Abstract
Wireless mesh networks (WMNs) that are being increasingly deployed in communities and public places provide a relatively stable routing infrastructure and can be used for diverse carrier-managed services. As a particular example we consider the scenario where a mobile device initially registered for the use with one wireless network (its home network) moves to the area covered by another network inside the same mesh. The goal is to establish a secure access to the home network using the infrastructure of the mesh.
Classical mechanisms such as VPNs can protect end-to-end communication between the mobile device and its home network while remaining transparent to the routing infrastructure. In WMNs this transparency can be misused for packet injection leading to the unnecessary consumption of the communication bandwidth. This may have negative impact on the cooperation of mesh routers which is essential for the connection establishment.
In this paper we describe how to establish remote connections inside WMNs while guaranteeing secure end-to-end communication between the mobile device and its home network and secure transmission of the corresponding packets along the underlying multi-hop path. Our solution is a provably secure, yet lightweight and round-optimal remote network access protocol in which intermediate mesh routers are considered to be part of the security architecture. We also sketch some ideas on the practical realization of the protocol using known standards and mention extensions with regard to forward secrecy, anonymity and accounting.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdalla, M., Bellare, M., Rogaway, P.: The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001)
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP). RFC 3748, IETF (2004)
Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Bellare, M., Rogaway, P.: The Exact Security of Digital Signatures - How to Sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)
Bersani, F., Tschofenig, H.: The EAP-PSK Protocol: A Pre-Shared Key EAP Method. RFC 4764, IETF (2007)
Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably Authenticated Group Diffie-Hellman Key Exchange. In: CCS 2001, pp. 255–264. ACM, New York (2001)
Buttyán, L., Hubaux, J.-P.: Security and Cooperation in Wireless Networks. Cambridge Univ. Press, Cambridge (2008)
Cheikhrouhou, O., Laurent-Maknavicius, M., Chaouchi, H.: Security Architecture in a Multi-Hop Mesh Network. In: SAR 2006 (2006)
Clancy, T., Arbaugh, W.: EAP Password Authenticated Exchange. RFC 4746, IETF (2006)
Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004)
Draves, R., Padhye, J., Zill, B.: Comparison of Routing Metrics for Static Multi-Hop Wireless Networks. In: SIGCOMM 2004, pp. 133–144. ACM, New York (2004)
Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., Yegin, A.: Protocol for Carrying Authentication for Network Access (PANA). RFC 5191, IETF (2008)
Fouque, P.-A., Pointcheval, D., Zimmer, S.: HMAC is a Randomness Extractor and Applications to TLS. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 180–191. Springer, Heidelberg (2003)
Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP Is Secure under the RSA Assumption. Journal of Cryptology 17(2), 81–104 (2004)
Funk, P., Blake-Wilson, S.: Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0). RFC 5281, IETF (2008)
Johnson, D., Hu, Y., Maltz, D.: The Dynamic Source Routing Protocol (DSR) for Mobile Ad Hoc Networks for IPv4. RFC 4728, IETF (2007)
Khan, K., Akbar, M.: Authentication in Multi-Hop Wireless Mesh Networks. PWASET 16, 178–183 (2006)
Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential Aggregate Signatures and Multisignatures without Random Oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465–485. Springer, Heidelberg (2006)
Lysyanskaya, A., Micali, S., Reyzin, L., Shacham, H.: Sequential Aggregate Signatures from Trapdoor Permutations. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 74–90. Springer, Heidelberg (2004)
Moustafa, H., Bourdon, G., Gourhant, Y.: Authentication, Authorization and Accounting (AAA) in Hybrid Ad hoc Hotspot’s Environments. In: WMASH 2006, pp. 37–46. ACM, New York (2006)
NIST. Digital Signature Standard (DSS). FIPS PUB 186-2 (2000)
Perkins, C., Belding-Royer, E., Das, S.: Ad hoc On-Demand Distance Vector (AODV) Routing. RFC 3561, IETF (2003)
Simon, D., Aboba, B., Hurst, R.: The EAP-TLS Authentication Protocol. RFC 5216, IETF (2008)
Xu, S., Mu, Y., Susilo, W.: Online/Offline Signatures and Multisignatures for AODV and DSR Routing Security. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 99–110. Springer, Heidelberg (2006)
Zhao, M., Smith, S.W., Nicol, D.M.: Aggregated Path Authentication for Efficient BGP Security. In: ACM CCS 2005, pp. 128–138. ACM, New York (2005)
Zhu, H., Bao, F., Li, T., Wu, Y.: Sequential Aggregate Signatures for Wireless Routing Protocols. In: IEEE WCNC 2005, pp. 2436–2439. IEEE, Los Alamitos (2005)
Zhu, S., Xu, S., Setia, S., Jajodia, S.: LHAP: A Lightweight Network Access Control Protocol for Ad Hoc Networks. Ad Hoc Networks 4(5), 567–585 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Manulis, M. (2009). Securing Remote Access Inside Wireless Mesh Networks. In: Youm, H.Y., Yung, M. (eds) Information Security Applications. WISA 2009. Lecture Notes in Computer Science, vol 5932. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10838-9_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-10838-9_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10837-2
Online ISBN: 978-3-642-10838-9
eBook Packages: Computer ScienceComputer Science (R0)