HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins

HotNets-VI 1

Architecting Citywide Ubiquitous Wi-Fi Access

Nishanth SastryJon Crowcroft, Karen Sollins

HotNets-VI 2

Architecting Citywide Ubiquitous Wi-Fi Access

I: What’s wrong with sharing Wi-Fi?II: Tunneling based Architecture to safely & securely share Wi-Fi

3/14

Nishanth Sastry Hotnets-VI

Guest

Host AP +

Firewall + NAT

Terminology

Guest’s Home

Host

4/14


What’s wrong with sharing Wi-Fi? (1/2)

Malicious guests can ... be bandwidth hogs infect host computers

download illegal content be part of DDoS botnet*

Use bandwidth limiters & firewalls

Hosts have to trust guests to be well-behaved*Where each flow is too small to be

detected

5/14


What’s wrong with sharing Wi-Fi? (1⅜/2)

Then there are the freeloaders... seeking better connectivity than their homes

And kids escaping parental control software @ home

How do we induce hosts to share Wi-Fi?

6/14


What’s wrong with sharing Wi-Fi? (1⅝/2)

Captive portals, commonly used for logins at public hotspots (e.g. cafés & Fon), are essentially dynamic firewalls & are susceptible to users who sniff & spoof an authenticated user’s address

7/14


What’s wrong with sharing Wi-Fi? (2/2)

Hosts can be malicious too. e.g. Pharming

Guest has to trust host router!

8/14


How to safelysafely share Wi-Fi?

Home takes on responsibility for guest’s traffic hides guest traffic from host by

encrypting acts as trusted source for guest DNS/IP

Eliminate latent trust dependencies

9/14


Host

Guest

Host AP +

Firewall + NAT

Tunneling removes dependencies

Guest’s Home

vpn-localvpn-local IP IP

Trusted ServicesVPN serverTunnTunn

elel Guest’s DHCPNAT beyond tunnel

10/14


Guest

Host AP +

Firewall + NAT

Guest’s Home

STUNSTUN

Co-op distributes two registries:

Coop-local IP Member ID

Mapping of members’ ISP assigned IP

Tunnel setup: Co-operative

coop-local IPcoop-local IP

11/14


But, what about performance?

Path length inflation Intra-City Latency

30—60ms [Lakshminarayanan IMC’03]

Guest downlink = home downlink+uplink! Asymmetric broadband limited uplinks

Median uplink bandwith = 212 Kbps [ibid] Sufficient for emergency response [LeMay earlier]

Performance comparable to p2p flows

12/14


Scale and scope of the co-op

depends on: regional laws governing “legal” content

technical factors... end2end latency sizeof(coop-local IP space) AP memory for home & coop-local IP tables

Works for citywide co-ops (broadband members)

13/14


Technical summary

Guest

4. Guest’s 4. Guest’s HomeHome2. STUN2. STUN

1.coop-local 1.coop-local IPIP 3.Tunnel3.Tunnel

5. 5. vpn-localvpn-local IP IP

14/14


Key features enabled by home

Guest

4. Guest’s 4. Guest’s HomeHome2. STUN2. STUN

1.coop-local 1.coop-local IPIP 3.Tunnel3.Tunnel

5. 5. vpn-localvpn-local IP IP

Accountability in IP tracebacks

Simultaneous access through multiple hosts

crucial for access with weak signals

15/14


Two paths to adoption

I: Without ISP support: Will host’s ISP let it share its connection? hinges on what “internet connection” is mandate sharing! unlicensed spectrum is public

good II: With ISP support: offer business model

Think Comcast Voice citywide!

Co-op can benefit from ISP: increase uplink bandwidth for guest access make better tunnels (e.g. MPLS VPNs)

16/14


Mesh networks dense deployment

17/14


Co-op tunnels ≠Mobile IP tunnels

X

Triangular routing not possible

External node typically initiates contact

Need to register “care-of address” precludes highly mobile guests like cars

18/14


Local IP addresses

vpn-local/coop-local IPs are private IPs

vpn-local is local to guest-home pair can be reused by host & other guests

coop-local is local to guest-host pair can be reused on office VPNs of

guest/host

19/14


Dealing with NATs

Restricted Cone or Symmetric NAT Punch holes separately to each member

NATs with deep packet inspection STUN/rendezvous server acts as relay

Documents

HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins