Embed Size (px)
Citation preview
WiFiProfiler: Cooperative Diagnosis in Wireless LANs
Ranveer Chandra, Venkat Padmanabhan, Ming Zhang
Microsoft Research
2
Wireless Woes
• Users often wonder why:
– “My machine says: wireless connection unavailable”
– “I get poor performance on wireless”
– “My wireless card keeps trying to authenticate”
– “Is it just me?”
3
Wireless Woes
• Users often wonder why:
– “My machine says: wireless connection unavailable”
– “I get poor performance on wireless”
– “My wireless card keeps trying to authenticate”
– “Is it just me?”
• Many places have no/minimal network admin
– Hotspots: cafes, airports
– Transient networks: conferences, IETF meetings
4
Prior Work: Operator View
• Infrastructure-based monitoring (Aruba, DAIR)
– Focuses on operator perspective (e.g., rogue APs)
• Monitoring at clients (e.g., [Adya 2004])– Fault diagnosis using infrastructure support– Also focuses on operator perspective
• Correlate client observations at AP (MOJO)– Detect PHY level anomalies
5
WiFiProfiler Goal: User View
Enable clients to diagnose network failures
without requiring admin/infrastructure support:
– Reduce user frustration
– Reduce load on admin, when there is one
Help users help themselves
6
State of the Art: Local DiagnosisWireless Connection Manager, WZC
• Reasonable detection, Poor diagnosis
Cannot Associate
MACFiltering
Bad AP
Bad WEPKey
Bad NIC
7
WiFiProfiler
• Based on two key observations:
– Clients form Information Plane with peers• Even when client cannot connect to AP
– Extent of problem indicates cause
Diagnose faults by correlating peers’ health
8
WiFiProfiler Overview
Create Information Plane
Dissatisfied Machine
(Cannot connect to WEP-enabled AP)
Req. Health
Req. Health
Health Info.
(WEP key info)
Diagnose Problem:Same WEP key?
Access Point
Healthy Client
Health In
fo.
(WEP key in
fo)
Healthy Client
Diagnose range of problems across layers!
9
Faults and Some Causes
No IP Address
Security
H/w or s/w
DHCP Server
No Association
No AP DetectedLocation
WAN congestion
Wireless problem
Poor Performance
End-to-End Failure
Firewall/proxy
WAN Disconnect
10
Outline
• Introduction
• WiFiProfiler Overview
• WiFiProfiler Design
• Evaluation
• Summary
11
WiFiProfiler Design Goals
• Transparency: – Minimal user impact/involvement
• Deployability: – Work with off-the-shelf cards and unmodified drivers
• Scalability:– Work with a large number of clients
• Security:– Prevent compromise of clients and AP
12
WiFiProfiler Architecture
• Sensing: What is monitored?
• Communication: How is it shared?
• Diagnosis: How are faults diagnosed?
13
Sensing
• Monitor health of client’s connectivity– Static info (e.g., NIC type)
– Dynamic info (e.g., assoc. success/failure)
H/w or s/wNo Association
Fault Some Causes Sensed Info
NIC Model, Make,Driver version
Auth/Encryption setting, key info
Security
14
Sensed Information
• User-level service (daemon) polls various layers
– Wireless: NIC, BSSID, RSSI, Beacon Loss, 1-way
hash of key, Interface Queue
– IP: IP Address, DHCP, DNS
– Transport: Failed connections, Server Ports
– Application: Web proxy settings
• Snapshot obtained once every second
– Summarized information < 1200 bytes
15
Communication
802.11 NICs can connect to only one network at a time
Challenges:
– Discovery: How does H know that D needs help?
– Parallelism: How does H send packets to D?
Req. Health
Sensed Info
DH
Establishing the Information Plane
16
Discovery
• D initiates ad hoc network with distinct SSID– Special SSID format denotes request for help
– H receives beacon even when associated to AP
D
169.254.10.125Port: 5000
SSID: Help:169.254.10.125:5000
H
17
VirtualWiFi Layer
Virtual Interface 3
TCP/IP, Network Stack
Virtual Interface 2
Application LayerUser-level
Kernel-level
Approach: Virtualize card, buffer packets, switch b/w networks
Virtual Interface 1
Wireless Card
Parallelism using VirtualWiFiDetails: Infocom ’04
18
Communication Protocol• WiFiProfiler uses 2 (virtual) adapters:
– Primary adapter activated in normal use
– Helper adapter dedicated for WiFiProfiler• Activated only when needed
DH
169.254.10.125Port: 5000
SSID: Help:169.254.10.125:5000
Primary VNIC
Helper VNIC
Scalability and Security discussions in paper
19
Diagnosis
• Initiated by user
• Correlate peers’ info and infer likely cause
– Rule-based techniques instead of black-box
• Suggest steps for problem resolution
– Change configuration settings• e.g. local DNS server, web proxy, WEP key
– Change location, contact admin
• Diagnose faults across layers of network stack
20
NOYES
Diagnosing Association Failure
Is Sec.configSame?
Bad Sec. setting(Fix it)
NO
Is BLRmuch
higher?
Bad signal(change location)
Similar cardAssociated?
YES
If another peer has successfully associated with the AP:
YES
MAC Filtering(contact admin)
NO
S/w or H/w config(change NIC or update driver)
21
Diagnosis Features
• Inherent uncertainty in some cases– Need info from AP to confirm MAC filtering
• Conflicting info from peers– Used to eliminate branches in diagnosis procedure,
e.g. NIC type
• Vulnerability to bogus info from attackers– Use information from large number of peers
– Susceptible to Sybil attack
22
Outline
• Introduction
• WiFiProfiler Architecture
– Sensing
– Communication
– Diagnosis
• Evaluation
• Summary
23
Evaluation
• Sensing: Low overhead
– (used < 1% CPU on 1.33 GHz laptop)
• Communication using VirtualWiFi:
– Healthy clients spend < 2 sec sending info
– Sick clients get information within 30 seconds
• Much of the delay in discovery (scanning delays)
24
Little Impact on Healthy Clients
0
5
10
15
20
25
10K 100K 1M
Download Size (in bytes)
Tim
e (i
n s
eco
nd
s)Download while Helping
Download when not Helping
Extra 0.5 to 3 seconds!
25
Port blockedMAC Filtering
Too far from AP
Access Point
Port blocked Port blocked
Effectiveness of WiFiProfiler
Relevant diagnosis at all clients within 30 seconds!
26
WiFiProfiler Summary
• Enables cooperative diagnosis in WLANs
– Without infrastructure support, low overhead
• Working system on Windows XP
• Future work:
– Security: Privacy, Sybil Attacks, Passive Mode
– Long-term Profiling
