An Experimental Study on Security Protocols in Wlans

Abstract

Wireless Local Area Networks (WLANs) are vulnerable to malicious attacksdue to their open shared medium. Consequently, provisioning enhancedsecurity with strong cryptographic features and lowperformance overheadbecomes exceedingly necessary to actualize real-time services in WLANs.In order to exploit full advantage of existing security protocols atvarious layers, we study the cross-layer interactions of securityprotocols in WLANs under different network scenarios. In particular, wepresent a detailed experimental study on the integration of commonlyused security protocols such as WEP, 802.1x and EAP, IPsec and RADIUS.First, we classify individual and hybrid policies, and then, definesecurity index and cost functions to analyze security strength andoverhead, quantitatively, of each policy. By setting-up an experimentaltestbed, we measure performance cost of various policies in terms ofauthentication time, cryptographic cost and throughput using TCP/UDPtraffic streams. Our results demonstrate that in general, the strongerthe security, the more signaling and delay overhead, whereas, theoverhead does not necessarily increase monotonically with the securitystrength. Therefore, it is suggested to provide substantial security ata reasonable cost of overhead with respect to mobile scenarios andtraffic streams. Also, we notice that authentication time will be a moresignificant factor contributing towards QoS degradation thancryptographic cost, which is critical to real-time service in wirelessnetworks.