Towards a Security Architecture for Hybrid WMNs
ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security
Article No.: 107, Pages 1 - 10
Abstract
Currently deployed Wireless Mesh Networks (WMNs) are mostly hybrid, i.e., some Mesh Points (MPs) also employ additional Access Point (AP) radios to connect non-mesh stations (STAs). Today's Wi-Fi security protocols are unsuited in the use case of WMNs, as they can neither derive key material without central authentication servers nor tolerate compromised MPs, as it is required in outdoor deployments. To establish high security standards while embracing the distributed nature of WMNs, we need a novel security architecture, that does not rely on central entities and protects traffic between MPs with End-to-End Encryption (E2EE). We propose and evaluate a distributed security architecture for WMNs with attached APs, which uses certificates early in the authentication process. The architecture provides E2EE between MPs and authentic MAC addresses of all STAs and MPs. STAs, e.g., resource constrained Internet of Things (IoT) devices, cannot participate in the end-to-end encryption, but need to be securely attached to the WMN with mobility and other requirements in mind. The evaluation in our Wi-Fi testbed shows the authentication protocol's suitability for fast (re-)authentication in mobile scenarios.
References
[1]
IEEE Standard for Local and Metropolitan Area Networks: Media Access Control (MAC) Security, Aug 2006.
[2]
IEEE Standard for Local and Metropolitan Area Networks--Port-Based Network Access Control, Feb 2010.
[3]
Ethernet Security Specification 1.0, 2013.
[4]
IEEE 802.11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specification, 2016.
[5]
RFI-16-1800-0009287 Tactical Mesh, 2016.
[6]
Bicakci, K., and Tavli, B. Denial-of-Service Attacks and Countermeasures in IEEE 802.11 Wireless Networks. Computer Standards & Interfaces 31, 5 (2009), 931--941.
[7]
Byrenheid, M., Rossberg, M., Schaefer, G., and Dorn, R. Covert-Channel-Resistant Congestion Control for Traffic Normalization in Uncontrolled Networks. In Intl. Conference on Communications (ICC) (May 2017).
[8]
Egners, A. A Comprehensive Security Architecture for Multi-Operator Wireless Mesh Networks. PhD thesis, RWTH Aachen University, 2015.
[9]
Glass, S., Portmann, M., and Muthukkumarasamy, V. Securing Wireless Mesh Networks. IEEE Internet Computing 12, 4 (2008).
[10]
ITU-T. Recommendation x.509.
[11]
Kolias, C., Kambourakis, G., Stavrou, A., and Gritzalis, S. Intrusion Detection in 802.11 Networks: Empirical Evaluation of Threats and a Public Dataset. IEEE Communications Surveys & Tutorials 18, 1 (2016), 184--208.
[12]
Könings, B., Schaub, F., Kargl, F., and Dietzel, S. Channel Switch and Quiet Attack: New DoS Attacks Exploiting the 802.11 Standard. In Local Computer Networks (2009), IEEE.
[13]
Marin-Lopez, R., Pereniguez, F., Bernal, F., and Gomez, A. Secure Three-Party Key Distribution Protocol for Fast Network Access in EAP-Based Wireless Networks. Computer Networks 54, 15 (2010), 2651--2673.
[14]
Martignon, F., Paris, S., and Capone, A. MobiSEC: A Novel Security Architecture for Wireless Mesh Networks. In Symposium on QoS and Security for Wireless and Mobile Networks (2008), ACM, pp. 35--42.
[15]
Pelechrinis, K., Iliofotou, M., and Krishnamurthy, S. V. Denial of Service Attacks in Wireless Networks: The Case of Jammers. IEEE Communications Surveys & Tutorials 13, 2 (2011), 245--257.
[16]
Schaefer, G., and Rossberg, M. Netzsicherheit. Dpunkt, 2014.
[17]
Siddiqi, M. S., and Hong, C. S. Security Issues in Wireless Mesh Networks. In Intl. Conf. on Multimedia and Ubiquitous Engineering (April 2007).
[18]
Vanhoef, M., Bhandaru, N., Derham, T., Ouzieli, I., and Piessens, F. Operating Channel Validation: Preventing Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks. In ACM Conference on Security and Privacy in Wireless and Mobile Network (2018).
[19]
Vanhoef, M., and Piessens, F. Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys. In USENIX Security Symposium (Austin, TX, 2016), USENIX Association, pp. 673--688.
[20]
Vanhoef, M., and Piessens, F. Denial-of-Service Attacks Against the 4-Way Wi-Fi Handshake. Computer Science & Inf. Tech. (2017).
- Towards a Security Architecture for Hybrid WMNs
Recommendations
Relay-volunteered multi-rate cooperative MAC protocol for IEEE 802.11 WLANs
In IEEE 802.11, the rate of a station (STA) is dynamically determined by link adaptation. Low-rate STAs tend to hog more channel time than high-rate STAs due to fair characteristics of carrier sense multiple access/collision avoidance, leading to ...
Security architecture for law enforcement agencies
In order to carry out their duty to serve and protect, law enforcement agencies (LEAs) must deploy new tools and applications to keep up with the pace of evolving technologies. However, police information and communication technology (ICT) systems have ...
Generalized CSMA/CA for OFDMA systems: protocol design, throughput analysis, and implementation issues
In this paper, we present a multi-channel carrier sense multiple access with collision avoidance (CSMA/CA) protocol for orthogonal frequency division multiple access (OFDMA) systems. The CSMA/CA system in conventional single-channel operation has the ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
August 2019
979 pages
ISBN:9781450371643
DOI:10.1145/3339252
Copyright © 2019 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 26 August 2019
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ARES '19
ARES '19: 14th International Conference on Availability, Reliability and Security
August 26 - 29, 2019
CA, Canterbury, United Kingdom
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 80Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Reflects downloads up to 04 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in