Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Secure and Privacy-Preserving Authentication Protocols for Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation wireless networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to service providers. As WMNs become an increasingly popular replacement technology for last-mile connectivity to the home networking, community and neighborhood networking, it is imperative to design efficient and secure communication protocols for these networks. However, several vulnerabilities exist in currently existing protocols for WMNs. These security loopholes can be exploited by potential attackers to launch attack on WMNs. The absence of a central point of administration makes securing WMNs even more challenging. The broadcast nature of transmission and the dependency on the intermediate nodes for multi-hop communications lead to several security vulnerabilities in WMNs. The attacks can be external as well as internal in nature. External attacks are launched by intruders who are not authorized users of the network. For example, an intruding node may eavesdrop on the packets and replay those packets at a later point of time to gain access to the network resources. On the other hand, the internal attacks are launched by the nodes that are part of the WMN. On example of such attack is an intermediate node dropping packets which it was supposed to forward. This chapter presents a comprehensive discussion on the current authentication and privacy protection schemes for WMN. In addition, it proposes a novel security protocol for node authentication and message confidentiality and an anonymization scheme for privacy protection of users in WMNs.Comment: 32 pages, 10 figures. The work is an extended version of the author's previous works submitted in CoRR: arXiv:1107.5538v1 and arXiv:1102.1226v

The InterMesh Network Architecture

The rapid spread of mobile devices, the emergence of key wireless technologies, and the nomadic user and computing lifestyles on current networks are continuously evolving in synergy. MANETs, WSNs, and WMNs are examples of self-organizing unstructured networks that have their local communication paradigms and are optimized to perform under their particular physical constraints. Wireless Mesh Networks (WMNs) are particularly interesting because of their ability to operate in a pure ad-hoc mode or to include some infrastructural components, making them suitable for a multitude of applications. Inter-networking among the heterogeneous access networks is currently offered by the Internet Protocol (IP). However, the evolution of and the innovation within these networks is greatly hindered by the rigidity of the current Internet implementation and its lag in efficiently supporting flexible unstructured communication paradigms. To broaden the user\u27s innovation space and to efficiently embrace the characteristics of emerging networks, clean-slate architectural approaches are being pursued. In this paper, we propose InterMesh, a novel iner-networking platform for wireless mesh networks. InterMesh enables heterogeneous access networks to converge at novel Persistent Identification and Networking Layer (PINL), providing a seamless service to individual network entities. This paper identifies the key concepts behind the InterMesh network platform, presents an interesting prototype implementation that can coexist with today\u27s Internet while still be able to evolve separately, and discusses some preliminary performance results of the prototype

Wireless body sensor networks for health-monitoring applications

This is an author-created, un-copyedited version of an article accepted for publication in Physiological Measurement. The publisher is not responsible for any errors or omissions in this version of the manuscript or any version derived from it. The Version of Record is available online at http://dx.doi.org/10.1088/0967-3334/29/11/R01

Smart Grid Communications: Overview of Research Challenges, Solutions, and Standardization Activities

Optimization of energy consumption in future intelligent energy networks (or Smart Grids) will be based on grid-integrated near-real-time communications between various grid elements in generation, transmission, distribution and loads. This paper discusses some of the challenges and opportunities of communications research in the areas of smart grid and smart metering. In particular, we focus on some of the key communications challenges for realizing interoperable and future-proof smart grid/metering networks, smart grid security and privacy, and how some of the existing networking technologies can be applied to energy management. Finally, we also discuss the coordinated standardization efforts in Europe to harmonize communications standards and protocols.Comment: To be published in IEEE Communications Surveys and Tutorial

Validation platform implementation description – D5.2

Deliverable D5.2 del projecte OneFITPostprint (published version

Design of a UMTS/GPRS Assisted Mesh Network (UAMN)

Wireless Mesh or multi-hop networks (WMNs) are well known thanks to its simplicity on deployment and the lack of infrastructure. These two advantages come with some drawbacks. WMNs have limitations with the support of Quality of Service (QoS), they do not assure coverage or even connectivity, and security, management and monitoring are not considered key requirements. In order to benefit of mesh networks and use them as an operator graded network, it is necessary to either improve mesh networks to fulfill all these requirements or use an alternative network that offers full availability, connectivity and security to assist the mesh network. Considering the two options, the second is the one selected making use of GPRS/UMTS as an assistant network. The document describes a set of requirements and the design of the functionalities needed to build an operator graded network using the cellular GPRS/UMTS. The aspects covered in the design are: security, quality of service, mobility, self configuration and optimization. The last point, optimization, is not directly involved with mesh networking, but it is an improvement easy to achieve when using a gateway node to access the Internet through a GPRS/UMTS connection. The design of the solution not only considers functionality, but also feasibility employing of the shelve elements. The mesh nodes and gateways are built on top of Linux operating system with the aim to reuse previous results and open source software. The final objective of the project is to build a usable system to be used as a proof of concept.Peer Reviewe

Multi-layer traffic control for wireless networks

Le reti Wireless LAN, così come definite dallo standard IEEE 802.11, garantiscono connettività senza fili nei cosiddetti “hot-spot” (aeroporti, hotel, etc.), nei campus universitari, nelle intranet aziendali e nelle abitazioni. In tali scenari, le WLAN sono denotate come “ad infrastruttura” nel senso che la copertura della rete è basata sulla presenza di un “Access Point” che fornisce alle stazioni mobili l’accesso alla rete cablata. Esiste un ulteriore approccio (chiamato “ad-hoc”) in cui le stazioni mobili appartenenti alla WLAN comunicano tra di loro senza l’ausilio dell’Access Point. Le Wireless LAN tipicamente sono connesse alla rete di trasporto (che essa sia Internet o una Intranet aziendale) usando un’infrastruttura cablata. Le reti wireless Mesh ad infrastruttura (WIMN) rappresentano un’alternativa valida e meno costosa alla classica infrastruttura cablata. A testimonianza di quanto appena affermato vi è la comparsa e la crescita sul mercato di diverse aziende specializzate nella fornitura di infrastrutture di trasporto wireless e il lancio di varie attività di standardizzazione (tra cui spicca il gruppo 802.11s). La facilità di utilizzo, di messa in opera di una rete wireless e i costi veramente ridotti hanno rappresentato fattori critici per lo straordinario successo di tale tecnologia. Di conseguenza possiamo affermare che la tecnologia wireless ha modificato lo stile di vita degli utenti, il modo di lavorare, il modo di passare il tempo libero (video conferenze, scambio foto, condivisione di brani musicali, giochi in rete, messaggistica istantanea ecc.). D’altro canto, lo sforzo per garantire lo sviluppo di reti capaci di supportare servizi dati ubiqui a velocità di trasferimento elevate è strettamente legato a numerose sfide tecniche tra cui: il supporto per l’handover tra differenti tecnologie (WLAN/3G), la certezza di accesso e autenticazione sicure, la fatturazione e l’accounting unificati, la garanzia di QoS ecc. L’attività di ricerca svolta nell’arco del Dottorato si è focalizzata sulla definizione di meccanismi multi-layer per il controllo del traffico in reti wireless. In particolare, nuove soluzioni di controllo del traffico sono state realizzate a differenti livelli della pila protocollare (dallo strato data-link allo strato applicativo) in modo da fornire: funzionalità avanzate (autenticazione sicura, differenziazione di servizio, handover trasparente) e livelli soddisfacenti di Qualità del Servizio. La maggior parte delle soluzioni proposte in questo lavoro di tesi sono state implementate in test-bed reali. Questo lavoro riporta i risultati della mia attività di ricerca ed è organizzato nel seguente modo: ogni capitolo presenta, ad uno specifico strato della pila protocollare, un meccanismo di controllo del traffico con l’obiettivo di risolvere le problematiche presentate precedentemente. I Capitoli 1 e 2 fanno riferimento allo strato di Trasporto ed investigano il problema del mantenimento della fairness per le connessioni TCP. L’unfairness TCP conduce ad una significativa degradazione delle performance implicando livelli non soddisfacenti di QoS. Questi capitoli descrivono l’attività di ricerca in cui ho impiegato il maggior impegno durante gli studi del dottorato. Nel capitolo 1 viene presentato uno studio simulativo delle problematiche di unfairness TCP e vengono introdotti due possibili soluzioni basate su rate-control. Nel Capitolo 2 viene derivato un modello analitico per la fairness TCP e si propone uno strumento per la personalizzazione delle politiche di fairness. Il capitolo 3 si focalizza sullo strato Applicativo e riporta diverse soluzioni di controllo del traffico in grado di garantire autenticazione sicura in scenari di roaming tra provider wireless. Queste soluzioni rappresentano parte integrante del framework UniWireless, un testbed nazionale sviluppato nell’ambito del progetto TWELVE. Il capitolo 4 descrive, nuovamente a strato Applicativo, una soluzione (basata su SIP) per la gestione della mobilità degli utenti in scenari di rete eterogenei ovvero quando diverse tecnologie di accesso radio sono presenti (802.11/WiFi, Bluetooth, 2.5G/3G). Infine il Capitolo 5 fa riferimento allo strato Data-Link presentando uno studio preliminare di un approccio per il routing e il load-balancing in reti Mesh infrastrutturate.Wireless LANs, as they have been defined by the IEEE 802.11 standard, are shared media enabling connectivity in the so-called “hot-spots” (airports, hotel lounges, etc.), university campuses, enterprise intranets, as well as “in-home” for home internet access. With reference to the above scenarios, WLANs are commonly denoted as “infra-structured” in the sense that WLAN coverage is based on “Access Points” which provide the mobile stations with access to the wired network. In addition to this approach, there exists also an “ad-hoc” mode to organize WLANs where mobile stations talk to each other without the need of Access Points. Wireless LANs are typically connected to the wired backbones (Internet or corporate intranets) using a wired infrastructure. Wireless Infrastructure Mesh Networks (WIMN) may represent a viable and cost-effective alternative to this traditional wired approach. This is witnessed by the emergence and growth of many companies specialized in the provisioning of wireless infrastructure solutions, as well as the launch of standardization activities (such as 802.11s). The easiness of deploying and using a wireless network, and the low deployment costs have been critical factors in the extraordinary success of such technology. As a logical consequence, the wireless technology has allowed end users being connected everywhere – every time and it has changed several things in people’s lifestyle, such as the way people work, or how they live their leisure time (videoconferencing, instant photo or music sharing, network gaming, etc.). On the other side, the effort to develop networks capable of supporting ubiquitous data services with very high data rates in strategic locations is linked with many technical challenges including seamless vertical handovers across WLAN and 3G radio technologies, security, 3G-based authentication, unified accounting and billing, consistent QoS and service provisioning, etc. My PhD research activity have been focused on multi-layer traffic control for Wireless LANs. In particular, specific new traffic control solutions have been designed at different layers of the protocol stack (from the link layer to the application layer) in order to guarantee i) advanced features (secure authentication, service differentiation, seamless handover) and ii) satisfactory level of perceived QoS. Most of the proposed solutions have been also implemented in real testbeds. This dissertation presents the results of my research activity and is organized as follows: each Chapter presents, at a specific layer of the protocol stack, a traffic control mechanism in order to address the introduced above issues. Chapter 1 and Charter 2 refer to the Transport Layer, and they investigate the problem of maintaining fairness for TCP connections. TCP unfairness may result in significant degradation of performance leading to users perceiving unsatisfactory Quality of Service. These Chapters describe the research activity in which I spent the most significant effort. Chapter 1 proposes a simulative study of the TCP fairness issues and two different solutions based on Rate Control mechanism. Chapter 2 illustrates an analytical model of the TCP fairness and derives a framework allowing wireless network providers to customize fairness policies. Chapter 3 focuses on the Application Layer and it presents new traffic control solutions able to guarantee secure authentication in wireless inter-provider roaming scenarios. These solutions are an integral part of the UniWireless framework, a nationwide distributed Open Access testbed that has been jointly realized by different research units within the TWELVE national project. Chapter 4 describes again an Application Layer solution, based on Session Initiation Protocol to manage user mobility and provide seamless mobile multimedia services in a heterogeneous scenario where different radio access technologies are used (802.11/WiFi, Bluetooth, 2.5G/3G networks). Finally Chapter 5 refers to the Data Link Layer and presents a preliminary study of a general approach for routing and load balancing in Wireless Infrastructure Mesh Network. The key idea is to dynamically select routes among a set of slowly changing alternative network paths, where paths are created through the reuse of classical 802.1Q multiple spanning tree mechanisms

Secure 3G user authentication in ad-hoc serving networks

The convergence of cellular and IP technologies has pushed the integration of 3G and WLAN networks to the forefront. With 3G networks\u27 failure to deliver feasible bandwidth to the customer and the emerging popularity, ease of use and high throughput of 802.11 WLANs, integrating secure access to 3G services from WLANs has become a primary focus. 3G user authentication initiated from WLANs has been defined by an enhancement to the extensible authentication protocol, EAP, used to transport user authentication requests over WLANs. The EAP-AKA protocol executes the 3G USIM user challenge and response authentication process over the IP backbone for WLAN serving networks. To improve the degree of control of 3G subscribers, spatial control has been proposed for 3G-WLAN user authentication. Successful execution of 3G security algorithms can be limited to a specified area by encrypting a user\u27s authentication challenge with spatial data defining his/her visited WLAN. With 3G networks\u27 limited capacity to determine a user\u27s location to the granularity of a small WLAN area and restricted access to users\u27 location due to privacy, 3G operators must rely on spatial data sent from visited WLANs to implement control for authentication. The risks of implementing EAP-AKA spatial control by 3G operators with no prior relationship or trust for serving WLAN networks are presented in this paper. An ad-hoc architecture is proposed for serving networks in 3G-WLAN integration and the advantages of this architecture that facilitate secure 3G user authentication are identified. Algorithms are proposed to define robust trust relationships between the parties in 3G-WLAN networks. The security of 3G user authentication is further protected by new mechanisms defined that are based on the quality of trust established between parties

Fast Authentication in Multi-Hop Infrastructure-based Communication

Multi-hop infrastructure-based communication is expected to play a vital role in supporting high data-rate multimedia access to mobile devices. The advantages are significant in highly mobile scenarios such as intra-vehicular networks. However, mobile nodes in these networks suffer from long authentication delays, which adversely affect the goodput. In this work, we propose two techniques to shorten the initial authentication delay without compromising the authentication process and overall security. One of the techniques, called fast authentication, admits data traffic temporarily through the network to the gateway and the immediate parent node of the joining node presents network-side authentication. The other technique, called prefetch-assisted authentication, allows the authenticated wireless nodes to prefetch and store the authentication vectors of the potential mobile clients. We investigate several unique features of our proposed schemes and find their performance to be suitable for infrastructure-based multi-hop wireless communications