PAWS Architecture

Prof. Jon Crowcroft, Dr. Murray Goulden, Dr. Christian Greiffenhagen, Heidi Howard, Prof. Derek McAuley, Dr. Richard Mortier, Dr. Milena

Radenkovic, Dr. Arjuna Sathiaseelan

Ubiquitous Access to Public Services Online

with PAWS

"All people should be allowed to connect to and express themselves freely on the Internet" - UN Human Rights Council

Lowest Cost Denominator Network

Introducing a new level of basic access, bridging the gap between no access and full access

Offering less than best effort access to all

10 % of the UK population do not have internet access

Aspley, Nottingham3 month trial

One of the most deprived areas in the country

~1/3 without internet access

50 new users50 sharers

Wireless Community Networks (WCN)

Forming Co-op's where you share your WiFi and in turn can use other's

Fon is the most popular WCN, with > 8 million FON hotspots worldwide

This demonstrates that people are willing to share their internet connection

Introducing PAWS

Public Access Wifi Service (PAWS) works with local councils and communities to give everyone access to basic public services online.

Aims● Confidentiality● Accountability● Ease of Use● Priority● Authentication● Scalability

Ease of Use

Most home routers are provided by ISP's, plugged in and left on default settings

Not scalable to re-configure everyone's routers

Introducing the PAWS access point, a Netgear router running OpenWRT

Priority

We need to measure the spare network capacity available to each PAWS access point

Project BISmark by Georgia Tech

3 month trial: 1 month of measurement, then 2 months of use

Throttling traffic at the PAWS access point

Authentication

User need to be able to authenticate themselves to the PAWS network at any PAWS box

We have a RADIUS server in Nottingham

This can be linked to the council's authentication servers

Accountability

PAWS users need to have a separate public IP address from the sharer. Sharers must not be accountable for users' actions online

Using a virtual private network (VPN) to a secure endpoint so all PAWS network traffic has the same IP address

Use PAWS access point firewalls to enforce use of PAWS VPN

ConfidentialityWiFi Encryption often provides weak security

Traffic passes through the sharer's home router where it can be sniffed

We already get this fixed for free with VPN to the user's devices

Scalability

Authentication across deployment areas

You are registered with your home area, authentication when travelling is directed to your home authentication server but we allow use of the nearest VPN server

Limitations

- VPN setup on some client devices is difficult- The most widely supported VPN is PPTP, but its been proven insecure- Some home routers block VPN traffic by default- PAWS Routers currently cost £130 each- Single point of failure, all traffic routed though VPN server- Little incentive to share

Ideas for Future Work

- Two tier system, where users who are also sharers get more bandwidth- For users who are also sharers use their PAWS box as the VPN endpoint instead - VPN from PAWS AP instead of client devices,combined with WPA Enterprise from the device to PAWS AP- Client apps to map coverage, automatically connect to VPN etc..- Implement fallback in PAWS access points

Questions & Comments

Heidi [email protected]

@heidiann360

@heidi-ann