Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Integration of multimetric path management into 802.11S for telemedicine quality of service provision

The merits of 802.11s as the wireless mesh network standard provide a low cost and high independent scalability telemedicine infrastructure. However, challenges in degradation of performance as hops increase and the absence of Quality of Service (QoS) provision need to be resolved. Reliability and timely manner are important factors for successful telemedicine service. This research investigates the use of 802.11s for telemedicine services. A new model of 802.11s based on telemedicine infrastructure has been developed for this purpose. A non deterministic polynomial path selection is proposed to provide end-to-end QoS provisioning in 802.11s. A multi-metric called QoS Price metric is proposed as measurement of link quality. The QoS Price is derived from multi layers values that reflect telemedicine traffic requirement and resource availability of the network. The proposed solution has modified the path management of 802.11s and added resource allocation in distributed scheme. This modification and resource allocation improvement of 802.11s were given the designation medQoS-802.11s. MedQoS- 802.11s could provide a link guarantee of telemedicine traffic transmission in the selected path. MedQoS-802.11s had been tested using ns3 simulation and real environment testbed. The result has shown that medQoS-802.11s could achieve the traffic guarantee for almost 95% telemedicine traffic with 58% for the resource intensive diagnostic video traffic. It has also shown that the cost of link path overhead is efficient with the transmission overhead having an increment of 6% compared to the original 802.11s. The concurrent connection results for single time transmission shows that medQoS-802.11s has a significant increase of up to 12% traffic than original 802.11s. The testbed results have verified the QoS guarantee of the intended telemedicine traffic per transmission time. In summary, the reliability and time guarantee of medQoS has highly improved 802.11s to transmit telemedicine traffic

Heterogeneous Wireless Mesh Network Technology Evaluation for Space Proximity and Surface Applications

NASA has identified standardized wireless mesh networking as a key technology for future human and robotic space exploration. Wireless mesh networks enable rapid deployment, provide coverage in undeveloped regions. Mesh networks are also self-healing, resilient, and extensible, qualities not found in traditional infrastructure-based networks. Mesh networks can offer lower size, weight, and power (SWaP) than overlapped infrastructure-perapplication. To better understand the maturity, characteristics and capability of the technology, we developed an 802.11 mesh network consisting of a combination of heterogeneous commercial off-the-shelf devices and opensource firmware and software packages. Various streaming applications were operated over the mesh network, including voice and video, and performance measurements were made under different operating scenarios. During the testing several issues with the currently implemented mesh network technology were identified and outlined for future work

Design of a UMTS/GPRS Assisted Mesh Network (UAMN)

Wireless Mesh or multi-hop networks (WMNs) are well known thanks to its simplicity on deployment and the lack of infrastructure. These two advantages come with some drawbacks. WMNs have limitations with the support of Quality of Service (QoS), they do not assure coverage or even connectivity, and security, management and monitoring are not considered key requirements. In order to benefit of mesh networks and use them as an operator graded network, it is necessary to either improve mesh networks to fulfill all these requirements or use an alternative network that offers full availability, connectivity and security to assist the mesh network. Considering the two options, the second is the one selected making use of GPRS/UMTS as an assistant network. The document describes a set of requirements and the design of the functionalities needed to build an operator graded network using the cellular GPRS/UMTS. The aspects covered in the design are: security, quality of service, mobility, self configuration and optimization. The last point, optimization, is not directly involved with mesh networking, but it is an improvement easy to achieve when using a gateway node to access the Internet through a GPRS/UMTS connection. The design of the solution not only considers functionality, but also feasibility employing of the shelve elements. The mesh nodes and gateways are built on top of Linux operating system with the aim to reuse previous results and open source software. The final objective of the project is to build a usable system to be used as a proof of concept.Peer Reviewe

Efficient Security Protocols for Fast Handovers in Wireless Mesh Networks

Wireless mesh networks (WMNs) are gaining popularity as a flexible and inexpensive replacement for Ethernet-based infrastructures. As the use of mobile devices such as smart phones and tablets is becoming ubiquitous, mobile clients should be guaranteed uninterrupted connectivity and services as they move from one access point to another within a WMN or between networks. To that end, we propose a novel security framework that consists of a new architecture, trust models, and protocols to offer mobile clients seamless and fast handovers in WMNs. The framework provides a dynamic, flexible, resource-efficient, and secure platform for intra-network and inter-network handovers in order to support real-time mobile applications in WMNs. In particular, we propose solutions to the following problems: authentication, key management, and group key management. We propose (1) a suite of certificate-based authentication protocols that minimize the authentication delay during handovers from one access point to another within a network (intra-network authentication). (2) a suite of key distribution and authentication protocols that minimize the authentication delay during handovers from one network to another (inter-network authentication). (3) a new implementation of group key management at the data link layer in order to reduce the group key update latency from linear time (as currently done in IEEE 802.11 standards) to logarithmic time. This contributes towards minimizing the latency of the handover process for mobile members in a multicast or broadcast group

Routing for Flying Networks using Software-Defined Networking

Nos últimos anos, os Veículos Aéreos Não Tripulados (UAVs) estão a ser usados de forma crescente em inúmeras aplicações, tanto militares como civis. A sua miniaturização e o preço reduzido abriram o caminho para o uso de enxames de UAVs, que permitem melhores resultados na realização de tarefas em relação a UAVs independentes. Contudo, para permitir a cooperação entre UAVs, devem ser asseguradas comunicações contínuas e fiáveis.Além disso, os enxames de UAVs foram identificados pela comunidade científica como meio para permitir o acesso à Internet a utilizadores terrestres em cenários como prestação de socorros e Eventos Temporários Lotados (TCEs), tirando partido da sua capacidade para transportar Pontos de Acesso (APs) Wi-Fi e células Long-Term Evolution (LTE). Soluções que dependem de uma Estação de Controlo (CS) capaz de posicionar os UAVs de acordo com as necessidades de tráfego dos utilizadores demonstraram aumentar a Qualidade de Serviço (QoS) oferecida pela rede. No entanto, estas soluções introduzem desafios importantes no que diz respeito ao encaminhamento do tráfego.Recentemente, foi proposta uma solução que tira partido do conhecimento da CS sobre o estado futuro da rede para atualizar dinamicamente as tabelas de encaminhamento de modo a que as ligações na rede voadora não sejam interrompidas, em vez de se recuperar da sua interrupção, como é o caso na maioria dos protocolos de encaminhamento existentes. Apesar de não considerar o impacto das reconfigurações na rede de acesso, como consequência da mobilidade dos APs, ou o balanceamento da carga na rede, esta abordagem é promissora e merece ser desenvolvida e implementada num sistema real.Esta dissertação tem como foco a implementação de um protocolo de encaminhamento para redes voadoras baseado em Software-Defined Networking (SDN). Especificamente, aborda os problemas de mobilidade e de balanceamento da carga na rede de uma perspetiva centralizada, garantindo simultaneamente comunicações ininterruptas e de banda-larga entre utilizadores terrestres e a Internet, permitindo assim que os UAVs se possam reposicionar e reconfigurar sem interferir com as ligações dos terminais à rede.In recent years, Unmanned Aerial Vehicles (UAVs) are being increasingly used in various applications, both military and civilian. Their miniaturisation and low cost paved the way to the usage of swarms of UAVs, which provide better results when performing tasks compared to single UAVs. However, to enable cooperation between the UAVs, always-on and reliable communications must be ensured.Moreover, swarms of UAVs are being targeted by the scientific community as a way to provide Internet access to ground users in scenarios such as disaster reliefs and Temporary Crowded Events (TCEs), taking advantage of the capability of UAVs to carry Wi-Fi Access Points (APs) or Long-Term Evolution (LTE) cells. Solutions relying on a Control Station (CS) capable of positioning the UAVs according to the users' traffic demands have been shown to improve the Quality of Service (QoS) provided by the network. However, they introduce important challenges regarding network routing.Recently, a solution was proposed to take advantage of the knowledge provided by a CS regarding how the network will change, by dynamically updating the forwarding tables before links in the flying network are disrupted, rather than recovering from link failure, as is the case in most of the existing routing protocols. Although it does not consider the impact of reconfigurations on the access network due to the mobility of the APs, it is a promising approach worthy of being improved and implemented in a real system.This dissertation focuses on implementing a routing solution for flying networks based on Software-Defined Networking (SDN). Specifically, it addresses the mobility management and network load balancing issues from a centralised perspective, while simultaneously enabling uninterruptible and broadband communications between ground users and the Internet, thus allowing UAVs to reposition and reconfigure themselves without interfering with the terminals' connections to the network

Secure and seamless prepayment for wireless mesh networks

Wireless Mesh Network (WMN) is multi-hop high-speed networking technology for broadband access. Compared to conventional network service providing systems, WMNs are easy to deploy and cost-effective. In this thesis, we propose a secure and seamless prepayment system for the Internet access through WMNs (SSPayWMN). Practical payment systems for network access generally depend on trustworthiness of service provider. However, in real life, service providers may unintentionally overcharge their clients. This misbehavior in the system may cause disputes between the clients and the service providers. Even if the service provider is rightful, it is very difficult to convince the customer since the service providers generally do not have justifiable proofs that can easily be denied by the clients. The main goal of SSPayWMN is to provide a secure payment scheme, which is fair to both operators and clients. Using cryptographic tools and techniques, all system entities are able to authenticate each other and provide/get service in an undeniable way. Moreover, SSPayWMN provides privacy and untraceability in order not to track down particular user’s network activities. We implemented SSPayWMN on a network simulator (ns-3) and performed performance evaluation to understand the latency caused by the system's protocols. Our results show that our protocols achieve low steady state latency and in overall put very little burden on the system