Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Design and Evaluation of Decision Making Algorithms for Information Security

The evaluation and learning of classifiers is of particular importance in several computer security applications such as intrusion detection systems (IDSs), spam filters, and watermarking of documents for fingerprinting or traitor tracing. There are however relevant considerations that are sometimes ignored by researchers that apply machine learning techniques for security related problems. In this work we identify and work on two problems that seem prevalent in security-related applications. The first problem is the usually large class imbalance between normal events and attack events. We address this problem with a unifying view of different proposed metrics, and with the introduction of Bayesian Receiver Operating Characteristic (B-ROC) curves. The second problem to consider is the fact that the classifier or learning rule will be deployed in an adversarial environment. This implies that good performance on average might not be a good performance measure, but rather we look for good performance under the worst type of adversarial attacks. We work on a general methodology that we apply for the design and evaluation of IDSs and Watermarking applications

A Survey on Privacy Preserving Data Aggregation Protocols forWireless Sensor Networks

The data aggregation is a widely used mechanism in Wireless Sensor Networks (WSNs) to increase lifetime of a sensor node, send robust information by avoiding redundant data transmission to the base station. The privacy preserving data aggregation is a challenge in wireless communication medium as it could be eavesdropped; however it enhances the security without compromising energy efficiency. Thus the privacy protecting data aggregation protocols aims to prevent the disclosure of individual data though an adversary intercept a link or compromise a node’s data. We present a study of different privacy preserving data aggregation techniques used in WSNs to enhance energy and security based on the types of nodes in the network, topology and encryptions used for data aggregation.</p

Secure protocols for wireless availability

Since wireless networks share a communication medium, multiple transmissions on the same channel cause interference to each other and degrade the channel quality, much as multiple people talking at the same time make for inefficient meetings. To avoid transmission collision, the network divides the medium into multiple orthogonal channels (by interleaving the channel access in frequency or time) and often uses medium access control (MAC) to coordinate channel use. Alternatively (e.g., when the wireless users use the same physical channel), the network users can emulate such orthogonal channel access in processing by spreading and coding the signal. Building on such orthogonal access technology, this dissertation studies protocols that support the coexistence of wireless users and ensure wireless availability. In contrast to other studies focusing on improving the overall e fficiency of the network, I aim to achieve reliability at all times. Thus, to study the worst-case misbehavior, I pose the problem within a security framework and introduce an adversary who compromised the network and has insider access. In this dissertation, I propose three schemes for wireless availability: SimpleMAC, Ignore-False-Reservation MAC (IFR-MAC), and Redundancy O ffset Narrow Spectrum (RONS). SimpleMAC and IFR-MAC build on MAC protocols that utilize explicit channel coordination in control communication. SimpleMAC counters MAC-aware adversary that uses the information being exchanged at the MAC layer to perform a more power e fficient jamming attack. IFR-MAC nulli ffies the proactive attack of denial-of-service injection of false reservation control messages. Both SimpleMAC and IFR-MAC quickly outperform the Nash equilibrium of disabling MAC and converge to the capacity-optimal performance in worst-case failures. When the MAC fails to coordinate channel use for orthogonal access or in a single-channel setting (both cases of which, the attacker knows the exact frequency and time location of the victim's channel access), RONS introduces a physical-layer, processing-based technique for interference mitigation. RONS is a narrow spectrum technology that bypasses the spreading cost and eff ectively counters the attacker's information-theoretically optimal strategy of correlated jamming

Efficient Handling of Adversary Attacks in Aggregation Applications

Current approaches to handling adversary attacks against data aggregation in sensor networks either aim exclusively at the detection of aggregate data corruption or provide rather inefficient ways to identify the nodes captured by an adversary. In contrast, we propose a distributed algorithm for efficient identification of captured nodes over a constant number of rounds, for an arbitrary number of captured nodes. We formulate our problem as a combinatorial group testing problem and show that this formulation leads not only to efficient identification of captured nodes but also to a precise cost-based characterization of when in-network aggregation retains its assumed benefits in a sensor network operating under persistent attacks.This research was supported in part by US Army Research Laboratory and the UK Ministry of Defence under Agreement Number W911NF-06-3-0001 and by the US Army Research Office under Contract W911NF-07-1-0287 at the University of Maryland. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the US Army Research Laboratory, US Army Research Office, the U.S. Government, the UK Ministry of Defense, or the UK Government

State of the art in Wireless Mesh Networks - delivrable L3.01 - RNRT project "Airnet"

This delivrable presents a state of the art on management related issues in Wireless Mesh Networks. We describe existant work focusing on the five functional domains of the management plane: fault management, configuration management, accounting, performance and security

Secure and Private Data Aggregation in WSN

Data aggregation is an important efficiency mechanism for large scale, resource constrained networks such as wireless sensor networks (WSN). Security and privacy are central for many data aggregation applications: (1) entities make decisions based on the results of the data aggregation, so the entities need to be assured that the aggregation process and in particular the aggregate data they receive has not been corrupted (i.e., verify the integrity of the aggregation); (2) If the aggregation application has been attacked, then the attack must be handled efficiently; (3) the privacy requirements of the sensor network must be preserved. The nature of both wireless sensor networks and data aggregation make it particularly challenging to provide the desired security and privacy requirements: (1) sensors in WSN can be easily compromised and subsequently corrupted by an adversary since they are unmonitored and have little physical security; (2) a malicious aggregator node at the root of an aggregation subtree can corrupt not just its own value but also that of all the nodes in its entire aggregation subtree; (3) since sensors have limited resourced, it is crucial to achieve the security objectives while adopting only cheap symmetric-key based operations and minimizing communication cost. In this thesis, we first address the problem of efficient handling of adversarial attacks on data aggregation applications in WSN. We propose and analyze a detection and identification solution, presenting a precise cost-based characterization when in-network data aggregation retains its assumed benefits under persistent attacks. Second, we address the issue of data privacy in WSN in the context of data aggregation. We introduce and analyze the problem of privacy-preserving integrity-assured data aggregation (PIA) and show that there is an inherent tension between preservation of data privacy and secure data aggregation. Additionally, we look at the problem of PIA in publish-subscribe networks when there are multiple, collaborative yet competing subscribers

Reputation systems and secure communication in vehicular networks

A thorough review of the state of the art will reveal that most VANET applications rely on Public Key Infrastructure (PKI), which uses user certificates managed by a Certification Authority (CA) to handle security. By doing so, they constrain the ad-hoc nature of the VANET imposing a frequent connection to the CA to retrieve the Certificate Revocation List (CRL) and requiring some degree of roadside infrastructure to achieve that connection. Other solutions propose the usage of group signatures where users organize in groups and elect a group manager. The group manager will need to ensure that group members do not misbehave, i.e., do not spread false information, and if they do punish them, evict them from the group and report them to the CA; thus suffering from the same CRL retrieval problem. In this thesis we present a fourfold contribution to improve security in VANETs. First and foremost, Chains of Trust describes a reputation system where users disseminate Points of Interest (POIs) information over the network while their privacy remains protected. It uses asymmetric cryptography and users are responsible for the generation of their own pair of public and private keys. There is no central entity which stores the information users input into the system; instead, that information is kept distributed among the vehicles that make up the network. On top of that, this system requires no roadside infrastructure. Precisely, our main objective with Chains of Trust was to show that just by relying on people¿s driving habits and the sporadic nature of their encounters with other drivers a successful reputation system could be built. The second contribution of this thesis is the application simulator poiSim. Many¿s the time a new VANET application is presented and its authors back their findings using simulation results from renowned networks simulators like ns-2. The major issue with network simulators is that they were not designed with that purpose in mind and handling simulations with hundreds of nodes requires a massive processing power. As a result, authors run small simulations (between 50 and 100 nodes) with vehicles that move randomly in a squared area instead of using real maps, which rend unrealistic results. We show that by building tailored application simulators we can obtain more realistic results. The application simulator poiSim processes a realistic mobility trace produced by a Multi-agent Microscopic Traffic Simulator developed at ETH Zurich, which accurately describes the mobility patterns of 259,977 vehicles over regional maps of Switzerland for 24 hours. This simulation runs on a desktop PC and lasts approximately 120 minutes. In our third contribution we took Chains of Trust one step further in the protection of user privacy to develop Anonymous Chains of Trust. In this system users can temporarily exchange their identity with other users they trust, thus making it impossible for an attacker to know in all certainty who input a particular piece of information into the system. To the best of our knowledge, this is the first time this technique has been used in a reputation system. Finally, in our last contribution we explore a different form of communication for VANETs. The vast majority of VANET applications rely on the IEEE 802.11p/Wireless Access in Vehicular Environments (WAVE) standard or some other form of radio communication. This poses a security risk if we consider how vulnerable radio transmission is to intentional jamming and natural interferences: an attacker could easily block all radio communication in a certain area if his transmitter is powerful enough. Visual Light Communication (VLC), on the other hand, is resilient to jamming over a wide area because it relies on visible light to transmit information and ,unlike WAVE, it has no scalability problems. In this thesis we show that VLC is a secure and valuable form of communication in VANETs

SECURITY, PRIVACY AND APPLICATIONS IN VEHICULAR AD HOC NETWORKS

With wireless vehicular communications, Vehicular Ad Hoc Networks (VANETs) enable numerous applications to enhance traffic safety, traffic efficiency, and driving experience. However, VANETs also impose severe security and privacy challenges which need to be thoroughly investigated. In this dissertation, we enhance the security, privacy, and applications of VANETs, by 1) designing application-driven security and privacy solutions for VANETs, and 2) designing appealing VANET applications with proper security and privacy assurance. First, the security and privacy challenges of VANETs with most application significance are identified and thoroughly investigated. With both theoretical novelty and realistic considerations, these security and privacy schemes are especially appealing to VANETs. Specifically, multi-hop communications in VANETs suffer from packet dropping, packet tampering, and communication failures which have not been satisfyingly tackled in literature. Thus, a lightweight reliable and faithful data packet relaying framework (LEAPER) is proposed to ensure reliable and trustworthy multi-hop communications by enhancing the cooperation of neighboring nodes. Message verification, including both content and signature verification, generally is computation-extensive and incurs severe scalability issues to each node. The resource-aware message verification (RAMV) scheme is proposed to ensure resource-aware, secure, and application-friendly message verification in VANETs. On the other hand, to make VANETs acceptable to the privacy-sensitive users, the identity and location privacy of each node should be properly protected. To this end, a joint privacy and reputation assurance (JPRA) scheme is proposed to synergistically support privacy protection and reputation management by reconciling their inherent conflicting requirements. Besides, the privacy implications of short-time certificates are thoroughly investigated in a short-time certificates-based privacy protection (STCP2) scheme, to make privacy protection in VANETs feasible with short-time certificates. Secondly, three novel solutions, namely VANET-based ambient ad dissemination (VAAD), general-purpose automatic survey (GPAS), and VehicleView, are proposed to support the appealing value-added applications based on VANETs. These solutions all follow practical application models, and an incentive-centered architecture is proposed for each solution to balance the conflicting requirements of the involved entities. Besides, the critical security and privacy challenges of these applications are investigated and addressed with novel solutions. Thus, with proper security and privacy assurance, these solutions show great application significance and economic potentials to VANETs. Thus, by enhancing the security, privacy, and applications of VANETs, this dissertation fills the gap between the existing theoretic research and the realistic implementation of VANETs, facilitating the realistic deployment of VANETs