Overview of Emerging

Sunghyun Choi
IEEE 802.11 Protocols for Seoul National
University
MAC and Above
C O N T E N T S

I. INTRODUCTION 105

II. LEGACY 802.11 MAC[2] 107

III. 802.11E MAC FOR QoS SUPPORT[5] 112

IV. IEEE 802.11F FOR INTER-ACCESS POINT 116

PROTOCOL (IAPP)

V. IEEE 802.11H FOR SPECTRUM AND 119

TRANSMIT POWER MANAGEMENT[8]

VI. IEEE 802.11I FOR SECURITY 121

ENHANCEMENT [9]

VII. TWO NEWLY-STARTED 124

STANDARDIZATIONS

VIII. CONCLUDING REMARKS 125

REFERENCES 126
 Overview of Emerging IEEE 802.11
Protocols for MAC and Above

Sunghyun Choi

During the last few years, the IEEE 802.11 Wireless LAN (WLAN) has become a dominant technology for the
(indoor) broadband wireless networking. Along with its success, there have been demands to enhance the
performance of the 802.11. To meet such needs, the IEEE 802.11 Working Group (WG) has been developing new
protocols to amend the existing protocols. In this paper, we overview the emerging protocols of the IEEE 802.11
WLAN for the medium access control (MAC) layers and above. These include 802.11e for quality-of-service (QoS),
802.11f for Inter-Access Point Protocol (IAPP), 802.11h for spectrum management at 5GHz, 802.11i for security
enhancement, 802.11k for radio resource measurement, and finally 802.11m for higher throughput.

Keyword: IEEE 802.11, WLAN, MAC

I. INTRODUCTION 1991, and published the first standard specification in

1997. The 802.11 devices currently available in the
IEEE 802.11 Wireless LANs (WLANs) have been market are based on the following specifications:
extensively deployed in the recent years in many
different environments for enterprise, home, and public •802.11 MAC specified in [2], and

networking. The state-of-the-art 802.11 devices provide •802.11a PHY specified in [3] supporting up to 54

the Ethernet-like best-effort service with the Mbps transmission rate at 5GHz, and/or
transmission rate up to 54 Mbps at 2.4GHz and 5GHz •802.11b PHY specified in [4] supporting up to 11

unlicensed bands. Mbps transmission rate at 2.4GHz, and/or

The 802.11 standard specifies the protocols for both •802.11g PHY specified in [7] supporting up to 54

the medium access control (MAC) sub-layer and Mbps transmission rate at 2.4GHz; 802.11g is a super
physical (PHY) layer. The IEEE 802.11 Working set of 802.11b PHY.
Group (WG) [1] started its standardization activities in

Sunghyun Choi: Seoul National University

Overview of Emerging IEEE 802.11 Protocols for MAC and Above 104 105
Telecommunications Review 2003•특집부록

IAPP: Inter-Access Point Protocol

above .11f for DFS: Dynamic Frequency Selection
MAC IAPP TPC: Transmit Power Control

MAC .11 MAC .11e MAC .11i for

for Qos Security

PHY .11b CCK .11a OFDM .11h for DFS

@2.4 GHz @5 GHz and TPC

Existing
.11g OFDM
@2.4 GHz Emerging

Figure 1. Current and emerging 802.11 specification

As found in the reference, all the specifications other some specifications like 802.11h (and 802.11n, not
than IEEE 802.11-1999 in [2] are amendments of the shown in the figure) involve both MAC and PHY
original specification. amendments. The figure represents the status of the
During the last few years, the 802.11 WG has been 802.11 standard families as of late year 2003 or as late
working on the standardization of new specifications to as early 2004; the standardization activities for 802.11f,
enhance the performance of the 802.11 WLAN. Out of 802.11g, and 802.11h have been finalized already, and
new and emerging specifications, the followings are the activities for 802.11e and 802.11i are expected to be
related to the layers of the MAC and above: finished by the end of 2003 or early 2004. The 802.11k
and 802.11n are not shown since the standardization of
•802.11e for Quality-of-Service (QoS) support [5] these two protocols has recently started.
•802.11f for Inter-Access Point Protocol (IAPP) [6] In this paper, we overview the characteristics of
•802.11h for spectrum and transmit power these emerging specifications of the 802.11 related to
management [8] the MAC and above. The rest of the paper is organized
•802.11i for security enhancement [9] as follows. We first briefly review the current MAC of
•802.11k for radio resource measurement the 802.11 in Section II. Then, Sections III, IV, V, and
enhancement [10] VI present the 802.11e for QoS, 802.11f for IAPP,
•802.11n for higher throughput [1] 802.11h for spectrum and transmit power management,
and 802.11i for security enhancement, respectively.
Figure 1 illustrates the relationship among the After briefing the 802.11k and 802.11n in Section VII,
existing and emerging specifications, where the we conclude this paper in Section VIII.
direction of each arrow specifies the original and
amended standards. For example, the 802.11e MAC is
an amendment of the 802.11-1999 MAC. Note that
II. LEGACY 802.11 MAC [2] assessment of the channel status, i.e., whether the
channel is busy (i.e., somebody transmitting a frame) or
The IEEE 802.11 legacy MAC [2] is based on the idle (i.e., no transmission). Basically, the CSMA/CA of
logical functions, called the coordination functions, the DCF works as follows:
which determine when a station (STA) operating within When a frame arrives at the head of the transmission
a Basic Service Set (BSS) is permitted to transmit and queue, if the channel is busy, the MAC waits until the
may be able to receive frames via the wireless medium. medium becomes idle, then defers for an extra time
There are two types of BSSs. An infrastructure BSS is interval, called the DCF Interframe Space (DIFS). If
composed of an access point (AP) and multiple STAs the channel stays idle during the DIFS deference, the
associated with the AP, where the AP works as a bridge MAC then starts the backoff process by selecting a
between the wireless and wired domains, and an random backoff count. For each slot time interval,
independent BSS (IBSS) is composed of multiple during which the medium stays idle, the random
STAs. Within an infrastructure BSS, a STA should be backoff counter (or BC) is decremented. When the
associated with an AP in order to perform a normal data counter reaches zero, the frame is transmitted. On the
transfer. A frame arriving from the higher layer to the other hand, when a frame arrives at the head of the
MAC is referred to as MAC Service Data Unit queue, if the MAC is in either the DIFS deference or the
(MSDU), and the frame, which carries the MSDU or its random backoff process2), the processes described
fragment along with the MAC header and Frame Check above are applied again. That is, the frame is
Sequence (FCS) based on CRC-32, is referred to as transmitted only when the random backoff has finished
MAC Protocol Data Unit (MPDU). The MPDU is the successfully. When a frame arrives at an empty queue
frame which is being transferred between STAs in the and the medium has been idle longer than the DIFS
MAC's perspective. time interval, the frame is transmitted immediately.
Two coordination functions are defined, namely, the Each STA maintains a contention window (CW),
mandatory distributed coordination function (DCF), for which is used to select the random backoff count. The
a distributed, contention-based channel access, based on backoff count is determined as a pseudo-random integer
carrier-sense multiple access with collision avoidance drawn from a uniform distribution over the interval
(CSMA/CA), and the optional point coordination [0,CW]. How to determine the CW value is further
function (PCF), for a centralized, contention-free detailed below. If the channel becomes busy during a
channel access, based on poll-and-response mechanism. backoff process, the backoff is suspended. When the
Most of today's 802.11 devices operate in the DCF channel becomes idle again, and stays idle for an extra
mode only. DIFS time interval, the backoff process resumes with
the latest backoff counter value. The timing of DCF
1. Distributed Coordination Function (DCF) channel access is illustrated in Figure 2.

The 802.11 DCF works with a single first-in-first-

1) An MAC Service Data Unit (MSDU) is the unit of data arriving at
out (FIFO) transmission queue. The CSMA/CA the MAC from the higher layer.
2) This situation is possible due to the ''post'' backoff requirement as
constitutes a distributed MAC based on a local
described below.

Overview of Emerging IEEE 802.11 Protocols for MAC and Above 106 107
Telecommunications Review 2003•특집부록

DIFS
Immediate access when
medium is idle >=DIFS Contention Window
PIFS
DIFS
SIFS Backoff
Busy Next
Medium Window Frame

Slot Time

Defer Access Select Slot and decrement backoff

as long as medium stay idle

Figure 2. IEEE 802.11 DCF Channel Access

For each successful reception of a frame, the deference and a random backoff even if there is no other
receiving STA immediately acknowledges the frame pending frame in the queue. This is often referred to as
reception by sending an acknowledgement (ACK) ''post'' backoff, as this backoff is done after, not before,
frame. The ACK frame is transmitted after a short IFS a transmission. This post backoff ensures there is at
(SIFS), which is shorter than the DIFS. Other STAs least one backoff interval between two consecutive
resume the backoff process after the DIFS idle time. MSDU transmissions.
Thanks to the SIFS interval between the data and ACK In the WLAN environments, there may be hidden
frames, the ACK frame transmission is protected from STAs. Two STAs, which can transmit to and receive
other STAs' contention. If an ACK frame is not from a common STA while they cannot see each other,
received after the data transmission, the frame is are hidden STAs each other. Since the DCF operates
retransmitted after another random backoff. based on the carrier sensing, the existence of such
The CW size is initially assigned CWmin, and hidden STAs can degrade the network performance
increases when a transmission fails, i.e., the transmitted severely. To reduce the hidden STA problem, the
data frame has not been acknowledged. After any 802.11 defines a Request-to-Send/Clear-to-Send
unsuccessful transmission attempt, another backoff is (RTS/CTS) mechanism. That is, if the transmitting
performed using a new CW value updated by STA opts to use the RTS/CTS mechanisms, before
transmitting a data frame, the STA transmits a short
RTS frame, followed by a CTS frame transmitted by the
CW:=2(CW+1)-1, receiving STA. The RTS and CTS frames include the
information of how long it does take to transmit the
subsequent data frame and the corresponding ACK
with an upper bound of CWmax. This reduces the response. Thus, other STAs hearing the transmitting
collision probability in case there are multiple STAs STA and hidden STAs close to the receiving STA will
attempting to access the channel. After each successful not start any transmissions; their timer called Network
transmission, the CW value is reset to CWmin, and the Allocation Vector (NAV) is set, and as long as the NAV
transmission-completing STA performs the DIFS value is non-zero, a STA does not contend for the
 DIFS

Source RTS DATA

Destination SIFS CTS SIFS SIFS ACK

DIFS

Other NAV(RTS) Backoff

NAV(CTS) Backoff after Defer

Figure. 3. RTS/CTS frame exchange

Contention Free Period Repetition Interval(CFPRI)OR Superframe

Contentio Free Period (CFP) for PCF

SIFS SIFS SIFS Contention

Period(CP)
Downlink Beacon D2+Ack+Poll for DCF
D1+Poll CF-End

Uplink U1+Ack U2+Ack

PIFS SIFS SIFS Reset NAV

NAV

Dx-downlink frame to STA x CF_MAX_Duration

Ux-uplink frame from STA x

Figure 4. IEEE 802.11 PCF channel access during a CFP

medium. Between two consecutive frames in the Function (PCF) to let STAs have contention-free access
sequence of RTS, CTS, data, and ACK frames, a SIFS to the wireless medium, coordinated by a Point
is used. Figure 3 shows the timing diagram involved Coordinator (PC), which is co-located within the AP.
with an RTS/CTS frame exchange. The PCF has higher priority than the DCF, because the
All of the MAC parameters including SIFS, DIFS, period during which the PCF is used is protected from
Slot Time, CWmin, and CWmax are dependent on the the DCF contention via the NAV set. Under the PCF,
underlying physical layer (PHY). Irrespective of the time axis is divided into repeated periods, called
PHY, DIFS is determined by SIFS+2・SlotTime, and superframes, where each superframe is composed of a
another important IFS, called PCF IFS (PIFS), is Contention Free Period (CFP) and a subsequent
determined by SIFS+SlotTime. Contention Period (CP). During a CFP, the PCF is used
for accessing the medium, while the DCF is used during
2. Point Coordination Function (PCF) a CP. It is mandatory that a superframe includes a CP of
a minimum length that allows at least one MSDU
To support time-bounded services, the IEEE 802.11 delivery under the DCF at the lowest PHY rate. See
standard also optionally defines the Point Coordination Figure 4 for the CFP and CP co-existence.

Overview of Emerging IEEE 802.11 Protocols for MAC and Above 108 109
Telecommunications Review 2003•특집부록

IV

Initialization
Vector(IV) Seed Key Sequence
WEP
PRNG
Secret Key
Cliphertext

Plaintext

Integrity Algorithm

Integrity Check Value(ICV) message

Figure 5. WEP encapsulation block diagram

A superframe starts with a beacon frame, which is a 3. Security Mechanisms

management frame that maintains the synchronization
of the local timers in the STAs and delivers protocol The 802.11 MAC provides two different forms of
related parameters. The AP generates beacon frames at the security mechanisms, namely, authentication and
regular beacon frame intervals, thus every STA knows frame encryption. The authentication can be performed
when the next beacon frame will arrive; this instance is between two STAs in either an IBSS or an
called target beacon transition time (TBTT), and is infrastructure BSS. In case of the infrastructure BSS, the
announced in every beacon frame. During a CFP, there authentication is between a STA and an AP, and only
is no contention among STAs; instead, STAs are polled. after a successful authentication, an association between
See Figure 4 for typical frame exchange sequences the STA and the AP can be made established. There are
during a CFP. The PC polls a STA asking for a pending two forms of the authentication, namely, open system
frame. If the PC itself has pending data for this STA, it and shared key authentications. The open system is
uses a combined date and poll frame by piggybacking virtually equivalent with no authentication since two
the CF-Poll frame into the data frame. STAs just exchange authentication request and response
Upon being polled, the polled STA acknowledges frames under this type of authentication. On the other
the successful reception along with data. If the PC hand, with the share key type, two STAs exchange four
receives no response from a polled STA after waiting frames to check if they have the same security key.
for a PIFS interval, it polls the next STA, or ends the Unless they have the same key, the authentication
CFP. Therefore, no idle period longer than PIFS occurs process is supposed to fail.
during CFP. The PC continues with polling other STAs For the normal data frame transmissions after the
until the CFP expires. A specific control frame, called authentication (and association in case of the
CF-End, is transmitted by the PC as the last frame infrastructure BSS), the transmitting STA can encrypt
within the CFP to signal the end of the CFP. the frame frame using the mechanism called Wired
Equivalent Privacy (WEP). The WEP scheme uses the
RC4 pseudo-random number generator (PRNG)
algorithm from RSA Data Security, Inc. based on 64-bit
 802.11 Header FCS
Data (or payload)
24 or 30 octets 4 octets

Encapsulation Decapsulation

802.11 Header IV ICV FCS

Encrypted Data (or payload)
24 or 30 octets 4 octets 4 octets 4 octets

Encrypted

Figure 6. Original frame vs. WEP encapsulated MPDU

keys [2]. Figure 5 presents the block diagram of the Function (TSF) timer value, and all the associated STA
WEP encapsulation. A 64-bit seed is actually generated updates their local TSF timer upon the beacon
by combining 40-bit secret key (which should be known reception. In the IBSS, STAs transmit beacon frames in
to both the transmitter and the receiver off-line) and a a contentious manner.
24-bit Initialization Vector (IV) chosen by the Second, the power management allows a STA to
transmitting STA. On the other hand, an integrity stays in the doze state, in which the power consumption
algorithm, based on CRC-32, is applied to the plaintext, is minimal, and wakes up periodically without losing
i.e., non-encrypted original data payload, to generate an the traffic addressed to it. In the infrastructure BSS, the
Integrity Check Value (ICV). The ICV is intended for AP buffers all the frames addressed to a STA in the
the receiver to check the integrity of the received frame. doze state, and announces the existence of the buffered
Then, the key sequence generated using the RC4 frames via beacon frames. STAs wake up periodically
algorithm is XOR'ed with the plaintext and the ICV to in order to receive beacon frames, and if the buffered
generate a ciphertext. The ciphertext along with the IV frames exist, the STA requests the delivery of its
value is transmitted in the 802.11 data frame body as buffered frames by transmitting a special control frame
shown in Figure 6. The receiving STA performs the called Power Save (PS)-Poll.
reverse operation by decrypting the received frame Third, in an infrastructure BSS, a STA first
body and checking if the decrypted frame is in tact. associates with an AP before starting any normal data
transfer by exchanging associate request and response
4. MAC Management frames. As described in Section II.C, the authentication
procedure should be preceded before the association
There are basically three different MAC procedure. When a STA moves out of the coverage of
management functions: (1) synchronization; (2) power its associated AP, the STA performs the handoff
management; (3) association and reassociation; and (4) procedures by finding new AP(s) and reassociating with
management information base (MIB) definitions. the best AP. The detection of APs can be done via
First, the synchronization in the 802.11 WLAN is scanning processes (either passive or active scanning).
basically achieved via beacon frames. In the The difference between the association and
infrastructure BSS, the AP periodically transmits beacon reassociation is basically the fact that a reassocaite
frames, which include the Time Synchronization request frame is used instead of an associate request

Overview of Emerging IEEE 802.11 Protocols for MAC and Above 110 111
Telecommunications
Telecommunications Review
Review 2003•특집부록
2002•특집부록

802.11e HCF

PCF EDCA HCCA

DCF

Figure 7. 802.11e MAC architecture

frame in the case of the reassociation, and the referred to as the enhanced distributed channel access
reassociate request frame includes the MAC address of (EDCA), and (2) a controlled channel access referred to
the old AP. The new AP can utilize the old AP 's MAC as the HCF controlled channel access (HCCA). Figure
address in order to communicate with the old AP as 7 shows the logical relationship between the 802.11e
described in Section IV. HCF and the 802.11 DCF/PCF. As shown in the figure,
Finally, the MIB comprises the managed objects, the HCF sits on top of the DCF in the sense that the
attributes, actions, and notifications required to manage HCF utilizes and honors the CSMA/CA operation of
a station. These MIB values can be used for the the DCF.
network management purpose by external entities, e.g., One distinctive feature of the 802.11e HCF is the
using Simple Network Management Protocol (SNMP) concept of transmission opportunity (TXOP), which is
[28]. an interval of time when a particular STA has the right
to initiate transmissions. During a TXOP, there can be a
set of multiple frame exchange sequences, separated by
III. 802.11E MAC FOR QoS SIFS, initiated by a single STA. A TXOP can be
SUPPORT [5] obtained either by a successful EDCA contention or by
receiving a QoS CF-poll frame from the AP. It is called
In this section, we present the 802.11e MAC for an EDCA TXOP for the former case while it is called a
QoS provisioning. The IEEE 802.11e defines a single polled TXOP for the latter case. The new concept with
coordination function, called the hybrid coordination TXOP is limiting the time interval during which a STA
function (HCF). The HCF combines functions from the can transmit its frames. The limit of a the TXOP
DCF and PCF with some enhanced QoS-specific duration is determined by the AP, and is announced to
mechanisms and QoS data frames in order to allow a STAs via the beacons (in case of EDCA TXOP) and the
uniform set of frame exchange sequences to be used for corresponding QoS CF-poll frame (in case of polled
QoS data transfers during both the CP and CFP. Note TXOP). On the other hand, the multiple consecutive
that the 802.11e MAC is backward compatible with the frame transmissions during a TXOP can enhance the
legacy MAC, and hence it is a superset of the legacy communication efficiency.
MAC. The HCF is composed of two channel access The readers, who are interested in the performance
mechanisms: (1) a contention-based channel access of the 802.11e WLAN, are referred to [13]~[15]. Even
 Immediate access when AIFS[AC]
medium is idle>=AIFS[AC] Contention Window
from[0,CW[AC]]
PIFS

AIFS[AC] Busy SIFS

Backoff Window Next Frame
Medium

SlotTime

Defer Access Select Slot and decrement backoff

as long as mediumstays idle

Figure 8. IEEE 802.11e EDCA channel access

though most of the existing 802.11e papers are based on Table 1. User priofity to access category mappings
Access
some old versions of the draft, and hence the exact User Priority Designation
Category
Priority (UP) (Informative)
numbers may not be true, the general tendencies are still (AC)
Lowest 1 AC_BK Background
valid. The problems of the legacy 802.11 MAC and
2 AC_BK Background
how the emerging 802.11e fixes those problems are
・ 0 AC_BE Best Effort
discussed in [14],[15]. We briefly explain how the ・ 3 AC_VI Video
802.11e HCF works below. ・ 4 AC_VI Video
5 AC_VI Video

1. HCF Contention-Based Channel Access 6 AC_VO Voice

(EDCA) Highest 7 AC_VO Voice

The EDCA is designed to provide differentiated,

from IEEE 802.1d bridge specification [11].
distributed channel accesses for frames with 8 different
Basically, a channel access function uses
user priorities (UPs) (from 0 to 7) by enhancing the
AIFS[AC], CWmin[AC], and CWmax[AC] instead of
DCF. Each frame from the higher layer arrives at the
DIFS, CWmin, and CWmax, of the DCF, respectively,
MAC along with a specific user priority value. Each
for the contention to transmit a frame belonging to
QoS data frame also carries its user priority value in the
access category AC. AIFS[AC] is determined by
MAC frame header. An 802.11e STA shall implement
four channel access functions, where a channel access
function is an enhanced variant of the DCF, as shown in
・ SlotTime,
AIFS[AC]=SIFS+AIFSN[AC]・
Figure 9. Each frame arriving at the MAC with a user
priority is mapped into an access category (AC) as
shown in Table 1, where a channel access function is
where AIFSN[AC] is an integer greater than one.
used for each AC. Note the relative priority of UP 0 is
Figure 8 shows the timing diagram of the EDCA
placed between 2 and 3. This relative priority is rooted
channel access. One big difference between the DCF

Overview of Emerging IEEE 802.11 Protocols for MAC and Above 112 113
Telecommunications Review
Telecommunications Review 2003•특집부록
2002•특집부록

AC_BK AC_BE AC_VI AC_VO

Backoff Backoff Backoff Backoff

AIFS[0] AIFS[1] AIFS[2] AIFS[3]
BO[0] BO[1] BO[2] BO[3]

Virtual Collision Handler

Transmission
Attempt

Figure 9. Four channel access functions for EDCA

AIFS[AC]+ SIFS SIFS SIFS AIFS[AC]+

Backoff Post Backoff

QoS QoS
ACK ACK
Data(UP) Data(UP)

EDCA TXOP Limit

>=0 time gap

Figure 10. EDCA TXOP operation timing structure

and EDCA in terms of the backoff countdown rule is as highest priority frame among the colliding frames is
follows: the first countdown occurs at the end of the chosen and transmitted, and the others perform a
AIFS[AC] interval. Moreover, at the end of each idle backoff with increased CW values.
slot interval, either a backoff countdown or a frame The values of AIFS [AC], CWmin [AC], and
transmission occurs, but not both. Note that according CWmax [AC], which are referred to as the EDCA
to the legacy DCF, a STA countdown a backoff parameters, are announced by the AP via beacon frames.
counter, and if the counter becomes zero, it transmits a The AP can adapt these parameters dynamically
frame at that moment. depending on network conditions even though frequent
Figure 9 shows the 802.11e MAC with four channel adaptation is not desired due to the network stability.
access functions, where each functions behaves as a Basically, the smaller AIFS [AC] and CWmin [AC], the
single enhanced DCF contending entity, where each shorter the channel access delay for user priority UP,
queue has its own AIFS and maintains its own backoff and hence the more bandwidth share for a given traffic
counter. When there is more than one channel access condition. These parameters can be used in order to
function finishing the backoff at the same time, the differentiate the channel access among different user
collision is handled in a virtual manner. That is, the priority (or AC more accurately speaking) traffic.
 Slot
SIFS
Time

HC or
QoS CF-Poll TXOP granted by Qos CF-Poll
AP

Polled Station Data 1 Data 2

ACK1 ACK2

Others NAV set

Figure 11. Polled TXOP timing

As mentioned above, the IEEE 802.11e defines a QSTA(s). Before commencing the transfer of any
TXOP as the interval of time when a particular STA has frame requiring the parameterized QoS, a virtual
the right to initiate transmissions. Along with the connection, called traffic stream, is established first. A
EDCA parameters of AIFS [AC], CWmin [AC], and traffic stream could be either uplink, or downlink, or
CWmax [AP], the AP also determines and announces directlink, which are QSTA-to-AP, and AP-to-QSTA,
the limit of an EDCA TXOP interval for each AC, i.e., and QSTA-to-QSTA, respectively. In order to set up a
TXOPLimit [AC], in beacon frames. During an EDCA traffic stream, a set of traffic characteristics (such as
TXOP, a STA is allowed to transmit multiple MSDUs nominal MSDU size, mean data rate, and maximum
of the same AC with a SIFS time gap between an ACK burst size) and QoS requirement parameters (such as
and the subsequent frame transmission. delay bound) are exchanged and negotiated between the
Figure 10 shows the transmission of two QoS data AP and the corresponding QSTA(s), and the traffic
frames of user priority UP during an EDCA TXOP, stream should be admitted by the AP. Accordingly, the
where the whole transmission time for two data and AP should implement an admission control algorithm to
ACK frames is less than the EDCA TXOP limit determine whether to admit a specific traffic stream into
determined by the AP. As multiple MSDU transmission its BSS or not.
honors the TXOP limit, the worst-case delay Once a traffic stream is set up, the hybrid
performance is not be affected by allowing the EDCA coordinator (HC) co-located within the AP endeavors to
TXOP operation. provide the contracted QoS by allocating the required
bandwidth to the traffic stream using the HCCA. Under
2. HCF Controlled Channel Access (HCCA) the HCCA, the HC has the full control over the medium
during a CFP, and during a CP it can also grab the
If the EDCA is for the prioritized QoS, which medium after a PIFS idle time whenever it wants. The
supports differentiated channel accesses to 8 different channel grabbing is done by initiating its downlink
user priority traffic, the HCCA is mainly for the frame transfer or by transmitting a polling frame, i.e.,
parameterized QoS, which provides the QoS based on QoS CF-poll frame, in order to grant a polled TXOP to
the contract between the AP and the corresponding a QSTA.

Overview of Emerging IEEE 802.11 Protocols for MAC and Above 114 115
Telecommunications Review
Telecommunications Review 2003•특집부록
2002•특집부록

By receiving a QoS CF-poll, the polled STA, called overheads due to the immediate ACK transmissions.
a TXOP holder, assumes the control over the medium The newly-introduced Block Ack allows the selective-
up to the TXOP limit specified in the QoS CF-poll repeat ARQ, and can enhance the system efficiency
frame, and transmits multiple MSDUs during the significantly.
limited time, where the transmitted frames and their The other one is the Direct Link Protocol (DLP).
transmission order are determined by the TXOP holder The legacy MAC does not allow STAs within the same
according to its scheduling algorithm. All the other infrastructure BSS to transmit frames to each other
STAs, which receive the QoS CF-poll, set the NAV directly, and instead the AP should relay the frames
with the TXOP limit plus an extra slot time such that always. For certain applications, e.g., the bandwidth-
they will not contend for the medium during that time intensive video streaming within a home, this limitation
period. The timing diagram of a polled TXOP result in using the precious wireless bandwidth twice,
operation is shown in Figure 11. and hence the 802.11e defines the mechanism to
As is clear from the above explanation, in order to support the direct QSTA-to-QSTA transfer. Basically,
meet the contracted QoS requirements, the HC needs to before commencing any direct frame transfer, a direct
schedule its downlink frame transmissions as well as the link is set up between two QSTAs via the DLP, which
QoS CF-poll frame transmissions properly. Since the involves the exchange of management frames between
wireless medium involves the time-varying and two QSTAs through the AP.
location-dependent channel conditions, developing a
good scheduling algorithm is a challenging problem.
Note that an intelligent scheduling algorithm can result IV. IEEE 802.11F FOR INTER-ACCESS
in better system performance, e.g., not violating the QoS POINT PROTOCOL (IAPP)
contract, while admitting more traffic streams.
As explained in Section II, within an infrastructure

3. Other Features of 802.11e MAC BSS, a STA is associated with an AP, and this STA
communicates with any other nodes through this AP. A

There are some more features defined as part of the WLAN can be composed of multiple APs. In the

802.11e MAC. They are not directly related to the QoS 802.11 terms, the system, which connects the multiple

provisioning, but can increase the efficiency of the APs, is called a distribution system (DS), and a set of

802.11 WLAN. We just briefly summarize a couple of BSSs and the DS connecting these BSSs is called

such new features here. extended service set (ESS). In today's WLANs, the DS

The first one is the block acknowledgement is typically constructed with the Ethernet. One can

(BlockAck) mechanism, which allows a group of QoS easily imagine that this kind of WLAN structure is

data frames to be transmitted, each separated by a SIFS similar to that of the wide-area cellular systems, where

period, and then a single BlockAck frame acknowledges multiple base STAs are connected via the wired links,

the group of QoS data frames. The legacy MAC is and each base station serves an area called a cell.

based on a stop-and-wait automatic retransmission A key function in this multi- AP WLAN is the

request (ARQ) scheme, which involves a lot of handoff or roaming, i.e., a STA can switch from an AP
 APME
IAPP SAP
IAPP

RADIUS Cllent

UDP/TCP

ESP

IP

802.2

DS Services

WM
DSM MAC MLME
MAC

WM
DSM PHY PLME
PHY

Figure 12. AP architecture with IAPP

to another as it moves. The handoff involves the specifies the information to be exchanged between APs
communication between the APs, which relies on the amongst themselves and higher layer management
DS. While the 802.11 defines the concept of the DS, it entities to support the 802.11 DS functions. According
does not define how to implement the DS. The reasons to the IEEE standards terms, the recommended practice
behind include (1) the DS involves the protocols is defined as a document, in which procedures and
belonging to the above MAC, which is out of scope of positions preferred by the IEEE are presented. On the
the 802.11, dealing with the MAC and PHY only, and other hand, the standards like 802.11-1999 are defined
(2) it could be desirable to have the flexibility for the as documents with mandatory requirements.3) It should
DS construction. Note that the DS can be constructed be noted that the 802.11f does not define anything
with any network link, e.g., even with the WLAN link, related to the STA operation for the handoff. The
which is referred to as wireless distribution system 802.11 MAC management defines the AP scanning of
(WDS). the STAs and reassociation procedures for the basic
However, the lack of the standardized DS handoff support as discussed in Section II.D. The
construction caused APs from different vendors not to readers, who are interested in the 802.11 handoff issues,
interoperate, especially, in the context of the handoff are referred to other literature in [18]~[21].
support. In the 802.11 WLAN (or more specifically,
ESS), a STA should have only a single association, i.e.,
the association with a single AP. However, the
enforcement of this restriction is unlikely to be achieved
due to the lack of the communication among the APs
3) Within a standard specification document, both mandatory
within the ESS. requirements and recommended practice can exist. Mandatory
requirements are generally characterized by use of the verb ''shall,''
The 802.11f is a recommended practice, which whereas recommended practices normally use the word ''should.''

Overview of Emerging IEEE 802.11 Protocols for MAC and Above 116 117
Telecommunications
Telecommunications Review
Review 2003•특집부록
2002•특집부록

1. Inter-AP Communication enforcement of a single association of a STA at a given

time, and (6) transfer of STA context information
The IAPP uses TCP/IP or UDP/IP to carry IAPP between APs.
packets between APs, as well as describing the use of
Remote Authentication Dial In User Service (RADIUS) 2. IAPP Operations
protocol [27], so that APs may obtain information about
one another. A proactive caching mechanism is also There are basically three different IAPP operations:
defined in order to provide faster roaming by sending (1) STA ADD operation: (2) STA MOVE operation;
the STA context to neighboring APs before the actual and (3) proactive caching. These operations are briefly
handoff event. explained below.
Figure 12 shows the architecture of the AP with First, the STA ADD operation is triggered when a
IAPP. The AP management entity (APME) is a STA is newly associated with an AP. When a STA is
function that is external to the IAPP, and typically is the associated, the AP transmits two packets to the DS or
main operational program of the AP, implementing an the wired infrastructure: layer-2 update frame and IAPP
AP manufacturer's proprietary features and algorithms. ADD-notify packet. The layer-2 update frame is
The 802.11-1999 defines an entity called STA addressed at the broadcast address, and upon the
management entity (SME), and the APME of the AP reception of this frame, any layer-2 bridge devices, e.g.,
incorporates the SME functions. As shown in the Ethernet switches connecting multiple APs within the
figure, the APME can manage/control the IAPP, 802.11 ESS, update the routing table for the associating STA
MAC, and 802.11 PHY via the IAPP Service Access according to the IEEE 802.1d bridge table self-learning
Point (SAP), MAC Layer Management Entity (MLME) procedure [11]. The IAPP ADD-notify packet is an IP
SAP, and PHY Layer Management Entity (PLME) packet with a destination IP address of the IAPP IP
SAP, respectively. multicast address so that any receiving APs within the
Some functions of the IAPP rely on the RADIUS ESS remove a stale association information with the
protocol for the correct and secure operation. In associating STA.
particular, the IAPP entity, i.e., the AP, should be able Second, the STA MOVE operation is triggered
to find and use a RADIUS server to look up the IP when a STA reassociates with an AP, which happens
addresses of other APs in the ESS when given the when this STA hands off from an AP to another AP.
BSSIDs of those APs, and to obtain security The STA, which is handing off from an AP, transmits a
information to protect the content of certain IAPP reassociation request management frame to the new AP,
packets. Actually, the RADIUS server must provide where the reassocaition request frame includes the
extensions for IAPP-specific operations, and these MAC address of the old AP. The new AP transmits
operations are currently being defined by Internet two packets in this case as well: layer-2 update frame
Engineering Task Force (IETF) [28]. and IAPP MOVE-notify packet. The IAPP MOVE-
The IAPP sSupports (1) DDS services, (2) address notify packet is transmitted to the old AP, which in turn
mapping between AP's MAC and IP addresses, (3) transmits an IAPP MOVE-response packet. The
forrmation of DS, (4) maintenance of DS, (5) response packet carries the context block4) for the STA's
association from the old AP to the new AP. Since the V. IEEE 802.11H FORSPECTRUM
reassociation request frame from the STA contains the AND TRANSMIT POWER
old AP's MAC address only, the new AP needs to look
MANAGEMENT [8]
up the IP address of the old AP via the help by a
The 802.11h defines two mechanisms on top of the
RADIUS server within the ESS. The purpose of the
802.11-1999 MAC and the 802.11a PHY, namely,
layer-2 update frame is the same as with the STA ADD
dynamic frequency selection (DFS) and transmit power
operation case. One important fact is that the layer-2
control (TPC).
update frame is broadcasted only after the IAPP
In case of the 5GHz 802.11a PHY, a BSS occupies
MOVE-response packet is received from the old AP, as
a channel of 20MHz. Today, in the US, there are 12
the final step of the hand-off support procedure.
channels available for the 802.11a [3]. On the other
Third, the proactive caching is triggered when a
hand, the 802.11h defines 19 channels for the operation
STA (re)associate with an AP or the context of the STA
in Europe. The DFS is used to switch the operational
changes. Basically, when the proactive caching is
frequency channel of a BSS to another dynamically.
triggered by the APME of an AP, the AP (or the AP’
s
There can be many reasons why a BSS may want to
IAPP entity more specifically) transmits the IAPP
change its operational frequency channel. One
CACHE-notify packets to its neighboring APs. The
interesting example is when the current channel
notify packet includes the context of the corresponding
condition is too bad due to the interference from the
STA. This proactive caching can significant reduce the
neighboring devices. In this context, the DFS can be
hand-off delay by broadcasting the layer-2 update frame
used in order to enhance the QoS of the WLAN.
without waiting for the IAPP MOVE-response packet
Most of today's 802.11 devices use a fixed transmit
upon a reassociation (or handoff) of a STA when the
power for the frame transmissions. Note that the
new AP has the context of the handing-off STA, where
dynamic transmit power control is very critical in the
the context was received from the old AP via the IAPP
popular code-division multiple access (CDMA) systems
CACHE-notify packet earlier. One may question about
due to the near-far problem. On the other hand, the
how to know the neighboring APs. This can be
TPC is a desirable feature than a necessary feature.
achieved via the dynamic learning. That is, an AP can
However, the TPC in the WLAN can be useful in many
learn that another AP is its neighbor when a STA hands
different ways: (1) to meet the regulatory requirements
off from this AP to itself. The neighboring AP list can
as discussed below, (2) to control the range of a BSS,
grow over time as more and more STAs move around
(3) to control the inter-BSS interference, and (4) to
across the ESS. On the other hand, the network
minimize the energy consumption to save the battery
administrator can of course pre-configure the
energy [16],[17].
neighboring AP list.
As the title found in [8] indicates, the 802.11h has
been developed for the 5GHz in Europe. Many
countries in Europe require that any WLAN devices
have these two functions in order to co-exist with the
4) The 802.11f does not define what the context block could contain.
The examples of the context include security and accounting primary users at the 5GHz bands, namely, the satellite
information of the corresponding stationSTA.

Overview of Emerging IEEE 802.11 Protocols for MAC and Above 118 119
Telecommunications
Telecommunications Review
Review 2003•특집부록
2002•특집부록

and radar systems [31]. For example, the WLAN detected in the measured channel, namely, another
devices are required to switch its operational frequency BSS, a non-802.11 OFDM signal, an unidentified
channel to another channel once a radar signal is signal, and a radar signal;
detected in the operational frequency channel. On the •Clear channel assessment (CCA) type measures the

other hand, when a satellite signal is detected, the fractional duration of the channel busy periods during
WLAN devices are allowed to use the transmit power the total measurement interval; and
up to the regulatory maximum level minus 3dB while • Received power indication (RPI) histogram type

normally they can transmit at up to the regulatory measures the histogram of the quantized measures of
maximum. Even though the 802.11h has been the received energy power levels as seen at the
developed for the European regulation, it can be antenna connector during the measurement interval.
apparently used in any other countries for multiple
purposes. Based on its own measurement as well as the reports
Note that both DFS and TPC involve implementation- from the associated STAs, the AP continues to monitor
dependent algorithms. For example, a TPC algorithm is the channel status so that the channel switch can be
needed in order to determine the transmit power level of conducted in a proper instance.
a frame transfer. Basically, the 802.11h defines the The channel switch occurs immediately before a
mechanisms/protocols to enable a right decision of the TBTT, which the AP has specified, so that a normal
power level, not the implementation itself. We briefly communication operation can be conducted beginning
review the mechanisms/protocols defined by the the following beacon interval at the new operational
802.11h below. It should be noted that there is virtually frequency channel. Note that the beacon frames are
no change in terms of the channel access functions. That transmitted periodically. 5) The channel quieting
is, the 802.11 DCF and/or PCF are used to transmit the operation is also defined since the European regulation
new management frames as part of the 802.11h. requires the STA to become silent (or not transmitting
any) once a radar system is detected in the operational
1. Dynamic Frequency Selection (DFS) frequency channel.
Finally, it should be noted that a separate protocol is
In the infrastructure BSS, it is the AP, which defined for the DFS operation in the independent BSS,
determines when and which channel to switch to. For where no AP exists. Basically, in such a network, the
this purpose, the AP should monitor the status of the STA, which initiated the BSS, is called the DFS owner,
current and other frequency channels. For this purpose, and takes the responsibility of the channel status
the AP is allowed to request other STAs to measure the collection as well as the channel switch decision. How
current and other channels. After the channel status
measurement, the requested STA can reports the
measurement results. There are basically three different
measurement types:
5) The beacon transmission can be delayed due to the contention from
the stations under the DCF rule. However, the target beacon
• Basic type includes whether the followings were transmission times at least repeat periodically.
to elect a new DFS owner when the old DFS owner VI. IEEE 802.11I FOR SECURITY
disappears (due to the switch off or so) is also handled. ENHANCEMENT [9]

2. Transmit Power Control (TPC) It turned out that the existing security mechanisms
of the 802.11, i.e., authentication and WEP, are
Basically, there are two main functions defined. basically useless. The basic problems include:
First, the AP specifies the regulatory and local
maximum power level as part of the beacon, where the •Cryptographic weakness of RC4

local maximum specifies the actual maximum power •BSS-wide security key usage, i.e., all STAs in a BSS

level used within its BSS. The local maximum power can use the same key
should be smaller than or equal to the regulatory •One-way authentication, i.e., STA is authenticated by

maximum. The STAs in the BSS can use the transmit an AP, but not the other way around
power smaller than or equal to the local maximum •Reuse of the IV by multiple frames

value. • Absence of Message Integrity Check (MIC) on

Second, in order to determine the proper (or best) frames, i.e., ICV based on CRC-32 is currently used.
transmit power level for a given frame, the transmitting
STA needs to know the link condition between the The security flaws of the current 802.11 are
receiving STA and itself. The 802.11h defines a discussed in detail in [22]~[24]. The emerging 802.11i
mechanism to achieve it. A STA can transmit a is intended to address these security holes.
management frame called TPC request frame to another The IEEE 802.11i defines the Robust Security
STA when it desires. Upon receiving the TPC request Network Associations (RSNA), which is established
frame, the receiving STA determines the link margin between two STAs, i.e., a STA and an AP in an
between the transmitting STA and itself, then responds infrastructure BSS or a pair of STAs in an IBSS, via the
with a TPC response frame, which includes the link authentication/association using the 4-Way Handshake.
margin as well as the transmit power level of the A RSNA depends on IEEE 802.1X [12] to transport its
response frame. The link margin is defined by the ratio authentication services and to deliver key management
of the received signal power to the minimum desired by services. Therefore, all STAs and APs in an RSNA
the receiving STA. The transmitting STA can utilize contain an 802.1X entity that handles these services, and
the received link margin and power level information in the 802.11i defines how an RSNA utilizes the 802.1X to
order to determine the best transmit power level in the access these services.
future. The beacon from the AP also includes the The RSNA defines a number of security features on
transmit power level used for the beacon transmission, top of the WEP and IEEE 802.11 authentication
which can be used by the associated STAs to monitor including:
the channel condition between the AP and hemselves.
•Enhanced mutual authentication mechanisms for both

APs and STAs

•Key management algorithms

Overview of Emerging IEEE 802.11 Protocols for MAC and Above 120 121
Telecommunications
Telecommunications Review
Review 2003•특집부록
2002•특집부록

Authenticator (AP) Authentication

Server(AS)

Uncontrolled port
Supplicant
(STA)

Controlled port

Figure 13. IEEE 802.1X architecture for 802.11i WLAN [23]

•Cryptographic key establishment where the port determines when to allow general data
•An enhanced data encapsulation mechanism, called traffic across an IEEE 802.11 link. That is, general data
Counter mode with CBC-MAC6) Protocol (CCMP) traffic between a STA and its AP is blocked by the
and, optionally, Temporal Key Integrity Protocol controlled port until the 802.1 X authentication
(TKIP) procedures complete successfully. RSNA depends
We consider the ESS security in this section even upon the use of an Extensible Authentication Protocol
though the 802.11i addresses the security mechanism in (EAP) method that supports mutual authentication
IBSSs as well since the ESSs are practically more between the AS and the STA, not just authentication of
important than the IBSSs. the STA to an AP. The EAP authentication frames are
transmitted in IEEE 802.11 data frames, rather than the
1. RSNA and IEEE 802.1X 802.11 management frames, and passed via the
uncontrolled port of the 802.1X authenticator, i.e., the
An RSNA relies on IEEE 802.1X [12] to provide AP.
authentication and key management services, where the
802.1X architecture is shown in. In the 802.1X terms, 2. RSNA Establishment
non-AP STA is the supplicant, and the AP is the
authenticator. The Authentication Server (AS) is an In an ESS, a STA establishes an RSNA using either
entity residing in the wired infrastructure (or possibly IEEE 802.1X authentication and key management or
the AP itself), which participates in the authentication using a pre-shared key (PSK). When the 802.1X is
(See Figure 13). used, the STA establishes an RSNA via the following
An 802.1X port is present on any STA in an RSNA, procedures:

1) It identifies the AP as RSNA-capable via AP

6) CBC-MAC stands for Cipher-Block Chaining Message Authentication scanning
Code.
 STA AP AS
802.1X EAP Request

802.1X EAP Response

Access Request(EAP Request)

EAP Authentication Protocol Exchange

Accept/EAP-Success/Key Material

802.1X EAP Success

Figure 14. IEEE 802.1X EAP Authentication

802.11 Header FCS

Data(or payload)
24 or 30 octets 4 octets

Encapsulation Decapsulation

802.11 Header IV Ext IV ICV FCS

Encrypted Data(or payload) MIC 8 octets
24 or 30 octets 4 octets 4 octets 4 octets 4 octets

Encrypted

Figure 15. Expanded TKIP MPDU

2) It uses Open System Authentication (see Section PMK is sent from the AS to the authenticator (i.e., the
II.C) AP) via a secure channel. When the PSK is used
3) It negotiates cipher suites (e.g., either TKIP or instead of the 802.1X, the step 4) above is skipped, and
CCMP) during association the PSK is used as the PMK.
4) It uses IEEE 802.1X to authenticate Now, to establish temporal keys to be used for the
5) It establishes temporal keys by executing a key frame encryption, the AP initiates a 4 -Way Handshake
exchange algorithm utilizing EAP over LANs (EAPOL)-Key messages.
6) It uses the agreed upon temporal keys and cipher Basically, four messages are exchanged between the
suites to protect the link STA and the AP in order to establish both pairwise
transient key (PTK) for the unicast frame encryption and
Note that the Shared Key Authentication is group transient key (GTK) for the broadcast/multicast
deprecated as part of the 802.11i since the 802.11i relies frame encryption. The PTK is derived from the PMK.
on the 802.1X for the authentication after the Upon completion of the 4 -Way Handshake, the AP
association. Figure 14 illustrates the IEEE 802.1X EAP changes the state of the IEEE 802.1X access port,
authentication procedure corresponding to step 4) opening the controlled port to permit general data traffic
above. The STA and AS authenticate each other (e.g., to pass onto the DS. When the AP changes the GTK
EAP-TLS [26]) and generates a pairwise master key later, it sends the new GTK to the STA using the Group
(PMK) to seed the exchange in step 5) above. The Key Handshake.

Overview of Emerging IEEE 802.11 Protocols for MAC and Above 122 123
Telecommunications Review
Telecommunications Review 2003•특집부록
2002•특집부록

802.11 Header FCS

Data(or payload)
24 or 30 octets 4 octets

Encapsulation Decapsulation

802.11 Header CCMP Header MIC FCS

Encrypted Data(or payload)
24 or 30 octets 8 octets 8 octets 4 octets

Encrypted

Figure 16. Expanded CCMP MPDU

3. Cryptographic Algorithms Figure 15 depicts the layout of the encrypted frame

when using TKIP. The TSC occupies 6 octets across
The 802.11i defines two cryptographic algorithms IV and Extended IV fields.
on top of the WEP algorithm defined in the 802.11-
1999, namely, optional TKIP and mandatory CCMP. On the other hand, the CCMP employs the AES
The TKIP is based on the RC4 algorithm as the WEP is, encryption algorithm using the CCM mode of
and the CCMP is based on the Advanced Encryption operation. The CCM mode combines Counter Mode
Standard (AES). (CTR) for confidentiality and Cipher Block Chaining
The TKIP is a cipher suite enhancing the WEP Message Authentication Code (CBC-MAC) for
protocol on pre-RSNA (i.e., legacy) hardware, and it authentication and integrity. The CCM protects the
uses WEP with the following modifications: integrity of both frame MPDU payload and selected
portions of the MAC header. All AES processing used
• A transmitter calculates a keyed cryptographic within CCMP uses AES with a 128 bit key and a 128
message integrity code (MIC), called Michael, over bit block size. Note that AES is a block cipher different
the frame source and destination addresses, the from RC4, a stream cipher, used in WEP and TKIP.
priority, and the plaintext data. Any frames with CCM requires a fresh temporal key for every session to
invalid MICs, i.e., possibly affected by forgery ensure the security guarantees.
attacks, are discarded at the receiver. Figure 16 depicts the frame format using CCMP.
•TKIP uses a packet TKIP sequence counter (TSC) to The CCMP header includes the Packet Number (PN)
sequence the frames it sends, and this counter is and Key ID. The PN is basically the same as TSC
encoded as a WEP IV and Extended IV. Any frames defined for TKIP.
received out of order, i.e., possibly affected by replay
attacks, are discarded at the receiver.
• TKIP uses a cryptographic mixing function to
VII. TWO NEWLY-STARTED
STANDARDIZATIONS
combine a temporal key, transmitter address, and the
TSC into the WEP seed. This mixing function is
In this section, we briefly introduce two newly-
designed to defeat weak-key attacks against the WEP
started standardization activities, namely, IEEE 802.11k
key.
for radio resource measurement and IEEE 802.11n for like. However, the 802.11n PHY is expected to
higher throughput. increase the PHY transmission rate by using multiple
antennas or combining multiple frequency channels (of
1. IEEE 802.11k for Radio Resource 20MHz in case of 5GHz bands). The MAC should be
Measurement enhanced in order to reduce the MAC overheads. It is
well known that the 802.11 MAC introduces
Task Group K (TGk) was established early 2003 remarkable overheads due to the backoff and ACK
within the 802.11 WG in order to define radio resource transmissions. It is the main reason why the maximum
measurement enhancements to provide mechanisms to throughput of the 802.11a and 802.11g is under the half
higher layers for radio and network measurements. of the maximum PHY transmission rate, i.e., 54Mbps.
Based on the current draft [10], the group is defining the The 802.11e block ACK is expected to enhance the
followings: MAC efficiency. Other techniques such as the frame
aggregation [30] can also be also possible options.
• Addition of more MIB values on top of what the

802.11-1999 defined for more intelligent network

management VIII. CONCLUDING REMARKS
• Defining various radio measurement types such

received signal power, noise, hidden nodes and Recently, the IEEE 802.11 WLAN has become very
neighboring APs successful in the market as the prevailing technology for
the (indoor) broadband wireless networking. Along
Various types of radio measurements are expected with its success, the demand on the evolution of the
to be used to enhance the WLAN performance. For technology became evident. During the last few years,
example, the neighboring AP list measurement and remarkable efforts to enhance the current 802.11 have
announcement by the AP can aid in reducing the been made.
handoff delay. In this paper, we have overviewed the emerging
protocols of the 802.11 WLAN for the MAC and
2. IEEE 802.11n for Higher Throughput above, namely, 802.11e for QoS, 802.11f for IAPP,
802.11h for spectrum management, and 802.11i for
Task Group N (TGn) was established in mid 2003 security enhancement. We also briefly discussed
within the 802.11 WG in order to achieve a higher newly-initiated standardization efforts for the 802.11k
throughput by revising both the PHY and MAC of the for radio resource measurements and 802.11n for
802.11. The group is basically targeting at a throughput enhancements for higher throughput. It is our belief that
of at least 100Mbps measured at the MAC SAP. Since the usage of the 802.11 WLANs will be growing faster
the 802.11a and 802.11g WLANs achieve about 25 and more widely in the future.
Mbps maximum throughput in practice, this represents
at least 4 times faster WLAN.
It is too early to predict how the 802.11n will look

Overview of Emerging IEEE 802.11 Protocols for MAC and Above 124 125
Telecommunications
Telecommunications Review
Review 2003•특집부록
2002•특집부록

[REFERENCES] Wireless LAN Medium Access Control (MAC)

[1] IEEE Working Group (WG), and Physical Layer (PHY) specifications: Medium
http://www.ieee802.org/11, online link. Access Control (MAC) Security Enhancements,
[2] IEEE, Part 11: Wireless LAN Medium Access Control IEEE 802.11i/D5.0, Jul. 2003.
(MAC) and Physical Layer (PHY) specifications, [10] IEEE 802.11 WG, Draft Supplement to Part 11:
Reference number ISO/IEC 8802-11:1999(E), Wireless LAN Medium Access Control (MAC)
IEEE Std 802.11, 1999 edition, 1999. and Physical Layer (PHY) specifications: Specification
[3] IEEE, Supplement to Part 11: Wireless LAN Medium for Radio Resource Measurement, IEEE WG
Access Control (MAC) and Physical Layer (PHY) 802.11k/D0.4, Jul. 2003.
specifications: High-speed Physical Layer in the 5GHZ [11] IEEE, Part 3: Media Access Control (MAC) bridges,
Band, IEEE Std. 802.11a-1999, 1999. ANSI/IEEE Std. 802.1D, IEEE 802.1d-1998,
[4] IEEE, Supplement to Part 11: Wireless LAN Medium 1998 edition, 1998.
Access Control (MAC) and Physical Layer (PHY) [12] IEEE Std. 802.1X, Standards for Local
specifications: Higher-speed Physical Layer Extension and Metropolitan Area Networks: Port-Based
in the 2.4 GHz Band, IEEE Std. 802.11b-1999, 1999. Network Access Control, Jun. 14, 2001.
[5] IEEE 802.11 WG, Draft Supplement to Part 11: [13] Stefan Mangold, Sunghyun Choi, Guido R. Hiertz, Ole
Wireless Medium Access Control (MAC) and physical Klein, and Bernhard Walke, ''Analysis of IEEE 802.11e
layer (PHY) specifications: Medium Access Control for QoS Support in Wireless LANs,'' accepted to IEEE
(MAC) Enhancements for Quality of Service (QoS), Wireless Communications Magazine, Special Issue
IEEE 802.11e/D5.0, Jul. 2003. on Evolution of Wireless LANs and PANs, Jul. 2003.
[6] IEEE 802.11 WG, Draft Recommended Practice for [14] Sunghyun Choi, Javier del Prado, Sai Shankar N,
Multi-Vendor Access Point Interoperability via an and Stefan Mangold, ''IEEE 802.11e Contention-Based
Inter-Access Point Protocol Across Distribution Channel Access (EDCF) Performance Evaluation,''
System Supporting IEEE 802.11 Operation, in Proc. IEEE ICC '03, Anchorage, Alaska, USA,
IEEE 802.11f/D5.0, Jan. 2003. May 2003.
[7] IEEE 802.11 WG, Draft Supplement to Part 11: [15] Sunghyun Choi, "Emerging IEEE 802.11e WLAN
Wireless LAN Medium Access Control (MAC) and for Quality-of-Service (QoS) Provisioning,"
Physical Layer (PHY) specifications: Further Higher- SK Telecom Telecommunications Review, Vol. 12,
Speed Physical Layer Extension in the 2.4GHz Band, No. 6, Dec. 2002, pp. 894-906.
IEEE 802.11g/D8.2, Apr. 2003. [16] Daji Qiao, Sunghyun Choi, Amit Jain, and
[8] IEEE 802.11 WG, Draft Supplement to Part 11: Kang G. Shin, "MiSer: An Optimal Low-Energy
Wireless LAN Medium Access Control (MAC) Transmission Strategy for IEEE 802.11a/h," in Proc.
and Physical Layer (PHY) specifications: Spectrum ACM MobiCom'03, San Diego, CA, 14-19, 2003.
and Transmit Power Management extensions in [17] Daji Qiao, Sunghyun Choi, Amjad Soomro, and
the 5GHz band in Europe, IEEE 802.11h/D3.3.4, Kang G. Shin, "Energy-Efficient PCF Operation
Feb. 2003. of IEEE 802.11a WLAN via Transmit Power Control,"
[9] IEEE 802.11 WG, Draft Supplement to Part 11: Elsevier Computer Networks (ComNet), Vol. 42,
 No. 1, May 2003, pp. 39-54. Network Management Protocol (SNMP) Management
[18] Marc Portoles, Zhun Zhong, Sunghyun Choi, Frameworks, Dec. 2002.
and Chun-Ting Chou, "IEEE 802.11 Link-Layer [29] Robert Moskowitz, RADIUS Client Kickstart,
Forwarding For Smooth Handoff," in Proc. draft-moskowitz-radius-client-kickstart-00.txt.
IEEE PIMRC'03, Beijing, China, Sep. 7-10, 2003. [30] Youngsoo Kim, Sunghyun Choi, Hyosun Hwang,
[19] Marc Portoles, Zhun Zhong, and Sunghyun Choi, and Kyunghun Jang, "Throughput Enhancement via
"IEEE 802.11 Downlink Traffic Shaping Scheme Frame Aggregation - A Sequel,"
For Multi-User Service Enhancement," in Proc. IEEE 802.11-03/567r0,
IEEE PIMRC'03, Beijing, China, Sep. 7-10, 2003. http://grouper.ieee.org/groups/802/11/Documents/
[20] Sangheon Pack and Yanghee Choi, "Pre-Authenticated index.html, Jul. 2003.
Fast Handoff in a Public Wireless LAN based on [31] ERC/DEC/(99)23, ERC Decision of 29 November
IEEE 802.1x Model, "in Proc. IFIP TC6 Personal 1999 on the harmonized frequency bands to
Wireless Communications (PWC2002), be designated for the introduction of High Performance
Singapore, Oct. 2002. Radio Local Area Networks (HIPERLANs).
[21] Sangheon Pack and Yanghee Choi, "Fast Inter-AP
Handoff using Predictive-Authentication Scheme in
a Public Wireless LAN," in Proc. IEEE Networks
'2002 (Jointly with ICN '2002 and ICWLHN '2002),
Atlanta, USA, Aug. 2002.
[22] W. A. Arbaugh, N. Shankar, J. Wang, and K. Zhang,
''Your 802.11 network has no clothes,'' IEEE Wireless
Communications Magazine, Dec. 2002.
[23] Jesse Walker, ''Overview of 802.11 Security,''
http://grouper.ieee.org/groups/802/15/pub/2001/Mar01
/01154r0P802-15_TG3-Overview-of-802-11-
Security.ppt, Mar. 2001.
[24] Nikita Borisov, Ian Goldberg, and David Wagner,
''Intercepting Mobile Communications: The Insecurity
of 802.11,'' in Proc. ACM MOBICOM '01,
Rome, Italy, Jul. 2001.
[25] RFC 2284, PPP Extensible Authentication Protocol
(EAP), Mar. 1998.
[26] RFC 2716, PPP EAP TLS Authentication Protocol,
Oct. 1999.
[27] RFC 2865, Remote Authentication Dial In User
Service (RADIUS), Jun. 2000.
[28] RFC 3411, An Architecture for Describing Simple

Overview of Emerging IEEE 802.11 Protocols for MAC and Above 126 127
Telecommunications
Telecommunications Review
Review 2003•특집부록
2002•특집부록

최성현 Sunghyun Choi

Sunghyun Choi is an assistant professor at the School of Electrical Engineering, Seoul
National University (SNU), Seoul, Korea. Before joining SNU in September 2002, he was
with Philips Research USA, Briarcliff Manor, New York, USA as a Senior Member
Research Staff and a project leader for three years. He received his B.S. (summa cum laude)
and M.S. degrees in electrical engineering from Korea Advanced Institute of Science and
Technology (KAIST) in 1992 and 1994, respectively, and received Ph.D. at the Department
of Electrical Engineering and Computer Science, The University of Michigan, Ann Arbor
in September, 1999.
His current research interests are in the area of wireless/mobile networks with emphasis on
the QoS guarantee and adaptation, resource management, wireless LAN and PAN, next-
generation mobile networks, data link layer protocols, and connection and mobility
management. He authored/coauthored over 40 technical papers and book chapters in the
areas of wireless/mobile networks and communications. He is currently serving on program
committees of a number of leading wireless and networking conferences including IEEE
INFOCOM, IEEE GLOBECOM, and IEEE VTC. He is also an active participant and
contributor of the IEEE 802.11 WLAN standardization committee.
Dr. Choi was a recipient of the Korea Foundation for Advanced Studies Scholarship and
the Korean Government Overseas Scholarship during 1997~1999 and 1994~1997,
respectively.
•E-mail: [email protected]
•Tel: +82-2-880-1753
•Fax: +82-2-877-1753