terms:
=================
802.1x是一种基于端口的访问控制标准,用户必须通过了认证并获得授权之后,才能通过端口使用网络资源
支持WPA的AP工作需要在开放系统认证方式下,STA以WPA模式与AP建立关联之后,如果网络中有RADIUS服务器作为认证服务器,那么 STA就使用802.1x方式进行认证;如果网络中没有RADIUS,STA与AP就会采用预共享密钥(PSK,Pre-Shared Key)的方式。
STA通过了802.1x身份验证之后,AP会得到一个与STA相同的Session Key, AP与STA将该Session Key作为PMK(Pairwise Master Key,对于使用预共享密钥的方式来说,PSK就是PMK)。随后AP与STA通过EAPOL-KEY进行WPA的四次握手(4-Way Handshake)过程,如图2所示。
在这个过程中,AP和STA均确认了对方是否持有与自己一致的PMK,如不一致,四次握手过程就告失败。为了保证传输的完整性,在握手过程中使用了名为MIC(Message Integrity Code)的检验码。在四次握手的过程中,AP与STA经过协商计算出一个512位的PTK(Pairwise Transient Key),并将该PTK分解成为五种不同用途的密钥,如图3所示。
其中前128位用做计算和检验EAPOL-KEY报文的MIC的密钥,随后的128位作为加密EAPOL-KEY的密钥;接下来的128位作为 AP与该STA之间通信的加密密钥的基础密钥(即由该密钥再经过一定的计算后得出的密钥作为二者之间的密钥);最后两个64位的密钥分别作为AP与该 STA之间的报文的MIC计算和检验密钥。
由PTK分解出来的这一组(五个)密钥是AP与该STA之间使用的密钥(所以也叫每用户密钥,用于AP与STA之间的单播报文的加密),这些密钥永远也不会以任何形式出现在无线网络上。在确认双方所持的PMK一致后, AP会根据自身是否支持每用户密钥的能力来指示STA是否安装并使用这个每用户密钥。
为了使现有的设备能够通过软件/固件升级实现WPA,协议规定AP可以不采用PTK方式,而是利用下面将要描述的GTK作为AP向STA发送单播报文时的密钥。如果AP通知STA安装并使用PTK,那么STA在向AP发送一个EAPOL-KEY相应报文后,再把相应的密钥安装到无线网卡中。
四次握手成功后,AP要生成一个256位的GTK(Group Transient Key),GTK是一组全局加密密钥,所有与该AP建立关联的STA均使用相同的GTK,AP用这个GTK来加密所有与它建立关联的STA的通信报文, STA则使用这个GTK来解密由AP发送的报文并检验其MIC。该密钥可以分解为三种不同用途的密钥,最前面的128位作为构造全局“每报文密钥”(Per-packet Encryption Key)的基础密钥(Base Key),后面的两个64位的密钥分别作为计算和检验WPA数据报文的MIC的密钥。AP使用EAPOL-KEY加密密钥将GTK加密并发送给STA,并指明该GTK是否允许STA用作发送报文所使用,STA成功接收到该报文,将GTK解密后,向AP发送应答报文,并根据AP所指示的Key Index将其安装无线网卡的相应位置,如果AP使用GTK作为向某一STA单播传输的密钥,则该STA也需要使用GTK作为向AP发送单播报文的密钥。
TKIP并不直接使用由PTK/GTK分解出来的密钥作为加密报文的密钥,而是将该密钥作为基础密钥(Base Key),经过两个阶段的密钥混合过程,从而生成一个新的每一次报文传输都不一样的密钥,该密钥才是用做直接加密的密钥。通过这种方式可以进一步增强WLAN的安全性。密钥的生成方式如图4所示。
There are two flavors of this protocol: enterprise and personal. Enterprise is meant for use with an IEEE 802.1X authentication server, which distributes different keys to each user. Personal WPA utilizes a less scalable "pre-shared key" (PSK) mode, where every allowed computer is given the same passphrase. In PSK mode, security depends on the strength and secrecy of the passphrase. The design of the protocol is based on a Draft 3 of the IEEE 802.11i standard.
对于大型企业的应用,常采用“802.1x+ EAP”的方式
对于一些中小型的企业网络或者家庭用户,WPA也提供一种简化的模式,它不需要专门的认证服务器。
“WPA预共享密钥(WPA-PSK)”,它仅要求在每个WLAN节点(AP、无线路由器、网卡等)预先输入一个密钥即可实现。这个密钥仅仅用于认证过程,而不用于传输数据的加密。数据加密的密钥是在认证成功后动态生成,系统将保证“一户一密”,不存在像WEP那样全网共享一个加密密钥的情形,因此大大地提高了系统的安全性。
在WPA/WPA2中,PTK的生成依赖 PMK,而PMK获的有两种方式,一个是PSK的形式就是预共享密钥,在这种方式中PMK=PSK,而另一种方式中,需要认证服务器和站点进行协商来产生 PMK。
=================
QoS的英文全称为“Quality of Service”,中文名为“服务质量”。它是指网络提供更高优先服务的一种能力,包括专用带宽、抖动控制和延迟(用于实时和交互式流量情形)、丢包率的改进以及不同 WAN、LAN 和 MAN 技术下的指定网络流量等,同时确保为每种流量提供的优先权不会阻碍其它流量的进程。网络必须满足QoS要求才能确保数据传输的适当服务级别。这些服务要求以 QoS 功能的行业标准为基础 。[http://www.enet.com.cn/networks/zhuanti/QoS/]
=================
BSS:
<1>GSM网络中:Base Station Subsystem,GSM网络中的基站子系统模块 。
<2>WLAN中:一种特殊的Ad-hoc LAN的应用,称为Basic Service Set (BSS),一群计算机设定相同的BSS名
称,即可自成一个group,而此BSS名称,即所谓BSSID。
<3>IBSS ndependent basic service set 独立基本服务组,能构成一个自包含网络并且不能访问DS的BSS
<4>WLAN 使用 ISM (Industrial、Scientific、Medical) 无线电广播频段通信
<5>SSID(Service Set Identifier)也可以写为ESSID,用来区分不同的网络,最多可以有32个字符,无线网卡设置了不同的SSID就可以进入不同网络,SSID通常由AP广播出来,通过XP自带的扫描功能可以相看当前区域内的SSID。
无线网络设备的服务区域认证ID (ESSID)
=================
STA A Station(client)
Beacon Period (信标周期)
DTIM Period (DTIM 周期)
TBTT 下一个信标帧到来的时间被称为目标信标帧传输时间(TBTT)
DTIM=Delivery 或Traffic indication Map
Delivery Traffic Indication Message
RSSI(Received Signal Strength Indicator)是接收信号的强度指示
RF 射频 也叫高频,一般指用于无线电发射的频率。
Antenna 是天线。
与 WPA 一样,WPA2 要求根据 EAP 或 PSK 身份验证过程,确定相互的成对主密钥 (PMK),并通过四次握手 (4-Way Handshake)过程,计算成对的临时密钥。
WPA-PSK(TKIP)
EAP|PSK=>PMK=>PTK
TKIP,CCMP是加密项目里规范了的两个新的安全加密协定
WPA ->TKIP(RC4)
WPA2->CCMP(AES)
CCMP 协议基于 AES 加密算法
WPA = IEEE 802.11i draft 3 = IEEE 802.1X/EAP + WEP(选择性项目)/TKIP
WPA2 = IEEE 802.11i = IEEE 802.1X/EAP + WEP(选择性项目)/TKIP/CCMP
还有最后一种加密模式就是WPA- PSK(TKIP)+WPA2-PSK(AES),这是目前无线路由里最高的加密模式,目前这种加密模式因为兼容性的问题,还没有被很多用户所使用。目前最广为使用的就是WPA-PSK(TKIP)和WPA2-PSK(AES)两种加密模式。相信在经过加密之后的无线网络,一定能够让我们的用户安心放心的上网冲浪。
WRAP是Wireless Robust Authenticated Protocol
CCMP是Counter-Mode/CBC-MAC Protocol
TKIP是Temporal Key Integrity Protocol
EAP是Extensible Authentication Protocol
WEP是Wired Equivalent Privacy (WEP)有线等效加密
WPA是Wi-Fi Protected Access保护访问 (WPA)
WMM是Wi-Fi Multi-Media的缩写,指省电模式功能,在无线传输高速率信息时,可保持很高的电源效率,在确保减低耗电量的同时,不减损应用程序所要求的QoS数据传输的流畅性。
由于 WLAN 工作站之间的模糊边界,WLAN 链路层拥有在传送前清除一个区域的协议。出于安全性考虑,WLAN 的 Wired Equivalent Privacy (WEP) 加密机制提供与有线网络相同的安全级别。WEP 将 40 比特或 104 比特密钥与随机的 24 比特初始向量组合用以加解密数据。WLAN 支持两种通信模式:Ad Hoc 模式 用于小群组工作站之间不必使用访问点的短时间内通信,而 InfrastrUCture 模式 的所有通信必须通过访问点。访问点周期性地广播一个服务集标识符(SSID),SSID 用于将一个 WLAN 网络与其他网络区别开来。
Linux WLAN 支持
Linux WLAN 支持由 WLAN API 实现和 WLAN 设备驱动程序组成。我将依次研究它们。
有两个 Linux 项目定义一般的 WLAN API,并且提供工具让用户空间应用程序配置参数和存取来自 WLAN 设备驱动程序的信息。Wireless Extensions 项目为不同的无线网卡提供公共的 Linux 用户空间接口。这个项目的工具包括 iwconfig 用以配置参数(比如 WLAN 驱动程序中的 WEP 关键字及 SSID)。linux-wlan 项目作为 Wireless Extensions 项目一部分,也支持一系列用于从用户空间与 WLAN 设备驱动程序交互的工具。与基于 Wireless Extensions 的工具不同,这些工具使用类似于 SNMP (Simple Network Management Protocol) MIB (Management Information Base) 的语法,该语法反映 IEEE 802.11 规范。
[http://www.hackhome.com/InfoView/Article_78399.html]
PowerModeCAM = "Continuous Access Mode (CAM)"
PowerModeMAX_PSP = "Maximum (MAX) Power-Saving Mode"
PowerModeFast_PSP = "Fast Power-Saving Mode"
IPN2220.DeviceDesc = "BUFFALO WLI2-CB-G54L Wireless LAN Adapter"
IPN2220.Service.DispName = "BUFFALO WLI2-CB-G54L Wireless LAN Driver Service"
IPN2220.SourceDiskName = "AirNavigator CD"
===============
什么是SSID?[http://publish.it168.com/2005/0816/20050816016801.shtml?cChannel=39]%B5%E3%BB%F7%B2%E9%BF%B4%CE%C4%D5%C2%C4%DA%C8%DD%3E%3E[/URL]Link]
SSID(Service Set Identifier)也可以写为ESSID,用来区分不同的网络,最多可以有32个字符,无线网卡设置了不同的SSID就可以进入不同网络,SSID通常由AP广播出来,通过XP自带的扫描功能可以相看当前区域内的SSID。出于安全考虑可以不广播SSID,此时用户就要手工设置SSID才能进入相应的网络。简单说,SSID就是一个局域网的名称,只有设置为名称相同SSID的值的电脑才能互相通信。
禁用SSID广播
通俗地说,SSID便是你给自己的无线网络所取的名字。需要注意的是,同一生产商推出的无线路由器或AP都使用了相同的SSID,一旦那些企图非法连接的攻击者利用通用的初始化字符串来连接无线网络,就极易建立起一条非法的连接,从而给我们的无线网络带来威胁。因此,笔者建议你最好能够将SSID命名为一些较有个性的名字。
无线路由器一般都会提供“允许SSID广播”功能。如果你不想让自己的无线网络被别人通过SSID名称搜索到,那么最好“禁止SSID广播”。你的无线网络仍然可以使用,只是不会出现在其他人所搜索到的可用网络列表中。
小提示:通过禁止SSID广播设置后,无线网络的效率会受到一定的影响,但以此换取安全性的提高,笔者认为还是值得的。
测试结果:由于没有进行SSID广播,该无线网络被无线网卡忽略了,尤其是在使用Windows XP管理无线网络时,达到了“掩人耳目”的目的。
=================
Glossary For WLAN (802.11)
AAA: Authentication, Authorization, and Accounting. A protocol or system which enables users to prove identity, oBTain Access to resources, and collect usage statistics. RADIUS is the most common AAA protocol in use with 802.11 networks.
ACK: Abbreviation for "Acknowledgment." ACKs are used extensively in 802.11 to provide reliable data transfers over an unreliable medium.
ad hoc: A network characterized by temporary, short-lived relationships between nodes.
AES: Advanced Encryption Standard. A cipher selected by NIST to replace the older Data Encryption Standard (DES) in 2001 after a five-year evaluation. AES is a 128-bit block cipher which uses either 128-, 192-or 256-bit keys. It has been widely adopted by many protocols requiring the use of a block cipher, including 802.11i's CCMP, though CCMP uses only 128-bit keys. AES is specified in FIPS Publication 197.
AID: Association Identifier. A number that identifies data strUCtures in an access point allocated for a specific mobile node.
AKM: Authentication and Key Management. A set of protocols used to establish user identity and keys. The two currently defined on wireless networks are 802.1X and pre-shared keys.
AP: Access Point. Bridge-like device that attaches wireless 802.11 stations to a wired backbone network.
AS: Authentication Server. The network service that validates user credentials. Usually RADIUS in 802.11 networks.
ASN: Abstract Syntax Notation. The formal description of the grammar used to write MIB files.
ATIM: Announcement Traffic Indication Message. ATIMs are used in ad hoc (independent) 802.11 networks to announce the existence of buffered frames.
BER: Bit Error Rate. The number of bits received in error. Usually, the number is quite low and eXPressed as a ratio in scientific notation. 10-2 means one bit in 100 is received in error.
BPSK: Binary Phase Shift Keying. A modulation method that encodes bits as phase shifts. One of two phase shifts can be selected to encode a single bit.
BSS: Basic Service Set. The building block of 802.11 networks. A BSS is a set of stations that are logically associated with each other.
BSSID: Basic Service Set Identifier. A 48-bit identifier used by all stations in a BSS in frame headers.
CCITT: Comité Consultatif International Télé-graphique et Téléphonique. A UN body responsible for telephone standardization. Due to a reorganization, it is now called the International Telecommunication Union-Telecommunication Standardization Sector (ITU-T).
CCK: Complementary Code Keying. A modulation scheme that transforms data blocks into complex codes and is capable of encoding several bits per block.
CCM: Counter Mode with CBC-MAC. An authenticated block cipher mode defined in RFC 3610. It can be used with any 128-bit block cipher, but is commonly used with AES.
CCMP: Counter Mode with CBC-MAC Protocol. 802.11i defines the use of AES with the CCM mode of operation as CCMP. It is the strongest encryption protocol available for use with wireless LANs.
CF: Contention Free. Services that do not involve contention for the medium are contention-free services. Such services are implemented by a Point Coordinator (PC) through the use of the Point Coordination Function (PCF). Contention-free services are not widely implemented.
CFP: Contention-Free Period. Even when 802.11 provides contention-free services, some contention-based access to the wireless medium is allowed. Periods controlled by a central authority are called contention-free periods (CFP).
CRC: Cyclic Redundancy Check. A mathematical checksum that can be used to detect data corruption in transmitted frames. The CRC is a linear hash function, and should not be used for data security assurance.
CSMA: Carrier Sense Multiple Access. A "listen before talk" scheme used to mediate the access to a transmission resource. All stations are allowed to access the resource (multiple access) but are required to make sure the resource is not in use before transmitting (carrier sense).
CSMA/CA: Carrier Sense Multiple Access with Collision Avoidance. A CSMA method that tries to avoid simultaneous access (collsions) by deferring access to the medium. 802.11 and AppleTalk's LocalTalk are two protocols that use CSMA/CA.
CTS: Clear to Send. The frame type used to acknowledge receipt of a Request to Send and the second component used in the RTS-CTS clearing exchange used to prevent interference from hidden nodes.
DA: Destination Address. The MAC address of the station the frame should be processed by. Frequently, the destination address is the receiver address. In infrastructure networks, however, frames bridged from the wireless side to the wired side will have a destination address on the wired network and a receiver address of the wireless interface in the access point.
DBPSK: Differential Binary Phase Shift Keying. A modulation method in which bits are encoded as phase shift differences between successive symbol periods. Two phase shifts are possible for an encoding rate of one data bit per symbol.
DCF: Distributed Coordination Function. The rules for contention-based access to the wireless medium in 802.11. The DCF is based on exponentially increasing bacKOFfs in the presence of contention as well as rules for deferring access, frame acknowledgment, and when certain types of frame exchanges or fragmentation may be required.
DFS: Dynamic Frequency Selection. A spectrum management service required by European radio regulations to avoid interfering with 5 GHz radar systems, as well as spread power across all available channels. DFS was also key to the FCC decision to open up the harmonized frequency band in the U.S.
DHCP: Dynamic Host Configuration Protocol. An IETF standard used by network administrators to automatically configure hosts. Hosts needing configuration information may broadcast a request that is responded to by a DHCP server. DHCP was the Internet community's admission that the Internet was growing so fast that network administrators had lost control over what was plugged into networks.
DIFS: Distributed Inter-Frame Space. The interframe space used to separate atomic exchanges in contention-based services. See also DCF.
DQPSK: Differential Quadrature Phase Shift Keying. A modulation method in which bits are encoded as phase shift differences between successive symbol periods. Four phase shifts are possible for an encoding rate of two data bits per symbol.
DS: Distribution System. The set of services that connects access points together. Logically composed of the wired backbone network plus the bridging functions in most commercial access points.
DSSS: Direct-Sequence Spread Spectrum. A transmission technique that spreads a signal over a wide frequency band for transmission. At the receiver, the widespread signal is correlated into a stronger signal; meanwhile, any narrowband noise is spread widely. Most of the 802.11-installed base at 2 Mbps and 11 Mbps is composed of direct-sequence interfaces.
DTIM: Delivery Traffic Indication Map. Beacon frames may contain the DTIM element, which is used to indicate that broadcast and multicast frames buffered by the access point will be delivered shortly.
更多的请看:http://www.QQread.com/windows/2003/index.Html
EAP: Extensible Authentication Protocol. A framework authentication protocol used by 802.1X to provide network authentication. Authentication itself is delegated to sub-protocols called methods.
EIFS: Extended Inter-Frame Space. The longest of the four inter-frame spaces, the EIFS is used when there has been an error in transmission.
EIRP: Effective Isotropic Radiated Power. An antenna system will have a footprint over which the radio waves are distributed. The power inside the footprint is called the effective isotropic radiated power.
ERP: Effective Radiated Power. Used to describe the strength of radio waves transmitted by an antenna.
ESS: Extended Service Set. A logical collection of access points all tied together. Link-layer roaming is possible throughout an ESS, provided all the stations are configured to recognize each other.
ETSI: European Telecommunications Standards Institute. ETSI is a multinational standardization body with regulatory and standardization authority over much of Europe. GSM standardization took place under the auspices of ETSI. ETSI has taken the lead role in standardizing a wireless LAN technology competing with 802.11 called the High Performance Radio LAN (HIPERLAN).
FCC: Federal Communications Commission. The regulatory agency for the United States. The FCC Rules in Title 47 of the Code of Federal Regulations govern telecommunications in the United States. Wireless LANs must comply with Part 15 of the FCC rules, which are written specifically for RF devices.
FCS: Frame Check Sequence. A checksum appended to frames on IEEE 802 networks to detect corruption. If the receiver calculates a different FCS than the FCS in the frame, it is assumed to have been corrupted in transit and is discarded.
FH: Frequency Hopping. See FHSS.
FHSS: Frequency Hopping Spread Spectrum. A technique that uses a time-varying narrowband signal to spread RF energy over a wide band.
FIPS: Federal Information Processing Standard. Public standards used by nonmilitary agencies of the United States federal government and its contractors.
four-way handshake: The key exchange defined in 802.11i that expands a pairwise master key into the full key hierarchy. The 4-Way Handshake allows a supplicant and an authenticator to agree on dynamically derived encryption keys.
GFSK: Gaussian Frequency Shift Keying. A modulation technique that encodes data based on the frequency of the carrier signal during the symbol time. GFSK is relatively immune to analog noise because most analog noise is amplitude-modulated.
GMK: Group Master Key. The key used by an authenticator to derive the group transient key.
GTK: Group Transient Key. Derived from the group master key by combining with the group random number, the GTK is used to derive the group key hierarchy, which includes keys used to protect broadcast and multicast data.
HR/DSSS: High-Rate Direct-Sequence Spread Spectrum. The abbreviation for signals transmitted by 802.11b equipment. Although similar to the earlier 2-Mbps transmissions in many respects, advanced encoding enables a higher data rate.
IAPP: Inter-Access Point Protocol. The protocol used between access points to enable roaming. 802.11F specifies a standard IAPP, though it is not widely implemented.
IBSS: Independent Basic Service Set. An 802.11 network without an access point. Some vendors refer to IBSSs as ad hoc networks; see also ad hoc.
ICV: Integrity Check Value. The checksum calculated over a frame before encryption by WEP. The ICV is designed to protect a frame against tampering by allowing a receiver to detect alterations to the frame. Unfortunately, WEP uses a flawed algorithm to generate the ICV, which robs WEP of a great deal of tamper-resistance.
IEEE: Institute of Electrical and Electronics Engineers. The professional body that has standardized the ubiquitous IEEE 802 networks.
IR: Infrared. Light with a longer wavelength and lower frequency than visible red light. The wavelength of red light is approximately 700 nm.
ISI: Inter-Symbol Interference. Because of delays over multiple paths, transmitted symbols may interfere with each other and cause corruption. Guarding against ISI is a major consideration for wireless LANs, especially those based on OFDM.
ISM: Industrial, Scientific, and Medical. Part 15 of the FCC Rules sets aside certain frequency bands in the United States for use by unlicensed Industrial, Scientific, and Medical equipment. The 2.4-GHz ISM band was initially set aside for microwave ovens so that home users of microwave ovens would not be required to go through the burdensome FCC licensing process simply to reheat leftover food quickly. Because it is unlicensed, though, many devices operate in the band, including 802.11 wireless LANs.
ITU: International Telecommunications Union. The successor to the CCITT. Technically speaking, the ITU issues recommendations, not regulations or standards. However, many countries give ITU recommendations the force of law.
IV: Initialization Vector. Generally used as a term for exposed keying material in cryptographic headers; most often used with block ciphers. WEP exposes 24 bits of the secret key to the world in the frame header, even though WEP is based on a stream cipher.
LLC: Logical Link Control. An IEEE specification that allows further protocol multiplexing over Ethernet. 802.11 frames carry LLC-encapsulated data units.
KCK: The EAPOL Key Confirmation Key. This key, derived as part of the pairwise hierarchy, is used to create message integrity check values in the four-way handshake. It may also be referred to as the "key MIC key."
KEK: The EAPOL Key Encryption Key. This key, derived as part of the pairwise hierarchy, is used to encrypt keys sent through the 4-Way Handshake. It may also be used as the pairwise key itself.
MAC: Medium Access Control. The function in IEEE networks that arbitrates use of the network capacity and determines which stations are allowed to use the medium for transmission.
MIB: Management Information Base. An ASN specification of the operational and configuration parameters of a device; frequently used with SNMP or other network management systems.
MIC: Message Integrity Code. A hash value calculated over a set of protected data to guard against tampering. In most cryptographic systems, such a hash is called a Message Authentication Code (MAC). 802.11 uses the algorithm MIC to avoid confusion with the Medium Access Control layer.
Michael: The message integrity check algorithm specified as part of TKIP.
MIMO: Multiple-Input/Multiple-Output. An antenna configuration that uses more than one transmission antenna and more than one receiver antenna to transmit multiple data streams. MIMO antenna configurations are often described with the shorthand "YxZ," where Y and Z are integers, used to refer to the number of transmitter antennas and the number of receiver antennas, respectively.
MPDU: MAC Protocol Data Unit. A fancy name for frame. The MPDU does not, however, include PLCP headers.
MSDU: MAC Service Data Unit. The data accepted by the MAC for delivery to another MAC on the network. MSDUs are composed of higher-level data only. For example, an 802.11 management frame does not contain an MSDU.
NAV: Network Allocation Vector. The NAV is used to implement the virtual carrier sensing function. Stations will defer access to the medium if it is busy. For robustness, 802.11 includes two carrier-sensing functions. One is a physical function, which is based on energy thresholds, whether a station is decoding a legal 802.11 signal, and similar things that require a physical measurement. The second function is a virtual carrier sense, which is based on the NAV. Most frames include a nonzero number in the NAV field, which is used to ask all stations to politely defer from accessing the medium for a certain number of microseconds after the current frame is transmitted. Any receiving stations will process the NAV and defer access, which prevents collisions.
NIST: National Institute of Standards and Technology. The United States government agency responsible for setting technology standards for the federal government. NIST standards are used by most non-classified agencies and have been adopted by many other organizations throughout all types of government.
OFDM: Orthogonal Frequency Division Multiplexing. A technique that splits a wide frequency band into a number of narrow frequency bands and inverse multiplexes data across the subchannels. 802.11a and 802.11g are based on OFDM. 802.11n uses MIMO to transmit multiple OFDM data streams.
OSI: Open Systems Interconnection. A baroque compendium of networking standards that was never implemented because IP networks actually existed.
更多的请看:http://www.qqread.com/windows/2003/index.html
PBCC: Packet Binary Convolution Coding. An alternative method of encoding data in 802.11b networks that has not been widely implemented. PBCC was also proposed for consideration for 20+ Mbps networks, but was rejected.
PC: Point Coordinator. A function in the access point responsible for central coordination of access to the radio medium during contention-free service.
PCF: Point Coordination Function. The set of rules that provides for centrally coordinated access to the medium by the access point.
PCMCIA: Personal Computer Memory Card International Association. An industry group that standardized the ubiquitous "PCMCIA card" form factor and made it possible to connect a wide variety of peripherals to notebook computers. 802.11 interfaces are available almost exclusively in the PCMCIA form factor. Also expanded humorously as People Who Can't Manage Computer Industry Acronyms because of its unwieldy length and pronunciation.
PDU: Protocol Data Unit. Layers communicate with each other using protocol data units. For example, the IP protocol data unit is the familiar IP packet. IP implementations communicate with each other using IP packets. See also service data unit.
PER: Packet Error Rate. Like the bit error rate, but measured as a fraction of packets with errors.
PHY: Common IEEE abbreviation for the physical layer.
physical-layer convergence procedure: The upper component of the PHY in 802.11 networks. Each PHY has its own PLCP, which provides auxiliary framing to the MAC.
PIFS: PCF Inter-Frame space. During contention-free service, any station is free to transmit if the medium is idle for the duration of one PCF inter-frame space.
PLCP: Physical-Layer Convergence Procedure.
PMD: Physical Medium Dependent. The lower component of the PHY, responsible for transmitting RF signals to other 802.11 stations.
PMK: Pairwise Master Key. The root of all keying data between a supplicant and an authenticator. It may be derived from an EAP method during authentication, or supplied directly as a pre-shared key.
PPDU: PLCP Protocol Data Unit. The complete PLCP frame, including PLCP headers, MAC headers, the MAC data field, and the MAC and PLCP trailers.
PRF: Pseudo-Random Function. An 802.11i function that expands a small amount of data into a larger amount of data. The PRF is used most notably to expand master keys into key hierarchies.
PS: Power Save. Used as a generic prefix for power-saving operations in 802.11.
PSDU: PLCP Service Data Unit. The data the PLCP is responsible for delivering, i.e., one MAC frame with headers.
PSK - Phase Shift Keying: A method of transmitting data based on phase shifts in the transmitted carrier wave.
PSK - Pre-shared Key: In 802.11i, refers to the authentication method that depends on a statically configured authentication key that must be distributed manually. Also called WPA-PSK.
PTK: Pairwise Transient Key. Key derived from pairwise master key that includes keys used by encryption and integrity protocols, but also includes keys to distribute dynamic keys.
QPSK: Quadrature Phase Shift Keying. A modulation method that encodes bits as phase shifts. One of four phase shifts can be selected to encode two bits.
RA: Receiver Address. MAC address of the station that will receive the frame. The RA may also be the destination address of a frame, but not always. In infrastructure networks, for example, a frame destined for the distribution system is received by an access point
RADIUS: Remote Authenticated Dial-In User Service. A protocol used to authenticate dial-in users that has become more widely used because of 802.1X authentication. The most common type of authentication server used in 802.1X systems.
RC4: A proprietary cipher algorithm developed by RSA Data Security and licensed for a great deal of money. Also used as the basis for WEP and prevents open source WEP implementations from existing because of the fear of lawsuits by RSA.
RLAN: Radio LAN. A term used by European radio regulations to refer to any wireless network built on radio technology. Although 802.11 is the most popular, others do exist. One of the better known alternative radio network technologies is ETSI'S HIPERLAN.
RF: Radio Frequency. Used as an adjective to indicate that something pertains to the radio interface ("RF modulator," "RF energy," and so on).
RSN: Robust Security Network. A network that uses the security methods of 802.11i and does not provide any support for WEP.
RTS: Request to Send. The frame type used to begin the RTS-CTS clearing exchange. RTS frames are used when the frame that will be transmitted is larger than the RTS threshold.
SA: Source Address; as disinct from TA. Station that generated the frame. Different when frame originates on the distrbution system and goes to the wireless segment.
SDU: Service Data Unit. When a protocol layer receives data from the next highest layer, it is sending a service data unit. For example, an IP service data unit can be composed of the data in the TCP segment plus the TCP header. Protocol layers access service data units, add the appropriate header, and push them down to the next layer. See also protocol data unit.
SFD: Start of Frame Delimiter. The component of the frame header that indicates when synchronization has concluded and the actual frame is about to start.
SIFS: Short Interframe Space. The shortest of the four interframe spaces. The SIFS is used between frames in an atomic frame exchange.
SSID: Service Set Identity. A string used to identify an extended service set. Typically, the SSID is a recognizable character string for the benefit of users.
SYNC: Short for Synchronize. Bits transmitted by the PLCP to allow senders and receivers to synchronize bit timers.
TA: Transmitter Address. Station that actually put the frame in the air. Often the access point in infrastructure networks.
TIM: Traffic Indication Map. A field transmitted in Beacon frames used to inform associated stations that the access point has buffered. Bits are used to indicate both buffered unicast frames for each associated station as well as the presence of buffered multicast frames.
TK: Temporal Key. 802.11i key hierarchies derive a temporal key to be used for authentication protocols. The temporal key is the main input to link-layer encryption protocols such as TKIP or CCMP.
TKIP: Temporal Key Integrity Protocol. One of the improved encryption protocols in 802.11i, TKIP uses the fundamental operations of WEP with new keying and integrity check mechanisms to offer additional security.
TPC: Transmit Power Control. A spectrum management service required by European regulations to ensure that 5 GHz radios avoid interfering with satellite services.
TSF: Timing Synchronization Function.
WEP: Wired Equivalent Privacy. Derided as Wiretap Equivalence Protocol by its critics. A standard for ciphering individual data frames. It was intended to provide minimal privacy and has succeeded in this respect. In August 2001, WEP was soundly defeated, and public code was released.
Wi-Fi: Wireless Fidelity. The Wi-Fi Alliance (formerly the Wireless Ethernet Compatibility Alliance) started the Wi-Fi ("wireless fidelity") certification program to test interoperability of 802.11 implementation. Originally, the term was applied to devices that complied with 802.11b (11-Mbps HR/DSSS). It now may include 802.11g and 802.11a interoperability, as well as WPA security.
WMM: Wi-Fi Multimedia. The Wi-Fi Alliance took a subset of the IEEE 802.11e WLAN QoS draft standard, and created the Wi-Fi Multimedia (WMM) specification. WMM provides Quality of Service (QoS) for wireless networks.
WPA and WPA2: Wi-Fi Protected Access. A security standard based on 802.11i draft 3. The Wi-Fi Alliance took 802.11i draft 3 and began certifying compliance with early TKIP implementations to accelerate adoption of 802.11 security protocols. WPA2 is based on the full ratified version of 802.11i.