Securing wireless mesh networks [Elektronische Ressource] : a three dimensional perspective / Fahad Samad

rheinisch-westfalischen_technischen_hochschule_-rwth-_aachen - M.Sc. Fahad Samad

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

187 pages

English

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

Sujets

Informatik

Informations

Publié par	rheinisch-westfalischen_technischen_hochschule_-rwth-_aachen
Publié le	01 janvier 2011
Nombre de lectures	9
Langue	English
Poids de l'ouvrage	3 Mo

Extrait

Securing Wireless Mesh Networks {
A Three Dimensional Perspective
Von der Fakultat fur Mathematik, Informatik und
Naturwissenschaften der RWTH Aachen University
zur Erlangung des akademischen Grades eines Doktors
der Ingenieurwissenschaften genehmigte Dissertation
vorgelegt von
M.S. Fahad Samad
aus Karachi, Pakistan
Berichter: Universit atsprofessor Dr. rer. nat. Dr. h. c. Otto Spaniol
Universit Dr. rer. nat. Peter Rossmanith
Tag der mundlic hen Prufung: Mittwoch, 22. Juni 2011
Diese Dissertation ist auf den Internetseiten der Hochschulbibliothek online
verfugbar.\Read! In the Name of your Lord, Who has created (all
that exists). He has created man from a clot (a piece of
thick coagulated blood). Read! And your Lord is the Most
Generous. Who has taught (the writing) by the pen. He has
taught man that which he knew not."
(Al-Quran: Chapter 96 (The Clot), Verses 1-5)Acknowledgments
\Coming together is a beginning.
Keeping to is progress.
Working together is success."
- Henry Ford (1863-1947)
This work is done at the Department of Computer Science 4 (Informatik
4), the RWTH Aachen University, Germany. The Informatik 4 which is now
known as COMSYS targets its research towards the area of communications
and distributed systems. I would like to thank Prof. Dr. Otto Spaniol who
gave me the possibility to write a doctoral thesis in his research group. He
not only supported me as a Ph.D. adviser but he also made me learn far more
than just the things that can be learned in a computer science department.
Considerable recommendations to this work were provided by my second
supervisor Prof. Dr. Peter Rossmanith and also by Prof. Dr. Ulrike Meyer.
I would like to thank her for her outstanding help and her commitment to
spend so much e ort in relation to this work.
There are several more people I need to thank in reference to this work.
This work would never be the same without the extensive discussions with
my colleagues and friends of Informatik 4 and the other sta of the RWTH
Aachen University. Especially, I want to thank in this regard my colleague
Mr. Sadeq Ali Makram and my students Mr. Qassem Abu Ahmad and Mr.
Shankar Karuppayah who were always available to discuss issues related to
this work and helped me to stay on the right track. Finally, I would like to
express that I would not be who I am and where I am without my family.
I thank my mother and sisters for the love and a sense of association they
give me every day. Words can not express what they mean to me.Abstract
Wireless Mesh Networks (WMNs) are multi-hop networks that have secured
a signi cant position in the technological world due to their unique charac-
teristics. These networks are dynamically self-healing, self-organizing, and
self-con gurable. They help to realize the future of network connectivity
anywhere and anytime. Moreover, WMNs substantially minimize the com-
plexity in network deployment and maintenance hence reduce the deployment
costs of the networks. A WMN consisting of mesh routers with multiple
network interfaces can signi cantly improve the performance and aggregate
capacity of the network. While these mesh routers usually have minimal
mobility, mesh clients can be either stationary or mobile. These networks can
provide facilities to enhance the performance of wireless local area networks
(WLANs), metropolitan area networks (WMANs), and ad hoc networks.
Moreover, they can be utilized for a variety of applications such as broad-
band home networking, community networking, transportation systems, and
building automations.
In order to provide multi-hop authentication in WMNs, di erent schemes
have been proposed over the years. Many of these schemes have certain
limitations. Either the schemes use cryptographic mechanisms which are
computationally complex or assume to have centralized key distribution
and authentication strategies. However, a WMN does not usually have a
centralized trust and being a multi-hop network, does have relay nodes.
Therefore, security solutions in these networks must be computationally
e cient, lightweight, and must handle the additional threats possible from
relay nodes. For instance, WMNs are highly prone to severe security attacks
such as denial of service attacks. This sense of being insecure demotiv-
ates the companies to deploy and provide state-of-the-art wireless services
through WMNs. However, if these security issues are e ciently handled,
these networks have the ability to provide multiple services to their users
concurrently such as online banking, community based le sharing, and live
video streaming etc. Moreover, the nodes in WMNs might have distinct
resources available (e.g. hardware) and undergo distinguishable security
requirements. The ability of WMNs to provide multiple types of networkviii
services and the presence of distinct resources in these networks raise the
importance of having di erent levels of security services. The customers
using the network services should be able to chose the required security level
based on the their needs (e.g. based on the type of service/application) and
availability of resources.
In this thesis, we try to present the security issues of WMNs in three
dimensions. Firstly, we present a protection mechanism based on neigh-
borhood trust to gain e cient authentication of nodes and identi cation
privacy in a clustered WMN. Our approach renders a lightweight protection
using hash chains and does not require any trusted authority rather develops
mutual trust among nodes in the network based on communication history.
We then introduce a secure connection establishment scheme based on neigh-
borhood trust. It preserves anonymity of any two communication parties
using a lightweight authentication scheme. In addition, it also o ers seamless
and secure connectivity to mobile nodes. Our proposed solution applies
to both mesh and ad hoc networks. Secondly, we propose a requirement-
and resource-friendly security framework established on Merkle trees and
adaptive security service-level association mechanism to provide fast authen-
tication and tunable security asso among nodes in WMNs based on the
availability of network resources and application requirements. Finally, we
propose two schemes to mitigate two rather vicious denial of service attacks
known as channel assignment attacks and jelly sh attacks in both wireless
mesh and ad hoc networks.Contents
List of Figures xvii
List of Tables xxi
1 Introduction 1
1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Organization of thesis and summary of contributions . . . . 3
1.3 Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2 An Overview of Security in Wireless Mesh Networks 5
2.1 Wireless Mesh Networks . . . . . . . . . . . . . . . . . . . . . 5
2.1.1 Classi cation of WMNs . . . . . . . . . . . . . . . . . 6
2.1.2 Features of WMNs . . . . . . . . . . . . . . . . . . . 7
2.2 Comparison of Wireless Mesh and Ad hoc Networks . . . . . 8
2.3 Applications of WMNs in the Real World . . . . . . . . . . . 9
2.4 Open Research Challenges in WMNs . . . . . . . . . . . . . 11
2.5 Security in WMNs . . . . . . . . . . . . . . . . . . . . . . . . 12
2.6 Vulnerabilities and Attacks in WMNs . . . . . . . . . . . . . 13
2.6.1 Passive Attacks . . . . . . . . . . . . . . . . . . . . . . 13
2.6.1.1 Passive Eavesdropping . . . . . . . . . . . . . 13
2.6.1.2 Tra c Analysis . . . . . . . . . . . . . . . . 13
2.6.2 Active Attacks . . . . . . . . . . . . . . . . . . . . . . 14x CONTENTS
2.6.2.1 Physical Attacks . . . . . . . . . . . . . . . . 14
2.6.2.2 Misbehaviors . . . . . . . . . . . . . . . . . . 14
2.6.2.3 Unauthorized Access . . . . . . . . . . . . . 15
2.6.2.4 Message Forgery and Replay Attacks . . . . 15
2.6.2.5 Man-in-the-middle Attack . . . . . . . . . . . 15
2.6.2.6 Denial of Service Attacks . . . . . . . . . . . 15
2.7 Characteristics and Demands of a Secure WMN . . . . . . . . 17
3 Trust Based Protection in Clustered Mesh Networks 21
3.1 Introduction and Motivation . . . . . . . . . . . . . . . . . . . 21
3.2 Existing Work and their Limitations . . . . . . . . . . . . . . 22
3.3 Neighborhood Trust in Clustered Mesh Networks . . . . . . 24
3.3.1 De nitions . . . . . . . . . . . . . . . . . . . . . . . . 24
3.3.2 Assumptions . . . . . . . . . . . . . . . . . . . . . . . 25
3.3.3 Phases of the Proposed Scheme . . . . . . . . . . . . . 26
3.3.3.1 Initial Network Bootstrapping . . . . . . . . 26
3.3.3.2 Clustering . . . . . . . . . . . . . . . . . . . 28
3.3.3.3 Inter-cluster Key Exchange . . . . . . . . . . 28
3.3.3.4 Neighborhood Based Trust Management . . 30
3.3.3.5 Secure Intra- and Inter-cluster Message Ex-
change . . . . . . . . . . . . . . . . . . . . . 32
3.3.4 Renewal of Credentials . . . . . . . . . . . . . . . . . . 32
3.4 Handling Security Threats and Privacy . . . . . . . . . . . . . 34
3.4.1 Security and Privacy Requirements . . . . . . . . . . . 34
3.4.1.1 Con dentiality . . . . . . . . . . . . . . . . . 34
3.4.1.2 Integrity . . . . . . . . . . . . . . . . . . . . 34
3.4.1.3 Authenticity . . . . . . . . . . . . . . . . . . 34
3.4.1.4 Non-repudiation . . . . . . . . . . . . . . . . 35
3.4.1.5 Authorization . . . . . . . . . . . . . . . . . 35