resfi
play

ResFi A Secure Framework for Self-Organized Radio Resource - PowerPoint PPT Presentation

Mar 24, 2024 •476 likes •738 views

ResFi A Secure Framework for Self-Organized Radio Resource Management in Residential WiFi Networks Sven Zehl , Antolij Zubow, Michael Dring and Adam Wolisz Motivation IEEE 802.11 (WiFi) is the main access technology in residential

  1. ResFi A Secure Framework for Self-Organized Radio Resource Management in Residential WiFi Networks Sven Zehl , Antolij Zubow, Michael Döring and Adam Wolisz

  2. Motivation  IEEE 802.11 (WiFi) is the main access technology in residential environments -> WiFi AP as heart of a smart home  Residential WiFi networks are characterized by:  Dense (urban) and unplanned deployments  In contrast to enterprise networks each AP is managed independently by an unexperienced resident TKN Telecommunication Networks Group

  3. Motivation  IEEE 802.11 (WiFi) is the main access technology in residential environments -> WiFi AP as heart of a smart home  Residential WiFi networks are characterized by:  Dense (urban) and unplanned Main problems: deployments High contention • High interference •  In contrast to Spectrum wastage • enterprise networks -> More than 50% of each AP is managed residential APs use the independently by an default static channels!! (Patro et. al 2013) unexperienced resident TKN Telecommunication Networks Group

  4. Motivation (Cont.)  New applications (e.g. UHD video) require high QoS/QoE which will be challenging to be enforced in residential WiFi deployments,  Goal: enable cooperation between co-located residential APs to allow efficient radio resource management (e.g. setting radio channel, bandwidth, transmit power),  Challenge: how to enable secure communication between residential APs?  Efficient discovery of neighboring APs,  Exchange of addressing information of management units. TKN Telecommunication Networks Group

  5. Lessons from Enterprise Networks  Centralized radio resource management:  In Enterprise WiFi networks a centralized controller manages radio resources,  Very efficient as controller has global view + connected via low-latency backhaul to Aps  With COAP (Coordination framework for Open APs) a centralized radio resource management for residential WiFi networks was proposed (Patro et. al 2015):  Only applicable for centrally administered apartment houses, e.g. single ISP or single building manager,  It requires significant administration & creates cost (-> cloud controller) TKN Telecommunication Networks Group

  6. Residential WiFi network TKN Telecommunication Networks Group

  7. Enable Cooperation TKN Telecommunication Networks Group

  8. How to discover neighboring APs? Idea: Use 802.11 active scanning for AP (!) discovery TKN Telecommunication Networks Group

  9. How to exchange global IP address? TKN Telecommunication Networks Group

  10. Setting-up of a secured control channel over the Internet TKN Telecommunication Networks Group

  11. Why do we secure the control channel?  Radio resource management is not security sensitive, so why should be care?  Large scale malicious actions can have an impact!  Setting all APs of a city on the same channel would definitely create some problems…  Security material is exchanged only locally using the wireless interface (an attacker must be physically co-located)  Key rotation to prevent key collection -> wardriving TKN Telecommunication Networks Group

  12. Proposed Approach - Design principles  Fully distributed approach for radio resource management in residential WiFi networks  No controller, no cloud, no additional costs  Residential APs in direct wireless communication range discover each other and exchange addressing information and key material using the wireless interface:  Neighboring APs do not necessarily have to operate on the same channel,  Addressing information is the public (global) IP address of the AP radio resource management unit  A secured control channel between each pair of neighboring APs over the Internet is set up.  Neighboring APs can cooperate with each other by means of message exchange using a well-defined API. TKN Telecommunication Networks Group

  13. The ResFi Framework  Pure user-space software solution  Enables secure N-Hop connectivity between residential WiFi APs  Security features:  Ensuring locality of participating APs through periodically changing the symmetric group encryption key (wirelessly distributed to neighbors via active scanning)  Additionally group encryption key provides group confidentiality between one hop neighbors  Ensuring non-repudiation and message integrity through public key cryptography  Moreover on demand created symmetric unicast encryption keys provides confidentiality between two peers . TKN Telecommunication Networks Group

  14. The ResFi Framework (II)  Well defined northbound and southbound APIs:  Allows easy integration for vendors  Allows easy radio resource management application development  Enables cooperative radio resource management between residential APs of different vendors and device types  Prototype available as open-source  http://github.com/resfi TKN Telecommunication Networks Group

  15. ResFi Reference Implementation  Framework implemented using platform independent code (python)  hostapd and iw tool connected with ResFi northbound API (Linux as reference platform) TKN Telecommunication Networks Group

  16. Example ResFi Application  Distributed Dynamic Channel Selection  Implementation of distributed channel assignment algorithm of Mishra et. al 2005  Algorithm implemented as ResFi application with less than 50 lines of code (LOC) TKN Telecommunication Networks Group

  17. Testbed evaluation  Distributed Dynamic Channel Selection Evaluation as proof-of-concept  Large scale testbed evaluation (ORBIT radio grid testbed)  15 ResFi APs and 42 client STAs all in one single collission domain  Simulation of 12 apartments with single AP and single client STA and three co-located public hotspots each with AP and 10 client STAs  Measuring TCP/IP uplink throughput from all concurrently transmitting client STAs TKN Telecommunication Networks Group

  18. Testbed evaluation  Uplink TCP throughput of all STAs of both algorithms aggregated as boxplots TKN Telecommunication Networks Group

  19. Testbed evaluation  Uplink TCP throughput of all STAs of both algorithms aggregated as boxplots 97% Median increase TKN Telecommunication Networks Group

  20. Other ResFi Applications  Other RRM applications are possible:  Distributed RTS/CTS adaption  Distributed TDMA to mitigate Hidden node problems  Distributed Sensing of non-WiFi interference  Distributed EDCA parameter assignment  … TKN Telecommunication Networks Group

  21. Build your own ResFi applications!  Source code published as open source  https://github.com/resfi  Mininet based Emulation for testing new ResFi applications  Linux based ResFi reference implementation for real hardware  Only user-space software modifications (patched hostapd)  Framework based on platform independent python code  Can be used as reference implementation for AP vendors or as research framework TKN Telecommunication Networks Group

  22. Build your own ResFi applications!  Thank you!  https://github.com/resfi TKN Telecommunication Networks Group

  23. Non RRM Applications  Problem: neighbor AP would provide better wireless connectivity than own AP, but we cannot use it. TKN Telecommunication Networks Group

  24. Virtual Neighbor AP  Idea: APs mutally deploy virtual neighbor SSID and tunnel all traffic back to real AP. TKN Telecommunication Networks Group

Recommend

More recommend