BibTeX for papers by David Kotz; for complete/updated list see https://www.cs.dartmouth.edu/~kotz/research/papers.html @InProceedings{zegeye:icnet25, author = {Wondimu K. Zegeye and Ravindra Mangar and Jingyu Qian and Vinton Morris and Mounib Khanafer and Kevin Kornegay and Timothy J. Pierson and David Kotz}, title = {{Comparing smart-home devices that use the Matter protocol}}, booktitle = {{Proceedings of the International Workshop on Intelligent Communication Network Technologies (ICNET'25)}}, year = 2025, month = {January}, publisher = {IEEE}, copyright = {IEEE}, URL = {https://www.cs.dartmouth.edu/~kotz/research/zegeye-icnet25/index.html}, note = {Accepted for publication}, abstract = {This paper analyzes Google Home, Apple HomeKit, Samsung SmartThings, and Amazon Alexa platforms, focusing on their integration with the Matter protocol. Matter is a connectivity standard developed by the Connectivity Standards Alliance (CSA) for the smart-home industry. By examining key features and qualitative metrics, this study aims to provide valuable insights for consumers and industry professionals in making informed decisions about smart-home devices. We conducted (from May to August 2024) a comparative analysis to explore how Google Home Nest, Apple Homepod Mini, Samsung SmartThings station, and Amazon Echo Dot platforms leverage the power of Matter to provide seamless and integrated smart-home experiences.}, } @Article{camacho:networkmetrics-j, author = {Jos{\'{e}} Camacho and Katarzyna Wasielewska and Rasmus Bro and David Kotz}, title = {{Interpretable Learning in Multivariate Big Data Analysis for Network Monitoring}}, journal = {IEEE Transactions on Network and Service Management}, year = 2024, month = {June}, volume = 21, number = 3, pages = {2926--2943}, publisher = {IEEE}, copyright = {IEEE (open access)}, DOI = {10.1109/TNSM.2024.3368501}, URL = {https://www.cs.dartmouth.edu/~kotz/research/camacho-networkmetrics-j/index.html}, abstract = {There is an increasing interest in the development of new data-driven models useful to assess the performance of communication networks. For many applications, like network monitoring and troubleshooting, a data model is of little use if it cannot be interpreted by a human operator. In this paper, we present an extension of the Multivariate Big Data Analysis (MBDA) methodology, a recently proposed interpretable data analysis tool. In this extension, we propose a solution to the automatic derivation of features, a cornerstone step for the application of MBDA when the amount of data is massive. The resulting network monitoring approach allows us to detect and diagnose disparate network anomalies, with a data-analysis workflow that combines the advantages of interpretable and interactive models with the power of parallel processing. We apply the extended MBDA to two case studies: UGR'16, a benchmark flow-based real-traffic dataset for anomaly detection, and Dartmouth'18, the longest and largest Wi-Fi trace known to date.}, } @InProceedings{khanafer:discovery, author = {Mounib Khanafer and Logan Kostick and Chixiang Wang and Wondimu Zegeye and Weijia He and Berkay Kaplan and Nurzaman Ahmed and Kevin Kornegay and David Kotz and Timothy Pierson}, title = {{Device Discovery in the Smart Home Environment}}, booktitle = {{Proceedings of the IEEE/ACM Workshop on the Internet of Safe Things (SafeThings)}}, year = 2024, month = {May}, pages = {298--304}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/SPW63631.2024.10705647}, URL = {https://www.cs.dartmouth.edu/~kotz/research/khanafer-discovery/index.html}, abstract = {With the availability of Internet of Things (IoT) devices offering varied services, smart home environments have seen widespread adoption in the last two decades. Protecting privacy in these environments becomes an important problem because IoT devices may collect information about the home's occupants without their knowledge or consent. Furthermore, a large number of devices in the home, each collecting small amounts of data, may, in aggregate, reveal non-obvious attributes about the home occupants. A first step towards addressing privacy is discovering what devices are present in the home. In this paper, we formally define device discovery in smart homes and identify the features that constitute discovery in that environment. Then, we propose an evaluative rubric that rates smart home technology initiatives on their device discovery capabilities and use it to evaluate four commonly deployed technologies. We find none cover all device discovery aspects. We conclude by proposing a combined technology solution that provides comprehensive device discovery tailored to smart homes.}, } @Article{mangar:framework, author = {Ravindra Mangar and Timothy J. Pierson and David Kotz}, title = {{A framework for evaluating the security and privacy of smart-home devices, and its application to common platforms}}, journal = {IEEE Pervasive Computing}, year = 2024, month = {July}, volume = 23, number = 3, pages = {7--19}, publisher = {IEEE}, copyright = {the authors}, DOI = {10.1109/MPRV.2024.3421668}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mangar-framework/index.html}, abstract = {In this article, we outline the challenges associated with the widespread adoption of smart devices in homes. These challenges are primarily driven by scale and device heterogeneity: a home may soon include dozens or hundreds of devices, across many device types, and may include multiple residents and other stakeholders. We develop a framework for reasoning about these challenges based on the deployment, operation, and decommissioning life cycle stages of smart devices within a smart home. We evaluate the challenges in each stage using the well-known CIA triad---Confidentiality, Integrity, and Availability. In addition, we highlight open research questions at each stage. Further, we evaluate solutions from Apple and Google using our framework and find notable shortcomings in these products. Finally, we sketch some preliminary thoughts on a solution for the smart home of the near future.}, } @Article{wang:insideout, author = {Chixiang Wang and Weijia He and Timothy Pierson and David Kotz}, title = {{Moat: Adaptive Inside/Outside Detection System for Smart Homes}}, journal = {Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT)}, year = 2024, month = {September}, volume = 8, number = 4, articleno = 157, numpages = 31, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3699751}, URL = {https://www.cs.dartmouth.edu/~kotz/research/wang-insideout/index.html}, abstract = {Smart-home technology is now pervasive, demanding increased attention to the security of the devices and the privacy of the home's residents. To assist residents in making security and privacy decisions - e.g., whether to allow a new device to connect to the network, or whether to be alarmed when an unknown device is discovered - it helps to know whether the device is inside the home, or outside. \par In this paper we present MOAT, a system that leverages Wi-Fi sniffers to analyze the physical properties of a device's wireless transmissions to infer whether that device is located inside or outside of a home. MOAT can adaptively self-update to accommodate changes in the home indoor environment to ensure robust long-term performance. Notably, MOAT does not require prior knowledge of the home's layout or cooperation from target devices, and is easy to install and configure. \par We evaluated MOAT in four different homes with 21 diverse commercial smart devices and achieved an overall balanced accuracy rate of up to 95.6\%. Our novel periodic adaptation technique allowed our approach to maintain high accuracy even after rearranging furniture in the home. MOAT is a practical and efficient first step for monitoring and managing devices in a smart home. }, } @Misc{pierson:snap-patent, author = {Timothy J. Pierson and Ronald Peterson and David F. Kotz}, title = {{System and method for proximity detection with single-antenna device}}, howpublished = {U.S. Patent 11,871,233; International Patent Application WO2019210201A1}, year = 2024, month = {January}, day = 9, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-snap-patent/index.html}, note = {Priority date 2018-04-27; Filed 2019-04-26; Published 2021-07-29, Issued 2024-01-09}, abstract = {A single-antenna device includes a single antenna, at least one processor, and at least one memory. The single-antenna device is operable to receive a signal including at least one frame. Each of said frame includes a repeating portion. The single-antenna device determines a difference of phase and amplitude of the repeating portion and further determines whether the signal is transmitted from a trusted source based at least in part on the difference of phase and amplitude of the repeating portion.}, } @Misc{pierson:closetalker-patent2, author = {Timothy J. Pierson and Ronald Peterson and David Kotz}, title = {{Apparatuses, Methods, and Software For Secure Short-Range Wireless Communication}}, howpublished = {U.S. Patent 11,894,920}, year = 2024, month = {February}, day = 6, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-closetalker-patent2/index.html}, note = {Priority date 2017-09-06; WO Filed 2018-09-06, US Filed 2020-02-26, Continuation of 11,153,026; Issued 2024-02-06}, abstract = {Apparatuses that provide for secure wireless communications between wireless devices under cover of one or more jamming signals. Each such apparatus includes at least one data antenna and at least one jamming antenna. During secure-communications operations, the apparatus transmits a data signal containing desired data via the at least one data antenna while also at least partially simultaneously transmitting a jamming signal via the at least one jamming antenna. When a target antenna of a target device is in close proximity to the data antenna and is closer to the data antenna than to the jamming antenna, the target device can successfully receive the desired data contained in the data signal because the data signal is sufficiently stronger than the jamming signal within a finite secure-communications envelope due to the Inverse Square Law of signal propagation. Various related methods and machine-executable instructions are also disclosed.}, } @TechReport{camacho:networkmetrics-tr2, author = {Jos{\'{e}} Camacho and Rasmus Bro and David Kotz}, title = {{Interpretable Learning in Multivariate Big Data Analysis for Network Monitoring}}, institution = {arXiv}, year = 2023, month = {April}, number = {1907.02677}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/camacho-networkmetrics-tr2/index.html}, abstract = {There is an increasing interest in the development of new data-driven models useful to assess the performance of communication networks. For many applications, like network monitoring and troubleshooting, a data model is of little use if it cannot be interpreted by a human operator. In this paper, we present an extension of the Multivariate Big Data Analysis (MBDA) methodology, a recently proposed interpretable data analysis tool. In this extension, we propose a solution to the automatic derivation of features, a cornerstone step for the application of MBDA when the amount of data is massive. The resulting network monitoring approach allows us to detect and diagnose disparate network anomalies, with a data-analysis workflow that combines the advantages of interpretable and interactive models with the power of parallel processing. We apply the extended MBDA to two case studies: UGR'16, a benchmark flow-based real-traffic dataset for anomaly detection, and Dartmouth'18, the longest and largest Wi-Fi trace known to date.}, } @InProceedings{perez:identification, author = {Beatrice Perez and Timothy J. Pierson and Gregory Mazzaro and David Kotz}, title = {{Identification and Classification of Electronic Devices Using Harmonic Radar}}, booktitle = {{Proceedings of the Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT)}}, year = 2023, month = {June}, pages = {248--255}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/DCOSS-IoT58021.2023.00050}, URL = {https://www.cs.dartmouth.edu/~kotz/research/perez-identification/index.html}, abstract = { Smart home electronic devices invisibly collect, process, and exchange information with each other and with remote services, often without a home occupants' knowledge or consent. These devices may be mobile or fixed and may have wireless or wired network connections. Detecting and identifying all devices present in a home is a necessary first step to control the flow of data, but there exists no universal mechanism to detect and identify all electronic devices in a space. In this paper we present ICED (Identification and Classification of Electronic Devices), a system that can (i) identify devices from a known set of devices, and (ii) detect the presence of previously unseen devices. ICED, based on harmonic radar technology, collects measurements at the first harmonic of the radar's transmit frequency. We find that the harmonic response contains enough information to infer the type of device. It works when the device has no wireless network interface, is powered off, or attempts to evade detection. We evaluate performance on a collection of 17 devices and find that by transmitting a range of frequencies we correctly identify known devices with 97.6\% accuracy and identify previously unseen devices as `unknown' with 69.0\% balanced accuracy.}, } @InProceedings{perez:range, author = {Beatrice Perez and Cesar Arguello and Timothy J. Pierson and Gregory Mazzaro and David Kotz}, title = {{Evaluating the practical range of harmonic radar to detect smart electronics}}, booktitle = {{Proceedings of the IEEE Military Communications Conference (MILCOM)}}, year = 2023, month = {October}, pages = {528--535}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MILCOM58377.2023.10356371}, URL = {https://www.cs.dartmouth.edu/~kotz/research/perez-range/index.html}, abstract = {Prior research has found that harmonic radar systems are able to detect the presence of electronic devices, even if the devices are powered off. These systems could be a powerful tool to help mitigate privacy invasions. For example, in a rental property devices such as cameras or microphones may be surreptitiously placed by a landlord to monitor renters without their knowledge or consent. A mobile harmonic radar system may be able to quickly scan the property and locate all electronic devices. The effective range of these systems for detecting consumer-grade electronics, however, has not been quantified. We address that shortcoming in this paper and evaluate a prototype harmonic radar system. We find the system, a variation of what has been proposed in the literature, is able to reliably detect some devices at a range of about two meters. We discuss the effect of hardware on the range of detection and propose an algorithm for automated detection.}, } @Misc{pierson:wanda-patent2, author = {Timothy J. Pierson and Xiaohui Liang and Ronald Peterson and David Kotz}, title = {{Apparatus for securely configuring a target device}}, howpublished = {U.S. Patent 11,683,071}, year = 2023, month = {June}, day = 20, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-wanda-patent2/index.html}, note = {Continuation of U.S. Patent 10,574,298. Priority date 2015-06-23; Filed 2020-01-20; Allowed 2023-02-10; Issued 2023-06-20}, abstract = {Apparatus and method securely transfer first data from a source device to a target device. A wireless signal having (a) a higher speed channel conveying second data and (b) a lower speed channel conveying the first data is transmitted. The lower speed channel is formed by selectively transmitting the wireless signal from one of a first and second antennae of the source device based upon the first data. The first and second antenna are positioned a fixed distance apart and the target device uses a received signal strength indication (RSSI) of the first signal to decode the lower speed channel and receive the first data.}, } @Article{perez:presence, author = {Beatrice Perez and Gregory Mazzaro and Timothy J. Pierson and David Kotz}, title = {{Detecting the Presence of Electronic Devices in Smart Homes Using Harmonic Radar}}, journal = {Remote Sensing}, year = 2022, month = {January}, volume = 14, number = 2, articleno = 327, numpages = 18, publisher = {MDPI}, copyright = {open-access (Creative Commons Attribution)}, DOI = {10.3390/rs14020327}, URL = {https://www.cs.dartmouth.edu/~kotz/research/perez-presence/index.html}, note = {Special issue on Nonlinear Junction Detection and Harmonic Radar}, abstract = {Data about users is collected constantly by phones, cameras, Internet websites, and others. The advent of so-called `Smart Things' now enable ever-more sensitive data to be collected inside that most private of spaces: the home. The first step in helping users regain control of their information (inside their home) is to alert them to the presence of potentially unwanted electronics. In this paper, we present a system that could help homeowners (or home dwellers) find electronic devices in their living space. Specifically, we demonstrate the use of harmonic radars (sometimes called nonlinear junction detectors), which have also been used in applications ranging from explosives detection to insect tracking. We adapt this radar technology to detect consumer electronics in a home setting and show that we can indeed accurately detect the presence of even `simple' electronic devices like a smart lightbulb. We evaluate the performance of our radar in both wired and over-the-air transmission scenarios.}, } @MastersThesis{malik:thesis, author = {Namya Malik}, title = {{SPLICEcube Architecture: An Extensible Wi-Fi Monitoring Architecture for Smart-Home Networks}}, school = {Dartmouth Computer Science}, year = 2022, month = {May}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/malik-thesis/index.html}, abstract = { The vision of smart homes is rapidly becoming a reality, as the Internet of Things and other smart devices are deployed widely. Although smart devices offer convenience, they also create a significant management problem for home residents. With a large number and variety of devices in the home, residents may find it difficult to monitor, or even locate, devices. A central controller that brings all the home's smart devices under secure management and a unified interface would help homeowners and residents track and manage their devices.\par We envision a solution called the SPLICEcube whose goal is to detect smart devices, locate them in three dimensions within the home, securely monitor their network traffic, and keep an inventory of devices and important device information throughout the device's lifecycle. The SPLICEcube system consists of the following components: 1) a main \emph{cube}, which is a centralized hub that incorporates and expands on the functionality of the home router, 2) a \emph{database} that holds network data, and 3) a set of support \emph{cubelets} that can be used to extend the range of the network and assist in gathering network data.\par To deliver this vision of identifying, securing, and managing smart devices, we introduce an architecture that facilitates intelligent research applications (such as network anomaly detection, intrusion detection, device localization, and device firmware updates) to be integrated into the SPLICEcube. In this thesis, we design a general-purpose Wi-Fi architecture that underpins the SPLICEcube. The architecture specifically showcases the functionality of the cubelets (Wi-Fi frame detection, Wi-Fi frame parsing, and transmission to cube), the functionality of the cube (routing, reception from cubelets, information storage, data disposal, and research application integration), and the functionality of the database (network data storage). We build and evaluate a prototype implementation to demonstrate our approach is \emph{scalable} to accommodate new devices and \emph{extensible} to support different applications. Specifically, we demonstrate a successful proof-of-concept use of the SPLICEcube architecture by integrating a security research application: an "Inside-Outside detection" system that classifies an observed Wi-Fi device as being inside or outside the home.}, } @InProceedings{mazzaro:preliminary, author = {Gregory Mazzaro and Kyle Gallagher and Kelly Sherbondy and Alex Bouvy and Beatrice Perez and Timothy Pierson and David Kotz}, title = {{Harmonic response vs. target orientation: a preliminary study of the effect of polarization on nonlinear junction detection}}, booktitle = {{Proceedings of the SPIE Radar Sensor Technology XXVI}}, year = 2022, month = {May}, day = 27, volume = 12108, articleno = 1210803, numpages = 21, publisher = {Society of Photo-Optical Instrumentation Engineers}, copyright = {SPIE}, DOI = {10.1117/12.2617881}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mazzaro-preliminary/index.html}, abstract = {When an electromagnetically-nonlinear radar target is illuminated by a high-power stepped-frequency probe, a sequence of harmonics is unintentionally emitted by that target. Detection of the target is accomplished by receiving stimulated emissions somewhere in the sequence, while ranging is accomplished by processing amplitude and phase recorded at multiple harmonics across the sequence. The strength of the harmonics reflected from an electronic target depends greatly upon the orientation of that target (or equivalently, the orientation of the radar antennas). Data collected on handheld wireless devices reveals the harmonic angular-dependence of commercially-available electronics. Data collected on nonlinearly-terminated printed circuit boards implies the origin of this dependency. The results of this work suggest that electronic targets may be classified and ultimately identified by their unique harmonic-response-vs.-angle patterns.}, } @InProceedings{martinez:poster, author = {Eduardo Antonio Ma{\~{n}}as-Mart{\'{\i}}nez and Elena Cabrera and Katarzyna Wasielewska and David Kotz and Jos{\'{e}} Camacho}, title = {{Mining social interactions in connection traces of a campus Wi-Fi network}}, booktitle = {{Proceedings of the SIGCOMM Poster and Demo Sessions}}, year = 2021, month = {August}, numpages = 3, pages = {6--8}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3472716.3472844}, URL = {https://www.cs.dartmouth.edu/~kotz/research/martinez-poster/index.html}, abstract = {Wi-Fi technologies have become one of the most popular means for Internet access. As a result, the use of mobile devices has become ubiquitous and instrumental for society. A device can be identified through its MAC address within an autonomous system. Although some devices attempt to anonymize MAC addresses via randomization, these techniques are not used once the device is associated to the network. As a result, device identification poses a privacy problem in large-scale (e.g., campus-wide) Wi-Fi deployments: if the mobile device can be located, the user who carries that device can also be located. In turn, location information leads to the possibility to extract private knowledge from Wi-Fi users, like social interactions, movement habits, and so forth. \par In this poster we report preliminary work in which we infer social interactions of individuals from Wi-Fi connection traces in the campus network at Dartmouth College. We make the following contributions: (i) we propose several definitions of a pseudocorrelation matrix from Wi-Fi connection traces, which measure similarity between devices or users according to their temporal association profile to the Access Points (APs); (ii) we evaluate the accuracy of these pseudo-correlation variants in a simulation environment; and (iii) we contrast results with those found on a real trace.}, } @Misc{gralla:inside-outside, author = {Paul Gralla}, title = {{An inside vs. outside classification system for Wi-Fi IoT devices}}, school = {Dartmouth Computer Science}, year = 2021, month = {June}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gralla-inside-outside/index.html}, note = {Undergraduate Thesis}, abstract = {We are entering an era in which Smart Devices are increasingly integrated into our daily lives. Everyday objects are gaining computational power to interact with their environments and communicate with each other and the world via the Internet. While the integration of such devices offers many potential benefits to their users, it also gives rise to a unique set of challenges. One of those challenges is to detect whether a device belongs to one's own ecosystem, or to a neighbor -- or represents an unexpected adversary. An important part of determining whether a device is friend or adversary is to detect whether a device's location is within the physical boundaries of one's space (e.g. office, classroom, home). In this thesis we propose a system that is able to decide with 82\% accuracy whether the location of an IoT device is inside or outside of a defined space based on a small number of transmitted Wi- Fi frames. The classification is achieved by leveraging a machine-learning classifier trained and tested on RSSI data of Wi-Fi transmissions recorded by three or more observers. In an initialization phase the classifier is trained by the user on Wi-Fi transmissions of a variety of locations, inside (and outside). The system can be built with off-the-shelf Wi-Fi observing devices that do not require any special hardware modifications. With the exception of the training period, the system can accurately classify the indoor/outdoor state of target devices without any cooperation from the user or from the target devices.}, } @Misc{pierson:closetalker-patent, author = {Timothy J. Pierson and Ronald Peterson and David Kotz}, title = {{Apparatuses, Methods, and Software For Secure Short-Range Wireless Communication}}, howpublished = {U.S. Patent 11,153,026}, year = 2021, month = {October}, day = 19, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-closetalker-patent/index.html}, note = {Priority date 2017-09-06; WO Filed 2018-09-06, US Filed 2020-02-26, US amendment filed 2021-01-29; Issued 2021-10-19}, abstract = {Apparatuses that provide for secure wireless communications between wireless devices under cover of one or more jamming signals. Each such apparatus includes at least one data antenna and at least one jamming antenna. During secure-communications operations, the apparatus transmits a data signal containing desired data via the at least one data antenna while also at least partially simultaneously transmitting a jamming signal via the at least one jamming antenna. When a target antenna of a target device is in close proximity to the data antenna and is closer to the data antenna than to the jamming antenna, the target device can successfully receive the desired data contained in the data signal because the data signal is sufficiently stronger than the jamming signal within a finite secure-communications envelope due to the Inverse Square Law of signal propagation. Various related methods and machine-executable instructions are also disclosed.}, } @InProceedings{camacho:networkmetrics, author = {Jos{\'{e}} Camacho and Rasmus Bro and David Kotz}, title = {{Automatic Learning coupled with Interpretability: MBDA in Action}}, booktitle = {{Proceedings of the Network Traffic Measurement and Analysis Conference (TMA)}}, year = 2020, month = {June}, publisher = {IFIP}, copyright = {European Union}, ISBN13 = {978-3-903176-27-0}, URL = {https://www.cs.dartmouth.edu/~kotz/research/camacho-networkmetrics/index.html}, abstract = {In this paper, we illustrate the application of Multivariate Big Data Analysis (MBDA), a recently proposed interpretable machine-learning method with application to Big Data sets. We apply MBDA for the first time for the detection and troubleshooting of network problems in a campus-wide Wi-Fi network. Data includes a seven-year trace (from 2012 to 2018) of the network's most recent activity, with approximately 3,000 distinct access points, 40,000 authenticated users, and 600,000 distinct Wi-Fi stations. This is the longest and largest Wi-Fi trace known to date. Furthermore, we propose a new feature-learning procedure that solves an inherent limitation in MBDA: the manual definition of the features. The extended MBDA results in a methodology that allows network analysts to identify problems and diagnose them, which are principal tasks to troubleshoot the network and optimize its performance. In the paper, we go through the entire workflow of the approach, illustrating its application in detail and discussing processing times.}, } @Misc{pierson:wanda-patent, author = {Timothy J. Pierson and Xiaohui Liang and Ronald Peterson and David Kotz}, title = {{Apparatus for Securely Configuring A Target Device and Associated Methods}}, howpublished = {U.S. Patent 10,574,298}, year = 2020, month = {February}, day = 25, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-wanda-patent/index.html}, note = {Priority date 2015-06-23; Filed 2016-06-23; Issued 2020-02-25}, abstract = {Apparatus and method securely transfer first data from a source device to a target device. A wireless signal having (a) a higher speed channel conveying second data and (b) a lower speed channel conveying the first data is transmitted. The lower speed channel is formed by selectively transmitting the wireless signal from one of a first and second antennae of the source device based upon the first data. The first and second antenna are positioned a fixed distance apart and the target device uses a received signal strength indication (RSSI) of the first signal to decode the lower speed channel and receive the first data.}, } @Article{camacho:longitudinal, author = {Jos{\'{e}} Camacho and Chris McDonald and Ron Peterson and Xia Zhou and David Kotz}, title = {{Longitudinal analysis of a campus Wi-Fi network}}, journal = {Computer Networks}, year = 2020, month = {April}, day = 7, volume = 107, articleno = 107103, numpages = 15, publisher = {Elsevier}, copyright = {Elsevier}, ISSN = {1389-1286}, DOI = {10.1016/j.comnet.2020.107103}, URL = {https://www.cs.dartmouth.edu/~kotz/research/camacho-longitudinal/index.html}, abstract = {In this paper we describe and characterize the largest Wi-Fi network trace ever published: spanning seven years, approximately 3000 distinct access points, 40,000 authenticated users, and 600,000 distinct Wi-Fi stations. The 7TB of raw data are pre-processed into connection sessions, which are made available for the research community. We describe the methods used to capture and process the traces, and characterize the most prominent trends and changes during the seven-year span of the trace. Furthermore, this Wi-Fi network covers the campus of Dartmouth College, the same campus detailed a decade earlier in seminal papers about that network and its users' network behavior. We thus are able to comment on changes in patterns of usage, connection, and mobility in Wi-Fi deployments.}, } @TechReport{camacho:networkmetrics-tr, author = {Jos{\'{e}} Camacho and Rasmus Bro and David Kotz}, title = {{Networkmetrics unraveled: MBDA in Action}}, institution = {arXiv}, year = 2019, month = {July}, number = {1907.02677}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/camacho-networkmetrics-tr/index.html}, abstract = {Networkmetrics is a new term that refers to the data-driven approach for monitoring, troubleshooting and understanding communication networks using multivariate analysis. Networkmetric models are powerful machine learning tools to interpret and interact with data collected from a network. In this paper, we illustrate the application of Multivariate Big Data Analysis (MBDA), a recently proposed networkmetric method with application to Big Data sets. We use MBDA for the detection and troubleshooting of network problems in a campus-wide Wi-Fi network. Data includes a seven-year trace (from 2012 to 2018) of the network's most recent activity, with approximately 3,000 distinct access points, 40,000 authenticated users, and 600,000 distinct Wi-Fi stations. This is the longest and largest Wi-Fi trace known to date. To analyze this data, we propose learning and visualization procedures that extend MBDA. This results in a methodology that allows network analysts to identify problems and diagnose and troubleshoot them, optimizing the network performance. In the paper, we go through the entire workflow of the approach, illustrating its application in detail and discussing processing times in parallel hardware.}, } @InProceedings{pierson:closetalker, author = {Timothy J. Pierson and Travis Peters and Ronald Peterson and David Kotz}, title = {{CloseTalker: secure, short-range ad hoc wireless communication}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2019, month = {June}, pages = {340--352}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3307334.3326100}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-closetalker/index.html}, abstract = {Secure communication is difficult to arrange between devices that have not previously shared a secret. Previous solutions to the problem are susceptible to man-in-the-middle attacks, require additional hardware for out-of-band communication, or require an extensive public-key infrastructure. Furthermore, as the number of wireless devices explodes with the advent of the Internet of Things, it will be impractical to manually configure each device to communicate with its neighbors. \par Our system, CloseTalker, allows simple, secure, ad hoc communication between devices in close physical proximity, while jamming the signal so it is unintelligible to any receivers more than a few centimeters away. CloseTalker does not require any specialized hardware or sensors in the devices, does not require complex algorithms or cryptography libraries, occurs only when intended by the user, and can transmit a short burst of data or an address and key that can be used to establish long-term or long-range communications at full bandwidth. \par In this paper we present a theoretical and practical evaluation of CloseTalker, which exploits Wi-Fi MIMO antennas and the fundamental physics of radio to establish secure communication between devices that have never previously met. We demonstrate that CloseTalker is able to facilitate secure in-band communication between devices in close physical proximity (about 5 cm), even though they have never met nor shared a key.}, } @InProceedings{pierson:snap, author = {Timothy J. Pierson and Travis Peters and Ronald Peterson and David Kotz}, title = {{Proximity Detection with Single-Antenna IoT Devices}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom)}}, year = 2019, month = {October}, articleno = 21, numpages = 15, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3300061.3300120}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-snap/index.html}, abstract = {Providing secure communications between wireless devices that encounter each other on an ad-hoc basis is a challenge that has not yet been fully addressed. In these cases, close physical proximity among devices that have never shared a secret key is sometimes used as a basis of trust; devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user's device is communicating with a distant adversary. Researchers have previously proposed methods for multi-antenna devices to ascertain physical proximity with other devices, but devices with a single antenna, such as those commonly used in the Internet of Things, cannot take advantage of these techniques. \par We present theoretical and practical evaluation of a method called SNAP -- SiNgle Antenna Proximity -- that allows a single-antenna Wi-Fi device to quickly determine proximity with another Wi-Fi device. Our proximity detection technique leverages the repeating nature Wi-Fi's preamble and the behavior of a signal in a transmitting antenna's near-field region to detect proximity with high probability; SNAP never falsely declares proximity at ranges longer than 14 cm.}, } @InProceedings{pierson:snap-poster, author = {Timothy J. Pierson and Travis Peters and Ronald Peterson and David Kotz}, title = {{Poster: Proximity Detection with Single-Antenna IoT Devices}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom)}}, year = 2018, month = {October}, pages = {663--665}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3241539.3267751}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-snap-poster/index.html}, abstract = {Close physical proximity among wireless devices that have never shared a secret key is sometimes used as a basis of trust. In these cases, devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user's device is communicating with a distant adversary. Researchers have previously proposed methods for multi-antenna devices to ascertain physical proximity with other devices, but devices with a single antenna, such as those commonly used in the Internet of Things, cannot take advantage of these techniques. We investigate a method for a single-antenna Wi-Fi device to quickly determine proximity with another Wi-Fi device. Our approach leverages the repeating nature Wi-Fi's preamble and the characteristics of a transmitting antenna's near field to detect proximity with high probability. Our method never falsely declares proximity at ranges longer than 14 cm.}, } @PhdThesis{pierson:thesis, author = {Timothy J. Pierson}, title = {{Secure Short-range Communications}}, school = {Dartmouth Computer Science}, year = 2018, month = {June}, copyright = {Timothy J. Peterson}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2018-845}, abstract = {Analysts predict billions of everyday objects will soon become ``smart'' after designers add wireless communication capabilities. Collectively known as the Internet of Things (IoT), these newly communication-enabled devices are envisioned to collect and share data among themselves, with new devices entering and exiting a particular environment frequently. People and the devices they wear or carry may soon encounter dozens, possibly hundreds, of devices each day. Many of these devices will be encountered for the first time. Additionally, some of the information the devices share may have privacy or security implications. Furthermore, many of these devices will have limited or non-existent user interfaces, making manual configuration cumbersome. This situation suggests that devices that have never met, nor shared a secret, but that are in the same physical area, must have a way to securely communicate that requires minimal manual intervention. In this dissertation we present novel approaches to solve these short-range communication issues. Our techniques are simple to use, secure, and consistent with user intent. We first present a technique called Wanda that uses radio strength as a communication channel to securely impart information onto nearby devices. We focus on using Wanda to introduce new devices into an environment, but Wanda could be used to impart any type of information onto wireless devices, regardless of device type or manufacturer. Next we describe SNAP, a method for a single-antenna wireless device to determine when it is in close physical proximity to another wireless device. Because radio waves are invisible, a user may believe transmissions are coming from a nearby device when in fact the transmissions are coming from a distant adversary attempting to trick the user into accepting a malicious payload. Our approach significantly raises the bar for an adversary attempting such a trick. Finally, we present a solution called JamFi that exploits MIMO antennas and the Inverse-Square Law to securely transfer data between nearby devices while denying more distant adversaries the ability to recover the data. We find JamFi is able to facilitate reliable and secure communication between two devices in close physical proximity, even though they have never met nor shared a key.}, } @InProceedings{pierson:s3, author = {Timothy J. Pierson and Ronald Peterson and David Kotz}, title = {{Secure Information Transfer Between Nearby Wireless Devices}}, booktitle = {{Proceedings of the Mobicom S3 workshop}}, year = 2017, month = {October}, pages = {11--13}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/3131348.3131355}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-s3/index.html}, abstract = {Securely transferring data between two devices that have never previously met nor shared a secret is a difficult task. Previous solutions to the problem are susceptible to well-known attacks or may require extensive infrastructure that may not be suitable for wireless devices such as Internet of Things sensors that do not have advanced computational capabilities. \par We propose a new approach: using jamming to thwart adversaries located more than a few centimeters away, while still allowing devices in close physical proximity to securely share data. To accomplish this secure data transfer we exploit MIMO antennas and the Inverse-Square Law.}, } @InProceedings{pierson:wanda-demo, author = {Timothy J. Pierson and Xiaohui Liang and Ronald Peterson and David Kotz}, title = {{Demo: Wanda, securely introducing mobile devices}}, booktitle = {{Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2016, month = {June}, pages = 113, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/2938559.2938581}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-wanda-demo/index.html}, abstract = {Nearly every setting is increasingly populated with wireless and mobile devices -- whether appliances in a home, medical devices in a health clinic, sensors in an industrial setting, or devices in an office or school. There are three fundamental operations when bringing a new device into any of these settings: (1) to configure the device to join the wireless local-area network, (2) to partner the device with other nearby devices so they can work together, and (3) to configure the device so it connects to the relevant individual or organizational account in the cloud. The challenge is to accomplish all three goals simply, securely, and consistent with user intent. We developed Wanda -- a `magic wand' that accomplishes all three of the above goals -- and will demonstrate a prototype implementation.}, } @TechReport{pierson:wanda-tr, author = {Timothy J. Pierson and Xiaohui Liang and Ronald Peterson and David Kotz}, title = {{Wanda: securely introducing mobile devices -- Extended version}}, institution = {Dartmouth Computer Science}, year = 2016, month = {February}, number = {TR2016-789}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-wanda-tr/index.html}, note = {Expanded version of the INFOCOM 2016 paper by the same title.}, abstract = {Nearly every setting is increasingly populated with wireless and mobile devices -- whether appliances in a home, medical devices in a health clinic, sensors in an industrial setting, or devices in an office or school. There are three fundamental operations when bringing a new device into any of these settings: (1) to configure the device to join the wireless local-area network, (2) to partner the device with other nearby devices so they can work together, and (3) to configure the device so it connects to the relevant individual or organizational account in the cloud. The challenge is to accomplish all three goals simply, securely, and consistent with user intent. We present a novel approach we call Wanda -- a `magic wand' that accomplishes all three of the above goals -- and evaluate a prototype implementation. This Tech Report contains supplemental information to our INFOCOM 2016 paper titled, ``Wanda: securely introducing mobile devices.'' Much of the additional information is in Section II, III, and VI.}, } @InProceedings{pierson:wanda, author = {Timothy J. Pierson and Xiaohui Liang and Ronald Peterson and David Kotz}, title = {{Wanda: securely introducing mobile devices}}, booktitle = {{Proceedings of the IEEE International Conference on Computer Communications (INFOCOM)}}, year = 2016, month = {April}, pages = {1--9}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/INFOCOM.2016.7524366}, URL = {https://www.cs.dartmouth.edu/~kotz/research/pierson-wanda/index.html}, abstract = {Nearly every setting is increasingly populated with wireless and mobile devices -- whether appliances in a home, medical devices in a health clinic, sensors in an industrial setting, or devices in an office or school. There are three fundamental operations when bringing a new device into any of these settings: (1) to configure the device to join the wireless local-area network, (2) to partner the device with other nearby devices so they can work together, and (3) to configure the device so it connects to the relevant individual or organizational account in the cloud. The challenge is to accomplish all three goals \emph{simply}, securely, and consistent with user intent. We present a novel approach we call Wanda -- a `magic wand' that accomplishes all three of the above goals -- and evaluate a prototype implementation.}, } @Article{henderson:citation-practices, author = {Tristan Henderson and David Kotz}, title = {{Data citation practices in the CRAWDAD wireless network data archive}}, journal = {D-Lib Magazine}, year = 2015, month = {January}, volume = 21, number = {1/2}, numpages = 12, publisher = {Corporation for National Research Initiatives (CNRI)}, copyright = {the authors}, DOI = {10.1045/january2015-henderson}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-citation-practices/index.html}, abstract = {CRAWDAD (Community Resource for Archiving Wireless Data At Dartmouth) is a popular research data archive for wireless network data, archiving over 100 datasets used by over 6,500 users. In this paper we examine citation behaviour amongst 1,281 papers that use CRAWDAD datasets. We find that (in general) paper authors cite datasets in a manner that is sufficient for providing credit to dataset authors and also provides access to the datasets that were used. Only 11.5\% of papers did not do so; common problems included (1) citing the canonical papers rather than the dataset, (2) describing the dataset using unclear identifiers, and (3) not providing URLs or pointers to datasets.}, } @InProceedings{cornelius:wearable, author = {Cory Cornelius and Ronald Peterson and Joseph Skinner and Ryan Halter and David Kotz}, title = {{A wearable system that knows who wears it}}, booktitle = {{Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)}}, year = 2014, month = {June}, pages = {55--67}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/2594368.2594369}, URL = {https://www.cs.dartmouth.edu/~kotz/research/cornelius-wearable/index.html}, abstract = {Body-area networks of pervasive wearable devices are increasingly used for health monitoring, personal assistance, entertainment, and home automation. In an ideal world, a user would simply wear their desired set of devices with no configuration necessary: the devices would discover each other, recognize that they are on the same person, construct a secure communications channel, and recognize the user to which they are attached. In this paper we address a portion of this vision by offering a wearable system that unobtrusively recognizes the person wearing it. Because it can recognize the user, our system can properly label sensor data or personalize interactions. \par Our recognition method uses bioimpedance, a measurement of how tissue responds when exposed to an electrical current. By collecting bioimpedance samples using a small wearable device we designed, our system can determine that (a)the wearer is indeed the expected person and (b) the device is physically on the wearer's body. Our recognition method works with 98\% balanced-accuracy under a cross-validation of a day's worth of bioimpedance samples from a cohort of 8 volunteer subjects. We also demonstrate that our system continues to recognize a subset of these subjects even several months later. Finally, we measure the energy requirements of our system as implemented on a Nexus S smart phone and custom-designed module for the Shimmer sensing platform.}, } @Article{mare:hns-j, author = {Shrirang Mare and Jacob Sorber and Minho Shin and Cory Cornelius and David Kotz}, title = {{Hide-n-Sense: preserving privacy efficiently in wireless mHealth}}, journal = {Mobile Networks and Applications (MONET)}, year = 2014, month = {June}, volume = 19, number = 3, pages = {331--344}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, DOI = {10.1007/s11036-013-0447-x}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-hns-j/index.html}, note = {Special issue on Wireless Technology for Pervasive Healthcare}, abstract = {As healthcare in many countries faces an aging population and rising costs, mobile sensing technologies promise a new opportunity. Using mobile health (mHealth) sensing, which uses medical sensors to collect data about the patients, and mobile phones to act as a gateway between sensors and electronic health record systems, caregivers can continuously monitor the patients and deliver better care. Furthermore, individuals can become better engaged in monitoring and managing their own health. Although some work on mHealth sensing has addressed security, achieving strong privacy for low-power sensors remains a challenge. We make three contributions. First, we propose an mHealth sensing protocol that provides strong security and privacy properties at the link layer, with low energy overhead, suitable for low-power sensors. The protocol uses three novel techniques: adaptive security, to dynamically modify transmission overhead; MAC striping, to make forgery difficult even for small-sized Message Authentication Codes; and asymmetric resource requirements, in recognition of the limited resources in tiny mHealth sensors. Second, we demonstrate its feasibility by implementing a prototype on a Chronos wrist device, and evaluating it experimentally. Third, we provide a security, privacy, and energy analysis of our system.}, } @Article{tan:dist, author = {Keren Tan and Chris McDonald and Bennet Vance and Chrisil Arackaparambil and Sergey Bratus and David Kotz}, title = {{From MAP to DIST: the evolution of a large-scale WLAN monitoring system}}, journal = {IEEE Transactions on Mobile Computing}, year = 2014, month = {January}, volume = 13, number = 1, pages = {216--229}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/TMC.2012.237}, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-dist/index.html}, abstract = {The edge of the Internet is increasingly becoming wireless. Therefore, monitoring the wireless edge is important to understanding the security and performance aspects of the Internet experience. We have designed and implemented a large-scale WLAN monitoring system, the Distributed Internet Security Testbed (DIST), at Dartmouth College. It is equipped with distributed arrays of ``sniffers'' that cover 210 diverse campus locations and more than 5,000 users. In this paper, we describe our approach, designs and solutions for addressing the technical challenges that have resulted from efficiency, scalability, security, and management perspectives. We also present extensive evaluation results on a production network, and summarize the lessons learned.}, } @InProceedings{fazio:sampling, author = {Phillip A. Fazio and Keren Tan and David Kotz}, title = {{Effects of network trace sampling methods on privacy and utility metrics}}, booktitle = {{Proceedings of the Annual Workshop on Wireless Systems: Advanced Research and Development (WISARD)}}, year = 2012, month = {January}, pages = {1--8}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/COMSNETS.2012.6151387}, URL = {https://www.cs.dartmouth.edu/~kotz/research/fazio-sampling/index.html}, abstract = {Researchers choosing to share wireless-network traces with colleagues must first anonymize sensitive information, trading off the removal of information in the interest of identity protection and the preservation of useful data within the trace. While several metrics exist to quantify this privacy-utility tradeoff, they are often computationally expensive. Computing these metrics using a \emph{sample} of the trace could potentially save precious time. In this paper, we examine several sampling methods to discover their effects on measurement of the privacy-utility tradeoff when anonymizing network traces. We tested the relative accuracy of several packet and flow-sampling methods on existing privacy and utility metrics. We concluded that, for our test trace, no single sampling method we examined allowed us to accurately measure the tradeoff, and that some sampling methods can produce grossly inaccurate estimates of those values. We call for further research to develop sampling methods that maintain relevant privacy and utility properties.}, } @InProceedings{fazio:netsani, author = {Phil Fazio and Keren Tan and Jihwang Yeo and David Kotz}, title = {{Short Paper: The NetSANI Framework for Analysis and Fine-tuning of Network Trace Sanitization}}, booktitle = {{Proceedings of the ACM Conference on Wireless Network Security (WiSec)}}, year = 2011, month = {June}, pages = {5--10}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1998412.1998416}, URL = {https://www.cs.dartmouth.edu/~kotz/research/fazio-netsani/index.html}, abstract = {Anonymization is critical prior to sharing wireless-network traces within the research community, to protect both personal and organizational sensitive information from disclosure. One difficulty in anonymization, or more generally, sanitization, is that users lack information about the quality of a sanitization result, such as how much privacy risk a sanitized trace may expose, and how much research utility the sanitized trace may retain. We propose a framework, NetSANI, that allows users to analyze and control the privacy/utility tradeoff in network sanitization. NetSANI can accommodate most of the currently available privacy and utility metrics for network trace sanitization. This framework provides a set of APIs for analyzing the privacy/utility tradeoff by comparing the changes in privacy and utility levels of a trace for a sanitization operation. We demonstrate the framework with an quantitative evaluation on wireless-network traces.}, } @Article{kim:anomaly, author = {Minkyong Kim and David Kotz}, title = {{Identifying Unusual Days}}, journal = {Journal of Computing Science and Engineering (JCSE)}, year = 2011, month = {March}, volume = 5, number = 1, pages = {71--84}, publisher = {Korean Institute of Information Scientists and Engineers}, copyright = {KIISE}, DOI = {10.5626/JCSE.2011.5.1.071}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-anomaly/index.html}, abstract = {Pervasive applications such as digital memories or patient monitors collect a vast amount of data. One key challenge in these systems is how to extract interesting or unusual information. Because users cannot anticipate their future interests in the data when the data is stored, it is hard to provide appropriate indexes. As location-tracking technologies, such as global positioning system, have become ubiquitous, digital cameras or other pervasive systems record location information along with the data. In this paper, we present an automatic approach to identify unusual data using location information. Given the location information, our system identifies unusual days, that is, days with unusual mobility patterns. We evaluated our detection system using a real wireless trace, collected at wireless access points, and demonstrated its capabilities. Using our system, we were able to identify days when mobility patterns changed and differentiate days when a user followed a regular pattern from the rest. We also discovered general mobility characteristics. For example, most users had one or more repeating mobility patterns, and repeating mobility patterns did not depend on certain days of the week, except that weekends were different from weekdays.}, } @InProceedings{mare:healthsec11, author = {Shrirang Mare and Jacob Sorber and Minho Shin and Cory Cornelius and David Kotz}, title = {{Adaptive security and privacy for mHealth sensing}}, booktitle = {{Proceedings of the USENIX Workshop on Health Security (HealthSec)}}, year = 2011, month = {August}, numpages = 5, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-healthsec11/index.html}, note = {Short paper.}, abstract = {As healthcare in many countries faces an aging population and rising costs, mobile Health (mHealth) sensing technologies promise a new opportunity. However, the privacy concerns associated with mHealth sensing are a limiting factor for their widespread adoption. The use of wireless body area networks pose a particular challenge. Although there exist protocols that provide a secure and private communication channel between two devices, the large transmission overhead associated with these protocols limit their application to low-power mHealth sensing devices. We propose an adaptive security model that enables use of privacy-preserving protocols in low-power mHealth sensing by reducing the network overhead in the transmissions, while maintaining the security and privacy properties provided by the protocols.}, } @TechReport{mare:hns-tr, author = {Shrirang Mare and Jacob Sorber and Minho Shin and Cory Cornelius and David Kotz}, title = {{Hide-n-Sense: Privacy-aware secure mHealth sensing}}, institution = {Dartmouth Computer Science}, year = 2011, month = {September}, number = {TR2011-702}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-hns-tr/index.html}, abstract = {As healthcare in many countries faces an aging population and rising costs, mobile sensing technologies promise a new opportunity. Using mobile health (mHealth) sensing, which uses medical sensors to collect data about the patients, and mobile phones to act as a gateway between sensors and electronic health record systems, caregivers can continuously monitor the patients and deliver better care. Furthermore, individuals can become better engaged in monitoring and managing their own health. Although some work on mHealth sensing has addressed security, achieving strong privacy for low-power sensors remains a challenge. \par We make three contributions. First, we propose an mHealth sensing protocol that provides strong security and privacy properties with low energy overhead, suitable for low-power sensors. The protocol uses three novel techniques: adaptive security, to dynamically modify transmission overhead; MAC striping, to make forgery difficult even for small-sized MACs; and an asymmetric resource requirement. Second, we demonstrate a prototype on a Chronos wrist device, and evaluate it experimentally. Third, we provide a security, privacy, and energy analysis of our system.}, } @InProceedings{mare:hns-w, author = {Shrirang Mare and Jacob Sorber and Minho Shin and Cory Cornelius and David Kotz}, title = {{Adapt-lite: Privacy-aware, secure, and efficient mHealth sensing}}, booktitle = {{Proceedings of the Workshop on Privacy in the Electronic Society (WPES)}}, year = 2011, month = {October}, pages = {137--142}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/2046556.2046574}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-hns-w/index.html}, abstract = {As healthcare in many countries faces an aging population and rising costs, mobile sensing technologies promise a new opportunity. Using mobile health (mHealth) sensing, which uses medical sensors to collect data about the patients, and mobile phones to act as a gateway between sensors and electronic health record systems, caregivers can continuously monitor the patients and deliver better care. Although some work on mHealth sensing has addressed security, achieving strong security and privacy for low-power sensors remains a challenge. \par We make three contributions. First, we propose Adapt-lite, a set of two techniques that can be applied to existing wireless protocols to make them energy efficient without compromising their security or privacy properties. The techniques are: adaptive security, which dynamically modifies packet overhead; and MAC striping, which makes forgery difficult even for small-sized MACs. Second, we apply these techniques to an existing wireless protocol, and demonstrate a prototype on a Chronos wrist device. Third, we provide security, privacy, and energy analysis of our techniques.}, } @InProceedings{nanda:llbc, author = {Soumendra Nanda and David Kotz}, title = {{Social Network Analysis Plugin (SNAP) for Mesh Networks}}, booktitle = {{Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC)}}, year = 2011, month = {March}, pages = {725--730}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/WCNC.2011.5779252}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-llbc/index.html}, abstract = {In a network, bridging nodes are those nodes that from a topological perspective, are strategically located between highly connected regions of nodes. Thus, they have high values of the Bridging Centrality (BC) metric. We recently introduced the Localized Bridging Centrality (LBC) metric, which can identify such nodes via distributed computation, yet has an accuracy equal to that of the centralized BC metric. The LBC and BC metrics are based on the Social Network Analysis (SNA) metric ``betweenness centrality''. We now introduce a new SNA metric that is more suitable for use in wireless mesh networks: the Localized Load-aware Bridging Centrality (LLBC) metric. The LLBC metric improves upon LBC by detecting critical bridging nodes while taking into account the actual traffic flows present in a mesh network. We only use local information from surrounding nodes to compute the LLBC metric, thus our LLBC metric is designed for scalable distributed computation and distributed network analysis. We developed the SNA Plugin (SNAP) for the Optimized Link State Routing (OLSR) protocol to study the potential use of LBC and LLBC in improving multicast communications. We present some promising initial results for SNAP from real and emulated mesh networks. SNAP is open source and free for academic use.}, } @InCollection{song:chapter, author = {Libo Song and David F. Kotz}, title = {{Routing in Mobile Opportunistic Networks}}, booktitle = {{Mobile Opportunistic Networks}}, editor = {Mieso K. Denko}, year = 2011, chapter = 1, pages = {1--24}, publisher = {Taylor \& Francis}, copyright = {Taylor \& Francis}, ISBN13 = {978-1-4200-8813-7}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-chapter/index.html}, } @TechReport{tan:crf-tr, author = {Keren Tan and Guanhua Yan and Jihwang Yeo and David Kotz}, title = {{Privacy Analysis of User Association Logs in a Large-scale Wireless LAN}}, institution = {Dartmouth Computer Science}, year = 2011, month = {January}, number = {TR2011-679}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-crf-tr/index.html}, abstract = {User association logs collected from a large-scale wireless LAN record where and when a user has used the network. Such information plays an important role in wireless network research. One concern of sharing these data with other researchers, however, is that the logs pose potential privacy risks for the network users. Today, the common practice in sanitizing these data before releasing them to the public is to anonymize users' sensitive information, such as their devices' MAC addresses and their exact association locations. In this work, we demonstrate that such sanitization measures are insufficient to protect user privacy because the differences between user association behaviors can be modeled and many are distinguishable. By simulating an adversary's role, we propose a novel type of correlation attack in which the adversary uses the anonymized association log to build signatures against each user, and when combined with auxiliary information, such signatures can help to identify users within the anonymized log. On a user association log that contains more than four thousand users and millions of association records, we demonstrate that this attack technique is able to pinpoint the victim's identity exactly with a probability as high as 70\%, and narrow it down to a set of 20 candidates with a probability close to 100\%. We further evaluate the effectiveness of standard anonymization techniques, including generalization and perturbation, in mitigating this correlation attack; our experimental results reveal only limited success of these methods, suggesting that more thorough treatment is needed when anonymizing wireless user association logs before public release.}, } @InProceedings{tan:crf, author = {Keren Tan and Guanhua Yan and Jihwang Yeo and David Kotz}, title = {{Privacy analysis of user association logs in a large-scale wireless LAN}}, booktitle = {{Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM) mini-conference}}, year = 2011, month = {April}, pages = {31--35}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/INFCOM.2011.5935168}, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-crf/index.html}, abstract = {User association logs collected from a large-scale wireless LAN record where and when a user has used the network. Such information plays an important role in wireless network research. One concern of sharing these data with other researchers, however, is that the logs pose potential privacy risks for the network users. Today, the common practice in sanitizing these data before releasing them to the public is to anonymize users' sensitive information, such as their devices' MAC addresses and their exact association locations. In this work, we aim to study whether such sanitization measures are sufficient to protect user privacy. By simulating an adversary's role, we propose a novel type of correlation attack in which the adversary uses the anonymized association log to build signatures against each user, and when combined with auxiliary information, such signatures can help to identify users within the anonymized log. Using a user association log that contains more than four thousand users and millions of association records, we demonstrate that this attack technique, under certain circumstances, is able to pinpoint the victim's identity exactly with a probability as high as 70\%, or narrow it down to a set of 20 candidates with a probability close to 100\%. We further evaluate the effectiveness of standard anonymization techniques, including generalization and perturbation, in mitigating correlation attacks; our experimental results reveal only limited success of these methods, suggesting that more thorough treatment is needed when anonymizing wireless user association logs before public release.}, } @InCollection{tan:survey, author = {Keren Tan and Jihwang Yeo and Michael E. Locasto and David Kotz}, title = {{Catch, Clean, and Release: A Survey of Obstacles and Opportunities for Network Trace Sanitization}}, booktitle = {{Privacy-Aware Knowledge Discovery: Novel Applications and New Techniques}}, editor = {Francesco Bonchi and Elena Ferrari}, year = 2011, month = {January}, chapter = 5, pages = {111--141}, publisher = {Chapman and Hall/CRC Press}, copyright = {Chapman and Hall/CRC Press}, ISBN13 = 9781439803653, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-survey/index.html}, abstract = {Network researchers benefit tremendously from access to traces of production networks, and several repositories of such network traces exist. By their very nature, these traces capture sensitive business and personal activity. Furthermore, network traces contain significant operational information about the target network, such as its structure, identity of the network provider, or addresses of important servers. To protect private or proprietary information, researchers must ``sanitize'' a trace before sharing it. \par In this chapter, we survey the growing body of research that addresses the risks, methods, and evaluation of network trace sanitization. Research on the risks of network trace sanitization attempts to extract information from published network traces, while research on sanitization methods investigates approaches that may protect against such attacks. Although researchers have recently proposed both quantitative and qualitative methods to evaluate the effectiveness of sanitization methods, such work has several shortcomings, some of which we highlight in a discussion of open problems. Sanitizing a network trace, however challenging, remains an important method for advancing network--based research.}, } @TechReport{fazio:thesis, author = {Phillip A. Fazio}, title = {{Effects of network trace sampling methods on privacy and utility metrics}}, institution = {Dartmouth College, Computer Science}, year = 2011, month = {June}, number = {TR2011-697}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/fazio-thesis/index.html}, abstract = {Researchers studying computer networks rely on the availability of traffic trace data collected from live production networks. Those choosing to share trace data with colleagues must first remove or otherwise anonymize sensitive information. This process, called sanitization, represents a tradeoff between the removal of information in the interest of identity protection and the preservation of data within the trace that is most relevant to researchers. While several metrics exist to quantify this privacy-utility tradeoff, they are often computationally expensive. Computing these metrics using a sample of the trace, rather than the entire input trace, could potentially save precious time and space resources, provided the accuracy of these values does not suffer. In this paper, we examine several simple sampling methods to discover their effects on measurement of the privacy-utility tradeoff when anonymizing network traces prior to their sharing or publication. After sanitizing a small sample trace collected from the Dartmouth College wireless network, we tested the relative accuracy of a variety of previously implemented packet and flow-sampling methods on a few existing privacy and utility metrics. This analysis led us to conclude that, for our test trace, no single sampling method we examined allowed us to accurately measure the trade-off, and that some sampling methods can produce grossly inaccurate estimates of those values. We were unable to draw conclusions on the use of packet versus flow sampling in these instances.}, } @PhdThesis{tan:thesis, author = {Keren Tan}, title = {{Large-scale Wireless Local-area Network Measurement and Privacy Analysis}}, school = {Dartmouth College Computer Science}, year = 2011, month = {August}, copyright = {Keren Tan}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2011-703}, abstract = {The edge of the Internet is increasingly becoming wireless. Understanding the wireless edge is therefore important for understanding the performance and security aspects of the Internet experience. This need is especially necessary for enterprise-wide wireless local-area networks (WLANs) as organizations increasingly depend on WLANs for mission-critical tasks. To study a live production WLAN, especially a large-scale network, is a difficult undertaking. Two fundamental difficulties involved are (1) building a scalable network measurement infrastructure to collect traces from a large-scale production WLAN, and (2) preserving user privacy while sharing these collected traces to the network research community. In this dissertation, we present our experience in designing and implementing one of the largest distributed WLAN measurement systems in the United States, the Dartmouth Internet Security Testbed (DIST), with a particular focus on our solutions to the challenges of efficiency, scalability, and security. We also present an extensive evaluation of the DIST system. To understand the severity of some potential trace-sharing risks for an enterprise-wide large-scale wireless network, we conduct privacy analysis on one kind of wireless network traces, a user-association log, collected from a large-scale WLAN. We introduce a machine-learning based approach that can extract and quantify sensitive information from a user-association log, even though it is sanitized. Finally, we present a case study that evaluates the tradeoff between utility and privacy on WLAN trace sanitization.}, } @TechReport{arackaparambil:clock-skew-tr, author = {Chrisil Arackaparambil and Sergey Bratus and Anna Shubina and David Kotz}, title = {{On the Reliability of Wireless Fingerprinting using Clock Skews}}, institution = {Dartmouth Computer Science}, year = 2010, month = {January}, number = {TR2010-661}, copyright = {the authors}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/arackaparambil-clock-skew-tr/index.html}, abstract = {Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potential vulnerabilities in themselves. We show that measurement of clock skews of access points in an 802.11 network can be useful in this regard, since it provides fingerprints of the devices. Such fingerprints can be used to establish the first point of trust for client stations wishing to connect to an access point. Fingerprinting can also be used in the detection of fake access points. We demonstrate deficiencies of previously studied methods that measure clock skews in 802.11 networks by means of an attack that spoofs clock skews. We then provide means to overcome those deficiencies, thereby improving the reliability of fingerprinting. Finally, we show how to perform the clock-skew arithmetic that enables network providers to publish clock skews of their access points for use by clients.}, } @InProceedings{arackaparambil:clock-skew, author = {Chrisil Arackaparambil and Sergey Bratus and Anna Shubina and David Kotz}, title = {{On the Reliability of Wireless Fingerprinting using Clock Skews}}, booktitle = {{Proceedings of the ACM Conference on Wireless Network Security (WiSec)}}, year = 2010, month = {March}, numpages = 6, pages = {169--174}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1741866.1741894}, URL = {https://www.cs.dartmouth.edu/~kotz/research/arackaparambil-clock-skew/index.html}, abstract = {Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potential vulnerabilities in themselves. We show that measurement of clock skews of access points in an 802.11 network can be useful in this regard, since it provides fingerprints of the devices. Such fingerprints can be used to establish the first point of trust for client stations wishing to connect to an access point. Fingerprinting can also be used in the detection of fake access points. \par We demonstrate deficiencies of previously studied methods that measure clock skews in 802.11 networks by means of an attack that spoofs clock skews. We then provide means to overcome those deficiencies, thereby improving the reliability of fingerprinting. Finally, we show how to perform the clock-skew arithmetic that enables network providers to publish clock skews of their access points for use by clients.}, } @InProceedings{mare:models, author = {Shrirang Mare and David Kotz and Anurag Kumar}, title = {{Experimental Validation of Analytical Performance Models for IEEE 802.11 Networks}}, booktitle = {{Proceedings of the Workshop on WIreless Systems: Advanced Research and Development (WISARD)}}, year = 2010, month = {January}, pages = {1--8}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/COMSNETS.2010.5431957}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mare-models/index.html}, abstract = {We consider the simplest IEEE 802.11 WLAN networks for which analytical models are available and seek to provide an experimental validation of these models. Our experiments include the following cases: (i) two nodes with saturated queues, sending fixed-length UDP packets to each other, and (ii) a TCP-controlled transfer between two nodes. Our experiments are based entirely on Aruba AP-70 access points operating under Linux. We report our observations on certain non-standard behavior of the devices. In cases where the devices adhere to the standards, we find that the results from the analytical models estimate the experimental data with a mean error of 3-5\%.}, } @InProceedings{tan:crf-s3, author = {Keren Tan and Guanhua Yan and Jihwang Yeo and David Kotz}, title = {{A Correlation Attack Against User Mobility Privacy in a Large-scale WLAN network}}, booktitle = {{Proceedings of the ACM MobiCom S3 workshop}}, year = 2010, month = {September}, pages = {33--35}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1860039.1860050}, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-crf-s3/index.html}, abstract = {User association logs collected from real-world wireless LANs have facilitated wireless network research greatly. To protect user privacy, the common practice in sanitizing these data before releasing them to the public is to anonymize users' sensitive information such as the MAC addresses of their devices and their exact association locations. In this work,we demonstrate that these sanitization measures are insufficient in protecting user privacy from a novel type of correlation attack that is based on CRF (Conditional Random Field). In such a correlation attack, the adversary observes the victim's AP (Access Point) association activities for a short period of time and then infers her corresponding identity in a released user association dataset. Using a user association log that contains more than three thousand users and millions of AP association records, we demonstrate that the CRF-based technique is able to pinpoint the victim's identity exactly with a probability as high as 70\%.}, } @InProceedings{tan:saluki, author = {Keren Tan and David Kotz}, title = {{Saluki: a High-Performance Wi-Fi Sniffing Program}}, booktitle = {{Proceedings of the International Workshop on Wireless Network Measurements (WiNMee)}}, year = 2010, month = {May}, pages = {591--596}, publisher = {IEEE}, copyright = {IEEE}, URL = {https://www.cs.dartmouth.edu/~kotz/research/tan-saluki/index.html}, note = {Invited paper}, abstract = {Building a campus-wide wireless LAN measurement system faces many efficiency, scalability and security challenges. To address these challenges, we developed a distributed Wi-Fi sniffing program called Saluki. Compared to our previous implementation and to other available sniffing programs, Saluki has the following advantages: (1) its small footprint makes it suitable for a resource-constrained Linux platform, such as those in commercial Wi-Fi access points; (2) the frame-capture rate increased more than three-fold over tcpdump with minimal frame loss; (3) all traffic between this sniffer and the back-end server was secured using 128-bit encryption; and (4) the traffic load on the backbone network was reduced to only 30\% of that in our previous implementation. In this paper, we introduce the design and the implementation details of this high-performance sniffing program, along with preliminary evaluation results.}, } @InProceedings{bratus:dist-cset, author = {Sergey Bratus and David Kotz and Keren Tan and William Taylor and Anna Shubina and Bennet Vance and Michael E. Locasto}, title = {{Dartmouth Internet Security Testbed (DIST): building a campus-wide wireless testbed}}, booktitle = {{Proceedings of the Workshop on Cyber Security Experimentation and Test (CSET)}}, year = 2009, month = {August}, numpages = 6, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bratus-dist-cset/index.html}, abstract = {We describe our experiences in deploying a campus-wide wireless security testbed. The testbed gives us the capability to monitor security-related aspects of the 802.11 MAC layer in over 200 diverse campus locations. We describe both the technical and the social challenges of designing, building, and deploying such a system, which, to the best of our knowledge, is the largest such testbed in academia (with the UCSD's Jigsaw infrastructure a close competitor). In this paper we focus on the \emph{testbed setup}, rather than on the experimental data and results.}, } @TechReport{nanda:combined-tr2, author = {Soumendra Nanda and Zhenhui Jiang and David Kotz}, title = {{A Combined Routing Method for Ad Hoc Wireless Networks}}, institution = {Dartmouth Computer Science}, year = 2009, month = {February}, number = {TR2009-641}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-combined-tr2/index.html}, abstract = {Several simulation and real world studies show that certain ad hoc routing protocols perform better than others under specific mobility and traffic patterns. In order to exploit this phenomena, we propose a novel approach to adapt a network to changing conditions; we introduce ``a combined routing method'' that allows the network to seamlessly swap from one routing protocol to another protocol dynamically, while routing continues uninterrupted. By creating a thin new virtual layer, we enable each node in the ad hoc wireless network notify each other about the protocol swap and we do not make any changes to existing routing protocols. To ensure that routing works efficiently after the protocol swap, we reuse information from the previous protocol's routing table while initializing the data structures for the new routing protocol. We study the feasibility of our technique and the overheads incurred while swapping between AODV, ODMRP and APRL under different network topologies and traffic patterns through detailed simulations. Our results show that the swap latency is related to the nature of the destination protocol and the topology of the network. We also find that the control packet ratio of a routing protocol during and after a swap is close to that of the protocol running before a swap, thus indicating that our approach does not add excessive overhead.}, } @TechReport{yeo:poll-tr, author = {Jihwang Yeo and Keren Tan and David Kotz}, title = {{User survey regarding the needs of network researchers in trace-anonymization tools}}, institution = {Dartmouth Computer Science}, year = 2009, month = {November}, number = {TR2009-658}, copyright = {the authors}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/yeo-poll-tr/index.html}, abstract = {To understand the needs of network researchers in an anonymization tool, we conducted a survey on the network researchers. We invited network researchers world-wide to the survey by sending invitation emails to well-known mailing lists whose subscribers may be interested in network research with collecting, sharing and sanitizing network traces.}, } @Misc{kotz:dartmouth-campus-20090909, author = {David Kotz and Tristan Henderson and Ilya Abyzov and Jihwang Yeo}, title = {{CRAWDAD dataset dartmouth/campus (v. 2009-09-09)}}, howpublished = {Available for download on IEEE DataPort}, year = 2009, month = {September}, copyright = {the authors}, DOI = {10.15783/C7F59T}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-dartmouth-campus-20090909/index.html}, abstract = {This dataset includes syslog, SNMP, and tcpdump data for 5 years or more, for over 450 access points and several thousand users at Dartmouth College.}, } @TechReport{bratus:fingerprint-tr, author = {Sergey Bratus and Cory Cornelius and Daniel Peebles and David Kotz}, title = {{Active Behavioral Fingerprinting of Wireless Devices}}, institution = {Dartmouth Computer Science}, year = 2008, month = {March}, number = {TR2008-610}, copyright = {the authors}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bratus-fingerprint-tr/index.html}, abstract = {We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate that such responses can differ significantly enough to distinguish between a number of popular chipsets and drivers. We expect to significantly expand the number of recognized device types through community contributions of signature data for the proposed open fingerprinting framework. Our method complements known fingerprinting approaches, and can be used to interrogate and spot devices that may be spoofing their MAC addresses in order to conceal their true architecture from other stations, such as a fake AP seeking to engage clients in complex protocol frame exchange (e.g., in order to exploit a driver vulnerability). In particular, it can be used to distinguish rogue APs from legitimate APs before association.}, } @InProceedings{bratus:fingerprint, author = {Sergey Bratus and Cory Cornelius and David Kotz and Dan Peebles}, title = {{Active Behavioral Fingerprinting of Wireless Devices}}, booktitle = {{Proceedings of the ACM Conference on Wireless Network Security (WiSec)}}, year = 2008, month = {March}, pages = {56--61}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1352533.1352543}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bratus-fingerprint/index.html}, abstract = {We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate that such responses can differ significantly enough to distinguish between a number of popular chipsets and drivers. We expect to significantly expand the number of recognized device types through community contributions of signature data for the proposed open fingerprinting framework. Our method complements known fingerprinting approaches, and can be used to interrogate and spot devices that may be spoofing their MAC addresses in order to conceal their true architecture from other stations, such as a fake AP seeking to engage clients in complex protocol frame exchange (e.g., in order to exploit a driver vulnerability). In particular, it can be used to distinguish rogue APs from legitimate APs before association.}, } @InProceedings{bratus:streaming-poster, author = {Sergey Bratus and Joshua Brody and David Kotz and Anna Shubina}, title = {{Streaming Estimation of Information-theoretic Metrics for Anomaly Detection (Extended Abstract)}}, booktitle = {{Proceedings of the International Symposium on Recent Advances in Intrusion Detection--- Posters}}, series = {Lecture Notes in Computer Science}, year = 2008, month = {September}, volume = 5230, pages = {412--414}, publisher = {Springer-Verlag}, copyright = {Springer}, address = {Cambridge, MA}, DOI = {10.1007/978-3-540-87403-4_32}, URL = {https://www.cs.dartmouth.edu/~kotz/research/bratus-streaming-poster/index.html}, abstract = {Information-theoretic metrics hold great promise for modeling traffic and detecting anomalies if only they could be computed in an efficient, scalable ways. Recent advances in streaming estimation algorithms give hope that such computations can be made practical. We describe our work in progress that aims to use streaming algorithms on 802.11a/b/g link layer (and above) features and feature pairs to detect anomalies.}, } @InProceedings{deshpande:refocusing, author = {Udayan Deshpande and Chris McDonald and David Kotz}, title = {{Refocusing in 802.11 Wireless Measurement}}, booktitle = {{Proceedings of the Passive and Active Measurement Conference (PAM 2008)}}, series = {Lecture Notes in Computer Science}, year = 2008, month = {April}, volume = 4979, pages = {142--151}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, DOI = {10.1007/978-3-540-79232-1_15}, URL = {https://www.cs.dartmouth.edu/~kotz/research/deshpande-refocusing/index.html}, abstract = {The edge of the Internet is increasingly wireless. To understand the Internet, one must understand the edge, and yet the measurement of wireless networks poses many new challenges. IEEE 802.11 networks support multiple wireless channels and any monitoring technique involves capturing traffic on each of these channels to gather a representative sample of frames from the network. We call this procedure \emph{channel sampling}, in which each sniffer visits each channel periodically, resulting in a sample of the traffic on each of the channels. \par This sampling approach may be sufficient, for example, for a system administrator or anomaly detection module to observe some unusual behavior in the network. Once an anomaly is detected, however, the administrator may require a more extensive traffic sample, or need to identify the location of an offending device. \par We propose a method to allow measurement applications to dynamically modify the sampling strategy, \emph{refocusing} the monitoring system to pay more attention to certain types of traffic than others. In this paper we show that refocusing is a necessary and promising new technique for wireless measurement.}, } @Article{henderson:jvoice, author = {Tristan Henderson and David Kotz and Ilya Abyzov}, title = {{The Changing Usage of a Mature Campus-wide Wireless Network}}, journal = {Computer Networks}, year = 2008, month = {October}, volume = 52, number = 14, pages = {2690--2712}, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.comnet.2008.05.003}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-jvoice/index.html}, abstract = {Wireless Local Area Networks (WLANs) are now commonplace on many academic and corporate campuses. As ``Wi-Fi'' technology becomes ubiquitous, it is increasingly important to understand trends in the usage of these networks. This paper analyzes an extensive network trace from a mature 802.11 WLAN, including more than 550 access points and 7000 users over seventeen weeks. We employ several measurement techniques, including syslog messages, telephone records, SNMP polling and tcpdump packet captures. This is the largest WLAN study to date, and the first to look at a mature WLAN. We compare this trace to a trace taken after the network's initial deployment two years prior. \par We found that the applications used on the WLAN changed dramatically, with significant increases in peer-to-peer and streaming multimedia traffic. Despite the introduction of a Voice over IP (VoIP) system that includes wireless handsets, our study indicates that VoIP has been used little on the wireless network thus far, and most VoIP calls are made on the wired network. \par We saw greater heterogeneity in the types of clients used, with more embedded wireless devices such as PDAs and mobile VoIP clients. We define a new metric for mobility, the ``session diameter''. We use this metric to show that embedded devices have different mobility characteristics than laptops, and travel further and roam to more access points. Overall, users were surprisingly non-mobile, with half remaining close to home about 98\% of the time.}, } @Article{nanda:jmeshmon, author = {Soumendra Nanda and David Kotz}, title = {{Mesh-Mon: A Multi-Radio Mesh Monitoring and Management System}}, journal = {Computer Communications}, year = 2008, month = {May}, volume = 31, number = 8, pages = {1588--1601}, publisher = {Elsevier}, copyright = {Elsevier}, DOI = {10.1016/j.comcom.2008.01.046}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-jmeshmon/index.html}, abstract = {Mesh networks are a potential solution for providing communication infrastructure in an emergency. They can be rapidly deployed by first responders in the wake of a major disaster to augment an existing wireless or wired network. We imagine a mesh node with multiple radios embedded in each emergency vehicle arriving at the site to form the backbone of a mobile wireless mesh. The ability of such a mesh network to monitor itself, diagnose faults and anticipate problems are essential features for its sustainable operation. Typical SNMP-based centralized solutions introduce a single point of failure and are unsuitable for managing such a network. \emph{Mesh-Mon} is a decentralized monitoring and management system designed for such a mobile, rapidly-deployed, unplanned mesh network and works independently of the underlying mesh routing protocol. Mesh-Mon nodes are designed to actively cooperate and use localized algorithms to predict, detect, diagnose and resolve network problems in a scalable manner. Mesh-Mon is independent of the underlying routing protocol and can operate even if the mesh routing protocol completely fails. A novel aspect of our approach is that we employ mobile users of the mesh, running software called \emph{Mesh-Mon-Ami} to ferry management packets between physically-disconnected partitions in a delay-tolerant network manner. The main contributions of this paper are the design, implementation and evaluation of a comprehensive monitoring and management architecture that helps a network administrator proactively identify, diagnose and resolve a range of issues that can occur in a dynamic mesh network. In experiments on \emph{Dart-Mesh}, our 16-node indoor mesh testbed, we found Mesh-Mon to be effective in quickly diagnosing and resolving a variety of problems with high accuracy, without adding significant management overhead.}, } @TechReport{nanda:lbc-tr, author = {Soumendra Nanda and David Kotz}, title = {{Localized Bridging Centrality for Distributed Network Analysis}}, institution = {Dartmouth Computer Science}, year = 2008, month = {January}, number = {TR2008-612}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-lbc-tr/index.html}, abstract = {Centrality is a concept often used in social network analysis to study different properties of networks that are modeled as graphs. We present a new centrality metric called Localized Bridging Centrality (LBC). LBC is based on the Bridging Centrality (BC) metric that Hwang et al. recently introduced. Bridging nodes are nodes that are located in between highly connected regions. LBC is capable of identifying bridging nodes with an accuracy comparable to that of the BC metric for most networks. As the name suggests, we use only local information from surrounding nodes to compute the LBC metric, while, global knowledge is required to calculate the BC metric. The main difference between LBC and BC is that LBC uses the egocentric definition of betweenness centrality to identify bridging nodes, while BC uses the sociocentric definition of betweenness centrality. Thus, our LBC metric is suitable for distributed computation and has the benefit of being an order of magnitude faster to calculate in computational complexity. We compare the results produced by BC and LBC in three examples. We applied our LBC metric for network analysis of a real wireless mesh network. Our results indicate that the LBC metric is as powerful as the BC metric at identifying bridging nodes that have a higher flow of information through them (assuming a uniform distribution of network flows) and are important for the robustness of the network.}, } @InProceedings{nanda:lbc, author = {Soumendra Nanda and David Kotz}, title = {{Localized Bridging Centrality for Distributed Network Analysis}}, booktitle = {{Proceedings of the International Conference on Computer Communications and Networks (ICCCN)}}, year = 2008, month = {August}, pages = {1--6}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/ICCCN.2008.ECP.31}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-lbc/index.html}, abstract = {Centrality is a concept often used in social network analysis to study different properties of networks that are modeled as graphs. We present a new centrality metric called Localized Bridging Centrality (LBC). LBC is based on the Bridging Centrality (BC) metric that Hwang et al. recently introduced. Bridging nodes are nodes that are strategically located in between highly connected regions. LBC is capable of identifying bridging nodes with an accuracy comparable to that of the BC metric for most networks. As the name suggests, we use only local information from surrounding nodes to compute the LBC metric, whereas, global knowledge is required to calculate the BC metric. The main difference between LBC and BC is that LBC uses the egocentric definition of betweenness centrality to identify bridging nodes, while BC uses the sociocentric definition of betweenness centrality. Thus, our LBC metric is suitable for distributed or parallel computation and has the benefit of being an order of magnitude faster to calculate in computational complexity. We compare the results produced by BC and LBC in three examples. We applied our LBC metric for network analysis of a real wireless mesh network. Our results indicate that the LBC metric is as powerful as the BC metric at identifying bridging nodes. The LBC metric is thus an important tool that can help network administrators identify critical nodes that are important for the robustness of the network in a distributed manner.}, } @Article{sheng:map, author = {Yong Sheng and Guanling Chen and Hongda Yin and Keren Tan and Udayan Deshpande and Bennet Vance and David Kotz and Andrew Campbell and Chris McDonald and Tristan Henderson and Joshua Wright}, title = {{MAP: A scalable monitoring system for dependable 802.11 wireless networks}}, journal = {IEEE Wireless Communications}, year = 2008, month = {October}, volume = 15, number = 5, pages = {10--18}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MWC.2008.4653127}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sheng-map/index.html}, abstract = {Many enterprises have deployed 802.11 wireless networks for mission-critical operations; these networks must be protected for dependable access. This paper introduces project MAP, which includes a scalable 802.11 measurement system that can provide continuous monitoring of wireless traffic to quickly identify threats and attacks. We discuss the MAP system architecture, design decisions, and evaluation results from a real testbed.}, } @InProceedings{sheng:spoofing, author = {Yong Sheng and Keren Tan and Guanling Chen and David Kotz and Andrew Campbell}, title = {{Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength}}, booktitle = {{Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM)}}, year = 2008, month = {April}, pages = {1768--1776}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/INFOCOM.2007.239}, URL = {https://www.cs.dartmouth.edu/~kotz/research/sheng-spoofing/index.html}, abstract = {MAC addresses can be easily spoofed in 802.11 wireless LANs. An adversary can exploit this vulnerability to launch a large number of attacks. For example, an attacker may masquerade as a legitimate access point to disrupt network services or to advertise false services, tricking nearby wireless stations. On the other hand, the received signal strength (RSS) is a measurement that is hard to forge arbitrarily and it is highly correlated to the transmitter's location. Assuming the attacker and the victim are separated by a reasonable distance, RSS can be used to differentiate them to detect MAC spoofing, as recently proposed by several researchers. \par By analyzing the RSS pattern of typical 802.11 transmitters in a 3-floor building covered by 20 air monitors, we observed that the RSS readings followed a mixture of multiple Gaussian distributions. We discovered that this phenomenon was mainly due to \emph{antenna diversity}, a widely-adopted technique to improve the stability and robustness of wireless connectivity. This observation renders existing approaches ineffective because they assume a single RSS source. We propose an approach based on Gaussian mixture models, building RSS profiles for spoofing detection. Experiments on the same testbed show that our method is robust against antenna diversity and significantly outperforms existing approaches. At a 3\% false positive rate, we detect 73.4\%, 89.6\% and 97.8\% of attacks using the three proposed algorithms, based on local statistics of a single AM, combining local results from AMs, and global multi-AM detection, respectively.}, } @Article{yeo:crawdad-2007, author = {Jihwang Yeo and David Kotz and Tristan Henderson}, title = {{Workshop report --- CRAWDAD Workshop 2007}}, journal = {ACM SIGCOMM Computer Communication Review}, year = 2008, month = {July}, volume = 38, number = 3, pages = {79--82}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1384609.1384619}, URL = {https://www.cs.dartmouth.edu/~kotz/research/yeo-crawdad-2007/index.html}, abstract = {Wireless network researchers are hungry for data about how real users, applications, and devices use real networks under real network conditions. CRAWDAD, the Community Resource for Archiving Wireless Data at Dartmouth, is an NSF-funded project that is building a wireless network data archive for the research community. We host wireless data, and provide tools and documents to make it easy to collect and use wireless network data. We hope that this resource will help researchers to identify and evaluate real and interesting problems in mobile and pervasive computing. This report outlines the CRAWDAD project and summarizes the third CRAWDAD workshop, held at MobiCom 2007.}, } @PhdThesis{deshpande:thesis, author = {Udayan Deshpande}, title = {{A Dynamically Refocusable Sampling Infrastructure for 802.11 Networks}}, school = {Dartmouth College Computer Science}, year = 2008, month = {May}, copyright = {Udayan Deshpande}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/deshpande-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2008-620}, abstract = {The edge of the Internet is increasingly wireless. Enterprises large and small, homeowners, and even whole cities have deployed Wi-Fi networks for their users, and many users never need to--- or never bother to--- use the wired network. With the advent of high-throughput wireless networks (such as 802.11n) some new construction, even of large enterprise buildings, may no longer be wired for Ethernet. To understand Internet traffic, then, we need to understand the wireless edge. Measuring Wi-Fi traffic, however, is challenging. It is insufficient to capture traffic in the access points, or upstream of the access points, because the activity of neighboring networks, ad hoc networks, and physical interference cannot be seen at that level. To truly understand the MAC-layer behavior, we need to capture frames from the air using Air Monitors (AMs) placed in the vicinity of the network. Such a capture is always a sample of the network activity, since it is physically impossible to capture a full trace: all frames from all channels at all times in all places. We have built a monitoring infrastructure that captures frames from the 802.11 network. This infrastructure includes several ``channel sampling'' strategies that will capture representative traffic from the network. Further, the monitoring infrastructure needs to modify its behavior according to feedback received from the downstream consumers of the captured traffic in case the analysis needs traffic of a certain type. We call this technique ``refocusing''. The ``coordinated sampling'' technique improves the efficiency of the monitoring by utilizing the AMs intelligently. Finally, we deployed this measurement infrastructure within our Computer Science building to study the performance of the system with real network traffic.}, } @PhdThesis{nanda:thesis, author = {Soumendra Nanda}, title = {{Mesh-Mon: a Monitoring and Management System for Wireless Mesh Networks}}, school = {Dartmouth College Computer Science}, year = 2008, month = {May}, copyright = {Soumendra Nanda}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2008-619}, abstract = {A mesh network is a network of wireless routers that employ multi-hop routing and can be used to provide network access for mobile clients. Mobile mesh networks can be deployed rapidly to provide an alternate communication infrastructure for emergency response operations in areas with limited or damaged infrastructure. \par In this dissertation, we present Dart-Mesh: a Linux-based layer-3 dual-radio two-tiered mesh network that provides complete 802.11b coverage in the Sudikoff Lab for Computer Science at Dartmouth College. We faced several challenges in building, testing, monitoring and managing this network. These challenges motivated us to design and implement Mesh-Mon, a network monitoring system to aid system administrators in the management of a mobile mesh network. Mesh-Mon is a scalable, distributed and decentralized management system in which mesh nodes cooperate in a proactive manner to help detect, diagnose and resolve network problems automatically. Mesh-Mon is independent of the routing protocol used by the mesh routing layer and can function even if the routing protocol fails. We demonstrate this feature by running Mesh-Mon on two versions of Dart-Mesh, one running on AODV (a reactive mesh routing protocol) and the second running on OLSR (a proactive mesh routing protocol) in separate experiments. \par Mobility can cause links to break, leading to disconnected partitions. We identify critical nodes in the network, whose failure may cause a partition. We introduce two new metrics based on social-network analysis: the Localized Bridging Centrality (LBC) metric and the Localized Load-aware Bridging Centrality (LLBC) metric, that can identify critical nodes efficiently and in a fully distributed manner. \par We run a monitoring component on client nodes, called Mesh-Mon-Ami, which also assists Mesh-Mon nodes in the dissemination of management information between physically disconnected partitions, by acting as carriers for management data. \par We conclude, from our experimental evaluation on our 16-node Dart-Mesh testbed, that our system solves several management challenges in a scalable manner, and is a useful and effective tool for monitoring and managing real-world mesh networks.}, } @PhdThesis{song:thesis, author = {Libo Song}, title = {{Evaluating Mobility Predictors in Wireless Networks for Improving Handoff and Opportunistic Routing}}, school = {Dartmouth College Computer Science}, year = 2008, month = {January}, copyright = {Libo Song}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2008-611}, abstract = {We evaluate mobility predictors in wireless networks. Handoff prediction in wireless networks has long been considered as a mechanism to improve the quality of service provided to mobile wireless users. Most prior studies, however, were based on theoretical analysis, simulation with synthetic mobility models, or small wireless network traces. We study the effect of mobility prediction for a large realistic wireless situation. We tackle the problem by using traces collected from a large production wireless network to evaluate several major families of handoff-location prediction techniques, a set of handoff-time predictors, and a predictor that jointly predicts handoff location and time. We also propose a fallback mechanism, which uses a lower-order predictor whenever a higher-order predictor fails to predict. We found that low-order Markov predictors, with our proposed fallback mechanisms, performed as well or better than the more complex and more space-consuming compression-based handoff-location predictors. Although our handoff-time predictor had modest prediction accuracy, in the context of mobile voice applications we found that bandwidth reservation strategies can benefit from the combined location and time handoff predictor, significantly reducing the call-drop rate without significantly increasing the call-block rate. We also developed a prediction-based routing protocol for mobile opportunistic networks. We evaluated and compared our protocol's performance to five existing routing protocols, using simulations driven by real mobility traces. We found that the basic routing protocols are not practical for large-scale opportunistic networks. Prediction-based routing protocols trade off the message delivery ratio against resource usage and performed well and comparable to each other.}, } @InProceedings{deshpande:coordinated, author = {Udayan Deshpande and Chris McDonald and David Kotz}, title = {{Coordinated Sampling to Improve the Efficiency of Wireless Network Monitoring}}, booktitle = {{Proceedings of the IEEE International Conference on Networks (ICON)}}, year = 2007, month = {November}, pages = {353--358}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/ICON.2007.4444112}, URL = {https://www.cs.dartmouth.edu/~kotz/research/deshpande-coordinated/index.html}, abstract = {Wireless networks are deployed in home, university, business, military and hospital environments, and are increasingly used for mission-critical applications like VoIP or financial applications. Monitoring the health of these networks, whether it is for failure, coverage or attacks, is important in terms of security, connectivity, cost, and performance. \par Effective monitoring of wireless network traffic, using commodity hardware, is a challenging task due to the limitations of the hardware. IEEE 802.11 networks support multiple channels, and a wireless interface can monitor only a single channel at one time. Thus, capturing all frames passing an interface on all channels is an impossible task, and we need strategies to capture the most representative sample. \par When a large geographic area is to be monitored, several monitoring stations must be deployed, and these will typically overlap in their area of coverage. The competing goals of effective wireless monitoring are to capture as many frames as possible, while minimizing the number of those frames that are captured redundantly by more than one monitoring station. Both goals may be addressed with a sampling strategy that directs neighboring monitoring stations to different channels during any period. To be effective, such a strategy requires timely access to the nature of all recent traffic. \par We propose a coordinated sampling strategy that meets these goals. Our implemented solution involves a central controller considering traffic characteristics from many monitoring stations to periodically develop specific sampling policies for each station. We demonstrate the effectiveness of our coordinated sampling strategy by comparing it with existing independent strategies. Our coordinated strategy enabled more distinct frames to be captured, providing a solid foundation for focused sampling and intrusion detection.}, } @Article{kim:jclassify, author = {Minkyong Kim and David Kotz}, title = {{Periodic properties of user mobility and access-point popularity}}, journal = {Journal of Personal and Ubiquitous Computing}, year = 2007, month = {August}, volume = 11, number = 6, pages = {465--479}, publisher = {Springer-Verlag}, copyright = {Springer London}, DOI = {10.1007/s00779-006-0093-4}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-jclassify/index.html}, note = {Invited paper; special issue of papers from LoCA 2005}, abstract = {Understanding user mobility and its effect on access points (APs) is important in designing location-aware systems and wireless networks. Although various studies of wireless networks have provided useful insights, it is hard to apply them to other situations. Here we present a general methodology for extracting mobility information from wireless network traces, and for classifying mobile users and APs. We used the Fourier transform to reveal important periods and chose the two strongest periods to serve as parameters to a classification system based on Bayes' theory. Analysis of 1-month traces shows that while a daily pattern is common among both users and APs, a weekly pattern is common only for APs. Analysis of 1-year traces revealed that both user mobility and AP popularity depend on the academic calendar. By plotting the classes of APs on our campus map, we discovered that their periodic behavior depends on their proximity to other APs.}, } @TechReport{nanda:combined-tr, author = {Soumendra Nanda and Zhenhui Jiang and David Kotz}, title = {{A Combined Routing Method for Ad hoc Wireless Networks}}, institution = {Dartmouth Computer Science}, year = 2007, month = {June}, number = {TR2007-588}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/nanda-combined-tr/index.html}, abstract = {To make ad hoc wireless networks adaptive to different mobility and traffic patterns, this paper proposes an approach to swap from one protocol to another protocol dynamically, while routing continues. By the insertion of a thin new layer, we were able to make each node in the ad hoc wireless network notify each other about the protocol swap. To ensure that routing works efficiently after the protocol swap, we initialized the destination routing protocol's data structures and reused the previous routing information to build the new routing table. We also tested our approach under different network topologies and traffic patterns in static networks to learn whether the swap was fast and whether the swap incurred too much overhead. We found that the swap latency was related to the nature of the destination protocol and the topology of the network. We also found that the control packet ratio after swap was close to that of the protocol running without swap, which indicates that our method does not incur too much overhead for the swap.}, } @Article{newport:axioms, author = {Calvin Newport and David Kotz and Yougu Yuan and Robert S. Gray and Jason Liu and Chip Elliott}, title = {{Experimental Evaluation of Wireless Simulation Assumptions}}, journal = {SIMULATION: Transactions of The Society for Modeling and Simulation International}, year = 2007, month = {September}, volume = 83, number = 9, pages = {643--661}, publisher = {SAGE Publications}, copyright = {Simulation Councils}, DOI = {10.1177/0037549707085632}, URL = {https://www.cs.dartmouth.edu/~kotz/research/newport-axioms/index.html}, abstract = {All analytical and simulation research on ad hoc wireless networks must necessarily model radio propagation using simplifying assumptions. A growing body of research, however, indicates that the behavior of the protocol stack may depend significantly on these underlying assumptions. The standard response to this problem is a call for more realism in designing radio models. But how much realism is enough? This study is the first to approach this question by validating simulator performance (both at the physical and application layers) with the results of real-world data. Referencing an extensive set of measurements from a large outdoor routing experiment, we start by evaluating the relative realism of common assumptions made in radio model design, identifying those which provide a reasonable approximation of reality. Although several such investigations have been made for static sensor networks, radio behavior in mobile network deployments is a much less-studied topic. We then reproduce our experimental setup in our simulator, and generate the same application-layer metrics under progressively smaller sets of these assumptions. By comparing the simulated outcome to the outcome of our experiment, we are able to discern at what point our balance of simplification and realism captures the real behavior of our target environment.}, } @InProceedings{song:dtn, author = {Libo Song and David Kotz}, title = {{Evaluating Opportunistic Routing Protocols with Large Realistic Contact Traces}}, booktitle = {{Proceedings of the ACM MobiCom workshop on Challenged Networks (CHANTS 2007)}}, year = 2007, month = {September}, pages = {35--42}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1287791.1287799}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-dtn/index.html}, abstract = {Traditional mobile ad hoc network (MANET) routing protocols assume that contemporaneous end-to-end communication paths exist between data senders and receivers. In some mobile ad hoc networks with a sparse node population, an end-to-end communication path may break frequently or may not exist at any time. Many routing protocols have been proposed in the literature to address the problem, but few were evaluated in a realistic ``opportunistic'' network setting. We use simulation and contact traces (derived from logs in a production network) to evaluate and compare five existing protocols: direct-delivery, epidemic, random, PRoPHET, and Link-State, as well as our own proposed routing protocol. We show that the direct delivery and epidemic routing protocols suffer either low delivery ratio or high resource usage, and other protocols make tradeoffs between delivery ratio and resource usage.}, } @Article{yeo:crawdad-mc2r, author = {Jihwang Yeo and Tristan Henderson and David Kotz}, title = {{Workshop report --- CRAWDAD Workshop 2006}}, journal = {ACM SIGMOBILE Mobile Computing and Communication Review}, year = 2007, month = {January}, volume = 11, number = 1, pages = {67--69}, publisher = {ACM}, copyright = {ACM}, URL = {https://www.cs.dartmouth.edu/~kotz/research/yeo-crawdad-mc2r/index.html}, abstract = {Wireless network researchers are seriously starved for data about how real users, applications, and devices use real networks under real network conditions. CRAWDAD, the Community Resource for Archiving Wireless Data at Dartmouth, is an NSF-funded project that is building a wireless network data archive for the research community. We host wireless data, and provide tools and documents to make it easy to collect and use wireless network data. We hope that this resource will help researchers to identify and evaluate real and interesting problems in mobile and pervasive computing. This report outlines the CRAWDAD project and summarizes the second CRAWDAD workshop, held at MobiCom 2006.}, } @InProceedings{deshpande:sampling, author = {Udayan Deshpande and Tristan Henderson and David Kotz}, title = {{Channel Sampling Strategies for Monitoring Wireless Networks}}, booktitle = {{Proceedings of the International Workshop on Wireless Network Measurement (WiNMee)}}, year = 2006, month = {April}, numpages = 7, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/WIOPT.2006.1666486}, URL = {https://www.cs.dartmouth.edu/~kotz/research/deshpande-sampling/index.html}, abstract = {Monitoring the activity on an IEEE 802.11 network is useful for many applications, such as network management, optimizing deployment, or detecting network attacks. Deploying wireless sniffers to monitor every access point in an enterprise network, however, may be expensive or impractical. Moreover, some applications may require the deployment of multiple sniffers to monitor the numerous channels in an 802.11 network. In this paper, we explore sampling strategies for monitoring multiple channels in 802.11b/g networks. We describe a simple sampling strategy, where each channel is observed for an equal, predetermined length of time, and consider applications where such a strategy might be appropriate. We then introduce a sampling strategy that weights the time spent on each channel according to the number of frames observed on that channel, and compare the two strategies under experimental conditions.}, } @InCollection{henderson:measuring, author = {Tristan Henderson and David Kotz}, title = {{Measuring Wireless LANs}}, booktitle = {{Mobile, Wireless and Sensor Networks: Technology, Applications and Future Directions}}, editor = {Rajeev Shorey and Akkihebbal L. Ananda and Mun Choon Chan and Wei Tsang Ooi}, year = 2006, chapter = 1, pages = {5--27}, publisher = {John Wiley \& Sons}, copyright = {John Wiley \& Sons}, ISBN13 = 9780471755593, address = {New York, NY}, DOI = {10.1002/0471755591.ch1}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-measuring/index.html}, abstract = {Wireless local area networks have become increasingly popular in recent years, and are now commonplace in many venues, including academic and corporate campuses, residences, and ``hotspots'' in public areas. It is important to understand how these wireless LANs are used, both for deploying networks, and for the development of future wireless networking protocols and applications. \par In this chapter we discuss the measurement and analysis of the popular 802.11 family of wireless LANs. We describe the tools, metrics and techniques that are used to measure wireless LANs. The results of existing measurement studies are surveyed. We illustrate some of the problems that are specific to measuring wireless LANs, and outline some challenges for collecting future wireless traces.}, } @InProceedings{kim:mobility, author = {Minkyong Kim and David Kotz and Songkuk Kim}, title = {{Extracting a mobility model from real user traces}}, booktitle = {{Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM)}}, year = 2006, month = {April}, pages = {1--12}, publisher = {IEEE}, copyright = {IEEE}, address = {Barcelona, Spain}, DOI = {10.1109/INFOCOM.2006.173}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-mobility/index.html}, abstract = {Understanding user mobility is critical for simulations of mobile devices in a wireless network, but current mobility models often do not reflect real user movements. In this paper, we provide a foundation for such work by exploring mobility characteristics in traces of mobile users. We present a method to estimate the physical location of users from a large trace of mobile devices associating with access points in a wireless network. Using this method, we extracted tracks of always-on Wi-Fi devices from a 13-month trace. We discovered that the speed and pause time each follow a log-normal distribution and that the direction of movements closely reflects the direction of roads and walkways. Based on the extracted mobility characteristics, we developed a mobility model, focusing on movements among popular regions. Our validation shows that synthetic tracks match real tracks with a median relative error of 17\%.}, } @InProceedings{kim:wardriving, author = {Minkyong Kim and Jeffrey J. Fielding and David Kotz}, title = {{Risks of using AP locations discovered through war driving}}, booktitle = {{Proceedings of the International Conference on Pervasive Computing (Pervasive)}}, series = {Lecture Notes in Computer Science}, year = 2006, month = {May}, volume = 3968, pages = {67--82}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, address = {Dublin, Ireland}, DOI = {10.1007/11748625_5}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-wardriving/index.html}, abstract = {Many pervasive-computing applications depend on knowledge of user location. Because most current location-sensing techniques work only either indoors or outdoors, researchers have started using 802.11 beacon frames from access points (APs) to provide broader coverage. To use 802.11 beacons, they need to know AP locations. Because the actual locations are often unavailable, they use estimated locations from \emph{war driving}. But these estimated locations may be different from actual locations. In this paper, we analyzed the errors in these estimates and the effect of these errors on other applications that depend on them. We found that the estimated AP locations have a median error of 32 meters. We considered the error in tracking user positions both indoors and outdoors. Using actual AP locations, we could improve the accuracy as much as 70\% for indoors and 59\% for outdoors. We also analyzed the effect of using estimated AP locations in computing AP coverage range and estimating interference among APs. The coverage range appeared to be shorter and the interference appeared to be more severe than in reality.}, } @Article{song:jpredict, author = {Libo Song and David Kotz and Ravi Jain and Xiaoning He}, title = {{Evaluating next cell predictors with extensive Wi-Fi mobility data}}, journal = {IEEE Transactions on Mobile Computing}, year = 2006, month = {December}, volume = 5, number = 12, pages = {1633--1649}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/TMC.2006.185}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-jpredict/index.html}, abstract = {Location is an important feature for many applications, and wireless networks can better serve their clients by anticipating client mobility. As a result, many location predictors have been proposed in the literature, though few have been evaluated with empirical evidence. This paper reports on the results of the first extensive empirical evaluation of location predictors, using a two-year trace of the mobility patterns of over 6,000 users on Dartmouth's campus-wide Wi-Fi wireless network. The surprising results provide critical evidence for anyone designing or using mobility predictors. \par We implemented and compared the prediction accuracy of several location predictors drawn from four major families of domain-independent predictors, namely Markov-based, compression-based, PPM, and SPM predictors. We found that low-order Markov predictors performed as well or better than the more complex and more space-consuming compression-based predictors.}, } @Article{song:reserv-poster, author = {Libo Song and Udayan Deshpande and Ula{\c{s}} C. Kozat and David Kotz and Ravi Jain}, title = {{MobiCom Poster Abstract: Bandwidth Reservation using WLAN Handoff Prediction}}, journal = {ACM SIGMOBILE Mobile Computing and Communication Review}, year = 2006, month = {October}, volume = 10, number = 4, pages = {22--23}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1215976.1215987}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-reserv-poster/index.html}, note = {Poster presented at Mobicom 2005}, abstract = {Many network services may be improved or enabled by successful predictions of users' future mobility. The success of predictions depend on how much accuracy can be achieved on real data and on the sensitivity of particular applications to this achievable accuracy. We investigate these issues for the case of advanced bandwidth reservation using real WLAN traces collected on the Dartmouth College campus.}, } @InProceedings{song:reserv, author = {Libo Song and Udayan Deshpande and Ula{\c{s}} C. Kozat and David Kotz and Ravi Jain}, title = {{Predictability of WLAN Mobility and its Effects on Bandwidth Provisioning}}, booktitle = {{Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM)}}, year = 2006, month = {April}, pages = {1--13}, publisher = {IEEE}, copyright = {IEEE}, address = {Barcelona, Spain}, DOI = {10.1109/INFOCOM.2006.171}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-reserv/index.html}, abstract = {Wireless local area networks (WLANs) are emerging as a popular technology for access to the Internet and enterprise networks. In the long term, the success of WLANs depends on services that support mobile network clients. \par Although other researchers have explored mobility prediction in hypothetical scenarios, evaluating their predictors analytically or with synthetic data, few studies have been able to evaluate their predictors with real user mobility data. As a first step towards filling this fundamental gap, we work with a large data set collected from the Dartmouth College campus-wide wireless network that hosts more than 500 access points and 6,000 users. Extending our earlier work that focuses on predicting the next-visited access point (i.e., location), in this work we explore the predictability of the time of user mobility. Indeed, our contributions are two-fold. First, we evaluate a series of predictors that reflect possible dependencies across time and space while benefiting from either individual or group mobility behaviors. Second, as a case study we examine voice applications and the use of handoff prediction for advance bandwidth reservation. Using application-specific performance metrics such as call drop and call block rates, we provide a picture of the potential gains of prediction. \par Our results indicate that it is difficult to predict handoff time accurately, when applied to real campus WLAN data. However, the findings of our case study also suggest that application performance can be improved significantly even with predictors that are only moderately accurate. The gains depend on the applications' ability to use predictions and tolerate inaccurate predictions. In the case study, we combine the real mobility data with synthesized traffic data. The results show that intelligent prediction can lead to significant reductions in the rate at which active calls are dropped due to handoffs with marginal increments in the rate at which new calls are blocked.}, } @Article{yeo:crawdad-ccr, author = {Jihwang Yeo and David Kotz and Tristan Henderson}, title = {{CRAWDAD: A Community Resource for Archiving Wireless Data at Dartmouth}}, journal = {ACM SIGCOMM Computer Communication Review}, year = 2006, month = {April}, volume = 36, number = 2, pages = {21--22}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1129582.1129588}, URL = {https://www.cs.dartmouth.edu/~kotz/research/yeo-crawdad-ccr/index.html}, note = {Project overview}, abstract = {Wireless network researchers are seriously starved for data about how real users, applications, and devices use real networks under real network conditions. CRAWDAD, a Community Resource for Archiving Wireless Data at Dartmouth, is a new NSF-funded project to build a wireless network data archive for the research community. We host wireless data, and provide tools and documents to make it easy to collect and use wireless network data. We hope that this resource will help researchers identify and evaluate real and interesting problems in mobile and pervasive computing. This report outlines the CRAWDAD project, the kick-off workshop that was held at MobiCom 2005, and the latest news.}, } @InProceedings{blinn:hotspot, author = {David P. Blinn and Tristan Henderson and David Kotz}, title = {{Analysis of a Wi-Fi Hotspot Network}}, booktitle = {{Proceedings of the International Workshop on Wireless Traffic Measurements and Modeling (WiTMeMo)}}, year = 2005, month = {June}, pages = {1--6}, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/blinn-hotspot/index.html}, abstract = {Wireless hotspot networks have become increasingly popular in recent years as a means of providing Internet access in public areas such as restaurants and airports. In this paper we present the first study of such a hotspot network. We examine five weeks of SNMP traces from the Verizon Wi-Fi HotSpot network in Manhattan. We find that far more cards associated to the network than logged into it. Most clients used the network infrequently and visited few APs. AP utilization was uneven and the network displayed some unusual patterns in traffic load. Some characteristics were similar to those previously observed in studies of campus WLANs.}, } @TechReport{chen:social-tr, author = {Guanling Chen and David Kotz}, title = {{Structural Analysis of Social Networks with Wireless Users}}, institution = {Dartmouth Computer Science}, year = 2005, month = {July}, number = {TR2005-549}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-social-tr/index.html}, abstract = {Online interactions between computer users form Internet-based social networks. In this paper we present a structural analysis of two such networks with wireless users. In one network the wireless users participate in a global file-sharing system, and in the other they interact with each other through a local music-streaming application.}, } @InProceedings{henderson:esm, author = {Tristan Henderson and Denise Anthony and David Kotz}, title = {{Measuring wireless network usage with the experience sampling method}}, booktitle = {{Proceedings of the Workshop on Wireless Network Measurements (WiNMee)}}, year = 2005, month = {April}, numpages = 6, publisher = {International Communications Sciences and Technology Association (ICST)}, copyright = {International Communications Sciences and Technology Association (ICST)}, ISBN = {0-9767294-0-7}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-esm/index.html}, abstract = {Measuring wireless local area networks has proven useful for characterizing, modeling and provisioning these networks. These measurements are typically taken passively from a vantage point on the network itself. Client devices, or users, are never actively queried. These measurements can indicate \emph{what} is happening on the network, but it can be difficult to infer \emph{why} a particular behavior is occurring. In this paper we use the Experience Sampling Method (ESM) to study wireless network users. We monitored 29 users remotely for one week, and signaled them to fill out a questionnaire whenever interesting wireless behavior was observed. We find ESM to be a useful method for collecting data about wireless network usage that cannot be provided by network monitoring, and we present a list of recommendations for network researchers who wish to conduct an ESM study.}, } @TechReport{kim:classify-tr, author = {Minkyong Kim and David Kotz}, title = {{Classifying the Mobility of Users and the Popularity of Access Points}}, institution = {Dartmouth Computer Science}, year = 2005, month = {May}, number = {TR2005-540}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-classify-tr/index.html}, abstract = {There is increasing interest in location-aware systems and applications. It is important for any designer of such systems and applications to understand the nature of user and device mobility. Furthermore, an understanding of the effect of user mobility on access points (APs) is also important for designing, deploying, and managing wireless networks. Although various studies of wireless networks have provided insights into different network environments and user groups, it is often hard to apply these findings to other situations, or to derive useful abstract models. \par In this paper, we present a general methodology for extracting mobility information from wireless network traces, and for classifying mobile users and APs. We used the Fourier transform to convert time-dependent location information to the frequency domain, then chose the two strongest periods and used them as parameters to a classification system based on Bayesian theory. To classify mobile users, we computed diameter (the maximum distance between any two APs visited by a user during a fixed time period) and observed how this quantity changes or repeats over time. We found that user mobility had a strong period of one day, but there was also a large group of users that had either a much smaller or much bigger primary period. Both primary and secondary periods had important roles in determining classes of mobile users. Users with one day as their primary period and a smaller secondary period were most prevalent; we expect that they were mostly students taking regular classes. To classify APs, we counted the number of users visited each AP. The primary period did not play a critical role because it was equal to one day for most of the APs; the secondary period was the determining parameter. APs with one day as their primary period and one week as their secondary period were most prevalent. By plotting the classes of APs on our campus map, we discovered that this periodic behavior of APs seemed to be independent of their geographical locations, but may depend on the relative locations of nearby APs. Ultimately, we hope that our study can help the design of location-aware services by providing a base for user mobility models that reflect the movements of real users.}, } @InProceedings{kim:classify, author = {Minkyong Kim and David Kotz}, title = {{Classifying the Mobility of Users and the Popularity of Access Points}}, booktitle = {{Proceedings of the International Workshop on Location- and Context-Awareness (LoCA)}}, editor = {Thomas Strang and Claudia Linnhoff-Popien}, series = {Lecture Notes in Computer Science}, year = 2005, month = {May}, volume = 3479, pages = {198--209}, publisher = {Springer-Verlag}, copyright = {Springer-Verlag}, address = {Germany}, DOI = {10.1007/11426646_19}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-classify/index.html}, abstract = {There is increasing interest in location-aware systems and applications. It is important for any designer of such systems and applications to understand the nature of user and device mobility. Furthermore, an understanding of the effect of user mobility on access points (APs) is also important for designing, deploying, and managing wireless networks. Although various studies of wireless networks have provided insights into different network environments and user groups, it is often hard to apply these findings to other situations, or to derive useful abstract models. \par In this paper, we present a general methodology for extracting mobility information from wireless network traces, and for classifying mobile users and APs. We used the Fourier transform to convert time-dependent location information to the frequency domain, then chose the two strongest periods and used them as parameters to a classification system based on Bayesian theory. To classify mobile users, we computed diameter (the maximum distance between any two APs visited by a user during a fixed time period) and observed how this quantity changes or repeats over time. We found that user mobility had a strong period of one day, but there was also a large group of users that had either a much smaller or much bigger primary period. Both primary and secondary periods had important roles in determining classes of mobile users. Users with one day as their primary period and a smaller secondary period were most prevalent; we expect that they were mostly students taking regular classes. To classify APs, we counted the number of users visited each AP. The primary period did not play a critical role because it was equal to one day for most of the APs; the secondary period was the determining parameter. APs with one day as their primary period and one week as their secondary period were most prevalent. By plotting the classes of APs on our campus map, we discovered that this periodic behavior of APs seemed to be independent of their geographical locations, but may depend on the relative locations of nearby APs. Ultimately, we hope that our study can help the design of location-aware services by providing a base for user mobility models that reflect the movements of real users.}, } @InProceedings{kim:hotspots, author = {Minkyong Kim and David Kotz}, title = {{Modeling users' mobility among WiFi access points}}, booktitle = {{Proceedings of the International Workshop on Wireless Traffic Measurements and Modeling (WiTMeMo)}}, year = 2005, month = {June}, pages = {19--24}, publisher = {USENIX Association}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kim-hotspots/index.html}, abstract = {Modeling movements of users is important for simulating wireless networks, but current models often do not reflect real movements. Using real mobility traces, we can build a mobility model that reflects reality. In building a mobility model, it is important to note that while the number of handheld wireless devices is constantly increasing, laptops are still the majority in most cases. As a laptop is often disconnected from the network while a user is moving, it is not feasible to extract the exact path of the user from network messages. Thus, instead of modeling individual user's movements, we model movements in terms of the influx and outflux of users between access points (APs). We first counted the hourly visits to APs in the syslog messages recorded at APs. We found that the hourly number of visits has a periodic repetition of 24 hours. Based on this observation, we aggregated the visits of multiple days into a single day. We then clustered APs based on the different peak hour of visits. We found that this approach of clustering is effective; we ended up with four distinct clusters and a cluster of stable APs. We then computed the average arrival rate and the distribution of the daily arrivals for each cluster. Using a standard method (such as \emph{thinning}) for generating non-homogeneous Poisson processes, synthetic traces can be generated from our model.}, } @Article{kotz:crawdad-workshop05, author = {David Kotz and Tristan Henderson}, title = {{CRAWDAD: A Community Resource for Archiving Wireless Data at Dartmouth}}, journal = {IEEE Pervasive Computing}, year = 2005, month = {October}, volume = 4, number = 4, pages = {12--14}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/MPRV.2005.75}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-crawdad-workshop05/index.html}, abstract = {Wireless network researchers are seriously starved for data about how real users, applications, and devices use real networks under real network conditions. CRAWDAD (Community Resource for Archiving Wireless Data at Dartmouth) is a new National Science Foundation-funded project to build a wireless-network data archive for the research community. It will host wireless data and provide tools and documents to make collecting and using the data easy. This resource should help researchers identify and evaluate real and interesting problems in mobile and pervasive computing. To learn more about CRAWDAD and discuss its direction, about 30 interested people gathered at a workshop held in conjunction with MobiCom 2005.}, } @Article{kotz:jcampus, author = {David Kotz and Kobby Essien}, title = {{Analysis of a Campus-wide Wireless Network}}, journal = {Wireless Networks}, year = 2005, month = {January}, volume = 11, number = {1--2}, pages = {115--133}, publisher = {Springer}, copyright = {Springer Science and Business Media}, DOI = {10.1007/s11276-004-4750-0}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-jcampus/index.html}, abstract = {Understanding usage patterns in wireless local-area networks (WLANs) is critical for those who develop, deploy, and manage WLAN technology, as well as those who develop systems and application software for wireless networks. This paper presents results from the largest and most comprehensive trace of network activity in a large, production wireless LAN. For eleven weeks we traced the activity of nearly two thousand users drawn from a general campus population, using a campus-wide network of 476 access points spread over 161 buildings at Dartmouth College. Our study expands on those done by Tang and Baker, with a significantly larger and broader population. \par We found that residential traffic dominated all other traffic, particularly in residences populated by newer students; students are increasingly choosing a wireless laptop as their primary computer. Although web protocols were the single largest component of traffic volume, network backup and file sharing contributed an unexpectedly large amount to the traffic. Although there was some roaming within a network session, we were surprised by the number of situations in which cards roamed excessively, unable to settle on one access point. Cross-subnet roams were an especial problem, because they broke IP connections, indicating the need for solutions that avoid or accommodate such roams.}, } @Article{liu:jdirex, author = {Jason Liu and Yougu Yuan and David M. Nicol and Robert S. Gray and Calvin C. Newport and David Kotz and Luiz Felipe Perrone}, title = {{Empirical Validation of Wireless Models in Simulations of Ad Hoc Routing Protocols}}, journal = {Simulation: Transactions of The Society for Modeling and Simulation International}, year = 2005, month = {April}, volume = 81, number = 4, pages = {307--323}, publisher = {Sage Publications}, copyright = {Simulation Councils}, DOI = {10.1177/0037549705055017}, URL = {https://www.cs.dartmouth.edu/~kotz/research/liu-jdirex/index.html}, note = {``Best of PADS 2004'' special issue}, abstract = {Computer simulation has been used extensively as an effective tool in the design and evaluation of systems. One should not, however, underestimate the importance of validation--- the process of ensuring whether a simulation model is an appropriate representation of the real-world system. Validation of wireless network simulations is difficult due to strong interdependencies among protocols at different layers and uncertainty in the wireless environment. The authors present an approach of coupling direct-execution simulation and traces from real outdoor experiments to validating simple wireless models that are used commonly in simulations of wireless ad hoc networks. This article documents a common testbed that supports direct execution of a set of ad hoc routing protocol implementations in a wireless network simulator. By comparing routing behavior measured in the real experiment with behavior computed by the simulation, the authors validate the models of radio behavior upon which protocol behavior depends.}, } @Misc{kotz:crawdad-sw, author = {David Kotz and Tristan Henderson and Chris McDonald}, title = {{CRAWDAD archive: a Community Resource for Archiving Wireless Data At Dartmouth}}, howpublished = {Web site}, year = 2005, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-crawdad-sw/index.html}, abstract = {CRAWDAD is the Community Resource for Archiving Wireless Data At Dartmouth, a wireless network data resource for the research community. This archive has the capacity to store wireless trace data from many contributing locations, and staff to develop better tools for collecting, anonymizing, and analyzing the data.}, } @MastersThesis{jiang:msthesis, author = {Zhenhui Jiang}, title = {{A Combined Routing Method for Ad hoc Wireless Networks}}, school = {Dartmouth College Computer Science}, year = 2005, month = {December}, copyright = {Zhenhui Jiang}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/jiang-msthesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2005-566}, abstract = {To make ad hoc wireless networks adaptive to different mobility and traffic patterns, we studied in this thesis an approach to swap from one protocol to another protocol dynamically, while routing continues. By the insertion of a new layer, we were able to make each node in the ad hoc wireless network notify each other about the protocol swap. To ensure that routing works efficiently after the protocol swap, we initialized the destination routing protocol's data structures and reused the previous routing information to build the new routing table. We also tested our approach under different network topologies and traffic patterns in static networks to learn whether the swap is fast and whether the swap incurs too much overload . We found that the swap latency is related to the destination protocol and the topology of the network. We also found that the control packet ratio after swap is close to the protocol running without swap, which means our method does not incur too many control packets for swap.}, } @TechReport{baek:survey-tr, author = {Kwang-Hyun Baek and Sean W. Smith and David Kotz}, title = {{A Survey of WPA and 802.11i RSN Authentication Protocols}}, institution = {Dartmouth Computer Science}, year = 2004, month = {November}, number = {TR2004-524}, copyright = {the authors}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/baek-survey-tr/index.html}, abstract = {In the new standards for WLAN security, many choices exist for the authentication process. In this paper, we list eight desired properties of WLAN authentication protocols, survey eight recent authentication protocols, and analyze the protocols according to the desired properties.}, } @TechReport{chen:traces, author = {Guanling Chen and David Kotz}, title = {{A Case Study of Four Location Traces}}, institution = {Dartmouth Computer Science}, year = 2004, month = {February}, number = {TR2004-490}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/chen-traces/index.html}, abstract = {Location is one of the most important context information that an ubiquitous-computing application may leverage. Thus understanding the location systems and how location-aware applications interact with them is critical for design and deployment of both the location systems and location-aware applications. In this paper, we analyze a set of traces collected from two small-scale one-building location system and two large-scale campus-wide location systems. Our goal is to study characteristics of these location systems ant how these factors should be taken into account by a potentially large number of location-aware applications with different needs. We make empirical measurements of several important metrics and compare the results across these location systems. We discuss the implication of these results on location-aware applications and their supporting software infrastructure, and how location systems could be improved to better serve applications' needs. In places where possible, we use location-aware applications discussed in existing literatures as illustrating examples.}, } @TechReport{gray:compare-tr, author = {Robert S. Gray and David Kotz and Calvin Newport and Nikita Dubrovsky and Aaron Fiske and Jason Liu and Christopher Masone and Susan McGrath and Yougu Yuan}, title = {{Outdoor Experimental Comparison of Four Ad Hoc Routing Algorithms}}, institution = {Dartmouth Computer Science}, year = 2004, month = {June}, number = {TR2004-511}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-compare-tr/index.html}, abstract = {Most comparisons of wireless ad hoc routing algorithms involve simulated or indoor trial runs, or outdoor runs with only a small number of nodes, potentially leading to an incorrect picture of algorithm performance. In this paper, we report on the results of an outdoor trial run of four different routing algorithms, APRL, AODV, GPSR, and STARA, running on top of thirty-three 802.11-enabled laptops moving randomly through an athletic field. The laptops generated random traffic according to the traffic patterns observed in a prototype application, and ran each routing algorithm for a fifteen-minute period over the course of the hour-long trial run. The 33-laptop experiment represents one of the largest outdoor tests of wireless routing algorithms, and three of the algorithms each come from a different algorithmic class, providing insight into the behavior of ad hoc routing algorithms at larger real-world scales than have been considered so far. In addition, we compare the outdoor results with both indoor (``tabletop'') and simulation results for the same algorithms, examining the differences between the indoor results and the outdoor reality. The paper also describes the software infrastructure that allowed us to implement the ad hoc routing algorithms in a comparable way, and use the same codebase for indoor, outdoor, and simulated trial runs.}, } @InProceedings{gray:compare, author = {Robert S. Gray and David Kotz and Calvin Newport and Nikita Dubrovsky and Aaron Fiske and Jason Liu and Christopher Masone and Susan McGrath and Yougu Yuan}, title = {{Outdoor Experimental Comparison of Four Ad Hoc Routing Algorithms}}, booktitle = {{Proceedings of the ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM)}}, year = 2004, month = {October}, pages = {220--229}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1023663.1023703}, URL = {https://www.cs.dartmouth.edu/~kotz/research/gray-compare/index.html}, abstract = {Most comparisons of wireless ad hoc routing algorithms involve simulated or \emph{indoor} trial runs, or outdoor runs with only a small number of nodes, potentially leading to an incorrect picture of algorithm performance. In this paper, we report on an outdoor comparison of four different routing algorithms, APRL, AODV, ODMRP, and STARA, running on top of thirty-three 802.11-enabled laptops moving randomly through an athletic field. This comparison provides insight into the behavior of ad hoc routing algorithms at larger real-world scales than have been considered so far. In addition, we compare the outdoor results with both indoor (``tabletop'') and simulation results for the same algorithms, examining the differences between the indoor results and the outdoor reality. Finally, we describe the software infrastructure that allowed us to implement the ad hoc routing algorithms in a comparable way, and use the \emph{same} codebase for indoor, outdoor, and simulated trial runs.}, } @TechReport{henderson:voice-tr, author = {Tristan Henderson and David Kotz and Ilya Abyzov}, title = {{The Changing Usage of a Mature Campus-wide Wireless Network}}, institution = {Dartmouth Computer Science}, year = 2004, month = {March}, number = {TR2004-496}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-voice-tr/index.html}, abstract = {Wireless Local Area Networks (WLANs) are now common on academic and corporate campuses. As ``Wi-Fi'' technology becomes ubiquitous, it is increasingly important to understand trends in the usage of these networks. This paper analyzes an extensive network trace from a mature 802.11 WLAN, including more than 550 access points and 7000 users over seventeen weeks. We employ several measurement techniques, including syslogs, telephone records, SNMP polling and tcpdump packet sniffing. This is the largest WLAN study to date, and the first to look at a large, mature WLAN and consider geographic mobility. We compare this trace to a trace taken after the network's initial deployment two years ago. \par We found that the applications used on the WLAN changed dramatically. Initial WLAN usage was dominated by Web traffic; our new trace shows significant increases in peer-to-peer, streaming multimedia, and voice over IP (VoIP) traffic. On-campus traffic now exceeds off-campus traffic, a reversal of the situation at the WLAN's initial deployment. Our study indicates that VoIP has been used little on the wireless network thus far, and most VoIP calls are made on the wired network. Most calls last less than a minute. \par We saw more heterogeneity in the types of clients used, with more embedded wireless devices such as PDAs and mobile VoIP clients. We define a new metric for mobility, the ``session diameter.'' We use this metric to show that embedded devices have different mobility characteristics than laptops, and travel further and roam to more access points. Overall, users were surprisingly non-mobile, with half remaining close to home about 98\% of the time.}, } @InProceedings{henderson:voice, author = {Tristan Henderson and David Kotz and Ilya Abyzov}, title = {{The Changing Usage of a Mature Campus-wide Wireless Network}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom)}}, year = 2004, month = {September}, pages = {187--201}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1023720.1023739}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-voice/index.html}, abstract = {Wireless Local Area Networks (WLANs) are now commonplace on many academic and corporate campuses. As ``Wi-Fi'' technology becomes ubiquitous, it is increasingly important to understand trends in the usage of these networks. \par This paper analyzes an extensive network trace from a mature 802.11 WLAN, including more than 550 access points and 7000 users over seventeen weeks. We employ several measurement techniques, including syslogs, telephone records, SNMP polling and tcpdump packet sniffing. This is the largest WLAN study to date, and the first to look at a large, mature WLAN and consider geographic mobility. We compare this trace to a trace taken after the network's initial deployment two years ago. \par We found that the applications used on the WLAN changed dramatically. Initial WLAN usage was dominated by Web traffic; our new trace shows significant increases in peer-to-peer, streaming multimedia, and voice over IP (VoIP) traffic. On-campus traffic now exceeds off-campus traffic, a reversal of the situation at the WLAN's initial deployment. Our study indicates that VoIP has been used little on the wireless network thus far, and most VoIP calls are made on the wired network. Most calls last less than a minute. \par We saw greater heterogeneity in the types of clients used, with more embedded wireless devices such as PDAs and mobile VoIP clients. We define a new metric for mobility, the ``session diameter.'' We use this metric to show that embedded devices have different mobility characteristics than laptops, and travel further and roam to more access points. Overall, users were surprisingly non-mobile, with half remaining close to home about 98\% of the time.}, } @TechReport{kotz:axioms-tr2, author = {David Kotz and Calvin Newport and Robert S. Gray and Jason Liu and Yougu Yuan and Chip Elliott}, title = {{Experimental evaluation of wireless simulation assumptions}}, institution = {Dartmouth Computer Science}, year = 2004, month = {June}, number = {TR2004-507}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-axioms-tr2/index.html}, abstract = {All analytical and simulation research on ad hoc wireless networks must necessarily model radio propagation using simplifying assumptions. Although it is tempting to assume that all radios have circular range, have perfect coverage in that range, and travel on a two-dimensional plane, most researchers are increasingly aware of the need to represent more realistic features, including hills, obstacles, link asymmetries, and unpredictable fading. Although many have noted the complexity of real radio propagation, and some have quantified the effect of overly simple assumptions on the simulation of ad hoc network protocols, we provide a comprehensive review of six assumptions that are still part of many ad hoc network simulation studies. In particular, we use an extensive set of measurements from a large outdoor routing experiment to demonstrate the weakness of these assumptions, and show how these assumptions cause simulation results to differ significantly from experimental results. We close with a series of recommendations for researchers, whether they develop protocols, analytic models, or simulators for ad hoc wireless networks.}, } @InProceedings{kotz:axioms, author = {David Kotz and Calvin Newport and Robert S. Gray and Jason Liu and Yougu Yuan and Chip Elliott}, title = {{Experimental Evaluation of Wireless Simulation Assumptions}}, booktitle = {{Proceedings of the ACM/IEEE International Symposium on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM)}}, year = 2004, month = {October}, pages = {78--82}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/1023663.1023679}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-axioms/index.html}, abstract = {All analytical and simulation research on ad hoc wireless networks must necessarily model radio propagation using simplifying assumptions. We provide a comprehensive review of six assumptions that are still part of many ad hoc network simulation studies, despite increasing awareness of the need to represent more realistic features, including hills, obstacles, link asymmetries, and unpredictable fading. We use an extensive set of measurements from a large outdoor routing experiment to demonstrate the weakness of these assumptions, and show how these assumptions cause simulation results to differ significantly from experimental results. We close with a series of recommendations for researchers, whether they develop protocols, analytic models, or simulators for ad hoc wireless networks.}, } @InProceedings{liu:direx, author = {Jason Liu and Yougu Yuan and David M. Nicol and Robert S. Gray and Calvin C. Newport and David Kotz and Luiz Felipe Perrone}, title = {{Simulation Validation Using Direct Execution of Wireless Ad-Hoc Routing Protocols}}, booktitle = {{Proceedings of the Workshop on Parallel and Distributed Simulation (PADS)}}, year = 2004, month = {May}, pages = {7--16}, publisher = {ACM}, copyright = {IEEE}, DOI = {10.1109/PADS.2004.1301280}, URL = {https://www.cs.dartmouth.edu/~kotz/research/liu-direx/index.html}, abstract = {Computer simulation is the most common approach to studying wireless ad-hoc routing algorithms. The results, however, are only as good as the models the simulation uses. One should not underestimate the importance of \emph{validation}, as inaccurate models can lead to wrong conclusions. In this paper, we use direct-execution simulation to validate radio models used by ad-hoc routing protocols, against real-world experiments. This paper documents a common testbed that supports direct execution of a set of ad-hoc routing protocol implementations in a wireless network simulator. The testbed reads traces generated from real experiments, and uses them to drive direct-execution implementations of the routing protocols. Doing so we reproduce the same network conditions as in real experiments. By comparing routing behavior \emph{measured} in real experiments with behavior \emph{computed} by the simulation, we are able to validate the models of radio behavior upon which protocol behavior depends. We conclude that it is \emph{possible} to have fairly accurate results using a simple radio model, but the routing behavior is quite sensitive to one of this model's parameters. The implication is that one should i) use a more complex radio model that explicitly models point-to-point path loss, or ii) use measurements from an environment typical of the one of interest, or iii) study behavior over a range of environments to identify sensitivities.}, } @TechReport{song:predict-tr, author = {Libo Song and David Kotz and Ravi Jain and Xiaoning He}, title = {{Evaluating location predictors with extensive Wi-Fi mobility data}}, institution = {Dartmouth Computer Science}, year = 2004, month = {February}, number = {TR2004-491}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-predict-tr/index.html}, abstract = {Location is an important feature for many applications, and wireless networks may serve their clients better by anticipating client mobility. As a result, many location predictors have been proposed in the literature, though few have been evaluated with empirical evidence. This paper reports on the results of the first extensive empirical evaluation of location predictors using a two-year trace of the mobility patterns of more than 6,000 users on Dartmouth's campus-wide Wi-Fi wireless network. The surprising results provide critical evidence for anyone designing or using mobility predictors. We implemented and compared the prediction accuracy of several location predictors drawn from four major families of domain-independent predictors, namely, Markov-based, compression-based, PPM, and SPM predictors. We found that low-order Markov predictors performed as well or better than the more complex and more space-consuming compression-based predictors.}, } @InProceedings{song:predict, author = {Libo Song and David Kotz and Ravi Jain and Xiaoning He}, title = {{Evaluating location predictors with extensive Wi-Fi mobility data}}, booktitle = {{Proceedings of the Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM)}}, year = 2004, month = {March}, volume = 2, pages = {1414--1424}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/INFCOM.2004.1357026}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-predict/index.html}, abstract = {Location is an important feature for many applications, and wireless networks can better serve their clients by anticipating client mobility. As a result, many location predictors have been proposed in the literature, though few have been evaluated with empirical evidence. This paper reports on the results of the first extensive empirical evaluation of location predictors, using a two-year trace of the mobility patterns of over 6,000 users on Dartmouth's campus-wide Wi-Fi wireless network. \par We implemented and compared the prediction accuracy of several location predictors drawn from two major families of domain-independent predictors, namely Markov-based and compression-based predictors. We found that low-order Markov predictors performed as well or better than the more complex and more space-consuming compression-based predictors. Predictors of both families fail to make a prediction when the recent context has not been previously seen. To overcome this drawback, we added a simple fallback feature to each predictor and found that it significantly enhanced its accuracy in exchange for modest effort. Thus the Order-2 Markov predictor with fallback was the best predictor we studied, obtaining a median accuracy of about 72\% for users with long trace lengths. We also investigated a simplification of the Markov predictors, where the prediction is based not on the most frequently seen context in the past, but the most recent, resulting in significant space and computational savings. We found that Markov predictors with this recency semantics can rival the accuracy of standard Markov predictors in some cases. Finally, we considered several seemingly obvious enhancements, such as smarter tie-breaking and aging of context information, and discovered that they had little effect on accuracy. The paper ends with a discussion and suggestions for further work.}, } @TechReport{newport:thesis, author = {Calvin Newport}, title = {{Simulating mobile ad hoc networks: a quantitative evaluation of common MANET simulation models}}, institution = {Dartmouth Computer Science}, year = 2004, month = {June}, number = {TR2004-504}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/newport-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2004-504}, abstract = {Because it is difficult and costly to conduct real-world mobile ad hoc network experiments, researchers commonly rely on computer simulation to evaluate their routing protocols. However, simulation is far from perfect. A growing number of studies indicate that simulated results can be dramatically affected by several sensitive simulation parameters. It is also commonly noted that most simulation models make simplifying assumptions about radio behavior. This situation casts doubt on the reliability and applicability of many ad hoc network simulation results. \par In this study, we begin with a large outdoor routing experiment testing the performance of four popular ad hoc algorithms (AODV, APRL, ODMRP, and STARA). We present a detailed comparative analysis of these four implementations. Then, using the outdoor results as a baseline of reality, we disprove a set of common assumptions used in simulation design, and quantify the impact of these assumptions on simulated results. We also more specifically validate a group of popular radio models with our real-world data, and explore the sensitivity of various simulation parameters in predicting accurate results. We close with a series of specific recommendations for simulation and ad hoc routing protocol designers.}, } @TechReport{henderson:problems, author = {Tristan Henderson and David Kotz}, title = {{Problems with the Dartmouth wireless SNMP data collection}}, institution = {Dartmouth Computer Science}, year = 2003, month = {December}, number = {TR2003-480}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/henderson-problems/index.html}, abstract = {The original Dartmouth wireless network study used SNMP to query the college's Cisco 802.11b access points. The perl scripts that performed the SNMP queries suffered from some problems, in that they queried inappropriate SNMP values, or misunderstood the meaning of other values. This data was also used in a subsequent analysis. The same scripts were used to collect data for a subsequent study of another wireless network. This document outlines these problems and indicates which of the data collected by the original scripts may be invalid.}, } @TechReport{kotz:axioms-tr, author = {David Kotz and Calvin Newport and Chip Elliott}, title = {{The mistaken axioms of wireless-network research}}, institution = {Dartmouth Computer Science}, year = 2003, month = {July}, number = {TR2003-467}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-axioms-tr/index.html}, abstract = {Most research on ad-hoc wireless networks makes simplifying assumptions about radio propagation. The ``Flat Earth'' model of the world is surprisingly popular: all radios have circular range, have perfect coverage in that range, and travel on a two-dimensional plane. CMU's ns-2 radio models are better but still fail to represent many aspects of realistic radio networks, including hills, obstacles, link asymmetries, and unpredictable fading. We briefly argue that key ``axioms'' of these types of propagation models lead to simulation results that do not adequately reflect real behavior of ad-hoc networks, and hence to network protocols that may not work well (or at all) in reality. We then present a set of 802.11 measurements that clearly demonstrate that these ``axioms'' are contrary to fact. The broad chasm between simulation and reality calls into question many of results from prior papers, and we summarize with a series of recommendations for researchers considering analytic or simulation models of wireless networks.}, } @Article{song:predict-poster, author = {Libo Song and David Kotz and Ravi Jain and Xiaoning He}, title = {{MobiCom Poster: Evaluating location predictors with extensive Wi-Fi mobility data}}, journal = {ACM SIGMOBILE Mobile Computing and Communication Review}, year = 2003, month = {October}, volume = 7, number = 4, pages = {64--65}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/965732.965747}, URL = {https://www.cs.dartmouth.edu/~kotz/research/song-predict-poster/index.html}, } @TechReport{lee:thesis, author = {Clara Lee}, title = {{Persistence and Prevalence in the Mobility of Dartmouth Wireless Network Users}}, institution = {Dartmouth Computer Science}, year = 2003, month = {May}, number = {TR2003-455}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/lee-thesis/index.html}, note = {The data in this paper is highly suspect; see TR2003-480. Available as Dartmouth Computer Science Technical Report TR2003-455}, abstract = {Wireless local-area networks (WLANs) are increasing in popularity. As more people use WLANs it is important to understand how these users behave. We analyzed data collected over three months of 2002 to measure the persistence and prevalence of users of the Dartmouth wireless network. \par We found that most of the users of Dartmouth's network have short association times and a high rate of mobility. This observation fits with the predominantly student population of Dartmouth College, because students do not have a fixed workplace and are moving to and from classes all day.}, } @TechReport{kotz:campus-tr, author = {David Kotz and Kobby Essien}, title = {{Characterizing Usage of a Campus-wide Wireless Network}}, institution = {Dartmouth Computer Science}, year = 2002, month = {March}, number = {TR2002-423}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-campus-tr/index.html}, abstract = {Wireless local-area networks (WLANs) are increasingly common, but little is known about how they are used. A clear understanding of usage patterns in real WLANs is critical information to those who develop, deploy, and manage WLAN technology, as well as those who develop systems and application software for wireless networks. This paper presents results from the largest and most comprehensive trace of network activity in a large, production wireless LAN. For eleven weeks we traced the activity of nearly two thousand users drawn from a general campus population, using a campus-wide network of 476 access points spread over 161 buildings. Our study expands on those done by Tang and Baker, with a significantly larger and broader population. \par We found that residential traffic dominated all other traffic, particularly in residences populated by newer students; students are increasingly choosing a wireless laptop as their primary computer. Although web protocols were the single largest component of traffic volume, network backup and file sharing contributed an unexpectedly large amount to the traffic. Although there was some roaming within a network session, we were surprised by the number of situations in which cards roamed excessively, unable to settle on one access point. Cross-subnet roams were an especial problem, because they broke IP connections, indicating the need for solutions that avoid or accommodate such roams.}, } @TechReport{kotz:campus-tr2, author = {David Kotz and Kobby Essien}, title = {{Analysis of a Campus-wide Wireless Network}}, institution = {Dartmouth Computer Science}, year = 2002, month = {September}, number = {TR2002-432}, copyright = {the authors}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-campus-tr2/index.html}, abstract = {Understanding usage patterns in wireless local-area networks (WLANs) is critical for those who develop, deploy, and manage WLAN technology, as well as those who develop systems and application software for wireless networks. This paper presents results from the largest and most comprehensive trace of network activity in a large, production wireless LAN. For eleven weeks we traced the activity of nearly two thousand users drawn from a general campus population, using a campus-wide network of 476 access points spread over 161 buildings. Our study expands on those done by Tang and Baker, with a significantly larger and broader population. \par We found that residential traffic dominated all other traffic, particularly in residences populated by newer students; students are increasingly choosing a wireless laptop as their primary computer. Although web protocols were the single largest component of traffic volume, network backup and file sharing contributed an unexpectedly large amount to the traffic. Although there was some roaming within a network session, we were surprised by the number of situations in which cards roamed excessively, unable to settle on one access point. Cross-subnet roams were an especial problem, because they broke IP connections, indicating the need for solutions that avoid or accommodate such roams.}, } @InProceedings{kotz:campus, author = {David Kotz and Kobby Essien}, title = {{Analysis of a Campus-wide Wireless Network}}, booktitle = {{Proceedings of the ACM International Conference on Mobile Computing and Networking (MobiCom)}}, year = 2002, month = {September}, pages = {107--118}, publisher = {ACM}, copyright = {ACM}, DOI = {10.1145/570645.570659}, URL = {https://www.cs.dartmouth.edu/~kotz/research/kotz-campus/index.html}, note = {Revised and corrected as Dartmouth CS Technical Report TR2002-432. Winner of ACM SIGMOBILE Test-of-Time award, 2017}, abstract = {Understanding usage patterns in wireless local-area networks (WLANs) is critical for those who develop, deploy, and manage WLAN technology, as well as those who develop systems and application software for wireless networks. This paper presents results from the largest and most comprehensive trace of network activity in a large, production wireless LAN. For eleven weeks we traced the activity of nearly two thousand users drawn from a general campus population, using a campus-wide network of 476 access points spread over 161 buildings. Our study expands on those done by Tang and Baker, with a significantly larger and broader population. \par We found that residential traffic dominated all other traffic, particularly in residences populated by newer students; students are increasingly choosing a wireless laptop as their primary computer. Although web protocols were the single largest component of traffic volume, network backup and file sharing contributed an unexpectedly large amount to the traffic. Although there was some roaming within a network session, we were surprised by the number of situations in which cards roamed excessively, unable to settle on one access point. Cross-subnet roams were an especial problem, because they broke IP connections, indicating the need for solutions that avoid or accommodate such roams.}, } @InProceedings{mills-tettey:mvoip, author = {G. Ayorkor Mills-Tettey and David Kotz}, title = {{Mobile Voice Over IP (MVOIP): An Application-level Protocol for Call Hand-off in Real Time Applications}}, booktitle = {{Proceedings of the IEEE International Phoenix Conference on Computers and Communications (IPCCC)}}, year = 2002, month = {April}, pages = {271--279}, publisher = {IEEE}, copyright = {IEEE}, DOI = {10.1109/IPCCC.2002.995160}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mills-tettey-mvoip/index.html}, abstract = {This paper presents Mobile Voice Over IP, an application-level protocol to support terminal mobility in real-time applications such as voice over IP, on a wireless local area network. We describe our MVOIP implementation based on the ITU-T H.323 protocol stack, present experimental results on call hand-off latency, and discuss various implementation issues, including the task of quickly and accurately determining when call hand-off is necessary. We also discuss how MVOIP relates to other proposed mobility support schemes, and how it can be generalized to provide application-level mobility support in a wide range of real and non real-time applications.}, } @TechReport{mills:tettey-thesis, author = {G. Ayorkor Mills-Tettey}, title = {{Mobile Voice Over IP (MVOIP): An Application-level Protocol}}, institution = {Dartmouth Computer Science}, year = 2001, month = {June}, number = {TR2001-390}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/mills-tettey-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2001-390}, abstract = {Current Voice over Internet Protocol (VOIP) protocols require participating hosts to have fixed IP addresses for the duration of a VOIP call. When using a wireless-enabled host, such as a tablet computer on an 802.11 wireless network, it is possible for a participant in a VOIP call to roam around the network, moving from one subnet to another and needing to change IP addresses. This address change creates the need for mobility support in VOIP applications. \par We present the design of Mobile Voice over IP (MVOIP), an application-level protocol that enables such mobility in a VOIP application based on the ITU H.323 protocol stack. An MVOIP application uses hints from the surrounding network to determine that it has switched subnets. It then initiates a hand-off procedure that comprises pausing its current calls, obtaining a valid IP address for the current subnet, and reconnecting to the remote party with whom it was in a call. Testing the system shows that on a Windows 2000 platform there is a perceivable delay in the hand-off process, most of which is spent in the Windows API for obtaining DHCP addresses. Despite this bottleneck, MVOIP works well on a wireless network.}, } @TechReport{stern:thesis, author = {Pablo Stern}, title = {{Measuring early usage of Dartmouth's wireless network}}, institution = {Dartmouth Computer Science}, year = 2001, month = {June}, number = {TR2001-393}, copyright = {the author}, address = {Hanover, NH}, URL = {https://www.cs.dartmouth.edu/~kotz/research/stern-thesis/index.html}, note = {Available as Dartmouth Computer Science Technical Report TR2001-393}, abstract = {In Spring 2001, Dartmouth College installed a campus-wide 802.11b wireless network. To understand how that network is used, we examined the usage characteristics of the network over a five-week period. We monitored access points to determine user behavior, and user and network traffic characteristics. Because our study coincided with the deployment of the access points, our analysis captures the growth of a wireless network. The results of this study help understand the behavior of mobile users and provide a reference to network engineers wishing to deploy and expand similar wireless networks.}, }