Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Intelligent Intrusion Detection of Grey Hole and Rushing Attacks in Self-Driving Vehicular Networks

Vehicular ad hoc networks (VANETs) play a vital role in the success of self-driving and semi self-driving vehicles, where they improve safety and comfort. Such vehicles depend heavily on external communication with the surrounding environment via data control and Cooperative Awareness Messages (CAMs) exchanges. VANETs are potentially exposed to a number of attacks, such as grey hole, black hole, wormhole and rushing attacks. This work presents an intelligent Intrusion Detection System (IDS) that relies on anomaly detection to protect the external communication system from grey hole and rushing attacks. These attacks aim to disrupt the transmission between vehicles and roadside units. The IDS uses features obtained from a trace file generated in a network simulator and consists of a feed-forward neural network and a support vector machine. Additionally, the paper studies the use of a novel systematic response, employed to protect the vehicle when it encounters malicious behaviour. Our simulations of the proposed detection system show that the proposed schemes possess outstanding detection rates with a reduction in false alarms. This safe mode response system has been evaluated using four performance metrics, namely, received packets, packet delivery ratio, dropped packets and the average end to end delay, under both normal and abnormal conditions

Naïve Bayes Classifier to Mitigate the DDoS Attacks Severity in Ad-Hoc Networks

Ad-Hoc networks are becoming more popular due to their unique characteristics. As there is no centralized control, these networks are more vulnerable to various attacks, out of which Distributed Denial of Service (DDoS) attacks are considered as more severe attacks. DDoS attack detection and mitigation is still a challenging issue in Ad-Hoc Networks. The existing solutions consider the fixed or dynamic threshold value to detect the DDoS attacks without any trained data, and very few existing solutions use machine learning algorithms to detect these attacks. However, existing solutions are inefficient to handle when DDoS attackers’ perform this attack through bursty traffic, packet size, and fake packets flooding. We have proposed DDoS attack severity mitigation solution. Out DDoS mitigation solution consists of new network node authentication module and naïve bayes classifier module to detect and isolate the DDoS attack traffic patterns. Our simulation results show that naïve bayes DDoS attack traffic classification out performs in the hostile environment and secure the legitimate traffic from DDoS attack

On the detection of grey hole and rushing attacks in self-driving vehicular networks

Vehicular ad hoc networks play an important role in the success of a new class of vehicles, i.e. self-driving and semi self-driving vehicles. These networks provide safety and comfort to passengers, drivers and vehicles themselves. These vehicles depend heavily on external communication to predicate the surrounding environment through the exchange of cooperative awareness messages (CAMs) and control data. VANETs are exposed to many types of attacks such as black hole, grey hole and rushing attacks. In this paper, we present an intelligent Intrusion Detection System (IDS) which relies on anomaly detection to protect external communications from grey hole and rushing attacks. Many researchers agree that grey hole attacks in VANETs are a substantial challenge due to them having their distinct types of behaviour: normal and abnormal. These attacks try to prevent transmission between vehicles and roadside units and have a direct and negative impact on the wide acceptance of this new class of vehicles. The proposed IDS is based on features that have been extracted from a trace file generated in a network simulator. In our paper, we used a feed-forward neural network and a support vector machine for the design of the intelligent IDS. The proposed system uses only significant features extracted from the trace file. Our research, concludes that a reduction in the number of features leads to a higher detection rate and a decrease in false alarms

Traffic engineering multi-layer optimization for wireless mesh network transmission a campus network routing protocol transmission performance inhancement

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel UniversityThe wireless mesh network is a potential network for the future due to its excellent inherent characteristic for dynamic self-healing, self-configuration and self-organization. It also has the advantage of easy interoperability networking and the ability to form multi-linked ad-hoc networks. It has a decentralized topology, is cheap and highly scalable. Furthermore, its ease in deployment and easy maintenance are other inherent networking qualities. These aforementioned qualities of the wireless mesh network bring advantages to transmission capability of heterogeneous networks. However, transmissions in wireless mesh network create comparative performance based challenges such as congestion, load-balancing, scalability over increasing networks and coverage capacity. Consequently, these challenges and problems in the routing and switching of packets in the wireless mesh network routing protocols led to a proposal on the resolution of these failures with a combination algorithm and a management based security for the network and its transmitted packets. There are equally contentious services like reliability of the network and quality of service for real-time multimedia traffic flows with other challenges such as path computation and selection in the wireless mesh network. This thesis is therefore a cumulative proposal to the resolution of the outlined challenges and open research areas posed by using wireless mesh network routing protocol. It advances the resolution of these challenges in the mesh environment using a hybrid optimization – traffic engineering, to increase the effectiveness and the reliability of the network. It also proffers a cumulative resolution of the diverse contributions on wireless mesh network routing protocol and transmission. Adaptation and optimization are carried out on the wireless mesh network designed network using traffic engineering mechanism and technique. The research examines the patterns of mesh packet transmission and evaluates the challenges and failures in the mesh network packet transmission. It develops a solution based algorithm for resolutions and proposes the traffic engineering based solution.. These resultant performances and analysis are usually tested and compared over wireless mesh IEEE802.11n or other older proposed documented solution. This thesis used a carefully designed campus mesh network to show a comparative evaluation of an optimal performance of the mesh nodes and routers over a normal IEE802.11n based wireless domain network to show differentiation by optimization using the created algorithms. Furthermore, the indexes of performance being the metric are used to measure the utility and the reliability, including capacity and throughput at the destination during traffic engineered transmission. In addition, the security of these transmitted data and packets are optimized under a traffic engineered technique. Finally, this thesis offers an understanding to the security contribution using traffic engineering resolution to create a management algorithm for processing and computation of the wireless mesh networks security needs. The results of this thesis confirmed, completed and extended the existing predictions with real measurement

Intelligent intrusion detection in external communication systems for autonomous vehicles

Self-driving vehicles are known to be vulnerable to different types of attacks due to the type of communication systems which are utilized in these vehicles. These vehicles are becoming more reliant on external communication through vehicular ad hoc networks. However, these networks contribute new threats to self-driving vehicles which lead to potentially significant problems in autonomous systems. These communication systems potentially open self-driving vehicles to malicious attacks like the common Sybil attacks, black hole, Denial of Service, wormhole attacks and grey hole attacks. In this paper, an intelligent protection mechanism is proposed, which was created to secure external communications for self-driving and semi-autonomous cars. The protection mechanism is based on the Proportional Overlapping Scores method, which allows to decrease the number of features found in the Kyoto benchmark dataset. This hybrid detection system uses Back Propagation neural networks to detect Denial of Service (DoS), a common type of attack in vehicular ad hoc networks. The results from our experiment revealed that the proposed intrusion detection has the ability to identify malicious vehicles in self-driving and even in semi-autonomous vehicles

Intrusion Tolerant Routing Protocols for Wireless Sensor Networks

This MSc thesis is focused in the study, solution proposal and experimental evaluation of security solutions for Wireless Sensor Networks (WSNs). The objectives are centered on intrusion tolerant routing services, adapted for the characteristics and requirements of WSN nodes and operation behavior. The main contribution addresses the establishment of pro-active intrusion tolerance properties at the network level, as security mechanisms for the proposal of a reliable and secure routing protocol. Those properties and mechanisms will augment a secure communication base layer supported by light-weigh cryptography methods, to improve the global network resilience capabilities against possible intrusion-attacks on the WSN nodes. Adapting to WSN characteristics, the design of the intended security services also pushes complexity away from resource-poor sensor nodes towards resource-rich and trustable base stations. The devised solution will construct, securely and efficiently, a secure tree-structured routing service for data-dissemination in large scale deployed WSNs. The purpose is to tolerate the damage caused by adversaries modeled according with the Dolev-Yao threat model and ISO X.800 attack typology and framework, or intruders that can compromise maliciously the deployed sensor nodes, injecting, modifying, or blocking packets, jeopardizing the correct behavior of internal network routing processing and topology management. The proposed enhanced mechanisms, as well as the design and implementation of a new intrusiontolerant routing protocol for a large scale WSN are evaluated by simulation. For this purpose, the evaluation is based on a rich simulation environment, modeling networks from hundreds to tens of thousands of wireless sensors, analyzing different dimensions: connectivity conditions, degree-distribution patterns, latency and average short-paths, clustering, reliability metrics and energy cost

Study of Performance of Security Protocols in Wireless Mesh Network

Wireless Mesh Networks (WMNs) represent a good solution to providing wireless Internet connectivity in a sizable geographic area; this new and promising paradigm allows for network deployment at a much lower cost than with classic WiFi networks. Standards-based wireless access takes advantage of the growing popularity of inexpensive Wi-Fi clients,enabling new service opportunities and applications that improve user productivity and responsiveness. The deployment of WMNs, are suffered by : (i) All, the communications being wireless and therefore prone to interference, present severe capacity and delay constraints, (ii) The second reason that slows down the deployment of WMNs is the lack of security guarantees. Wireless mesh networks mostly susceptible to routing protocol threats and route disruption attacks. Most of these threats require packet injection with a specialized knowledge of the routing protocol; the threats to wireless mesh networks and are summarized as (i) External attacks: in which attackers not belonging to the network jam the communication or inject erroneous information, and (ii) Internal attacks: in which attackers are internal, compromised nodes that are difficult to be detected. The MAC layers of WMN are subjected to the attacks like Eavesdropping, Link Layer Jamming Attack, MAC Spoofing Attack, and Replay Attack. The attacks in Network Layer are: Control Plane Attacks, Data Plane Attacks, Rushing attack, Wormhole attack, and Black Hole Attack. In this project work we are concern with the threats related to Network layer of WMN based upon 802.11i and analysis the performance of secure routing protocols and their performance against the intrusion detection

Security of the Internet of Things: Vulnerabilities, Attacks and Countermeasures

Wireless Sensor Networks (WSNs) constitute one of the most promising third-millennium technologies and have wide range of applications in our surrounding environment. The reason behind the vast adoption of WSNs in various applications is that they have tremendously appealing features, e.g., low production cost, low installation cost, unattended network operation, autonomous and longtime operation. WSNs have started to merge with the Internet of Things (IoT) through the introduction of Internet access capability in sensor nodes and sensing ability in Internet-connected devices. Thereby, the IoT is providing access to huge amount of data, collected by the WSNs, over the Internet. Hence, the security of IoT should start with foremost securing WSNs ahead of the other components. However, owing to the absence of a physical line-of-defense, i.e., there is no dedicated infrastructure such as gateways to watch and observe the flowing information in the network, security of WSNs along with IoT is of a big concern to the scientific community. More specifically, for the application areas in which CIA (confidentiality, integrity, availability) has prime importance, WSNs and emerging IoT technology might constitute an open avenue for the attackers. Besides, recent integration and collaboration of WSNs with IoT will open new challenges and problems in terms of security. Hence, this would be a nightmare for the individuals using these systems as well as the security administrators who are managing those networks. Therefore, a detailed review of security attacks towards WSNs and IoT, along with the techniques for prevention, detection, and mitigation of those attacks are provided in this paper. In this text, attacks are categorized and treated into mainly two parts, most or all types of attacks towards WSNs and IoT are investigated under that umbrella: “Passive Attacks” and “Active Attacks”. Understanding these attacks and their associated defense mechanisms will help paving a secure path towards the proliferation and public acceptance of IoT technology