16

CHAPTER II

LITERATURE REVIEW

2.1 HWMP

Hybrid routing protocol uses distance vector routing algorithm to discover best

route to reach the destination and it will distribute the routing information when there is

any changes occur in the topology of the network. Hybrid routing protocols uses only less

power and memory when compared with link state routing algorithm. Hybrid wireless

mesh protocol (HWMP) is a basic wireless mesh network protocol. It is based on the

AODV and tree based routing. The drawback of HWMP is it does not consider the

security related problems.

ARAN

Authenticated routing for ad hoc networks (ARAN) is an on demand routing

protocol that provides authentication of route discovery, route setup, and route path

maintenance using cryptographic certificates. It can detect and protect against malicious

attackers without requiring any predeployed network infrastructure. However, it assumes

a small amount of prior security coordination among the nodes. A trusted certificate

server is used whose public key is assumed to be known to all nodes. On joining the

network, each node receives a certificate issued by the trusted server. The certificate

received by a node contains the IP address of the node, the public key of the node, the

17

timestamp of creation of the certificate and the time at which the certificate would expire.

A node uses its certificate for authenticating itself during the routing process. At the time

of route discovery, a node broadcasts a signed route discovery packet (RDP).

The RDP includes the IP address of the destination node, the certificate of the

source node, a nonce, and a timestamp. The RDP is signed by the private key of the

source node. Each node in the route discovery path validates the signature of the previous

node, removes the certificate and the signature of the previous node, and records the IP

address of the previous node. The node then signs the original contents of the packet,

appends its own certificate and forwards the message after signing it with its private key.

When the RDP reaches the intended destination node, the node creates a route reply

packet (REP) and unicasts it back along the reverse path. The REP includes an identifier

of the packet type, the IP address of the source, its certificate, the nonce, and the

associated timestamp that was initially sent by the source node. On receiving the REP,

the source node verifies the signature of the destination node, and the nonce. An error

message (ERR) is generated if the timestamp or nonce does not match the requirements

or if the certificate fails in the authenticity validation process. ARAN is a secure protocol

that can prevent a number of attacks such as unauthorized participation of nodes, spoofed

route signaling, spurious routing messages, alteration of routing packets, manipulation of

the TTL values in the packets, and replay attacks. However, it is vulnerable to DoS

attacks which are launched by flooding the network with bogus control packets. Since

signature verification for each packet is required, the attacker can force a node to discard

some of the control packets if the node cannot verify the signatures at the rate which is

18

equal to or greater than the rate at which the attacker is injecting the bogus control

packets.

ARIANDE

Ariande is a secure on-demand routing protocols which uses the TESLA broadcast

authentication routing protocol to provide security. TESLA provide authentication while

broadcasting a message, it adds the Message Authentication Code (MAC). All the

receivers should know MAC verification key for verification. The major disadvantage of

this protocol is the route request message is not authenticated before it reaches the

destination. So, the adversary can initiate route request flooding attack.

2.2 Secure efficient ad hoc distance vector (SEAD) routing protocol

The secure efficient ad hoc distance vector (SEAD) is a secure and proactive ad

hoc routing protocol based on the destination-sequenced distance vector (DSDV) routing

protocol. The protocol deploys a one-way hash function for computing the hash chain

elements which are used to authenticate the sequence numbers and the metrics of the

update messages of the routing tables. The protocol ensures a mutual authentication

between a source and a destination pair. The source of each routing table update message

is also authenticated so as to prevent creation of any possible routing loop by an attacker

which may try to launch an impersonation attack. Although the hash chains are useful for

authenticating the metric and the sequence number, they are not sufficient for defending

against a malicious node which can advertise the same distance and sequence number

that the node has received. To defend against such malicious nodes, hash tree chains are

19

used in conjunction with packet leashes, in which the address of the authenticator is tied

with the address of the sender node. This prevents an attacker from replaying to an

authenticator that it hears in its neighborhood. The protocol uses TESLA TIK for shared

key distribution among each pair of nodes in the network. SEAD can defend against

routing loop attack if the loop does not contain more than one attacker. The protocol is

simple and easy to implement by making a slight modifications to the DSDV protocol.

The use of one-way hash chain for authentication reduces the computational complexity.

The main drawback of the protocol, however, is the requirement of a trusted entity for

distribution and maintenance of the verification element of each node. The trusted entity

can also be a single-point-of failure in the protocol operation.

2.3 Security-aware ad hoc routing (SAR) protocol

The security-aware ad hoc routing (SAR) protocol uses security as one of the key

metrics in the route discovery and maintenance operations, and provides a framework for

enforcing and measuring the attributes of the security metric. Unlike traditional routing

protocols which utilize distance (measured by the hop-counts), location, power and other

metrics for routing path determination, SAR uses security attributes (such as trust values

and trust relationships among nodes) in order to define a routing metric. SAR extends on-

demand ad hoc routing protocols such as AODV or DSR in order to incorporate the

security metric into the route discovery messages. The protocol ensures that an

intermediate node that receives an RREQ packet can process or forward it only if the

20

node can provide the required security or has the required authorization and trust level. If

the node cannot provide the required security, the RREQ packet is dropped. If an end-to-

end path with the required security attributes can be found, a suitably modified RREP

message is sent from an intermediate node or the destination node. The security metric of

SAR can be specified by a hierarchy of trust among the nodes. In order to define the trust

levels, a key distribution or secret sharing mechanism is utilized in which the nodes

belonging to a particular trust level share a key among them. Since the nodes of different

security levels do not share any key, they cannot decrypt or process routing packets. SAR

allows an application to choose its required level of security. However, the protocol

needs different keys for different levels of security. Hence, with the increase in the

number of security levels to be maintained, the number of keys to be managed also

increases leading to an increase in storage and computational overheads.

2.4 Secure ad hoc on-demand distance vector (SAODV) routing protocol

The secure ad hoc on-demand distance vector (SAODV) routing protocol is a

secure extension of the AODV protocol. The main objective of SAODV is to ensure

integrity, authentication, and non-repudiation of the messages used in the AODV

protocol. SAODV uses two mechanisms to secure routing messages: (i) digital signatures

to authenticate the non-mutable fields of the messages, and (ii) hash chains to secure the

hop count field which is the only mutable\ information in the packets. Since the protocol

uses asymmetric cryptography for digital signatures, a key management mechanism is

needed for enabling a node to acquire and verify the public key of other nodes in the

21

network. SAODV uses the following additional fields in a routing packet header: (i) the

hash function field identifies the one-way hash function used for securing the hop-count

information, (ii) max hop count is a counter that specifies the maximum number of nodes

a packet is allowed to go through, (iii) top hash field is the result of the application of the

hash function on the max hop count times to a randomly generated number, and (iv) hash

field is the random number used for routing. Each time a node sends an RREQ or an

RREP message, it generates a random number and sets the value of the max hop count

field same as the time to live (TTL) field in the IP header. The node then sets the hash

field with the random number and also sets the identifier field of the hash function.

Finally, the node computes the top hash by hashing the random number max hop count

times. The protocol enables the receiver node to verify the hop count of each message by

applying the hash function (maximum hop count – hop count) times to the value in the

hash field. If the computed hash value and the value in the top hash field match, the hop

count is successfully verified. Each time an RREQ message is rebroadcasted or an RREP

is forwarded, the node has to apply the hash function to the hash field. Digital signatures

are used to sign every field except the hop count and the hash field. Although the use of

hash function and digital signature makes the scheme secure, the intermediate nodes

cannot reply to an RREQ message if they have a fresh route to the destination node in

their caches. In order to overcome this problem, the authors propose two solutions. The

first solution does not allow the intermediate nodes to respond to a RREQ message and

make then simply forward the RREQ message, since they cannot sign the message on

behalf of the destination node. The second solution involves addition of a signature that

22

can be used by intermediate nodes to reply to an RREQ by the node that originally

created the RREQ. The route error (RERRs) messages are secured using digital

signatures. A node that generates or forwards an RERR message, signs the whole

message (except the destination sequence number) using its shared key with its neighbor

node. Since the destination node does not authenticate the destination sequence number, a

node should not update the destination sequence numbers of the entries in its routing

table based on the RERR messages. The performance characteristics of SAODV are

similar to those of the AODV protocol. However, the communication overhead in

SAODV increases very rapidly with increase in mobility of the nodes due to the use of

expensive asymmetric cryptographic operations.

2.5 Secure routing protocol (SRP)

The secure routing protocol (SRP) is a secure extension that can be applied to

many of the existing routing protocols especially to the DSR protocol. The protocol

requires the existence of a security association (SA) between a source-destination pair.

This security association is utilized to establish a shared secret key between the two

nodes. The protocol appends a header to each routing packet. The source node sends an

RREQ with a query sequence (QSEQ) number which is used by the destination node to

check whether the RREQ is outdated or valid, a random query identifier (QID) that

identifies the specific request, and the output of a keyed hash function. The input to the

function is the IP header, the header of the base protocol, and the shared secret key

between the pair of nodes. The RREQ message generated by the source node is protected

by a message authentication code (MAC) computed using the shared key between the

23

source-destination pair. The RRQEs are broadcast to all the neighbors of the source node.

Each neighbor that receives the RREQ for the first time appends its identifier to the

RREQ and further broadcasts it in the network. All nodes maintain a priority ranking of

its neighbors based on the rate at which the queries are generated from them. Higher

priorities are assigned to nodes which generate queries at lower rates. The destination

node checks the validity of the query and verifies its integrity and authenticity by

computing and matching the keyed hash value. If the query is found to be valid and if it

passes the integrity and authentication verification tests, the destination node generates a

number of replies (RREPs) using different routes. This protects against attacks from

malicious nodes that may attempt to modify the RREPs. An RREP includes the entire

path from the source to the destination, the query sequence (QSEQ) number, and the

query identification (QID) number. The integrity and authenticity of an RREP message is

done using message authentication code in the same manner as in case of an RREQ

message. Route maintenance is done using route error messages. The route error

messages are source-routed along the path which is reported to be broken by an

intermediate node. When the notified node receives a route error packet, it compares the

route followed by the packet with the prefix of the corresponding route as reported in the

route error packet. However, this approach has a security loophole since a fabricated

route error attack can be easily launched by a malicious node. SRP is a light-weight

protocol that can be easily implemented on a base routing protocol. However, as

mentioned earlier, it cannot prevent unauthorized modifications of routes by malicious

nodes.

24

2.6 ARIADNE: a secure on-demand routing protocol for ad hoc networks

Ariadne is a secure on-demand routing protocol that is an extension of the

dynamic source routing (DSR) protocol. In contrast to the SEAD protocol which is based

on hop-by-hop authentication and message integrity, Ariadne assumes an end-to-end

security approach. The protocol assumes the existence of a shared secret key between a

pair of nodes and uses a message authentication code (MAC) for authenticating messages

using this secret key. In fact, Ariadne proposes three schemes for authentication of

messages: (i) authentication between two nodes using their shared secret key, (ii) shared

secrets between communicating nodes combined with broadcast authentication using

TESLA and (iii) digital signatures. In TESLA, a sender node generates a one-way key

chain and defines a schedule based on which the keys are disclosed in the reverse order of

their generation. This makes time synchronization a critical requirement for Ariadne. In

the route discovery phase, the source node sends an RREQ message that includes the IP

address of the source node, an ID that identifies the current route discovery process, a

TESLA time interval for indicating the expected arrival time of the request to the

destination, a hash chain that includes the address of the source node, the destination

node address, the ID of the destination, and two empty lists – a node list and a MAC list.

A neighbor, node on receiving the RREQ message, first checks the validity of the TESLA

time interval so that the time interval is not too far in the future and its corresponding

keys are not disclosed yet. A request with an invalid time interval is dropped by the

neighbor nodes. If the time interval is valid, then the neighbor node inserts its address in

25

the node list, replaces the hash chain with a new one that contains the address of the

neighbor nodes along with the addresses of the nodes in the previous hash chain, and

appends a message authentication code (MAC) of the entire packet to the MAC list. The

MAC is computed using the TESLA key that corresponds to the time interval of the

RREQ message. The neighbor node then broadcasts the RREQ message further in the

network. The destination node buffers the RREQ and checks for its validity. An RREQ is

considered to be valid if the keys with respect to the specified time interval have not yet

been disclosed, and if the included hash chain can be verified. If the RREQ message is

found to be valid, the destination node generates and broadcasts an RREP message. An

RREP message contains all the fields of an RREQ message. In addition, it also contains a

target MAC field and an empty key list. The target MAC field is filled in using the

computed MAC of the preceding fields of the RREP message and the key that the

destination shares with the initiator node. The RREP message is forwarded back to the

initiator along the reverse path included in the node list as specified by the DSR protocol.

An intermediate node, on receiving the RREP message, waits until the specified time

interval allows it to disclose its key. On expiry of the specified time interval, the

intermediate node discloses the key and appends the RREP to the key list and forwards

the message to the next node. Upon receiving an RREP message, the initiator node

verifies the validity of each key in the key list, checks the authenticity of the target MAC,

and each MAC in the MAC list. The route maintenance in Ariadne is done in a similar

manner as in DSR protocol. A node forwarding a packet to the next hop along the source

route returns an RERR message to the packet’s original sender if it is unable to deliver

26

the Packet to the next hop after a limited number of retransmission attempts. The most

critical requirement for the operation of the Ariadne protocol is the existence of a clock

synchronization mechanism. The base Ariadne protocol is vulnerable to wormhole attack

have proposed a security solution to defend against the wormhole attack using a

mechanism called packet leashes.

2.7 Safeguarding Mutable Fields in AODV Route Discovery Process

Assuring cryptographic integrity of mutable fields in any on-demand ad hoc

routing protocol is more challenging than that of non mutable fields. We propose an

efficient authentication strategy for this purpose, which leverages a recently proposed

broadcast encryption (BE) scheme. We investigate some shortcomings of SAODV, a

popular secure extension of the ad hoc on-demand distance vector (AODV) protocol and

suggest some modifications to the protocol to overcome the shortcomings. The

modifications include proactive maintenance of a secure reliable delivery neighborhood

(RDN) by each node and the use of the BE based authentication strategy for mutable

fields.

This proposed a routing protocol that requires that all communications between

one-hop neighbors be encrypted by using a group secret. A node A provides a secret KA

to all its neighbors. While such an approach can keep external attackers a bay, the

protocol is susceptible to attacks by malicious internal nodes which can increase or

decrease the hop count employ one-hop and two-hop group secrets to facilitate two-hop

27

authentication. In their approach nodes proactively determine the two-hop topology and

securely de liver a two-hop group secret to every two-hop neighbor. Two-hop

neighborhood information is obtained by each node by exchanging their neighbor lists

periodically. The use of one hop secrets can prevent external attackers from participating

in the network (as packets not encrypted or authenticated with the group secret will be

dropped). One-hop secrets can also be used to protect the RREQ relayed by a node from

nodes not in its RDN, by encrypting the RREQ with the group secret.

For the proposed protocol we shall refer to as SAODV 2 (where 2 indicates the

use of two-hop authentication) we assume 1) an offline KDC who distributed secrets /

public values to every node to facilitate establishment of pair wise secrets between nodes;

2) an offline KDC who has distributed authentication and verification secrets of a MSBE

scheme (like A-RPS) to every node; and 3) a public / private key pair and a certificate

signed by an off-line certificate authority (CA) for every node (along with an authentic

copy of the public key of the CA). In SAODV-2 every node proactively maintains a

secure RDN by providing a group secret to every node in the RDN. We shall represent

the RDN secret of node A by KA, which is randomly chosen by A and delivered to all

nodes in its RDN by encrypting KA with pair wise secrets. This RDN secret can also be

used to cut off some nodes from their RDN if they are suspected of misbehavior.

2.8 Secure Data Transition over Multicast Routing In Wireless Mesh network

Multicast routing for wireless mesh networks has focused on metrics that

estimate link quality to maximize throughput. Nodes must collaborate in order to

28

compute the path metric and forward data. The assumption that all nodes are honest and

behave correctly during metric computation, propagation, and aggregation, as well

as during data forwarding, leads to unexpected consequences in adversarial

networks where compromised nodes act maliciously. In high-throughput multicast

protocol in wireless mesh networks we identify novel attacks in wireless mesh

networks. The attacks exploit the local estimation and global estimation of metric to

allow attackers to attract a large amount of traffic. We show that these attacks are very

effective against multicast protocols based on high-throughput metrics. We can say

that aggressive path increases attack effectiveness in the absence of defense

mechanism. Our approach to defend against the identified attacks combines

measurement-based detection and accusation-based reaction techniques. The solution

also accommodates transient network variations and is resilient against attempts to

exploit the defense mechanism itself. A detailed security analysis of our defense

scheme establishes bounds on the impact of attacks. We demonstrate both the

attacks and our defense using ODMRP, a representative multicast protocol for wireless

mesh networks, and SPP, an adaptation of the well-known ETX unicast metric to the

multicast setting.

In this work, we study the security implications of using high-throughput metrics.

We focus on multicast in a wireless mesh network environment because it is a

representative environment in which high-throughput metrics will be beneficial.

Although the attacks we identify can also be conducted in unicast, the multicast setting

29

makes them more effective and, at the same time, more difficult to defend against. We

focus on mesh-based multicast protocols as they have the potential to be more resilient to

attacks. We use ODMRP as a representative protocol for wireless mesh networks and

SPP, a metric based on the well-known ETX unicast metric, as a high-throughput

multicast metric. We selected SPP since it was shown to outperform all the other

multicast metrics for ODMRP. Our approach to defend against the identified attacks

combines measurement-based detection and accusation-based reaction techniques.

The solution also accommodates transient network variations and is resilient against

attempts to exploit the defense mechanism itself we limit the number of

accusations that can be generated by a node. A detailed security analysis of our defense

scheme establishes bounds on the impact of attacks.

2.9 Secure Routing for Wireless Mesh Networks

This paper describes a Security Enhanced AODV routing protocol for wireless

mesh networks (SEAODV). SEAODV employs Blom’s key pre-distribution scheme to

compute the pair wise transient key (PTK) through the flooding of enhanced HELLO

message and subsequently uses the established PTK to distribute the group transient key

(GTK). PTK and GTK are used for authenticating unicast and broadcast routing

messages respectively. In wireless mesh networks, a unique PTK is shared by each pair

of nodes, while GTK is shared secretly between the node and all its one-hop neighbors. A

message authentication code (MAC) is attached as the extension to the original AODV

routing message to guarantee the message’s authenticity and integrity in a hop-by-hop

30

fashion. Security analysis and performance evaluation show that SEAODV is more

effective in preventing identified routing attacks and outperforms ARAN and SAODV in

terms of computation cost and route acquisition latency. In this paper, we present

SEAODV, a security enhanced version of AODV. We utilize PTK and GTK keys to

protect the unicast and broadcast routing messages respectively to ensure that the route

discovery process between any two nodes in WMN is secure. We apply BLOM’s key

pre-distribution scheme in conjunction with the enhanced HELLO message to establish

the PTK and use the established PTK to distribute GTK to the node’s one-hop neighbors

throughout the entire network. We also identify various attacking scenarios specifically

happened in AODV and present security analysis to prove that our proposed SEAODV is

able to effectively defends against most of those identified attacks. Our Scheme is

lightweight and computationally efficient due to the symmetric cryptographic operations

(e.g., MAC). In addition, SEAODV supports a hop-by-hop authentication as well.

2.10 Wireless mesh networks: a survey

Wireless mesh networks (WMNs) consist of mesh routers and mesh clients, where

mesh routers have minimal mobility and form the backbone of WMNs. They provide

network access for both mesh and conventional clients. The integration of WMNs with

other networks such as the Internet, cellular, IEEE 802.11, IEEE 802.15, IEEE 802.16,

sensor networks, etc., can be accomplished through the gateway and bridging functions in

the mesh routers. Mesh clients can be either stationary or mobile, and can form a client

mesh network among themselves and with mesh routers. WMNs are anticipated to

31

resolve the limitations and to significantly improve the performance of ad hoc networks,

wireless local area networks (WLANs), wireless personal area networks (WPANs), and

wireless metropolitan area networks (WMANs). They are undergoing rapid progress and

inspiring numerous deployments. WMNs will deliver wireless services for a large variety

of applications in personal, local, campus, and metropolitan areas. Despite recent

advances in wireless mesh networking, many research challenges remain in all protocol

layers. This paper presents a detailed study on recent advances and open research issues

in WMNs. System architectures and applications of WMNs are described, followed by

discussing the critical factors influencing protocol design. Theoretical network capacity

and the state-of-the-art protocols for WMNs are explored with an objective to point out a

number of open research issues. Finally, test-beds, industrial practice, and current

standard activities related to WMNs are highlighted.

Multi-hop wireless network. An objective to develop WMNs is to extend the

coverage range of current wireless networks without sacrificing the channel capacity.

Another objective is to provide non-line-of-sight (NLOS) connectivity among the users

without direct line-of-sight (LOS) links. To meet these requirements, the mesh-style

multi-hopping is indispensable, which achieves higher throughput without sacrificing

effective radio range via shorter link distances, less interference between the nodes, and

more efficient frequency re-use. Support for ad hoc networking, and capability of self-

forming, self-healing, and self-organization. WMNs enhance network performance,

because of flexible network architecture, easy deployment and configuration, fault

32

tolerance, and mesh connectivity, i.e., multipoint-to-multipoint communications. Due to

these features, WMNs have low upfront investment requirement, and the network can

grow gradually as needed. Mobility dependence on the type of mesh nodes. Mesh routers

usually have minimal mobility, while mesh clients can be stationary or mobile nodes.

Multiple types of network access. In WMNs, both backhaul access to the Internet and

peer-to-peer (P2P) communications are supported. In addition, the integration of WMNs

with other wireless networks and providing services to end-users of these networks can

be accomplished through WMNs. Dependence of power-consumption constraints on the

type of mesh nodes. Mesh routers usually do not have strict constraints on power

consumption. However, mesh clients may require power efficient protocols. As an

example, a mesh-capable sensor requires its communication protocols to be power

efficient. Thus, the MAC or routing protocols optimized for mesh routers may not be

appropriate for mesh clients such as sensors, because power efficiency is the primary

concern for wireless sensor networks. Compatibility and interoperability with existing

wireless networks. For example, WMNs built based on IEEE 802.11 technologies must

be compatible with IEEE 802.11 standards in the sense of supporting both mesh-capable

and conventional Wi-Fi clients. Such WMNs also need to be inter-operable with other

wireless networks such as WiMAX, Zig-Bee, and cellular networks.

Throughput Maximization in Wireless Mesh Networks and its Applications

Wireless mesh networks (WMNs) consist of mesh routers and mesh clients, where

mesh routers have minimal mobility and form the backbone of WMNs. They provide

33

network access for both mesh and conventional clients. This paper considers the

interaction between channel assignment and distributed scheduling in multi-channel,

multi radio Wireless Mesh Networks (WMNs). Recently, a number of distributed

scheduling algorithms for wireless networks have emerged. Due to their distributed

operation, these algorithms can achieve only a fraction of the maximum possible

throughput. As an alternative to increasing the throughput fraction by designing new

algorithms, we present a novel approach that takes advantage of the inherent multi-radio

capability of WMNs. We show that this capability can enable partitioning of the network

into subnet works in which simple distributed scheduling algorithms can achieve 100%

throughput. The partitioning is based on the notion of Local Pooling. Using this notion,

we characterize topologies in which 100% throughput can be achieved distributedly with

algorithms, which characterized in Dijkstra and KBR (Key based routing) and also in this

paper, we will discuss the applications of WMNs. Emerson process management comes

under the industrial automation applications of WMNs using Wireless Hart and

Emerson’s smart wireless extreme applications. It is a secure and TDMA-based wireless

mesh networking technology operating in the 2.4 GHz ISM radio band. Wireless HART

is a newly developed industrial standard network by the Hart Communication Foundation

(HCF), which is being currently replacing the existing HART network in the industries.

The HART communication protocol is an open standard, master-slave token passing

network protocol, where devices are connected over 4-20 mA analog loop. Process

monitoring improving the overall efficiency of our plant, we can reduce costs and

improve throughput.

34

The main advantage of this study is to reduce the time and space complexity through

network partitioning. The mesh routers are usually equipped with multiple wireless

interfaces operating in orthogonal channels. Mesh routers are rarely mobile and usually

do not have power constraints. The issues of channel allocation, scheduling, and

routing in WMNs, assuming that the traffic statistics are given. Obtaining a

centralized solution wireless network does not seem to be feasible, due to the

communication overhead associated with continuously collecting the queue backlog

information, and due to the limited processing capability of the nodes. On the

other hand, distributed algorithms usually provide only approximate solutions,

resulting in significantly reduced throughput. Setting up a routing path in a very large

wireless network may take a long time, and the end-to-end delay can become large.

Furthermore, even when the path is established, the node states on the path may

change. Thus, the scalability of a routing protocol is critical in WMNs.

The control network bridging and field data backhaul, to video process

monitoring and plant surveillance, Emerson’s Smart Wireless technology puts valuable

information within reach-easily and cost-effectively to give us better insights into

what’s happening in our operation. By improving the overall efficiency of our plant,

you can reduce costs and improve throughput. Yet process variability can rob us of

our desired efficiency. Emerson’s Smart Wireless helps you easily and cost-effectively

deploys the predictive intelligence needed to reduce variability and improve overall

efficiency. Most plants can increase throughput by running closer to what the

35

process and equipment are capable of, taking advantage of capacity previously

hidden by less-than-optimum performance. The digital intelligence integrated into

every level of Plant Web architecture enables you to improve throughput. Improving

throughput positions any organization for greater return and competitiveness,

regardless of market condition. When capacity constrained, you can produce more with

existing assets. When market-limited, you can achieve your target output with fewer

operating units.

Secure High-Throughput Multicast Routing in Wireless Mesh Networks

Recent work in multicast routing for wireless mesh networks has focused on

metrics that estimate link quality to maximize throughput. Nodes must collaborate in

order to compute the path metric and forward data. The assumption that all nodes are

honest and behave correctly during metric computation, propagation, and aggregation, as

well as during data forwarding, leads to unexpected consequences in adversarial networks

where compromised nodes act maliciously. In this work we identify novel attacks against

high-throughput multicast protocols in wireless mesh networks. The attacks exploit the

local estimation and global aggregation of the metric to allow attackers to attract a large

amount of traffic. We show that these attacks are very effective against multicast

protocols based on high-throughput metrics. We conclude that aggressive path selection

is a double-edged sword: While it maximizes throughput, it also increases attack

effectiveness in the absence of defense mechanisms. Our approach to defend against the

identified attacks combines measurement-based detection and accusation-based reaction

36

techniques. The solution also accommodates transient network variations and is resilient

against attempts to exploit the defense mechanism itself. A detailed security analysis of

our defense scheme establishes bounds on the impact of attacks. We demonstrate both the

attacks and our defense using ODMRP, a representative multicast protocol for wireless

mesh networks, and SPP, an adaptation of the well- known ETX unicast metric to the

multicast setting.

In this work, we study the security implications of using high-throughput metrics.

We focus on multicast in a wireless mesh network environment because it is a

representative environment in which high-throughput metrics will be beneficial. Although

the attacks we identify can also be conducted in unicast, the multicast setting makes them

more effective and, at the same time, more difficult to defend against. We focus on mesh-

based multicast protocols as they have the potential to be more resilient to attacks. We

use ODMRP as a representative protocol for wireless mesh networks and SPP, a metric

based on the well-known ETX unicast metric, as a high-throughput multicast metric. We

selected SPP since it was shown to outperform all the other multicast metrics for

ODMRP. To the best of our knowledge, this is the first paper to examine vulnerabilities

of high-throughput metrics in general, and in multicast protocols for wireless mesh

networks in particular. Significant work focused on the security of unicast wireless

routing protocols. Several secure routing protocols resilient to outside attacks were

proposed in the last few years such as Ariadne, SEAD, ARAN, and the work. Wireless

specific attacks such as flood rushing and worm-hole were identified and studied. RAP

37

prevents the rushing attack by waiting for several flood requests and then randomly

selecting one to forward, rather than always forwarding only the first one. Techniques to

defend against wormhole attacks include Packet Leashes which restricts the maximum

transmission distance by using time or location information, True link which uses MAC

level acknowledgments to infer if a link exists or not between two nodes, and the work in,

which relies on directional antennas. The problem of insider threats in unicast was

studied in Watchdog detects adversarial nodes by having each node monitors if its

neighbors forward packets to other destinations. SDT and Ariadne use multi-path routing

to prevent a malicious node from selectively drop-ping data. ODSBR provides resilience

to colluding Byzantine attacks by detecting malicious links based on an

acknowledgment-based feedback technique.

2.11 Routing protocols in wireless mesh networks: challenges and design

considerations

Wireless Mesh Networks (WMNs) are an emerging technology that could

revolutionize the way wireless network access is provided. The interconnection of access

points using wireless links exhibits great potential in addressing the Blast mile

connectivity issue. To realize this vision, it is imperative to provide efficient resource

management. Resource management encompasses a number of different issues, including

routing. Although a profusion of routing mechanisms has been proposed for other

wireless networks, and the unique characteristics of WMNs (e.g., wireless backbone)

suggest that WMNs demand a specific solution. To have a clear and precise focus on

38

future research in WMN routing, the characteristics of WMNs that have a strong impact

on routing must be identified. Then a set of criteria is defined against which the existing

routing protocols from ad hoc, sensor, and WMNs can be evaluated and performance

metrics identified. This will serve as the basis for deriving the key design features for

routing in wireless mesh networks. Thus, this paper will help to guide and refocus future

works in this area.

Delivering on QoS guarantees requires a strong resource management frame-work,

starting with an effective routing protocol. The multi-hop wireless nature of WMN

demands a different approach to routing from conventional wireless access networks. It

has much more in common with the ad hoc and sensor network fields. However, the

overall properties of the individual nodes and the overall network are very different in

many ways. Therefore, it is unclear exactly how applicable these approaches are to a

WMN. This paper addresses the issue of routing in a WMN, by considering the specific

characteristics of a WMN. It explores existing solutions, and evaluates their suitability to

the wireless mesh environment. Based on this evaluation, the need for developing new

routing mechanisms, specifically tailored for the unique characteristics of WMNs is

assessed. A number of issues and considerations are identified and presented, in order to

guide future work and the development of a WMN routing protocol. Wireless mesh

networks are a unique combination of wireless technologies, exhibiting characteristics of

each component (ad hoc, cellular and sensor networks). While describing these

characteristics, the commonalities and differences between wireless mesh networks and

39

the aforementioned wireless technologies will be emphasized & Transmission medium.

All communications in wireless environments have the following constraints: limited

available bandwidth, dynamic changes in link capacity (due to interference, noise, etc.),

and asymmetrical links (interference, multipath, etc.). Real world implementations have

revealed the limitations of simulations due to the complexity of such environments, and

have stressed the need for the deployment of test beds in order to assess the validity of

the proposed solutions. The impact of the network conditions becomes more critical in

multi-hop wireless networks such as ad hoc and mesh networks, as difficulties in

bounding transmission delay and packet loss makes supporting QoS-sensitive

applications very challenging. & Network deployment. In cellular networks and

infrastructure-based WLANs, base stations (access points) are deployed in specific

locations. In Mobile Ad hoc Networks (MANETs), the network topology is dynamically

changing as users can be highly mobile although still actively participating in the network

operations through packet forwarding mechanisms. Wireless mesh networks, being a

hybrid technology, blend a fixed wireless backbone with an edge network consisting of

mobile users.

Wireless technology. Whereas base stations in cellular and ad hoc networks are

primarily deployed with Omni-directional antenna technologies, the fixed backbone of

WMNs seems to favor the use of directional antennas for increased throughput. However,

the impact of environmental conditions on the network performance needs to be taken

into consideration, otherwise the communication can significantly deteriorate due to

40

external phenomena such as wind or rain (causing link failure from disorientation of the

antenna). Network infrastructure to support user mobility. As in ad hoc and cellular

networks, users may be mobile. Therefore handoff and location management are

important concerns in wireless mesh networks as well. To address these issues,

distributed and centralized approaches can be considered. Distributed databases can be

deployed in the access points and network gateways to maintain users’ profile and

manage users’ mobility. A centralized approach can also be used, with one entity

responsible for maintaining location information. Techniques can be borrowed from

cellular technologies and applied to wireless mesh networks, but the communication

costs, whereas of little importance in cellular networks (mainly involve fixed part of the

network), have adverse effect in bandwidth-constrained wireless mesh networks.

Maximize the System Throughput in Wireless Mesh Network Using Enhanced

Gateway Selection Method

Studying the challenging problem of optimizing gateway placement for

throughput in Wireless Mesh Networks. Wireless Mesh Networks can be easily deployed

without wire lines. A wireless mesh network consists of wireless mesh routers and a base

station directly connected to external networks. At the centre of the wireless mesh

network the base station is located and it chooses a certain number of wireless mesh

routers as gateways. Finding the candidate gateways that maximize the system

throughput without solving a complex optimization problem which includes a large

number of parameters and involves heavy computation load easily and quickly. The

41

gateway performance is evaluated by numerical analysis, and also demonstrated through

computer simulations. It can also be determined the appropriate candidate gateway with

high accuracy when there is a certain variance in the amount of traffic generated by users

at each wireless mesh router and also find the minimum number of gateways to maximize

the throughput of WMN.

Increasing throughput in backbone communication by adding new gateways is

effectively reducing the average number of hops each packet needs to access gateways

and by existing gateways it reduces the traffic load. The benefits can be diminishing due

to inappropriate gateway placement; the new gateways will also result in more

interference to existing gateways. Therefore the gateway placement algorithm is not only

relieving traffic load in the network but also introduced minimal interference. A novel

method is proposed to choose the gateway for deploying a WMN for disaster recovery; it

is used to achieve the maximum system throughput. The base station can select a number

of wireless mesh routers as gateways, and establish a connection with each of them.

Particularly, due to the base station supports one channel, Assume that mesh routers

connect to each other by the single channel. Moreover, note that we consider only one

gate-way in a certain area. Here, we design a network topology to analyze the system

throughput. We randomly deploy the wireless mesh router nodes within a certain area,

and they contact with adjacent nodes when the distance between two of them is less than

the transmission range. The Minimum Spanning Tree (MST) algorithm to delete the

redundant paths and maintain the unique routing path for our network topology.

42

The security issues of the original 802.11 standard addresses 802.1X. The issues

still exist with regard to weaknesses in the WEP encryption and data integrity methods.

The solution to these problems is the standard, a new standard that specifies

improvements to wireless LAN networking security. The wireless vendors agreed on an

interoperable interim standard known as Wi-Fi Protected Access™ (novel gateway

system™). The goals of novel gateway system were the following: To require secure

Wireless Mesh Networking a Novel gateway system requires secure Wireless Mesh

Networking authentication, encryption, unicast and global encryption key management

by requiring 802.1X. To address the issues with WEP through a software upgrade. The

stream cipher within WEP is vulnerable to known the plaintext attacks. In addition, the

data integrity provided with WEP is relatively weak. A novel gateway system with WEP

solves most of the remaining security issues, yet only requires firmware updates in

wireless equipment and an update for wireless clients. To be forward-compatible with the

standard A subset of the security features in the standard is a novel gateway system. To

be available before 802.11i standard ratification. The wireless equipment and wireless

clients are upgrade using novel gateway system.

Securing AODV Routing Protocol in Mobile Ad-hoc Networks

In this paper, we have proposed a security schema for Ad-hoc On-Demand

Distance Vector (AODV) routing protocol. In this schema, each node in a network has a

list of its neighbor nodes including a shared secret key which is obtained by executing a

key agreement when joining a network. One key principle in our schema is that before

43

executing route discovery steps in AODV protocol, each node executes message

authentication process with the sender to guarantee the integrity and non-repudiation of

routing messages and therefore, could prevent attacks from malicious nodes. Comparing

with other recently proposed security routing protocols, our security schema needs less

computation power in routing transactions and does not need any centralized element in

mobile ad-hoc networks. In this paper, we examine and discuss recent secure routing

protocols in order to identify the flaws of current security approaches. Based on the

analysis, a security schema for AODV routing protocol has been proposed to eliminate

the security flaws in the protocol and compensate identified security weaknesses in recent

secure routing approaches. In this section, however, we briefly describe only two

schemas: ARAN and SAODV since they are closely related to our approach. In the

authors categorized three kinds of threats which are modification, impersonation and

fabrication in AODV and DSR. On the basic of this analysis, the authors proposed a

protocol called ARAN (Authenticated Routing for Ad hoc Networks) using cryptographic

certificates to bring authentication, message-integrity and non-repudiation to the route

discovery process based on the assumption of existing of a trusted certificate server. It is

not appropriate with ad hoc networks because it forms a centralized element. Moreover,

in this protocol, because the source node cannot authenticate intermediate nodes in the

routing path, intermediate malicious nodes can use error message attacks to networks. In

the authors extend the AODV routing protocol to guarantee security based on the

approach of key management scheme in which each node must have certificated public

keys of all nodes in the network. This work uses two mechanisms to secure the AODV

44

messages: digital signature to authenticate the fixed fields of the messages and hash

chains to secure the hop count field. This protocol uses public key distribution approach

in the ad hoc network; therefore, it is difficult to deploy and computationally heavy since

it requires both asymmetric cryptography and hash chains in exchanging messages. The

protocol also did not consider the, authentication of intermediate nodes; hence it could

not prevent the attack of falsifying error messages in ad hoc networks. The principle of

our schema is that messages in AODV must be authenticated to guarantee the integrity

and non-repudiation so that the protocol can be pre- vented against several kinds of

attacks. Each node in a network has its own a pair of public key e and private key d

following RSA Public-key Crypto-system by self-generation, and each node contains a

list of neighbor nodes with records containing the information of a neighbor node

including neighbor address, neighbor public key, and a shared secret key. This

information is formed after the key agreement between two neighbor nodes to negotiate a

pair of keys and a shared secret key.

Throughput Maximization in Wireless Mesh Networks and its Applications

Wireless mesh networks (WMNs) consist of mesh routers and mesh clients, where

mesh routers have minimal mobility and form the backbone of WMNs. They provide

network access for both mesh and conventional clients. This paper considers the

interaction between channel assignment and distributed scheduling in multi-channel,

multi radio Wireless Mesh Networks (WMNs). Recently, a number of distributed

scheduling algorithms for wireless networks have emerged. Due to their distributed

45

operation, these algorithms can achieve only a fraction of the maximum possible

throughput. As an alternative to increasing the throughput fraction by designing new

algorithms, we present a novel approach that takes advantage of the inherent multi-radio

capability of WMNs. We show that this capability can enable partitioning of the network

into sub networks in which simple distributed scheduling algorithms can achieve 100%

throughput. The partitioning is based on the notion of Local Pooling. Using this notion,

we characterize topologies in which 100% throughput can be achieved distributedly with

algorithms, which characterized in Dijkstra and KBR (Key based routing) and also in this

paper, we will discuss the applications of WMNs. Emerson process management comes

under the industrial automation applications of WMNs using Wireless Hart and

Emerson’s smart wireless extreme applications. It is a secure and TDMA-based wireless

mesh networking technology operating in the 2.4 GHz ISM radio band. Wireless HART

is a newly developed industrial standard network by the Hart Communication Foundation

(HCF), which is being currently replacing the existing HART network in the industries.

The HART communication protocol is an open standard, master-slave token passing

network protocol, where devices are connected over 4-20 mA analog loop. Process

monitoring improving the overall efficiency of our plant, we can reduce costs and

improve throughput.

This paper considers the interaction between channel assignment and

distributed scheduling in multi-channel multiradio Wireless Mesh Networks

(WMNs). The topologies are used in order to develop a number of centralized

46

channel assignment algorithms that are based on a matroid intersection algorithm.

These algorithms pre-partition a network in a manner that not only expands the capacity

regions of the sub networks but also allows distributed algorithms to achieve these

capacity regions and evaluate the performance of the algorithms via simulation and

show that they significantly increase the distributedly achievable capacity region.

We note that while the identified topologies are of general interference graphs, the

partitioning algorithms are designed for networks with primary interference

constraints. KBR is a lookup method used in conjunction with distributed hash

tables (DHTs). While DHTs provide a method to find a host responsible for a certain

piece of data, KBR provides a method to find the closest host for that data,

according to some defined metric. This may not necessarily be defined as physical

distance, but rather the number of network hops. KBR improves the efficiency of

decentralized information retrieval in peer-to-peer networks. Our knowledge-based

route finding can be described as using knowledge about the road network to

isolate the search and or to guide the problem solving. Two key types of knowledge

used in the proposed approach are the knowledge of road types (e.g., minor roads,

major roads, and expressways) and the knowledge that major roads and expressways

naturally partition the whole network into many small areas or sub-networks. These

two types of knowledge and some others are used to partition and to reorganize

the whole network. An efficient search algorithm is employed to search for the best

solution in the appropriate sub-networks rather than the whole network. Within this

framework, we present three specific methods. Each of these methods has its advantages

47

and disadvantages over the others, and is suitable for a different situation. Routing

Consistency of Key-based routing (KBR) is large key space and Routing to a destination

close to a given key routings always reach the owner of the key.

Secure High-Throughput Multicast Routing in Wireless Mesh Networks

Recent work in multicast routing for wireless mesh networks has focused on

metrics that estimate link quality to maximize throughput. Nodes must collaborate in

order to compute the path metric and forward data. The assumption that all nodes are

honest and behave correctly during metric computation, propagation, and aggregation, as

well as during data forwarding, leads to unexpected consequences in adversarial networks

where compromised nodes act maliciously. In this work we identify novel attacks against

high-throughput multicast protocols in wireless mesh networks. The attacks exploit the

local estimation and global aggregation of the metric to allow attackers to attract a large

amount of traffic. We show that these attacks are very effective against multicast

protocols based on high-throughput metrics. We conclude that aggressive path selection

is a double-edged sword: While it maximizes throughput, it also increases attack

effectiveness in the absence of defense mechanisms. Our approach to defend against the

identified attacks combines measurement-based detection and accusation-based reaction

techniques. The solution also accommodates transient network variations and is resilient

against attempts to exploit the defense mechanism itself. A detailed security analysis of

our defense scheme establishes bounds on the impact of attacks. We demonstrate both the

attacks and our defense using ODMRP, a representative multicast protocol for wireless

48

mesh networks, and SPP, an adaptation of the well- known ETX unicast metric to the

multicast setting.

In this work, we study the security implications of using high-throughput metrics.

We focus on multicast in a wireless mesh network environment because it is a

representative environment in which high-throughput metrics will be beneficial. Although

the attacks we identify can also be conducted in unicast, the multicast setting makes them

more effective and, at the same time, more difficult to defend against. We focus on mesh-

based multicast protocols as they have the potential to be more resilient to attacks. We

use ODMRP as a representative protocol for wireless mesh networks and SPP, a metric

based on the well-known ETX unicast metric, as a high-throughput multicast metric. We

selected SPP since it was shown to outperform all the other multicast metrics for

ODMRP. To the best of our knowledge, this is the first paper to examine vulnerabilities

of high-throughput metrics in general, and in multicast protocols for wireless mesh

networks in particular. We identify attacks against multicast protocols that exploit the use

of high-throughput metrics. The attacks consist of local metric manipulation (LMM) and

global metric manipulation (GMM), and allow an attacker to attract significant traffic.

We show that aggressive path selection is a double-edged sword: It leads to throughput

maximization, but in the absence of protection mechanisms it also increases attack

effectiveness. For example, in our simulations, the GMM attack requires only about a

quarter of the number of attackers needed by a simple data dropping attack to create the

49

same disruption in the multicast service. Since a small number of attackers can severely

impede the protocol, an effective solution must identify and isolate all malicious nodes.

We identify a dangerous effect of the attacks, referred to as metric poisoning,

which causes many honest nodes to have incorrect metrics. Consequently, any response

mechanism cannot rely on poisoned metrics for local recovery and must either use a

fallback procedure not relying on the metric or refresh the metric before starting

recovery. We propose a defense scheme that combines measurement-based detection and

accusation-based reaction techniques. To accommodate transient network variations, we

use temporary accusations that have duration proportional to the disruption created by the

accused node. To prevent attackers from exploiting the defense mechanism itself, we

limit the number of accusations that can be generated by a node. We perform a detailed

security analysis of our defense scheme and establish bounds on the impact of attacks.

Extensive simulations with ODMRP and the SPP metric confirm our analysis and show

that our strategy is very effective in defending against the attacks, while adding a low

overhead. We consider a multi-hop wireless network where nodes participate in the data

forwarding process for other nodes. We assume a mesh-based multicast routing protocol,

which maintains a mesh connecting multicast sources and receivers. Path selection is

performed based on a metric designed to maximize throughput.

50

2.12 Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet

the challenges in next-generation networks such as providing flexible, adaptive, and

reconfigurable architecture while offering cost-effective solutions to the service

providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to

the wired network, in WMNs only a subset of the APs are required to be connected to

the wired network. The APs that are connected to the wired network are called the

Internet gateways (IGWs), while the APs that do not have wired connections are called

the mesh routers (MRs). The MRs is connected to the IGWs using multi-hop

communication. The IGWs provide access to conventional clients and interconnect ad

hoc, sensor, cellular, and other networks to the Internet.

Several vulnerabilities exist in the protocols foe WMNs. These vulnerabilities can

be exploited by the attackers to degrade the performance of the network. The nodes in a

WMN depend on the cooperation of the other nodes in the network. Consequently, the

MAC layer and the network layer protocols for these networks usually assume that the

participating nodes are honest and well-behaving with no malicious or dishonest

intentions. In practice, however, some nodes in a WMN may behave in a selfish manner

or may be compromised by malicious users. The assumed trust and the lack of

accountability due to the absence of a central administrator make the MAC and the

network layer protocols vulnerable to various types of attacks. In this section, a

51

comprehensive discussion on various types of attacks in different layers of the protocol

stack of a WMN is provided.

The physical layer is responsible for frequency selection, carrier frequency

generation, signal detection, modulation, and data encryption. As with any radio-based

medium, the possibility of jamming attacks in this layer of WMNs is always there.

Jamming is a type of attack which interferes with the radio frequencies that the nodes use

in a WMN for communication. A jamming source may be powerful enough to disrupt

communication in the entire network. Even with less powerful jamming sources, an

adversary can potentially disrupt communication in the entire network by strategically

distributing the jamming sources. An intermittent jamming source may also prove

detrimental as some communications in WMNs may be time-sensitive. More complex

forms of radio jamming attacks have been studied where the attacking devices do not

obey the MAC layer protocols.

On the Throughput Evaluation of Wireless Mesh Network Deployed in Disaster

Areas

After disasters such as earthquakes and tsunamis, the network infrastructures

might be extremely damaged or destroyed while Internet connection becomes much more

necessary. Therefore, deploying networks in disaster areas has received much attention

especially after the great earthquake in Japan on March 11, 2011. Among many kinds of

networks, Wireless Mesh Network (WMN) is considered as one of the most suitable

52

solutions because it cans easily configure a network without any wired infrastructure. In

our national project on disaster recovery network, we attempt to build a WMN

connecting remaining routers (i.e., the routers that remain functional after the disaster) by

using a Movable and Deployable Resource Unit (MDRU) as a base station, which has

processing servers, storage servers, and Internet connectivity. However, in order to have a

good network design, many experiments such as simulations need to be done beforehand.

In this paper, we provide an adequate throughput evaluation of the deployed network

with many configurations, which are close to reality. The results demonstrate that the

network can, at the same time, provide basic Internet access to a significantly large

population of users.

In this paper, we also provide a discussion about network joint design especially in

disaster areas. In particular, problems related to using multi-channel and calculating the

optimal offered load beforehand is discussed. By using the results of this paper, we can

consider many modifications in designing the MDRU to achieve higher performance in

terms of network throughput. Together with the increasing knowledge of disasters, there

have been more researches focusing on information and communication. Among the most

related organizations in Japan, Nippon Telegraph and Telephone (NTT) has made much

effort for limiting the impact of disasters. In a publication in 1990, introduced disaster

prevention measures for telecommunications network systems. Their introduced design

guidelines are based on three fundamental principles: improving network reliability,

preventing isolation, and rapidly restoring services. The three principles are still valuable

53

for current telecommunications networks. Moreover, rapidly restoring services is one of

the most important reasons that WMNs are considered to be used in disaster recovery

networks also introduced spontaneous (emergency/disaster) networking as an application

scenario. Due to the higher demand in communication during disasters, throughput is

considered to be one of the most important factors. It has received increasing attention

recently especially on analyzing its limits proposed a method to calculate the theoretical

maximum throughput of 802.11 networks for various technologies and data rates.

However, this method does not support multi-radio and multi-channel networks. The

research concentrated on analyzing the contention window sizes and qualitative

performance of the IEEE 802.11 standard. By using the theoretical maximum throughput,

we can control procedures of quality of service schemes to determine the upper bounds

on available bandwidth.

2.13 Novel methods for reliable multicast routing in wireless mesh networks

A reliable multicast routing enables a process to multicast a message to a group of

clients in a way that ensures all the host destination group members receive the

same message. Multicast routing on Wireless Mesh Networks brings great challenges in

security due to its high dynamics, link vulnerability, and complete decentralization.

Hence, due to its insufficient security requirements and vulnerability to attacks, a

novel secure multicast routing protocol S-ODMRP, takes full advantage of trusted

computing technology. The novel methods proposed overcomes the above degradation

and decreases the communication cost by broadcasting the local traffic and by providing

54

self healing mechanism to each nodes in the network so that it cures the link failure

caused by the failed routers and reconstructs the multicast key path, in which the path

selection is based on the link basis. And the trusted key is distributed for the secure

multicast routing in the Wireless Mesh Networks. In which the trust value for each

node is based on some set of rules such as the jointly behaviors, energy

behaviors, and the activity model. Hence the NS-2 simulation includes various

parameters such as Packet Delivery Ratio (PDR), Bandwidth overhead, cost per

received packet, number of attackers and achieves the higher security and throughput.

The term “Wireless Mesh Networks” describes wireless networks in which each

node can communicate directly with one or more peer nodes. And the term Mesh

originally used to suggest that all nodes were connected to all other nodes, but

most modern meshes connect only a subset of nodes to each other. Nodes are

comprised of mesh routers and mesh clients. Each node operates not only as a host but

also as a router. WMNs still lack efficient and scalable security solutions, because

their security is more easily compromised due to several factors: their distributed

network architecture, the vulnerability of channels and nodes in the shared wireless

medium, and the dynamic change of network topology. Attacks in different protocol

layers can easily cause the network to fail. Attacks may occur in the routing protocol such

as advertising wrong routing updates. The attacker may sneak into the network,

impersonate a legitimate node, and not follow the required specifications of a routing

protocol. It has the following advantages such as it Offers high speed wireless packet

55

data access across a wide coverage area. Minimizes cost of capital, installation and

commissioning. Utilizes low cost 802.11 technologies highly flexible in terms of

capacity coverage and availability. Wireless access points may be deployed indoor or

outdoor. Security is a vital problem in the design of a WMN. The client should have end-

point-to-end-point security assurance. However, being different from a wired and

traditional wireless network, a WMN could easily comprise various types of attacks.

A Novel Gateway Selection Method to Maximize the System Throughput of

Wireless Mesh Network Deployed in Disaster Areas

Since Wireless Mesh Networks (WMNs) can be easily deployed without wirelines

among wireless mesh routers, they allow us to quickly recover network access services in

disaster areas even if the existing network infrastructures have been enormously

destroyed by terrible earthquake, tsunami, and so on. However, the performance of

wireless mesh networks is largely affected by many factors, e.g., wireless mesh routers’

locations, channel assignment, transmission scheduling, etc. In particular, the method of

selecting gateways which has a connection to external networks significantly impacts on

the network performance when the topology and routing have been fixed in the wireless

mesh network. In this paper, we suppose a wireless mesh network which consists of

wireless mesh routers and a base station directly connected to external networks. The

base station is located at the center of the wireless mesh network chooses a certain

number of wireless mesh routers as gateways, and establishes a connection with each of

56

them. Our goal is to easily and quickly find the candidate gateways that maximize the

system throughput without solving a complex optimization problem which includes a

large number of parameters and involves heavy computation load. The performance of

the proposed scheme is evaluated by numerical analysis, and demonstrated through

computer simulations. The results show that our proposed scheme can determine the

appropriate candidate gateway with high accuracy when there is a certain variance in the

amount of traffic generated by users at each wireless mesh router.

Moreover, to recover communications in a disaster area, we deploy a number of

wireless mesh routers to construct the backbone network and select some of them as the

gateways to directly link the base station to connect to the Internet. However, choosing

different mesh routers as the gateway will bring different network performance.

Throughput is one of the major criteria to evaluate network performance. In a certain

area, how to choose a mesh router as the gateway to provide maximum available system

throughput has been a key issue in recent years. Therefore, in this paper, we would like to

propose a new method to select a mesh router as the gateway in the disaster area to

maintain high system throughput of the deployed network. We propose a novel method to

choose the gateway for deploying a WMN for disaster recovery, in achieving the

maximum system throughput; a realistic application has been deployed in Japan. The

base station can select a number of wireless mesh routers as gateways, and establish a

connection with each of them. Particularly, due to the base station supports one channel,

in this paper, we assume that mesh routers connect to each other by the single channel.

57

Moreover, note that we consider only one gateway in a certain area. If there are multi-

gateways, the problem can be solved by separating the nodes related to one gateway from

nodes associated to other gateways, which is beyond the research scope of this paper.

Here, we design a network topology to analyze the system throughput. We randomly

deploy the wireless mesh router nodes within a certain area, and they contact with

adjacent nodes when the distance between two of them is less than the transmission

range. Note that, in this topology, we do not consider routing attacks when set up the

routing path, interested readers can reference the literatures. We utilize the Minimum

Spanning Tree (MST) algorithm to delete the redundant paths and maintain the unique

routing path for our network topology.

Efficient Throughput for Wireless Mesh Networks by CDMA/OVSF Code

Assignment

Orthogonal Variable Spreading Factor (OVSF) CDMA code has the ability to

support higher and variable data rates with a single code using one transceiver. A number

of CDMA code assignment algorithms have been developed and studied for cellular

wireless networks, however, little is known about the ad hoc wireless networks, e.g.,

mesh networks. In this paper, we propose several distributed CDMA/OVSF code

assignment algorithms for wireless ad hoc networks modeled by unit disk graph

(UDG).We first study how to assign CDMA/OVSF code such that the total throughput

achieved is within a constant factor of the optimum. Then we give a distributed method

such that the minimum rate achieved is within a constant factor of the minimum rate of

58

any valid code assignment. A distributed method that can approximate both the minimum

rate and total throughput is also presented. Finally, we present a post processing method

to further improve these code assignments. All our methods use only O (n) total messages

(each with O (log n) bits) for an ad hoc wireless network of n devices modeled by UDG.

We conduct extensive simulations to study the performance and the message

complexities of our methods for randomly deployed wireless ad hoc networks. The

experiments show that our method performs much better practically than the pessimistic

theoretical lower bounds.

CDMA provides higher capacity, flexibility, scalability, reliability and security

than conventional FDMA and TDMA. In a CDMA system, the communication channels

are defined by the pseudo-random codeword’s, which are carefully designed to cancel

each other out as far as possible. Every bit of data is multiplied by the codeword used by

the wireless communication channel. The number of duplicates, which is equal to the

length of the codeword, is known as the spreading factor. The inverse to the length of the

codeword is known as the rate of the codeword. There is a trade-off on the length of the

codeword. On one hand, longer codeword can increase the number of channels and the

robustness of the communications. On the other hand, since the raw rate seen by the user

is inverse to the codeword length, longer codeword would result in lower data rate of the

communication channels. We propose several efficient distributed CDMA/OVSF code

assignment algorithms for wireless ad hoc networks modeled by unit disk graph. We first

study how to assign CDMA/OVSF code such that the total throughput achieved is within

59

a constant factor of the optimum. Then we give a method such that the minimum rate

achieved is within a constant factor of the minimum rate of any valid code assignment. A

method that can approximate both the minimum rate and total throughput simultaneously

is also presented. Finally, we present a post processing method to further improve the

performance of these code assignments. All our methods use only O (n) total messages

(each with O (log n) bits) for an ad hoc wireless network of n devices modeled by UDG.

We also conduct extensive simulations to study the practical performances of our

methods. Our methods not only have theoretically proven performance bounds but also

perform close to optimum practically. This paper is not intended to solve all critical

issues in CDMA based wireless ad hoc networks. In addition to the code assignment

problem, there are several other important issues that should be addressed so the

CDMA/OVSF code can be used practically for wireless ad hoc networks. The first issue

is about how the communication of code assignment methods is performed before a

CDMA/OVSF code is assigned to nodes (sort of chicken and egg problem here). For this,

we assume that there is already a separated control channel available for communication

when the wireless network is deployed. Another issue is the mobility of wireless nodes.

When wireless nodes move around and in consequence of the movement the interference

graph is changed, we should re-assign the CDMA/OVSF codes to wireless nodes. The

algorithms proposed in this paper mostly use the information local to each node to select

its CDMA/OVSF code. Consequently, when nodes are mobile, we could update the codes

fairly quickly. The moving node will check if movement causes its code to be invalid. If

so, it will run our methods to find the new code and inform its neighbors about this new

60

code. Here, instead of letting the ID be the rank in assigning code, we will use the

updating time as the rank or the moving speed of a node as the rank (slow moving node

will have chance to get higher rate code). To retain a good performance, we may need to

re-assign the codes for all nodes.