DSA-Mesh: a Distributed Security Architecture for Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged recently as a technology for next-generation wireless networking. They consist of mesh routers and clients, where mesh routers are almost static and form the backbone of WMNs. WMNs provide network access for both mesh and conventional clients. In this paper, we propose DSA-Mesh, a fully distributed security architecture that provides access control for mesh routers as well as a key distribution scheme that supports layer-2 encryption to ensure security and data confidentiality of all communications that occur in the backbone of the WMN. DSA-Mesh exploits the routing capabilities of mesh routers: after connecting to the access network as generic wireless clients, new mesh routers authenticate to a key management service (consisting of several servers) implemented using threshold cryptography, and obtain a temporary key that is used both to prove their credentials to neighbor nodes and to encrypt all the traffic transmitted on the wireless backbone links. A key feature in the design of DSA-Mesh is its independence from the underlying wireless technology used by network nodes to form the backbone. Furthermore, DSA-Mesh allows seamless mobility of mesh routers. Since it is completely distributed, DSA-Mesh permits to deploy automatically and incrementally large wireless mesh networks, while increasing, at the same time, the robustness of the system by eliminating the single point of failure typical of centralized architectures. DSA-Mesh has been implemented in Network Simulator, and extensive simulations have been performed in largescale network scenarios, comparing it to a static key approach and to a centralized architecture where a single key server is deployed. Numerical results show that our proposed architecture considerably increases the WMN security, with a negligible impact on the network performance, thus representing an effective solution for wireless mesh networking.