Διπλωματική Εργασία the peer-to-peer wireless network confederation protocol:...
Post on 19-Dec-2015
224 views
TRANSCRIPT
Διπλωματική Εργασία
The Peer-to-Peer Wireless Network Confederation Protocol:
Design Specification and Performance Analysis
Παρουσίαση:Παντελής Φραγκούδης
Επιβλέπων:Γ. Πολύζος
Εξωτερικός αξιολογητής:Κ. Κουρκουμπέτης
2/24
Outline
Introduction System overview and architecture P2PWNC protocol Reference implementation Performance evaluation Conclusion
3/24
Introduction
Peer-to-Peer Wireless Network Confederation (P2PWNC) WLAN roaming scheme based on the P2P paradigm Sharing WLAN resources
Motivation Wide spread of WLAN low-cost equipment and broadband access Underutilized residential WLAN resources Limited WLAN roaming capabilities
Purpose Fueling ubiquitous internet access Exploiting underutilized residential WLAN resources Enforcing cooperation through reciprocity
Characteristics Deployment simplicity Agent autonomy Low managerial overhead
4/24
P2PWNC Overview
Users organized in teams Rule of reciprocity
Members of a team are freely served by other teams if their team also serves members of other teams
Autonomous decisions Decisions are based on transaction history Decision algorithms: not specified by the protocol
Trust model Team members know and trust each other Teams do not trust one another
Two operation modes: Centralized (TCA), Decentralized (no TCA)
ASCII-based communication protocol
5/24
System Entities (1/3)
Teams P2PWNC peers Team identifier: public/secret key pair Each team operates a number of access points
Team members Member identifier: public/secret key pair Team membership established via a certificate
Access Points
6/24
System Entities (2/3)
Receipts Proofs of prior
transactions Issued (signed)
by service consumer
1 receipt per session
ConsumerCertificate
ConsumerSignature
ProviderPK
Timestamp
Weight
MemberPK
TeamPK
TeamSignature
7/24
System Entities (3/3)
Receipt Repository Stores transaction history History used as input to the decision algorithm
Trusted Central Authority Issues key pairs for teams Manages a central receipt repository
Team Server Issues member key pairs and certificates Manages a team-local receipt repository Updates member repositories by answering UPDT
messages
8/24
Centralized Operation Mode
9/24
Decentralized Operation Mode
10/24
The P2PWNC Protocol
ASCII-based messages Support for RSA and Elliptic Curve
Cryptography (ECC) digital signatures Specifies cryptosystem parameters Specifies key, certificate and signature data
representations Does not specify decision algorithms, data
storage formats, software agent implementation details
11/24
Cryptosystem Parameters
RSA Bit lengths: 1024, 1536, 2048 Digest values produced by SHA-1
ECC Bit lengths: 160, 192, 224, 256 ECDSA algorithm (using SHA-1)
12/24
Protocol Messages
CONN: session initiation CACK: session establishment RREQ: receipt request RCPT: receipt QUER: query to the Receipt Repository QRSP: query response (grant/deny
access) UPDT: repository update request
13/24
Mobile User – Access Point Session
Mobile User Access Point RepositoryCONN
QUER
QRSPCACK
RREQ
RCPT
Timeout/Conn. closed RCPT
RREQ
14/24
Reference Implementation (1/3)
AP module Runs on top of embedded Linux-based wireless
access points Multithreaded TCP server Uses netfilter/iptables for network access control Kernel-level traffic measurements per session Mandatory support for RSA, ECC
Mobile User module Currently, C and Java implementations Need not support both RSA, ECC.
15/24
Reference Implementation (2/3)
Receipt Repository module
Composite data structure for receipt storage
Decision algorithms: pluggable modules
Decisions based on the maximum-flow algorithm
Push-Relabel Algorithm - O(V3)
“Global relabeling” heuristic
16/24
Reference Implementation (3/3)
TCA module Includes receipt repository module TCP server waiting for RCPT & QUER messages Team database Team key pair generation module Mandatory support for both RSA, ECC
Team Server module Includes receipt repository module TCP server waiting for RCPT, QUER, UPDT messages Mandatory support for both RSA, ECC
17/24
Performance Evaluation
Testbed Linksys WRT54GS wireless router AMD AthlonXP 2800 laptop
Cryptographic operations performance tests Signature, verification tests ECC vs RSA, AthlonXP vs Linksys WRT54GS
Maximum flow algorithm performance tests Peer population: 100, 500, 1000 teams Receipt repository size: 100 to 10000 receipts Running time and memory consumption tests
Effects of signature verifications on AP operation Tests run on Linksys WRT54GS FTP transfer of a ~220Mb file 160bit ECDSA verifications
18/24
Testbed Platform Specifications
Athlon XP2800 Linksys WRT54GS
System type AMD AthlonXP 2800 Broadcom MIPS
CPU speed 2.08GHz 200MHz
RAM 512 Mb 32Mb
Permanent storage 60 Gb hard disk 8 Mb flash (read only),
32 Kb NVRAM
Operating system RedHat Linux 8, 2.4 kernel Embedded Linux (by Broadcom) - 2.4 kernel
OpenSSL version 0.9.8, beta 5 0.9.8, beta 5
Compiler gcc v3.2 gcc v3.2
GCC optimizations -O3 -O3 –mcpu=r4600 –mips2
19/24
Cryptographic Operations Performance
Security Level
Key Size ratio
(RSA/ECC)
Athlon XP Linksys WRT54GS
RSA ECC RSA ECC
Digital Signing
1024/160 6.4 : 1 9.0 1.3 300.6 20.3
1536/192 8 : 1 25.9 1.2 655.6 18.5
2048/224 9.14 : 1 47.3 1.4 1529.0 23.4
3072/256 12:1 149.1 1.7 3939.0 73.1
Signature Verification
1024/160 6.4 : 1 0.4 6.5 12.3 114.7
1536/192 8 : 1 0.8 6.0 21.4 99.9
2048/224 9.14 : 1 1.3 7.1 37.9 135.7
3072/256 12:1 2.8 8.6 75.3 453.0Time measured in milliseconds
20/24
Maximum Flow Algorithm Running Time on Athlon XP
21/24
Maximum Flow Algorithm Running Time on Linksys
WRT54GS
22/24
Effect of CPU Intensive Tasks on Throughput
Verification wall clock time: 0.12sec 223.33Mbyte FTP transfer over Linksys WRT54GS
(wired): 3956.62 Kbytes/sec
Verifications/sec Delay (of #verifications)
Throughput (Kbytes/sec)
Transfer time (seconds)
- - 3956.62 (pure transfer)
56.58
0.72 9 3858.05 58.00
1.28 4 3600.85 62.00
2.56 1 3145.67 71.00
3.76 0 2783.79 80.50
8.5 (pure verification time)
0 - -
23/24
Extensions
Denial-of-Service attacks DoS attacks to APs/Receipt Repositories Exploit of probabilistic nature of decision algorithms
Implementation issues Maxflow algorithm heuristics Receipt Repository as a distributed database Study and improve ECC efficiency
Deployment issues Porting client software to more platforms (esp. PDAs) Downloadable Linksys WRT54GS firmware distribution
Evaluation issues Maxflow testing on various graph types (based on user mobility
models)
24/24
Summary
Specified, implemented and evaluated a protocol for the provision of unified WLAN roaming services
Aiming at fueling ubiquitous Internet access Scheme built around the ideas of agent autonomy and
service reciprocity Maximum flow-based decision algorithms Designed with embedded/constrained devices in mind Efficient data structures for data storage/retrieval and
graph operations Tested applicability of Elliptic Curve Cryptography