Abstract
Wireless Mesh Network (WMN) is a technology, which has gained popularity due to its cost effective design, robustness, and reliable service coverage. Despite the advantages, WMNs are considered vulnerable to security breaches. Thereby, it is important to consider security in the early design phase in WMNs. Identifying security threats helps the system designer in developing rational security requirements. In this paper we propose threat modeling as a systematic approach to pinpoint the security threats for WMNs as basis for developing security requirements. We identify assets, value them and categorize possible attacks that target the assets in a layer-wise manner. We further elucidate our threat model by use of Attack Trees to clearly define vulnerabilities in the system during early design phase. We take the example of Schools’ WMN in a district of Kabul City in Afghanistan as our scenario. We briefly discuss how to assess the risks that are associated with the specified WMN based on the information that is derived from the threat model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akyildiz, I., Wang, X.: Wireless Mesh Networks, vol .1. John Wiley and Sons Inc., UK (2009)
Khan, S., Pathan, A.S.K.: Wireless networks and security: issues, challenges and research trends. In: SCT, pp. 189–272 (2013)
Sen, J.: Security and Privacy Issues in Wireless Mesh Networks: A Survey, Innovation Labs. Tata Consultancy Services Ltd., Kolkata (2013)
Myagmar, S., Lee, A.J., Yurcik, W.: Threat modeling as a basis for security requirements. In: Symposium on Requirements Engineering for Information Security (2005)
Schneier, B.: Attack trees: modeling security threats. Dr. Dobbs J. 24(12), 21–29 (1999)
Moore, A.P., Ellison, R.J., Linger, R.C.: Attack Modeling for Information Security and Survivability. Software Engineering Institute, Pittsburgh (2001)
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)
Siddiqui, M.S., Hong, C.S.: Security issues in wireless mesh networks. In: The Proceedings of the International Conference on Multimedia and Ubiquitous Engineering (MUE’07), Seoul, Korea, pp. 717–722 (2007)
Sen, J.: Security and privacy issues in wireless mesh networks: a survey. In: Khan, S., Pathan, Al-SK. (eds.) Wireless Networks and Security. SCT, vol. 2, pp. 189–272. Springer, Heidelberg (2013)
Allee, V.: Value network analysis and value conversion of tangible and intangible assets. J. Intell. Capital 9(1), 5–24 (2008)
McGraw, G., Allen, J.H., Mead, N., Ellison, R.J., Barnum, S.: Software Security Engineering: A Guide for Project Managers. Addison-Wesley Professional, Boston (2008)
Johansson, J.M., Riley, S.: Protect Your Windows Network From Perimeter to Data. Pearson Education Inc., USA (2005)
Spiewak, D., Engel, T., Fusenig, V.: Towards a threat model for mobile ad-hoc networks. In: Proceedings of the 5th WSEAS International Conference on Information Security and Privacy, Venice, Italy, 20–22 November 2006
Clark, J.A., Murdoch, J., McDermid, J.A., Sen, S., Chivers, H., Worthington, O., Rohatgi, P.: Threat modelling for mobile ad hoc and sensor networks. In: Annual Conference of ITA (2007)
Hasan, R., Myagmar, S., Lee, A.J., Yurcik, W.: Toward a threat model for storage systems. In: Proceedings of the 2005 ACM Workshop on Storage Security and Survivability, pp. 94–102. ACM, New York (2005)
Zalewski, J., Drager, S., McKeever, W., Kornecki, A.J.: Threat modeling for security assessment in cyberphysical systems. In: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop. ACM, New York (2013). Article No. 10
Kordy, B., Mauw, S., Radomirovi, S., Schweitzer, P.: DAG-based attack and defense modeling: dont miss the forest for the attack trees. Comput. Sci. Rev. 13(14), 1–38 (2014)
Kordy, B., Mauw, S., Radomirovi, S., Schweitzer, P.: Attack Defense Trees. Oxford University Press, New York (2012)
Steffan, J., Schumacher, M.: Collaborative attack modeling. In: Proceedings of the 2002 ACM Symposium on Applied Computing, pp. 253–259. ACM, New York (2002)
Arnes, A.: Risk, Privacy, and Security in Computer Networks, Ph.D. thesis (2006)
UcedaVelez, T., Morana, M.M.: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. Wiley, Hoboken (2015)
Singh, V.K.: From multimedia data to situation detection. ACM, Scottsdale (2011)
James, L.: Crowley, patrick reignier and remi barranquand, situation models: a tool for observing and understanding activity. In: Proceedings of IEEE ICRA, Workshop of People Detecting and Tracking, Kobe, Japan, May 2009
Glass, S., Portmann, M., Muthukkumarasamy, V.: Securing wireless mesh networking. IEEE Internet Comput. 12, 30–36 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Popalyar, F. (2015). Threat Model Based Security for Wireless Mesh Networks. In: Sigg, S., Nurmi, P., Salim, F. (eds) Mobile Computing, Applications, and Services. MobiCASE 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 162. Springer, Cham. https://doi.org/10.1007/978-3-319-29003-4_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-29003-4_20
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29002-7
Online ISBN: 978-3-319-29003-4
eBook Packages: Computer ScienceComputer Science (R0)