Sunday, July 2, 2017

Wireless Communication Protocols

There are many different kinds of technologies that allow for the wireless transmission of digital information through the air. These include Wi-Fi, Bluetooth, infrared, and cellular.


The most well known is the 802.11 family of protocols, more commonly known as Wi-Fi. In a typical Wi-Fi setup, all computers connect to a central device called a WAP (wireless access point). WAP is the technical term for “wireless router”. Every wireless network has a service set identifier (SSID), which is a human-readable name for the network. The SSID is what appears when you search for available wireless networks in your device's Wi-Fi settings. The WAP broadcasts the SSID so new devices can find and connect to the network.

For small buildings, like a SOHO (small office/home office) environment, only one WAP is needed because its signal can reach all or most parts of the building. This is referred to as a Basic Service Set (BSS). However, larger buildings cannot make due with just a single WAP. In this situation, multiple WAPs are strategically placed throughout the building, and are joined together into an Extended Basic Service Set (EBSS). In a EBSS, all the WAPs have the same SSID, so as you roam around the building, your device automatically switches WAPs based on whichever has the strongest signal.

Securing your WAP

Hiding the SSID: It's possible to configure a WAP to not broadcast its SSID, which helps prevent unauthorized people from accessing it.

Enabling MAC address filtering: Every computer device has something called a MAC address, which is a 48-bit, globally unique identifier. You can provide your WAP with the MAC addresses of all your devices so that no other devices are allowed to connect.

Changing the admin password: Many WAPs leave the factory with identical administrator passwords. Change it! The administrator password is used to access the configuration settings of the WAP (usually through a web interface), so it's important to have a strong and unique password.

Controlling physical access: Many WAPs have a handful of Ethernet ports on them. Connecting a computer to one of these ports bypasses all the wireless security that is in place, so you should either disable these ports or place your WAP in a location that only authorized personnel can access. Also, when you buy internet service for your home, the ISP often provides you with a WAP that has the Wi-Fi and administrator passwords stamped onto the case. So if you don't want to change them, make sure the WAP isn't in a place that can be seen by strangers (like your window sill!).

Ad Hoc Mode

Connecting to a wireless network through a WAP is referred to as “infrastructure mode”. But it's interesting to note that a WAP isn't required to network computers wirelessly. In “ad hoc mode” (also sometimes referred to as “peer-to-peer mode”), computers connect directly with each other to form an Independent Basic Service Set (IBSS). This is useful if a WAP isn't available and the number of computers you need to network is small.


The antenna most commonly used by WAPs and computer devices is a dipole antenna, which is a type of omni-directional antenna. They look like a stick but actually have two antennas inside them. Some WAPs have detachable antennas, which gives you the option of installing larger, more powerful ones.

Signal strength (called “gain”) is measured in decibels (dB). Most WAPs broadcast at around 2 dB, and some let you adjust this. You might think that the higher the gain, the better, but not always. Lowering the gain to an amount that just barely covers your building will prevent your neighbors from being able to connect to your network. This also does your neighbors a favor because it lowers the amount of RFI (radio frequency interference) that their wireless networks will have to contend with.

The orientation of the antenna matters. This is called polarization. If an antenna is standing straight up, it has a vertical alignment. If it is laying flat, it has a horizontal alignment. Since the antenna in your laptop is located in the lid next to the screen, it generally has a vertical alignment when the lid is open. In order to communicate effectively, the antennas of the computer and the WAP must have similar polarities. It's good practice to tilt the WAP's antenna to a 45 degree angle to accommodate the largest variety of polarities.

Wi-Fi Security Protocols

Because all communication is traveling through the air, anyone with the right equipment and skills can intercept this communication and read it—just like tuning your car radio to a radio station. Unlike radio broadcasts, the information that travels through Wi-Fi networks can be very sensitive. To help protect your privacy, various security protocols have been released over the years.

WEP. Created in 1997, this protocol encrypts all communication with 40- or 104-bit encryption. And it was not very secure. For one, it uses the same encryption key to encrypt all communication with all client computers, which makes it possible for a single computer to listen in on everyone else's communication. And in 2001, a serious encryption flaw was discovered which allowed a WEP key to be cracked in minutes. WEP was officially retired in 2003 and replaced by WPA.

WPA. This protocol corrects WEP's weakness of using a single encryption key by changing the encryption key for every packet of data that is transmitted (called TKIP). The encryption key size was also increased to 64- or 128-bits. And it includes a feature which prevents malicious clients from altering and resending data packets. WPA was only intended for temporary use until the WPA2 standard was finalized.

WPA2. Finalized in 2006, WPA2 includes all of the improvements that WPA brought to the table, as well as an improved encryption algorithm called AES. AES is a very strong algorithm that no one has been able to find a significant flaw in (yet). In fact, the U.S. government approved it to be used for transmitting classified information in 2003. WPA2 is currently the most secure wireless security standard, and it's what all your devices should be using. WAPs that support “mixed-mode” allow devices to connect using either WPA or WPA2 (for older devices that do not support WPA2).

WPS. What if you want to connect a device like a printer or scanner to your Wi-Fi network? Because these devices often lack display screens, how are you supposed to give it the SSID and password of your Wi-Fi network? Enter WPS. It allows you to connect a device to a network with as little as two button presses. First, you press the WPS button on the device. Then, you press the WPS button on the WPA (your WPA must support WPS). And bingo, it's connected. However, it has a major security flaw. It also allows you to connect devices to it using an eight-digit code, which an attacker could use to brute force his way into the network. Therefore, security experts recommend that you turn WPS off if your WAP supports it.

Sidenote: HTTPS

You might be nervous about transmitting sensitive information over a wireless network, especially if it is a public Wi-Fi network, like the one at Starbucks or your favorite coffee shop—AND YOU SHOULD BE! Even if the network uses the best possible encryption standard (WPA2), not only could someone theoretically discover a flaw at any time and start intercepting your data, but the owners of the WAP could theoretically configure their WAP to intercept and log all information that travels through it! Or, attackers could set up their own WAP within range of the legitimate WAP and configure their WAP to broadcast an SSID which is identical to that of the legitimate WAP, causing your device to connect to the attacker's WAP instead of to the legitimate one (if I recall correctly, this was done at the 2016 Olympics in Rio).

However, you need not worry as long as you are browsing secure websites (using the HTTPS protocol) and using apps that use secure connections. The encryption standard that protects you is called SSL. When using this standard, your computer encrypts the data before sending it over the air. What’s more, the data can't be decrypted until it reaches its intended recipient. So even if someone intercepted your communication, they wouldn't be able to make any sense of it because it is encrypted. God forbid if someone breaks SSL—the internet as we know it would grind to a halt, because this standard is what makes possible such things as online shopping and online banking!

The 802.11 family of protocols

A number of different Wi-Fi protocols have been released over the years, each of which have different characteristics. These are the low-level protocols that the security protocols discussed above run “on top of”. I'll refer you to my Computer Networks 101 blog post for a description of these protocols.


For short-range, wireless communication, Bluetooth is often used. It is designed to do very specific things and is not intended to be general purpose, like Wi-Fi is. A Bluetooth network is called a PAN (personal area network). It is extremely resistant to RFI (radio frequency interference) due to the fact that it hops frequencies about 1,600 times per second.

Every Bluetooth device is assigned a “class”, based on its range. Lower class devices use less power because they don't have to transmit as strong of a signal.

Class 1 100 meters
Class 2 10 meters
Class 3 1 meter

Many different versions have been released over the years (summarized in the table below):

Version Max speed Description
1.1, 1.2 1 Mbps

2.0, 2.1 3 Mbps A feature called Enhanced Data Rate (EDR) improves its max speed.
3.0 + HS 24 Mbps The high speed (HS) feature is optional and uses a Wi-Fi network to achieve the full 24 Mbps bandwidth.
4.0, 4.1, 4.2
“Bluetooth Smart”
24 Mbps Focuses on power consumption, security, and IP connectivity.
5.0 24 Mbps Focused on the “Internet of Things”, aims to be low power.


Infrared is most commonly used in remote controls, like the one for your television. But it can also be used to transmit digital information. The Infrared Data Association (IrDA) protocol uses infrared light as its communication medium. However, it is very limited. It only supports speeds of up to 4 Mbps and is half-duplex. And it only has a max range of 1 meter. Plus, it relies on line of sight communication (any physical object placed in its way will break the link). Because of these limitations, IrDA no security features—why bother make any when the computers have to be so close to each other and it’s so easy to block the signal? Note that some computers have what looks like an infrared receiver, but these are usually used for remote controls, not for IrDA.


Lastly, we have cellular. Cellular data connections are often referred to as 1G, 2G, 3G, or 4G. These do not refer to specific standards, but are loose terms that refer to how recent and fast the underlying technology is. At the present time, the fastest cellular technology is LTE. It is considered 4G and theoretically supports speeds of up to 300 Mbps download and 75 Mbps upload.

If you are not in range of a Wi-Fi network, you can tether your device to your cell phone. My understanding of this is that you can download apps that do this, but you need to jailbreak your device in order for them to work.


No comments: