1. P2PWNC Wireless Community Network CMSC 711: Computer Networks Yee Lin Tan Adam Phillippy

2. Introduction ♦ Ubiquitous Internet access is a necessity ♦ Email, web, VoIP, messaging, remote network access ♦ Current state ♦ Internet access far from ubiquitous ♦ Required infrastructure not yet in place ♦ Wireless Internet Service Providers (WISPs) ♦ Coverage limited to selected hotspots ♦ Wireless LAN (WLAN) ♦ Deployed in homes, schools, airports, etc. ♦ Idea ♦ Why not unite all WLANs to provide ubiquitous access to the Internet?

3. Peer-to-Peer Wireless Network Confederation (P2PWNC) ♦ Framework for uniting WLAN hotspots ♦ Community of administrative domains that offer wireless internet access to each other’s users ♦ P2P network of domain agents (DA)

4. Peer-to-Peer Wireless Network Confederation (P2PWNC) ♦ Administrative Domain ♦ Examples: ♦ Residential hotspot with 1 access point ♦ WISP with access points in many locations ♦ Domain Agent (DA) ♦ Each administrative domain maintains 1 DA ♦ Physical node that represents the WLAN ♦ Responsibilities: ♦ Regulates wireless service provision and consumption ♦ Eliminates need for roaming agreements

5. Peer-to-Peer Wireless Network Confederation (P2PWNC) ♦ Simple accounting mechanism based on token-exchange ♦ When roaming in another P2PWNC domain ♦ To compensate for resources consumed, home DA transfers tokens to visited DA

6. P2PWNC Design ♦ Based on reciprocity ♦ Domains must provide resources to visitors ♦ So that their own users can consume resources of other P2PWNC domains when roaming

7. Distinctive Characteristics ♦ Open to all ♦ No registration or central authority ♦ Joining P2PWNC is similar to joining a file-sharing network ♦ Free to use ♦ No barrier to entry ♦ Reciprocity drives the system ♦ Autonomous domains ♦ Each domain decides how much resources it wants to provide to visitors ♦ Protects privacy ♦ Identity and location privacy

8. P2P Systems ♦ Communities of economic agents cooperating for mutual benefit without centralized control ♦ Characteristics: ♦ Makes use of otherwise underused resources ♦ Agent autonomy ♦ Scalability, fault-tolerance, reliability

9. P2PWNC as a P2P System ♦ Underused resources ♦ Residential hotspots typically operate only at a small percentage of maximum throughput ♦ Cost-sharing ♦ Distribute cost among participating administrative domains ♦ High cost for a single provider to cover large areas ♦ Hardware ♦ Administration, operations, maintenance ♦ Decentralized control ♦ Distributed accounting to track who owes who and how much ♦ Agent autonomy ♦ Can dynamically adjust provisioning rates

10. Architectural Overview ♦ Unique logical name for each DA ♦ Can reuse DNS name ♦ Registered users ♦ Local users of a particular domain ♦ Examples: ♦ Residential hotspot: all household members ♦ WISP: all subscribers ♦ Roaming users ♦ Visiting users from another domain

11. DA Modules ♦ Name service ♦ Maps logical P2PWNC domain names to IP addresses of DAs ♦ Authentication ♦ Maintains a database of registered users along with security credentials ♦ Traffic-policing ♦ Logs and shapes internet traffic ♦ Allocates specific amounts of bandwidth to visitors ♦ WLAN ♦ Firewall, DHCP, DNS, access point control ♦ Distributed accounting ♦ Secure storage of accounting data

12. DA Modules (2) ♦ Consumer-strategy ♦ Home DA’s consumer-strategy is contacted when roaming user wants service ♦ Decides if transaction should continue ♦ Pays required tokens to visited DA’s provider-strategy module ♦ Provider-strategy ♦ Decides whether to provide service to visitor ♦ Decides current service prices

13. DA Modules (3) ♦ Privacy-enhancement ♦ Protects identity privacy ♦ Hides user name and home DA of roaming user from visited DA ♦ Protects location privacy ♦ Hides visited DA from home DA ♦ Distributed Hash Table ♦ Low-level module used by name service and distributed accounting

14. Security and Privacy Issues ♦ Abuse by untrustworthy visitors ♦ Illegal activities ♦ Traffic logging by untrustworthy providers ♦ Possible solution: tunneling through trusted gateway (e.g. home DA) ♦ Identity privacy ♦ Possible solution: create a new alias for every new connection? ♦ Identity and location privacy ♦ Possible solution: Mix network

15. Mix network Peer ‘P’ (provider) Peer ‘A’ (mix 1) Peer ‘B’ (mix 2) Peer ‘C’ (home) “My P2PWNC ID is Alias_X@A” Credentials include real ID and a mix chain encrypted using nested public-key encryptions Alias_X@A { MIX, B, { MIX, C, { STOP, X } C } B } A Alias_X@B { MIX, C, { STOP, X } C } B Alias_X@C { STOP, X } C X@C Idea credit: David Chaum Slide credit: George Polyzos

16. Economic Considerations ♦ Optimal system parameters ♦ Consumer/Provider strategies, token prices ♦ Secure distributed accounting subsystem ♦ Monitors peer contribution and consumption ♦ Uses cryptographically secure tokens (cannot be forged) ♦ Domain strategies ♦ How to charge usage: ♦ KBytes or hour, current congestions levels, identity of consumer ♦ How to balance conflicting requirements: ♦ Want best possible service for its own roaming users ♦ Must provide service to visitors to earn tokens for use by roaming users ♦ May affect service provided to its own local users

17. Economic Considerations (2) ♦ Offline DAs ♦ Problem ♦ Roaming user requests service from visited DA ♦ Visited DA unable to contact home DA ♦ Possible Solution (decentralized version) ♦ Home DA distributes token allowances to users ♦ User pays without intervention of home DA ♦ Token generation ♦ How DAs first acquire tokens ♦ Distributed banks generate tokens and distribute to new entrants

18. Economic Considerations (3) ♦ Domain heterogeneity ♦ Different in terms of: ♦ Coverage size ♦ Coverage location ♦ Number of registered users ♦ Problem: ♦ Domains with few visitors, difficult to earn tokens ♦ Possible solution: set high token prices ♦ More general problem: ♦ How to make sure a few domains don’t monopolize all tokens?

19. Summary of DA Responsibilities ♦ Regulate prices for service ♦ Make sure visitor traffic does not adversely affect traffic from registered users ♦ Ensure best possible treatment for own (registered) users that are roaming

20. Business Models - Who can make a profit ♦ Upstream ISPs that allow P2PWNC may be preferred by customers ♦ “Pay-as-you-go” domains ♦ Vendors can sell pre-paid cards containing P2PWNC user id and credentials ♦ Virtual P2PWNC ♦ Virtual DA obtains tokens from P2PWNC domains outside normal interaction model ♦ Sells tokens in the form of pre-paid cards

21. Business Models – Who can make a profit (2) ♦ P2PWNC domain aggregators ♦ Host DA for multiple small WLANs ♦ Similar to web hosting ♦ Vendors of DA modules ♦ Provide consumer-strategy and provider- strategy modules ♦ Hotspot indexing engines ♦ Tune DA parameters ♦ Security and privacy enhancements

22. Operational Issues ♦ Need more economic analysis and simulations ♦ How P2PWNC and token-based incentive operate in real-world environment ♦ Regulatory obstacles ♦ Some ISPs prohibit sharing of broadband connections

23. P2PWNC Implementation ♦ http://mm.aueb.gr/research/p2pwnc ♦ GPL Licensed ♦ AP: Linksys WRT54GS ♦ Firmware ♦ Client: QTEK 9100 ♦ C and Java

24. Implementation Assumptions ♦ Good ♦ No central authority ♦ Users may use unlimited, free IDs ♦ User consumption is not homogeneous ♦ Software can be modified/hacked ♦ Teams (domains) will try and cheat ♦ Teams will collude ♦ Not so good ♦ Team consumption is homogeneous ♦ Team members trust each other ♦ ISPs allow connection sharing

25. Teams, users, and receipts (IOUs) Team AP Team member

26. Receipt accounting CONN C P CACK RCPT RREQ RCPT RREQ RCPT R t 0 w 2 t 0 w 1 ? provider, team timestamp, weight

27. Centralized R

28. Decentralized R R R

29. ♦ One receipt server per team ♦ Gossiping protocol ♦ Devices carry a sample of receipts ♦ Consumers share receipts with providers ♦ Adds overhead for verifying receipts ♦ Incomplete view of the “receipt graph”

30. Receipt graph A B C G H F E D I C D B G H Does C owe H?

31. Maxflow decision ♦ Probability of me granting you service What IOU What you owe me

32. Maxflow (bottle neck flow) A F E I CH Min C-H cut D B G

33. Abuse ♦ Uncooperative teams ♦ Evident from receipt graph ♦ Other teams will stop providing service ♦ DOS attacks ♦ Centralized server is vulnerable ♦ Decentralized servers have secret IPs ♦ Teams do not communicate via Internet ♦ Colluding teams…

34. Naive collusion B G H F I X2X2 X0X0 X1X1 C

35. Sophisticated collusion B G H F I X2X2 X0X0 X1X1 X3X3 C

36. Generalized Maxflow ♦ Look for collusion hub X 0 ♦ Discount suspicious paths ♦ Discount flow passing through vertices with a high sum of outgoing edge weights ♦ Discount flow passing through many vertices ♦ Assumes homogeneous team usage

37. Security ♦ Team leader ♦ Public/private keys for team identity ♦ Signs member certificates ♦ Team members ♦ Public/private keys for member identity ♦ All receipts are signed ♦ Elliptic Curve Digital Signature Algorithm (ECDSA) ♦ Signing faster than verification ♦ Mobile devices have limited computing power ♦ No central authority (decentralized)

38. Security

39. Simulation ♦ Providers and consumers make decisions based on benefit-to-cost ratio ♦ Evolutionary learning ♦ Providing +cost, consuming +benefit ♦ Simulate interaction across 500 rounds ♦ 1 new team added per round ♦ 300 total teams

40. Strategies ♦ Switch to best strategy after each round ♦ Most teams adopt cooperative strategies ♦ After 500 rounds ♦ 175 Reciprocative teams ♦ 100 Unconditional cooperator teams ♦ 20 Random cooperator teams ♦ 5 Unconditional defector teams

41. Strategy

42. Questions ♦ Will it work in the real world? ♦ Sporadic usage ♦ Receipt history flushing ♦ Is it scalable? ♦ Maxflow could get expensive ♦ What about heterogeneous team usage? ♦ Variable cost of bandwidth ♦ Who is responsible for the AP’s traffic? ♦ Will the RIAA believe it wasn’t you?

43. P2PWNC Publications ♦ Initial idea ♦ A Peer-to-Peer Approach to Wireless LAN Roaming. Efstathiou EC, Polyzos GC. ACM WMASH, 2003. ♦ Implementation details ♦ Stimulating Participation in Wireless Community Networks. Efstathiou EC, Frangoudis PA, Polyzos GC. IEEE INFOCOM, 2006.

44. Receipt repository

45. Collusion

46. Maxflow overhead

47. Cryptographic overhead

48. Real-World Example - FON ♦ Largest WiFi community in the world ♦ Idea ♦ Members (aka Foneros) share wireless Internet access at home ♦ In return, get free WiFi wherever there is a Fonero Access Point ♦ Use Fonero login ♦ How to become a member: ♦ Buy a WiFi router (aka La Fonera) from FON

49. More about FON ♦ 3 types of Foneros (members) ♦ Linuses ♦ People who share home WiFi to get free WiFi wherever there is a FON Access Point ♦ Aliens ♦ People who do not share their WiFi but want access to a FON Access Point ♦ Charged $3 per day ♦ Bills ♦ Businesses who want to make money off their WiFi ♦ Don’t want free roaming ♦ Get 50% of money Aliens pay ♦ Can advertise on their own personalized FON Access Point homepage