Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices

Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices

• 1.
  #p2pwifi #groupconnect #IoT #handshake#cloudappsDesign and Implementation [email protected] maratishe.github.io 2017/06/22@RCS研@石垣島 PDF: bit.do/170622 Zhanikeev Marat of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices
• 2.
  M2M, D2D in4G+ Networks SC BS SC SC Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 2/14 2/14
• 3.
  ..and the muchwanted OFFLOAD • simply put, use device-to-cloud connections as little as possible • reality: BeaconStuffing is not available, P2P WiFi (=WiFi Direct, Miracast) almost there, SSID is fully accessible • this paper: focus on the 3-party handshake with the help of SSID beaconing WiFi 3G Connectivity WebApp Cloud New paradigm Beacon Stuffing Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 3/14 3/14
• 4.
  Use 32 octetsin SSID wisely Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 4/14 4/14
• 5.
  The Unit HandshakeProcess Cloud Client A Client B id, GPS, APs Seeking group! Check -in HashkeyHashkey >> SSID Grouping request Matching Check-in B s hashkey Hashkey >> SSID Direct comm. • given: IoT devices use periodic polling to sync with cloud side • efficiency: stay withing polling requests as much as possible • hashkeys are always generated and maintained by cloud side • devices provide feedback on local environment for the cloud side to sort (matching) Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 5/14 5/14
• 6.
  Modeling for Trace-BasedAnalysis • it takes about 3-5s to reconfigure and start WiFi Hotspot, plus lazy beaconing for energy efficiency • note: SSID messaging is quick while WiFi Direct contact will require additional overhead Cloud API Client A Effective range Walking path Lazy Beaconing WiFi Direct GroupingDiscovery Client B Local traffic Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 6/14 6/14
• 7.
  Modeling Wireless Encounters 01 2 3 4 5 6 7 8 9 Time order 20 40 60 80 100 120 140 160 180 200 distance 0 1 2 3 4 5 6 7 8 9 Time order 0 0.2 0.4 0.6 0.8 1 speed • used Statefair (matsuri?) trace from Crawdad • randomly extracted 1000 encounters (meets) • analysis target: see how many encounters pass requirements as they gradually become stricter • requirements: keep within a given distance for a given length of time Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 7/14 7/14
• 8.
  Performance Map 3 510 15 30 60 90 180 5 7 10 15 20 25 50 03 01 00 00 00 00 00 00 05 04 01 01 01 00 00 00 10 08 06 04 03 01 00 00 20 18 14 11 09 03 02 00 26 25 22 20 16 06 03 01 32 31 30 27 23 12 07 02 55 53 51 50 48 41 33 12 Effectiverange(meters) Session duration (seconds) • only 55% pass the lowest thresholds – too much continuous motion at the Statefair • above 20% is probably acceptable for deployment of local wireless app • cells like 30s/20m, 10s/ 15m should be OK in practice Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 8/14 8/14
• 9.
  Practice/Implementation • already haveworking prototypes on Android below 6.0 ◦ since 6.0, runtime permission and other major changes make it much harder (not impossible, though) to write such apps ◦ so, basically, voice in favor of Android-based IoT devices, fog clouds, etc. • implementing SSID beaconing is very easy, but Beacon Frame is not accessible (shame!) • next step: add WiFi Direct for a full-scale localized wireless IoT device with high throughput ◦ high throughput is a tentative step towards olympics (current plans will definitly not be able to handle the load come 2020) ◦ ... like local video streaming... Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 9/14 9/14
• 10.
  That’s all, thankyou ... Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 10/14 10/14
• 11.
  Extras: An IoTFog Box • prototype uses Local Hardware Awareness (LHAP) and WiFi Direct on Raspberry Pi WiFi Wireless users WiFi AP Physical Device Cloud Platform VM VM Con.Con.Con. Storage Sensors … Beacon WiFi AP WiFi Client P2P WiFi Box s Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 11/14 11/14
• 12.
  Theory Behind LocalGrouping To 3G/LTE Virtual Wireless User Internal Engine To 3G/LTE Resource Virtualization Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 12/14 12/14
• 13.
  Vehicular Groups aswireless offload 4 5G Vehicular Group 4 5G End Users Data Center (DC) Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 13/14 13/14
• 14.
  Running cloud appson vehicles Cars Rarely Meet Meeting Likely Travel Together Park Together DTN MANETs Traditional SingleConnect Sensor Cloud Storage Cloud Information Support Marat Zhanikeev – [email protected] Design and Implementation of a 3-Party Cloud-Backed Handshake for Secure Grouping of WiFi IoT Devices 14/14 14/14