Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

  1. 1. DAIR: D ense A rray of I nexpensive R adios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl † , Jitendra Padhye † , Lenin Ravnindranath † , Manpreet Singh ‡ , Alec Wolman † , Brian Zill † † Microsoft Research ‡ Cornell University
  2. 2. Observations <ul><li>Outfitting a desktop PC with 802.11 wireless is becoming very inexpensive </li></ul><ul><ul><li>Wireless USB dongles are cheap </li></ul></ul><ul><ul><li>PC motherboards are starting to appear with 802.11 radios built-in </li></ul></ul><ul><li>Desktop PC’s with good wired connectivity are ubiquitous in enterprises </li></ul>$6.99!
  3. 3. Key Insight <ul><li>Combine to provide a dense deployment of wireless “sensors” </li></ul><ul><li>We can use this platform to realize the full potential of wireless networks </li></ul><ul><ul><li>Enterprise wireless management tools </li></ul></ul><ul><ul><li>Enable new services where wireless is a key component </li></ul></ul>
  4. 4. The DAIR Platform <ul><li>Wireless management tools </li></ul><ul><ul><li>Improve security </li></ul></ul><ul><ul><li>Reduce IT ops costs </li></ul></ul><ul><ul><li>Increase “quality of service” </li></ul></ul><ul><li>New applications and services </li></ul><ul><ul><li>Location services </li></ul></ul><ul><ul><li>Seamless roaming </li></ul></ul><ul><ul><li>Alternative data distribution channel </li></ul></ul>
  5. 5. Outline <ul><li>Motivation </li></ul><ul><li>DAIR architecture </li></ul><ul><li>Management apps (& Rogue networks) </li></ul><ul><li>Related work </li></ul>
  6. 6. Enterprise WLAN Management <ul><li>Corporations spend a lot on WLAN infrastructure </li></ul><ul><ul><li>Worldwide enterprise WLAN business expected to grow from $1.1 billion this year to $3.5 billion in 2009 </li></ul></ul><ul><ul><li>MS IT dept. – 72% of costs are people </li></ul></ul><ul><li>Security and reliability are major concerns </li></ul><ul><ul><li>Wireless networks are becoming a target for hackers </li></ul></ul><ul><ul><li>Reliability: </li></ul></ul><ul><ul><ul><li>MS IT receives ~500 WLAN helpdesk requests per month </li></ul></ul></ul><ul><ul><ul><li>No easy way to measure cost of reliability problems </li></ul></ul></ul>
  7. 7. Advantages of the DAIR Approach <ul><ul><li>High density </li></ul></ul><ul><ul><ul><li>Wireless propagation is highly variable in enterprise environments (many obstructions) </li></ul></ul></ul><ul><ul><ul><li>Lots of channels to cover: 11 for 802.11b/g, 13 for 802.11a </li></ul></ul></ul><ul><ul><ul><li>Improves fidelity of many management tasks </li></ul></ul></ul><ul><ul><ul><li>Enables accurate location (useful as a diagnosis tool) </li></ul></ul></ul><ul><ul><li>Stationary sensing </li></ul></ul><ul><ul><ul><li>Provides predictable coverage </li></ul></ul></ul><ul><ul><ul><li>Also helps enable location services </li></ul></ul></ul><ul><ul><ul><li>Allows meaningful historical analysis </li></ul></ul></ul><ul><ul><li>Desktop resources </li></ul></ul><ul><ul><ul><li>Spare CPU, disk, and memory </li></ul></ul></ul><ul><ul><ul><li>Good connectivity to wired network </li></ul></ul></ul><ul><ul><ul><li>Wall power </li></ul></ul></ul>
  8. 8. Outline <ul><li>Motivation </li></ul><ul><li>DAIR architecture </li></ul><ul><li>Management apps (& Rogue networks) </li></ul><ul><li>Related work </li></ul>
  9. 9. DAIR Architecture
  10. 11. Outline <ul><li>Motivation </li></ul><ul><li>DAIR architecture </li></ul><ul><li>Management apps (& Rogue networks) </li></ul><ul><li>Related work </li></ul>
  11. 12. Wireless Management Apps <ul><li>Performance and Reliability </li></ul><ul><li>Performance monitoring </li></ul><ul><ul><li>Site planning: AP placement, frequency selection </li></ul></ul><ul><ul><li>AP Load balancing </li></ul></ul><ul><ul><li>Isolating performance problems </li></ul></ul><ul><li>Helping disconnected clients </li></ul><ul><ul><li>RF Holes </li></ul></ul><ul><ul><li>Misconfiguration, certificates, etc… </li></ul></ul><ul><li>Reliability </li></ul><ul><ul><li>Recovery from malfunctioning APs </li></ul></ul><ul><ul><li>Recovery from poor association policies </li></ul></ul>
  12. 13. Wireless Management: Security Apps <ul><li>Detecting DoS attacks: </li></ul><ul><ul><li>Spoofing Disassociation </li></ul></ul><ul><ul><li>Large NAV values </li></ul></ul><ul><ul><li>Jamming </li></ul></ul><ul><li>Detecting Rogue Wireless Networks </li></ul>
  13. 14. Rogue Wireless Networks <ul><li>Detecting rogue APs and rogue ad-hoc networks </li></ul><ul><li>An uninformed or careless employee who doesn’t understand (or chooses not to think about) the security implications </li></ul><ul><ul><li>An employee brings in an AP from home, and attaches it to the corporate network, creating a rogue AP </li></ul></ul><ul><ul><li>It is trivial to configure a desktop PC with a wireless interface to create a rogue ad-hoc network </li></ul></ul>
  14. 15. Risks <ul><li>Attaching unauthorized AP to a corporate network </li></ul><ul><ul><li>May allow unauthorized wireless clients to gain access </li></ul></ul><ul><li>A wireless client unknowingly connects to unauthorized AP on unauthorized network </li></ul><ul><ul><li>May expose corporate information on that network </li></ul></ul><ul><li>Once rogue network is installed, physical proximity is no longer needed (esp. with directional antennas)… </li></ul>
  15. 16. A Simple Solution? <ul><li>Build a database of known: </li></ul><ul><ul><li>SSIDs (network names) </li></ul></ul><ul><ul><li>BSSIDs (access point MAC addresses) </li></ul></ul><ul><li>Use DAIR infrastructure to scan </li></ul><ul><ul><li>Whenever an unknown entity appears (either SSID or BSSID), raise an alarm </li></ul></ul><ul><li>This is the level at which most previous work solves this problem </li></ul>
  16. 17. False Alarms <ul><li>In many enterprise environments, one can hear other legitimate APs </li></ul><ul><ul><li>E.g. shared office buildings </li></ul></ul><ul><li>Is the unknown wireless network connected to your corporate wired network? </li></ul>
  17. 18. Testing for Wired Connectivity <ul><li>Association test </li></ul><ul><ul><li>Associate with suspect AP, contact wired node </li></ul></ul><ul><li>Mac address tests: </li></ul><ul><ul><li>First-hop router test </li></ul></ul><ul><ul><ul><li>Wireless “DEST” = known router on wired network </li></ul></ul></ul><ul><ul><li>ARP test </li></ul></ul><ul><ul><ul><li>Wireless “DEST” = known entity on local subnet </li></ul></ul></ul><ul><li>DHCP signature test </li></ul><ul><ul><li>For wireless routers: Identify device type through DHCP options </li></ul></ul><ul><li>Packet correlation test </li></ul><ul><ul><li>Use timing and packet lengths to see traffic on both wired/wireless </li></ul></ul><ul><li>Replay test </li></ul>
  18. 19. First-Hop Router Test Land Monitor Air Monitor Subnet Router Database Land Monitor discovers MAC addresses of all subnet routers, submits results to the database AirMonitor overhears a client communicating with an unknown access point Access Point ? Client
  19. 20. First-Hop Router Test Unencrypted Header Encrypted Payload Receiver Transmitter Destination Access Point Client Subnet Router 802.11 Frame (with encryption): MAC Addresses:
  20. 21. Outline <ul><li>Motivation </li></ul><ul><li>DAIR architecture </li></ul><ul><li>Management apps (& Rogue networks) </li></ul><ul><li>Related work </li></ul>
  21. 22. Current Approaches & Related Research <ul><li>Many commercial offerings in this space </li></ul><ul><li>Leverage existing access points (APs) </li></ul><ul><ul><li>AirWave, ManageEngine, … </li></ul></ul><ul><ul><li>AP’s primary goal is to provide service to clients, limited time listening on other channels </li></ul></ul><ul><li>Specialized sensors </li></ul><ul><ul><li>Aruba (MS IT choice), AirDefense, AirTight … </li></ul></ul><ul><ul><li>Expensive  limited density </li></ul></ul><ul><li>[Adya et al. Mobicom 04] – use assistance of mobile clients </li></ul><ul><ul><li>Difficult to provide predictable coverage </li></ul></ul><ul><ul><li>Less proactive due to energy constraints </li></ul></ul><ul><li>Other wireless monitoring </li></ul>
  22. 23. Wrapping Up… <ul><ul><li>Status </li></ul></ul><ul><ul><ul><li>Built much of the “plumbing”: AirMonitors, Inferencing Service, Management Console (GUI) </li></ul></ul></ul><ul><ul><ul><li>Built set of wireless security apps, ongoing evaluation </li></ul></ul></ul><ul><ul><ul><li>Deployed ~22 AirMonitors on one floor of our building </li></ul></ul></ul><ul><ul><li>Next 6 months: </li></ul></ul><ul><ul><ul><li>Performance & reliability apps </li></ul></ul></ul><ul><ul><ul><li>Provide location services </li></ul></ul></ul><ul><ul><ul><li>Larger scale deployment </li></ul></ul></ul><ul><ul><li>Longer Term: going beyond management tools </li></ul></ul><ul><ul><ul><li>Seamless roaming </li></ul></ul></ul><ul><ul><ul><li>Self-configuring complete replacement for existing wireless infrastructure </li></ul></ul></ul>