Contribution to securing wireless mesh networks

A wireless mesh network (WMN) comprises of mesh access points (MAPs)/mesh routers and mesh clients (MCs), where MAPs are normally static and they form the backbone of WMNs. MCs are wireless devices and dynamic in nature, communicating among themselves over possibly multi-hop paths, with or without the help of MAPs. Security has been a primary concern in order to provide protected communication in WMNs due to the open peer-to-peer network topology, shared wireless medium, stringent resource constraints and highly dynamic environment. These challenges clearly make a case for building multi-layer security solution that achieves both wide-range protection and desirable network performance. In this thesis, we attempt to provide necessary security features to WMNs routing operations in an efficient manner. To achieve this goal, first we will review the literature about the WMNs in detail, like WMN’s architecture, applications, routing protocols, security requirements. Then, we will propose two different secure routing protocols for WMNs which provide security in terms of routing, data and users as well. The first protocol is a cross-layer secure protocol for routing, data exchange and Address Resolution Protocol (ARP) problems (in case of LAN based upon WMNs). Our protocol is a ticket-based ad hoc on demand distance vector (TAODV) protocol, a secure routing protocol that is based on the design of the Ad Hoc on demand distance vector (AODV) protocol. Due to the availability of a backbone, we incorporate the Authentication Server (AS) for the issuance of tickets which are further used for secure routing, transfer of public keys and MAC addresses in one single step. By incorporating the public keys, source and destination can easily generate their shared secret key based upon Fixed Diffie-Hellman key exchange protocol for data encryption and decryption. Our protocol is secure against both active as well as passive attacks. The second proposed protocol is to “achieve user anonymity in WMNs”. This protocol is also ticket-based protocol. The ticket is issued by Network Operator (NO) which provides user anonymity, user authentication and data confidentiality/privacy throughout the WMN. Our protocol is inspired by the blind Nyberg-Rueppel digital signature scheme. In this protocol NO issues tickets to valid users only and these users can then use these tickets to access Internet or to access services provided by Internet Gateway (IGW). IGW can only verify these tickets whether tickets are valid or not but can not check “Identity of ticket holder”. This way, user anonymity has been achieved along with user authentication and data privacy throughout WMN

Securing Wireless Mesh Networks

Using wireless mesh networks to offer Internet connectivity is becoming a popular choice for wireless Internet service providers as it allows fast, easy, and inexpensive network deployment. However, security in WMNs is still in its infancy as very little attention has been devoted thus far to this topic by the research community. In this article we describe the specifics of WMNs and identify three fundamental network operations that need to be secured

Securing Remote Access Inside Wireless Mesh Networks

Wireless mesh networks (WMNs) that are being increasingly deployed in communities and public places provide a relatively stable routing infrastructure and can be used for diverse carrier-managed services. As a particular example we consider the scenario where a mobile device initially registered for the use with one wireless network (its home network) moves to the area covered by another network inside the same mesh. The goal is to establish a secure access to the home network using the infrastructure of the mesh. Classical mechanisms such as VPNs can protect end-to-end communication between the mobile device and its home network while remaining transparent to the routing infrastructure. In WMNs this transparency can be misused for packet injection leading to the unnecessary consumption of the communication bandwidth. This may have negative impact on the cooperation of mesh routers which is essential for the connection establishment. In this paper we describe how to establish remote connections inside WMNs while guaranteeing secure end-to-end communication between the mobile device and its home network and secure transmission of the corresponding packets along the underlying multi-hop path. Our solution is a provably secure, yet lightweight and round-optimal remote network access protocol in which intermediate mesh routers are considered to be part of the security architecture. We also sketch some ideas on the practical realization of the protocol using known standards and mention extensions with regard to forward secrecy, anonymity and accounting

Security of a Mesh Potato Network in Ad Hoc Mode

Wireless Mesh Networks can provide low cost and reliable community-owned connectivity in developing rural areas. A rural community can use mesh networks to access a wide range of modern information and communication technologies, and as such, protection of these networks from malicious behavior is very important. While there has been work into securing mesh networks, almost none of it has been applied within the Village Telco, or mesh potato, arena. It is against this background that this paper advocates the investigation of security weaknesses of and solutions for mesh potato networks by intervening with a particular security set-up of the mesh potatoes used in the deployment of a rural community wireless mesh network in Mankosi Community located in the Eastern Cape Province in South Africa. These devices currently have no protection in ad hoc mode. This work in progress paper describes how we plan to provide and test security for this mesh.Telkom, Cisco, Aria Technologies, THRIPDepartment of HE and Training approved lis

Securing End-to-End Wireless Mesh Networks Ticket-Based Authentication

Hybrid wireless mesh network (WMN) consists of two types of nodes: Mesh Routers which are relatively static and energy-rich devices, and Mesh Clients which are relatively dynamic and power constrained devices. In this paper we present a new model for WMN end-to-end security which divide authentication process into two phases: Mesh Access Point phase which based on asymmetric cryptography and Mesh Client phase which based on a server-side certificate such as EAP-TTLS and PEAP

Securing End-to-End Wireless Mesh Networks Ticket-Based Authentication.

Hybrid wireless mesh network (WMN) consists of twotypes of nodes: Mesh Routers which are relatively static andenergy-rich devices, and Mesh Clients which are relativelydynamic and power constrained devices. In this paper we presenta new model for WMN end-to-end security which divideauthentication process into two phases: Mesh Access Point phasewhich based on asymmetric cryptography and Mesh Client phasewhich based on a server-side certificate such as EAP-TTLSand PEAP

Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

SWMPT: Securing Wireless Mesh Networks Protocol Based on Ticket Authentication

Wireless mesh network (WMN) consists of two parts: mesh access points which are relatively static and energy-rich devices, and mesh clients which are relatively dynamic and power constrained. In this paper, we present a new model for WMN end-to-end security which divides authentication process into two phases: Mesh Access Point which is based on asymmetric cryptography and Mesh Client which is based on a server-side certificate such as EAP-TTLS

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio