1st International ICST Workshop on Security and QoS in Communication Networks

Research Article

A policy-based approach to wireless LAN security management

  • @INPROCEEDINGS{10.1109/SECCMW.2005.1588312,
        author={George  Lapiotis and Farooq  Anjum and Subir  Das and Byungsuk  Kim},
        title={A policy-based approach to wireless LAN security management},
        proceedings={1st International ICST Workshop on Security and QoS in Communication Networks},
  • George Lapiotis
    Farooq Anjum
    Subir Das
    Byungsuk Kim
    Year: 2006
    A policy-based approach to wireless LAN security management
    DOI: 10.1109/SECCMW.2005.1588312
George Lapiotis1,*, Farooq Anjum2, Subir Das2, Byungsuk Kim2
  • 1: Telcordia Technologies, Applied Research, USA.
  • 2: Telcordia Technologies, Applied Research, USA
*Contact email: lapiotis@research.telcordia.com


Wireless Ethernet (or Wi-Fi) security management is a challenging area of increased interest due to the widespread deployment of Wireless LANs (WLANs) and their well-known vulnerabilities to various types of attacks, as well as stringent scalability requirements in the dynamic wireless domain. Until the adoption of the latest security standards is complete, users and network assets on deployed WLANs, such as 802.11a/b/g networks, need to be protected from existing security threats without depending on the latest features. In addition, while new standards can protect the unauthorized use of network resource for outsiders, they do not deal with the misuse or misbehaviors by insiders. In this paper we present a hierarchically distributed policy-based system architecture and prototype implementation for WLAN security management. The architecture includes a central policy engine that validates policies and computes new configuration settings for network elements when access policies are violated, distributed wireless domain policy managers with consistent local policy autonomy that coordinate dedicated local monitors so as to monitor and control multi-vendor WLAN access points (APs). The local monitors include wireless intrusion detection modules and wireless AP interface adaptors. Although in this paper we focus on wireless security aspects, the overall architecture can be applied to end-to-end security management of wireline and wireless networks.