HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen...
-
Upload
caleb-madden -
Category
Documents
-
view
216 -
download
1
Transcript of HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen...
HotNets-VI 1
Architecting Citywide Ubiquitous Wi-Fi Access
Nishanth SastryJon Crowcroft, Karen Sollins
HotNets-VI 2
Architecting Citywide Ubiquitous Wi-Fi Access
I: What’s wrong with sharing Wi-Fi?II: Tunneling based Architecture to safely & securely share Wi-Fi
3/14
Nishanth Sastry Hotnets-VI
Guest
Host AP +
Firewall + NAT
Terminology
Guest’s Home
Host
4/14
Nishanth Sastry Hotnets-VI
What’s wrong with sharing Wi-Fi? (1/2)
Malicious guests can ... be bandwidth hogs infect host computers
download illegal content be part of DDoS botnet*
Use bandwidth limiters & firewalls
Hosts have to trust guests to be well-behaved*Where each flow is too small to be
detected
5/14
Nishanth Sastry Hotnets-VI
What’s wrong with sharing Wi-Fi? (1⅜/2)
Then there are the freeloaders... seeking better connectivity than their homes
And kids escaping parental control software @ home
How do we induce hosts to share Wi-Fi?
6/14
Nishanth Sastry Hotnets-VI
What’s wrong with sharing Wi-Fi? (1⅝/2)
Captive portals, commonly used for logins at public hotspots (e.g. cafés & Fon), are essentially dynamic firewalls & are susceptible to users who sniff & spoof an authenticated user’s address
7/14
Nishanth Sastry Hotnets-VI
What’s wrong with sharing Wi-Fi? (2/2)
Hosts can be malicious too. e.g. Pharming
Guest has to trust host router!
8/14
Nishanth Sastry Hotnets-VI
How to safelysafely share Wi-Fi?
Home takes on responsibility for guest’s traffic hides guest traffic from host by
encrypting acts as trusted source for guest DNS/IP
Eliminate latent trust dependencies
9/14
Nishanth Sastry Hotnets-VI
Host
Guest
Host AP +
Firewall + NAT
Tunneling removes dependencies
Guest’s Home
vpn-localvpn-local IP IP
Trusted ServicesVPN serverTunnTunn
elel Guest’s DHCPNAT beyond tunnel
10/14
Nishanth Sastry Hotnets-VI
Guest
Host AP +
Firewall + NAT
Guest’s Home
STUNSTUN
Co-op distributes two registries:
Coop-local IP Member ID
Mapping of members’ ISP assigned IP
Tunnel setup: Co-operative
coop-local IPcoop-local IP
11/14
Nishanth Sastry Hotnets-VI
But, what about performance?
Path length inflation Intra-City Latency
30—60ms [Lakshminarayanan IMC’03]
Guest downlink = home downlink+uplink! Asymmetric broadband limited uplinks
Median uplink bandwith = 212 Kbps [ibid] Sufficient for emergency response [LeMay earlier]
Performance comparable to p2p flows
12/14
Nishanth Sastry Hotnets-VI
Scale and scope of the co-op
depends on: regional laws governing “legal” content
technical factors... end2end latency sizeof(coop-local IP space) AP memory for home & coop-local IP tables
Works for citywide co-ops (broadband members)
13/14
Nishanth Sastry Hotnets-VI
Technical summary
Guest
4. Guest’s 4. Guest’s HomeHome2. STUN2. STUN
1.coop-local 1.coop-local IPIP 3.Tunnel3.Tunnel
5. 5. vpn-localvpn-local IP IP
14/14
Nishanth Sastry Hotnets-VI
Key features enabled by home
Guest
4. Guest’s 4. Guest’s HomeHome2. STUN2. STUN
1.coop-local 1.coop-local IPIP 3.Tunnel3.Tunnel
5. 5. vpn-localvpn-local IP IP
Accountability in IP tracebacks
Simultaneous access through multiple hosts
crucial for access with weak signals
15/14
Nishanth Sastry Hotnets-VI
Two paths to adoption
I: Without ISP support: Will host’s ISP let it share its connection? hinges on what “internet connection” is mandate sharing! unlicensed spectrum is public
good II: With ISP support: offer business model
Think Comcast Voice citywide!
Co-op can benefit from ISP: increase uplink bandwidth for guest access make better tunnels (e.g. MPLS VPNs)
16/14
Nishanth Sastry Hotnets-VI
Mesh networks dense deployment
17/14
Nishanth Sastry Hotnets-VI
Co-op tunnels ≠Mobile IP tunnels
X
Triangular routing not possible
External node typically initiates contact
Need to register “care-of address” precludes highly mobile guests like cars
18/14
Nishanth Sastry Hotnets-VI
Local IP addresses
vpn-local/coop-local IPs are private IPs
vpn-local is local to guest-home pair can be reused by host & other guests
coop-local is local to guest-host pair can be reused on office VPNs of
guest/host
19/14
Nishanth Sastry Hotnets-VI
Dealing with NATs
Restricted Cone or Symmetric NAT Punch holes separately to each member
NATs with deep packet inspection STUN/rendezvous server acts as relay