Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

InShopnito: an advanced yet privacy-friendly mobile shopping application

Mobile Shopping Applications (MSAs) are rapidly gaining popularity. They enhance the shopping experience, by offering customized recommendations or incorporating customer loyalty programs. Although MSAs are quite effective at attracting new customers and binding existing ones to a retailer's services, existing MSAs have several shortcomings. The data collection practices involved in MSAs and the lack of transparency thereof are important concerns for many customers. This paper presents inShopnito, a privacy-preserving mobile shopping application. All transactions made in inShopnito are unlinkable and anonymous. However, the system still offers the expected features from a modern MSA. Customers can take part in loyalty programs and earn or spend loyalty points and electronic vouchers. Furthermore, the MSA can suggest personalized recommendations even though the retailer cannot construct rich customer profiles. These profiles are managed on the smartphone and can be partially disclosed in order to get better, customized recommendations. Finally, we present an implementation called inShopnito, of which the security and performance is analyzed. In doing so, we show that it is possible to have a privacy-preserving MSA without having to sacrifice practicality

A novel e-voting system with diverse security features

Internet-based E-voting systems can offer great benefits over traditional voting machines in areas, such as protecting voter and candidate privacy, providing accurate vote counting, preventing voter fraud, and shortening the time of vote counting. This dissertation introduces, establishes and improves Internet-based E-voting systems on various aspects of the voting procedure. In addition, our designs also enable voters to track their votes which is a very important element in any elections. Our novel Internet-based E-voting system is based on the following realistic assumptions: (1) The election authorities are not 100% trustworthy; (2) The E-voting system itself is not 100% trustworthy; (3) Every voter is not 100% trustworthy. With these three basic assumptions, we can form mutual restrictions on each party, and secure measurements of the election will not be solely determined and influenced by any one of them. The proposed scheme, referred to as Time-lock algorithm based E-voting system with Ring signature and Multi-part form (TERM), is demonstrated to achieve the goal of keeping votes confidential and voters anonymous, as well as reducing the risk of leaking the voters’ identities during the election. In addition, TERM can prevent any possible clash attack, such as manipulating voting results or tampering voters’ original votes by malicious election authorities or hackers. The security performance analysis also shows that TERM provides outstanding measurements to secure the candidates’ manifest on each type of ballots during the whole election duration. TERM provides a roadmap for future fair elections via Internet