Securing Remote Access Inside Wireless Mesh Networks

  • Mark Manulis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5932)


Wireless mesh networks (WMNs) that are being increasingly deployed in communities and public places provide a relatively stable routing infrastructure and can be used for diverse carrier-managed services. As a particular example we consider the scenario where a mobile device initially registered for the use with one wireless network (its home network) moves to the area covered by another network inside the same mesh. The goal is to establish a secure access to the home network using the infrastructure of the mesh.

Classical mechanisms such as VPNs can protect end-to-end communication between the mobile device and its home network while remaining transparent to the routing infrastructure. In WMNs this transparency can be misused for packet injection leading to the unnecessary consumption of the communication bandwidth. This may have negative impact on the cooperation of mesh routers which is essential for the connection establishment.

In this paper we describe how to establish remote connections inside WMNs while guaranteeing secure end-to-end communication between the mobile device and its home network and secure transmission of the corresponding packets along the underlying multi-hop path. Our solution is a provably secure, yet lightweight and round-optimal remote network access protocol in which intermediate mesh routers are considered to be part of the security architecture. We also sketch some ideas on the practical realization of the protocol using known standards and mention extensions with regard to forward secrecy, anonymity and accounting.


Mobile Device Wireless Mesh Network Mutual Authentication Home Network Dynamic Source Route 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdalla, M., Bellare, M., Rogaway, P.: The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143–158. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP). RFC 3748, IETF (2004)Google Scholar
  3. 3.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)Google Scholar
  4. 4.
    Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Bellare, M., Rogaway, P.: The Exact Security of Digital Signatures - How to Sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Bersani, F., Tschofenig, H.: The EAP-PSK Protocol: A Pre-Shared Key EAP Method. RFC 4764, IETF (2007)Google Scholar
  8. 8.
    Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably Authenticated Group Diffie-Hellman Key Exchange. In: CCS 2001, pp. 255–264. ACM, New York (2001)CrossRefGoogle Scholar
  9. 9.
    Buttyán, L., Hubaux, J.-P.: Security and Cooperation in Wireless Networks. Cambridge Univ. Press, Cambridge (2008)Google Scholar
  10. 10.
    Cheikhrouhou, O., Laurent-Maknavicius, M., Chaouchi, H.: Security Architecture in a Multi-Hop Mesh Network. In: SAR 2006 (2006)Google Scholar
  11. 11.
    Clancy, T., Arbaugh, W.: EAP Password Authenticated Exchange. RFC 4746, IETF (2006)Google Scholar
  12. 12.
    Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004)Google Scholar
  13. 13.
    Draves, R., Padhye, J., Zill, B.: Comparison of Routing Metrics for Static Multi-Hop Wireless Networks. In: SIGCOMM 2004, pp. 133–144. ACM, New York (2004)CrossRefGoogle Scholar
  14. 14.
    Forsberg, D., Ohba, Y., Patil, B., Tschofenig, H., Yegin, A.: Protocol for Carrying Authentication for Network Access (PANA). RFC 5191, IETF (2008)Google Scholar
  15. 15.
    Fouque, P.-A., Pointcheval, D., Zimmer, S.: HMAC is a Randomness Extractor and Applications to TLS. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 180–191. Springer, Heidelberg (2003)Google Scholar
  16. 16.
    Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP Is Secure under the RSA Assumption. Journal of Cryptology 17(2), 81–104 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Funk, P., Blake-Wilson, S.: Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0). RFC 5281, IETF (2008)Google Scholar
  18. 18.
    Johnson, D., Hu, Y., Maltz, D.: The Dynamic Source Routing Protocol (DSR) for Mobile Ad Hoc Networks for IPv4. RFC 4728, IETF (2007)Google Scholar
  19. 19.
    Khan, K., Akbar, M.: Authentication in Multi-Hop Wireless Mesh Networks. PWASET 16, 178–183 (2006)Google Scholar
  20. 20.
    Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential Aggregate Signatures and Multisignatures without Random Oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465–485. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Lysyanskaya, A., Micali, S., Reyzin, L., Shacham, H.: Sequential Aggregate Signatures from Trapdoor Permutations. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 74–90. Springer, Heidelberg (2004)Google Scholar
  22. 22.
    Moustafa, H., Bourdon, G., Gourhant, Y.: Authentication, Authorization and Accounting (AAA) in Hybrid Ad hoc Hotspot’s Environments. In: WMASH 2006, pp. 37–46. ACM, New York (2006)CrossRefGoogle Scholar
  23. 23.
    NIST. Digital Signature Standard (DSS). FIPS PUB 186-2 (2000)Google Scholar
  24. 24.
    Perkins, C., Belding-Royer, E., Das, S.: Ad hoc On-Demand Distance Vector (AODV) Routing. RFC 3561, IETF (2003)Google Scholar
  25. 25.
    Simon, D., Aboba, B., Hurst, R.: The EAP-TLS Authentication Protocol. RFC 5216, IETF (2008)Google Scholar
  26. 26.
    Xu, S., Mu, Y., Susilo, W.: Online/Offline Signatures and Multisignatures for AODV and DSR Routing Security. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 99–110. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  27. 27.
    Zhao, M., Smith, S.W., Nicol, D.M.: Aggregated Path Authentication for Efficient BGP Security. In: ACM CCS 2005, pp. 128–138. ACM, New York (2005)CrossRefGoogle Scholar
  28. 28.
    Zhu, H., Bao, F., Li, T., Wu, Y.: Sequential Aggregate Signatures for Wireless Routing Protocols. In: IEEE WCNC 2005, pp. 2436–2439. IEEE, Los Alamitos (2005)Google Scholar
  29. 29.
    Zhu, S., Xu, S., Setia, S., Jajodia, S.: LHAP: A Lightweight Network Access Control Protocol for Ad Hoc Networks. Ad Hoc Networks 4(5), 567–585 (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Mark Manulis
    • 1
  1. 1.Cryptographic Protocols Group Department of Computer ScienceTU Darmstadt & CASEDGermany

Personalised recommendations