A Framework for Establishing Security Associations in WMNs during Sequential Deployment
In Wireless Mesh Networks (WMN) Mesh Clients (MCs) are connected to the network via Mesh Access Points (MAPs), which are Mesh Routers (MRs) that serve clients as points of network attachment. Within the mesh network all traffic is routed between MRs wirelessly. Mesh Gateways (MGs) connect some of these MRs to other networks, typically the Internet.
A security architecture for a WMN has to enable authorized MRs and MCs to join the WMN and communicate with other entities in the WMN in secure fashion. This requires authentication and key agreement protocols that provide mutual authentication between an authentication server and the joining node during which keys are established that allow for secure communication between the joining node and other nodes in the network. Developing such protocols is challenging as in contrast to infrastructure based WLAN, vanilla EAP based security mechanisms cannot be used in WMNs due to their multi-hop propeties: in vanilla EAP keying material used between supplicant (STA) and authenticator (AP) has to be transported from the access server (AS) to the authenticator. If the authenticator is an MR that is one or more wireless hops apart from the AS then it is unclear how to protect the transport in an end-to-end (AS to AP) fashion. In previous work we determined which keying material has to be ultimately available at the joining node  and developed a key hierarchy that determines where and how these keys are put into place during sequential deployment of the WMN and with which keys the key delivery should be protected. However, the design of the protocol framework for this key delivery during authentication is still open.
Graduand: Hendrik Fabelje
Supervisor: André Egners