Research is communication

Download Report

Transcript Research is communication 

Architecting Citywide Ubiquitous Wi-Fi Access
Nishanth Sastry
Jon Crowcroft, Karen Sollins
HotNets-VI
1
Architecting Citywide Ubiquitous Wi-Fi Access
I: What’s wrong with sharing Wi-Fi?
II: Tunneling based Architecture to
safely & securely share Wi-Fi
HotNets-VI
2
3/14
Terminology
Host AP +
Firewall +
NAT
Host
Guest’s Home
Guest
Nishanth Sastry
Hotnets-VI
4/14
What’s wrong with sharing Wi-Fi? (1/2)
Malicious guests can ...
 be bandwidth hogs
 infect host computers


Use bandwidth
limiters &
firewalls
download illegal content
be part of DDoS botnet*
*Where each flow is too small to be detected
Nishanth Sastry
Hosts have to
trust guests to
be well-behaved
Hotnets-VI
5/14
What’s wrong with sharing Wi-Fi? (1⅜/2)
Then there are the freeloaders...
seeking better connectivity than their homes
And kids escaping parental control software
@ home
How do we induce hosts to share Wi-Fi?
Nishanth Sastry
Hotnets-VI
6/14
What’s wrong with sharing Wi-Fi? (1⅝/2)
Captive portals, commonly used
for logins at public hotspots
(e.g. cafés & Fon), are
essentially dynamic firewalls
& are susceptible to users
who sniff & spoof an
authenticated user’s address
Nishanth Sastry
Hotnets-VI
7/14
What’s wrong with sharing Wi-Fi? (2/2)
Hosts can be malicious too. e.g. Pharming
Guest has to trust
host router!
Nishanth Sastry
Hotnets-VI
8/14
How to safely share Wi-Fi?
Eliminate latent trust dependencies
Home
 takes on responsibility for guest’s traffic
 hides guest traffic from host by encrypting
 acts as trusted source for guest DNS/IP
Nishanth Sastry
Hotnets-VI
9/14
Tunneling removes dependencies
Guest
Host AP +
Firewall +
NAT
Trusted Services
Tunnel
VPN server
vpn-local IPGuest’s DHCP
NAT beyond tunnel
Host
Guest’s Home
Nishanth Sastry
Hotnets-VI
10/14
Tunnel setup: Co-operative
Host AP +
Firewall +
NAT
Guest
coop-local IP
Co-op distributes two registries:
Coop-local IP  Member ID
Mapping of members’ ISP assigned IP
Guest’s Home
STUN
Nishanth Sastry
Hotnets-VI
11/14
But, what about performance?


Path length inflation
Intra-City Latency

30—60ms [Lakshminarayanan IMC’03]
Guest downlink = home downlink+uplink!
 Asymmetric broadband  limited uplinks

Median uplink bandwith = 212 Kbps [ibid]


Sufficient for emergency response [LeMay earlier]
Performance comparable to p2p flows
Nishanth Sastry
Hotnets-VI
12/14
Scale and scope of the co-op
depends on:
 regional laws governing “legal” content
technical factors...
 end2end latency
 sizeof(coop-local IP space)
 AP memory for home & coop-local IP tables
Works for citywide co-ops (broadband members)
Nishanth Sastry
Hotnets-VI
13/14
Technical summary
5. vpn-local IP
Guest
1.coop-local IP
3.Tunnel
4. Guest’s Home
2. STUN
Nishanth Sastry
Hotnets-VI
14/14
Key features enabled by home

Accountability in IP tracebacks

Simultaneous access through multiple hosts
 crucial for access with weak signals
5. vpn-local IP
Guest
1.coop-local IP
3.Tunnel
4. Guest’s Home
2. STUN
Nishanth Sastry
Hotnets-VI
15/14
Two paths to adoption

I: Without ISP support: Will host’s ISP let it
share its connection?



hinges on what “internet connection” is
mandate sharing! unlicensed spectrum is public good
II: With ISP support: offer business model

Think Comcast Voice citywide!
Co-op can benefit from ISP:


increase uplink bandwidth for guest access
make better tunnels (e.g. MPLS VPNs)
Nishanth Sastry
Hotnets-VI
16/14
Mesh networks  dense deployment
Nishanth Sastry
Hotnets-VI
17/14
Co-op tunnels ≠Mobile IP tunnels
X

Triangular routing not possible

External node typically initiates contact

Need to register “care-of address” precludes
highly mobile guests like cars
Nishanth Sastry
Hotnets-VI
18/14
Local IP addresses


vpn-local/coop-local IPs are private IPs
vpn-local is local to guest-home pair


can be reused by host & other guests
coop-local is local to guest-host pair

can be reused on office VPNs of guest/host
Nishanth Sastry
Hotnets-VI
19/14
Dealing with NATs

Restricted Cone or Symmetric NAT


Punch holes separately to each member
NATs with deep packet inspection

STUN/rendezvous server acts as relay
Nishanth Sastry
Hotnets-VI