Secure roaming and infrastructure sharing for multi-operator WMNs

Wireless mesh networks consist of a wireless infrastructure of mesh routers which are connected to the Internet via mesh gateways. While previous security research in the area mainly focused single-operator networks, this paper proposes a comprehensive security architecture for multi-operator wireless mesh networks. Our proposal allows for a secure deployment of infrastructure components (routers and gateways) as well as mesh client. The multi-operator support of our architecture does not only cover mesh client roaming, but also the deployment of infrastructure components of one operator in the administrative domain of the other operator. Our architecture is thus - to the best of our knowledge - the first to support secure infrastructure sharing between operators. Note that our solution is based on open standards and protects traffic generated by mesh clients from insider attackers such as compromised mesh routers, mesh routers operated by malicious operators, and curious or malicious routing mesh clients.

[1]  Vidya Narayanan,et al.  Specification for the Derivation of Root Keys from an Extended Master Session Key (EMSK) , 2008, RFC.

[2]  Yuguang Fang,et al.  ARSA: An Attack-Resilient Security Architecture for Multihop Wireless Mesh Networks , 2006, IEEE Journal on Selected Areas in Communications.

[3]  Charles E. Perkins,et al.  IP Mobility Support for IPv4 , 2002, RFC.

[4]  Amin Ben Abdallah,et al.  Architecture de sécurité dans un réseau mesh multi sauts , 2007 .

[5]  Yuguang Fang,et al.  SAT: A Security Architecture Achieving Anonymity and Traceability in Wireless Mesh Networks , 2011, IEEE Transactions on Dependable and Secure Computing.

[6]  Maode Ma,et al.  A Unified Security Framework for Multi-domain Wireless Mesh Networks , 2011, ICICS.

[7]  Yoshihiro Ohba,et al.  Distribution of EAP-Based Keys for Handover and Re-Authentication , 2010, RFC.

[8]  Bing He,et al.  An identity-based authentication and key establishment scheme for multi-operator maintained Wireless Mesh Networks , 2010, The 7th IEEE International Conference on Mobile Ad-hoc and Sensor Systems (IEEE MASS 2010).

[9]  Margo I. Seltzer,et al.  Network Coordinates in the Wild , 2007, NSDI.

[10]  Ulrike Meyer,et al.  FSASD: A framework for establishing security associations for sequentially deployed WMN , 2012, 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[11]  T. Charles Clancy Secure handover in enterprise WLANs: capwap, hokey, and IEEE 802.11R , 2008, IEEE Wireless Communications.

[12]  Zhen Cao,et al.  EAP Extensions for the EAP Re-authentication Protocol (ERP) , 2012, RFC.

[13]  Lillykutty Jacob,et al.  A Secure IPv6-based Urban Wireless Mesh Network (SUMNv6) , 2008, Comput. Commun..

[14]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[15]  Levente Buttyán,et al.  An authentication scheme for QoS-aware multi-operator maintained wireless mesh networks , 2009, 2009 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks & Workshops.

[16]  H. Chaouchi,et al.  Security architecture in a multi-hop mesh network 1 , 2006 .

[17]  Antonio Capone,et al.  MobiSEC: a novel security architecture for wireless mesh networks , 2008, Q2SWinet '08.

[18]  Charles E. Perkins,et al.  IP Mobility Support for IPv4, Revised , 2010, RFC.

[19]  Choong Seon Hong,et al.  A Secure Hybrid Wireless Mesh Protocol for 802.11s Mesh Network , 2008, ICCSA.

[20]  Jari Arkko,et al.  The Network Access Identifier , 2005, RFC.

[21]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[22]  Wenjing Lou,et al.  PEACE: A Novel Privacy-Enhanced Yet Accountable Security Framework for Metropolitan Wireless Mesh Networks , 2010, IEEE Transactions on Parallel and Distributed Systems.

[23]  Wenjing Lou,et al.  A Sophisticated Privacy-Enhanced Yet Accountable Security Framework for Metropolitan Wireless Mesh Networks , 2008, 2008 The 28th International Conference on Distributed Computing Systems.