Mapping the Urban Wireless Landscape with Argos
Download
1 / 29

Mapping the Urban Wireless Landscape with Argos - PowerPoint PPT Presentation


  • 129 Views
  • Uploaded on

Mapping the Urban Wireless Landscape with Argos. Ian Rose, Matt Welsh. [email protected] [email protected] Motivation. h. WiFi devices are extremely popular; usage continues to grow dramatically. Wireless is increasingly pervasive – no longer just indoors – and diverse.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Mapping the Urban Wireless Landscape with Argos' - pancho


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Mapping the Urban Wireless Landscape with Argos

Ian Rose, Matt Welsh

[email protected]

[email protected]


Motivation
Motivation

h

WiFi devices are extremely popular; usage continues to grow dramatically.

Wireless is increasingly pervasive – no longer just indoors – and diverse.


Motivation1
Motivation

  • Suppose we had a global view of a city's wireless traffic... What kind of questions might we ask?

  • What are user's mobility patterns?

  • How does traffic and usage vary by device type (phone vs. laptop) or setting (cafe vs. bus)?

  • How much malware is present in wireless networks?


The big picture
The Big Picture

  • Deploy WiFi sniffers across a large urban area

  • Sniffers capture wireless traffic, merge individual traces into a global view, run custom user queries

  • Our deployment: CitySense network

  • 26 sniffers in Cambridge, MA using wireless mesh for network connectivity


Hardware Implementation

  • SBC: Soekris net4826 or ALIX 2c2

  • CM9 2.4 GHz + 8 dBi antenna for sniffer

  • XR9 900 MHz + 6 dBi antenna for mesh

  • Power from streetlights or wall sockets


Deployment
Deployment

2 sniffers

13 sniffers

5 km

9 sniffers

2 sniffers

8.5 km


Challenges
Challenges

  • Poor packet capture rates from individual sniffers

  • Scalability, esp. regarding sniffer nodes' backhaul connectivity.

  • Monitored population is quite diverse, exhibits large temporal and spatial variance


Privacy concerns
Privacy Concerns

  • There is an (obvious) big privacy concern here.

  • One goal: understand privacy vs. research tradeoffs

  • Also, understand the capabilities of systems like this (whether for “good” or for “evil”) -- what are the actual risks/dangers?

  • Identifying fields obfuscated by the system (IP address, MAC)‏


Architecture user queries
Architecture: User Queries

  • User queries are expressed as a dataflow graph of packet processing operators.

  • Think Click Modular Router or stream processing engines

  • Let's consider a simple example:

  • “stolen laptop finder”


Architecture: Collecting Packets

Sniffer network w/ wireless mesh backhaul:

Naive method:

All sniffers stream captured packets to server for merging and user queries.


Architecture trace merging
Architecture: Trace Merging

Goal: Obtain complete, network-wide view of captured traffic.


Architecture trace merging1
Architecture: Trace Merging

  • Trace merging like this is pretty standard practice (e.g. Jigsaw, Wit, Yeo et al. '04)‏

  • In wired sniffer networks: all captured packets are collected at a central location for merging

  • Expensive or impossible to do with a low-bw backhaul!

  • How can we merge in the network?


Architecture in network processing
Architecture: In-Network Processing

Option #1: Centralized Merging

Option #2: In-Network Merging

This reduces b/w somewhat, as it eliminates duplicates, but we can do much better!


Architecture user queries1
Architecture: User Queries

  • Split user queries into sniffer and server dataflows (similar to Wishbone [NSDI '09])‏


Architecture in network processing1
Architecture: In-Network Processing

Option #3: In-Network Merging and user queries

So how does this help?

Big b/w savings by sending only query outputs back to server.

(90% is common)‏


Architecture: In-Network Processing

  • Main points:

  • Merging packets in-network saves some b/w

  • But the big savings come from running user queries in-network

  • A few complications glossed over here (discussed in paper)‏



Architecture: Channel Management

  • There are 11 radio channels (802.11b/g)‏

  • We need channel policies to determine when to change the radio channel

  • When particularly interesting traffic is detected, sniffers can also recruit nearby sniffers to focus all on one channel to maximize capture


Sample query
Sample Query

Would not work right with packets from merged tap -- requires all (and only) locally captured packets.

Done!


Performance evaluation summary
Performance Evaluation: Summary

  • In-network Traffic Processing

    • leads to a more even distribution of traffic load over network links; bottleneck links greatly reduced

    • allows sniffer networks to scale to a greater offered load (monitored population)‏

  • Channel Focusing

    • increases network-wide capture of small windows of “interesting” traffic in some cases (no advantage in other cases)‏


Performance evaluation
Performance Evaluation

  • In-network processing evaluated analytically

  • 25 sniffers in grid

  • Wired sink in center

  • Variable # sources (placed randomly)‏

  • Empirically-derived traffic model

Max. link load 8x higher in centralized case


Case studies
Case Studies

  • Popular websites and search patterns

  • Malicious traffic

  • Tracking public transportation services

    • Commuter trains

    • Private bus lines

  • Wireless client fingerprinting

  • Popular websites and search patterns

  • Malicious traffic

  • Tracking public transportation services

    • Commuter trains 

    • Private bus lines

  • Wireless client fingerprinting 


Case study train tracking
Case Study: Train Tracking

LTRX_IBSS

^@

^@^@^@^@

Muffin

MITRA-PC_Network

shafanali

Saleeqa

hpsetup

BrooklineWireless

ARTSHOP

MBTA_WiFi_Coach0365_Box-076

MBTA_WiFi_Coach0389_Box-180

Free Public WiFi

Verizon MiFi MNR

Ganesh

LINKSYS

MBTA_WiFi_Coach0227_Box-038

MBTA_WiFi_Coachnnnn_Box-050

Coach0385_Box-068

skando

MBTA_Wifi_Coach1612_Box-143

LTRX_IBSS

^@

^@^@^@^@

Muffin

MITRA-PC_Network

shafanali

Saleeqa

hpsetup

BrooklineWireless

ARTSHOP

MBTA_WiFi_Coach0365_Box-076

MBTA_WiFi_Coach0389_Box-180

Free Public WiFi

Verizon MiFi MNR

Ganesh

LINKSYS

MBTA_WiFi_Coach0227_Box-038

MBTA_WiFi_Coachnnnn_Box-050

Coach0385_Box-068

skando

MBTA_Wifi_Coach1612_Box-143



Case study train tracking2
Case Study: Train Tracking

  • From captured traffic, try to predict:

    • when trains passed by

    • their direction of travel

  • Use published train schedule as “gold standard” (probably not 100% accurate!)‏

  • Over a 24 hour test, all 34 trains detected successfully

    • time estimates usually accurate to within ~5 min.

    • direction estimates: 25 correct, 4 incorrect


Case study user fingerprinting
Case Study: User Fingerprinting

  • WiFi devices send Probe Requests to search for known networks

  • By capturing these and geolocating the named networks (via www.wigle.net) we can fingerprint user's movements

Tulsa OK

Chicago IL

UK

Belgium

trains

Oregon

Mass.

Austin TX


Related work
Related Work

  • Wardriving: wide spatial coverage, but no temporal coverage (Akella et al. - MobiCom '05, Han et al. - IMC '08)‏

  • Dense indoor monitoring: good temporal coverage and high capture fidelity, but limited spatial coverage (Jigsaw & Wit – Sigcomm '06)‏


Conclusions
Conclusions

  • Urban wireless capture is a difficult business – Argos shows that the technique is possible via:

    • in-network merging & user queries to reduce traffic

    • intelligent 802.11 channel control

  • Our case studies demonstrate Argos' utility, but many more opportunities exist

  • Future work:

    • improved anonymity guarantees

    • other sniffer types (vehicular, mobile phone, etc.)‏


Thanks!

  • Ian Rose

  • [email protected]

  • http://eecs.harvard.edu/~ianrose

  • Matt Welsh

  • [email protected]

  • http://eecs.harvard.edu/~mdw


ad