SL2R-HT and SL2R- LH: Securing Layer-2 Routing Protocol for WMN

Divya Bansal

Asst. Professor, CSE, PEC University of Technology

Chandigarh, India divya@pec.ac.in

Sanjeev Sofat Professor, CSE, PEC University of

Technology Chandigarh, India

sanjeevsofat@pec.ac.in

Prafulla Kumar Director, Department of Information Technology

Ministry of Communication & Technology. New Delhi, India.

Abstract— Earlier research efforts mainly focused on securing adhoc routing mechanisms. However, recently there has also been growing research interest in studying the security of the medium access control (MAC) and its impact on network performance. The impact will be even more severe in case of multi hop wireless networks. IEEE 802.11s being a multihop technology also derives similar security concerns. It also hence needs to ensure correct route establishment mechanisms, protection of routing information, and security of packet forwarding. In this paper two new schemes have been proposed to protect the IEEE 802.11s (draft) routing protocol: HWMP which is currently defined as the default protocol. The proposed schemes have been implemented in a simulation environment and the results have been compared with the existing protocol.

Keywords-HWMP; Hashing; IEEE 802.11s; Routing;

I. INTRODUCTION Unlike WLAN, mesh networks are self-configuring

systems where each Mesh Point (MP) can relay messages on behalf of others, thus increasing the communication range and available bandwidth. In WLAN, the wireless AP has to be wired to the infrastructure, whereas in WMNs MPs can be connected to the rest of the network by wireless radio links only. WMNs are easy to install, require no cable cost, connections amongst nodes are automatic, offer network flexibility, discovery of newly added nodes, redundancy, and self healing reliability. WMNs are important for distributed applications that cannot rely on a fixed infrastructure, but require instant deployment, dynamism, self-configuration and self-organization. IEEE 802.11s (TG since May 2004) is a draft IEEE 802.11 amendment for mesh networking, defining how wireless devices can interconnect to create a mesh network. IETF did set a mesh networking TG to standardize IEEE 802.11s and the work is still in progress. Even though the standard is not final yet, the main traits of the standard have been already set which includes IEEE 802.11s architecture and routing using MAC addresses. The IEEE 802.11s TG did set HWMP (Hybrid Wireless Mesh Protocol) as a default routing protocol to be present in all 802.11s compliant devices. Besides, airtime has been set a default link quality metric to accompany

HWMP. The standard is now planned to be released in January 2011. Although several standard drafts have been released by 802.11s, many issues still remain unsolved. The conventional WLAN security mechanisms such as WPA2/802.11i are still used as the standardized methods for authentication, access control and encryption between a wireless client and an access point. Since most wireless mesh solutions attempt to retain compatibility with commercial off-the-shelf WLAN client adapters, existing standardized WPA2 mechanisms are commonly retained making IEEE 802.11s inheriting its security framework from 802.11i with certain extensions. Due to the multihop mesh network architecture, security becomes even more challenging as the mesh points have to rely upon each other to make the traffic reach the ultimate destinations through several hops. Due to the architecture and the characteristics of WMN, attacks and consequences become even obvious. WMNs are extremely vulnerable to attacks due to their dynamically changing topology, absence of conventional security infrastructures and open medium of communication, which, unlike their wired counterparts, cannot be secured [9, 10]. In this paper, schemes to enhance security of mandatory routing protocol that facilitates prevention of authentication and integrity related external attacks have been proposed. Section II of the paper discusses the related work while section III describes the primitives of HWMP which is the default routing protocol of IEEE 802.11s (draft). Section IV analyzes the current security vulnerabilities of the protocol. In section V, the design of the two proposed schemes has been described. Section VI discusses the results so obtained after simulating the proposed schemes and also compares the two schemes with the existing protocol in terms of design parameters, security and performance. Finally Section VII concludes the paper.

II. RELATED WORK Current research in the area of security and management in WMN is still in early stages. Several authors have investigated the performance related issues in upcoming IEEE 802.11s standard [8, 11, 12]. Most of the security solutions to the routing protocols have been derived from adhoc networks with little or no modifications [13]. In [14]

2011 IEEE Symposium on Computers & Informatics

978-1-61284-691-0/11/$26.00 ©2011 IEEE 565

the author has introduced wormhole attack which can severely affect the performance of wireless multihop networks. The solution using Packet leashes which employ the use of hash chains and merkle tree has been proposed. In [15] author has identified security issues in WMN where DoS attacks due to vulnerabilities in routing protocols have been investigated. In the paper the authors have described various routing attacks affecting the performance of WMN which include Route Discovery, Route Maintenance and Data Forwarding. In [16] the authors have proposed the use of AODV protocol for routing in WMN with security extensions. The security has been enhanced using symmetric key cryptography with the use of Bloom’s key pre distribution method. However the assumption that a central infrastructure is not available in WMN is invalid thus eliminating the need of proposed key distribution method. In [17] author has proposed a scheme which enhances the security of the HWMP routing protocol. However the approach described in [17] is still prone to replay attacks. Our approach also takes inspiration from the work described in [17] with some modifications to further improve the security of HWMP protocol. Our proposed approach is resistant to all type of attacks currently existing in the literature and does not cause extra overhead as it still uses the existing key hierarchy.

III. HYBRID WIRELESS MESH NETWORK PROTOCOL[1] The Hybrid Wireless Mesh Protocol (HWMP) is a mesh routing protocol that combines the flexibility of on-demand routing with proactive topology tree extensions. The combination of reactive and proactive elements of HWMP enables optimal and efficient path selection in a wide variety of mesh networks (with or without infrastructure). HWMP uses a common set of protocol primitives, generation and processing rules taken from Ad Hoc On Demand (AODV) routing protocol adapted for Layer-2 address-based routing and link metric awareness. AODV forms the basis for finding on-demand routes within a mesh network while additional primitives are used to proactively set up a distance-vector tree rooted at a single root MP. The root role that enables building of topology tree is a configurable option of an MP. HWMP also supports two modes of operation depending on the configuration. These modes are: – On demand mode: this mode allows MPs to

communicate using peer-to-peer routes. The mode is used in situations where there is no root configured. It is also used in certain circumstances if there is a root configured.

– Proactive tree building mode: this can be performed by using either the RREQ or RANN mechanism.

These modes are not exclusive: on demand and proactive modes may be used concurrently. All HWMP modes of operation utilize common processing rules and primitives. HWMP control messages are the Route Request (RREQ), Route Reply (RREP), Route Error (RERR) and Root Announcement (RANN). The metric cost of the links

determines which routes HWMP builds. In order to propagate the metric information between MPs, a metric field is used in the RREQ, RREP and RANN messages. Routing in HWMP uses a sequence number mechanism to maintain loop-free connectivity at all times. Each MP maintains its own sequence number, which is propagated to other MPs in the HWMP control messages.

IV. SECURITY VULNERABILITIES IN HWMP As per the current specification of HWMP protocol, the existing HWMP routing mechanism relies on the fact that all participating mesh entities cooperate with each other without disrupting the operation of the protocol. Without proper protection, the routing mechanism is susceptible to various kinds of attacks which are described as follows: Flooding: Any malicious node which is not present in the network can broadcast the PREQ message to the destination. Hence all the nodes keep on forwarding the PREQ message resulting in poor network performance. Route Disruption: This attack can be launched by a malicious node by modifying the mutable field values. In case a malicious node is present between two victim nodes, it may not allow creating path between them. As an example an attacker node can modify a metric field to zero while passing PREQ to other legitimate node forcing the destination node sending the PREP to pass it through attacker node. The attacker node can now drop the PREP message making the route discovery process to fail completely. Route Diversion: A malicious node can launch a route diversion attack by modifying mutable fields in the routing information elements such as hop count, sequence number and metric field. A malicious node can divert traffic to itself by advertising a route to a destination with a Destination Sequence Number (DSN) greater than the one it received from the destination. Routing Loop: A malicious node can create routing loops in a mesh network by spoofing MAC addresses and modifying the value of the metric field. Current draft P802.11s/3.0, March 2009 does not provide any security measures for securing the HWMP control messages i.e. PREQ, PREP and RANN. The attacks described above are possible in HWMP because the malicious intermediate nodes might get the chance to alter the packet information and resend that packet into the network. It is the mutable fields that can be altered by the intermediate node. So as to provide security in HWMP, the mutable fields of the control packets need to be protected. In case the mutable fields of control messages- PREQ, PREP and RANN are secured using cryptographic techniques, the cost will be very high causing huge overhead to the network as in that case each packet will have to be encrypted and decrypted at each intermediate hop. The information elements in the HWMP contain fields that can be modified in the intermediate routers which we termed as mutable and those that cannot be modified termed as non-mutable fields. Some of the mutable fields are: Hop count field, TTL field, Metric field, Per destination flag.

566

V. SECURING HWMP In order to secure the HWMP protocol, following is proposed:

• Protection of Non Mutable fields: Non-mutable fields which need not be modified at the intermediate hops can be provided end-to-end security by applying any symmetric key encryption technique. Preferably we propose to use the existing key hierarchy i.e. GTK/PTK for protecting the non-mutable fields. The current draft proposes use of GTK/PTK for data frame protection. Hence without causing any additional burden, the same key hierarchy can be used to protect the non mutable fields from source to the destination. • Protection of Mutable fields:

Two different approaches have been proposed to protect the mutable fields in the current work. They are:

1. Tree based Hash Approach 2. Linear Hash Approach In this proposed scheme, the mutable fields of the control messages are protected for authentication and integrity using tree based hash approach. The existing mutable and non-mutable fields are protected to design a secure layer-2 routing. In order to do so, the following has been done: A. Use the existing key distribution of IEEE 802.11s B. Symmetric key encryption is used to protect non-

mutable fields using existing key hierarchy as they need to be decrypted at the final destination only.

C. Demonstrate that the mutable fields can be authenticated at every hop using the concept of hashed tree.

The two approaches are described below:

A. Secure Layer -2 Routing using Hash Tree (sl2r-ht) Merkle Tree [2] approach has been used to formulate the hashed tree. It is a useful technique which can be used to build secure authentication and signature schemes from hash functions. [3]. The approach has also been successfully applied to secure routing in Wireless Sensor Networks (WSN). The µTESLA routing protocol is a popular protocol used for routing information in WSN. The Merkle tree hash is used to distribute and authenticate the parameters used in µTESLA. The method has been found to be efficient as it removes the authentication delay which is otherwise prevalent in many other known schemes. Deriving the similar concerns of introducing extra burden of keying and delays, the same approach has also been applied to protect the information elements of HWMP. A Merkle tree [4-6] is a complete binary-tree that has equipped with a function hash and an assignment function F such that for any interior node n parent and two child node n left and n right, the function F satisfies:

F(n parent ) = hash(F(n left ) & F(n right )). Let the mutable fields of routing information elements that need to be authenticated are Y1, Y2,……Y8. We hash each value Yi into ui with a one-way hash function HAMC using GTK and PTK for broadcast and unicast message

respectively. Such as Ki =h(Yi). Then we assign the hash values to the leaves of the binary tree. To each internal vertex K of this tree, a value is assigned which is computed as the hash of the values assigned to the two children of K such as K12 = h (K1 || K2).

Figure 1: Formation of hash tree

Finally, the value of the root K12345678 is computed which can be used for authentication purposes. The sender can reveal a value Yi that needs to be authenticated along with the values assigned to the siblings of the vertices along the path from Yi to root that is denoted as certification trail in the proposed scheme: cert-trail(Yi). Sender sends these values to the receiver as an extra overhead. To authenticate the information received from the previous hop in the network, the receiver can hash the values of the certification trail in appropriate order to compute the root and create a MAC on the root using the derived key. It can then compare the values of the two MACs, if these two values are found to be the same, then the receiver can be assured that the value Yi is authentic. Otherwise it is believed that the sender is not authenticated to network and mutable fields have been illegitimately modified by the malicious node. The receiver may now drop the entire forged frame received from the malicious sender. This makes the network secured from the external attacks launched by the malicious nodes. Fig.1 denotes a Merkle tree with 8 leaves and 8 leaf pre-images (Y1, Y2,……Y8). Each leaf node is a hash of its corresponding pre-image and each internal node is the hash of the concatenation of two child values. Y5 is the value of the pre-image needs to be verified and the root of the tree is known to be public. Value of Y5 is verified if both the publicly known root (K12345678) and computed roots are

Mutable fields

567

same. The hash function used is a candidate one-way function such as SHA-1 [7]. The proposed scheme is explained with the following example. Consider a wireless mesh network where the route discovery process needs to take place from Source to Destination. Also consider M as the malicious node intending to disrupt the traffic. As per the SL2R-HT scheme, the Source which is a root in our case will initiate RANN broadcast. However, the RANN will be protected by the GTK of the root which is public and is known to all the neighbours. The non mutable fields will be protected using Root GTK and mutable fields using GTK of the Root/intermediate hop. The mutable fields will be authenticated using the certification trail as explained above. In case the values match, the intermediate receiving node will again create a MAC using its own GTK and forward it to its neighbours. The same will be received authenticated to the Destination. The Destination node will now reply with a unicast PREQ and send the same to its next hop after hashing it with its PTK. The process will be repeated at each intermediate hop where the mutable fields are verified and in case the root value matches, the node will again hash it with its PTK and forward it to the next hop. The Source will also receive the PREQ in the same manner. It will not be possible for the malicious node to participate in the route discovery process since the malicious node will neither have the GTK nor the PTK. The on demand mode routing information will also be protected in the same manner.

B. Secure Layer -2 Routing using LinearHash (sl2r-lh) In the unicast control messages there are four mutable fields viz: Hop count, TTL, Metric, Destination Address If these values are sent as it is in the network then there is an open opportunity for the malicious nodes to alter the fields and rebroadcast it into the network as already explained in earlier sections. In order to provide the security, a new scheme is proposed which also protects the mutable fields using hash technique, however over a linear function instead of tree formation.

Figure 2: Formation of Linear Hash

The hashed value will be broadcasted to the network for the integrity check of the packet. Since this value is intercepted by the intermediate nodes and the mutable fields can be easily modified, it is the responsibility of the receiving node to check the packet for integrity. If the packet doesn’t pass through the integrity check then the receiving node will simply drop that packet. The details are explained In SL2R-LH, mutable fields are first concatenated and then HMAC is applied. Since the unicast packets mostly contain four mutable fields, they all will be concatenated as shown in Fig. . Consider four mutable fields Y1, Y2,……Y4, then K1234 = h( Y1 || Y2 || Y3 || Y4) where function h uses GTK

and PTK for broadcast and unicast control frames respectively. Sender appends this value (as an extra overhead) along with the actual frame and sends it to the receiver. In order to authenticate the mutable fields received, the receiver again applies the HMAC on received mutable fields it and compares it with the MAC value received from the sender. In case the two values match, the receiver is assured that the value is received from the authenticated node and in case the value does not match it is believed that the sender is not authenticated to the network and the mutable fields sent by this sender may actually have been the modified ones. The receiver can drop the entire frame received from this forged sender as in this case neither the sender node is said to be authenticated, nor is the integrity of the mutable fields assured. Hence our network remains secure.

VI. SIMULATION RESULTS AND DISCUSSIONS The schemes have been analyzed for security and performance. The security analysis of both the schemes is done below: Preventing Flooding: In the proposed SL2R-HT and SL2R- LH protocols, a node can participate in the route discovery process only if it has successfully establishes a GTK and PTK through key distribution mechanism of 802.11s. Thus it will not be possible for a malicious node to initiate a route discovery process with a destination address that is not in the network. Again, as the PREQ message is encrypted during transmission, a malicious node could not insert new destination address. Preventing Route Disruption: This attack can be launched by any node by modifying the mutable field value. The attacker node if present between two victim nodes does not allow creating path between them. Attacker can modify the metrics field to zero while passing PREQ to other node hence destination node while sending PREP will have to pass it through attacker node. And now attacker node can drop the PREP message never allowing route discovery process. In the proposed SL2R-HT and SL2R- LH protocols, a node can participate in the route discovery process only if it has successfully establishes a GTK and PTK through key distribution mechanism of 802.11s. Thus it is not possible for attacker node to change the metrics value. Preventing Route Diversion: A malicious node can launch a route diversion attack by modifying mutable fields in the routing information elements such as hop count, sequence number and metric field. A malicious node M can divert traffic to itself by advertising a route to a destination with a Destination Sequence Number (DSN) greater than the one it received from the destination. Here also the attacker could not change the mutable fields. So our network is secure. Preventing Routing Loops: Formation of routing loops requires gaining information regarding network topology, spoofing and alteration of routing message. A malicious node can create routing loops in a mesh network by spoofing MAC addresses and modifying the value of the metric field. As malicious node will not have GTK and

Hop Count TTL Metric Destination

Address Concatenated &

Hashed HASH

VALUE

568

PTK. They could not participate in path discovery process. So our network remains secure. To evaluate the performance, the proposed schemes have been implemented in Qualnet 4.5[8] and analyzed for performance. Table: 1 summarizes the status of the nodes configured in the simulation scenario and Table: 2 summarizes other parameters set for the conduct of simulation. Node ID Configuration/Type 11 and 12 Backbone 1 to 10 IEEE 802.11s Mesh Nodes 13 to 18 IEEE 802.11 STA 2 IEEE 802.11s Mesh Portal (Root) 1, 4, 7, 8, 10 IEEE 802.11s Mesh Access points (MAPs)8→10, 15→16, 17→18.

Source Destination Pair sending and receiving CBR pkts

19 to 21 Attacker Nodes

Table 1: Node Configuration Parameter ConfigurationSource of Application CBR No. of Data Packets 512 bytesRate 1 pkt/secSimulation Time 120 secData Packets 100 Time delay between each data packet 1sec Terrain Size 1500m×1500m

Table 2: Simulation Parameters

Each simulation is run ten times with different random seed numbers varying from 1 to 10. The averages are taken to collect statistics and the results are discussed and analyzed in next section. In order to compare HWMP, SL2R-HT and SL2R- LH these approaches were run under identical traffic scenario. We consider the following security and performance metrics: Packet Delivery Ratio: It determines the efficiency of the protocol to discover routes successfully since in the current scenario the attack is launched during the route discovery process. As shown in Figure 3(a), as the no. of malicious activities increase from 0% to 40%, packet delivery ratio reduces for HWMP whereas for SL2R-HT and SL2R- LH protocol it remains nearly constant. The reason for constant data packet received ratio for SL2R-HT and SL2R- LH approach is that both the approaches provide authentication to the mesh nodes during path discovery process and data packets are delivered when a secure path is established in mesh network. Since it is not possible for a malicious node to participate in the network, hence there is no loss of packets due to routing attacks. Throughput: It determines the efficiency of the protocol. As shown in Figure 3(b), as the no. of malicious activity increase from 0% to 40%. Throughput reduces for HWMP

whereas for SL2R-HT and SL2R- LH approaches, it remains to be nearly constant. The reason for constant throughput in case of SL2R-HT and SL2R- LH approach is that they both provide authentication to the mesh nodes during path discovery process and data packets are delivered when a secure path is established in mesh network. This leads to more no. of bits transferred over the network without getting lost due to malicious activity thus guarding the efficiency of the network from falling due to attacks. Avg. End-to-End data packet delay: Average end-to-end delay refers to the average time elapsed from the source to the destination to deliver the packets. Figure 3(c)shows the average end-to-end delay comparison of all the three protocols. As the number of hops increase, the average end-to-end delay of the all three protocol also increases at the same rate. The results show that SL2R-HT and SL2R- LH protocol do not cause any extra overhead on avg. end to end delay between the data packets. Path Discovery Delay: Path discovery delay refers to the delay in formulating path from source to destination. As shown in Figure 3(d) path discovery delay increases in HWMP, SL2R- LH and SL2R-HT in an increasing order. The difference between HWMP and SL2R-LH is almost negligible while the difference between HWMP and SL2R-HT is also quite small . Hence the security of the protocols can be given the preference over the little overhead caused. Also, it can be inferred that the SL2R- LH protocol can be preferred as it is secure as well as efficient when considering common application scenarios. However in case of critical applications demanding high level of security, SL2R-HT can be preferred. Storage Overhead: In the proposed schemes, for a mesh node to be authenticated during routing process control packets need to store some extra storage information. In case of SL2R-HT, the root hash value and Certification trail need to be stored as an overhead while for SL2R- LH protocol, only one hash value needs to be stored in the form of an overhead. Figure 3(e) shows that the storage overhead of SL2R-HT is higher than SL2R- LH. But the difference is small and hence the security of the protocols can be given preference over the little overhead caused. Table:3 summarizes the ccomparison of HWMP,SL2R-HT and SL2R- LH approaches on the basis of protocol design characteristics and Table 4: summarizes the ccomparison of HWMP,SL2R-HT and SL2R- LH approaches for Security, Performance and Control Overhead.

Parameter HWMP SL2R- LH SL2R- HT

Data Packet Received Ratio

Pkt. delivery ratio decreased with

increase in malicious activity.

Remains constant but less

secure than SL2R- HT method.

Remains constant and much

secured than SL2R- LH method.

Path Discovery Delay

Less than SL2R- LH and SL2R- HT

Minimum Little more than SL2R- LH

Throughput Throughput decreases with

increase in malicious activity.

Remains constant

Remains constant

Storage Overhead Less than SL2R- LH and SL2R- HT

Minimum Little more than SL2R- LH

Table 4: Comparison of HWMP,SL2R-HT and SL2R- LH for Security

Performance/ Control Overhead

569

VI. CONCLUSION One of the goals of the present research was to develop an authenticated, reliable and efficient Hybrid Wireless Mesh Protocol for IEEE 802.11s Wireless Mesh Network. To attain so the security vulnerabilities of candidate HWMP protocol were analyzed. The vulnerabilities mainly arise due to the fact that the fields of the routing information elements classified as mutable and non-mutable fields are unprotected in the current protocol and no security mechanism was specified in the current draft. The proposed approaches for securing HWMP protocol Hashed Tree approach (termed as SL2R-HT) and Linear Hash approach (termed as SL2R-LH). Both the approaches protect the non-mutable routing elements using encryption techniques and protect mutable routing elements using hashing techniques. From the results it can be clearly inferred that SL2R- LH method is slightly more efficient than SL2R- HT approach but is found to be broken in case high computation is available. Thus it can be can concluded that SL2R- HT approach is more secure, dependable and robust against the identified attacks, and causes only a small overhead over SL2R- LH.

ACKNOWLEDGMENT This work is done in Cyber Security Research Center (CSRC), PEC University of Technology. The authors would like to thank Government of India, Ministry of Communications and Information Technology, Department of Information Technology, New Delhi, for funding the Project “Design and Development of Dependable, Secure and Efficient Protocol for Wireless Mesh Network(WMN)”, under which this research work has been done.

REFERENCES

[1] IEEE P802.11s™/D3.0, Draft STANDARD for Information Technology— Telecommunications and information exchange between systems— Local and metropolitan area networks— HWMP Specifications.

[2] Merkle, R.C.: “A Certified Digital Signature (subtitle: That Antique Paper from 1979)”. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990).

[3] Donggang Liu, Peng Ning, Security for wireless sensor networks, “Tree based Tesla”, pp 43, 2007

[4] Edney, J. and Arbaugh, W. A – “Real 802.11 security: Wi-Fi Protected Access and 802.11i”, Addison-Wesley 2004

[5] Stephen Asherson, Pieter Kritzinger and Paolo Pileggi - “Wireless Standards and Mesh Networks“ Technical Report, Data Network Architectures Group 2007

[6] Lee, M.J. Jianliang Zheng Young-Bae Ko Shrestha, “Emerging standards for Wireless mesh technology”, Wireless Communications, IEEE, April 2006, On page(s): 56- 63.

[7] FIPS 180-2: Secure Hash Standard (SHS) – Current version of the Secure Hash Standard (SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512), 1 August 2002, amended 25 February 2004.

[8] www.scalable-networks.com [8] Ling He; Jun Huang; Feng Yang, “A noval hybrid wireless routing

protocol for WMNs”, Electronics and Information Engineering (ICEIE), 2010 International Conference On Aug. 2010 , pp: Vol 1:281 - 285

[9] Bansal, D; Sofat, S; “Analysis of Denial of Service Attacks in IEEE 802.11s Wireless Mesh Networks” Springer, LNCS, Social Informatics and Telecommunications Engineering, Information Security and Digital Forensic, ISSN 1867-8211, Volume 41,2010

[10] Bansal, D; Sofat, S; “Security Challenges in Multihop Wireless Mesh Networks - A Survey” International LNCS, Social Informatics and Telecommunications Engineering, Information Security and Digital Forensic, ISSN 1867-8211, Volume 41, pp 92-101, 2010

[11] Garroppo, Rosario G.; Giordano, Stefano; Tavanti, Luca, “Experimental evaluation of two open source solutions for wireless mesh routing at layer two”, 5th IEEE International Conference on Wireless Pervasive Computing (ISWPC), 2010, May 2010, pp : 232 - 237

[12] Kai Yang; Jian-feng Ma; Zi-hui Miao, “Hybrid Routing Protocol for Wireless Mesh Network”, International Conference on Computational Intelligence and Security, 2009. CIS '09, Dec. 2009, pp: 547 - 551

[13] Ping Yi, Tianhao Tong, Ning Liu, Yue Wu, Jianqing Ma, " Security in Wireless Mesh Networking: Challenges & Solutions", Sixth International Conference on Information Technology: New Generations, 2009,pp: 423-428

[14] Hu, Y.-C.; Perrig, A.; Johnson, D.B, " Packet Leashes: A defense against Wormhole Attacks in Wireless Networks", INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. April 2003,vol.3 pp: 1976 - 1986

[15] M.S.Siddiqui, Choong Seon Hong, " Security Issues in Wireless Mesh Networks", In Proc. of IEEE International Conference on Multimedia & Ubiquitous Engineering (MUE'07), 2007

[16] Celia Li, Zhuang Wang and Cungang Yang, “SEAODV: A Security Enhanced AODV Routing Protocol for Wireless Mesh Networks”, TRANSACTIONS ON COMPUTATIONAL SCIENCE XI Lecture Notes in Computer Science, 2010, Volume 6480/2010, 1-16

[17] M.S. Islam, Y.J. Yoon, M.A. Hamid and C.S. Hong, " A Secure Hybrid Wireless Mesh Protocol for 802.11s mesh network, " In Proc. of ICCSA 2008, LNCS 5072, pp 972-985, 2008

Parameter HWMP SL2R- LH SL2R-HT Key Hierarchy ------- GTK, PTK GTK, PTK Concatenation ------- At the base level Tree to calculate root valueSecurity ------- GTK, PTK GTK, PTK Algorithms used ------- MD5 MD5, SHA1Integrity Check ------- Concatenate and

then encrypt withHMAC using GTK, PTK as key

Tree formation,concatenated and thenencrypt with HMAC usingGTK, PTK as key

Formation ------- Linear Hash Hashed Tree

Table 3: Comparison of HWMP,SL2R-HT and SL2R- LH on the basis of protocol design characteristics

570

Figure 3:Performance Analysis of HWMP,SL2R-HT and SL2R- LH : (a) Packet delivery ratio (b) Throughput (c) E2E Delay (d) Path doscovery delay (e) Storage Overhead.

(a) (b)

(c) (d)

(e)

571