Document 14618361
advertisement
vii TABLE OF CONTENTS CHAPTER 1 2 SUBJECT PAGE DECLARATION ii DEDICATION iii ACKNOWLEDGEMENT iv ABSTRACT v ABSTRAK vi TABLE OF CONTENTS vii LIST OF TABLES xi LIST OF FIGURES xii LIST OF ABBREVIATION xvi LIST OF APPENDICES xix LIST OF SYMBOLS xx INTRODUCTION 1.1. Introduction 1 1.2. Problem Statement 3 1.3. Objective of The Research 4 1.4. Scope of The Research 4 1.5. Significance of Project 5 1.6. Thesis Outline 6 LITERATURE REVIEW 2.1. Introduction 7 2.2. IEEE 802.11 Architecture 8 2.2.1. Autonomous WLAN Architecture 9 viii 2.2.2. Distributed WLAN Architecture 9 2.2.3. Centralized WLAN Architecture 10 2.3. IEEE 802.11 Authentication Mechanism 13 2.3.1. Open-System Authentication 14 2.3.2. Secure Authentication 15 2.4. Existing Fast Re-authentication techniques 2.4.1. Context Transfer Method 2.4.1.1. Related work on CT Technique 20 21 23 2.4.1.1.1. Proactive Neighbor Caching (PNC) 23 2.4.1.1.2. Proactive Key Distribution (PKD) 24 2.4.1.1.3. Selective Neighbor Caching (SNC) 25 2.4.1.1.4. CAPWAP Handover Protocol 26 (CAPWAPHP) 2.4.1.1.5. Adaptive Neighbor Caching (ANC) 28 2.4.1.1.6. Cluster-Chain-based Context Transfer 28 3 (C T) 2.5. Handover Decision 2.5.1. Related work on RSS-Based Handover 33 35 Decision 2.5.1.1. Adaptive Preferred-Network Life- 35 Prediction of RSS Transition Pattern 38 Time 2.5.1.2. 2.6. Summary 3 43 METHODOLOGY 3.1. Introduction 44 3.2. Implementation 45 3.3. Testbed Architecture 45 3.4. Flow of Predictive Context Transfer (PCT) 51 3.5. Design Framework of PCT 55 3.5.1. Handover Threshold in PCT 56 3.5.2. Early RSS Transition Pattern Technique 57 3.5.3. Hypothesis of Client’s Moving Weight 61 ix 4 3.6. PCT Framework Design 71 3.7. Summary 74 PERFORMANCE ANALYSIS ON THE PCT ALGORITHM IN CENTRALIZED ARCHITECTURE 4.1. Introduction 75 4.2. Experiment of Handover Latency 77 4.2.1. Handover Latency without PCT 4.2.1.1. Re-Authentication Latency 79 79 Experiment without PCT 4.2.1.2. Re-authentication Latency Experiment 82 with Error 4.2.1.3. Comparison of re-authentication 87 The Affect of Distance in Re- 88 latency 4.2.1.4. authentication Latency 4.2.2. Handover Latency with PCT 4.2.2.1. Re-Authentication Latency with PCT 4.3. Experiment for Performance of Handover Decision 4.3.1. Outdoor Experiment for PCT 4.3.1.1. Cache Hit: Successful Handover for 91 91 93 96 98 Outdoor Experiment 4.3.1.2. False Alarm: Unnecessary Handover 99 for Outdoor Experiment 4.3.2. Indoor Experiment for PCT 4.3.2.1. Cache Hit: Successful Handover for 100 102 Indoor Experiment 4.3.2.2. False Alarm: Unnecessary Handover 104 for Indoor Experiment 4.4. Conclusion 105 x 5 CONCLUSION 5.1. Introduction 106 5.2. Recommendation For Future Works 108 REFERENCES 109 Appendices A 114 xi LIST OF TABLES TABLE NO. TITLE PAGE 2.1 Guidance for IP QoS classes 8 2.2 List of functionalities for layer protocol in centralized IEEE 13 802.11 2.3 Summary of context transfer technique for fast re- 30 authentication 2.4 Summary of RSS-based handover decision technique 41 3.1 Testbed hardware and software specification 47 3.2 The optimization results for the client’s MW using MWD for 70 indoor 3.3 The optimization results for the client’s MW using MWD for 71 outdoor 4.1 Experiment parameters and values 94 xii LIST OF FIGURES FIGURE NO. TITLE PAGE 1.1 Typical topology of a WLAN 2 2.1 Autonomous WLAN architecture 9 2.2 Distributed WLAN architecture 10 2.3 Centralized WLAN architecture 11 2.4 Three architectural of MAC within AP in centralized 12 architecture 2.5 Handover latency components for secure network connection 14 using WPA2-Enterprise 2.6 Timing Diagram for handover process for WPA2-Enterprise 16 authentication mechanism in centralized WLAN architecture 2.7 Security exchange in WPA2-Enterprise 17 2.8 4-way handshake process 19 2.9 Existing fast re-authentication technique in WLANs 20 2.10 Context transfer technique 21 2.11 Proactive Neighbour Caching (PNC) technique 23 2.12 Proactive Key Distribution (PKD) technique 24 2.13 Selective Neighbour Caching (SNC) technique 26 2.14 Association request scenario for local MAC WTPs in 27 CAPWAPHP technique 2.15 Association request scenario for split MAC WTPs in 27 CAPWAPHP technique 2.16 (a) An illustrated neighbour graph; (b) AN illustrated motion 29 example; in the C3T technique 2.17 Network coverage overlap using (a) low handover; (b) high handover threshold 35 xiii 2.18 Flow chart of ALIVE-HO 37 2.19 Flow chart of Ping-Pong avoidance algorithm 40 3.1 The testbed architecture 46 3.2 Floor layout for testbed 49 3.3 Network coverage for AP1 50 3.4 Secure authentication process for WPA2-Enterprise (a) without 51 context transfer; (b) with context transfers 3.5 Context cache for context transfer method 52 3.6 First time authentication with context transfer implemented (a) 54 without handover prediction; (b) with handover prediction 3.7 Framework Diagram of PCT 55 3.8 Collected client’s RSS for a minute when a mobile user not 57 moving 3.9 RSS transition pattern technique using (a) Normal RSS 58 transition pattern; (b) Early RSS transition pattern 3.10 The disadvantage of normal RSS transition pattern 60 3.11 The advantage of early RSS transition pattern 60 3.12 Collected client’s RSS in static mode for three different 62 locations 3.13 Client’s θ at (a) Location 1; (b) Location 2; (c) Location 3 for 63 MW(5), MW(10) and MW(15) 3.14 Moving Weight Discovery (MWD) algorithm 65 3.15 Moving Wight Discovery (MWD) method 66 3.16 The average sample collected using MW(5) at (a) Location 1; 67 (b) Location 2; (c) Location 3; for MWD method 3.17 The average sample collected using MW(10) at (a) Location 1; 68 (b) Location 2; (c) Location 3; for MWD method 3.18 The average sample collected using MW(15) at (a) Location 1; 69 (b) Location 2; (c) Location 3; for MWD method 3.19 Predictive Context Transfer (PCT) algorithm 72 3.20 Predictive Context Transfer (PCT) method 73 4.1 Flow chart diagram of experiment 76 xiv 4.2 Hierarchy chart diagram of handover latency experiment 77 4.3 Sniffer using AirMagnet WiFi Analyzer tool 78 4.4 Re-authentication latency for open-system authentication 80 method 4.5 Re-authentication latency for WPA2-Personal authentication 81 method 4.6 Re-authentication latency for WPA2-Enterprise authentication 82 method 4.7 Latency of Open-System authentication method in error 83 scenario 4.8 Comparison latency of authentication and association phase in 84 Open-System authentication method 4.9 Latency of WPA2-Personal authentication method in error 84 scenario 4.10 Comparison latency of 4-way handshake phase in WPA2- 85 Personal authentication method 4.11 Latency of WPA2-Enterprise authentication method in error 86 scenario 4.12 Comparison latency of 802.1x authentication in WPA2- 86 Enterprise authentication method 4.13 Comparison of authentication latency for open system, WPA2- 87 Personal and WPA2-Enterprise authentication method 4.14 Comparison of authentication latency for open-system, WPA2- 88 Personal and WPA2-Enterprise authentication method in without and with error scenario 4.15 Layout for location of mobile user at each distance from AP in 89 Department 1 4.16 Percentage comparison of 802.1x authentication latency for 90 different distance between AP and mobile user 4.17 Re-authentication latency in WPA2-Enterprise network (a) without context transfer implemented; (b) with PCT implemented 92 xv 4.18 Comparison of re-authentication latency for without and with 93 PCT method implemented 4.19 Hierarchy chart diagram for handover decision experiment 94 4.20 Outdoors Environment layout 97 4.21 Percentage of cache hit (successful handover) when a mobile 98 user moves to outside of coverage for outdoor environment 4.22 Percentage of false alarm (unnecessary handover) when mobile 99 users in static and not moving for outdoor environment 4.23 Layout for movement path for handover decision experiment 101 when a mobile user move from (a) Location 1; (b) Location 2; (c) Location 3; to other department 4.24 Percentage of cache hit (successful handover) when a mobile 102 user moves from network coverage of AP1 to AP2 for indoor environment 4.25 Comparison for Ping-Pong algorithm and PCT technique for 103 cache hit (successful handover) for indoor environment 4.26 Percentage of false alarm (unnecessary handover) when a mobile user in static and not moving for indoor environment 104 xvi LIST OF ABBREVIATIONS AA - Authenticator Address AAA - Authentication, Authorization and Accounting AC - Access Controller AKM - Authentication and Key Management AKMP - Authentication and Key Management Protocol ANounce - Authenticator Nounce ARP - Address Resolution Protocol AP - Access Point API - Application Programming Interface AS - Authentication Server ASST - Application Signal Strength BSS - Basic Service Set CAPWAP - Control And Provisioning Wireless Access Point CI - Confidence Interval CT - Context Transfer DHCP - Dynamic Host Configuration Protocol DNS - Domain Name System EAP - Extensible Authentication Protocol EAP-AKA - EAP-Authentication and Key Agreement EAP-POTP - EAP-Protected One-Time Password EAP-SIM - EAP-Subscriber Identify Module EAP-TLS - EAP-Transport Layer Security EAP-TTLS - EAP-Tunneled Transport Layer Security EAPOL - Extensible Authentication Protocol Over LANs GMK - Group Master Key GTK - Group Temporal Key GTKSA - Group Temporal key Security Association GUI - Graphical User Interface xvii IAPP - Inter-Access Point Protocol IBSS - Independent Basic Service Set ICMP - Internet Control Message Protocol IEEE - Institute of Electrical and Electronics Engineers IETF - Internet Engineering Task Force ITU - International Telecommunication Union ITU-T - ITU-Telecommunication Standardization Sector KCK - EAPOL-Key Confirmation Key KEK - EAPOL-Key Encryption Key LAN - Local Area Network LEAP - Lightweight Extensible Protocol LS - Least Square LTE - Long Term Evolution LWAPP - LightWeight Access Point Protocol MAC - Medium Access Control MI - Moving In MIC - Message Integrity Code MN - Mobile Node MO - Moving Out MU - Mobile User MW - Moving Weight MWD - Moving Weight Discovery PCT - Predictive Context Transfer PDA - Personal Digital Assistant PMK - Pairwise Master Key PMKID - Pairwise Master Key Identifier PMKSA - Pairwise Master Key Security Association PRF - Pseudo-Random Function PSK - Pre-Shared Key PTK - Pairwise Transient Key PTKSA - Pairwise Transient Key Security Association QoS - Quality of Service RADIUS - Remote Authentication Dial In User Service RFC - Request For Comments xviii RSN - Robust Security Network RSNA - Robust Security Network Association RSS - Received Signal Strength RSSI - Received Signal Strength Indicator RTA - Real Time Application SNounce - Supplicant Nounce SPA - Supplicant Address STA - associated Station TCP - Transmission Control protocol TKIP - Temporal Key Integrity Protocol UAM - Universal Access Method UDP - User Datagram Protocol UMTS - Universal Mobile Telecommunications System VoIP - Voice over IP WEP - Wired Equivalent Privacy Wi-Fi - mechanism for wirelessly connecting electronic devices WiMax - Worldwide interoperability for Microwave access WLAN - Wireless Local Area Network WLC - Wireless LAN Controller WPA - Wi-Fi Protected Access WTP - Wireless Termination Point WWW - World Wide Web xix LIST OF APPENDICES APPENDIX A TITLE The experiment results for MWD for outdoor environments PAGE 114 xx LIST OF SYMBOLS thandover - Handover latency tscan - Scanning latency tre-authentication - Re-authentication latency tauthentication - Authentication phase latency tassociation - Association phase latency t802.1x authentication - 802.1x authentication latency t4-way handshake - 4-way handshake latency si - Measured strength of client’s signal strength ti - Time for data sampling of client’s signal strength tMW - Time for collected client’s RSS data for Moving Weight θ - Slope of the least square algorithm of the collected line σ - Intersection point of the least square and the y-axis TH - Handover threshold MWI - Client’s MW for moving in MWO - Client’s MW for moving out
