Avesh Kumar Agarwal

An experimental study on wireless security protocols over mobile IP networks

Security protocols have emerged as a vital issue to support secure and reliable communications over wireless networks. Many works have discussed security services from a functional perspective; however, there is a lack of quantitative results demonstrating the impact of security protocols on system performance that can be affected dramatically by applying security policies in combination with mobility. Therefore, we conduct an experimental study on a wireless IP testbed, and analyze the interaction of security protocols at different layers with respect to data streams, delay and throughput. In this paper, we present a comprehensive analysis of performance measurements and the overhead associated with several most widely used protocols such as WEP, IPSEC, 802.1x and SSL.

Integration of authentication and mobility management in third generation and WLAN data networks

The successful deployment of wireless local area networks (WLAN) for high speed data transmission and cellular systems for wide coverage and global roaming has emerged to be a complementary platform for wireless data communications. In order to fully exploit potentials in 3G/WLAN integration, authentication of roaming users crossing different networks, must be coupled with mobility management, which is a challenging, yet not resolved issue. The focus of this paper is on state-of-art solutions to Wi-Fi and cellular networks based on IP infrastructure. Moreover, we introduce a new authentication architecture for fast authentication during inter-networking handoff and large-scale heterogeneous networks. We show that the new architecture can reduce authentication latency significantly and be adaptive to user mobility and traffic. Copyright

An experimental study of cross-layer security protocols in public access wireless networks

Wireless networks require strong security mechanisms due to their open medium. However, security effects system performance, and therefore impacts quality of service (QoS) of communications. To analyze the impact of security on system performance, we conduct a detailed experimental study on a wireless IP testbed with security at different layers. We study their impact on different types of data streams such as TCP and UDP with regard to authentication time and cryptographic overhead. Specifically, we experiment with the most widely used security protocols such as WEP, IPsec, 802.1x with RADIUS, and SSL. We classify security protocols into individual and hybrid policies. Then, a new metric, relative security index, is introduced to analyze security strength and overhead tradeoffs quantitatively. Our results demonstrate that the stronger the security, the more signaling and delay overhead; whereas, the overhead does not necessarily increase monotonically with the security strength. Also, we notice that authentication time is a more significant factor than cryptographic cost regarding their contributions towards QoS degradation in wireless networks.

Performance Assessment of Data and Time-Sensitive Wireless Distributed Networked-Control-Systems in Presence of Information Security

Distributed network-control-systems (D-NCS) are a network structure and components that are capable of integrating sensors, actuators, communication, and control algorithms to suit real-time applications. They have been gaining popularity due to their high potential in widespread applications and becoming realizable due to the rapid advancements in embedded systems, wireless communication and data transfer technologies. This paper addresses the issue of D-NCS information security as well its time-sensitive performance with respect to network security schemes. We use a wireless network based, robot navigation path tracking system called Intelligent Space (iSpace) as a D-NCS test bed in this paper. The paper classifies the delay data from every NCS module (sensors, actuators and controllers). We define performance parameters for this NCS test bed. Various system factors including network delay, system gain, affecting these performance parameters are recognized. Network security algorithms DES and 3DES are integrated with the application to secure the sensitive information flow. Standard statistical approach such as 2k factorial experiment design, analysis of variance, hypothesis testing is used to study and estimate the effect of each factor on the system performance especially security features. Thorough experimental results, tables of detailed characterization and effect estimate analysis is presented followed by the discussion on the performance comparison of NCS with and without wireless security.

Characterization of data-sensitive wireless distributed networked-control-systems

Distributed networked-controlled-systems (NCS) are a multidisciplinary effort whose aim is to produce a network structure and components that are capable of integrating sensors, actuators, communication, and control algorithms in a manner to suit real-time applications. They have been very popular and widely applied for many years now due to the rapid advancements in data and communication wireless technologies. There are many challenges to be overcome in order to put such a heterogeneous system together. Key issues to be considered are network delay, data sensitivity and information security. This paper characterizes a wireless distributed NCS, a testbed called iSpace based on these key factors. We integrated static network security algorithms DES and 3DES with the NCS testbed iSpace - a multidisciplinary network based robot navigation system - and characterized it on the basis of bandwidth requirement, data classification and data sensitivity, network delay effect on the system performance. The paper demonstrates through results that a dynamic optimization is required between network security for reliability and time-sensitivity of the NCS. Future work in dynamic optimization in security is suggested.

Information security with real-time operation: performance assessment for next generation wireless distributed networked-control-systems

Distributed network-control-systems (D-NCS) are a multidisciplinary effort whose aim is to produce a network structure and components that are capable of integrating sensors, actuators, communication, and control algorithms in a manner to suit real-time applications. They have been gaining popularity due to their high potential in widespread applications and becoming more realizable due to the rapid advancements in wireless communication and data transfer technologies. This paper addresses the issue of D-NCS information security as well its real-time performance with respect to network security protocols and encryption schemes. We use a wireless network based, robot navigation path tracking system called intelligent space (iSpace) as a D-NCS test bed in this paper. The paper classifies the data from every NCS module (sensors, actuators and controllers) according to bandwidth requirement, time and information sensitivity. We define performance parameters for this NCS test bed. Various system factors affecting these performance parameters are recognized. Network security algorithms DES and 3DES are integrated with the application to encrypt the sensitive information flow. These wireless security features are considered as an added factor to the NCS. Standard statistical approach (2k factorial experiment design) is used to study and estimate the effect of each factor on the system performance especially security additions. Thorough experimental results, tables of detailed characterization and effect estimate analysis is presented followed by the discussion on the performance comparison of NCS with and without wireless security.

DSPM: Dynamic Security Policy Management for Optimizing Performance in Wireless Networks

Military wireless networks suffer from privacy and performance concerns due to their shared radio medium and off-the-shelf products. Therefore, robust and efficient security management is essential in these networks, especially for the transmission of sensitive data. However, security solutions based on static-configuration paradigm do not adapt to changing network conditions, such as variations in wireless link characteristics, leading to degradation in system performance. The rationale for advocating dynamic security paradigm is to achieve optimized network performance and security based on network conditions. Therefore, we propose a dynamic security policy management (DSPM) in which security policies can be changed on the fly based on the network feedback about wireless link conditions. DSPM is analyzed by using semi-Markov decision process to determine the optimal instances for switching security policies. The results show that DSPM provides enhanced security and improved performance than static security

Statistical analysis of the impact of routing in MANETs based on real-time measurements

Performance degradation due to routing overhead is a serious impediment to fulfilling quality of service (QoS) in mobile ad hoc networks (MANETs). Therefore, analyzing the impact of routing overhead in a real-time environment becomes critical to developing efficient routing protocols and provisioning network performance. We develop a statistical-analytic approach to studying the impact of the routing overhead on delay and throughput in a real-time MANET testbed. The approach helps us in deriving statistical models of delay and throughput which, in turn, enables us to analyze the behavior of routing protocols beyond the scenarios configured in the testbed. In addition, we conduct a simple analysis of measuring network bandwidth consumed by routing overhead in various environments. Although optimized link state routing (OLSR) and ad-hoc on-demand distance vector (AODV) routing protocols are investigated as case studies in this paper, our approach and findings are applicable to other routing protocols as well.

LAP: Link-Aware Protection for Improving Performance of Loss and Delay Sensitive Applications in Wireless LANs

Radio links exhibit highly unpredictable properties such as variable bandwidth and bit error rates that affect the performance of applications in wireless networks. Besides, another critical concern is the protection of applications due to shared and open wireless medium. However, protection services add additional performance overhead to carry out their operations, and incur varying effects on the network performance, depending on link characteristics. Thus, how to provide protected and high performance service is a challenging issue in wireless networks. The problem is even more challenging for real-time applications such as voice over IP (VoIP) with stringent delay and packet loss requirements. In this paper, we present a novel approach to improve application performance by implementing Link Aware Protection (LAP) in wireless local area networks (LANs). LAP exploits dynamic security policy management (DSPM) scheme for adapting protection with varying link quality. We present a real-time implementation of LAP in our wireless LAN testbed. As a case study, we demonstrate VoIP performance on our LAP enabled wireless clients. The results show the possibility of maintaining an adequate protection and achieving improved performance for VoIP streams under link variations.

Performance Sensitivities of Wireless Mesh Networks Under Path-Based DoS Attacks

This paper examines the performance of wireless mesh networks (WMNs) under the impact of path-based denial of service (DoS) attacks. Specifically, we study the factors that are conducive to path-based DoS attacks, while focusing external interferences, medium errors, and physical diversity. We setup a wireless mesh testbed and configure a set of experiments to gather measurements and assess the effects of different factors. We find that the impact of external interferences and medium errors on network performance is exacerbated when path-based DoS attacks are carried out. Another interesting observation is that a far attacker can lead to an increased performance degradation than a close-by attacker due to physical diversity. Further, we discuss a simple strategy to counter path-based DoS attacks, which has potential for reducing the impact of the attack significantly.