TUA: A novel compromise-resilient authentication architecture for wireless mesh networks

User authentication is essential in service-oriented communication networks to identify and reject any unauthorized network access. The state-of-the-art practice in securing wireless networks is based on the authentication, authorization and accounting (AAA) framework where one or multiple identical and duplicated AAA servers are adopted to authenticate mobile users (MUs), handle authorization requests, and collect accounting data. However, the conventional AAA framework cannot tolerate a server compromise event due to misuse, misconfiguration, and malicious access, etc., which may cause serious damages and resource abuses to the network operation. In this paper, we propose a novel design paradigm toward a compromise-resilient authentication architecture in service-oriented wireless mesh networks (WMNs) based on the (t, n) threshold signature technique, termed Threshold User Authentication (TUA) scheme. With the TUA scheme, only t or more out of n AAA servers in the WMN can cooperatively grant the network access to a MU, while any t-1 or less cannot. Detailed protocol-aspect design and implementations are presented. Extensive analysis on efficiency and reliability of authentication functionality is conducted to gain a deeper understanding on the parameter settings and optimization, which demonstrates the effectiveness of the TUA scheme. We conclude that the proposed authentication scheme can contribute to the WMN network design in metropolitan areas where numerous mesh points (MPs) coexist and are managed under a single control plane with multiple distributed AAA servers.