Abstract
Wireless Local Area Networks (WLANs) are vulnerable to malicious attacks due to their open shared medium. Consequently, provisioning enhanced security with strong cryptographic features and low performance overhead becomes exceedingly necessary to actualize real-time services in WLANs. In order to exploit full advantage of existing security protocols at various layers, we study the cross-layer interactions of security protocols in WLANs under different network scenarios. In particular, we present a detailed experimental study on the integration of commonly used security protocols such as WEP, 802. lx and EAP, IPsec and RADIUS. First, we classify individual and hybrid policies, and then, define security index and cost functions to analyze security strength and overhead, quantitatively, of each policy. By setting-up an experimental testbed, we measure performance cost of various policies in terms of authentication time, cryptographic cost and throughput using TCP/UDP traffic streams. Our results demonstrate that in general, the stronger the security, the more signaling and delay overhead, whereas, the overhead does not necessarily increase monotonically with the security strength. Therefore, it is suggested to provide substantial security at a reasonable cost of overhead with respect to mobile scenarios and traffic streams. Also, we notice that authentication time will be a more significant factor contributing towards QoS degradation than cryptographic cost, which is critical to real-time service in wireless networks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
T. Karygiannis and L. Owens, “Wireless Network Security 802.11, Bluetooth and Handheld Devices,” National Institute of Technology, Special Publication, pp. 800–848, November 2002.
Y. Zahur and T. A. Yang, “Wireless LAN Security and Laboratory Designs,” Journal of Computing Sciences in Colleges, vol. 19, pp. 44–60, January 2004.
N. Borisov, I. Goldberg, and D. Wagner, “Intercepting Mobile Communications: The Insecurity of 802.11,” in Proceedings of the Seventh Annual International Conference on Mobile Computing And Networking, July 2001.
“IEEE 802.1X,” http://www.ieee802.Org/l/pages/802.lX-rev.html, 2004.
“IEEE 802 Standards,” http://standards.ieee.org/getieee802.
A. Hecker and A. H. Laboid, “Pre-authenticated Signaling in Wireless LANs using 802. IX Access Control,” in Proceedings of IEEE Global Telecommunications Conference, GLOBECOM’ 04, vol. 4, pp. 2180–2184, November–December 2004.
A. Hecker and A. H. Laboid, “A New EAP-based Signal Protocol for IEEE 802.11 Wireless LANs,” in Proceedings of IEEE 60th Vehicular Technology Conference, VTC-Fall, 2004, vol. 5, pp. 3214–3218, September 2004.
W. Qu and S. Srinivas, “IPSEC-Based Secure Wireless Virtual Private Networks,” in Proceedings of IEEE MILCOM, pp. 1107–1112, October 2002.
D. B. Faria and D. R. Cheriton, “DoS and Authentication in Wireless Public Access Networks,” in Proceedings of ACM Workshop on Wireless Security (WiSe), pp. 47–56, September 2002.
W. A. Arbaugh, N. Shankar, J. Wang, and K. Zhang, “Your 802.11 Network Has No Clothes,” IEEE Wireless Communications Magazine, December 2002.
S. Kasera, S. Mizikovsky, G. S. Sundaram, and T. Y Woo, “On Securely Enabling Intermediary-Based Services and Performance Enhancements for Wireless Mobile Users,” in Proceedings of ACM Workshop on Wireless security (WiSe), pp. 61–68, September 2003.
J. Kong, S. Das, E. Tsai, and M. Gerla, “ESCORT: A Decentralized and Localized Access Control System for Mobile Wireless Access to Secured Domains,” in Proceedings of ACM workshop on Wireless security (WiSe), pp. 61–68, September 2003.
Y. Matsunaga, A. Merino, T. Suzuki, and R. H. Katz, “Secure Authentication System for Public WLAN Roaming,” in Proceedings of The 1st ACM international workshop on Wireless mobile applications and services on WLAN hotspots, pp. 113–121, 2003.
M. Li, H. Zhu, S. Sathyamurthy, I. Chlamtac, and B. Prabhakaran, “End-to-End Framework for QoS Guarantee in Heterogeneous Wired-cum-Wireless Networks,” in Proceedings of The First International Conference on Quality of Service in Heterogeneous Wired/Wireless Networks, 2004, pp. 140–147, Oct 2004.
O. Elkeelany, M. M. Matalgah, K. Sheikh, M. Thaker, G. Chaudhary, D. Medhi, and J. Qaddour, “Perfomance Analysis Of IPSEC Protocol: Encryption and Authentication,” in Proceedings of IEEE Communication Conference (ICC), pp. 1164–1168, May 2002.
A. Godber and P. Dasgupta, “Secure Wireless Gateway,” in Proceedings of ACM Workshop on Wireless Security (WiSe), pp. 41–46, September 2002.
G. Hadjichristofi, N. D. IV, and S. Midkiff, “IPSec Overhead in Wireline and Wireless Networks for Web and Email Applications,” in Proceedings of IEEE International Performance, Computing, and Communications Conference, 2003, pp. 543–547, April 2003.
K. Wang and S. Tripathi, “Mobile-End Transport Protocol: An Alternative to TCP/IP Over Wireless Links,” in Proceedings of IEEE INFOCOM, pp. 1046–1053, April 1998.
M. D. Corner and B. D. Noble, “Zero-Interaction Authentication,” in Proceedings of IEEE/ACM MOBICOM, pp. 1–11, September 2002.
C. Perkins, “IP Mobility Support,” http://www.ietf.org/rfc/rfc2002.txt, October 1996.
“IPSEC,” http://www.freeswan.org.
“802. lx Supplicant,” http://www.openlx.org.
“RADIUS,” http://www.freeradius.org.
“OpenSSL,” http://www.openssl.org.
“Mobile IPv4,” http://dynamics.sourceforge.net.
I.-G. Kim and J.-Y. Choi, “Formal Verification of PAP and EAP-MD5 Protocols in Wireless Networks: FDR Model Checking,” in Proceedings of The 18th International Conference on Advanced Information Networking and Applications, vol. 2, pp. 264–269, March 2004.
B. Aboba and D. Simon, “PPP EAP TLS Authentication Protocol,” RFC 2716, October 1999.
A. Satoh and T. Inoue, “ASIC-Hardware-Focused Comparison for Hash Functions MD5, RIPEMD-160, and SHS,” in Proceedings of International Conference on Information Technology: Coding and Computing, ITCC 2005, vol. 1, pp. 532–537, April 2005.
C. B. McCubbin, A. A. Selcuk, and D. Sidhu, “Initialization Vector Attacks on the IPsec Protocol Suite,” in Proceedings of EEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, (WET ICE 2000), pp. 171–175, June 2000.
A. Mian and A. Masood, “Arcanum: A Secure and Efficient Key Exchange Protocol for the Internet,” in Proceedings of International Conference on Information Technology: Coding and Computing, ITCC 2004, vol. 1, pp. 17–21, April 2004.
J. Rejeb, M. Vohra, and T. Le, “IKE-based Secure Wireless and Mobile Networks,” in Proceedings of The IEEE 6th Circuits and Systems Symposium on Emerging Technologies: Frontiers of Mobile and Wireless Communication, 2004, vol. 2, pp. 567–570, June 2004.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Agarwal, A.K., Wang, W. (2007). An Experimental Study on Security Protocols in Wlans. In: **ao, Y., Shen, X.S., Du, DZ. (eds) Wireless Network Security. Signals and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-33112-6_12
Download citation
DOI: https://doi.org/10.1007/978-0-387-33112-6_12
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-28040-0
Online ISBN: 978-0-387-33112-6
eBook Packages: EngineeringEngineering (R0)