A Secure Hybrid Wireless Mesh Protocol for s Mesh Network*

Transcription

1 A Secure Hybrd Wreless Mesh Protocol for s Mesh Network* Md. Sharful Islam, Young Jg Yoon, Md. Abdul Hamd, and Choong Seon Hong** Department of Computer Engneerng, Kyung Hee Unversty, Republc of Korea Abstract. Wreless Mesh Network (WMN) has emerged as a key technology and found a great deal of nterest for the researchers n the recent past. Hybrd Wreless Mesh Protocol (HWMP) s the default path selecton (.e., routng) protocol fully specfed n the current draft D.1.06 of s for WMN. However, securty n routng or forwardng functonalty s not specfed n the standard. As a consequence, HWMP n ts current from s vulnerable to varous types of routng attacks. In ths paper, we propose a secure verson of HWMP (SHWMP) that operates smlarly to that of HWMP but uses cryptographc extensons to provde authentcty and ntegrty of routng messages and prevents unauthorzed manpulaton of mutable felds n the routng nformaton elements. We have shown through analyses and smulaton that SHWMP s robust aganst dentfed attacks and provdes hgher packet delvery rato and ncurs lttle computatonal and storage overhead to ensure securty. Keywords: Wreless Mesh Network, Secure Hybrd Wreless Mesh Protocol (SHWMP), Authentcaton, Merkle Tree. 1 Introducton Wreless 1 Mesh Networks (WMN) s gradually maturng to a pont where t cannot be gnored when consderng varous wreless networkng technologes for deployment. It has emerged as a key technology to support a numerous number of applcaton scenaros lke broadband home networkng, communty and neghbourhood networkng, enterprse networkng, metropoltan area networkng etc. wth ts unque characterstcs lke self-confgurng capablty, lower cost, robustness and easy network mantenance[1]. The ncreased nterest n WMN has reflected n producng a standard named IEEE s, whch s n progress and expected to be fnalzed by md The current draft standard D1.06 [2] of s s the frst standard that ntroduces the concept of embeddng routng n layer-2. Interoperablty between devces of dfferent vendors s the key reason for ntegratng routng n MAC layer. * Ths work was supported by the Korea Research Foundaton Grant funded by the Korean Government (MOEHRD)" (KRF D00394). ** Correspondng author. O. Gervas et al. (Eds.): ICCSA 2008, Part I, LNCS 5072, pp , Sprnger-Verlag Berln Hedelberg 2008

2 A Secure Hybrd Wreless Mesh Protocol for s Mesh Network 973 The network archtecture of a s WMN s depcted n Fg. 1. A mesh pont (MP) s an IEEE s entty that can support WLAN mesh servces. A mesh access pont (MAP) s an MP but can also work as an access pont. A mesh portal (MPP) s a logcal pont that connects the mesh network to other networks such as a tradtonal WLAN or a non network. The current s standard defnes secure lnks between MPs, but t does not provde end-to-end securty. The securty n routng or forwardng functonalty s not also specfed n s [3]. Our study dentfes that HWMP s vulnerable to varous types of routng attacks lke floodng, route re-drecton, spoofng etc. The man reason s that ntermedate nodes need to modfy mutable felds (.e., hop count, TTL, metrc etc) n the routng element before forwardng and re-broadcastng them. Snce other nodes wll act upon those added nformaton, these must also be protected somehow from beng forged or modfed. However, only source authentcaton does not solve ths problem, because the nformaton are added or modfed n ntermedate nodes. Ths motvates us to nclude hop-by-hop authentcaton n our proposal. Fg. 1. Network archtecture of s We propose a secure routng protocol for s whch takes nto consderaton the exstng key herarchy of s, dentfes the mutable and non-mutable felds n the routng message, protects the non-mutable part usng symmetrc encrypton and authentcates mutable nformaton usng Merkle tree [4]. The remander of the paper s organzed as follows. Followng secton dscusses some of the related works. Secton 3 brefly ntroduces HWMP n s. Possble attacks are shown n secton 4. Secton 5 shows the key dstrbuton n s. We have proposed our dea n secton 6 followed by securty analyss n secton 7. We have evaluated network performance through smulaton n secton 8. Fnally, secton 9 concludes our work. 2 Related Research Research on layer-2 routng s stll n ts early age. As of now, there s no state-of-theart soluton exsts n the lterature for securng layer-2 routng. In [5], the authors have just summarzed the proposed routng from s draft. Ref [6] descrbes just an

3 974 M.S. Islam et al. update of layer-2 routng n the current draft s s framework and research challenges are summarzed n [3]. Apart from these, there has been some research on securng layer 3 routng. Arande n [7] ensures a secure on-demand source routng. Authentcaton s done usng TESLA [8], dgtal sgnatures and standard MAC. However, as the route request s not authentcated untl t reaches the destnaton, an adversary can ntate route request floodng attack. A varant of Arande named endara s proposed n [9] that wth a dfference that nstead of sgnng a route request, ntermedate nodes sgn the route reply. It requres less cryptographc computaton, but stll vulnerable to malcous route request floodng attack. SAODV [10] s a secure varant of AODV. Operatons are smlar to AODV, but uses cryptographc extensons to provde authentcty and ntegrty of routng message. It uses hash chans n order to prevent manpulaton of hop count feld. However, an adversary can always ncrease the hop count. Another secure on-demand dstant vector protocol, ARAN (Authentcate Routng for Ad hoc Networks), s presented n [11]. Just lke SAODV, ARAN uses publc key cryptography to ensure ntegrty of routng message. However, a major drawback of ARAN s that t requres extensve sgnature generaton and verfcaton durng the route request floodng. In our proposed scheme, we wll use the exstng keyng herarchy specfed n current s specfcaton. So, there s no extra burden for enforcng external keyng mechansm (lke PKI, KDC etc.). That s, we are not assumng that a parwse key exsts between any two nodes n the networks as path securty can not be assured n s. The Group Transent Key (GTK) s used for encryptng broadcast message whereas Parwse Transent Key () s used for encryptng uncast message. We have used Merkle Tree [4] n our scheme for authentcatng mutable felds n the routng nformaton elements. Our secure routng employs symmetrc cryptographc prmtves only and does not assume the exstence of parwse shared key for sourcedestnaton. Rather, a Merkle tree-based hop-by-hop authentcaton mechansm s devsed explotng exstng key-herarchy of s standard. 3 Overvew of HWMP n s HWMP, referred as the path selecton protocol n s has combnes the flavor of reactve and proactve strategy by employng both on-demand path selecton mode and proactve tree buldng mode. On-demand mode allows two MPs to communcate usng peer-to-peer paths. Ths mode s manly used by nodes that experence a changng envronment and when there s no root MP confgured. On the other hand, proactve tree buldng mode can be an effcent choce for nodes n a fxed network topology. The mandatory routng metrc used n HWMP s the artme cost metrc [2] that measures the lnk qualty (e.g. amount of channel resource consumed by transmttng a frame over a partcular lnk). In HWMP, both on demand and proactve mode can be used smultaneously. In an On-demand mode a source MP broadcast path request (PREQ) message requestng a route to the destnaton. The PREQ s processed and forwarded by all ntermedate MPs and sets up the reverse path from the destnaton to the source of route dscovery. The destnaton MP or any ntermedate MP wth a path to the

4 A Secure Hybrd Wreless Mesh Protocol for s Mesh Network 975 destnaton may uncast a path reply (PREP) to the source MP that creates the forward path to the destnaton. Whereas n Proactve Tree Buldng mode, the MP that confgured as a root MP (.e usually the MPP) can ntate route dscovery process n two ways. Frstly, t announces ts presence by perodcally broadcastng a root announcement RANN message that propagates metrc nformaton across the network. Upon recepton of a RANN message, an MP that has to create or refresh a path to the root MP sends a uncast PREQ to the root MP. The root MP then uncast a PREP n response to each PREQ. The uncast PREQ creates the reverse path from the root MP to the orgnatng MP, whle the PREP create the forward path from the MP to the root MP. Secondly, the root MP proactvely dssemnates a PREQ message to all the MPs n the networks wth ntent to establsh a path. An MP after recevng a proactve PREQ, creates or updates ts path to the root MP by uncastng a Proactve PREP, f and only f the PREQ contans a greater sequence number, or the sequence number s the same as the current path and the PREQ offers a better metrc than the current path to the root MP. HWMP also allows both on-demand and proactve mode to work smultaneously. Ths hybrd mode s used n stuatons where a root MP s confgured and a mesh pont S want to send data to another mesh pont D but has no path to D n ts routng table. Instead f ntatng on demand mode, S may send data to the root portal, whch n turns delvers the data to D nformng that both S and D are n the same mesh. Ths wll trgger an on-demand route dscovery between S and D and subsequent data wll be forwarded usng the new path. A more detaled descrpton regardng exstng HWMP can be found n [2][5][6]. 4 Attack Scenaros Followng subsectons brefly dscuss the possble attacks that can be launched n HWMP for path selecton. 4.1 PREQ Floodng The smplest of attack that a malcous node can launch s by floodng the network wth a PREQ messages destned to an address whch s not present n the network. As the destnaton node s not present n the network, every ntermedate node wll keep forwardng the PREQ message. As a result, a large number of PREQ message n a short perod wll consume the network bandwdth and can degrade the overall throughput. 4.2 Route Re-drecton A malcous node can launch a route re-drecton attack by modfyng mutable felds n the control packets such as hop count, sequence number and metrc feld. A malcous node M can dvert traffc to tself by advertsng a route to a destnaton wth a Destnaton Sequence Number (DSN) greater than the one t receved from the destnaton. For example, the malcous node M n the Fg. 2a receves a PREQ from A whch was orgnated from S for a route to node D. As HWMP allows ntermedate PREP, M can uncast a PREP to A wth a hgher destnaton sequence number than

5 976 M.S. Islam et al. Fg. 2. Route re-drecton attack. a) ncreasng DSN, b)decreasng metrc. the value last advertsed by D. After gettng the PREQ message D wll also uncast PREP to the source S. At some pont, A wll receve both the PREPs and consder the PREP wth hgher destnaton sequence number as the vald one and dscards the orgnal PREQ as f t was stale. So, A wll re-drect all subsequent traffc destned for D to the malcous node M. Route re-drecton attack can also be possble by modfyng the metrc feld used n the HWMP PREQ messages. Value of the metrc feld s used to decde the path from a source to a destnaton, whch s a cumulatve feld contrbuted by each node n the path. A malcous node can modfy the mutable metrc feld to zero to announce a better path to a destnaton. As depcted n Fg. 2b, M can modfy the metrc feld n the PREQ to zero and re-broadcasts t to the network. So, the reverse path created should go through the malcous node M. As a result, all traffcs to the destnaton D wll be passed through the attacker. 4.3 Formaton of Routng Loops A malcous node can create routng loop [11] n a mesh network by spoofng MAC addresses and modfyng the value of the metrc feld. Consder the followng network (Fg. 3) where a path exsts between the source S and destnaton X that goes through node B and C. Also, there s a path exsts from A to C through D. Assume that a malcous node M as shown n Fg. 3a, s present n the vcnty where t can lsten to the PREQ/PREP messages pass through A,B,C and D durng route dscovery process. It can create a routng loop among the nodes A, B, C and D by mpersonaton combned wth modfcaton of metrc feld n PREP message. Fg. 3. Formaton of Routng loops

6 A Secure Hybrd Wreless Mesh Protocol for s Mesh Network 977 Frst t mpersonates node A s MAC address and moved out of the reach of node A and closer to node B. And then t sends a PREP message to node B ndcatng a better metrc value than that of the value receved from C. So, node B now re-establshes ts route to X that should go through A as shown n Fg. 3b. At ths pont, the malcous node mpersonates node B and moves closer to node C and sends a PREP to node C ndcatng a better metrc than the one receved from E. So, node C wll now choose B as the next hop for ts route to the destnaton X as shown n Fg. 3c. Thus a loop has been formed and the destnaton X s unreachable from all the four nodes. 5 Key Dstrbuton n s s ensures lnk securty by usng Mesh Securty Assocaton (MSA) servces s extends the securty concept of by a key herarchy, nherts functons of and uses 802.1X for ntal authentcaton. The operaton of MSA reles on mesh key holders, whch are functons that are mplemented at MPs wthn the WMN. Fg. 4. Key establshment and authentcaton mechansm n s Two types of mesh key holders are defned: mesh authentcators (MAs) and mesh key dstrbutors (MKDs). A sngle MP may mplement both MKD and MA key holders, an MA alone and no key holders [2]. Fg. 4 depcts the key establshment and authentcaton process of s. The frst level of lnk securty branch, PMK-MKD s mutually derved by the supplcant MP and MKD, from the Master Sesson Key (MSK) that s created after the ntal authentcaton phase between supplcant MP and MKD or from a pre-shared key (PSK) between MKD and supplcant MP, f exsts. The second level of lnk securty branch PMK-MA s also derved by the supplcant MP and MKD. MKD then delvers the PMK-MA to the MA and thus permts to ntate MSA 4-way handshake whch results n dervng a of 512 bts between supplcant MP and MA.

7 978 M.S. Islam et al. Durng the MSA 4-way handshake MA receves the GTK of the supplcant MP. After the completon of MSA-4way handshake, a group handshake s used to send the GTK of the MA to the supplcant MP. The GTK s a shared key among all supplcant MPs that are connected to the same mesh authentcator (MA). In our proposed secure routng algorthm, s used for encrypton of uncast messages and GTK s used for encryptng broadcast messages. 6 Proposed Secure HWMP The routng protocol proposed n ths secton s a secure verson of Hybrd Wreless Mesh Protocol (SHWMP). As specfed n [2], HWMP routng nformaton elements have a mutable and a non-mutable part. We explot these exstng mutable and nonmutable felds to desgn a secure layer-2 routng. More specfcally, we () use the exstng key dstrbuton, () dentfy the mutable and non-mutable felds, () show that mutable felds can be authentcated n hop-by-hop fashon usng the concept of Merkle tree, and (v) use symmetrc encrypton to protect non-mutable felds. The rest of ths secton descrbes the proposed protocol n detals. 6.1 Use of Keys All the enttes n the mesh nfrastructure (MP, MAP and MPP) can act as supplcant MP and Mesh Authentcator (MA). Before ntatng a route dscovery process, all the MPs authentcate ts neghborng MPs, send ts GTK and establsh through key dstrbuton process descrbed n Secton 5. We use ths GTK for securng broadcast messages such as PREQ, RANN and s used to secure uncast messages such as PREP, proactve PREQ. 6.2 Identfcaton of Mutable / Non-mutable Felds The nformaton elements n the HWMP contan felds that can be modfed n the ntermedate routers whch we termed as mutable and those that can not be modfed termed as non-mutable felds. Fg. 5 shows the format of a PREQ element where the mutable felds are: a. Hop count feld: Provdes nformaton on the number of lnks n the path, ncremented by each ntermedate node, but t s not used for routng decson. b. TTL feld: The tme to leave feld defnes the scope of the PREQ n number of hops. TTL value s decremented by 1 at each ntermedate node. c. Metrc feld: HWMP uses an artme lnk metrc nstead of hop count metrc as n AODV, to take a decson on path selecton. Whenever an ntermedate node receves a PREQ that s to be forwarded, t calculates the artme cost to the current path and adds the value to the exstng metrc feld. d. Per destnaton flag: The Destnaton Only (DO) and Reply and Forward Flag (RF) determne whether the route-reply message (RREP) wll be sent by ntermedate node or only by destnaton. If DO flag s not set and RF flag s set, the frst ntermedate node that has a path to the destnaton sends PREP and forwards the PREQ by settng the DO flag to avod all ntermedate MPs sendng a PREP. In ths case, per destnaton flag feld s also a mutable feld.

8 A Secure Hybrd Wreless Mesh Protocol for s Mesh Network 979 Fg. 5. Format of a PREQ element Fg. 6. Format of a PREP element Fg. 7. Format of a RANN element Fg. 6 and Fg. 7 show the format of a PREP and RANN nformaton element. In both the cases, the mutable felds are hop-count, TTL and metrc ndcated by shadowed boxes. 6.3 Constructon of Merkle Tree Let the mutable felds of routng nformaton elements that need to be authentcated are v 1, v 2, v 3 and v 4. We hash each value v nto u wth a one-way hash functon such that u = h( v). Then we assgn the hash values to the leaves of the bnary tree as shown n Fg. 8. Moreover, to each nternal vertex u of ths tree, we assgn a value that s computed as the hash of the values assgned to the two chldren of u such as u12 = h( u1 u2 ). Fnally, we found the value of the root and make a message authentcaton code on Fg. 8. Constructon of Merkle tree

9 980 M.S. Islam et al. the root by usng GTK of the sender or by between sender and recever for authentcatng broadcast and uncast messages, respectvely. The sender can reveal a value v that needs to be authentcated along wth the values assgned to the sblngs of the vertces along the path from v to root that we denote as authentcaton path, authpath( v). The recever can hash the values of the authentcaton path n approprate order to compute the root and compare the value assgned to the root. If these two values match, then the recever can be assured that the value v s authentc. 6.4 Securng on Demand Mode Consder a source MP S n Fg. 9 whch wants to communcate wth a destnaton MP X. Fg. 9. Secure on-demand path selecton In order to establsh a secure route, source node S, destnaton node X and set of ntermedate nodes F 1 that nclude A, B and F 2 that ncludes C, D executes the route dscovery process n the followng way: S : MAC GTK root(s), {v,authpath(v )}, {PREQ MF} GTK (1) F 1 : MAC GTKroot(F), 1 {v,authpath(v )}, {PREQ MF} GTK (2) F 2 :MAC GTKroot(F 2), {v,authpath(v )}, {PREQ MF} GTK (3) X,F2 X,F2 X F 2:MAC root(x), {v,authpath(v )}, {PREP MF} (4) F,F 2 1 F,F 2 1 F2 F 1 :MAC root(f 2), {v,authpath(v )}, {PREP MF} (5) F,S 1 F,S 1 F S:MAC root(f), {v,authpath(v )}, {PREP MF} (6) 1 1 From the key management of s, the node S s equpped wth one GTK that t shares wth ts neghbors and set of s for communcatng wth each neghbor ndvdually. Before broadcastng the PREQ, t frst creates a Merkle tree wth the leaves beng the hash of mutable felds of PREQ message. S then creates a MAC on the root of the Merkle tree t just created. Then, S broadcasts message (1) whch ncludes the MAC of the root created usng the GTK, mutable felds v s that need to be

10 A Secure Hybrd Wreless Mesh Protocol for s Mesh Network 981 authentcated along wth the values of ts authentcaton path authpath( v)and encrypted PREQ message excludng the mutable felds. Any of the neghborng nodes of S, after recevng the PREQ, tres to authentcate the mutable felds by hashng the values receved n an ordered way, create a MAC on t usng the shared GTK and comparng that wth the receved MAC value of the root. If the two values match, the ntermedate MP s ascertan that the values are authentc and come from the same source that created the tree. Let us consder for example that B receves a PREQ from ts neghborng node S and wants to authentcate the value of the metrc feld M as shown n Fg 10. Accordng to our protocol, B and C should receve the value M along wth the values of the authentcaton path of M n the Merkle tree such as U H and U TF. B and C can now verfy the authentcty of M by computng h(h(h(m) U H ) U TF ) and a MAC on ths value usng the key GTK. It then compares the receved MAC value wth the new one, f t found a match, then t can assure that the value M s authentc and came from the same entty that has created the tree and computed the MAC on the U root. Fg. 10. Authentcaton path for the Metrc feld M n Merkle Tree The ntermedate nodes then update the values of the mutable felds lke hop count, metrc and TTL and create Merkle trees from the modfed felds. They also decrypt the non-mutable part of the PREQ message and re-encrypt t wth ther own broadcast key and re-broadcast (as shown n (2) and (3)) the PREQ message followng the same prncple. After recevng the PREQ, the destnaton MP updates the mutable felds; creates ts own Merkle Tree and uncasts a PREP message as (4) usng same prncple but ths tme usng nstead of usng GTK. The PREP s propagated as (5) and (6) to the source MP n the reverse path created usng PREQ and thus a secure forward path from the source to the destnaton s establshed. 6.5 Securng Proactve Mode In the Proactve RANN mode, the RANN message s broadcasted usng the group transent key as shown n Equaton (7) to (9) to protect the non-mutable felds and authentcate the mutable felds (hop count, TTL and metrc) usng the Merkle tree approach. As there are only three mutable felds n the RANN message a node requres generatng a random number to construct the Merkle tree. After recevng the

11 982 M.S. Islam et al. RANN message an MP that needs to setup a path to the root MP uncast a PREQ to the root MP as per Equaton (10) to (12). On recevng each PREQ the root MP reples wth a uncast PREP to that node as descrbed n Equaton (13) to (15). Proactve PREQ mode can also be secured by transmttng proactve PREQ and PREP n the same way dscussed above. R : MACGTKRoot(R), {v, authpath (v )}, {RANN-MF} GTK (7) F 1 *: MACGTKRoot(F 1), {v, authpath (v )}, {RANN-MF} GTK (8) F 2 *: MACGTKRoot(F 2 ), {v, authpath (v )}, {RANN-MF} GTK (9) D,F2 D,F2 D F : MAC Root(D), {v, authpath (v )}, {PREQ-MF} (10) 2 F,F 2 1 F,F F,R 1 F,R R, F1 R,F1 1 F,F 1 2 F,F F,D 2 F,D F F : MAC Root(F ), {v, authpath (v )}, {PREQ-MF} (11) F R: MAC Root(F ), {v, authpath (v )}, {PREQ-MF} (12) R F : MAC Root(R), {v, authpath (v )}, {PREP-MF} (13) F F : MAC Root(F ), {v, authpath (v )}, {PREP-MF} (14) F D: MAC Root(F ), {v, authpath (v )}, {PREP-MF} (15) Notatons used n Equaton (7) to (15) are as follows: R s consdered as the root MP and D s the MP that needs to setup a path to R. F 1 and F 2 are the ntermedate nodes n the path. MACkRoot(X), represents the MAC of the Merkle tree s root created by node X usng a shared key k. {RANN/PREQ/PREP-MF} represents the routng nformaton elements wthout the mutable felds. v and authpath( v ) denote the felds need to be authentcated and the values assgned to the authentcaton path from v to root of the tree, respectvely. 7 Securty and Overhead Analyses In ths secton, we wll analyze the proposed SHWMP n terms of robustness aganst the attacks presented n Secton 4 and also the overhead requred for ensurng secure routng. 7.1 Securty Analyss 1) Preventng Floodng Attack: In the proposed SHWMP, a node can partcpate n the route dscovery process only f t has successfully establshes a GTK and through key dstrbuton and authentcaton mechansm of s. Thus t wll not be possble for a malcous node to ntate a route dscovery process wth a destnaton address that s not n the network. Agan, as the PREQ message s encrypted durng transmsson, a malcous node can not nsert new destnaton address. 2) Modfcaton of Routng Messages: The root cause of route re-drecton attacks are modfcaton of mutable felds n routng messages. These mutable felds are authentcated n each hop. If any malcous node modfes the value of a feld n transt,

12 A Secure Hybrd Wreless Mesh Protocol for s Mesh Network 983 t wll be readly detected by the next hop whle comparng the new MAC wth the receved one. It wll fnd a mss-match n comparng the MACs and modfed packet wll be dscarded. 3) Avodng Formaton of Routng Loops: Formaton of routng loops requres ganng nformaton regardng network topology, spoofng and alteraton of routng message. As all the routng nformaton s encrypted between nodes, an adversary wll be unable to learn network topology by overhearng routng messages. Spoofng wll not beneft the adversary as t wll requre authentcaton and key establshment to transmt a message wth spoofed MAC. Moreover, fabrcaton of routng messages s detected by ntegrty check. So, proposed mechansm ensures that routng loops can not be formed. 7.2 Overhead Analyss 1) Computaton cost: The computaton cost of a sender and recever are defned by followng equatons: k h + m+ e(sender) (16) a+ 1 h+ m+ d (recever) (17) Where, k s the number of hash operatons requred to form a Merkle tree. Cost of computng a hash functon s defned by h. m s the cost nvolved n computng the MAC of the root, whereas e and d are encrypton and decrypton cost. To authentcate a partcular value, a recever need to compute the root by calculatng (a+1) hash operatons, where a defnes the number of nodes n the authentcaton path. 2) Communcaton Overhead: It s defned by the number of routng messages requred to establsh a secure path and defned by (18), (19) and (20). ( n -1) broadcast + h uncast ( on - demand) (18) n broadcast + h uncast ( practve PREQ) (19) n broadcast + 2 h uncast ( practve RANN) (20) Where, n s the number of nodes n the network, h s the number of hops n the shortest path. The number of messages requred for establshng a path n HWMP s same as our proposed one. So, our protocol does not ncur any extra communcaton overhead. 3) Storage Requrements: A node needs to store the number of felds that need to be authentcated, hashed values of the Merkle tree and the MAC of the root value. So, storage requrement of a node s gven by (21). n d + ( k l) + SM (21) = 1 Where, d s the sze of a mutable feld, k s the number of hashes n the Merkle tree, l s the sze of a hashed value and S M s the sze of the MAC.

13 984 M.S. Islam et al. 8 Network Performance Analyss We use ns-2 [12] to smulate our proposed secure routng (SHWMP) approach and compare that wth exstng HWMP. We have smulated 50 nodes n a 1500 x1500 m 2 area. We use 5 to 10 dstnct source destnatons pars that are selected randomly. Traffc source are CBR (constant bt-rate). Each source sends data packets of 512 bytes at the rate of four packets per second durng the smulaton perod of 900 seconds. We consder the followng performance metrcs: 1. Packet delvery rato: Rato of the number of data packets receved at the destnatons to the number of data packets generated by the CBR source. 2. Control overhead (n bytes): Rato of the control overhead to the delvered data HWMP SHWMP Delvery Rato n Percentage SHWMP HWMP Contol Overhead n bytes Number of Source Destnaton Par Number of Source Destnaton Par a) Packet delvery rato b) Control packet overhead Fg. 11. As shown n Fg. 11a, the packet delvery rato s better n SHWMP than that of HWMP. Snce the msbehavng nodes partcpates n the route dscovery process, n HWMP sometmes packets are ntentonally dropped by the malcous nodes. But, n the proposed protocol, malcous node can not partcpate n the route dscovery process and thus always acheve a hgher packet delvery rato. Fg. 11b shows that the control packet overhead for the two protocols are almost dentcal though SHWMP has a lttle more overhead as t needs to nclude MAC values along wth the routng messages, whereas the number of control packets transmtted by the two protocols s roughly equvalent. 9 Concluson and Future Works The goal of ths paper s to develop a secure routng mechansm for wreless mesh networks. We have proposed SHWMP, a secure extenson of L2 routng specfed n s. Our proposed mechansm takes nto consderaton the exstng key herarchy of s (so, there s no extra keyng burden), dentfes the mutable and nonmutable felds n the routng message, protects the non-mutable part usng symmetrc encrypton and uses Merkle-tree approach to authentcate mutable nformaton. We

14 A Secure Hybrd Wreless Mesh Protocol for s Mesh Network 985 have shown that our protocol s robust aganst dentfed attacks and computatonally effcent as t uses only symmetrc key operatons. One of our key research goal s to develop a secure nterference aware L2 routng for s wreless mesh networks. References 1. Akyldz, I.F., Wang, X., Wang, W.: Wreless mesh networks: a survey. Computer Networks 47(4) (March 2005) 2. IEEE s Task Group, Draft Amendment to Standard for Informaton Technology Telecommuncatons and Informaton Exchange Between Systems LAN/MAN Specfc Requrements Part 11: Wreless Medum Access Control (MAC) and physcal layer (PHY) specfcatons: Amendment: ESS Mesh Networkng, IEEE P802.11s/D1.06 (July 2007) 3. Wang, X., Lm, A.O.: IEEE s wreless mesh networks: Framework and Challenges. AdHoc Networks, 1 15 (2007) do: /j.adhoc Merkle, R.C.: A certfed dgtal sgnature (subttle: That antque paper from 1979). In: Brassard, G. (ed.) CRYPTO LNCS, vol. 435, pp Sprnger, Hedelberg (1990) 5. Bahr, M.: Proposed Routng for IEEE s WLAN Mesh Networks. In: 2nd Annual Internatonal Wreless Internet Conference (WICON), Boston, MA, USA (August 2006) 6. Bahr, M.: Update on the Hybrd Wreless Mesh protocol of s. In: Proc. of IEEE Internatonal Conference on Moble Adhoc and Sensor Systems, MASS 2007, pp. 1 6 (2007) 7. Hu, Y.-C., Perrg, A., Johnson, D.B.: Aradne: A Secure On-Demand Routng Protocol for Ad Hoc Networks. In: Proc. MobCom 2002, Atlanta, GA, September (2002) 8. Perrg, A., Canett, R., Tygar, J.D., Song, D.: Effcent authentcaton and sgnng of multcast streams over lossy channels. In: Proc. of IEEE Symposum on Securty and Prvacy, pp (2000) 9. Gergely, L.B., Vajda, I.: Provably secure on-demand routng n Moble Adhoc Networks. IEEE transactons on Moble Computngm 5(11), (2006) 10. Zapata, M.G., Asokan, N.: Securng Adhoc rourng protocols. In: Proc. of ACM Workshop of Wreless Securty (Wse), September 2002, pp (2002) 11. Sangr, K., Dahl, B.: A Secure Routng Protocol for Ad Hoc Networks. In: Proc. of 10th IEEE Internatonal Conference on Network Protocols (ICNP 2002) (2002) 12. The Network Smulator ns-2,