Research On Secure Mechanisms For Wireless Mesh Networks

With radio link in Radio links are used to provide backhaul connectivity for base, it has the advantage of const-effective, flexibility and Rapid Deploy. Meanwhile, it is susceptible and vulnerable to attacks, because of its exposed media and muti-hop relaying. So wireless mesh networks need higher safeguard, especially the company user, they not only need to prevent unauthorized user but keep the data secure.In traditional networks, the network devices are well protected. But the wireless mesh routers are alawys placed outdoor, the security can not be guaranteed. In additional to this, the design of the security scheme of wireless mesh networks has the challenges of 1) the Boundary is not clear; 2) the communication media is exposed; 3)Wireless bandwidth is limited; 4)Network entity and network structure is heterogeneous; and so on. The dissertation focuses on the research of seucurity of wireless mesh networks. The outline of the thesis as the following:(1) A routing-driven security scheme is proposed. The scheme combines secure end-to-end links and secure local links. The confidentiality and integrality is guaranteed. The mutual authentication and key agreement between the communication nodes is created with the routing procedure. With effective asymmetry cryptogram algorithm and signature based on hash algorithm, the communication between soure and destine node is secure. The signature and share key is self-created and self-updated by the nodes. The method is distributed and periodicity. When the node enters the networks, it firstly creates share key and signature with the neighbors, using public cryptography algorithm. The end-to-end security combines with local security. It can verify the packet hop-by-hop in end-to-end communications. In the method of local security, the control frame and managemnt frame was protected by cryptogram and signature. It can eliminate a lot of Deny of Service attacks.(2) An anonymous communication protocol for wireless mesh networks is proposed. Based on group signaute technique, the communication nodes in this case protocol could complete mutual authentication anonymously. Each node could get a unique private group key and a uniform public group key when register with TTP (Trusted Third Part). When a node enters networks, with the help of DH (Diffie-Hellman) key agreement, it uses the private group key to authenticate with neighbours anonymously. And then creates link with the gateway by anonymous routing protocol. Both the gateway node and the neighbours can authenticate the new node anonymously. Each data flow has its own route. The node on the route only knows the up-link node and the down-link node, but it does't know where the route begin and end. The routing request packet and data packet in the protocol is divided to same length. So the potocol could prevent the flow analysis attack.(3) A hierarchical intrusion detection structue is proposed. The Structure includes three parts: detect server, mesh router detection node, client detection node. Detect server is on the top of structure, it is awalys placed with the gateway router. The administrator can check the security of network thought the server. The detect server also computes the nodes' trust value from the data gathered by mesh router detection node. If there is a node has a low trust value, it will be altering the adminstrator. The mesh router detection node executes the core detection. The router detection node is fixed and its energy is not limited. So it could execute completely detection. Besides the local detection, the node could share the detection infomation with neighbours and trigger jiont detection. When the node detects there is an attack, it should report to detect server and trigger the local response. After recives the attack alter, detect server decide wehter launch a globe response. In client area, the node's energy is limited. A lightweight detection engine is proposed. It only executes misuse detection by check the head of the frame. Beside this, it collects the network data and reported to router detection node. The packet is simpied and filtered for reducing energy consumption. A trust mechanic based on TMBS is combined. Each node monitor it neighbours and report the infomation to detection server. Detection server decides each node's trust value with the help of the topology infomation. The valuation between nodes only decreases the trust value, which could detect the malicious node more effective.