Proceedings oI International ConIerence on Computing Sciences
WILKES100 ICCS 2013
ISBN: 978-93-5107-172-3 Secure Routing Ior Wireless Mesh Networks using Trust based Authentication Parveen Sharma 1,* and Akhilesh Kumar Bhardwaj 2 1 Research Scholar, Punjab Technical University, Jalandhar 144 601, Punjab, India 2 Research Scholar, Punjab Technical University, Jalandhar 144 601, Punjab, India Abstract A Wireless Mesh Network (WMN) is an innovative wireless networking pattern. Contrasting traditional wireless networks, WMNs do not rely on any permanent inIrastructure. The hosts rely on each other to keep the network linked. Secure Routing has been one oI the most decisive technologies Ior wireless mesh networks. In this paper, we look at the types, characteristics and applications oI wireless mesh networks. We study the security and routing issues Ior WMNs. The purpose oI this article is to present an overview oI existing and proposed systems that can be used to develop measures oI trust and reputation Ior networking solutions. We identiIy new challenges and opportunities and look at the approaches Ior secure communication. We propose a new trust based authentication mechanism Ior secure routing in Wireless Mesh Networks. 2013 Elsevier Science. All rights reserved. Keywords: Wireless mesh networks, routing, attacks, trust, reputation, security, TTP. 1. Introduction A Wireless Mesh Network (WMN) is shaped by a set oI gateways, mesh routers, and mesh clients. Gateways and mesh routers Iorm the backbone oI the network, where mobility is reduced. Mesh clients can be cell phones, laptops or other wireless devices. Routers communicate with the external network (e.g. the Internet) by Iorwarding each other's traIIic (including client`s traIIic) towards the gateway nodes, which are directly connected to the wired inIrastructure. In a WMN, each router, Iorwards packets on behalI oI other nodes (that may not be within direct wireless transmission range oI their destinations). Moreover, the gateway Iunctionalities enable the integration oI WMNs with various existing wireless networks such as Wi-Fi, cellular networks, WiMax, among others |1|. 1.1 Types of WMNs The architecture oI WMNs can be classiIied into three types |2|: Infrastructure or Backbone WMNs In this architecture, mesh routers Iorm inIrastructure Ior clients. The WMN inIrastructure/backbone can be built using various types oI radio technologies. The mesh routers Iorm a mesh oI selI-conIiguring, selI-healing links among themselves. With gateway Iunctionality, mesh routers can be connected to the Internet. This approach also reIerred to as inIrastructure meshing. Client WMNs Client meshing provides peer-to-peer networks among client devices. In this type oI architecture, client nodes constitute the actual network to perIorm routing and conIiguration Iunctionalities as well as providing end- user 219 Elsevier Publications, 2013 Corresponding author : Parveen Kumar * Parveen Sharma
and Akhilesh Kumar Bhardwaj applications to customers. Hybrid WMNs This architecture is the combination oI inIrastructure and client meshing; Mesh clients can access the network through mesh routers as well as directly meshing with other mesh clients. The inIrastructure provides connectivity to other networks such as the Internet, Wi-Fi, WiMAX, cellular, and sensor networks. 1.2 Characteristics of Wireless Mesh Networks The characteristics oI WMNs |2| are outlined below: (i) WMNs support ad hoc networking, and have the capability oI selI-Iorming, selI- healing, and selI- organization. (ii) WMNs are multi-hop wireless networks, but with a wireless inIrastructure/backbone provided by mesh routers. (iii) Mesh routers have minimal mobility and perIorm dedicated routing and conIiguration, which signiIicantly decreases the load oI mesh clients and other end nodes. (iv) Mobility oI end nodes is supported easily through the wireless inIrastructure. (v) Mesh routers integrate heterogeneous networks, including both wired and wireless. Thus multiple types oI network access exist in WMNs. (vi) Power-consumption constraints are diIIerent Ior mesh routers and mesh clients. (vii) WMNs are not stand-alone and need to be compatible and interoperable with other wireless networks. 1.3 Applications of WMNs Mesh networks may involve either Iixed or mobile devices. The solutions are as diverse as communication needs, Ior example in diIIicult environments such as emergency situations, tunnels, oil rigs, battleIield surveillance, high speed mobile video applications on board public transport or real time racing car telemetry. An important possible application Ior wireless mesh networks is VoIP |3|. 1.4 Security Issues in WMNs Security is the vital problem in WMNs. Battery, mobility and bandwidth constraints oI WMNs pose challenges in achieving security goals. Some oI the security issues |4| are Signal Jamming On the physical and media access control layers, an attacker can attack on availability oI the network by employing jamming to interIace with communication on physical channel. Denial of Service (DoS) A DoS attack can be launched at any layer oI wireless mesh network. There are many ways oI instigating DoS. A common technique is to Ilood the target system with requests. The target system becomes so overwhelmed by the request that it could not process normal traIIic |4|. Tempering Routing protocols in WMN does not check the integrity oI the packet. This allows the attacker could easily temper any speciIic Iield in the packet resulted in wrong routing decisions like re-direction or route loops, which degrades the perIormance oI the entire network |5|. Forging 220 Elsevier Publications, 2013 Schematic design of fault tolerant and dependable ALU using gate diffusion input and triple modular redundancy technique Attacker could Iorge and broadcast wrong routing inIormation such as declaring some certain link is broken or replying with a non-exist route. This might cause serious problems like loops, isolated network or node. Resource depletion attack Attacker could send a large amount oI useless packet like routing request packet or data packet, depleting the resource oI network and nodes, such as bandwidth, memory, CPU or batteries |5|. Wormhole attack Two distant points in the network are connected by a malicious connection using a direct low-latency link called the wormhole link. Once the wormhole link is established, the attacker captures wireless transmissions on one end, sends them through the wormhole link and replays them at the other end. Black hole Attack While receiving routing request, the attacker claims that it has a link to the destination node even iI it does not and then Iorce the source to send packet through it without Iorwarding the data packet to next hop |5|. 1.5 Routing in WMNs Whenever a node has to send some data to another node, it checks iI it has the route to destination; iI not it starts the route discovery phase |6|. Routing protocols are used to Iind and maintain routes between source and destination nodes, in order to Iorward traIIic. Mesh routers are relatively static and Mesh routers are not power constrained |1|. 1.6 Issues of Security in Routing Given a source and destination node, a routing protocol provides one or more network paths over which packets can be routed to the destination. The routing protocol computes such paths to meet criteria such as minimum delay, maximum data rate, minimum path length etc. |7|. Some oI the issues are described below: By attacking the routing mechanism, an adversary can modiIy the network topology and thereIore aIIect the good Iunctioning oI the network |8|. The adversary can o Tamper with the routing messages, o ModiIy the state oI one or several TAPs in the network, o Use replicated node(s), o PerIorm DoS attacks. Transmission errors The unreliability oI the wireless medium may lead to transmission errors |1|. Link and node failures Nodes and links may Iail at any time due to diIIerent types oI hazardous conditions in the environment. Incorrect routes Due to node/link Iailures or additions to the network, routes may become obsolete or based on an incorrect system state |1|. Congested nodes or links Due to the topology oI the network and the nature oI the routing protocols, certain nodes or links may become congested, which will lead to higher delay or packet loss. 1.7 Requirements of secure routing in WMNs 221 Elsevier Publications, 2013 Parveen Sharma
and Akhilesh Kumar Bhardwaj A secure, robust and optimal routing protocol Ior wireless mesh network should satisIy the Iollowing requirements |2|: Multiple Performance Metrics Many existing routing protocols use minimum hop-count as a perIormance metric to select the routing path. This has been demonstrated to be ineIIective in many situations. Scalability Setting up or maintaining a routing path in a very large wireless network may take a long time. Thus, it is critical to have a scalable routing protocol in WMNs. Robustness To avoid service disruption, WMNs must be robust to link Iailures or congestion. Routing protocols also need to perIorm load balancing. Efficient Routing with Mesh Infrastructure Considering the minimal mobility and no constraints on power consumption in mesh routers, the routing protocol in mesh routers is expected to be much simpler than ad hoc network routing protocols. With the mesh inIrastructure provided by mesh routers, the routing protocol Ior mesh clients can also be made simple. 1.8 Secure routing in WMNs Some kinds oI secure routing in WMNs are described below, A Reputation based metric for secure routing This approach considers nodes reputation as a good metric Ior path selection. Here, the routing path is selected based on the concept oI 'trustworthy Iirst. This approach is an extension to the AODV protocol, called AODV-REX (AODV - Reputation Extension). This approach mitigates the eIIects oI black hole and gray hole attacks |9|. Enhanced secure field based routing Field based routing uses a little inIormation to route the packets. In this approach every node in the network calculates its routing Iield value Irom its neighbours nodes. An array is introduced globally whose values are updated containing all the Iield values oI its neighbours node. So the packet will Iorward the node having highest Iield value and array oI authenticated neighbours and ultimately the packet will reach to its destination |10|. Cross layer based approach This approach provides security in routing based on cross layer inIormation. Cross layer secure and resource- aware on demand routing (CSROR) protocol Ior hybrid WMN is designed to ensure routing security. This protocol uses both MAC and application layer. Security is measured based on threat level value. This approach is good eIIect Ior black hole, worm hole and gray hole attacks |13|. 2. Existing Work Jin Ho Kim et al. |6| have presented a secure multi-path routing protocol Ior wireless mesh network. This routing scheme is hybrid in nature as it uses both proactive and reactive approach in Iinding the routes to the destination. This security mechanism also suIIiciently decreases the control overhead induced by a secure routing protocol. MHRP provide better data throughput with less route latency and overhead and consume less amount oI energy at each node. It eIIiciently utilizes the characteristics oI WMN to Iind alternate routes and provide reliable secure communication. 222 Elsevier Publications, 2013 Schematic design of fault tolerant and dependable ALU using gate diffusion input and triple modular redundancy technique Francesco Oliviero et al. |9| have proposed a new metric Ior routing in wireless mesh networks. They showed how a reputation-based metric applied to existing routing protocols can improve the reliability oI the overall network communication. They presented an extension to the AODV protocol, called AODV-REX, which exploits a reputation metric in order to increase the security level oI the overall inIrastructure. Fahad T. Bin Muhaya et al. |10| have demonstrated the Iield based routing which uses a little inIormation to route the packets in the network. A novel Enhance Secure Field Based Routing Algorithm (ESFBR) is proposed which is an extension to the existing secure Iield based routing algorithm. This technique is presented with a conIidence to secure the WMNs Irom internal and external attacks. Young Yig Yoon et al. |11| have proposed SHWMP, a secure extension oI L2 routing speciIied in 802.11s. This proposed mechanism takes into consideration the existing key hierarchy oI 802.11s, identiIies the mutable and nonmutable Iields in the routing message, protects the non-mutable part using symmetric encryption and uses Merkle-tree approach to authenticate mutable inIormation. They have shown that this protocol is robust against identiIied attacks and computationally eIIicient as it uses only symmetric key operations. Celia Li et al. |12| have presented a security enhanced AODV routing protocol, SEAODV. In SEAODV, Blom`s key pre-distribution scheme is used to establish keys to ensure that every two nodes in the network uniquely share the pair wise keys. Each node in the network possesses two types oI keys: PTK and GTK. PTK is used to accomplish the distribution oI GTK while GTK is used to secure the broadcast routing messages between the node and its one-hop neighbors. Shafiullah Khan et al. |13| have presented various aspects oI the CSROR protocol. CSROR is based on a cross-layer inIormation exchange with security considerations and it is designed to ensure routing security and IulIill diIIerent applications speciIic requirements Ior multimedia delivery and real-time transmissions. CSROR selects an optimum route on the basis oI route security taking in consideration the diIIerent cross layer parameters. CSROR is not only resource aware approach but also resilient to diIIerent packet dropping attacks. CSROR is very eIIective against packet dropping attacks such as black hole, grey hole and wormhole. 3. Proposed work In general, the most challenging issue in wireless mesh network is secure routing, but there are only limited works in literature and no complete solution Ior WMN secure routing is proposed yet. A reputation based metric Ior secure routing is proposed in |9| which uses reputation values in order to provide secure routing in wireless mesh network. In this mechanism, the reputation values oI nodes are essential Ior selection oI optimum routing, but these values are not authenticated beIore it reaches the destination. In addition to this, it does not guarantee the integrity oI the reputation values. CSROR |13| selects an optimum route on the basis oI route security taking in consideration the diIIerent cross layer parameters. Though CSROR is resource aware, but it is resilient to only packet dropping attacks. To rectiIy the above mentioned problems, we propose a new trust based authentication mechanism Ior secure routing in Wireless Mesh Networks (WMNs). This mechanism has two phases, i. Trust initialization and updation ii. Trust protection. In our architecture, there is Trusted Third Party (TTP) server. The WMNs can request Ior wireless internet access by subscribing to the TTP which has a mutual agreement with each AP. The TTP also serves as a trusted CertiIicate Authority (CA) server to issue certiIicates to both APs and WMNs. The certiIicate issued to a WMN or an AP is a digital signature signed by the TTP on its public key as well as the linkage between the public key and the WMNs or AP`s identity, respectively. The WMN needs to subscribe to the TTP directly or through its home AP in order to gain the wireless internet access. The TTP signs on WMN`s new credential, and sends back 223 Elsevier Publications, 2013 Parveen Sharma
and Akhilesh Kumar Bhardwaj
to the WMNs. Thus, the above proposed mechanism provides secure routing in Wireless Mesh Networks (WMNs) using trust tables and trust key management schemes.
Trust Initialization
Generally, nodes in the WMN communicate with other nodes while transmitting data packets Irom source to destination. In our mechanism, each node in the network consists oI a trust table, which contains trust counter value oI neighboring nodes. Initially, we assign initial trust counter values Ior its neighbors because initially nodes do not have knowledge about its neighbor nodes. When the source node wants to transmit data to the destination, it sends RREQ packets to its neighboring nodes. Each node keeps track oI the number oI packets Iorwarded through a route using a packet counter (PC). When node n i receives packets Irom node n j , the PC value oI node n j is incremented by node n i . Similarly, packet passes to all neighbors and Iinally reaches the destination.
Trust Protection
Every node in the network has two types oI keys as general key (GKey) and Pairwise secret key (PSKey) obtained Irom the certiIicate issued by the TTP, Ior its neighbor nodes. PSkey is secretly shared with each pair oI the neighbor nodes whereas GKey is commonly shared with all neighbors. Whenever a node moves due to mobility, its PSey has to be regenerated. Both the keys will be reIreshed periodically. When the destination node receive RREQ message, it calculates the number oI packet successIully received (P rec ). Then it constructs the RREP message and sends towards the source node in reverse path. RREP message is constructed in two steps. In the Iirst step, P rec value is concatenated with Gkey and using this value the hash is generated using MD5 or SHA.
First step H1 (Gkey , P rec )
To provide secure routing, the second step is Iormulated,
In the second step, a new hash value is again created Ior the previous hash value using SKey.
Second step H(SKey , H1)
Here, SKey denotes secret key oI the destination. Finally, the source node id is added with the generated hash value. The destination node sends this Iinal RREP message to the source along the reverse route oI RREQ message. When the intermediate node n i receives the RREP Irom another node n j , along the reverse path, it validates it using its SKey Iirst and then by Gkey. It then computes packet success ratio oI n j by,
PR j PCn j / Prec
Then the TC value oI node j is calculated as
TCj TC PR j
Here TC is the initial trust counter value.
The node n i then appends this TC value to the RREP packet, regenerate the hash value using its SKey and Gkey and Iorwards to the next node in the reverse path. When the source node receives this packet, it validates the hash value and access TC value oI all intermediate nodes. Then the path trust value (PTV) is calculated as the sum oI the TC values oI the nodes along the route. The source then selects the route with highest path trust value.
Conclusions
224 Elsevier Publications, 2013 Schematic design of fault tolerant and dependable ALU using gate diffusion input and triple modular redundancy technique The toughest issue in wireless mesh network is secure routing, but there are only limited works in literature and no complete solution Ior WMN secure routing has been provided yet. In this article, we propose a new trust based authentication mechanism to improve security in Wireless Mesh Networks (WMNs) with optimum routing. Our mechanism has two phases namely trust initialization and trust protection. In our architecture, we also introduced Trusted Third Party (TTP) server. The TTP also serves as a trusted CertiIicate Authority (CA) server to issue certiIicates to both APs and WMNs. In addition, the integrity oI the reputation values is also maintained simultaneously. Our mechanism thus provides secure routing in Wireless Mesh Networks (WMNs) using trust tables and trust key management schemes.
References
|1| Cristina Neves Fonseca and Instituto Superior Tecnico, 'Multipath Routing Ior Wireless Mesh Networks. |2| Ian F.Akyildiz and Xudong Wang, 'A Survey on Wireless Mesh Network, IEEE Radio Communication, 2005. |3| www.wikipedia.com |4| Muhammad Shoaib Siddiqui and Choong Seon Hong, 'Security Issues in Wireless Mesh Networks, IEEE International Conference on Multimedia and Ubiquitous Engineering, 2007. |5| Yi Ping, Xing Hongkai, Wu Yue and Li Jianhua, 'Security in Wireless Mesh Networks: Challenges and Solutions, Information Technology New Generations Sixth International Conference, pp-423-428, 2009. |6| Muhammad Shoaib Siddiqui, Syed Obaid Amin, Jin Ho Kim and Choong Seon Hong, 'MHRP: A Secure Multi-Path Hybrid Routing Protocol Ior Wireless Mesh Network ', IEEE Military Communication Conference, 2007. |7| Anand Prabhu Subramanian and Milind M. Buddhikot, Scott Miller, 'InterIerence Aware Routing in Multi Radio Wireless Mesh Network, 2 nd IEEE Workshop on Wireless Mesh Network, pp-55-63, 2006. |8| Naouel Ben Salem and Jean-Pierre Hubaux, 'Securing Wireless Mesh Networks, IEEE Wireless Communication, vol-13, pp-50-55, 2006. |9| Francesco Oliviero and Simon Pietro Romano, 'A Reputation Based Metric Ior Secure Routing in Wireless Mesh Network, IEEE GLOBECOM, 2008. |10| Fahad T. Bin Muhaya1, Fazl-e-Hadi and AtiI Naseer, 'ESFBR- Enhanced secure Iield based routing in wireless mesh networks, Indian Journal of Science and Technology, 2011. |11| Md. ShariIul Islam, Young Yig Yoon, Md. Abdul Hamid and Choong Seon Hong, 'A Secure Hybrid Wireless Mesh Protocol Ior 802.11s Mesh Network 'ICCSA, Vol-1, pp-972-985, 2008. |12| Celia Li, Zhuang Wang, and Cungang Yang, 'Secure Routing For Wireless Mesh Networks, International Journal of Network Security, pp-109-120, 2011. |13| ShaIiullah Khan and Jonathan Loo, 'Cross Layer Secure and Resource Aware On Demand Routing Protocol Ior Hybrid Wireless Mesh Networks, Springer, 2010. 225 Elsevier Publications, 2013 Index