1
Curriculum Development Workshop for Wireless Networks
Wireless Networks and Mobile Systems: Mobile
Networks
Scott F. Midkiff and Luiz A. DaSilva© 2004
Curriculum Dev. Workshop for Wireless Networks 2 Mobile Networks
Objectives
Provide an overview of topics and assignments in the Mobile Networks module of the courseDescribe one of the design projects (wireless “hot spot”service)
2
Curriculum Dev. Workshop for Wireless Networks 3 Mobile Networks
Agenda
Learning objectives and module structureLecture topicsIn-class lab exercisesAt-home exercisesDesign project
Wireless hot spot design project
Curriculum Dev. Workshop for Wireless Networks 4 Mobile Networks
Mobile Networks (1/2)
Application
Transport
Network
Data Link
Physical
Basics of IP routingMobile ad hoc networksMobile IPIP for nomadic users (NAT, DHCP, VPNs, firewalls)
Security
Wireless TCP
3
Curriculum Dev. Workshop for Wireless Networks 5 Mobile Networks
Mobile Networks (2/2)
Greatest omission is networking in cellular infrastructureTopic is covered elsewhere in ECE curriculumDoes not lend itself to hands-on experiments
Focus on a few selected examplesAODV and OLSR as a MANET routing protocolsLinux IP Chains as a packet filtering schemeLittle coverage of IPv6
Omitted security in Spring 2003 and TCP over wireless in Spring 2004
Curriculum Dev. Workshop for Wireless Networks 6 Mobile Networks
Module structure
Mobile Networks module consists ofFour 75-minute lecturesFour 75-minute in-class lab exercisesTwo at-home exercisesOne design project
Lectures and in-class lab exercises for this module were conducted in weeks 8, 9, 10, and 11
4
Curriculum Dev. Workshop for Wireless Networks 7 Mobile Networks
Lecture 8: IP routing and MANET routing algorithms
Layer 2 routing (tie back to previous Wireless Networks module)Routing basics for the Internet Protocol
Distance vector algorithmsLink-state algorithms
Mobile ad hoc networks (MANETs)Example MANET routing protocols
Optimized Link State Routing (OLSR) protocolAd-hoc On-demand Distance Vector (AODV) routing protocol
Curriculum Dev. Workshop for Wireless Networks 8 Mobile Networks
MANETs
A mobile ad hoc network (MANET) is characterized by…Multi-hop routing so that nodes not directly connected at Layer 2 can communicate through Layer 3 routingWireless linksMobile nodes
S
D
S
D
LogicalTopology
5
Curriculum Dev. Workshop for Wireless Networks 9 Mobile Networks
Types of MANET Routing
MANET Routing Protocols
Hybrid
Proactive Reactive
Example:OLSR
Example:AODV
Curriculum Dev. Workshop for Wireless Networks 10 Mobile Networks
Optimized Link State Routing
Maintains a full routing tableUses multipoint relay set (MPR) concept to
Minimize amount of link-state informationReduce the number of nodes that must transmit topology information
1
3 5
2
6
7
4
Dest Next Hops1 4 22 2 14 4 15 5 16 4 (5) 27 4 (5) 3
6
Curriculum Dev. Workshop for Wireless Networks 11 Mobile Networks
Ad-hoc On-demand Distance Vector
Finds a route only when neededSource node and nodes along path know only active routes
14
3 5
2
6
7
Dest Next Hops7 4 3
Curriculum Dev. Workshop for Wireless Networks 12 Mobile Networks
In-class Lab Exercise 8 (1/4)
ObjectivesFamiliarize students with the operation of the Optimized Link State Routing (OLSR) protocol for mobile ad hoc networks (MANETs)Investigate delay, throughput, connectivity and overhead in MANETs
After the exercise, students are able toUnderstand the operation of the OLSR routing protocolEvaluate multi-hop ad hoc routing protocols in wireless environments
7
Curriculum Dev. Workshop for Wireless Networks 13 Mobile Networks
In-class Lab Exercise 8 (2/4)
Equipment
System softwareRed Hat Linux 7.3OLSR INRIA implementation with U.S. Office of Naval Research (NRL) modifications
http://pf.itd.nrl.navy.mil/projects/olsrv3
Dell Latitude C640Notebook
Xircom Credit Card Wireless Ethernet Adapter
Curriculum Dev. Workshop for Wireless Networks 14 Mobile Networks
In-class Lab Exercise 8 (3/4)
TasksInstall OLSR software in Linux (pre-lab)Configure an IEEE 802.11b ad hoc networkSynchronize time with a “controlling”:nodeUse iperf to measure throughput with a directly connected topology
Two teams in each network run iperfserversTwo teams in each network run iperfclients
Create a multi-hop topology and repeat the testSave results for later analysis (in the at-home exercise)
8
Curriculum Dev. Workshop for Wireless Networks 15 Mobile Networks
In-class Lab Exercise 8 (4/4)
Multi-hop topologyPreliminary site study to determine reasonable distancesExact topology known only when the experiment is performed
12
3 45
6
7
8
iperfclient
iperfclient
iperfserveriperf
server
experimentcontrol
Curriculum Dev. Workshop for Wireless Networks 16 Mobile Networks
At-home Exercise 8 (1/2)
ObjectivesEvaluate the OLSR routing protocol by analyzing the results fromthe in-class experiment
After the exercise, students are able toUnderstand the operation of the OLSR routing protocol in mobilead-hoc networksCompare the performance of MANET routing protocols in different network topologies
9
Curriculum Dev. Workshop for Wireless Networks 17 Mobile Networks
At-home Exercise 8 (2/2)
TasksAnalyze log files collected in the in-class exerciseDetermine the Multipoint Relay (MPR) set and Multipoint Relay Selector (MPRS) set for OLSR and the logical topologyAnalyze and plot packet loss rate and throughput for the directly-connected and multi-hop topologiesSummarize “lessons learned” and general observations
Deliverable is a written report
Curriculum Dev. Workshop for Wireless Networks 18 Mobile Networks
Lecture 9: IP addressing, IP routing, and Mobile IP
IP addressingNode mobility and IPMobile IP
Foreign agent discoveryHome agent registrationPacket delivery through tunnelingRoute optimization
10
Curriculum Dev. Workshop for Wireless Networks 19 Mobile Networks
A Limitation of IP Addressing
An IP address implies both a host (the “name”) and a network (the “location”)
ab
c
3.0.0.2 3.0.0.3 3.0.0.4
4.0.0.5 4.0.0.6
RouterDest = 3.0.0.4
3.0.0.4
X
MobileHost
Target Interface2.0.0.0/24 a3.0.0.0/24 b4.0.0.0/24 c
Curriculum Dev. Workshop for Wireless Networks 20 Mobile Networks
Mobile IP
HomeAgent
ForeignAgent
CorrespondentNode (Host)
10.0.8.0/24
10.4.5.0/24
10.0.8.510.0.8.5
10.4.5.43
10.4.5.43
MobileHost 10.0.8.5
10.0.8.5
10.92.2.3
10.92.2.3
11
Curriculum Dev. Workshop for Wireless Networks 21 Mobile Networks
In-class Lab Exercise 9 (1/4)
ObjectivesFamiliarize students with the operation of Mobile IPInvestigate delay, throughput, and overhead of Mobile IP
After the exercise, students are able toExplain the operation of the home agent, the foreign agent and the mobile node in Mobile IPUnderstand the routing and tunneling operation in Mobile IPConfigure the Dynamics Mobile IP package in Linux
Curriculum Dev. Workshop for Wireless Networks 22 Mobile Networks
In-class Lab Exercise 9 (2/4)
Equipment
System softwareRed Hat Linux 7.3HUT’s Dynamics Mobile IP
http://www.cs.hut.fi/Research/Dynamics/
Dell Latitude C640Notebook
Xircom Credit Card Wireless Ethernet Adapter
Intel Wireless Gateway
2 for entire class
12
Curriculum Dev. Workshop for Wireless Networks 23 Mobile Networks
In-class Lab Exercise 9 (3/4)
TasksConfigure the Dynamics Mobile IP packageSelected student groups configure hosts as foreign agents, home agents, mobile hosts, and corresponding hostsUse Ethereal to trace signaling when mobile host moves from home to foreign networkObserve delay (with ping), throughput (with iperf), and signaling (with Ethereal) for mobile nodes in foreign networks
Curriculum Dev. Workshop for Wireless Networks 24 Mobile Networks
In-class Lab Exercise 9 (4/4)
192.168.100.1 192.168.200.1
CorrespondentNode
192.168.100.X
HomeAgent
192.168.100.101
MobileNode(s)
192.168.100.X
ForeignAgent
192.168.200.101
MobileNode(s)
192.168.100.X
Home Network (192.168.100.0/24) Foreign Network (192.168.200.0/24)
13
Curriculum Dev. Workshop for Wireless Networks 25 Mobile Networks
Lecture 10: Nomadic services, DHCP, NAT, and VPNs
Nomadic servicesVirtual private networks (VPNs)Dynamic Host Configuration Protocol (DHCP)Network address translation (NAT)Firewalls and packet filteringHTML and web programmingComments on the wireless “hot spot” service
Curriculum Dev. Workshop for Wireless Networks 26 Mobile Networks
Functions for Nomadic Services
Addressvia DHCP
Secure Data,Private Address
Secure Data,Public Address
• VPN endpoint• VPN endpoint
• DHCP• NAT
Public NetworkPrivate Network Private Network
NomadicNode
14
Curriculum Dev. Workshop for Wireless Networks 27 Mobile Networks
iptablesExample:
Setting DSCP
Example:Redirecting
Example:Typical Firewall
FunctionsExample:Typical Firewall
Functions
Curriculum Dev. Workshop for Wireless Networks 28 Mobile Networks
In-class Lab Exercise 10 (1/4)
ObjectivesFamiliarize students with the operation of virtual private networks (VPN)Familiarize students with the operation of the Dynamic Host Configuration Protocol (DHCP) and IP masquerading, which is alsoknown as network address translation (NAT)
After the exercise, students are able toUnderstand the operations of VPNs, DHCP, and NATSetup VPN connections in Windows 2000 Professional systems
15
Curriculum Dev. Workshop for Wireless Networks 29 Mobile Networks
In-class Lab Exercise 10 (2/4)
Equipment
System softwareWindows 2000 Professional
Dell Latitude C640Notebook
Xircom Credit Card Wireless Ethernet Adapter
Intel Wireless Gateway
1 for entire class
Curriculum Dev. Workshop for Wireless Networks 30 Mobile Networks
In-class Lab Exercise 10 (3/4)
TasksSetup and monitor a VPNSetup and monitor DHCP and NAT in Windows 2000 Internet Connection Sharing (ICS)
16
Curriculum Dev. Workshop for Wireless Networks 31 Mobile Networks
In-class Lab Exercise 10 (4/4)
Virtual private network (VPN) experiment
Internet connection sharing (ICS) experiment
IntranetHost
192.168.0.2
VPNServer
192.168.0.1
VPNClient
192.168.0.1“Internet”
IntranetHost
192.168.0.2
InternetGateway
192.168.0.1
WebServer
192.168.0.1“Internet”
Curriculum Dev. Workshop for Wireless Networks 32 Mobile Networks
Design Project 10
ObjectivesUnderstand how routing, IP firewalls, and IP masquerading (also known as network address and port translation) can be integratedto offer wireless connectivity or “hot spot” service
Topics coveredDHCP daemon use and configurationiptables or ipchains use for basic firewalling and IP masqueradingConfiguring a notebook running Linux to work as a routerBasic web authentication using a web interface
More later…
17
Curriculum Dev. Workshop for Wireless Networks 33 Mobile Networks
Lecture 11: TCP in wireless networks
TCP overviewFlow controlCongestion avoidance, slow start, and retransmissionTCP Reno and TCP Vegas
TCP in wireless networksSolutions to TCP performance problems in wireless networks
Included in Spring 2003, but not in Spring 2004
Curriculum Dev. Workshop for Wireless Networks 34 Mobile Networks
Lecture 12: Security inwireless LANs and mobile networksSecurity vulnerabilities and objectivesSecurity mechanismsBasic security features in IEEE 802.11
AuthenticationPrivacy
Improving WLAN securityRSA Security’s Fast Packet RekeyingWiFi Alliance’s WiFi Protected Access (WPA)IEEE 802.11 Technical Group i (IEEE 802.11i)
Augmenting WLAN securityOther security issues
18
Curriculum Dev. Workshop for Wireless Networks 35 Mobile Networks
In-class Lab Exercise 12 (1/3)
ObjectivesObserve security vulnerabilities in wireless local area networksObserve Denial of Service (DoS) attacks that target IEEE 802.11 WLANsObserve the operation of an 802.11 WLAN detector, sniffer, and Intrusion Detection System (IDS)
Curriculum Dev. Workshop for Wireless Networks 36 Mobile Networks
In-class Lab Exercise 12 (2/3)
Equipment
Special softwareKismet – a layer 2 wireless network detector, packet sniffer, and intrusion detection system
Dell Latitude C640Notebook
Xircom Credit Card Wireless Ethernet Adapter
Intel Wireless Gateway
1 for entire class
19
Curriculum Dev. Workshop for Wireless Networks 37 Mobile Networks
In-class Lab Exercise 12 (3/3)
TasksSpoofing the Intel gateway’s IP address (ARP cache poisoning)
One student spoofs the IP address of the access point and, under some conditions, “poisons” the ARP cache entries of other nodes in the network
Network sniffing, detection, and intrusion detectionKismet is used to monitor IEEE 802.11b traffic
Impersonating an access pointLab instructor’s computer impersonates an access point and causes student notebooks to disassociate from the real access point
Curriculum Dev. Workshop for Wireless Networks 38 Mobile Networks
At-home Exercise 12 (1/3)
ObjectivesUnderstand the mechanics of the attacks that were conducted in the in-class labInvestigate possible defenses
20
Curriculum Dev. Workshop for Wireless Networks 39 Mobile Networks
At-home Exercise 12 (2/3)
Equipment
Dell Latitude C640Notebook
Xircom Credit Card Wireless Ethernet Adapter
Intel Wireless Gateway
CompaqiPAQ 3850
Curriculum Dev. Workshop for Wireless Networks 40 Mobile Networks
At-home Exercise 12 (3/3)
Tasks“ARP cache poisoning” attack
Use screenshots of routing table and ARP table together with the Ethereal capture file to explain the mechanics of this attackUsing the iPAQ (attacker), notebook, and Intel WLAN gateway, replicate the attack scenario
“Impersonating an access point” attackUse the screenshots from the Kismet alert interface together with the dumb files produced by Kismet to identify broadcast deassociation messages spoofed by the rogue AP
Explain how this attack was made possible and suggest any defenses against it, including any using features of WiFi Protected Access (WPA)
21
Curriculum Dev. Workshop for Wireless Networks 41 Mobile Networks
Wireless hot spot design project
Build a wireless hot spot service usingDHCPipchains for basic firewalling and IP masqueradingNotebook running Linux to work as a routerWeb authentication using a web interface
Deliverables for each group of two studentsProject demonstrationProject report
Curriculum Dev. Workshop for Wireless Networks 42 Mobile Networks
Basic hot spot configuration
DHCP serverFirewallIP masqueradingWeb-based authentication
Private Network
“Public” Internet
PrivatePublic
22
Curriculum Dev. Workshop for Wireless Networks 43 Mobile Networks
Creating an association
IEEE 802.11NIC
IEEE 802.11AP
Association
DHCPClient
DHCPServer
IP Configuration
WebBrowswer
HTTP Server/CGI
Authentication
NomadicUser
Hot SpotService
Curriculum Dev. Workshop for Wireless Networks 44 Mobile Networks
Data transfer
IEEE 802.11NIC
IEEE 802.11AP
IP IP
NomadicUser
EndHost
NAT/Firewall
TCP/UDP
IP
TCP/UDP
Hot SpotService
23
Curriculum Dev. Workshop for Wireless Networks 45 Mobile Networks
Network configuration
Private Hot SpotNetwork
Public Internet
Iface: eth0IP: 192.168.1.254Mask: 255.255.255.0
Iface: eth1ESSID: techIP: 192.168.2.100Mask: 255.255.255.0
IP: 192.168.1.103ESSID: hokiesMask: 255.255.255.0
• Firewall (IP Chains)• DHCP• Web-based authentication• NAT (IP Masquerading)
• Apache web serverhttp://192.168.2.1/
ESSID: hokiesIP: 192.168.1.253Mask: 255.255.255.0
Iface: eth0ESSID: techIP: 192.168.2.1Mask: 255.255.255.0
ESSID: techIP: 192.168.2.253Mask: 255.255.255.0
Curriculum Dev. Workshop for Wireless Networks 46 Mobile Networks
Script to start gateway (1/4)
#!/bin/bash
#bring up firewall#/etc/init.d/ipchains restart
# make sure iptables is not enabled# make sure ipchains _is_ enabledrmmod iptable_filterrmmod ip_tablesmodprobe ipchains
24
Curriculum Dev. Workshop for Wireless Networks 47 Mobile Networks
Script to start gateway (2/4)#3 things needed for ip masqing
# tell ipchains to default to deny all forwarding
# flush all chains/sbin/ipchains -F
# accept incoming packets/sbin/ipchains -P input ACCEPT
# reject syn packets coming to the outside port# we don't need anyone coming in from the outside/sbin/ipchains -A input -i eth1 -p tcp -y -j REJECT
# redirect all http requests to the local http port/sbin/ipchains -A input -i eth0 -p tcp -d 0/0 80 -j REDIRECT 80
# accept all connections coming from the inside/sbin/ipchains -A input -i eth0 -j ACCEPT
Curriculum Dev. Workshop for Wireless Networks 48 Mobile Networks
Script to start gateway (3/4)
# should add rules to limit what the internal hosts may connect to (on this box)
# stop forwarding; we only want masquerading/sbin/ipchains -A forward -i eth1 -s 192.168.1.0/24 -j MASQ
#enable ip fowarding for ip masqueradingecho 1 > /proc/sys/net/ipv4/ip_forward
25
Curriculum Dev. Workshop for Wireless Networks 49 Mobile Networks
Script to start gateway (4/4)
#bring up wireless link# change channel to whatever channel is wanted# change essid to AP ssid/usr/local/sbin/iwconfig eth1 channel 1 essid tech/sbin/ifconfig eth1 192.168.2.100 netmask 255.255.255.0 up/sbin/ifconfig eth0 192.168.1.254 netmask 255.255.255.0 up
#restart dhcpd to use eth1 as well#/etc/init.d/dhcpd restartservice dhcpd restartservice httpd restart
Curriculum Dev. Workshop for Wireless Networks 50 Mobile Networks
Configuring DHCPd at gateway
Assigns IP addresses in range 192.168.1.100 to 192.168.1.200 for subnet 192.168.1.0/24
#example dhcpd.conf file
option domain-name "stu.net";option subnet-mask 255.255.255.0;default-lease-time 150000;max-lease-time 1290000;option routers 192.168.1.254;#option domain-name-servers 198.82.247.98;
subnet 192.168.1.0 netmask 255.255.255.0 {range 192.168.1.100 192.168.1.200;
}
host testpc1 {hardware ethernet 00:40:96:48:3b:ab;fixed-address 192.168.1.30;
}
subnet 192.168.2.0 netmask 255.255.255.0 {}
26
Curriculum Dev. Workshop for Wireless Networks 51 Mobile Networks
Configuring hot spot gateway (1/2)
ESSID is “hokies”
Curriculum Dev. Workshop for Wireless Networks 52 Mobile Networks
Configuring hot spot gateway (2/2)
IP: 192.168.1.253Mask: 255.255.255.0
27
Curriculum Dev. Workshop for Wireless Networks 53 Mobile Networks
Visible IEEE 802.11b networks
Netstumbler sees both networks (and others)tech – the WLAN implementing the public Internethokies – the WLAN implementing the private network
Curriculum Dev. Workshop for Wireless Networks 54 Mobile Networks
Client picks hot spot WLAN – hokies
28
Curriculum Dev. Workshop for Wireless Networks 55 Mobile Networks
Client’s IP configuration (ipconfig)
IP address (192.168.1.103) is assigned by DHCP at the hot spot gatewayDefault gateway is hot spot gateway (192.168.1.254)Ready to access the web … almost
Curriculum Dev. Workshop for Wireless Networks 56 Mobile Networks
ipchains before client authentication
Traffic from 192.168.1.103 (and all other private network hosts) is redirected to local web serverWeb server requests authentication
[root@wmsd05 ~/hotspot_server]# ipchains -L
Chain input (policy ACCEPT):target prot opt source destination portsREJECT tcp -y---- anywhere anywhere any -> anyREDIRECT tcp ------ anywhere anywhere any -> http => httpACCEPT all ------ anywhere anywhere n/a
Chain forward (policy ACCEPT):Target prot opt source destination portsMASQ all ------ 192.168.1.0/24 anywhere n/a
Chain output (policy ACCEPT):
29
Curriculum Dev. Workshop for Wireless Networks 57 Mobile Networks
Client authenticates with service
Curriculum Dev. Workshop for Wireless Networks 58 Mobile Networks
Verification output at client
30
Curriculum Dev. Workshop for Wireless Networks 59 Mobile Networks
ipchains after client authentication
Traffic from 192.168.1.103 is accepted and allowed to be sent to any host and portOther traffic still treated as before
[root@wmsd05 ~/hotspot_server]# ipchains -L
Chain input (policy ACCEPT):target prot opt source destination portsACCEPT all ------ 192.168.1.103 anywhere n/aREJECT tcp -y---- anywhere anywhere any -> anyREDIRECT tcp ------ anywhere anywhere any -> http => httpACCEPT all ------ anywhere anywhere n/a
Chain forward (policy ACCEPT):target prot opt source destination portsMASQ all ------ 192.168.1.0/24 anywhere n/a
Chain output (policy ACCEPT):
Curriculum Dev. Workshop for Wireless Networks 60 Mobile Networks
Client: Final web access
31
Curriculum Dev. Workshop for Wireless Networks 61 Mobile Networks
Experience with the Hot Spot Project
The project is challenging but very engagingLots of components have to work togetherStudents must learn a lot of new topics, largely on their ownOperates very much like “real world” Internet services
Complimentary teams are good so that one member has prior experience in web applications and/or Linux configurationMost groups achieve complete or nearly complete successHighly rated by students
Curriculum Dev. Workshop for Wireless Networks 62 Mobile Networks
Summary
The Mobile Networks portion of the course consists of four weeks, covering
Internet Protocol (IP) addresses and routingRationale and operation for three forms of mobile nodes or users
Mobile ad hoc networks – Mobility without infrastructure Mobile IP – Seamless mobility with infrastructureNomadic services (NAT, DHCP, VPNs, Firewalls) – Mobility requiring reconfiguration
TCP and operation in a wireless environment (in Spring 2003)Security
Vulnerabilities and defenses in wireless and mobile systemsSecurity in IEEE 802.11 wireless local area networks, including basic mechanisms Wireless Protected Access (WPA), and IEEE 802.11i