System Concept
Archipelago builds an ad-hoc peer to peer wireless network.
Wireless devices which are not in direct range of each other
communicate via intermediate devices. Thus, users of the
network act as the network infrastructure. In traditional
networks, adding more users burdens the existing
infrastructure with no benefit. In Archipelago, adding more
users results in more infrastructure and increased connectivity.
Archipelago provides secure reliable communication channels
between peers in an unreliable, insecure, and highly dynamic
environment.
session module to tunnel as described in the Internet Bridge
section. Each session module can provide insecure service as
well as secure service by using the key manager module to
setup secure channels. Transport layer modules provide
services such as ordering, reliability, flow control, and
congestion control. The network layer provides routing,
topology maintenance, and best effort delivery of data packets.
The network layer is also responsible for using the encryption
engine module to encrypt/decrypt data flowing over
established secure channels. Data link modules act as low
level hardware abstractions. This allows Archipelago to
support multiple wireless standards simultaneously.
Key Manager
Proxy
Session
Client Library
Session
Stream Transport
Encryption
Engine
Archipelago allows users to transparently tunnel connections
to the Internet through the ad-hoc peer to peer wireless
network. This is accomplished by intercepting the networking
calls made by the user’s applications. Archipelago then
establishes a peer to peer connection to an Archipelago node
that has access to the Internet. This node acts as a proxy and
opens a connection to the intended Internet destination. The
user’s node and intermediate nodes remain mobile. The tunnel
is maintained until the connection is complete as long as any
path exists between the user’s node and the proxy node.
Browser
Email
SSH
Network Interceptor
Archipelago
Node
Archipelago
Node
SOCKS Proxy
Internet
Packet Transport
Network
802.11b
Data Link
Internet Bridge
DNS
Session
802.11a
Data Link
Routing
Ethernet
Data Link
Security Architecture
Many characteristics of wireless networks present security
challenges beyond the normal challenges of wired security. To
begin, wireless networks operate using a broadcast medium.
This allows everyone in range to hear what is being sent.
802.11 cards attempt to mitigate this risk by using a hardware
security standard called WEP. Unfortunately, WEP encrypts
using only a static shared key which is vulnerable to attack. In
addition to eavesdropping off the air, in Archipelago, packets
are explicitly passed through intermediate nodes giving them
even easier access to the data. Archipelago uses end to end
key exchange and encryption to combat these two challenges.
Other security challenges include man-in-the-middle,
impersonation, and topology disruption attacks. Cristina NitaRotaru is aiding in designing and implementing the
Archipelago security architecture.
Current Implementation
Archipelago is implemented in ANSI C for maximum
portability. Archipelago operates on Win32, Linux, and
WinCE platforms, and supports communication between any
combination of these. The system is not currently publicly
available. Contact us with inquires about availability.
System Architecture
Additional Information
Archipelago uses an extensible modular architecture. User
level applications initiate connections to one of the
Archipelago session layer modules to gain access to the
system. For example, Internet applications use the proxy
The Archipelago Project Website
http://www.cnds.jhu.edu/research/networks/archipelago/
Contact Info
archipelago@cnds.jhu.edu