Abstract
Wireless local area networks (WLANs) based on the IEEE 802.11 standards are one of today’s fastest growing technologies in businesses, schools, and homes, for good reasons. As WLAN deployments increase, so does the challenge to provide these networks with security. Security risks can originate either due to technical lapse in the security mechanisms or due to defects in software implementations. Standard Bodies and researchers have mainly used UML state machines to address the implementation issues. In this paper we propose the use of GSE methodology to analyse the incompleteness and uncertainties in specifications. The IEEE 802.11i security protocol is used as an example to compare the effectiveness of the GSE and UML models. The GSE methodology was found to be more effective in identifying ambiguities in specifications and inconsistencies between the specification and the state machines. Introduction The first wireless security solution for 802.11-based networks, the Wired Equivalent Privacy(WEP), received a great deal of coverage due to various technical failures in the protocol [1].Standards bodies and industry organizations are spending more time and money on developing and deploying next-generation solutions that address growing wireless network security problems. The IEEE 802.11i standard proposes a Robust Security Network (RSN) with much-improved authentication, authorization, and encryption capabilities. The Wi-Fi Alliance, a wireless industry organization, has created the Wi-Fi Protected Access (WPA) standard, a subset of the 802.11i. These new standards are more complicated than their predecessors but are more scalable and secure than existing wireless networks. They also dramatically raise the bar for attackers and administrators. The new standards will employ a phased adoption process because of the large installed base of 802.11 devices [2]. Proper migration to 802.11i and mitigating the legacy wireless risks will be a bumpy road. However, the end result will provide users a secure base for mobile distributed processing needs. The 802.11i Security The IEEE 802.11i standard defines two classes of security framework for IEEE 802.11 WLANs: RSN and pre-RSN as shown in Fig. 1. A station is called RSN-capable equipment if it is capable of creating RSN associations (RSNA). Otherwise, it is called pre-RSN equipment. The network that only allows RSNA with RSN-capable equipment’s is called a RSN security framework. The major difference between RSNA and pre-RSNA is the 4-way handshake. If the 4-way handshake is not included in the authentication/association procedures, stations are said to use pre-RSNA [3]. International Conference on Advances in Mechanical Engineering and Industrial Informatics (AMEII 2015) © 2015. The authors Published by Atlantis Press 1860 Figure 1. The 802.11i Security Framework In addition to enhancing the security in pre-RSN, the RSN security defines key management procedures for IEEE 802.11 networks. It also enhances the authentication and encryption in preRSN. The enhanced features of RSN are as follows: Authentication Enhancement: IEEE 802.11i utilizes IEEE 802.1X for its authentication and key management services. It incorporates two components into the IEEE 802.11 architecture IEEE 802.1X Port and Authentication Server (AS). IEEE 802.1X port represents the association between two peers. There is a one-to-one mapping between IEEE 802.1X Port and association. Key Management and Establishment: Two ways to support key distribution are introduced in IEEE 802.11i: manual key management and automatic key management. Manual key management requires the administrator to manually configure the key. The automatic key management is available only in RSNA. It relies on IEEE 802.1X to support key management services [4]. Encryption Enhancement: In order to enhance confidentiality, two advanced cryptographic algorithms are developed: Counter-Mode/CBC-MAC Protocol (CCMP) and Temporal Key Integrity Protocol (TKIP). In RSN, CCMP is mandatory. TKIP is optional and is recommended only to patch pre-RSN equipment. Modeling In the process of modeling the RSN, we first model the WLAN environment using the Structure and Composition Trees. Thereafter, the requirements translation is accomplished followed by the development of the requirements behaviour trees (RBTs). WLAN Structure. The behavior of a system takes place on a network structure. This structure can be defined using the analogous of behavior trees called structure trees. The structure tree is used in our analysis to demonstrate the connection structure of two STAs in an ESS. The model shows how the connecting STAs coordinate with other components in the system.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.