The slides persented by one of junior members of the PAWS team at the University of Cambridge, Computer Labs. For more information on the project, visit publicaccesswifi.org
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
PAWS Architecture
1. Prof. Jon Crowcroft, Dr. Murray Goulden, Dr. Christian Greiffenhagen,
Heidi Howard, Prof. Derek McAuley, Dr. Richard Mortier, Dr. Milena
Radenkovic, Dr. Arjuna Sathiaseelan
Ubiquitous Access to
Public Services Online
with PAWS
2. "All people should be allowed to connect to and express
themselves freely on the Internet" - UN Human Rights
Council
3. Lowest Cost Denominator Network
Introducing a new level of basic access,
bridging the gap between no access and full
access
Offering less than best effort access to all
10 % of the UK population do not have internet
access
4. Aspley, Nottingham
3 month trial
One of the most
deprived areas in
the country
~1/3 without internet
access
50 new users
50 sharers
5. Wireless Community Networks (WCN)
Forming Co-op's where you share your WiFi
and in turn can use other's
Fon is the most popular WCN, with > 8 million
FON hotspots worldwide
This demonstrates
that people are willing
to share their internet
connection
6. Introducing PAWS
Public Access Wifi Service (PAWS) works with
local councils and communities to give
everyone access to basic public services
online.
Aims
● Confidentiality
● Accountability
● Ease of Use
● Priority
● Authentication
● Scalability
7. Ease of Use
Most home routers are provided by ISP's,
plugged in and left on default settings
Not scalable to re-configure everyone's routers
Introducing the PAWS access point, a Netgear
router running OpenWRT
8. Priority
We need to measure the spare network
capacity available to each PAWS access point
Project BISmark by Georgia Tech
3 month trial: 1 month of measurement, then 2
months of use
Throttling traffic at the PAWS access point
9. Authentication
User need to be able to authenticate
themselves to the PAWS network at any PAWS
box
We have a RADIUS server in Nottingham
This can be linked to the council's
authentication servers
10. Accountability
PAWS users need to have a separate public IP
address from the sharer. Sharers must not be
accountable for users' actions online
Using a virtual private network (VPN) to a secure
endpoint so all PAWS network traffic has the
same IP address
Use PAWS access point firewalls
to enforce use of PAWS VPN
11. Confidentiality
WiFi Encryption often provides weak security
Traffic passes through the sharer's home router
where it can be sniffed
We already get this fixed for free with VPN to
the user's devices
12.
13. Scalability
Authentication across deployment areas
You are registered with your home area,
authentication when travelling is directed to
your home authentication server but we allow
use of the nearest VPN server
14. Limitations
- VPN setup on some client devices is difficult
- The most widely supported VPN is PPTP, but
its been proven insecure
- Some home routers block VPN traffic by
default
- PAWS Routers currently cost £130 each
- Single point of failure, all traffic routed though
VPN server
- Little incentive to share
15. Ideas for Future Work
- Two tier system, where users who are also
sharers get more bandwidth
- For users who are also sharers use their
PAWS box as the VPN endpoint instead
- VPN from PAWS AP instead of client devices,
combined with WPA Enterprise from the device
to PAWS AP
- Client apps to map coverage, automatically
connect to VPN etc..
- Implement fallback in PAWS access points