A Multi-Layer Security Framework for Hybrid Wireless Mesh Networks

Abstract

Wireless Mesh Networks (WMNs) have emerged as a promising technology for a broad range of applications due to their self-organizing, self-configuring and selfhealing capability, in addition to their low cost and easy maintenance. Hybrid Wireless Mesh Network (HWMN) is a special type of wireless mesh network, where mesh routers and mesh clients both perform routing and forwarding functionality and also mesh routers provide integration and interoperability among various heterogeneous networks. Securing HWMNs is more challenging and complex issue due to their inherent characteristics such as shared wireless medium, multi-hop and inter-network communication, highly dynamic network topology and decentralized architecture. These vulnerable features expose the HWMNs to several types of attacks in network and MAC layers. The existing standards and implementations are inadequate to secure these features and fail to provide comprehensive security solutions to protect both backbone and client mesh. Hence, there is a need for developing efficient, scalable and integrated security solutions for HWMNs. In this work, we propose a multi-layer security framework to address the security challenges in HWMNs in a holistic manner. Our framework combines a multi-level key management mechanism and a dynamic reputation-based cross-layer intrusion detection system to protect the legitimate mesh routers and mesh clients at the MAC layer and their legitimate routing paths at the network layer. Protecting legitimate mesh routers and mesh clients from malicious nodes at the MAC layer is still a challenging issue in HWMNs. Our proposed multi-level key management mechanism supports distributed authentication scheme for backbone mesh and centralized authentication scheme for client mesh. The proposed distributed authentication scheme effectively utilizes the trusted group heads communications to secure the join and leave operations of mesh routers in backbone mesh. Our enhanced centralized authentication scheme uses the lightweight encryption to provide secure communication between the authenticator and the mesh client. Our analysis and experimental results show that the proposed mechanism mitigates the severity of malicious nodes and iprovides better security with less storage, communication and computation overhead than the existing key management mechanisms. Protecting legitimate routing paths which are formed by long-distance wireless links from wormhole attacks at the network layer is an important yet challenging security issue in HWMNs. The proposed dynamic reputation-based intrusion detection system analyzes the behavior of the routing paths using cross-layer parameters to correctly isolate the wormhole malicious paths from legitimate routing paths. This isolation ensures full utilization of legitimate long-distance wireless links in HWMNs, which is not possible with the existing wormhole attack detection approaches. Our analysis and experimental results show that the proposed system increases the detection rate, decreases the false alarm rate and secures the legitimate long-distance wireless links from wormhole attacks in HWMNs.