Chapter 4 Security Considerations
4.3 Advantages
With separated security domains, maintaining the consistent security configuration throughout the entire set of MAPs in the WLAN Mesh is problematic. Moreover, MAPs outside of the network center are difficult to apply the physical security control.
The proposed mechanism takes advantages of the centralized authenticator. It is much efficient to enforce security policy and distribute security configuration among the whole network in the centralized architecture. Furthermore, it is easier to enhance the physical security of one MPP instead of all MAPs within the WLAN Mesh.
Chapter 5
Handoff Overhead Estimation
In this chapter, we analysis the link layer security mechanisms and present the related handoff overhead. For STA, the major concern is whether the handoff latency will damage the quality of real-time applications or not. For WLAN Mesh, the handoff traf-fic is the main issue.
An analytical model is proposed to compute the handoff overhead for an STA roaming within the WLAN Mesh. The estimated handoff overhead of ISD and 802.11i will be compared in the end.
5.1 Handoff Model
In order to increase the channel capacity and reduce the transmission power, cell struc-ture shown in Figure 5-1 is adopted in most AP deployments, where each AP has 6 ad-jacent APs.
CH1 CH6
CH1
CH11
CH6
CH6
CH1
CH11
CH11
CH6
Figure 5-1 AP deployment based on the cell structure
In additional to the AP interface, an MAP has one or more MP interfaces to
inter-connect with other MPs. The topology of MP services may be different to AP services.
An example of the MP topology is shown in the Figure 5-2, where the MAP deployment is based on the cell structure.
MPP MP MAP
Figure 5-2 Topology of MP services
During the 802.1X authentication, RADIUS messages are forwarded between the serving MAP and MPP. Despite there are different WLAN Mesh topologies, only the hop count between MAP and MPP is related to the authentication latency and traffic.
Therefore, we can conclude that the AP deployment determines the handoff behavior of STAs, and the MP topology determines the hop count between MAP and MPP. To esti-mate the handoff overhead, the analytical model has to take both of them into consid-erations.
For the AP deployment, the two-dimensional random walk model [4] is applied to capture the movement of STAs in the WLAN Mesh and calculate the number of hand-offs. Figure 5-3 illustrates a 6-subarea cluster, where cells are marked as (x, y). The x represents the layer of the cluster in which the cell resides, and y denotes the type y.
Cells with the same set of neighbors’ type are classified into one type. STAs in cells with the same type will have the same candidate handoff targets and will leave the cells with the same pattern. Therefore, the gray area shown in Figure 5-3 can capture the
movement of STAs within the cluster.
Figure 5-3 MAP deployment and cell classification
Assumptions of the handoff model are as follows:
i. An STA resides in a cell and then moves to one of its neighbors with the equal probability, i.e., 1/6.
ii. The cell (0, 0) is an MPP, and other cells are MAPs connected to this MPP.
The MPP is also capable of providing the AP services.
iii. The transmission distance of the MP interface is twice as long as the AP in-terface, which means the frame transmitted from MAP to MPP at least need x hops, and vice versa.
iv. There are no such MPs which only participate in the backhaul routing. Based on assumptions iii and iv, Figure 5-4 illustrates the MP topology of the 3-subarea cluster. Despite there might be MP topologies violating assumptions iii and iv, only the average hop between MAP and MPP correlates the handoff latency and traffic.
MPP MAP
Figure 5-4 MP topology of the 3-subarea cluster
v. The cached PMKs are never expired.5
vi. For 802.11i, if the target MAP does not cache the PMK, STA needs to perform full 802.1X authentication to regain the connectivity.
vii. For ISD, STA only needs to perform 4-way handshake in the handoff while roaming within the cluster.
viii. For ISD, if the target MAP does not cache the PMK, STA needs to perform full 802.1X authentication while moving out of the cluster.
Based on the random walk theory, the random walk for an n-subarea cluster (e.g. n
= 6) can be converted into a state diagram shown in Figure 5-5.
5 Windows XP specifies that the PMK cache can exist for 12 hours before being removed.
Figure 5-5 State diagram for a 6-subarea cluster
In this diagram, state (x, y) represents that an STA resides in one of the cells with type (x, y), and state (n, j) means the STA moves out of the cluster from one of the cells (n-1, j). S(n) represents the total numbers of states of the n-subarea cluster.
( ) ( )
⎪⎩
⎪⎨
⎧ + >
=
= , 1
2 1
1 2,
n n n
n n
S (4)
Let P(x, y), (x’, y’) be the one-step transition probability from the state (x, y) to the state (x’, y’), i.e., the STA performs one handoff from the current MAP (x, y) to the target MAP (x’, y’). For a n-subarea cluster random walk, the transition matrix P = (p(x, y), (x’, y’)) is a S(n)×S(n) matrix, where
( ) ( )n S n
Let P(k) be the probability for an STA moves from an MAP to another MAP with k handoffs, where initially resides at the MAP (x, y) and moves out of the cluster at the kth handoff, where
k, (x, y), (n, j)
Figure 5-6 Handoff pattern for ISD and 802.11i
As shown in Figure 5-6, an STA moves out of the cluster at the kth handoff means that it performed k-1 intra-MPP handoffs and one inter-MPP handoff. For ISD, an STA only performs 802.1X authentication in the inter-MPP handoff. However, for 802.11i, if the PMK is not cached by the target MAP, 802.1X authentication will be performed in the handoff.
5.2 Estimation Equations
To evaluate the link layer security mechanisms, we propose the equations to model the handoff overhead. With the handoff pattern, the proposed equations can estimate the average handoff latency and traffic for an STA roaming within the WLAN Mesh.
5.2.1 Handoff Latency
Whereas 802.1X authentication and 4-way handshake contribute the major part of the handoff latency, the quality of real-time applications is affected by the security mecha-nism. The latency introduced by the security mechanism can be classified into two types:
intra-MPP handoff latency (LINTRA) and latency inter-MPP handoff latency (LINTER).
5.2.1.1 Intra-MPP Handoff Latency
LINTRA represents the latency for an STA performing the intra-MPP handoff, which con-sists of authentication latency (LINTRA_AUTH) and 4-way handshake latency (LINTRA_4W).
Current MAP MP … MPP (Authenticator) AS STA (Supplicant)
802.11
EAPOL-Start (optional) EAP-Success (optional) Association Req. (PMKID)
Association Resp.
PMK
N_PTK PMK
*Key Distribution (PTK) 4-way Handshake #1
*PMK Veri. (PMKID)
*PMK Veri. Success
Figure 5-7 Intra-MPP handoff latency with ISD
For ISD, as shown in Figure 5-7, two messages are exchanged to verify the PMK cached by the STA. LINTRA_AUTH represents the average latency, where
ISD
y T is the single-hop transmission time.
and MPP.
y
y H is the average hop count between MAP
( )
= is calculated based on the proposed handoff model.
y x is the hop count between MAP and MPP, i.e. the type of MAP.
a.
STA and the MPP INTRA_4W
y S is the number of MAPs in the gray area with x hops to MPP.
y n is the cluster size. 1+n(n-1)/2 is the total number of MAPs in the gray are In the handshake phase, 4-way handshake messages are transmitted between the
. In addition, the PTK is distributed to the target MAP. L
represents the average latency, where
y L4W is the latency for an STA performing 4-way handshake in the single-hop network, i.e., WLAN.
RADIUS-A.-Req.
Current MAP Target MAP MPP AS
4 Way Handshake #1 4 Way Handshake #2 4 Way Handshake #3 4 Way Handshake #4
MP … STA
Association Req. (PMKID) Association Resp.
Figure 5-8 Intra-MPP handoff latency with 802.11i
For 802.11i, the intra-MPP handoff latency is shown as Figure 5-8. If the PMK is not cached by the target MAP, 802.1X authentication will be performed in the handoff.
LINTRA_AUTH represents the average latency, where
802.11i
y L1X is the latency for an STA performing 802.1X authentication in the
sin-y DIUS messages exchanged between the target
gle-hop network, i.e., WLAN.
MRADIUS is the number of RA
MAP and the AS in an 802.1X authentication.
In n WLAN Mesh and WLAN. L IN-TRA_4
(13)
y L4W is the latency for an STA performing 4-way handshake in WLAN.
INTRA
the handshake phase, the latency is the same i
W represents the latency, where 802.11i
4W,
INTRA_4W L
L =
Based on equations (8), (11), (12) and (13), L is defined as
(
PMK_MISS)
INTRA_4W PMK_MISS(
INTRA_AUTH INTRA_4W)
INTRA P L P L L
L = 1− ⋅ + ⋅ + (14)
(
1 REVISIT)
PFPMK_MISS P P
P = − ⋅ (15)
y PPMK_MISS is the probability that the PMK is not cached by the target MAP.
MPP handoff with ISD
Inter-MPP Handoff Latency
INTER rming the inter-MPP handoff, which
con-ut of th
y PREVISIT is the probability that an STA moves to a visited cell or cluster.
y PPF is the probability that 802.11i preauthentication is failed.
Since the PMK is always cached by the authenticator, the
intra-will only introduce LINTRA_4W. However, if an STA handoffs to a new MAP and fails to preauthenticate with it, LINTRA_AUTH will be introduced to the intra-MPP handoff with 802.11i.
5.2.1.2
L represents the latency for an STA perfo
sists of authentication latency (LINTER_AUTH) and 4-way handshake latency (LINTER_4W).
The inter-MPP handoff with ISD is shown as Figure 5-9. While the STA moves o e cluster, if the PMK is not cached by the new MPP, 802.1X authentication will be performed. LINTER_AUTH represents the latency, where
(
n 1 T)
, ISD ML
LINTER_AUTH = 1X + 1X ⋅ − ⋅ (16)
y M1X is the number of EAPOL messages the MPP in an 802.1X authentication.
An ST f will reassociate with another boundary
MAP is def
exchanged between the target MAP and
y n-1 is the hop count between the target MAP and the new MPP.
A performing the inter-MPP handof
in another cluster. Thus, the hop count between the target MAP and the new MPP initely n-1.
RADIUS-A.-Req.
RADIUS-A.-Challenge RADIUS-A.-Req.
RADIUS-A.-Accept (MSK) Target MAP MP … MPP (Authenticator) AS
802.11
*Key Distribution (PTK)
*PMK Veri. Req. (PMKID)
4-way Handshake #1
Association Req. (PMKID) Association Resp.
Figure 5-9 Inter-MPP handoff latency with ISD
LINTER_4W represe and PTK distribution
in the inter-MPP handoff, where
T
nts the average latency for 4-way handshake
(
1)
5 n L
LINTER_4W = 4W + ⋅ − ⋅ , ISD (17)
The inter-MPP handoff latency with 8
same as the intra-MPP handoff, except messages are forwarded via the boundary MAP.
LINTER_AUTH
02.11i is shown as Figure 5-10, which is the
represents the authentication latency, where
(
n 1 T)
, 802.11iTarget MAP MPP AS
4 Way Handshake #1 4 Way Handshake #2 4 Way Handshake #3 4 Way Handshake #4
MP … STA
Association Req. (PMKID) Association Resp.
Figure 5-10 Inter-MPP handoff latency with 802.11i
LINTER_4W repre
(19)
Based on equations (15), (16
sents the 4-way handshake latency, where
802.11i
(
1 PMK_MISS)
INTER_4W PMK_MISS(
INTER_AUTH IN)
INTER P L P L L
L = − ⋅ + ⋅ + TER_4W (20)
For ISD, only an STA moves to an unvisited ISD and fails to perform pr cation, the authentication latency is introdu
eauthenti-ced to the inter-MPP handoff. However, for 802.11i, the STA will perform 802.1X authentication in each handoff in the same condi-tion. Therefore, ISD can greatly reduce the demand for performing 802.1X authentica-tion and provide the equivalent security strength as 802.11i.
5.2.2 Handoff Traffic
Even though the handoff traffic is much lower than the data traffic, to guarantee the QoS the authentication message should avoid contending with the real-time application mes-sage for the medium access.
The proposed equations can estimate the traffic in the mesh network generated by the security mechanism for an STA roaming within the WLAN Mesh. The preauthenti-cation traffic is ignored, and the traffic is measured by the number of the normalized messages multiplied by the hop count. The handoff traffic can be classified into two types: intra-MPP handoff traffic (TINTRA) and latency inter-MPP handoff traffic (TINTER).
5.2.2.1 Intra-MPP Handoff Traffic
TINTRA represents the traffic generated by the security mechanism for an STA performing the intra-MPP handoff, which consists of authentication traffic (TINTRA_AUTH) and 4-way handshake traffic (TINTRA_4W).
Current MAP MP … MPP (Authenticator) AS
STA (Supplicant)
802.11
EAPOL-Start (optional) EAP-Success (optional) Association Req. (PMKID)
Association Resp.
PMK
N_PTK PMK
*Key Distribution (PTK) 4-way Handshake #1
*PMK Veri. (PMKID)
*PMK Veri. Success
Figure 5-11 Intra-MPP handoff traffic with ISD
For ISD, as shown in Figure 5-11, there are 7 messages transmitted via the WLAN Mesh: 2 messages for the PMK verification, 4 messages for the 4-way handshake and 1 message for the PTK distribution. TINTRA_AUTH and TINTRA_4W represent the traffic, where
ISD
y R is ratio of 802.1X authentication to 4-way handshake in average message size.
RADIUS-A.-Req.
Current MAP Target MAP MPP AS
4 Way Handshake #1 4 Way Handshake #2 4 Way Handshake #3 4 Way Handshake #4
MP … STA
Association Req. (PMKID) Association Resp.
Figure 5-12 Intra-MPP handoff traffic with 802.11i
For 802.11i, as shown in Figure 5-12, only RADIUS messages are transmitted via the WLAN Mesh. TINTRA_AUTH and TINTRA_4W represent the traffic, where
802.11i
(
PMK_MISS)
INTRA_4W PMK_MISS(
INTRA_AUTH INTRA_4W)
INTRA P T P T T
T = 1− ⋅ + ⋅ + (25)
5.2.2.2 Inter-MPP Handoff Traffic
TINTER represents the traffic generated by the security mechanism for an STA performing the inter-MPP handoff, which consists of authentication traffic (TINTER_AUTH) and 4-way handshake traffic (TINTER_4W).
RADIUS-A.-Req.
RADIUS-A.-Challenge RADIUS-A.-Req.
RADIUS-A.-Accept (MSK) Target MAP MP … MPP (Authenticator) AS STA (Supplicant)
*Key Distribution (PTK)
*PMK Veri. Req. (PMKID)
4-way Handshake #1
Association Req. (PMKID) Association Resp.
Figure 5-13 Inter-MPP handoff traffic with ISD
For ISD, as shown in Figure 5-13, all EAPOL messages and 4-way handshake messages are transmitted via the WLAN Mesh. TINTER_AUTH and TINTER_4W represent the traffic, where
For 802.11i, as shown in Figure 5-14, the traffic is the same as the intra-MPP handoff traffic. TINTER_AUTH and TINTER_4W represent the traffic, where
(
−1)
, 802.11iTarget MAP MPP AS
4 Way Handshake #1 4 Way Handshake #2 4 Way Handshake #3 4 Way Handshake #4
MP … STA
Association Req. (PMKID) Association Resp.
Figure 5-14 Inter-MPP handoff traffic with 802.11i
Based on equations (26), (27), (28) and (29), TINTER is defined as
(
PMK_MISS)
INTER_4W PMK_MISS(
INTER_AUTH INTER_4W)
INTER P T P T T
T = 1− ⋅ + ⋅ + (30)
5.2.3 Expected Handoff Overhead
Based on equations (8) (14), and (20), for an STA roaming within the WLAN Mesh, the expected handoff latency contributed by the security mechanism is defined as
[
1 ( 1) 2]
Based on equations (8) (25), and (30), the expected handoff traffic is defined as
[
1 ( 1) 2]
5.3 Experiment and Simulation
In order to obtain parameters of the equations, an experimental platform is built to measure the handoff latency, transmission time, the number of messages, etc. The ex-perimental environment is shown in Figure 5-15, where the AS, two authenticators and the supplicant reside in a LAN.
Figure 5-15 Experimental environment
The supplicant is a laptop installed Windows XP SP2, and the supplicant software is the build-in Windows Zero Configuration Service. Two authenticators are laptops controlled by the hostapd-0.5.7. The FreeRADIUS-1.1.4 is installed in the AS to pro-vide the authentication services. The encryption mechanism is WPA2/AES6, and the EAP method is PEAP/EAP-MSCHAPv2.
Parameters are measured in the experimental platform. Table 5-1 presents the av-erage measurement with 20 experiments.
6 The patch KB893357 is necessary for Windows XP to provide support for WPA2.
Table 5-1 Parameters measured in the experimental platform
T 2.44 ms
L1X 401.63 ms
L4W 20.76 ms
M1X 22 messages
MRADIUS 18 messages
R 1.049180328
PREVISIT is calculated with 1,200,000 simulations. Table 5-2 presents results from 1-subarea cluster to 8-subarea cluster.
Table 5-2 Average PREVISIT calculated in the simulation
n = 1 0.000000
n = 2 0.064579
n = 3 0.120625
n = 4 0.164704
n = 5 0.199851
n = 6 0.229387
n = 7 0.254347
n = 8 0.275391
5.4 Results
Figure 5-16 presents the relationship between PPF and LS at n = 3. Estimated results show that ISD remarkably reduces the handoff latency. At PPF = 1.0, i.e., STA does not perform preauthentication, ISD can improve the handoff latency up to 245%. Therefore, even though most of current 802.11i devices do not support preauthentication7, STAs can still take advantage of ISD. However, at PPF < 0.05, due to 4-way handshake
7 The preauthentication function in Windows XP with WPA2 is disabled in default.
sages are forwarded between MAP and MPP, ISD introduces larger LS, than 802.11i.
n = 3 0
100 200 300 400 500
0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 PPF
LS (ms)
11i ISD
Figure 5-16 Handoff latency with different PPF
Figure 5-17 presents LS with different cluster sizes at PPF = 1.0. At n = 5, ISD ap-proaches the minimal LS. Actually, the handoff latency of ISD is almost stable at n > 3.
For ISD, the burden incurred by the multi-hop transmission in the 4-way hand-shake counteracts the benefit of the larger cluster size. For 802.11i, EAP authentication is also delayed by the multi-hop transmission, and thus LS increases with the growing cluster size.
PP F = 1.0 0
100 200 300 400 500
1 2 3 4 5 6 7 8
n LS (ms)
11i ISD
Figure 5-17 Handoff latency with different n
LS of ISD with different cluster sizes and PPF are shown in Figure 5-18. Results in-dicate that the larger cluster size avail the handoff latency in all kinds of PPF. Besides,
the influence of PPF is decreasing with the growing cluster size.
ISD 0
100 200 300 400 500
1 2 3 4 5 6 7 8
n LS (ms)
PPF = 1.0 PPF = 0.8 PPF = 0.6 PPF = 0.4 PPF = 0.2
Figure 5-18 Handoff latency of ISD with different n and PPF
The improvement of ISD to the 802.11i with different L1X is shown in Figure 5-19.
Results show that the longer L1X flavors ISD. Therefore, no matter AS resides in the lo-cal or remote network, ISD can improve the handoff latency greatly.
PP F = 1.0 0%
200%
400%
600%
800%
1000%
1 2 3 4 5 6 7 8
n
Improvement
L1X = 400 L1X = 800 L1X = 1200 L1X = 1600 L1X = 2000
Figure 5-19 Improvement of ISD with different n and L1X
In the condition that ISD and 802.11i generate the equal handoff latency, Figure 5-20 represents the relationship between ISD with different cluster sizes at PPF = 1.0 and 802.11i with different PPF. Results indicate that the handoff latency of ISD is equivalent to 802.11i performing preauthentication at PPF = 0.2-0.1. It means ISD pro-vides around 80%-90% successful probability for preauthentication without any
addi-tional assistance, such as network topology information or historical handoff behaviors.
ISD, PP F = 1.0 0.0
0.2 0.4 0.6 0.8 1.0
1 2 3 4 5 6 7 8
n 11i, PPF
L1X = 400 L1X = 800 L1X = 1200 L1X = 1600 L1X = 2000
Figure 5-20 Relationship between ISD and 802.11i in the equal LS
The MP topology of WLAN Mesh may be different with the proposed handoff model. Figure 5-21 presents the handoff latency with different average hop counts be-tween MAP and MPP. Results indicate that ISD can remarkably improve the handoff latency in all average hop counts, which means ISD can be applied to varied MP to-pologies.
n = 3, PP F = 1.0 0
100 200 300 400 500 600
0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0
H
LS (ms) 11i
ISD
Figure 5-21 Handoff latency with different H
ISD essentially reduces the demand of 802.1X authentication but incurs the burden of the multi-hop latency in 4-way handshake. Since 802.1X authentication latency is much longer than the message transmission time, the benefit of ISD is certainly much
larger than the burden in terms of the handoff latency.
Figure 5-22 presents the relationship between PPF and TS at n = 3. Due to ISD is a centralized architecture, 4-way handshake messages are forwarded to MPP via the WLAN Mesh. At PPF < 0.55, ISD generates more handoff traffic than 802.11i. However, whereas PPF is low, the handoff traffic will not burden the network.
n = 3 0
5 10 15 20 25
0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 PPF
TS
11i ISD
Figure 5-22 Handoff traffic with different PPF
Figure 5-23 presents TS with different cluster sizes at PPF = 1.0. Results indicate that the handoff traffic generated by ISD is less than 802.11i except at n = 2. It means the benefit of reducing the number of handoffs in the larger cluster size exceeds the overhead of the growing hop count.
PP F = 1.0 0
10 20 30 40 50 60 70
1 2 3 4 5 6 7 8
n TS
11i ISD
Figure 5-23 Handoff traffic with different n
Figure 5-24 presents the handoff traffic with different average hop counts between MAP and MPP. Results indicate that ISD can reduce the handoff traffic in all average hop counts, which means ISD can be applied to varied MP topologies.
n = 3, PP F = 1.0 0
10 20 30 40 50 60 70
0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0
H
TS
11i ISD
Figure 5-24 Handoff traffic with different H
According to the estimated results, we can conclude that ISD provides great im-provement in the handoff latency when the cluster size is around 3 layers, i.e., 37 MPs connect to one MPP. This number accords with the scale of the 802.11s standard.
ISD is practical to use in current wireless environments. In terms of the power consumption, ISD estimates 802.1X authentication, and thus the battery-powered STA can balance the power consumption and the handoff performance. Furthermore, since the AS mostly resides in the core network, L1X would be longer than 400 ms. Estimated results indicate that ISD can further improve the handoff latency in this environment.
Even though ISD is the centralized architecture and forwards 4-way handshake messages to MPP, it does not result in the extra overhead in the handoff traffic. Actually, ISD can reduce the handoff traffic in all kinds of mesh networks at PPF = 1.0.
Chapter 6
Conclusion and Future Work
The authentication latency is a key factor for supporting the seamless handoff. To
The authentication latency is a key factor for supporting the seamless handoff. To