Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Fast Authentication in Multi-Hop Infrastructure-based Communication

Multi-hop infrastructure-based communication is expected to play a vital role in supporting high data-rate multimedia access to mobile devices. The advantages are significant in highly mobile scenarios such as intra-vehicular networks. However, mobile nodes in these networks suffer from long authentication delays, which adversely affect the goodput. In this work, we propose two techniques to shorten the initial authentication delay without compromising the authentication process and overall security. One of the techniques, called fast authentication, admits data traffic temporarily through the network to the gateway and the immediate parent node of the joining node presents network-side authentication. The other technique, called prefetch-assisted authentication, allows the authenticated wireless nodes to prefetch and store the authentication vectors of the potential mobile clients. We investigate several unique features of our proposed schemes and find their performance to be suitable for infrastructure-based multi-hop wireless communications

Solutions and Tools for Secure Communication in Wireless Sensor Networks

Secure communication is considered a vital requirement in Wireless Sensor Network (WSN) applications. Such a requirement embraces different aspects, including confidentiality, integrity and authenticity of exchanged information, proper management of security material, and effective prevention and reaction against security threats and attacks. However, WSNs are mainly composed of resource-constrained devices. That is, network nodes feature reduced capabilities, especially in terms of memory storage, computing power, transmission rate, and energy availability. As a consequence, assuring secure communication in WSNs results to be more difficult than in other kinds of network. In fact, trading effectiveness of adopted solutions with their efficiency becomes far more important. In addition, specific device classes or technologies may require to design ad hoc security solutions. Also, it is necessary to efficiently manage security material, and dynamically cope with changes of security requirements. Finally, security threats and countermeasures have to be carefully considered since from the network design phase. This Ph.D. dissertion considers secure communication in WSNs, and provides the following contributions. First, we provide a performance evaluation of IEEE 802.15.4 security services. Then, we focus on the ZigBee technology and its security services, and propose possible solutions to some deficiencies and inefficiencies. Second, we present HISS, a highly scalable and efficient key management scheme, able to contrast collusion attacks while displaying a graceful degradation of performance. Third, we present STaR, a software component for WSNs that secures multiple traffic flows at the same time. It is transparent to the application, and provides runtime reconfigurability, thus coping with dynamic changes of security requirements. Finally, we describe ASF, our attack simulation framework for WSNs. Such a tool helps network designers to quantitatively evaluate effects of security attacks, produce an attack ranking based on their severity, and thus select the most appropriate countermeasures

Fixed Cluster Based Cluster Head Selection Algorithm in Vehicular Adhoc Network

The emergence of Vehicular Adhoc Networks (VANETs) is expected support variety of applications for driver assistance, traffic efficiency and road safety. For proper transmission of messages in VANET, one of the proposed solutions is dividing the network into clusters and then selecting a cluster head (CH) in each cluster. This can decrease the communication overhead between road side units (RSUs) and other components of VANETs, because instead of every node communicating with RSU, only CH communicates with RSU and relays relevant messages. In clustering, an important step is the selection of CH. In this thesis, we implemented vehicle to vehicle (V2V), cluster head to road side unit and road side unit to trusted authority authentication for the clustered network. We also presented a heuristic algorithm for selecting a suitable vehicle as the cluster head in a cluster. For the selection of head vehicle, we used weighted fitness values based on three parameters; trust value, position from the cluster boundary and absolute relative average speed. Simulation results indicate that the proposed approach can lead to improvements in terms of QoS metrics like delay, throughput and packet delivery ratio

Different Security Mechanisms for Wireless Sensor Networks

In today’s world security becomes one of the important constraints in every research field. As increasing use of Wireless Sensor Networks (WSN) in various crucial applications security of wireless networks is becoming more important day by day. Today almost each and every important area makes use of wireless sensor networks. As Wireless Sensor Network is infrastructure-less network; data moves openly from one node to another thus it can be captured easily by attackers. To avoid data from being stolen security mechanism has to be applied. Many protocols are available for providing security on wireless network. We perform a detailed study of different security mechanisms used in sensor network against some criteria such as nature of algorithm, working, its benefits and some of the disadvantages of mechanism and also compare them

Secure and Authenticated Message Dissemination in Vehicular ad hoc Networks and an Incentive-Based Architecture for Vehicular Cloud

Vehicular ad hoc Networks (VANETs) allow vehicles to form a self-organized network. VANETs are likely to be widely deployed in the future, given the interest shown by industry in self-driving cars and satisfying their customers various interests. Problems related to Mobile ad hoc Networks (MANETs) such as routing, security, etc.have been extensively studied. Even though VANETs are special type of MANETs, solutions proposed for MANETs cannot be directly applied to VANETs because all problems related to MANETs have been studied for small networks. Moreover, in MANETs, nodes can move randomly. On the other hand, movement of nodes in VANETs are constrained to roads and the number of nodes in VANETs is large and covers typically large area. The following are the contributions of the thesis. Secure, authenticated, privacy preserving message dissemination in VANETs: When vehicles in VANET observe phenomena such as accidents, icy road condition, etc., they need to disseminate this information to vehicles in appropriate areas so the drivers of those vehicles can take appropriate action. When such messages are disseminated, the authenticity of the vehicles disseminating such messages should be verified while at the same time the anonymity of the vehicles should be preserved. Moreover, to punish the vehicles spreading malicious messages, authorities should be able to trace such messages to their senders when necessary. For this, we present an efficient protocol for the dissemination of authenticated messages. Incentive-based architecture for vehicular cloud: Due to the advantages such as exibility and availability, interest in cloud computing has gained lot of attention in recent years. Allowing vehicles in VANETs to store the collected information in the cloud would facilitate other vehicles to retrieve this information when they need. In this thesis, we present a secure incentive-based architecture for vehicular cloud. Our architecture allows vehicles to collect and store information in the cloud; it also provides a mechanism for rewarding vehicles that contributing to the cloud. Privacy preserving message dissemination in VANETs: Sometimes, it is sufficient to ensure the anonymity of the vehicles disseminating messages in VANETs. We present a privacy preserving message dissemination protocol for VANETs

Secure Cluster Head Sensor Elections Using Signal Strength Estimation and Ordered Transmissions

In clustered sensor networks, electing CHs (Cluster Heads) in a secure manner is very important because they collect data from sensors and send the aggregated data to the sink. If a compromised node is elected as a CH, it can illegally acquire data from all the members and even send forged data to the sink. Nevertheless, most of the existing CH election schemes have not treated the problem of the secure CH election. Recently, random value based protocols have been proposed to resolve the secure CH election problem. However, these schemes cannot prevent an attacker from suppressing its contribution for the change of CH election result and from selectively forwarding its contribution for the disagreement of CH election result. In this paper, we propose a modified random value scheme to prevent these disturbances. Our scheme dynamically adjusts the forwarding order of contributions and discards a received contribution when its signal strength is lower than the specified level to prevent these malicious actions. The simulation results have shown that our scheme effectively prevents attackers from changing and splitting an agreement of CH election result. Also, they have shown that our scheme is relatively energy-efficient than other schemes