paws architecture
TRANSCRIPT
Prof. Jon Crowcroft, Dr. Murray Goulden, Dr. Christian Greiffenhagen, Heidi Howard, Prof. Derek McAuley, Dr. Richard Mortier, Dr. Milena
Radenkovic, Dr. Arjuna Sathiaseelan
Ubiquitous Access to Public Services Online
with PAWS
"All people should be allowed to connect to and express themselves freely on the Internet" - UN Human Rights Council
Lowest Cost Denominator Network
Introducing a new level of basic access, bridging the gap between no access and full access
Offering less than best effort access to all
10 % of the UK population do not have internet access
Aspley, Nottingham3 month trial
One of the most deprived areas in the country
~1/3 without internet access
50 new users50 sharers
Wireless Community Networks (WCN)
Forming Co-op's where you share your WiFi and in turn can use other's
Fon is the most popular WCN, with > 8 million FON hotspots worldwide
This demonstrates that people are willing to share their internet connection
Introducing PAWS
Public Access Wifi Service (PAWS) works with local councils and communities to give everyone access to basic public services online.
Aims● Confidentiality● Accountability● Ease of Use● Priority● Authentication● Scalability
Ease of Use
Most home routers are provided by ISP's, plugged in and left on default settings
Not scalable to re-configure everyone's routers
Introducing the PAWS access point, a Netgear router running OpenWRT
Priority
We need to measure the spare network capacity available to each PAWS access point
Project BISmark by Georgia Tech
3 month trial: 1 month of measurement, then 2 months of use
Throttling traffic at the PAWS access point
Authentication
User need to be able to authenticate themselves to the PAWS network at any PAWS box
We have a RADIUS server in Nottingham
This can be linked to the council's authentication servers
Accountability
PAWS users need to have a separate public IP address from the sharer. Sharers must not be accountable for users' actions online
Using a virtual private network (VPN) to a secure endpoint so all PAWS network traffic has the same IP address
Use PAWS access point firewalls to enforce use of PAWS VPN
ConfidentialityWiFi Encryption often provides weak security
Traffic passes through the sharer's home router where it can be sniffed
We already get this fixed for free with VPN to the user's devices
Scalability
Authentication across deployment areas
You are registered with your home area, authentication when travelling is directed to your home authentication server but we allow use of the nearest VPN server
Limitations
- VPN setup on some client devices is difficult- The most widely supported VPN is PPTP, but its been proven insecure- Some home routers block VPN traffic by default- PAWS Routers currently cost £130 each- Single point of failure, all traffic routed though VPN server- Little incentive to share
Ideas for Future Work
- Two tier system, where users who are also sharers get more bandwidth- For users who are also sharers use their PAWS box as the VPN endpoint instead - VPN from PAWS AP instead of client devices,combined with WPA Enterprise from the device to PAWS AP- Client apps to map coverage, automatically connect to VPN etc..- Implement fallback in PAWS access points
