WiFiProfiler: Cooperative Diagnosis in Wireless LANs

1
WiFiProfiler Cooperative Diagnosis in Wireless
LANs

• Ranveer Chandra, Venkat Padmanabhan, Ming Zhang
• Microsoft Research

2
Wireless Woes

• Users often wonder why
• My machine says wireless connection
  unavailable
• I get poor performance on wireless
• My wireless card keeps trying to authenticate
• Is it just me?

3
Wireless Woes

• Users often wonder why
• My machine says wireless connection
  unavailable
• I get poor performance on wireless
• My wireless card keeps trying to authenticate
• Is it just me?
• Many places have no/minimal network admin
• Hotspots cafes, airports
• Transient networks conferences, IETF meetings

4
Prior Work Operator View

• Infrastructure-based monitoring (Aruba, DAIR)
• Focuses on operator perspective (e.g., rogue APs)
• Monitoring at clients (e.g., Adya 2004)
• Fault diagnosis using infrastructure support
• Also focuses on operator perspective
• Correlate client observations at AP (MOJO)
• Detect PHY level anomalies

5
WiFiProfiler Goal User View

• Enable clients to diagnose network failures
  without requiring admin/infrastructure support
• Reduce user frustration
• Reduce load on admin, when there is one

Help users help themselves
6
State of the Art Local Diagnosis

• Wireless Connection Manager, WZC
• Reasonable detection, Poor diagnosis

Bad NIC
MAC Filtering
Bad WEP Key
Cannot Associate
Bad AP
7
WiFiProfiler

• Based on two key observations
• Clients form Information Plane with peers
• Even when client cannot connect to AP
• Extent of problem indicates cause

Diagnose faults by correlating peers health
8
WiFiProfiler Overview
Healthy Client
Req. Health
Health Info. (WEP key info)
Dissatisfied Machine (Cannot connect to
WEP-enabled AP)
Create Information Plane
Access Point
Health Info. (WEP key info)
Req. Health
Diagnose Problem Same WEP key?
Healthy Client
Diagnose range of problems across layers!
9
Faults and Some Causes
Location
No AP Detected
H/w or s/w
No Association
Security
DHCP Server
No IP Address
Firewall/proxy
End-to-End Failure
WAN Disconnect
WAN congestion
Poor Performance
Wireless problem
10
Outline

• Introduction
• WiFiProfiler Overview
• WiFiProfiler Design
• Evaluation
• Summary

11
WiFiProfiler Design Goals

• Transparency
• Minimal user impact/involvement
• Deployability
• Work with off-the-shelf cards and unmodified
  drivers
• Scalability
• Work with a large number of clients
• Security
• Prevent compromise of clients and AP

12
WiFiProfiler Architecture

• Sensing What is monitored?
• Communication How is it shared?
• Diagnosis How are faults diagnosed?

13
Sensing

• Monitor health of clients connectivity
• Static info (e.g., NIC type)
• Dynamic info (e.g., assoc. success/failure)

Sensed Info
Some Causes
Fault
NIC Model, Make, Driver version
H/w or s/w
No Association
Auth/Encryption setting, key info
Security
14
Sensed Information

• User-level service (daemon) polls various layers
• Wireless NIC, BSSID, RSSI, Beacon Loss, 1-way
  hash of key, Interface Queue
• IP IP Address, DHCP, DNS
• Transport Failed connections, Server Ports
• Application Web proxy settings
• Snapshot obtained once every second
• Summarized information lt 1200 bytes

15
Communication
Req. Health
H
D
Sensed Info
Establishing the Information Plane

• 802.11 NICs can connect to only one network at a
  time
• Challenges
• Discovery How does H know that D needs help?
• Parallelism How does H send packets to D?

16
Discovery

• D initiates ad hoc network with distinct SSID
• Special SSID format denotes request for help
• H receives beacon even when associated to AP

SSID Help169.254.10.1255000
D
H
169.254.10.125 Port 5000
17
Parallelism using VirtualWiFi
Details Infocom 04
Approach Virtualize card, buffer packets, switch
b/w networks
Application Layer
User-level
Kernel-level
TCP/IP, Network Stack
VirtualWiFi Layer
Virtual Interface 3
Virtual Interface 2
Virtual Interface 1
Wireless Card
18
Communication Protocol

• WiFiProfiler uses 2 (virtual) adapters
• Primary adapter activated in normal use
• Helper adapter dedicated for WiFiProfiler
• Activated only when needed

SSID Help169.254.10.1255000
D
H
Primary VNIC
169.254.10.125 Port 5000
Helper VNIC
Scalability and Security discussions in paper
19
Diagnosis

• Initiated by user
• Correlate peers info and infer likely cause
• Rule-based techniques instead of black-box
• Suggest steps for problem resolution
• Change configuration settings
• e.g. local DNS server, web proxy, WEP key
• Change location, contact admin
• Diagnose faults across layers of network stack

20
Diagnosing Association Failure
If another peer has successfully associated with
the AP
Similar card Associated?
Is Sec. config Same?
Is BLR much higher?
NO
YES
NO
YES
YES
NO
Bad Sec. setting (Fix it)
Bad signal (change location)
MAC Filtering (contact admin)
S/w or H/w config (change NIC or update driver)
21
Diagnosis Features

• Inherent uncertainty in some cases
• Need info from AP to confirm MAC filtering
• Conflicting info from peers
• Used to eliminate branches in diagnosis
  procedure, e.g. NIC type
• Vulnerability to bogus info from attackers
• Use information from large number of peers
• Susceptible to Sybil attack

22
Outline

• Introduction
• WiFiProfiler Architecture
• Sensing
• Communication
• Diagnosis
• Evaluation
• Summary

23
Evaluation

• Sensing Low overhead
• (used lt 1 CPU on 1.33 GHz laptop)
• Communication using VirtualWiFi
• Healthy clients spend lt 2 sec sending info
• Sick clients get information within 30 seconds
• Much of the delay in discovery (scanning delays)

24
Little Impact on Healthy Clients
Extra 0.5 to 3 seconds!
25
Effectiveness of WiFiProfiler
Relevant diagnosis at all clients within 30
seconds!
26
WiFiProfiler Summary

• Enables cooperative diagnosis in WLANs
• Without infrastructure support, low overhead
• Working system on Windows XP
• Future work
• Security Privacy, Sybil Attacks, Passive Mode
• Long-term Profiling