Presentation is loading. Please wait.

Presentation is loading. Please wait.

HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins.

Published byCaleb Madden Modified over 10 years ago

Similar presentations

Presentation on theme: "HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins."— Presentation transcript:

1 HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins

2 HotNets-VI 2 Architecting Citywide Ubiquitous Wi-Fi Access I: Whats wrong with sharing Wi-Fi? II: Tunneling based Architecture to safely & securely share Wi-Fi

3 Nishanth Sastry Hotnets-VI 3/14 Guest Host AP + Firewall + NAT Terminology Guests Home Host

4 Nishanth Sastry Hotnets-VI 4/14 Whats wrong with sharing Wi-Fi? (1/2) Malicious guests can... be bandwidth hogs infect host computers download illegal content be part of DDoS botnet * Use bandwidth limiters & firewalls Hosts have to trust guests to be well-behaved * Where each flow is too small to be detected

5 Nishanth Sastry Hotnets-VI 5/14 Whats wrong with sharing Wi-Fi? (1/2) Then there are the freeloaders... seeking better connectivity than their homes And kids escaping parental control software @ home How do we induce hosts to share Wi-Fi?

6 Nishanth Sastry Hotnets-VI 6/14 Whats wrong with sharing Wi-Fi? (1/2) Captive portals, commonly used for logins at public hotspots (e.g. cafés & Fon), are essentially dynamic firewalls & are susceptible to users who sniff & spoof an authenticated users address

7 Nishanth Sastry Hotnets-VI 7/14 Whats wrong with sharing Wi-Fi? (2/2) Hosts can be malicious too. e.g. Pharming Guest has to trust host router!

8 Nishanth Sastry Hotnets-VI 8/14 safely How to safely share Wi-Fi? Home takes on responsibility for guests traffic hides guest traffic from host by encrypting acts as trusted source for guest DNS/IP Eliminate latent trust dependencies

9 Nishanth Sastry Hotnets-VI 9/14 Host Guest Host AP + Firewall + NAT Tunneling removes dependencies Guests Home vpn-local IP Trusted Services VPN server Tunnel Guests DHCP NAT beyond tunnel

10 Nishanth Sastry Hotnets-VI 10/14 Guest Host AP + Firewall + NAT Guests Home STUN Co-op distributes two registries: Coop-local IP Member ID Mapping of members ISP assigned IP Tunnel setup: Co-operative coop-local IP

11 Nishanth Sastry Hotnets-VI 11/14 But, what about performance? Path length inflation Intra-City Latency 3060ms [Lakshminarayanan IMC03] Guest downlink = home downlink+uplink! Asymmetric broadband limited uplinks Median uplink bandwith = 212 Kbps [ibid] Sufficient for emergency response [LeMay earlier ] Performance comparable to p2p flows

12 Nishanth Sastry Hotnets-VI 12/14 Scale and scope of the co-op depends on: regional laws governing legal content technical factors... end2end latency sizeof(coop-local IP space) AP memory for home & coop-local IP tables Works for citywide co-ops (broadband members)

13 Nishanth Sastry Hotnets-VI 13/14 Technical summary Guest 4. Guests Home 2. STUN 1.coop-local IP 3.Tunnel 5. vpn-local IP

14 Nishanth Sastry Hotnets-VI 14/14 Key features enabled by home Guest 4. Guests Home 2. STUN 1.coop-local IP 3.Tunnel 5. vpn-local IP Accountability in IP tracebacks Simultaneous access through multiple hosts crucial for access with weak signals

15 Nishanth Sastry Hotnets-VI 15/14 Two paths to adoption I: Without ISP support: Will hosts ISP let it share its connection? hinges on what internet connection is mandate sharing! unlicensed spectrum is public good II: With ISP support: offer business model Think Comcast Voice citywide! Co-op can benefit from ISP: increase uplink bandwidth for guest access make better tunnels (e.g. MPLS VPNs)

16 Nishanth Sastry Hotnets-VI 16/14 Mesh networks dense deployment

17 Nishanth Sastry Hotnets-VI 17/14 Co-op tunnels Mobile IP tunnels X Triangular routing not possible External node typically initiates contact Need to register care-of address precludes highly mobile guests like cars

18 Nishanth Sastry Hotnets-VI 18/14 Local IP addresses vpn-local/coop-local IPs are private IPs vpn-local is local to guest-home pair can be reused by host & other guests coop-local is local to guest-host pair can be reused on office VPNs of guest/host

19 Nishanth Sastry Hotnets-VI 19/14 Dealing with NATs Restricted Cone or Symmetric NAT Punch holes separately to each member NATs with deep packet inspection STUN/rendezvous server acts as relay

Download ppt "HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins."

Similar presentations

Computer Concepts – Illustrated 8th edition

Computer Concepts – Illustrated 8th edition
MIGRATION OF GSM TO GPRS

MIGRATION OF GSM TO GPRS
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
A New Method for Symmetric NAT Traversal in UDP and TCP

A New Method for Symmetric NAT Traversal in UDP and TCP
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
How to extend Intranet security to the home

How to extend Intranet security to the home
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
0 - 0.

0 - 0.
Addition Facts 1 - 20.

Addition Facts
The internet. Background Created in 1969, connected computers at UCLA, Stanford Research Institute, U. of Utah, and UC at Santa Barbara With an estimated.

The internet. Background Created in 1969, connected computers at UCLA, Stanford Research Institute, U. of Utah, and UC at Santa Barbara With an estimated.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.28-1 MPLS TE Overview Configuring MPLS TE on Cisco IOS Platforms.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS TE Overview Configuring MPLS TE on Cisco IOS Platforms.
All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.

All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.
Any Questions?.

Any Questions?.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.24-1 MPLS VPN Technology Introducing the MPLS VPN Routing Model.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
2009-03-16 1 Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.

Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
06-Sep-2006Copyright (C) 2006 Internet Initiative Japan Inc.1 Prevent DoS using IP source address spoofing MATSUZAKI ‘maz’ Yoshinobu.

06-Sep-2006Copyright (C) 2006 Internet Initiative Japan Inc.1 Prevent DoS using IP source address spoofing MATSUZAKI ‘maz’ Yoshinobu.
Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.

Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.

Similar presentations

Ads by Google