19-01-2013, 12:24 PM
Research Paper on Wireless Network Security: Analyzing Protected Extensible Authentication Protocol
Research Paper.pdf (Size: 201.56 KB / Downloads: 62)
Abstract
In today’s world most organizations are moving from wire-connected LAN to wireless LAN. The main
concern when they use the wireless LAN is the security. In order to provide security, IEEE has created few standards.
Based on these standards Microsoft has developed a new protocol called PEAP (Protected Extensible Authentication
Protocol). This paper describes about the protocol required to establish a wireless connection for a small organization that
supports Microsoft technology. It compares different protocols and based on experiments concludes which is the most cost
effective and secure protocol for a small organization. It also presents an overview and analysis of PEAP and its place in
securing wireless LANs.
INTRODUCTION
he major difference between wired and wireless networks is the way they transmit data.
As for the security risks, the main difference between wired and wireless networks is how
to access the transmitted data. In wired networks, this is only possible by tapping the media that
is used for the network communication. In wireless networks, the media used for communication
is air. The transmitted data via the radio frequency can be accessed by equipment that is readily
available in the market for a cheap price.
WIRELESS LAN SECURITY
Security is a main concern for any network and for wireless network it is very important.
Only authenticated users and computers can access this network. After authentication, we need to
authorize the person or devices to use the network. Only authorized person or device can access
network. As per the organization requirements, we need to select an authentication protocol.
After authentication and authorization of client to server is done, they can communicate to each other. Thus encryption of data is also one of the main issues in Wireless LAN security.
To secure Wireless-LAN, Microsoft and other vendors have proposed different Wireless –
LAN security protocols using 802.1X standards to authenticate and authorize networks. 802.1X
is an Institute of Electrical and Electronics Engineers (IEEE) standard. “.1X” stand for Internet
Engineering Task Force (IETF) protocol called Extensible Authentication Protocol (EAP). EAP
supports different authentication methods like password, digital certificate and biometrics [3].
PROTOCOL OVERVIEW
EAP provides extensible authentication for accessing the network. EAP methods provide
support for a variety of authentication techniques. For example, someone who requires
certificate-based authentication may use the EAP Transport Layer Security (TLS) method. If
password-based authentication is needed, the EAP Microsoft Challenge Handshake
Authentication Protocol version 2 methods can be used. Strong credentials such as digital
certificates offer many security benefits.
PEAP version 0 is an EAP method designed to meet this. It does this by having the client
establish a TLS session with a server by using the server's certificate. Then, the client is
authenticated using its credential of choice within that TLS session.
CONCLUSION
After implementing the SOHO network AND RADIUS SEVER I feel that SOHO network
is not suitable for organizations where there are many computers being used. Because the
administrator has to individually handle each and every computer which becomes really very
tedious. In SOHO network, for authentication purposes it uses only pre-shared key. So
considering security, it is not feasible to use it . RADIUS server with PEAP/EAP-TLS is more
secure than SOHO network.
But if you consider only radius server, and you want security in cost effective way you
can use only certificate based authority which is in-built in Windows Server 2003. Where as if
the organization is very large, you can purchase certificate authority from a vendor or a third
party user. I prefer using RADIUS with PEAP protocol for any organization