Design and implementation of MobiSEC: A complete security architecture for wireless mesh networks

Wireless mesh networks (WMNs) have emerged recently as a technology for next-generation wireless networking. They consist of mesh routers and clients, where mesh routers are almost static and form the backbone of WMNs. WMNs provide network access for both mesh and conventional clients. In this paper we propose MobiSEC, a complete security architecture that provides both access control for mesh users and routers as well as a key distribution scheme that supports layer-2 encryption to ensure security and data confidentiality of all communications that occur in the WMN. MobiSEC extends the IEEE 802.11i standard exploiting the routing capabilities of mesh routers; after connecting to the access network as generic wireless clients, new mesh routers authenticate to a central server and obtain a temporary key that is used both to prove their credentials to neighbor nodes and to encrypt all the traffic transmitted on the wireless backbone links. A key feature in the design of MobiSEC is its independence from the underlying wireless technology used by network nodes to form the backbone. Furthermore, MobiSEC allows seamless mobility of both mesh clients and routers. MobiSEC has been implemented and integrated in MobiMESH, a WMN implementation that provides a complete framework for testing and analyzing the behavior of a mesh network in real-life environments. Moreover, extensive simulations have been performed in large-scale network scenarios using Network Simulator. Numerical results show that our proposed architecture considerably increases the WMN security, with a negligible impact on the network performance, thus representing an effective solution for wireless mesh networking.

[1]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[2]  Elizabeth M. Belding-Royer,et al.  A secure routing protocol for ad hoc networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[3]  Marco Conti,et al.  Mesh networks: commodity multihop ad hoc networks , 2005, IEEE Communications Magazine.

[4]  Tim Moors,et al.  Detection and Identification of Anomalies in Wireless Mesh Networks Using Principal Component Analysis (PCA) , 2008, ISPAN.

[5]  Ian F. Akyildiz,et al.  Wireless mesh networks: a survey , 2005, Comput. Networks.

[6]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[7]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs , 2005, RFC.

[8]  R. Fantacci,et al.  A secure and performant token-based authentication for infrastructure and mesh 802 . 1 X networks , 2006 .

[9]  Sondre Wabakken Engell Securing the OLSR Protocol , 2004 .

[10]  Adrian Perrig,et al.  Distributed detection of node replication attacks in sensor networks , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[11]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[12]  Paul Mühlethaler,et al.  An advanced signature system for OLSR , 2004, SASN '04.

[13]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[14]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[15]  Christos Douligeris,et al.  Detecting unauthorized and compromised nodes in mobile ad hoc networks , 2007, Ad Hoc Networks.

[16]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[17]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[18]  Yu Xiuyuan A Modified Remote User Authentication Scheme Using Smart Cards , 2008 .

[20]  Antonio Capone,et al.  MobiMESH: An Experimental Platform for Wireless MESH Networks with Mobility Support , 2006 .

[21]  William A. Arbaugh,et al.  Your 80211 wireless network has no clothes , 2002, IEEE Wirel. Commun..

[22]  Jean-Pierre Hubaux,et al.  Securing wireless mesh networks , 2006, IEEE Wireless Communications.

[23]  P. Jacquet,et al.  Securing the OLSR protocol , 2003 .

[24]  H. Chaouchi,et al.  Security architecture in a multi-hop mesh network 1 , 2006 .

[25]  William Stallings,et al.  Cryptography and network security , 1998 .

[26]  Yuguang Fang,et al.  ARSA: An Attack-Resilient Security Architecture for Multihop Wireless Mesh Networks , 2006, IEEE Journal on Selected Areas in Communications.

[27]  Rong Wang,et al.  Mutual Authentication in Wireless Mesh Networks , 2008, 2008 IEEE International Conference on Communications.

[28]  Manoj Kumar,et al.  New remote user authentication scheme using smart cards , 2004, IEEE Transactions on Consumer Electronics.

[29]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2005, Wirel. Networks.

[30]  Jean-Marie Bonnin,et al.  Fast pre-authentication based on proactive key distribution for 802.11 infrastructure networks , 2005, WMuNeP '05.

[31]  Liviu Iftode,et al.  Locality driven key management architecture for mobile ad-hoc networks , 2004, 2004 IEEE International Conference on Mobile Ad-hoc and Sensor Systems (IEEE Cat. No.04EX975).

[32]  Veljko M. Milutinovic,et al.  Routing and security in mobile ad hoc networks , 2004, Computer.

[33]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[34]  Anand R. Prasad,et al.  Roaming key based fast handover in WLANs , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[35]  Haiyun Luo,et al.  Self-securing ad hoc wireless networks , 2002, Proceedings ISCC 2002 Seventh International Symposium on Computers and Communications.

[36]  John Ioannidis,et al.  A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP) , 2004, TSEC.

[37]  William A. Arbaugh,et al.  An Initial Security Analysis of the IEEE 802.1X Standard , 2002 .

[38]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.