WLAN:QoS, Z-iteration, and
Assertional Security Analysis
A.Udaya ShankarComputer Science Dept and UMIACS
University of [email protected]
12/16/02 A.U.Shankar --- LTS 2
Outline
QoS
Z-iteration (performance evaluation)
Assertional Security Analysis
12/16/02 A.U.Shankar --- LTS 3
Outline
QoSCompensating for “physical capture”effect in WLANs
Z-iteration (performance evaluation) Assertional Security Analysis
12/16/02 A.U.Shankar --- LTS 4
QoS: Throughput fairness
Throughput fairness in 802.11 depends on MAC access mechanism Physical-layer characteristics
Most studies downplay physical-layer effect and focus on the MAC CSMA/CA/BEB
We discovered that physical-layer capture is the dominant factor in throughput fairness
12/16/02 A.U.Shankar --- LTS 5
Physical-layer capture effect
Physical-layer capture efffect: When two frames collide at a receiver, the
receiver can extract the stronger frame
Capture occurs consistently for even a few dBm difference in frame signal strengths
Capture occurs frequently in WLANs (due to multipath and fading).
12/16/02 A.U.Shankar --- LTS 6
Ad-hoc Mode Experiments
source 1 source 2 sniffer
Sources broadcasting in ad-hoc mode no beacons, ACKs, and retransmissions MAC-layer effect minimized
Results 8% of frames collided 90% of collisions had capture 8% higher throughput for stronger station
12/16/02 A.U.Shankar --- LTS 7
Ad-hoc Mode ExperimentsSignal strengths Throughputs
12/16/02 A.U.Shankar --- LTS 8
Infrastructure Mode Experimentswithout RTS/CTS
source 1 source 2 AP sniffer sniffer sink
Results Weaker station retransmitted 5% of frames Stronger station retransmitted 0.5% of
frames Stronger station had 7% higher throughput
12/16/02 A.U.Shankar --- LTS 9
Infrastructure Mode Experimentswithout RTS/CTS
Signal strengths Throughputs
12/16/02 A.U.Shankar --- LTS 10
Infrastructure Mode Experimentswith RTS/CTS
source 1 source 2 AP sniffer sniffer sink
Results Each station retransmitted under 0.1% data
frames Weaker station retransmitted 5% of RTS frames Stronger station retransmitted 0.1% of RTS
frames Stronger station had 12% higher throughput
12/16/02 A.U.Shankar --- LTS 11
QoS: Compensating for Capture
Congestion control based on signal strength
Explicit control Source controls its send rate based on its
signal strength at AP
Implicit control AP delays packets of stronger sources,
thereby inciting transport layer congestion control to throttle down
12/16/02 A.U.Shankar --- LTS 12
QoS: Conclusions
Physical-layer capture is a major cause of MAC throughput unfairness.
Resulting unfairness as high as 12% in favor of station with stronger signal.
Any QoS scheme must account for differing signal strengths of sources.
Investigating explicit and implicit schemes. Invention disclosure.
12/16/02 A.U.Shankar --- LTS 13
Outline
QoS
Z-iterationFast evaluation of instantaneous peformance metrics of wireless/wireline networks
Assertional Security Analysis
12/16/02 A.U.Shankar --- LTS 14
Z-iteration: Introduction
Fast evaluation of heterogenous TCP/IP networks Current evaluation methods are not adequate
analytical methods are inaccurate and coarse packet-level simulators are slow (e.g. ns,
opnet) Do not capture real-world features
802.11 rate-switching Platform dependencies (timers, scheduling)
Goal: Evaluation method that is as accurate as packet-level simulation but much faster
Approach: Based on fast approximate solutions of time-dependent queuing models
12/16/02 A.U.Shankar --- LTS 15
Z-iteration Approach
TCP/IP networks modeled by a queuing network Traffic modeled by time-dependent stochastic process Time-dependency: natural modeling of adaptive control
(congestion, routing, admission, link scheduling, ...) Queuing differential equations solved rapidly using
Z-iteration approximations Obtain time evolution of instantaneous ensemble
metrics at each link for each connection average_queue_size(t), blocking(t), utilization(t), …
Validation against ns simulation
12/16/02 A.U.Shankar --- LTS 16
Start from the flow equationflow equation
If we can express B(t) and U(t) in terms of N(t), we would have a single differential equation per queue
For a network of queuesnetwork of queues, each queue i has
So a network of nn queues is modeled by nn differential equations
M(t)/M(t)/* Queuing Networks(t)(t)
(t)U(t)B(t)](t)[1dt
dN(t) μλ
n
1jjji
*i t time at i)(j yProbabilit Routing (t)(t)U(t)(t) μλλ
12/16/02 A.U.Shankar --- LTS 17
M(t)/M(t)/* Queuing Networks
12/16/02 A.U.Shankar --- LTS 18
M(t)/M(t)/* Queuing Networks
12/16/02 A.U.Shankar --- LTS 19
TCP/IP Networks
Model link by variation of M(t)/M(t)/1/K equations
Model TCP sources by profiles. ProfileProfile of a TCP source:
function that describesinst. throughput throughput versusinst. loss rate loss rate andinst. roundtrip timeroundtrip time.
12/16/02 A.U.Shankar --- LTS 20
Drop-Tail Example 2: 30 nodes, mid-load
N20
N19
N21
B1
N24
N23
B5
B6
N22
N6
N4
N3
N5
N2
N1
N16
N15
N13
N12
N11
N17N14
B3
N10
N9
N18
B4
B2
N8
N7
0.00
3.36
6.72
10.09
13.45
16.81
20.17
23.53
26.90
30.26
33.62
0.00 9.96 19.91 29.86 39.82 49.78 59.73 69.69 79.64 89.59 99.55
B1 -> N24Sim of B1 -> N24
0.00
4.16
8.32
12.48
16.64
20.80
24.96
29.12
33.28
37.44
41.60
0.00 9.95 19.90 29.85 39.80 49.75 59.70 69.65 79.60 89.55 99.50
Sim of N14 -> B4N14 -> B4
0.61
8.55
16.50
24.44
32.39
40.33
48.27
56.22
64.16
72.11
80.05
0.00 9.96 19.91 29.86 39.82 49.78 59.73 69.69 79.64 89.59 99.55
N6 -> B2Sim of N6 -> B2
12/16/02 A.U.Shankar --- LTS 21
Drop-Tail Example 3&4: 100 nodes - topology
Lan1 - 1
Lan1 - 2
Lan1 - 5
Lan2 - 1 Lan2 - 2
Lan3 - 1
Lan3 - 2
Lan1 - 3
Lan1 - 4
Lan1 - 6
Lan2 - 3 Lan2 - 4
Lan2 - 5
Lan3 - 3
Lan3 - 4
Lan4 - 1
Lan4 - 2
Lan4 - 3
Lan2 - 6Lan2 - 7
Lan12-4
Lan3 - 6
Lan3 - 5
Lan11 - 6
Lan4 - 4 Lan4 - 5
Lan4 - 6
Lan12-7
Lan12-2
Lan3 - 7
Lan11 - 1
Lan11 - 5
Lan4 - 7
Lan5 - 1
Lan4 - 8
Lan5 - 2
Lan4 - 9
Lan5 - 3
Bone1Bone3
Bone8
Bone4
Bone11
Lan12-3
Lan12-8
Lan12-1
Lan12-6
Lan11 - 2
Lan11 - 3
Lan10 - 4
Lan11 - 4
Lan5 - 4
Lan6 - 1
Lan5 - 5
Lan6 - 2
Lan5 - 6
Lan7 - 1
Lan5 - 7
Bone5
Lan7 - 2
Lan7 - 3
Bone9
Lan7 - 10
Lan8 - 1
Bone10
Lan8 - 2
Lan12-5
Lan9 - 1
Lan10 - 1 Lan10 - 3
Lan10 - 2Lan10 - 5
Lan10 - 6
Lan6 - 3
Lan6 - 4 Lan7 - 4
Lan7 - 8
Lan7 - 11
Lan8 - 3
Lan9 - 2
Lan9 - 4
Lan9 - 5
Lan9 - 7
Lan9 - 11
Lan6 - 5
Lan6 - 6
Lan7 - 7
Lan7 - 9 Lan8 - 4 Lan8 - 5
Lan9 - 3
Lan9 - 6
Lan9 - 8
Lan9 - 10
Lan7 - 5
Lan7 - 6
12/16/02 A.U.Shankar --- LTS 22
Drop-Tail Example 3: 100 nodes, mid-loadEvaluation time: Z-iterationZ-iteration: 16 sec, nsns: 71 - 930 sec
0.66
6.37
12.08
17.79
23.50
29.21
34.91
40.62
46.33
52.04
57.75
0.00 9.96 19.92 29.89 39.85 49.81 59.77 69.73 79.70 89.66 99.62
Sim of Lan1 - 5 -> Lan1 - 2Lan1 - 5 -> Lan1 - 2
0.00
5.39
10.77
16.16
21.55
26.94
32.32
37.71
43.10
48.48
53.87
0.00 9.96 19.92 29.89 39.85 49.81 59.77 69.73 79.70 89.66 99.62
Sim of Lan3 - 7 -> Lan3 - 4Lan3 - 7 -> Lan3 - 4
0.62
11.23
21.84
32.46
43.07
53.68
64.29
74.90
85.52
96.13
106.74
0.00 9.96 19.92 29.89 39.85 49.81 59.77 69.73 79.70 89.66 99.62
Lan9 - 3 -> Lan9 - 2Sim of Lan9 - 3 -> Lan9 - 2
0.14
17.60
35.07
52.53
69.99
87.46
104.92
122.38
139.84
157.31
174.77
0.00 9.96 19.92 29.89 39.85 49.81 59.77 69.73 79.70 89.66 99.62
Sim of Bone5 -> Bone1Bone5 -> Bone1
12/16/02 A.U.Shankar --- LTS 23
Drop-Tail Example 4: 100 nodes, high-load
0.14
31.18
62.23
93.27
124.31
155.36
186.40
217.44
248.48
279.53
310.57
0.00 9.98 19.96 29.95 39.93 49.91 59.89 69.87 79.86 89.84 99.82
Lan12-5 -> Lan12-8Sim of Lan12-5 -> Lan12-8
0.18
19.68
39.19
58.69
78.19
97.70
117.20
136.70
156.20
175.71
195.21
0.00 9.98 19.96 29.95 39.93 49.91 59.89 69.87 79.86 89.84 99.82
Lan9 - 3 -> Lan9 - 2Sim of Lan9 - 3 -> Lan9 - 2
0.00
21.54
43.08
64.61
86.15
107.69
129.23
150.77
172.30
193.84
215.38
0.00 9.98 19.96 29.95 39.93 49.91 59.89 69.87 79.86 89.84 99.82
Sim of Bone5 -> Bone1Bone5 -> Bone1
0.00
21.54
43.09
64.63
86.18
107.72
129.26
150.81
172.35
193.90
215.44
0.00 9.98 19.96 29.95 39.93 49.91 59.89 69.87 79.86 89.84 99.82
Bone8 -> Bone11Sim of Bone8 -> Bone11
Evaluation time: Z-iterationZ-iteration: 29 sec, nsns: 146 - 2150 sec
12/16/02 A.U.Shankar --- LTS 24
Summary
Fast accurate time evolution of performance metrics of time-dependent queuing networks Straightforward modeling of adaptive control
mechanisms Short-term real-time prediction of network traffic
Profiles: natural way to model real-life sources
Extensions RED, CBQ, ... WLANs
12/16/02 A.U.Shankar --- LTS 25
Z-iteration for WLAN networks
Model 802.11 sources by profiles
Profile of a 802.11 source:Instantaneous throughput as function of Number of active stations Desired and achieved instantaneous rates of
active stations Signal strengths of active stations at AP
12/16/02 A.U.Shankar --- LTS 26
Profile: Experimental Setup
source 1 .... sniffer AP/sink
source N
Workload UDP sources to preclude any control effects. Sending rate keeps firmware queue full.
12/16/02 A.U.Shankar --- LTS 27
General Observations
Susceptible to severe capture-effect Starvation occurs routinely for more than 8
stations
Rate Switching Algorithm Station switches to lower transmission rate
if there is a packet loss
AP is not bottleneck in processing
12/16/02 A.U.Shankar --- LTS 28
Specific Results
Maximum Instantaneous Throughput for single station is 6.45 Mbps, out of a bit rate of 11 Mbps Due to DIFS + Backoff
Throughput falls rapidly with number of stations at high load Susceptible to capture-effect
12/16/02 A.U.Shankar --- LTS 29
N=2N=3
N=4
Background TrafficInst
anta
neou
s Thr
ough
put
Profile of 802.11b (preliminary)
12/16/02 A.U.Shankar --- LTS 30
Clustering in 802.11 profilesPe
r- st a
ti on
inst
. thr
ough
put (
pkt s
/sec
)
Overall inst. throughput (pkts/sec)
12/16/02 A.U.Shankar --- LTS 31
Outline
QoS
Z-iteration
Assertional Security AnalysisFramework for specification, verification, and testing of concurrent systems
12/16/02 A.U.Shankar --- LTS 32
Concurrent System: Cooks in a Kitchen
12/16/02 A.U.Shankar --- LTS 33
Example concurrent system executions
Single-process concurrent system execution
Two-process concurrent system execution
12/16/02 A.U.Shankar --- LTS 34
SESF (services and systems framework)
Systems and Services specified by programs service defines acceptable sequences of interactions service is executable, not constrained by platform
SESF program explicitly indicates events: atomically-executed statements externally-controlled events progress expected (of platform/service)
Service satisfaction composite program of system and service
Compositionality
12/16/02 A.U.Shankar --- LTS 35
Assertional Analysis and Testing
Analysis Properties expressed by assertions
invariants, leads-to, Assertions proved by proof rules or operational
reasoning Routing, transport, concurrency control
Testing single process: threads and function calls multi-process: distributed processes and RMI Transport layer
12/16/02 A.U.Shankar --- LTS 36
Assertions of Security
confined(key, vset) predicate: true iff value key is confined to
variable set vset vset models principals, systems, ... handles authentication, confidentiality, ...
Proof rules Hoare-triple: {predicate} statement {predicate} {confined(k, v)} x := k {confined(k, v U {x})} {confined(k, v)} one-way-func(k) {confined(k,
v)}
12/16/02 A.U.Shankar --- LTS 37
Future Work
QoS Control mech compensating for signal-
strength
Z-iteration (performance evaluation) 802.11b profiles Evaluation of QoS mechanisms
Assertional Security Analysis Assertions and proof system for security 802.11 authentication, key distribution, ...