PEACE: A Novel Privacy-Enhanced Yet Accountable Security Framework for Metropolitan Wireless Mesh Networks

Recently, multihop wireless mesh networks (WMNs) have attracted increasing attention and deployment as a low-cost approach to provide broadband Internet access at metropolitan scale. Security and privacy issues are of most concern in pushing the success of WMNs for their wide deployment and for supporting service-oriented applications. Despite the necessity, limited security research has been conducted toward privacy preservation in WMNs. This motivates us to develop PEACE, a novel Privacy-Enhanced yet Accountable seCurity framEwork, tailored for WMNs. On one hand, PEACE enforces strict user access control to cope with both free riders and malicious users. On the other hand, PEACE offers sophisticated user privacy protection against both adversaries and various other network entities. PEACE is presented as a suite of authentication and key agreement protocols built upon our proposed short group signature variation. Our analysis shows that PEACE is resilient to a number of security and privacy related attacks. Additional techniques were also discussed to further enhance scheme efficiency.     

Matrix-based pairwise key establishment for wireless mesh networks

Wireless communication in wireless mesh networks (WMNs), like other types of wireless networks, is vulnerable to many malicious activities such as eavesdropping. As one of the fundamental security technologies, pairwise key establishment has been widely studied to secure wireless communication. In this paper, we propose a new matrix-based pairwise key establishment scheme for mesh clients in WMNs. A fact in WMNs is that mesh routers are more powerful than mesh clients, in both communication and storage. Motivated by this fact, expensive operations can be delegated to mesh routers to alleviate the overhead of mesh clients when establishing pairwise keys between them. Compared with other matrix-based schemes, our scheme has significant advantages: any two mesh clients can directly establish pairwise keys while communication and storage costs of mesh clients are significantly reduced.     

Designing for social interaction with mundane technologies: issues of security and trust

This paper documents some of the socio-technical issues involved in developing security measures for wireless mesh networks (WMNs) that are deployed as part of a community network. We are interested in discovering whether (and exactly how) everyday social interaction over the network is affected by security issues, and any consequent design implications. We adopt an interdisciplinary methodological approach to requirements, treating a community as an ‘organization’ and implementing an approach, OCTAVE, originally designed to uncover security elements for organizations. Using a focus group technique we chart some of the assets and security concerns of the community, concerns that need to be addressed in order for WMNs, or indeed any network, to become a truly ‘mundane technology’.     

A mobility management scheme for wireless mesh networks based on a hybrid routing protocol

Recent advances in wireless mesh networks (WMNs) have overcome the drawbacks of traditional wired networks and wireless ad hoc networks. WMNs will play a leading role in the next generation of networks, and the question of how to provide seamless mobility management for WMNs is the driving force behind the research. The inherent characteristics of WMNs, such as relatively static backbones and highly mobile clients, require new mobility management solutions to be designed and implemented.In this paper, a hybrid routing protocol for forwarding packets is proposed: this involves both link layer routing and network layer routing. Based on the hybrid routing protocol, a mobility management scheme for WMNs is presented. Both intra-domain and inter-domain mobility management have been designed to support seamless roaming in WiFi-based WMNs. During intra-domain handoff, gratuitous ARP messages are used to provide new routing information, thus avoiding re-routing and location update. For inter-domain handoff, redundant tunnels are removed in order to minimize forwarding latency. Comprehensive simulation results illustrate that our scheme has low packet latency, low packet loss ratio and short handoff latency. As a result, real-time applications over 802.11 WMNs such as VoIP can be supported.     

A secure routing scheme based on social network analysis in wireless mesh networks无线网状网中一种基于社会网络分析的安全路由机制

As an extension of wireless ad hoc and sensor networks, wireless mesh networks (WMNs) are employed as an emerging key solution for wireless broadband connectivity improvement. Due to the lack of physical security guarantees, WMNs are susceptible to various kinds of attack. In this paper, we focus on node social selfish attack, which decreases network performance significantly. Since this type of attack is not obvious to detect, we propose a security routing scheme based on social network and reputation evaluation to solve this attack issue. First, we present a dynamic reputation model to evaluate a node’s routing behavior, from which we can identify selfish attacks and selfish nodes. Furthermore, a social characteristic evaluation model is studied to evaluate the social relationship among nodes. Groups are built based on the similarity of node social status and we can get a secure routing based on these social groups of nodes. In addition, in our scheme, nodes are encouraged to enter into multiple groups and friend nodes are recommended to join into groups to reduce the possibility of isolated nodes. Simulation results demonstrate that our scheme is able to reflect node security status, and routings are chosen and adjusted according to security status timely and accurately so that the safety and reliability of routing are improved.     

Design and implementation of MobiSEC: A complete security architecture for wireless mesh networks

Wireless mesh networks (WMNs) have emerged recently as a technology for next-generation wireless networking. They consist of mesh routers and clients, where mesh routers are almost static and form the backbone of WMNs. WMNs provide network access for both mesh and conventional clients.In this paper we propose MobiSEC, a complete security architecture that provides both access control for mesh users and routers as well as a key distribution scheme that supports layer-2 encryption to ensure security and data confidentiality of all communications that occur in the WMN.MobiSEC extends the IEEE 802.11i standard exploiting the routing capabilities of mesh routers; after connecting to the access network as generic wireless clients, new mesh routers authenticate to a central server and obtain a temporary key that is used both to prove their credentials to neighbor nodes and to encrypt all the traffic transmitted on the wireless backbone links.A key feature in the design of MobiSEC is its independence from the underlying wireless technology used by network nodes to form the backbone. Furthermore, MobiSEC allows seamless mobility of both mesh clients and routers.MobiSEC has been implemented and integrated in MobiMESH, a WMN implementation that provides a complete framework for testing and analyzing the behavior of a mesh network in real-life environments. Moreover, extensive simulations have been performed in large-scale network scenarios using Network Simulator.Numerical results show that our proposed architecture considerably increases the WMN security, with a negligible impact on the network performance, thus representing an effective solution for wireless mesh networking.     

Performance evaluation for on-demand routing protocols based on OPNET modules in wireless mesh networks

In wireless networks, users expect to get access to the network securely and seamlessly to share the data flow of access points anytime and anywhere. However, either point-to-point or point-to-multipoint methods in traditional wireless networks make the network bandwidth decrease rapidly, which cannot meet the requirements of users. Recently, a new wireless broadband access network, wireless mesh networks (WMNs), has emerged. As one of the key technologies in WMNs, wireless routing protocols plays an important role in performance optimization of WMNs. Therefore, in this paper, we address the on-demand routing protocols by focusing on dynamic source routing (DSR) protocol and ad hoc on-demand distance vector (AODV) routing protocol in WMNs. Then, we use the OPNET modules to establish the simulation models of DSR and AODV protocols in WMNs. Simulation and results show that, DSR protocol that is based on the dynamic source routing is not suitable for wireless transmission, while AODV routing protocol that is based on the purpose-driven routing is suitable for wireless transmission with rapid change of network topology.     

无线网状网的QoS研究

作为下一代无线通信网络的关键技术,无线网状网能够融合异构网络,满足多类型的业务需求,因此必须提供一定的服务质量(QoS)保证.对目前各种QoS体系结构进行了分析,讨论了无线网状网的QoS体系结构.针对无线网状网网络层以下各层的QoS问题,对近年来国内外在功率控制、无线环境感知、支持QoS的MAC协议、QoS路由以及跨层QoS设计等方向所取得的研究成果进行了全面的概括总结和比较分析.最后对未来的研究发展趋势提出了自己的观点.     

Securing wireless mesh networks in a unified security framework with corruption-resilience

Wireless mesh networks (WMN) are expected to be widespread due to their excellent properties like low-cost deployment, easy arrangement and self-organization. Although some proposed security schemes for WMNs with various security objectives have been put forward recently, it is a challenge to employ a uniform cryptography context to achieve resilience to trust authority corruption and maintain trust relationships flexibly among different domains. In this paper, a unified security framework (USF) for multi-domain wireless mesh networks is proposed. The identity-based encryption and the certificateless signature are unified in the proposed cryptography operations utilizing bilinear groups to solve key escrow problem. To ensure secure muliti-hop communication in WMN, the intra and inter domain authentication and key agreement protocols are devised sophisticatedly to achieve perfect forward secrecy and attack-resilience. With the enhanced security properties in the USF scheme, when a trust authority is corrupted, parts of the WMN could be survivable in the local area if proper measures are taken. A formal security proof of the proposed authentication protocols is presented based on Universal Composable security theory. The detailed performance analysis shows that the enhanced security attributes are achieved with reasonable overhead.     

Wireless Mesh Networks for Public Safety and Crisis Management Applications

Wireless mesh networks (WMNs) are multihop wireless networks with self-healing and self-configuring capabilities. These features, plus the ability to provide wireless broadband connectivity at a comparatively low cost, make WMNs a promising technology for a wide range of applications. While discussing the suitability of WMN technology for public safety and crisis management communication, this article highlights its strengths and limitations and points to current and future research in this context.     

On-demand channel reservation scheme for common traffic in wireless mesh networks

Wireless mesh networks (WMNs) have recently gained momentum as a new broadband internet access technology to provide internet traffic. These networks have unique characteristics that make them different from ad hoc networks. These differences are as follows. First, WMNs are composed of static mesh routers that are equipped with multiple radio interfaces and turn each interface into a non-overlapping channel. These additional interfaces can create multiple concurrent links between adjacent nodes. Second, most of the traffic in WMNs is directed towards the gateway. Third, both local traffic and internet traffic are relayed by the mesh router to indeed destination. The Multi-Radio Ad hoc On-Demand Distance Vector (AODV-MR) developed to support multi-radio and does not take into account above-mentioned WMNs characteristics. In this paper, we propose an on-demand channel reservation scheme to reserve some of mesh router radio interfaces to support the gateway traffic while the remaining interfaces can be used to support the local traffic. Our scheme establishes high throughput paths for the traffic destined at the gateway, reduces the intra-flow and inter-flow interferences as well as to support full duplex node transmission.The scheme allows the gateway to assign a list of channels for each received gateway routing discovery message. Simulation results show that our proposed scheme significantly improves the performance of multi-radio multi-channel wireless mesh networks.     

无线Mesh网络中多信道生成树路由算法

无线Mesh网络是一种特殊的AdHoc网络。它易于部署、安装,能有效地构建无线骨干网,通常被用作宽带Internet接入和扩展无线LAN的覆盖范围。针对无线Mesh网络的特点,提出了一种不同于一般MANET路由协议的路由算法。该算法基于网络拓扑生成树,使用多个无重叠信道;在解决信道分配问题的同时,兼顾信道多样性和信道重用,更好地利用无线频谱资源,支持链路并行传输。     

Design of certification authority using secret redistribution and multicast routing in wireless mesh networks

Wireless mesh networks (WMNs) should provide authentication and key management without a trusted third party because of their self-organizing and self-configuring characteristics. Several solutions to this problem have been proposed in mobile ad hoc networks (MANETs). But they are not optimal for WMNs because WMNs are with stationary mesh routers (MRs) that do not suffer from the limited power problem. In this paper, we design an architecture of mesh certification authority (MeCA) for WMNs. In MeCA, the secret key and functions of certification authority (CA) are distributed over several MRs. For secret sharing and redistribution, we develop the fast verifiable share redistribution (FVSR) scheme, which works for threshold cryptography and minimizes the possibility of secret disclosure when some shareholders are compromised by adversaries. MeCA adopts the multicasting based on Ruiz tree, which is optimal in reducing the operation overhead. It can update, revoke, and verify certificates of WMN nodes in a secure and efficient manner. Simulation results show that MeCA does not disclose its secret key even under severe attacks while incurring low overhead compared to other existing schemes in MANETs.     

无线网状网跨层路由的研究

目前,无线网状网跨层路由设计方兴未艾,以往无线路由设计是基于最小跳数的,缺少对无线网状网特性的综合考虑,并不能充分发挥出无线网状网的优势。该文提出了基于"队列负载率"和"链路传输效率"的跨层路由协议算法,通过将MAC层的网络状态信息传递给网络层的路由代理,以便选择负载较小的最佳路由。通过仿真可以发现,改文提出的路由不仅显著提高了吞吐量,而且使包的投递更加可靠,提高了QoS。     

Effects of population size for location-aware node placement in WMNs: evaluation by a genetic algorithm--based approach

Wireless mesh networks (WMNs) are cost-efficient networks that have the potential to serve as an infrastructure for advanced location-based services. Location service is a desired feature for WMNs to support location-oriented applications. WMNs are also interesting infrastructures for supporting ubiquitous multimedia Internet access for mobile or fixed mesh clients. In order to efficiently support such services and offering QoS, the optimized placement of mesh router nodes is very important. Indeed, such optimized mesh placement can support location service managed in the mesh and keep the rate of location updates low. This node location-based problem has been shown to be NP-hard and thus is unlikely to be solvable in reasonable amount of time. Therefore, heuristic methods, such as genetic algorithms (GAs), are used as resolution methods. In this paper, we deal with the effect of population size for location-aware node placement in WMNs. Our WMN-GA system uses GA to determine the positions of the mesh routers and mesh clients in the grid area. We used a location-aware node placement of mesh router in cells of considered grid area to maximize network connectivity and user coverage. We evaluate the performance of the proposed and implemented WMN-GA system for low and high density of clients considering different distributions and considering giant component and number of covered users parameters. The simulation results show that for low-density networks, with the increasing of population size, GA obtains better result. However, with the increase in the population size, the GA needs more computational time. The proposed system has better performance in dense networks like hot spots for Weibull distribution when the population size is big.     

A reliable recommendation and privacy-preserving based cross-layer reputation mechanism for mobile cloud computing

Mobile cloud computing (MCC) is gaining popularity due to anywhere anytime data access. However, at the same time it also introduces the new privacy and security threats that have become an obstacle to the widespread use and popularity of MCC. In this paper, we propose a reliable recommendation and privacy preserving based cross-layer reputation mechanism (RP-CRM) to provide secure and privacy-aware communication process in wireless mesh networks (WMNs) based MCC (WM-MCC). RP-CRM integrates the cross-layer design with recommendation reputation reliability evaluation mechanism and the privacy preserving scheme to identify and manage the internal malicious nodes and protect the security and privacy against internal multi-layer attack, bad mouthing attack and information disclosure attack. Simulation results and performance analysis demonstrate that RP-CRM can provide rapid and accurate malicious node identification and management, and provide security and privacy protection against aforementioned attacks more effectively and efficiently.     

The WICKPro protocol with the Packet Delivery Ratio metric

Wireless mesh networks (WMNs) with chain topologies are very useful in road and railroad transportation or in tunnel and mine applications. The proposed protocols for WMNs usually support best-effort traffic or some kind of Quality of Service (QoS). However, some applications such as remote-controlled machines in industrial control networks have hard real-time (HRT) requirements, i.e., strict deadlines. For this reason, this paper incorporates the Packet Delivery Ratio (PDR) metric into the WICKPro (WIreless Chain networK Protocol) protocol, a HRT protocol for WMNs with chain topologies which uses a token-passing approach. WICKPro is a Medium Access Control (MAC) protocol based on the ideas of the Timed-token protocol and the cyclic executive. The incorporation of the PDR metric lets calculate the needed time to be reserved where packet retransmissions can be accommodated while satisfying HRT traffic constraints. Moreover, the feasibility of using the PDR metric in a token-passing protocol is shown. Since WICKPro has been designed to work on top of IEEE 802.11, we made a testbed using commercial 802.11 wireless cards and compared the WICKPro’s performance with the 802.11 protocol and three specific protocols for WMNs with chain topologies.     

User density sensitive P2P streaming in wireless mesh networks

Link rate allocation is very important for supporting high video playback rate in Peer-to-Peer video streaming. Although many studies can be found on resource allocation in P2P streaming in wired networks, very few studies have studied the problem in wireless networks, especially in Wireless multi-hop Mesh Networks (WMNs), which is still challenging. To maximize the users’ satisfaction of P2P streaming in WMNs, this paper focuses on link rate allocation problem and proposes a fully distributed algorithm to efficiently utilize the upload and download bandwidth of wireless mesh nodes. We first build an efficient P2P streaming system based on the experimental results from real deployment of our wireless mesh testbed. Then we design an efficient distributed algorithm based on the solution to a linear optimization model, which optimizes towards a user-density-related objective to decide the best streaming rates among peers. Our scheme is resilient to network dynamics that is characteristic in wireless multi-hop peer-to-peer networks. The simulation experiments demonstrate the significant performance enhancement by using the proposed rate allocation algorithm in WMNs.     

SafeMesh: A wireless mesh network routing protocol for incident area communications

Reliable broadband communication is becoming increasingly important during disaster recovery and emergency response operations. In situations where infrastructure-based communication is not available or has been disrupted, an Incident Area Network needs to be dynamically deployed, i.e. a temporary network that provides communication services for efficient crisis management at an incident site. Wireless Mesh Networks (WMNs) are multi-hop wireless networks with self-healing and self-configuring capabilities. These features, combined with the ability to provide wireless broadband connectivity at a comparably low cost, make WMNs a promising technology for incident management communications. This paper specifically focuses on hybrid WMNs, which allow both mobile client devices as well as dedicated infrastructure nodes to form the network and provide routing and forwarding functionality. Hybrid WMNs are the most generic and most flexible type of mesh networks and are ideally suited to meet the requirements of incident area communications. However, current wireless mesh and ad-hoc routing protocols do not perform well in hybrid WMN, and are not able to establish stable and high throughput communication paths. One of the key reasons for this is their inability to exploit the typical high degree of heterogeneity in hybrid WMNs. SafeMesh, the routing protocol presented in this paper, addresses the limitations of current mesh and ad-hoc routing protocols in the context of hybrid WMNs. SafeMesh is based on the well-known AODV routing protocol, and implements a number of modifications and extensions that significantly improve its performance in hybrid WMNs. This is demonstrated via an extensive set of simulation results. We further show the practicality of the protocol through a prototype implementation and provide performance results obtained from a small-scale testbed deployment.     

无线Mesh网络入侵检测关键技术研究

本文研究了无线Mesh网络的结构和特点,以及入侵检测系统(IDS)在构建安全WMN中不可替代的作用。深入分析了AdHoc网络IDS、跨层和网络故障检测技术特点以及无线Mesh网络自身的安全需求。在此基础上,本文结合网络故障检测与跨层技术提出了一种基于代理的非对称分布式协作IDS结构,对代理模块设计原则进行了详细分析。最后以MAC自私行为攻击为例对该结构进行了模拟。结果显示,该结构能够很好地适应无线Mesh网络。