Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

CRM: a new dynamic cross-layer reputation computation model in wireless networks

This is the author accepted manuscript. The final version is available from University Press (OUP) via the DOI in this record.Multi-hop wireless networks (MWNs) have been widely accepted as an indispensable component of next-generation communication systems due to their broad applications and easy deployment without relying on any infrastructure. Although showing huge benefits, MWNs face many security problems, especially the internal multi-layer security threats being one of the most challenging issues. Since most security mechanisms require the cooperation of nodes, characterizing and learning actions of neighboring nodes and the evolution of these actions over time is vital to construct an efficient and robust solution for security-sensitive applications such as social networking, mobile banking, and teleconferencing. In this paper, we propose a new dynamic cross-layer reputation computation model named CRM to dynamically characterize and quantify actions of nodes. CRM couples uncertainty based conventional layered reputation computation model with cross-layer design and multi-level security technology to identify malicious nodes and preserve security against internal multi-layer threats. Simulation results and performance analyses demonstrate that CRM can provide rapid and accurate malicious node identification and management, and implement the security preservation against the internal multi-layer and bad mouthing attacks more effectively and efficiently than existing models.The authors would like to thank anonymous reviewers and editors for their constructive comments. This work is supported by: 1. Changjiang Scholars and Innovative Research Team in University (IRT1078), 2. the Key Program of NSFC-Guangdong Union Foundation (U1135002), 3. National Natural Science Foundation of China (61202390), 4. Fujian Natural Science Foundation：2013J01222, 5. the open research fund of Key Lab of Broadband Wireless Communication and Sensor Network Technology (Nanjing University of Posts and Telecommunications, Ministry of Education)

Analysis of the security and reliability of packet transmission in Wireless Mesh Networks (WMNs) : a case study of Malicious Packet drop attack

Wireless Mesh Networks (WMNs) are known for possessing good attributes such as low up-front cost, easy network maintenance, and reliable service coverage. This has largely made them to be adopted in various areas such as; school campus networks, community networking, pervasive healthcare, office and home automation, emergency rescue operations and ubiquitous wireless networks. The routing nodes are equipped with self-organized and self-configuring capabilities. The routing mechanisms of WMNs depend on the collaboration of all participating nodes for reliable network performance. However, it has been noted that most routing algorithms proposed for WMNs in the last few years are designed with the assumption that all the participating nodes will collaboratively be involved in relaying the data packets originated from a source to a multi-hop destination. Such design approach exposes WMNs to vulnerability such as malicious packet drop attack. Therefore, it is imperative to design and implement secure and reliable packet routing mechanisms to mitigate this type of attack. While there are works that have attempted to implement secure routing approach, the findings in this research unearthed that further research works are required to improve the existing secure routing in order to provide more secure and reliable packet transmission in WMNs, in the event of denial of service (DoS) attacks such black hole malicious pack drop attack. This study further presents an analysis of the impact of the black hole malicious packet drop attack with other influential factors in WMNs. In the study, NS-3 simulator was used with AODV as the routing protocol. The results show that the packet delivery ratio and throughput of WMN under attack decreases sharply as compared to WMN free from attack

Heterogeneous Wireless Mesh Network Technology Evaluation for Space Proximity and Surface Applications

NASA has identified standardized wireless mesh networking as a key technology for future human and robotic space exploration. Wireless mesh networks enable rapid deployment, provide coverage in undeveloped regions. Mesh networks are also self-healing, resilient, and extensible, qualities not found in traditional infrastructure-based networks. Mesh networks can offer lower size, weight, and power (SWaP) than overlapped infrastructure-perapplication. To better understand the maturity, characteristics and capability of the technology, we developed an 802.11 mesh network consisting of a combination of heterogeneous commercial off-the-shelf devices and opensource firmware and software packages. Various streaming applications were operated over the mesh network, including voice and video, and performance measurements were made under different operating scenarios. During the testing several issues with the currently implemented mesh network technology were identified and outlined for future work

Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

Performance Optimization of Network Protocols for IEEE 802.11s-based Smart Grid Communications

The transformation of the legacy electric grid to Smart Grid (SG) poses numerous challenges in the design and development of an efficient SG communications network. While there has been an increasing interest in identifying the SG communications network and possible SG applications, specific research challenges at the network protocol have not been elaborated yet. This dissertation revisited each layer of a TCP/IP protocol stack which basically was designed for a wired network and optimized their performance in IEEE 802.11s-based Advanced Metering Infrastructure (AMI) communications network against the following challenges: security and privacy, AMI data explosion, periodic simultaneous data reporting scheduling, poor Transport Control Protocol (TCP) performance, Address Resolution Protocol (ARP) broadcast, and network interoperability. To address these challenges, layered and/or cross-layered protocol improvements were proposed for each layer of TCP/IP protocol stack. At the application layer, a tree-based periodic time schedule and a time division multiple access-based scheduling were proposed to reduce high contention when smart meters simultaneously send their reading. Homomorphic encryption performance was investigated to handle AMI data explosion while providing security and privacy. At the transport layer, a tree-based fixed Retransmission Timeout (RTO) setting and a path-error aware RTO that exploits rich information of IEEE 802.11s data-link layer path selection were proposed to address higher delay due to TCP mechanisms. At the network layer, ARP requests create broadcast storm problems in IEEE 802.11s due to the use of MAC addresses for routing. A secure piggybacking-based ARP was proposed to eliminate this issue. The tunneling mechanisms in the LTE network cause a downlink traffic problem to IEEE 802.11s. For the network interoperability, at the network layer of EPC network, a novel UE access list was proposed to address this issue. At the data-link layer, to handle QoS mismatch between IEEE 802.11s and LTE network, Dual Queues approach was proposed for the Enhanced Distributed Channel Access. The effectiveness of all proposed approaches was validated through extensive simulation experiments using a network simulator. The simulation results showed that the proposed approaches outperformed the traditional TCP/IP protocols in terms of end to end delay, packet delivery ratio, throughput, and collection time

A Dynamic Application Partitioning and Offloading Framework to Enhance the Capabilities of Transient Clouds Using Mobile Agents

Mobile cloud computing has emerged as a prominent area of research, a natural extension of cloud computing that proposes to offer solutions for enhancing the capabilities of smart mobile devices commonly plagued by resource constraints. As one of its promising models, transient clouds aim to address the internet connectivity shortfall inherent in most solutions through the formation of ad hoc networks by devices in close proximity, then the offloading some computations (Cyber Foraging) to the created cloud. However, transient clouds, at their current state, have several limitations, concerning their expansion on a local network having a large number of devices and the management of the instability of the network due to the constant mobility of the devices. Another issue is the fact code partitioning and offloading are not addressed to fit the need of such networks, thereby rendering the distributed computing mechanism barely efficient for the Transient Cloud. In this study, we propose a transient cloud-based framework that exploits the use of multi-agent systems, enabling a dynamic partitioning and offloading of code, and facilitating the movement and the execution of code partition packets in a multi-hop ad-hoc mesh network. When created and deployed, these intelligent mobile agents operate independently or collaboratively and adapt to the continual entry and exit of devices in the neighbourhood. The integration of these trending concepts in distributed computing within a framework offers a new architecture for resource-sharing among cooperating devices that addresses the varied issues that arise in dynamic environments

Efficient Key Management Schemes for Smart Grid

With the increasing digitization of different components of Smart Grid by incorporating smart(er) devices, there is an ongoing effort to deploy them for various applications. However, if these devices are compromised, they can reveal sensitive information from such systems. Therefore, securing them against cyber-attacks may represent the first step towards the protection of the critical infrastructure. Nevertheless, realization of the desirable security features such as confidentiality, integrity and authentication relies entirely on cryptographic keys that can be either symmetric or asymmetric. A major need, along with this, is to deal with managing these keys for a large number of devices in Smart Grid. While such key management can be easily addressed by transferring the existing protocols to Smart Grid domain, this is not an easy task, as one needs to deal with the limitations of the current communication infrastructures and resource-constrained devices in Smart Grid. In general, effective mechanisms for Smart Grid security must guarantee the security of the applications by managing (1) key revocation; and (2) key exchange. Moreover, such management should be provided without compromising the general performance of the Smart Grid applications and thus needs to incur minimal overhead to Smart Grid systems. This dissertation aims to fill this gap by proposing specialized key management techniques for resource and communication constrained Smart Grid environments. Specifically, motivated by the need of reducing the revocation management overhead, we first present a distributed public key revocation management scheme for Advanced Metering Infrastructure (AMI) by utilizing distributed hash trees (DHTs). The basic idea is to enable sharing of the burden among smart meters to reduce the overall overhead. Second, we propose another revocation management scheme by utilizing cryptographic accumulators, which reduces the space requirements for revocation information significantly. Finally, we turn our attention to symmetric key exchange problem and propose a 0-Round Trip Time (RTT) message exchange scheme to minimize the message exchanges. This scheme enables a lightweight yet secure symmetric key-exchange between field devices and the control center in Smart Gird by utilizing a dynamic hash chain mechanism. The evaluation of the proposed approaches show that they significantly out-perform existing conventional approaches

Cross-Layer-Optimierungen für WLAN-Mesh-Netzwerke

Gegenstand dieser Arbeit ist es, das Verhalten von IEEE-802.11s-Mesh-Netzwerken in der Praxis zu untersuchen und Strategien und Lösungen zu entwickeln, durch die einerseits die Administrierbarkeit und Skalierbarkeit komplexer Mesh-Backbones erhöht werden und andererseits verteilte Anwendungen die darunter liegende Netzwerkstruktur gezielt berücksichtigen können, um das vorhandene Datendurchsatzpotential effizient zu nutzen.The aim of this thesis is to investigate the practical behavior of IEEE 802.11s mesh networks and to develop strategies and solutions that, on the one hand, increase the scalability and manageability of complex mesh backbones and, on the other hand, enable distributed applications to explicitly consider the underlying network structure, allowing them to utilize the available network capacity efficiently