Media Independent Virtual Private Wireless Mesh Networks



Wireless Mesh Networking (WMN) takes advantage of the intrinsic infrastructure-free and low-maintenance characteristics. The adoption of WMNs for supporting service-oriented home and office networking applications has attracted explosive attention from both industry and academia in the past a few years. Wireless mesh networking based on IEEE 802.11 is a promising alternative to the traditional wired Digital Subscriber Line (DSL) and Cable Modem services due to its flexibility, reliability, ease of deployment, and cost efficiency. A WMN is mainly composed of a cloud of distributed Mesh Points (MPs) as the backhaul. Each MP could possibly connect to all the other MPs in its transmission range, by which the network topology is formed. A data path with multiple hops could be created by performing MAC-layer forwarding for the launched traffic in each intermediate node. A routing table is maintained at each intermediate node to facilitate the MAC layer hop-by-hop forwarding, where the MAC address of the next hop for each data path traversing through the node is kept.

Different from the wired Internet, the WMN infrastructure in metropolitan areas is expected to be operated by an authorized communication company. The WMN will support multiple enterprises which lease the access to the WMN and request to form VPNs for their registered users. Each VPN, thus, will able support its customers and employees based on the pre-defined service level agreement (SLA). Fig. 1 illustrates a WMN with two leasing enterprises A and B each creating a single VPN in an enterprise building. By assuming that the WMN backhaul is under a unified control plane, each VPN is registered on top of a set of MPs in the WMN backhaul, where the corresponding QoS guarantee and security requirements over the VPN can be defined. The Mobile Users (MUs) (e.g., the employees or the customers) of each VPN can access to the authorized network resources within the VPN created by the enterprise.

Fig. 1. The WMN-based VPN architecture applied in metropolitan areas.

To further elaborate the functionalities and architecture of each network entity in the WMN with a VPN service support, Fig. 2 illustrates a general 4-tier architecture. The first layer is the logic tier, which accommodates numerous VPNs created by all the independent enterprises. Each VPN forms a realm (or a logic domain) defined with a group of MUs along with the corresponding QoS and privacy protection requirements. The second tier includes the mesh clients, which interfaces the logic tier and wireless mesh backhaul at the third tier. In the proposed architecture, two types of mesh clients are defined. The first type is composed of various single-user mobile devices such as laptops and handheld PDAs, etc. The other is for wireless network bridges which interfaces the mesh clients with the wireless mesh backbone.

At the third layer, the mesh points (MPs) form a multi-hop WMN backhaul with multi-radio multi-channel wireless capabilities. From the control and management perspectives, two types of MPs are defined. One is mesh access point (MAP) which provides all the functionalities of an MP, including the access by mesh clients and communication with the Internet gateways at the fourth layer. The other is the light-weight mesh point (LWMP), which primarily serves as a “glass node” for neighbor-link communication. The lowest layer consists of the Internet gateways, which interface the WMN with the public Internet. In the terminology of IEEE 802.16, the Internet gateways are simply the base stations that provide Point-to-Multi-Point (PMP) communication mode to the surounding SSs taking the same air interfaces.  

Under such an architecture, the handoff and roaming operations will be frequently triggered due to the small coverage of each MAP, high user mobility, and a large number of independent WISPs. These facts have revealed two important design issues that are unique to the WMN in metropolitan areas: the desire for a suite of light-weight handoff and roaming mechanisms, along with an efficient and robust mobility management protocol.

Let’s recall how a VPN is constructed in the conventional wired MANs. To achieve virtual private networking, an enterprise or an ISP leases the access to a set of edge node from the Internet carrier by installing the edge nodes of the carrier with a Customer Edge (CE). Each CE serves as a control box which stipulates the corresponding types of services, authority, and authentication methods, along with the custom-defined primitives and functionalities provided by the Internet carrier to the enterprise or the ISP. In VPN-supported WMNs, on the other hand, more complicated design requirements and research issues must be addressed due to some of the unique features brought up in the new networking scenario, such as the stringent requirements on high interoperability among vendor-specific wireless devices, absolute location privacy preservation of each user, and minimized handover delay. Since there could be many MAPs interconnected, it is far from scalable and cost-effective for a leasing enterprise to install all the MAPs of interest with a hardware-based VPN CE. Instead, software-based signaling mechanisms and protocols must be developed in the MAP cloud in order to achieve light-weight reconfiguration and autonomous coordination for the VPN service maintenance. In addition, since numerous independent leasing enterprises could run their business on top of the WMN infrastructure and control plane, handoff operations will certainly result in significant overhead in case there is no efficient localized authentication mechanism. At last, the issues on security protection and privacy preservation in the wireless environment must be addressed, which critically determine the feasibility and applicability of the proposed system.

II            OBJECTIVES

There are many research issues related to WMNs that have been extensively studied in the recent years. Instead of investigating into any physical layer issue such as multi-hop interference avoidance mechanism and channel assignment, the long-term goal of the project will be on the development of a media independent and interoperable software platform for achieving VPN service support, along with a suite of secure localized authentication mechanisms with strict user location privacy preservation characteristics. We will be particularly interested in designing a cost-efficient approach for wireless virtual private networking implementation for home and office networking based on WMNs, and the developed framework and software platform are expected to be general and expandable to any wireless technology. Our short-term objectives under the project, on the other hand, are described as follows:

-        Develop an interoperable and media independent software platform based on IEEE 802.21 standard architect, where VPN services and supports are defined. 
-        Develop a secure localized authentication scheme with strict location privacy preservation. 
-        Develop a seamless and interoperable handover scheme with user mobility prediction.
Through the research efforts, we hope to generate new information and disseminate knowledge by way of interactions and collaborations with the supporting company and publications in archival journals, premier conference proceedings, technical seminars, and invention disclosures and patents. In addition, the proposed research efforts will provide a great learning environment to the participating graduate students and researchers in the aspects of Internet technologies, communication software development, and network architecture design. 


A          Development of an Interoperable Software Platform

It is clear that the commercially available network interface controllers (NICs) adopt vendor-specific software drivers and hardware specifications, in which the integration in terms of handover decision making and Quality-of-Service (QoS) assurance will be very difficult among MUs using NICs of different vendors. Such difficulty comes from the fact that each radio interface works like a black box to the upper layer application software design, where an Internet application developer/programmer has no way to gain knowledge in the underlying MAC/PHY (Media access control layer / Physical layer) parameters and hardware specifications. On the other hand, even with the knowledge of those vendor-specific drivers and NIC hardware specifications, an application software program is still hard to real-time react to the NICs, letting alone the control of the NIC parameters. Even if the software programmer has solved the problem for a specific NIC, the developed application software will be specific to the NIC, and might not be able to migrate to a NIC of a different vendor. Therefore, it becomes a critical task to come up with an efficient and interoperable approach such that the intelligence in the user applications can be developed according to a standard library with a set of well defined Service Access Points (SAPs). The platform will serve as a shim layer working between layer 3 and layer 2, which manipulates the SAPs provided by the underlying MAC drivers of different radio interfaces. With these SAPs, another suite of SAPs will be defined for the upper IP layer by which the application software programs can make use of. The software platform will maintain the SAPs, which not only summarize the underneath layer functionalities, but also provide standardized and uniform primitives to the upper layer software package design.

As a generic approach for achieving mesh networking, seamless handover, and VPN service support, the project is committed to develop an interoperable software platform, which serves as a shim layer working between layer 2 an layer 3. The software platform will enable the integration of heterogeneous MAC protocols while providing standard primitives and functions to the upper applications. Thus, the software platform will be essential and sufficient by customizing the decision making process and design premise, which can effectively facilitate our design for VPN service supported WMNs. To equip the system with interoperability across vendor specific NICs, we will design our software platform through the IEEE 802.21 Media Independent Handover Function (MIHF) standard architect, such that the application layer intelligence and software packages could be platform-independent and developed with much less efforts. The interoperable and media-independent software platform will handle multiple NICs through an integrated development plan upon the operation system kernel of each MP and mobile station.

By exercising the techniques of Linux kernel and open source codes of wireless card drivers such as Mad Wifi, the SAPs can be defined according to the 802.21 MIHF standard architects between IP and the proposed software platform as well as between the proposed software platform and the attached MAC layers, as shown in Fig. 3. With the standardized SAPs, the users can develop their intelligence for handover, security, and throughput enhancement schemes through application layer software.

B          Design of a Localized and Location Privacy Aware Authentication Algorithm

User authentication is an essential and unique issue in the scenario of achieving seamless handover among MAPs of common or different WISPs. A secure, priacy-preserving, and localized user authentication mechanism is required not only for the avoidance of illegitimate accesses of network resources, but also for the enterprise security and user privacy that are intrinsic to the success of home and office WMNs.

Currently, the best practice of ensuring security in wireless networks is by way of the authentication, authorization and accounting (AAA) framework [1], where an AAA server is adopted to perform authentication, authorization, and collect accounting data for each user requesting for the Internet access [2]. Based on the AAA framework, several user authentication schemes for communication networks have been proposed in the past decades. Lamport [3] proposed the first well-known password authentication scheme which uses a password table to achieve user authentication. Hwang and Li [4] presented an ID-based user authentication scheme by taking advantage of smart cards, although the passwords in their scheme were not low-entropy. The state-of-the-art authentication mechanisms in the current 3G communication systems are subject to extensive signaling of authentication requests among the handoff MU, visited network, home network, and the AAA server. This motivates the development of a localized authentication mechanism that can be performed locally at each MAP without any on-line intervention of the AAA server.

To our best knowledge, very few approaches have been reported to achieve localized authentication for handover across wireless LANs (WLANs). The representative schemes can be seen in [5] and [6]. In [5], an authentication protocol based on a public-key certificate structure was proposed to achieve an efficient localized authentication for inter-network roaming across wireless LANs. The efficiency of the scheme comes from the fact that the AAA communication overhead incurred in a handoff process can be reduced. Baek et al [6] proposed a localized AAA protocol to retain the mobility transparency as the network mobility (NEMO) basic support protocol and to reduce the cost of the AAA procedure. In addition to providing mutual authentication, the proposed AAA protocol prevents various threats such as replay attack, man-in-the-middle attack, and key exposure.

Another important issue is user location privacy. The current WLAN technology cannot avoid the leakage of a mobile user's (MU's) location information such that an adversary can easily track the MU's physical location. For example, an adversary can discover when an MU visited a specific MAP and how long the MU stayed. The adversary can also obtain when the MU moved from one MAP to another. Even if a trusted security mechanism is in place, the adversary can still trace the location of the MU over time by tracing the MAC address at the link layer, which is the unique address of the network device that can be used to identify a MU. Intuitively, a MU could frequently change his/her MAC address to avoid being traced (although it is technically difficult to achieve by a general user), however, it could still be vulnerable to attacks with network traffic analysis. The reason is that generally a MU's Internet surfing habits and preferences are deterministic and almost not time-varying. In addition, dynamically changing MAC addresses concerns physical network interface reconfiguration, and is not possible for the majority of MUs. Even if changing MAC addresses is possible, the MU can still be traced during the period when the MU's MAC address stays static. Thus, the threat on location privacy cannot be easily mitigated by using the state-of-the-art available techniques. The task of location privacy preservation is still an open question in spite of its imminent importance.

A number of studies have aimed at the location privacy issues in mobile wireless networks and proposed some countermeasures under different application scenarios [7-12]. However, these studies for location privacy are conducted at either on or above the network layer. When an attacker is present in the link layer domain, attacks can be launched by tracking location of any victim transparent to all the higher layer privacy preservation strategies. The study in [13] overcomes the link-layer privacy issue, where the transmitted link-layer packets are encrypted by a shared session key between the MU and the access point. Due to the nature of broadcast in wireless networks, any party located in the same link layer can receive these encrypted packets. However, without the corresponding session key, no one except the real destination can recover the encrypted packet. Therefore, the location privacy in presence of link-layer tracing can be protected. However, such an approach does not consider the situation that once the current shared session key is compromised, all the previous packets' privacy will be disclosed. As a result, the location privacy information on how long the MU has stayed at the current location will be deprived.

In order to improve the resilience on the compromise of current link-layer location privacy under localized authentication, the project is committed to develop a novel anonymous mutual authentication protocol with provable perfect forward link-layer location privacy. The proposed protocol is characterized by employing a suite of defense-in-depth strategies such that even though an attacker has corrupted the protection of current location information of a MU, he still cannot know how long the MU has stayed at the current location. The proposed location privacy aware localized authentication scheme will be characterized by the following features.

(1)  The security notions that model the perfect forward link-layer location privacy will be created. With the proposed model, the location privacy is defined such that even though a MU's current location is compromised for some period of time, the attacker could be resisted from obtaining how long the MU has stayed in the current location. Thus, the MU's historical location information is taken as an important issue to be protected, and is treated independently from the current physical location information. To the best of our knowledge, this is the first effort in the literature for formalizing user link-layer location privacy.

(2)  With the proposed security model, we will design a novel anonymous mutual authentication protocol between the MUs and the MAP by using location-aware key and time-aware key techniques. The proposed location- and time-aware keys can help the MUs and the MAP authenticate each other and negotiate a shared session key without knowing the real identity of each other.

(3) The proposed location privacy aware localized authentication implementation adopts a two-factor authentication protocol to determine whether or not the handoff MU can be authenticated without any intervention of the AAA server, where an authenticated key exchange can be provided locally between the home and the visited network domain.

(4) With the support of 802.21 signaling mechanisms, user credentials and cryptographic tips for enabling localized authentication could be exchanged through the shim layer with the minimum efforts in revising the IP layer software artifacts. In this case, a WISP can customize and differentiate the security requirements of each class of service with an interoperable and standardized approach.

C         Seamless Handover among MAPs

Based on the proposed software platform and localized authentication algorithm, the project will develop an intelligent handover algorithm for supporting user mobility and frequent handover events. To develop the intelligence in the user mobility prediction, we will manipulate a Markov-chain based parameter training process working at the 802.11 access point to estimate the timing for performing pre-handover for a mobile station (i.e., the setup of a new link to the foreign network domain). The developed network-assisted handover scheme will be able to realize the user preference in the handover strategy, where the user can customize through the application software in its mobile station. Such a design will be norm in the future wireless Internet services in home and office networking, where the proposed software platform will be more than essential for achieving the goal. 

In specific, the following two topics will be investigated:

 (1) Mobility Prediction:  Motivated by the fact that user mobility is mainly dominated by geography, such as streets, hotspots, and buildings/constructions, we plan to investigate a Markov chain based parameter training mechanism at each MAP to gain knowledge of the user mobility pattern in the coverage of the MAP.  Since the obtained parameters through the training process are specific to the geographic arrangement of the MAP coverage, we expect much better accuracy in achieving the desired performance in the handoff process. The performance of the proposed scheme will be independent of which user mobility model is assumed since the MAP derives the user mobility pattern through the historical user mobility record.

(2) Handover Decision Making:  We will first define the capacity of each MAP according to its historical channel conditions and with the attached mobile stations. By jointly considering the macro-mobility prediction and capacity of each MAP, a suite of cost functions and preference metrics for the handover decision making process will be developed. We anticipate that the signaling the computation will be supported in proposed software platform and the network processor IXP425 board, respectively.

Our ultimate target is to bring together all the aspects and come up with a complete system for achieving seamless handover based on the proposed MIHF software platform and localized authentication mechanism with user location privacy preservation. We will conduct extensive analysis for performance modeling in terms of error propagation from the signal detection and the induced error in the measured handoff delay. The analysis will be based on Maximum Likelihood (ML) estimation introduced by Gagliardi and Thomas. The estimation can be performed to derive the p.d.f. of the estimated signal-to-noise ratio for M-ary PSK modulation over an AWGN channel. Therefore, when the handover decision is made according to the sensed signaling to noise ratio, the analysis can return the expected error in terms of handover delay.


The proposed schemes and algorithms will be formulated and modeled through mathematical formulation, and solved and validated through simulation. Taking advantages of the optimization tools (CPLEX and Matlab) and high-end workstations derived using the funds from the Canadian Foundation for Innovation (CFI), we expect to develop large-scale network performance simulators for examining the developed approaches on the localized authentication and handoffs.

For achieving the proposed interoperable software platform, the design procedure is in the following. Firstly, we will develop a prototype by implementing the shim layer of IEEE 802.21 between layer 3 and layer 2, which forms the backbone of proposed software platform. So far, SparkMatrix has completed porting of 802.11 NICs of Mad Wifi on Linux kernel 2.4.21 on stand-lone PCs. As a part of the project efforts, we are going to report the Mad Wifi driver on an IXP425 network processor using Linux kernel 2.6, such that the developed prototype can be more ready for commercialization. To accommodate more versions of 802.11 NIC by different vendors into the software platform, we will contact with Linksys Inc. and Speedstream Inc. to obtain the source code of the NICs under a mutual agreement and authorization. We are also planning to extend the current platform to IEEE 802.16 paradigm in order to extend the current project to a wider scenario. We plan to purchase a WiMAX Mini-PCI Evaluation Kit from Wavesat Inc. provided the success of the prototype development.

  Secondly, we will develop a novel framework of service accesses and data aggregation for implementing the IEEE 802.21 standard, where the events, commands, and information services will be defined and mapped to the proposed software platform. Based on the standard software platform, we will develop the required VPN features such as virtual access point (VAP), user defined primitives/functions, and localized authentication with location privacy preservation. Our ultimate target is to bring together all the technological aspects and come up with a complete system and service provisioning framework for achieving VPN service support in 802.11 based wireless mesh networks.

One of the key mathematical methods that we will be using in our research is optimization. We will optimize the system parameter settings through a cross-layer design, and the corresponding optimization tools such as GAMS, CPLEX, and search heuristics will be utilized to solve problems in parameter selection and tuning. The parameters we are interested include the time length between the instant of setting up a new link and the instant of tearing down the old link during a handover process. The two design issues will be critical in the effort of heterogeneous network integration. This will be exercised particularly when the application layer software programs try to take advantage of the primitives provided by the MIHF shim layer, and when any intelligence is going to be installed in the MIHF layer as build-in reconfiguration mechanisms, which will be functioning when the application software does not specify any input parameter value. Since the formulated problem could be non-linear, we plan to use GAMS to solve and the result will serve as a benchmark for that by any developed heuristic algorithm, such as Tabu search and Lagrange relaxation.

For performance modeling, we will apply some advanced queuing techniques to study access control, call admission control, mobility prediction, and handover over wireless networks. The Markov Modulated Poisson Processes (MMPP) model has been recognized as an accurate and practical tool in traffic pattern prediction. MMPP will be used to model the call arrivals upon a cell, which concerns the blocking probability, handover delay, and packet loss rate for each handover request.

For the user micro-mobility prediction, we will assume that the statistic information on user traffic pattern in a hotspot can be obtained at the MAP, and the MAP will analyze the user moving statistics and obtain the parameters through a Markov chain model. We first define the distance of each point within the hotspot from the AP as the state of the Markov chain. The moving statistics at the MAP is interpreted as the sensed signal strength for a single mobile station. By observing the sequence of sensed signal strengths for a given time window, the transition probability of each pair of states can be obtained, with which the Markov chain is constructed. With the Markov chain, the MAP can estimate when to set up a link to the new network domain for a MS at the boundary of the hotspot.

We will use C/C++ language and combine with MATLAB to build the event-driven simulation environment.  The simulation will be run on the OMNeT++ [14] simulator to validate our mathematical model.


[1] C. De Laat, G. Gross, and L. Gommans, “Generic AAA Architecture,” RFC 2903, March 2000.

[2] B. Aboba, et. al.Extensible Authentication Protocol (EAP)”, RFC 3748, June, 2004.

[3] L. Lamport, “Password Authentication with Insecure Communication,” Communication of ACM, 24 (11), pp. 770 - 772, 1981.

[4] M. S. Hwang, and L. H. Li, “A New Remote User Authentication Scheme Using Smart Cards,” IEEE Transactions on Consumer Electronics, 46 (1), pp. 28 - 30, 2000.

[5] Y. Desmedt and Y. Frankel, “Shared generation of authentication and signatures,” In Advances in Cryptology - CRYPTO’91, Springer-Verlag, Berlin, pp. 457-469, 1991.

[6] Z. Cao, H. Zhu, and R. Lu, “Provably secure robust threshold partial blind signature,” in Science in China Series E, vol.35, no.12, pp.1254-1265, 2005.

[7] F. L. Wong and F. Stajano, “Location privacy in bluetooth”, in Proc. of the 2nd ESAS, LNCS 3813, pp. 176-188, Springer-Verlag, 2005.

[8] J. Girao, B. Lamparter, M. Liebsch, and T. Melia, “A practical approach to provide communication privacy”, in Proc. IEEE ICC 2006, Vol. 5, Istanbul, Turkey, June 2006, pp. 1965-1970.

[9] P. Nikander, J. Arkko, and B. Ohlman, “Host Identity Indirection Infrastructure”, in Proc. of The Second Swedish National Computer Network Workshop 2004 (SNCSW 2004), November 2004.

[10] I. Stoica, D. Adkins, S. Zhuang, S. Shenker, and S. Surana, “Internet indirection infrastructure”, in Proc. ACM SIGCOMM Conference (SIGCOMM 2002), August 2002, pp. 73-88.

[11] M. Gruteser and D. Grunwald, “Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis”, Mobile Networks and Applications, Vol. 10, No. 3, pp. 315-325, 2005.

[12] L. Huang, K. Matsuura, H. Yamane, and K. Sezaki, “Enhancing wireless location privacy using silent period”, in Proc. IEEE WCNC 2005, Vol. 2, New Orleans, LA, USA, March 2005, pp. 1187 - 1192.

[13] F. Armknecht, J. Girao, A. Matos, and R. L. Aguiar, “Who said that? privacy at link layer”, in Proc. IEEE INFOCOM 2007, Anchorage, Alaska, USA, May 2007.

[14] OMNeT++ manuel,