Self-Configuring Wireless Networks
Wireless data networking technology is ideal for many environments, including homes, airports, and shopping malls, because it is inexpensive, easy to install (no wires), and supports mobile users. As a result, we have seen a sharp increase in the use of wireless over the past few years. Market estimates indicate that WLAN equipment unit shipments will triple by 2009. Despite its wide deployment, using wireless technology effectively is surprisingly challenging. The key issue is that wireless networks must use shared and unprotected spectrum resources. This makes such networks susceptible to two sources of security problems. First, wireless transmissions are easy to eavesdrop upon. Second, the incorrect or malicious transmission behavior of an end-host can interfere with or have a significant performance impact on nearby users.
Eavesdropping & Unauthorized Use of Service:
Existing 802.11 access points (APs) provide little, if any, control over the region for which they provide coverage. As a result, it is typically quite easy for malicious users far from an AP to: 1) discover the existence of the 802.11 network, 2) eavesdrop on any communication between the AP to its clients, and 3) possibly make unauthorized use of the AP. A number of properties of 802.11 exacerbate these concerns. For example, in order to make 802.11 networks easy to use, 802.11’s design makes it simple for users to discover when they are in range of an AP that may provide them Internet connectivity. This is done by APs periodically announcing their existence using beacons. Unfortunately, these beacons are not encrypted in any way – the Wired Equivalent Privacy (WEP) specification, in addition to having been broken, does not protect such control frames. This allows passers-by to easily discover the existence of the network and some of its key configuration parameters, as illustrated in the large war-driving databases that are available on-line.
Service & Performance Constraints:
Wireless LANs must inherently share their primary limited resource: RF spectrum. When APs overlap in coverage and use the same frequency band, the transmission capacity of the channel must effectively be split between the APs since both APs may not be able to transmit to their clients at the same time. In many ways, this problem is analogous to the problem of sharing bandwidth on a wired link. Each normal user of the wired link desires to maximize his share of the link and malicious users of the link may desire to make the link unusable by flooding it. In the Internet, we rely on the social behavior (i.e., the use of proper congestion control) of normal users to ensure that each receives his fair share and that the network continues to operate efficiently. In addition, we can employ IP traceback techniques to identify malicious sources and policing mechanisms to limit its impact.
Unfortunately, congestion control, traceback and policing techniques do not solve the equivalent problems in wireless LANs. There are no centralized locations, such as routers, where policing can be performed, traceback must be performed in physical space and not across hops of the wired network, and there is no clear definition of social fairness that a congestion control scheme can attempt to achieve.
These above problems are common in network deployments today. In addition, two trends are making it likely that the situation will become worse in the future:
The chaotic deployment of wireless networks by different groups results in highly variable densities of wireless nodes and APs and in some cases these densities can become very high (e.g. urban environments, apartment buildings). Such high densities increase the likelihood of any eavesdropping and interference problems.
Configuring and managing wireless networks is difficult for expert, let alone regular users. Management issues include choosing relatively simple parameters such as SSID and channel, and more complex questions such as placement of APs, transmission power settings, and security configuration. Because of this complexity, APs are rarely configured carefully. For example, most APs do not enable WEP and those that do often use the default key configured by vendors. Such misconfiguration of a wireless AP can result in a number of problems, including transmitting data without encryption, interfering with other nearby wireless networks, and providing access to unauthorized users. The trend is for network devices to become more configurable as each device supports multiple transmission standards or as the market moves to the use of software-defined radios. As network devices expose more control to the user, it becomes even less likely that regular users will take the time to figure out appropriate parameter settings and the likelihood that misconfiguration occurs also increases.
The key to minimizing the security and performance problems of such wireless networks is to take the management out of the hands of regular users. The goal of our research is to develop algorithms that enable wireless devices to automatically configure themselves such that they minimize adverse interactions in dense deployments. In addition, we plan to develop techniques that enable these wireless devices to identify other nearby devices that are eithermisconfigured or maliciously configured.
Wireless network interfaces available today allow the user to configure a few properties such as transmission power, security keys, SSID, etc. However, future network interfaces, such as those based on software-defined radios, are likely to have very rich configuration controls. We propose an initial study of auto-configuration that considers two properties: power control and spectrum resource allocation. The results of this research will form the starting point for a broader long-term research agenda in self-managing and self-securing wireless networks.
Transmission Power Control:
The transmission power of a wireless signal determines how far it propagates. By carefully configuring the power such that it is the minimum necessary to reach the target clients and provide good performance, we can minimize the opportunity for undesired receivers to eavesdrop on a transmission. Determining the right power level for each AP even with exact knowledge of workload properties is quite challenging. In addition, the key workload properties (e.g., propagation patterns and client traffic demand) change rapidly, are difficult to measure accurately, and often cannot be disseminated to all relevant parties quickly. We also need some way for the user to easily specify the intended set of target clients.
The spectrum is a shared resource, raising the question of how to allocate it fairly to different users. In wireless networks, this is especially challenging because of frequency reuse in nearby areas, which can create non-overlapping competition for the same resource. For example, if nodes A, B and C were located along a straight line. The use of the spectrum by node B may prevent nodes A & C from transmitting. However, if A & C are out of range of each other, the use of the spectrum by node A may not prevent node C from transmitting. So, what is a fair allocation in this case? Should each node transmit a third of the time? If so, why shouldn’t node A also transmit when node C is transmitting? This then changes the fair allocation. In addition to supporting fair access to a single spectrum channel, any solution must determine the fair allocation of entire channels to nodes.
Automating the configuration of the above properties addresses two issues: 1) it minimizes the needed coverage of any AP, and 2) sets guidelines for what resources each node should obtain. Minimizing coverage minimizes the interference between APs (improving performance) and significantly reduces the opportunity for eavesdropping. By setting guidelines for fair resource usage, we can develop monitoring techniques to identify APs, possibly by MAC address, that are using too much of the shared resource maliciously or greedily. We should note that MAC addresses are not necessarily reliable; however, we might be able to leverage techniques by which transmissions can be localized (e.g., triangulation of the signal) to identify the source of each transmission.
While these techniques help address the problems of eavesdropping and unfair/malicious resource allocation, they may introduce their own security challenges. For example, an important property about the likely solutions is that they may require information reported to them by their neighboring nodes. This includes application bandwidth requirements of a neighboring node as well as observations about spectrum usage around that neighboring node. We must either develop techniques that are robust to the reporting of incorrect information or develop techniques to explicitly confirm the values of the passed data in a secure fashion.
In 12 months, we plan to build a prototype to prove the feasibility of the approach. This entails building a small testbed of laptops configured as APs and clients, which implement our power control and monitoring algorithms.