ResFi A Secure Framework for Self-Organized Radio Resource Management in Residential WiFi Networks

Sven Zehl, Antolij Zubow, Michael Döring and Adam Wolisz

TKN Telecommunication Networks Group

Motivation

IEEE 802.11 (WiFi) is the main access technology in residential environments -> WiFi AP as heart of a smart home

Residential WiFi networks are characterized by:

Dense (urban) and unplanned deployments

In contrast to enterprise networks each AP is managed independently by an unexperienced resident

TKN Telecommunication Networks Group

Motivation

IEEE 802.11 (WiFi) is the main access technology in residential environments -> WiFi AP as heart of a smart home

Residential WiFi networks are characterized by:

Dense (urban) and unplanned deployments

In contrast to enterprise networks each AP is managed independently by an unexperienced resident

Main problems: • High contention • High interference • Spectrum wastage -> More than 50% of residential APs use the default static channels!! (Patro et. al 2013)

TKN Telecommunication Networks Group

Motivation (Cont.)

New applications (e.g. UHD video) require high QoS/QoE which will be challenging to be enforced in residential WiFi deployments,

Goal: enable cooperation between co-located residential APs to allow efficient radio resource management (e.g. setting radio channel, bandwidth, transmit power),

Challenge: how to enable secure communication between residential APs?

Efficient discovery of neighboring APs,

Exchange of addressing information of management units.

TKN Telecommunication Networks Group

Lessons from Enterprise Networks

Centralized radio resource management:

In Enterprise WiFi networks a centralized controller manages radio resources,

Very efficient as controller has global view + connected via low-latency backhaul to Aps

With COAP (Coordination framework for Open APs) a centralized radio resource management for residential WiFi networks was proposed (Patro et. al 2015):

Only applicable for centrally administered apartment houses, e.g. single ISP or single building manager,

It requires significant administration & creates cost (-> cloud controller)

TKN Telecommunication Networks Group

Residential WiFi network

TKN Telecommunication Networks Group

Enable Cooperation

TKN Telecommunication Networks Group

How to discover neighboring APs?

Idea: Use 802.11 active scanning for AP (!) discovery

TKN Telecommunication Networks Group

How to exchange global IP address?

TKN Telecommunication Networks Group

Setting-up of a secured control channel over the Internet

TKN Telecommunication Networks Group

Why do we secure the control channel?

Radio resource management is not security sensitive, so why should be care?

Large scale malicious actions can have an impact!

Setting all APs of a city on the same channel would definitely create some problems…

Security material is exchanged only locally using the wireless interface (an attacker must be physically co-located)

Key rotation to prevent key collection -> wardriving

TKN Telecommunication Networks Group

Proposed Approach - Design principles

Fully distributed approach for radio resource management in residential WiFi networks

No controller, no cloud, no additional costs

Residential APs in direct wireless communication range discover each other and exchange addressing information and key material using the wireless interface:

Neighboring APs do not necessarily have to operate on the same channel,

Addressing information is the public (global) IP address of the AP radio resource management unit

A secured control channel between each pair of neighboring APs over the Internet is set up.

Neighboring APs can cooperate with each other by means of message exchange using a well-defined API.

TKN Telecommunication Networks Group

The ResFi Framework

Security features:

Ensuring locality of participating APs through periodically changing the symmetric group encryption key (wirelessly distributed to neighbors via active scanning)

Additionally group encryption key provides group confidentiality between one hop neighbors

Ensuring non-repudiation and message integrity through public key cryptography

Moreover on demand created symmetric unicast encryption keys provides confidentiality between two peers.

Pure user-space software solution

Enables secure N-Hop connectivity between residential WiFi APs

TKN Telecommunication Networks Group

The ResFi Framework (II)

Allows easy radio resource management application development

Enables cooperative radio resource management between residential APs of different vendors and device types

Prototype available as open-source

http://github.com/resfi

Well defined northbound and southbound APIs:

Allows easy integration for vendors

TKN Telecommunication Networks Group

ResFi Reference Implementation

Framework implemented using platform independent code (python)

hostapd and iw tool connected with ResFi northbound API (Linux as reference platform)

TKN Telecommunication Networks Group

Example ResFi Application

Distributed Dynamic Channel Selection

Implementation of distributed channel assignment algorithm of Mishra et. al 2005

Algorithm implemented as ResFi application with less than 50 lines of code (LOC)

TKN Telecommunication Networks Group

Testbed evaluation

Large scale testbed evaluation (ORBIT radio grid testbed)

15 ResFi APs and 42 client STAs all in one single collission domain

Simulation of 12 apartments with single AP and single client STA and three co-located public hotspots each with AP and 10 client STAs

Measuring TCP/IP uplink throughput from all concurrently transmitting client STAs

Distributed Dynamic Channel Selection Evaluation as proof-of-concept

TKN Telecommunication Networks Group

Testbed evaluation

Uplink TCP throughput of all STAs of both algorithms aggregated as boxplots

TKN Telecommunication Networks Group

Testbed evaluation

97% Median increase

Uplink TCP throughput of all STAs of both algorithms aggregated as boxplots

TKN Telecommunication Networks Group

Other ResFi Applications

Other RRM applications are possible:

Distributed RTS/CTS adaption

Distributed TDMA to mitigate Hidden node problems

Distributed Sensing of non-WiFi interference

Distributed EDCA parameter assignment

…

TKN Telecommunication Networks Group

Build your own ResFi applications!

Source code published as open source

https://github.com/resfi

Mininet based Emulation for testing new ResFi applications

Linux based ResFi reference implementation for real hardware

Only user-space software modifications (patched hostapd)

Framework based on platform independent python code

Can be used as reference implementation for AP vendors or as research framework

TKN Telecommunication Networks Group

Build your own ResFi applications!

Thank you!

https://github.com/resfi

TKN Telecommunication Networks Group

Non RRM Applications

Problem: neighbor AP would provide better wireless connectivity than own AP, but we cannot use it.

TKN Telecommunication Networks Group

Virtual Neighbor AP

Idea: APs mutally deploy virtual neighbor SSID and tunnel all traffic back to real AP.