This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Abstract- Wireless mesh networks (WMNs) is an emerging communication network nowadays. It consists of several radio nodes and is placed in a mesh topology. Due to its fast, cheap and easy of installation WMNs becomes popular and is the main choice for Wireless Internet Service Provider. However, there are still many challenges in developing WMNs. One of them is the security in WMNs. This paper will discuss about the security issue in WMNs. We will study the difficulties faced when providing security and the basic network operation that need to be secured. Besides we will investigate the solution which is suitable in handling the security problem.
Index Terms-Wireless mesh networks; Ad hoc networks; Medium access control; Routing protocol; Transport protocol; Scalability; Security; Power management and control
Wireless mesh networks (WMNs) is made up of mesh clients and mesh routers, where mesh routers have minimal mobility and form the backbone for mesh clients . The mesh routers are used to collect and forward data either from user to gateway or from user to user. Users are allowed to move around the mesh routers. WMNs allow continuous connection to a network infrastructure regardless the obstacles in the travelling path. It will 'hop' from one node to another until it reaches its destination.
WMNs are preferable choice when we wish to provide wireless Internet connection in a fairly large area. It is due to it's un-relying on any preexisting infrastructure. With this characteristic, we are able to decrease the cost of deployment compare to the classic WiFi networks. As shown in figure 1, in order to set up a WiFi network we need to have a large amount of Wireless Hot Spot (WHSs) which are costly and fine-spun. However, by implementing WMNs in the same area of coverage or even larger than that, we are just required to have one WHPs and some wireless Transit Point Access (TAPs). TAPs are free from connection to wired infrastructures. They will just rely on WHPs to control their traffic. The price of a TAP is much lower than a WHP. Therefore WMNs is more economical compare to WiFi network.
Unfortunately, WMNs meet their main challenge to deploy in a wide scale because of the security issue. In this paper, we will first look into the WMNs' security issues then in second part, we will identify the basic network operations that require security. Finally we will analyze the existing solution for WMNs' security.
Figure 1(a) - A WiFi network: a large amount of Wireless Hot Spots (WHSs) to provide a good coverage.[ ]
Figure 1(b) - A Wireless Mesh Network: only one Wireless Hot Spot (WHS) and several inexpensive Transmit Access Ports (TAPs) are needed.[ ]
The Security Issues of WMNs
Before we launch any new wireless product, its security issues should be the main concern and the problems related should be solved immediately if possible. However many people treat security problem as an after-thought. For WMNs, there are some security issues that we need to focus on.
In order to prevent user from obtaining an unauthorized access to resource and confidential information and causing interference to the network, we should certify each clients before allowing them to join the network. This action is named as authentication. Authentication is also important to those users who are unwilling to pay for the service of using the Internet service.
In WMNs, there are two common ways to carry out the process of authentication.
It is a mechanism where a device gains its mediator's authenticity by itself. In WMNs, a node will identify its master which sends it the first impriting key. After receiving the key, the device will stay without change to its master.
However the nodes may lose its function due to some reasons such as: the timeout of receiving a new key, the master node will kill its slave node and then make it reborn again, and the failure in the devices or network itself (slave node refers to mobile clients while master node refers to the main access point).
The timeout, on the other hand is helping to protect against those hackers. Although the hackers may be able to access to the network, the secret key will be replaced after a period of time. This can ensure hackers from illegally using the network for whole time. Besides if the master node is able to realize that its slave node is being hacked, it will kill the slave node immediately even the imprinting key is still in using period. The slave node will then reborn and search for owner again.
Secure Transient Association
This concept is easy to be understood. We make an example as we have several electrical appliances at home such as television, DVD player, fan and others. People nowadays wish to make life easier. So we will wish to control all these appliances by just using one remote control. If a new appliance is added in, it needs to be associated with the existing controller. We also do not want other users have the accessibility to control our appliances, so we need to make the association secure. Beside if we want to sell out certain appliances in the association without affecting the control of all other appliances, we have to make the association transient.
In WMNs, a user's devices will only takes its master's devices into consideration. Those devices which are not under the its master will be ignored. But somehow we can implement the authentication in order to communicate with the outer part of network by giving a node the power to authenticate.
Integrity is where the message received is same as message sent without any changes. There are two types of methods to attack the integrity: deliberately destroy the data or un-deliberately damage caused by computer systems or broken of application errors.
Cryptography means using certain secret code to check the integrity of data. In WMNs, if one of the node is able to certify another node by using cryptography, the two nodes will come out with a general imprinting key. Then they both will able to receive the message which is protected by imprinting key.
Pair-Wise Key Sharing
In WMNs, it is possible to use Diffie-Hellman (D-H) key
exchange to solve the integrity issues. Diffie-Hellman (D-H) key exchange is one of the cryptography formulae which enable two parties that are do not have any idea about each other to publish a joint key together over an uncertain network. After that, we may use the joint key to encrypt the following communications.
Figure 2: WMNs authentication and encryption 
Privacy is the confirmation that only those authorized people can have a view on the data. The data may be secret between companies, personal medical report, financial report or other sensitive news which senders wish to protect from unauthorized people and also avoid causing any loss of damage to both himself and other party related.
To implement privacy, we need to have authentication first. Otherwise privacy means nothing because we need to identify that we are communicating to the right person.
SECURITY CHALLENGE OF WMNs
WMNs face many challenges in implementing at a wide area. Below are three main challenges. There are many other challenges which need to secure as well.
Detection of corrupt TAP ( Transmission Access Point)
Since WMNs is using low cost of TAPs in deploying a Internet network, these equipments are easily exposed to attacks of being removed, replicated or tampered. An antagonist can even easily tamper a TAP from a far distance without having any physical approach with it. Therefore WHS plays an important role in WMNS to store cryptographic information.
There are four primary attacks based on the target of the antagonist. First is when the antagonist plans to change the network topology, it will either shift or substitute a TAP. The WHS or neighboring TAPs will recognize the unusual change in the network.
Secondly is the adversary wish to attack the routing algorithm of the WMNs. He will modify the inner part of the node. Thirdly, when an attacker wants to insert false data or dislocate the network, he will duplicate the TAPs. Then places them in a planned location in the WMNs. This action will cause a serious disturbance in the network. Lastly is attacking a node in a passive way. It can be hardly detected.
Secure multi- hop routing
Seriously, we need to secure the routing mechanism of WMNs. An attacker will inject false data to influence the network algorithm. There are few ways that the attacker will choose to change the network mechanism: alter the routing message, change the state of TAPs in the network, using duplicated nodes and carries out DoS attack.
Remarks: DoS attack is the adversary is able to interrupt the connection betweens TAPs and cause the relocation of the network.
In WMNs, majority of the nodes are functioning as forwarders or repeaters. Consequently, they will have a prominent difference in throughput among all nodes depending on their location in the network. We can examine the fairness based on the amount of hops between the WHS and TAPs. If an attacker is able to add the number of hops between the WHS and TAPs, the bandwidth shared will be decreased significantly. In bandwidth sharing, we need to think about the amount of mobile clients served by each TAPs. If a TAP is serving less number of clients in a network, it should use less bandwidth.
To solve this attack, we can reconfigure the WMNs serially. According to the movement in the network, the operator should be able to set the optimal arrangements of WMNs and provides the TAPs with optimal routes.
Figure 3: since TAP 2 is only serving one mobile client compare to TAP 1 and TAP 3 which serves two clients each, flow2 should only gain half of the bandwidth of flow 1 and flow 3.
SOLUTIONS TO SECURITY PROBLEM in WMNS
WMN is an open network and its topology keeps changing. The solutions may be just suitable for this moment but not a long term. This is due to the attackers will always try to find out the shortage of a solution used and create challenge to WMNs. So securing WMNs is a task that will not end and more solutions are needed. Following are some current solutions suggested.
Securing the data center
Providing a secure data center network configuration will help in confirming the privacy and integrity of a data. The operators play roles in this task. They must think about the way to protect their data center and networking connection. They must employ service gateways and firewalls to execute the accessing towards WMNs.
Controlling the data flow
In the business organizations, WMNs are made up of internal secure network and public secure network. Therefore we need to analyze the most secure network configuration for the company and authenticate carefully each client in the network. Many companies will require a special gateway before entering their private network. When using this method, we are able to filter the packet of data and control the access.
Monitoring the network performance
When deploying WMNs in a wide area, we can hardly detect any nodes that are being attacked directly. Therefore we shall implement the detection and management in TAPs. There will be a management performance system in the TAPs. So by monitoring the performance management information, the operators are able to alert to any potential attacks. Actions can be employed at once to avoid any further damage caused.
WMN is an emerging trend in wireless network service provider. It has many advantages when we need to deploy Internet in a large scale area as explained in part I. However its security issues always become the stumbling block for its development. Many precautions and solutions are needed to have a secure network. This task is long - going which require more researches to examine it and find out the ways to improve it.