DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastr

1
DAIR Dense Array of Inexpensive RadiosManaging
Enterprise Wireless Networks Using Desktop
Infrastructure

• Victor Bahl, Jitendra Padhye, Lenin
  Ravnindranath, Manpreet Singh, Alec Wolman,
  Brian Zill
• Microsoft Research Cornell University

2
Observations

• Outfitting a desktop PC with 802.11 wireless is
  becoming very inexpensive
• Wireless USB dongles are cheap
• PC motherboards are starting toappear with
  802.11 radios built-in
• Desktop PCs with good wired connectivity are
  ubiquitous in enterprises

6.99!
3
Key Insight

• Combine to provide a dense deployment of wireless
  sensors
• We can use this platform to realize the full
  potential of wireless networks
• Enterprise wireless management tools
• Enable new services where wireless is a key
  component

4
The DAIR Platform

• New applications and services
• Location services
• Seamless roaming
• Alternative data distribution channel

• Wireless management tools
• Improve security
• Reduce IT ops costs
• Increase quality of service

5
Outline

• Motivation
• DAIR architecture
• Management apps ( Rogue networks)
• Related work

6
Enterprise WLAN Management

• Corporations spend a lot on WLAN infrastructure
• Worldwide enterprise WLAN business expected to
  grow from 1.1 billion this year to 3.5 billion
  in 2009
• MS IT dept. 72 of costs are people
• Security and reliability are major concerns
• Wireless networks are becoming a target for
  hackers
• Reliability
• MS IT receives 500 WLAN helpdesk requests per
  month
• No easy way to measure cost of reliability
  problems

7
Advantages of the DAIR Approach

• High density
• Wireless propagation is highly variable in
  enterprise environments (many obstructions)
• Lots of channels to cover 11 for 802.11b/g, 13
  for 802.11a
• Improves fidelity of many management tasks
• Enables accurate location (useful as a diagnosis
  tool)
• Stationary sensing
• Provides predictable coverage
• Also helps enable location services
• Allows meaningful historical analysis
• Desktop resources
• Spare CPU, disk, and memory
• Good connectivity to wired network
• Wall power

8
Outline

• Motivation
• DAIR architecture
• Management apps ( Rogue networks)
• Related work

9
DAIR Architecture
10
(No Transcript)
11
Outline

• Motivation
• DAIR architecture
• Management apps ( Rogue networks)
• Related work

12
Wireless Management Apps

• Performance and Reliability
• Performance monitoring
• Site planning AP placement, frequency selection
• AP Load balancing
• Isolating performance problems
• Helping disconnected clients
• RF Holes
• Misconfiguration, certificates, etc
• Reliability
• Recovery from malfunctioning APs
• Recovery from poor association policies

13
Wireless Management Security Apps

• Detecting DoS attacks
• Spoofing Disassociation
• Large NAV values
• Jamming
• Detecting Rogue Wireless Networks

14
Rogue Wireless Networks

• Detecting rogue APs and rogue ad-hoc networks
• An uninformed or careless employee who doesnt
  understand (or chooses not to think about) the
  security implications
• An employee brings in an AP from home, and
  attaches it to the corporate network, creating a
  rogue AP
• It is trivial to configure a desktop PC with a
  wireless interface to create a rogue ad-hoc
  network

15
Risks

• Attaching unauthorized AP to a corporate network
• May allow unauthorized wireless clients to gain
  access
• A wireless client unknowingly connects to
  unauthorized AP on unauthorized network
• May expose corporate information on that network
• Once rogue network is installed, physical
  proximity is no longer needed (esp. with
  directional antennas)

16
A Simple Solution?

• Build a database of known
• SSIDs (network names)
• BSSIDs (access point MAC addresses)
• Use DAIR infrastructure to scan
• Whenever an unknown entity appears (either SSID
  or BSSID), raise an alarm
• This is the level at which most previous work
  solves this problem

17
False Alarms

• In many enterprise environments, one can hear
  other legitimate APs
• E.g. shared office buildings
• Is the unknown wireless network connected to your
  corporate wired network?

18
Testing for Wired Connectivity

• Association test
• Associate with suspect AP, contact wired node
• Mac address tests
• First-hop router test
• Wireless DEST known router on wired network
• ARP test
• Wireless DEST known entity on local subnet
• DHCP signature test
• For wireless routers Identify device type
  through DHCP options
• Packet correlation test
• Use timing and packet lengths to see traffic on
  both wired/wireless
• Replay test

19
First-Hop Router Test
Access Point
Land Monitor
Air Monitor
?
Subnet Router
Database
Land Monitor discovers MAC addresses
of all subnet routers, submits results
to the database
AirMonitor overhears a client
communicating with an unknown access
point
20
First-Hop Router Test
802.11 Frame (with encryption)
Unencrypted Header
Encrypted Payload
MAC Addresses
Receiver
Transmitter
Destination
Access Point
Client
Subnet Router
21
Outline

• Motivation
• DAIR architecture
• Management apps ( Rogue networks)
• Related work

22
Current Approaches Related Research

• Many commercial offerings in this space
• Leverage existing access points (APs)
• AirWave, ManageEngine,
• APs primary goal is to provide service to
  clients, limited time listening on other
  channels
• Specialized sensors
• Aruba (MS IT choice), AirDefense, AirTight
• Expensive ? limited density
• Adya et al. Mobicom 04 use assistance of
  mobile clients
• Difficult to provide predictable coverage
• Less proactive due to energy constraints
• Other wireless monitoring

23
Wrapping Up

• Status
• Built much of the plumbing AirMonitors,
  Inferencing Service, Management Console (GUI)
• Built set of wireless security apps, ongoing
  evaluation
• Deployed 22 AirMonitors on one floor of our
  building
• Next 6 months
• Performance reliability apps
• Provide location services
• Larger scale deployment
• Longer Term going beyond management tools
• Seamless roaming
• Self-configuring complete replacement for
  existing wireless infrastructure