Security overhead in wireless LANs

{Extended abstract}
Aftab Ahmad, Lakisha Dailey, Cynia Watson and Louay Youssef
Computer Science Department, Norfolk State University
700 Park Avenue, Norfolk VA 23504
Phone: (757) 823-8311
Email: {aahmad@nsu.edu, l_s_dailey@yahoo.com, cyniarwatson@yahoo.com, louay2k3@yahoo.com}
Summary
After initial negligence on security in IEEE 802.11-based wireless LANs (WLANs), Wi-Fi and IEEE have
worked diligently to bring strong protection in the form of Wi-Fi protected access (WPA) and now IEEE
802.11i. The later, that is IEEE 802.11i, provides strong protection, but its effect on lowering through and
increased delay is unknown. In this paper, we will present the results of initial studies on parts of this
architecture. Our focus will be on authentication using IEEE 802.1X and key management using temporal
key integrity protocol (TKIP). We will study delays and throughput overhead.
1. Introduction
Security is an important function of the medium access control (MAC) sublayer. The MAC
sublayer of the IEEE WLAN offers access related mechanisms in general. For this reason, it uses a method
parallel to an Ethernet. The Ethernet utilizes carrier sense multiple access with collision detection
(CSMA/CD). Since collision detection cant be proficient in wireless media due to the quick reduction of
the signal, collision avoidance is executed requiring certain minimum time between any two packets
transmitted resulting in carrier sense multiple access with collision avoidance (CSMA/CA). The security
target was to initially provide enough security that an IEEE 802.11 based WLAN is as safe as Ethernet.

Access Point
Machine B

Machine A

Machine C
Figures 1.Example infrastructure networks.

2. IEEE 802.11 MAC Security

The original standard provided security only for infrastructure type networks using a central
controller, as shown in Figure 1. There was no mutual authentication so that a station could recognize a
legit access point. The fact that every packet in unicast transmission were acknowledged (Figure 2)
provided some protection due to semi-privacy of MAC addresses. The encryption mechanism in WEP was
quite easily breakable and several tools are available to do so. The IEEE 802.11i Work Group was set up to

recommend a standard that provides strong protection. The resulting standard, also called IEEE 802.11i,
has recently been ratified.

Tx starts sensing

Packet

DIFS

ACK

Packet 2

SIFS

DIFS + Backoff

Figure 2. The DCF of the 802.11 MAC Protocol

3. IEEE 802.11i Operation Sequence

IEEE 802.11i was designed to add stronger encryption, authentication, and key management
strategies that guarantee data and system security. There are two new data-confidentiality protocols, TKIP
and CCMP. IEEE 802.11i also uses IEEE 802.1Xs key-distribution system to control access to the
network.. IEEE 802.11i also includes key caching and pre-authentication for fast reconnect and roaming.
3.1 Temporal Key Integrity protocol (TKIP)
TKIP is a data key integrity protocol designed to distribute and protect various ephemeral keys
used in IEEE 802.11i. TKIP uses a message integrity code called Michael. Michael allows devices to
authenticate that the packets are coming from the claimed source. TKIP also uses a mixing function to
conquer weak-key attacks, which would allow attackers to decrypt traffic. This function creates per packet
key mixing of the IV, which is used to break up the correlation used by weak key attacks. By doing this, an
attacker is stopped from eavesdropping.
In WPA, RC4 encryption engine was retained, however, it has been replaced by a stroner new standard
called advanced encryption system (AES). Characteristics of TKIP include:

Dynamic keys- Allows per-session and per-packet dynamic ciphering keys. Message integrity
checking (MIC) to guarantee that the message has not been tampered with during transmission.
(The TKIP MIC is also known as Michael.)
48-bit IV hashing- Longer IV avoids the weaknesses of the shorter 24-bit WEP RC4 key.

Figure 3 shows a block diagram of the TKIP usage.

4. Authentication based on IEEE 802.1X
The 802.1X draft standard describes port-based, network access control using the same server
based mechanism for WLAN as is employed in Internet. This port-based network access control employs
the physical features of the switched LAN infrastructure to authenticate devices attached to a LAN port. If
the authentication process fails, access to the port can be denied. Although this standard is mainly designed
for wired Ethernet networks, it can be useful for 802.11 wireless LANs.
These terms are specific to the 802.1X LANs:

Authentication server (called AS or server in this document). AAA server (RADIUS) which will
verify user credentials and give commands to accept or reject the user login request.
Authenticator (called client or access point - AP - in this document). The network access device
(NAS), which will take the EAP-frames out of the traffic on one side and translate them into
RADIUS-attributes on the other and vice versa, thus acting as pass-through device.
Supplicant (user). The one to be authenticated.

Figure 5 shows a message exchange sequence for the IEEE 802.1X.

Figure 5.Frame exchange for the authentication process based on IEEE 802.1X [2]

5. Simulation Model for the MAC

We will analyze and simulate a WLAN based on IEEE 802.11 MAC and study the difference in throughput
with and without security. We will employ only the IEEE 802.1X-based authentication and TKIP-based
key management overhead for this paper.
6. Conclusion
The objective of the research is to address the question of whether IEEE 802.11i delay makes its
usage questionable under certain traffic situations, especially for multimedia. If TKIP is not useful due to
too much delay, then we will conclude that 802.11i may be very secure but it is an overkill. However, if it
can be implemented with little delay, it can be used for delay sensitive applications such as Wi-Fi voice
conferencing and streaming video. References to relevant work will be provided as well.
7. References
[1]. Zytrax.Com, 802.11 MAC (Media Access Control,
http://www.zytrax.com/tech/wireless/802_mac.htm.
[2]. Mesfin Assefa Wireless Security in 802.11 (Wi-Fi) Networks,
http://www.wifizonenews.com/publications/page289-655799.asp .