18-05-2012, 11:31 AM
A Security Architecture Achieving Anonymity and Traceability in Wireless Mesh Networks
[attachment=22321]
INTRODUCTION
WIRELESS Mesh Network (WMN) is a promising technology
and is expected to be widespread due to its lowinvestment
feature and the wireless broadband services it
supports, attractive to both service providers and users.
However, security issues inherent in WMNs or any wireless
networks need be considered before the deployment and
proliferation of these networks, since it is unappealing to
subscribers to obtain services without security and privacy
guarantees. Wireless security has been the hot topic in the
literature for various network technologies such as cellular
networks [1], wireless local area networks (WLANs) [2],
wireless sensor networks [3], [4], mobile ad hoc networks
(MANETs) [5], [6], and vehicular ad hoc networks (VANETs)
[7]. Recently, new proposals on WMN security [8], [9] have
emerged. In [8], the authors describe the specifics of WMNs
and identify three fundamental network operations that
need to be secured.
Blind Signature
Blind signature is first introduced by Chaum [23]. In general,
a blind signature scheme allows a receiver to obtain a
signature on a message such that both the message and the
resulting signature remain unknown to the signer. We refer
the readers to [26] for a formal definition of a blind signature
scheme, which should bear the properties of verifiability,
unlinkability, and unforgeability according to [23].
Brands [27] developed the first restrictive blind signature
scheme, where the restrictiveness property is incorporated
into the blind signature scheme such that the message being
signed must contain encoded information.
PRELIMINARIES
IBC from Bilinear Pairings
ID-based cryptography (IBC) allows the public key of an
entity to be derived from its public identity information
such as name and e-mail address, which avoids the use of
certificates for public key verification in the conventional
public key infrastructure (PKI) [24]. Boneh and Franklin [25]
introduced the first functional and efficient ID-based
encryption scheme based on bilinear pairings on elliptic
curves. Specifically, let G1 and G2 be an additive group and
a multiplicative group, respectively, of the same prime
order p.
Network Architecture
Consider the network topology of a typical WMN depicted
in Fig. 1. The wireless mesh backbone consists of mesh
routers (MRs) and gateways (GWs) interconnected by
ordinary wireless links (shown as dotted curves). Mesh
routers and gateways serve as the access points of the WMN
and the last resorts to the Internet, respectively. The hospital,
campus, enterprise, and residential buildings are instances
of individual WMN domains subscribing to the Internet
services from upstream service providers, shown as the
Internet cloud in Fig. 1. EachWMNdomain, or trust domain
(to be used interchangeably) is managed by a domain
administrator that serves as a trusted authority (TA), e.g.,
the central server of a campus WMN.
[attachment=22321]
INTRODUCTION
WIRELESS Mesh Network (WMN) is a promising technology
and is expected to be widespread due to its lowinvestment
feature and the wireless broadband services it
supports, attractive to both service providers and users.
However, security issues inherent in WMNs or any wireless
networks need be considered before the deployment and
proliferation of these networks, since it is unappealing to
subscribers to obtain services without security and privacy
guarantees. Wireless security has been the hot topic in the
literature for various network technologies such as cellular
networks [1], wireless local area networks (WLANs) [2],
wireless sensor networks [3], [4], mobile ad hoc networks
(MANETs) [5], [6], and vehicular ad hoc networks (VANETs)
[7]. Recently, new proposals on WMN security [8], [9] have
emerged. In [8], the authors describe the specifics of WMNs
and identify three fundamental network operations that
need to be secured.
Blind Signature
Blind signature is first introduced by Chaum [23]. In general,
a blind signature scheme allows a receiver to obtain a
signature on a message such that both the message and the
resulting signature remain unknown to the signer. We refer
the readers to [26] for a formal definition of a blind signature
scheme, which should bear the properties of verifiability,
unlinkability, and unforgeability according to [23].
Brands [27] developed the first restrictive blind signature
scheme, where the restrictiveness property is incorporated
into the blind signature scheme such that the message being
signed must contain encoded information.
PRELIMINARIES
IBC from Bilinear Pairings
ID-based cryptography (IBC) allows the public key of an
entity to be derived from its public identity information
such as name and e-mail address, which avoids the use of
certificates for public key verification in the conventional
public key infrastructure (PKI) [24]. Boneh and Franklin [25]
introduced the first functional and efficient ID-based
encryption scheme based on bilinear pairings on elliptic
curves. Specifically, let G1 and G2 be an additive group and
a multiplicative group, respectively, of the same prime
order p.
Network Architecture
Consider the network topology of a typical WMN depicted
in Fig. 1. The wireless mesh backbone consists of mesh
routers (MRs) and gateways (GWs) interconnected by
ordinary wireless links (shown as dotted curves). Mesh
routers and gateways serve as the access points of the WMN
and the last resorts to the Internet, respectively. The hospital,
campus, enterprise, and residential buildings are instances
of individual WMN domains subscribing to the Internet
services from upstream service providers, shown as the
Internet cloud in Fig. 1. EachWMNdomain, or trust domain
(to be used interchangeably) is managed by a domain
administrator that serves as a trusted authority (TA), e.g.,
the central server of a campus WMN.