Title: DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastr
1DAIR Dense Array of Inexpensive RadiosManaging
Enterprise Wireless Networks Using Desktop
Infrastructure
- Victor Bahl, Jitendra Padhye, Lenin
Ravnindranath, Manpreet Singh, Alec Wolman,
Brian Zill - Microsoft Research Cornell University
2Observations
- Outfitting a desktop PC with 802.11 wireless is
becoming very inexpensive - Wireless USB dongles are cheap
- PC motherboards are starting toappear with
802.11 radios built-in - Desktop PCs with good wired connectivity are
ubiquitous in enterprises
6.99!
3Key Insight
- Combine to provide a dense deployment of wireless
sensors - We can use this platform to realize the full
potential of wireless networks - Enterprise wireless management tools
- Enable new services where wireless is a key
component
4 The DAIR Platform
- New applications and services
- Location services
- Seamless roaming
- Alternative data distribution channel
- Wireless management tools
- Improve security
- Reduce IT ops costs
- Increase quality of service
5Outline
- Motivation
- DAIR architecture
- Management apps ( Rogue networks)
- Related work
6Enterprise WLAN Management
- Corporations spend a lot on WLAN infrastructure
- Worldwide enterprise WLAN business expected to
grow from 1.1 billion this year to 3.5 billion
in 2009 - MS IT dept. 72 of costs are people
- Security and reliability are major concerns
- Wireless networks are becoming a target for
hackers - Reliability
- MS IT receives 500 WLAN helpdesk requests per
month - No easy way to measure cost of reliability
problems
7Advantages of the DAIR Approach
- High density
- Wireless propagation is highly variable in
enterprise environments (many obstructions) - Lots of channels to cover 11 for 802.11b/g, 13
for 802.11a - Improves fidelity of many management tasks
- Enables accurate location (useful as a diagnosis
tool) - Stationary sensing
- Provides predictable coverage
- Also helps enable location services
- Allows meaningful historical analysis
- Desktop resources
- Spare CPU, disk, and memory
- Good connectivity to wired network
- Wall power
8Outline
- Motivation
- DAIR architecture
- Management apps ( Rogue networks)
- Related work
9DAIR Architecture
10(No Transcript)
11Outline
- Motivation
- DAIR architecture
- Management apps ( Rogue networks)
- Related work
12Wireless Management Apps
- Performance and Reliability
- Performance monitoring
- Site planning AP placement, frequency selection
- AP Load balancing
- Isolating performance problems
- Helping disconnected clients
- RF Holes
- Misconfiguration, certificates, etc
- Reliability
- Recovery from malfunctioning APs
- Recovery from poor association policies
13Wireless Management Security Apps
- Detecting DoS attacks
- Spoofing Disassociation
- Large NAV values
- Jamming
- Detecting Rogue Wireless Networks
14Rogue Wireless Networks
- Detecting rogue APs and rogue ad-hoc networks
- An uninformed or careless employee who doesnt
understand (or chooses not to think about) the
security implications - An employee brings in an AP from home, and
attaches it to the corporate network, creating a
rogue AP - It is trivial to configure a desktop PC with a
wireless interface to create a rogue ad-hoc
network
15Risks
- Attaching unauthorized AP to a corporate network
- May allow unauthorized wireless clients to gain
access - A wireless client unknowingly connects to
unauthorized AP on unauthorized network - May expose corporate information on that network
- Once rogue network is installed, physical
proximity is no longer needed (esp. with
directional antennas)
16A Simple Solution?
- Build a database of known
- SSIDs (network names)
- BSSIDs (access point MAC addresses)
- Use DAIR infrastructure to scan
- Whenever an unknown entity appears (either SSID
or BSSID), raise an alarm - This is the level at which most previous work
solves this problem
17False Alarms
- In many enterprise environments, one can hear
other legitimate APs - E.g. shared office buildings
- Is the unknown wireless network connected to your
corporate wired network?
18Testing for Wired Connectivity
- Association test
- Associate with suspect AP, contact wired node
- Mac address tests
- First-hop router test
- Wireless DEST known router on wired network
- ARP test
- Wireless DEST known entity on local subnet
- DHCP signature test
- For wireless routers Identify device type
through DHCP options - Packet correlation test
- Use timing and packet lengths to see traffic on
both wired/wireless - Replay test
19First-Hop Router Test
Access Point
Land Monitor
Air Monitor
?
Subnet Router
Database
Land Monitor discovers MAC addresses
of all subnet routers, submits results
to the database
AirMonitor overhears a client
communicating with an unknown access
point
20First-Hop Router Test
802.11 Frame (with encryption)
Unencrypted Header
Encrypted Payload
MAC Addresses
Receiver
Transmitter
Destination
Access Point
Client
Subnet Router
21Outline
- Motivation
- DAIR architecture
- Management apps ( Rogue networks)
- Related work
22Current Approaches Related Research
- Many commercial offerings in this space
- Leverage existing access points (APs)
- AirWave, ManageEngine,
- APs primary goal is to provide service to
clients, limited time listening on other
channels - Specialized sensors
- Aruba (MS IT choice), AirDefense, AirTight
- Expensive ? limited density
- Adya et al. Mobicom 04 use assistance of
mobile clients - Difficult to provide predictable coverage
- Less proactive due to energy constraints
- Other wireless monitoring
23Wrapping Up
- Status
- Built much of the plumbing AirMonitors,
Inferencing Service, Management Console (GUI) - Built set of wireless security apps, ongoing
evaluation - Deployed 22 AirMonitors on one floor of our
building - Next 6 months
- Performance reliability apps
- Provide location services
- Larger scale deployment
- Longer Term going beyond management tools
- Seamless roaming
- Self-configuring complete replacement for
existing wireless infrastructure