What is a symmetric cipher? Symmetric, secret, private key, these are all synonyms for a specific class of cryptography. Symmetric ciphers all have one thing in common, a secret. That’s it. The encryption is only as strong as this secret and who knows it. As the old saying goes, “Three can keep a secret if two of them are dead.” That said, let’s get one with it and find out what implications that has.

Part I – Ciphers

There is a massive wealth of symmetric ciphers and there’s simply no way we could cover them all. One of the very first recorded uses for cryptography was by none other than Julius Caesar and as such has come to be known as the Caesar Shift. By today’s standards it’s breakable by a five year old, however at that time it was quite clever. What he decided to do was shift the letters in his messages five places, thus A became F, B became G and so forth.

All encryption is based on two things: A key and a cipher. The cipher is also known as an algorithm, perhaps more commonly so. Let’s take these terms and define them now for you. What is a cipher/Algorithm? Well, if you’ve taken much math in school the latter will surely sound quite familiar, and for good reason. An algorithm is nothing more than a method, a series of steps one preforms. A recipe of sorts, indeed one could say that beating 3 large eggs in a medium bowl with a pinch of salt and then heating in a pan over medium heat until solid would be the algorithm for making scrambled eggs.

It’s important to note that the algorithm was not “3 large eggs, pinch of salt” that would simply be the ingredients, what one needs. The algorithm is what one needs to do. What was the algorithm in our Caesar Shift? It’s not difficult, The algorithm is to shift the letters. Notice I didn’t say that it was to shift the letters five places. Why not? Well, five would be the key, the secret. Understand? The algorithm has 25 possibilities (a shift of 0 or 26 would be identical) It is true that you can find shifts of say 256 but you simply end up moding by 26 to get the answer: 256 % 26 = 22.

Moding, also known as clock counting, is division where you throw away the whole number and return the remainder. Modulus math is particularly important in asymmetric ciphers and will be covered in greater detail in the final installment.

Given the very limited keyspace this offers no real security. One does not even need more than a couple minutes to crack this encryption, seconds if one uses a computer. The shift cipher is also known as a rotational cipher. Many of you may be more used to the former name which is usually shortened to rot-X where X specifies the key. The most popular of course being rot-13. Why is this so popular? Well the encryption and decryption are perfectly mirrored. If A = N then N = A.

Shifts aka rotational ciphers are a subset of one of the high reaching groups of symmetric ciphers. substitution. The idea behind substitution ciphers is to substitute the letters with some other representation. The other major group of symmetric ciphers would be transposition which we will be covering shortly. Substitution ciphers also have two subsets, poly and mono alphabetic.

Our shift cipher falls into the monoalphabetic section. What do these two mean? Let’s look at those prefixes: mono – one, poly – more than one. Well there ya go, figure it out?
Monoalphabetic ciphers use a single instance of the alphabet by substituting the various letters with other letters. You could, for instance randomly pick the associations. This is really quite common. Children especially like to use them for secret notes and they make usual appearances in newspapers as the “crypto quote” or other such puzzles. These also can usually be easily decrypted and are more commonly used for fun, they offer no real security.

Now then, that leaves the polyalphabetic ciphers. There’s one particularly prominent example of this that’s known as “Le Chiffre Indéchiffrable” or more commonly vigenère. I’ll talk more about the interesting history of this cipher during the cryptanalysis section of today’s tutorial. For now I’ll just give you the basics of it. Vigenère is quite interesting, it’s one of the only truly unbreakable ciphers, IF used in a certain way, otherwise it becomes even more simple to crack than monoalphabetic ciphers. Interesting indeed.

So, how’s this all work then? You need the vigenère grid which looks something like this:

As you can see what we have is a grid of the alphabet, there are 26 alphabets each starting with a letter and then looping back on themselves. Now, to encipher your message(s) what you need to do is come up with your key. Let’s use “goats” as an example and our message will be “encryption is easy and fun!”. One thing to note is that because the grid is symmetric diagonally it doesn’t matter whether you use the row for the key and column for the plain text or the reverse. Just find where those two intersect. For the first letter in our message, in this case “e”, and first letter of the key “g” we see they intersect at “k”, which is the first letter of our cipher text.

You continue in this fashion until all of the message text is enciphered. But wait! I hear you shout, “What do we do when we run out of letters in our key?” Simple, just repeat it. This will become very important later, but let’s just continue on with our example. Finishing up our message becomes: kbckqvhihf og etke onw xab

encryption is easy and fun!
goatsgoats go atsg oat sgoa
kbckqvhihf og etke onw xab

There’s a couple things we should note here.

One: The same letter enciphered does not always create the same cipher letter. Notice how s is enciphered to both g and k.

Two: The same letter in the cipher text doesn’t always equal the same plain text letter. Again, notice how k was derived from e,r and s.

Three: The cipher text can be, and often is, stripped of punctuation such as spaces to help baffle analysis. Although it’s not shown here, it’s also common to do “five character group message form” where you break the cipher text up into groups of five letters. This is common to many symmetric ciphers, not just vigenère.

Like I said we’ll come back to this algorithm again later so let’s move on for now. That leaves us with the other major group of symmetric ciphers known as transposition ciphers. Again, this is a simple concept to grasp. You simply move the letters around with some order. This last part is important, otherwise you wouldn’t be able to recover the plain text. There are several methods accomplish this goal, a staggering amount really. As an example let’s use a line algorithm with a key of 3 and we’ll use the same message text padding with X’s should the need arise:

ertneydn
nyiiaafx
cpossnux

If we read the columns top to bottom, left to right, we see our message clearly now if we read the rows instead we get a cipher text of: ertneydnnyiiaafxcpossnux which may or may not be spaced properly depending on who’s doing the enciphering. The exact same method can be written a different way though:

enc
ryp
tio
nis
eas
yan
dfu
nxx

Yielding the same result, again it just depends on personal preference. Perhaps the most well known transposition algorithm is the “rail road cipher”. Which is basically the same thing, just using a key of two and looks like this:

e c y t o i e s a d u
 n r p i n s a y n f n

Where you alternated between the rows creating the following cipher text: ecytoiesadunrpinsaynfn

Of course this is easily defeated by finding the midpoint (u in this case) and wrapping ie:

ecytoiesadu
nrpinsaynfn

Now we can read it quite clearly one column at a time.

We’ve talked about the two main groups of symmetric ciphers and a couple of their specific algorithms, but that isn’t to say every symmetric cipher falls neatly into one or the other group. In fact, the most powerful will use a combination of the two in multi-tiered approaches.

A long time ago (ok not that long…) people started to take notice of cryptography in an increasingly digital world, when the question arose: How would they keep things confidential? In 1972 the NBS (National Bureau of Standards) now known as NIST (National Institute of Standards and Technology) decided to get in the game to create some kind of standard. In 1974 they announced the DES (Data Encryption Standard) which was based heavily on the IBM submitted Lucifer cipher developed by Horst Feistel with consulting help from the NSA (National Security Agency).

Originally Feistel wanted to call it Dataseal, but IBM called it demonstration cipher which was shortened to Demon and later became Lucifer. No doubt in part to the phonetic inclusion of “cipher”. The term Feistel blocks is still used to describe his method and is common in many of today’s ciphers.

DES was a block cipher which means it works on blocks of information at a time as apposed to stream ciphers which work on a single character at a time. The most prevalent use of a stream cipher, which some of you may know, is RC4 (pronounced arc four, the RC stands for Rivest Cipher – The R in RSA which we’ll talk more about in part 3). DES worked on 64-bit chunks of data at a time using a 56-bit key which seemed adequate at the time, though not to everyone. The original specification called for 128-bit keys but the NSA shortened it to 56-bit on the pretext that it wasn’t meant to last for more than 10 years anyway.

In 1977 DES was accepted as the (US) federal standard for unclassified documents. NIST specified that DES would undergo revision every 5 years to see if it was still up to the job so to speak. While DES passed without problems in the 1983 review, NIST originally said it would not recertify it again in 1987, but as there was no viable alternative it was signed on with the stipulation that it would not be approved in 1993.

With the computing power of 1975 it was estimated it would take about 300 years to crack DES. In 1997 RSA offered a challenge to crack DES and winner Rocke Verser managed the feat in a mere 96 days. Not quite a year later a team from Distributed.net cracked it in 41 days. In July of 1998 the EFF using a computer dubbed Deep Crack (in homage of Deep Blue) valued at approximately 1/4 Million USD cracked it in 56 hours. Then in January of 1999 Distributed.net using Deep Crack as a node broke DES in a speedy 22 hours.

To the surprise of many DES actually was recertified in 1993, however applications were then being taken for AES (Advanced Encryption Standard). Before I talk about AES though I wanted to let you know that there is an improvement to DES, in fact there’s two. Double DES and Triple DES which is really quite self explanatory, however due to the quirks of the system Double DES only provides an applicable 57-bit key, not much of an improvement.

Triple DES aka: TDES or (more commonly) 3DES offers 168-bit security and does something quite interesting. One might assume that triple DES would mean going through DES three times, and while this is true, it’s misleading. 3DES can use two or three keys depending on its implementation and most importantly it doesn’t provide three encryptions. Confused? Don’t be! What 3DES does is alter encryptions and decryptions. While the first pass is encrypted with Key “A”, round two will use the algorithm to decrypt the cipher text with Key “B” then that gets encrypted with Key “C”. Of course there’s also variations on this as well. Some may use two decryptions and one encryption, or there may only be two keys involved as I mentioned.

Ok, getting back on track we were talking about AES. NIST was really pushing the limits when they recertified DES in ’93 and needed something new. The challenge was open to anyone with the following guidelines: AES must be a block symmetric cipher supporting key sizes of 128, 192, and 256 bits. In 1999 NIST announced the 5 finalists for AES which were: MARS, RC6, Rijndael, Serpent and Twofish (which uses an interesting rubix cube style cipher). Then in October of 2000 NIST decided on Rijndael which was based largely on Square which was also written by the authors (Joan Daemen and Vincent Rijmen). The authors actually wrote a book on the cipher if you want some more information. This actually brings us to a close for ciphers, let’s move on!

Part II – Hashes

So, What the hell is a hash anyway? A hash is not a symmetric cipher, but I decided to cover it here anyway. In fact, hashes aren’t really ciphers at all as they are “one way functions”. What does that mean? That means once you preform the hash you can’t recover the plain text.

What a hash does is take the input and crunch it down to a little string usually represented in hexadecimal. Ok, so we know what a hash is… what’s it good for? Hashes are popular for data integrity checks. (The I in the CIA information security model). Since no two sources can have the same hash value, at least in theory, it’s possible to determine if the data was changed during transit.

Ethernet frames use CRC (cyclical redundancy check) which is a 32-bit checksum (another name for a hash). More commonly you’ll see hashes used in conjunction with public key cryptography to provided nonrepudiation which is very important. It’s also become popular to provide MD5 or SHA1 hashes for file downloads, particularly in the Linux world to make sure those large ISO files you’re downloading made it from the server to you without any bits getting flipped.

IDS (Intrusion Detection System) and virus scans often employ hashes to create a hash database of system files after install to compare future hashes against to check for root kits, unauthorized access and the like. Not only does this provide some level of security, but it can also reduce scan times. Tripwire is one such program that is founded on hash values.

There’s a few different hashes floating around out there but surely the most common are Secure Hash Algorithm-1 (SHA-1) (RCF 3174) and Message Digest 5 (MD5) (RFC 1321). SHA-1 provides a 160-bit hash value and MD5 computes a 128-bit value, and they’re commonly presented as 48 and 32 character hexadecimal strings, respectfully.

Just a moment ago I mentioned that no two data sources should have the same hash value, but this is only true in theory and not so much in practice. If you think about it, it should be fairly obvious. There’s an infinite number of permutations for data, but even SHA-1 is limited to 160 bits. Both SHA-1 and MD5 are vulnerable to what’s known as collision attacks.

Now before you start getting all paranoid about the world coming to an end or something you have to realize the reality of collisions. Collisions can’t be crafted, that is to say someone can’t create a new program and give it the same MD5 hash as the latest version of pidgin‘s tarball. Ergo, the practical application of collisions are very limited indeed. The only known collisions are based on such minor variations that in fact they probably won’t even matter. I believe in the MD5 paper you’ll read about “fire and ice” and personally I just don’t see any potential for this so called vulnerability however, feel free to draw you own conclusions.

How can you mitigate these issues? well you can use a double hashing approach. Create both a SHA-1 and MD5 hash, the possibilities of a collision in each of these hashes on the same data is a as close to a mathematical impossibility as you can get without actually presenting a proof. You may also consider using SHA-256 which, as the name implies, creates a 256 bit hash instead.

Part III – Cryptanalysis

Now then, the very first step in determining how to attack a given cipher text and/or hash value is to determine what exactly was used to get the data in the state your looking at. That is to say, you need to deduce what cipher was used. There’s some things you’ll be able to figure out quite easily and then there’s some trial and error.

For instance, if you see a string of hexadecimal values 32 characters long you’ll probably assume it’s an MD5 and you’ll probably be correct. Likewise all crypt(1), which is an implementation of DES, strings will be 13 characters long (the first two of which incidentally are the salt). Something to note, if you’re looking at an /etc/shadow file and the password field is the aforementioned 13 chars, it will be a crypt() digest, if the first characters are $1 then it will be an MD5 digest and lastly if it starts with $2 then it’s blowfish. Of course most password cracking programs will figure this out all on their own and make the necessary choices, but it’s handy to know never-the-less.

Base64 which as we discussed is *not* encryption, is common and is easily spotted by a = or two used to pad the result on the end of the string. If you just have a bunch of letters starting at you though you have quite a few options. If you’re lucky it’ll be a simple shift and you can BF (Brute Force) the key, given there’s only 26, exceptionally easy which is why I personally always start with this method.

If that comes up dead you can try frequency analysis which is a simple concept. All letters, in any language, have a certain frequency attributed to them. Since this is a tutorial in English I’ll use that language for an example. In English the most commonly used letter is “e”, just look at how many times it appears in this sentence alone. If you were to count up all the letters in your cipher text and you can make a fairly decent assumption that the letter that shows up the most is an “e”. Of course, the smaller your data set the more skewed from the assumed frequency it’s likely to be.

After “e” comes “t” and so forth as you can see in this table:

Data courtesy Wikipedia

We can also infer other frequency related aspects of the message. For instance the most common combinations of letters th and so forth. We can look for two and three letter words. 2 letter words are especially good to attack because in English it’s a given that one of them will be a vowel, of which there are only 5 with a possible 6th. If, for example, you had the cipher text of “jt” and you’ve already made the assumption that t = e given the vast quantity of t’s in the cipher text then your job becomes easier. Now there’s only 26 possibilities and of those only a handful that are legitimate English words, quickly you can start gaining a foot hold.

Another tactic to use would be using a crib. A crib is a some plain text you’re relatively certain is contained within the cipher text. If for example you were decrypting something from your significant other you might assume the word “love” was in there some where. Of course, why they’re enciphering their love letters and not giving you the key is another issue entirely. You could find 4 letter words and say “if this were ‘love’ then “X” must equal L”.
This, of course, all hinges on the cipher text being a generated from monoalphabetic cipher. It may seem like it would be a lot easier than trying to decipher a polyalphabetic cipher. Remember that I said Vigenere could even offer perfect encryption. The keyword here of course, is “could”. In reality Vigenere is often much easier to crack than your traditional monoalphabetic cipher!

First: How can vigenere offer perfect encryption? The only way is to use a random key equal in length to the message to be enciphered. Simple enough. I say random which is the only true way to perfection, however even non-true will be nearly unbreakable. The reason behind this is that if each letter of the message is enciphered with its own alphabet then there’s no telling what it was to begin with. There’s no way to get any type of pattern. The only way to attack it would be through brute force which could take literally forever if the message is long enough. If you use a random key you’re essentially creating a one-time pad.

Ok, so that’s how it can be unbreakable, how can it be easier to break than monoalphabetic? Good question, let’s find out. There’s two different ways to go about step one. 1a, as we’ll call it, is the easiest to explain and requires nothing beyond the ability to factor numbers in terms of mathematical prowess. 1b has to do with something called “the index of coincidence” and “the mutual index of coincidence” and involves probability computations and a funky equation using that sigma character.

Guess which one we’re gunna talk about. Remember this is a crash course, nothing too intensive going on here. I should note that Charles Babbage was actually the first person to come up with this technique after a challenge was made to him. If that name doesn’t ring a bell… pick up a book once and awhile, moving on! The fact still remains that with a key length smaller than the plain text the possibilities for duplicates can and most often do occur. For instance the word “the” will most likely appear several times in the course of any message. Three times in that sentence alone! We don’t really even care if it’s a word though, it could just be a series of letters that are the same.

If we limit ourselves to only looking for repeating sequences of four characters or more we can be pretty sure it’s because the same plain text was enciphered at the same point in the key, thus producing identical cipher text. What we have to do is find all such occurrences in our cipher text and make ourselves a little matrix. On the x-axis you’ll have “possible key length” which will be the factors of whatever the spacing for that patter was. On the y-axis you’ll have “pattern”, the actual pattern you’ve detected and the spacing between them. Then you simply put a check mark in each box. You should find a column that has a check mark for each sequence you’ve identified (7 in the example below), and that’s your key length and part one is done. It should look something like this:

		Possible Length
Sequence	Spacing	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20
A-K-Y-Z	35
N-T-O-Q-L	63
E-Q-C-I	84
K-P-I-D-B	49

Now you break up the cipher text into groups separating them by the letter used in the key. If the key was 4 letters long, then you’d have 4 groups, the first group would be the 1st, 5th, 9th, etc. characters. From here you can do your standard frequency analysis. It often helps to draw yourself up a few histograms to provide a visual cue. On the X axis you put each of the letters and the y is the frequency. At this point you’ve broken your polyalphabetic cipher into “X” shift ciphers, which we all now know offer no protection. Using the histograms you’ve created you can compare them to a histogram based on the frequency table we mentioned earlier. Now you just over lay them until they line up and you’ll find how many characters the shift was.

One little tid-bit to know is that multiple enciphering with different keys offers no real added security when it comes to the cryptanalysis. The multiple enciphering simply creates a mutated key.

Now that we’ve attacked poly and mono alphabetic ciphers, let’s say you figured out your cipher text was an MD5 hash. We know already that this can’t be reversed, there is no key after all. How then do we attack these? Well I’m going to make an assumption here that I feel fairly confident in, and that is that the most common use for attacking MD5 hashes is that it’s been used on a password. There’s two major attacks we can employ: Dictionary and BF or Brute Force.

I list these two options in the order in which you should attempt them. Using a dictionary is incredibly easy, tends to be significantly faster and users tend to be… less than intelligent when it comes to picking passwords. Often times a password will be a family member’s name, favorite movie, etc. Something easy they can remember. The problem with making it easy for them is that it makes it easy for an attacker as well.

You can load your cracker of choice (discussed next) and word list of choice and crunch through every English word in a matter of seconds (depending on processor speed of course). Even using “The Argon List” (a 250MB word list, with many duplicates) it’s possible to run through the entire thing in a few minutes. Most crackers also support options for permutations on the word list, like converting letters to numbers (e->3) appending numbers, and so on. Many people will think they’ve made their password strong by adding a date to the end. This is false security as it’s a trivial matter (in most crackers) to have them appended to every word in the word list without even altering the list. If the date has any specific meaning (say they were born on 67 and have a cat named fluffy thus creating Fluffy67 for their password) then it’s only that much easier to crack. “Fluffy67” may look good at first glance. It would even pass Microsoft’s complexity test, and meets the common 8 character minimum. However, given a minute on a crackers machine and anything protected with that password will be singing.

The other option is to resort to BF, which there simply is no protection against. A BF attack will simply try every possible option, one at a time. Granted, they may set up their attack based on false assumptions, only lower and upper case characters for example, but eventually it will crumble. It’s only a matter of time. That being said, many ciphers use such large key spaces that this “matter of time” actually exceeds the life the universe using machines capable of exceedingly fast analysis currently impossible with current technologies.

So, we’ve figured out what the cipher text was enciphered with (hopefully) and we’ve devised a strategy for attack, now we could probably use a tool or two to give us a hand. One of the most popular will of course be john the ripper or jtr for short. Jtr is available for both windows and *nix and is exceptionally fast, supports word lists and a number of BF options. In the most basic set up you simply need to have a file containing a username and hash value colon deliminated (username:hash) then simply type: john file.txt and off you go on a BF attack (in “incremental” mode). Windows users may also want to check out Cain & Able and L0phtCrack for your windows password needs. There’s really too many options to discuss here, but suffice it to say they’re very powerful.

You might also consider so called “rainbow” tables which are precomputed tables and they work on the principles of the time/memory trade off. Basically you trade the time it takes to compute all the hash values with the memory it takes to store all the values directly. Of course when these tables get huge (multiple terabytes) you also have a lookup delay to factor in as well. If you can’t spare the space to store these tables several look up sites do exist with varying degrees of scope. Some are free, some pay, some freemium where pay a fee to get pushed to the head of a queue and/or access to larger tables.

Another common obstacle people may face is a lost or misplaced zip password. Two tools I’ve personally used and consider to be quite up to the task are Fast Zip Crack (FZC) and Visual Zip Password Recovery. They each work equally well and it’s really a matter of whether you like a pretty GUI or can live without it. We also have the capability of password protecting Word documents, Excel spread sheets and myriad other file types. Elcomsoft offers a wide range of products targeted at recovering these passwords dubbed “Advanced X Password Recovery” where the X is whichever application is to blame. As an interesting side note, Dimitry Sklyarov, who worked for Elcomsoft, was the first person arrested under the DMCA at DefCon 11 in Las Vegas on July 16th.

The last tool I want to talk about is cryptool. This is an exceptionally useful little program and can handle a great number of tasks for you such as creating and analyzing histograms, preforming frequency analysis etc. While this program is a win32 application source code is available via SVN and there’s currently a cross platform version beta based on java.

We’ve come to the end of another lesson. I hope you learned something and had some fun, in part 3 we’ll be talking about asymmetric Ciphers, I hope to see all of you there.

Getting things set up

Before we can do any coding we first need to set up our environment. In order to get anywhere you’re going to need at least merchant account with PayPal, so if you don’t have one you’ll want to sign up for free. Next, before we even bother logging into paypal let’s set up the certificates we’re going to need. First we’re going to generate our private key certificate and use that to create the public key cert. For more information on public key cryptography check out part 3 of my cryptography series. Using paypal’s handy guide we can just copy and paste this code into a *nix shell to get a fresh new private key cert:

openssl genrsa -out my-prvkey.pem 1024

Then follow that up with:

openssl req -new -key my-prvkey.pem -x509 -days 365 -out my‑pubcert.pem

OpenSSL should come standard with most distros, even OSX has it installed by default, but if it’s missing for some reason check your repos (synaptic, YaST, portage, etc.). If you still can’t find it for some reason you could always build from source. Now your’re set to rock! What’s that you say? You don’t have access to a linux/unix/BSD/OSX box or shell? If for some reason you’re completely isolated in a windows world, fear not! OpenSSL does provided source for your Redmond restrictions. Although you could build from source it’s probably easier to just grab one of the binary installers. All the commands will be the same.

Now that our certificates are generated we’re going to want to log into paypal and get things set up on that end. After logging in to your account go to My Account -> Profile -> More Options -> Selling Preferences -> Encrypted Payment Settings. You should now be at a page that looks like this:

First download the paypal public certificate and keep it with the two you generated. I recommend creating a folder called “keys” for these three files. Make sure this folder is set to chmod 750 or more restrictive if possible on your web server. Next upload your public certificate (my-pubcert.pem in this example) to paypal with the “Add” button. Note the Cert ID that was generated and jot that down for later. Our last stop on paypal is to enable IPN. Click the “Back to Profile Summary” link towards the top of the page. Here you can copy down your “Secure Merchant Account ID” if you want. This value is often used in regular buttons to link purchases to your account without having to expose your e-mail address, but since we’ll be encrypting the contents of our button it doesn’t really matter which value you use. Now back under “Selling Preferences” click on the link for “Instant Payment Notification Preferences” You should now see a screen like this:

Type in the address of your callback script including the ‘http://’ I usually go with something like “http://www.example.com/ipn.php” or cb.php, the name of the script doesn’t matter, and if you decide you want to change the location/name down the road you can always edit the settings later. Finally make sure that “Receive IPN messages (Enabled)” is selected. Paypal allows you to stop message delivery should you need to take the script down for maintenance yet still accept payments. Payments will build up in a queue and when you switch the delivery option back to “Enabled” the queue will fire off against your updated script like nothing ever happened. At this point you’re really done, but I like to make one more change. If you click back to the profile settings you’ll see one called “Website Payment Preferences”. Here you can set up a number of preferences, including a URL that users will be sent to when the finish payment, but the one we’re interested in is a little further down and called “Encrypted Website Payments”. If you turn this one it will block any button that isn’t encrypted. It’s not strictly necessary, but I feel a little better turning it on. Of course the biggest threat really is that someone would insert a rogue button somewhere and start sending you free money… but I digress. That should do it for the paypal side of things. Let’s move onto the code!

Button Generation

To create out encrypted buttons we’re going to write a function that will take an associative array and spit out the glob of encrypted text that gets passed as the value for the hidden field named “encrypted” in our paypal form. Without further adieu let’s take a look at this code and then dissect it:

function paypal_encrypt($hash) {
	global $base;
	//certs
	$priv = "$base/keys/my-prvkey.pem";
	$pub = "$base/keys/my-pubcert.pem";
	$paypalCert = "$base/keys/paypal_cert.pem";
	//Cert ID
	$cid = "XXXXXXXX"; 

	$openssl = "/usr/bin/openssl";

	$errors[] = array();
	if (!file_exists($priv)) {
		$errors[] = "error: private cert $priv not found\n";
	}
	if (!file_exists($pub)) {
		$errors[] "error: public cert $pub not found\n";
	}
	if (!file_exists($paypalCert)) {
		$errors[] "error: paypal cert $paypalCert not found\n";
	}
	if (!file_exists($openssl)) {
		$errors[] "error: openssl $openssl not found\n";
	}
	if ($errors) return implode("\n",$errors);

	//assign a couple extra variables
	$hash['cert_id'] = $cid;
	$hash['bn']= 'SubvenioComputing_BuyNow_WPS_US';

	foreach ($hash as $key => $val) {
		if ($value == "") continue;
		$data .= "$key=$val\n";
	}

	$cmd = "($openssl smime -sign -signer $pub -inkey $priv -outform der -nodetach -binary <<_eof_\n$data\n_eof_\n) | $openssl smime -encrypt -des3 -binary -outform pem $paypalCert";

	exec($cmd, $encrypted, $error);

	if (!$error) {
		return implode("\n",$encrypted);
	} else {
		return "ERROR: encryption failed";
	}
}

Most of the details you don’t really need to concern yourself with. First it sets up the certificates, which as I mentioned before I’ve put in a folder called “keys”. I’m using a global variable here called $base that you would set up outside your function. I set it to the absolute path of the script so that I’m always sure I have the right files. Then that Cert ID you jotted down? Plug that value in for the $cid. Next we do a little error checking to make sure all the files exist and the path to openssl is valid. If we pass the test we add a couple values to the hash, first is that Cert ID and then the “build notation” variable. The format is: <Company>_<Service>_<Product>_<Country>. You should change the Company and Country and if you’re not doing the standard buy now button the other options for Product are: AddToCart, Donate, Subscribe, BuyGiftCertifcate and ShoppingCart. Then the boring part of actually doing the encryption.

I tend to use a standard config file and I toss the function in there with the rest, but you can throw it anywhere you want. To use our new function we can create a little something like this:

<?php
require_once('config.php'); //file with out function
$form = array('cmd' => '_xclick',
	      'business' => 'paypallogin@email.com',
	      'lc' => 'US',
	      'custom' => 1,
	      'invoice' => '1',
	      'currency_code' => 'USD',
	      'no_shipping' => '1',
	      'item_name' => '1',
	      'item_number' => '1',
	      'amount' => '99.99'
);

$encrypted = paypal_encrypt($form);
?>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="image"
src="https://www.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0"
name="submit" alt="Make payments with PayPal - it's fast, free and secure!">
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif"
width="1" height="1">
<input type="hidden" name="encrypted" value="<?php echo $encrypted ?>" />
</form>

And that should do it, a perfectly encrypted button. Obviously you probably would be calling this as part of a fuller script and populate those values with meaningful information, if you were just going to use static data you’d be better of just using a hosted button. The business field is the one that will accept either your Secure Merchant ID or plain ol’ login details. You can use any of the standard PayPal variables a couple that I’d like to highlight for what we’re doing are invoice and custom. These two variables are so-called “pass through” variables. That is, PayPal doesn’t do anything with them, but they’ll show back up in your IPN reply that we’ll be covering next. You can store anything you really want in them, but be warned the custom field is limited to 256 characters and invoice tops out at 127. You’ll probably also want to add return and cancel variables that will bring the user back to your site. At this state our button should be up and working perfectly fine. A user could complete the transaction and paypal would probably send you an e-mail. We want more though so next we’ll get our callback script online.

IPN callback script

Letting customers pay with PayPal buttons is all well and good, but if you send them off to this third party site you’re left with clean up. Did their payment get authorized? Is it an e-check and still processing? Did they click the button to pay and then decide not to? Normally you’d be completely in the dark at this point. The other option seems to be setting up an SSL cert on your site and creating some e-commerce solution to handle all the transactions. We know better though, with a little more coding we can get all that information back to us and then preform whatever actions necessary from changing an order status to packaging/shipping or marking your invoice as payment received.

I’ll give you the skeleton script (based on the PayPal example), but it won’t actually do anything other than acknowledge receiving the IPN message, it’s up to you to figure out what your site needs to do with this information.

<?php
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
	  $value = urlencode(stripslashes($value));
	  $req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

if ($fp) {
	fputs ($fp, $header . $req); //actually send data to paypal
	require_once('config.php'); //pull in config file (initialize db/variables/etc)
	// assign posted variables to local variables
	$status = $_POST['payment_status'];
	$payment = --$_POST['mc_gross'];
	$i = escape_data($_POST);
	$error = array();
	while (!feof($fp)) {
		$res = fgets ($fp, 1024);
		if (strcmp ($res, "VERIFIED") == 0) {
			if ($status == "Completed") {
				//check if a pending transaction just completed
				$query = "SELECT * FROM `table` WHERE `trans`='$i[txn_id]'";
				if($result = mysqli_query($dbc,$query)) $row = mysqli_fetch_assoc($result);
				if ($row['pending']) {
					//update pending status to completed/paid
				} else {
					//add instant payments to database
				}
				//do global things you need to for processing payment completion
			} elseif ($status == "Pending") {
				//add entry into database with pending status, include txn_id
			} else {
				//various status events that mean you didn't get paid (Failed/Denied/Refunded/Voided/etc)
			}
		}
		else if (strcmp ($res, "INVALID") == 0) {
			// log for manual investigation
			$message = "INVALID IPN\n";

			foreach ($_POST as $key => $value){
				$message .= $key . " = " .$value ."\n";
			}
			error_log ($message, 0); // Send to system log
		}
	}
	fclose ($fp);
}
?>

First off we need to let PayPal know we got their notification so we open a socket back up to them and post the data back adding the cmd for validating the message. We fire this off at the very beginning because PayPal expects a response within 30 seconds. I don’t even pull in my config file until after posting so setting up the database connection and initializing variables doesn’t take up precious time. Speaking of which, after that is all set up, the first thing I do is pull in my generic config file which includes the escape_data() function I use right after that. You may think that the data is safe to use coming from a security conscious company such as PayPal. That’s exactly the kind of thinking that leads to security breaches. I also clean the data into a single letter array because typing $_POST over and over gets annoying pretty fast.

There will be two possible responses to your validation: VALID or INVALID. This is in regards to your attempts to validate the IPN message and has nothing to do with the actual transaction. For this example we just log an error to the system, you may want to e-mail it, or do something else (i.e., SMS your webmaster). On the other hand if your validation went though properly you can start dealing with all that POSTed data you originally got back. I cached the status message into a simple variable that we can test against. There’s really only 3/4 messages we’re interested in. 4 total, but two basically mean the same thing, you didn’t get no money so in effect it’s only 3: Success, Pending, Failed. Denied is more of a fine grained version of Failed. Think of it this way, your credit card may fail because you typed in the wrong number, but if it’s denied you didn’t have enough credit to cover the charge and the card issuer won’t let you make the purchase.

That’s it in a nutshell. I gave you a little hint about how to you may want to think about dealing with pending transactions, stash the transaction ID in a field in your database. I recommend not using the column in a boolean manner (if column has value it’s pending, if empty it’s not). You should probably consider storing the transaction ID for every transaction, and setting up a particular meaning for “pending” such as a column called “pending” that then would be boolean (1 == pending; 0 == not pending) or slightly more complex logic of a “paid” column (0 == not paid; 1 == pending; 2 == paid, etc.) There’s really no end to what you can do with the information you get back. Update databases, e-mail, SMS, IM, it’s all about what makes sense for your site.

Closing

By now you should be able to leverage the power that can be had by combining two of PayPals features with some solid code. Without having to get into the esoterica of the full XML API you can build a really robust payment processing system. As a bonus you don’t have to pay those high prices for an SSL certificate or having to set up your server to use them. Also when testing your site I highly recommend getting a developer account from PayPal, again the account is free. You’ll be able to create as many fake users as you want to, sellers and buyers of any account type (even the ones you normally have to pay for) and play around with all the various settings. During testing you simply change all the calls from www.paypal.com to www.sandbox.paypal.com then to go live pull out the .sandbox and you’ll know everything works. There’s even a handy IPN Simulator that you can use to send your callback script various types of possible replies to make sure it handles the data properly. One thing I like to do is use the tool along with error_log() calls and then set up a terminal with tail -f /var/log/apache2/error_log to get around the inability to do “print debugging”. This will save you from sending debug messages to a file or e-mail. Of course, while testing in the sandbox you’ll need to keep your certs/cert_id’s correct for that environment and remember to switch them for the live values later. I’d like to thank Stellar Web Solutions for their article that I originally ran across over a year ago and used to base my function on.

RF Math:

In order to make all these calculations, we first need to define what exactly “power” is. Power can be expressed using Ohm’s Law as: P = I*E or Pie, where P equals the power in watts (W), I equals the current in amperes or “amps” (A) and E equals the voltage in… Volts (V). A watt is therefore technically defined as “one ampere of current at one volt” and a Volt is the electrical potential between two points in a circuit. You may also often see Ohm’s Law, particularly in electrical circuits where resistance is more important than power, written as V = I * R. Here I stays the same (current), V is voltage and R is resistance in Ohms (Ω).

The good thing about your typical 802.11 set up is that you do not really need to know any of this. You just need to know that the wattage is how powerful the signal is (literally). The thing about power is that in RF devices it gets really small really fast. It gets so small so fast in fact that it is very inconvenient to talk about using a linear scale. By the time your 4 watts has traveled as little as 10m it is already a mere fraction of its original power. People have a hard time expressing things with massively small decimals.

In order to represent the logarithmic nature of the degradation of a propagating RF wave, it would be handy to have a corresponding linear scale we could use. We are not the first to wish such a conversion, what we need then is the predefined system. Enter the “bel”. The bel is a way of evaluating relativity. If we consider the sequence 10, 100, 1000…. then it would be appropriate to create a second sequence representing the log of the first sequence or 1, 2, 3…. These are bels. 1000 is therefore 2 bels greater than 10 and 1 bel greater than 100. You will notice there are no units given: bels are a way to express relativity, and only relativity. What we are relating can be in any unit you want, granting they are the same for both items being related.

Due to the granularity by which power is measured, and the vast difference in performance based on such small changes, we often use a “decibel” (dB). A decibel, as the name would suggest, is one tenth of a bel. Using our knowledge from before we would thus conclude correctly that 1000 is 20dB greater than 10. When people discuss decibels remember they are always talking about the degree by which something is greater or less than some other thing. It would, therefore, be inappropriate to say that something is “20dB”; it must be 20dB compared to some other source.

In decibel mathematics there are two specific values that everyone memorizes to preform quick math. If something has a 3dB difference it is twice or half the value, 10dB would be 10 or one-tenth. This is often commonly referred to as “the rule of 3′s and 10′s”. To illustrate this point, if our Intentional Radiator (IR) has 200mW of output and we connect a amplifier in series which generates 3dB of gain, the resulting signal after amplification would be 400mW. We will talk more about gain and amplifiers later in this paper.

RF signals typically are not very powerful. In fact, in the 2.4Ghz ISM band in a point-to-multipoint setup, the FCC says we can have a maximum EIRP of 4W. The majority of that sentence probably will not make much sense yet, but anyone can notice that I mentioned maximum and 4W which is not all that great and we know that the power dramatically decreases. It is, therefore, most common to work with milliwatts (mW) when we discuss RF waves. We saw above how we can apply decibels to the power rated in mW, but would it not be helpful to keep everything expressed in decibels? We said before that we must be comparing something when we use decibels, so we can not exactly say our signal is 13dB, that just does not work. People realized this so they set up a standard base which RF technicians can use. They created something called a dBm (Dee Bee Eem or dB milliwatts) which uses the standard base that 1mW = 0dBm. Using our previous example, let us convert 200mW into dBm. We first off notice we can take our 1mW and multiply it by 10 and 10 again to get to 100mW, 100mW is then only one half of 200 so we need another 3dB (remember our rule). Our 200mW is therefore equivalent to 23dBm, the two may be used interchangeably. The actual conversion equation is: PdBm = 10 log(PmW), or the power in dBm is equal to 10 times the log of the power in milliwatts.

There is one last decibel unit you will encounter numerous times when working with wireless, and that is the dBi. In order to understand what dBi is, first we need to discuss what an isotropic radiator is. An isotropic radiator can not be made; the one thing in this universe that can be approximately considered an isotropic radiator is the sun (or any star for that matter). Isotropic radiators radiate power equally in all directions. All man made antennae introduce some gain over an isotropic radiator which is expressed in dBi (dB isotropic). It is also possible to see the unit “dBd” which uses a base of a theoretical half-wave dipole antenna, which has 2.15dB of gain over our theoretical isotropic radiator, this is more common in ham radio. In the end the two are based on theoretical antennae and we can easily convert from dBd to dBi then by simply adding 2.15 which is why you probably will not see it used much, there is just no need.

Gain and Loss:

As soon as a signal starts to transmit, its power will be changed. The two types of change are either positive or negative, an increase or decrease in power as it were. Gain may be either passive or active. We will discuss differences between these two as well as the sources of loss, or the attenuation, of a signal including how to calculate a very important source of loss.

The main source of gain that every system will include is the antenna. As we previously discussed, an antenna offers gain over a theoretical isotropic radiator, which is represented in dBi. This type of gain is known as passive gain. The gain comes from the element itself and is not injected into the line, it is “free” gain. There are many different types of antennae which offer a wide range of gain in various scopes which we will get into in the next section. The use of antennae is covered in FCC title 47 chapter 15 parts 203 and 204.

That leaves the other type of gain known as active gain. Active gain comes from injecting gain straight into the signal at some point typically with something called an amplifier. These devices are connected in series with the circuitry and boost the power of the signal. Most offer a dial which allows you to specify just how much gain you need, 3dB, 5dB etc. The use of amplifiers is highly regulated by the FCC and information on their use can be found in title 47 chapter 15 part 204.

Now we know how to add gain to our signal, but what if we want to introduce loss? You may be asking yourself: Why would anyone want to intentionally create loss in their signal? Well, as we touched upon briefly, the FCC limits how much power we can transmit. In order to add loss we need to get something called an attenuator. These almost always are small little devices which you plug in right before the antenna and they typically also have a little dial on them for how much loss you want to introduce.

Loss is not always purposely introduced, and in fact most often is not. Everything that does not introduce gain introduces loss. The cable connected to the antenna may introduce 3dB of loss for example. The biggest source of loss though is the air. This type of loss is known as “Free Space Path Loss” or simply “Path Loss” which is calculated thusly: PL = 32.45 + 20*log(F) + 20*log(D) where F is the frequency in Mhz (remember 802.11 frequencies are expressed in Ghz, not Mhz and to convert accordingly) and D is the distance in km. As you can see, even short distances can introduce significant loss. It stands that for every 6dB increase in EIRP you double your range, the reverse also holds true such that supposing at 100m out your loss is reported as 80dB, then and at 200m it would be 86dB (approximately).

When we talk about a system we are talking about the entire system, but when we discuss the Intentional Radiator (IR) we are talking about everything in the system except the antenna. In order to calculate the power of the IR you need to account for any gain or loss introduced anywhere before the antenna. This often includes the cabling, connectors and any amplifiers/attenuators. Once you have got that figured out you need to then take the passive gain the antenna will give you into account, once you have the final number you have calculated the Equivalent Isotropically Radiated Power (EIRP). There are a lot of laws surrounding EIRP, the power of the IR, the use of antennae and the like which we will cover later.

Antennae:

There an many different types of antennae available for use in wireless transmissions. These can be grouped into 3 main categories: omnidirectional, semi-directional and highly directional. Each of these antennae offer specific functions making one suitable in certain situations over another. We will endeavor to discover what defines each section as well as their particular uses.

Before we start talking about actual antennae however, we should spend a little time talking about the different properties of antennae. The most obvious we already covered which is gain. Antennae also have something called polarization, Half Power Beamwidths (HPBs), and two different types of coverage charts plotted on polar coordinates.

The first component we want to cover is polarization. When an antenna emits an electromagnetic field the field is actually the result of the interactions between the electric and magnetic fields. The electric (E) field runs parallel to the antenna and the magnetic (H) field runs perpendicular. When we say an antenna is vertically polarized that means the E field is perpendicular to the ground. This idea of polarization helps explain something that confounds many laptop users. A mobile user may be within sight of their AP yet experience less than wonderful reception but turning the laptop on its side may result in significant improvement. The problem is that the typical PCMCIA/ExpressCard card or USB adapter has a horizontally polarized antenna while a typical AP has vertically polarized antennae (and we will find out why they do in a moment).

The second property of an antenna is defined by its HPB which are often just called beamwidths and are prefixed with the orientation. This quickly leads one to assume there are at least 2 different HPBs. An antenna has both a Horizontal (Half Power) Beamwidth and a Vertical (Half Power) Beamwidth. Even though the Half Power part is commonly dropped I use it here because a) it is technically correct and b) it helps illustrated how they are determined.

To determine the horizontal HPB, hold some signal receiver directly in line with the antenna at the source of greatest power (dead on). Now movie your instrument to the to the left keeping it on a level plane until you register a 3dB (half) reduction of power and mark that spot. Repeat to the right. The angle created by the three points (with the AP acting as the source) is the horizontal HPB. To calculate the vertical HPB do the same thing except move up and down instead.

Lastly we have the charts. The two types of charts are the elevation chart and the azimuth chart. The elevation chart is the coverage pattern of the antenna if you held it to the side of the antenna and the azimuth chart would be if you were looking straight down on the antenna from a helicopter. The charts are created in special RF shielded rooms and using ideal power, which is to say they’re really just an approximation of what you’ll see in the real world. They are usually depicted by finding the point of highest output and setting that at the 0 degree mark on E-Plane charts and 90 degree mark for H-Plane and label that furthest ring out “0″. Then each concentric circle within denotes some relative attenuation in dB from that maximum output. I need to stress that relative aspect. There is no sense of depth to these charts, they are only based on radii. So if 40m out you’re experiencing 50dB of attenuation from Path Lose and then you were to swing 20 degrees to the right (bird’s eye view) looking at the E-Plane chart we see there’s an additional 10db of attenuation. Likewise to read the H-plane chart at 0 degrees (directly above) there would be 40db additional attenuation on top of the calculated PL figure. Usually if your antenna ships with one at all it will be of the E-Plane. Some antennae may also include the H-Plane or solely the H-Plane. If the latter is the case you can simply adjust it by 90 degrees to get a pretty decent approximation of the E-Plane.

Now, onto the antennae! First on the menu is the ever popular omnidirectional dipole antenna seen on just about every consumer grade access point. The main feature of an omnidirectional antenna is a basically even coverage area, hence its popularity. The omnidirectional antenna is as close as you can get to an isotropic radiator in the real world. Instead of having a spherical coverage area it more closely resembles a torus (donut) with the antenna sticking through the hole. If you add gain to an omnidirectional antenna you squish the torus. This can get you better reception in that room down the hall, but will also probably cut access from the upstairs so be careful about adding a higher gain antenna to your AP, you may just create a new problem. Omnidirectional antennae are define by their 360 degree horizontal beamwidth which makes it so popular in Small Office Home Office (SOHO) class products. You can place it just about anywhere and get access just about anywhere. The just about will get you every time though. Like I previously mentioned the coverage pattern is more torus shaped than spherical and as such they typically have vertical beamwidths between 30 and 180 degrees which may pose a problem if you are attempting to add coverage to multiple stories. These antennae rarely ship with charts, but if they do it would probably be the H-Plane chart so you can get a sense of coverage for multi-story setups.

Coverage Area of Omnidirectional Antenna:

Secondly, we have the semi-directional antenna. These are the patch/panel and yagi (yah-gee) style antennae. They find use in delivering coverage to a single room or shooting a signal down a hallway. They are defined by a focused beam resulting in horizontal beamwidths of anywhere between 80 and 180 degrees with an even tighter vertical beamwidth typically between 10 and 90 degrees. Additionally they have what is known as a “back lobe” the signal typically shoots out a couple feet from the back in the opposite direction that the antenna is intending coverage for. They may also have 2 or more “side lobes” which kinda come out of the side of the main coverage area at the base of the antenna. For these antennae those E-Plane charts will help you determine where to point them for maximum coverage.

Coverage Area of Semi-directional Antenna:

Lastly, there are the highly directional antennae. These employ parabolic/grid dishes and are used in long distance PtP connections for wireless bridges and the like. They sport a tightly focused beam where both horizontal and vertical are somewhere in the area of 5-25 degrees. Due to the very small beamwidths of these antenna setting up the links are very sensitive. A change of a single degree in inclination of one antenna may result in a total loss of connectivity. These antennae generally have no rear lobes and side lobes that tend to shoot out a little further than on the semi-directional antennae. Unless you work for some company which specializes in setting up long distance links you will probably never use these antennae. If you’re lucky you’ll have both E and H plane charts to really help you drill down and get the best signal strength.

Coverage Area of Highly Directional Antenna:

Laws:

The laws describing the manner in which unlicensed frequencies may be used is very well documented and severely enforced. There are different rules for different bands, and different rules depending on the use of the system. In order for you to operating legally, you must be running a licensed system. A system takes everything into account from your circuitry, the cables you use, any amp you may use, antennae, etc. Due to this restriction you must be very careful about adding products to your system. A 3rd party antenna may screw right on to your AP and work marvelously, but if that specific combination has not be licensed by the FCC you are breaking the law, a law which carries a fine as high as $1.5M USD per offense.

Not many people I know (ok nobody I know) has an extra couple million dollars lying around so you want to be very careful about how you operate your 802.11 wireless LANs. The process of testing every possible combination of products a manufacture may offer though could take an insanely long time to certify. It is common practice to certify a system running “at the max” and then everything operating below that threshold would thusly be within FCC regulations. That does *not* mean, however, that because the AP you purchased is rated with up to a 6dBi antenna you can pick up any 6dBi antenna. It must specifically be listed in the product literature.
The FCC places limitations on both the IR power and the EIRP of a system which is dependent upon the type of link being established. The two types of links possible are Point-to-MultiPoint (PtMP) or Point-to-Point (PtP). The titles are self explanatory but one thing you need to realize is that the simple act of using an omnidirectional antenna qualifies it as PtMP, even if it is used in a PtP link such as between two bridges.

In the 2.4Ghz ISM (Industry Scientific Medical) band the FCC stipulates that the creation of PtMP links be subject to the following restrictions:

• EIRP must not exceed 4W (36dBm)
• IR must not exceed 1W (30dBm)
• For every 3dBi of antenna gain after the first 6 “free” dBi the IR must be decreased by 3dBi (the 1:1 rule)

For PtP links that rule is thusly augmented:

• IR is limited to 1W (30dBm)
• For every 3dBi after the first 6 of antenna gain the IR must be decreased by 1dBi (the 3:1 rule)

One thing to notice about the rules for the PtP link is that it does not stipulate a maximum EIRP and significantly reduces the penalty for adding antenna gain. In this situation it would be acceptable to have an IR of 25dBm and with a directional antenna adding 21dBm of gain giving us an EIRP of 46dBm or 40W. This is why it is very important to stay away from the front of highly directional antennae. If you have ever wondered what it would be like to squeeze yourself into a microwave and have it turned on…

The other band we need to take into consideration when dealing with 802.11 links is the 5Ghz UNII (Unlicensed National Information Infrastructure) bands of which there are three, each one of which imposes different regulations. First let us look at the PtMP links:

• UNII-1: Maximum IR power may not exceed 40mW (16dBm)
• UNII-1: EIRP may not exceed 160mW (22dBm)
• UNII-2: Maximum IR power may not exceed 200mW (23dBm)
• UNII-2: EIRP may not exceed 800mW (29dBm)
• UNII-3: Maximum IR power may not exceed 800mW (29dBm)
• UNII-3: EIRP may not exceed 3.2W (35dBm)
• All three bands utilize the 1:1 rule

And then for PtP links:

• UNII-1 Follows the same rules as the PtMP links
• UNII-2 Follows the same rules as the PtMP links
• UNII-3 May use an antenna with up to 23dBi of gain before the 1:1 rule becomes effective. (Giving a maximum EIRP of 200W!!)

In addition to the FCC, the IEEE felt it was necessary to add a requirement for 802.11 compliant IRs that they must emit at least 1mW of power. Why they thought this was necessary is beyond my current ability to comprehend, however.

Closing:

At this point you should be able to calculate the EIRP and the power of the IR in any system. You will be able to convert from mW to dBm and vice-versa. You should have a firm understanding of the various types of antennae available and the laws surrounding their use. Power is the most important aspect of any 802.11 link: without it there is no signal and no data can be transmitted, none of those fun things like diffraction can occur, and you can not chat on IRC from your hammock.

Works Referenced:

• CWNA Certified Wireless Network Administrator Official Study Guide 3rd Edition by Joshua Bardwell et al
• IEEE’s 802.11 standards
• FCC title 47 chapter 15
• Ohm’s Law

How Do I make a database/table? This actually tends to vary with each database you choose to go with, there are some commonalities – however we won’t be talking about them. This text is geared towards people who already have a database to work with. If you don’t you should probably start somewhere else. If you really want to know how to create a database I suggest you take a look at the documentation that surely came with your software. MySQL has an extensive collection of documentation on their website.

You now have a database and are ready to do… something with it. First off let’s define something. A database is a collection of tables, all the information is stored in tables and that’s what you’ll be preforming most of your operations on. Most everything you’re going to do with your tables boils down to a few commands, which invariably take an extraordinary number of permutations. These are “SELECT”, “INSERT”, “UPDATE” and “DELETE”. Now, I use the word “commands” here loosely. Before I start getting ahead of myself let’s lay out probably the most basic “statement” (that’s the industry term for your query) and dissect it:

SELECT

SELECT * FROM table;

Things to keep in mind while looking at this particular example include capitalization and the semi-colon. You will no doubt notice the keywords of the query are all capitalized, this is by convention and not required though you’ll almost never see a database designer/engineer not capitalize. As I mentioned the other thing you probably noticed is that the statement ends with a semi-colon, this is actually database specific but it’s so common that pretty much everyone accepts it as the end of a statement and is usually required.

I bet you want to know just what that statement will do though, don’t you? This statement will return every column for every row in the table. It’s how you, in SQL, say “show me everything”. SELECT is how you retrieve data from the table. While that’s nice to know it doesn’t seem very practical. How often do you really need *all* the data in your table dumped? Most often you only want some parts of the data. How you do that is by introducing conditional clauses. Here’s another SELECT statement:

SELECT `title`,`price` FROM `Books` WHERE `author`='John Doe';

Now we have really really drilled down the information we want retrieved. In this example we want the title and price columns from the table “Books” (note: table names *are* case sensitive) where the author is John Doe. Another change you’ll notice is that column and database names are surrounded by backticks (`). This is so that the interpreter doesn’t confuse them for SQL reserved words. If you were to have a column named “select,” for example, and you didn’t escape it with backticks you’d quickly run into a parsing error. Let’s say that our return, while more refined, still returns multiple rows. Let’s look at a couple ways we can sort that information.

SELECT `title`,`price` FROM `Books` ORDER BY `title` DESC;
SELECT `title`,`price` FROM `Books` LIMIT 0,5;

The first of these examples shows us how to sort the data that is returned to us in descending (DESC) alphabetical order according to the book’s title. The ORDER BY clause, by the way, can take a number of arguments to settle ties. For example “ORDER BY `author`,`title`” would first sort by the author’s name then by the title of their books. Note: You don’t have to have ORDER BY in order to use DESC, (or the opposite: ASC – which is implied by default) it can be tacked on to the end of any statement to sort your data for you, very handy.

The next example does something a little different. Instead of sorting the information we get back it’s, instead, limiting how much we get back. Specifically it’s saying give me the first 5 results starting with the 0th (aka: first). You’ll notice I didn’t use an ORDER BY or ASC/DEC modifier. THIS IS A BAD IDEA! NEVER DO THAT! A database doesn’t store your information in any specific way. One day running that command may return one set of information and the next a completely different set. You must always include some sort of soring if you’re going to use LIMIT.

So far you’ve only seen WHERE used with a conditional equals. That is, when something is exactly something. Of course that’s not the only way you can use WHERE. Let’s look at the main five:

SELECT `title`,`price` FROM `Books` WHERE `isbn`='0672327651';
SELECT `title`,`price` FROM `Books` WHERE `isbn`!='0672327651';
SELECT `title`,`price` FROM `Books` WHERE `isbn`<0672327651';
SELECT `title`,`price` FROM `Books` WHERE `isbn`>'0672327651';
SELECT `title`,`price` FROM `Books` WHERE `title` LIKE 'MySQL%';

The first of these we already went over and doesn’t need any further explanation. The second will look very familiar to any programmers in the audience. The != is very common and means “not equal” in this case it’s like saying “Give me the titles and prices of every book that doesn’t have the isbn 0672327651. Then you have the less than/greater than ones (yes < = and >= are valid). The last one is a little special. LIKE is used to find stuff that is kinda like what you have. In this case we have the string ‘MySQL%’ which will return all the books that have a title that starts with “MySQL”. The percent sign % is what’s known as a “wild card” in this case for matching anything and everything (even nothing), in “standard” regex it’s the equivalent of the asterisk.

The other wildcards include the underscore (_) which matches anything once, brackets ([]) which specifies a set of characters it can match and can be negated w/ a prefixed ^. For example:

SELECT * FROM `table` WHERE `column` LIKE '[^AB]%';

That would match any entry in “table” where “column” does not start with either A or B. You should know MSSQL likes to be different and uses a * instead of a % and a ? instead of a _.

We can still modify our WHERE clauses a little more though. We can use “OR”, “AND” or “NOT” to further refine out queries. For example:

SELECT * FROM `table` WHERE `column` != 'Goat' AND `column2` != 666;

This should be pretty self explanatory, but just in case, really brief: It will return every row where column does not equal goat and where column2 does not equal 666.

In a nutshell, that should be enough to do 95% of your data retrieval. The next big one we’re going to look at is the INSERT statement. This will take almost no time, then we’ll move right onto UPDATE.

INSERT

INSERT lets you add data to your tables, very useful. It’s also very simple. The basic syntax is:

INSERT INTO `table` VALUES(`all`,`your`,`values`,`in`,`order`);

Now, most texts will tell you not to do this, as you have to keep everything in order and it’s really easy to screw stuff up. If you were to forget a column, even one that’s NULL, you’ll end up with errors. Then if you end up changing your database scheme down the line you’d have to rewrite all your code to reflect the changes in column names/numbers. The “correct” way goes like this:

INSERT INTO table (`column1`,`column2`) VALUES (`something`,`somethingelse`);

This has the main advantage of specifically correlating columns to data. Many times you’ll also have columns that have default values assigned. So you can save yourself some typing by only mentioning the values that need to be specified and letting the database fill in the rest.

UPDATE

Ok, told you it would be fast. As I promised we’re now going to talk about UPDATE. Also very useful, it allows you to modify existing data. Say you accidentally made a typeo when you INSERTed something. Or your database contains dynamic data like age,address,etc. Here’s how we go about doing that:

UPDATE `table` SET `column1`='something new', `column2`=3 WHERE `column3`="bob";

Straightforward. To give a column a new value you need to use UPDATE in conjunction with SET which tells you just what you want to change. It’s very important to remember your WHERE clauses here. Generally speaking if you’re updating you want to update just one record in the table. So make sure you have a tight WHERE clause. You might want to try it as a SELECT first until you get the hang of things to make sure you’ve got the specific record you want. If you were to have forgotten the WHERE on the previous statement it would have updated every row in the table. Bad UPDATE statements are a good way to totally screw up a table.

DELETE

The last big thing we’re going to talk about today is the DELETE statement. This statement looks a lot like the SELECT, just with the added peril of UPDATE. To delete a record from your table just use a statement like this one:

DELETE FROM `table` WHERE `column`="evil monkey";

You tell the database which table you’re deleting a record from, and then use a WHERE clause to specify where. Obviously screwing up the WHERE can have hazardous consequences, even worse than screwing up an UPDATE which might only screw up a couple columns.

Functions

Finally I want to talk about functions. Each database out there has a number of these, a lot are database specific, but there’s also a number of universals out there. COUNT() is a good example, or SUM(). If you want to know how many records your table has you can use the popular:

SELECT COUNT(*) FROM `table`;

Let’s say instead you want to find out how much you owe on all your bills:

SELECT SUM(`owe`) FROM `bills`;

You get the idea, there’s many different functions for just about anything you can come up with and you should check your documentation to find out what they support. You can also create your own functions, or what are known as “Stored Procedures”. The way you go about creating the, however, varies wildly by database and even table type within the database so check your documentation for further information. There’s even a whole book dedicated to stored procedures in MySQL.

What can I do w/ SQL?

SQL is very important in any modern website. If you’re going to do… any webdev short of little geocities (RIP) sites you’ll probably want to be using some kind of database. Every e-commerce site without exception uses some database. In fact, this little SQL intro was targeted at people working on webdev who probably already have a database and want to learn how to manipulate it for their site. You don’t have to be in to webdev to find a use for databases though. I personally keep databases for all my DVDs, Comics, Music and Books. I also keep one for a wishlist of books. Granted I have made a web front end for all of these, but there’s nothing that says you have to do that. If you start getting adventurous you can do lots of interesting things w/ SQL, even Solve Sudoku. I’m sure you’ll find some way you can put it to use. Thank you for your time.

I. Operators

# will comment any thing *after* the pound sign.

die “now\n”; # this line kills the program with the message “now”.

#$x = 2; this is not evaluated.

Operators have the *same* precedence as in C. as follows:

    left	terms and list operators (leftward)
    left	->
    nonassoc	++ --
    right	**
    right	! ~ \ and unary + and -
    left	=~ !~
    left	* / % x
    left	+ - .
    left	< < >>
    nonassoc	named unary operators
    nonassoc	<> < = >= lt gt le ge
    nonassoc	== != < => eq ne cmp
    left	&
    left	| ^
    left	&&
    left	||
    nonassoc	..  ...
    right	?:
    right	= += -= *= etc.
    left	, =>
    nonassoc	list operators (rightward)
    right	not
    left	and
    left	or xor

All should be self-explanatory. (more info)

II. Variables

Perl is not like many other languages when it comes to variables. Where must require you to declare a variable, along with a type, perl does not. The 3 types of variables are as follows:

Scalar: This includes all the single variables one might encounter. This variable is denoted by the cash symbol such as: $myVar Scalar variables hold? all your information such as a string, (single or double quoted) chars, integers, floating point numbers, etc, everything.

Array: These variables are just what you would expect to find in any other language. With one difference, perl does not natively support multidimensional arrays. (Where one element of the array is another array, in this case the array becomes part of the list.) Arrays are denoted by the “and” symbol such as: @myArray An element of an array is called in this fashion: $myArray[0]; Note the use of $ not @ elements start at zero and may be referenced by another variable as seen here: $myArray[$x]

Associative Array: Also known as a “hash” this is an extremely useful data type. These are denoted by the percent sign such as: %myHash. The most common hash you will encounter is %ENV. An associative array is unique. This opens a wonderful world for perl programmers. Each “element” in hash is actually a key and each key has a value. When one wants to call the value of a key they do so in the following manner: $myHash{$myKey} notice the use of $ again not % and the use of so called “curly brackets”. This facilitates the ease of reading and programming. Suppose you want to create add a new user to a database. Instead of creating an array with each element part of their information and trying to remember which element stores which information you can creat a hash like thus: my %newUser then simply add key/value pairs like this:
$newUser{‘user_id’} = ’100001′;
$newUser{‘user_rank’} = ‘lamer’;
Now instead of having to remember which element of an array is the user_id we simply call $newUser{‘user_id’} and we have it.

Example:

	if ((!$ENV{'HTTP_REFERER'}) || (!$ENV{'CONTENT_LENGTH'}) ||	(!$ENV{'HTTP_ACCEPT'}) || (!$ENV{'HTTP_USER_AGENT'})) {
		if ($log_warnings == 1) {
			&log_msg("WARNING : Missing HTTP header(s) from $ENV{'REMOTE_ADDR'} = $form{'name'} ($form{'magic'})\n");
		}
		&error('bad_headers');
	}

Here we see the common $ENV for CGI programming. It’s easy now to read $ENV{‘HTTP_REFERER’} we know right away what we’re looking for here.

III. Special Variables

As with most languages perl supports system variables, already programmed into the interpreter. There are many but the most common you’ll encounter will probably be:

@_ this is a list created in a sub which contains all the arguments passed
$_ similar to @_ The default input, output, and pattern-searching space.
$| if set to non zero (usually 1 or 666 [don't ask]) forces a flush after every write or print.
$$ Alternatives: $PROCESS_ID, $PID yup you guessed it, returns the pid. Can be altered w/ fork cmd.
$1 .. $n the pattern matched by the nth parenthetical closure in a regex. Ie: m/(b{2})(goat)/; $1 being the first parenthetical closure would equal ‘bb’ and $2 being the second would equal ‘goat’.

IV. A Crash Course in Regex (Regular Expressions)

Operators:
=~ Match
!~ Does not match

Since expressions for regex are treated as double quoted strings here’s the escape chars and what they do:

    \t		tab                   (HT, TAB)
    \n		newline               (LF, NL)
    \r		return                (CR)
    \f		form feed             (FF)
    \a		alarm (bell)          (BEL)
    \e		escape (think troff)  (ESC)
    \033	octal char (think of a PDP-11)
    \x1B	hex char
    \x{263a}	wide hex char         (Unicode SMILEY)
    \c[		control char
    \N{name}	named char
    \l		lowercase next char (think vi)
    \u		uppercase next char (think vi)
    \L		lowercase till \E (think vi)
    \U		uppercase till \E (think vi)
    \E		end case modification (think vi)
    \Q		quote (disable) pattern metacharacters till \E

And now the special chars of regex:

    \	   Quote the next metacharacter
    ^	   Match the beginning of the line
    .	   Match any character (except newline)
    $	   Match the end of the line (or before newline at the end)
    |	   Alternation
    ()	   Grouping
    []	   Character class
    *	   Match 0 or more times
    +	   Match 1 or more times
    ?	   Match 1 or 0 times
    {n}    Match exactly n times
    {n,}   Match at least n times
    {n,m}  Match at least n but not more than m times

Three pattern matching expressions:

Match: m/regex/; the m is optional if using // however is required if you want to use a dif char such as m!regex!
Substitute: s/find/replace/; again you can change delineators s!find!replace!
Translation: tr/abc/ABC/; simple rot-13 in perl: $line =~ tr/a-zA-Z/n-za-mN-ZA-M/;

V. File I/O

Open this is probably the most common way to open a file in perl

open FILEID, "path/to/file/" || die "Could not open file - $!\n";

The FILEID is what you will use to address the file from here on out. The part in quote is the file to open. you can open for write with “>path/tofile”, append with “>>path/to/file” and read with “path/to/file” (also “< is *not* needed)

|| tells the program to die if the open fails (|| = logical or) the variable $! Is the last error returned by a function.

Now we have the file open what can we do? Well we could through it into a loop reading data, from it or whatever, I like to dump it into an array like this:

@myData = ;

Now @myData contains all the data from the file, each element is a line (beaks at \n)

A while loop that does the same thing:

while ($line = chop(<FILEID>)) {
	do something;
}

More info: http://classdelivery.cauniversity.org/class_logs/perl105.txt

VI. Subroutines

The format for a sub as they are commonly referred to as is:

sub my_sub {
	my ($var1, $var2) = @_;
	do something
}

This is how you create a function within perl. Since perl 5.0 can call them just like any function my_sub($goat, $cheese); older version of perl require you do use the ampersand like this: &my_sub($goat, $cheese) or in the case of no arguments you can just &my_sub, my_sub()

If you want to include functions from another file you have two choices. First if it is a modular file you need to use “use” like this:

use CGI;

if it’s simply another perl file you have then you use “require” like this:

require ‘/path/to/perl/file.pl’;

I hope this helps you understand perl, I’m sure you’ll grow to love it.

Diffraction:

When an RF wave propagates through space it is prone to a number of disturbances. I am not just talking about various obstacles in the path of the wave. Specifically I am referring to the effect the different types of obstacles have on the wave. If the wave is absorbed by the medium that is called (get this) absorption. The other possibilities include reflection (bouncing off), refraction (kind of a combination between the two, some bounces off and some bends as it moves through a medium of a different density), scattering (bouncing off a bunch of sharp jagged points), and diffraction. This is the one that is the most important to this article so we will spend a bit more time discussing what exactly diffraction is.

So, what exactly is diffraction? Diffraction describes how a wave will bend around an obstacle. To continue in the tradition of over using a metaphor, imagine a pond. Now in this pond suppose you have a stick sticking up through the water. The last part of the metaphor involves you dropping a rock into the pond. You can think of the ripples from the rock as the RF wave, now when the waves reach the stick they will bend around it.

This is important. Why? The effect of diffraction is multidimensional, first it causes a change in direction of the wave, second it distorts the wavefront and third it slows the wave at the cause of impedance. Think about it, the wave can not possibly pick up more speed… it is traveling at the speed of light (ok… not technically… just bear with me here) but now it has to move around the object. This can result in a whole slew of problems.

Huygens-Fresnel Principle:

Ok, so we know what diffraction is, now we need to tackle the why of it. What about a wave makes it bend around an obstacle like that? Logic would have us believe the wave would bounce off, refract, be absorbed, etc. Why does it bend? Sure, we call it a wave, but it is not fluid, you can not just bend a beam of light around a corner can you? I am not talking about universally here where you have got an object with massive gravity which can bend light… think flashlight.

Before we go any further I am going to be up front with you. What I am about to describe is not technically correct. It does describe the correct outcome but… the reasoning behind is not so much a reality. The reality has to do with Quantum Electrodynamics (QED). The problem is that getting into a full on discussion of QED is a bit beyond the scope of this paper and the model I am about to describe does a pretty good job of getting the point across.

If you know anything about quantum mechanics one of the first realities you must grapple with is the duality of light. For the uninitiated this is a simple concept to understand, but terribly difficult to grasp. If that does not make sense, good. The duality of light simply states that light is both a particle and a wave. Right now one of two reactions have occurred. One: The reader has said “Yes, that is great… so what?” or Two: “What the…?” The first can be attributed to either individuals whom have previously encountered this, or people who do not really grasp the significance of this. The latter are usually the people who take the time to try and understand things.

To be perfectly honest the significance of this aspect of light is again beyond the scope of this paper. However one needs to realize that this duality is not limited just to light. A photon for instance is not just the massless boson of light, but that of any electromagnetic wave. Like.. RF waves for example.

A long time ago (1678) there was this smart guy by the name of Christian Huygens. He was exceptionally smart as it turns out, way ahead of his time. He wrote a paper on the wave theory of light. This paper was very technical and requires a knowledge of advanced calculus to really get anything from it. I stipulated at the beginning of this paper however, that I would not require such a breadth of mathematical knowledge. Therefore I am going to lay out the “brass tacks” of the paper.

In a nutshell the paper basically says consider a source of RF wave propagation. To make things easier let us consider an isotropic radiator. The expanding wavefront can be consider as an infinite number of source points each emanating their own spherical wavefront and it is really the interactions of these so dubbed “wavelets” that produce the over all wavefront. How does one calculate an infinite number of points? Well, that is where the calculus comes into play, just know it is possible and not something crazy I made up.

The problem with Huygens’s equations is that they only account for some of those problems waves face like reflection and refraction but not diffraction. Enter Augustine Fresnel, another terribly intelligent individual. He went over Huygens’s work and kinda polished it up to account for the all important diffraction. Finally Gustav Kirchoff took this information and applied it to James Maxwell’s equations.

You see, what happens is that the wave technically does get blocked by the obstacle in the path of the wave. What happens then is that these little wavelets expand the wave back out making it look like it is bending around. They realign the wavefront making it seem like the obstruction is the source and not the actual IR.

When diffraction occurs it creates a number of “areas”. At the back of the obstruction you have the “umbra region” which is sometimes called the “diffraction zone”. This is the area where the coverage has “bent” around the object. If you picture a cube, you can think of connecting the four points on the far side of the cube into a pyramid. The area of the pyramid is called the “cone of silence” (Looks like those guys on Get Smart were not just making that term up…) which is technically a misnomer since in most situations multi-path will result in there being some coverage there, it will just tend to be noticeably less. Now if you were to think of the cube expanding backwards to cover the pyramid the are between the pyramid and the side of this extended cube (well now it is a three dimensional rectangle…) that would be the umbra region. Again, remember these concepts are generalizations and are meant to serve as a mental aid. There is not really this “cone” coming out of the back of the obstacle.

Another thing to take into account with diffraction is that it is most noticeable with objects around the size of the wavelength (approx. 12.5cm for 2.4Ghz) and once it gets to around 60 wavelengths (or approx. 7.5m) you really can not notice the effect. Think about it, the very definition of diffraction is the bending of the wave around the obstacle. If the obstacle gets to big it will just block the wavefront entirely.

The Fresnel Zone:

If you ask wireless admins what the Fresnel Zone is they will probably tell you it is this thing you can not block. Several of them do not know much more than that. They might even be able to tell you how to calculate this zone (which may be wrong, watch out!) and some might be able to tell you it has something to do with phases. All of this information is (hopefully) correct, but very vague.

To explain what the Fresnel Zone is, first we are going to describe why the Fresnel Zone is. Here is the deal. You have an isotropic radiator, and it is producing this spherical wavefront expanding outward. Every point on this wavefront is in phase from the view point of the transmitter, this is not so much the case with the receiver though. Now generally speaking in the far field this is negated. What happens is that the sphere gets so big, that compared to the tiny little antenna it looks like a plane. Specifically it has to do with the phase being less than the Rayleigh phase angle of 22.5 degrees but that is not pertinent to this discussion.

What if you put something in the way of that wavefront? Problem. Now the wavefront is disrupted and can not form that plane. Let us think about the expanding wave front and at some random point we will pick out three points on the wavefront and label them p1, p2, and p3 such that p1 will be considered the 0 point, p2 has “fallen behind” by one wavelength/2 and p3 is one full wavelength out of phase. As you can see that would put p2 180 degrees out of phase with p1 which would cause them to cancel out. Therefore, from p1 to p2 the signal is within 1/2 a wavelength and additive. This constitutes one zone. You can keep going from there creating p4 and so on, each section being one zone where the wave is in phase with itself and out of phase with either zone which encloses it.

These zones are called Fresnel Zones. Each zone is indicated by the 180 degrees of phase separation. The first Fresnel Zone in my lovely picture would be the reddish area, and the blueish would be the second Fresnel Zone. As it happens the first Fresnel Zone is the most crucial to the viability of a link. It should also be pointed out that the Fresnel Zones are entirely dependent upon the line of sight between the receiver and transmitter. Generally speaking your transmitter will be stationary, but often times the receiver will be moving around. Every time the receiver moves the position of the Fresnel Zones move with it. You can think of the Fresnel Zones by picturing a target, the center of the bullseye would like if you had a string connecting the transmitter to the receiver, each alternating ring of the target would be a zone and it would look like two big cones sticking out of each side of the target connected to the two points of the link such that it looks something like this. Just… imagine someone who could draw doing it though. The “red zones” are all in phase while the “blue zones” would be out of phase.

The first Fresnel Zone is so important in fact, that if too much of it is blocked you will have poor reception at best. Some numbers were crunched and it turns out you need at least 60% of the first Fresnel Zone free of obstruction or your connection will be about as reliable as a wet paper bag. Now, in an indoor environment that is not entirely true. With all the scattering, reflection, etc creating multi-path you can pretty much discount the effects of the Fresnel Zone. I say pretty much because hey, it is not exactly disappearing, just that with all the objects around you tend to get decent coverage.

Now, in order to calculate the area of the first Fresnel Zone you need simply plug in a couple numbers to this equation…

So what we have here then is:

• R_n is the Radius of the nth Fresnel Zone
• M is a constant (17.3 for metric [radius in m, distance in Km] and 71.3 for US[radius in feet, distance in miles])
• F_Ghz is the frequency of the signal in gigahertz
• N is the Fresnel Zone number
• D₁ is the distance from the source to the obstacle
• D₂ is the distance from the destination to the obstacle.

A lot of times what you will encounter is a simplified version of this equation. What this form of the equation does is determine the maximum radius. That is, the radius of the first Fresnel Zone at the very center of the link. This equation often looks like this:

Much simpler, you have your constant, the distance of the link, and 4 times the frequency in Ghz (approx. 9.6 for 2.4Ghz). Now remember we need to keep 60% of this clear so it is probably more common to see that equation with the value of 43.3 instead of 72.1 to compensate. Somewhere along the line though someone got the idea that 43.3 was the value for the radius of the full first Fresnel Zone. Do not ask me how, I have no clue. Probably someone copied it down half asleep and told someone and from there it spread. Please note that if you are using the 43.3 value and then taking 60% of that you are calculating a much smaller value so you might think you have a clear zone when you really do not. This can be very frustrating so it is extremely important to get this right.

When I first set out to write this paper I had high hopes of doing something that, while not original, I thought would be beneficial. However, given my lack of skills with creating equations (It does require around 25 steps… 30 if you count creating the constant) and the fact that it has indeed been done, I have decided against it. What I wanted to do was do what Fresnel himself did which would be to derive the equation used to calculate the first Fresnel Zone. It is really not difficult at all, applying basic algebraic principles to knowledge of triangles. If you want to see how to do it (and I hope you do!) I suggest you pick up a copy of the paper by Joseph Bardwell, a link to which is provided at the end of this article. This is a very well written paper and if you find this stuff interesting I highly recommend picking it up.

Earth Bulge:

We know all about the Fresnel Zone now, we know what it is, and why it is important. We also realize it is dependent only upon the distance between the two ends of the link. That is to say you can not simply bypass the effects of the Fresnel Zone by using a highly directional antenna with high gain. Which can be hard to get used to at first, but we know the physics behind it, and we saw how only distance was involved. There was never any mention of the gain of the antenna so… not like it is rocket science (perhaps a future article?).

We also realize that this is particularly relevant in long distance communication. We are talking about distances of miles and a radius measured in feet after all. One thing that we have to remember regarding these long distance links is that eventually the Earth itself will encroach upon the Fresnel Zone. The Earth is spherical and at some point it will bend. It is that whole illusion of a planar surface because of how small we are compared to the size of the Earth.

The magic number is 7, after 7 miles you need to take what is know as “earth bulge” into account. In order to keep your antenna up high enough to make sure the Earth clears the Fresnel Zone you will want to know how much higher to place said antenna which is a simple equation:

H is height in feet and D is distance in miles, simple as that. If we combine the two equations we can find out the minimum height of an antenna in a long distance link (greater than 7 miles):

Closing:

We have made it, the end is here. Hopefully now you can fully appreciate just what the Fresnel Zone is, why it is important, and how to work with it when building long distance 802.11 links. We have covered every aspect of the Fresnel Zone starting way back with diffraction to taking the very Earth into account when creating our links. As any 802.11 admin will tell you, RF waves are often unpredictable and a pain to work with… but… um… I forgot where I was going with this…

Works Referenced:

• CWNA Certified Wireless Network Administrator Official Study Guide 3rd Edition by Joshua Bardwell et al
• “I’m Going To Let My Chauffeur Answer That…” Math and Physics for the 802.11 wireless LAN engineer by Joseph Bardwell
  
  Pick it up for free at:
  • http://www.connect802.com/white_papers.htm
  • http://www.wildpackets.com/elements/whitepapers/math_physics_jbardwell.pdf
• Also Thanks to MathBin for the LaTeX images.

What is Cryptography?

Well here it is, the most important part of cryptography, defining it! So… what is cryptography? let’s see what the dictionary has to say:

1.the science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like.Compare cryptanalysis (def. 2).
2.the procedures, processes, methods, etc., of making and using secret writing, as codes or ciphers.
3.anything written in a secret code, cipher, or the like.

Cryptography is the product of two Greek words “kryptos” meaning hidden and “graphein” meaning to write. Why Greek? Well a Greek, Herodotus, was the first person to really mention cryptography and sited it as the reason they weren’t captured by Xerxes (King of the Persians). That pretty much covers it but let’s maybe make a little more sense of that.

Cryptography is the art of concealing information by obscuring it. This can be done in a number of ways but the important thing to remember is that it works on information. For instance a text document can be encrypted, but a lamp can’t.

Another related term is Steganography which is just the art of concealment. This doesn’t attempt to obscure the data but rather hide it. This could be as simple as the age old “lemon juice writing trick”. What is that? you take a piece of paper a little on the firm side. For instance you can’t use a piece of notebook paper it’s just too thin. Take a lemon or some lemon juice (not lemonade…) and a paintbrush, then using the juice write your message on the paper.

The juice will dry and become invisible. This is why it’s important to use a thick piece of paper, a thin piece will just become… bumpy from the moisture and your message will be visible. When the receiving party gets the paper they will hold it over a heat source, typically a candle, and the sugar from the lemon juice will caramelize causing the words to appear in brown on the paper.

Another distinction we need to make is that between cryptography and encoding. The purpose of encryption is to obscure the data, make it hard to get the plain text back. Encoding on the other hand just changes the representation of data. Encoding does not attempt to hide the data. Two common examples of Encoding are ASCII and Base64. These two methods allow information to be represented in another way.

All encryption is basted on a key. The key space is how many keys are possible. With computers this is usually represented in bits as all computation is binary. An easy way to figure out the key space is to use simple math. Say you have a 128 bit key (considered the minimum for secure communications) then it’s quite easy 128^2 or 340 tredecillion (34 followed by 43 0′s). If you could try 1 trillion keys every second it would take you 2 pentillion years to exhaust the key space.

However, don’t let this give you a false sense of security. A key is only as strong as it’s implementation. As any security professional will tell you, that while the UID (user ID) and password combination is the most popular, it’s the least secure. A password scheme is only is powerful as the password used. If you use 4096 bit key space, but pick “a” as your password guess how long it will take to brute force.

Another thing to keep in mind is the implementation of the cipher (that is, the encoding mechanism or algorithm). A now famous example is WEP or Wired Equivalent Privacy used in many wireless installations. WEP is capable of using 128 bit keys, technically 104 since 24 are use for the initialization vector (IV).

WEP is based on the RC4 cipher which is a stream symmetric cipher (don’t worry if you don’t understand all that now, you will). While this cipher is quite secure the problem is with the implementation, specifically that 24 bit IV which only gives you roughly 6 million possibilities. Thus your 2 pentillion years becomes something like 10 minutes (more information). If you’re still using WEP upgrade to WPA(2)… now! Stop reading this and update your settings, this tutorial isn’t going anywhere.

I just used the term symmetric, which has obvious geometry implications, but what does it mean for encryption? Well there are two fields of encryption, symmetric, and asymmetric. These often go by other names as well. For instance symmetric is also known as “secret key” or “private key” though not as often as it can be confusing. Asymmetric ciphers are also commonly called “public key”. The reason that some people shy from using the term “private key” for symmetric ciphers is that public key encryption uses a private key which can confuse some people.

What does this all mean? Symmetric ciphers rely upon one shared secret. Something that only 2 or more entities knows. This is the key. This is the most common form of encryption. There’s one major flaw with this system though that some of you might have picked up on. Say the two, or more, entities are located at geologically distant places? How does one get the secret key to the other without someone intercepting it along the way?

There’s a number options here, the most common, of course, is using key escrow, but then you still have to trust a third party. To over come this limitation was the dream of many cryptographers and mathematicians alike, though the line drawn between the two is often very vague. Enter the asymmetric cipher. Asymmetric ciphers use properties of mathematics allowing them to create two keys. One, the private key, is used for decryption (or creation of digital signatures) and the other, a public key, for encryption (or verification of digital signatures).

These are just the basics of the two methods of encryption which will be covered in much more detail in the next two parts of this series: Symmetric and Asymmetric ciphers. Now that we have some of the basics of cryptography down I’d like to spend the rest of the lesson discussing two historical applications of cryptography.

Mary Queen of Scots

The first story has to do with someone many of you have probably heard of, Mary the Queen of Scots. For those of you whom don’t know who she was, she was the

Queen of Scotland from 1542 to 1567. As a Catholic she was forced to abdicate in favor of her son and fled to England where she was imprisoned by Elizabeth I. When Catholic supporters plotted to put her on the English throne she was tried and executed for sedition.

The part we’re going to be focusing on is the plotting aspects. A quick little bit of history first. Mary was the Queen of Scotland when she was 2 weeks old, being formally crowned at the age of 9. She married a French guy, he died. She married another guy (her cousin) who gave her a son, but he was an ass so she (or the nobles) had him killed. Married another guy but ends up imprisoned shortly thereafter. After an attempt to retake the thrown things got even worse for her so she runs alway to England hoping her cousin (Queen Elizabeth I) will help her out, upon arriving she’s imprisoned. She spends the rest of her life in jail.

See, Elizabeth was afraid that she would try and steal the crown from her since the Catholics in England didn’t recognize Elizabeth as the queen considering her a bastard child and having no claim to the thrown and poor Mary was next in line. So, she’s chillin’ in jail for awhile, no correspondence then one day this dude hooks her up with a bunch of letters. How did they get them to her? by hiding them in a barrel that was used to seal some alcohol. In a classic example of steganography.

Now it so happened that this one guy wanted to get her the hell out of jail and get her on the thrown. Him and a couple of his friends were going to bust her out. You can’t just charge into jail and hope to come out alive so they needed to do some plotting. They were already pretty successful with the stego approach, nobody had caught them yet, but for some added protection they encoded the messages as well. A simple alphabet was constructed of symbols and a couple code words, 4 nulls and one dowbleth (doubles the previous char).

Remember, encoding offers no real protection. He’s the catch though, that guy that was the hook up transferring the barrels was actually a double agent. He would make a stop along the way and they would make a copy of the message and then a smart guy did a regular old frequency analysis, to be covered in the next installment.

The guy doing the cryptanalysis was so good that even after they had all the evidence they needed to convict the man and Mary they wanted more and he forged a postscript asking for the names of the friends! In the end all 8 of them (Mary, Correspondent and 6 friends) were caught and killed. Moral of the story? Don’t rely on encoding (monoalphabetic ciphers) or you could die.

The other story I wanted to share with you is probably the one most widely known story of cryptanalysis in the world. Libraries of books have been written focusing solely on this event in history and numerous movies have used the gripping tale. There is another reason that it’s particularly of interest to me, and that it’s pretty much the only story in the world where the Polish are the heroes.

The Enigma

Now, before we can eve talk about what the enigma is or what it did we have to kind of set the stage a bit here. WWI is over and a couple of people want to work on making the encryption process better. In 1918 two German friends Arthur Scherbius and Richard Ritter found a company aptly named “Scherbius and Ritter” to invent things. Scherbius was the R&D guy and one thing he wanted was to work on some electronic thing to make encryption better. The result of all this was The Enigma.

Basically, it was a machine that had 3 (and later 5+) disks that rotated, a plug board in the front, a keyboard and at first just another “keyboard” that would light up. You’d arrange your disks, plug some cables into the plug board, and type out your message. Then the letters would light up and you’d write or type that up.

On the outside it looks pretty simple. Once we start to dissect it however, the elegance is really quite remarkable and was the driving force for many inventions. What made this so hard to crack? Let’s explain a few things.

The plug board, this was a simple aspect of the overall design but could really offer a lot of flexibility. It connects two letters and reverses them. For instance you could plug the L into the E and the two would be reversed. love -> eovl. What was really impressive though were the disks. As you would type they would increment one wheel, one notch at a time. When the first wheel made a complete rotation the next would move one notch and so on. Of course, this meant you had to reset the disks for each message, but it was well worth it.

The disks had 26 starting spots, indicated by each letter of the alphabet, and with 3 disks you have 17, 576 starting positions to choose from. The disks were also modular meaning you could put them in any of 6 orders. Don’t forget the plug board which came with six cables allowing you to swap 6 of the 26 letters which gives you 100,391,791,500 possible permutations.

Now if we multiple all of those we get a key space of about 10 pentillion, not bad. On top of this, at the end was a “reflector” which shot the signal back though the disks on a different path before they got to the lights. While this doesn’t add to the keyspace, it adds to the complexity and frustration of cracking. Those of you paying attention realize the one major drawback here though, distributing those starting positions.

An issue, yes, but it was worth it and was done. Of course this leads to the possible capture of the code books, but the operators were ordered to destroy them if they were captured. The paper was printed on water soluble paper so that made it easier to destroy them quickly. One book was captured though, later in the war when more disks were used and couldn’t be broken. Quite an interesting tale that, but we’re not really focusing on that particular bit of history, were more interested in how the enigma was eventually cracked.

In WWI there was a place called “Room 40″ in London but in 1926 when the first Enigma ciphered messages started coming in, they were stumped. The French and Americans didn’t fair any better and the Germans had perfect secrecy, at least, in the beginning.

Before we go any further I want to talk about Bletchley Park for just a moment. Bletchley Park took over the task of cipher breaking from Room 40 and at its height had several *thousand* people working there. The set up was quite interesting as well, the center was this Gothic looking mansion and it was surrounded by these little huts ingeniously labeled “hut X” with X being the number of the hut. They were known to employ a wide range of individuals from crossword puzzle junkies to mathematicians and linguists. It is really quite an amazing place, historically speaking, numerous books talk about it both fiction and non.

I’ve kinda jumped ahead of myself so let’s back track a bit here. See, the British, the French and the Americans just weren’t all that motivated to crack Enigma. They had just beaten the Germans and kinda had an ego issue and didn’t think it was A) possible or B) worth while.

There was one very paranoid country though, Poland. With the threat of invasion on both sides (From the Russians and Germans) they were incredibly motivated to find *some* way to crack Enigma. The French had signed an information sharing treaty with Poland and when their secret service managed to get their hands on two documents from a man on the inside (Hans-Thilo Schmidt) they just handed them off to the Poles thinking the information basically useless.

The documents didn’t give any of the codes, nor did it even come out and say “this is how to build and Enigma device”, but it did hint at the construction. The Polish, in Biuro Szyfrów, started to get to work. One of their great foresights was in employing mathematicians. The reasoning was that since the Enigma was mechanized it would take a mind trained in engineering to break it.

They rounded up some people from Poznán which was special, not because of level of intelligence, but because it was, until 1918, part of Germany and thus the citizens there were fluent in German. The guy we’re going to focus on is Marian Rejewski. He had studied statistics looking for a career in insurance. He worked his way through basic code breaking at Biuro and eventually headed the Enigma team.

What Rejewski realized was that the key to breaking the Enigma lay in the message key. Wait! stop! message key? what’s the message key? Good question, let’s find out. The Germans were smart, they realized that vast amounts of information encoded with the same key would lead to lots of cipher text and that would be a cryptanalyst’s dream come true. With massive amounts of information, deciphering the key is made much simpler. What the Germans did was issue code books once a month.

To send a message the Enigma operator would set his machine up with the day’s settings which included which disk when in which slot, which letters to connect on the plug board and which spot on each disk to set (A-Z). The operator would then chose a new orientation for the disks (A-Z) and type this out twice (on the day’s settings) to provide insurance against operator error, or noise on the signal. Therefore the first 6 chars of a message would be the message key (starting positions for the 3 disks) repeated. Say you got a message and the first 6 chars are SFKBJM, that would be the message key encoded by the “day key” twice.

The receiver would set his machine up with the day key, type in the first 6 chars which should be the same thing twice, “BCU” for example. He would now know the message key and could line up his disks to the message key and type out the rest of the message.

Rejewski saw great potential in this realizing that repetition is the bane of security. You just can’t have both. He knew that the first and fourth letter of any message were somehow related, S and B in our example, since it was the same letter encoded at two different positions on the disk. Likewise F and J, as well as K and M were equally related in some manner. How they were related though he wasn’t exactly sure yet.

If he had enough messages he could create three sets of tables linking letters. He would need to have enough that he could link each first letter to each fourth letter. In other words, he would need to know what A-Z for the first letter were stepped down as the fourth. He would have one for the 1-4, 2-5 and 3-6 relationships. One might look something like:

first letter    A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
fourth letter   E D I G M P K N C T S Z C F U A H D B O Q L V J W R

Notice the S from the first line links up with the B from the second. Similar tables would be drawn up for the other letter’s relationships.

Rejewski saw a pattern that one could make, if one started at the top, and followed to the bottom, finding then that letter on the top, moving to the bottom again you would eventually end up back and where you started. Using our example, a chain might look something like S -> B -> D -> G -> K -> S having 5 “links”. What’s more, the number of links in a chain was completely independent of the plug board settings. The letters might jumble around some, but the actual number of links would not change.

Now we have something manageable, instead of trying to find 1 of 10 pentillion keys we only have 105, 456 keys. Sure, that’s not exactly child’s play, but when your freedom is at stake it looks a hell of a lot better than 10 pentillion and so Rejewski’s team started the arduous task of making the chains for every possible key. It took them a year, but at the end of that year all Rejewski had to do was make his chains for that day, look it up in his catalog and he would have the day key. Well, he would have the orientation of the disks anyway.

The plug board switched letters around on him and he didn’t know which of the many possibilities the machine was set at for the day. That didn’t prove much of an issue though and he relied on just picking it up from the text. If, for example, the message said “Belrin” one might deduce that the l and r were switched.

Rejewski and his team had done it, they had cracked the impregnable Enigma and all was good. It came to pass, however, that the Germans made some minor adjustments and rendered Rejewski’s catalog completely useless. Instead of throwing his hands up Rejewski came up with and ingenious contraption. He named his devices “bombes,” the exact reason is not known though a couple hypothesis exist including one involving ice cream. What better way to combat mechanized encryption than with mechanized code breaking?

He made a machine that would be able to check all of the 17,576 possibilities quickly, and since there were 6 orientation, then he would need 6 such machines working in parallel to find the key. This overall machine with 6 “sub-machines” was the bombe and would crunch away at finding the day key for them, usually in less than a few hours.

Of course, they really didn’t need to go through the whole process. As it turned out the informant was still meeting with the French and handing over whole codebooks, 38 month’s worth in fact. The director of the Buiro (Gwido Langer) never told Rejewski considering it prudent realizing one day the books would stop coming and they didn’t have time to become complacent.

The day did come, right after the Germans switched over to a yet another new system. Now instead of 3 disks there were 5, but the machine still only used 3 disks at a time. The task now became finding out the wiring of the new disks, then they had to figure out which of the 5 were used, and in what orientation. Where there was once only 6 possible ways to arrange the disks there was now 60. On top of that, instead of 6 cables for the plug board there were now 10, switching 20 letters.

The German threat was rising and the Poles decided to come clean to the British and French inviting them over. On July 24th of 1939 a French and British representative meet Langer where he unveiled the bombe and told them the story. He gave them each a spare Enigma and plans for the bombe hoping they would be able to take it the next step to combat the new system.

Just in time too, since a little over a month later (September 1st) the Germans invaded Poland and the war began. In many respects the story just starts here, and much has been said about the British involvement and Alan Turning in particular. I highly recommend reading more on this aspect of WWII history.

In the next installment we will be talking about symmetric ciphers, what they are, how to spot them, and how to crack them. Until then, thanks reading and I hope you had fun/learned something!

Narrowband:

In order to know what spread spectrum is, it helps to know what it is not, and most importantly ? why it is not. Narrowband transmissions are just the opposite of spread spectrum. They use high power over a small frequency. All the information is transmitted over that single frequency (well, a very narrow range of frequencies at least) and the high power is utilized in order to make the signal detectable over the background.

The main problem with narrowband transmissions is their susceptibility to corruption and jamming. The signal occupies a very small realm of the spectrum, therefor any interference will cause significant degradation of the signal. Since the signal is operating at the same frequency all the time, someone only has but to set up a transmitter on the same frequency at high power to drown out the signal.

This is not to say that narrow band is inherently evil. Narrowband transmitters/receivers have their place in the world, the radio in your car used narrowband transmissions for example. You will also notice your radio does not have the best quality. When quality is of paramount importance narrowband just can not offer what is needed, what we need is spread spectrum

FHSS:

The first spread spectrum technique we are going to discuss is frequency hopping spread spectrum (FHSS). This was the pioneer of spread spectrum and definitely has advantages, however, those advantages are also quickly superseded by its faults. The idea behind FHSS is a simple one; get out of the way of noise.

The concept of spread spectrum is directly in conflict with the goals of the bodies whom govern the use of the airwaves. The purpose of such organizations is to restrict the use of the airwaves so that they do not become congested. The idea of spread spectrum is to spread a single signal out over many frequencies.

The original 802.11 standard defines the use of FHSS and gives it a range of 79Mhz from 2.402Ghz to 2.48. In order for FHSS to work a couple of details need to be hashed out between the AP and client. One thing that they need to decide upon is the dwell time. The dwell time dictates how long the IR will transmit on a particular frequency. In addition to the dwell time a hop time needs to be calculated. The hop time defines how long it takes to hop from one frequency to another. Lastly in order to communicate a hop pattern needs to be determined. This is a list in essence, it lists the order in which the signal will hop, once it reaches the end of the list it starts all over again. All three of these values need to be synchronized between the AP and client or communication will not take place.

If one were to consider the information provided in the previous paragraph one would correctly assume that the fastest transmission would be achieved through a dwell time of infinite. The signal would loose no time hoping from one frequency to another. This is absolutely correct, and also absolutely defeats the purpose of spread spectrum.

The IEEE has therefore enforced a rule which states that a FHSS IR must have at least 6Mhz of separation between hops and a maximum dwell time of 400ms for any 30 second time span. How you divide that 400ms up is completely up to the designer of the system. This was originally in accordance with the FCC, however the rules were later (31-08-00) changed but the IEEE did not bother to update its requirements since FHSS had pretty much been phased out already.

FHSS can achieve data rates of 1 and 2 Mbps (well, with the FCC change that gets a boast to 10Mbps but that does not effect 802.11). Due to the extremely slow nature of FHSS its use has faded from this plane of existence. The information is provided here for educational purposes only, the only place you will probably find equipment utilizing FHSS would be at a garage sale.

DSSS:

After FHSS came Direct Sequence Spread Spectrum (DSSS). Unlike FHSS DSSS does not have a bunch of dedicated channels. What DSSS does is define a center frequency for a channel and kinda leaves the rest to the wind. It does stipulate that at plus or minus 11Mhz the signal’s power must be decreased by 30dB and at plus or minus 22Mhz, 50dB. Channels are considered “non over lapping” if they are separated by 25Mhz

In the United States the FCC has provided 11 channels for 802.11b/g transmissions. Again, these channels are dictated by their center frequencies and start at 2.412Ghz for channel one and go to 2.462Ghz for channel 11. Interestingly enough 14 channels are written into the standard yet no country at all makes use of the 14th, it used to be that Japan *only* used channel 14 but their laws changed and their channels now mirror Europe (ETSI).

DSSS is utilized in 802.11b wireless LANs and is sometimes referred to as HR-DSSS, the HR standing for “Hight Rate” quickly being phased out for faster and better technologies. DSSS is a step up from FHSS offering data rates of 1, 2, 5.5 and 11 Mbps which is perfectly adequate if all you plan to do is surf the web with your broad band Internet connection, but not good for much more than that.

The main problem with DSSS is interference from over lapping channels. Channels need to be 25Mhz apart to be considered “non overlapping” (however the reality of this is not so much the case as we will read about later). The channels themselves however, are only separated by 5Mhz, using quick math we can see that 5 * 5 = 25, ergo we need five channels of separation to get a non overlapping channel. This leaves us with channel 1, 6, and 11 or 2 and 7, etc.

OFDM:

Finally we come to the most interesting of the spread spectrum techniques. I suppose the first thing that we need to discuss about Orthogonal Frequency Division Multiplexing (OFDM) is that it technically is not even spread spectrum. Another interesting aspect about OFDM is that it is used in both 802.11a and 802.11g which are not interoperable. Meanwhile, 802.11b and 802.11g are interoperable, but their spread spectrum technologies (DSSS and OFDM respectively) are not.

OFDM then is this weird foray into spread spectrum. It masquerades as spread spectrum when it is not, does not play well with itself, and plays fine with strangers. Just what is this strange form of “spread spectrum” then?

First let us explore the strangeness of 802.11a and 802.11g. These two standards are exactly the same, yet they do not work together. What separates these technologies is the RF spectrum. 802.11g works in the 2.4Ghz spectrum while 802.11a is all alone in the 5Ghz spectrum. We will discuss why this is later. Ok, so that is one mystery solved and one left.

The other oddity of OFDM that we discovered was that it is used in 802.11g which is backwards compatible with 802.11b which uses DSSS. How can these two different technologies talk to each other? They can not! Solves that problem right there. What happens is that 802.11g devices will enable something called protected mode which encodes the headers with DSSS and then the payload is delivered via OFDM (More on this later).

Oh wait, that was only two of the three issues we had with OFDM, the other being that it is not even a spread spectrum technology. Well, if it is not spread spectrum, then what is it? Basically, OFDM is a bunch of narrowband transmissions sent in parallel. Interesting concept no? Here is how it works: frequencies have harmonics, musicians are very familiar with this concept, but harmonics are not limited just to the audible frequencies, they apply to any frequency. Harmonics are great in music, but in RF they have the nasty habit of corrupting signals. What OFDM does is use some math to create waves whose harmonics perfectly overlap causing them to cancel out. Now, the hardware to actually do this is quite expensive so what consumer chips use is something called Digital Signal Processing (DSP) which takes care of the dirty work a whole lot cheaper. OFDM takes a single channel and splits it into 52 sub-carriers (300Khz wide) which all transmit simultaneously with their harmonics canceling each other out leaving a clean signal.

Modulation Techniques:

There are all kinds of ways to modulate a wave to send a signal. Your car radio for example probably can be tuned to FM or AM radio. FM uses Frequency Modulation which alters the frequency of the wave in order to represent the data. On the other hand AM radio uses Amplitude Modulation which, you guessed it, alters the amplitude of the wave. As it happens, the property of a wave most likely to change as it propagates though space is amplitude which is why AM never really caught on. FM is better but still not resilient enough which is why all spread spectrum technologies utilize phase modulation.

Phase modulation changes the phase of the wave to represent information. The different types of spread spectrum utilize different kinds of phase modulation but they all are essentially the same process. DSSS for example can use DBPSK or DQPSK. These two may look different, but you will notice only one letter changed and it simply denotes the number of phases which can be detected.

Differential Binary Phase Shift Keying (DBPSK) is the most basic form of phase shift technology. As the name would lead one to assume it is capable of recognizing two distinct shifts, one of 0 degrees, and one of 180 degrees. We could therefore label a phase shit of 0 degrees as a “0″ and a shift of 180 degrees at a “1″.

There is no reason we have to limit ourselves to simple binary shifting though, Differential Quaternary Phase Shift Keying (DQPSK) takes it to the next level by providing 4 separate shifts, 0 degrees, 90 degrees, 180 degrees and 270 degrees. Now that we have multiple shifts we can send multiple bits with one shift. a shift of 0 degrees could be “00″, 90 degrees “01″, 180 degrees “10″ and 270 degrees might represent “11″.

Even with DQPSK we will not get particularly fast data transmissions. Instead of creating various names such as D”X”PSK the number of phases is usually prefixed to the term Quadrature Amplitude Modulation (QAM) which can be confusing since it says “Amplitude” but rest assured we are still talking about phase shifts. 16-QAM thus would be capable of detecting 16 phase shifts and 64-QAM would be… 64 phase shifts. These are the two technologies present in OFDM used in the 802.11a/g standards to achieve their fast transfer rates. The ability to detect up to 256-QAM does exist and is in fact part of the 802.11n draft at present. To figure out how many bits we can fit into a number of shifts you can complete the simple equation: bits/shift = log base 2 (# of phases). Using this we see that 256-QAM is able to transmit one byte per shift

Encoding Techniques:

So, we know the different types of spread spectrum, but these technologies are not defined just by their waves, but in how they transmit data. In order to transmit this data you first need to encode it. Some individuals use the terms “encoding” and “modulation” interchangeably, this is wrong. Modulation is the process of sending what has been encoded. In other words, encoding gives you the sequence of ones and zeros and modulation defines how to get them from point A to point B.

In some cases the modulation technique used is the encoding technique, this is probably how the two terms got confused in the first place. For example if you wanted to send “101110″ with DBPSK you could simply do a 180 degree shift, 0 degree, 180, 180, 180, 0. Of course, this would not be very resilient to corruption.

To combat the inevitability of signal corruption there are various forms of encoding that take place before the signal is actually sent. DSSS uses something called a “Barker Sequence” of 10110111000 which is XORed against each *bit* of the signal, this results in 2 possible outcomes of the XOR. 1 XOR 10110111000 which equals 01001000111 and 0 XOR 10110111000 which equals 10110111000 (which is just the Barker Sequence). The beauty of this system is that if a bit gets flipped in transit it can be figured out. For example if the sequence 10110110001 came in we see that two bits have been flipped from the sequence for “1″ so even though two of the bits were corrupted we still know the original data was a “1″. The process of XORing the signal with the Barker Sequence is called processing gain. To keep things straight, people often call the bits of the resulting signal after processing gain and those of the Barker Sequence as “chips”. The data is in bits, but the encoded signal is in chips, got it?

Processing gain does introduce quite a bit of overhead though as you can see, now 11 chips need to be sent for each bit of data. In order to achieve faster speeds something called Complementary Code Keying (CCK) is employed. CCK uses an 8-chip variable Barker Sequence (64 to be precise). This is what allows 802.11b HR-DSSS to achieve the 5.5 and 11 Mbps transfer speeds. For 802.11b we can use the following rate table to find out how the signal is making its way though the air:

The 802.11 implementation of OFDM adds what is called Convolution Coding which basically takes a couple of the sub-carriers and uses them to transmit parity information. This way if a number of the sub-carriers are killed from narrowband interference the data can be re-created, think RAID 5. Pretty simple for such a complex system. Here is the corresponding table for OFDM transmissions:

R is the fraction of sub-carriers used for data vs. those used for parity information, the rest should be pretty self explanatory. One thing to note is that while 802.11b using DSSS is using DQPSK for transmissions at 11Mbps, due to the enhanced features of OFDM 802.11g is able to use the same DQSK to achieve 12Mbps yet retain a longer range. That is to say using 802.11g you will be able to experience that 12Mbps further from the AP than if you were using 802.11b even thought they are using the same modulation technology (If you are using 802.11a it would be comparable because of the reduced range of the 5Ghz signal).

Co-location:

The ability to co-locate APs is important in any networking environment. Even if you only plan on deploying a single AP, a site survey may reveal the presence of several others in the area which may interferer with your signal. Logic dictates that two signals can not be transmitting on the same frequency at the same time or they will corrupt each other.

When we look at co-location strictly from the standpoint of how many APs we can employ FHSS wins hands down. FHSS utilizes 79 discreet channels, if synchronizing technology is used one could theoretically have 79 co-located APs with hopping patterns which prevent any one from stepping on another’s toes. Now if synchronizing is not available you can still get away with about 26 co-located devices, but if you happen to be creating a high traffic LAN you probably will not want to go over 15 APs. However, cost makes this prohibitive. When we consider the maximum throughput of FHSS taps out at 2Mbps it would take 16 APs to equal the through put of 3 DSSS systems.

This takes us quickly into the next realm: DSSS/OFDM. Due to the fact that 802.11b/g operate in the same section of the frequency spectrum they may use different technologies, but they are operating on the same channels. We also remember that these channels are ambiguous specifying only a center frequency. We recall that at most we have 3 channels for co-location, however this is still only in true in the land of theory. The fact is that even if you have two APs, one on channel 1 and one on channel 11 they are liable to interfere with one another.

The interference from co-located systems is not really all that detrimental until we consider mixing 802.11b and 802.11g. If there is one thing you should take away from this section it is to *NEVER* co-locate 802.11b and 802.11g systems, especially APs. The problem with these two technologies is that while they are backwards compatible the DSSS systems can not hear the OFDM signals and visa-versa. In order to keep things working 802.11g systems must employ what is known as protection mode. This mode sends the headers in DSSS so that the 802.11b systems know not to transmit and then uses OFDM for the payload, however this overhead has a dramatic impact on the 802.11g system giving it an effective maximum throughput of 12Mbps. All of a sudden your top of the line 802.11g system is reduced to speeds comparable to that of the 802.11b systems you are trying to get away from. A really good explanation of this problem can be found in the white paper by Devin Akin, a link to which is provided at the end of this paper.

One nice thing about 802.11a systems is that their channels do not overlap. 802.11a which operates in the 5Ghz spectrum has 8 channels which just do not overlap by design. Technically each of the two bands that 802.11a wireless LANs use has 4 channels giving you a total of 8 channels. If you have preformed a site survey and found the area to be saturated with 2.4Ghz signals it might be wise to consider purchasing 802.11a systems, just know your range will be significantly reduced, but if you are interested in providing coverage for a living room for example that is not really an issue.

The FCC/Politics:

Have you ever wondered why 802.11a and 802.11g use the exact same technology but operate in different frequency bands? Well wonder no more! The FCC provides two different license free bands, the 2.4-2.4835GHz Industrial Scientific Medical (ISM) band and the 5.15-5.825Ghz Unlicensed National Information Infrastructure (UNII) band (which is actually broken into UNII-1, UNII-2 and UNII-3). Technically the UNII-3 band is usually used for outdoor use, in point-to-point links, so for the home user we can discount that and restrict the UNII band down to 5.15-5.35Ghz.

Remember way back when we were discussing OFDM? Well the FCC does not consider OFDM a spread spectrum technology, and therefore it was not allowed to be used in the 2.4Ghz ISM band which specifically limited transmissions to FHSS and DSSS. The wireless networking people said… fine, be that way and started to used OFDM in the UNII band which did not impose such limitations.

Eventually the FCC was persuaded to allow provision for the use of OFDM within the ISM band, but it still does not consider it a spread spectrum technology. It was just “close enough” so an addendum was added and thus 802.11g was born so as to allow backwards compatibility with the 802.11b standard it was intended to replace thereby allowing individuals to upgrade gradually.

Closing:

At this point you should know more about wireless than you ever wanted to. If however, you feel you have just started (and to be honest you really have) I would highly recommend taking a look at some of the resources provided in the works referenced section. While information on 802.11n is still hard to come by it is definitely something to look into and was not covered much in this paper. One really interesting aspect of 802.11n is the use of Multiple In Multiple Out (MIMO) to increase speeds. As it stands now all 802.11 technologies are half duplex, which means a radio can only receive or transmit at any time. I honestly hope you have enjoyed this paper as much as I had writing it (maybe more ;).

Works Referenced:

• CWNA Certified Wireless Network Administrator Official Study Guide 3rd Edition by Joshua Bardwell et al
• Protection Ripple in 802.11 WLANs by Devin Akin available though CWNA’s learning center.
• NE Asia online article about 802.11n *NOTICE* Since Writing this tutorial this links has gone down. Also, the 802.11n standard has been ratified by the IEEE
• IEEE’s 802.11 standards
• FCC title 47 chapter 15

• Ext2
• Ext3
• JFS
• XFS
• Reiserfs
• NTFS
• (V)FAT
• NFS
• SMB
• ISO9660

You’ll probably also uses some of the following in your fstab file which we’ll talk about more later:

• swap
• proc
• tmpfs

What makes mounting… involved, is not the process of mounting but the sheer volume of options each one of these filesystems accept. You’ll quickly find the -o option for mount can take more forms than Sydney Bristow in the show “Alias”.

The basic mount request will look something like this:

mount -t <filesystem> -o <options> /dev/<device> /<mount point>

This is not the shortest version of course, however the most basic form requires we set up our fstab file and that’s getting ahead of ourselves. Let’s take this command apart in the following example:

mount -t ext2 -o acl,usrquota /dev/hda3 /home

This mounts the ext2 file system which happens to be the third partition on the master drive on the primary IDE controller enabling POSIX acls (Access Control Lists) and user level quotas as the home directory. Pretty simple eh? As a side note in order to enable acls your kernel must be complied to support them.

Lets talk about some trickier filesytems now. NTFS is a good place to start. Starting with windows NT, Microsoft has been using the NTFS filesystem as their default. NTFS offers great security features for windows users, but makes it very hard for us poor Linux users. Starting with the 2.4 kernel rudimentary NTFS support has been available, however, even in the latest kernel release (2.6.16.17) that support is limited to read-only. With kernel level support that means we can look at an NTFS partition and even copy files over to our native filesystems to work on. We just can’t copy those changed files back to the drive, or in any way modify the filesystem.

Luckily for us there are ways to break that read only barrier. One of them is called NTFS Fuse which is still limited to only 10 writes, but what’s really interesting is something called Captive NTFS. This uses Microsoft’s own drivers for full access to the partition, you can copy, write, override, etc to your heart’s content. To mount using these drivers you need to use the type of “captive-ntfs”. (i.e., mount -t captive-ntfs …)

There’s a live distro out there called The Trinity Resource Kit which is really great imo and I’ve used it a number of times to save windows computers. The distro is cmd line only and a relatively small d/l but is full of power. It comes w/ a script to d/l the captive ntfs drivers as well as update the clamAV database and then create a new ISO for you to burn off giving you the ability to fully access a windows computer even with out an Internet connection.

Since I originally wrote this tutorial kernel support for NTFS writes is still not supported. However, most distributions now offer the ntfs-3g drivers which support read/write to NTFS with great reliability. Check your distro’s documentation for further information on ntfs-3g support and options.

Let’s shift out discussion from native filesystems for a moment. If you’re in a heterogeneous network with windows and Linux computers you’ll undoubtedly be running Samba on your Linux computer to access the windows shares. If you’re not then you really need to get w/ the program. ;) You want to make that windows share look like just another folder on your Linux box just like windows can map a drive don’t you? The question is how do you do that.

There’s actually “two” ways to go about it. I say two because technically it’s only one and the other is just a wrapper for it. Technically the command you’re working with is smbmount. Of course, almost nobody uses that. The way to use smbmount through mount is to use the “smbfs” file system. Let’s imagine I have a windows computer called “game”, and I’ve shared out a folder with the share name of “files”. Let’s further assume it’s locked out via acls so only my username “tulkas” has access. How can I access it from my Linux box? Simple:

mount -t smbfs -o username=tulkas //game/files /mnt/files

We already discussed the smbfs part and if you can’t figure out what that option does… well let’s not go there. That leaves the last two parts. In order to mount any samba share you need to use the UNC name of the server which if you’re not familiar with is simply //<computer’s name>/<share> and finally the where you’re mounting to, namely, /mnt/files. Remember that this folder needs to exist *before* you mount. (mkdir -p /mnt/files) It should be noted that /mnt/ is the default location where most people mount there extraneous filesystems, especially things like CD-ROM, DVD, floppy, etc. However, KDE likes to use /media/<same folder name> for some reason so you might want to make a symlink (or just use /media).

NFS mounting follows a similar method for mounting except yo use nfs for the type and the server is referenced via: server:/<export> NFS also has some extra options that a lot of people tend to take advantage of. A typical NFS mount will look something like:

mount -t nfs -o hard,wsize=8192,rsize8192 server:/export/data /mnt/data

The hard option tells Linux to wait as long as it takes for the server to come back up if it happens to fail preventing data loss in the event the server goes down for some reason. the wsize and rsize stand for write and read buffer, the default is 1024bytes (1MB) this is a bit of a hold over from older days using 10base5 etc. On today’s 100baseTX(+) networks you can notice a substantial increase of performance upping those values to 8192bytes (8MB).

Loops, if you’re a programmer this is not a new concept. However, it’s nothing like a programming loop. One of the most interesting options mount has is loop. If you you have an ISO of a CD for example you can mount it just like any CD, the key is the loop option. Let’s see how:

mount -t iso9660 -o loop /home/tulkas/my.iso /mnt/pictures

Now you’re all set to go! If you’ve ever wondered how to make an ISO in Linux, it’s a very simple process and all distros come w/ the tool you need. It’s called “dd” Let’s say my CD-ROM is /dev/hdc and you want to make an ISO of it. Here’s what you need to do: dd if=/dev/hdc of=my.iso Too simple. If you want to make a make a back up of one of your games that may have copy protection you might want to add the conv=noerror option so the final command would look like: dd conv=noerror if=/dev/hdc of=my.iso if stands for input file, and of is output file by the way.

I should tell you that while using the -t <filesystem> is the “correct” method, it’s almost never used. Mount can almost always figure out what the filesystem is that you’re trying to mount, and if it can’t it just says “hey, wtf are you trying to mount” (or something like that anyway) and then you can just add the flag to get it working. So, for example to mount that NFS export you can just type:

mount -o hard,wsize=8192,rsize8192 server:/export/data /mnt/data

Now that we have the basics under out belt, let’s figure out how to have the system take care of all the dirty work for us. The key is a file called /etc/fstab and here’s mine:

/dev/hda1			/boot				ext2		noauto,noatime		1 2
/dev/hda3			/					reiserfs	noatime				0 1
/dev/hda2			none				swap		sw					0 0
/dev/dvd			/mnt/dvd			iso9660		noauto,ro,user		0 0
/dev/dvdrecorder	/mnt/dvdrecorder	iso9660		noauto,ro,user		0 0
/dev/fd0			/mnt/floppy			auto		noauto				0 0
proc				/proc				proc		defaults			0 0
shm					/dev/shm			tmpfs		nodev,nosuid,noexec	0 0

The first column is the device, second is mount point, third is filesystem, fourth is options. Lastly you’ll notice two numbers in the final column(s). The first number is used by the dump command to figure out how often it should be backed up, and the second tells fsck which order the drives should be checked at boot up.

Once you have your fstab file set up mounting becomes even easier, for example if I want to mount my dvd drive all I have to type is:

mount /mnt/dvd

That’s it! mount will look through fstab and figure the rest out for me and let me browse at ease, you’ll notice for my dvd I have the “user” option. Normally only root can use mount, but for devices which have the “user” option specified any user can mount them. Most often you’ll want your removable storage to have this option.

Another benefit to having your fstab set up is that mount has a flag “-a” which lets you mount all the filesystems listed in your fstab (of a particular filesystem, say iso9660, if you prefer).

One thing that is a little deceptive of the fstab is the inclusion of the swap space. Swap is *not* mounted. In order to activate a swap space you need to use “swapon <swap space>”. I specifically used the words “swap space” because, contrary to most novice’s belief, swap does not have to be a partition. It most often is, in the my case I’m using /dev/hda2 with the fdisk 82 and allocated with makeswap. However I could just as easily use touch a file and use dd to fill it to the size I want with the /dev/zero device and then use that for extra swap space.

You’ll also notice /proc and /dev/shm don’t have device files they’re just “proc” and “shm”. Those are special, and you don’t need to worry about them, at least not in the scope of this text.

Now that we have all these fun filesystems mounted for use it often comes up that we want to unmount them. The command do do this is very cleverly named “unmount”. If you no longer need your dvd mounted for example you can type “umount /mnt/dvd” and you’re all set. If you want to be spiffy and the envy of all your friends you can also try “eject dvd” which will unmount the device and then open the tray for you. If you’ve got a filesystem is giving you some trouble say one of those pesky users is still on it you can force a dismount by adding the “-f” flag: umount -f /mnt/stuff

Another way to make mounting even easier is to use the automounter. The automounter is just what it says. Once you have it set up you don’t even have to worry about typing out that pesky mount command. You just brows to the mount point and the automounter will mount it for you, it couldn’t get any easier.

Automounter is based on what’s called “maps” The main map is called /etc/auto.master which lists the other maps like:

/home		auto.home
/stuff		auto.stuff

We will assume that our friendly local admin has a windows server called “Server1″ hosting all our /home dirs in the shared folder “homes” with the subdirs indicating all the users. For example, my home would be located at //Server1/homes/tulkas and my other Valar have theirs similarity named. The /etc/auto.home file would look something like this:

tulkas		//Server1/homes/tulkas
manwe		//Server1/homes/manwe
orome		//Server1/homes/orome
ulmo		//Server1/homes/ulmo

Now we have that all set up the only thing left is to.. oh yeah… get the automounter itself. Install it with your favorite method, apt-get, rpm, emerge, tarball… whatever floats your boat. Then make sure the rc files get set for run level 3, 5 and 6. To get it start w/o having to reboot your sever (something you should only have to do after a kernel update) just type: /etc/init.d/autofs start and then you’re set to go. Now if I type “cd /home” automounter will automatically mount my windows hosted home dir for me.

Well, that’s it for today’s lecture. You should now have a pretty firm grasp as to what mount is, what it does and what it doesn’t do. You should also know where to go to get more information (say it w/ me everyone: “man”!) which you’ll probably have to do to figure out some of the fun options out there for all the file systems. So, go forth and start mounting!

What is cron? Cron sits around and every minute your computer is running it will wake up, read the crontrab file (more on that later), compare the current time w/ the times listed in said file and then if anything matches preform the task described. There are a couple different versions of cron but the most common is vixie-cron written by Paul Vixie. It is so common pretty much every distro comes with it, so if for some reason you didn’t install it w/ when you were installing your distro you can use whatever package management system you’ve got to install it.

Now you have cron installed and you want to get started. In order to start automating your processes you needed to edit the crontab for the user you want to preform the task. The user whose cron file lists the action is who’s user space the task will be preformed under. Therefor if you need root privs to preform your task you should edit root’s crontab. Just how do you do that? Well that’s simple. You issue the command “crontab -e” (If you’re root or happen to have access to another account you’re not currently logged in under you can edit a specific user’s crontab with the -u username flag).

crontab is exceedingly simple, it is just a wrapper for your default editor. If you don’t want to use your default editor for some reason you can always change it by altering your EDITOR env var according to your shell’s syntax. (BASH for example would use “export EDITOR=vim” to use vim) This is all great and simple, but now you’re probably wondering just what you need to type in there to make it useful.

Cron utilizes 6 separate fields:
1. The minute (0-59)
2. The hour (0-23)
3. The day of the month (1-31)
4. The month (0-12 or July, Dec, etc)
5. The Day of the Week (0-6 where 0=Sunday or Sun, Mon, etc)
6. The actual task you want preformed.

To get you in the swing of things I’ll show you two entries from my own crontrab and then we can talk about what they do and how to change stuff.

0 0 * * *       fortune > /etc/motd
0 4 * * 0       find / -name '*~' -type f -exec rm -f {} \;

The first line changes the message of the day every day at midnight with the fortune program. The second line searches the entire file-system looking for files (-type f) with the a name that ends with a tilde (-name ‘*~’) and forcefully removes them (-exec rm -f {} \;) every Sunday. These files are created by a number of different applications for a back up, but they can also start to take up space and often times just get in the way. One thing to keep in mind when using something like find is that you might want to test what you’re doing somewhere safe first. If you accidentally used rm -rf for example and forgot the -type f param well, there could be problems.

These are just simple examples but already I think you can start to appreciate the power of cron. Anything you can do on the CLI can be turned into a cron job and repeated indefinitely with out you having to worry about it all the time. Perhaps you have a backup bash script you wrote and have to run every Friday after work, you can set up a cron job to run it for you and mail you the report!

This brings up another point, cron will mail you with anything sent to STOUT or STERR using the local mail system. If you expect errors but don’t want to clog up your mail folder with reports from cron about what you already know is going to happen you can append something like 2>&1 > /dev/null

Ok, we have the basics under our belts now but there’s still a little bit more to cover. What if you want to have some script run every 15 minutes? would you need 96 entries? how about just having it run on Mondays and Thursdays? Rest assured there’s no need to create a 100 line crontab. Cron supports stepping, ranges, and lists. Just what are these? Let’s start with the most basic – a list. A list is simply a set separated by commas. For example 2,5,19 placed in the hour field will run the task at 2am, 5am and 7pm. Continuing backwards we have a range which is denoted by a dash. To use a range to make a task run only during the summer you could use Jun-Aug (depending on your definition of “summer”). last we have step which is quite interesting and adds a lot of flexibility and power to cron and is denoted by the backslash. To get our fictions task to run every 15 minutes we would use */15 for the minutes and 0-23 for the hours. Another example would be say, 10-20/2 would run at 10,12,14,16,18 and 20 (it steps ever 2… get it? ;). Any field can also mix and match these options such as “2-4,8-17/3,20″ in the hours field.

Once you’ve finished editing your crontab file use whatever method your editor employees for saving and exiting and you should see something like:
crontab: installing new crontab

If crontab notices any errors in your syntax it will also spit our an error like:
crontab: installing new crontab
“/tmp/crontab.XXXXJhoVUm”:1: bad minute
errors in crontab file, can’t install.
Do you want to retry the same edit?
type y and hit enter to try again or n and enter to ignore the error, though I wouldn’t advise doing that.

At this point you should have a firm understanding of just what cron is. You should know the various fields the crontab uses and which values they accept. Most importantly you know how to get into edit your crontab with your favorite editor to set up all your fun (or not so fun) tasks. Now you too can sit back and enjoy… whatever it is you enjoy while the computer automatically churns through all the tedium.