A model based approach for implementing authentication and access control in public WLANs: a case of Universities in Kenya

Abstract

Poor implementation of authentication and access control in large public WLANs such as those in universities is the main problem addressed in this research. Specific challenge include: lack of an appropriate model that enables design or selection of security features and their configuration leading to selection and configuration of vulnerable cipher suite, authentication and access control mechanisms, end-user and server system security features. The main focus of this study was development of a simulation model that facilitates implementation of WLAN authentication and access control security in a public WLAN. The research process involved three phases: the first phase was preliminary studies which involved descriptive survey on selected university WLANs in Kenya as well as analysis of attack susceptibility of WLAN security features/configurations. The second phase involved design of model architectural components, component value function tables and model algorithms based on results of preliminary studies. The third phase involved prototyping the model design, model concept validation, computerized model verification and model operation validation. The developed model was subjected to validation in order to give it enough confidence necessary for its results to be accepted. Results from validation of the model concept using expert intuition show high expert confidence in the model while those from theoretical analysis show that the model obeys key operational laws. This indicates that the theories and assumptions underlying the model are correct and that the model’s representation of the problem domain, its structure, logic and mathematical causal relationships are “reasonable’ for the intended purpose of the model. Results from validation of model operation using parameter variability-sensibility analysis show high practitioner confidence in the accuracy, usefulness and applicability of the model. This indicates that the model behavior is valid for its intended purpose. The main contribution of this work is generation of a simulation model that enables appropriate design or selection of security features and their configuration for WLAN authentication and access control in public WLANs. This contribution is major because no vi previous studies have been done with a view of developing a simulation model that can enable an implementer to visualize the security level expected from implementing a set of security features and their configurations. Another contribution is the application of attack tree modeling methodology combined with common vulnerability scoring system (CVSS) in analyzing severity of security vulnerabilities in a system. Lastly, implementation of an algorithm that enables one to predict security levels on WLAN authentication and access control implementation and the algorithm for selection of EAP method is an important technical contribution. This research has demonstrated that deploying public WLANs because of their convenience and ease of deployment is not good enough. Given the potential loss that an organization can incur due to attacks, a good understanding of the important WLAN security components and relative security level provided by a combination of security features specific to the component is useful to enable implementers optimize WLAN security based on their resources and level of security required. Keywords: Trusted computing base concept, attack tree methodology, common vulnerability scoring system, wireless authentication and access control security model.