Διπλωματική Εργασία The Peer-to-Peer Wireless Network Confederation Protocol: Design Specification and Performance Analysis Παρουσίαση: Παντελής Φραγκούδης.

Slides:

Advertisements

Similar presentations

MicroCast: Cooperative Video Streaming on Smartphones Lorenzo Keller, Anh Le, Blerim Cic, Hulya Seferoglu LIDS, Christina Fragouli, Athina Markopoulou.

Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

1 GridTorrent Framework: A High-performance Data Transfer and Data Sharing Framework for Scientific Computing.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan July 2009) Department of.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Peer-to-Peer Wireless Network Confederation (P2PWNC) George C. Polyzos Mobile Multimedia Laboratory Department of Computer Science Athens.

March 2009IETF 74 - NSIS1 Implementation of Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-02 Se Gi Hong*,

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

FIT3105 Smart card based authentication and identity management Lecture 4.

Designing a Peer-to-Peer Wireless Network Confederation Elias C. Efstathiou and George C. Polyzos Department of Computer Science Athens University of Economics.

P2PWNC Wireless Community Network CMSC 711: Computer Networks Yee Lin Tan Adam Phillippy.

Socket Programming.

1 Côte d’Azur / France - 21, 22, 23, 24 May 2006 HP OpenView University Association, 13th Workshop Building Secure Media Applications over Wireless Community.

A Trust Based Assess Control Framework for P2P File-Sharing System Speaker ： Jia-Hui Huang Adviser : Kai-Wei Ke Date ： 2004 / 3 / 15.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

A Self-Managed Scheme for Free Citywide Wi-Fi Elias C. Efstathiou and George C. Polyzos Mobile Multimedia Laboratory Department of Computer.

Stimulating Participation in Wireless Community Networks Elias C. Efstathiou, Pantelis A. Frangoudis, George C. Polyzos Mobile Multimedia.

CS 550 Amoeba-A Distributed Operation System by Saie M Mulay.

Self-Organized Aggregation of Wi-Fi Networks Elias C. Efstathiou, Advisor: George C. Polyzos Mobile Multimedia Laboratory, Department of Computer Science.

APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

Boyu Chen Yulin Xia Haoyu Xu Viterbi School of Engineering University of Southern California P2P file sharing system with a central server.

ASYMMETRIC CIPHERS.

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

Digital signature using MD5 algorithm Hardware Acceleration

Chapter 10: Authentication Guide to Computer Network Security.

Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.

University of Bergen public domain software: SEISLOG Linux, data-acquisition system for standard PC and embedded lowcost, low-power solutions Terje Utheim.

A measurement study of vehicular internet access using in situ Wi-Fi networks Vladimir Bychkovsky, Bret Hull, Allen Miu, Hari Balakrishnan, and Samuel.

1 Remote Management of Wireless Gateway Student Name: Dinesh D N (BITS ID: 2004HZ12158) MphasiS Technologies Ltd, Bangalore March 2006.

Exploiting super peers for large- scale peer-to-peer Wi-Fi roaming Efstratios G. Dimopoulos, Pantelis A. Frangoudis and George.C.Polyzos.

MASY: Management of Secret keYs in Mobile Federated Wireless Sensor Networks Jef Maerien IBBT DistriNet Research Group Department of Computer Science Katholieke.

Securing Data Authentication with Cryptographic Signatures in BitTorrent Du Wei cc.hut.fi / Supervisor : Professor Jukka Manner Instructor.

Ad Hoc Networks Curtis Bolser Miguel Turner Kiel Murray.

A Security-Aware Routing Protocol for Wireless Ad Hoc Networks

1 Configurable Security for Scavenged Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh with: Samer Al-Kiswany, Matei Ripeanu.

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

Dr. V.N.Sastry Professor, IDRBT & Executive Secretary, MPFI to 84 October 30,

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

Case Study II: A Web Server CSCI 8710 September 30 th, 2008.

ANNA UNIVERSITY, CHENNAI PROJECT VIVA FINAL YEAR MCA( ) 04/07/2013.

A.Obaid - Wilfried Probst - Rufin Soh INE4481 DISTRIBUTED DATABASES & CLIENT-SERVER ARCHITECTURES1 Chapter 1. Distributed systems: Definitions, design.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Intrusion Tolerant Software Architectures Bruno Dutertre, Valentin Crettaz, Victoria Stavridou System Design Laboratory, SRI International

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Key Agreement for Heterogeneous Mobile Ad-hoc Groups (µSTR-H) Mark Manulis Horst-Görtz Institute, Bochum (Germany)

Elliptic Curve Cryptography

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

Wireless and Mobile Security

PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.

ADVANCED COMPUTER NETWORKS Peer-Peer (P2P) Networks 1.

Renesas Electronics America Inc. © 2010 Renesas Electronics America Inc. All rights reserved. Overview of Ethernet Networking A Rev /31/2011.

Network Security Celia Li Computer Science and Engineering York University.

09/13/04 CDA 6506 Network Architecture and Client/Server Computing Peer-to-Peer Computing and Content Distribution Networks by Zornitza Genova Prodanoff.

Cryptography CSS 329 Lecture 13:SSL.

The Secure Sockets Layer (SSL) Protocol

Network Security 4/21/2019 Raj Rajarajan.

Presentation transcript:

Διπλωματική Εργασία The Peer-to-Peer Wireless Network Confederation Protocol: Design Specification and Performance Analysis Παρουσίαση: Παντελής Φραγκούδης Επιβλέπων: Γ. Πολύζος Εξωτερικός αξιολογητής: Κ. Κουρκουμπέτης

2/24 Outline  Introduction  System overview and architecture  P2PWNC protocol  Reference implementation  Performance evaluation  Conclusion

3/24 Introduction  Peer-to-Peer Wireless Network Confederation (P2PWNC) WLAN roaming scheme based on the P2P paradigm Sharing WLAN resources  Motivation Wide spread of WLAN low-cost equipment and broadband access Underutilized residential WLAN resources Limited WLAN roaming capabilities  Purpose Fueling ubiquitous internet access Exploiting underutilized residential WLAN resources Enforcing cooperation through reciprocity  Characteristics Deployment simplicity Agent autonomy Low managerial overhead

4/24 P2PWNC Overview  Users organized in teams  Rule of reciprocity Members of a team are freely served by other teams if their team also serves members of other teams  Autonomous decisions Decisions are based on transaction history Decision algorithms: not specified by the protocol  Trust model Team members know and trust each other Teams do not trust one another  Two operation modes: Centralized (TCA), Decentralized (no TCA)  ASCII-based communication protocol

5/24 System Entities (1/3)  Teams P2PWNC peers Team identifier: public/secret key pair Each team operates a number of access points  Team members Member identifier: public/secret key pair Team membership established via a certificate  Access Points

6/24 System Entities (2/3)  Receipts Proofs of prior transactions Issued (signed) by service consumer 1 receipt per session Consumer Certificate Consumer Signature Provider PK Timestamp Weight Member PK Team PK Team Signature

7/24 System Entities (3/3)  Receipt Repository Stores transaction history History used as input to the decision algorithm  Trusted Central Authority Issues key pairs for teams Manages a central receipt repository  Team Server Issues member key pairs and certificates Manages a team-local receipt repository Updates member repositories by answering UPDT messages

8/24 Centralized Operation Mode

9/24 Decentralized Operation Mode

10/24 The P2PWNC Protocol  ASCII-based messages  Support for RSA and Elliptic Curve Cryptography (ECC) digital signatures  Specifies cryptosystem parameters  Specifies key, certificate and signature data representations  Does not specify decision algorithms, data storage formats, software agent implementation details

11/24 Cryptosystem Parameters  RSA Bit lengths: 1024, 1536, 2048 Digest values produced by SHA-1  ECC Bit lengths: 160, 192, 224, 256 ECDSA algorithm (using SHA-1)

12/24 Protocol Messages  CONN: session initiation  CACK: session establishment  RREQ: receipt request  RCPT: receipt  QUER: query to the Receipt Repository  QRSP: query response (grant/deny access)  UPDT: repository update request

13/24 Mobile User – Access Point Session Mobile UserAccess PointRepository CONN QUER QRSP CACK RREQ RCPT Timeout/ Conn. closed RCPT RREQ

14/24 Reference Implementation (1/3)  AP module Runs on top of embedded Linux-based wireless access points Multithreaded TCP server Uses netfilter/iptables for network access control Kernel-level traffic measurements per session Mandatory support for RSA, ECC  Mobile User module Currently, C and Java implementations Need not support both RSA, ECC.

15/24 Reference Implementation (2/3)  Receipt Repository module Composite data structure for receipt storage Decision algorithms: pluggable modules Decisions based on the maximum-flow algorithm Push-Relabel Algorithm - O(V 3 ) “Global relabeling” heuristic

16/24 Reference Implementation (3/3)  TCA module Includes receipt repository module TCP server waiting for RCPT & QUER messages Team database Team key pair generation module Mandatory support for both RSA, ECC  Team Server module Includes receipt repository module TCP server waiting for RCPT, QUER, UPDT messages Mandatory support for both RSA, ECC

17/24 Performance Evaluation  Testbed Linksys WRT54GS wireless router AMD AthlonXP 2800 laptop  Cryptographic operations performance tests Signature, verification tests ECC vs RSA, AthlonXP vs Linksys WRT54GS  Maximum flow algorithm performance tests Peer population: 100, 500, 1000 teams Receipt repository size: 100 to receipts Running time and memory consumption tests  Effects of signature verifications on AP operation Tests run on Linksys WRT54GS FTP transfer of a ~220Mb file 160bit ECDSA verifications

18/24 Testbed Platform Specifications Athlon XP2800Linksys WRT54GS System typeAMD AthlonXP 2800Broadcom MIPS CPU speed2.08GHz200MHz RAM512 Mb32Mb Permanent storage60 Gb hard disk8 Mb flash (read only), 32 Kb NVRAM Operating systemRedHat Linux 8, 2.4 kernelEmbedded Linux (by Broadcom) kernel OpenSSL version0.9.8, beta 5 Compilergcc v3.2 GCC optimizations-O3-O3 –mcpu=r4600 –mips2

19/24 Cryptographic Operations Performance Security Level Key Size ratio (RSA/ECC) Athlon XPLinksys WRT54GS RSAECCRSAECC Digital Signing 1024/ : /1928 : / : /25612: Signature Verification 1024/ : /1928 : / : /25612: Time measured in milliseconds

20/24 Maximum Flow Algorithm Running Time on Athlon XP

21/24 Maximum Flow Algorithm Running Time on Linksys WRT54GS

22/24 Effect of CPU Intensive Tasks on Throughput  Verification wall clock time: 0.12sec  Mbyte FTP transfer over Linksys WRT54GS (wired): Kbytes/sec Verifications/secDelay (of #verifications) Throughput (Kbytes/sec) Transfer time (seconds) (pure transfer) (pure verification time) 0--

23/24 Extensions  Denial-of-Service attacks DoS attacks to APs/Receipt Repositories Exploit of probabilistic nature of decision algorithms  Implementation issues Maxflow algorithm heuristics Receipt Repository as a distributed database Study and improve ECC efficiency  Deployment issues Porting client software to more platforms (esp. PDAs) Downloadable Linksys WRT54GS firmware distribution  Evaluation issues Maxflow testing on various graph types (based on user mobility models)

24/24 Summary  Specified, implemented and evaluated a protocol for the provision of unified WLAN roaming services  Aiming at fueling ubiquitous Internet access  Scheme built around the ideas of agent autonomy and service reciprocity  Maximum flow-based decision algorithms  Designed with embedded/constrained devices in mind  Efficient data structures for data storage/retrieval and graph operations  Tested applicability of Elliptic Curve Cryptography