Measuring Performance impact of Authentication and Encryption protocols on a Wireless LAN

Transcription

1 Measuring Performance impact of Authentication and Encryption protocols on a Wireless LAN D.S. Dawoud R.NGOGA Said P. Dawoud University of UKZN National University of Rwanda University of UKZN Abstract Wireless Local Area Networks (WLANs) found a wide spread in all aspects of life because of low cost and also because it adds mobility and flexibility on the network. Wireless transmission is vulnerable to eavesdropping, the matter that gives attackers greater incentives to step up their efforts to gain unauthorized access to the information being exchanged over the wireless link. The security of the data during transmission represents the most important requirement in a wireless network. However there is a cost while deploying security on a system in terms of network throughput and response time. In this work, the IEEE 802.1x and EAP-TLS authentication along with WEP, TKIP for data traffic encryption was studied then configured on a test-lab network. Measurements were carried out to measure the overhead associated with applying different security policies on the performance of the network. The goal of this work is to measure the encryption and authentication overhead associated with IEEE security protocols. The results showed that encrypting data traffic reduces slightly network traffic and using IEEE 802.1x with EAP-TLS for authentication increases slightly the authentication time. Index Terms Cryptographic primitives, security policy, battery gap, Static WEP, 802.1x standard. 1. Introduction Wireless, mobile, and limited battery-power devices like PDAs with built in WiFi, Cellular, and VoIP accesses are becoming popular now days. Security is also utmost important to these services. However, deploying security mechanisms for these devices and services has impacts on the power consumption, and the performance of the system. Secure communication is typically achieved by employing security protocols at various layers of the network protocol stack, e.g., WEP at the link layer, IPSec at the network layer, TLS/SSL and WTLS at the transport layer, SET at the application layer, etc.). The building blocks of a security protocol are cryptographic algorithms, which are selected based on the security objectives that are to be achieved by the protocol. They include asymmetric and symmetric encryption algorithms, which are used to provide authentication and privacy, as well as hash or message digest algorithms that are used to provide message integrity. For the system to run these cryptographic primitives, the system must consume more power. Security is achieved, generally, by using cryptographic primitives, e.g. encryption and authentication. The encryption and authentication algorithms need processing. For the device, this represents computation overhead, which has direct impact on the power consumption. Some of the security algorithms consume huge amount of power. Beside the computational overhead, encrypting data traffic involves adding extra bytes to the frames. Authentication, on the other hand, involves adding extra messages. Adding extra bytes and extra messages to the original data result in throughput reduction and also increases the wait time. The overhead associated with applying encryption and authentication mechanisms to secure the wireless communication transactions represents an important issue as the network load becomes important and also when the network medium is saturated by obstacles. The impact of using security mechanisms on the power consumption is a subject of a paper submitted to this conference [1]. The impact on the performance of the wireless network is the subject of this paper. Related Previous Works The authors of [2] carried performance tests on a WLAN using IEEE 802.1g wireless standard. They studied and tested overlapping, roaming and network performance in terms of coverage, accessibility and security. The surprise was their conclusion on the impact of encryption mechanisms on throughput and time response; their results showed that encryption has negligible effect on throughput and time response. The authors of [3] investigated the effect of multiple security mechanisms on the performance of multi-client congested and un-congested networks. The authors showed that that WEP encryption significantly degrades the performance of congested wireless networks and this degradation increased as the number of clients was increased. The authors of [4] studied and analyzed the effects of Wired Equivalent Privacy (WEP), Temporal Key Integrity Protocol (TKIP), and Counter Mode/CBC-MAC Protocol (CCMP) encryption algorithms on throughput. They analyzed also the authentication times for Lightweight Extensible Authentication Protocol (LEAP) and Protected Extensible Authentication Protocol (PEAP). The final results showed a clear tendency of TKIP performance to be the worst followed by CCMP then WEP. In this paper we are investigate and measure the encryption and authentication overhead associated with IEEE security protocols. In other words the overhead associated with using IEEE 802.1x and EAP-TLS for authentication and using WEP, TKIP for data traffic encryption. The four policies are configured on a test-lab network and measurements have been taken under different network conditions. 2. Wireless Standards For many years, the management of spectrum represents a hot subject due to the scarce nature of the spectrum and the huge growing number of spectrum users. Many stakeholders are involved in this matter: - Given that radio spectrum is a natural resource and it is limited, governments and international organization such as the ITU have taken in their hands the responsibility to manage spectrum, in order to ensure its best utilization. Spectrum has been divided into bands and allocated to different services so that each country may allocate spectrum for various services within its own borders in compliance with ITU s table of frequency [5]. - Technology has evolved and enabled more advanced interference management techniques which control interference even when there are several users using the same frequency in the same place. Because of these evolutions, and the need to decentralize spectrum management there has been an establishment of licenseexempts bands and some country have decided to allocate more spectrum for unlicensed use [5].

2 - In parallel with the evolution of interference management techniques, a wide variety of wireless standards that are suitable for use in unlicensed spectrum bands has been developed over the years. This variety of standards can be explained by the fact that countries have different regulation concerning the use of spectrum, and therefore pose different requirements upon equipment and transmission characteristics. Figure 1 shows diverse wireless standards and Figure 2 shows the unlicensed frequency band and associated wireless standards. The standards differ in many ways: bit rate, range, spectrum used, price of equipment, etc. In the following we are introducing, briefly, the standards we are investigating. &)* *+#*# Layer The original was capable to provide data rates of 1 to 2 Mbps as previously mentioned. Then, the 1999 revision released two more standards namely the a and b. The b is the widely adopted and capable of providing a bit rate up to 11 Mbps using DSSS within the 2.4 GHz range. The a achieved a higher bit rate of up to 54 Mbps while operating in 5 GHz range but with a new modulation method called Orthogonal Frequency Division Multiplexing (OFDM). The most recent contribution to the family of is g standard which is capable to provide a high bit rate of 54Mbps using OFDM while operating in the 2.4 GHz range. The of IEEE consists of two sub-layers which provide three levels of functionality (Figure 4) [4]. MAC!""#$ %&'(&!&$ PLCP Sublayer PMD sublayer Figure 1: Global wireless standards [5] Figure 4: sub-layers [4] 2.2 Encryption and Authentication Protocols Security protocols implement mechanisms through which security services can be provided [7]. These mechanisms are built in wireless devices and are employed before transmission at MAC/physical layer and/or application layer. The IEEE standard has several security protocols that provide security at the data link layers. IP security (IPSec) provides security at the network layer and Secure Socket layer (SSL) provides security at the transport layer for secure transactions on the Internet. All these protocols rely on encryption or encryption related mechanisms to provide the security services. Encryption in this sense is thus the backbone of security services. This section reviews security protocols in IEEE standard Authentication Protocols Figure 2: Unlicensed frequency band 2.1 IEEE Standards The standard addresses the Media Access Control (MAC) and Physical () standards separately. The original standard provides data rates of 1 to 2 Mbps and three fundamentally different mechanisms of operation namely: Infrared, 2.4 GHz Frequency Hopping Spread Spectrum (FHSS), and 2.4 GHz Direct Sequence Spread Spectrum (DSSS). The MAC standard was responsible to coordinate an access mechanism, which allows fair access to the medium. Figure 3 shows the model. MAC layer The MAC sub-layer provides three functions: a reliable method to transmit data for users, shared access to the medium among users, and the protection of transmitted data accomplished through encryption. IEEE 802.1x standard The IEEE 802.1x is a standardized method for securing network access from network devices through the use of ports. IEEE 802.1x standard is intended to provide a port-based network access control. This is achieved by use of a dual-port model in which two ports are used to access the network: the uncontrolled port and controlled port (See Figures 5 and 6). Figure 5: Uncontrolled port in authentication [8] IEEE LLC IEEE MAC MAC OSI layer2 (Data Link) Frequency Hopping Spread Spectrum Direct Sequence Spread Spectrum Infrared Figure 3: OSI model and corresponding structures [6] OSI layer1 (Physical) Figure 6: Controlled port in the authentication [8] +,*--.

3 During the authentication operation in IEEE 802.1x, three main components are involved: the supplicant, the authenticator and the authentication server. The supplicant serves as a client to have access to network resources; the authenticator is an Access Point which manages the wireless traffic and decides whether the packet is forward or not and; authentication server which is normally a RADIUS server and serves to decides whether packets from the supplicant users are legal or not. In IEEE specification both Authenticator and supplicant are called Port Access Entry (PAE) [8].When the IEEE 802.1x is enabled in the authenticator, the authentication service operates as shown in Figure 7. There are three important protocols used in 802.1x: Extensible Authentication Protocol (EAP), Extensible Authentication Protocol On LAN (EAPOL) and Remote Authentication Dial In User Service (RADIUS). EAPOL is used to transmit data between Supplicant and Authenticator while RADIUS is used to deliver packets between Authenticator and Authentication Server. EAP uses many kinds of authentication method which can be divided into two categories: password-based authentication such as EAP-MD5 and certificate-based authentication such as EAP-TLS and PEAP. The following sections introduce EAP-Authentication protocols. implemented in the same hardware since TKIP is a modified version of WEP. Many references are discussing these encryption protocols, e.g. [2], [4], [7], [8], [9]. Figure 8: EAP-TLS Authentication [8] 3. Test-lab implantation A miniature 802.1x authentication and WLAN encryption based platform was implemented in test-lab to carry out measurements of the security overhead associated with the 802.1x authentication and WLAN encryption. This section focuses on the selection of hardware equipments and software configuration. EAP-MD5 Figure 7: EAPOL exchange over 802.1x [8] There are many kinds of EAP-MD5 authentication protocols: the EAP-MD5 Challenge Handshake Authentication Protocol (EAP-MD5 CHAP) and EAP-MD5 Tunneled Authentication Protocol (EAP-MD5-Tunneled). They all do authentication by a user name and a password. It is vulnerable for the Man-In- Middle attack [8]. EAP-TLS EAP-TLS supports many features such as mutual authentication, key exchange, reassembly and session resumption which can help increase system security. EAP-TLS authentication takes seven steps shown in Figure 8 [8]. EAP-TLS supports Mutual Authentication, Session key exchange, Fragmentation and reassembly, and Fast reconnect. Because EAP-TLS supports session resumption, it can speed up re-authentication operation. Hardware selection The WLAN test-lab was basically built on a Cisco Aironet Access Point series 1200 because it supports the 802.1x authentication and WLAN encryption providing secure, affordable and easy-to-use WLAN solution suitable for home and organization environments. It is Wi-Fi certified and a, b, g fully compliant WLAN transceiver. Figure 9 shows the miniature support WLAN platform configuration used to run the test. The two servers were selected according to the software requirements, i.e. to support the 802.1x authentication and WLAN encryption. The wireless clients were also selected according to the software requirements which are compliant with the 802.1x authentication and WLAN encryption. Table- 1 shows the details of the hardware equipments used for experimentation purposes /0./(., -.*, (3( /0 ( Encryption protocols IEEE has several methods providing end-to-end security on data streams through encryption. Currently, they are Wired Equivalent Protocol (WEP) [2], [7], Temporal Key Integrity Protocol (TKIP) and Counter Mode/CBC-MAC Protocol (CCMP) which are widely used today. These protocols each rely on different methods to encrypt data with some form of key. This work focuses on WEP and TKIP because both can be "".*+ 32( ,.* (2 32( ,.* Figure 9: WLAN platform configuration (2 32(3 1,.*

4 Table - 1: Hardware specification Equipments Model Processor Network Adapter Server #1 Dell optiplex 2.80 GHz Integrated Ethernet NIC GX280 Server #2 Dell optiplex 2.80 GHz Integrated Ethernet NIC GX280 AP Cisco Aironet 1200 series Switch Cisco Catalyst 2950 series Wireless TOSHIBA Satellite 1.73 GHz Integrated Wireless Client Pro adapter A/B/G compliant Wireless TOSHIBA Qosmio 2.13 GHz Integrated Wireless F20 adapter A/B/G compliant Software selection Most of the current Operating Systems support add-on 802.1x software for both server and client while other have 802.1xsupport integrated into the Operating System itself. Microsoft has produced two WLAN security solution based on 802.1x authentication and WLAN encryption tilted Securing Wireless LANs with PEAP and Passwords which uses simple usernames and passwords to authenticate user and computer on WLAN and Securing Wireless LANs with Certificate Services which uses public key certificates to authenticate users and computers to the WLAN. In this work, the solution with certificate services was selected because it provides strong authentication through public key certificates. Wireless test-lab configuration The configuration for the wireless test-lab is designed using a minimum number of computers. Individual computers are used to separate the services provided on the network and to clearly show the desired functionality. The infrastructure for the wireless test-lab network consists of four computers performing the following roles: Server #1 is a computer running Microsoft Server 2003 with Service Pack 1 (SP1), Standard Edition named IAS1 that is acting as a Remote Authentication Dial-In User Service (RADIUS) server. Server #2 is a computer running Microsoft Windows Server 2003 with Service Pack 1 (SP1), Enterprise Edition, named DC1 that is acting as a domain controller, a Domain Name System (DNS) server, a Dynamic Host Configuration Protocol (DHCP) server Two computer running Windows XP Professional with SP2 named CLIENT1 and CLIENT2 that is acting as a wireless clients. 4. Network performance basis To measure the network performance, it was important to define some measurable entities that reflect the performance of the network. Performance metrics There are many metrics that are commonly used to characterize the performance of networks.table-2 outlines some parallels in performance expectations of end users and network operators. Table - 2: End user and Network metrics [9] END USER METRIC NETWORK METRIC Responsiveness One-Way Delay (OWD) Round-Trip Time (RTT) Delay Variation(Jitter) Capacity and Throughput Maximum Transfer Unit(MTU) Bandwidth Delay Product (BDP) Reliability Availability Delay Variation (Jitter) Packet Loss Packet Reordering TCP Performance TCP as the prevalent transport protocol used on the Internet today, provides the service of a reliable byte stream, and adapts the rate of transfer to the state of the network and the receiver. TCP includes the following basic mechanisms: - Segments that fit into IP packets, into which the bytestream is split by the sender, A checksum for each segment, A window, which bounds the amount of data in flight between the sender and the receiver, Acknowledgements, by which the receiver tells the sender about segments received successfully [9]. The Optimum TCP Window Size Most server-class (Solaris, AIX, UnixWare, Lunix, xbsd) operating systems have the window size set at a large multiple of the IP packet size usually in the range of 64Kbytes to 1Gbytes. The client and server negotiate a large window size allowing for the reception of multiple packets before an acknowledgement is required. The formula that governs the optimum window size is: TCP window Size Bandwidth inbytes Latency RTT ( ) ( ) It is seen from this that the window size can vary greatly depending on the communication link type and the bandwidth. For example a 10M LAN with 1 millisecond Latency (RTT), only needs a TCP Window Size of 1250 bytes. Consumer desktop operating systems such as Windows 2000, XP, etc. have default TCP Window Size of 8760 bytes, which means that less than six packets, can be in transit before an acknowledgement is required. Test-lab measurement In the above section we discuss some of the performance metrics but more focus in this work was given to the bandwidth and time response which helped to compare the security level applied to the test-lab. Bandwidth is generally defined as data per unit time. However, bandwidth of a link is not a precisely defined term and specific metrics must be defined first. 4.1 Measurement tools There are two methods for measuring any network: an active method consists of injecting unnecessary packets into the network at high rate while a passive method consists of data collection, data storage and extraction and calculation metrics. Wireshark software and Iperf were used to help for the measurement processes. Iperf Iperf is an active measurement tool designed for measuring network metrics at the transport layer level, either TCP or UDP. Thus, it reports bandwidth (throughput), delay, jitter, and datagram loss. In this work, Iperf helped to compare the TCP throughput reported while several security polices were configured on the test-lab. The tool uses memory-to-memory data transfers from a client instance on a sending host to a server instance on a receiving host. The server instance start listening on a user specified TCP or UDP port, thus allowing measurement point to witch a user can connect. After a measurement has been taken, the receiver (server) reports the results to the sender (client), where it is displayed to the user. Iperf is the most powerful bandwidth measurement tool compared to others such as Qcheck because window size is an adjustable parameter.

5 Wireshark Wireshark like Ethereal is a freely distributed packet capturing tool that allows user to view all packet transfers in or out of Ethernet or Wireless interface of network adapter. Wireshark is used in this work to display the number of message exchanged and associated time during the authentication phase before the client access the network. Thus it helps to compare the response time while several security policies was configured. 4.2 Security policies and associated overhead To study the effect of security policies on network performance, we considered three network scenarios and four security policies. Network scenario Scenario 1 (S-1): In this scenario the experimental test-lab is entirely within the lab, it is composed of one server and one labtop which acts as a wireless client. This scenario is used to test maximum TCP-throughput for the link because there are no additional workstations to share the medium bandwidth. Scenario 2 (S-2): In this scenario the client (Client 1) is moved in another room; 60 meter from server. This scenario is used to test available throughput for a medium saturated with bricks, metal and glasses. Scenario 3 (S-3): In this scenario the experimental platform is entirely within the lab, but it is composed of one server and two lab-tops which act as wireless clients (Client 1, Client 2). This scenario is used to test data throughput for a shared link. Security policies Security policies in this work are designed according to the security services provided by the security protocol configured in the test-lab. Five policies are considered. No Security (P-1): No security means there is no security service enabled in the network. This policy is used as the reference level toward overhead. WEP Policy (P-2): WEP configuration provides confidentiality service on a network; it involves encryption mechanism which scrambles the communication between the access point and clients devices to keep the communication private. Both the access point and the client devises use the same WEP key to encrypt and encrypt radio signals. This policy does not have any impact on latency but impact more the data throughput in a saturated environment. Table-3: Security policies (A= authentication, C= Confidentiality, I=Integrity, NR- Non repudiation, MA- Mutual Authentication N0 Security Policy A C I NR MA P-1 No Security P-2 WEP Y P x-EAP-TLS Y Y Y Y Y P x-EAP-TLS-WEP-128 Y Y Y Y Y P-5 WPA-EAP-TLS-TKIP Y Y Y Y Y 802.1x-EAP-TLS Policy (P-3): This policy provides: - Extensible Authentication Protocol (EAP) as a transport mechanism support TLS. - Network traffic is encrypted with WEP with a dynamic key management. Integrity service is provided between the Access point and RADIUS server during the authentication processes x-EAP-TLS-WEP 128 Policy (P-4): This policy differs from the previous policy on the encryption mode which is WEP- 128 instead of WEP. Thus, this policy impacts the time response while the mutual authentication service is being provided and data throughput is affected by the encryption mechanism used. WPA-EAP-TLS-TKIP policy (P-5): This policy is based on WPA. It provides data encryption through TKIP, authentication and mutual authentication services through EAP protocol in TLS mode. In this policy there is a wait time during which the user authenticates the server and vice-versa resulting in an increase in response time. 4.3 Measurement procedures We used the session mode and we run the test 15 times for every scenario/security policy combination Measuring the encryption overhead Encryption mechanism protecting the data traffic on a wireless link affect more data throughput because once the wireless client authenticates successfully with the RADIUS server and keys have been exchanged all the data traffic within the network will be encrypted for the entire session. Below are steps outline to measure the throughput for TCP traffic with Iperf: Start at Domain Controller Server Iperf in server mode, set the time test to 10 Sec (default) and the window size to 8 Kbyte (default), Start at the Wireless Client Iperf in client mode, set the time test to 10 Sec (default) and the window size to 8 Kbyte (default), Start with initial test until a steady state values are reported thus run the fifteen trials Measuring the authentication overhead Once the Wireless Client tries to connect to a Wireless Network, if the authentication service is enabled the Wireless Client authenticates with the RADIUS Server and this involves encryption and authentication mechanism. Since the network access is blocked for the client until successful authentication this encryption mechanism does not affect data throughput but instead the response time is affected. The time form the first authentication message received while the Wireless Client attempt to connect to the Wireless Network to the success authentication message then key exchanged message received at the Wireless Client assuring success authentication is considered as Authentication time. In this work we assume the response time to be equal to the authentication time since the response time if the is no authentication service enabled within the Wireless network is little and can be neglected. 5. Experimental Results and Data Analysis The experimental results were collected using Iperf Tool and Wiresharck Software for each security policy configuration/network scenario combination. Authentication messages Wireshark Software starts at the Wireless Client the matter that helped us to visualize all the messages receive and sent from the wireless adapter. This, in turn, helped us to determine the response time. Table-4 presents mean number after fifteen tests of authentication messages exchanged between the Wireless Client and the Access Point. The reason for the same number of message exchanged for P-3 and P-4 is that both P-3 and P-4 uses 802.1x and EAP-TLS for the authentication service but differ from the encryption mechanism. Table 4: Authentication message exchanged (P-1 and P-2 do not include authentication) P-3 P-4 P-5 Authentication Messages Authentication time The authentication time is the time involved from the first message received by Wireless Client from EAP-message to the instant when the client receives the RADIUS server a message assuring connectivity. Table-5 presents the average

6 authentication time for security policies P-3, P-4 and P-5 respectively. Table - 5: Authentication time Security policy P-3 P-4 P-5 Average time TCP-Throughput We run the three scenarios S1, S2, and S3 and for each scenario the TCP-throughput are measured. The results are shown in Table-6 and shown graphically in Figure 10. Table-6: Test-1: Iperf window size: 8 Kbs (default) Scenario TCP-throughput in Kbps P1 P2 P3 P4 P5 S S S Discussions and Conclusions 1. Scenario 1: Figure 12 clearly shows the effects of encryption mechanisms on the TCP-Throughput compared to the reference policy P-1. The average available TCP-throughput of Kbps over a 2 Mbps link rate collected for No security Police was the reference TCP-throughput. When we enabled encryption the impact was as follows: When static WEP enabled, a TCP throughput suffer from a drop of 40Kbps (0.19%); when WEP enabled with 802.1x authentication services introduces an overhead of 149Kbps (0.72%), WEP-128 enabled with 802.1x authentication services introduces an overhead of (0.30%) and finally the TKIP enabled with 802.1x authentication and WPA key management introduces an overhead of 47Kbps (0.22%). In this scenario, P-3 is the leading policy consuming more TCP-throughput while P- 3, P-4 and P-5 are the most recommended policies in terms of security provided. 2. Scenario 2 is used to study the effect of distance and blockage material on throughput. It is clear that this caused a large drop in the throughput. This explains the drop in the throughput of the reference Policy P1 from Kbps in S-1 to Kbps in S-2. To analyze the effect of security alone the reference data throughput in S-2 is 15747Kbps. Static WEP introduces a throughput drop of 678 Kbps (4.3%), the WEP with 802.1x authentication introduces a throughput drop of 9,369 Kbps (59.5%), WEP-128 with 802.1x authentication introduces a throughput reduction of 10,344 Kbps (65.7%) then finally TKIP with 802.1x authentication and WPA key management (6.7%). In this scenario, it is clear that P-3 and P-4 have more effect on the TCP-throughput in a link saturated with blockage materials. This is an important result to be considered further since S-2 relates the reality in enterprise environment. 3. Scenario 3: In this scenario beside the effect of security on throughput we added another phenomenon, the effect of network load. This explains the throughput drop associated with the reference policy P-1 form Kbps in S- 1 to Kbps in S-3. The data throughput of Kbps was chosen as reference data throughput to analyze the effect of security alone in S-3. As is shown from the numerical and graphical results, Static WEP introduces a throughput drop of 44 Kbps (0.2%), the WEP with 802.1x authentication introduces a throughput drop of 5,074 Kbps (34%), WEP-128 with 802.1x authentication introduces a throughput reduction of 5147 Kbps (35%) then finally TKIP with 802.1x authentication and WPA key management introduces a drop of 3,375 (23%). Then in this scenario, it is clear that P-3 and P-4 are still leading policies towards available throughput consumption. The effect of network load is also an important issue to be considered further since S-3 relates also the reality in enterprise environment. 4. The results show in the effect of adding encryption and authentication on the performance of the network. 6. References [1] Dawoud D.S., Alexis B, P.Dawoud A Study of the Energy Consumption of Security Encryption Policies in Wireless Devices Submitted to SATNAC008 [2] Ghassan Kbar, Wathiq Mansoor Testing the Performance of Wireless Lan Asia-pacific Conference on Communications, Perth, Western Australia, October [3] Nilufar Baghaei «IEEE Wireless LAN Security Performance Using Multiple Clients» Honours Project Report. Department of Computer Science and Software Engineering University of Canterbury, Christchurch, New Zealand, [4] Harold Lars McCarter Analyzing Wireless LAN Security Overhead. M.Sc thesis in Electrical Engineering. Virginia Polytechnic Institute and State University. Falls Church, Virginia, April [5] Maria Isabel A. S. Neto, «Wireless Networks for the developing world: The Regulation and Use of License-Exempt Radio Bands in Africa» M.Sc thesis in Technology and Policy at the Massachusetts Institute of Technology, June [6] Farhood Moslehi, «Simulation of the MAC Portion of IEEE and Bursts of Errors for Wireless Data Networks» M.Sc thesis in Systems Engineering at Virginia Polytechnic Institute and State University. Master [7] Sohail Hirani,«Energy Consumption of Encryption Schemes in Wireless Devices» M.Sc Thesis in Telecommunications, University of Pittsburg, School of Information Science, Department of Information Science and Telecommunications, 2003 [8] Kerry McKat,«Trade-offs Between Energy and Security in Wireless Networks» M.Sc Thesis in Computer Science at Worcester Polytechnic Institute, April 2005 [9] Erica Simcoe, Hirsh Goldberg, and Mehmet Ucal, «An Examination of Security Algorithm Flaws in Wireless Networks», The Institute for Systems Research, A. James Clerk Scholl of Engineering, 2004 D.S.Dawoud is a Professor in Computer Engineering- University of KwaZulu Natal. His main fields of research are: Computer Engineering, Network Security and Encryption and Embedded Systems. Fig.10 Effect of using security policies on throughput