Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Secure and Privacy-Preserving Authentication Protocols for Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation wireless networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to service providers. As WMNs become an increasingly popular replacement technology for last-mile connectivity to the home networking, community and neighborhood networking, it is imperative to design efficient and secure communication protocols for these networks. However, several vulnerabilities exist in currently existing protocols for WMNs. These security loopholes can be exploited by potential attackers to launch attack on WMNs. The absence of a central point of administration makes securing WMNs even more challenging. The broadcast nature of transmission and the dependency on the intermediate nodes for multi-hop communications lead to several security vulnerabilities in WMNs. The attacks can be external as well as internal in nature. External attacks are launched by intruders who are not authorized users of the network. For example, an intruding node may eavesdrop on the packets and replay those packets at a later point of time to gain access to the network resources. On the other hand, the internal attacks are launched by the nodes that are part of the WMN. On example of such attack is an intermediate node dropping packets which it was supposed to forward. This chapter presents a comprehensive discussion on the current authentication and privacy protection schemes for WMN. In addition, it proposes a novel security protocol for node authentication and message confidentiality and an anonymization scheme for privacy protection of users in WMNs.Comment: 32 pages, 10 figures. The work is an extended version of the author's previous works submitted in CoRR: arXiv:1107.5538v1 and arXiv:1102.1226v

A Framework for the Self-Configuration of Wireless Mesh Networks

The use of wireless radio technology is well established for narrowband access systems, but its use for broadband access is relatively new. Wireless mesh architecture is a first step towards providing high-bandwidth wireless network coverage, spectral efficiency, and economic advantage. However, the widespread adoption and use of Wireless Mesh Networks (WMN) as a backbone for large wireless access networks and for last-mile subscriber access is heavily dependent on the technology’s ease of deployment. In order for WMNs to be regarded as mainstream technology, it needs to gain a competitive edge compared to wireline technologies such as DSL and cable. To achieve this, a broadband wireless network must be self-configuring, self-healing and self-organizing. In this thesis, we address these challenges. First, we propose a four-stage scheme (power-up, bootstrapping, network registration, and network optimization). We develop algorithms for each of these stages, taking advantage of the inherent properties of WMNs to determine the network’s topology. The novel part of our scheme is in the de-coupling of the subscriber’s credentials from the network hardware. This is a key part of our architecture as it helps ensure quick network enrolment, management and portability. It also helps, in our opinion, make the concept of widespread deployment using commodity hardware feasible

Securing Wireless Mesh Networks

Using wireless mesh networks to offer Internet connectivity is becoming a popular choice for wireless Internet service providers as it allows fast, easy, and inexpensive network deployment. However, security in WMNs is still in its infancy as very little attention has been devoted thus far to this topic by the research community. In this article we describe the specifics of WMNs and identify three fundamental network operations that need to be secured

A secure prepaid micropayment scheme for wireless mesh networks

Wireless Mesh Network (WMN) is an evolving multi-hop, ubiquitous and high speed networking technology. In this thesis, we proposed a secure micropayment scheme for network access in WMNs. The main motivation is that the operators are not considered as fully trusted entities in our scheme; the clients control their balance with their operators. In this way, none of the system entities can behave dishonestly about the amount of services provided and obtained. Our proposed payment scheme is a prepaid one. The users obtain connection cards for getting service. Connection card issuer, which is a trusted third party, generates the connection cards. Each connection card includes tokens. These tokens are generated as a hash chain which is obtained by hashing an initial value (IV) several times. Hash functions are one way and irreversible cryptographic functions. The tokens are consumed backwards. Therefore, it is not feasible to generate unused tokens from an already used token. This property is the main enabler for the security of our scheme. We have conducted simulations for performance evaluation of the proposed scheme. Our results show that in a network with 300 clients, the average authentication completion time becomes less than 1 second even if all the clients send their connection request at the same time

Efficient Security Protocols for Fast Handovers in Wireless Mesh Networks

Wireless mesh networks (WMNs) are gaining popularity as a flexible and inexpensive replacement for Ethernet-based infrastructures. As the use of mobile devices such as smart phones and tablets is becoming ubiquitous, mobile clients should be guaranteed uninterrupted connectivity and services as they move from one access point to another within a WMN or between networks. To that end, we propose a novel security framework that consists of a new architecture, trust models, and protocols to offer mobile clients seamless and fast handovers in WMNs. The framework provides a dynamic, flexible, resource-efficient, and secure platform for intra-network and inter-network handovers in order to support real-time mobile applications in WMNs. In particular, we propose solutions to the following problems: authentication, key management, and group key management. We propose (1) a suite of certificate-based authentication protocols that minimize the authentication delay during handovers from one access point to another within a network (intra-network authentication). (2) a suite of key distribution and authentication protocols that minimize the authentication delay during handovers from one network to another (inter-network authentication). (3) a new implementation of group key management at the data link layer in order to reduce the group key update latency from linear time (as currently done in IEEE 802.11 standards) to logarithmic time. This contributes towards minimizing the latency of the handover process for mobile members in a multicast or broadcast group

Secure Incentives to Cooperate for Wireless Networks

The operating principle of certain wireless networks makes essential the cooperation between the mobile nodes. However, if each node is an autonomous selfish entity, cooperation is not guaranteed and therefore we need to use incentive techniques. In this thesis, we study cooperation in three different types of networks: WiFi networks, Wireless Mesh Networks (WMNs), and Hybrid Ad-hoc networks. Cooperation has a different goal for each of these networks, we thus propose incentive mechanisms adapted to each case. In the first chapter of this thesis, we consider WiFi networks whose wide-scale adoption is impeded by two major hurdles: the lack of a seamless roaming scheme and the variable QoS experienced by the users. We devise a reputation-based solution that (i) allows a mobile node to connect to a foreign Wireless ISP in a secure way while preserving his anonymity and (ii) encourages the WISPs to cooperate, i.e., to provide the mobile clients with a good QoS. Cooperation appears here twofold: First, the mobile clients have to collaborate in order to build and maintain the reputation system and second, the use of this reputation system encourages the WISPs to cooperate. We show, by means of simulations, that our reputation model indeed encourages the WISPs to behave correctly and we analyze the robustness of our solution against various attacks. In the second chapter of the thesis, we consider Wireless Mesh Networks (WMNs), a new and promising paradigm that uses multi-hop communications to extend WiFi networks. Indeed, by connecting only one hot spot to the Internet and by deploying several Transit Access Points (TAPs), a WISP can extend its coverage and serve a large number of clients at a very low cost. We analyze the characteristics of WMNs and deduce three fundamental network operations that need to be secured: (i) the routing protocol, (ii) the detection of corrupt TAPs and (iii) the enforcement of a proper fairness metric in WMNs. We focus on the fairness problem and propose FAME, an adaptive max-min fair resource allocation mechanism for WMNs. FAME provides a fair, collision-free capacity use of the WMN and automatically adjusts to the traffic demand fluctuations of the mobile clients. We develop the foundations of the mechanism and demonstrate its efficiency by means of simulations. We also experimentally assess the utility of our solution when TAPs are equipped with directional antennas and distinct sending and receiving interfaces in the Magnets testbed deployed in Berlin. In the third and last chapter of this thesis, we consider Hybrid Ad-hoc networks, i.e., infrastructured networks that are extended using multi-hop communications. We propose a secure set of protocols to encourage the most fundamental operation in these networks, namely packet forwarding. This solution is based on a charging and rewarding system. We use "MAC layering" to reduce the space overhead in the packets and a stream cipher encryption mechanism to provide "implicit authentication" of the nodes involved in the communication. We analyze the robustness of our protocols against rational and malicious attacks. We show that the use of our solution makes cooperation rational for selfish nodes. We also show that our protocols thwart rational attacks and detect malicious attacks

Current challenges and future trends in the field of communication architectures for microgrids

[EN] The concept of microgrid has emerged as a feasible answer to cope with the increasing number of distributed renewable energy sources which are being introduced into the electrical grid. The microgrid communication network should guarantee a complete and bidirectional connectivity among the microgrid resources, a high reliability and a feasible interoperability. This is in a contrast to the current electrical grid structure which is characterized by the lack of connectivity, being a centralized-unidirectional system. In this paper a review of the microgrids information and communication technologies (ICT) is shown. In addition, a guideline for the transition from the current communication systems to the future generation of microgrid communications is provided. This paper contains a systematic review of the most suitable communication network topologies, technologies and protocols for smart microgrids. It is concluded that a new generation of peer-to-peer communication systems is required towards a dynamic smart microgrid. Potential future research about communications of the next microgrid generation is also identified.This work is supported by the Spanish Ministry of Economy and Competitiveness (MINECO) and the European Regional Development Fund (ERDF) under Grant ENE2015-64087-C2-2. This work is supported by the Spanish Ministry of Economy and Competitiveness (MINECO) under grant BES-2013-064539.Marzal-Romeu, S.; Salas-Puente, RA.; González Medina, R.; Garcerá, G.; Figueres Amorós, E. (2018). Current challenges and future trends in the field of communication architectures for microgrids. Renewable and Sustainable Energy Reviews. 82(2):3610-3622. https://doi.org/10.1016/j.rser.2017.10.101S3610362282