Research On Security Behavior And Protection Methods In Wireless Mesh Networks

Wireless Mesh Networks (WMNs), with the characteristics of fast extension andflexible deployment, are inspiring broad applications in military defense, public safety,environmental monitoring, healthcare, urban transport, production, living, etc. Inpractice, WMNs are prone to various malicious attacks due to open wireless media,multihop communication mechanism, dynamic topology, lack of a trusted controlcenter, lack of a physical protection of mesh routers, etc. Therefore, it is not practicalfor WMNs to directly apply existing security protection methods used in wirelessnetworks since the wireless mesh connectivity is different from point-to-multipointarchitecture of Wi-Fi, WiMAX, etc. and from multipoint-to-multipoint connectivity ofwireless sensor networks (WSNs) and mobile ad hoc networks (MANETs). Manysecurity protocols proposed for WMNs show a limited power to counter maliciousattacks for lack of a systematic measure for discovery, prevention and response.In the dissertation, based on non-complete dynamic game theory, supported bycryptography, from three levels of behavioral trusted security evaluation, behavioralsecurity protection and behavioral traitor tracing and from the perspective of node, wethoroughly studied security behaviors and protection methods in game environment inorder to specially resolve the security problems of communication behaviors betweennodes in WMNs. The major contributions of this dissertation are stated as follows:(1) Propose a node security behavior model in WMNs named NodeEYE toresolve the problems of the behavioral trusted security evaluation and that existingsecurity models can not entirely satisfy the requirements on security and privacy ofcommunication behaviors between nodes.NodeEYE establishes a trusted logic for judging the security of peer party bymeans of evaluations of trusted identity, trusted behavior and trusted content(three-factor) and optimizes the allocation of resources by associating the results oftrusted security evaluation and resources allocation. Using attributes, progressivethree-factor evaluation model and two-factor Bayes decision-making model based onevaluation and risk, NodeEYE depicts node's state and intelligent behaviors anddescribes how to adopt the next behavior strategy for protecting communicationsecurity. In comparison to existing security models, the proposed NodeEYE can beused to analyze more extensive security properties, transform a later proven logic to aprior proven logic, evolve according to security requirements, make a node countermalicious attacks in a proactive stance, and provide a stable theory foundation forsecurity analysis of communication protocols.(2) Propose privacy-enhanced hybrid key exchange schemes, an identificationcertificate predistribution based roaming instant authentication scheme and group admission schemes in emergency wireless mesh networks to resolve the problems thatexisting security protection methods of agreement behavior, roaming behavior andgroup entry behavior explore resources cost more and privacy protection less.To the agreement behavior security, the privacy-enhanced hybrid key exchangeschemes use signcryption to guarantee that only the peer party can decrypt and verifythe message, use symmetric encryption to protect original elements of a shared key,and use hash function to achieve key source authentication instead of digital signature.In comparison to existing key agreement methods, the schemes effectively protectboth parties' privacy and preserve the resources of computation and communicationup to12.5%and33.3%, respectively.To the roaming behavior security, the identification certificate predistributionbased roaming instant authentication scheme descends the complexity of public keycertificate in use through importing a lightweight identification certificate, guaranteesthat any legitimate mobile node gains a roaming passport from an authenticationcenter and then achieves the intra-and inter-domain roaming instant authenticationthrough rationally pre-deploying identification certificates in authentication centers ofvisited and home networks and access points. In comparison to existing roamingauthentication methods, the scheme leaves out the authentication informationexchange between visited and home networks, reduces roaming authenticationnumbers with the participation of authentication centers, in the result, saves networkresources and shortens roaming authentication delay further.To the group entry behavior security, the group admission schemes in emergencyWMNs use associated random numbers to combine the elliptic curve ElGamal anddirected signature to enhance the security of algorithm and privacy of both parties anduse the elliptic curve signcryption and parameter reuse to guarantee the security andefficiency of communication. In comparison to traditional elliptic curve based groupadmission methods, the schemes achieve privacy enhanced further and resourcespreservation up to33.3%and25%in terms of computation and communication,respectively.(3) Propose a dynamic traitor tracing scheme in group communication namediGOSDTT to resolve the problem of the behavioral traitor tracing.The scheme locks suspicious traitor groups according to the information ofbelonging group and traitor's number captured by a traitor behavior monitoring center,updates the group key to special groups using a lightweight group orientedsigncryption algorithm iGOS, divides the suspicious traitor groups in binary waycontinuously, reduces the suspicious area step by step until trace the traitors. Thescheme resolves the problem of traitor behavior tracing in group communication.