As we saw in Lesson 1, the actual Wi-Fi protocol stack consists of the lower two layers, MAC and PHY, running on the nRF70 Series interacting with the Wi-Fi host stack running on the host MCU, in our case the nRF5340 SoC.
The host MCU is running all the upper layers needed for network communication. Let’s take a look at the different layers that make up the network protocol stack.
Wi-Fi host stack
The Wi-Fi host stack is the lowest layer running in the host MCU, and is comprised of the Wi-Fi driver and an 802.1X supplicant. It is mainly responsible for interfacing with the Wi-Fi stack running on the nRF70 Series IC.
Supplicant: Specifically called 802.1X supplicant as defined by the IEEE is an entity, either hardware or software, that seeks to be authenticated by an authenticator attached to the other end of that link.
The Wi-Fi host stack communicates with the nRF70 Series companion IC using the SPI/QSPI interface.
The layer above the Wi-Fi driver contains the L2 network technology responsible for routing the Wi-Fi traffic beyond the Wi-Fi access point.
The Wi-Fi driver presents the nRF70 Series IC as an ethernet interface to the upper layers of the stack.
The layer above the L2 layer defines the Internet Protocol address (IP address), which essentially provides the location for the IP packet.
The original IP address (IPv4) defines the addresses as 32-bit numbers, but due to the expansion of the Internet, there were too few addresses. As a solution, IPv6 was introduced, which defines the addresses as 128-bit numbers. These two versions are in simultaneous use today.
On top of IPv4 and IPv6, we have the transport layer, which is made up of two communication protocols, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).
TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection between server and client before beginning to send data. It provides reliable, ordered and error-checked delivery of a stream of bytes.
UDP is a connectionless protocol that does not require an established connection, but rather transmits packets (called datagrams) directly to the receiver. As opposed to TCP, this does not provide ordered or error-checked delivery.
Being a simpler protocol, UDP has fewer overhead bits and no handshake. This creates a number of advantages such as the lower power consumption associated with the absence of handshakes. However, this can lead to a higher data loss and packets can arrive out of order but can be solved by the application protocol.
On the other hand, TCP is a more complex protocol. It offers packet awareness, which means that transceivers are aware of the order of packets being sent so any lost packet can be detected and re-transmitted and any disruption in the packet order can be corrected. Of course, this results in increased overhead and power consumption.
TLS and DTLS
On top of TCP and UDP, we have either Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS), which provide security for TCP and UDP, respectively.
TLS is an encryption protocol designed to provide security over a TCP connection. When establishing a connection between the server and client, the client can request a TLS connection. One of the main ways of achieving this is to use a different port number for TLS connections.
DTLS is an implementation of TLS that is specifically designed to be used over datagram-based communication and is intended to provide similar security guarantees. To do this, DTLS requires a handshake prior to transmitting messages, where each handshake packet has a specific sequence number to solve the fact that UDP does not provide ordered delivery.
The transport layer security protocols provide confidentiality, integrity, and authenticity to the communication.
Confidentiality: The communication cannot be read by third parties along the network path.
Integrity: The communication cannot be altered by third parties along the network path.
Authenticity: Verifies the identity of both sides of the communication (client and server).
From an application perspective, the difference between using TLS and DTLS is insignificant, as both protocols provide the same type of security.
To verify the authenticity of the server side of the communication, a certificate chain is used.
A certificate chain is a list of certificates used to verify a server’s authenticity. The chain starts from the server’s certificate (often called the identity certificate or end-entity certificate), followed by one or more intermediate certificates, and terminates with a root CA (Certificate Authority) certificate. Each certificate in the chain is signed by the entity identified by the next certificate in the chain.
The figure below illustrates a certificate chain with one intermediate certificate. The identity certificate contains the name and signature of the intermediate certificate that it is signed by, and in turn, the intermediate certificate contains the name and signature of the root certificate that it is signed by. The root certificate is always signed by the certificate authority itself, terminating the certificate chain.
When connecting to a server with security, you need to provide the device with one of the certificates in the certificate chain so the device can verify the authenticity of the server before connecting. We will take a look at how to do this in the exercise section of Lesson 4 and Lesson 5.
The next layer in the network protocol stack is the socket API. The socket API is what the application and the application layer protocols use to interface with the protocol stack.
A network socket is a software endpoint that allows communication between different processes or applications over a network. It provides a programming interface for network communication, enabling processes running on different devices to exchange data.
In a network communication scenario, you can think of a socket as a door through which information can enter or leave a device. It acts as a communication channel that facilitates data transmission between two endpoints, typically on different devices connected to a network.
Sockets use the client-server model, where one device acts as a server and waits for incoming connections, while another device acts as a client and initiates the connection. The server socket listens for incoming requests, and the client socket establishes a connection with the server socket.
Socket: A socket is a software structure that serves as an endpoint for sending and receiving data across a network.