Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

Investigating Open Issues in Swarm Intelligence for Mitigating Security Threats in MANET

The area of Mobile Adhoc Network (MANET) has being a demanded topic of research for more than a decade because of its attractive communication features associated with various issues. This paper primarily discusses on the security issues, which has been still unsolved after abundant research work. The paper basically stresses on the potential features of Swarm Intelligence (SI) and its associated techniques to mitigate the security issues. Majority of the previous researches based on SI has used Ant Colony Optimization (ACO) or Particle Swarm Optimization (PSO) extensively. Elaborated discussion on SI with respect to trust management, authentication, and attack models are made with support of some of the recent studies done in same area. The paper finally concludes by discussing the open issues and problem identification of the review

Collaboration Enforcement In Mobile Ad Hoc Networks

Mobile Ad hoc NETworks (MANETs) have attracted great research interest in recent years. Among many issues, lack of motivation for participating nodes to collaborate forms a major obstacle to the adoption of MANETs. Many contemporary collaboration enforcement techniques employ reputation mechanisms for nodes to avoid and penalize malicious participants. Reputation information is propagated among participants and updated based on complicated trust relationships to thwart false accusation of benign nodes. The aforementioned strategy suffers from low scalability and is likely to be exploited by adversaries. To address these problems, we first propose a finite state model. With this technique, no reputation information is propagated in the network and malicious nodes cannot cause false penalty to benign hosts. Misbehaving node detection is performed on-demand; and malicious node punishment and avoidance are accomplished by only maintaining reputation information within neighboring nodes. This scheme, however, requires that each node equip with a tamper-proof hardware. In the second technique, no such restriction applies. Participating nodes classify their one-hop neighbors through direct observation and misbehaving nodes are penalized within their localities. Data packets are dynamically rerouted to circumvent selfish nodes. In both schemes, overall network performance is greatly enhanced. Our approach significantly simplifies the collaboration enforcement process, incurs low overhead, and is robust against various malicious behaviors. Simulation results based on different system configurations indicate that the proposed technique can significantly improve network performance with very low communication cost

A Taxonomy on Misbehaving Nodes in Delay Tolerant Networks

Delay Tolerant Networks (DTNs) are type of Intermittently Connected Networks (ICNs) featured by long delay, intermittent connectivity, asymmetric data rates and high error rates. DTNs have been primarily developed for InterPlanetary Networks (IPNs), however, have shown promising potential in challenged networks i.e. DakNet, ZebraNet, KioskNet and WiderNet. Due to unique nature of intermittent connectivity and long delay, DTNs face challenges in routing, key management, privacy, fragmentation and misbehaving nodes. Here, misbehaving nodes i.e. malicious and selfish nodes launch various attacks including flood, packet drop and fake packets attack, inevitably overuse scarce resources (e.g., buffer and bandwidth) in DTNs. The focus of this survey is on a review of misbehaving node attacks, and detection algorithms. We firstly classify various of attacks depending on the type of misbehaving nodes. Then, detection algorithms for these misbehaving nodes are categorized depending on preventive and detective based features. The panoramic view on misbehaving nodes and detection algorithms are further analyzed, evaluated mathematically through a number of performance metrics. Future directions guiding this topic are also presented

Spectrum sharing security and attacks in CRNs: a review

Cognitive Radio plays a major part in communication technology by resolving the shortage of the spectrum through usage of dynamic spectrum access and artificial intelligence characteristics. The element of spectrum sharing in cognitive radio is a fundament al approach in utilising free channels. Cooperatively communicating cognitive radio devices use the common control channel of the cognitive radio medium access control to achieve spectrum sharing. Thus, the common control channel and consequently spectrum sharing security are vital to ensuring security in the subsequent data communication among cognitive radio nodes. In addition to well known security problems in wireless networks, cognitive radio networks introduce new classes of security threats and challenges, such as licensed user emulation attacks in spectrum sensing and misbehaviours in the common control channel transactions, which degrade the overall network operation and performance. This review paper briefly presents the known threats and attacks in wireless networks before it looks into the concept of cognitive radio and its main functionality. The paper then mainly focuses on spectrum sharing security and its related challenges. Since spectrum sharing is enabled through usage of the common control channel, more attention is paid to the security of the common control channel by looking into its security threats as well as protection and detection mechanisms. Finally, the pros and cons as well as the comparisons of different CR - specific security mechanisms are presented with some open research issues and challenges

Secure Routing and Medium Access Protocols inWireless Multi-hop Networks

While the rapid proliferation of mobile devices along with the tremendous growth of various applications using wireless multi-hop networks have significantly facilitate our human life, securing and ensuring high quality services of these networks are still a primary concern. In particular, anomalous protocol operation in wireless multi-hop networks has recently received considerable attention in the research community. These relevant security issues are fundamentally different from those of wireline networks due to the special characteristics of wireless multi-hop networks, such as the limited energy resources and the lack of centralized control. These issues are extremely hard to cope with due to the absence of trust relationships between the nodes. To enhance security in wireless multi-hop networks, this dissertation addresses both MAC and routing layers misbehaviors issues, with main focuses on thwarting black hole attack in proactive routing protocols like OLSR, and greedy behavior in IEEE 802.11 MAC protocol. Our contributions are briefly summarized as follows. As for black hole attack, we analyze two types of attack scenarios: one is launched at routing layer, and the other is cross layer. We then provide comprehensive analysis on the consequences of this attack and propose effective countermeasures. As for MAC layer misbehavior, we particularly study the adaptive greedy behavior in the context of Wireless Mesh Networks (WMNs) and propose FLSAC (Fuzzy Logic based scheme to Struggle against Adaptive Cheaters) to cope with it. A new characterization of the greedy behavior in Mobile Ad Hoc Networks (MANETs) is also introduced. Finally, we design a new backoff scheme to quickly detect the greedy nodes that do not comply with IEEE 802.11 MAC protocol, together with a reaction scheme that encourages the greedy nodes to become honest rather than punishing them

Performance of management solutions and cooperation approaches for vehicular delay-tolerant networks

A wide range of daily-life applications supported by vehicular networks attracted the interest, not only from the research community, but also from governments and the automotive industry. For example, they can be used to enable services that assist drivers on the roads (e.g., road safety, traffic monitoring), to spread commercial and entertainment contents (e.g., publicity), or to enable communications on remote or rural regions where it is not possible to have a common network infrastructure. Nonetheless, the unique properties of vehicular networks raise several challenges that greatly impact the deployment of these networks. Most of the challenges faced by vehicular networks arise from the highly dynamic network topology, which leads to short and sporadic contact opportunities, disruption, variable node density, and intermittent connectivity. This situation makes data dissemination an interesting research topic within the vehicular networking area, which is addressed by this study. The work described along this thesis is motivated by the need to propose new solutions to deal with data dissemination problems in vehicular networking focusing on vehicular delay-tolerant networks (VDTNs). To guarantee the success of data dissemination in vehicular networks scenarios it is important to ensure that network nodes cooperate with each other. However, it is not possible to ensure a fully cooperative scenario. This situation makes vehicular networks suitable to the presence of selfish and misbehavior nodes, which may result in a significant decrease of the overall network performance. Thus, cooperative nodes may suffer from the overwhelming load of services from other nodes, which comprises their performance. Trying to solve some of these problems, this thesis presents several proposals and studies on the impact of cooperation, monitoring, and management strategies on the network performance of the VDTN architecture. The main goal of these proposals is to enhance the network performance. In particular, cooperation and management approaches are exploited to improve and optimize the use of network resources. It is demonstrated the performance gains attainable in a VDTN through both types of approaches, not only in terms of bundle delivery probability, but also in terms of wasted resources. The results and achievements observed on this research work are intended to contribute to the advance of the state-of-the-art on methods and strategies for overcome the challenges that arise from the unique characteristics and conceptual design of vehicular networks.O vasto número de aplicações e cenários suportados pelas redes veiculares faz com que estas atraiam o interesse não só da comunidade científica, mas também dos governos e da indústria automóvel. A título de exemplo, estas podem ser usadas para a implementação de serviços e aplicações que podem ajudar os condutores dos veículos a tomar decisões nas estradas, para a disseminação de conteúdos publicitários, ou ainda, para permitir que existam comunicações em zonas rurais ou remotas onde não é possível ter uma infraestrutura de rede convencional. Contudo, as propriedades únicas das redes veiculares fazem com que seja necessário ultrapassar um conjunto de desafios que têm grande impacto na sua aplicabilidade. A maioria dos desafios que as redes veiculares enfrentam advêm da grande mobilidade dos veículos e da topologia de rede que está em constante mutação. Esta situação faz com que este tipo de rede seja suscetível de disrupção, que as oportunidades de contacto sejam escassas e de curta duração, e que a ligação seja intermitente. Fruto destas adversidades, a disseminação dos dados torna-se um tópico de investigação bastante promissor na área das redes veiculares e por esta mesma razão é abordada neste trabalho de investigação. O trabalho descrito nesta tese é motivado pela necessidade de propor novas abordagens para lidar com os problemas inerentes à disseminação dos dados em ambientes veiculares. Para garantir o sucesso da disseminação dos dados em ambientes veiculares é importante que este tipo de redes garanta a cooperação entre os nós da rede. Contudo, neste tipo de ambientes não é possível garantir um cenário totalmente cooperativo. Este cenário faz com que as redes veiculares sejam suscetíveis à presença de nós não cooperativos que comprometem seriamente o desempenho global da rede. Por outro lado, os nós cooperativos podem ver o seu desempenho comprometido por causa da sobrecarga de serviços que poderão suportar. Para tentar resolver alguns destes problemas, esta tese apresenta várias propostas e estudos sobre o impacto de estratégias de cooperação, monitorização e gestão de rede no desempenho das redes veiculares com ligações intermitentes (Vehicular Delay-Tolerant Networks - VDTNs). O objetivo das propostas apresentadas nesta tese é melhorar o desempenho global da rede. Em particular, as estratégias de cooperação e gestão de rede são exploradas para melhorar e optimizar o uso dos recursos da rede. Ficou demonstrado que o uso deste tipo de estratégias e metodologias contribui para um aumento significativo do desempenho da rede, não só em termos de agregados de pacotes (“bundles”) entregues, mas também na diminuição do volume de recursos desperdiçados. Os resultados observados neste trabalho procuram contribuir para o avanço do estado da arte em métodos e estratégias que visam ultrapassar alguns dos desafios que advêm das propriedades e desenho conceptual das redes veiculares