SAEW: A Security Assessment and Enhancement System of Wireless Local Area Networks (WLANs)

Abstract

Aiming at increasingly serious security problems of wireless local area networks (WLANs), this paper analyzes and studies the different security attacks and threats according to the four layer network architecture of WLAN. A WLAN security assessment and enhancement system called SAEW is proposed, which comprises two subsystems of security assessment system of WLAN (SAW) and security enhancement system of WLAN (SEW). The SAW is based on fuzzy logic that combines layering analysis and relevance analysis. The security vulnerabilities of PHY and MAC layer, key management layer and identity authentication layer and relevance of the four layers are analyzed. The security index system of WLAN, fuzzy set and rule base are built based on the WLAN security analysis of the above four layers. Moreover, according to the principles of fuzzy logic, the security level of WLAN is acquired through fuzzy reasoning. Towards the WLAN with low security level, the security enhancement of WLAN is processed. The SEW builds the trusted WLAN to improve the security level of WLAN, which is based on trusted network connect (TNC). By introducing different roles in TNC, such as a metadata access point client defending WPA/WPA2 brute forcer, the security enhancement and defense mechanisms are realized. The results of case study show that the security level is promoted by trusted WLAN.