Securing wireless mesh networks : a three dimensional perspective

Wireless Mesh Networks (WMNs) are multi-hop networks that have secured a significant position in the technological world due to their unique characteristics. These networks are dynamically self-healing, self-organizing, and self-configurable. They help to realize the future of network connectivity anywhere and anytime. Moreover, WMNs substantially minimize the complexity in network deployment and maintenance hence reduce the deployment costs of the networks. A WMN consisting of mesh routers with multiple network interfaces can significantly improve the performance and aggregate capacity of the network. While these mesh routers usually have minimal mobility, mesh clients can be either stationary or mobile. These networks can provide facilities to enhance the performance of wireless local area networks (WLANs), metropolitan area networks (WMANs), and ad hoc networks. Moreover, they can be utilized for a variety of applications such as broadband home networking, community networking, transportation systems, and building automations. In order to provide multi-hop authentication in WMNs, different schemes have been proposed over the years. Many of these schemes have certain limitations. Either the schemes use cryptographic mechanisms which are computationally complex or assume to have centralized key distribution and authentication strategies. However, a WMN does not usually have a centralized trust and being a multi-hop network, does have relay nodes. Therefore, security solutions in these networks must be computationally efficient, lightweight, and must handle the additional threats possible from relay nodes. For instance, WMNs are highly prone to severe security attacks such as denial of service attacks. This sense of being insecure demotivates the companies to deploy and provide state-of-the-art wireless services through WMNs. However, if these security issues are efficiently handled, these networks have the ability to provide multiple services to their users concurrently such as online banking, community based file sharing, and live video streaming etc. Moreover, the nodes in WMNs might have distinct resources available (e.g. hardware) and undergo distinguishable security requirements. The ability of WMNs to provide multiple types of network services and the presence of distinct resources in these networks raise the importance of having different levels of security services. The customers using the network services should be able to chose the required security level based on the their needs (e.g. based on the type of service/application) and availability of resources. In this thesis, we try to present the security issues of WMNs in three dimensions. Firstly, we present a protection mechanism based on neighborhood trust to gain efficient authentication of nodes and identification privacy in a clustered WMN. Our approach renders a lightweight protection using hash chains and does not require any trusted authority rather develops mutual trust among nodes in the network based on communication history. We then introduce a secure connection establishment scheme based on neighborhood trust. It preserves anonymity of any two communication parties using a lightweight authentication scheme. In addition, it also offers seamless and secure connectivity to mobile nodes. Our proposed solution applies to both mesh and ad hoc networks. Secondly, we propose a requirement- and resource-friendly security framework established on Merkle trees and adaptive security service-level association mechanism to provide fast authentication and tunable security association among nodes in WMNs based on the availability of network resources and application requirements. Finally, we propose two schemes to mitigate two rather vicious denial of service attacks known as channel assignment attacks and jellyfish attacks in both wireless mesh and ad hoc networks.