ABSTRACT
Before practical deployment and use of a WMN, secure authentication with access control is the critical part to deliver reliable applications for mobile users. The secure authentication should enable two entities to validate the authenticity of each other and generate the shared common session keys which can be used for subsequent cryptographic algorithms (e.g., symmetric key cryptosystems and message authentication codes). These further keys enable two entities (e.g., an MC and an MR, or two MCs) to transmit/receive data packets in an authentic way over open wireless links between any two communication parties. As other wireless networks, the authentication can easily be compromised due to several factors [2] such as distributed network architecture, the vulnerability of channels and network nodes in the shared wireless medium, and the dynamic change of network topology. From the network side, authentication should be able to protect its network infrastructure (e.g., IGWs, MRs) and the services provided by the network. If the network is accessed by illegal users, the service of the innocent users cannot be degraded due to limited network bandwidth. This means that the network should guarantee only the legitimate users to access the network for any services. Furthermore, the service can be interrupted if the adversary launches security attacks on the network. The security attacks, for example, include unauthorized network access, replay attack, spoof attack, denial of service (DoS) attacks, and compromised or forged MR attacks. Furthermore, the authentication should ensure the authenticity of access points (e.g., MRs in a WMN) from the viewpoint of the users. The secure authentication is also critical for Internet
“K11012_C022.tex” — 547[#3]
Service Providers (ISPs; e.g., WMN operators), and they want to ensure that the mobile users are authorized customers and that the payment for the service has or will be received. Therefore, they need to verify the user identity or authorization before granting a network access request. Network operators are traditionally very keen on preventing unauthorized access. For them, unpaid seconds or bits equal lost revenue.
