Wireless Local area network issues all perfect wireless engineering

7.1
Prof. Dr.-Ing. Jochen H. Schiller www.jochenschiller.de MC - 2009
Mobile Communications
Chapter 7: Wireless LANs
• Characteristics
• IEEE 802.11 (PHY, MAC, Roaming, .11a, b, g, h, i, n … z)
• Bluetooth / IEEE 802.15.x
• IEEE 802.16/.20/.21/.22
• RFID
• Comparison

7.2
Mobile Communication Technology
according to IEEE (examples)
Local wireless networks
WLAN 802.11
802.11a
802.11b
802.11i/e/…/n/…/z/aa
802.11g
WiFi
802.11h
Personal wireless nw
WPAN 802.15
802.15.4
802.15.1
802.15.2
Bluetooth
802.15.4a/b/c/d/e/f/g
ZigBee
802.15.3
Wireless distribution networks
WMAN 802.16 (Broadband Wireless Access)
[802.20 (Mobile Broadband Wireless Access)]
802.16e (addition to .16 for mobile devices)
+ Mobility
WiMAX
802.15.3b/c
802.15.5, .6 (WBAN)

7.3
Characteristics of wireless LANs
• Advantages
• very flexible within the reception area
• Ad-hoc networks without previous planning possible
• (almost) no wiring difficulties (e.g. historic buildings,
firewalls)
• more robust against disasters like, e.g., earthquakes, fire -
or users pulling a plug...
• Disadvantages
• typically very low bandwidth compared to wired networks
(1-10 Mbit/s) due to shared medium
• many proprietary solutions, especially for higher bit-rates,
standards take their time (e.g. IEEE 802.11n)
• products have to follow many national restrictions if working
wireless, it takes a vary long time to establish global
solutions like, e.g., IMT-2000

7.4
Design goals for wireless LANs
• global, seamless operation
• low power for battery use
• no special permissions or licenses needed to use the LAN
• robust transmission technology
• simplified spontaneous cooperation at meetings
• easy to use for everyone, simple management
• protection of investment in wired networks
• security (no one should be able to read my data), privacy
(no one should be able to collect user profiles), safety
(low radiation)
• transparency concerning applications and higher layer
protocols, but also location awareness if necessary
• …

7.5
Comparison: infrared vs. radio
transmission
• Infrared
• uses IR diodes, diffuse light,
multiple reflections (walls,
furniture etc.)
• Advantages
• simple, cheap, available in many
mobile devices
• no licenses needed
• simple shielding possible
• Disadvantages
• interference by sunlight, heat
sources etc.
• many things shield or absorb IR
light
• low bandwidth
• Example
• IrDA (Infrared Data Association)
interface available everywhere
• Radio
• typically using the license
free ISM band at 2.4 GHz
• Advantages
• experience from wireless
WAN and mobile phones can
be used
• coverage of larger areas
possible (radio can penetrate
walls, furniture etc.)
• Disadvantages
• very limited license free
frequency bands
• shielding more difficult,
interference with other
electrical devices
• Example
• Many different products

7.6
Comparison: infrastructure vs. ad-
hoc networks
infrastructure
network
ad-hoc network
AP
AP
AP
wired network
AP: Access Point

7.7
802.11 - Architecture of an
infrastructure network
• Station (STA)
• terminal with access
mechanisms to the wireless
medium and radio contact to the
access point
• Basic Service Set (BSS)
• group of stations using the same
radio frequency
• Access Point
• station integrated into the
wireless LAN and the distribution
system
• Portal
• bridge to other (wired) networks
• Distribution System
• interconnection network to form
one logical network (EES:
Extended Service Set) based
on several BSS
Distribution System
Portal
802.x LAN
Access
Point
802.11 LAN
BSS2
802.11 LAN
BSS1
Access
Point
STA1
STA2 STA3
ESS

7.8
802.11 - Architecture of an ad-hoc
network
• Direct communication within
a limited range
• Station (STA):
terminal with access
mechanisms to the wireless
medium
• Independent Basic Service
Set (IBSS):
group of stations using the
same radio frequency
802.11 LAN
IBSS2
802.11 LAN
IBSS1
STA1
STA4
STA5
STA2
STA3

7.9
IEEE standard 802.11
mobile terminal
access point
fixed
terminal
application
TCP
802.11 PHY
802.11 MAC
IP
802.3 MAC
802.3 PHY
application
TCP
802.3 PHY
802.3 MAC
IP
802.11 MAC
802.11 PHY
LLC
infrastructure
network
LLC LLC

7.10
802.11 - Layers and functions
• PLCP Physical Layer Convergence
Protocol
• clear channel assessment
signal (carrier sense)
• PMD Physical Medium Dependent
• modulation, coding
• PHY Management
• channel selection, MIB
• Station Management
• coordination of all
management functions
PMD
PLCP
MAC
LLC
MAC Management
PHY Management
• MAC
• access mechanisms,
fragmentation, encryption
• MAC Management
• synchronization, roaming,
MIB, power management
PHY
DLC
Station
Management

7.11
802.11 - Physical layer (legacy)
• 3 versions: 2 radio (typ. 2.4 GHz), 1 IR
• data rates 1 or 2 Mbit/s
• FHSS (Frequency Hopping Spread Spectrum)
• spreading, despreading, signal strength, typ. 1 Mbit/s
• min. 2.5 frequency hops/s (USA), two-level GFSK modulation
• DSSS (Direct Sequence Spread Spectrum)
• DBPSK modulation for 1 Mbit/s (Differential Binary Phase Shift
Keying), DQPSK for 2 Mbit/s (Differential Quadrature PSK)
• preamble and header of a frame is always transmitted with 1
Mbit/s, rest of transmission 1 or 2 Mbit/s
• chipping sequence: +1, -1, +1, +1, -1, +1, +1, +1, -1, -1, -1
(Barker code)
• max. radiated power 1 W (USA), 100 mW (EU), min. 1mW
• Infrared
• 850-950 nm, diffuse light, typ. 10 m range
• carrier detection, energy detection, synchronization

7.12
FHSS PHY packet format (legacy)
• Synchronization
• synch with 010101... pattern
• SFD (Start Frame Delimiter)
• 0000110010111101 start pattern
• PLW (PLCP_PDU Length Word)
• length of payload incl. 32 bit CRC of payload, PLW < 4096
• PSF (PLCP Signaling Field)
• data of payload (1 or 2 Mbit/s)
• HEC (Header Error Check)
• CRC with x16+x12+x5+1
synchronization SFD PLW PSF HEC payload
PLCP preamble PLCP header
80 16 12 4 16 variable bits

7.13
DSSS PHY packet format (legacy)
• Synchronization
• synch., gain setting, energy detection, frequency offset compensation
• SFD (Start Frame Delimiter)
• 1111001110100000
• Signal
• data rate of the payload (0A: 1 Mbit/s DBPSK; 14: 2 Mbit/s DQPSK)
• Service
• future use, 00: 802.11 compliant
• Length
• length of the payload
• HEC (Header Error Check)
• protection of signal, service and length, x16+x12+x5+1
synchronization SFD signal service HEC payload
length
16

7.14
802.11 - MAC layer I - DFWMAC
• Traffic services
• Asynchronous Data Service (mandatory)
• exchange of data packets based on “best-effort”
• support of broadcast and multicast
• Time-Bounded Service (optional)
• implemented using PCF (Point Coordination Function)
• Access methods
• DFWMAC-DCF CSMA/CA (mandatory)
• collision avoidance via randomized „back-off“ mechanism
• minimum distance between consecutive packets
• ACK packet for acknowledgements (not for broadcasts)
• DFWMAC-DCF w/ RTS/CTS (optional)
• Distributed Foundation Wireless MAC
• avoids hidden terminal problem
• DFWMAC- PCF (optional)
• access point polls terminals according to a list

7.15
802.11 - MAC layer II
• Priorities
• defined through different inter frame spaces
• no guaranteed, hard priorities
• SIFS (Short Inter Frame Spacing)
• highest priority, for ACK, CTS, polling response
• PIFS (PCF IFS)
• medium priority, for time-bounded service using PCF
• DIFS (DCF, Distributed Coordination Function IFS)
• lowest priority, for asynchronous data service
t
medium busy
SIFS
PIFS
DIFS
DIFS
next frame
contention
direct access if
medium is free  DIFS

7.16
t
medium busy
DIFS
DIFS
next frame
contention window
(randomized back-off
mechanism)
802.11 - CSMA/CA access method I
• station ready to send starts sensing the medium (Carrier
Sense based on CCA, Clear Channel Assessment)
• if the medium is free for the duration of an Inter-Frame
Space (IFS), the station can start sending (IFS depends
on service type)
• if the medium is busy, the station has to wait for a free
IFS, then the station must additionally wait a random
back-off time (collision avoidance, multiple of slot-time)
• if another station occupies the medium during the back-
off time of the station, the back-off timer stops (fairness)
slot time (20µs)
direct access if
medium is free  DIFS

7.17
802.11 - competing stations - simple
version
t
busy
boe
station1
station2
station3
station4
station5
packet arrival at MAC
DIFS
boe
boe
boe
busy
elapsed backoff time
bor
residual backoff time
busy medium not idle (frame, ack etc.)
bor
bor
DIFS
boe
boe
boe bor
DIFS
busy
busy
DIFS
boe busy
boe
boe
bor
bor

7.18
802.11 - CSMA/CA access method II
• Sending unicast packets
• station has to wait for DIFS before sending data
• receivers acknowledge at once (after waiting for SIFS) if the
packet was received correctly (CRC)
• automatic retransmission of data packets in case of
transmission errors
t
SIFS
DIFS
data
ACK
waiting time
other
stations
receiver
sender
data
DIFS
contention

7.19
802.11 - DFWMAC
• Sending unicast packets
• station can send RTS with reservation parameter after waiting for
DIFS (reservation determines amount of time the data packet
needs the medium)
• acknowledgement via CTS after SIFS by receiver (if ready to
receive)
• sender can now send data at once, acknowledgement via ACK
• other stations store medium reservations distributed via RTS and
CTS
t
SIFS
DIFS
data
ACK
defer access
other
stations
receiver
sender
data
DIFS
contention
RTS
CTS
SIFS SIFS
NAV (RTS)
NAV (CTS)

7.20
Fragmentation
t
SIFS
DIFS
data
ACK1
other
stations
receiver
sender
frag1
DIFS
contention
RTS
CTS
SIFS SIFS
NAV (RTS)
NAV (CTS)
NAV (frag1)
NAV (ACK1)
SIFS
ACK2
frag2
SIFS

7.21
DFWMAC-PCF I (almost never used)
PIFS
stations‘
NAV
wireless
stations
point
coordinator
D1
U1
SIFS
NAV
SIFS
D2
U2
SIFS
SIFS
SuperFrame
t0
medium busy
t1

7.22
DFWMAC-PCF II
t
stations‘
NAV
wireless
stations
point
coordinator
D3
NAV
PIFS
D4
U4
SIFS
SIFS
CFend
contention
period
contention free period
t2 t3 t4

7.23
802.11 - Frame format
• Types
• control frames, management frames, data frames
• Sequence numbers
• important against duplicated frames due to lost ACKs
• Addresses
• receiver, transmitter (physical), BSS identifier, sender
(logical)
• Miscellaneous
• sending time, checksum, frame control, data
Frame
Control
Duration/
ID
Address
1
Address
2
Address
3
Sequence
Control
Address
4
Data CRC
2 2 6 6 6 6
2 4
0-2312
bytes
Protocol
version
Type Subtype
To
DS
More
Frag
Retry
Power
Mgmt
More
Data
WEP
2 2 4 1
From
DS
1
Order
bits 1 1 1 1 1 1

7.24
MAC address format
scenario to DS from
DS
address 1 address 2 address 3 address 4
ad-hoc network 0 0 DA SA BSSID -
infrastructure
network, from AP
0 1 DA BSSID SA -
infrastructure
network, to AP
1 0 BSSID SA DA -
infrastructure
network, within DS
1 1 RA TA DA SA
DS: Distribution System
AP: Access Point
DA: Destination Address
SA: Source Address
BSSID: Basic Service Set Identifier
RA: Receiver Address
TA: Transmitter Address

7.25
Special Frames: ACK, RTS, CTS
• Acknowledgement
• Request To Send
• Clear To Send
Frame
Control
Duration
Receiver
Address
Transmitter
Address
CRC
2 2 6 6 4
bytes
Frame
Control
Duration
Receiver
Address
CRC
2 2 6 4
bytes
Frame
Control
Duration
Receiver
Address
CRC
2 2 6 4
bytes
ACK
RTS
CTS

7.26
802.11 - MAC management
• Synchronization
• try to find a LAN, try to stay within a LAN
• timer etc.
• Power management
• sleep-mode without missing a message
• periodic sleep, frame buffering, traffic measurements
• Association/Reassociation
• integration into a LAN
• roaming, i.e. change networks by changing access points
• scanning, i.e. active search for a network
• MIB - Management Information Base
• managing, read, write

7.27
Synchronization using a Beacon
(infrastructure)
beacon interval
(20ms – 1s)
t
medium
access
point
busy
B
busy busy busy
B B B
value of the timestamp B beacon frame

7.28
Synchronization using a Beacon (ad-
hoc)
t
medium
station1
busy
B1
beacon interval
busy busy busy
B1
value of the timestamp B beacon frame
station2
B2 B2
random delay

7.29
Power management
• Idea: switch the transceiver off if not needed
• States of a station: sleep and awake
• Timing Synchronization Function (TSF)
• stations wake up at the same time
• Infrastructure
• Traffic Indication Map (TIM)
• list of unicast receivers transmitted by AP
• Delivery Traffic Indication Map (DTIM)
• list of broadcast/multicast receivers transmitted by AP
• Ad-hoc
• Ad-hoc Traffic Indication Map (ATIM)
• announcement of receivers by stations buffering frames
• more complicated - no central AP
• collision of ATIMs possible (scalability?)
• APSD (Automatic Power Save Delivery)
• new method in 802.11e replacing above schemes

7.30
Power saving with wake-up patterns
(infrastructure)
TIM interval
t
medium
access
point
busy
D
busy busy busy
T T D
T TIM D DTIM
DTIM interval
B
B
B broadcast/multicast
station
awake
p PS poll
p
d
d
d data transmission
to/from the station

7.31
Power saving with wake-up patterns
(ad-hoc)
awake
A transmit ATIM D transmit data
t
station1
B1 B1
B beacon frame
station2
B2 B2
random delay
A
a
D
d
ATIM
window beacon interval
a acknowledge ATIM d acknowledge data

7.32
802.11 - Roaming
• No or bad connection? Then perform:
• Scanning
• scan the environment, i.e., listen into the medium for beacon
signals or send probes into the medium and wait for an answer
• Reassociation Request
• station sends a request to one or several AP(s)
• Reassociation Response
• success: AP has answered, station can now participate
• failure: continue scanning
• AP accepts Reassociation Request
• signal the new station to the distribution system
• the distribution system updates its data base (i.e., location
information)
• typically, the distribution system now informs the old AP so it can
release resources
• Fast roaming – 802.11r
• e.g. for vehicle-to-roadside networks

7.33
WLAN: IEEE 802.11b
• Data rate
• 1, 2, 5.5, 11 Mbit/s,
depending on SNR
• User data rate max. approx.
6 Mbit/s
• Transmission range
• 300m outdoor, 30m indoor
• Max. data rate ~10m indoor
• Frequency
• DSSS, 2.4 GHz ISM-band
• Security
• Limited, WEP insecure, SSID
• Availability
• Many products, many
vendors
• Connection set-up time
• Connectionless/always on
• Quality of Service
• Typ. Best effort, no guarantees
(unless polling is used, limited
support in products)
• Manageability
• Limited (no automated key
distribution, sym. Encryption)
• Special
Advantages/Disadvantages
• Advantage: many installed
systems, lot of experience,
available worldwide, free ISM-
band, many vendors, integrated
in laptops, simple system
• Disadvantage: heavy
interference on ISM-band, no
service guarantees, slow relative
speed only

7.34
IEEE 802.11b – PHY frame formats
synchronization SFD signal service HEC payload
length
16
192 µs at 1 Mbit/s DBPSK 1, 2, 5.5 or 11 Mbit/s
short synch. SFD signal service HEC payload
PLCP preamble
(1 Mbit/s, DBPSK)
PLCP header
(2 Mbit/s, DQPSK)
length
16
96 µs 2, 5.5 or 11 Mbit/s
Long PLCP PPDU format
Short PLCP PPDU format (optional)

7.35
Channel selection (non-overlapping)
2400
[MHz]
2412 2483.5
2442 2472
channel 1 channel 7 channel 13
Europe (ETSI)
US (FCC)/Canada (IC)
2400
[MHz]
2412 2483.5
2437 2462
channel 1 channel 6 channel 11
22 MHz
22 MHz

7.36
WLAN: IEEE 802.11a
• Data rate
• 6, 9, 12, 18, 24, 36, 48, 54
Mbit/s, depending on SNR
• User throughput (1500 byte
packets): 5.3 (6), 18 (24), 24
(36), 32 (54)
• 6, 12, 24 Mbit/s mandatory
• 100m outdoor, 10m indoor
• E.g., 54 Mbit/s up to 5 m, 48 up
to 12 m, 36 up to 25 m, 24 up to
30m, 18 up to 40 m, 12 up to 60
m
• Frequency
• Free 5.15-5.25, 5.25-5.35,
5.725-5.825 GHz ISM-band
• Security
• Limited, WEP insecure, SSID
• Availability
• Some products, some vendors
• Connectionless/always on
• Typ. best effort, no guarantees
(same as all 802.11 products)
• Manageability
• Limited (no automated key
distribution, sym. Encryption)
• Special
• Advantage: fits into 802.x
standards, free ISM-band,
available, simple system, uses
less crowded 5 GHz band
• Disadvantage: stronger shading
due to higher frequency, no QoS

7.37
IEEE 802.11a – PHY frame format
rate service payload
variable bits
6 Mbit/s
PLCP preamble signal data
symbols
12 1 variable
reserved length tail
parity tail pad
6
16
6
1
12
1
4 variable
6, 9, 12, 18, 24, 36, 48, 54 Mbit/s
PLCP header

7.38
Operating channels of 802.11a in
Europe
5150 [MHz]
5180 5350
5200
36 44
16.6 MHz
center frequency =
5000 + 5*channel number [MHz]
channel
40 48 52 56 60 64
5220 5240 5260 5280 5300 5320
5470
[MHz]
5500 5725
5520
100 108
16.6 MHz
channel
104 112 116 120 124 128
5540 5560 5580 5600 5620 5640
132 136 140
5660 5680 5700

7.39
Operating channels for 802.11a / US
U-NII
5150 [MHz]
5180 5350
5200
36 44
16.6 MHz
center frequency =
5000 + 5*channel number [MHz]
channel
40 48 52 56 60 64
149 153 157 161
5220 5240 5260 5280 5300 5320
5725 [MHz]
5745 5825
5765
16.6 MHz
channel
5785 5805

7.40
OFDM in IEEE 802.11a
• OFDM with 52 used subcarriers (64 in total)
• 48 data + 4 pilot
• (plus 12 virtual subcarriers)
• 312.5 kHz spacing
subcarrier
number
1 7 21 26
-26 -21 -7 -1
channel center frequency
312.5 kHz
pilot

7.41
WLAN: IEEE 802.11 – current
developments (06/2009)
• 802.11c: Bridge Support
• Definition of MAC procedures to support bridges as extension to 802.1D
• 802.11d: Regulatory Domain Update
• Support of additional regulations related to channel selection, hopping sequences
• 802.11e: MAC Enhancements – QoS
• Enhance the current 802.11 MAC to expand support for applications with Quality of
Service requirements, and in the capabilities and efficiency of the protocol
• Definition of a data flow (“connection”) with parameters like rate, burst, period…
supported by HCCA (HCF (Hybrid Coordinator Function) Controlled Channel Access,
optional)
• Additional energy saving mechanisms and more efficient retransmission
• EDCA (Enhanced Distributed Channel Access): high priority traffic waits less for
channel access
• 802.11F: Inter-Access Point Protocol (withdrawn)
• Establish an Inter-Access Point Protocol for data exchange via the distribution system
• 802.11g: Data Rates > 20 Mbit/s at 2.4 GHz; 54 Mbit/s, OFDM
• Successful successor of 802.11b, performance loss during mixed operation with .11b
• 802.11h: Spectrum Managed 802.11a
• Extension for operation of 802.11a in Europe by mechanisms like channel
measurement for dynamic channel selection (DFS, Dynamic Frequency Selection) and
power control (TPC, Transmit Power Control)
• 802.11i: Enhanced Security Mechanisms
• Enhance the current 802.11 MAC to provide improvements in security.
• TKIP enhances the insecure WEP, but remains compatible to older WEP systems
• AES provides a secure encryption method and is based on new hardware

7.42
WLAN: IEEE 802.11– current
• 802.11j: Extensions for operations in Japan
• Changes of 802.11a for operation at 5GHz in Japan using only half the channel width at
larger range
• 802.11-2007: Current “complete” standard
• Comprises amendments a, b, d, e, g, h, i, j
• 802.11k: Methods for channel measurements
• Devices and access points should be able to estimate channel quality in order to be
able to choose a better access point of channel
• 802.11m: Updates of the 802.11-2007 standard
• 802.11n: Higher data rates above 100Mbit/s
• Changes of PHY and MAC with the goal of 100Mbit/s at MAC SAP
• MIMO antennas (Multiple Input Multiple Output), up to 600Mbit/s are currently feasible
• However, still a large overhead due to protocol headers and inefficient mechanisms
• 802.11p: Inter car communications
• Communication between cars/road side and cars/cars
• Planned for relative speeds of min. 200km/h and ranges over 1000m
• Usage of 5.850-5.925GHz band in North America
• 802.11r: Faster Handover between BSS
• Secure, fast handover of a station from one AP to another within an ESS
• Current mechanisms (even newer standards like 802.11i) plus incompatible devices
from different vendors are massive problems for the use of, e.g., VoIP in WLANs
• Handover should be feasible within 50ms in order to support multimedia applications
efficiently

7.43
WLAN: IEEE 802.11– current
• 802.11s: Mesh Networking
• Design of a self-configuring Wireless Distribution System (WDS) based on
802.11
• Support of point-to-point and broadcast communication across several hops
• 802.11T: Performance evaluation of 802.11 networks
• Standardization of performance measurement schemes
• 802.11u: Interworking with additional external networks
• 802.11v: Network management
• Extensions of current management functions, channel measurements
• Definition of a unified interface
• 802.11w: Securing of network control
• Classical standards like 802.11, but also 802.11i protect only data frames, not
the control frames. Thus, this standard should extend 802.11i in a way that, e.g.,
no control frames can be forged.
• 802.11y: Extensions for the 3650-3700 MHz band in the USA
• 802.11z: Extension to direct link setup
• 802.11aa: Robust audio/video stream transport
• 802.11ac: Very High Throughput <6Ghz
• 802.11ad: Very High Throughput in 60 GHz
• Note: Not all “standards” will end in products, many ideas get stuck at
working group level
• Info: www.ieee802.org/11/, 802wirelessworld.com,
standards.ieee.org/getieee802/

7.44
Bluetooth
• Basic idea
• Universal radio interface for ad-hoc wireless connectivity
• Interconnecting computer and peripherals, handheld devices,
PDAs, cell phones – replacement of IrDA
• Embedded in other devices, goal: 5€/device (already < 1€)
• Short range (10 m), low power consumption, license-free
2.45 GHz ISM
• Voice and data transmission, approx. 1 Mbit/s gross data
rate
One of the first modules (Ericsson).

7.45
Bluetooth
• History
• 1994: Ericsson (Mattison/Haartsen), “MC-link” project
• Renaming of the project: Bluetooth according to Harald “Blåtand”
Gormsen [son of Gorm], King of Denmark in the 10th century
• 1998: foundation of Bluetooth SIG, www.bluetooth.org
• 1999: erection of a rune stone at Ercisson/Lund ;-)
• 2001: first consumer products for mass market, spec. version 1.1
released
• 2005: 5 million chips/week
• Special Interest Group
• Original founding members: Ericsson, Intel, IBM, Nokia, Toshiba
• Added promoters: 3Com, Agere (was: Lucent), Microsoft, Motorola
• > 10000 members
• Common specification and certification of products
(was: )

7.46
History and hi-tech…
1999:
Ericsson mobile
communications AB
reste denna sten till
minne av Harald
Blåtand, som fick ge
sitt namn åt en ny
teknologi för trådlös,
mobil kommunikation.

7.47
…and the real rune stone
Located in Jelling, Denmark,
erected by King Harald “Blåtand”
in memory of his parents.
The stone has three sides – one side
showing a picture of Christ.
This could be the “original” colors
of the stone.
Inscription:
“auk tani karthi kristna” (and
made the Danes Christians)
Inscription:
"Harald king executes these sepulchral
monuments after Gorm, his father and
Thyra, his mother. The Harald who won the
whole of Denmark and Norway and turned
the Danes to Christianity."
Btw: Blåtand means “of dark complexion”
(not having a blue tooth…)

7.48
Characteristics
• 2.4 GHz ISM band, 79 (23) RF channels, 1 MHz carrier spacing
• Channel 0: 2402 MHz … channel 78: 2480 MHz
• G-FSK modulation, 1-100 mW transmit power
• FHSS and TDD
• Frequency hopping with 1600 hops/s
• Hopping sequence in a pseudo random fashion, determined by a
master
• Time division duplex for send/receive separation
• Voice link – SCO (Synchronous Connection Oriented)
• FEC (forward error correction), no retransmission, 64 kbit/s duplex,
point-to-point, circuit switched
• Data link – ACL (Asynchronous ConnectionLess)
• Asynchronous, fast acknowledge, point-to-multipoint, up to 433.9
kbit/s symmetric or 723.2/57.6 kbit/s asymmetric, packet switched
• Topology
• Overlapping piconets (stars) forming a scatternet

7.49
Piconet
• Collection of devices connected in an ad
hoc fashion
• One unit acts as master and the others
as slaves for the lifetime of the piconet
• Master determines hopping pattern,
slaves have to synchronize
• Each piconet has a unique hopping
pattern
• Participation in a piconet =
synchronization to hopping sequence
• Each piconet has one master and up to 7
simultaneous slaves (> 200 could be
parked)
M=Master
S=Slave
P=Parked
SB=Standby
M
S
P
SB
S
S
P
P
SB

7.50
Forming a piconet
• All devices in a piconet hop together
• Master gives slaves its clock and device ID
• Hopping pattern: determined by device ID (48 bit, unique
worldwide)
• Phase in hopping pattern determined by clock
• Addressing
• Active Member Address (AMA, 3 bit)
• Parked Member Address (PMA, 8 bit)
SB
SB
SB
SB
SB
SB
SB
SB
SB
M
S
P
SB
S
S
P
P
SB



















7.51
Scatternet
• Linking of multiple co-located piconets through the
sharing of common master or slave devices
• Devices can be slave in one piconet and master of another
• Communication between piconets
• Devices jumping back and forth between the piconets
M=Master
S=Slave
P=Parked
SB=Standby
M
S
P
SB
S
S
P
P
SB
M
S
S
P
SB
Piconets
(each with a
capacity of
720 kbit/s)

7.52
Bluetooth protocol stack
Radio
Baseband
Link Manager
Control
Host
Controller
Interface
Logical Link Control and Adaptation Protocol (L2CAP)
Audio
TCS BIN SDP
OBEX
vCal/vCard
IP
NW apps.
TCP/UDP
BNEP
RFCOMM (serial line interface)
AT modem
commands
telephony apps.
audio apps. mgmnt. apps.
AT: attention sequence
OBEX: object exchange
TCS BIN: telephony control protocol specification – binary
BNEP: Bluetooth network encapsulation protocol
SDP: service discovery protocol
RFCOMM: radio frequency comm.
PPP

7.53
S
Frequency selection during data
transmission
fk
625 µs
fk+1 fk+2 fk+3 fk+4
fk+3 fk+4
fk
fk
fk+5
fk+5
fk+1 fk+6
fk+6
fk+6
M
M M M
M
M M
M M
t
t
t
S S
S S
S

7.54
Baseband
• Piconet/channel definition
• Low-level packet definition
• Access code
• Channel, device access, e.g., derived from master
• Packet header
• 1/3-FEC, active member address (broadcast + 7 slaves), link
type, alternating bit ARQ/SEQ, checksum
access code packet header payload
68(72) 54 0-2745 bits
AM address type flow ARQN SEQN HEC
3 4 1 1 1 8 bits
preamble sync. (trailer)
4 64 (4)

7.55
SCO payload types
payload (30)
audio (30)
audio (10)
audio (10)
HV3
HV2
HV1
DV
FEC (20)
audio (20) FEC (10)
header (1) payload (0-9) 2/3 FEC CRC (2)
(bytes)

7.56
ACL Payload types
payload (0-343)
header (1/2) payload (0-339) CRC (2)
header (1) payload (0-17) 2/3 FEC
header (1) payload (0-27)
DH5
DM5
DH3
DM3
DH1
DM1
AUX1
CRC (2)
CRC (2)
CRC (2)
CRC (2)
CRC (2)
CRC (2)
(bytes)

7.57
Baseband data rates
Payload User Symmetric Asymmetric
Header Payload max. Rate max. Rate [kbit/s]
Type [byte] [byte] FEC CRC [kbit/s] Forward Reverse
DM1 1 0-17 2/3 yes 108.8 108.8 108.8
DH1 1 0-27 no yes 172.8 172.8 172.8
DM3 2 0-121 2/3 yes 258.1 387.2 54.4
DH3 2 0-183 no yes 390.4 585.6 86.4
DM5 2 0-224 2/3 yes 286.7 477.8 36.3
DH5 2 0-339 no yes 433.9 723.2 57.6
AUX1 1 0-29 no no 185.6 185.6 185.6
HV1 na 10 1/3 no 64.0
HV2 na 20 2/3 no 64.0
HV3 na 30 no no 64.0
DV 1 D 10+(0-9) D 2/3 D yes D 64.0+57.6 D
ACL
1 slot
3 slot
5 slot
SCO
Data Medium/High rate, High-quality Voice, Data and Voice

7.58
Baseband link types
• Polling-based TDD packet transmission
• 625µs slots, master polls slaves
• SCO (Synchronous Connection Oriented) – Voice
• Periodic single slot packet assignment, 64 kbit/s full-duplex, point-
to-point
• ACL (Asynchronous ConnectionLess) – Data
• Variable packet size (1, 3, 5 slots), asymmetric bandwidth, point-
to-multipoint
MASTER
SLAVE 1
SLAVE 2
f6
f0
f1 f7
f12
f13 f19
f18
SCO SCO SCO SCO
ACL
f5 f21
f4 f20
ACL
ACL
f8
f9
f17
f14
ACL

7.59
Robustness
• Slow frequency hopping with hopping patterns determined by a
master
• Protection from interference on certain frequencies
• Separation from other piconets (FH-CDMA)
• Retransmission
• ACL only, very fast
• Forward Error Correction
• SCO and ACL
MASTER
SLAVE 1
SLAVE 2
A C C H
F
G G
B D E
NAK ACK
Error in payload
(not header!)

7.60
Baseband states of a Bluetooth
device
standby
inquiry page
connected
AMA
transmit
AMA
park
PMA
hold
AMA
sniff
AMA
unconnected
connecting
active
low power
Standby: do nothing
Inquire: search for other devices
Page: connect to a specific device
Connected: participate in a piconet
detach
Park: release AMA, get PMA
Sniff: listen periodically, not each slot
Hold: stop ACL, SCO still possible, possibly
participate in another piconet

7.61
Example: Power consumption/CSR
BlueCore2
• Typical Average Current Consumption1
• VDD=1.8V Temperature = 20°C
• Mode
• SCO connection HV3 (1s interval Sniff Mode) (Slave) 26.0 mA
• SCO connection HV3 (1s interval Sniff Mode) (Master) 26.0 mA
• SCO connection HV1 (Slave) 53.0 mA
• SCO connection HV1 (Master) 53.0 mA
• ACL data transfer 115.2kbps UART (Master) 15.5 mA
• ACL data transfer 720kbps USB (Slave) 53.0 mA
• ACL data transfer 720kbps USB (Master) 53.0 mA
• ACL connection, Sniff Mode 40ms interval, 38.4kbps UART 4.0 mA
• ACL connection, Sniff Mode 1.28s interval, 38.4kbps UART 0.5 mA
• Parked Slave, 1.28s beacon interval, 38.4kbps UART 0.6 mA
• Standby Mode (Connected to host, no RF activity) 47.0 µA
• Deep Sleep Mode2 20.0 µA
• Notes:
• 1 Current consumption is the sum of both BC212015A and the
flash.
• 2 Current consumption is for the BC212015A device only.

7.62
Example: Bluetooth/USB adapter (2002:
50€, today: some cents if integrated)

7.63
L2CAP - Logical Link Control and
Adaptation Protocol
• Simple data link protocol on top of baseband
• Connection oriented, connectionless, and signaling channels
• Protocol multiplexing
• RFCOMM, SDP, telephony control
• Segmentation & reassembly
• Up to 64kbyte user data, 16 bit CRC used from baseband
• QoS flow specification per channel
• Follows RFC 1363, specifies delay, jitter, bursts, bandwidth
• Group abstraction
• Create/close group, add/remove member

7.64
L2CAP logical channels
baseband
L2CAP
baseband
L2CAP
baseband
L2CAP
Slave Slave
Master
ACL
2 d 1 d d 1 1 d 2
1
signalling connectionless connection-oriented
d d d

7.65
L2CAP packet formats
length
2 bytes
CID=2
2
PSM
2
payload
0-65533
length
2 bytes
CID
2
payload
0-65535
length
2 bytes
CID=1
2
One or more commands
Connectionless PDU
Connection-oriented PDU
Signalling command PDU
code ID length data
1 1 2 0

7.66
Security
E3
E2
link key (128 bit)
encryption key (128 bit)
payload key
Keystream generator
Data Data
Cipher data
Authentication key generation
(possibly permanent storage)
Encryption key generation
(temporary storage)
PIN (1-16 byte)
User input (initialization)
Pairing
Authentication
Encryption
Ciphering
E3
E2
link key (128 bit)
encryption key (128 bit)
payload key
Keystream generator
PIN (1-16 byte)

7.67
SDP – Service Discovery Protocol
• Inquiry/response protocol for discovering services
• Searching for and browsing services in radio proximity
• Adapted to the highly dynamic environment
• Can be complemented by others like SLP, Jini, Salutation, …
• Defines discovery only, not the usage of services
• Caching of discovered services
• Gradual discovery
• Service record format
• Information about services provided by attributes
• Attributes are composed of an 16 bit ID (name) and a value
• values may be derived from 128 bit Universally Unique
Identifiers (UUID)

7.68
Additional protocols to support legacy
protocols/apps.
• RFCOMM
• Emulation of a serial port (supports a large base of legacy
applications)
• Allows multiple ports over a single physical channel
• Telephony Control Protocol Specification (TCS)
• Call control (setup, release)
• Group management
• OBEX
• Exchange of objects, IrDA replacement
• WAP
• Interacting with applications on cellular phones

7.69
Profiles
• Represent default solutions for a certain usage model
• Vertical slice through the protocol stack
• Basis for interoperability
• Generic Access Profile
• Service Discovery Application Profile
• Cordless Telephony Profile
• Intercom Profile
• Serial Port Profile
• Headset Profile
• Dial-up Networking Profile
• Fax Profile
• LAN Access Profile
• Generic Object Exchange Profile
• Object Push Profile
• File Transfer Profile
• Synchronization Profile
Additional Profiles
Advanced Audio Distribution
PAN
Audio Video Remote Control
Basic Printing
Basic Imaging
Extended Service Discovery
Generic Audio Video Distribution
Hands Free
Hardcopy Cable Replacement
Profiles
Protocols
Applications

7.70
Bluetooth versions
• Bluetooth 1.1
• also IEEE Standard 802.15.1-2002
• initial stable commercial standard
• Bluetooth 1.2
• also IEEE Standard 802.15.1-2005
• eSCO (extended SCO): higher, variable bitrates, retransmission
for SCO
• AFH (adaptive frequency hopping) to avoid interference
• Bluetooth 2.0 + EDR (2004, no more IEEE)
• EDR (enhanced date rate) of 3.0 Mbit/s for ACL and eSCO
• lower power consumption due to shorter duty cycle
• Bluetooth 2.1 + EDR (2007)
• better pairing support, e.g. using NFC
• improved security
• Bluetooth 3.0 + HS (2009)
• Bluetooth 2.1 + EDR + IEEE 802.11a/g = 54 Mbit/s

7.71
WPAN: IEEE 802.15.1 – Bluetooth
• Data rate
• Synchronous, connection-
oriented: 64 kbit/s
• Asynchronous, connectionless
• 433.9 kbit/s symmetric
• 723.2 / 57.6 kbit/s asymmetric
• POS (Personal Operating Space)
up to 10 m
• with special transceivers up to
100 m
• Frequency
• Free 2.4 GHz ISM-band
• Security
• Challenge/response (SAFER+),
hopping sequence
• Availability
• Integrated into many products,
several vendors
• Depends on power-mode
• Max. 2.56s, avg. 0.64s
• Guarantees, ARQ/FEC
• Manageability
• Public/private keys needed, key
management not specified,
simple system integration
• Special
• Advantage: already integrated
into several products, available
worldwide, free ISM-band,
several vendors, simple system,
simple ad-hoc networking, peer
to peer, scatternets
• Disadvantage: interference on
ISM-band, limited range, max. 8
active devices/network, high
set-up latency

7.72
WPAN: IEEE 802.15 – future
developments 1
• 802.15.2: Coexistance
• Coexistence of Wireless Personal Area Networks (802.15)
and Wireless Local Area Networks (802.11), quantify the
mutual interference
• 802.15.3: High-Rate
• Standard for high-rate (20Mbit/s or greater) WPANs, while
still low-power/low-cost
• Data Rates: 11, 22, 33, 44, 55 Mbit/s
• Quality of Service isochronous protocol
• Ad hoc peer-to-peer networking
• Security
• Low power consumption
• Low cost
• Designed to meet the demanding requirements of portable
consumer imaging and multimedia applications

7.73
developments 2
• Several working groups extend the 802.15.3 standard
• 802.15.3a: - withdrawn -
• Alternative PHY with higher data rate as extension to 802.15.3
• Applications: multimedia, picture transmission
• 802.15.3b:
• Enhanced interoperability of MAC
• Correction of errors and ambiguities in the standard
• 802.15.3c:
• Alternative PHY at 57-64 GHz
• Goal: data rates above 2 Gbit/s
• Not all these working groups really create a standard, not all
standards will be found in products later …

7.74
developments 3
• 802.15.4: Low-Rate, Very Low-Power
• Low data rate solution with multi-month to multi-year battery life
and very low complexity
• Potential applications are sensors, interactive toys, smart badges,
remote controls, and home automation
• Data rates of 20-250 kbit/s, latency down to 15 ms
• Master-Slave or Peer-to-Peer operation
• Up to 254 devices or 64516 simpler nodes
• Support for critical latency devices, such as joysticks
• CSMA/CA channel access (data centric), slotted (beacon) or
unslotted
• Automatic network establishment by the PAN coordinator
• Dynamic device addressing, flexible addressing format
• Fully handshaked protocol for transfer reliability
• Power management to ensure low power consumption
• 16 channels in the 2.4 GHz ISM band, 10 channels in the 915 MHz
US ISM band and one channel in the European 868 MHz band
• Basis of the ZigBee technology – www.zigbee.org

7.75
ZigBee
• Relation to 802.15.4 similar to Bluetooth / 802.15.1
• Pushed by Chipcon (now TI), ember, freescale (Motorola),
Honeywell, Mitsubishi, Motorola, Philips, Samsung…
• More than 260 members
• about 15 promoters, 133 participants, 111 adopters
• must be member to commercially use ZigBee spec
• ZigBee platforms comprise
• IEEE 802.15.4 for layers 1 and 2
• ZigBee protocol stack up to the applications

7.76
developments 4
• 802.15.4a:
• Alternative PHY with lower data rate as extension to 802.15.4
• Properties: precise localization (< 1m precision), extremely low power
consumption, longer range
• Two PHY alternatives
• UWB (Ultra Wideband): ultra short pulses, communication and localization
• CSS (Chirp Spread Spectrum): communication only
• 802.15.4b, c, d, e, f, g:
• Extensions, corrections, and clarifications regarding 802.15.4
• Usage of new bands, more flexible security mechanisms
• RFID, smart utility neighborhood (high scalability)
• 802.15.5: Mesh Networking
• Partial meshes, full meshes
• Range extension, more robustness, longer battery live
• 802.15.6: Body Area Networks
• Low power networks e.g. for medical or entertainment use
• 802.15.7: Visible Light Communication
• Not all these working groups really create a standard, not all standards will
be found in products later …

7.77
Some more IEEE standards for mobile
communications
• IEEE 802.16: Broadband Wireless Access / WirelessMAN /
WiMax
• Wireless distribution system, e.g., for the last mile, alternative to
DSL
• 75 Mbit/s up to 50 km LOS, up to 10 km NLOS; 2-66 GHz band
• Initial standards without roaming or mobility support
• 802.16e adds mobility support, allows for roaming at 150 km/h
• IEEE 802.20: Mobile Broadband Wireless Access (MBWA)
• Licensed bands < 3.5 GHz, optimized for IP traffic
• Peak rate > 1 Mbit/s per user
• Different mobility classes up to 250 km/h and ranges up to 15 km
• Relation to 802.16e unclear
• IEEE 802.21: Media Independent Handover Interoperability
• Standardize handover between different 802.x and/or non 802
networks
• IEEE 802.22: Wireless Regional Area Networks (WRAN)
• Radio-based PHY/MAC for use by license-exempt devices on a non-
interfering basis in spectrum that is allocated to the TV Broadcast
Service

7.78
RF Controllers – ISM bands
• Data rate
• Typ. up to 115 kbit/s (serial
interface)
• 5-100 m, depending on power
(typ. 10-500 mW)
• Frequency
• Typ. 27 (EU, US), 315 (US), 418
(EU), 426 (Japan), 433 (EU),
868 (EU), 915 (US) MHz
(depending on regulations)
• Security
• Some products with added
processors
• Cost
• Cheap: 10€-50€
• Availability
• Many products, many vendors
• N/A
• none
• Manageability
• Very simple, same as serial
interface
• Special
• Advantage: very low cost, large
experience, high volume
available
• Disadvantage: no QoS, crowded
ISM bands (particularly 27 and
433 MHz), typ. no Medium
Access Control, 418 MHz
experiences interference with
TETRA

7.79
RFID – Radio Frequency Identification
(1)
• Data rate
• Transmission of ID only (e.g., 48
bit, 64kbit, 1 Mbit)
• 9.6 – 115 kbit/s
• Passive: up to 3 m
• Active: up to 30-100 m
• Simultaneous detection of up to,
e.g., 256 tags, scanning of, e.g.,
40 tags/s
• Frequency
• 125 kHz, 13.56 MHz, 433 MHz,
2.4 GHz, 5.8 GHz and many
others
• Security
• Application dependent, typ. no
crypt. on RFID device
• Cost
• Very cheap tags, down to 1€
(passive)
• Availability
• Many products, many vendors
• Depends on product/medium
access scheme (typ. 2 ms per
device)
• none
• Manageability
• Very simple, same as serial
interface
• Special
• Advantage: extremely low cost,
large experience, high volume
available, no power for passive
RFIDs needed, large variety of
products, relative speeds up to
300 km/h, broad temp. range
• Disadvantage: no QoS, simple
denial of service, crowded ISM
bands, typ. one-way (activation/
transmission of ID)

7.80
(2)
• Function
• Standard: In response to a radio interrogation signal from a
reader (base station) the RFID tags transmit their ID
• Enhanced: additionally data can be sent to the tags, different
media access schemes (collision avoidance)
• Features
• No line-of sight required (compared to, e.g., laser scanners)
• RFID tags withstand difficult environmental conditions
(sunlight, cold, frost, dirt etc.)
• Products available with read/write memory, smart-card
capabilities
• Categories
• Passive RFID: operating power comes from the reader over
the air which is feasible up to distances of 3 m, low price
(1€)
• Active RFID: battery powered, distances up to 100 m

7.81
(3)
• Applications
• Total asset visibility: tracking of goods during
manufacturing, localization of pallets, goods etc.
• Loyalty cards: customers use RFID tags for payment at, e.g.,
gas stations, collection of buying patterns
• Automated toll collection: RFIDs mounted in windshields
allow commuters to drive through toll plazas without
stopping
• Others: access control, animal identification, tracking of
hazardous material, inventory control, warehouse
management, ...
• Local Positioning Systems
• GPS useless indoors or underground, problematic in cities
with high buildings
• RFID tags transmit signals, receivers estimate the tag
location by measuring the signal‘s time of flight

7.82
(4)
• Security
• Denial-of-Service attacks are always possible
• Interference of the wireless transmission, shielding of
transceivers
• IDs via manufacturing or one time programming
• Key exchange via, e.g., RSA possible, encryption via, e.g.,
AES
• Future Trends
• RTLS: Real-Time Locating System – big efforts to make total
asset visibility come true
• Integration of RFID technology into the manufacturing,
distribution and logistics chain
• Creation of „electronic manifests“ at item or package level
(embedded inexpensive passive RFID tags)
• 3D tracking of children, patients

7.83
(5)
• Relevant Standards
• American National Standards Institute
• ANSI, www.ansi.org, www.aimglobal.org/standards/rfidstds/ANSIT6.html
• Automatic Identification and Data Capture Techniques
• JTC 1/SC 31, www.uc-council.com/sc31/home.htm,
www.aimglobal.org/standards/rfidstds/sc31.htm
• European Radiocommunications Office
• ERO, www.ero.dk, www.aimglobal.org/standards/rfidstds/ERO.htm
• European Telecommunications Standards Institute
• ETSI, www.etsi.org, www.aimglobal.org/standards/rfidstds/ETSI.htm
• Identification Cards and related devices
• JTC 1/SC 17, www.sc17.com, www.aimglobal.org/standards/rfidstds/sc17.htm,
• Identification and communication
• ISO TC 104 / SC 4, www.autoid.org/tc104_sc4_wg2.htm,
www.aimglobal.org/standards/rfidstds/TC104.htm
• Road Transport and Traffic Telematics
• CEN TC 278, www.nni.nl, www.aimglobal.org/standards/rfidstds/CENTC278.htm
• Transport Information and Control Systems
• ISO/TC204, www.sae.org/technicalcommittees/gits.htm,
www.aimglobal.org/standards/rfidstds/ISOTC204.htm

7.84
(6)
• ISO Standards
• ISO 15418
• MH10.8.2 Data Identifiers
• EAN.UCC Application Identifiers
• ISO 15434 - Syntax for High Capacity ADC Media
• ISO 15962 - Transfer Syntax
• ISO 18000
• Part 2, 125-135 kHz
• Part 3, 13.56 MHz
• Part 4, 2.45 GHz
• Part 5, 5.8 GHz
• Part 6, UHF (860-930 MHz, 433 MHz)
• ISO 18047 - RFID Device Conformance Test Methods
• ISO 18046 - RF Tag and Interrogator Performance Test
Methods

7.85
ISM band interference
• Many sources of interference
• Microwave ovens, microwave lighting
• 802.11, 802.11b, 802.11g, 802.15, …
• Even analog TV transmission, surveillance
• Unlicensed metropolitan area networks
• …
• Levels of interference
• Physical layer: interference acts like noise
• Spread spectrum tries to minimize this
• FEC/interleaving tries to correct
• MAC layer: algorithms not harmonized
• E.g., Bluetooth might confuse 802.11
OLD
© Fusion Lighting, Inc.,
now used by LG as
Plasma Lighting System
NEW

7.86
• Bluetooth may act like a rogue member of the 802.11 network
• Does not know anything about gaps, inter frame spacing etc.
• IEEE 802.15-2 discusses these problems
• Proposal: Adaptive Frequency Hopping
• a non-collaborative Coexistence Mechanism
• Real effects? Many different opinions, publications, tests,
formulae, …
• Results from complete breakdown to almost no effect
• Bluetooth (FHSS) seems more robust than 802.11b (DSSS)
802.11 vs.(?) 802.15/Bluetooth
t
f [MHz]
2402
2480 802.11b
3 channels
(separated by
installation)
ACK
DIFS
DIFS
SIFS
1000 byte
SIFS
DIFS
500 byte ACK
DIFS
500 byte
SIFS
ACK
DIFS
500 byte
DIFS
100
byte
SIFS
ACK
DIFS
100
byte SIFS
ACK
DIFS
100
byte
SIFS
ACK
DIFS
100
byte
SIFS
ACK
DIFS
100
byte
SIFS
ACK
802.15.1
79 channels
(separated by
hopping pattern)

Wireless Local area network issues all perfect wireless engineering

More Related Content

Similar to Wireless Local area network issues all perfect wireless engineering (20)

Recently uploaded (20)

Wireless Local area network issues all perfect wireless engineering

Editor's Notes