1.1 VoWLAN and 802.1X Authentication
VoIP (Voice over IP) over Wireless LAN (WLAN), also referred to as VoWLAN, has become one of the important applications of the 802.11 WLAN. Due to the advantages of WLANs, such as ease of deployment, low costs, and user mobility, the IEEE 802.11 WLAN has been increasingly popular up to now. Mobility is the most important feature provided by wireless networks. Conventional applications used to run on wired networks, move to wireless networks and may not work as well on wireless networks. If we take VoIP into consideration, voice over WLAN (VoWLAN) is expected to become one of the most attractive services used in mobile devices over wireless networks.
However, the combination of WLAN and VoIP, is not perfect and has some problems.
WLAN and VoIP both have their attributes, some of which are opposite. When a mobile user is exercising VoWLAN and moving from the radio coverage of a serving 802.11-defined Access Point (AP) to another, the change of AP association according to current signal strength and quality is called handoff. According to the IEEE 802.11 specification, a mobile station can be associated with only one AP at any given instant. The 802.11 WLAN is designed to provide data access of wide bandwidth, but it has limited radio coverage. It overlooks the problem that radio disconnection of seconds may affect real-time interactive user applications. VoIP is one kind of real-time application services and it has some requirements that voice packets are delay-sensitive but tolerable of few packets lost.
Consequently, one of problems of VoWLAN is that it lacks an efficient handoff procedure for supporting on-going VoIP communications when a mobile user is roaming between APs. The handoff latency contributes to great quality degradation of a VoIP communication over the 802.11 WLAN.
The IEEE 802.1X provides a user authentication framework for the 802.11 WLAN, but has side effects against VoWLAN operations. 802.1X is based on EAP (Extensible Authentication Protocol) which was initially developed as an authentication extension for PPP (Point-to-Point Protocol). 802.1X is port-based network access control which means that the ports to which authenticated users are connected are authorized or valid and any authenticated users’ packets can pass through them. The ports of unauthenticated users are invalid or unauthorized and 802.1X drops packets through them except EAP authentication packets, i.e., only EAP authentication packets can pass through the unauthorized ports during authentication process. However, 802.1X was used to user authentication on wired networks and a port used to be a physical and static connection. It does not consider if the ports are mobile, and the problems resulted from user mobility. Now, take 802.1X for 802.11 WLAN user authentication for example, one 802.11 association is defined as a logical connection, i.e., a logical port. The port for 802.11 WLAN is dynamically and logically created after the 802.11 association completes. Only after the 802.11 handoff completes does the 802.1X start authentication process. Unfortunately, the 802.1X authentication process is time-consuming because of many round-trip transaction packets for authentication. We call this “the 802.1X authentication latency” and take it into consideration of the 802.11 handoff latency. During the 802.1X authentication process, any non-EAP authentication packets, especially including voice packets, are dropped. The VoIP communication is interrupted until the 802.1X authentication success. Obviously, the 802.1X authentication latency does not meet the requirement of low-latency feature of VoIP. As a result, this is the major problem of VoWLAN under 802.1X authentication. In this thesis, we propose an efficient handoff scheme for VoWLAN under 802.1X authentication to reduce the 802.1X authentication latency.
1.2 Related work
There are many researches investigating the topic of handoff process of the 802.11
WLAN at the data link layer. [1] reported an experimental analysis of the IEEE 802.11 handoff process at the MAC layer. They concluded that the delay of searching available APs on every channel from 1 to 11 accounts for more than 90% of the overall handoff delay. [2]
analyzed that the event that three consecutive collisions occurs when transmitting a packet rarely happens, then suggested reducing the time for detecting lack of radio link by quickly reacting to packet losses. [3] suggested reducing the handoff delay by scanning only the channels selected in neighbor graph (NG), which is an undirected graph with each edge representing a mobility path between APs. [4] developed a handoff procedure to reduce the MAC layer handoff latency. They proposed a fast handoff algorithm including the selective scanning procedure and the caching procedure.
The researches above improved the handoff procedure only at the link layer, few of them concerned the 802.1X authentication. The 802.1X authentication ensures the access right to user application or services. It is a time-consuming procedure and starts after the completion of 802.11 association. Few studies lay stress on an efficient 802.1X handoff for the 802.11 WLAN such that the overall handoff delay can still satisfy the requirements of VoIP communications. The 802.1X is still an open issue, having different authentication methods and options. The more authentication messages exchange, the longer it takes to complete the 802.1X authentication. Original 802.1X authentication takes from 400 to 1000 ms to accomplish 802.1X handoff by using from EAP-MD5 to EAP-PEAP authentication methods.
But it is too long for VoIP applications. These result stall takes long time to perform 802.1X handoff.
1.3 The purpose of this thesis and its overview
In this thesis, we propose a new 802.1X authentication method to reduce the 802.1X authentication latency as well as handoff delay. Our method aims to reduce the number of
802.1X authentication messages exchange during handoff and make only minimum changes to the existing wireless LAN deployments. The fewer 802.1X messages exchanges, the less opportunity of hack it leads. Also, the faster it takes to complete the 802.1X authentication, the fewer packets it drops, especially including the voice packets. We assume that each 802.11-defined AP supports the 802.1X authentication and an additional authentication server, typically a Radius server, exists. Our method reduces both the handoff latency and the packet loss.
The remaining of this thesis is organized as follows. In Chapter 2, we briefly discuss the related parts of the IEEE 802.11 specification, the IEEE 802.1X specification and the Kerberos. In Chapter 3, we present our solution that is a new authentication method for VoWLAN under 802.1X authentication. In Chapter 4, we implement the design by using open source software projects, including the Xsupplicant, Hostapd, as well as FreeRADIUS, and then evaluate the 802.1X authentication latency of our mechansim. In Chapter 5, we summarize and conclude our work.