Protected EAP (PEAP) MSCHAPV2 – Uses a TLS (Transport Layer Security) tunnel to protect an encapsulated MSCHAPv2 exchange between the Wi-Fi client and the authentication server. An Access Point (Ap) is an access network entity that provides a hitch point for STAs. It has an access network identifier that refers to the access network to which it belongs. In the area of the access network, the AP imposes access control of STAs connected to the access network. The AP uses the IEEE 802.11ah-2016 authentication control mechanism to control the number of associated STAs simultaneously. AP then sets up an SA with a STA and acts as an authenticator for STA. The AP must be able to identify SAS by the SAS identifier. Considering that a single AP can be associated with several thousand IoT devices, 802.11 AKM has too long access resources per device. Therefore, reducing the network costs of the proposed plan is effective not only for STA resources, but also for access network conditions.
Note that at this stage of mutual authentication, there is no role for the SAS. This allows you to choose different authentication methods that are not affected by STA resource limitations, and their future upgrades do not affect thousands of STAs. In this section, we present the performance analysis of the proposed mechanism, which focuses on the use of the resources of the IoT device. It is compared to the existing IEEE 802.11-2012 with IEEE 802.1X AKM (in this section it is briefly called “802.11 AKM”). It is assumed that the 802.11 AKM in this section uses the standard AKM suite (RSNA), the CTR with the CBC-MAC encryption protocol (CCMP) and the EAP with the Transport Security Protocol (EAP-TLS)  with RSA  – based on certification and key exchange. In this method, the AP sends an unencrypted challenge message to the customer who is trying to communicate with the access point. The customer device, which is attractive for authentication, encrypts the message and sends it back to AP. This section is for system administrators who are considering providing wireless NETWORK to businesses and provides an overview of the key security features currently available 802.11. The chapter focuses on Wi-fi Protected Access (WPA) and WPA2, but also briefly discusses the old WeP (Wired Equivalent Privacy) feature. Table 4 shows the cost of calculating the proposed AKM.
The total number of cycles of the proposed AKM is six kilo cycles. The delegation of the authentication process to the SAS leads to this impressive reduction in computational costs. The KDF delegation also reduces the cost of calculating the key installation process from 10 to 6 kilo-cycles. Service denial – A wireless network attack that prevents legitimate wireless users from accessing information or services on the network. This attack typically uses 802.11 management frameworks or HF interference in the same spectrum as the LAN wireless network.