1 / 20

Trustworthy Accounting for Wireless LAN Sharing Communities

Trustworthy Accounting for Wireless LAN Sharing Communities. Elias C. Efstathiou and George C. Polyzos Mobile Multimedia Laboratory Department of Informatics Athens University of Economics and Business http://mm.aueb.gr. 1 st EuroPKI Workshop, Samos Island, Greece, 25-26/6/2004.

berne
Download Presentation

Trustworthy Accounting for Wireless LAN Sharing Communities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trustworthy Accounting for Wireless LAN Sharing Communities Elias C. Efstathiou and George C. Polyzos Mobile Multimedia Laboratory Department of Informatics Athens University of Economics and Business http://mm.aueb.gr 1st EuroPKI Workshop, Samos Island, Greece, 25-26/6/2004

  2. IntroductionDesignImplementation and Conclusions Trustworthy Accounting for Wireless LAN Sharing Communities

  3. Motivation • Our need for wireless Internet access using laptops, PDAs, and mobile phones, wherever we may be… • The success of the Wireless LAN standards, which, when combined with broadband access, allow anyone to become a “wireless provider” • The limitations of the various public WLAN models: • Wireless ISPs cover only selected hotspots and have few roaming agreements with each other • Community Wireless Networks rely on participant altruism and can achieve only limited coverage • WLANs that are closed to outsiders already pervade many cities! Trustworthy Accounting for Wireless LAN Sharing Communities

  4. How to aggregate all WLANs? WLANs are short-range  many WLANs are required for substantial coverage  costly for any one provider  need many providers Can we automate multilateral roaming agreements? … without TTPs (unlike the Boingo Inc. model) in a self-organized way? … andfuel the deployment of a single global WLAN roaming network? … andattract new providers and cover more and more areas? Trustworthy Accounting for Wireless LAN Sharing Communities

  5. The Peer-to-Peer Wireless Network Confederation Let’s make it a game! The P2PWNC game, played by many (small) teams of people AP AP AP Blue Team AP White Team AP AP Red Team AP AP AP AP: WLAN Access Point :Team member WLAN view Team view • Rules of the game: • Each team deploys and manages WLANs that cover public areas • Members of a team are allowed to roam in areas covered by other teams if they prove that their team also allows members from other teams to do the same Trustworthy Accounting for Wireless LAN Sharing Communities

  6. Cheating in the P2PWNC game The game rules work as an incentive mechanism for WLAN deployment and constitute a rather reasonable proposal: People wanting free ubiquitous roaming can form teams and must provide in order to consume elsewhere Cheaters would try to consume without contributing to the WLAN public good - selfish behavioriseconomically rational in this setting The game rules are worth nothing if they cannot be enforced How can roaming members from “good” teams convince other teams of their own team’s contribution in an open environment with no TTPs, where the game is “refereed” by the teams themselves? Trustworthy Accounting for Wireless LAN Sharing Communities

  7. Design requirements Requirement 1 Specify a practical game that gives correct participation incentives and is refereed only by the teams themselves Requirement 2 Tolerate strategic and malicious teams that may also tamper with the system’s software and hardware components Requirement 3 Assume no trust relationships among any pairs of teams – most teams can and will be unknown to each other Requirement 4 Allow any new team to join the game (and hopefully to follow the rules) Trustworthy Accounting for Wireless LAN Sharing Communities

  8. Design assumptions • Assumption 1 • The extra cost for a team to provide access to any roamer is zero • Assuming the team has already deployed the necessary access points and is paying the (fixed) backbone fees, and that any local congestion has a negligible effect • Assumption 2 • Teams will exclude unknown roamers and roamers from teams that cannot prove their “good-standing” in the game Teams will do this in order to provide incentives to individuals and organizations to deploy new WLANs (or to share their existing ones) thereby benefiting the team’s own members • Assumption 3 • There is no anonymity within a team, so “bad” member behavior, if detected, can be punished using social means • Assumption 4 • Teams are symmetric Trustworthy Accounting for Wireless LAN Sharing Communities

  9. IntroductionDesignImplementation and Conclusions Trustworthy Accounting for Wireless LAN Sharing Communities

  10. Team cert. Member cert. IOU (“I owe you”) cert. Team PK Member PK Providing Team cert Team Server IP addr Team PK Consuming Member cert self-signedExpiry date Consuming Team cert signed using Timestamp team private key signed using member private key Game certificates All APs broadcast their team certificate periodically so roamers can detect them AP AFTER AUTHENTICATION : WLAN service Team Server AP AP IOU certificate After routing the first KBs, APs expect an IOU otherwise they terminate the WLAN session IOUs are stored in the team server and are used as evidence of good-standing Trustworthy Accounting for Wireless LAN Sharing Communities

  11. A naïve authentication algorithm Team certificate & Member certificate Team Server AP any IOUs? The ‘A B’ notation : A member from team A gave an IOU to team B (A and B are team PKs) X Team Server Y Sure! Z All such IOUs could be fake or the result of team collusion… Trustworthy Accounting for Wireless LAN Sharing Communities

  12. Less naïve authentication algorithms X any IOUs? Yes! Team Server AP Team Server B R Z … a bit restrictive, can we do better? X any IOUs? Yes! Team Server AP Team Server B Y Z Y any IOUs? … collusion and fabricated IDs still possible, however the R W  Z  B path indicates that SOME TEAM in the {B, Z, W} coalition did provide service to R W R any IOUs? • R can provide to B and can then consider all IOUs in the R W  Z  B path “paid back” • B will also give a fresh IOU to R Trustworthy Accounting for Wireless LAN Sharing Communities

  13. Incentives X X R gains a useful subtree by providing WLAN to B R B Y B Y Z Y Z Y For example, R can use this subtree when visiting W again in the future W W R Why should Z or W help with the tree search? Because, for all they know, one of their members may be trying to access R. Why risk it? Trustworthy Accounting for Wireless LAN Sharing Communities

  14. Storage and Bootstrapping (1/2) • IOUs can be “forgotten” after a Time-To-Live (TTL) • incentive for continuous participation • no incentive to give to teams with expired first-level IOUs, their subtrees are worthless • how does “forgetting” affect the connectedness of the IOU graph? • simulations show that beyond a TTL value the rate of failures to reward contributors falls near zero Trustworthy Accounting for Wireless LAN Sharing Communities

  15. Storage and Bootstrapping (2/2) • A providing team need only store the latest incoming IOU from every different consuming team, the authentication algorithm only requires the latest one • To remember paths that are “paid back” only hashes of the “used” IOUs are required, and then only until they too can be completely forgotten according to the TTL • To bootstrap the system: • new teams, or teams that have been out of the game for a long time, would need to remain altruistic (i.e. provide WLAN without running the authentication algorithm) for a period - at most a TTL - in order to collect IOUs • their tendency to remain altruistic is balanced by their need to give to other teams the correct incentives for participation and contribution Trustworthy Accounting for Wireless LAN Sharing Communities

  16. Efficiency enhancements • Whose responsibility is it to search the IOU tree? • can this cost be split in a fair and incentive-compatible way? • Team servers, starting from their own incoming stored IOUs, periodically query the consuming servers encoded in the IOUs (incentives to answer the query are the same as before) • this way, they can build a pre-computed tree with a specific number of distinct nodes, and send a summaryof the latest tree to their roaming members whenever the opportunity arises (over a WLAN or cellular connection) • If servers also maintain their (unpaid-back) outgoing IOUs, the authentication problem is reduced to merging these structures and searching for connecting paths locally • Since the tree is only a summary, a provider would still need to check the servers on a locally established path in order to confirm the signatures, but the average path length will normally be quite short for teams operating close to each other X • The probability of successincreases rapidly with the number of a provider’s outgoing IOUs to distinct teams, and the number of (distinct) nodes in the pre-computed tree Team Server B Y W R V Z W Trustworthy Accounting for Wireless LAN Sharing Communities

  17. IntroductionDesignImplementation and Conclusions Trustworthy Accounting for Wireless LAN Sharing Communities

  18. Implementation Home-Home interface IOU store Tree search Cert. mgmt. Home-AP interface DHCP NAT/router/firewall Authenticator Game beaconing Standard PC Linksys WRT54G AP (16MB RAM, 4MB Flash) Pocket PC client Member-AP interface . Member & team certificates Pre-computed trees IOU generation Member-Home interface Trustworthy Accounting for Wireless LAN Sharing Communities

  19. Conclusions We demonstrated a practical incentive mechanism for WLAN resource sharing We assumed an extremely limited-trust model (in hardware, software, people) By avoiding TTPs and by going for an open and simple protocol spec we could make adoption by WLAN device vendors a natural and low-risk investment No hard service guarantees… but then it’s only a game! Trustworthy Accounting for Wireless LAN Sharing Communities

  20. Thanks! • Elias C. Efstathiou • Mobile Multimedia Laboratory • Department of Informatics • Athens University of Economics and Business • mm.aueb.gr/~efstath/ Trustworthy Accounting for Wireless LAN Sharing Communities

More Related