Architecting Citywide Ubiquitous Wi-Fi Access

1
Architecting Citywide Ubiquitous Wi-Fi Access

• Nishanth Sastry
• Jon Crowcroft, Karen Sollins

2
Architecting Citywide Ubiquitous Wi-Fi Access

• I Whats wrong with sharing Wi-Fi?
• II Tunneling based Architecture to safely
  securely share Wi-Fi

3
Terminology
Host AP Firewall NAT
4
Whats wrong with sharing Wi-Fi? (1/2)

• Malicious guests can ...
• be bandwidth hogs
• infect host computers
• download illegal content
• be part of DDoS botnet

Use bandwidth limiters firewalls
Where each flow is too small to be detected
5
Whats wrong with sharing Wi-Fi? (1?/2)

• Then there are the freeloaders...
• seeking better connectivity than their homes
• And kids escaping parental control software _at_ home

How do we induce hosts to share Wi-Fi?
6
Whats wrong with sharing Wi-Fi? (1?/2)

• Captive portals, commonly used for logins at
  public hotspots (e.g. cafés Fon), are
  essentially dynamic firewalls are susceptible
  to users who sniff spoof an authenticated
  users address

7
Whats wrong with sharing Wi-Fi? (2/2)

• Hosts can be malicious too. e.g. Pharming

Guest has to trust host router!
8
How to safely share Wi-Fi?
Eliminate latent trust dependencies

• Home
• takes on responsibility for guests traffic
• hides guest traffic from host by encrypting
• acts as trusted source for guest DNS/IP

9
Tunneling removes dependencies
Host AP Firewall NAT
Trusted Services
vpn-local IP
Guests DHCP
NAT beyond tunnel
10
Tunnel setup Co-operative
Host AP Firewall NAT
Guest
coop-local IP
Co-op distributes two registries Coop-local IP
? Member ID Mapping of members ISP assigned IP
Guests Home
STUN
11
But, what about performance?

• Path length inflation
• Intra-City Latency
• 3060ms Lakshminarayanan IMC03
• Guest downlink home downlinkuplink!
• Asymmetric broadband ? limited uplinks
• Median uplink bandwith 212 Kbps ibid
• Sufficient for emergency response LeMay
  earlier?
• Performance comparable to p2p flows

12
Scale and scope of the co-op

• depends on
• regional laws governing legal content
• technical factors...
• end2end latency
• sizeof(coop-local IP space)
• AP memory for home coop-local IP tables

Works for citywide co-ops (broadband members)
13
Technical summary
5. vpn-local IP
Guest
1.coop-local IP
3.Tunnel
4. Guests Home
2. STUN
14
Key features enabled by home

• Accountability in IP tracebacks
• Simultaneous access through multiple hosts
• crucial for access with weak signals

5. vpn-local IP
Guest
1.coop-local IP
3.Tunnel
4. Guests Home
2. STUN
15
Two paths to adoption

• I Without ISP support Will hosts ISP let it
  share its connection?
• hinges on what internet connection is
• mandate sharing! unlicensed spectrum is public
  good
• II With ISP support offer business model
• Think Comcast Voice citywide!
• Co-op can benefit from ISP
• increase uplink bandwidth for guest access
• make better tunnels (e.g. MPLS VPNs)

16
Mesh networks ? dense deployment
17
Co-op tunnels ?Mobile IP tunnels
X

• Triangular routing not possible
• External node typically initiates contact
• Need to register care-of address precludes
  highly mobile guests like cars

18
Local IP addresses

• vpn-local/coop-local IPs are private IPs
• vpn-local is local to guest-home pair
• can be reused by host other guests
• coop-local is local to guest-host pair
• can be reused on office VPNs of guest/host

19
Dealing with NATs

• Restricted Cone or Symmetric NAT
• Punch holes separately to each member
• NATs with deep packet inspection
• STUN/rendezvous server acts as relay