Wireless Mesh Networks (WMNs) are gaining popularity as a flexible and inexpensive replacement for Ethernet-based infrastructure. However, WMN security has not been covered adequately by existing standards and implementations. We propose WMNSec, an adaptation of the IEEE 802.11i security standard, specifically targeted at Wireless Mesh Networks and accounting for limited CPU power, node mobility and interruption-free connectivity. WMNSec has been implemented on top of the MadWifi Linux driver and the hostapd suite. Experimental results from a real WMN show that even in a small eight-node network, WMNSec reduces the authentication time by up to a factor of 3 compared to 802.11i, while allowing mobile stations to move without performing additional authentications. The reduced overhead and the mobility feature confirm the practical usability of WMNSec, finally allowing to deploy WMNs in a secure way. Categories and Subject Descriptors C.2.1 [Computer-Communication Networks]: Network...