WiFi Profiler: Cooperative Diagnosis in Wireless LAN - PowerPoint PPT Presentation

About This Presentation
Title:

WiFi Profiler: Cooperative Diagnosis in Wireless LAN

Description:

WiFi Profiler: Cooperative Diagnosis in Wireless LAN Ayah Zirikly Communication protocol Communication Initialize Requester: The client activates the helper network ... – PowerPoint PPT presentation

Number of Views:128
Avg rating:3.0/5.0
Slides: 63
Provided by: Aya23
Category:

less

Transcript and Presenter's Notes

Title: WiFi Profiler: Cooperative Diagnosis in Wireless LAN


1
WiFi Profiler Cooperative Diagnosis in Wireless
LAN
  • Ayah Zirikly

2
Authors
  • Presented at MobiSys 2006 by
  • Ranveer Chandra
  • Venkata N.Padmanabhan
  • Ming Zhang

Microsoft Research
3
What this paper is presenting
  • A system in which wireless hosts cooperate to
    diagnose and resolve network problem in an
    automated manner.

WiFi Profiler
4
Key observation behind the paper
  • If the host is disconnected, it is often in the
    range of other wireless nodes and is able to
    communicate with them peer-to-peer, to get access
    to the information gathered.

5
Goal of the paper
  • Creating a shared information plane that enables
    wireless hosts to exchange a range of information
    about their network settings.
  • By aggregating such information across multiple
    wireless hosts WiFiProfiler infer the likely
    cause of the problem.

6
Differences between WiFiProfiler and previous
tools
  • Previous tools like the one we saw in the last
    paper is not automated as it still needs the
    network administrator to figure out the problem.
  • Do not depend on any special vulnerabilities/chara
    cteristics in 802.11

7
Wireless LAN Architecture
  • Wireless Security
  • MAC filtering rejecting packets that their MAC
    address does not belong to a predefined list.
  • WEP key setting configured manually at the AP
    and the wireless clients.
  • WPA key setting configured
  • Automatically using 802.1X
  • Manually (user enter passphrase).
  • DHCP
  • In addition to giving the client IP address, it
    provides other configuration information like the
    IP address of the gateway and LDNS server.
  • Firewall
  • Port blocking.
  • Others
  • Application-level proxies.

8
Causes of Network Problems
9
Causes of Network Problems
10
No AP detected
  • The client is not receiving the broadcasted
    beacons.
  • Reasons
  • Out of Range.
  • Channel noise.
  • HW/SW incompatibility.

11
Causes of Network Problems
12
No association with the AP
  • AP is malfunctioning
  • Client does not have a good consistent signal.
  • Inappropriate MAC Address (MAC filtering).
  • Software Incompatibilities (outdated driver).
  • Hardware Incompatibilities (wireless cards).
  • Wrong WEP Key, or WPA authentication.
  • Other security related issues.

13
Causes of Network Problems
14
Inability to obtain an IP address
  • Client side
  • Wrong key (WEP/WPA)
  • Wrong MAC.
  • Configuration problem.
  • AP side
  • Wired interface is malfunctioning or
    disconnected.
  • DHCP side
  • IP address pool exhausted.
  • Server being down.

15
Causes of Network Problems
16
End-to-End communication failure
  • DNS resolution failure
  • Incorrect local DNS server settings.
  • Failure in the DNS infrastructure.
  • Firewall might selectively block communication.
  • Common FW ports not open
  • The use of application proxies.
  • Proxy Server down
  • Inappropriate client proxy settings
  • Disconnected wireless LAN
  • Equipment Malfunction
  • Equipment Failure

17
Causes of Network Problems
18
Poor performance
  • Lossy wireless link due to
  • Weak signal.
  • Noise.
  • Network Congestion(wireless medium or WAN)
  • Too many legitimate users consuming network
    resources.
  • Misbehaved users.
  • Combination of both

19
Examples of the shared information Plane
  • Having or not the ability to be connected to a
    certain wireless network or AP.
  • The ability or not to obtain IP address.
  • Experiencing poor performance.

20
Architecture of WiFi Profiler
  • Components of WiFi Profiler

21
Design and Implementation of WiFiProfiler
  • Sensing
  • Make local observations of network
    configurations and health at the individual
    wireless clients.
  • Communication
  • Enable peer-to-peer communication among wireless
    hosts within range
  • Diagnosis
  • Infer the likely causes of the problems
    experienced by clients and possible steps for
    resolution

22
Sensing
  • Mission

Make passive observations of the network health
and network configuration information at the
individual wireless clients.
23
Sensing
  • Wireless layer
  • Wireless (HW/SW) configuration information
    (Static Information)
  • NIC model.
  • NIC name.
  • Driver version.

24
Sensing Wireless Layer
  • Information about Wireless network in the
    vicinity
  • BSSID list (Basic Service set Identifiers)
  • The list of BSSIDs corresponding to the APs from
    whom beacons have been heard .
  • SSID list (Service Set Identity)
  • Name identifies the network.
  • SSID may have multiple BSSIDs that a client can
    be associated with.
  • RSSI list
  • Received signal of the BSSID.
  • Average RSSI reported.

25
Sensing Wireless Layer
  • Security settings information
  • Security protocol
  • WEP/WPA key used for authentication or/and
    encryption.
  • To avoid exposing the key, only oneway hashing
    of this information is shared.

26
Sensing Wireless Layer
  • Information about the state of the wireless
    channel
  • Beacon loss rate
  • Based on the number of beacon frames that are not
    received at a client.
  • Loss rate of client broadcast UDP beacons (since
    some drivers do not compute BLR ).
  • Interface queue length
  • Sampling the packet queue length at the wireless
    interface on a continual basis.
  • Indicator of the wireless congestion.

27
Sensing
  • Network layer
  • Dynamic Information concerns
  • IP address/subnet/mask the IP address, subnet,
    and netmask corresponding to the wireless
    interface.
  • IP mode whether the clients IP address is
    assigned statically or obtained dynamically using
    DHCP.
  • DHCP information the IP address of the DHCP
    server that lease the address and when the lease
    happened.
  • LDNS information the IP address(es) of the local
    DNS server(s).

28
Sensing
  • Transport layer
  • Learn about the E2E network connectivity over
    the wide-area network that can be affected by
    firewalls, congestion/disconnection of the WAN
    link.
  • Information obtained (Dynamic Information)
  • Failed connection attempts
  • Number of connection and failed attempts.
  • Packet retransmission
  • Number of retransmitted TCP segments.
  • Server port numbers with successful TCP
    connections
  • Successful connection on a certain server port
    numbers (if not, firewall might blocking
    access).

29
Sensing
  • Protocol state example

30
Sensing
  • Application layer
  • Configuration information related to the
    wireless communication.
  • Web proxy setting
  • HTTP proxy has been used??
  • Host name.
  • Port number.

31
Sensing
  • Summarizing Sensing Information
  • Needed to reduce the overhead of sharing with
    peers.
  • Configuration information (NIC type, etc)
  • Values from the recent snapshots.
  • Dynamic information
  • Compute aggregate (average or threshold) metric
    over
  • 60 seconds for wireless-related information.
  • 300 seconds for TCP-related information.
  • BSSID list, SSID list
  • Union of the distinct values of the sets.

32
Communication
  • Enables wireless client having problems
    requester to obtain information from its peers
    responders.
  • Challenges observed
  • Requester and responders are not in the same
    network.
  • Requester is disconnected.
  • Requires responder to disconnect from its current
    network.
  • WiFiProfiler framework enables exchanging
    information without the need of disconnecting the
    responder from its network.
  • Key observation
  • Disconnected node can initiate AH network with
    the responders.
  • Responder can connect to the requesters AH
    without disconnecting from its network.

Can be accomplished using two NICs or virtualWiFi
33
Communication
  • Each client using WiFiProfiler has two adapters
  • Primary adapter
  • Used for its normal communication.
  • Helper adapter
  • Used to exchange information with peers.

34
Communication
  • Communication protocol

Initialize Requester The client activates the
helper network adapter
35
Communication
  • Communication protocol

Start AH Network Started over the helper network
adapter, with the appropriate SSID and IP address.
36
Communication
  • Communication protocol

Initialize Responder Parses the SSID field to
see if it corresponds to a requester. If so, it
activates its helper adapter.
37
Communication
  • Communication protocol

Join Network, Send Response Sets up a socket
connection with the corresponding IP address and
Port Then, start sending information to the
requester.
38
Communication
  • Communication protocol
  • Stop Responder
  • After sending responses
  • Closes socket connection.
  • Stops the helper adapter.

39
Communication
  • Communication protocol
  • Stop Requester
  • After sufficient number of responses
  • Shuts down socket.
  • Stops the helper adapter.

40
Communication
  • Communication protocol steps using VirtualWiFi
  • Requester activates its helper adapter and
    configures it with the help SSID.
  • The responder after detecting Help request, it
    activates its helper adapter.
  • VirtualWiFi switches the physical card across the
    primary and helper adapter.
  • Responder stops VirtualWiFi (unbind helper
    adapter after sending responses).
  • Requester activates its primary adapter to stop
    the AH network.
  • Complete within a few milliseconds.

41
Communication
  • Communication protocol steps using two NICs
  • WiFiProfiler assigns static IP address to the
    helper adapter.
  • Requester activates its helper adapter.
  • Primary adapter scans the channels for the
    requesters beacons.
  • Responder activates its helper adapter when
    detecting a requester.
  • The helper adapter scans the channels to locate
    the requesters network.
  • Responder joins AH network..
  • The responder disables its helper adapter after
    sending responses.

42
Communication
  • Optimization to keep the overhead on the
    responder low
  • Summarizing the sensing information in 1200bytes
    to fit into a single packet (keep the protocol as
    simple as possible).
  • Using UDP for the responses giving the responder
    the ability to send single packet and then leave
    the AH network.
  • Limit the responding rate for help to provide
    protection from malicious users.
  • Responders wait for a random time before joining
    the AH network and responding (useful in the case
    of large number of potential responders).
  • Responders can cache recently sent responses to
    send it to current requesters.

43
Diagnosis
  • Based on the information gathered from the peer
    nodes.
  • Inability to detect an AP
  • Reasons
  • No AP in its vicinity.
  • Beacons are not detected at the current location.
  • HW/SW incompatibility between the client and AP.
  • Client wireless NIC is not working.

44
Diagnosis Inability to detect AP
  • Diagnosing steps
  • If the client does not hear from any peers it is
    because
  • No WiFiProfiler-enabled in its vicinity.
  • NIC is not working.
  • If a peer with the same NIC type and driver
    version is able to receive beacons client
    current location is the cause.
  • If all the peers has the same NIC type but
    different driver version
  • NIC driver version or
    client current location is the cause.
  • If all the peers have different NIC types.
  • client NIC type, NIC driver version, or
    current location is the cause.
  • Resolution of the problem
  • User action changing NICs, installing a new
    driver, or changing location.

45
Diagnosis
  • Inability to associate with AP
  • Reasons
  • AP uses security mechanisms like MAC filtering,
    WEP, WPA.
  • Weak wireless link at the clients current
    location.
  • Incompatibility between the NIC type or driver
    and the AP hardware.
  • AP malfunction.

46
Diagnosis Inability to associate with AP
  • Diagnosing steps
  • Client authentication configurations does not
    match the successfully associated peers
    (incorrect key)
  • configuration information missing/wrong.
  • Client has higher BLR/has lower RSSI than its
    successfully associated peers weak link
    due to client current location.
  • If a peer with the same NIC type and driver
    version is able to associate MAC filtering
    is applied at the AP.
  • Resolution of the problem
  • User action changing authentication
    key/passphrase, location, NICs, or installing a
    new driver.
  • Operator action adding NIC MAC address to the
    MAC filter list.

47
Diagnosis
  • Inability to obtain IP address
  • Reasons
  • Incorrect WEP key that prevents communication
    with AP.
  • AP hardware malfunctioning or disconnections that
    prevents the AP from communicating with DHCP
    server.
  • DHCP is down or out of addresses and is not
    responding to the requests.

48
Diagnosis Inability to obtain IP address
  • Diagnosing steps
  • Client WEP encryption key does not match its
    successfully associated peers
    configuration information missing/wrong.
  • One or more peer is successfully associated but
    did not obtain IP address
  • DHCP server or general
    connectivity problems.
  • If at least one peer established successful
    wide-are communication. Failure or address
    exhaustion at the DHCP.
  • Resolution of the problem
  • User action changing authentication
    key/passphrase, location, NICs, or installing a
    new driver.
  • Operator action resolve DHCP server problem or
    hardware disconnection problem.

49
Diagnosis
  • End-to-End Communication Failure
  • Reasons
  • DNS resolution failure
  • Incorrect local DNS server setting.
  • LDNS server is down or unreachable.
  • General problem with DNS that is not specific to
    local wireless network.
  • E2E connectivity problems.
  • Incorrect application proxy setting.
  • Application proxy is down or disconnected.
  • Firewall blocking access.
  • Connectivity problem between the wireless LAN and
    the wide-area network.

50
Diagnosis E2E communication failure
  • DNS resolution Failure
  • Diagnosing steps
  • If a peer with a different LDNS setting reports a
    high success rate while no peer with the same
    LDNS setting reports it.
  • incorrect LDNS server setting
  • All peers report a high failure rate for DNS
    resolution, with no response from the server.
  • LDNS server is down or unreachable.
  • Otherwise, general DNS problem.
  • Misconfiguration or WAN connectivity issues.
  • Resolution of the problem
  • User action changing the clients LDNS setting.
  • Otherwise, operator intervention needed.

51
Diagnosis E2E communication failure
  • E2E connectivity problem
  • Diagnosing steps
  • If the client and its peers have failure
    communication on certain ports and successful on
    others.
  • firewall blocking communication
    (port-based).
  • If one peer has successful communication on a
    problematic port of the server.
  • unreachable remote host or firewall blocking
    based on other criteria.
  • No peer reports successful E2E communication.
  • connectivity problem between WLAN and
    wide-are network.
  • Resolution of the problem
  • User action changing proxy setting.
  • Otherwise, operator intervention needed.

52
Diagnosis
  • Poor performance
  • Reasons
  • Clients weak wireless link.
  • Wireless medium is congested.
  • WAN problem (congestion or routing problem).

53
Diagnosis poor performance
  • Diagnosing steps
  • If the clients number of beacons is a lot lower
    than the highest value reported.
  • weak wireless link to the client.
  • If more than one peer reports persistent queuing
    but weak wireless network.
  • wireless medium is congested
  • Resolution of the problem
  • User action changing location or switching to a
    less congested AP or network.
  • Otherwise, operator intervention needed.

54
Problems can evolve
  • Possibility of conflicting information.
  • For example, two peers with identical NIC type
    and driver version. One report association
    success and the other failure. These two will be
    ruled out by the requester.

55
Evaluation Evaluation of sensing
  • Sensing the quality of the wireless link
  • Examine the relationship between RSSI and BLR
  • Place a client at 6 different locations at
    increasing distance from AP.
  • Notice that BLR exceeds 5 when the RSSI is less
    than -80dBm.

-80 dBm can be a threshold for the lossiness of
the wireless link
56
Evaluation Evaluation of sensing
  • Sensing the quality of the wireless link
  • TCP throughput
  • Throughput drops when the BLR exceeds 5
  • Consistent with the threshold concluded that
    indicates the lossy of the wireless link.

57
Evaluation Evaluation of sensing
  • Overhead of sensing
  • Sensing is ongoing process on WiFiProfiler (to
    reduce diagnosis latency). So, low overhead (in
    terms of CPU and network performance) is
    critical.
  • WiFiProfiler sensing component uses under 1 of
    the CPU even on 1.33 GHz).
  • No measurable network performance.

58
Evaluation Evaluation of communication
  • Impact of Providing Help on the Responder
  • Case Study Responder is in the middle of
    downloading something (worst case).
  • How does providing help affect the time of
    downloading?
  • Studying the impact in three different cases
  • Responder uses two NICs (downloaded time
    unaffected).
  • Responder uses virtualWiFi and the AP implements
    802.11 PSM, to ensure no packet loss when
    switching (longer delay).
  • Responder uses virtualWiFi but AP does not
    implement PSM(longest delay).
  • The delay on the download time
  • 500 ms for small downloads.
  • 2-3 seconds for large downloads.

59
Evaluation Evaluation of communication
  • End-to-End latency of the Comm. Protocol
  • Time taken at each of the protocol steps
  • Initializing and stopping the requester requires
    enabling and disabling the helper adapter (few
    seconds).
  • Time responder takes to detect the requester AH
    network (18 seconds).
  • Time responder takes to enable its helper
    adapter(5seconds).
  • Time taken by helper adapter to scan the
    requester AH network, by the responder to join
    the AH, and by responder and requester to
    initialize their network stacks (32 seconds).

60
Evaluation Evaluation of communication
  • Best results (less time taken), when both
    requester and responder use VirtualWiFi .
  • Still the biggest overhead is the time to receive
    data.

61
Evaluation Evaluation of diagnosing
  • The faults and how WiFiProfiler was able to
    diagnose them.
  • Faults
  • No beacon.
  • MAC filtering.
  • Incorrect WEP key for authentication/encryption.
  • DHCP problem.
  • Port blocking.
  • Wireless congestion.
  • They claim that WiFiProfiler is effective in
    giving the right diagnosis in less than 40
    seconds. Even in the situation of multiple
    simultaneous problems.

62
Security Issues
  • DoS attacks
  • By clients pretending to be in trouble
  • Limiting the frequency a client will help its
    peers.
  • By clients misleading their peers by reporting
    fake information
  • Reporting diagnosis based on information
    collected by large number of peers.
  • Leaking sensitive information
  • One-way hash of the key to protect against
    revealing WEP key.
  • future work try to share the bare minimum
    information needed.
Write a Comment
User Comments (0)
About PowerShow.com