Download - Διπλωματική Εργασία

Transcript
Page 1: Διπλωματική Εργασία

Διπλωματική Εργασία

The Peer-to-Peer Wireless Network Confederation Protocol:

Design Specification and Performance Analysis

Παρουσίαση:Παντελής Φραγκούδης

Επιβλέπων:Γ. Πολύζος

Εξωτερικός αξιολογητής:Κ. Κουρκουμπέτης

Page 2: Διπλωματική Εργασία

2/24

Outline

Introduction System overview and architecture P2PWNC protocol Reference implementation Performance evaluation Conclusion

Page 3: Διπλωματική Εργασία

3/24

Introduction

Peer-to-Peer Wireless Network Confederation (P2PWNC) WLAN roaming scheme based on the P2P paradigm Sharing WLAN resources

Motivation Wide spread of WLAN low-cost equipment and broadband access Underutilized residential WLAN resources Limited WLAN roaming capabilities

Purpose Fueling ubiquitous internet access Exploiting underutilized residential WLAN resources Enforcing cooperation through reciprocity

Characteristics Deployment simplicity Agent autonomy Low managerial overhead

Page 4: Διπλωματική Εργασία

4/24

P2PWNC Overview

Users organized in teams Rule of reciprocity

Members of a team are freely served by other teams if their team also serves members of other teams

Autonomous decisions Decisions are based on transaction history Decision algorithms: not specified by the protocol

Trust model Team members know and trust each other Teams do not trust one another

Two operation modes: Centralized (TCA), Decentralized (no TCA)

ASCII-based communication protocol

Page 5: Διπλωματική Εργασία

5/24

System Entities (1/3)

Teams P2PWNC peers Team identifier: public/secret key pair Each team operates a number of access points

Team members Member identifier: public/secret key pair Team membership established via a certificate

Access Points

Page 6: Διπλωματική Εργασία

6/24

System Entities (2/3)

Receipts Proofs of prior

transactions Issued (signed)

by service consumer

1 receipt per session

ConsumerCertificate

ConsumerSignature

ProviderPK

Timestamp

Weight

MemberPK

TeamPK

TeamSignature

Page 7: Διπλωματική Εργασία

7/24

System Entities (3/3)

Receipt Repository Stores transaction history History used as input to the decision algorithm

Trusted Central Authority Issues key pairs for teams Manages a central receipt repository

Team Server Issues member key pairs and certificates Manages a team-local receipt repository Updates member repositories by answering UPDT

messages

Page 8: Διπλωματική Εργασία

8/24

Centralized Operation Mode

Page 9: Διπλωματική Εργασία

9/24

Decentralized Operation Mode

Page 10: Διπλωματική Εργασία

10/24

The P2PWNC Protocol

ASCII-based messages Support for RSA and Elliptic Curve

Cryptography (ECC) digital signatures Specifies cryptosystem parameters Specifies key, certificate and signature data

representations Does not specify decision algorithms, data

storage formats, software agent implementation details

Page 11: Διπλωματική Εργασία

11/24

Cryptosystem Parameters

RSA Bit lengths: 1024, 1536, 2048 Digest values produced by SHA-1

ECC Bit lengths: 160, 192, 224, 256 ECDSA algorithm (using SHA-1)

Page 12: Διπλωματική Εργασία

12/24

Protocol Messages

CONN: session initiation CACK: session establishment RREQ: receipt request RCPT: receipt QUER: query to the Receipt Repository QRSP: query response (grant/deny

access) UPDT: repository update request

Page 13: Διπλωματική Εργασία

13/24

Mobile User – Access Point Session

Mobile User Access Point RepositoryCONN

QUER

QRSPCACK

RREQ

RCPT

Timeout/Conn. closed RCPT

RREQ

Page 14: Διπλωματική Εργασία

14/24

Reference Implementation (1/3)

AP module Runs on top of embedded Linux-based wireless

access points Multithreaded TCP server Uses netfilter/iptables for network access control Kernel-level traffic measurements per session Mandatory support for RSA, ECC

Mobile User module Currently, C and Java implementations Need not support both RSA, ECC.

Page 15: Διπλωματική Εργασία

15/24

Reference Implementation (2/3)

Receipt Repository module

Composite data structure for receipt storage

Decision algorithms: pluggable modules

Decisions based on the maximum-flow algorithm

Push-Relabel Algorithm - O(V3)

“Global relabeling” heuristic

Page 16: Διπλωματική Εργασία

16/24

Reference Implementation (3/3)

TCA module Includes receipt repository module TCP server waiting for RCPT & QUER messages Team database Team key pair generation module Mandatory support for both RSA, ECC

Team Server module Includes receipt repository module TCP server waiting for RCPT, QUER, UPDT messages Mandatory support for both RSA, ECC

Page 17: Διπλωματική Εργασία

17/24

Performance Evaluation

Testbed Linksys WRT54GS wireless router AMD AthlonXP 2800 laptop

Cryptographic operations performance tests Signature, verification tests ECC vs RSA, AthlonXP vs Linksys WRT54GS

Maximum flow algorithm performance tests Peer population: 100, 500, 1000 teams Receipt repository size: 100 to 10000 receipts Running time and memory consumption tests

Effects of signature verifications on AP operation Tests run on Linksys WRT54GS FTP transfer of a ~220Mb file 160bit ECDSA verifications

Page 18: Διπλωματική Εργασία

18/24

Testbed Platform Specifications

Athlon XP2800 Linksys WRT54GS

System type AMD AthlonXP 2800 Broadcom MIPS

CPU speed 2.08GHz 200MHz

RAM 512 Mb 32Mb

Permanent storage 60 Gb hard disk 8 Mb flash (read only),

32 Kb NVRAM

Operating system RedHat Linux 8, 2.4 kernel Embedded Linux (by Broadcom) - 2.4 kernel

OpenSSL version 0.9.8, beta 5 0.9.8, beta 5

Compiler gcc v3.2 gcc v3.2

GCC optimizations -O3 -O3 –mcpu=r4600 –mips2

Page 19: Διπλωματική Εργασία

19/24

Cryptographic Operations Performance

Security Level

Key Size ratio

(RSA/ECC)

Athlon XP Linksys WRT54GS

RSA ECC RSA ECC

Digital Signing

1024/160 6.4 : 1 9.0 1.3 300.6 20.3

1536/192 8 : 1 25.9 1.2 655.6 18.5

2048/224 9.14 : 1 47.3 1.4 1529.0 23.4

3072/256 12:1 149.1 1.7 3939.0 73.1

Signature Verification

1024/160 6.4 : 1 0.4 6.5 12.3 114.7

1536/192 8 : 1 0.8 6.0 21.4 99.9

2048/224 9.14 : 1 1.3 7.1 37.9 135.7

3072/256 12:1 2.8 8.6 75.3 453.0Time measured in milliseconds

Page 20: Διπλωματική Εργασία

20/24

Maximum Flow Algorithm Running Time on Athlon XP

Page 21: Διπλωματική Εργασία

21/24

Maximum Flow Algorithm Running Time on Linksys

WRT54GS

Page 22: Διπλωματική Εργασία

22/24

Effect of CPU Intensive Tasks on Throughput

Verification wall clock time: 0.12sec 223.33Mbyte FTP transfer over Linksys WRT54GS

(wired): 3956.62 Kbytes/sec

Verifications/sec Delay (of #verifications)

Throughput (Kbytes/sec)

Transfer time (seconds)

- - 3956.62 (pure transfer)

56.58

0.72 9 3858.05 58.00

1.28 4 3600.85 62.00

2.56 1 3145.67 71.00

3.76 0 2783.79 80.50

8.5 (pure verification time)

0 - -

Page 23: Διπλωματική Εργασία

23/24

Extensions

Denial-of-Service attacks DoS attacks to APs/Receipt Repositories Exploit of probabilistic nature of decision algorithms

Implementation issues Maxflow algorithm heuristics Receipt Repository as a distributed database Study and improve ECC efficiency

Deployment issues Porting client software to more platforms (esp. PDAs) Downloadable Linksys WRT54GS firmware distribution

Evaluation issues Maxflow testing on various graph types (based on user mobility

models)

Page 24: Διπλωματική Εργασία

24/24

Summary

Specified, implemented and evaluated a protocol for the provision of unified WLAN roaming services

Aiming at fueling ubiquitous Internet access Scheme built around the ideas of agent autonomy and

service reciprocity Maximum flow-based decision algorithms Designed with embedded/constrained devices in mind Efficient data structures for data storage/retrieval and

graph operations Tested applicability of Elliptic Curve Cryptography