Performance Analysis of Wireless Network with the

impact of Security Mechanisms

Mudassar Ahmad1 , Sumaira Taj2 , Tasleem Mustafa3 , Md Asri4

1,4

Department of Computer Science and Communication, Universiti Teknologi Malaysia.

Department of Computer Science, University of Agriculture Faisalabad, Pakistan.
amudassar2@live.utm.my, sumaira1513@yahoo.com, tasleem mustafa@uaf.edu.pk, dr.asri@utm.my
2,3

AbstractThe growing popularity and evolutionary nature of

Wireless local area networks have raised some serious security
issues to its users which are being solved by advanced security
mechanisms. Applying strong security mechanisms affect the
TCP and UDP performance negatively. In this research TCP
and UDP performance is measured and investigated that how the
security affects on performance. The objective of this research
is to propose an approach to achieve maximum performance in
terms of TCP and UDP throughput and response time in Wireless
network. At the end we conclude that how our proposed approach
gains maximum TCP and UDP performance.

I. I NTRODUCTION
The market for wireless communications has made incredible growth during the past few years. Business and
the computer industry have an important place in Wireless
technologies [1]. Flexibility and mobility are the major benets
of wireless technologies. In wireless network data can be easily
accessed from anywhere because there is no headache of wires,
as in case of Wired Network [2]. The medium of transmission
in wireless communication is air, it makes the data insecure. So
security is very important issue in this sense because insecure
data cause a great loss for organizations. Several security
algorithms have been discovered to solve the IEEE 802.11
security issues. Performance reduction is the drawback of these
security algorithms. Effect of these algorithms is being studying [3]. This research unveils and compares the effects of WEP,
802.11x, and WPA on 802.11g wireless network performance.
In this search we used trafc type, transmission power and
security mechanisms as metrics to analyze the performance
of wireless network. The experiments are conducted using a
simple topology in a clean environment proving that 802.11g
wireless network. The rest of paper is organized as follows. In
section II, we discuss the related work. Section III describes
the experimental setup. Performance evaluation methodology
is explained in section IV. The results obtained are described
in section V. Further we present our conclusion and discuss
future work in section VI.
II. R ELATED W ORK
Wang et al [4] analyzed the impact of security on system
performance. Results demonstrated that the stronger the security, the more signaling and delay overhead. It was observed
that authentication time contributes more towards QoS degradation than cryptographic cost. Hunt et al [2] used multiple
clients to investigate the performance and security issues of
978-1-4673-4450-0/12/$31.00 2012 IEEE

IEEE 802.11 wireless LANs with the layered security model.

Nayak et al [5] analyzed the performance overhead caused
by WEP, IPSEC VPN and 801.1X etc and found that TCP
and UDP trafc behaves erratically. Change in security index
reduces the performance of WLAN. Results indicated that
802.1X and VPN can be used in future wireless systems
because of their exibility. Senat et al [3] studied the effect of
WEP and 802.11x on the performance of multi-client saturated
and unsaturated networks and proposed some ways to congure wireless networks such that security requirements can be
met in relation to performance impact. Barka and Boulmalf [6]
analyzed the throughput of 802.11g after applying different
encryption techniques of WPA and WEP. Narayan et al [7]
studied the performance of TCP and UDP in a client-server
environment on IEEE 802.11n and implemented WEP, WPA
and WPA2 with some variations. The research proved that
wireless performance was OS dependant and signicantly
affected by the encryption method and drop the throughput.
Narayan et al [8] enhanced their work by adding two more
Operating Systems in their previous research. Results showed
a decrease in throughput by applying encryption techniques,
jitter and drop rates were also differ; and WPA2 behaved
differently for each encryption method. Kolahi et al [9] evaluated the bandwidth after applying WPA2 and compared IPv4
and IPv6 with respect to the performance for Open system
and UDP protocol implemented. Research proved that IPv4
was better in open environment producing highest bandwidth
for UDP. Kolahi and Li [10] compared windows and Fedora,
to determine which operating systems will give the best
bandwidth performance over IPv6 networks. They concluded
that considering RTT and bandwidth, Fedora 12 provided the
best performance over IPv6. Likhar et al [11] implemented
OpenVPN rather than WEP to secure IEEE 802.11g. UDP
and TCP trafc was analyzed on various data rates and frame
sizes. They claimed that WEP can be replaced by OpenVPN to
get more performance in terms of throughput, latency, frame
loss and IP packet delay variation with the use of compression.
III. C ONTRIBUTIONS
The objective of this research is to propose an approach
to achieve maximum TCP and UDP performance in terms of
throughput and response time. Throughput is more affected
by the security mechanisms as compared to response time
in TCP. This was observed after analyzing the impact of

existing security mechanisms on the performance of TCP and

UDP in a wireless network. This research covered in three
contribution levels; rst, to nd the encryption technique that
produces low performance, this was achieved by conducting
an analysis of existing security mechanisms and measured
the performance by varying transmit power, TCP & UDP
windows/ datagram size. Second, to gured out the reason
behind the low performance and proposed some techniques
as an enhancement for the existing security mechanism to
get more performance in terms of throughput and response
time. And nally we compared the research results to nd
the best solution and proved that the proposed approach gain
maximum TCP and UDP performance in terms of throughput
and response time.
IV. E XPERIMENTAL S ETUP
The test bed placed in a single cell environment including
two laptops and an 802.11g access point to congure a traditional client/ server architecture in a wireless connection. One
laptop congured as a server station and the other as a client.
The server Sony VAIO VPCEA12EG Laptop is connected to
AP with a bandwidth of 100 Mbps wired connection. The
client Lenovo ThinkPad T61 Laptop is placed at a xed
distance of 7 meters from access point with a bandwidth of
54 Mbps wireless connection. Data trafc is not real-time; it
is generated by a trafc generating tool called iperf [12] that
is installed and congured on both stations. The laboratory is
designed as a clean environment with no background noise
or other interferences. Windows-based operating systems are
used because Windows-7 and Windows 2008 Server have a
built in implementation of the IEEE 802.11 security mechanisms and 802.1x authentication protocol such as PEAP.
TCP and UDP trafc of different packet size is generated by

TCP trafc types, UDP & TCP packet / window sizes, and
the transmit power of AP. Trafc is generated by using Iperf
as shown in Table-II & Table-III and then results are analyzed
using SPSS the statistical analysis tool. Performance metrics
considered here are Throughput in Mbits/sec and Response
time in seconds. We used 15 different security mechanisms as
shown in Table-I to check the impact of security protocols on
the performance of TCP & UDP. First in case of TCP, total
data sent is kept constant i.e. 15 M while the window size
is changed to 1K, 500K and 1000K. Then in case of UDP,
packet size is changed between 300 bytes, 600 bytes and 900
bytes keeping window size constant to 500K.
TABLE I
S ECURITY M ECHANISMS
Security Mechanisms
No security with SSID
MAC address authentication
Open System Authentication with 64-bit WEP Encryption
Open System Authentication with 128-bit WEP Encryption
Open System Authentication with 152-bit WEP Encryption
Shared Key Authentication with 64-bit WEP Encryption
Shared Key Authentication with 128-bit WEP Encryption
Shared Key Authentication with 152-bit WEP Encryption
Open System / Shared Key Authentication with 64-bit WEP Encryption
Open System/ Shared Key Authentication with 128-bit WEP Encryption
Open System / Shared Key Authentication with 152-bit WEP Encryption
WPA-PSK Authentication with AES Encryption
WPA-PSK Authentication with TKIP Encryption
WPA-EAP-PEAP Authentication with AES Encryption
WPA-EAP-PEAP Authentication with TKIP Encryption

Iperf commands with all the specied variations at Server

side are given in Table-II:
TABLE II
I PERF S YNTAX AT S ERVER SIDE

Iperf Syntax at Server side

iperf s D n 15M w 1K
iperf s D n 15M w 500K
iperf s D n 15M w 1000K
iperf s D n 15M w 500K u l 300
iperf s D n 15M w 500K u l 600
iperf s D n 15M w 500K u l 900

Iperf commands with all the specied variations at Client

side are given in Table-III.:
TABLE III
I PERF S YNTAX AT C LIENT SIDE

Fig. 1.

Experimental Setup, TestBed

Iperf. Total amount of data sent per session is kept constant

i.e. 15 MB. Performance evaluation is characterized on the
basis of Response Time and Throughput by varying Security
Mechanisms, Transmit Power, TCP windows size and UDP
datagram size.

Iperf Syntax at Server side

iperf c ms-client1 n 15M w
iperf c ms-client1 n 15M w
iperf c ms-client1 n 15M w
iperf c ms-client1 n 15M w
iperf c ms-client1 n 15M w
iperf c ms-client1 n 15M w

1K
500K
1000K
500K u b 54M l 300
500K u b 54M l 600
500K u b 54M l 900

V. P ERFORMANCE E VALUATION M ETHODOLOGY

VI. R ESULTS AND D ISCUSSION

UDP and TCP are the trafc models considered throughout

our experiments for a single client. Performance is evaluated
by applying some variations of security mechanisms, UDP &

The tradeoff between the network performances regarding

security is habitually ignored, but in this research, the effects of
different security mechanisms is studied and measured on the

performance of 802.11 wireless LANs. The results obtained

for the mean throughput and response time regarding security
protocols are analyzed below in following sections:
A. Effect of Security Mechanism

To check the effect of TCP window size on the network

performance, data trafc with three different window sizes is
generated using Iperf. It clearly can be noticed in Fig 3 and Fig
4 that increasing the window size producing more performance
in terms of Throughput and Response time. It proved that the
larger the window size the more the performance is.
C. Effect of Packet size

Fig. 2.

Analysis of Variance TCP and UDP Throughput and RTT

Fig. 5.

UDP Throughput Chart

Fig 2 shows that the result of one-way ANOVA at 95

percent condence interval is highly signicant, thus it proved
a decrease in performance with improved security. Results
showed that TCP performance is almost half of the UDP
performance under all the applied security mechanisms. That
proved maximum bandwidth utilization in UDP [3]. At minimum transmit power of AP, results obtained for response time
and throughput are opposed to each other; Response time of
UDP remains same but that of TCP is highest. Throughput
of TCP degrades but there is no effect on the performance of
UDP.
B. Effect of Windows size
Fig. 6.

UDP Response time Chart

UDP trafc is generated in three different packet sizes in

order to understand the impact of packet size on network
performance. The results in Fig 5 and Fig 6 clearly show
an inverse effect of packet size on UDP response time and
a direct effect on UDP throughput. It means that an increase
in packet size increase the UDP throughput but decrease the
response time.
D. Effect of Security with respect to Transmission power
Fig. 3.

TCP Throughput Chart

To check the effect of various transmission powers under

different security mechanisms on the network performance,
we change the transmit power of AP in three ways; full
transmission, half transmission, and minimum transmission.
Different transmit powers effect the performance in different
ways for each security mechanism. Results show that transmit
power has no effect on the performance of UDP whereas
TCP performance is strongly affected by the transmit power.
Full Transmission Power:

Fig. 4.

TCP Response time Chart

Figs 7 & 8 show some results about TCP; in case of

1K window size low performance is achieved in terms of

Fig. 7.

Fig. 8.

TCP Throughput - Full Transmit Power

TCP Response time - Full Transmit Power

mechanism 3 to 13. Here only at security mechanism 2,

lowest throughput and response time is achieved. Hence the
performance is good in 500K as compared to 1K window
size. Overall high performance is measured with xing the
window size to 1000K. This is because with larger window
size, security mechanisms work efciently, and transfer more
data in less time efciently. This means that applying security
in our WLANs must use such mechanism where TCP will
send data with larger windows size to have larger throughput
and low response time. Exceptions are OS-64bit-WEP, SK128bit-WEP, SK-152bit-WEP, and OS-SK-152bit-WEP which
give better performance at 1000K. Figs 9 & 10 show some
results about UDP; in case of 300byte datagram size low
performance is noticed from security mechanism 3 to security
mechanism 15. High throughput as well as the response time
is achieved at security mechanism 1 and 2. With 600byte
overall good throughput and same response time is noticed
in all security mechanisms. With a slight difference, overall
high performance is measured with 900bytes datagram size,
it shows a symmetric behavior. This is because with larger
packet size, security mechanisms work more efciently and
transfer more data in less time.
Half Transmission Power:

Fig. 11.
Fig. 9.

Fig. 10.

TCP Throughput Chart - Half Transmit Power

UDP Throughput - Full Transmit Power

UDP Response time - Full Transmit Power

throughput and response time at security mechanism 10 to

15. High performance is produced at security mechanism 6
to 9. At security mechanism 14; lowest throughput as well
as response time can be noticed. In case of 500K window
size, overall good throughput is analyzed from security

Fig. 12.

TCP Response time - Half Transmit Power

Figs 11-14 show that in case of TCP window size set to

1K low performance is noticed at security mechanism 3, 8,
10, 14 and 15 in terms of response time and throughput. High
performance is achieved at security mechanism 1, 2, 6 and
7. Lowest throughput as well as response time is achieved
at 14. Overall high performance is measured with window

Fig. 13.

Fig. 14.

UDP Throughput Chart - Half Transmit Power

UDP Response time Chart - Half Transmit Power

size set to 500K. Here the only lowest throughput is achieved

at 5 (Shared key 152-bit). Hence it gives overall a good
performance as compared to 1K window size. With 1000K
overall good throughput is achieved but only at security 14
and 15 low throughput is achieved. By comparing all window
sizes, 500K overall gave better performance than others in
case of Half transmits power. For UDP, result shows that in
case of 300byte packet size low throughput and low response
time is noticed between security mechanism 3 and 15. High
performance is analyzed at security mechanism 1 and 2. There
is no such difference in performance with 600bytes at all
security mechanisms. Overall high performance is seen in
terms of throughput and response time with 900byte packet
size, giving the impression that UDP does not have much
impact of security with large packet size. Its performance is
independent of packet sizes.
Minimum Transmission Power:
Figs 15-18 show that in case of 1K window size low
throughput is noticed from security mechanism 1 to 6. High
throughput is achieved from security mechanism 7 to 15.
Lowest throughput is achieved at 4. Overall high throughput is
measured with 500K TCP window size. Here lowest throughput is achieved at 1 & 15. With 1000K highest throughput is
achieved at 7,8,11 & 12 security mechanisms, low throughput
are achieved at security 1, 4 and 15. At security 3, 7, 10 and
11 1000K and 500K gave same throughput values which are
good. High response time is noticed in security mechanism 7
-14 with 1k window size. Low response time is achieved from

Fig. 15.

Fig. 16.

Fig. 17.

Fig. 18.

TCP Throughput Chart - Min Transmit Power

TCP Response time Chart - Min Transmit Power

UDP Throughput Chart - Min Transmit Power

UDP Response time Chart - Min Transmit Power

security mechanism1, 4 & 15. Overall high response time is

measured with 500K TCP window size. Here high response
time is achieved at 7 & 8. With 1000K lowest response time

is achieved at 1, 4 and 15 security mechanisms, high response

time is achieved from security 5 to 14. At security 3, 7, 10
and 11 1000K and 500K gave same response time values.
In case of UDP; results show that in case of 300byte packet
size low performance is noticed from security mechanism 3 to
15. High throughput and response time is achieved at security
mechanism 1 and 2. Lowest throughput and response time is
achieved at 12. With 600bytes overall good performance is
achieved. Overall high performance is measured with 900byte
UDP packet size, giving the impression that UDP does not
have much impact of security with large packet size. Its
performance does not degrade as that of TCP.
VII. C ONCLUSION AND F UTURE W ORK
Overall research concluded that security mechanisms effect
differently when taken some other factors, like; trafc types,
packet size, window size, and transmit power, into consideration. Results proved that UDP utilizes more bandwidth and is
less affected by other factors. TCP is affected by the change in
transmit power as with minimum 12.5 percent transmit power
security effect is reversed in case of TCP. To get maximum
performance for TCP; use shared key authentication with 128
bit WEP encryption, half transmit power and medium packet
size. On the other hand, UDP throughput with security is not
much affected by transmit power, it gives overall good performance than TCP trafc. WPA-EAP-PEAP Authentication with
AES Encryption can be used for UDP trafc for all transmit
powers and large packet size.
R EFERENCES
[1] W, S., IEEE 802.11: Moving Closer to Practical Wireless LANs in IT
Professional IEEE, 2001. 3(3): p. 17 - 23.
[2] Hunt., B.N.a.R., An Experimental Study of Cross-Layer Security Protocols. In Public Access Wireless Networks. . IEEE Globecom 2005, St.
Louis, USA., 2004.
[3] Senat, N.J., PERFORMANCE STUDY ON IEEE 802.11 WIRELESS
LOCAL AREA NETWORK SECURITY. 2006.
[4] Wang, A.A.K.a.W., An Experimental Study of Cross-Layer Security
Protocols. In Public Access Wireless Networks. IEEE Globecom 2005
[5] Nayak Debabrata, D.P., V. Gulati and N. Rajendran. , Modeling and
Performance Analysis of Security Architecture for Wireless Local Area
Network. . ENFORMATIKA V1 ISSN 1305-5313., 2004.
[6] Boulmalf, B.E.a.M., On The Impact of Security on the Performance
of WLANs; . Journal of Communications Proceedings of the IEEE,
Academy Publisher, 2007. 2(4): p. 10-17.
[7] Narayan S., T.F., X. Xu and S. Ardham, Network Performance Evaluation
of Wireless IEEE 802.11n Encryption Methods on Windows Vista and
Windows Server 2008 Operating Systems. IEEE Performance Evaluation,
2009: p. 1-5.
[8] Narayan S., T.F., X. Xu and S. Ardham, Impact of Wireless IEEE 802.11n
Encryption Methods on Network Performance of Operating Systems.
Second International Conference on Emerging Trends in Engineering and
Technology, 2009. 12: p. 1178-1183.
[9] Kolahi S.S., H.S., M. N. Ehsan and C. Dong, Performance of IPv4 and
IPv6 Using 802.11n WLAN in Windows 7- Windows 2008 environment.
Baltic Congress on Future Internet and Communication, 2011: p. 50-53.
[10] Li., K.S.S.a.P., Evaluating IPv6 in Peer-to-Peer 802.11n Wireless LANs.
IEEE Computer Society, 2011: p. 70-74.
[11] Likhar, P., Yadav, R. S., and M, K. R., SECURING IEEE 802.11G
WLAN USING OPEN VPN AND ITS IMPACT ANALYSIS. International Journal of Network Security and Its Applications (IJNSA), 2011.
3(6): p. 97-123.
[12] iperf , Network Bandwidth Measuring Tool.