[PPT] - ResFi A Secure Framework for Self-Organized Radio Resource PowerPoint Presentation

SLIDE 1

ResFi

A Secure Framework for Self-Organized Radio Resource Management in Residential WiFi Networks

Sven Zehl, Antolij Zubow, Michael Döring and Adam Wolisz

SLIDE 2

TKN

Telecommunication Networks Group

Motivation

 IEEE 802.11 (WiFi) is the main access technology in

residential environments -> WiFi AP as heart of a smart home

 Residential WiFi networks are characterized by:

 Dense (urban) and

unplanned deployments

 In contrast to

enterprise networks each AP is managed independently by an unexperienced resident

SLIDE 3

TKN

Telecommunication Networks Group

Motivation

 IEEE 802.11 (WiFi) is the main access technology in

residential environments -> WiFi AP as heart of a smart home

 Residential WiFi networks are characterized by:

 Dense (urban) and

unplanned deployments

 In contrast to

enterprise networks each AP is managed independently by an unexperienced resident

Main problems:

High contention
High interference
Spectrum wastage
> More than 50% of

residential APs use the default static channels!! (Patro et. al 2013)

SLIDE 4

TKN

Telecommunication Networks Group

Motivation (Cont.)

 New applications (e.g. UHD video) require high

QoS/QoE which will be challenging to be enforced in residential WiFi deployments,

 Goal: enable cooperation between co-located

residential APs to allow efficient radio resource management (e.g. setting radio channel, bandwidth, transmit power),

 Challenge: how to enable secure communication

between residential APs?

 Efficient discovery of neighboring APs,  Exchange of addressing information of management

units.

SLIDE 5

TKN

Telecommunication Networks Group

Lessons from Enterprise Networks

 Centralized radio resource management:

 In Enterprise WiFi networks a centralized controller

manages radio resources,

 Very efficient as controller has global view + connected

via low-latency backhaul to Aps

 With COAP (Coordination framework for Open APs) a

centralized radio resource management for residential WiFi networks was proposed (Patro et. al 2015):

 Only applicable for centrally administered apartment

houses, e.g. single ISP or single building manager,

 It requires significant administration & creates cost (->

cloud controller)

SLIDE 6

TKN

Telecommunication Networks Group

Residential WiFi network

SLIDE 7

TKN

Telecommunication Networks Group

Enable Cooperation

SLIDE 8

TKN

Telecommunication Networks Group

How to discover neighboring APs?

Idea: Use 802.11 active scanning for AP (!) discovery

SLIDE 9

TKN

Telecommunication Networks Group

How to exchange global IP address?

SLIDE 10

TKN

Telecommunication Networks Group

Setting-up of a secured control channel over the Internet

SLIDE 11

TKN

Telecommunication Networks Group

Why do we secure the control channel?

 Radio resource management is not security

sensitive, so why should be care?

 Large scale malicious actions can have an impact!  Setting all APs of a city on the

same channel would definitely create some problems…

 Security material is exchanged

nly locally using the wireless

interface (an attacker must be physically co-located)

 Key rotation to prevent key

collection -> wardriving

SLIDE 12

TKN

Telecommunication Networks Group

Proposed Approach - Design principles

 Fully distributed approach for radio resource

management in residential WiFi networks

 No controller, no cloud, no additional costs  Residential APs in direct wireless communication range

discover each other and exchange addressing information and key material using the wireless interface:

 Neighboring APs do not necessarily have to operate on

the same channel,

 Addressing information is the public (global) IP address

f the AP radio resource management unit

 A secured control channel between each pair of

neighboring APs over the Internet is set up.

 Neighboring APs can cooperate with each other by

means of message exchange using a well-defined API.

SLIDE 13

TKN

Telecommunication Networks Group

The ResFi Framework

 Security features:

 Ensuring locality of participating APs through periodically

changing the symmetric group encryption key (wirelessly distributed to neighbors via active scanning)

 Additionally group encryption key provides group

confidentiality between one hop neighbors

 Ensuring non-repudiation and message integrity through

public key cryptography

 Moreover on demand created symmetric unicast encryption

keys provides confidentiality between two peers.

 Pure user-space software solution  Enables secure N-Hop connectivity between

residential WiFi APs

SLIDE 14

TKN

Telecommunication Networks Group

The ResFi Framework (II)

 Allows easy radio resource management application

development

 Enables cooperative radio resource management

between residential APs of different vendors and device types

 Prototype available as open-source  http://github.com/resfi  Well defined northbound and southbound

APIs:

 Allows easy integration for vendors

SLIDE 15

TKN

Telecommunication Networks Group

ResFi Reference Implementation

 Framework

implemented using platform independent code (python)

 hostapd and iw

tool connected with ResFi northbound API (Linux as reference platform)

SLIDE 16

TKN

Telecommunication Networks Group

Example ResFi Application

 Distributed Dynamic Channel Selection  Implementation of distributed channel assignment

algorithm of Mishra et. al 2005

 Algorithm implemented as ResFi application with less

than 50 lines of code (LOC)

SLIDE 17

TKN

Telecommunication Networks Group

Testbed evaluation

 Large scale testbed evaluation (ORBIT radio grid

testbed)

 15 ResFi APs and 42 client STAs all in one single

collission domain

 Simulation of 12 apartments with single AP and single

client STA and three co-located public hotspots each with AP and 10 client STAs

 Measuring TCP/IP uplink throughput from all

concurrently transmitting client STAs

 Distributed Dynamic Channel Selection

Evaluation as proof-of-concept

SLIDE 18

TKN

Telecommunication Networks Group

Testbed evaluation

 Uplink TCP throughput of all STAs of both

algorithms aggregated as boxplots

SLIDE 19

TKN

Telecommunication Networks Group

Testbed evaluation

97% Median increase

 Uplink TCP throughput of all STAs of both

algorithms aggregated as boxplots

SLIDE 20

TKN

Telecommunication Networks Group

Other ResFi Applications

 Other RRM applications are possible:

 Distributed RTS/CTS adaption  Distributed TDMA to mitigate Hidden node problems  Distributed Sensing of non-WiFi interference  Distributed EDCA parameter assignment

 …

SLIDE 21

TKN

Telecommunication Networks Group

Build your own ResFi applications!

 Source code published as open source

 https://github.com/resfi  Mininet based Emulation for testing new ResFi

applications

 Linux based ResFi reference implementation for

real hardware

 Only user-space software modifications (patched

hostapd)

 Framework based on platform independent python

code

 Can be used as reference implementation for AP

vendors or as research framework

SLIDE 22

TKN

Telecommunication Networks Group

Build your own ResFi applications!

 Thank you!

 https://github.com/resfi

SLIDE 23

TKN

Telecommunication Networks Group

Non RRM Applications

 Problem: neighbor AP would provide better

wireless connectivity than own AP, but we cannot use it.

SLIDE 24

TKN

Telecommunication Networks Group

Virtual Neighbor AP

 Idea: APs mutally deploy virtual neighbor

SSID and tunnel all traffic back to real AP.