Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

A distributed key establishment scheme for wireless mesh networks using identity-based cryptography

In this paper, we propose a secure and efficient key establishment scheme designed with respect to the unique requirements of Wireless Mesh Networks. Our security model is based on Identity-based key establishment scheme without the utilization of a trusted authority for private key operations. Rather, this task is performed by a collaboration of users; a threshold number of users come together in a coalition so that they generate the private key. We performed simulative performance evaluation in order to show the effect of both the network size and the threshold value. Results show a tradeoff between resiliency and efficiency: increasing the threshold value or the number of mesh nodes also increases the resiliency but negatively effects the efficiency. For threshold values smaller than 8 and for number of mesh nodes in between 40 and 100, at least 90% of the mesh nodes can compute their private keys within at most 70 seconds. On the other hand, at threshold value 8, an increase in the number of mesh nodes from 40 to 100 results in 25% increase in the rate of successful private key generations

Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

Cloned Access Point Detection and Point Detection and Prevention Mechanism in IEEE 802.11 Wireless Mesh Networks

IEEE 802.11 Wireless Mesh Network (WMN) is an emerging low cost, decentralized community-based broadband technology, which is based on self-healing and multi-hop deployment of Access Points (APs), so that to increase the coverage area with maximum freedom to end-users to join or leave the network from anywhere anytime having low deployment and maintenance cost. Such kind of decentralized structure and multihop architecture increases its security vulnerabilities especially against the APs. One of such possible security attack is the placement of cloned AP to create serious performance degradation in IEEE 802.11 WMN. In this paper, we discuss the different security vulnerabilities of AP in IEEE 802.11 WMN along with possible research directions. We also propose a mutual cooperation mechanism between the multi-hop APs and serving gateway so that to detect and prevent the possibility of cloned AP. In this way the large scale exploitation of IEEE 802.11 WMN can be eliminated

MeshScan: a Fast and Efficient Handoff Scheme for IEEE 802.11 Wireless Mesh Networks

As a next generation network solution, Wireless Mesh Networks (WMN) provides fast Internet access to a large area, which is from university campus to city scale. In order to provide an uninterrupted Internet experience to a mobile client, a process called handoff is required to maintain the network connection from one Mesh Node (MN) to another MN. Ideally, handoff should be completely transparent to mobile users. A critical application like VoIP will require a handoff capability that transfers a call from one mesh node (MN) to another in less than 50 msec. However the current IEEE 802.11 standards do not address the handoff well. Studies have revealed that standard handoff on IEEE 802.11 WLANs incurs a latency of the order of hundreds of milliseconds to several seconds. Moreover, the discovery step in the handoff process accounts for more than 99% of this latency. The study addresses the latency in the discovery step by introducing an efficient and powerful client-side scan technique called MeshScan which replaces the discovery step with a unicast scan that transmits Authentication Request frames to potential MNs. A prototype of MeshScan has been developed based on the MadWifi WLAN driver on Linux operating systems. The feasibility of MeshScan to support fast handoff in WMNs has been demonstrated through extensive computer simulations and experiments under same given conditions. The results from the simulations and experiments show that the latency associated with handoff can be reduced from seconds to a few milliseconds by using the MeshScan technique. Furthermore, it is shown that MeshScan can continue to function effectively even under heavy traffic loads

An effective Denial of Service Attack Detection Method in Wireless Mesh Networks

AbstractIn order to detect the DoS attack (Denial-of-Service attack) when wireless mesh networks adopt AODV routing protocol of Ad Hoc networks. Such technologies as an end-to-end authentication, utilization rate of cache memory, two pre-assumed threshold value and distributed voting are used in this paper to detect DoS attacker, which is on the basic of hierarchical topology structure in wireless mesh networks. Through performance analysis in theory and simulations experiment, the scheme would improve the flexibility and accuracy of DoS attack detection, and would obviously improve its security in wireless mesh networks

A Secure Key Management Model for Wireless Mesh Networks

As Wireless Mesh Networks (WMNs) are newly emerging wireless technologies, they are designed to have huge potential for strengthening Internet deployment and access. However, they are far from muture for large-scale deployment in some applications due to the lack of the satisfactory guarantees on security. The main challenges exposed to the security of WMNs come from the facts of the shared nature of the wireless architecture and the lack of globally trusted central authorities. A well-performed security framework for WMNs will contribute to network survivability and strongly support the network growth. A low-computational and scalable key management model for WMNs is proposed in this paper which aims to guarantee well-performed key management services and protection from potential attacks

Group-Key Management Model for Worldwide Wireless Mesh Networks

Wireless Mesh Network (WMN) is an upcoming wireless network technology and is mainly used to provide broadband internet in remote locations. It is characterized by minimum fixed infrastructure requirement and is operated in an open medium, such that any user within the range covered by mesh routers may access the network. So a critical requirement for the security in WMN is the authentication of users. However, WMN is far from mature for large-scale deployment in some applications due to the lack of the satisfactory guarantees on security. A wellperformed security framework for WMN will contribute to network survivability and strongly support the network growth or reduction. A key management model to overcome the scalability issue on security aspect for large-scale deployment of WMN i.e. Worldwide WMN is proposed in this work, which aims to guarantee wellperformed key management services and protection from potential attacks. Here, we use a combination of techniques, such as zonebased topology structure, off-line CA, virtual certification authority ) etc