Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

A SOLUTION TO SELECTIVE FORWARD ATTACK IN WIRELESS SENSOR NETWORK

Purpose of Study: Wireless mesh network represents a solution to provide wireless connectivity. There are some attacks on wireless sensor networks like black hole attack, sinkhole attack, Sybil attack, selective forwarding, etc. In this paper, we will concentrate on a selective forwarding attack. Selective Forwarding Attack is one of the many security threats in wireless sensor networks that can degrade network performance. An adversary on the transmission path selectively drops the packet. The adversary same time transfers the packet, while on a few occasions it drops the packet. It is difficult to detect this type of attack since the packet loss may be due to unreliable wireless communication. The proposed scheme is based on the trust value of each node. During data transmission, a node selects a downstream node that has the highest trust value, which is updated dynamically based on the number of packets a node has forwarded and dropped. Methodology: A comparative methodology is used in all existing schemes. We compared our scheme with the existing scheme and found that the packet loss in the proposed scheme is much less than the existing scheme. Result: We showed that our scheme essentially detects malicious nodes for each possible scenario. Regarding communication overhead, our scheme is more efficient than typical multipath schemes. Also, by utilizing an existing routing protocol which is secure against sinkhole attacks, our scheme also provides security against sinkhole attacks

A Survey on Spoofing and Selective Forwarding Attacks on Zigbee based WSN

The main focus of WSN is to gather data from the physical world. It is often deployed for sensing, processing as well as disseminating information of the targeted physical environments. The main objective of the WSN is to collect data from the target environment using sensors as well as transmit those data to the desired place of choice. In order to achieve an efficient performance, WSN should have efficient as well as reliable networking protocols. The most popular technology behind WSN is Zigbee. In this paper a pilot study is done on important security issues on spoofing and selective forwarding attack on Zigbee based WSN. This paper identifies the security vulnerabilities of Zigbee network and gaps in the existing methodologies to address the security issues and will help the future researchers to narrow down their research in WSN.Keywords: Zigbee, WSN, Protocol Stack, Spoofing and Selective Forwarding

Resilient networking in wireless sensor networks

This report deals with security in wireless sensor networks (WSNs), especially in network layer. Multiple secure routing protocols have been proposed in the literature. However, they often use the cryptography to secure routing functionalities. The cryptography alone is not enough to defend against multiple attacks due to the node compromise. Therefore, we need more algorithmic solutions. In this report, we focus on the behavior of routing protocols to determine which properties make them more resilient to attacks. Our aim is to find some answers to the following questions. Are there any existing protocols, not designed initially for security, but which already contain some inherently resilient properties against attacks under which some portion of the network nodes is compromised? If yes, which specific behaviors are making these protocols more resilient? We propose in this report an overview of security strategies for WSNs in general, including existing attacks and defensive measures. In this report we focus at the network layer in particular, and an analysis of the behavior of four particular routing protocols is provided to determine their inherent resiliency to insider attacks. The protocols considered are: Dynamic Source Routing (DSR), Gradient-Based Routing (GBR), Greedy Forwarding (GF) and Random Walk Routing (RWR)

Attack classification schema for smart city WSNs

Peer-reviewedUrban areas around the world are populating their streets with wireless sensor networks (WSNs) in order to feed incipient smart city IT systems with metropolitan data. In the future smart cities, WSN technology will have a massive presence in the streets, and the operation of municipal services will be based to a great extent on data gathered with this technology. However, from an information security point of view, WSNs can have failures and can be the target of many different types of attacks. Therefore, this raises concerns about the reliability of this technology in a smart city context. Traditionally, security measures in WSNs have been proposed to protect specific protocols in an environment with total control of a single network. This approach is not valid for smart cities, as multiple external providers deploy a plethora of WSNs with different security requirements. Hence, a new security perspective needs to be adopted to protect WSNs in smart cities. Considering security issues related to the deployment of WSNs as a main data source in smart cities, in this article, we propose an intrusion detection framework and an attack classification schema to assist smart city administrators to delimit the most plausible attacks and to point out the components and providers affected by incidents. We demonstrate the use of the classification schema providing a proof of concept based on a simulated selective forwarding attack affecting a parking and a sound WSN.Las zonas urbanas de todo el mundo están poblando sus calles con redes de sensores inalámbricos (WSN) para alimentar sistemas informáticos de incipientes ciudades inteligentes con datos metropolitanos. En las futuras ciudades inteligentes, la tecnología WSN tendrá una presencia masiva en las calles, y la operación de los servicios municipales se basará en gran medida en los datos recopilados con esta tecnología. Sin embargo, desde un punto de vista de seguridad de la información, las WSN pueden tener fallos y pueden ser el objetivo de muchos tipos diferentes de ataques. Por lo tanto, esto plantea preocupaciones sobre la fiabilidad de esta tecnología en un contexto de ciudad inteligente. Tradicionalmente, se han propuesto medidas de seguridad en WSNs para proteger protocolos específicos en un entorno con control total de una sola red. Este enfoque no es válido para ciudades inteligentes, ya que múltiples proveedores externos implementan una gran cantidad de WSN con diferentes requisitos de seguridad. Por lo tanto, se debe adoptar una nueva perspectiva de seguridad para proteger las WSNs en ciudades inteligentes. En este artículo proponemos un marco de detección de intrusiones y un esquema de clasificación de ataques para ayudar a los administradores de ciudades inteligentes a delimitar los ataques más plausibles y señalar los componentes y los proveedores afectados por incidentes. Demostramos el uso del esquema de clasificación proporcionando una prueba de concepto basada en un ataque simulado de reenvío selectivo que afecta a un estacionamiento y un sonido WSN.Les zones urbanes de tot el món estan poblant els seus carrers amb xarxes de sensors sense fils (WSN) per alimentar sistemes informàtics d'incipients ciutats intel·ligents amb dades metropolitans. A les futures ciutats intel·ligents, la tecnologia WSN tindrà una presència massiva als carrers, i l'operació dels serveis municipals es basarà en gran mesura en les dades recopilades amb aquesta tecnologia. No obstant això, des d'un punt de vista de seguretat de la informació, les WSN poden tenir errors i poden ser l'objectiu de molts tipus diferents d'atacs. Per tant, això planteja preocupacions sobre la fiabilitat d'aquesta tecnologia en un context de ciutat intel·ligent. Tradicionalment, s'han proposat mesures de seguretat en xarxes de sensors sense fils per protegir protocols específics en un entorn amb control total d'una sola xarxa. Aquest enfocament no és vàlid per a ciutats intel·ligents, ja que múltiples proveïdors externs implementen una gran quantitat de WSN amb diferents requisits de seguretat. Per tant, s'ha d'adoptar una nova perspectiva de seguretat per protegir les WSNs en ciutats intel·ligents. En aquest article proposem un marc de detecció d'intrusions i un esquema de classificació d'atacs per ajudar els administradors de ciutats intel·ligents a delimitar els atacs més plausibles i assenyalar els components i els proveïdors afectats per incidents. Demostrem l'ús de l'esquema de classificació proporcionant una prova de concepte basada en un atac simulat de reenviament selectiu que afecta un estacionament i un so WSN