FSASD: A framework for establishing security associations for sequentially deployed WMN

Wireless Mesh Networks (WMN) mainly consist of an infrastructure of mesh routers (MRs) that are wirelessly interconnected. In many application scenarios these MRs are placed in publicly accessible places and may therefore be compromised by an attacker. Any security framework for WMNs should thus be able to cope with compromised mesh routers. In addition, mesh clients (MCs) are often assumed to be able to route traffic for each other. Such routing MCs, as well as compromised MRs, may try to eavesdrop on and manipulate any type of traffic flowing through them. As a consequence end-to-end protection of all communication in the mesh has to be ensured. Neither the upcoming standard 802.11s nor prior research proposals of security frameworks adequately address this challenge. In addition, many research proposals are incompatible to the upcoming standard therefore only have a slight chance of getting widely used with commercially available devices. In this paper we propose a comprehensive framework for securing wireless mesh networks that is fully compatible to the upcoming 802.11s. The framework enables the efficient establishment of all security associations required for end-to-end protection of the different traffic types in the mesh. In addition, the framework supports secure proactive handovers. We implemented the entire framework in our WMN testbed and present the performance results in this paper.