Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Multicast Mobility in Mobile IP Version 6 (MIPv6) : Problem Statement and Brief Survey

Publisher PD

Multicast broadcast services support in OFDMA-based WiMAX systems [Advances in mobile multimedia]

Multimedia stream service provided by broadband wireless networks has emerged as an important technology and has attracted much attention. An all-IP network architecture with reliable high-throughput air interface makes orthogonal frequency division multiplexing access (OFDMA)-based mobile worldwide interoperability for microwave access (mobile WiMAX) a viable technology for wireless multimedia services, such as voice over IP (VoIP), mobile TV, and so on. One of the main features in a WiMAX MAC layer is that it can provide'differentiated services among different traffic categories with individual QoS requirements. In this article, we first give an overview of the key aspects of WiMAX and describe multimedia broadcast multicast service (MBMS) architecture of the 3GPP. Then, we propose a multicast and broadcast service (MBS) architecture for WiMAX that is based on MBMS. Moreover, we enhance the MBS architecture for mobile WiMAX to overcome the shortcoming of limited video broadcast performance over the baseline MBS model. We also give examples to demonstrate that the proposed architecture can support better mobility and offer higher power efficiency

Efficient Micro-Mobility using Intra-domain Multicast-based Mechanisms (M&M)

One of the most important metrics in the design of IP mobility protocols is the handover performance. The current Mobile IP (MIP) standard has been shown to exhibit poor handover performance. Most other work attempts to modify MIP to slightly improve its efficiency, while others propose complex techniques to replace MIP. Rather than taking these approaches, we instead propose a new architecture for providing efficient and smooth handover, while being able to co-exist and inter-operate with other technologies. Specifically, we propose an intra-domain multicast-based mobility architecture, where a visiting mobile is assigned a multicast address to use while moving within a domain. Efficient handover is achieved using standard multicast join/prune mechanisms. Two approaches are proposed and contrasted. The first introduces the concept proxy-based mobility, while the other uses algorithmic mapping to obtain the multicast address of visiting mobiles. We show that the algorithmic mapping approach has several advantages over the proxy approach, and provide mechanisms to support it. Network simulation (using NS-2) is used to evaluate our scheme and compare it to other routing-based micro-mobility schemes - CIP and HAWAII. The proactive handover results show that both M&M and CIP shows low handoff delay and packet reordering depth as compared to HAWAII. The reason for M&M's comparable performance with CIP is that both use bi-cast in proactive handover. The M&M, however, handles multiple border routers in a domain, where CIP fails. We also provide a handover algorithm leveraging the proactive path setup capability of M&M, which is expected to outperform CIP in case of reactive handover.Comment: 12 pages, 11 figure

Multi-Service Group Key Establishment for Secure Wireless Mobile Multicast Networks

yesRecently there is high demand in distributing multimedia services over the internet to ubiquitous and computational intelligent mobile subscribers by the service providers (SPs). In this instance, provision of those services must be restricted to authorized subscribers via integration of authentication and group key management (GKM). GKM with diverse group services subscribed dynamically by moving subscribers in wireless networks has been omitted in conventional approaches. However it is expected that significant key management overhead will arise in them due to multi-services co-existing in the same network. In this paper, we propose a scalable decentralized multi-service GKM scheme considering host mobility in wireless environment. In the scheme, authentication of mobile subscribers and key management phases are delegated from the trusted domain key distributor (DKD) to the subgroup controllers known as area key distributors (AKD). The trusted intermediate AKDs can then establish and distribute the service group keys to valid subscribers in a distributed manner using identity-based encryption without involving the domain key distributor (DKD). This alleviates unnecessary delays and possible bottlenecks at the DKD. We show by simulation that the proposed scheme has some unique scalability properties over known schemes in terms of optimized rekeying communication and storage overheads. The security performance studies have shown resilience to various attacks

Software Defined Networks based Smart Grid Communication: A Comprehensive Survey

The current power grid is no longer a feasible solution due to ever-increasing user demand of electricity, old infrastructure, and reliability issues and thus require transformation to a better grid a.k.a., smart grid (SG). The key features that distinguish SG from the conventional electrical power grid are its capability to perform two-way communication, demand side management, and real time pricing. Despite all these advantages that SG will bring, there are certain issues which are specific to SG communication system. For instance, network management of current SG systems is complex, time consuming, and done manually. Moreover, SG communication (SGC) system is built on different vendor specific devices and protocols. Therefore, the current SG systems are not protocol independent, thus leading to interoperability issue. Software defined network (SDN) has been proposed to monitor and manage the communication networks globally. This article serves as a comprehensive survey on SDN-based SGC. In this article, we first discuss taxonomy of advantages of SDNbased SGC.We then discuss SDN-based SGC architectures, along with case studies. Our article provides an in-depth discussion on routing schemes for SDN-based SGC. We also provide detailed survey of security and privacy schemes applied to SDN-based SGC. We furthermore present challenges, open issues, and future research directions related to SDN-based SGC.Comment: Accepte

A Taxonomy of Self-configuring Service Discovery Systems

We analyze the fundamental concepts and issues in service discovery. This analysis places service discovery in the context of distributed systems by describing service discovery as a third generation naming system. We also describe the essential architectures and the functionalities in service discovery. We then proceed to show how service discovery fits into a system, by characterizing operational aspects. Subsequently, we describe how existing state of the art performs service discovery, in relation to the operational aspects and functionalities, and identify areas for improvement

Secure and Efficient Distributed Relay-Based Rekeying Algorithm for Group Communication in Mobile Multihop Relay Network

In mobile multihop relay (MMR) networks, Relay multicast rekeying algorithm (RMRA) is meant to ensure secure multicast communication and selective updating of keys in MMR networks. However, in RMRA, the rekeying is carried out after a specific interval of time, which cannot ensure the security for multicast communication on joining the member. Secondly, the rekeying scheme generates a huge communication overhead on the serving multihop relay base station (MR-BS) on frequent joining of members. Lastly, there is nothing about when a member left the group communication. Thus, the rekeying scheme of RMRA fails to provide forward and backward secrecy and also is not scalable. To solve this problem, an improved rekeying scheme based on broadcasting a new seed value on joining and leaving of a member for updating the ongoing key management is proposed. The proposed scheme solves the issue of forward and backward secrecy and the scalability in a very simplified way. The forward and backward secrecy of the proposed scheme has been extensively validated by formal method using rank theorem. Furthermore, mathematical derivation showed that the proposed scheme out-performed the RMRA in terms of communication cost and complexity

Supporting service discovery, querying and interaction in ubiquitous computing environments.

In this paper, we contend that ubiquitous computing environments will be highly heterogeneous, service rich domains. Moreover, future applications will consequently be required to interact with multiple, specialised service location and interaction protocols simultaneously. We argue that existing service discovery techniques do not provide sufficient support to address the challenges of building applications targeted to these emerging environments. This paper makes a number of contributions. Firstly, using a set of short ubiquitous computing scenarios we identify several key limitations of existing service discovery approaches that reduce their ability to support ubiquitous computing applications. Secondly, we present a detailed analysis of requirements for providing effective support in this domain. Thirdly, we provide the design of a simple extensible meta-service discovery architecture that uses database techniques to unify service discovery protocols and addresses several of our key requirements. Lastly, we examine the lessons learnt through the development of a prototype implementation of our architecture

Efficient Security Protocols for Fast Handovers in Wireless Mesh Networks

Wireless mesh networks (WMNs) are gaining popularity as a flexible and inexpensive replacement for Ethernet-based infrastructures. As the use of mobile devices such as smart phones and tablets is becoming ubiquitous, mobile clients should be guaranteed uninterrupted connectivity and services as they move from one access point to another within a WMN or between networks. To that end, we propose a novel security framework that consists of a new architecture, trust models, and protocols to offer mobile clients seamless and fast handovers in WMNs. The framework provides a dynamic, flexible, resource-efficient, and secure platform for intra-network and inter-network handovers in order to support real-time mobile applications in WMNs. In particular, we propose solutions to the following problems: authentication, key management, and group key management. We propose (1) a suite of certificate-based authentication protocols that minimize the authentication delay during handovers from one access point to another within a network (intra-network authentication). (2) a suite of key distribution and authentication protocols that minimize the authentication delay during handovers from one network to another (inter-network authentication). (3) a new implementation of group key management at the data link layer in order to reduce the group key update latency from linear time (as currently done in IEEE 802.11 standards) to logarithmic time. This contributes towards minimizing the latency of the handover process for mobile members in a multicast or broadcast group