A Novel Design and Implementation of Dos-Resistant Authentication and Seamless Handoff Scheme for Enterprise WLANs

With the advance of wireless access technologies, the IEEE 802.11 wireless local area network (WLAN) has gained significant increase in popularity and deployment due to the substantially improved transmission rate and decreased deployment costs. However, this same widespread deployment makes WLANs an attractive target for network attacks. Several vulnerabilities have been identified and reported regarding the security of the current 802.11 standards. To address those security weaknesses, IEEE standard committees proposed the 802.11i amendment to enhance WLAN security. The 802.11i standard has demonstrated the capability of providing satisfactory mutual authentication, better data confidentiality, and key management support, however, the design of 802.11i does not consider network availability. Thus 802.11i is highly susceptible to malicious denial-of-service (DoS) attacks, which exploit the vulnerability of unprotected management frames. This paper proposes, tests and evaluates a combination of three novel methods by which the exploitation of 802.11i by DoS attacks can be improved. These three methods include an access point nonce dialogue scheme, a fast access point transition protocol handoff scheme and a location management based selective scanning scheme. This combination is of particular value to real-time users running time-dependant applications such as VoIP. In order to acquire practical data to evaluate the proposed schemes, a prototype network has been implemented as an experimental testbed using open source tools and drivers. This testbed allows practical data to be collected and analysed. The result demonstrates that not only the proposed authentication scheme eradicates most of the DoS vulnerabilities, but also substantially improved the handoff performance to a level suitable for supporting real-time services

Attention to Wi-Fi Diversity: Resource Management in WLANs with Heterogeneous APs

Many home networks integrate a small number (typically 2-4) of Wi-Fi Access Points (APs), with heterogeneous characteristics: different 802.11 variants, capabilities and security schemes. This paper proposes the consideration of these specific characteristics in order to improve the management of network resources. Three use cases are presented in order to showcase the potential benefits. By the use of a user-space AP, which works in coordination with a controller, the network is able to assign each connected station to the AP that best fits with its characteristics. The system also manages security, avoiding the need of adding specific elements for authentication, encryption or decryption. Extensions are proposed to an existing protocol that defines the communication between the AP and the controller, in order to communicate and store the specific characteristics of each AP and end device. This includes new association and handoff schemes that do not introduce any additional delay. The system has been implemented in a real environment, and a battery of tests has been run using three hardware platforms of different characteristics. The results show that handoffs between bands are possible, and estimate the processing delays, the Round-Trip Time and the handoff delay, which is small enough in order not to produce any significant disruption to the user (10-50 ms). Finally, the scenarios of interest have been replicated in a simulation environment, showing that significant benefits can be achieved if the specific characteristics of each AP and station are considered

Fast Authentication in Heterogeneous Wireless Networks

The growing diffusion of wireless devices is leading to an increasing demand for mobility and security. At the same time, most applications can only tolerate short breaks in the data flow, so that it is a challenge to find out mobility and authentication methods able to cope with these constraints. This paper aims to propose an authentication scheme which significantly shortens the authentication latency and that can be deployed in a variety of wireless environments ranging from common Wireless LANs (WLANs) to satellite-based access networks

Internet Access and QoS in Ad Hoc Networks

It is likely that the increased popularity of wireless local area networks (WLANs) together with the continuous technological advances in wireless communication, also increase the interest for ad hoc networks. An ad hoc network is a wireless, autonomous, infrastructure-less network composed of stations that communicate with each other directly in a peer-to-peer fashion. When discussing mobile ad hoc networks (MANETs), we often refer to an ad hoc network where the stations cooperate in forwarding packets on behalf of each other to allow communication beyond their transmission range over multi-hop paths. In order to realize the practical benefits of ad hoc networks, two challenges (among others) need to be considered: distributed quality of service (QoS) guarantees and multi-hop Internet access. This thesis presents conceivable solutions to both of these problems. The first two papers focus on the network layer and consider the provisioning of Internet access to ad hoc networks whereas the last two papers focus on the data link layer and investigate the provisioning of QoS to ad hoc networks. The first paper studies the interconnection between a MANET and the Internet. In addition, it evaluates three approaches for gateway discovery, which can be initiated by the gateway (proactive method), by the mobile station (reactive method) or by mixing these two approaches (hybrid method). The second paper also studies Internet access for MANETs, but with focus on micro mobility, i.e. mobile stations moving from one gateway to another. In particular, it evaluates a solution that allows mobile stations to access the Internet and roam from gateway to gateway. The third paper, gives an overview of the medium access mechanisms in IEEE 802.11 and their QoS limitations. Moreover, it proposes an enhancement to the contention-free medium access mechanism of IEEE 802.11e to provide QoS guarantees in WLANs operating in ad hoc network configuration. The fourth paper continues the work from the third paper by enhancing the scheme and dealing with the problems that occur due to hidden stations. Furthermore, it discusses how to deal with the problems that occur when moving from single-hop ad hoc networks (i.e. WLANs in ad hoc network configuration) to multi-hop ad hoc networks

Why It Takes So Long to Connect to a WiFi Access Point

Today's WiFi networks deliver a large fraction of traffic. However, the performance and quality of WiFi networks are still far from satisfactory. Among many popular quality metrics (throughput, latency), the probability of successfully connecting to WiFi APs and the time cost of the WiFi connection set-up process are the two of the most critical metrics that affect WiFi users' experience. To understand the WiFi connection set-up process in real-world settings, we carry out measurement studies on $5$ million mobile users from $4$ representative cities associating with $7$ million APs in $0.4$ billion WiFi sessions, collected from a mobile "WiFi Manager" App that tops the Android/iOS App market. To the best of our knowledge, we are the first to do such large scale study on: how large the WiFi connection set-up time cost is, what factors affect the WiFi connection set-up process, and what can be done to reduce the WiFi connection set-up time cost. Based on the measurement analysis, we develop a machine learning based AP selection strategy that can significantly improve WiFi connection set-up performance, against the conventional strategy purely based on signal strength, by reducing the connection set-up failures from $33\%$ to $3.6\%$ and reducing $80\%$ time costs of the connection set-up processes by more than $10$ times.Comment: 11pages, conferenc

An eco-friendly hybrid urban computing network combining community-based wireless LAN access and wireless sensor networking

Computer-enhanced smart environments, distributed environmental monitoring, wireless communication, energy conservation and sustainable technologies, ubiquitous access to Internet-located data and services, user mobility and innovation as a tool for service differentiation are all significant contemporary research subjects and societal developments. This position paper presents the design of a hybrid municipal network infrastructure that, to a lesser or greater degree, incorporates aspects from each of these topics by integrating a community-based Wi-Fi access network with Wireless Sensor Network (WSN) functionality. The former component provides free wireless Internet connectivity by harvesting the Internet subscriptions of city inhabitants. To minimize session interruptions for mobile clients, this subsystem incorporates technology that achieves (near-)seamless handover between Wi-Fi access points. The WSN component on the other hand renders it feasible to sense physical properties and to realize the Internet of Things (IoT) paradigm. This in turn scaffolds the development of value-added end-user applications that are consumable through the community-powered access network. The WSN subsystem invests substantially in ecological considerations by means of a green distributed reasoning framework and sensor middleware that collaboratively aim to minimize the network's global energy consumption. Via the discussion of two illustrative applications that are currently being developed as part of a concrete smart city deployment, we offer a taste of the myriad of innovative digital services in an extensive spectrum of application domains that is unlocked by the proposed platform