Proceedings oI International ConIerence on Computing Sciences

WILKES100 ICCS 2013

ISBN: 978-93-5107-172-3
Secure Routing Ior Wireless Mesh Networks using Trust based
Authentication
Parveen Sharma
1,*
and Akhilesh Kumar Bhardwaj
2
1
Research Scholar, Punjab Technical University, Jalandhar 144 601, Punjab, India
2
Research Scholar, Punjab Technical University, Jalandhar 144 601, Punjab, India
Abstract
A Wireless Mesh Network (WMN) is an innovative wireless networking pattern. Contrasting traditional wireless networks,
WMNs do not rely on any permanent inIrastructure. The hosts rely on each other to keep the network linked. Secure Routing
has been one oI the most decisive technologies Ior wireless mesh networks. In this paper, we look at the types, characteristics
and applications oI wireless mesh networks. We study the security and routing issues Ior WMNs. The purpose oI this article is
to present an overview oI existing and proposed systems that can be used to develop measures oI trust and reputation Ior
networking solutions. We identiIy new challenges and opportunities and look at the approaches Ior secure communication.
We propose a new trust based authentication mechanism Ior secure routing in Wireless Mesh Networks.
2013 Elsevier Science. All rights reserved.
Keywords: Wireless mesh networks, routing, attacks, trust, reputation, security, TTP.
1. Introduction
A Wireless Mesh Network (WMN) is shaped by a set oI gateways, mesh routers, and mesh clients. Gateways
and mesh routers Iorm the backbone oI the network, where mobility is reduced. Mesh clients can be cell phones,
laptops or other wireless devices. Routers communicate with the external network (e.g. the Internet) by
Iorwarding each other's traIIic (including client`s traIIic) towards the gateway nodes, which are directly
connected to the wired inIrastructure. In a WMN, each router, Iorwards packets on behalI oI other nodes (that
may not be within direct wireless transmission range oI their destinations). Moreover, the gateway Iunctionalities
enable the integration oI WMNs with various existing wireless networks such as Wi-Fi, cellular networks,
WiMax, among others |1|.
1.1 Types of WMNs
The architecture oI WMNs can be classiIied into three types |2|:
Infrastructure or Backbone WMNs
In this architecture, mesh routers Iorm inIrastructure Ior clients. The WMN inIrastructure/backbone can be
built using various types oI radio technologies. The mesh routers Iorm a mesh oI selI-conIiguring, selI-healing
links among themselves. With gateway Iunctionality, mesh routers can be connected to the Internet. This
approach also reIerred to as inIrastructure meshing.
Client WMNs
Client meshing provides peer-to-peer networks among client devices. In this type oI architecture, client
nodes constitute the actual network to perIorm routing and conIiguration Iunctionalities as well as providing end-
user
219 Elsevier Publications, 2013
Corresponding author : Parveen Kumar
*
Parveen Sharma

and Akhilesh Kumar Bhardwaj
applications to customers.
Hybrid WMNs
This architecture is the combination oI inIrastructure and client meshing; Mesh clients can access the network
through mesh routers as well as directly meshing with other mesh clients. The inIrastructure provides
connectivity to other networks such as the Internet, Wi-Fi, WiMAX, cellular, and sensor networks.
1.2 Characteristics of Wireless Mesh Networks
The characteristics oI WMNs |2| are outlined below:
(i) WMNs support ad hoc networking, and have the capability oI selI-Iorming, selI- healing, and selI-
organization.
(ii) WMNs are multi-hop wireless networks, but with a wireless inIrastructure/backbone provided by mesh
routers.
(iii) Mesh routers have minimal mobility and perIorm dedicated routing and conIiguration, which
signiIicantly decreases the load oI mesh clients and other end nodes.
(iv) Mobility oI end nodes is supported easily through the wireless inIrastructure.
(v) Mesh routers integrate heterogeneous networks, including both wired and wireless. Thus multiple types
oI network access exist in WMNs.
(vi) Power-consumption constraints are diIIerent Ior mesh routers and mesh clients.
(vii) WMNs are not stand-alone and need to be compatible and interoperable with other wireless networks.
1.3 Applications of WMNs
Mesh networks may involve either Iixed or mobile devices. The solutions are as diverse as communication
needs, Ior example in diIIicult environments such as emergency situations, tunnels, oil rigs, battleIield
surveillance, high speed mobile video applications on board public transport or real time racing car telemetry. An
important possible application Ior wireless mesh networks is VoIP |3|.
1.4 Security Issues in WMNs
Security is the vital problem in WMNs. Battery, mobility and bandwidth constraints oI WMNs pose
challenges in achieving security goals. Some oI the security issues |4| are
Signal Jamming
On the physical and media access control layers, an attacker can attack on availability oI the network by
employing jamming to interIace with communication on physical channel.
Denial of Service (DoS)
A DoS attack can be launched at any layer oI wireless mesh network. There are many ways oI instigating
DoS. A common technique is to Ilood the target system with requests. The target system becomes so
overwhelmed by the request that it could not process normal traIIic |4|.
Tempering
Routing protocols in WMN does not check the integrity oI the packet. This allows the attacker could easily
temper any speciIic Iield in the packet resulted in wrong routing decisions like re-direction or route loops, which
degrades the perIormance oI the entire network |5|.
Forging
220 Elsevier Publications, 2013
Schematic design of fault tolerant and dependable ALU using gate diffusion input and triple modular redundancy technique
Attacker could Iorge and broadcast wrong routing inIormation such as declaring some certain link is broken
or replying with a non-exist route. This might cause serious problems like loops, isolated network or node.
Resource depletion attack
Attacker could send a large amount oI useless packet like routing request packet or data packet, depleting the
resource oI network and nodes, such as bandwidth, memory, CPU or batteries |5|.
Wormhole attack
Two distant points in the network are connected by a malicious connection using a direct low-latency link
called the wormhole link. Once the wormhole link is established, the attacker captures wireless transmissions on
one end, sends them through the wormhole link and replays them at the other end.
Black hole Attack
While receiving routing request, the attacker claims that it has a link to the destination node even iI it does not
and then Iorce the source to send packet through it without Iorwarding the data packet to next hop |5|.
1.5 Routing in WMNs
Whenever a node has to send some data to another node, it checks iI it has the route to destination; iI not it
starts the route discovery phase |6|. Routing protocols are used to Iind and maintain routes between source and
destination nodes, in order to Iorward traIIic. Mesh routers are relatively static and Mesh routers are not power
constrained |1|.
1.6 Issues of Security in Routing
Given a source and destination node, a routing protocol provides one or more network paths over which
packets can be routed to the destination. The routing protocol computes such paths to meet criteria such as
minimum delay, maximum data rate, minimum path length etc. |7|. Some oI the issues are described below:
By attacking the routing mechanism, an adversary can modiIy the network topology and thereIore aIIect the
good Iunctioning oI the network |8|. The adversary can
o Tamper with the routing messages,
o ModiIy the state oI one or several TAPs in the network,
o Use replicated node(s),
o PerIorm DoS attacks.
Transmission errors
The unreliability oI the wireless medium may lead to transmission errors |1|.
Link and node failures
Nodes and links may Iail at any time due to diIIerent types oI hazardous conditions in the environment.
Incorrect routes
Due to node/link Iailures or additions to the network, routes may become obsolete or based on an incorrect
system state |1|.
Congested nodes or links
Due to the topology oI the network and the nature oI the routing protocols, certain nodes or links may become
congested, which will lead to higher delay or packet loss.
1.7 Requirements of secure routing in WMNs
221 Elsevier Publications, 2013
Parveen Sharma

and Akhilesh Kumar Bhardwaj
A secure, robust and optimal routing protocol Ior wireless mesh network should satisIy the Iollowing
requirements |2|:
Multiple Performance Metrics
Many existing routing protocols use minimum hop-count as a perIormance metric to select the routing path.
This has been demonstrated to be ineIIective in many situations.
Scalability
Setting up or maintaining a routing path in a very large wireless network may take a long time. Thus, it is
critical to have a scalable routing protocol in WMNs.
Robustness
To avoid service disruption, WMNs must be robust to link Iailures or congestion. Routing protocols also need
to perIorm load balancing.
Efficient Routing with Mesh Infrastructure
Considering the minimal mobility and no constraints on power consumption in mesh routers, the routing
protocol in mesh routers is expected to be much simpler than ad hoc network routing protocols. With the mesh
inIrastructure provided by mesh routers, the routing protocol Ior mesh clients can also be made simple.
1.8 Secure routing in WMNs
Some kinds oI secure routing in WMNs are described below,
A Reputation based metric for secure routing
This approach considers nodes reputation as a good metric Ior path selection. Here, the routing path is
selected based on the concept oI 'trustworthy Iirst. This approach is an extension to the AODV protocol, called
AODV-REX (AODV - Reputation Extension). This approach mitigates the eIIects oI black hole and gray hole
attacks |9|.
Enhanced secure field based routing
Field based routing uses a little inIormation to route the packets. In this approach every node in the network
calculates its routing Iield value Irom its neighbours nodes. An array is introduced globally whose values are
updated containing all the Iield values oI its neighbours node. So the packet will Iorward the node having highest
Iield value and array oI authenticated neighbours and ultimately the packet will reach to its destination |10|.
Cross layer based approach
This approach provides security in routing based on cross layer inIormation. Cross layer secure and resource-
aware on demand routing (CSROR) protocol Ior hybrid WMN is designed to ensure routing security. This
protocol uses both MAC and application layer. Security is measured based on threat level value. This approach is
good eIIect Ior black hole, worm hole and gray hole attacks |13|.
2. Existing Work
Jin Ho Kim et al. |6| have presented a secure multi-path routing protocol Ior wireless mesh network. This
routing scheme is hybrid in nature as it uses both proactive and reactive approach in Iinding the routes to the
destination. This security mechanism also suIIiciently decreases the control overhead induced by a secure routing
protocol. MHRP provide better data throughput with less route latency and overhead and consume less amount oI
energy at each node. It eIIiciently utilizes the characteristics oI WMN to Iind alternate routes and provide reliable
secure communication.
222 Elsevier Publications, 2013
Schematic design of fault tolerant and dependable ALU using gate diffusion input and triple modular redundancy technique
Francesco Oliviero et al. |9| have proposed a new metric Ior routing in wireless mesh networks. They
showed how a reputation-based metric applied to existing routing protocols can improve the reliability oI the
overall network communication. They presented an extension to the AODV protocol, called AODV-REX, which
exploits a reputation metric in order to increase the security level oI the overall inIrastructure.
Fahad T. Bin Muhaya et al. |10| have demonstrated the Iield based routing which uses a little inIormation to
route the packets in the network. A novel Enhance Secure Field Based Routing Algorithm (ESFBR) is proposed
which is an extension to the existing secure Iield based routing algorithm. This technique is presented with a
conIidence to secure the WMNs Irom internal and external attacks.
Young Yig Yoon et al. |11| have proposed SHWMP, a secure extension oI L2 routing speciIied in 802.11s.
This proposed mechanism takes into consideration the existing key hierarchy oI 802.11s, identiIies the mutable
and nonmutable Iields in the routing message, protects the non-mutable part using symmetric encryption and uses
Merkle-tree approach to authenticate mutable inIormation. They have shown that this protocol is robust against
identiIied attacks and computationally eIIicient as it uses only symmetric key operations.
Celia Li et al. |12| have presented a security enhanced AODV routing protocol, SEAODV. In SEAODV,
Blom`s key pre-distribution scheme is used to establish keys to ensure that every two nodes in the network
uniquely share the pair wise keys. Each node in the network possesses two types oI keys: PTK and GTK. PTK is
used to accomplish the distribution oI GTK while GTK is used to secure the broadcast routing messages between
the node and its one-hop neighbors.
Shafiullah Khan et al. |13| have presented various aspects oI the CSROR protocol. CSROR is based on a
cross-layer inIormation exchange with security considerations and it is designed to ensure routing security and
IulIill diIIerent applications speciIic requirements Ior multimedia delivery and real-time transmissions. CSROR
selects an optimum route on the basis oI route security taking in consideration the diIIerent cross layer
parameters. CSROR is not only resource aware approach but also resilient to diIIerent packet dropping attacks.
CSROR is very eIIective against packet dropping attacks such as black hole, grey hole and wormhole.
3. Proposed work
In general, the most challenging issue in wireless mesh network is secure routing, but there are only limited
works in literature and no complete solution Ior WMN secure routing is proposed yet. A reputation based metric
Ior secure routing is proposed in |9| which uses reputation values in order to provide secure routing in wireless
mesh network. In this mechanism, the reputation values oI nodes are essential Ior selection oI optimum routing,
but these values are not authenticated beIore it reaches the destination. In addition to this, it does not guarantee
the integrity oI the reputation values. CSROR |13| selects an optimum route on the basis oI route security taking
in consideration the diIIerent cross layer parameters. Though CSROR is resource aware, but it is resilient to only
packet dropping attacks.
To rectiIy the above mentioned problems, we propose a new trust based authentication mechanism Ior secure
routing in Wireless Mesh Networks (WMNs). This mechanism has two phases,
i. Trust initialization and updation
ii. Trust protection.
In our architecture, there is Trusted Third Party (TTP) server. The WMNs can request Ior wireless internet access
by subscribing to the TTP which has a mutual agreement with each AP. The TTP also serves as a trusted
CertiIicate Authority (CA) server to issue certiIicates to both APs and WMNs. The certiIicate issued to a WMN
or an AP is a digital signature signed by the TTP on its public key as well as the linkage between the public key
and the WMNs or AP`s identity, respectively. The WMN needs to subscribe to the TTP directly or through its
home AP in order to gain the wireless internet access. The TTP signs on WMN`s new credential, and sends back
223 Elsevier Publications, 2013
Parveen Sharma

and Akhilesh Kumar Bhardwaj


to the WMNs. Thus, the above proposed mechanism provides secure routing in Wireless Mesh Networks
(WMNs) using trust tables and trust key management schemes.

Trust Initialization

Generally, nodes in the WMN communicate with other nodes while transmitting data packets Irom source to
destination. In our mechanism, each node in the network consists oI a trust table, which contains trust counter
value oI neighboring nodes. Initially, we assign initial trust counter values Ior its neighbors because initially
nodes do not have knowledge about its neighbor nodes. When the source node wants to transmit data to the
destination, it sends RREQ packets to its neighboring nodes. Each node keeps track oI the number oI packets
Iorwarded through a route using a packet counter (PC). When node n
i
receives packets Irom node n
j
, the PC value
oI node n
j
is incremented by node n
i
. Similarly, packet passes to all neighbors and Iinally reaches the destination.

Trust Protection

Every node in the network has two types oI keys as general key (GKey) and Pairwise secret key (PSKey)
obtained Irom the certiIicate issued by the TTP, Ior its neighbor nodes. PSkey is secretly shared with each pair oI
the neighbor nodes whereas GKey is commonly shared with all neighbors. Whenever a node moves due to
mobility, its PSey has to be regenerated. Both the keys will be reIreshed periodically. When the destination node
receive RREQ message, it calculates the number oI packet successIully received (P
rec
). Then it constructs the
RREP message and sends towards the source node in reverse path. RREP message is constructed in two steps. In
the Iirst step, P
rec
value is concatenated with Gkey and using this value the hash is generated using MD5 or SHA.

First step H1 (Gkey , P
rec
)

To provide secure routing, the second step is Iormulated,

In the second step, a new hash value is again created Ior the previous hash value using SKey.

Second step H(SKey , H1)

Here, SKey denotes secret key oI the destination.
Finally, the source node id is added with the generated hash value. The destination node sends this Iinal RREP
message to the source along the reverse route oI RREQ message. When the intermediate node n
i
receives the
RREP Irom another node n
j
, along the reverse path, it validates it using its SKey Iirst and then by Gkey. It then
computes packet success ratio oI n
j
by,

PR
j
PCn
j
/ Prec

Then the TC value oI node j is calculated as

TCj TC PR
j

Here TC is the initial trust counter value.

The node n
i
then appends this TC value to the RREP packet, regenerate the hash value using its SKey and
Gkey and Iorwards to the next node in the reverse path. When the source node receives this packet, it validates
the hash value and access TC value oI all intermediate nodes. Then the path trust value (PTV) is calculated as
the sum oI the TC values oI the nodes along the route. The source then selects the route with highest path trust
value.

Conclusions

224 Elsevier Publications, 2013
Schematic design of fault tolerant and dependable ALU using gate diffusion input and triple modular redundancy technique
The toughest issue in wireless mesh network is secure routing, but there are only limited works in literature
and no complete solution Ior WMN secure routing has been provided yet. In this article, we propose a new trust
based authentication mechanism to improve security in Wireless Mesh Networks (WMNs) with optimum routing.
Our mechanism has two phases namely trust initialization and trust protection. In our architecture, we also
introduced Trusted Third Party (TTP) server. The TTP also serves as a trusted CertiIicate Authority (CA) server
to issue certiIicates to both APs and WMNs. In addition, the integrity oI the reputation values is also maintained
simultaneously. Our mechanism thus provides secure routing in Wireless Mesh Networks (WMNs) using trust
tables and trust key management schemes.

References

|1| Cristina Neves Fonseca and Instituto Superior Tecnico, 'Multipath Routing Ior Wireless Mesh Networks.
|2| Ian F.Akyildiz and Xudong Wang, 'A Survey on Wireless Mesh Network, IEEE Radio Communication, 2005.
|3| www.wikipedia.com
|4| Muhammad Shoaib Siddiqui and Choong Seon Hong, 'Security Issues in Wireless Mesh Networks, IEEE International Conference on
Multimedia and Ubiquitous Engineering, 2007.
|5| Yi Ping, Xing Hongkai, Wu Yue and Li Jianhua, 'Security in Wireless Mesh Networks: Challenges and Solutions, Information
Technology New Generations Sixth International Conference, pp-423-428, 2009.
|6| Muhammad Shoaib Siddiqui, Syed Obaid Amin, Jin Ho Kim and Choong Seon Hong, 'MHRP: A Secure Multi-Path Hybrid Routing
Protocol Ior Wireless Mesh Network ', IEEE Military Communication Conference, 2007.
|7| Anand Prabhu Subramanian and Milind M. Buddhikot, Scott Miller, 'InterIerence Aware Routing in Multi Radio Wireless Mesh
Network, 2
nd
IEEE Workshop on Wireless Mesh Network, pp-55-63, 2006.
|8| Naouel Ben Salem and Jean-Pierre Hubaux, 'Securing Wireless Mesh Networks, IEEE Wireless Communication, vol-13, pp-50-55,
2006.
|9| Francesco Oliviero and Simon Pietro Romano, 'A Reputation Based Metric Ior Secure Routing in Wireless Mesh Network, IEEE
GLOBECOM, 2008.
|10| Fahad T. Bin Muhaya1, Fazl-e-Hadi and AtiI Naseer, 'ESFBR- Enhanced secure Iield based routing in wireless mesh networks, Indian
Journal of Science and Technology, 2011.
|11| Md. ShariIul Islam, Young Yig Yoon, Md. Abdul Hamid and Choong Seon Hong, 'A Secure Hybrid Wireless Mesh Protocol Ior
802.11s Mesh Network 'ICCSA, Vol-1, pp-972-985, 2008.
|12| Celia Li, Zhuang Wang, and Cungang Yang, 'Secure Routing For Wireless Mesh Networks, International Journal of Network Security,
pp-109-120, 2011.
|13| ShaIiullah Khan and Jonathan Loo, 'Cross Layer Secure and Resource Aware On Demand Routing Protocol Ior Hybrid Wireless Mesh
Networks, Springer, 2010.
225 Elsevier Publications, 2013
Index

S
Security, 220222

T
Trusted Third Party (TTP) server, 223224