Many other creative and practical activities
• IEEE 802.15.4f – Active Radio Frequency Identification Tags
(RFIDs)
– Attached to an asset or person with a unique identification
– An Active RFID tag must employ some source of power
• IEEE 802.15.4g – Smart Utility Networks (SUN)
– Facilitates very large scale process control applications such as the
utility smart-grid network
• IEEE 802.15.4j – Medical Body Area Networks
• EEE 802.15.4k – Low Energy Critical Infrastructure Networks
(LECIM)
– To facilitate point to multi-thousands of points communications for
critical infrastructure monitoring devices with multi-year battery
life.
• IEEE 802.15.4p – Positive Train Control
– Sensor, control and information transfer applications for rail transit
OTHER IEEE 802.15 STANDARDS
• 802.15.2 – Coexistence between 802.11
and 802.15
• 802.15.5 – Mesh networks
– Multihop networking
• 802.15.6 – Body area networks
• 802.15.7 – Visible light communication
 ZIGBEE
• Extends IEEE 802.15.4 standards
• Low data rate, long battery life, secure
networking
• Data rates 20 to 250 kbps
• Operates in ISM bands
– 868 MHz (Europe), 915 MHz (USA and Australia),
2.4 GHz (worldwide)
• Quick wake from sleep
– 30 ms or less compared to Bluetooth which can be up
to 3 sec.
– ZigBee nodes can sleep most of the time
 ZIGBEE
• ZigBee complements the IEEE 802.15.4
standard by adding four main components
– Network layer provides routing
– ASS Application support sublayer supports
specialized services.
– ZigBee device objects (ZDOs) are the most
significant improvement
• Keep device roles, manage requests to join the
network, discover devices, and manage security.
– Manufacturer-defined application objects allow
customization.
12.11 ZIGBEE
ARCHITECTURE
 ZIGBEE
• Star, tree, or general mesh network structures
• ZigBee Coordinator
– Creates, controls, and maintains the network
– Only one coordinator in the network
– Maintains network information, such as security keys
• ZigBee Router
– Can pass data to other ZigBee devices
• ZigBee End Device
– Only enough functionality to talk to a router or
coordinator
– Cannot relay information
– Sleeps most of the time
– Less expensive to manufacture
12.12 ZIGBEE NETWORK
APPLICATION SUPPORT LAYER
FUNCTIONS
• Zigbee Device Object (ZDO) maintains what the
device is capable of doing and makes binding
requests based on these capabilities
• Discovery – Ability to determine which other
devices are operating in the operating space of this
device
• Binding – Ability to match two or more devices
together based on their services and their needs and
allow them to communicate
 BINDING

EP – Endpoint (subunit of a node)

 ZIGBEE ALLIANCE
• Industry consortium
• Maintains and publishes the ZigBee standard
– ZigBee specifications in 2004
– ZigBee PRO completed in 2007
• Enhanced ZigBee
• Profile 1 – home and light commercial use
• Profile 2 – more features such as multicasting and higher
security
• Application profiles
– Allow vendors to create interoperable products if
they implement the same profile
Bluetooth and IEEE 802.15 12-
158
 ZIGBEE APPLICATION PROFILES
• ZigBee Building Automation (Efficient commercial spaces)
• ZigBee Health Care (Health and fitness monitoring)
• ZigBee Home Automation (Smart homes)
• ZigBee Input Device (Easy-to-use touchpads, mice, keyboards,
wands)
• ZigBee Light Link (LED lighting control)
• ZigBee Network Devices (Assist and expand ZigBee networks)
• ZigBee Retail Services (Smarter shopping)
• ZigBee Remote Control (Advanced remote controls)
• ZigBee Smart Energy 1.1 (Home energy savings)
• ZigBee Smart Energy Profile 2 (IP-based home energy
management)
• ZigBee Telecom Services (Value-added services)