The document proposes a cloud-assisted method for securely grouping client devices at the network edge using wireless connections. It involves a 3-way handshake between clients and the cloud to establish a shared hashkey that is then used as a wireless SSID, allowing direct communication. Modeling of mobility traces shows this approach can improve effective communication range and session duration compared to direct device-to-device grouping. Infrastructure nodes identified via trace analysis may further enhance performance by pre-fetching handshake information. The method provides a basic component that could also be integrated with blockchain-based edge security solutions.

1. A Method for Cloud-Assisted Secure Wireless Grouping of
Client Devices at Network Edge
Marat Zhanikeev – maratishe@gmail.com — PDF: bit.do/190806
presented as CyberSciTech 2019 @ Fukuoka
2019/08/06
Marat Zhanikeev – maratishe@gmail.com — PDF: bit.do/190806A Method for Cloud-Assisted Secure Wireless Grouping of Client Devices at Network Edge 1/9
1/9

2. Theoretical comm. capabilities at network
edge
• vast majority of (smartphone) apps today run online
◦ for example, see if you can find an offline news reader
• yet there are at least 3 separate methods for P2P WiFi
WiFi
3G
Connectivity
WebApp
Cloud
New
paradigm
Beacon
Stuffing
Marat Zhanikeev – maratishe@gmail.com — PDF: bit.do/190806A Method for Cloud-Assisted Secure Wireless Grouping of Client Devices at Network Edge 1/9
1/9

3. Cloud-Backed Device Groups at NetEdge
• devices should not trust each
other when forming groups
• a 3-way cloud-in-the-middle
handshake is proposed
• locally visible info is meaningless
code, which makes sense only when
run via the cloud
• this paper: a hashkey as SSID
Marat Zhanikeev – maratishe@gmail.com — PDF: bit.do/190806A Method for Cloud-Assisted Secure Wireless Grouping of Client Devices at Network Edge 2/9
2/9

4. The 3-Way Handshake
Cloud
Client A Client B
id,
GPS,
APs
Seeking group!
Check -in
HashkeyHashkey
>> SSID
Grouping
request
Matching
Check-in
B s hashkey
Hashkey
>> SSID
Direct comm.
• both sides need to ① put up WiFi APs and
➁ run AP scans
◦ doable on Android? I have had mixed results, but
the worst case is to toggle between AP and scan
• the matching part is non-trivial: the
cloud can pack ① GPS, ➁ WiFi signal level, ③
mobility trace/prediction, ④ sampling in dense
crowds ... into a smart grouping candidate
list
Marat Zhanikeev – maratishe@gmail.com — PDF: bit.do/190806A Method for Cloud-Assisted Secure Wireless Grouping of Client Devices at Network Edge 3/9
3/9

5. Session Modeling
• the biggest impact comes from lazy beaconing, no practical way to make it
better
• always-on-alert mode for short periods of time is possible, but out of scope for now
Cloud API
Client A
Effective
range
Walking path
Lazy Beaconing
WiFi Direct
GroupingDiscovery
Client B
Local traffic
Marat Zhanikeev – maratishe@gmail.com — PDF: bit.do/190806A Method for Cloud-Assisted Secure Wireless Grouping of Client Devices at Network Edge 4/9
4/9

6. Trace-Based Modeling
0 1 2 3 4 5 6 7 8 9
Time order
20
40
60
80
100
120
140
160
180
200
distance
0 1 2 3 4 5 6 7 8 9
Time order
0
0.2
0.4
0.6
0.8
1
speed
• mobility traces
from crawdad
(Statefair)
• mined the trace and
extracted pairwise
encounters
• each such encounter
is extraced and made
ready for easy replay
Marat Zhanikeev – maratishe@gmail.com — PDF: bit.do/190806A Method for Cloud-Assisted Secure Wireless Grouping of Client Devices at Network Edge 5/9
5/9

7. d2d vs d2i cases
• gridify the trace, track counts for each grid cell
to visualize the best spots for the infra
nodes – those are slow mobility, high density grid
cells
Speed map Density mapMap for potential infrastructure hubs
Marat Zhanikeev – maratishe@gmail.com — PDF: bit.do/190806A Method for Cloud-Assisted Secure Wireless Grouping of Client Devices at Network Edge 6/9
6/9

8. Performance
• infra-assisted models have poorer overall
performance (few nodes), but can be used to
further enhance the D2D performance
• these are aggregate views, better visualizations
are needed to see details
3 5 10 15 30 60 90 180
5
7
10
15
20
25
50
03 01 00 00 00 00 00 00
05 04 01 01 01 00 00 00
10 08 06 04 03 01 00 00
20 18 14 11 09 03 02 00
26 25 22 20 16 06 03 01
32 31 30 27 23 12 07 02
55 53 51 50 48 41 33 12
Effectiverange(meters)
Session duration (seconds)
25 25 25 25 25 13 09 06 06 06 06 06 06 06
34 34 34 34 34 18 13 09
06 06 06 06 06 04 03 02
05 05 05 05 05 03 02 01
03 03 03 03 03 02 02 01
01 01 01 01 01 01 01 01
16 16 16 16 16 08 05 03
02 02 02 02 02 01 01 01
01 01 01 01 01 01 01 01
01 01 01 01 01
3 5 10 15 30 60 90 180
5
7
10
15
20
25
50
26 26 26 26 26 14 10 06
11 11 11 11 11 06 03 02
08 08 08 08 08 04 03 01
04 04 04 04 04 02 02 01
02 02 02 02 02 01 01
31 31 31 31 31 15 10 07
02 02 02 02 02
02 02 02 02 02 02 02 02
WiFiRange(meters)
Session duration
Marat Zhanikeev – maratishe@gmail.com — PDF: bit.do/190806A Method for Cloud-Assisted Secure Wireless Grouping of Client Devices at Network Edge 7/9
7/9

9. Wrapup
• the infra-assisted case is best described as much better performance for
some of the clients
• otherwise, infra nodes facilitate much faster handshake due to prefetch
◦ 3-way handshakes inevitably infer additional cost
• side note ① already implemented and tried on Android and RPi
• side note ➁ the proposal can be used as a component in a blockchain-based
security at network edge01
01 M.Zhanikeev ”The Last Man Standing Technique for Proof-of-Location in IoT Infrastructures at Network Edge” Wireless Comm. and Mobile Comp. (2019)
Marat Zhanikeev – maratishe@gmail.com — PDF: bit.do/190806A Method for Cloud-Assisted Secure Wireless Grouping of Client Devices at Network Edge 8/9
8/9

10. That’s all, thank you ...
Marat Zhanikeev – maratishe@gmail.com — PDF: bit.do/190806A Method for Cloud-Assisted Secure Wireless Grouping of Client Devices at Network Edge 9/9
9/9