Performance Analysis of Wireless Network with theimpact of Security MechanismsMudassar Ahmad1, Sumaira Taj2, Tasleem Mustafa3, Md Asri4

1,4Department of Computer Science and Communication, Universiti Teknologi Malaysia.2,3Department of Computer Science, University of Agriculture Faisalabad, Pakistan.

amudassar2@live.utm.my, sumaira1513@yahoo.com, tasleem mustafa@uaf.edu.pk, dr.asri@utm.my

AbstractThe growing popularity and evolutionary nature ofWireless local area networks have raised some serious securityissues to its users which are being solved by advanced securitymechanisms. Applying strong security mechanisms affect theTCP and UDP performance negatively. In this research TCPand UDP performance is measured and investigated that how thesecurity affects on performance. The objective of this researchis to propose an approach to achieve maximum performance interms of TCP and UDP throughput and response time in Wirelessnetwork. At the end we conclude that how our proposed approachgains maximum TCP and UDP performance.

I. INTRODUCTIONThe market for wireless communications has made in-

credible growth during the past few years. Business andthe computer industry have an important place in Wirelesstechnologies [1]. Flexibility and mobility are the major benetsof wireless technologies. In wireless network data can be easilyaccessed from anywhere because there is no headache of wires,as in case of Wired Network [2]. The medium of transmissionin wireless communication is air, it makes the data insecure. Sosecurity is very important issue in this sense because insecuredata cause a great loss for organizations. Several securityalgorithms have been discovered to solve the IEEE 802.11security issues. Performance reduction is the drawback of thesesecurity algorithms. Effect of these algorithms is being study-ing [3]. This research unveils and compares the effects of WEP,802.11x, and WPA on 802.11g wireless network performance.In this search we used trafc type, transmission power andsecurity mechanisms as metrics to analyze the performanceof wireless network. The experiments are conducted using asimple topology in a clean environment proving that 802.11gwireless network. The rest of paper is organized as follows. Insection II, we discuss the related work. Section III describesthe experimental setup. Performance evaluation methodologyis explained in section IV. The results obtained are describedin section V. Further we present our conclusion and discussfuture work in section VI.

II. RELATED WORKWang et al [4] analyzed the impact of security on system

performance. Results demonstrated that the stronger the secu-rity, the more signaling and delay overhead. It was observedthat authentication time contributes more towards QoS degra-dation than cryptographic cost. Hunt et al [2] used multipleclients to investigate the performance and security issues of

IEEE 802.11 wireless LANs with the layered security model.Nayak et al [5] analyzed the performance overhead causedby WEP, IPSEC VPN and 801.1X etc and found that TCPand UDP trafc behaves erratically. Change in security indexreduces the performance of WLAN. Results indicated that802.1X and VPN can be used in future wireless systemsbecause of their exibility. Senat et al [3] studied the effect ofWEP and 802.11x on the performance of multi-client saturatedand unsaturated networks and proposed some ways to cong-ure wireless networks such that security requirements can bemet in relation to performance impact. Barka and Boulmalf [6]analyzed the throughput of 802.11g after applying differentencryption techniques of WPA and WEP. Narayan et al [7]studied the performance of TCP and UDP in a client-serverenvironment on IEEE 802.11n and implemented WEP, WPAand WPA2 with some variations. The research proved thatwireless performance was OS dependant and signicantlyaffected by the encryption method and drop the throughput.Narayan et al [8] enhanced their work by adding two moreOperating Systems in their previous research. Results showeda decrease in throughput by applying encryption techniques,jitter and drop rates were also differ; and WPA2 behaveddifferently for each encryption method. Kolahi et al [9] evalu-ated the bandwidth after applying WPA2 and compared IPv4and IPv6 with respect to the performance for Open systemand UDP protocol implemented. Research proved that IPv4was better in open environment producing highest bandwidthfor UDP. Kolahi and Li [10] compared windows and Fedora,to determine which operating systems will give the bestbandwidth performance over IPv6 networks. They concludedthat considering RTT and bandwidth, Fedora 12 provided thebest performance over IPv6. Likhar et al [11] implementedOpenVPN rather than WEP to secure IEEE 802.11g. UDPand TCP trafc was analyzed on various data rates and framesizes. They claimed that WEP can be replaced by OpenVPN toget more performance in terms of throughput, latency, frameloss and IP packet delay variation with the use of compression.

III. CONTRIBUTIONSThe objective of this research is to propose an approach

to achieve maximum TCP and UDP performance in terms ofthroughput and response time. Throughput is more affectedby the security mechanisms as compared to response timein TCP. This was observed after analyzing the impact of

978-1-4673-4450-0/12/$31.00 2012 IEEE

existing security mechanisms on the performance of TCP andUDP in a wireless network. This research covered in threecontribution levels; rst, to nd the encryption technique thatproduces low performance, this was achieved by conductingan analysis of existing security mechanisms and measuredthe performance by varying transmit power, TCP & UDPwindows/ datagram size. Second, to gured out the reasonbehind the low performance and proposed some techniquesas an enhancement for the existing security mechanism toget more performance in terms of throughput and responsetime. And nally we compared the research results to ndthe best solution and proved that the proposed approach gainmaximum TCP and UDP performance in terms of throughputand response time.

IV. EXPERIMENTAL SETUPThe test bed placed in a single cell environment including

two laptops and an 802.11g access point to congure a tradi-tional client/ server architecture in a wireless connection. Onelaptop congured as a server station and the other as a client.The server Sony VAIO VPCEA12EG Laptop is connected toAP with a bandwidth of 100 Mbps wired connection. Theclient Lenovo ThinkPad T61 Laptop is placed at a xeddistance of 7 meters from access point with a bandwidth of54 Mbps wireless connection. Data trafc is not real-time; itis generated by a trafc generating tool called iperf [12] thatis installed and congured on both stations. The laboratory isdesigned as a clean environment with no background noiseor other interferences. Windows-based operating systems areused because Windows-7 and Windows 2008 Server have abuilt in implementation of the IEEE 802.11 security mech-anisms and 802.1x authentication protocol such as PEAP.TCP and UDP trafc of different packet size is generated by

Fig. 1. Experimental Setup, TestBed

Iperf. Total amount of data sent per session is kept constanti.e. 15 MB. Performance evaluation is characterized on thebasis of Response Time and Throughput by varying SecurityMechanisms, Transmit Power, TCP windows size and UDPdatagram size.

V. PERFORMANCE EVALUATION METHODOLOGYUDP and TCP are the trafc models considered throughout

our experiments for a single client. Performance is evaluatedby applying some variations of security mechanisms, UDP &

TCP trafc types, UDP & TCP packet / window sizes, andthe transmit power of AP. Trafc is generated by using Iperfas shown in Table-II & Table-III and then results are analyzedusing SPSS the statistical analysis tool. Performance metricsconsidered here are Throughput in Mbits/sec and Responsetime in seconds. We used 15 different security mechanisms asshown in Table-I to check the impact of security protocols onthe performance of TCP & UDP. First in case of TCP, totaldata sent is kept constant i.e. 15 M while the window sizeis changed to 1K, 500K and 1000K. Then in case of UDP,packet size is changed between 300 bytes, 600 bytes and 900bytes keeping window size constant to 500K.

TABLE ISECURITY MECHANISMS

Security MechanismsNo security with SSIDMAC address authenticationOpen System Authentication with 64-bit WEP EncryptionOpen System Authentication with 128-bit WEP EncryptionOpen System Authentication with 152-bit WEP EncryptionShared Key Authentication with 64-bit WEP EncryptionShared Key Authentication with 128-bit WEP EncryptionShared Key Authentication with 152-bit WEP EncryptionOpen System / Shared Key Authentication with 64-bit WEP EncryptionOpen System/ Shared Key Authentication with 128-bit WEP EncryptionOpen System / Shared Key Authentication with 152-bit WEP EncryptionWPA-PSK Authentication with AES EncryptionWPA-PSK Authentication with TKIP EncryptionWPA-EAP-PEAP Authentication with AES EncryptionWPA-EAP-PEAP Authentication with TKIP Encryption

Iperf commands with all the specied variations at Serverside are given in Table-II:

TABLE IIIPERF SYNTAX AT SERVER SIDE

Iperf Syntax at Server sideiperf s D n 15M w 1Kiperf s D n 15M w 500Kiperf s D n 15M w 1000Kiperf s D n 15M w 500K u l 300iperf s D n 15M w 500K u l 600iperf s D n 15M w 500K u l 900

Iperf commands with all the specied variations at Clientside are given in Table-III.:

TABLE IIIIPERF SYNTAX AT CLIENT SIDE

Iperf Syntax at Server sideiperf c ms-client1 n 15M w 1Kiperf c ms-client1 n 15M w 500Kiperf c ms-client1 n 15M w 1000Kiperf c ms-client1 n 15M w 500K u b 54M l 300iperf c ms-client1 n 15M w 500K u b 54M l 600iperf c ms-client1 n 15M w 500K u b 54M l 900

VI. RESULTS AND DISCUSSIONThe tradeoff between the network performances regarding

security is habitually ignored, but in this research, the effects ofdifferent security mechanisms is studied and measured on the

performance of 802.11 wireless LANs. The results obtainedfor the mean throughput and response time regarding securityprotocols are analyzed below in following sections:

A. Effect of Security Mechanism

Fig. 2. Analysis of Variance TCP and UDP Throughput and RTT

Fig 2 shows that the result of one-way ANOVA at 95percent condence interval is highly signicant, thus it proveda decrease in performance with improved security. Resultsshowed that TCP performance is almost half of the UDPperformance under all the applied security mechanisms. Thatproved maximum bandwidth utilization in UDP [3]. At mini-mum transmit power of AP, results obtained for response timeand throughput are opposed to each other; Response time ofUDP remains same but that of TCP is highest. Throughputof TCP degrades but there is no effect on the performance ofUDP.

B. Effect of Windows size

Fig. 3. TCP Throughput Chart

Fig. 4. TCP Response time Chart

To check the effect of TCP window size on the networkperformance, data trafc with three different window sizes isgenerated using Iperf. It clearly can be noticed in Fig 3 and Fig4 that increasing the window size producing more performancein terms of Throughput and Response time. It proved that thelarger the window size the more the performance is.

C. Effect of Packet size

Fig. 5. UDP Throughput Chart

Fig. 6. UDP Response time Chart

UDP trafc is generated in three different packet sizes inorder to understand the impact of packet size on networkperformance. The results in Fig 5 and Fig 6 clearly showan inverse effect of packet size on UDP response time anda direct effect on UDP throughput. It means that an increasein packet size increase the UDP throughput but decrease theresponse time.

D. Effect of Security with respect to Transmission powerTo check the effect of various transmission powers under

different security mechanisms on the network performance,we change the transmit power of AP in three ways; fulltransmission, half transmission, and minimum transmission.Different transmit powers effect the performance in differentways for each security mechanism. Results show that transmitpower has no effect on the performance of UDP whereasTCP performance is strongly affected by the transmit power.

Full Transmission Power:

Figs 7 & 8 show some results about TCP; in case of1K window size low performance is achieved in terms of

Fig. 7. TCP Throughput - Full Transmit Power

Fig. 8. TCP Response time - Full Transmit Power

Fig. 9. UDP Throughput - Full Transmit Power

Fig. 10. UDP Response time - Full Transmit Power

throughput and response time at security mechanism 10 to15. High performance is produced at security mechanism 6to 9. At security mechanism 14; lowest throughput as wellas response time can be noticed. In case of 500K windowsize, overall good throughput is analyzed from security

mechanism 3 to 13. Here only at security mechanism 2,lowest throughput and response time is achieved. Hence theperformance is good in 500K as compared to 1K windowsize. Overall high performance is measured with xing thewindow size to 1000K. This is because with larger windowsize, security mechanisms work efciently, and transfer moredata in less time efciently. This means that applying securityin our WLANs must use such mechanism where TCP willsend data with larger windows size to have larger throughputand low response time. Exceptions are OS-64bit-WEP, SK-128bit-WEP, SK-152bit-WEP, and OS-SK-152bit-WEP whichgive better performance at 1000K. Figs 9 & 10 show someresults about UDP; in case of 300byte datagram size lowperformance is noticed from security mechanism 3 to securitymechanism 15. High throughput as well as the response timeis achieved at security mechanism 1 and 2. With 600byteoverall good throughput and same response time is noticedin all security mechanisms. With a slight difference, overallhigh performance is measured with 900bytes datagram size,it shows a symmetric behavior. This is because with largerpacket size, security mechanisms work more efciently andtransfer more data in less time.Half Transmission Power:

Fig. 11. TCP Throughput Chart - Half Transmit Power

Fig. 12. TCP Response time - Half Transmit Power

Figs 11-14 show that in case of TCP window size set to1K low performance is noticed at security mechanism 3, 8,10, 14 and 15 in terms of response time and throughput. Highperformance is achieved at security mechanism 1, 2, 6 and7. Lowest throughput as well as response time is achievedat 14. Overall high performance is measured with window

Fig. 13. UDP Throughput Chart - Half Transmit Power

Fig. 14. UDP Response time Chart - Half Transmit Power

size set to 500K. Here the only lowest throughput is achievedat 5 (Shared key 152-bit). Hence it gives overall a goodperformance as compared to 1K window size. With 1000Koverall good throughput is achieved but only at security 14and 15 low throughput is achieved. By comparing all windowsizes, 500K overall gave better performance than others incase of Half transmits power. For UDP, result shows that incase of 300byte packet size low throughput and low responsetime is noticed between security mechanism 3 and 15. Highperformance is analyzed at security mechanism 1 and 2. Thereis no such difference in performance with 600bytes at allsecurity mechanisms. Overall high performance is seen interms of throughput and response time with 900byte packetsize, giving the impression that UDP does not have muchimpact of security with large packet size. Its performance isindependent of packet sizes.Minimum Transmission Power:

Figs 15-18 show that in case of 1K window size lowthroughput is noticed from security mechanism 1 to 6. Highthroughput is achieved from security mechanism 7 to 15.Lowest throughput is achieved at 4. Overall high throughput ismeasured with 500K TCP window size. Here lowest through-put is achieved at 1 & 15. With 1000K highest throughput isachieved at 7,8,11 & 12 security mechanisms, low throughputare achieved at security 1, 4 and 15. At security 3, 7, 10 and11 1000K and 500K gave same throughput values which aregood. High response time is noticed in security mechanism 7-14 with 1k window size. Low response time is achieved from

Fig. 15. TCP Throughput Chart - Min Transmit Power

Fig. 16. TCP Response time Chart - Min Transmit Power

Fig. 17. UDP Throughput Chart - Min Transmit Power

Fig. 18. UDP Response time Chart - Min Transmit Power

security mechanism1, 4 & 15. Overall high response time ismeasured with 500K TCP window size. Here high responsetime is achieved at 7 & 8. With 1000K lowest response time

is achieved at 1, 4 and 15 security mechanisms, high responsetime is achieved from security 5 to 14. At security 3, 7, 10and 11 1000K and 500K gave same response time values.In case of UDP; results show that in case of 300byte packetsize low performance is noticed from security mechanism 3 to15. High throughput and response time is achieved at securitymechanism 1 and 2. Lowest throughput and response time isachieved at 12. With 600bytes overall good performance isachieved. Overall high performance is measured with 900byteUDP packet size, giving the impression that UDP does nothave much impact of security with large packet size. Itsperformance does not degrade as that of TCP.

VII. CONCLUSION AND FUTURE WORKOverall research concluded that security mechanisms effect

differently when taken some other factors, like; trafc types,packet size, window size, and transmit power, into considera-tion. Results proved that UDP utilizes more bandwidth and isless affected by other factors. TCP is affected by the change intransmit power as with minimum 12.5 percent transmit powersecurity effect is reversed in case of TCP. To get maximumperformance for TCP; use shared key authentication with 128bit WEP encryption, half transmit power and medium packetsize. On the other hand, UDP throughput with security is notmuch affected by transmit power, it gives overall good perfor-mance than TCP trafc. WPA-EAP-PEAP Authentication withAES Encryption can be used for UDP trafc for all transmitpowers and large packet size.

REFERENCES[1] W, S., IEEE 802.11: Moving Closer to Practical Wireless LANs in IT

Professional IEEE, 2001. 3(3): p. 17 - 23.[2] Hunt., B.N.a.R., An Experimental Study of Cross-Layer Security Proto-

cols. In Public Access Wireless Networks. . IEEE Globecom 2005, St.Louis, USA., 2004.

[3] Senat, N.J., PERFORMANCE STUDY ON IEEE 802.11 WIRELESSLOCAL AREA NETWORK SECURITY. 2006.

[4] Wang, A.A.K.a.W., An Experimental Study of Cross-Layer SecurityProtocols. In Public Access Wireless Networks. IEEE Globecom 2005

[5] Nayak Debabrata, D.P., V. Gulati and N. Rajendran. , Modeling andPerformance Analysis of Security Architecture for Wireless Local AreaNetwork. . ENFORMATIKA V1 ISSN 1305-5313., 2004.

[6] Boulmalf, B.E.a.M., On The Impact of Security on the Performanceof WLANs; . Journal of Communications Proceedings of the IEEE,Academy Publisher, 2007. 2(4): p. 10-17.

[7] Narayan S., T.F., X. Xu and S. Ardham, Network Performance Evaluationof Wireless IEEE 802.11n Encryption Methods on Windows Vista andWindows Server 2008 Operating Systems. IEEE Performance Evaluation,2009: p. 1-5.

[8] Narayan S., T.F., X. Xu and S. Ardham, Impact of Wireless IEEE 802.11nEncryption Methods on Network Performance of Operating Systems.Second International Conference on Emerging Trends in Engineering andTechnology, 2009. 12: p. 1178-1183.

[9] Kolahi S.S., H.S., M. N. Ehsan and C. Dong, Performance of IPv4 andIPv6 Using 802.11n WLAN in Windows 7- Windows 2008 environment.Baltic Congress on Future Internet and Communication, 2011: p. 50-53.

[10] Li., K.S.S.a.P., Evaluating IPv6 in Peer-to-Peer 802.11n Wireless LANs.IEEE Computer Society, 2011: p. 70-74.

[11] Likhar, P., Yadav, R. S., and M, K. R., SECURING IEEE 802.11GWLAN USING OPEN VPN AND ITS IMPACT ANALYSIS. Interna-tional Journal of Network Security and Its Applications (IJNSA), 2011.3(6): p. 97-123.

[12] iperf , Network Bandwidth Measuring Tool.

/ColorImageDict > /JPEG2000ColorACSImageDict > /JPEG2000ColorImageDict > /AntiAliasGrayImages false /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict > /GrayImageDict > /JPEG2000GrayACSImageDict > /JPEG2000GrayImageDict > /AntiAliasMonoImages false /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 600 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict > /AllowPSXObjects false /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (None) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False

/Description >>> setdistillerparams> setpagedevice