2003-Case-IST by liaoxiuli


									            The Case for
Peer-to-Peer Wireless LAN Consortia
            A P2P Approach to WLAN Roaming

                                     Elias C. Efstathiou

                                  Mobile Multimedia Lab
                              Computer Science Department
                       Athens University of Economics and Business
                                  Athens 10434, Greece
                         efstath@aueb.gr - http://mm.aueb.gr

   Authors: P. Antoniadis, C. Courcoubetis, E. C. Efstathiou, G. C. Polyzos, and B. Strulo
          IST Project MMAPPS - Market Management of Peer-to-Peer Services
                                 (RTD No IST-2001-34201)

                          IST Mobile and Wireless Summit 2003, Aveiro, Portugal
Introduction (1 of 2)

Ubiquitous Internet Access a Necessity
•   However, WISPs are facing difficulties
•   WISP roaming practically non-existent
•   Many under-exploited private WLANs do exist

The Peer-to-Peer Wireless LAN Consortium (PWC):
•   A Framework for uniting all WLANs in one global group
•   A Community of WLAN Administrative Domains that offer wireless
    Internet access to each other‟s registered users
•   The PWC is a P2P network of Domain Agents (DAs)
    •   DAs are physical nodes that represent one domain each
    •   Their purpose is to eliminate the overhead of roaming agreements
    •   Instead, DAs obey a simple token-exchange rule

                 AUEB Mobile Multimedia Lab – http://mm.aueb.gr            2 / 14
Introduction (2 of 2)

Domain Independence: a PWC Distinctive Characteristic
•   DAs make autonomous decisions concerning the amount of resources
    they provide to visitors
•   Key difference from other roaming schemes

PWC Simplicity
•   No central entity controls the PWC or the interactions of its participants
•   No cost of entry for domains
•   PWC subsystems leverage its P2P nature: no external servers are

                 AUEB Mobile Multimedia Lab – http://mm.aueb.gr         3 / 14
•   Existing under-exploited WLANs
•   IEEE 802.11 simplicity
•   Next-generation portable devices
WLAN Roaming Today
•   Practically non-existent
    •   Hotspot aggregation (e.g. Boingo Inc.) is not WLAN roaming
•   Limitations of WISP associations (e.g. Pass-One)
    •   Service-mark logic
    •   Insufficient privacy
    •   Insufficient autonomy
    •   Administrative overhead and complexity

The PWC as a P2P System
•   Shared good: bandwidth
•   Autonomous peers: independent domain agents
•   Free-riding: domains that may not provide access to visitors
•   Incentives and rules: token-exchange rule

                 AUEB Mobile Multimedia Lab – http://mm.aueb.gr      4 / 14
PWC Requirements
1. Domain Independence
 •   The peers make autonomous decisions
     •   Concerning their contribution level
     •   Concerning their participation status

2. Domain Reciprocal Behavior
 •   Free-riding must be minimized
 •   PWC system rule: token-exchange
     •   This rule “guides” domain behavior

3. Easy-to-Join
 •   No administrative overhead
 •   Similar to joining a P2P file-sharing network
     •   Assuming the domain WLAN infrastructure is already in place

4. PWC Self-Sufficiency
 •   PWC subsystems rely only on the PWC peers themselves
5. Decentralization
 •   No central entities
 •   No central authority manages the PWC
                    AUEB Mobile Multimedia Lab – http://mm.aueb.gr     5 / 14
PWC Entities
Domain Agents (DAs)
•   The PWC is a P2P network of DAs
•   DAs are nodes running the PWC DA software
•   Exactly one DA per PWC administrative domain
•   Each DA has a unique logical name:
    •    aueb.gr, cometa.net
    •    The_Aveiro_Smith_Family

•   Registered with one (or more) DAs
•   Each has a unique identifier (user_name@logical_domain_name)

•   The PWC „good‟ - 802.11 bandwidth and bandwidth to the Internet

•   Unforgeable virtual currency
•   Exchanged between DAs
•   Represent the value, which DAs ascribe to their consumed bandwidth

                 AUEB Mobile Multimedia Lab – http://mm.aueb.gr          6 / 14
PWC High-Level View

                  A                                                          DA
        A         P              A                                         „Black‟
        P                        P

                             A                            „White‟
              A              P          A
              P                         P                                    DA

        A             A                     A
        P             P                     P

AP : WLAN Access Point                                DA : PWC Domain Agent
   : User
                                       WLAN view                                 P2P view

                          AUEB Mobile Multimedia Lab – http://mm.aueb.gr                    7 / 14
PWC Domain Agent Modules
1. Name-service                                  5. Distributed Accounting
 •   Maps logical domain names                     •    Secure storage of PWC
     to DA IP addresses                                 accounting information
 •   Uses a Distributed Hash                       •    Also uses a DHT
     Table (DHT)                                 6. Consumer Strategy
2. Authentication                                  •    Regulates the consumption actions
                                                        of the domain‟s roaming users
 •   Maintains a database of
     registered users                            7. Provider Strategy
     •    Along with their security                •    Regulates contribution to visitors
                                                   •    Dynamically assigns “prices” to
3. Traffic Policing                                     consumed resources
 •   Logs and shapes egress and                  8. Privacy Enhancement
     ingress Internet traffic                      •    Ensures PWC user anonymity and
 •   Allocates specific amounts of                      untraceability
     bandwidth to visitors
 •   Firewall, DHCP, DNS,
     NAT/NAPT, WLAN control

                      AUEB Mobile Multimedia Lab – http://mm.aueb.gr                         8 / 14
PWC Security Issues
PWC security is a superset of WLAN security
•   The usual confidentiality, integrity, and availability problems apply
•   The following three issues are PWC-specific:
1. Traffic Logging by Untrustworthy Providers
•   User traffic completely visible to the visited Domain Agent
•   Encryption does not hide useful metadata (e.g. remote-party address)
•   SOLUTION: Tunnel (encrypt and route) through the home DA
2. Identity Privacy: PWC Pseudonyms
•   User name visible to the visited DA
•   SOLUTION: Use algorithmically updated user aliases

3. Anonymity and Untraceability: PWC Mixes
•   User name and home domain name visible to the visited DA
•   Home domain name required for PWC accounting
•   SOLUTION: Use PWC privacy enhancement modules (PWC mixes)
                 AUEB Mobile Multimedia Lab – http://mm.aueb.gr             9 / 14
PWC Mixes

                                                                               Blue arrows
                                   DA                       „B‟                 token flow
                                   „A‟                 (Second mix)
                               (First mix)

     (Provider)                                                                  DA
                  “My PWC user ID is alias_X@A”                              (Consumer)

                  (Appends real ID and a mix chain, all encrypted
                  using layered public-key encryptions)


P, A, and B cannot know if the domain on the right is the real consuming domain or a mix
A, B, and C cannot know if the domain on the left is the real providing (visited) domain or
a mix

                            AUEB Mobile Multimedia Lab – http://mm.aueb.gr                    10 / 14
Open PWC Issues
1. Secure Distributed Accounting
 •   Maintains PWC accounting history
 •   Must be fault-tolerant, scalable, hack-proof
2. Tokens and Token Generation
 •   Cryptographically secure, unforgeable tokens
 •   Generated, perhaps, by a PWC internal distributed bank
 •   Distributed to new PWC entrants
3. Domain Heterogeneity
 •   Domains covering areas diverse in size and location
 •   Domains may have completely uneven populations of registered users
 •   Small domains may receive only very few requests (and thus tokens)
4. “Offline” Domains
 •   Domain Agent autonomy may mean a DA is unreachable/offline
 •   Who “pays” for a roaming user of that domain?
     •   The roaming user? Another domain?

                 AUEB Mobile Multimedia Lab – http://mm.aueb.gr   11 / 14
Deploying the PWC
Domain Agent Administrative Interface
•    Must hide PWC complexity from Domain Agent administrators
•    DAs must require a minimum number of input parameters:
     1. A list of registered users and their security credentials
     2. The domain‟s aggregate egress and ingress Internet bandwidth
     3. A “map” of WLAN cells and local traffic bottlenecks
     4. The average WLAN load (local registered users and visitors)
     5. The average PWC usage by roaming users of the domain

•    Some of these parameters will be administrator‟s „best-guesses‟

PWC Profit Opportunities
    1. Vendors of PWC Domain Agents
    2. Vendors of PWC support modules
    3. PWC domain aggregators
    4. “Pay-as-you-go” domains

                 AUEB Mobile Multimedia Lab – http://mm.aueb.gr        12 / 14
PWC Domain Agent Prototype
We‟ve built two prototype PWC Domain Agents
 •   Running on PCs with Red Hat Linux 9 (2.4.20 kernel)
 •   Developed using C, Java, and Python
 •   Each DA is also a WLAN router, connected to the Internet and to a Cisco Aironet
     1200-series WLAN AP

Modules completed:
 •   Authentication
     •   Using IEEE 802.1X
     •   Using a custom web-based login function (and the iptables firewall)
 •   Traffic Policing
     •   Using the libpcap library and the tc utility
 •   WLAN
     •   Using Linux IP masquerading (for NAT/NAPT) and standard Linux DHCP, DNS, and
         routing functionality
 •   Strategy (using a very simple P2P token-exchange rule)

Still needed:
 •   Unforgeable tokens, secure DHT (for distributed accounting and name-
     service), more complex strategy algorithms, PWC mixes
                   AUEB Mobile Multimedia Lab – http://mm.aueb.gr               13 / 14
Concluding Remarks
• The PWC is a simple alternative to existing roaming schemes
• The PWC is designed around organic growth
• PWC strategic agents replace static roaming agreements
• Although, by design, the PWC cannot provide any strong
  guarantees, it could become a suitable vehicle for achieving
  ubiquitous, low-cost, Internet access
• PWC autonomy and privacy considerations could make it more
  socially acceptable
• Real-world regulations could, however, affect PWC growth
• More analysis and simulations are needed to assist in
  designing optimal PWC rules

               AUEB Mobile Multimedia Lab – http://mm.aueb.gr   14 / 14

To top