Wireless Mesh Networks (WMNs) represent one of the key technologies that are used to cope with the increasing demand of ubiquitous connectivity and the accompanying hunger for bandwidth. Due to their wireless nature WMNs are very flexible in their deployment. However, flexibility often comes at the price of security. WMNs have to be secured against external, as well as against internal attackers. Special attention has to be paid to all communication patterns in the network, since otherwise no comprehensive security can be achieved. This thesis proposes a comprehensive security architecture for WMNs that ex- tends standardized mechanisms such as the Extensible Authentication Protocol (EAP), the Remote Dial-in User Service (RADIUS), IEEE 802.11i, and the Internet Protocol Security (IPsec) suite. We compose an architecture that allows to bootstrap secu- rity associations based on an extensible key hierarchy. Besides enabling secure communication between authenticated devices, our architecture is generalized to support multi-operator scenarios. This also includes completely new concepts such as mixed-networks in which network operators cooperate in running a converged network. Our comprehensive security architecture is augmented by handover pro- tocols that enable network clients, but also the network infrastructure, to hand over from one point of network attachment to the next. The complete architecture has also been evaluated using a live, custom-built WMN testbed based on off-the-shelf hardware. This underlines the feasibility and practicality of the work put forth in this thesis.
展开▼
