Transcript Slide
P2PWNC
Wireless Community Network
CMSC 711: Computer Networks
Yee Lin Tan
Adam Phillippy
Introduction
♦ Ubiquitous Internet access is a necessity
♦ Email, web, VoIP, messaging, remote network
access
♦ Current state
♦ Internet access far from ubiquitous
♦ Required infrastructure not yet in place
♦ Wireless Internet Service Providers (WISPs)
♦ Coverage limited to selected hotspots
♦ Wireless LAN (WLAN)
♦ Deployed in homes, schools, airports, etc.
♦ Idea
♦ Why not unite all WLANs to provide ubiquitous
access to the Internet?
Peer-to-Peer Wireless Network
Confederation (P2PWNC)
♦ Framework for uniting WLAN hotspots
♦ Community of administrative domains
that offer wireless internet access to
each other’s users
♦ P2P network of domain agents (DA)
Peer-to-Peer Wireless Network
Confederation (P2PWNC)
♦ Administrative Domain
♦ Examples:
♦ Residential hotspot with 1 access point
♦ WISP with access points in many locations
♦ Domain Agent (DA)
♦ Each administrative domain maintains 1 DA
♦ Physical node that represents the WLAN
♦ Responsibilities:
♦ Regulates wireless service provision and consumption
♦ Eliminates need for roaming agreements
Peer-to-Peer Wireless Network
Confederation (P2PWNC)
♦ Simple accounting mechanism based on
token-exchange
♦ When roaming in another P2PWNC
domain
♦ To compensate for resources consumed,
home DA transfers tokens to visited DA
P2PWNC Design
♦ Based on reciprocity
♦ Domains must provide resources to
visitors
♦ So that their own users can consume
resources of other P2PWNC domains
when roaming
Distinctive Characteristics
♦ Open to all
♦ No registration or central authority
♦ Joining P2PWNC is similar to joining a file-sharing
network
♦ Free to use
♦ No barrier to entry
♦ Reciprocity drives the system
♦ Autonomous domains
♦ Each domain decides how much resources it
wants to provide to visitors
♦ Protects privacy
♦ Identity and location privacy
P2P Systems
♦ Communities of economic agents
cooperating for mutual benefit without
centralized control
♦ Characteristics:
♦ Makes use of otherwise underused
resources
♦ Agent autonomy
♦ Scalability, fault-tolerance, reliability
P2PWNC as a P2P System
♦ Underused resources
♦ Residential hotspots typically operate only at a small
percentage of maximum throughput
♦ Cost-sharing
♦ Distribute cost among participating administrative domains
♦ High cost for a single provider to cover large areas
♦ Hardware
♦ Administration, operations, maintenance
♦ Decentralized control
♦ Distributed accounting to track who owes who and how
much
♦ Agent autonomy
♦ Can dynamically adjust provisioning rates
Architectural Overview
♦ Unique logical name for each DA
♦ Can reuse DNS name
♦ Registered users
♦ Local users of a particular domain
♦ Examples:
♦ Residential hotspot: all household members
♦ WISP: all subscribers
♦ Roaming users
♦ Visiting users from another domain
DA Modules
♦ Name service
♦ Maps logical P2PWNC domain names to IP addresses
of DAs
♦ Authentication
♦ Maintains a database of registered users along with
security credentials
♦ Traffic-policing
♦ Logs and shapes internet traffic
♦ Allocates specific amounts of bandwidth to visitors
♦ WLAN
♦ Firewall, DHCP, DNS, access point control
♦ Distributed accounting
♦ Secure storage of accounting data
DA Modules (2)
♦ Consumer-strategy
♦ Home DA’s consumer-strategy is contacted
when roaming user wants service
♦ Decides if transaction should continue
♦ Pays required tokens to visited DA’s
provider-strategy module
♦ Provider-strategy
♦ Decides whether to provide service to
visitor
♦ Decides current service prices
DA Modules (3)
♦ Privacy-enhancement
♦ Protects identity privacy
♦ Hides user name and home DA of roaming
user from visited DA
♦ Protects location privacy
♦ Hides visited DA from home DA
♦ Distributed Hash Table
♦ Low-level module used by name service
and distributed accounting
Security and Privacy Issues
♦ Abuse by untrustworthy visitors
♦ Illegal activities
♦ Traffic logging by untrustworthy providers
♦ Possible solution: tunneling through trusted
gateway (e.g. home DA)
♦ Identity privacy
♦ Possible solution: create a new alias for every new
connection?
♦ Identity and location privacy
♦ Possible solution: Mix network
Mix network
Peer ‘A’
(mix 1)
Alias_X@B
{ MIX, C, { STOP, X }C }B
Alias_X@A
{ MIX, B, { MIX, C, { STOP, X }C }B }A
Peer ‘P’
(provider)
Peer ‘B’
(mix 2)
Alias_X@C
{ STOP, X }C
Peer ‘C’
(home)
“My P2PWNC ID is Alias_X@A”
Credentials include real ID and a mix chain
encrypted using nested public-key encryptions
X@C
Idea credit: David Chaum
Slide credit: George Polyzos
Economic Considerations
♦ Optimal system parameters
♦ Consumer/Provider strategies, token prices
♦ Secure distributed accounting subsystem
♦ Monitors peer contribution and consumption
♦ Uses cryptographically secure tokens (cannot be forged)
♦ Domain strategies
♦ How to charge usage:
♦ KBytes or hour, current congestions levels, identity of
consumer
♦ How to balance conflicting requirements:
♦ Want best possible service for its own roaming users
♦ Must provide service to visitors to earn tokens for use by
roaming users
♦ May affect service provided to its own local users
Economic Considerations (2)
♦ Offline DAs
♦ Problem
♦ Roaming user requests service from visited DA
♦ Visited DA unable to contact home DA
♦ Possible Solution (decentralized version)
♦ Home DA distributes token allowances to users
♦ User pays without intervention of home DA
♦ Token generation
♦ How DAs first acquire tokens
♦ Distributed banks generate tokens and distribute
to new entrants
Economic Considerations (3)
♦ Domain heterogeneity
♦ Different in terms of:
♦ Coverage size
♦ Coverage location
♦ Number of registered users
♦ Problem:
♦ Domains with few visitors, difficult to earn tokens
♦ Possible solution: set high token prices
♦ More general problem:
♦ How to make sure a few domains don’t monopolize all
tokens?
Summary of DA Responsibilities
♦ Regulate prices for service
♦ Make sure visitor traffic does not
adversely affect traffic from registered
users
♦ Ensure best possible treatment for own
(registered) users that are roaming
Business Models Who can make a profit
♦ Upstream ISPs that allow P2PWNC
may be preferred by customers
♦ “Pay-as-you-go” domains
♦ Vendors can sell pre-paid cards containing
P2PWNC user id and credentials
♦ Virtual P2PWNC
♦ Virtual DA obtains tokens from P2PWNC
domains outside normal interaction model
♦ Sells tokens in the form of pre-paid cards
Business Models –
Who can make a profit (2)
♦ P2PWNC domain aggregators
♦ Host DA for multiple small WLANs
♦ Similar to web hosting
♦ Vendors of DA modules
♦ Provide consumer-strategy and providerstrategy modules
♦ Hotspot indexing engines
♦ Tune DA parameters
♦ Security and privacy enhancements
Operational Issues
♦ Need more economic analysis and
simulations
♦ How P2PWNC and token-based incentive
operate in real-world environment
♦ Regulatory obstacles
♦ Some ISPs prohibit sharing of broadband
connections
P2PWNC Implementation
♦ http://mm.aueb.gr/research/p2pwnc
♦ GPL Licensed
♦ AP: Linksys WRT54GS
♦ Firmware
♦ Client: QTEK 9100
♦ C and Java
Implementation Assumptions
♦ Good
♦
♦
♦
♦
♦
♦
No central authority
Users may use unlimited, free IDs
User consumption is not homogeneous
Software can be modified/hacked
Teams (domains) will try and cheat
Teams will collude
♦ Not so good
♦ Team consumption is homogeneous
♦ Team members trust each other
♦ ISPs allow connection sharing
Teams, users, and receipts
(IOUs)
Team AP
Team member
Receipt accounting
C
P
?
t0 w 1
t0 w 2
R
provider, team
t w
timestamp, weight 0 2
Centralized
R
Decentralized
R
R
R
Decentralized
♦ One receipt server per team
♦ Gossiping protocol
♦ Devices carry a sample of receipts
♦ Consumers share receipts with providers
♦ Adds overhead for verifying receipts
♦ Incomplete view of the “receipt graph”
Receipt graph
F
E
G
B
A
I
D
C
H
Does C owe H?
Maxflow decision
♦ Probability of me granting you service
What IOU
What you owe me
mf ( P C )
p min
,1
mf (C P)
Maxflow
(bottle neck flow)
F
E
G
B
A
Min C-H cut
I
D
C
H
Abuse
♦ Uncooperative teams
♦ Evident from receipt graph
♦ Other teams will stop providing service
♦ DOS attacks
♦ Centralized server is vulnerable
♦ Decentralized servers have secret IPs
♦ Teams do not communicate via Internet
♦ Colluding teams…
Naive collusion
F
G
X0
B
X1
I
C
H
X2
Sophisticated collusion
F
G
X1
B
X0
X2
I
X3
C
H
Generalized Maxflow
♦ Look for collusion hub X0
♦ Discount suspicious paths
♦ Discount flow passing through vertices
with a high sum of outgoing edge weights
♦ Discount flow passing through many
vertices
♦ Assumes homogeneous team usage
Security
♦ Team leader
♦ Public/private keys for team identity
♦ Signs member certificates
♦ Team members
♦ Public/private keys for member identity
♦ All receipts are signed
♦ Elliptic Curve Digital Signature Algorithm
(ECDSA)
♦ Signing faster than verification
♦ Mobile devices have limited computing power
♦ No central authority (decentralized)
Security
Simulation
♦ Providers and consumers make
decisions based on benefit-to-cost ratio
♦ Evolutionary learning
♦ Providing +cost, consuming +benefit
♦ Simulate interaction across 500 rounds
♦ 1 new team added per round
♦ 300 total teams
Strategies
♦ Switch to best strategy after each round
♦ Most teams adopt cooperative strategies
♦ After 500 rounds
♦ 175 Reciprocative teams
♦ 100 Unconditional cooperator teams
♦ 20 Random cooperator teams
♦ 5 Unconditional defector teams
Strategy
Questions
♦ Will it work in the real world?
♦ Sporadic usage
♦ Receipt history flushing
♦ Is it scalable?
♦ Maxflow could get expensive
♦ What about heterogeneous team usage?
♦ Variable cost of bandwidth
♦ Who is responsible for the AP’s traffic?
♦ Will the RIAA believe it wasn’t you?
P2PWNC Publications
♦ Initial idea
♦ A Peer-to-Peer Approach to Wireless LAN
Roaming. Efstathiou EC, Polyzos GC. ACM
WMASH, 2003.
♦ Implementation details
♦ Stimulating Participation in Wireless
Community Networks. Efstathiou EC,
Frangoudis PA, Polyzos GC. IEEE
INFOCOM, 2006.
Receipt repository
Collusion
Maxflow overhead
Cryptographic overhead
Real-World Example - FON
♦ Largest WiFi community in the world
♦ Idea
♦ Members (aka Foneros) share wireless
Internet access at home
♦ In return, get free WiFi wherever there is a
Fonero Access Point
♦ Use Fonero login
♦ How to become a member:
♦ Buy a WiFi router (aka La Fonera) from
FON
More about FON
♦ 3 types of Foneros (members)
♦ Linuses
♦ People who share home WiFi to get free WiFi wherever there
is a FON Access Point
♦ Aliens
♦ People who do not share their WiFi but want access to a
FON Access Point
♦ Charged $3 per day
♦ Bills
♦
♦
♦
♦
Businesses who want to make money off their WiFi
Don’t want free roaming
Get 50% of money Aliens pay
Can advertise on their own personalized FON Access Point
homepage