A Novel Process to Avoid Redundant Encryption and Decryption in Wi-Fi Mesh Network

Abstract

Mesh topology is becoming popular in Wireless Local Area Network (WLAN) with Wi-FiTM. IEEE 802.11s is a well-known standard of Wi-Fi mesh networking. As we know, Mesh Access Points (APs) will be connected to each other in a Mesh topology and one of the Mesh APs will act as a Root Aps which will be connected to the Internet. IEEE 802.11 legacy client devices such as Mobile Phone, TV, and Laptop will be connected to any one of these Mesh Aps. Since legacy client devices could transfer or receive sensitive user data, security becomes an important area to address in the Wi-Fi mesh network. As per 802.11s standard, each Mesh AP link will be secured by either applying Simultaneous Authentication of Equals (SAE) or 802. 1X based authentication and encryption scheme. On the other hand, legacy client devices have to undergo either 802.1X or Pre-Shared Key (PSK) based security scheme with the Mesh AP. On a further note, when a packet arrives to Mesh AP entry from the legacy client has to be re-encrypted (decrypted and encrypted) by Mesh APs in each mesh hop until it reaches the Root AP to provide a secure communication, which is a redundant. This will add overhead in each mesh hop such as increase in mesh APs processing time and energy consumption. Various studies and proposals are made to further improve the link level security, but not for avoiding this redundant re-encryption in each mesh hops. To the best of our knowledge this paper for the first time proposes a new concept to overcome redundant re-encryption in each mesh hop by sharing the legacy client devices Pairwise Transient Key (PTK) to all the mesh APs in a secured mesh control plane. Our analytical and simulation results with this proposed concept reveals that the total processing time is improved around 20% and significant reduction in energy consumption in comparison to the existing system.