HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins

HotNets-VI 2 Architecting Citywide Ubiquitous Wi-Fi Access I: Whats wrong with sharing Wi-Fi? II: Tunneling based Architecture to safely & securely share Wi-Fi

Nishanth Sastry Hotnets-VI 3/14 Guest Host AP + Firewall + NAT Terminology Guests Home Host

Nishanth Sastry Hotnets-VI 4/14 Whats wrong with sharing Wi-Fi? (1/2) Malicious guests can... be bandwidth hogs infect host computers download illegal content be part of DDoS botnet * Use bandwidth limiters & firewalls Hosts have to trust guests to be well-behaved * Where each flow is too small to be detected

Nishanth Sastry Hotnets-VI 5/14 Whats wrong with sharing Wi-Fi? (1/2) Then there are the freeloaders... seeking better connectivity than their homes And kids escaping parental control home How do we induce hosts to share Wi-Fi?

Nishanth Sastry Hotnets-VI 6/14 Whats wrong with sharing Wi-Fi? (1/2) Captive portals, commonly used for logins at public hotspots (e.g. cafés & Fon), are essentially dynamic firewalls & are susceptible to users who sniff & spoof an authenticated users address

Nishanth Sastry Hotnets-VI 7/14 Whats wrong with sharing Wi-Fi? (2/2) Hosts can be malicious too. e.g. Pharming Guest has to trust host router!

Nishanth Sastry Hotnets-VI 8/14 safely How to safely share Wi-Fi? Home takes on responsibility for guests traffic hides guest traffic from host by encrypting acts as trusted source for guest DNS/IP Eliminate latent trust dependencies

Nishanth Sastry Hotnets-VI 9/14 Host Guest Host AP + Firewall + NAT Tunneling removes dependencies Guests Home vpn-local IP Trusted Services VPN server Tunnel Guests DHCP NAT beyond tunnel

Nishanth Sastry Hotnets-VI 10/14 Guest Host AP + Firewall + NAT Guests Home STUN Co-op distributes two registries: Coop-local IP Member ID Mapping of members ISP assigned IP Tunnel setup: Co-operative coop-local IP

Nishanth Sastry Hotnets-VI 11/14 But, what about performance? Path length inflation Intra-City Latency 3060ms [Lakshminarayanan IMC03] Guest downlink = home downlink+uplink! Asymmetric broadband limited uplinks Median uplink bandwith = 212 Kbps [ibid] Sufficient for emergency response [LeMay earlier ] Performance comparable to p2p flows

Nishanth Sastry Hotnets-VI 12/14 Scale and scope of the co-op depends on: regional laws governing legal content technical factors... end2end latency sizeof(coop-local IP space) AP memory for home & coop-local IP tables Works for citywide co-ops (broadband members)

Nishanth Sastry Hotnets-VI 13/14 Technical summary Guest 4. Guests Home 2. STUN 1.coop-local IP 3.Tunnel 5. vpn-local IP

Nishanth Sastry Hotnets-VI 14/14 Key features enabled by home Guest 4. Guests Home 2. STUN 1.coop-local IP 3.Tunnel 5. vpn-local IP Accountability in IP tracebacks Simultaneous access through multiple hosts crucial for access with weak signals

Nishanth Sastry Hotnets-VI 15/14 Two paths to adoption I: Without ISP support: Will hosts ISP let it share its connection? hinges on what internet connection is mandate sharing! unlicensed spectrum is public good II: With ISP support: offer business model Think Comcast Voice citywide! Co-op can benefit from ISP: increase uplink bandwidth for guest access make better tunnels (e.g. MPLS VPNs)

Nishanth Sastry Hotnets-VI 16/14 Mesh networks dense deployment

Nishanth Sastry Hotnets-VI 17/14 Co-op tunnels Mobile IP tunnels X Triangular routing not possible External node typically initiates contact Need to register care-of address precludes highly mobile guests like cars

Nishanth Sastry Hotnets-VI 18/14 Local IP addresses vpn-local/coop-local IPs are private IPs vpn-local is local to guest-home pair can be reused by host & other guests coop-local is local to guest-host pair can be reused on office VPNs of guest/host

Nishanth Sastry Hotnets-VI 19/14 Dealing with NATs Restricted Cone or Symmetric NAT Punch holes separately to each member NATs with deep packet inspection STUN/rendezvous server acts as relay