Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
{Extended abstract}
Aftab Ahmad, Lakisha Dailey, Cynia Watson and Louay Youssef
Computer Science Department, Norfolk State University
700 Park Avenue, Norfolk VA 23504
Phone: (757) 823-8311
Email: {aahmad@nsu.edu, l_s_dailey@yahoo.com, cyniarwatson@yahoo.com, louay2k3@yahoo.com}
Summary
After initial negligence on security in IEEE 802.11-based wireless LANs (WLANs), Wi-Fi and IEEE have
worked diligently to bring strong protection in the form of Wi-Fi protected access (WPA) and now IEEE
802.11i. The later, that is IEEE 802.11i, provides strong protection, but its effect on lowering through and
increased delay is unknown. In this paper, we will present the results of initial studies on parts of this
architecture. Our focus will be on authentication using IEEE 802.1X and key management using temporal
key integrity protocol (TKIP). We will study delays and throughput overhead.
1. Introduction
Security is an important function of the medium access control (MAC) sublayer. The MAC
sublayer of the IEEE WLAN offers access related mechanisms in general. For this reason, it uses a method
parallel to an Ethernet. The Ethernet utilizes carrier sense multiple access with collision detection
(CSMA/CD). Since collision detection cant be proficient in wireless media due to the quick reduction of
the signal, collision avoidance is executed requiring certain minimum time between any two packets
transmitted resulting in carrier sense multiple access with collision avoidance (CSMA/CA). The security
target was to initially provide enough security that an IEEE 802.11 based WLAN is as safe as Ethernet.
Access Point
Machine B
Machine A
Machine C
Figures 1.Example infrastructure networks.
recommend a standard that provides strong protection. The resulting standard, also called IEEE 802.11i,
has recently been ratified.
Tx starts sensing
Packet
DIFS
ACK
Packet 2
SIFS
DIFS + Backoff
Dynamic keys- Allows per-session and per-packet dynamic ciphering keys. Message integrity
checking (MIC) to guarantee that the message has not been tampered with during transmission.
(The TKIP MIC is also known as Michael.)
48-bit IV hashing- Longer IV avoids the weaknesses of the shorter 24-bit WEP RC4 key.
Authentication server (called AS or server in this document). AAA server (RADIUS) which will
verify user credentials and give commands to accept or reject the user login request.
Authenticator (called client or access point - AP - in this document). The network access device
(NAS), which will take the EAP-frames out of the traffic on one side and translate them into
RADIUS-attributes on the other and vice versa, thus acting as pass-through device.
Supplicant (user). The one to be authenticated.
Figure 5.Frame exchange for the authentication process based on IEEE 802.1X [2]