PAWNs: Satisfying the Need for Ubiquitous Secure Connectivity and Location Services Param Bahl, Anan

1
PAWNs Satisfying the Need for Ubiquitous Secure
Connectivity and Location ServicesParam Bahl,
Anand Balachandra, Allen Miu, Wilf Russel,
Geoffrey M.Voelker, Yi-Min Wang

• 2003. 07. 24
• Kugsang Jeong
• (handeum.chonnam.ac.kr)

2
contents

• Introduction
• Public Area Wireless Networks
• The CHOICE Network
• Future of PAWN Deployment
• Summary

3
1. Introduction
Unprecedented growth in 21st century
Pervasive/ubiquitous computing
Wireless user Application Network access
Technology

• User
• Anytime anywhere
• Application
• Location-sensitive
• Context aware

• to extend network connectivity
• ( private network ? public network )

4
1. Introduction

• Wireless LAN technologies are the ideal
  mechanism
• technology advance in short-range
• build-in device increase
• high-speed

Wireless LAN
PAWN

• challenges
• wide range of service, differentiated QoS,
  accounting, billing
• location-sensitive and context-aware
  applications
• keeping all personal information

5
1. Introduction

• CHOICE
• Public-area wireless network to address
  challenges
• Free billed access
• Various QoS options
• global authentication
• per-packet verification
• User location determination and propagation

6
2. Public Area Wireless Networks

• Deployment issues
• Access Services within PAWNs
• Context and Location Services within PAWNs

7
2. Public Area Wireless Networks

• Deployment issues
• Trust relationship between users and networks
• Home/enterprise network
• Pre-arranged trust relationship ? convenient
  access
• Public network
• need to provide access to unknown user
• Authentication mechanism, Billing, end-to-end
  secure process
• Security
• Vulnerable to many kinds of attacks
• need to access control
• To prevent unauthorized users from accessing the
  network
• To guard against the most common modes of attack
• Service differentiation
• more pay better service
• High bandwidth, privileged access to local
  services

8
2. Public Area Wireless Networks

• Access Services within PAWNs
• Bandwidth Allocation
• Wireless b/w is characterized by user population
• QoS policy to manage/allocate bandwidth
• Pre-negotiation, various service classes
• Security Provisioning
• Level of security of users data for a
  pre-negotiated cost
• Billing and Accounting
• To bill users accurately for the use of the
  network resources
• Mobility Management
• Dynamically configured to operate properly when
  switching among public and private networks

9
2. Public Area Wireless Networks

• Context and Location Services within PAWNs
• Issues and Differences
• Generally
• Known user in enterprise environment
• range-limited sensor technology (such as IR)
• typically used for indoor surveillance
  application and online collaboration
• PAWN
• Unknown users in public area
• Large area coverage
• For frequently roaming users ? need to update
  location info. quickly

10
2. Public Area Wireless Networks

• Context and Location Services within PAWNs
• Determining Location
• Association with the Access Point
• Users location Access Points location
• The user can detect AP having strongest signal
  from the MAC level beacon by all APs
• Using signal strength of AP beacons
• To estimate the users radial distance using
  signal strength
• Using signal strength from multiple APs
• To estimate the users location using the
  signals from multiple APs and pre-computed
  signal-strength database

11
2. Public Area Wireless Networks

• Context and Location Services within PAWNs
• Determining Location

12
3. The CHOICE Network

• System Architecture and Components

13
3. The CHOICE Network

• Global Authenticator
• Trusted database
• maintain all valid users

14
3. The CHOICE Network

• Network Admission Server
• allows authorized access
• Scenario
• A user enters a PAWN
• DHCP on NAS provides IP addr.
• User is connected to Global authentication
  service by redirection
• Client module can be downloaded from the CHOISE
  web server if not already present.
• Packet filtering by NAS, except DHCP, Web Server,
  authenticator
• After Authentication, the user can have access to
  the network resources
• Authentication
• NAS provides the user and TCG with a (key, token)
  and key_id
• Key_id index of (key, token)
• key used for encryption/decryption
• token value that is tagged to every packet
  before encryption for access rights/privileges

15
3. The CHOICE Network

• Traffic Control Gateway
• Per-packet based verification
• Correct key and token?
• Per-packet based policy
• interacts with the policy manager
• implements policies that may be negotiated btwn
  users and host org.
• Client Module
• Software component resident on user devices
• tags all outgoing packets with (key, token).
• additional support on devices/ any modifications
  to the protocol stack doesnt be needed.
• Policy Manager
• to set policies for Service differentiation

16
3. The CHOICE Network

• Access services within CHOICE
• Differentiated Bandwidth Allocation
• Bandwidth expectation (bmin, bmax), at least
  bmin Guarantee
• Admission control
• Bandwidth monitoring
• Security Provisioning
• Basic, medium and enhanced modes of security
• Billing and Accounting
• Per-packet accounting for each user

17
3. The CHOICE Network

• Access services within CHOICE
• Mobility Management Service
• Network discovery service
• broadcast beacons ( network ID, NAS IP, TCG IP )
• Scenario
• User enters the PAWN
• Client module uses info. in broadcast beacons to
  connect to the Webserver for authentication
• (key, token) for packet tagging
• Set the default gateway to the TCG
• User returns to the home network
• client module no longer receives any beacons,
  then timeout
• User restores the hosts default network setting
• Client module saves (key, token) and network ID
  to re-enable packet tagging and provide seamless
  network access the need for another authentication

18
3. The CHOICE Network

• Location-Services and Context-Aware Applications
  in CHOICE
• WISH (Where IS Harry)
• To look for other people who are in their
  vicinity
• http//wish/
• Info. WISH user name, their interests, tag line,
  location map
• WISH client s/w
• Sends user name and AP signal strength to WISH
  server
• WISH server
• determine the users real-time location
• maintains name and physical location

19
3. The CHOICE Network

• Location-Services and Context-Aware Applications
  in CHOICE

20
3. The CHOICE Network

• Location-Services and Context-Aware Applications
  in CHOICE
• Location-based Buddy List
• To look for friends who are in the same place
• When a user connects to the PAWN, his
  pre-configured buddy list is sent to eventing
  server.
• WISH client s/w periodically updates the eventing
  server with users location info.
• When a new user connects to the same PAWN,
  eventign server sees a match and dispatches an
  instant message alert to the both users

21
3. The CHOICE Network

• Location-Services and Context-Aware Applications
  in CHOICE

22
3. The CHOICE Network

• Location-Services and Context-Aware Applications
  in CHOICE
• OnSale Mall Buddy Server
• Personalized sale announcement system based on
  location
• based on user profiles and product categories
• When a user connects to the PAWN, his
  pre-configured profile is sent to eventing
  server.
• The vendor inputs the information on Web server ?
  CHANGE event msg.
• Sale information(store name, item, original and
  sale price)
• Then eventing server generates an instant
  messaging alert and sends this to all interested
  users

23
3. The CHOICE Network

• Location-Services and Context-Aware Applications
  in CHOICE

24
4. Looking into the Crystal Ball of PAWN
Deployment

• To become ubiquitous, there has to be a business
  model
• Deployment model
• Small wireless service provider
• Large cash-rich WSP
• Local business
• Service models
• Free access
• Web portal of resident business
• indoor navigation system
• Enhanced service
• by charging the user according to the level of
  service
• Internet access, location-based buddy list,
  onsales service

25
5. Summary

• To further realize the vision of pervasive,
  ubiquitous computing, we must extend high-speed
  network connectivity beyond private networks into
  public places
• CHOICE
• To address the challenge of PAWN using Wireless
  LAN
• features
• Service models, authentication, access
  enforcement, policy enforcement, billing and
  accounting, security and privacy, location
  services