370 likes | 471 Views
Peer-to-Peer Wireless Network Confederation (P2PWNC). George C. Polyzos Mobile Multimedia Laboratory Department of Computer Science Athens University of Economics and Business http://mm.aueb.gr/. P2P colloquium, Darmstadt, December 7, 2005. Idea. A wireless LAN (WLAN) aggregation scheme
E N D
Peer-to-Peer Wireless Network Confederation (P2PWNC) George C. Polyzos Mobile Multimedia Laboratory Department of Computer Science Athens University of Economics and Business http://mm.aueb.gr/ P2P colloquium, Darmstadt, December 7, 2005
Idea • A wireless LAN (WLAN) aggregation scheme • Unites WLANs in citywide [con]federations • Requires no authorities: open to all, IDs are free • Relies on reciprocity between peers • Motivation • Numerous WLANs, connected to the Internet, are within the range of passersby Manhattan WLANs, 2002 Skyhook Wireless Wi-Fi Positioning System (WPS)
Motivation • Motivation (II) • Many WLANs are secured against outsiders • Need incentives to keep them open • Motivation (III) • WLAN-enabled mobile phones are on the market • Motivation (IV) • Public WLAN operators mainly target “hotspots” • Municipal wireless still in its infancy Motorola CN620 Nokia 9500
The Public Hotspot Market • From Gartner: • 2001: 1200 public hotspots worldwide • 2003: 71000 public hotspots worldwide • 2005: 23500 WLANs in hotels worldwide • A subscription buys you (June 2005): • Sprint PCS: 19000 hotspots worldwide • Boingo Wireless: 17400 hotspots worldwide • T-Mobile HotSpot: 16663 hotspots worldwide • Skyhook Wireless data (2005): • 50000 WLANs in just 5 Massachusetts cities and towns (Watertown, Brookline, Roxbury, Newton, and Cambridge)
The Rules • P2PWNC: An incentives-based P2P system • Teams provide WLAN access to each other • Teams should provide in order to consume Blue team White team Green team : WLAN access point : team member WLAN view Team view
N-way Exchanges • Adopt N-way exchanges as the incentive scheme • A generalization of barter, which retains some of its simplicity • “Provide to those [who provided to those]* who provided to me” • A type of (cyclical) indirect reciprocity • Scales to larger communities, compared to direct-only exchanges • Does not rely on (central or distributed) authorities A B C D Some variants of the basic N-way scheme: Cox, Noble, “Samsara: Honor Among Thieves in P2P Storage,” SOSP’03 Ngan, Wallach, Druschel, “Enforcing Fair Sharing of P2P Resources, “ IPTPS’03 Anagnostakis, Greenwald, “Exchange-based Incentive Mechanisms for P2P File Sharing,” ICDCS’04 Feldman, Lai, Stoica, Chuang, “Robust Incentive Techniques for P2P Networks,” ACM EC’04
Versions 1. E. C. Efstathiou and G. C. Polyzos, “Self-Organized Peering of Wireless LAN Hotspots,” European Transactions on Telecommunications, vol. 16, no. 5, (Special Issue on Self-Organization in Mobile Networking), Sept/Oct. 2005. [12% acceptance rate] 2. E. C. Efstathiou, P. A. Frangoudis, and G. C. Polyzos, “Stimulating Participation in Wireless Community Networks,” IEEE INFOCOM 2006, Barcelona, Spain, April 2006 (to appear).[18% acceptance rate]
Version History • Sept. 2002: P2PWNC started in the context of IST MMAPPS (Market Management of Peer-to-Peer Services) • Sept. 2003: Demo of version 1.0 Team 1 (5 persons from AUEB) Theory Team (2 persons from AUEB) • June 2005: Demo of version 2.0 Team 2 (3 persons) Results will be presented at IEEE INFOCOM, Barcelona, April 2006 • Oct. 2005: Started work on version 3.0 Team 3 (7 persons) Preparing demo for TRIDENTCOM 2006 and/or INFOCOM 2006
System Entities • Team = Members + Access Points (APs) • Teams := P2PWNC peers • Assume intra-team trust • Team ID = (unique) PK-SK pair • Member certificate • Member ID = (unique) PK-SK pair • Member certificate binds Member PK to Team PK • Receipt • Encodes P2PWNC transactions between teams • Signed by consuming member • Receipt weight: amount of bytes the AP forwarded PK: public key SK: private key Member PK Team PK Signed by Team SK Team PK Member cert Timestamp Weight Signed by Member SK
Receipt Generation 11:50am = t0 (member connects) 11:51am (P requests 1st receipt) CONN RREQ P P C C CACK RCPT RCPT timestamp = t0 RCPT weight = w1 11:52am (P requests 2nd receipt) 11:53am (member has departed) RREQ RREQ (timeout) P P C Receipt Repository RCPT RCPT RCPT timestamp = t0 RCPT weight = w2 > w1 P stores last receipt
P2PWNC Protocol: Entities and Messages Access Point Repository Mobile User CONN QUER CACK QRSP RREQ RCPT P2PWNC/2.0 Content-length: 357 Algorithm: ECC160 Timestamp: Tue, 24 May 2005 17:26:41 +0000 Weight: 6336 BNibmxStfJlod/LnZubH6pzWHQqKyZFcSMjnZurmTe4KjCRkllhV93MEegPvCsxz2oe/hqevoPSrwO1JLO/36J8HTIeyeKQqTCfx+EPxweAvYC/ZFb8URLa2faIbvSgD3lm6Wa1S4cYlSWeSNmFzS/ebDFfzakqNSEsERefwEcdWJD9gzIXafL4pojhhfP5brS4QPtHzBl58POfKdx9AqCDMBxRoGALKJSJYYXlsrwtiyZJKvPlU5B3lWrFuL25Pd+kv2iMVRElXk/4= RCPT RREQ Timeout/ Conn. closed RCPT Text-based protocol. Certificates and keys encoded in Base64.
Centralized Operation Mode One RR (Receipt Repository) for all teams. - Susceptible to DoS in layer 3 and in app. layer (overflow RR with fake receipts) - Confederation teams may be unable or unwilling to agree on the same RR, dividing the confederation + Simpler to deploy and bootstrap
Decentralized Operation Mode One RR (Receipt Repository) per team (running on the “team server”). + Not susceptible to DoS (IP address known only within the team) and only team members talk to it - Needs gossiping mechanism (which uses the members themselves to carry receipts around) - Partial views of confederation history can favor free-riding
The Receipt Graph Directed weighted graph (with cycles) W1 F E Graph security Free-riders and colluders can create an arbitrary number of fake vertices and edges They cannot create fake outgoing edges starting from teams who are outside the colluding group (they do not have the relevant private keys) W2 W4 B W3 G W5 W6 W9 W7 W14 A I W8 H W13 W10 W11 D C W12 Vertices: team public keys Edge weight: sum of weights of corresponding receipts Edges point from the consuming team to the providing team
GMF - Background Directed weighted graph (with cycles) W1 F E Graph security Free-riders and colluders can create an arbitrary number of fake vertices and edges They cannot create fake outgoing edges starting from teams who are outside the colluding group (they do not have the relevant private keys) W2 W4 B W3 G W5 W6 W9 W7 W14 A I W8 H W13 W10 W11 D C W12 Vertices: team public keys Edge weight: sum of weights of corresponding receipts Edges point from the consuming team to the providing team
GMF - Heuristic Directed weighted graph (with cycles) W1 F E Graph security Free-riders and colluders can create an arbitrary number of fake vertices and edges They cannot create fake outgoing edges starting from teams who are outside the colluding group (they do not have the relevant private keys) W2 W4 B W3 G W5 W6 W9 W7 W14 A I W8 H W13 W10 W11 D C W12 Vertices: team public keys Edge weight: sum of weights of corresponding receipts Edges point from the consuming team to the providing team
GMF - Evaluation Directed weighted graph (with cycles) W1 F E Graph security Free-riders and colluders can create an arbitrary number of fake vertices and edges They cannot create fake outgoing edges starting from teams who are outside the colluding group (they do not have the relevant private keys) W2 W4 B W3 G W5 W6 W9 W7 W14 A I W8 H W13 W10 W11 D C W12 Vertices: team public keys Edge weight: sum of weights of corresponding receipts Edges point from the consuming team to the providing team
IST MMAPPS version (Version 1.0) P2PWNC Domain Agent Application WLAN events WLAN service calls WLAN Provisioning Service Network Services MMAPPS and JXTA Firewall Packet sniffer Negotiation Accounting DHCP Routing / NAT Rules Rate control Authentication
IST MMAPPS version (Version 1.0) 1. Visitor credentials check WLAN WLAN (visitor password resides in home database) 6. Balance OK: Proceed 2. Negotiate Visitor Negotiation Visitor Session Visitor Negotiation Negotiation Listener 5. Start 3. Request service MMAPPS Negotiation MMAPPS Negotiation 4a. MMAPPS negotiation 4b. Balance check Home peer - Consumer Visited peer - Provider
First attempts at Linux-based WLAN mgmt:AAA, DHCP, NAT, QoS, …
First attempts at Linux-based WLAN mgmt:Traffic logging using (fast) kernel, user modules
Version 2 Architecture Receipt store GMF execution Member update (decentralized mode) Home-AP interface DHCP NAT/router/firewall Authenticator Receipt verification Standard PC, or collocated with Linksys Linksys WRT54GS AP (32MB RAM, 8MB Flash) Windows Mobile client Member-AP interface . Member certificate Receipt generation Also carries team receipts (decentralized mode) Member-Home interface
Linksys WRT54GS • Linux-based WLAN access point • We implemented the P2PWNC protocol (AP side) on it • 32 MB RAM, 8 MB Flash, 200 MHz CPU • Retails for less than $70 • Cryptographic, maxflow performance comparable to 200 MHz PC • Can act as team server/RR (storing more than 10000 receipts)
Repository Implementation (Version 2.0) • Receipt Repository • Efficient, composite data structure for receipt storage and queries • Incentive algorithms: pluggable modules • maximum-flow algorithm optimizations • Push-Relabel Algorithm - O(V3) • Global relabeling heuristic
Linksys verification performance compared to a 2GHz PC for all P2PWNC signature types
QoS Scheme for version 3.0 Reinterpret the result of GMF not as probability to provide unrestricted service but as the QoS to be provided Build traffic policing module for both Windows and Linux-based (tc-based) routers
Visited AP 1 Visited AP 2 Home AP 1 Home AP 2 Internet Internet GSM Internet Wireless Client 1 Wireless Client 2 Secure Services (version 3.0) Team Server 1 Team Server 2 Each client uses its own tunnel endpoint for scalability (usually their own home). Client can learn the endpoint’s current IP address from his team server. Caller sends SMS containing current tunnel endpoint IP address and a tunnel identifier. No centralized registrars are needed (e.g. SIP registrars, dynamic DNS).
L2TP IPSec Tunnels Client side support: Windows, Windows Mobile Server side support: Linux (and Linksys), Windows
NAT traversal a problem for IPSec, but: IPSEC-ESP-RFC 3948: UDP encapsulation of IPSec ESP Packets (used after a NAT detection process detects a NAT) Support for NAT-T in Windows, Windows Mobile and in the Openswan Linux VPN gateway that we are using
AWMN and P2PWNC AWMN is one of the largest WMNs globally, with more than 3000 nodes P2PWNC version 3.0 is designed to be compatible with most AWMN nodes Setup of AWMN Node #66 in MMlab is finally underway!
P2PWNC Publications and Website http://mm.aueb.gr/research/p2pwnc/