Document Sample
p2pwnc Powered By Docstoc
Wireless Community Network

    CMSC 711: Computer Networks
            Yee Lin Tan
          Adam Phillippy
♦ Ubiquitous Internet access is a necessity
  ♦ Email, web, VoIP, messaging, remote network
♦ Current state
  ♦ Internet access far from ubiquitous
  ♦ Required infrastructure not yet in place
     ♦ Wireless Internet Service Providers (WISPs)
         ♦ Coverage limited to selected hotspots
     ♦ Wireless LAN (WLAN)
         ♦ Deployed in homes, schools, airports, etc.
♦ Idea
  ♦ Why not unite all WLANs to provide ubiquitous
    access to the Internet?
 Peer-to-Peer Wireless Network
   Confederation (P2PWNC)
♦ Framework for uniting WLAN hotspots
♦ Community of administrative domains
  that offer wireless internet access to
  each other’s users
♦ P2P network of domain agents (DA)
 Peer-to-Peer Wireless Network
   Confederation (P2PWNC)
♦ Administrative Domain
  ♦ Examples:
     ♦ Residential hotspot with 1 access point
     ♦ WISP with access points in many locations
♦ Domain Agent (DA)
  ♦ Each administrative domain maintains 1 DA
  ♦ Physical node that represents the WLAN
  ♦ Responsibilities:
     ♦ Regulates wireless service provision and consumption
     ♦ Eliminates need for roaming agreements
 Peer-to-Peer Wireless Network
   Confederation (P2PWNC)
♦ Simple accounting mechanism based on
  ♦ When roaming in another P2PWNC
  ♦ To compensate for resources consumed,
    home DA transfers tokens to visited DA
         P2PWNC Design

♦ Based on reciprocity
♦ Domains must provide resources to
♦ So that their own users can consume
  resources of other P2PWNC domains
  when roaming
   Distinctive Characteristics
♦ Open to all
  ♦ No registration or central authority
     ♦ Joining P2PWNC is similar to joining a file-sharing
♦ Free to use
  ♦ No barrier to entry
  ♦ Reciprocity drives the system
♦ Autonomous domains
  ♦ Each domain decides how much resources it
    wants to provide to visitors
♦ Protects privacy
  ♦ Identity and location privacy
              P2P Systems

♦ Communities of economic agents
  cooperating for mutual benefit without
  centralized control
♦ Characteristics:
  ♦ Makes use of otherwise underused
  ♦ Agent autonomy
  ♦ Scalability, fault-tolerance, reliability
   P2PWNC as a P2P System
♦ Underused resources
   ♦ Residential hotspots typically operate only at a small
     percentage of maximum throughput
♦ Cost-sharing
   ♦ Distribute cost among participating administrative domains
   ♦ High cost for a single provider to cover large areas
       ♦ Hardware
       ♦ Administration, operations, maintenance
♦ Decentralized control
   ♦ Distributed accounting to track who owes who and how
♦ Agent autonomy
   ♦ Can dynamically adjust provisioning rates
    Architectural Overview

♦ Unique logical name for each DA
  ♦ Can reuse DNS name
♦ Registered users
  ♦ Local users of a particular domain
  ♦ Examples:
    ♦ Residential hotspot: all household members
    ♦ WISP: all subscribers
♦ Roaming users
  ♦ Visiting users from another domain
                 DA Modules
♦ Name service
   ♦ Maps logical P2PWNC domain names to IP addresses
     of DAs
♦ Authentication
   ♦ Maintains a database of registered users along with
     security credentials
♦ Traffic-policing
   ♦ Logs and shapes internet traffic
   ♦ Allocates specific amounts of bandwidth to visitors
   ♦ Firewall, DHCP, DNS, access point control
♦ Distributed accounting
   ♦ Secure storage of accounting data
          DA Modules (2)
♦ Consumer-strategy
  ♦ Home DA’s consumer-strategy is contacted
    when roaming user wants service
  ♦ Decides if transaction should continue
  ♦ Pays required tokens to visited DA’s
    provider-strategy module
♦ Provider-strategy
  ♦ Decides whether to provide service to
  ♦ Decides current service prices
          DA Modules (3)

♦ Privacy-enhancement
  ♦ Protects identity privacy
    ♦ Hides user name and home DA of roaming
      user from visited DA
  ♦ Protects location privacy
    ♦ Hides visited DA from home DA
♦ Distributed Hash Table
  ♦ Low-level module used by name service
    and distributed accounting
 Security and Privacy Issues
♦ Abuse by untrustworthy visitors
  ♦ Illegal activities
♦ Traffic logging by untrustworthy providers
  ♦ Possible solution: tunneling through trusted
    gateway (e.g. home DA)
♦ Identity privacy
  ♦ Possible solution: create a new alias for every new
♦ Identity and location privacy
  ♦ Possible solution: Mix network
                            Mix network

                       Peer „A‟       Alias_X@B                   Peer „B‟
                       (mix 1)        { MIX, C, { STOP, X }C }B   (mix 2)

       Alias_X@A                                                             Alias_X@C
       { MIX, B, { MIX, C, { STOP, X }C }B }A                                { STOP, X }C

  Peer „P‟                                                                            Peer „C‟
 (provider)                                                                           (home)

  “My P2PWNC ID is Alias_X@A”
  Credentials include real ID and a mix chain
  encrypted using nested public-key encryptions

                                                                    Idea credit: David Chaum
                                                                  Slide credit: George Polyzos
    Economic Considerations
♦ Optimal system parameters
   ♦ Consumer/Provider strategies, token prices
♦ Secure distributed accounting subsystem
   ♦ Monitors peer contribution and consumption
   ♦ Uses cryptographically secure tokens (cannot be forged)
♦ Domain strategies
   ♦ How to charge usage:
      ♦ KBytes or hour, current congestions levels, identity of
   ♦ How to balance conflicting requirements:
      ♦ Want best possible service for its own roaming users
      ♦ Must provide service to visitors to earn tokens for use by
        roaming users
      ♦ May affect service provided to its own local users
Economic Considerations (2)
♦ Offline DAs
  ♦ Problem
     ♦ Roaming user requests service from visited DA
     ♦ Visited DA unable to contact home DA
  ♦ Possible Solution (decentralized version)
     ♦ Home DA distributes token allowances to users
     ♦ User pays without intervention of home DA
♦ Token generation
  ♦ How DAs first acquire tokens
  ♦ Distributed banks generate tokens and distribute
    to new entrants
Economic Considerations (3)
♦ Domain heterogeneity
  ♦ Different in terms of:
     ♦ Coverage size
     ♦ Coverage location
     ♦ Number of registered users
  ♦ Problem:
     ♦ Domains with few visitors, difficult to earn tokens
     ♦ Possible solution: set high token prices
  ♦ More general problem:
     ♦ How to make sure a few domains don’t monopolize all
Summary of DA Responsibilities

♦ Regulate prices for service
♦ Make sure visitor traffic does not
  adversely affect traffic from registered
♦ Ensure best possible treatment for own
  (registered) users that are roaming
     Business Models -
    Who can make a profit
♦ Upstream ISPs that allow P2PWNC
  may be preferred by customers
♦ “Pay-as-you-go” domains
  ♦ Vendors can sell pre-paid cards containing
    P2PWNC user id and credentials
  ♦ Virtual P2PWNC
    ♦ Virtual DA obtains tokens from P2PWNC
      domains outside normal interaction model
    ♦ Sells tokens in the form of pre-paid cards
      Business Models –
   Who can make a profit (2)
♦ P2PWNC domain aggregators
  ♦ Host DA for multiple small WLANs
  ♦ Similar to web hosting
♦ Vendors of DA modules
  ♦ Provide consumer-strategy and provider-
    strategy modules
  ♦ Hotspot indexing engines
  ♦ Tune DA parameters
  ♦ Security and privacy enhancements
       Operational Issues

♦ Need more economic analysis and
  ♦ How P2PWNC and token-based incentive
    operate in real-world environment
♦ Regulatory obstacles
  ♦ Some ISPs prohibit sharing of broadband
   P2PWNC Implementation

♦ GPL Licensed
♦ AP: Linksys WRT54GS
  ♦ Firmware
♦ Client: QTEK 9100
  ♦ C and Java
Implementation Assumptions
♦ Good
  ♦   No central authority
  ♦   Users may use unlimited, free IDs
  ♦   User consumption is not homogeneous
  ♦   Software can be modified/hacked
  ♦   Teams (domains) will try and cheat
  ♦   Teams will collude
♦ Not so good
  ♦ Team consumption is homogeneous
  ♦ Team members trust each other
  ♦ ISPs allow connection sharing
Teams, users, and receipts

                       Team AP
                       Team member
        Receipt accounting

    ?        t0 w 1      t0 w 2

                          provider, team
                                         t w
                      timestamp, weight 0 2





♦ One receipt server per team
♦ Gossiping protocol
  ♦ Devices carry a sample of receipts
  ♦ Consumers share receipts with providers
♦ Adds overhead for verifying receipts
♦ Incomplete view of the “receipt graph”
        Receipt graph




               C                   H
                   Does C owe H?
         Maxflow decision

♦ Probability of me granting you service

            What IOU

        What you owe me

              mf ( P  C ) 
     p  min 
              mf (C  P) ,1
                            
        (bottle neck flow)



                                     Min C-H cut

               C                 H

♦ Uncooperative teams
  ♦ Evident from receipt graph
  ♦ Other teams will stop providing service
♦ DOS attacks
  ♦ Centralized server is vulnerable
  ♦ Decentralized servers have secret IPs
    ♦ Teams do not communicate via Internet
♦ Colluding teams…
                Naive collusion


                  G            X0

                          X1        X2

    C                 H
        Sophisticated collusion


                G            X1

                        X0        X2


    C               H
      Generalized Maxflow

♦ Look for collusion hub X0
♦ Discount suspicious paths
  ♦ Discount flow passing through vertices
    with a high sum of outgoing edge weights
  ♦ Discount flow passing through many
♦ Assumes homogeneous team usage
♦ Team leader
  ♦ Public/private keys for team identity
  ♦ Signs member certificates
♦ Team members
  ♦ Public/private keys for member identity
♦ All receipts are signed
  ♦ Elliptic Curve Digital Signature Algorithm
  ♦ Signing faster than verification
  ♦ Mobile devices have limited computing power
♦ No central authority (decentralized)

♦ Providers and consumers make
  decisions based on benefit-to-cost ratio
  ♦ Evolutionary learning
  ♦ Providing +cost, consuming +benefit
♦ Simulate interaction across 500 rounds
  ♦ 1 new team added per round
  ♦ 300 total teams

♦ Switch to best strategy after each round
  ♦ Most teams adopt cooperative strategies
  ♦ After 500 rounds
     ♦ 175 Reciprocative teams
     ♦ 100 Unconditional cooperator teams
     ♦ 20 Random cooperator teams
     ♦ 5 Unconditional defector teams
♦ Will it work in the real world?
  ♦ Sporadic usage
  ♦ Receipt history flushing
♦ Is it scalable?
  ♦ Maxflow could get expensive
♦ What about heterogeneous team usage?
  ♦ Variable cost of bandwidth
♦ Who is responsible for the AP’s traffic?
  ♦ Will the RIAA believe it wasn’t you?
      P2PWNC Publications

♦ Initial idea
  ♦ A Peer-to-Peer Approach to Wireless LAN
    Roaming. Efstathiou EC, Polyzos GC. ACM
    WMASH, 2003.
♦ Implementation details
  ♦ Stimulating Participation in Wireless
    Community Networks. Efstathiou EC,
    Frangoudis PA, Polyzos GC. IEEE
    INFOCOM, 2006.
Receipt repository
Maxflow overhead
Cryptographic overhead
 Real-World Example - FON
♦ Largest WiFi community in the world
♦ Idea
  ♦ Members (aka Foneros) share wireless
    Internet access at home
  ♦ In return, get free WiFi wherever there is a
    Fonero Access Point
     ♦ Use Fonero login
♦ How to become a member:
  ♦ Buy a WiFi router (aka La Fonera) from
               More about FON
♦ 3 types of Foneros (members)
♦ Linuses
   ♦ People who share home WiFi to get free WiFi wherever
     there is a FON Access Point
♦ Aliens
   ♦ People who do not share their WiFi but want access to a
     FON Access Point
   ♦ Charged $3 per day
♦ Bills
   ♦   Businesses who want to make money off their WiFi
   ♦   Don’t want free roaming
   ♦   Get 50% of money Aliens pay
   ♦   Can advertise on their own personalized FON Access Point