Channel Scanning and Access Point Selection Mechanisms for 802.11 Handoff: A Survey

While the cellular technology has been evolving continuously in recent years and client handoffs remain unnoticed, the 802.11 networks still impose an enormous latency issue once the client device decides to roam between the Access Point (AP). This latency is caused by many factors reckoning on scanning the channels and searching for APs with better signal strength. Once data from all the nearby APs has been collected, the client picks the most suitable AP and tries to connect with it. The AP verifies if it has enough capability to serve the client. It also ensures that the client has the required parameters and supported rates to match with the AP. The AP then processes this request, generates a new Association ID and sends it back to the client, thereby granting access to connect. Throughout this re-association process, the client fails to receive or send any data frames and experiences a lag between leaving the old and associating with a new AP. Originally, 802.11 authentication frames were designed for Wired Equivalent Privacy protocol, but later it was found to be insecure and thus got depreciated. Keeping these security aspects concerning shared key authentication in mind, few additional drafts were introduced by IEEE that concerned many key exchanges between the devices. IEEE 802.11r was introduced in 2008 that permits wireless clients to perform faster handoff along with additional data security standards. The key exchange method was redefined and also the new security negotiation protocol started serving wireless devices with a better approach. This enables a client to set up the Quality of Service state and security on an alternative AP before making a transition which ends up in minimal connectivity losses. Although this was an excellent step towards minimizing the service disruption and channel scanning, failure to remain connected with consecutive suitable APs within the minimum time continued to be a challenge. Different manufacturers use their custom-built methodology of handling a client handoff and hence the latency costs differ based on the type of handoff scheme deployed on the device. This thesis focuses on the foremost economical researches throughout recent years which targets minimizing the delays involved with channel scanning and AP selection. A wide sort of enhancements, whether it is on a client device or the AP, has been discussed and compared. Some modifications are associated with enhancing channel scan period or using beacons, and probe requests/responses in an efficient manner. Others concentrate on modifying the device hardware configuration and switching between Network Interfaces. Central controllers are a solution to handoff delays that may track the status of each device within the network and guide them to provide the appropriate Quality of Service to the end-users

Security in Wireless Local Area Networks (WLANs)

Major research domains in the WLAN security include: access control & data frame protection, lightweight authentication and secure handoff. Access control standard like IEEE 802.11i provides flexibility in user authentication but on the other hand fell prey to Denial of Service (DoS) attacks. For Protecting the data communication between two communicating devices—three standard protocols i.e., WEP (Wired Equivalent Privacy), TKIP (Temporal Key Integrity Protocol) and AES-CCMP (Advanced Encryption Standard—Counter mode with CBC-MAC protocol) are used. Out of these, AES-CCMP protocol is secure enough and mostly used in enterprises. In WLAN environment lightweight authentication is an asset, provided it also satisfies other security properties like protecting the authentication stream or token along with securing the transmitted message. CAPWAP (Control and Provisioning of Wireless Access Points), HOKEY (Hand Over Keying) and IEEE 802.11r are major protocols for executing the secure handoff. In WLANs, handoff should not only be performed within time limits as required by the real time applications but should also be used to transfer safely the keying material for further communication. In this chapter, a comparative study of the security mechanisms under the above-mentioned research domains is provided

A Novel Design and Implementation of Dos-Resistant Authentication and Seamless Handoff Scheme for Enterprise WLANs

With the advance of wireless access technologies, the IEEE 802.11 wireless local area network (WLAN) has gained significant increase in popularity and deployment due to the substantially improved transmission rate and decreased deployment costs. However, this same widespread deployment makes WLANs an attractive target for network attacks. Several vulnerabilities have been identified and reported regarding the security of the current 802.11 standards. To address those security weaknesses, IEEE standard committees proposed the 802.11i amendment to enhance WLAN security. The 802.11i standard has demonstrated the capability of providing satisfactory mutual authentication, better data confidentiality, and key management support, however, the design of 802.11i does not consider network availability. Thus 802.11i is highly susceptible to malicious denial-of-service (DoS) attacks, which exploit the vulnerability of unprotected management frames. This paper proposes, tests and evaluates a combination of three novel methods by which the exploitation of 802.11i by DoS attacks can be improved. These three methods include an access point nonce dialogue scheme, a fast access point transition protocol handoff scheme and a location management based selective scanning scheme. This combination is of particular value to real-time users running time-dependant applications such as VoIP. In order to acquire practical data to evaluate the proposed schemes, a prototype network has been implemented as an experimental testbed using open source tools and drivers. This testbed allows practical data to be collected and analysed. The result demonstrates that not only the proposed authentication scheme eradicates most of the DoS vulnerabilities, but also substantially improved the handoff performance to a level suitable for supporting real-time services

Security and mobility in 802.11 structured networks

Mestrado em Engenharia Electrónica e TelecomunicaçõesNesta tese é apresentado um protocolo que permite handovers rápidos e seguros em redes estruturadas 802.11. Este protocolo recupera o paradigma original do 802.11: autenticar primeiro, reassociar depois. Partindo deste paradigma, apresentamos duas novas operações 802.11 de autenticação e (re)associacão, que permitem que uma estacão móvel realize reautenticacões e reassociações com as mesmas funcionalidades do 802.1X. Esta nova aproxiamação requer pouca mudança na arquitectura da rede, nomeadamente só necessita de um novo Servidor de Reautenticação, para armazenar os dados usados pelas estações móveis durante as reautenticações. Nesta tese é também apresentada uma extensão do nosso protocolo, de maneira a permitir uma migração rápida e segura entre ESS usando Mobile IP. ABSTRACT: This thesis presents a fast, secure handover protocol that recovers the original 802.11 paradigm: authenticate first, reassociate next. Following this paradigm, we present two new 802.11 authentication and (re)association operations which allow a mobile station to perform network reauthentications and reassociations with the same functionality of a complete 802.1X authentication. This new approach requires very little from the environment, namely it only requires a new, central network Reauthentication Service, for storing data used in the reauthentication of stations. This thesis also presents a layer 3 extension of our protocol, to support fast, secure transitions between ESS using Mobile IP

FastM: Design and Evaluation of a Fast Mobility Mechanism for Wireless Mesh Networks

Although there is a large volume of work in the literature in terms of mobility approaches for Wireless Mesh Networks, usually these approaches introduce high latency in the handover process and do not support realtime services and applications. Moreover, mobility is decoupled from routing, which leads to inefficiency to both mobility and routing approaches with respect to mobility. In this paper we present a new extension to proactive routing protocols using a fast mobility extension, FastM, with the purpose of increasing handover performance in Wireless Mesh Networks. With this new extension, a new concept is created to integrate information between neighbor wireless mesh routers, managing locations of clients associated to wireless mesh routers in a certain neighborhood, and avoiding packet loss during handover. The proposed mobility approach is able to optimize the handover process without imposing any modifications to the current IEE 802.11 MAC protocol and use unmodified clients. Results show the improved efficiency of the proposed scheme: metrics such as disconnection time, throughput, packet loss and control overhead are largely improved when compared to previous approaches. Moreover, these conclusions apply to mobility scenarios, although mobility decreases the performance of the handover approach, as expected

Edge Robotics: are we ready? An experimental evaluation of current vision and future directions

Cloud-based robotics systems leverage a wide range of Information Technologies (IT) to offer tangible benefits like cost reduction, powerful computational capabilities, data offloading, etc. However, the centralized nature of cloud computing is not well-suited for a multitude of Operational Technologies (OT) nowadays used in robotics systems that require strict real-time guarantees and security. Edge computing and fog computing are complementary approaches that aim at mitigating some of these challenges by providing computing capabilities closer to the users. The goal of this work is hence threefold: i) to analyze the current edge computing and fog computing landscape in the context of robotics systems, ii) to experimentally evaluate an end-to-end robotics system based on solutions proposed in the literature, and iii) to experimentally identify current benefits and open challenges of edge computing and fog computing. Results show that, in the case of an exemplary delivery application comprising two mobile robots, the robot coordination and range can be improved by consuming real-time radio information available at the edge. However, our evaluation highlights that the existing software, wireless and virtualization technologies still require substantial evolution to fully support edge-based robotics systems.This work has been partially funded by European Union’s Horizon 2020 research and innovation programme under grant agreement No 101015956, and the Spanish Ministry of Economic Affairs and Digital Transformation and the European Union- NextGenerationEU through the UNICO 5G I+ D 6G-EDGEDT and 6G-DATADRIVE

Design of a UMTS/GPRS Assisted Mesh Network (UAMN)

Wireless Mesh or multi-hop networks (WMNs) are well known thanks to its simplicity on deployment and the lack of infrastructure. These two advantages come with some drawbacks. WMNs have limitations with the support of Quality of Service (QoS), they do not assure coverage or even connectivity, and security, management and monitoring are not considered key requirements. In order to benefit of mesh networks and use them as an operator graded network, it is necessary to either improve mesh networks to fulfill all these requirements or use an alternative network that offers full availability, connectivity and security to assist the mesh network. Considering the two options, the second is the one selected making use of GPRS/UMTS as an assistant network. The document describes a set of requirements and the design of the functionalities needed to build an operator graded network using the cellular GPRS/UMTS. The aspects covered in the design are: security, quality of service, mobility, self configuration and optimization. The last point, optimization, is not directly involved with mesh networking, but it is an improvement easy to achieve when using a gateway node to access the Internet through a GPRS/UMTS connection. The design of the solution not only considers functionality, but also feasibility employing of the shelve elements. The mesh nodes and gateways are built on top of Linux operating system with the aim to reuse previous results and open source software. The final objective of the project is to build a usable system to be used as a proof of concept.Peer Reviewe