A Novel Compromise-Resilient Authentication System for Wireless Mesh Networks

User authentication is essential in service-oriented communication networks to identify and reject any unauthorized network access. The state-of-the-art practice in securing wireless networks is based on the technique of authentication, authorization and accounting (AAA) framework where an AAA server is adopted to authenticate mobile users (MUs), handle authorization requests, and collect accounting data. However, the traditional AAA framework is by way of a single authentication server, and cannot tolerate AAA server failure due to various malicious attacks such as denial-of-service (DoS) attack, or any other failure event such that the authentication server is compromised due to misuse, misconfiguration and malicious access, etc. Thus, a more resilient approach is to adopt multiple authentication servers, where any authentication request is handled by more than one authentication servers in order to resist any compromise event of an authentication server. To meet this design objective, we introduce a novel compromise-resilient authentication system based on (t, n) threshold signature technique. With the proposed system, only t or more out of n authentication servers can cooperatively allow a MU to have network access, and any t-1 or less cannot. Case study of reliability analysis is conducted to demonstrate the effectiveness of the system. The proposed authentication system is expected to particularly contribute to wireless mesh networking (WMN) in metropolitan areas where thousands of nodes may coexist and are managed under a single control plane such that duplicated AAA servers are necessary.