**Figure 11.**

*Wireless Mesh Networks - Security, Architectures and Protocols*

we bridge wireless local area network interface and mesh network interface together instead of putting WLAN behind the firewall in order to make our work easier, because we only check if our scheme works perfectly on data link layer not on network layer. Our test security program has already been installed on every sensor node, and we put them in distance. As our scheme, node 1 receives private key from nodes 2 and 3, combined with its key to reconstruct the original secret which is used to encrypt data. This encrypted data is sent to one of the clients of node 4; after decrypting, we compare the decrypted with the original data to see if our scheme works completely. Another parameter which we have to check is secret after recon-

In this experiment, we set secret—public key of WMN equal exactly to minute value of UTC time zone. Therefore, the time on every sensor node must be set at the

struction. We will list all those parameters in the next section.

**52**

**5.4 Results**

**Figure 10.**

**Figure 9.**

*Encryption of the key with hop count value.*

*How the buffer and delay time field work.*

*System model.*


### **Table 1.**

*Secret reconstruction analysis.*

same value. **Table 1** shows the keys (decrypted keys) collected by node 1 needed for secret reconstruction analysis at the different time. We put a simple function for our experiment secret as follows: Secret = Hour value + Minute value. We executed our program on three nodes in this experiment. This program shows us the value of generated key of each node, the number of bad nodes this security detected, and the time and the secret which was reconstructed at that time. **Figure 12** shows all those results of all three nodes at the time 22:06. Each node has a different private key from the others based on its MAC address. But all of them have the same secret at a certain time.

Secret is reconstructed exactly as the origin with at least three private keys of WMN. Therefore, we can run to the next step—data encryption—and original and decrypted data are the same in both transmitter and receiver if it works correctly, in our case are clients of nodes 1 and 3.

After reconstructing the secret completely, data which are sent from node 1 will be encrypted by this secret. Both encrypted data and decrypted data are shown. This data is captured at one of the non-mesh clients of wireless local area network node 4. We had also checked if the keys are secured when they are transmitted in our model (four nodes with maximum hops equal to 2). Then, we used an external node which worked as a monitor node to capture the raw package to check if the keys are encrypted.

We tested our methods to face types of attacks mainly in general wireless network and in particular wireless mesh network.

Firstly, we test our network model with eavesdropping attacks. We use ESP8266 kits to collect all the data from our network; the entire data was encrypted; we also tried to collect private keys from authenticated nodes in this network to reconstruct


**Figure 12.** *Experimental figure.*

the secret key, but all keys which are transferred in this network had been encrypted with the hop count parameter we had discussed before. To resolve this issue, an attacker needs to decrypt those keys with the pairs of MAC address and hop count parameter, respectively, in this kind of network. Even if attackers can decrypt all keys, they will face with the problem that the keys of our network model are constantly changed over time.

Secondly, we tested our model with many kinds of active attacks, because the nature of the connection on the layer 2 of the original BATMAN protocol has already been pretty tight so almost the active attacks up to this model are neutralized, so the impacts of them are only small impacts on single node and easily detected by our protocol when there are abnormal signs from any nodes in our model.

Next, we tried to use jamming attack to our model. Unfortunately, we have not handled this kind of attack. Therefore, in the near future, we will develop our model to overcome this drawback.

Finally, let see how our model handle the man-in-middle attacks. Because we use real time mainly in our protocol for generating keys, reconstructing the secret, and also detecting abnormal nodes. Therefore, any man-in-middle attacks without being synchronized in real time or do not have the ability to interact with the other authenticated nodes in the specified period that we mentioned in the previous section are defined as abnormal node.

To sum up, attackers only can strike this network model if they know how the protocol works. However, it requires a process to collect, decrypt, synchronize, and analyze accurately complex data from the attacked nodes.

**Table 2** shows a comparison between our algorithm and the others over the security reliability criteria. Our proposed algorithm can prevent many types of attacks which we have discussed before—some of them cannot be prevented by the other algorithms.

The original Shamir's algorithm [5] has the weakest security reliability in this table because it only prevents attacks focusing on eavesdropping data. Similarly, SSKM [7] and HSTMK [8] are capable of defending eavesdropping data attacks, but they use two different methods to keep the key materials confidential. SSKM is an improvement of SSSS [5] by using a discrete logarithm algorithm to exchange the keys in a secure channel, while HSTMK takes advantages of separated sub-phases to anticipate the deletion of master secrets. The more resources are consumed by the network models, the more the number of nodes is increased. Consequently, the scale of the model deployed by this method is limited. Therefore, in order to avoid this problem, our algorithm mainly focuses on extending the scale of the network model with the custom protocol using minimal buffer on each node that we mentioned in sections above.

**55**

**Author details**

**6. Conclusion**

*Security reliability comparison.*

**Table 2.**

Prevent attacks

provided the original work is properly cited.

Vinh Truong Quang\* and Hoa Le Viet

deploy, and it has a better security.

Ho Chi Minh (VNU-HCM), Vietnam

\*Address all correspondence to: tqvinh@hcmut.edu.vn

considerations would be developed in the future work.

*Key Management Techniques for Wireless Mesh Network DOI: http://dx.doi.org/10.5772/intechopen.83399*

> **Proposed algorithm**

attack - DoS attack - Replay attack - Man-in-middle attacks


© 2019 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/ by/3.0), which permits unrestricted use, distribution, and reproduction in any medium,

Ho Chi Minh City University of Technology (HCMUT), Vietnam National University,

There remain some problems that should be addressed for this security protocol. We need to reduce the amount of the calculations for the proposed protocol which is deployed on routers with small flash memory. Besides, the WMN structure needs to be improved in order to make the system model work efficiently. Thus, these

This chapter presented four key management schemes and also security protocol for WMNs. First, Shamir's scheme was a popular method which was used for distributing the keys. The second scheme called SSKM was an improvement of Shamir's scheme by generating different keys in different period as well as using discrete logarithm algorithm to transport the key in a secret way. The third method called HSTMK utilized a key negotiation routine to solve the problem of compromised node. This one also divides initialization phase into four sub-phases to reduce the time requirement and increase the security level. Finally, in our scheme, we establish secured communication sessions between nodes so they can hide their private keys from the other except the requester. That means not only data but also keys were encrypted by combining our scheme with AES encryption. We also use the real-time value to constantly change each node's private key. This has caused great difficulty for anyone who wants to find out private keys of WMN. Comparing with existing security protocols and schemes shows that our scheme is simple to


data

**SSSS [5] SSKM [7] HSTMK [8]**





**Table 2.**

*Wireless Mesh Networks - Security, Architectures and Protocols*

constantly changed over time.

**Figure 12.** *Experimental figure.*

model to overcome this drawback.

tion are defined as abnormal node.

the secret key, but all keys which are transferred in this network had been encrypted with the hop count parameter we had discussed before. To resolve this issue, an attacker needs to decrypt those keys with the pairs of MAC address and hop count parameter, respectively, in this kind of network. Even if attackers can decrypt all keys, they will face with the problem that the keys of our network model are

Secondly, we tested our model with many kinds of active attacks, because the nature of the connection on the layer 2 of the original BATMAN protocol has already been pretty tight so almost the active attacks up to this model are neutralized, so the impacts of them are only small impacts on single node and easily detected by our

Next, we tried to use jamming attack to our model. Unfortunately, we have not handled this kind of attack. Therefore, in the near future, we will develop our

Finally, let see how our model handle the man-in-middle attacks. Because we use real time mainly in our protocol for generating keys, reconstructing the secret, and also detecting abnormal nodes. Therefore, any man-in-middle attacks without being synchronized in real time or do not have the ability to interact with the other authenticated nodes in the specified period that we mentioned in the previous sec-

To sum up, attackers only can strike this network model if they know how the protocol works. However, it requires a process to collect, decrypt, synchronize, and

The original Shamir's algorithm [5] has the weakest security reliability in this table because it only prevents attacks focusing on eavesdropping data. Similarly, SSKM [7] and HSTMK [8] are capable of defending eavesdropping data attacks, but they use two different methods to keep the key materials confidential. SSKM is an improvement of SSSS [5] by using a discrete logarithm algorithm to exchange the keys in a secure channel, while HSTMK takes advantages of separated sub-phases to anticipate the deletion of master secrets. The more resources are consumed by the network models, the more the number of nodes is increased. Consequently, the scale of the model deployed by this method is limited. Therefore, in order to avoid this problem, our algorithm mainly focuses on extending the scale of the network model with the custom protocol using minimal buffer on each node that we mentioned in sections

**Table 2** shows a comparison between our algorithm and the others over the security reliability criteria. Our proposed algorithm can prevent many types of attacks which we have discussed before—some of them cannot be prevented by the other

protocol when there are abnormal signs from any nodes in our model.

analyze accurately complex data from the attacked nodes.

**54**

above.

algorithms.

*Security reliability comparison.*
