Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Randomized permutation routing in multihop ad hoc networks with unknown destinations

A large variety of permutation routing protocols in a single-hop Network are known to day. Since they are single hop, there is always a wireless path connecting two nodes. One way to solve this problem in a multiple hop environment is to partition nodes into clusters, where a node in each cluster called clusterhead is responsible for the routing service. In this paper, we propose a clustering mechanism to perform permutation routing in multi-hop ad hoc Networks having p stations and in which n data items are saved. We first develop a clustering algorithm to partition stations into clusters. Secondly, we run a locally permutation routing to broadcast items to their local destinations in each group. Finally we use a multicast procedure to transmit outgoing items to their final cluster destination.1st IFIP International Conference on Ad-Hoc NetWorkingRed de Universidades con Carreras en Informática (RedUNCI

LS-AODV: A ROUTING PROTOCOL BASED ON LIGHTWEIGHT CRYPTOGRAPHIC TECHNIQUES FOR A FANET OF NANO DRONES

With the battlespace rapidly shifting to the cyber domain, it is vital to have secure, robust routing protocols for unmanned systems. Furthermore, the development of nano drones is gaining traction, providing new covert capabilities for operators at sea or on land. Deploying a flying ad hoc network (FANET) of nano drones on the battlefield comes with specific performance and security issues. This thesis provides a novel approach to address the performance and security concerns faced by FANET routing protocols, and, in our case, is specifically tailored to improve the Ad Hoc On-Demand Distance Vector (AODV) routing protocol. The proposed routing protocol, Lightweight Secure Ad Hoc On-Demand Distance Vector (LS-AODV), uses a lightweight stream cipher, Trivium, to encrypt routing control packets, providing confidentiality. The scheme also uses Chaskey-12-based message authentication codes (MACs) to guarantee the authenticity and integrity of control packets. We use a network simulator, NS-3, to compare LS-AODV against two benchmark routing protocols, AODV and the Optimized Link State Routing (OLSR) protocol, in order to gauge network performance and security benefits. The simulation results indicate that when the FANET is not under attack from black-hole nodes, LS-AODV generally outperforms OLSR but performs slightly worse than AODV. On the other hand, LS-AODV emerges as the protocol of choice when a FANET is subject to a black-hole attack.ONROutstanding ThesisLieutenant, United States NavyApproved for public release. Distribution is unlimited

Randomized permutation routing in multihop ad hoc networks with unknown destinations

A large variety of permutation routing protocols in a single-hop Network are known to day. Since they are single hop, there is always a wireless path connecting two nodes. One way to solve this problem in a multiple hop environment is to partition nodes into clusters, where a node in each cluster called clusterhead is responsible for the routing service. In this paper, we propose a clustering mechanism to perform permutation routing in multi-hop ad hoc Networks having p stations and in which n data items are saved. We first develop a clustering algorithm to partition stations into clusters. Secondly, we run a locally permutation routing to broadcast items to their local destinations in each group. Finally we use a multicast procedure to transmit outgoing items to their final cluster destination.1st IFIP International Conference on Ad-Hoc NetWorkingRed de Universidades con Carreras en Informática (RedUNCI

Security architecture for law enforcement agencies

In order to carry out their duty to serve and protect, law enforcement agencies (LEAs) must deploy new tools and applications to keep up with the pace of evolving technologies. However, police information and communication technology (ICT) systems have stringent security requirements that may delay the deployment of these new applications, since necessary security measures must be implemented first. This paper presents an integrated security architecture for LEAs that is able to provide common security services to novel and legacy ICT applications, while fulfilling the high security requirements of police forces. By reusing the security services provided by this architecture, new systems do not have to implement custom security mechanisms themselves, and can be easily integrated into existing police ICT infrastructures. The proposed LEA security architecture features state-of-the-art technologies, such as encrypted communications at network and application levels, or multifactor authentication based on certificates stored in smart cards.Web of Science7517107321070

An Analytical Model for Wireless Mesh Networks with Collision-Free TDMA and Finite Queues

Wireless mesh networks are a promising technology for connecting sensors and actuators with high flexibility and low investment costs. In industrial applications, however, reliability is essential. Therefore, two time-slotted medium access methods, DSME and TSCH, were added to the IEEE 802.15.4 standard. They allow collision-free communication in multi-hop networks and provide channel hopping for mitigating external interferences. The slot schedule used in these networks is of high importance for the network performance. This paper supports the development of efficient schedules by providing an analytical model for the assessment of such schedules, focused on TSCH. A Markov chain model for the finite queue on every node is introduced that takes the slot distribution into account. The models of all nodes are interconnected to calculate network metrics such as packet delivery ratio, end-to-end delay and throughput. An evaluation compares the model with a simulation of the Orchestra schedule. The model is applied to Orchestra as well as to two simple distributed scheduling algorithms to demonstrate the importance of traffic-awareness for achieving high throughput.Comment: 17 pages, 14 figure

Authentication In Wireless Sensor Networks

Tez (Yüksek Lisans) -- İstanbul Teknik Üniversitesi, Fen Bilimleri Enstitüsü, 2005Thesis (M.Sc.) -- İstanbul Technical University, Institute of Science and Technology, 2005Bu çalışmada önerilmiş veya gerçekleştirilmiş kablosuz duyarga ağları asıllama protokolleri incelenmiş ve ayrıntılarıyla açıklanmıştır. Bu protokollerin olumlu ve olumsuz yanları incelenmiş ve bazı karşılaştırmalar yapılmıştır. Son olarak, tamamıyla gerçeklenmiş olan ilk kablosuz duyarga ağları veri bağı katmanı asıllama protokolü TinySec incelenmiştir. TinySec alınan mesajların asıllanabilmesi için mesajların sonuna kapalı anahtarla hesaplanan ve bir şifreleme algoritmasına dayanan mesaj asıllama kodu eklemektedir. Bu çalışmada mesaj asıllama kodu hesaplanmasında kullanılan şifreleme algoritması ve altyapı değiştirilerek, performans karşılaştırılması yapılmıştır. RC5 ve Skipjack algoritmaları kullanılarak yapılan karşılaştırmalarda RC5 ile yapılan asıllamanın daha hızlı olduğu ve daha az güç tükettiği sonucuna varılmıştır.In this study, a broad range of on going research efforts in authentication within the wireless sensor networks are described in detail. Advantages and disadvantages of the proposed systems are described and some comparisons are made. Finally, TinySec which is said to be the first fully implemented link layer security architecture for wireless sensor networks is discussed. TinySec uses message authentication codes for authentication which are formed by secure hash functions and an encryption algorithm. In this thesis TinySec’s underlying authentication and encryption mechanism is changed and compared by using two different encryption algorithms which are RC5 and Skipjack. It is seen that using RC5 for authentication within TinySec is slightly faster than using Skipjack and it consumes less power.Yüksek LisansM.Sc