A Multi-Layer Security Framework for Hybrid Wireless Mesh Networks
Date
2014
Authors
Karri, Ganesh Reddy
Journal Title
Journal ISSN
Volume Title
Publisher
National Institute of Technology Karnataka, Surathkal
Abstract
Wireless Mesh Networks (WMNs) have emerged as a promising technology for
a broad range of applications due to their self-organizing, self-configuring and selfhealing capability, in addition to their low cost and easy maintenance. Hybrid Wireless Mesh Network (HWMN) is a special type of wireless mesh network, where mesh
routers and mesh clients both perform routing and forwarding functionality and also
mesh routers provide integration and interoperability among various heterogeneous networks. Securing HWMNs is more challenging and complex issue due to their inherent
characteristics such as shared wireless medium, multi-hop and inter-network communication, highly dynamic network topology and decentralized architecture. These vulnerable features expose the HWMNs to several types of attacks in network and MAC layers. The existing standards and implementations are inadequate to secure these features
and fail to provide comprehensive security solutions to protect both backbone and client
mesh. Hence, there is a need for developing efficient, scalable and integrated security
solutions for HWMNs. In this work, we propose a multi-layer security framework to address the security challenges in HWMNs in a holistic manner. Our framework combines
a multi-level key management mechanism and a dynamic reputation-based cross-layer
intrusion detection system to protect the legitimate mesh routers and mesh clients at the
MAC layer and their legitimate routing paths at the network layer.
Protecting legitimate mesh routers and mesh clients from malicious nodes at the
MAC layer is still a challenging issue in HWMNs. Our proposed multi-level key management mechanism supports distributed authentication scheme for backbone mesh and
centralized authentication scheme for client mesh. The proposed distributed authentication scheme effectively utilizes the trusted group heads communications to secure the
join and leave operations of mesh routers in backbone mesh. Our enhanced centralized
authentication scheme uses the lightweight encryption to provide secure communication between the authenticator and the mesh client. Our analysis and experimental results show that the proposed mechanism mitigates the severity of malicious nodes and
iprovides better security with less storage, communication and computation overhead
than the existing key management mechanisms.
Protecting legitimate routing paths which are formed by long-distance wireless links
from wormhole attacks at the network layer is an important yet challenging security issue in HWMNs. The proposed dynamic reputation-based intrusion detection system
analyzes the behavior of the routing paths using cross-layer parameters to correctly isolate the wormhole malicious paths from legitimate routing paths. This isolation ensures
full utilization of legitimate long-distance wireless links in HWMNs, which is not possible with the existing wormhole attack detection approaches. Our analysis and experimental results show that the proposed system increases the detection rate, decreases the
false alarm rate and secures the legitimate long-distance wireless links from wormhole
attacks in HWMNs.
Description
Keywords
Department of Computer Science & Engineering