Title: PAWNs: Satisfying the Need for Ubiquitous Secure Connectivity and Location Services Param Bahl, Anan
1PAWNs Satisfying the Need for Ubiquitous Secure
Connectivity and Location ServicesParam Bahl,
Anand Balachandra, Allen Miu, Wilf Russel,
Geoffrey M.Voelker, Yi-Min Wang
- 2003. 07. 24
- Kugsang Jeong
- (handeum.chonnam.ac.kr)
2contents
- Introduction
- Public Area Wireless Networks
- The CHOICE Network
- Future of PAWN Deployment
- Summary
31. Introduction
Unprecedented growth in 21st century
Pervasive/ubiquitous computing
Wireless user Application Network access
Technology
- User
- Anytime anywhere
- Application
- Location-sensitive
- Context aware
- to extend network connectivity
- ( private network ? public network )
41. Introduction
- Wireless LAN technologies are the ideal
mechanism - technology advance in short-range
- build-in device increase
- high-speed
Wireless LAN
PAWN
- challenges
- wide range of service, differentiated QoS,
accounting, billing - location-sensitive and context-aware
applications - keeping all personal information
51. Introduction
- CHOICE
- Public-area wireless network to address
challenges - Free billed access
- Various QoS options
- global authentication
- per-packet verification
- User location determination and propagation
62. Public Area Wireless Networks
- Deployment issues
- Access Services within PAWNs
- Context and Location Services within PAWNs
72. Public Area Wireless Networks
- Deployment issues
- Trust relationship between users and networks
- Home/enterprise network
- Pre-arranged trust relationship ? convenient
access - Public network
- need to provide access to unknown user
- Authentication mechanism, Billing, end-to-end
secure process - Security
- Vulnerable to many kinds of attacks
- need to access control
- To prevent unauthorized users from accessing the
network - To guard against the most common modes of attack
- Service differentiation
- more pay better service
- High bandwidth, privileged access to local
services
82. Public Area Wireless Networks
- Access Services within PAWNs
- Bandwidth Allocation
- Wireless b/w is characterized by user population
- QoS policy to manage/allocate bandwidth
- Pre-negotiation, various service classes
- Security Provisioning
- Level of security of users data for a
pre-negotiated cost - Billing and Accounting
- To bill users accurately for the use of the
network resources - Mobility Management
- Dynamically configured to operate properly when
switching among public and private networks
92. Public Area Wireless Networks
- Context and Location Services within PAWNs
- Issues and Differences
- Generally
- Known user in enterprise environment
- range-limited sensor technology (such as IR)
- typically used for indoor surveillance
application and online collaboration - PAWN
- Unknown users in public area
- Large area coverage
- For frequently roaming users ? need to update
location info. quickly
102. Public Area Wireless Networks
- Context and Location Services within PAWNs
- Determining Location
- Association with the Access Point
- Users location Access Points location
- The user can detect AP having strongest signal
from the MAC level beacon by all APs - Using signal strength of AP beacons
- To estimate the users radial distance using
signal strength - Using signal strength from multiple APs
- To estimate the users location using the
signals from multiple APs and pre-computed
signal-strength database
112. Public Area Wireless Networks
- Context and Location Services within PAWNs
- Determining Location
123. The CHOICE Network
- System Architecture and Components
133. The CHOICE Network
- Global Authenticator
- Trusted database
- maintain all valid users
143. The CHOICE Network
- Network Admission Server
- allows authorized access
- Scenario
- A user enters a PAWN
- DHCP on NAS provides IP addr.
- User is connected to Global authentication
service by redirection - Client module can be downloaded from the CHOISE
web server if not already present. - Packet filtering by NAS, except DHCP, Web Server,
authenticator - After Authentication, the user can have access to
the network resources - Authentication
- NAS provides the user and TCG with a (key, token)
and key_id - Key_id index of (key, token)
- key used for encryption/decryption
- token value that is tagged to every packet
before encryption for access rights/privileges
153. The CHOICE Network
- Traffic Control Gateway
- Per-packet based verification
- Correct key and token?
- Per-packet based policy
- interacts with the policy manager
- implements policies that may be negotiated btwn
users and host org. - Client Module
- Software component resident on user devices
- tags all outgoing packets with (key, token).
- additional support on devices/ any modifications
to the protocol stack doesnt be needed. - Policy Manager
- to set policies for Service differentiation
163. The CHOICE Network
- Access services within CHOICE
- Differentiated Bandwidth Allocation
- Bandwidth expectation (bmin, bmax), at least
bmin Guarantee - Admission control
- Bandwidth monitoring
- Security Provisioning
- Basic, medium and enhanced modes of security
- Billing and Accounting
- Per-packet accounting for each user
173. The CHOICE Network
- Access services within CHOICE
- Mobility Management Service
- Network discovery service
- broadcast beacons ( network ID, NAS IP, TCG IP )
- Scenario
- User enters the PAWN
- Client module uses info. in broadcast beacons to
connect to the Webserver for authentication - (key, token) for packet tagging
- Set the default gateway to the TCG
- User returns to the home network
- client module no longer receives any beacons,
then timeout - User restores the hosts default network setting
- Client module saves (key, token) and network ID
to re-enable packet tagging and provide seamless
network access the need for another authentication
183. The CHOICE Network
- Location-Services and Context-Aware Applications
in CHOICE - WISH (Where IS Harry)
- To look for other people who are in their
vicinity - http//wish/
- Info. WISH user name, their interests, tag line,
location map - WISH client s/w
- Sends user name and AP signal strength to WISH
server - WISH server
- determine the users real-time location
- maintains name and physical location
193. The CHOICE Network
- Location-Services and Context-Aware Applications
in CHOICE
203. The CHOICE Network
- Location-Services and Context-Aware Applications
in CHOICE - Location-based Buddy List
- To look for friends who are in the same place
- When a user connects to the PAWN, his
pre-configured buddy list is sent to eventing
server. - WISH client s/w periodically updates the eventing
server with users location info. - When a new user connects to the same PAWN,
eventign server sees a match and dispatches an
instant message alert to the both users
213. The CHOICE Network
- Location-Services and Context-Aware Applications
in CHOICE
223. The CHOICE Network
- Location-Services and Context-Aware Applications
in CHOICE - OnSale Mall Buddy Server
- Personalized sale announcement system based on
location - based on user profiles and product categories
- When a user connects to the PAWN, his
pre-configured profile is sent to eventing
server. - The vendor inputs the information on Web server ?
CHANGE event msg. - Sale information(store name, item, original and
sale price) - Then eventing server generates an instant
messaging alert and sends this to all interested
users
233. The CHOICE Network
- Location-Services and Context-Aware Applications
in CHOICE
244. Looking into the Crystal Ball of PAWN
Deployment
- To become ubiquitous, there has to be a business
model - Deployment model
- Small wireless service provider
- Large cash-rich WSP
- Local business
- Service models
- Free access
- Web portal of resident business
- indoor navigation system
- Enhanced service
- by charging the user according to the level of
service - Internet access, location-based buddy list,
onsales service
255. Summary
- To further realize the vision of pervasive,
ubiquitous computing, we must extend high-speed
network connectivity beyond private networks into
public places - CHOICE
- To address the challenge of PAWN using Wireless
LAN - features
- Service models, authentication, access
enforcement, policy enforcement, billing and
accounting, security and privacy, location
services