1 / 33

Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis

Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis. Written by Yu-Chung Cheng, John Bellardo, Peter Benko, Alex C. Snoeren, Geoffrey M. Voelker and Stefan Savage. Analysis by Carlos Troncoso CS388 Wireless Security. Common problems in production Wireless Networks.

Download Presentation

Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Written by Yu-Chung Cheng, John Bellardo, Peter Benko, Alex C. Snoeren, Geoffrey M. Voelker and Stefan Savage Analysis by Carlos Troncoso CS388 Wireless Security

  2. Common problems in production Wireless Networks • Conflicts with nearby wireless devices • Bad AP channel assignments • Microwave ovens interference • Bad interaction between TCP and 802.11 • Rogue access points interference • Poor choice of APs (weak signal) • Incompatible user software/hardware

  3. Sounds Familiar? Helpdesk receives a phone call… • User: “…my Internet connection is flaky… ” • Support: “What happened?…” • User: “Well Internet got disconnected and now it is very slow…” • Support:“OK, let me check here…” • User: “Wait!..wait…it’s working now….”

  4. Goal of Jigsaw To develop a deeper understanding of the dynamics and interactions in production wireless networks by reconstructing their behavior in its entirety.

  5. Jigsaw Provides a single, unified view of all physical, link, network, and transport-layer activity on a 802.11 production network.

  6. Wireless traffic measure challenges: • Ambient environmental interference • Sender’s transmit power • Distance to the receiver • Strength of any simultaneous transmissions on nearby channels heard by the same receiver • MAC (Media Access Control) protocol • Traffic is based on TCP protocol that carries a set of complex dynamics

  7. Methodology • Large-scale monitoring infrastructure deploying hundreds of radio monitors to gather traffic activity over the Wireless network (covering around 1million cubic feet) • These monitors feed the centralized system Jigsaw to produce a precise global picture of the network activity.

  8. Methodology (continued) • Large-scale Synchronization: achieved through a passive algorithm that synchronizes the hundreds of simultaneous traces • Frame Unification: achieved by combining and merging duplicate traces to construct a single trace • Multi-Layer Reconstruction: achieved by reconstructing raw frame data into a complete trace with all link and transport-layer conversations.

  9. Media Access Control • 802.11 protocol uses the CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) to schedule and retry transmissions • CSMA/CA has the hidden node problem

  10. Hidden Node problem • Creates co-channel interference from other transmitters • Finding: • CSMA/CA uses special RTS/CTS (Request to Send/Clear to Send) frames to handle this problem • Hidden nodes are handled by Jigsaw (with exceptions) B ? Laptop A Hidden Node:A sends data, Laptop‘s reception is interfered by B A sends data and Laptop sends an ACK

  11. Previous Related Work • Researches measured traffic using less monitoring nodes • Previous efforts focused on separate channels, or focused on small number of traces • The Jigsaw approach focuses on large-scale online monitoring and complete multi-layer reconstruction.

  12. Data Collection • Environment • Hardware • Software Department of Computer Science and Engineering University of California, San Diego

  13. Environment • Study was done at the University’s CS building • 4 story building • 500 users with 10 to 100 active client connections

  14. Hardware • 2.8 GHz Pentium Server with 2 TB of Storage • 40 sensor pods used for wireless infrastructure • 4 radios in each sensor pod to capture all channels, timestamp, errors, etc.

  15. Software • Pebble Linux and MadWifi driver for each monitor • Driver modified to capture even corrupted frames and physical errors • Jigdump application to manage data capture

  16. Trace Merging Trace merging is necessary to produce a coherent description of combined traces.

  17. Trace Merging Requirements • Synchronization: monitors timestamps by properly synchronizing all frames to a common reference time • Unification: minimizes duplicate traces • Efficiency: trace merging executes faster than real time radios

  18. Bootstrap synchronization • Method finds set of reference points to synchronize the radios • All clocks run at the same rate and Jigsaw system places each frame into a universal time by adjusting its timestamp • Methodology allows frames on one channel to be related to timestamps on another

  19. Unification After bootstrap synchronization, Jigsaw processes traces by time and unifies duplicate frames (instances) into single data structures called jframes

  20. Monitors Received frames Traces synchronized Received, with error Corrupted data Time Jigsaw trace: jframe

  21. Unification (continued) • Basic unification: a linear scan is performed to group instances with the same timestamp • Clock adjustment: because radio clock’s skew over time, jigsaw takes advantage of the unification method and resynchronizes each trace • Managing skew and drift: if sensors do not detect frames in common, then jigsaw relies in the local clock of the radio sensor to assign a timestamp

  22. Link and transport reconstruction After constructing a global view of the physical events, the next step is to reconstruct the link and transport layer traffic.

  23. Link-Layer inference L2 • Jigsaw identifies each transmission attempt from the sender and records subsequent responses • MAC address are used to group frames to check whether transmission requests are being delivered successfully or not • Jigsaw uses frame sequence number to reference groups of frames, but also deduces the presence of missing frames based on subsequent behavior of sender and receiver

  24. Transport inference L4 • The transport analysis takes frame exchanges as input and reconstructs TCP flows based on the packet headers • By capturing TCP ACKs, Jigsaw can record even the omitted frames shown in the packet

  25. Coverage • Obtaining effective coverage for all transmissions is an evident challenge • Monitors need to be precisely placed and properly configured to capture ALL data • 97% of traffic was covered in this Jigsaw implementation

  26. Analysis Global perspective provided by the distributed monitors • Trace summary • Interference • 802.11g protection mode • TCP loss rate inference

  27. Trace Summary • High level characteristics of trace by collecting traffic from active APs • Average of three observations made for every frame in the network • Finding: management traffic (beacon, ARP) consumes 10% of the channel at a given time

  28. Interference Simultaneous transmission that causes frame loss Red color shows an example of physical interference caused by a Microwave oven Instantly detects and tags interference

  29. 802.11g Protection mode • Protection policy is extremely conservative • Reduces performance • Should only be used when 802.11b is present

  30. TCP loss rate inference • The TCP reconstruction algorithm is used to assemble all flows that complete a handshake. • TCP loss is dominant over physical traffic

  31. Present • Jigsaw is an attempt to attain a high level of detailed analysis • Jigsaw unifies traces from multiple passive wireless monitors to reconstruct a global view of network activity • Jigsaw is only the building block to answer the questions • Why is the network malfunctioning? • How do I fix it?

  32. Future • Real-time system for automated detection and evaluation of poor network performance • Identifies problem flows and isolates potential causes of poor performance

  33. Questions?

More Related