Abstract IEEE 802.1x is an industry standard to implement physical port level security in wired and wireless Ethernets by using RADIUS infrastructure. Administrators of corporate networks need secure network admission control for their environment in a way that adds minimum traffic overhead and does not degrade the performance of the network. This research focuses on two widely used Remote Authentication Dial In User Service (RADIUS) servers, Microsoft Network Policy Server (NPS) and FreeRADIUS to evaluate their efficiency and network overhead according to a set of pre-defined key performance indicators using Protected Extensible Authentication Protocol (PEAP) in conjunction with Microsoft Challenged Handshake Authentication Protocol version 2 (MSCHAPv2). The key performance indicators – authentication time, reconnection time and protocol overhead were evaluated in real test bed configuration. Results of the experiments explain why the performance of a particular authentications system is better than the other in the given scenario.

References

[1] Aboba B., Blunk L., Vollbrecht J., Carlson J., and Levkowetz H., “Extensible Authentication Protocol (EAP),” Technical Report RFC 3748, Network Working Group, 2004.

[2] Aboba B., Simon D., and Hurst R. “The EAP- TLS Authentication Protocol-RFC 5216,” Technical Report, Network Working Group, 2008.

[3] Alabady S., “Design and Implementation of a Network Security Model using Static VLAN and AAA Server,” in Proceedings of 3rd International Conference on Information and Communication Technologies: From Theory to Applications, Damascus, pp. 1-6, 2008.

[4] Apurva M., Pyo W., Nikolich P., and Gilb J., “LAN/MAN Standards Committee, IEEE Standard for Local and Metropolitan Area Networks, IEEE Computer Society,” Technical Report, 2014.

[5] Bhakti M., Abdullah A., and Jung L., “EAP- based Authentication with EAP Method Selection Mechanism,” in Proceedings of International Conference on Intelligent and Advanced Systems, Kuala Lumpur, pp. 393-396, 2007.

[6] Chiornita A., Gheorghe L., and Rosner D., “A Practical Analysis of EAP Authentication Methods,” in Proceedings of 9th RoEduNet IEEE International Conference, Sibiu, pp. 31-35, 2010.

[7] Congdon P., Aboba B., Smith A., Zorn G., and Roese J., “IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines,” Technical Report IETF, 2003.

[8] DeKok E. and Weber G., “RADIUS Design Guidelines,” Technical Report, Internet Engineering Task Force, 2011.

[9] Gandhi C., Suri G., Golyan R., Saxena P., and Saxena B., “Packet Sniffer-A Comparative Study,” International Journal of Computer Networks and Communications Security, vol. 2, no. 5, pp. 179-187, 2014.

[10] Gyland Ø., Myren T., Sydskjør R., and Bøe G., Implementation of IEEE 802.1X in Wired 870 The International Arab Journal of Information Technology, Vol. 16, No. 5, September 2019 Networks-Best Practice Document, UNINETT Led Working Group On Security, 2013.

[11] Hu H., Wu D., and Tang T., “Network Security Admission Solution Based on IEEE802.1X,” in Proceedings of International Conference on Computing, Measurement, Control and Sensor Network, Taiyuan, pp. 336-339, 2012.

[12] Khan A., Qureshi K., and Khan S.,“An Intelligent Approach of Sniffer Detection,” The International Arab Journal of Information Technology, vol. 9, no. 1, pp. 9-15, 2012.

[13] Kiravuo T., Sarela M., and Manner J., “A Survey of Ethernet LAN Security,” IEEE Communications Surveys and Tutorials, vol. 15, no. 3, pp. 1477-1491, 2013.

[14] Microsoft Corporation, Extensible Authentication Protocol Method for Microsoft Challenge Handshake Authentication Protocol (CHAP),

[online] available: https://msdn.microsoft.com/en- us/library/cc224618.aspx, Last Visited, 2015.

[15] Nunoo H., Kofi E., and Osei K., “A Review of Opensource Network Access Control (NAC) Tools for Enterprise Educational Networks,” International Journal of Computer Applications, vol. 106, no. 6, pp. 28-33, 2014.

[16] Qian Q., Li C., and Zhang X., “On Authentication System Based on 802.1X Protocol,” in Proceedings of International Conference on Internet Technology and Applications, Wuhan, pp. 1-4, 2010.

[17] Wang S. and Liang M., “A Network Access Control Approach for QoS Support based on the AAA Architecture,” in Proceedings of International Symposium on Intelligence Information Processing and Trusted Computing, Huanggang, pp. 507-511, 2010.

[18] Woods D. and Howard E., “An Active Learning Activity for an IT Ethics Course,” Information Systems Education Journal, vol. 12, no. 1, pp. 73-77, 2014.

[19] www.juniper.net, “802.1X: Port-Based Authentication,”

[Online]. Available: www.juniper.net/us/en/local/pdf/whitepapers/200 0216-en.pdf. Last Visited, 2014. Farrukh Chughtai has been working in in IT industry at different international organizations such as Save the Children and UNDP for several years. He did his MS computer science in BUITEMS, Pakistan. Riaz UlAmin earned PhD Degree in Computer Science from University of Glasgow, UK. He has extensive experience of Industry and Academia. Currently, He is working as Associate Professor and Chair of Dept. of Computer Science at BUITEMS, Quetta Pakistan. Abdul Sattar Malik holds PhD Degree from China. Currently, He is working as Assistant Professor and Head of Dept. of Electrical Engineering at BZU Multan Pakistan. Nausheen Saeed holds MS degree from BUITEMS, Quetta and proceeding her PhD in Sweden. She is serving as Assistant Professor in the SBK Women University Quetta, Pakistan