Date of Award

2014

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Electrical and Computer Engineering

Committee Chair

Seong-Moo Yoo

Subject(s)

Wireless communication systems--Security measures, Mobile communication systems, Computer networks--Security measures, Wireless LANs--Security measures

Abstract

Wireless Mesh Networks (WMNs) are emerging as a promising and convenient next-generation wireless network technology. A typical WMN consists of wireless mesh routers and mesh stations (clients). A mesh router/station discovers paths to reach other mesh routers/stations using a path selection protocol known as the Hybrid Wireless Mesh Protocol (HWMP). HWMP is prone to different types of external and internal, routing, and content modification attacks. Hence, a secure framework for HWMP in WMNs is needed. Although several secure versions of HWMP have been proposed, a comprehensive approach that provides a strong end-to-end/point-to-point authentication and integrity services to protect the contents of the HWMP frames has yet to be developed. This dissertation proposes a security framework of the routing protocol, which provides and ensures end-to-end as well as point-to-point authentication and integrity to both mutable and non-mutable fields of the routing frames of HWMP by adding message extension fields to all five HWMP path selection frame elements (path request, path reply, root announcement, path error, and gate announcement). Using the extension fields, the detailed protocol of secure HWMP is proposed in both the path discovery phase (path request and path reply) and the path maintenance phase (gate announcement, root announcement, and path error). The proposed scheme uses an identity (ID)-based online/offline signature scheme to provide end-to-end authentication for non-mutable fields. Broadcast Encryption (BE) and a non-interactive key agreement scheme are used to provide point-to-point authentication via two-hop authentication for mutable fields. Using an ID-based offline/online signature scheme detects illegal modification of the non-mutable fields of the HWMP frames made by malicious intermediate nodes and, thus, prevents potential internal attacks. BE is an efficient scheme that can detect the modifications made by non-colluding malicious nodes and, at the same time, provide two-hop authentication with only the available one-hop neighborhood information. The non-interactive key agreement scheme is one of the most efficient ways to protect the mutable fields in the path reply frames from replay attacks. Employing such strong cryptographic primitives protects the HWMP frames from various external and internal attacks. This work also identifies the vulnerabilities and addresses the issues of the proposed scheme by employing strong, yet efficient cryptographic primitives. Both the security analysis and extensive simulation results show that the proposed version of HWMP performs significantly well despite the cryptographic computations involved in routing.

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.