Performance investigation of secure 802.11 wireless LANs : raising the security bar to which level?

2003 i Acknowledgments I would like to thank my supervisors, Dr John Vargo and Associate Professor Ray Hunt, who have provided me with invaluable answers to my questions and guidance in the preparation of this thesis. I would like to acknowledge all the support and encouragement given by my family and friends. Each of you have contributed in your own special way, and helped me during difficult times. I would like to express also my most sincere thanks to Peter Davison, for providing me with wireless technical support. I would also like to thank Dr. Paul Cragg for statistical guidance, Chris Harrow for Windows operating system management directions, and Chris Rodgers for experiment setup discussions. Government Communications Security Bureau for providing me the opportunity to perform this research. Abstract Wireless networks have gained popularity, providing users flexibility and mobility in accessing information. The IEEE 802.11 Wireless Local Area Network (WLAN) standard has become the dominant architecture in practice. Private WLANs are used by businesses and home users, while public WLANs have been established in areas expected to have high demand for bandwidth, such as cafes, airports, and hotels. Existing solutions for such WLAN access networks have been exposed to security vulnerabilities. Although researchers have proposed improved security for WLANs, very little work exists in the area of understanding the interaction between WLANs and their emerging and evolving security architectures with respect to the performance impacts of these security measures. The aim of this thesis is to quantify the impact on network performance resulting from the adoption of these security mechanisms. This study investigated the performance and security issues of IEEE 802.11 wireless networks using layered security models. The two models defined in the research were the IEEE 802.1X and Virtual Private Network (VPN). Our results showed that different security mechanisms degraded WLAN performance in different ways. Network performance degradation increased as the protection of the security mechanisms increased. Furthermore, the VPN model impacted the performance more than the 802.1X model. The performance degradation calculated was incorporated into constructing a wireless security policy template for wireless " security insurance " .

[1]  Craig A. Finseth,et al.  An Access Control Protocol, Sometimes Called TACACS , 1993, RFC.

[2]  James C. Chen Measured Performance of 5-GHz 802.11a Wireless LAN Systems , 2001 .

[3]  Timo Hämäläinen,et al.  Trends in personal wireless data communications , 2002, Comput. Commun..

[4]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[5]  David G. Leeper,et al.  A Long-Term View of Short-Range Wireless , 2001, Computer.

[6]  Scott O. Bradner,et al.  Benchmarking Terminology for Network Interconnection Devices , 1991, RFC.

[7]  Glen Zorn,et al.  Securing L2TP using IPsec , 2001, RFC.

[8]  Matthew S. Gast,et al.  802.11 Wireless Networks: The Definitive Guide , 2002 .

[9]  Naganand Doraswamy,et al.  IP Security Document Roadmap , 1998, RFC.

[10]  Bob O'Hara,et al.  The IEEE 802.11 Handbook: A Designer's Companion , 1999 .

[11]  Elaine J. Weyuker,et al.  A metric for predicting the performance of an application under a growing workload , 2002, IBM Syst. J..

[12]  Rui Pedro Lopes,et al.  Performance analysis of a wireless MAN , 2001, Proceedings IEEE International Symposium on Network Computing and Applications. NCA 2001.

[13]  Gilbert Held The ABCs of IEEE 802.11 - IT Professional , 2001 .

[14]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[15]  Jesse Walker,et al.  Unsafe at any key size; An analysis of the WEP encapsulation , 2000 .

[16]  Donald R. Cooper,et al.  Business Research Methods , 1980 .

[17]  William Allen Simpson,et al.  PPP Challenge Handshake Authentication Protocol (CHAP) , 1996, RFC.

[18]  James V. Hansen Internet commerce security: issues and models for control checking , 2001, J. Oper. Res. Soc..

[19]  Scott O. Bradner,et al.  Benchmarking Methodology for Network Interconnect Devices , 1996, RFC.

[20]  Glen Zorn,et al.  Point-to-Point Tunneling Protocol , 1999 .

[21]  Thomas Wu,et al.  The SRP Authentication and Key Exchange System , 2000, RFC.

[22]  William A. Arbaugh,et al.  YOUR 802.11 WIRELESS NETWORK HAS NO CLOTHES , 2001 .

[23]  A T Karygiannis,et al.  Wireless Network Security: 802.11, Bluetooth and Handheld Devices , 2002 .

[24]  Juan Caballero Bayerri,et al.  Experimental Study of a Network Access Server for a public WLAN access network , 2002 .

[25]  Glen Zorn,et al.  Layer Two Tunneling Protocol "L2TP" , 1999, RFC.

[26]  Phillip Q. Maier Ensuring Extranet Security and Performance , 2000, Inf. Syst. Manag..

[27]  Andrew B. Whinston,et al.  Defending Wireless Infrastructure Against the Challenge of DDoS Attacks , 2002, Mob. Networks Appl..

[28]  Dan Simon,et al.  PPP EAP TLS Authentication Protocol , 1999, RFC.

[29]  John Ioannidis,et al.  Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[30]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[31]  Rajeev Bansal Wireless Networks: An Electronic Battlefield? , 2001 .

[32]  James J. Whitmore A method for designing secure solutions , 2001, IBM Syst. J..

[33]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[34]  Ray Hunt,et al.  Technological infrastructure for PKI and digital certification , 2001, Comput. Commun..

[35]  Greg Goth News: Wireless Security Still Ad Hoc and Add-On , 2002, IEEE Distributed Syst. Online.

[36]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[37]  Chris Rodgers Virtual private networks : strong security at what cost? , 2001 .

[38]  B. A. Harris,et al.  Firewalls and virtual private networks , 1998 .

[39]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[40]  Bernhard H. Walke Mobile Radio Networks: Networking, Protocols and Traffic Performance, 2nd Edition , 2001 .

[41]  Simon Blake-Wilson,et al.  EAP Tunneled TLS Authentication Protocol (EAP-TTLS) , 2004 .

[42]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[43]  Benny Bing,et al.  A novel technique for quantitative performance evaluation of wireless LANs , 1998, Comput. Commun..

[44]  Luciano Lenzini,et al.  Performance evaluation of capacity request and allocation mechanisms for HiperLAN2 wireless LANs , 2001, Comput. Networks.

[45]  Sultan Weatherspoon,et al.  Overview of IEEE 802.11b Security , 2000 .

[46]  Sheila Convery,et al.  SAFE: Wireless LAN Security in Depth , 2001 .