Secure and Privacy-Preserving Authentication Protocols for Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation wireless networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to service providers. As WMNs become an increasingly popular replacement technology for last-mile connectivity to the home networking, community and neighborhood networking, it is imperative to design efficient and secure communication protocols for these networks. However, several vulnerabilities exist in currently existing protocols for WMNs. These security loopholes can be exploited by potential attackers to launch attack on WMNs. The absence of a central point of administration makes securing WMNs even more challenging. The broadcast nature of transmission and the dependency on the intermediate nodes for multi-hop communications lead to several security vulnerabilities in WMNs. The attacks can be external as well as internal in nature. External attacks are launched by intruders who are not authorized users of the network. For example, an intruding node may eavesdrop on the packets and replay those packets at a later point of time to gain access to the network resources. On the other hand, the internal attacks are launched by the nodes that are part of the WMN. On example of such attack is an intermediate node dropping packets which it was supposed to forward. This chapter presents a comprehensive discussion on the current authentication and privacy protection schemes for WMN. In addition, it proposes a novel security protocol for node authentication and message confidentiality and an anonymization scheme for privacy protection of users in WMNs.Comment: 32 pages, 10 figures. The work is an extended version of the author's previous works submitted in CoRR: arXiv:1107.5538v1 and arXiv:1102.1226v

Medium access control for inter-gateway handoff support in multi-hop wireless mesh networks

Wireless mesh networks (WMNs) have emerged to be a key wireless technology to support large-scale wireless Internet access. Seamless inter-gateway handoff support is an essential issue to ensure continuous communications in multi-hop WMNs. When the movement of a mobile mesh node (MN) causes its attachment point change in the Internet, the complete handoff process may include two steps: the link-layer handoff and the network-layer handoff. During the network-layer handoff, network- layer signaling packets need to be transmitted between the MN and the Internet via the multi-hop wireless mesh backbone. Due to the multi-hop transmission of network- layer handoff signaling packets, the handoff performance in WMNs can be largely degraded by the long queueing delay and medium access delay at each mesh router, especially when the backbone traffic volume is high. However, this critical issue is ignored in existing handoff solutions of multi-hop WMNs. In addition, the channel contention between data packets and handoff signaling packets is not considered in existing medium access control (MAC) designs. In this research, the seamless handoff support is addressed from a different perspec- tive. By eliminating channel contentions between data and handoff signaling pack- ets, the queueing delay and channel access delay of signaling packets are reduced, while data throughput is maintained. Since various WMNs have different channel resources and hardware cost requirements, four MAC schemes are proposed to im- prove the multi-hop handoff performance in single-channel single-radio, single-channel multi-radio, multi-channel single-radio, and multi-channel multi-radio WMNs. With the proposed MAC schemes, the inter-gateway handoff performance can be improved significantly in multi-hop WMNs

Architectural and mobility management designs in internet-based infrastructure wireless mesh networks

Wireless mesh networks (WMNs) have recently emerged to be a cost-effective solution to support large-scale wireless Internet access. They have numerous ap- plications, such as broadband Internet access, building automation, and intelligent transportation systems. One research challenge for Internet-based WMNs is to design efficient mobility management techniques for mobile users to achieve seamless roam- ing. Mobility management includes handoff management and location management. The objective of this research is to design new handoff and location management techniques for Internet-based infrastructure WMNs. Handoff management enables a wireless network to maintain active connections as mobile users move into new service areas. Previous solutions on handoff manage- ment in infrastructure WMNs mainly focus on intra-gateway mobility. New handoff issues involved in inter-gateway mobility in WMNs have not been properly addressed. Hence, a new architectural design is proposed to facilitate inter-gateway handoff man- agement in infrastructure WMNs. The proposed architecture is designed to specifi- cally address the special handoff design challenges in Internet-based WMNs. It can facilitate parallel executions of handoffs from multiple layers, in conjunction with a data caching mechanism which guarantees minimum packet loss during handoffs. Based on the proposed architecture, a Quality of Service (QoS) handoff mechanism is also proposed to achieve QoS requirements for both handoff and existing traffic before and after handoffs in the inter-gateway WMN environment. Location management in wireless networks serves the purpose of tracking mobile users and locating them prior to establishing new communications. Existing location management solutions proposed for single-hop wireless networks cannot be directly applied to Internet-based WMNs. Hence, a dynamic location management framework in Internet-based WMNs is proposed that can guarantee the location management performance and also minimize the protocol overhead. In addition, a novel resilient location area design in Internet-based WMNs is also proposed. The formation of the location areas can adapt to the changes of both paging load and service load so that the tradeoff between paging overhead and mobile device power consumption can be balanced, and at the same time, the required QoS performance of existing traffic is maintained. Therefore, together with the proposed handoff management design, efficient mobility management can be realized in Internet-based infrastructure WMNs

MeshScan: a Fast and Efficient Handoff Scheme for IEEE 802.11 Wireless Mesh Networks

As a next generation network solution, Wireless Mesh Networks (WMN) provides fast Internet access to a large area, which is from university campus to city scale. In order to provide an uninterrupted Internet experience to a mobile client, a process called handoff is required to maintain the network connection from one Mesh Node (MN) to another MN. Ideally, handoff should be completely transparent to mobile users. A critical application like VoIP will require a handoff capability that transfers a call from one mesh node (MN) to another in less than 50 msec. However the current IEEE 802.11 standards do not address the handoff well. Studies have revealed that standard handoff on IEEE 802.11 WLANs incurs a latency of the order of hundreds of milliseconds to several seconds. Moreover, the discovery step in the handoff process accounts for more than 99% of this latency. The study addresses the latency in the discovery step by introducing an efficient and powerful client-side scan technique called MeshScan which replaces the discovery step with a unicast scan that transmits Authentication Request frames to potential MNs. A prototype of MeshScan has been developed based on the MadWifi WLAN driver on Linux operating systems. The feasibility of MeshScan to support fast handoff in WMNs has been demonstrated through extensive computer simulations and experiments under same given conditions. The results from the simulations and experiments show that the latency associated with handoff can be reduced from seconds to a few milliseconds by using the MeshScan technique. Furthermore, it is shown that MeshScan can continue to function effectively even under heavy traffic loads

Efficient Security Protocols for Fast Handovers in Wireless Mesh Networks

Wireless mesh networks (WMNs) are gaining popularity as a flexible and inexpensive replacement for Ethernet-based infrastructures. As the use of mobile devices such as smart phones and tablets is becoming ubiquitous, mobile clients should be guaranteed uninterrupted connectivity and services as they move from one access point to another within a WMN or between networks. To that end, we propose a novel security framework that consists of a new architecture, trust models, and protocols to offer mobile clients seamless and fast handovers in WMNs. The framework provides a dynamic, flexible, resource-efficient, and secure platform for intra-network and inter-network handovers in order to support real-time mobile applications in WMNs. In particular, we propose solutions to the following problems: authentication, key management, and group key management. We propose (1) a suite of certificate-based authentication protocols that minimize the authentication delay during handovers from one access point to another within a network (intra-network authentication). (2) a suite of key distribution and authentication protocols that minimize the authentication delay during handovers from one network to another (inter-network authentication). (3) a new implementation of group key management at the data link layer in order to reduce the group key update latency from linear time (as currently done in IEEE 802.11 standards) to logarithmic time. This contributes towards minimizing the latency of the handover process for mobile members in a multicast or broadcast group

A Framework for the Self-Configuration of Wireless Mesh Networks

The use of wireless radio technology is well established for narrowband access systems, but its use for broadband access is relatively new. Wireless mesh architecture is a first step towards providing high-bandwidth wireless network coverage, spectral efficiency, and economic advantage. However, the widespread adoption and use of Wireless Mesh Networks (WMN) as a backbone for large wireless access networks and for last-mile subscriber access is heavily dependent on the technology’s ease of deployment. In order for WMNs to be regarded as mainstream technology, it needs to gain a competitive edge compared to wireline technologies such as DSL and cable. To achieve this, a broadband wireless network must be self-configuring, self-healing and self-organizing. In this thesis, we address these challenges. First, we propose a four-stage scheme (power-up, bootstrapping, network registration, and network optimization). We develop algorithms for each of these stages, taking advantage of the inherent properties of WMNs to determine the network’s topology. The novel part of our scheme is in the de-coupling of the subscriber’s credentials from the network hardware. This is a key part of our architecture as it helps ensure quick network enrolment, management and portability. It also helps, in our opinion, make the concept of widespread deployment using commodity hardware feasible

Vertical Handoff between 802.11 and 802.16 Wireless Access Networks

Heterogeneous wireless networks will be dominant in the next-generation wireless networks with the integration of various wireless access networks. Wireless mesh networks will become to a key technology as an economically viable solution for wide deployment of high speed, scalable and ubiquitous wireless Internet services. In this thesis, we consider an interworking architecture of wireless mesh backbone and propose an effective vertical handoff scheme between 802.11 and 802.16 wireless access networks. The proposed vertical handoff scheme aims at reducing handoff signaling overhead on the wireless backbone and providing a low handoff delay to mobile nodes. The handoff signaling procedure in different scenarios is discussed. Together with call admission control, the vertical handoff scheme directs a new call request in the 802.11 network to the 802.16 network, if the admission of the new call in the 802.11 network can degrade quality-of-service (QoS) of the existing real-time traffic flows. Simulation results demonstrate the performance of the handoff scheme with respect to signaling cost, handoff delay, and QoS support