WLAN : QoS, Z-iteration, and Assertional Security Analysis

WLAN:QoS, Z-iteration, and

Assertional Security Analysis

A.Udaya ShankarComputer Science Dept and UMIACS

University of [email protected]

12/16/02 A.U.Shankar --- LTS 2

Outline

QoS

Z-iteration (performance evaluation)



Outline

QoSCompensating for “physical capture”effect in WLANs

Z-iteration (performance evaluation) Assertional Security Analysis


QoS: Throughput fairness

Throughput fairness in 802.11 depends on MAC access mechanism Physical-layer characteristics

Most studies downplay physical-layer effect and focus on the MAC CSMA/CA/BEB

We discovered that physical-layer capture is the dominant factor in throughput fairness


Physical-layer capture effect

Physical-layer capture efffect: When two frames collide at a receiver, the

receiver can extract the stronger frame

Capture occurs consistently for even a few dBm difference in frame signal strengths

Capture occurs frequently in WLANs (due to multipath and fading).


Ad-hoc Mode Experiments

source 1 source 2 sniffer

Sources broadcasting in ad-hoc mode no beacons, ACKs, and retransmissions MAC-layer effect minimized

Results 8% of frames collided 90% of collisions had capture 8% higher throughput for stronger station


Ad-hoc Mode ExperimentsSignal strengths Throughputs


Infrastructure Mode Experimentswithout RTS/CTS

source 1 source 2 AP sniffer sniffer sink

Results Weaker station retransmitted 5% of frames Stronger station retransmitted 0.5% of

frames Stronger station had 7% higher throughput


Infrastructure Mode Experimentswithout RTS/CTS

Signal strengths Throughputs

12/16/02 A.U.Shankar --- LTS 10

Infrastructure Mode Experimentswith RTS/CTS

source 1 source 2 AP sniffer sniffer sink

Results Each station retransmitted under 0.1% data

frames Weaker station retransmitted 5% of RTS frames Stronger station retransmitted 0.1% of RTS

frames Stronger station had 12% higher throughput

12/16/02 A.U.Shankar --- LTS 11

QoS: Compensating for Capture

Congestion control based on signal strength

Explicit control Source controls its send rate based on its

signal strength at AP

Implicit control AP delays packets of stronger sources,

thereby inciting transport layer congestion control to throttle down

12/16/02 A.U.Shankar --- LTS 12

QoS: Conclusions

Physical-layer capture is a major cause of MAC throughput unfairness.

Resulting unfairness as high as 12% in favor of station with stronger signal.

Any QoS scheme must account for differing signal strengths of sources.

Investigating explicit and implicit schemes. Invention disclosure.

12/16/02 A.U.Shankar --- LTS 13

Outline

QoS

Z-iterationFast evaluation of instantaneous peformance metrics of wireless/wireline networks


12/16/02 A.U.Shankar --- LTS 14

Z-iteration: Introduction

Fast evaluation of heterogenous TCP/IP networks Current evaluation methods are not adequate

analytical methods are inaccurate and coarse packet-level simulators are slow (e.g. ns,

opnet) Do not capture real-world features

802.11 rate-switching Platform dependencies (timers, scheduling)

Goal: Evaluation method that is as accurate as packet-level simulation but much faster

Approach: Based on fast approximate solutions of time-dependent queuing models

12/16/02 A.U.Shankar --- LTS 15

Z-iteration Approach

TCP/IP networks modeled by a queuing network Traffic modeled by time-dependent stochastic process Time-dependency: natural modeling of adaptive control

(congestion, routing, admission, link scheduling, ...) Queuing differential equations solved rapidly using

Z-iteration approximations Obtain time evolution of instantaneous ensemble

metrics at each link for each connection average_queue_size(t), blocking(t), utilization(t), …

Validation against ns simulation

12/16/02 A.U.Shankar --- LTS 16

Start from the flow equationflow equation

If we can express B(t) and U(t) in terms of N(t), we would have a single differential equation per queue

For a network of queuesnetwork of queues, each queue i has

So a network of nn queues is modeled by nn differential equations

M(t)/M(t)/* Queuing Networks(t)(t)

(t)U(t)B(t)](t)[1dt

dN(t) μλ

n

1jjji

*i t time at i)(j yProbabilit Routing (t)(t)U(t)(t) μλλ

12/16/02 A.U.Shankar --- LTS 17

M(t)/M(t)/* Queuing Networks

12/16/02 A.U.Shankar --- LTS 18

M(t)/M(t)/* Queuing Networks

12/16/02 A.U.Shankar --- LTS 19

TCP/IP Networks

Model link by variation of M(t)/M(t)/1/K equations

Model TCP sources by profiles. ProfileProfile of a TCP source:

function that describesinst. throughput throughput versusinst. loss rate loss rate andinst. roundtrip timeroundtrip time.

12/16/02 A.U.Shankar --- LTS 20

Drop-Tail Example 2: 30 nodes, mid-load

N20

N19

N21

B1

N24

N23

B5

B6

N22

N6

N4

N3

N5

N2

N1

N16

N15

N13

N12

N11

N17N14

B3

N10

N9

N18

B4

B2

N8

N7

0.00

3.36

6.72

10.09

13.45

16.81

20.17

23.53

26.90

30.26

33.62

0.00 9.96 19.91 29.86 39.82 49.78 59.73 69.69 79.64 89.59 99.55

B1 -> N24Sim of B1 -> N24

0.00

4.16

8.32

12.48

16.64

20.80

24.96

29.12

33.28

37.44

41.60

0.00 9.95 19.90 29.85 39.80 49.75 59.70 69.65 79.60 89.55 99.50

Sim of N14 -> B4N14 -> B4

0.61

8.55

16.50

24.44

32.39

40.33

48.27

56.22

64.16

72.11

80.05

0.00 9.96 19.91 29.86 39.82 49.78 59.73 69.69 79.64 89.59 99.55

N6 -> B2Sim of N6 -> B2

12/16/02 A.U.Shankar --- LTS 21

Drop-Tail Example 3&4: 100 nodes - topology

Lan1 - 1

Lan1 - 2

Lan1 - 5

Lan2 - 1 Lan2 - 2

Lan3 - 1

Lan3 - 2

Lan1 - 3

Lan1 - 4

Lan1 - 6

Lan2 - 3 Lan2 - 4

Lan2 - 5

Lan3 - 3

Lan3 - 4

Lan4 - 1

Lan4 - 2

Lan4 - 3

Lan2 - 6Lan2 - 7

Lan12-4

Lan3 - 6

Lan3 - 5

Lan11 - 6

Lan4 - 4 Lan4 - 5

Lan4 - 6

Lan12-7

Lan12-2

Lan3 - 7

Lan11 - 1

Lan11 - 5

Lan4 - 7

Lan5 - 1

Lan4 - 8

Lan5 - 2

Lan4 - 9

Lan5 - 3

Bone1Bone3

Bone8

Bone4

Bone11

Lan12-3

Lan12-8

Lan12-1

Lan12-6

Lan11 - 2

Lan11 - 3

Lan10 - 4

Lan11 - 4

Lan5 - 4

Lan6 - 1

Lan5 - 5

Lan6 - 2

Lan5 - 6

Lan7 - 1

Lan5 - 7

Bone5

Lan7 - 2

Lan7 - 3

Bone9

Lan7 - 10

Lan8 - 1

Bone10

Lan8 - 2

Lan12-5

Lan9 - 1

Lan10 - 1 Lan10 - 3

Lan10 - 2Lan10 - 5

Lan10 - 6

Lan6 - 3

Lan6 - 4 Lan7 - 4

Lan7 - 8

Lan7 - 11

Lan8 - 3

Lan9 - 2

Lan9 - 4

Lan9 - 5

Lan9 - 7

Lan9 - 11

Lan6 - 5

Lan6 - 6

Lan7 - 7

Lan7 - 9 Lan8 - 4 Lan8 - 5

Lan9 - 3

Lan9 - 6

Lan9 - 8

Lan9 - 10

Lan7 - 5

Lan7 - 6

12/16/02 A.U.Shankar --- LTS 22

Drop-Tail Example 3: 100 nodes, mid-loadEvaluation time: Z-iterationZ-iteration: 16 sec, nsns: 71 - 930 sec

0.66

6.37

12.08

17.79

23.50

29.21

34.91

40.62

46.33

52.04

57.75

0.00 9.96 19.92 29.89 39.85 49.81 59.77 69.73 79.70 89.66 99.62

Sim of Lan1 - 5 -> Lan1 - 2Lan1 - 5 -> Lan1 - 2

0.00

5.39

10.77

16.16

21.55

26.94

32.32

37.71

43.10

48.48

53.87

0.00 9.96 19.92 29.89 39.85 49.81 59.77 69.73 79.70 89.66 99.62

Sim of Lan3 - 7 -> Lan3 - 4Lan3 - 7 -> Lan3 - 4

0.62

11.23

21.84

32.46

43.07

53.68

64.29

74.90

85.52

96.13

106.74

0.00 9.96 19.92 29.89 39.85 49.81 59.77 69.73 79.70 89.66 99.62

Lan9 - 3 -> Lan9 - 2Sim of Lan9 - 3 -> Lan9 - 2

0.14

17.60

35.07

52.53

69.99

87.46

104.92

122.38

139.84

157.31

174.77

0.00 9.96 19.92 29.89 39.85 49.81 59.77 69.73 79.70 89.66 99.62

Sim of Bone5 -> Bone1Bone5 -> Bone1

12/16/02 A.U.Shankar --- LTS 23

Drop-Tail Example 4: 100 nodes, high-load

0.14

31.18

62.23

93.27

124.31

155.36

186.40

217.44

248.48

279.53

310.57

0.00 9.98 19.96 29.95 39.93 49.91 59.89 69.87 79.86 89.84 99.82

Lan12-5 -> Lan12-8Sim of Lan12-5 -> Lan12-8

0.18

19.68

39.19

58.69

78.19

97.70

117.20

136.70

156.20

175.71

195.21

0.00 9.98 19.96 29.95 39.93 49.91 59.89 69.87 79.86 89.84 99.82

Lan9 - 3 -> Lan9 - 2Sim of Lan9 - 3 -> Lan9 - 2

0.00

21.54

43.08

64.61

86.15

107.69

129.23

150.77

172.30

193.84

215.38

0.00 9.98 19.96 29.95 39.93 49.91 59.89 69.87 79.86 89.84 99.82

Sim of Bone5 -> Bone1Bone5 -> Bone1

0.00

21.54

43.09

64.63

86.18

107.72

129.26

150.81

172.35

193.90

215.44

0.00 9.98 19.96 29.95 39.93 49.91 59.89 69.87 79.86 89.84 99.82

Bone8 -> Bone11Sim of Bone8 -> Bone11

Evaluation time: Z-iterationZ-iteration: 29 sec, nsns: 146 - 2150 sec

12/16/02 A.U.Shankar --- LTS 24

Summary

Fast accurate time evolution of performance metrics of time-dependent queuing networks Straightforward modeling of adaptive control

mechanisms Short-term real-time prediction of network traffic

Profiles: natural way to model real-life sources

Extensions RED, CBQ, ... WLANs

12/16/02 A.U.Shankar --- LTS 25

Z-iteration for WLAN networks

Model 802.11 sources by profiles

Profile of a 802.11 source:Instantaneous throughput as function of Number of active stations Desired and achieved instantaneous rates of

active stations Signal strengths of active stations at AP

12/16/02 A.U.Shankar --- LTS 26

Profile: Experimental Setup

source 1 .... sniffer AP/sink

source N

Workload UDP sources to preclude any control effects. Sending rate keeps firmware queue full.

12/16/02 A.U.Shankar --- LTS 27

General Observations

Susceptible to severe capture-effect Starvation occurs routinely for more than 8

stations

Rate Switching Algorithm Station switches to lower transmission rate

if there is a packet loss

AP is not bottleneck in processing

12/16/02 A.U.Shankar --- LTS 28

Specific Results

Maximum Instantaneous Throughput for single station is 6.45 Mbps, out of a bit rate of 11 Mbps Due to DIFS + Backoff

Throughput falls rapidly with number of stations at high load Susceptible to capture-effect

12/16/02 A.U.Shankar --- LTS 29

N=2N=3

N=4

Background TrafficInst

anta

neou

s Thr

ough

put

Profile of 802.11b (preliminary)

12/16/02 A.U.Shankar --- LTS 30

Clustering in 802.11 profilesPe

r- st a

ti on

inst

. thr

ough

put (

pkt s

/sec

)

Overall inst. throughput (pkts/sec)

12/16/02 A.U.Shankar --- LTS 31

Outline

QoS

Z-iteration

Assertional Security AnalysisFramework for specification, verification, and testing of concurrent systems

12/16/02 A.U.Shankar --- LTS 32

Concurrent System: Cooks in a Kitchen

12/16/02 A.U.Shankar --- LTS 33

Example concurrent system executions

Single-process concurrent system execution

Two-process concurrent system execution

12/16/02 A.U.Shankar --- LTS 34

SESF (services and systems framework)

Systems and Services specified by programs service defines acceptable sequences of interactions service is executable, not constrained by platform

SESF program explicitly indicates events: atomically-executed statements externally-controlled events progress expected (of platform/service)

Service satisfaction composite program of system and service

Compositionality

12/16/02 A.U.Shankar --- LTS 35

Assertional Analysis and Testing

Analysis Properties expressed by assertions

invariants, leads-to, Assertions proved by proof rules or operational

reasoning Routing, transport, concurrency control

Testing single process: threads and function calls multi-process: distributed processes and RMI Transport layer

12/16/02 A.U.Shankar --- LTS 36

Assertions of Security

confined(key, vset) predicate: true iff value key is confined to

variable set vset vset models principals, systems, ... handles authentication, confidentiality, ...

Proof rules Hoare-triple: {predicate} statement {predicate} {confined(k, v)} x := k {confined(k, v U {x})} {confined(k, v)} one-way-func(k) {confined(k,

v)}

12/16/02 A.U.Shankar --- LTS 37

Future Work

QoS Control mech compensating for signal-

strength

Z-iteration (performance evaluation) 802.11b profiles Evaluation of QoS mechanisms

Assertional Security Analysis Assertions and proof system for security 802.11 authentication, key distribution, ...

WLAN : QoS, Z-iteration, and Assertional Security Analysis

Documents

Transcript of WLAN : QoS, Z-iteration, and Assertional Security Analysis