Q2)

a)

The main purpose of IEEE802.1X link layer security is to reject or accept the users who want the full
network access using the IEEE802.1X. So, it would be beneficial using the IEEE801.X link layer
security with a RADIUS server for securing the enterprise network as because it would provide more
secure authentication mechanism to the users who wants to get the access and connect to the
network. But still there is one thing that it will not provide is that they still got no information about
who is on the network. RADIUS is an authentication server which would decides whether to give a
full network access to an end user by accepting the request or not.

802.1X is used through an access point to implement the WPS in a wireless network. Hence to
connect to the access points the end user wireless client must first be authenticated using the WPA.
While in a wired network to implement the port based authorization switches use 802.1X. The
attached devices to the switch must be authenticated before sending packets to them or forwarding
the packets through the port. And also, if once the user logs off then the virtual port that was being
used changes back to unauthorized state.

One of the benefits of 802.1x is that the switches and the access points do not need to know how
the client will be authenticated. The only work they do is to pass the authentication information
between the authentication server RADIUS and the client. [1] The authentication server RADIUS will
handle the actual verification of client’s credentials and because of this 802.1x is able to support
many authentication methods from a simple user name and password, to the hardware token and
the digital certificates.
IEEE802.1x uses Extensible Authentication Protocol (EAP) to facilitate the communication between
the supplicant to the authenticator. The diagram below will illustrate the steps in authenticating a
supplicant.
Supplicant Authenticator Authentication server RADIUS

Association Requested

Association Response

Start the Extensible Authentication Protocol

Request the identity

EAP-response identity

RADIUS Access the request

EAP Request

RADIUS access the challenge

EAP Response

RADIUS access the challenge

EAP success

RADIUS access accepted

EAP key
b)

The identification of the users in such an environment of network is very much vital as if the
information of the user is not there then there will be a lot of unauthorized access and also there
can be network attacks or the user can misuse the network access by using the restricted sites.
Hence the user identification must be needed to avoid all such circumstances. Also, in this large
enterprise network if a malicious user gets the access then they will be free around to move in your
network and cause problems, sometimes without even your knowledge. Hence the user
identification needs to be done to avoid such issues and threats to the network.

The network attacks can take place either actively or passively. In a passive attack first, the user will
gain access to the network and then it can monitor or steal the data but they will not make any
changes or delete the existing data. [2] While in the active network attack, the user will gain the
unauthorized access and then it can modify the existing data on the network by either deleting it or
manipulating it or encrypting the data.

c)

Although the IEEE802.1X link layer security with RADIUS server provides more secure authentication
mechanism but it does not fulfill all the demands and the desired goals of the IT team of BYU Hawaii.
Because the 802.1X link layer security only provide a better authentication way but it does not
provide any information about the user who is taking the access of the networks. And without the
information there are many chances of having the network attacks and the unauthorized access
even to the network and to the link or sites that are restricted in the area, Hence the desired goal is
not achievable.

Q3)

a)

The prospect of using Wi-Fi on indoor positioning is due to its features like, its accessibility, large
range, high data throughout rate and its high availability everywhere. Compared to Bluetooth, Wi-Fi
has more access points in a particular room or floor. Higher the access points, higher the accuracy of
the indoor positioning will be. Wi-Fi provides about 20m accuracy using existing crowd sourced Wi-Fi
infrastructure with no calibration. However, through calibration, surveying and fine tuning, Wi-Fi is
able to achieve 5-8-meter accuracy in indoor environments. Wi-Fi has a short range but the signal
can extend up to 150 meters, which is much greater as compared to Bluetooth.

As compared to Bluetooth, Wi-Fi can transfer high data. This fulfills the requirement of transferring
large amount of data. Another reason is that for some application, the cost required for
infrastructure and for implementing a Wi-Fi network is little or negligible. [3] As Wi-Fi does not
required additional hardware or infrastructure maintenance and nearly all facilities have Wi-Fi
infrastructure installed. This provides base level position capabilities without any additional
investment. For Bluetooth, hardware solution that needs to be deployed can be costly and time
consuming. As a result, other technology needs a high budget in both time and money in order to
develop an environment for indoor positioning. Wi-Fi positioning can be increased to achieve the
level of precision you need.

c)

When Bluetooth and Wi-Fi devices are collocated then to avoid potential of interference between
the two, we can use a simple signaling scheme with a coordination unit to reserve transmit and
receive slots in the channel access timing. When Wi-Fi and Bluetooth devices attempt to make a
conflicting reservation, we can use a schema for dealing with the virtual contention. To avoid
interference, it is also necessary to maintain fairness between Bluetooth and Wi-Fi while avoiding
long traffic, a simple schema can be used that flexibility in allocating Wi-Fi and Bluetooth network
and uses a reservation protocol for the transmission. [4]

Other potential techniques for the co-existence of Wi-Fi and Bluetooth are using

• Alternating channel access (MAC layer solution), this approach divides the interval into two
parts and the two technologies used TDMA to avoid interference.

• Packet Traffic Arbitration, which use a separate block to authorizes all transmission from the
different interfaces using the same channel. The PTA block coordinates the sharing of the medium
depending on traffic load and priority.

• Deterministic Interference Suppression (PHY Layer Solution), which approach uses a

programmable notch filter in the WLAN receiver to remove the narrow band Bluetooth interference.

• Adaptive Interference Suppression (PHY Layer Solution), which uses adaptive filtering at the
WLAN receiver to remove narrow band interference.

• Adaptive Packet Selection and Scheduling (MAC Layer Solution), which adaptively selects
packet and schedules traffic in low interference regions.

• Adaptive Frequency−hopping, which actively measures and avoids the channels from the
hopping scheme which have high interference.

In addition to the above−mentioned techniques, a frequency skipping collaborative approach can

also reduce the chances of accessing the same channel at the same time. In this approach, the
collocated radios avoid the common frequencies for their operation.
Reference:

1. Bai Wanjian, Liu Bing. " Research and implementation of 802.1x authentication in LAN ",
Computer Systems Applications, vol. 07, no. 19, pp. 47–50, July, 2006.

2. C. Manimegalai and A. Sumithra, “An Overview of Attacks in the Network Security System,”
Int. J. Adv. Res. Comput. Sci. Softw. Eng., vol. 5, no. 10, pp. 816–819, 2015

3. “802.15.2−2003 − IEEE Recommended Practice for Information technology −− Local and

metropolitan area networks −− Specific requirements −− Part 15.2: Co−existence of Wireless
Personal Area Networks with Other Wireless Devices Operating in Unlicensed Frequency”.

4. J. Lansford, A. Stephens, and R. Nevo, “Wi−Fi and Bluetooth: Enabling Co−existence”, IEEE
Network, vol. 15, no. 5, pp. 20−27, 2001.