1. Field of the Invention
Embodiments of the invention relate to a method for making security mechanisms available in wireless mesh networks.
2. Background of the Related Art
A wireless network is a network in which data are transmitted according to the Wireless Local Area Network (WLAN) standard. Equally valid access points are used in the IEEE 802.11 WLAN standard family. Depending on the network configuration, some of them allow a transfer to a backbone network. One access point and the stations to which it transmits form a wireless cell. Most WLAN installations are operated in infrastructure mode, wherein the stations in a wireless cell can communicate with other stations, or with devices reachable through the backbone network, only through the access point. The individual wireless cells are linked to each other by the backbone network, creating an overlapping WLAN. Until now, backbone networks have primarily been cabled networks, typically an Ethernet LAN.
The upcoming IEEE 802.11s standard is an expansion, with which wireless cells will no longer need the backbone network in the cable network. The result of this is a mesh WLAN, in which the connection between access points is now also wireless and fully transparent for the stations. The mesh network operates as a self-organizing network, building itself dynamically from the participating nodes. Each participating node also functions as a router, using the routing protocol, and forwards the data traffic on to other nodes. Unlike the single-hop communication used by IEEE 802.11 WLANs, IEEE 802.11s mesh WLANs use routing mechanisms on the MAC layer to permit multi-hop communication.
When WLANs are used in businesses, these networks must be secured by encryption measures. In addition to authentication, security against eavesdropping and invasion is an important requirement. In the IEEE Standards for Information Technology—Telecommunications and Information Exchange Between Systems—Local and Metropolitan Area Networks—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Amendment 6: Medium Access Control (MAC) Security Enhancements, 2004 it is stated that the IEEE 802.11i standard defines some new WLAN Security Mechanisms and introduces the Robust Secure Network (RSN) protocol for establishing a secure connection with an Access Point. RSN is used for resistance against external attacks such as eavesdropping, data alteration, and data insertion, and provides effective access control as well as cryptographic data protection.
The use of group keys in IEEE 802.11i, with which data traffic between nodes is secured against eavesdropping by encrypting it, wherein a group key is used for communication with multiple other nodes, cannot guarantee sufficient protection against data alteration or interception by other subscribers on the network, i.e., internal attackers, because of the multi-hop data forwarding. If we also consider possible attacks at the routing level, such as intentional disruption of data traffic or retargeting of routing paths by other subscribers on the mesh network, it is clear that even using different keys in pairs is not enough, and the existing mechanisms are either too complex, extremely expensive, or inadequate for the protection needed in mesh networks.
A suggestion for implementing a currency system in order to promote cooperation, especially for forwarding foreign data packets, is included in Levente Buttyán, Jean-Pierre Hubaux. Nuglets: a Virtual Currency to Stimulate Cooperation in Self-Organized Mobile Ad Hoc Networks, 2001, and is intended to prevent network subscribers from behaving selfishly, i.e., intentionally intercepting packets that are supposed to be forwarded onward and thereby disrupting or even completely preventing communication between other subscribers. It rewards correct forwarding of foreign traffic by then allowing one's own traffic to be sent over the network. However, such a solution is difficult to implement in mesh networks, due to the varying availability of nodes, and requires an extremely high expense when a fair cost model is calculated.
An older method for protecting networks against external attacks is Wired Equivalent Privacy (WEP). However, WEP has a lot of security gaps and is therefore no longer used. In 802.11i and previously, these problems are not even mentioned, since attacks by selectively disrupting packets to be forwarded, as well as the use of multi-hop environments, had not yet been considered.
Security mechanisms at management level, described in Draft Standard for Information Technology—Telecommunications and Information Exchange Between Systems—Local and Metropolitan Area Networks—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications: Amendment: Protected Management Frames, D1.0, 2006, and also at routing level, such as Secure OLSR, described in Thomas Clausen, Emmanuel Baccelli, Securing OLSR Problem Statement, LIX, Ecole Polytechnique, 2005, or SAODV, described in Manel Guerrero Zapata, Secure Ad hoc On-Demand Distance Vector (SAODV) Routing, Technical University of Catalonia (UPC), 2005, for protection of routing protocols, assume an existing key distribution and administration system and also cannot prevent other manipulations and attacks by legitimate network subscribers.