wireless networks and mobile systems: mobile...

1

Curriculum Development Workshop for Wireless Networks

Wireless Networks and Mobile Systems: Mobile

Networks

Scott F. Midkiff and Luiz A. DaSilva© 2004

Curriculum Dev. Workshop for Wireless Networks 2 Mobile Networks

Objectives

Provide an overview of topics and assignments in the Mobile Networks module of the courseDescribe one of the design projects (wireless “hot spot”service)

2


Agenda

Learning objectives and module structureLecture topicsIn-class lab exercisesAt-home exercisesDesign project

Wireless hot spot design project


Mobile Networks (1/2)

Application

Transport

Network

Data Link

Physical

Basics of IP routingMobile ad hoc networksMobile IPIP for nomadic users (NAT, DHCP, VPNs, firewalls)

Security

Wireless TCP

3


Mobile Networks (2/2)

Greatest omission is networking in cellular infrastructureTopic is covered elsewhere in ECE curriculumDoes not lend itself to hands-on experiments

Focus on a few selected examplesAODV and OLSR as a MANET routing protocolsLinux IP Chains as a packet filtering schemeLittle coverage of IPv6

Omitted security in Spring 2003 and TCP over wireless in Spring 2004


Module structure

Mobile Networks module consists ofFour 75-minute lecturesFour 75-minute in-class lab exercisesTwo at-home exercisesOne design project

Lectures and in-class lab exercises for this module were conducted in weeks 8, 9, 10, and 11

4


Lecture 8: IP routing and MANET routing algorithms

Layer 2 routing (tie back to previous Wireless Networks module)Routing basics for the Internet Protocol

Distance vector algorithmsLink-state algorithms

Mobile ad hoc networks (MANETs)Example MANET routing protocols

Optimized Link State Routing (OLSR) protocolAd-hoc On-demand Distance Vector (AODV) routing protocol


MANETs

A mobile ad hoc network (MANET) is characterized by…Multi-hop routing so that nodes not directly connected at Layer 2 can communicate through Layer 3 routingWireless linksMobile nodes

S

D

S

D

LogicalTopology

5


Types of MANET Routing

MANET Routing Protocols

Hybrid

Proactive Reactive

Example:OLSR

Example:AODV


Optimized Link State Routing

Maintains a full routing tableUses multipoint relay set (MPR) concept to

Minimize amount of link-state informationReduce the number of nodes that must transmit topology information

1

3 5

2

6

7

4

Dest Next Hops1 4 22 2 14 4 15 5 16 4 (5) 27 4 (5) 3

6


Ad-hoc On-demand Distance Vector

Finds a route only when neededSource node and nodes along path know only active routes

14

3 5

2

6

7

Dest Next Hops7 4 3


In-class Lab Exercise 8 (1/4)

ObjectivesFamiliarize students with the operation of the Optimized Link State Routing (OLSR) protocol for mobile ad hoc networks (MANETs)Investigate delay, throughput, connectivity and overhead in MANETs

After the exercise, students are able toUnderstand the operation of the OLSR routing protocolEvaluate multi-hop ad hoc routing protocols in wireless environments

7



Equipment

System softwareRed Hat Linux 7.3OLSR INRIA implementation with U.S. Office of Naval Research (NRL) modifications

http://pf.itd.nrl.navy.mil/projects/olsrv3

Dell Latitude C640Notebook

Xircom Credit Card Wireless Ethernet Adapter



TasksInstall OLSR software in Linux (pre-lab)Configure an IEEE 802.11b ad hoc networkSynchronize time with a “controlling”:nodeUse iperf to measure throughput with a directly connected topology

Two teams in each network run iperfserversTwo teams in each network run iperfclients

Create a multi-hop topology and repeat the testSave results for later analysis (in the at-home exercise)

8



Multi-hop topologyPreliminary site study to determine reasonable distancesExact topology known only when the experiment is performed

12

3 45

6

7

8

iperfclient

iperfclient

iperfserveriperf

server

experimentcontrol


At-home Exercise 8 (1/2)

ObjectivesEvaluate the OLSR routing protocol by analyzing the results fromthe in-class experiment

After the exercise, students are able toUnderstand the operation of the OLSR routing protocol in mobilead-hoc networksCompare the performance of MANET routing protocols in different network topologies

9



TasksAnalyze log files collected in the in-class exerciseDetermine the Multipoint Relay (MPR) set and Multipoint Relay Selector (MPRS) set for OLSR and the logical topologyAnalyze and plot packet loss rate and throughput for the directly-connected and multi-hop topologiesSummarize “lessons learned” and general observations

Deliverable is a written report


Lecture 9: IP addressing, IP routing, and Mobile IP

IP addressingNode mobility and IPMobile IP

Foreign agent discoveryHome agent registrationPacket delivery through tunnelingRoute optimization

10


A Limitation of IP Addressing

An IP address implies both a host (the “name”) and a network (the “location”)

ab

c

3.0.0.2 3.0.0.3 3.0.0.4

4.0.0.5 4.0.0.6

RouterDest = 3.0.0.4

3.0.0.4

X

MobileHost

Target Interface2.0.0.0/24 a3.0.0.0/24 b4.0.0.0/24 c


Mobile IP

HomeAgent

ForeignAgent

CorrespondentNode (Host)

10.0.8.0/24

10.4.5.0/24

10.0.8.510.0.8.5

10.4.5.43

10.4.5.43

MobileHost 10.0.8.5

10.0.8.5

10.92.2.3

10.92.2.3

11



ObjectivesFamiliarize students with the operation of Mobile IPInvestigate delay, throughput, and overhead of Mobile IP

After the exercise, students are able toExplain the operation of the home agent, the foreign agent and the mobile node in Mobile IPUnderstand the routing and tunneling operation in Mobile IPConfigure the Dynamics Mobile IP package in Linux



Equipment

System softwareRed Hat Linux 7.3HUT’s Dynamics Mobile IP

http://www.cs.hut.fi/Research/Dynamics/



Intel Wireless Gateway

2 for entire class

12



TasksConfigure the Dynamics Mobile IP packageSelected student groups configure hosts as foreign agents, home agents, mobile hosts, and corresponding hostsUse Ethereal to trace signaling when mobile host moves from home to foreign networkObserve delay (with ping), throughput (with iperf), and signaling (with Ethereal) for mobile nodes in foreign networks



192.168.100.1 192.168.200.1

CorrespondentNode

192.168.100.X

HomeAgent

192.168.100.101

MobileNode(s)

192.168.100.X

ForeignAgent

192.168.200.101

MobileNode(s)

192.168.100.X

Home Network (192.168.100.0/24) Foreign Network (192.168.200.0/24)

13


Lecture 10: Nomadic services, DHCP, NAT, and VPNs

Nomadic servicesVirtual private networks (VPNs)Dynamic Host Configuration Protocol (DHCP)Network address translation (NAT)Firewalls and packet filteringHTML and web programmingComments on the wireless “hot spot” service


Functions for Nomadic Services

Addressvia DHCP

Secure Data,Private Address

Secure Data,Public Address

• VPN endpoint• VPN endpoint

• DHCP• NAT

Public NetworkPrivate Network Private Network

NomadicNode

14


iptablesExample:

Setting DSCP

Example:Redirecting

Example:Typical Firewall

FunctionsExample:Typical Firewall

Functions



ObjectivesFamiliarize students with the operation of virtual private networks (VPN)Familiarize students with the operation of the Dynamic Host Configuration Protocol (DHCP) and IP masquerading, which is alsoknown as network address translation (NAT)

After the exercise, students are able toUnderstand the operations of VPNs, DHCP, and NATSetup VPN connections in Windows 2000 Professional systems

15



Equipment

System softwareWindows 2000 Professional




1 for entire class



TasksSetup and monitor a VPNSetup and monitor DHCP and NAT in Windows 2000 Internet Connection Sharing (ICS)

16



Virtual private network (VPN) experiment

Internet connection sharing (ICS) experiment

IntranetHost

192.168.0.2

VPNServer

192.168.0.1

VPNClient

192.168.0.1“Internet”

IntranetHost

192.168.0.2

InternetGateway

192.168.0.1

WebServer

192.168.0.1“Internet”


Design Project 10

ObjectivesUnderstand how routing, IP firewalls, and IP masquerading (also known as network address and port translation) can be integratedto offer wireless connectivity or “hot spot” service

Topics coveredDHCP daemon use and configurationiptables or ipchains use for basic firewalling and IP masqueradingConfiguring a notebook running Linux to work as a routerBasic web authentication using a web interface

More later…

17


Lecture 11: TCP in wireless networks

TCP overviewFlow controlCongestion avoidance, slow start, and retransmissionTCP Reno and TCP Vegas

TCP in wireless networksSolutions to TCP performance problems in wireless networks

Included in Spring 2003, but not in Spring 2004


Lecture 12: Security inwireless LANs and mobile networksSecurity vulnerabilities and objectivesSecurity mechanismsBasic security features in IEEE 802.11

AuthenticationPrivacy

Improving WLAN securityRSA Security’s Fast Packet RekeyingWiFi Alliance’s WiFi Protected Access (WPA)IEEE 802.11 Technical Group i (IEEE 802.11i)

Augmenting WLAN securityOther security issues

18



ObjectivesObserve security vulnerabilities in wireless local area networksObserve Denial of Service (DoS) attacks that target IEEE 802.11 WLANsObserve the operation of an 802.11 WLAN detector, sniffer, and Intrusion Detection System (IDS)



Equipment

Special softwareKismet – a layer 2 wireless network detector, packet sniffer, and intrusion detection system




1 for entire class

19



TasksSpoofing the Intel gateway’s IP address (ARP cache poisoning)

One student spoofs the IP address of the access point and, under some conditions, “poisons” the ARP cache entries of other nodes in the network

Network sniffing, detection, and intrusion detectionKismet is used to monitor IEEE 802.11b traffic

Impersonating an access pointLab instructor’s computer impersonates an access point and causes student notebooks to disassociate from the real access point



ObjectivesUnderstand the mechanics of the attacks that were conducted in the in-class labInvestigate possible defenses

20



Equipment




CompaqiPAQ 3850



Tasks“ARP cache poisoning” attack

Use screenshots of routing table and ARP table together with the Ethereal capture file to explain the mechanics of this attackUsing the iPAQ (attacker), notebook, and Intel WLAN gateway, replicate the attack scenario

“Impersonating an access point” attackUse the screenshots from the Kismet alert interface together with the dumb files produced by Kismet to identify broadcast deassociation messages spoofed by the rogue AP

Explain how this attack was made possible and suggest any defenses against it, including any using features of WiFi Protected Access (WPA)

21


Wireless hot spot design project

Build a wireless hot spot service usingDHCPipchains for basic firewalling and IP masqueradingNotebook running Linux to work as a routerWeb authentication using a web interface

Deliverables for each group of two studentsProject demonstrationProject report


Basic hot spot configuration

DHCP serverFirewallIP masqueradingWeb-based authentication

Private Network

“Public” Internet

PrivatePublic

22


Creating an association

IEEE 802.11NIC

IEEE 802.11AP

Association

DHCPClient

DHCPServer

IP Configuration

WebBrowswer

HTTP Server/CGI

Authentication

NomadicUser

Hot SpotService


Data transfer

IEEE 802.11NIC

IEEE 802.11AP

IP IP

NomadicUser

EndHost

NAT/Firewall

TCP/UDP

IP

TCP/UDP

Hot SpotService

23


Network configuration

Private Hot SpotNetwork

Public Internet

Iface: eth0IP: 192.168.1.254Mask: 255.255.255.0

Iface: eth1ESSID: techIP: 192.168.2.100Mask: 255.255.255.0

IP: 192.168.1.103ESSID: hokiesMask: 255.255.255.0

• Firewall (IP Chains)• DHCP• Web-based authentication• NAT (IP Masquerading)

• Apache web serverhttp://192.168.2.1/

ESSID: hokiesIP: 192.168.1.253Mask: 255.255.255.0

Iface: eth0ESSID: techIP: 192.168.2.1Mask: 255.255.255.0

ESSID: techIP: 192.168.2.253Mask: 255.255.255.0


Script to start gateway (1/4)

#!/bin/bash

#bring up firewall#/etc/init.d/ipchains restart

# make sure iptables is not enabled# make sure ipchains _is_ enabledrmmod iptable_filterrmmod ip_tablesmodprobe ipchains

24


Script to start gateway (2/4)#3 things needed for ip masqing

# tell ipchains to default to deny all forwarding

# flush all chains/sbin/ipchains -F

# accept incoming packets/sbin/ipchains -P input ACCEPT

# reject syn packets coming to the outside port# we don't need anyone coming in from the outside/sbin/ipchains -A input -i eth1 -p tcp -y -j REJECT

# redirect all http requests to the local http port/sbin/ipchains -A input -i eth0 -p tcp -d 0/0 80 -j REDIRECT 80

# accept all connections coming from the inside/sbin/ipchains -A input -i eth0 -j ACCEPT



# should add rules to limit what the internal hosts may connect to (on this box)

# stop forwarding; we only want masquerading/sbin/ipchains -A forward -i eth1 -s 192.168.1.0/24 -j MASQ

#enable ip fowarding for ip masqueradingecho 1 > /proc/sys/net/ipv4/ip_forward

25



#bring up wireless link# change channel to whatever channel is wanted# change essid to AP ssid/usr/local/sbin/iwconfig eth1 channel 1 essid tech/sbin/ifconfig eth1 192.168.2.100 netmask 255.255.255.0 up/sbin/ifconfig eth0 192.168.1.254 netmask 255.255.255.0 up

#restart dhcpd to use eth1 as well#/etc/init.d/dhcpd restartservice dhcpd restartservice httpd restart


Configuring DHCPd at gateway

Assigns IP addresses in range 192.168.1.100 to 192.168.1.200 for subnet 192.168.1.0/24

#example dhcpd.conf file

option domain-name "stu.net";option subnet-mask 255.255.255.0;default-lease-time 150000;max-lease-time 1290000;option routers 192.168.1.254;#option domain-name-servers 198.82.247.98;

subnet 192.168.1.0 netmask 255.255.255.0 {range 192.168.1.100 192.168.1.200;

}

host testpc1 {hardware ethernet 00:40:96:48:3b:ab;fixed-address 192.168.1.30;

}

subnet 192.168.2.0 netmask 255.255.255.0 {}

26


Configuring hot spot gateway (1/2)

ESSID is “hokies”


Configuring hot spot gateway (2/2)

IP: 192.168.1.253Mask: 255.255.255.0

27


Visible IEEE 802.11b networks

Netstumbler sees both networks (and others)tech – the WLAN implementing the public Internethokies – the WLAN implementing the private network


Client picks hot spot WLAN – hokies

28


Client’s IP configuration (ipconfig)

IP address (192.168.1.103) is assigned by DHCP at the hot spot gatewayDefault gateway is hot spot gateway (192.168.1.254)Ready to access the web … almost


ipchains before client authentication

Traffic from 192.168.1.103 (and all other private network hosts) is redirected to local web serverWeb server requests authentication

[root@wmsd05 ~/hotspot_server]# ipchains -L

Chain input (policy ACCEPT):target prot opt source destination portsREJECT tcp -y---- anywhere anywhere any -> anyREDIRECT tcp ------ anywhere anywhere any -> http => httpACCEPT all ------ anywhere anywhere n/a

Chain forward (policy ACCEPT):Target prot opt source destination portsMASQ all ------ 192.168.1.0/24 anywhere n/a

Chain output (policy ACCEPT):

29


Client authenticates with service


Verification output at client

30


ipchains after client authentication

Traffic from 192.168.1.103 is accepted and allowed to be sent to any host and portOther traffic still treated as before

[root@wmsd05 ~/hotspot_server]# ipchains -L

Chain input (policy ACCEPT):target prot opt source destination portsACCEPT all ------ 192.168.1.103 anywhere n/aREJECT tcp -y---- anywhere anywhere any -> anyREDIRECT tcp ------ anywhere anywhere any -> http => httpACCEPT all ------ anywhere anywhere n/a

Chain forward (policy ACCEPT):target prot opt source destination portsMASQ all ------ 192.168.1.0/24 anywhere n/a

Chain output (policy ACCEPT):


Client: Final web access

31


Experience with the Hot Spot Project

The project is challenging but very engagingLots of components have to work togetherStudents must learn a lot of new topics, largely on their ownOperates very much like “real world” Internet services

Complimentary teams are good so that one member has prior experience in web applications and/or Linux configurationMost groups achieve complete or nearly complete successHighly rated by students


Summary

The Mobile Networks portion of the course consists of four weeks, covering

Internet Protocol (IP) addresses and routingRationale and operation for three forms of mobile nodes or users

Mobile ad hoc networks – Mobility without infrastructure Mobile IP – Seamless mobility with infrastructureNomadic services (NAT, DHCP, VPNs, Firewalls) – Mobility requiring reconfiguration

TCP and operation in a wireless environment (in Spring 2003)Security

Vulnerabilities and defenses in wireless and mobile systemsSecurity in IEEE 802.11 wireless local area networks, including basic mechanisms Wireless Protected Access (WPA), and IEEE 802.11i

wireless networks and mobile systems: mobile...

Documents