SlideShare una empresa de Scribd logo

Providing Security for Wireless Community Networks (PAWS)

Heidi Howard
Heidi Howard

Slide deck from talk on Providing Security for Wireless Community Networks, focusing on Public Access Wifi Server (PAWS) at Workshop on Participatory Networks and Privacy: New Research Issues

Tecnología
1 de 22
Descargar para leer sin conexión
Providing Security for Wireless Community Networks Milena Radenkovic, Heidi Howard, Jon Crowcroft, Murray Goulden, Christian Greiffenhagen, Derek McAuley, Richard Mortier Workshop on Participatory Networks and Privacy: New Research Issues - 12th September 2013
Global Digital Divide Figure: Internet penetration as a percentage of a country’s population (ITU, June 2012)
National Digital Divide 13 % of people in UK do not have internet access, but why? Reason Percent Don’t need the internet 54 Lack of Skills 22 Equipment cost too high 15 Other 15 Access costs too high 14 Internet access elsewhere 8 Privacy/Security concerns 4 Disability 3 Figure: Reasons for households not having Internet access (Office for National Statistics, August 2012)
Local Digital Divide Figure: Internet penetration as a percentage of a country’s population (Nottingham Citizens Survey, 2011)
Local Digital Divide Figure: Proportion of respondents to citizens survey with access to the internet (Nottingham Citizens Survey, 2012)
Local Digital Divide Figure: Methods of accessing the internet (Nottingham Citizens Survey, 2012)
Lowest Cost Denominator Network Lowest Cost Denominator Networking introduces a new level of basic access, bridging the gap between no access and full access. Offering less than best effort access to all
Wireless Community Networks Co-operates where you share your WiFi and in turn can use other’s WiFi. Fon is the most popular WCN, with 11.6 million Fon hotspots worldwide. Fon members share their broadband via a dedicated Fon router: either purchased from Fon or provided by the ISP Fon router replaces home router, providing 2 VWANs: an encrypted one for the home user and an open one for Fon members, priority is given to the home users
Wireless Community Networks Fon members connect to the open “FON” network and enter credentials into a web-based captive gateway or via a mobile app. Fon demonstrates that people are willing to share their internet connection but this doesn’t help with digital exclusion.
Introducing PAWS Public Access Wifi Service (PAWS) is a WCN, enabling members of the community to share their unused broadband capacity with neighbours over WiFi, this part is simple, the challenge is providing: Confidentiality, Integrity & Availability Ease of Use Priority Authentication, Authorization & Accounting Scalability
Ease of Use How can we enable sharers to open up their networks? Challenges: Home routers are provided by ISPs, plugged in and left on default settings Sharers may have forgotten admin passwords Sharers will not want to reconnect all their devices Sharers have a range of routers, some act as modems Approaches: Re-configure sharer’s home router Replace the sharer’s router Add a dedicated router to the sharer’s network Software solution such as Whisper or Wi-sh We use a dedicated Netgear WNDR3800 router running OpenWRT
Priority We need to give capacity to PAWS users, with minimal disruption to the sharers. Challenges: Our router is not the gateway router Fluctuation in network capacity over time Wide range of networks with very difference characteristics, e.g. Fiber Vs ADSL Data usage caps Approaches: Actively measure network capacity at all times, dynamically throttle at PAWS access point Work with ISPs and use Quality of Service We used Project BISmark developed at Georgia Tech to measure capacity visible to the PAWS access point and statically set throttling at the PAWS access point
Authentication Users need to be able to authenticate themselves to the PAWS network at any of the PAWS access points Challenges: Supporting a range of user devices Many devices OSes (such as Android and iOS) limit the application API Aim for support for roaming between PAWS developments Ease of use is key User may share/lose passwords, choose weak passwords, use same passwords for other applications Approaches: WPA, WPA2, WPA Enterprise MAC address filtering Captive portal with user credentials We use user credentials, authenticated by local RADIUS servers for each deployment, this could be linked to the 3rd party authentication servers
Authentication Figure: RADIUS Authentication, within a hotspot deployment
Accountability & Authorization PAWS user traffic needs to have a separate public IP address from the sharer. Sharers must not be held accountable for users’ actions online Challenges: Sharers need to feel secure Legal issues Approaches: Work with ISPs to provide sharers with dual IPs Keep logs of all traffic sent, MAC associations with the PAWS access point VPN traffic somewhere else, to alter source IP Using a VPN to a secure endpoint so all PAWS network traffic has a source IP distinct from the sharer’s.
Confidentiality Challenges: Traffic passes through the sharer’s home router WiFi Encryption often provides weak security End-to-end encryption often not available Fake PAWS hotspots Approaches: WiFi Encryption VPN Limit access only to hosts with end-to-end encryption i.e. HTTPS only SSL encryption We already get this fixed for free with VPN to the user’s devices
Scalability When travelling, authentication is directed to your home authentication server and the nearest VPN server PAWS Router VPN Server RADIUS Server Nottingham External RADIUS Server User Device PAWS Router VPN Server RADIUS Server London External RADIUS Server User Device PAWS Router VPN Server RADIUS Server Manchester External RADIUS Server User Device User Device 1 2 3 4 5 67 8 123 4 7 5 6 8 9 10 Figure: RADIUS Authentication, across a hotspot deployments
Limitations VPN setup on some client devices is difficult The most widely supported VPN is PPTP, but it’s been proven insecure Some home routers block VPN traffic by default PAWS Routers currently cost £110 each Single point of failure, all traffic routed though VPN server Little incentive to share Throttling being too conservative Legal & ISPs Terms of Service
Research in the wild: Aspley, Nottingham 3 month trial 1/3 without internet access 50 new internet users 50 sharers Figure: War drive data from Aspley
Research in the wild: Aspley, Nottingham Figure: Architecture of Aspley deployment
Future Work Two tier system, where users who are also sharers get more bandwidth For users who are also sharers, use their PAWS box as the VPN endpoint instead VPN from PAWS AP instead of client devices, combined with WPA Enterprise from the device to PAWS AP Client apps to map coverage, automatically connect to VPN Implement fallback in PAWS access points Dynamic Throttling
Discussion

Recomendados

wifi-technology
wifi-technology wifi-technology
wifi-technologytardeep
 
Public wifi architecture_12072017
Public wifi architecture_12072017Public wifi architecture_12072017
Public wifi architecture_12072017Saurabh Verma
 
Ccna 1 chapter 1 v5
Ccna 1 chapter 1 v5Ccna 1 chapter 1 v5
Ccna 1 chapter 1 v5atom1716
 
Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpnShradha Maheshwari
 
Www ccnav5 net_ccna_1_chapter_1_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_1_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_1_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_1_v5_0_exam_answers_2014Đồng Quốc Vương
 
Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Rajendra Dangwal
 
Implementation of a Virtual Private Network - VPN
Implementation of a Virtual Private Network - VPNImplementation of a Virtual Private Network - VPN
Implementation of a Virtual Private Network - VPNSovello Hildebrand
 
wi-fi technology
wi-fi technologywi-fi technology
wi-fi technologytardeep
 

Recomendados

wifi-technology
wifi-technology wifi-technology
wifi-technologytardeep
 
Public wifi architecture_12072017
Public wifi architecture_12072017Public wifi architecture_12072017
Public wifi architecture_12072017Saurabh Verma
 
Ccna 1 chapter 1 v5
Ccna 1 chapter 1 v5Ccna 1 chapter 1 v5
Ccna 1 chapter 1 v5atom1716
 
Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpnShradha Maheshwari
 
Www ccnav5 net_ccna_1_chapter_1_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_1_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_1_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_1_v5_0_exam_answers_2014Đồng Quốc Vương
 
Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Report File On Virtual Private Network(VPN)
Report File On Virtual Private Network(VPN)Rajendra Dangwal
 
Implementation of a Virtual Private Network - VPN
Implementation of a Virtual Private Network - VPNImplementation of a Virtual Private Network - VPN
Implementation of a Virtual Private Network - VPNSovello Hildebrand
 
wi-fi technology
wi-fi technologywi-fi technology
wi-fi technologytardeep
 
Vpn rsvp
Vpn rsvpVpn rsvp
Vpn rsvpSwarup Kumar Mall
 
High level architecture of isp .55
High level architecture of isp .55High level architecture of isp .55
High level architecture of isp .55myrajendra
 
Wi fi - Technology @ IEEE Concept
Wi fi - Technology @ IEEE ConceptWi fi - Technology @ IEEE Concept
Wi fi - Technology @ IEEE Conceptkodela3
 
Wi-fi technology-ppt-13p61a0558
Wi-fi technology-ppt-13p61a0558Wi-fi technology-ppt-13p61a0558
Wi-fi technology-ppt-13p61a0558Praveen Reddy
 
Wireless Fidelity
Wireless FidelityWireless Fidelity
Wireless FidelityJAI MCA-STUDENT
 
Wi Fi Technology
Wi Fi TechnologyWi Fi Technology
Wi Fi TechnologyAlok Pandey (AP)
 
Wi-fi (ppt) by Mayank Saxena
Wi-fi (ppt) by Mayank SaxenaWi-fi (ppt) by Mayank Saxena
Wi-fi (ppt) by Mayank SaxenaMayank Saxena
 
The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private NetworkAbhinav Dwivedi
 
Implementing VPN Virtual Private Networks for Small Offices/Organizations
Implementing VPN Virtual Private Networks for Small Offices/OrganizationsImplementing VPN Virtual Private Networks for Small Offices/Organizations
Implementing VPN Virtual Private Networks for Small Offices/OrganizationsSovello Hildebrand
 
WLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALAWLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALASaikiran Panjala
 
WIFI Technology
WIFI TechnologyWIFI Technology
WIFI TechnologyMohamed Hafez
 
VPN
VPNVPN
VPNShiraz316
 
All About VPN
All About VPNAll About VPN
All About VPNVicente A. Aragon D.
 
Wi Fi
Wi FiWi Fi
Wi FiDhaval Barot
 
Pervasive Device and Service Discovery Protocol in Interoperability XBee-IP N...
Pervasive Device and Service Discovery Protocol in Interoperability XBee-IP N...Pervasive Device and Service Discovery Protocol in Interoperability XBee-IP N...
Pervasive Device and Service Discovery Protocol in Interoperability XBee-IP N...TELKOMNIKA JOURNAL
 
Wireless Fidelity ppt
Wireless Fidelity pptWireless Fidelity ppt
Wireless Fidelity pptOECLIB Odisha Electronics Control Library
 
Wireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+VulnerabilitiesWireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+VulnerabilitiesYogesh Kumar
 
WiFi Technology
WiFi TechnologyWiFi Technology
WiFi TechnologyHasanMaster
 
Virtual private network, vpn presentation
Virtual private network, vpn presentationVirtual private network, vpn presentation
Virtual private network, vpn presentationAmjad Bhutto
 
wi-fi ppt
wi-fi pptwi-fi ppt
wi-fi pptvijaykumar vodnala
 
Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.igede tirtanata
 
Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.igede tirtanata
 

Más contenido relacionado

La actualidad más candente

High level architecture of isp .55
High level architecture of isp .55High level architecture of isp .55
High level architecture of isp .55myrajendra
 
Wi fi - Technology @ IEEE Concept
Wi fi - Technology @ IEEE ConceptWi fi - Technology @ IEEE Concept
Wi fi - Technology @ IEEE Conceptkodela3
 
Wi-fi technology-ppt-13p61a0558
Wi-fi technology-ppt-13p61a0558Wi-fi technology-ppt-13p61a0558
Wi-fi technology-ppt-13p61a0558Praveen Reddy
 
Wi-fi (ppt) by Mayank Saxena
Wi-fi (ppt) by Mayank SaxenaWi-fi (ppt) by Mayank Saxena
Wi-fi (ppt) by Mayank SaxenaMayank Saxena
 
The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private NetworkAbhinav Dwivedi
 
Implementing VPN Virtual Private Networks for Small Offices/Organizations
Implementing VPN Virtual Private Networks for Small Offices/OrganizationsImplementing VPN Virtual Private Networks for Small Offices/Organizations
Implementing VPN Virtual Private Networks for Small Offices/OrganizationsSovello Hildebrand
 
WLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALAWLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALASaikiran Panjala
 
Pervasive Device and Service Discovery Protocol in Interoperability XBee-IP N...
Pervasive Device and Service Discovery Protocol in Interoperability XBee-IP N...Pervasive Device and Service Discovery Protocol in Interoperability XBee-IP N...
Pervasive Device and Service Discovery Protocol in Interoperability XBee-IP N...TELKOMNIKA JOURNAL
 
Wireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+VulnerabilitiesWireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+VulnerabilitiesYogesh Kumar
 
Virtual private network, vpn presentation
Virtual private network, vpn presentationVirtual private network, vpn presentation
Virtual private network, vpn presentationAmjad Bhutto
 

La actualidad más candente (20)

Vpn rsvp
Vpn rsvpVpn rsvp
Vpn rsvp
 
High level architecture of isp .55
High level architecture of isp .55High level architecture of isp .55
High level architecture of isp .55
 
Wi fi - Technology @ IEEE Concept
Wi fi - Technology @ IEEE ConceptWi fi - Technology @ IEEE Concept
Wi fi - Technology @ IEEE Concept
 
Wi-fi technology-ppt-13p61a0558
Wi-fi technology-ppt-13p61a0558Wi-fi technology-ppt-13p61a0558
Wi-fi technology-ppt-13p61a0558
 
Wireless Fidelity
Wireless FidelityWireless Fidelity
Wireless Fidelity
 
Wi Fi Technology
Wi Fi TechnologyWi Fi Technology
Wi Fi Technology
 
Wi-fi (ppt) by Mayank Saxena
Wi-fi (ppt) by Mayank SaxenaWi-fi (ppt) by Mayank Saxena
Wi-fi (ppt) by Mayank Saxena
 
The Virtual Private Network
The Virtual Private NetworkThe Virtual Private Network
The Virtual Private Network
 
Implementing VPN Virtual Private Networks for Small Offices/Organizations
Implementing VPN Virtual Private Networks for Small Offices/OrganizationsImplementing VPN Virtual Private Networks for Small Offices/Organizations
Implementing VPN Virtual Private Networks for Small Offices/Organizations
 
WLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALAWLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALA
 
WIFI Technology
WIFI TechnologyWIFI Technology
WIFI Technology
 
VPN
VPNVPN
VPN
 
All About VPN
All About VPNAll About VPN
All About VPN
 
Wi Fi
Wi FiWi Fi
Wi Fi
 
Pervasive Device and Service Discovery Protocol in Interoperability XBee-IP N...
Pervasive Device and Service Discovery Protocol in Interoperability XBee-IP N...Pervasive Device and Service Discovery Protocol in Interoperability XBee-IP N...
Pervasive Device and Service Discovery Protocol in Interoperability XBee-IP N...
 
Wireless Fidelity ppt
Wireless Fidelity pptWireless Fidelity ppt
Wireless Fidelity ppt
 
Wireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+VulnerabilitiesWireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+Vulnerabilities
 
WiFi Technology
WiFi TechnologyWiFi Technology
WiFi Technology
 
Virtual private network, vpn presentation
Virtual private network, vpn presentationVirtual private network, vpn presentation
Virtual private network, vpn presentation
 
wi-fi ppt
wi-fi pptwi-fi ppt
wi-fi ppt
 

Similar a Providing Security for Wireless Community Networks (PAWS)

Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.igede tirtanata
 
Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.igede tirtanata
 
Remote access connection
Remote access connection Remote access connection
Remote access connection Ah Fawad Saiq
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRicha Singh
 
my presentation on vpn
my presentation on vpnmy presentation on vpn
my presentation on vpnjadeja dhanraj
 
12 Understanding V P Ns
12 Understanding V P Ns12 Understanding V P Ns
12 Understanding V P NsAamirAziz
 
Wireless security
Wireless securityWireless security
Wireless securityparipec
 
Wireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit BhatiaWireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit BhatiaArpit Bhatia
 
Acit Mumbai - understanding vpns
Acit Mumbai - understanding vpnsAcit Mumbai - understanding vpns
Acit Mumbai - understanding vpnsSleek International
 
Virtual private network
Virtual private networkVirtual private network
Virtual private networkVINAY GATLA
 

Similar a Providing Security for Wireless Community Networks (PAWS) (20)

Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.
 
Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.
 
VPN
VPN VPN
VPN
 
Vp npresentation (1)
Vp npresentation (1)Vp npresentation (1)
Vp npresentation (1)
 
Remote access connection
Remote access connection Remote access connection
Remote access connection
 
Vp npresentation
Vp npresentationVp npresentation
Vp npresentation
 
Ruckus brief customer_Medley
Ruckus brief customer_MedleyRuckus brief customer_Medley
Ruckus brief customer_Medley
 
Wlan security
Wlan securityWlan security
Wlan security
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Allaboutvpn
AllaboutvpnAllaboutvpn
Allaboutvpn
 
my presentation on vpn
my presentation on vpnmy presentation on vpn
my presentation on vpn
 
12 Understanding V P Ns
12 Understanding V P Ns12 Understanding V P Ns
12 Understanding V P Ns
 
PAWS Architecture
PAWS ArchitecturePAWS Architecture
PAWS Architecture
 
Wireless security
Wireless securityWireless security
Wireless security
 
Wireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit BhatiaWireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit Bhatia
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
 
Acit Mumbai - understanding vpns
Acit Mumbai - understanding vpnsAcit Mumbai - understanding vpns
Acit Mumbai - understanding vpns
 
The vpn
The vpnThe vpn
The vpn
 
Virtual private network
Virtual private networkVirtual private network
Virtual private network
 
Vpn alternative whitepaper
Vpn alternative whitepaperVpn alternative whitepaper
Vpn alternative whitepaper
 

Más de Heidi Howard

Flexible Paxos: Reaching agreement without majorities
Flexible Paxos: Reaching agreement without majorities Flexible Paxos: Reaching agreement without majorities
Flexible Paxos: Reaching agreement without majorities Heidi Howard
 
Distributed Consensus: Making Impossible Possible [Revised]
Distributed Consensus: Making Impossible Possible [Revised]Distributed Consensus: Making Impossible Possible [Revised]
Distributed Consensus: Making Impossible Possible [Revised]Heidi Howard
 
Distributed Consensus: Making Impossible Possible
Distributed Consensus: Making Impossible PossibleDistributed Consensus: Making Impossible Possible
Distributed Consensus: Making Impossible PossibleHeidi Howard
 
Reaching reliable agreement in an unreliable world
Reaching reliable agreement in an unreliable worldReaching reliable agreement in an unreliable world
Reaching reliable agreement in an unreliable worldHeidi Howard
 
Pyland - 3 minute intro
Pyland - 3 minute intro Pyland - 3 minute intro
Pyland - 3 minute intro Heidi Howard
 
Introducing Project Zygote
Introducing Project ZygoteIntroducing Project Zygote
Introducing Project ZygoteHeidi Howard
 

Más de Heidi Howard (7)

Flexible Paxos: Reaching agreement without majorities
Flexible Paxos: Reaching agreement without majorities Flexible Paxos: Reaching agreement without majorities
Flexible Paxos: Reaching agreement without majorities
 
Distributed Consensus: Making Impossible Possible [Revised]
Distributed Consensus: Making Impossible Possible [Revised]Distributed Consensus: Making Impossible Possible [Revised]
Distributed Consensus: Making Impossible Possible [Revised]
 
Distributed Consensus: Making Impossible Possible
Distributed Consensus: Making Impossible PossibleDistributed Consensus: Making Impossible Possible
Distributed Consensus: Making Impossible Possible
 
Reaching reliable agreement in an unreliable world
Reaching reliable agreement in an unreliable worldReaching reliable agreement in an unreliable world
Reaching reliable agreement in an unreliable world
 
Pyland - 3 minute intro
Pyland - 3 minute intro Pyland - 3 minute intro
Pyland - 3 minute intro
 
Introducing Project Zygote
Introducing Project ZygoteIntroducing Project Zygote
Introducing Project Zygote
 
Signposts
SignpostsSignposts
Signposts
 

Último

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 

Último (20)

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 

Providing Security for Wireless Community Networks (PAWS)

  • 1. Providing Security for Wireless Community Networks Milena Radenkovic, Heidi Howard, Jon Crowcroft, Murray Goulden, Christian Greiffenhagen, Derek McAuley, Richard Mortier Workshop on Participatory Networks and Privacy: New Research Issues - 12th September 2013
  • 2. Global Digital Divide Figure: Internet penetration as a percentage of a country’s population (ITU, June 2012)
  • 3. National Digital Divide 13 % of people in UK do not have internet access, but why? Reason Percent Don’t need the internet 54 Lack of Skills 22 Equipment cost too high 15 Other 15 Access costs too high 14 Internet access elsewhere 8 Privacy/Security concerns 4 Disability 3 Figure: Reasons for households not having Internet access (Office for National Statistics, August 2012)
  • 4. Local Digital Divide Figure: Internet penetration as a percentage of a country’s population (Nottingham Citizens Survey, 2011)
  • 5. Local Digital Divide Figure: Proportion of respondents to citizens survey with access to the internet (Nottingham Citizens Survey, 2012)
  • 6. Local Digital Divide Figure: Methods of accessing the internet (Nottingham Citizens Survey, 2012)
  • 7. Lowest Cost Denominator Network Lowest Cost Denominator Networking introduces a new level of basic access, bridging the gap between no access and full access. Offering less than best effort access to all
  • 8. Wireless Community Networks Co-operates where you share your WiFi and in turn can use other’s WiFi. Fon is the most popular WCN, with 11.6 million Fon hotspots worldwide. Fon members share their broadband via a dedicated Fon router: either purchased from Fon or provided by the ISP Fon router replaces home router, providing 2 VWANs: an encrypted one for the home user and an open one for Fon members, priority is given to the home users
  • 9. Wireless Community Networks Fon members connect to the open “FON” network and enter credentials into a web-based captive gateway or via a mobile app. Fon demonstrates that people are willing to share their internet connection but this doesn’t help with digital exclusion.
  • 10. Introducing PAWS Public Access Wifi Service (PAWS) is a WCN, enabling members of the community to share their unused broadband capacity with neighbours over WiFi, this part is simple, the challenge is providing: Confidentiality, Integrity & Availability Ease of Use Priority Authentication, Authorization & Accounting Scalability
  • 11. Ease of Use How can we enable sharers to open up their networks? Challenges: Home routers are provided by ISPs, plugged in and left on default settings Sharers may have forgotten admin passwords Sharers will not want to reconnect all their devices Sharers have a range of routers, some act as modems Approaches: Re-configure sharer’s home router Replace the sharer’s router Add a dedicated router to the sharer’s network Software solution such as Whisper or Wi-sh We use a dedicated Netgear WNDR3800 router running OpenWRT
  • 12. Priority We need to give capacity to PAWS users, with minimal disruption to the sharers. Challenges: Our router is not the gateway router Fluctuation in network capacity over time Wide range of networks with very difference characteristics, e.g. Fiber Vs ADSL Data usage caps Approaches: Actively measure network capacity at all times, dynamically throttle at PAWS access point Work with ISPs and use Quality of Service We used Project BISmark developed at Georgia Tech to measure capacity visible to the PAWS access point and statically set throttling at the PAWS access point
  • 13. Authentication Users need to be able to authenticate themselves to the PAWS network at any of the PAWS access points Challenges: Supporting a range of user devices Many devices OSes (such as Android and iOS) limit the application API Aim for support for roaming between PAWS developments Ease of use is key User may share/lose passwords, choose weak passwords, use same passwords for other applications Approaches: WPA, WPA2, WPA Enterprise MAC address filtering Captive portal with user credentials We use user credentials, authenticated by local RADIUS servers for each deployment, this could be linked to the 3rd party authentication servers
  • 14. Authentication Figure: RADIUS Authentication, within a hotspot deployment
  • 15. Accountability & Authorization PAWS user traffic needs to have a separate public IP address from the sharer. Sharers must not be held accountable for users’ actions online Challenges: Sharers need to feel secure Legal issues Approaches: Work with ISPs to provide sharers with dual IPs Keep logs of all traffic sent, MAC associations with the PAWS access point VPN traffic somewhere else, to alter source IP Using a VPN to a secure endpoint so all PAWS network traffic has a source IP distinct from the sharer’s.
  • 16. Confidentiality Challenges: Traffic passes through the sharer’s home router WiFi Encryption often provides weak security End-to-end encryption often not available Fake PAWS hotspots Approaches: WiFi Encryption VPN Limit access only to hosts with end-to-end encryption i.e. HTTPS only SSL encryption We already get this fixed for free with VPN to the user’s devices
  • 17. Scalability When travelling, authentication is directed to your home authentication server and the nearest VPN server PAWS Router VPN Server RADIUS Server Nottingham External RADIUS Server User Device PAWS Router VPN Server RADIUS Server London External RADIUS Server User Device PAWS Router VPN Server RADIUS Server Manchester External RADIUS Server User Device User Device 1 2 3 4 5 67 8 123 4 7 5 6 8 9 10 Figure: RADIUS Authentication, across a hotspot deployments
  • 18. Limitations VPN setup on some client devices is difficult The most widely supported VPN is PPTP, but it’s been proven insecure Some home routers block VPN traffic by default PAWS Routers currently cost £110 each Single point of failure, all traffic routed though VPN server Little incentive to share Throttling being too conservative Legal & ISPs Terms of Service
  • 19. Research in the wild: Aspley, Nottingham 3 month trial 1/3 without internet access 50 new internet users 50 sharers Figure: War drive data from Aspley
  • 20. Research in the wild: Aspley, Nottingham Figure: Architecture of Aspley deployment
  • 21. Future Work Two tier system, where users who are also sharers get more bandwidth For users who are also sharers, use their PAWS box as the VPN endpoint instead VPN from PAWS AP instead of client devices, combined with WPA Enterprise from the device to PAWS AP Client apps to map coverage, automatically connect to VPN Implement fallback in PAWS access points Dynamic Throttling