International Journal of Information Security

, Volume 14, Issue 2, pp 169–186 | Cite as

Multi-operator wireless mesh networks secured by an all-encompassing security architecture

Special Issue Paper


Wireless Mesh Networks (WMNs) consist of a wirelessly connected infrastructure of Mesh Routers (MRs) connected to the Internet via Mesh Gateways. Previous proposals on WMN security mainly focus on mesh networks operated by a single operator and rarely support mobility of Mesh Clients (MCs) with the help of secure roaming and handover procedures. While these approaches protect the communication of MCs against external attackers, they do not take internal attackers into account. In our previous work, we proposed a security architecture for single-operator WMNs, extended this architecture to the multi-operator case to support roaming between operators and secure infrastructure sharing and proposed secure handover procedures within the domain of a single operator. In this paper, we merge the different aspects of our prior proposals together to form a comprehensive security architecture for multi-operator WMNs. Our solution is based on open standards and explicitly addresses internal attackers. In addition, we propose pro-active handover services between different operators and show how dedicated MRs can take over authentication services in time-critical situations such as handover procedures.


Wireless Mesh Networks Security  Key management  Multi-operator Handover 


  1. 1.
    3GPP. 3G security; Security architecture. TS 33.102, 3rd Generation Partnership Project (3GPP) (2008)Google Scholar
  2. 2.
    3GPP. 3GPP System Architecture Evolution (SAE); Security architecture. TS 33.401, 3rd Generation Partnership Project (3GPP)Google Scholar
  3. 3.
    3GPP. Security-related network functions. TS 03.20, 3rd Generation Partnership Project (3GPP) (2007)Google Scholar
  4. 4.
    Aboba, B., Beadles, M., Arkko, J., Eronen, P.: The network access identifier. In: RFC 4282 (2005)Google Scholar
  5. 5.
    Aboba, B., Simon, D., Eronen, P.: Extensible authentication protocol (EAP) key management framework. In: RFC 5247 (2008)Google Scholar
  6. 6.
    Abobam, B., Calhoun, P.: RADIUS (Remote Authentication Dial In User Service) support for extensible authentication protocol (EAP). In: RFC 3579 (2003)Google Scholar
  7. 7.
    Askoxylakis, I., Bencsth, B., Buttyan, L., Dra, L., Siris, V., Szili, D., Vajda, I.: Securing multi-operator-based qos-aware mesh networks: requirements and design options. Wirel. Commun. Mob. Comput. 10(5), 622–646 (2010)Google Scholar
  8. 8.
    Atkinson, R.: Security architecture for the internet protocol. In: RFC 1825 (1995)Google Scholar
  9. 9.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO, volume 2139 of Lecture Notes in Computer Science, pp. 213–229. Springer, Berlin (2001)Google Scholar
  10. 10.
    Buttyan, L., Dora, L.: An authentication scheme for QoS-aware multi-operator maintained Wireless Mesh Networks. In: IEEE WoWMoM, pp. 1–6 (2009)Google Scholar
  11. 11.
    Calhoun, P., Loughney, J., Guttman, E., Zorn, G., Arkko, J.: Diameter base protocol. In: RFC 3588 (2003)Google Scholar
  12. 12.
    Cao, Z., Bing H., Zorn, G.: EAP Extensions for the EAP re-authentication protocol (ERP). In: RFC 6696 (2012)Google Scholar
  13. 13.
    Dolev, D., Yao, A.C.-C.: On the security of public key protocols. IEEE Trans. Inf. Theory (1983)Google Scholar
  14. 14.
    Egners, A., Fabelje, H., Meyer, U.: Fsasd: A framework for establishing security associations for sequentially deployed wmn. In: WOWMOM, pp. 1–7. IEEE Computer Society (2012)Google Scholar
  15. 15.
    Egners, A., Herrmann, P., Jarmuzek, T., Meyer, U: Experiences from security research using a Wireless Mesh Network Testbed. In: The 38th IEEE Conference on Local Computer Networks (LCN) (2013)Google Scholar
  16. 16.
    Egners, A., Herrmann, P., Meyer, U.: Secure and efficient handover protocols for wmns. In: WOWMOM. IEEE Computer Society (2013)Google Scholar
  17. 17.
    Egners, A., Meyer, U.: Secure roaming and infrastructure sharing for multi-operator wmns. In: SAC, pp. 1800–1807 (2013)Google Scholar
  18. 18.
    Funk, P., Blake-Wilson, S.: Extensible authentication protocol tunneled transport layer security authenticated protocol version 0 (EAP-TTLSv0). In: RFC 5281 (2008)Google Scholar
  19. 19.
    He, B., Agrawal, D.P.: An identity-based authentication and key establishment scheme for multi-operator maintained Wireless Mesh Networks. In: IEEE MASS, pp. 71–78 (2010)Google Scholar
  20. 20.
    Hoeper, K., Nakhjiri, M., Ohba, Y.: Distribution of EAP-based keys for handover and re-authentication. In: RFC 5749 (2010)Google Scholar
  21. 21.
    IEEE. Local and metropolitan area networks, Port-Based Network Access Control (IEEE Std 802.1X-2010) (2010)Google Scholar
  22. 22.
    IEEE. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications (802.11–1999) (1999)Google Scholar
  23. 23.
    IEEE. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications, Amendment 10: Mesh Networking (IEEE Std 802.11s-2011) (2011)Google Scholar
  24. 24.
    IEEE. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, Amendment 6: Medium Access Control (MAC) Security Enhancements (IEEE Std 802.11i-2004) (2004)Google Scholar
  25. 25.
    IEEE. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, Amendment 9: Interworking with External Networks (IEEE Std 802.11u-2011) (2011)Google Scholar
  26. 26.
    Ledlie, J., Gardner, P., Seltzer, M.I.: Network coordinates in the wild. In: NSDI, USENIX (2007)Google Scholar
  27. 27.
    Rigney, C., Rubens, A., Simpson, W., Willens, S.: Remote authentication dial in user service (RADIUS). In: RFC 2138 (1997)Google Scholar
  28. 28.
    Salowey, J., Dondeti, L., Narayanan, V., Nakhjiri, M.: Specification for the derivation of root keys from an extended master session key (EMSK). In: RFC 5295 (2008)Google Scholar
  29. 29.
    Sun, J., Zhang, C., Zhang, Y., Fang, Y.: SAT: A security architecture achieving anonymity and traceability in Wireless Mesh Networks. IEEE Tran. Dependable Secur. Comput. 8(2), 295–307 (2011) Google Scholar
  30. 30.
    Vigan, L: Automated security protocol analysis with the avispa tool. Electron. Notes Theor. Comput. Sci. 155, 61–86 (2006)Google Scholar
  31. 31.
    Wang, Z., Ma, M., Liu, W., Wei, X.: A unified security framework for multi-domain Wireless Mesh Networks. In: ACM ICICS, ICICS’11, pp. 319–329. Springer, Berlin (2011)Google Scholar
  32. 32.
    Wang, Z., Ma, M.: Securing wireless mesh networks in a unified security framework with corruption-resilience. Comput. Netw. 56(12), 2981–2993 (2012)CrossRefGoogle Scholar
  33. 33.
    Wierenga, K., Florio, L.: Eduroam: past, present and future. Comput. Methods. Sci. Technol. 11(2), 169–173 (2005)Google Scholar
  34. 34.
    Zhang, Y., Fang, Y.: Arsa: an attack-resilient security architecture for multihop wireless mesh networks. IEEE J. Sel. Areas Commun. 24(10), 1916–1928 (2006)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.RWTH Aachen UniversityAachenGermany

Personalised recommendations