Skip to main content
SpringerLink
Log in

Securing Remote Access Inside Wireless Mesh Networks

  • Conference paper
Information Security Applications (WISA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5932))

Included in the following conference series:

Abstract

Wireless mesh networks (WMNs) that are being increasingly deployed in communities and public places provide a relatively stable routing infrastructure and can be used for diverse carrier-managed services. As a particular example we consider the scenario where a mobile device initially registered for the use with one wireless network (its home network) moves to the area covered by another network inside the same mesh. The goal is to establish a secure access to the home network using the infrastructure of the mesh.

Classical mechanisms such as VPNs can protect end-to-end communication between the mobile device and its home network while remaining transparent to the routing infrastructure. In WMNs this transparency can be misused for packet injection leading to the unnecessary consumption of the communication bandwidth. This may have negative impact on the cooperation of mesh routers which is essential for the connection establishment.

In this paper we describe how to establish remote connections inside WMNs while guaranteeing secure end-to-end communication between the mobile device and its home network and secure transmission of the corresponding packets along the underlying multi-hop path. Our solution is a provably secure, yet lightweight and round-optimal remote network access protocol in which intermediate mesh routers are considered to be part of the security architecture. We also sketch some ideas on the practical realization of the protocol using known standards and mention extensions with regard to forward secrecy, anonymity and accounting.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abdalla, M., Bellare, M., Rogaway, P.: The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP). RFC 3748, IETF (2004)

    Google Scholar 

  3. Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)

    Google Scholar 

  4. Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  5. Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)

    Google Scholar 

  6. Bellare, M., Rogaway, P.: The Exact Security of Digital Signatures - How to Sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)

    Google Scholar 

  7. Bersani, F., Tschofenig, H.: The EAP-PSK Protocol: A Pre-Shared Key EAP Method. RFC 4764, IETF (2007)

    Google Scholar 

  8. Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably Authenticated Group Diffie-Hellman Key Exchange. In: CCS 2001, pp. 255–264. ACM, New York (2001)

    Chapter  Google Scholar 

  9. Buttyán, L., Hubaux, J.-P.: Security and Cooperation in Wireless Networks. Cambridge Univ. Press, Cambridge (2008)

    Google Scholar 

  10. Cheikhrouhou, O., Laurent-Maknavicius, M., Chaouchi, H.: Security Architecture in a Multi-Hop Mesh Network. In: SAR 2006 (2006)

    Google Scholar 

  11. Clancy, T., Arbaugh, W.: EAP Password Authenticated Exchange. RFC 4746, IETF (2006)

    Google Scholar 

  12. Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004)

    Google Scholar 

  13. Draves, R., Padhye, J., Zill, B.: Comparison of Routing Metrics for Static Multi-Hop Wireless Networks. In: SIGCOMM 2004, pp. 133–144. ACM, New York (2004)

    Chapter  Google Scholar 

  14. Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., Yegin, A.: Protocol for Carrying Authentication for Network Access (PANA). RFC 5191, IETF (2008)

    Google Scholar 

  15. Fouque, P.-A., Pointcheval, D., Zimmer, S.: HMAC is a Randomness Extractor and Applications to TLS. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 180–191. Springer, Heidelberg (2003)

    Google Scholar 

  16. Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP Is Secure under the RSA Assumption. Journal of Cryptology 17(2), 81–104 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  17. Funk, P., Blake-Wilson, S.: Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0). RFC 5281, IETF (2008)

    Google Scholar 

  18. Johnson, D., Hu, Y., Maltz, D.: The Dynamic Source Routing Protocol (DSR) for Mobile Ad Hoc Networks for IPv4. RFC 4728, IETF (2007)

    Google Scholar 

  19. Khan, K., Akbar, M.: Authentication in Multi-Hop Wireless Mesh Networks. PWASET 16, 178–183 (2006)

    Google Scholar 

  20. Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential Aggregate Signatures and Multisignatures without Random Oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465–485. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  21. Lysyanskaya, A., Micali, S., Reyzin, L., Shacham, H.: Sequential Aggregate Signatures from Trapdoor Permutations. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 74–90. Springer, Heidelberg (2004)

    Google Scholar 

  22. Moustafa, H., Bourdon, G., Gourhant, Y.: Authentication, Authorization and Accounting (AAA) in Hybrid Ad hoc Hotspot’s Environments. In: WMASH 2006, pp. 37–46. ACM, New York (2006)

    Chapter  Google Scholar 

  23. NIST. Digital Signature Standard (DSS). FIPS PUB 186-2 (2000)

    Google Scholar 

  24. Perkins, C., Belding-Royer, E., Das, S.: Ad hoc On-Demand Distance Vector (AODV) Routing. RFC 3561, IETF (2003)

    Google Scholar 

  25. Simon, D., Aboba, B., Hurst, R.: The EAP-TLS Authentication Protocol. RFC 5216, IETF (2008)

    Google Scholar 

  26. Xu, S., Mu, Y., Susilo, W.: Online/Offline Signatures and Multisignatures for AODV and DSR Routing Security. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 99–110. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  27. Zhao, M., Smith, S.W., Nicol, D.M.: Aggregated Path Authentication for Efficient BGP Security. In: ACM CCS 2005, pp. 128–138. ACM, New York (2005)

    Chapter  Google Scholar 

  28. Zhu, H., Bao, F., Li, T., Wu, Y.: Sequential Aggregate Signatures for Wireless Routing Protocols. In: IEEE WCNC 2005, pp. 2436–2439. IEEE, Los Alamitos (2005)

    Google Scholar 

  29. Zhu, S., Xu, S., Setia, S., Jajodia, S.: LHAP: A Lightweight Network Access Control Protocol for Ad Hoc Networks. Ad Hoc Networks 4(5), 567–585 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cryptographic Protocols Group Department of Computer Science, TU Darmstadt & CASED, Germany

    Mark Manulis

Authors
  1. Mark Manulis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Security Engineering, Soonchunhyang University, 646, Eupnae-ri, Shinchang-myun, Asan-si, Chungnam-do, 336-745, Korea

    Heung Youl Youm

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Manulis, M. (2009). Securing Remote Access Inside Wireless Mesh Networks. In: Youm, H.Y., Yung, M. (eds) Information Security Applications. WISA 2009. Lecture Notes in Computer Science, vol 5932. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10838-9_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10838-9_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10837-2

  • Online ISBN: 978-3-642-10838-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation