Security in Wireless LAN Networks
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Wireless LAN technology offers high-speed, wireless connectivity that enables mobile computing in many different environments. Many new services will be provided by usage of wireless LANs in public, home and corporate scenarios. Example of remote services might be downloading a video stream from a remote server or accessing news from an e-magazine. Local services could consist in travel information at airports, hotel-facilities at hotels, and conference-update at conference centers, as well as buying a fresh drink in a store. Present wireless networks are based on IEEE 802.11 standard, operating in the unlicensed 2.4 GHz ISM band and providing a bitrate of 2 Mbps. A new version of the 802.11 standard (802.11b) already now allows a bitrate of up to 11 Mbps. Work is now in progress for a new high performance wireless LAN standard with initial data rates up to 54 Mbps. It will operate in the license free 5 GHz band, which is globally available.
Support for IP mobility is also on the verge of hitting the market on a broad scale. The requirement for this feature stems from the fact that terminals such as laptops, notebooks, and even palmtops, are on their way to regularly being connected to LANs by means of previous wireless interface. In a longer term, IP mobility is also seen as a requirement for the next generation of cellular networks and (of course) also for next generation of wireless LANs, e.g. those based on the HiperLAN/2 technology. While Mobile IP should be part of an overall mobility suit solution, it is best used selectively and in pop-up mode (i.e. using DHCP to obtain addresses) instead of using a Foreign Agent. Using Foreign Agents may in fact add additional complexity to the network, which may already be using DHCP. Both Wireless LAN systems deployed today and the Mobile IP solutions specified by the IETF mobility working group implement and define different levels and parts of an overall security architecture. Current solutions lack an analysis of the security framework regarding requirements that would apply for the private, public, domestic, and VPN networking cases, which are quite different in their nature.
The main goal of this thesis has consisted in analysing and defining several security proposals for future wireless LAN network scenarios. Advanced services, such as IP mobility, accounting support for roaming, VPN services, and a secure interface for dynamic assignment of IP addresses to mobile terminals (e.g. through DHCP or DRCP), have also been integrated in the overall framework. The most important results of this work consisted in:
- A security Functional Description (FD) for usage of wireless LAN networks in present and envisaged application scenarios.
- A detailed analysis of IEEE-802.11 and HiperLAN/2 standards, with particular attention to procedures for handover and security.
- An evaluation of Ericsson’s present solutions for wireless LAN security and an extension of the latter to the case of public access networks.
- Several proposals for integration of (AAA) accounting schemes in wireless LAN systems.
- A complete and scalable architecture able to provide authentication, data confidentiality, and integrity, to usage of Mobile IP (an optimized interaction scheme between IPSec and Mobile IP has been produced through the definition of a new ISAKMP payload).
- Three possible proposals for secure dynamic assignment of IP addresses to mobile terminals (authenticated DHCP, DHCP with IPSec, and DRCP), with public key distribution support for roaming.
- An analysis of different Virtual Private Network solutions for wireless networks.
- Several appendixes with literature information regarding security policies, network and datacom security, several protocols for data confidentiality and authentication, key exchange and distribution, and IP mobility.
Place, publisher, year, edition, pages
2000. , 161 p.
IdentifiersURN: urn:nbn:se:kth:diva-93559OAI: oai:DiVA.org:kth-93559DiVA: diva2:516976
Subject / course
Master of Science in Engineering - Electrical Engineering
2000-04-06, Seminar room "Telegrafen", Isafjordsgatan 22, Kista, 08:00 (English)
Maguire Jr., Gerald Q., ProfessorMelen, Riccardo, ProfessorJohnsson, MartinRinman, Martin
Maguire Jr., Gerald Q., Professor