From Smart Dust to Reliable Networks Kris Pister Prof. EECS, UC Berkeley Founder & CTO, Dust Networks
Outline • Background – The Science Project • Market – The Hype • Technology – Challenges – Status • Applications • Open Research Problems
Grand Challenge A B C Reliably, at low power
Smart Dust Goal c. 1997
Smart Dust, 2002 SENSORS ADC PHOTO RECEIVER OPTICAL IN 8 -bits 1 V 1 -2 V FSM 375 kbps 16 mm 3 total circumscribed volume TRANSMITTER 175 bps ~4. 8 mm 3 total displaced volume 1 V 1 V SOLAR POWER 3 -8 V 2 V OPTICAL OUT
UCB “COTS Dust” Macro Motes Services David Culler, UCB Networking Tiny. OS We. C 99 James Mc. Lurkin MS Rene 00 Small microcontroller - 10 kbps EEPROM storage (32 KB) Simple sensors Mica 02 Demonstrate scale - 8 kb code, 512 B data Simple, low-power radio Dot 01 Designed for experimentation -sensor boards -power boards NEST open exp. platform 128 KB code, 4 KB data 50 KB radio 512 KB Flash comm accelerators
University Demos – Results of 100 man-years of research Motes dropped from UAV, detect vehicles, log and report direction Intel Developers Forum, live demo 800 motes, 8 level dynamic network, and velocity Seismic testing demo: real-time data acquisition, $200 vs. $5, 000 per node vs. 50 temperature sensors for HVAC deployed in 3 hours. $100 vs. $800 per node.
Sensor Networks Take Off! Industry Analysts Take Off! $8. 1 B market for Wireless Sensor Networks in 2007 Source: In. Stat/MDR 11/2003 (Wireless); Wireless Data Research Group 2003; In. Stat/MDR 7/2004 (Handsets)
Wireless Sensor Networking Decision Systems Monitoring Systems Control Systems Enterprise Applications • Significant reduction in the cost of installing sensor networks • Enables new class of services Analog Sensors and Actuators Digital Sensors and Actuators Physical World Serial Devices • Increases sensor deployment
WDRG, 2003 $748, 000 in ‘ 03
Cost of Sensor Networks Mesh Networking Computing Power Installation, Connection and Commissioning $ Sensors Time
Low Data Rate WPAN Applications (Zigbee) security HVAC AMR lighting control access control asset mgt process control environmental energy mgt BUILDING AUTOMATION CONSUMER ELECTRONICS PC & PERIPHERALS INDUSTRIAL CONTROL patient monitoring fitness monitoring TV VCR DVD/CD remote PERSONAL HEALTH CARE RESIDENTIAL/ LIGHT COMMERCIAL CONTROL mouse keyboard joystick security HVAC lighting control access control lawn & garden irrigation
Mesh Systems Add: Mote. IV, Arch Rock Merged: • Chipcon/Figure 8 TI/Chipcon • Integration Associates/Comp. Xs
Dust Networks • Founded July 2002 – Angels, In-Q-Tel, ~$1. 5 M – 28 employees in Jan 04 • Series A Feb 2004 – Foundation – IVP • Series B Feb 2005 – Crescendo – Cargill
Network Architecture • Goals – – High reliability Low power consumption No customer development of embedded software Customer visibility into all aspects of network operation/status/health – Minimal/zero customer RF/networking expertise necessary • Challenges – 1 W emitters in regulated but unlicensed RF bands – Extreme computation and communication resource constraints • MIPS, RAM, bps
What do OEMs and SIs want? • • ^ and scientists and engineers and startups and grad students and…. Reliability Low installation and ownership costs – No wires; >5 year battery life – No network configuration – No network management • Typically “trivial” data flow – Regular data collection • 1 sample/minute… 1 sample/day? – Event detection • Threshold and alarm
Reliability • Hardware – Temperature, humidity, shock – Aging – MTBF = 5 centuries • Software – Linux yes (manager/gateway) – Tiny. OS no (motes) • Networking – RF interference – RF variability
Goals • Networks must be – Reliable • count the 9 s! – Scalable • thousands to tens of thousands of nodes – Low Power • Self forming, self healing • Zero wires – Flexible • Monitoring, maintenance, log file transfer, … • Battery only or powered infrastructure
Challenges • RF environments are dynamic – Time-varying multi-path – Time-varying interference • Sensor Networking is challenging – Traditional traffic models don’t apply • Internet, Wi. Fi • Cell phones – Computational resources are limited
Implications of RF Challenges • “Transmit and forget” is unreliable – Lost packets • Single-path networks (trees) are very dangerous – Lost motes • Single-channel networks are fatal – Lost networks
RF Solutions • Temporal Diversity – Don’t quit until you get an acknowledgement • Spatial Diversity – Multiple paths from every mote • Frequency Diversity – Frequency hopping in addition to direct sequence spread spectrum
IEEE 802. 15. 4 & Wi. Fi Operating Frequency Bands 2. 4 GHz PHY 2. 4 GHz Gutierrez Channels 1 -10 868. 3 MHz 868 MHz / 915 MHz PHY Channel 0 902 MHz Channels 11 -26 2 MHz 928 MHz 5 MHz 2. 4835 GHz
900 MHz cordless phone -50 d. Bm Solid mote signal -20 d. Bm
Zigbee 1. 0 • Single channel networks are built into standard. This will be fatal for reliability. • Tree-based routing recommended by standard will likely not be adopted, especially given the single-channel radio. • No definition of duty cycling routers – Assumes powered routers, battery powered leaf nodes – No explicit prevention of router duty cycling – Zigbee 2. 0?
Cluster-tree Topology Clustered stars - for example, cluster nodes exist between rooms of a hotel and each room has a star network for control. Full function device Reduced function device Communications flow
Techno-Rant • Reduced function devices are a non-starter for most applications • Tree-based routing is fatal • Cluster-tree combines both • Mesh != multi-hop – Mesh = path diversity • Fixed frequency is fatal • Wireless means no wires
Radio Reliability in a Crowded Spectrum • UWB? – Unclear potential for duty cycling • DSSS doesn’t cut it – Helpful, but only about 10 d. B • +20 d. Bm doesn’t cut it – Helpful, but expensive in batteries – 802. 11 & cordless phones • Must frequency hop – Time synchronization required… …but you probably needed that anyway. – Lots of channels, lots of bandwidth, better scaling, …
Spatial effect of multipath
Beware of static measurements and RF pathloss simulations • Site surveys need to be done over at least 24 hours • Simulation tool results need much more speckle Pictures from www. wirelessvalley. com
Path stability vs. Received Signal Strength
Distance vs. Received Signal Strength RSSI and distance for Consolidated network 1/R 2? 1/R 4? Distance [meters] 60 40 20 0 -100 -90 -80 -70 -60 RSSI [d. Bm] -50 -40
Frequency dependent fading and interference From: Werb et al. , “Improved Quality of Service in IEEE 802. 15. 4 Networks”, Intl. Wkshp. On Wireless and Industrial Automation, San Francisco, March 7, 2005.
M Tu W Th F M Tu
Real RF links • Indoor propagation – not well modeled by R^k for any k – Attenuation ~ Free space (R 2) + Uniform(0, 30) d. B + rand(t) * uniform(0, 30) d. B – Not symmetric, time varying • PER is not due to gaussian BER
![Transmitter efficiency Pout [m. W] 1 0 Pin [m. W] 20 25 • Transmitter](https://present5.com/presentation/191f4aa5bbd75f44d576ac9690301d81/image-41.jpg "Transmitter efficiency Pout [m. W] 1 0 Pin [m. W] 20 25 • Transmitter")
Transmitter efficiency Pout [m. W] 1 0 Pin [m. W] 20 25 • Transmitter slope efficiency is typically 10 — 50% but… • Transmitter overhead is typically >10 x the max output power, so… • Changing transmit power may be useful for interference reasons, but it has little effect on battery life
![Energy per packet Etx [u. J] 0 0 Lpayload [bits] 102… 103 • Energy](https://present5.com/presentation/191f4aa5bbd75f44d576ac9690301d81/image-42.jpg "Energy per packet Etx [u. J] 0 0 Lpayload [bits] 102… 103 • Energy")
Energy per packet Etx [u. J] 0 0 Lpayload [bits] 102… 103 • Energy spent in turning on the transmitter and sending packet overhead (preamble, start symbol, headers and footers) typically exceeds the energy cost of the payload, often by 10 x • The same is true for the receiver, but how do you know when to turn it on?
Network Types Star Powered mesh infrastructure X Full Mesh Star-connected sensors No infrastructure X Why not use 802. 11? Mesh-connected sensors
Time Diversity • Link-level acknowledgement – Keep trying until you get confirmation of success • Assume packet error rate, PER=20%=0. 2 • Try N times • Overall failure probability is (PER)N • Overall success probability is 1 - (PER)N N Probability of failure of success 1 0. 2 0. 8 2 0. 04 0. 96 3 0. 008 0. 992 4 0. 0016 0. 9984 5 0. 00032 0. 99968
Path diversity • Assume overall reliability is 99% on each of k paths – Probability of success on at least one path is 1 - (1 -0. 99)k – k=2 99. 99% • Path diversity allows smooth recovery from unexpected events – Alarms are generated in network and flow to manager – Manager takes appropriate action (e. g. add bandwidth, new parent, …)
Min_Parents = 2
Power-optimal communication • Assume all motes share a network-wide synchronized sense of time, accurate to ~1 ms • For an optimally efficient network, mote A will only be awake when mote B needs to talk A A wakes up and listens B B transmits B receives ACK A transmits ACK Expected packet start time Worst case A/B clock skew
Packet transmission and acknowledgement Mote Current Radio TX startup Packet TX Radio TX/RX turnaround ACK RX Energy cost: 295 u. C
Fundamental platform-specific energy requirements • Packet energy & packet rate determine power – (QTX + QRX )/ Tpacket – E. g. (300 u. C + 200 u. C) /10 s = 50 u. A
Idle listen (no packet exchanged) Mote Current Radio RX startup ACK RX Energy cost: 70 u. C
Scheduled Communication Slots • Mote A can listen more often than mote B transmits • Since both are time synchronized, a different radio frequency can be used at each wakeup • Time sync information transmitted in both directions with every packet A B TX, A ACK B Ch 3 Ch 4 Ch 5 Ch 6 Ch 7 Ch 8
Latency reduction • Energy cost of latency reduction is easy to calculate: – Qlisten / Tlisten – E. g. 70 u. C/10 s = 7 u. A • Low-cost “virtual on” capability • Latency vs. power tradeoff can vary by mote, time of day, recent traffic, etc. A B Tlisten B TX, A ACK
Latency reduction • Global time synchronization allows sequential ordering of links in a “superframe” • Measured average latency over many hops is Tframe/2 G T 2, ch y A T 1, ch x B Superframe
People draw digraphs A A C C B B Graph Di. Graph A A C C B Multi. Graph B Multi. Di. Graph
Time and Frequency Time A Freq One Slot C B 902. 5 MHz B A 903 MHz B A … B C 927. 5 MHz One Cycle of the Black Frame • Graphs & Links are abstract, with no explicit time or frequency information. • Frames and slots are more concrete • Time synchronization is required • Latency, power, characteristic data rate are all related to frame length • Relative bandwidth is determined by multiplicity of links
Time and Frequency Channel Time B A C B B A B A Cycle N+1 • Every link rotates through all RF channels over a sequence of NCH cycles • 32 slots/sec * 16 ch = 512 cells/sec • Sequence is pseudo-random C B Cycle N+2 B A A B C
50 channels, 900 MHz 900 MHz 930 MHz
16 channels, 2. 4 GHz 2. 485 GHz
Configure, don’t compile Smart. Mesh Console TM IP Network XML Smart. Mesh Manager Mote ~100 ft Reliability: 99. 99%+ Power consumption: < 100 u. A average
50 motes, 7 hops 3 floors, 150, 000 sf >100, 000 packets/day
Scalability: Outdoor Test Network 1, 100 m -1400 Motes -20 Managers - 32 Acres 600 m Approaching 8 mote-centuries
Communication Abstraction • Packets flow along independent digraphs • Digraphs/frames have independent periods • Energy of atomic operations is known, (and can be predicted for future hardware) IP Network XML – Packet TX, packet RX, idle listen, sample, … Smart. Mesh Manager • Capacity, latency, noise sensitivity, power consumption models match measured data • Build connectivity & applications via xml interface A C Network Services B Configurable Data Filter/Control Analog I/O Digital I/O Serial Port E H G F
Multiple graphs Multiple frames Channel Time B A C A B A B C C B A Cycle M of red frame C B Cycle M+1
Frames overlayed Channel Time B A C B C A B C B A C A B A A C B C A B A C C A B A • Packet collisions avoidable with integer-multiple length frames (here Tred = 3 Tblack) or • Use mutually prime frame lengths to randomize • Infrequent scheduling collisions will occur - all but RX/RX can be solved by frame priority - mote w/ RX/RX will expect some packet collision
Plenty of Time and Frequency Diversity Channel Time G E E C B A F E C B F E G E B C C A F E G E F E E C C A F E A C B E G F C A F E E C B A F E B A • E C B A F E C B A C C A B A G E Many links can share the same time slot (channel diversity) • >1000 links/second in same RF space • ~100 payload bytes/link • Path limit: ~3 k payload bytes/s • Network limit: ~150 k payload bytes/s (w/ no frequency re-use)
Subnetworks: single-hop, low latency G C B E H A F Black superframe • All motes • 200 slots • Maintains time synch • Data, Health reports up • Control info down Red superframe • Mote F is light switch • Mote A is light • 1 slot, ~30 ms latency Blue superframe • Mote H is temp sensor • Mote B is HVAC control point • 30 slots, ~1 second latency Motes A and B are likely powered All frames on all the time All other motes run at <100 u. A
Subnetworks 2: reliable multi-hop control G C B E H A F Black superframe • All motes • 10 s period • Maintains time synch • Data, Health reports up • Control info down Red superframe • ~2 s latency • Mote H is industrial process sensor • Mote A is industrial process controller Both frames on all the time All motes run at <100 u. A
Subnetworks 3: high speed links A C B E H F Black superframe • All motes • Maintains time synch • Data, Health reports up • Control info down Red superframe • Mote G is a microphone sending real-time compressed voice • 2 slots, 1 payload delivered to A every 2 cycles • ~12 kbps Blue superframe G • Mote H is a camera transferring an image • 2 slots, 1 payload delivered to A per cycle • ~25 kbps Red & Blue frames are only on occasionally All motes run at <100 u. A under “normal” conditions Motes on active high speed frames burn 25% to 50% of (Irx+Itx)/2 Zero collisions, zero lost packets Without black graph
Subnetworks 3, et cetera W E->C Red frame: 1 packet delivered from G to D every other slot H->B H->C C->A Blue frame: 1 packet delivered from H to A every slot G->E D C->A A F X C B E P H Y G R Q S W->X X->Y Y->Z Gold frame: 1 packet delivered from W to Z every other slot Z H->B H->C C->A B->A Green frame: 1 packet delivered from S to P every slot
Many Knobs to Turn • Trade performance and power – Sample & reporting rate – Latency – High bandwidth connections • Tradeoffs can vary with – Time – Location – Events • Use power intelligently if you’ve got it
Available data • Connectivity – Min/mean/max RSSI • Path-by-path info: – TX: attempts, successes – RX: idle, success, bad CRC • Latency (generation to final arrival) • Data maintained – Every 15 min for last 24 hours – Every day for last week – Lifetime • Available in linux log files or via XML IP Network XML Smart. Mesh Manager
Micro Network Interface Card m. NIC • No mote software development • Variety of configurable data processing modules • Integrators develop applications, not mesh networking protocols • For compute-intensive applications, use an external processor/OS of your choice. Network Services Configurable Data Filter/Control Analog Digital Serial I/O Port
Energy Monitoring Pilot • Honeywell Service: monitor, analyze and reduce power consumption • Problem: >> $100/sensor wiring cost • Solution: – Entire network installed in 3 hours (vs. 3 -4 days) – 9 min/sensor – Software developed in 2 weeks (XML interface) – 18 months, 99. 99%
Chicago Public Health – Dust, Tridium, Teng Temperature and power monitoring
Tridium Niagra. AX
Micro Network Interface Card m. NIC • No mote software development • Variety of configurable data processing modules • Integrators develop applications, not mesh networking protocols • For compute-intensive applications, use an external processor/OS of your choice. Network Services Configurable Data Filter/Control Analog Digital Serial I/O Port Sensor u. P
Perimeter Security Passive IR and Camera 1. 5 in MEMS and GPS 2. 5 in
Border Monitoring System, Kirtland AFB SAIC Dust Networks
SAIC Dust Networks
SAIC Dust Networks
SAIC Dust Networks
Oil Refinery – Double Coker Unit GW 14 unit Network expanded to 27 -- Expanding to 50+ in ‘ 06 • Scope limited to Coker facility and support units spanning over 1200 ft • Expanded to 27 units, implemented 14 to start • No repeaters were needed to ensure connectivity • Gateway connected via Ethernet port in control room to process control network • Electrical/Mechanical contractor installed per wired practices
Applications Public Safety Parking Management Conditioned Maintenance Resource Metering Traffic Monitoring Public Information
Basic Enforcement Operation 1 Sensor nodes are deployed along streets 2 Sensor nodes detect the arrival, 3 presence and departure of vehicles. Information is collected via the low power mesh, and relayed back to a central database over 4 cellular data networks. The central database maintains an up-to-the-minute map of parking events and violations 5 for the entire city. PCOs are dispatched in 6 efficient routes to ticket violations. Detailed historical and statistical information on parking is used to improve policy and operations over time.
Medium Access Approaches • Medium Access (MAC) – How do motes share the radio spectrum? – How many can co-exist? • • • Aloha Slotted Aloha CSMA (sometimes CSMA/CA) CSMA/CD TDMA/CA
Aloha • Simplest MAC protocol – talk when you want to! – Standard for early wireless sensor networks • Fine for very light traffic (5%) • Chaotic collapse above ~10% • Theoretical throughput limit ~18% (1/e 2) Aloha! A G B Aloha! Aloha!
Slotted Aloha • Packets sent in time slots – Still collisions, but fewer • Requires time synchronization • Theoretical throughput limit ~37% (1/e) Aloha! A G B Aloha! Aloha!
CSMA • CSMA = Carrier Sense Multiple Access – Listen before talk – Only transmit if the channel is clear – “Carrier” is actually RF energy and/or valid symbols A listens to channel: idle TX A ? TX packet ACK G B listens (busy) B ? B listens (idle) ? TX packet ACK
CSMA Challenges • • A, B listen at the same time Both detect an idle channel Both begin to transmit, and collide ~10% of packet time w/ 802. 15. 4 radios A listens (idle) A ? TX packet ACK G B listens (idle) B ? TX packet ACK
CSMA Challenges • • A, B listen at the same time Both detect an idle channel Both begin to transmit, and collide ~10% of packet time w/ 802. 15. 4 radios A listens (idle) A TX packet ? ACK Collision! G B listens (idle) B ? TX packet ACK
CSMA Challenges • A, B both listen, detect a packet • At end of packet, both transmit and collide A G X B ? ? ? TX packet ? ? ? TX packet ACK ACK ?
CSMA Challenges • A, B both listen, detect a packet • At end of packet, both transmit and collide A G X B ? ? ? TX packet ? ? ACK ? ? TX packet ACK Collision! ? TX packet ACK
CSMA Challenges • A, B can’t hear each other • “Hidden node” or “Hidden terminal” problem • In the limit, reduces CSMA to Aloha A ? TX packet ACK G B ? TX packet ACK
CSMA Challenges • A, B can’t hear each other • “Hidden node” or “Hidden terminal” problem • In the limit, reduces CSMA to Aloha A ? TX packet ACK G Collision! B ? TX packet ACK
CSMA Solutions • Many approaches – Random exponential backoff – P-persisent CSMA – RTS/CTS – Slotted CSMA – Synchronized CSMA • Hot topic in academia – MACA, B-MAC, S-MAC, T-MAC, …
Good packets vs. attempted transmits, Aloha
TDMA • TDMA = Time Division Multiple Access • Divide time into slots – With 802. 15. 4, a slot is ~10 ms – ~100 slots/second • Like Aloha, but with assigned TX time slots – Unique TX slots means no collisions – Many motes can receive if desired A B G G B A G D C C B B G
TDMA with multiple channels • Assign each mote a time slot and channel to transmit. – – All channels can be used simultaneously Big increase in available bandwidth 802. 15. 4 gives ~ (100 slots/s)(16 chan) = 1600 cells/sec Uniquely assigned no collisions • RX need to be scheduled now too • No TX, no RX sleep! G D C C B Ch 1 A Ch 0 B G A G Ch 2 B Ch 3 D C C B B G A G
TDMA Challenges • Time synchronization • Cell scheduling • Dynamic Bandwidth Allocation
TDMA with CSMA • Backbone TDMA network – Baseline connectivity and time synchronization – Guaranteed bandwidth – ~10% of cells in a 10, 000 mote network • All or some of remaining cells are “open listens” – Slotted Aloha by default – Fancier algorithms possible • All motes can listen, or just those with power G D C C B Ch 1 A Ch 0 B G A G Ch 2 B Ch 3 D C C B B G A G
TDMA with CSMA • Backbone TDMA network – Baseline connectivity and time synchronization – Guaranteed bandwidth – ~10% of cells in a 10, 000 mote network • All or some of remaining cells are “open listens” – Slotted Aloha by default – Fancier algorithms possible • All motes can listen, or just those with power B C B A-Z? A? D? B G A G A-Z? D C C B Ch 2 G D C Ch 1 A Ch 0 A? D? A-Z? B G A G Ch 3 E? F? A-Z? E? F?
Flexibility of hybrid TDMA/CSMA • TDMA provides framework – 50 u. A baseline current for synchronization and control – Static bandwidth allocated efficiently – Collision free • CSMA or Slotted Aloha for dynamic bandwidth – Accurate timing improves all algorithms • Power/performance tradeoffs in filling the cell matrix – Use powered infrastructure where you find it
Technology directions • Reliable – Four 9 s today – Moving beyond six 9 s • Scalable – Thousands per site today – Tens of thousands per site • Low Power – A decade on a D cell today – >10 x reduction in radio power demonstrated in academia • Flexible – Configurable networks today – Dynamically move along optimal power/performance curves
Standards • • IEEE 802. 15. 4 Zigbee Wireless HART ISA/SP 100
Mote on a Chip? (circa 2001) • Goals: – Standard CMOS – Low power – Minimal external components antenna Temp ~$1 u. P SRAM Amp ADC Radio ~2 mm^2 ASIC battery inductor crystal
UCB Hardware Results ~2003 • 2 chips fabbed in 0. 25 um CMOS – “Mote on a chip” worked, missing radio RX – 900 MHz transceiver worked • Records set for low power CMOS – ADC • 8 bits, 100 k. S/s • 2 u. A@1 V – Microprocessor • 8 bits, 1 MIP • 10 u. A@1 V – 900 MHz radio • 100 kbps, “bits in, bits out” • 20 m indoors • 0. 4 m. A @ 3 V
Chipcon cc 2430
Chipcon cc 2430 • Key Features • 32 MHz single-cycle low power 8051 MCU • 2. 4 GHz IEEE 802. 15. 4 compliant RF transceiver • 32, 64, and 128 k. Byte in-system programmable flash • Ultra low power: Ideal for battery operated systems • Prevailing development tools • Industry leading Zig. Bee(TM) protocol stack (Z-Stack) available • 8 k. Byte SRAM, 4 k. Byte with data retention in all power modes • Ro. SH compliant 7 mm x 7 mm QLP 48 package • Powerful DMA functionality • Four flexible power modes for reduced power consumption • AES security coprocessor • Programmable watchdog timer • Power on reset/Brown-out detection • One IEEE 802. 15. 4 MAC timer, one general 16 -bit timer and two 8 -bit timers • Two programmable USARTs for master/slave SPI or UART operation • True random number generator • Digital RSSI/LQI support • Digital battery monitor • On-chip temperature sensor • Hardware debug support • Reference design with external PA providing +10 d. Bm output power available
2. 4 GHz Radio in 0. 13 um CMOS • Cook et al, ISSCC ’ 06 • Goal: ISM, frequency hopping, fast startup, lowest power
TX Performance
NF vs. Power Consumption Measured at RSSI Output CC 2420 NF, 55 m. W
Die Photo • 2. 2 mmx 2. 2 mm • Active Area: 800µm 2
Radio Performance 25 X IRX (m. A) 20 With software: 10 years D cell cc 2420 15 X 10 cc 1000 With software: 10 years coin cell 5 Cook 06 (300 m. W) Molnar 04 (0. 4 m. A) X Otis 05 (0. 4 m. A) X 100 k X 200 k 300 k Bit rate (bps)
Mote on a Chip • Goals: – Standard CMOS – Low power – Minimal external components Zero antenna u. P Security Temp Location Amp ADC Radio Time SRAM ~4 mm^2 ASIC battery inductor crystal
Die area, power, 2005 2009 • ADC – 10 -12 bits, zero area, zero power • Digital – – 32 bit u. P 1 mm 2 0. 25 mm 2 Crypto - ~ u. P Dedicated datapath? 0. 25 m. W/MHz 50 u. W/MHz • Memory – ROM & Flash 128 k. B/mm 2 0. 5 MB/mm 2 – RAM 16 k. B/mm 2 64 k. B/mm 2 – ~m. W/MHz ~ u. W/MHz • RF – 2 mm 2 1 mm 2 – 10 s of m. W 100 s of u. W • Leakage – 10 s u. A @ 85 C? <1 u. A @ 85 C (circuit solutions; processes get worse)
Sago Mine Accident (Jan 2006) • Lack of good sensor information • Limited knowledge of worker location • Wired communication system Worker Location 650 m Explosion Wired phone to surface
Bandwidth and Multipath • Increasing BW only helps if 1/BW is similar to path difference
RF Geolocation Performance • 1 m of measurement error = 3. 3 ns
Security Goals • Encryption – Make sure that no one can see the data • Integrity – Make sure that no one can fake the data, fake control packets, screw up the network with replay of old packets, screw up the network with random packets – Make sure that random bit errors don’t screw up the network • Certification – Networks only accept trusted motes – Motes only join trusted networks • Binding – Motes only join the right network
Threat models • Easy – No access to hardware – No crypto expertise • Medium – – Access to hardware outside the network (demo network) Single PC College students Competitors • Hard – Access to active hardware in the network – PC cluster (~hundreds of 2006 to 2020 vintage PCs) – Theft, sabotage, industrial espionage, hacking • • Ocean’s 11 Osama, Putin, Chirac Unocal China David Wagner, UCB People are almost always the weakest link.
Public Key & Shared Key • Shared key, or symmetric key – – – Encryption of payloads, authentication of headers Block ciphers: AES, DES, XTEA, … In software on 8 bit micros ~ 10 ms In hardware on 802. 15. 4 chips ~ 1 us Issues: key storage, key exchange • Public key – – Certification of identity of motes, managers Key exchange for shared key systems Seconds to minutes on 8 bit micros Export concerns?
Shared-key Encryption & Integrity • Authenticate payload & headers using AES 128 CBC-MAC – Generates “secure checksum” Message Integrity Code – 4 or 8 bytes • • Encrypt payload and MIC with AES 128 CTR Append a 2 byte checksum A – Redundant, less strong, less secure than the MIC – That’s what 802. 15. 4 forces us to do • Packet ACK On reception – Verify CRC – Decrypt payload, MIC – Verify message integrity (calculate MIC over received packet and compare to transmitted MIC) PHY head er MA C head er NE T hea der APP payload MI C CR C Authenticate integrity Encrypt in place Checksum B
Public Key Certification - Use Cases • • One supplier/integrator One supplier, separate integrator Multiple suppliers, one integrator Multiple suppliers, multiple integrators, multiple neighboring customers Building 2 • HVAC network • Security Network • Fire network • Tenant networks Building 1 • HVAC network • Security Network • Fire network • Tenant networks ? ? New mote ?
Simplest public key system for identity certification • Messages encrypted with the private key can only be decrypted with the public key • At manufacture, a mote gets a ‘signed’ copy of its ID – Encrypted with the manufacturers private key • On joining, the mote presents its ID and the signed copy of the ID • The network verifies that the signature is valid by decrypting it with the public key and checking to see if it is the right ID Manufacturer A Secret key Sa ----------Public key Pa Network/Manager Public key ring: Pa, Pb, … Cy=E(Sa, Y) Mote Y Cy Mote X Cx Y, Cy Verify D(Pa, Cy) = Y ? Verify D(Pb, Cy) = Y ?
From manufacture to 3 AM join Mote N Manufacturing Protocol version# PC Mote ID Joining Key Signed(ID, JK) Store/ sleep Mote P 1 Mote P 2 Manager Data/advert packet Join request Signed(ID, JK) Manager verifies signature Operator accepts new mote Configure? Path key encrypted with JK Mote N key encrypted with JK Activate child Path key encrypted with P 1 key Path key encrypted with JK Mote N key encrypted with JK config. ACK Encrypted with Path Key Add link N->P 2 Path key encrypted with P 2 key Add link N->P 2 Path key encrypted with N key
Manager Mores • Prudish – Never • Prudent • Promiscuous – Any mote, anywhere, any time
Manager Mores • Prudish – Never • Prudent – meets some combination of criteria: • • Mote has valid certificate Mote on access control list Manager accepted this mote before Human/higher-authority approval – Console/web – Button – PDA (RF or cable) • Single-hop from manager w/ specified minimum signal strength • Promiscuous – Any mote, anywhere, any time
Key length and security Crypto strength (n) Symmetric ECC key Cipher size RSA key size MIPS-years NIST to crack expiry date 80 Triple DES 160 (80) 1024 8 x 1011 2010 128 AES 128 256 3072 2 x 1026 >2030 256 AES 256 512 15, 000 6 x 1052 1 million Pentiums running for 1 year is ~ 109 MIPS-years 1 billion (Pentium x 1000) running for 1 century is ~ 1017 MIPS-years
Open Problems, Hardware • None. ü Sensors ü ADC ü u. P ü Radio ü RF Ranging ü Integration
Open Problems, Software • Definitions, metrics, and optimization of reliability and power consumption for Academically Dull Applications (low rate data collection and control) – Simple models are fine (until proven otherwise) • Interference, multi-path, radio power, etc. • Start w/ reliability >99. 9%, duty cycle <10% and improve • • Time synchronization Powered Infrastructure w/ 802. 11 Certification, Binding, Commisioning Reducing barriers to access – Interfacing to PDAs, cell phones, web
Скачать презентацию From Smart Dust to Reliable Networks Kris Pister
191f4aa5bbd75f44d576ac9690301d81.ppt