WiFi Profiler: Cooperative Diagnosis in Wireless LAN - PowerPoint PPT Presentation

About This Presentation

Title:

WiFi Profiler: Cooperative Diagnosis in Wireless LAN

Description:

WiFi Profiler: Cooperative Diagnosis in Wireless LAN Ayah Zirikly Communication protocol Communication Initialize Requester: The client activates the helper network ... – PowerPoint PPT presentation

Number of Views:128

Avg rating:3.0/5.0

Slides: 63

Provided by: Aya23

Learn more at: https://www2.seas.gwu.edu

Category:

more less

Transcript and Presenter's Notes

Title: WiFi Profiler: Cooperative Diagnosis in Wireless LAN

1
WiFi Profiler Cooperative Diagnosis in Wireless
LAN

Ayah Zirikly

2
Authors

Presented at MobiSys 2006 by
Ranveer Chandra
Venkata N.Padmanabhan
Ming Zhang

Microsoft Research
3
What this paper is presenting

A system in which wireless hosts cooperate to
diagnose and resolve network problem in an
automated manner.

WiFi Profiler
4
Key observation behind the paper

If the host is disconnected, it is often in the
range of other wireless nodes and is able to
communicate with them peer-to-peer, to get access
to the information gathered.

5
Goal of the paper

Creating a shared information plane that enables
wireless hosts to exchange a range of information
about their network settings.
By aggregating such information across multiple
wireless hosts WiFiProfiler infer the likely
cause of the problem.

6
Differences between WiFiProfiler and previous
tools

Previous tools like the one we saw in the last
paper is not automated as it still needs the
network administrator to figure out the problem.
Do not depend on any special vulnerabilities/chara
cteristics in 802.11

7
Wireless LAN Architecture

Wireless Security
MAC filtering rejecting packets that their MAC
address does not belong to a predefined list.
WEP key setting configured manually at the AP
and the wireless clients.
WPA key setting configured
Automatically using 802.1X
Manually (user enter passphrase).
DHCP
In addition to giving the client IP address, it
provides other configuration information like the
IP address of the gateway and LDNS server.
Firewall
Port blocking.
Others
Application-level proxies.

8
Causes of Network Problems
9
Causes of Network Problems
10
No AP detected

The client is not receiving the broadcasted
beacons.
Reasons
Out of Range.
Channel noise.
HW/SW incompatibility.

11
Causes of Network Problems
12
No association with the AP

AP is malfunctioning
Client does not have a good consistent signal.
Inappropriate MAC Address (MAC filtering).
Software Incompatibilities (outdated driver).
Hardware Incompatibilities (wireless cards).
Wrong WEP Key, or WPA authentication.
Other security related issues.

13
Causes of Network Problems
14
Inability to obtain an IP address

Client side
Wrong key (WEP/WPA)
Wrong MAC.
Configuration problem.
AP side
Wired interface is malfunctioning or
disconnected.
DHCP side
IP address pool exhausted.
Server being down.

15
Causes of Network Problems
16
End-to-End communication failure

DNS resolution failure
Incorrect local DNS server settings.
Failure in the DNS infrastructure.
Firewall might selectively block communication.
Common FW ports not open
The use of application proxies.
Proxy Server down
Inappropriate client proxy settings
Disconnected wireless LAN
Equipment Malfunction
Equipment Failure

17
Causes of Network Problems
18
Poor performance

Lossy wireless link due to
Weak signal.
Noise.
Network Congestion(wireless medium or WAN)
Too many legitimate users consuming network
resources.
Misbehaved users.
Combination of both

19
Examples of the shared information Plane

Having or not the ability to be connected to a
certain wireless network or AP.
The ability or not to obtain IP address.
Experiencing poor performance.

20
Architecture of WiFi Profiler

Components of WiFi Profiler

21
Design and Implementation of WiFiProfiler

Sensing
Make local observations of network
configurations and health at the individual
wireless clients.
Communication
Enable peer-to-peer communication among wireless
hosts within range
Diagnosis
Infer the likely causes of the problems
experienced by clients and possible steps for
resolution

22
Sensing

Mission

Make passive observations of the network health
and network configuration information at the
individual wireless clients.
23
Sensing

Wireless layer
Wireless (HW/SW) configuration information
(Static Information)
NIC model.
NIC name.
Driver version.

24
Sensing Wireless Layer

Information about Wireless network in the
vicinity
BSSID list (Basic Service set Identifiers)
The list of BSSIDs corresponding to the APs from
whom beacons have been heard .
SSID list (Service Set Identity)
Name identifies the network.
SSID may have multiple BSSIDs that a client can
be associated with.
RSSI list
Received signal of the BSSID.
Average RSSI reported.

25
Sensing Wireless Layer

Security settings information
Security protocol
WEP/WPA key used for authentication or/and
encryption.
To avoid exposing the key, only oneway hashing
of this information is shared.

26
Sensing Wireless Layer

Information about the state of the wireless
channel
Beacon loss rate
Based on the number of beacon frames that are not
received at a client.
Loss rate of client broadcast UDP beacons (since
some drivers do not compute BLR ).
Interface queue length
Sampling the packet queue length at the wireless
interface on a continual basis.
Indicator of the wireless congestion.

27
Sensing

Network layer
Dynamic Information concerns
IP address/subnet/mask the IP address, subnet,
and netmask corresponding to the wireless
interface.
IP mode whether the clients IP address is
assigned statically or obtained dynamically using
DHCP.
DHCP information the IP address of the DHCP
server that lease the address and when the lease
happened.
LDNS information the IP address(es) of the local
DNS server(s).

28
Sensing

Transport layer
Learn about the E2E network connectivity over
the wide-area network that can be affected by
firewalls, congestion/disconnection of the WAN
link.
Information obtained (Dynamic Information)
Failed connection attempts
Number of connection and failed attempts.
Packet retransmission
Number of retransmitted TCP segments.
Server port numbers with successful TCP
connections
Successful connection on a certain server port
numbers (if not, firewall might blocking
access).

29
Sensing

Protocol state example

30
Sensing

Application layer
Configuration information related to the
wireless communication.
Web proxy setting
HTTP proxy has been used??
Host name.
Port number.

31
Sensing

Summarizing Sensing Information
Needed to reduce the overhead of sharing with
peers.
Configuration information (NIC type, etc)
Values from the recent snapshots.
Dynamic information
Compute aggregate (average or threshold) metric
over
60 seconds for wireless-related information.
300 seconds for TCP-related information.
BSSID list, SSID list
Union of the distinct values of the sets.

32
Communication

Enables wireless client having problems
requester to obtain information from its peers
responders.
Challenges observed
Requester and responders are not in the same
network.
Requester is disconnected.
Requires responder to disconnect from its current
network.
WiFiProfiler framework enables exchanging
information without the need of disconnecting the
responder from its network.
Key observation
Disconnected node can initiate AH network with
the responders.
Responder can connect to the requesters AH
without disconnecting from its network.

Can be accomplished using two NICs or virtualWiFi
33
Communication

Each client using WiFiProfiler has two adapters
Primary adapter
Used for its normal communication.
Helper adapter
Used to exchange information with peers.

34
Communication

Communication protocol

Initialize Requester The client activates the
helper network adapter
35
Communication

Communication protocol

Start AH Network Started over the helper network
adapter, with the appropriate SSID and IP address.
36
Communication

Communication protocol

Initialize Responder Parses the SSID field to
see if it corresponds to a requester. If so, it
activates its helper adapter.
37
Communication

Communication protocol

Join Network, Send Response Sets up a socket
connection with the corresponding IP address and
Port Then, start sending information to the
requester.
38
Communication

Communication protocol

Stop Responder
After sending responses
Closes socket connection.
Stops the helper adapter.

39
Communication

Communication protocol

Stop Requester
After sufficient number of responses
Shuts down socket.
Stops the helper adapter.

40
Communication

Communication protocol steps using VirtualWiFi
Requester activates its helper adapter and
configures it with the help SSID.
The responder after detecting Help request, it
activates its helper adapter.
VirtualWiFi switches the physical card across the
primary and helper adapter.
Responder stops VirtualWiFi (unbind helper
adapter after sending responses).
Requester activates its primary adapter to stop
the AH network.
Complete within a few milliseconds.

41
Communication

Communication protocol steps using two NICs
WiFiProfiler assigns static IP address to the
helper adapter.
Requester activates its helper adapter.
Primary adapter scans the channels for the
requesters beacons.
Responder activates its helper adapter when
detecting a requester.
The helper adapter scans the channels to locate
the requesters network.
Responder joins AH network..
The responder disables its helper adapter after
sending responses.

42
Communication

Optimization to keep the overhead on the
responder low
Summarizing the sensing information in 1200bytes
to fit into a single packet (keep the protocol as
simple as possible).
Using UDP for the responses giving the responder
the ability to send single packet and then leave
the AH network.
Limit the responding rate for help to provide
protection from malicious users.
Responders wait for a random time before joining
the AH network and responding (useful in the case
of large number of potential responders).
Responders can cache recently sent responses to
send it to current requesters.

43
Diagnosis

Based on the information gathered from the peer
nodes.
Inability to detect an AP
Reasons
No AP in its vicinity.
Beacons are not detected at the current location.
HW/SW incompatibility between the client and AP.
Client wireless NIC is not working.

44
Diagnosis Inability to detect AP

Diagnosing steps
If the client does not hear from any peers it is
because
No WiFiProfiler-enabled in its vicinity.
NIC is not working.
If a peer with the same NIC type and driver
version is able to receive beacons client
current location is the cause.
If all the peers has the same NIC type but
different driver version
NIC driver version or
client current location is the cause.
If all the peers have different NIC types.
client NIC type, NIC driver version, or
current location is the cause.
Resolution of the problem
User action changing NICs, installing a new
driver, or changing location.

45
Diagnosis

Inability to associate with AP
Reasons
AP uses security mechanisms like MAC filtering,
WEP, WPA.
Weak wireless link at the clients current
location.
Incompatibility between the NIC type or driver
and the AP hardware.
AP malfunction.

46
Diagnosis Inability to associate with AP

Diagnosing steps
Client authentication configurations does not
match the successfully associated peers
(incorrect key)
configuration information missing/wrong.
Client has higher BLR/has lower RSSI than its
successfully associated peers weak link
due to client current location.
If a peer with the same NIC type and driver
version is able to associate MAC filtering
is applied at the AP.
Resolution of the problem
User action changing authentication
key/passphrase, location, NICs, or installing a
new driver.
Operator action adding NIC MAC address to the
MAC filter list.

47
Diagnosis

Inability to obtain IP address
Reasons
Incorrect WEP key that prevents communication
with AP.
AP hardware malfunctioning or disconnections that
prevents the AP from communicating with DHCP
server.
DHCP is down or out of addresses and is not
responding to the requests.

48
Diagnosis Inability to obtain IP address

Diagnosing steps
Client WEP encryption key does not match its
successfully associated peers
configuration information missing/wrong.
One or more peer is successfully associated but
did not obtain IP address
DHCP server or general
connectivity problems.
If at least one peer established successful
wide-are communication. Failure or address
exhaustion at the DHCP.
Resolution of the problem
User action changing authentication
key/passphrase, location, NICs, or installing a
new driver.
Operator action resolve DHCP server problem or
hardware disconnection problem.

49
Diagnosis

End-to-End Communication Failure
Reasons
DNS resolution failure
Incorrect local DNS server setting.
LDNS server is down or unreachable.
General problem with DNS that is not specific to
local wireless network.
E2E connectivity problems.
Incorrect application proxy setting.
Application proxy is down or disconnected.
Firewall blocking access.
Connectivity problem between the wireless LAN and
the wide-area network.

50
Diagnosis E2E communication failure

DNS resolution Failure
Diagnosing steps
If a peer with a different LDNS setting reports a
high success rate while no peer with the same
LDNS setting reports it.
incorrect LDNS server setting
All peers report a high failure rate for DNS
resolution, with no response from the server.
LDNS server is down or unreachable.
Otherwise, general DNS problem.
Misconfiguration or WAN connectivity issues.
Resolution of the problem
User action changing the clients LDNS setting.
Otherwise, operator intervention needed.

51
Diagnosis E2E communication failure

E2E connectivity problem
Diagnosing steps
If the client and its peers have failure
communication on certain ports and successful on
others.
firewall blocking communication
(port-based).
If one peer has successful communication on a
problematic port of the server.
unreachable remote host or firewall blocking
based on other criteria.
No peer reports successful E2E communication.
connectivity problem between WLAN and
wide-are network.
Resolution of the problem
User action changing proxy setting.
Otherwise, operator intervention needed.

52
Diagnosis

Poor performance
Reasons
Clients weak wireless link.
Wireless medium is congested.
WAN problem (congestion or routing problem).

53
Diagnosis poor performance

Diagnosing steps
If the clients number of beacons is a lot lower
than the highest value reported.
weak wireless link to the client.
If more than one peer reports persistent queuing
but weak wireless network.
wireless medium is congested
Resolution of the problem
User action changing location or switching to a
less congested AP or network.
Otherwise, operator intervention needed.

54
Problems can evolve

Possibility of conflicting information.
For example, two peers with identical NIC type
and driver version. One report association
success and the other failure. These two will be
ruled out by the requester.

55
Evaluation Evaluation of sensing

Sensing the quality of the wireless link
Examine the relationship between RSSI and BLR
Place a client at 6 different locations at
increasing distance from AP.
Notice that BLR exceeds 5 when the RSSI is less
than -80dBm.

-80 dBm can be a threshold for the lossiness of
the wireless link
56
Evaluation Evaluation of sensing

Sensing the quality of the wireless link
TCP throughput
Throughput drops when the BLR exceeds 5
Consistent with the threshold concluded that
indicates the lossy of the wireless link.

57
Evaluation Evaluation of sensing

Overhead of sensing
Sensing is ongoing process on WiFiProfiler (to
reduce diagnosis latency). So, low overhead (in
terms of CPU and network performance) is
critical.
WiFiProfiler sensing component uses under 1 of
the CPU even on 1.33 GHz).
No measurable network performance.

58
Evaluation Evaluation of communication

Impact of Providing Help on the Responder
Case Study Responder is in the middle of
downloading something (worst case).
How does providing help affect the time of
downloading?
Studying the impact in three different cases
Responder uses two NICs (downloaded time
unaffected).
Responder uses virtualWiFi and the AP implements
802.11 PSM, to ensure no packet loss when
switching (longer delay).
Responder uses virtualWiFi but AP does not
implement PSM(longest delay).
The delay on the download time
500 ms for small downloads.
2-3 seconds for large downloads.

59
Evaluation Evaluation of communication

End-to-End latency of the Comm. Protocol
Time taken at each of the protocol steps
Initializing and stopping the requester requires
enabling and disabling the helper adapter (few
seconds).
Time responder takes to detect the requester AH
network (18 seconds).
Time responder takes to enable its helper
adapter(5seconds).
Time taken by helper adapter to scan the
requester AH network, by the responder to join
the AH, and by responder and requester to
initialize their network stacks (32 seconds).

60
Evaluation Evaluation of communication

Best results (less time taken), when both
requester and responder use VirtualWiFi .
Still the biggest overhead is the time to receive
data.

61
Evaluation Evaluation of diagnosing

The faults and how WiFiProfiler was able to
diagnose them.
Faults
No beacon.
MAC filtering.
Incorrect WEP key for authentication/encryption.
DHCP problem.
Port blocking.
Wireless congestion.
They claim that WiFiProfiler is effective in
giving the right diagnosis in less than 40
seconds. Even in the situation of multiple
simultaneous problems.

62
Security Issues