Greedy hackers can hog Wi-Fi bandwidth

Greedy computer hackers using open-source Linux machines could steal more than their fair share of bandwidth from Wi-Fi hotspots, Swiss computer scientists have warned.

At the MobiSys 2004 conference in Boston, Massachusetts on Monday, Imad Aad, of the Swiss Federal Institute of Technology in Lausanne, outlined how changing just one line of code in the Linux operating system could allow hackers to monopolize the bandwidth at hotspots using the 802.11 standard.

As some hotels charge up to a $1 per minute for Wi-Fi access, the problem could become unfairly expensive for users who do not cheat, he says.

He also demonstrated a software tool that would allow Wireless Internet Service Providers (WISPS) to detect such greedy behaviour within a third of a second, by sniffing the rates of data exchange between users and the access point.

WISPs could fine greedy users or cut them off the network, he explains. Aad and his colleagues, Jean-Pierre Hubaux and Maxim Raya, have applied for a patent on the tool, called DOMINO.

Randomly assigned

The hacks that DOMINO tackles alter the Multiple Access Control (MAC) protocol, one of the series of protocols that govern how bandwidth is distributed between multiple users of the same Wi-Fi access point.

This type of hack became possible when a new generation of Wi-Fi access cards hit the market in 2003. The cards run the MAC protocol in software, rather than hardware. This makes it easy to change when using a Linux computer, on which all the code is openly available.

For example, one line of the MAC protocol randomly assigns each hotspot user a rate for data transfer. The rates are constantly re-assigned so that on average each user receives data at the same rate. But by changing that line of the MAC protocol, a hacker can fix his rate at a high value, and siphon off most or all of the bandwidth.

Aad claims that DOMINO could detect if someone is doing this by monitoring the rate of data flow in the MAC layer. The tool can be set to raise an alarm when one user is receiving data at an abnormally high speed compared to other users.

But other MobiSys delegates point out that DOMINO only tackles cheating in the MAC layer. "There are so many places that you can misbehave to gain advantage," says Adam Wolisz, who listened to the presentation and researches wireless networks at the Technical University of Berlin, Germany.

He suggests that another protocol in the data transfer process, called TCP, could also be hacked. "Maybe MAC should not be considered a priority." But Aad told New Scientist:"It is much more efficient to cheat on the MAC layer than the TCP."

Text 7

Microsoft gains double-clicking patent

Microsoft has successfully patented using short, long or double clicks to launch different applications on "limited resource computing devices" presumably PDAs and mobile phones. The US patent was granted on 27 April.

Now any US company using a variety of clicks to launch different software functions from the same button will have to change their product, pay licensing fees to Microsoft or give Microsoft access to its intellectual property in return.

British company Symbian, which makes operating systems for mobile phones that employ double clicks and has offices in the US could be affected, as could PalmOne in California, which supplies PDA software.

Several activists who oppose software patents say that Microsoft's patent is not a "sensible use" of the patenting system because the idea of the long, short and double clicks is neither novel or non-obvious.

Both the US and the UK use these criteria to decide whether or not to grant patents. "It is almost beyond parody that Microsoft has been able to do this," says Ian Brown of the Foundation for Information Policy Research in London, UK.

Single swipe

In 1999 the online store Amazon patented the ability to make payments online with a single click of the mouse. The decision was met with similar criticism as opponents pointed out that Amazon's idea was merely the software implementation of an existing idea -to pay for items with a single swipe of a credit card.

"These are symptoms of the fact that the patent system is not well-adapted to being applied to software," says Jonas Maebe, of the Foundation for a Free Information Infrastructure, and a computer scientist at the University of Ghent in Belgium.

However, the UK Patent Office maintains that software patents are necessary because some ideas are new regardless of the fact that they are implemented using software.

The UK office declined to comment directly on Microsoft's click patent. But spokesman Jeremy Philpott told New Scientist: "If you think that the claim sounds like something that was known before or that is obvious, then you would have to believe that we would throw it out."

The claim comes as the European Parliament and Commission are struggling to agree on legislation that would harmonise software patents across Europe. Activists have opposed a directive currently being debated that explicitly allows some software patents. They fear that it will make cases like the Microsoft one more common in Europe.

But Philpott says that the directive seeks only to clarify and preserve the European status quo. For example, Europe did not allow the Amazon patent because it found "prior art" that proved that the method was not novel.

 

Text 8