Presentation is loading. Please wait.

Presentation is loading. Please wait.

From Smart Dust to Reliable Networks

Similar presentations


Presentation on theme: "From Smart Dust to Reliable Networks"— Presentation transcript:

1 From Smart Dust to Reliable Networks
Kris Pister Prof. EECS, UC Berkeley Founder & CTO, Dust Networks

2 Open Research Problems
Outline Background The Science Project Market The Hype Technology Challenges Status Applications Open Research Problems

3 Grand Challenge A B C Reliably, at low power

4 Smart Dust Goal c. 1997

5 Smart Dust, 2002 16 mm3 total circumscribed volume
~4.8 mm3 total displaced volume SENSORS ADC FSM RECEIVER TRANSMITTER SOLAR POWER 1V 2V 3-8V PHOTO 8-bits 375 kbps 175 bps 1-2V OPTICAL IN OPTICAL OUT

6 UCB “COTS Dust” Macro Motes
Mica 02 NEST open exp. platform 128 KB code, 4 KB data 50 KB radio 512 KB Flash comm accelerators Dot 01 Demonstrate scale Rene 00 Designed for experimentation sensor boards power boards Networking Services TinyOS David Culler, UCB WeC 99 James McLurkin MS Small microcontroller - 8 kb code, 512 B data Simple, low-power radio - 10 kbps EEPROM storage (32 KB) Simple sensors

7 University Demos – Results of 100 man-years of research
Motes dropped from UAV, detect vehicles, log and report direction and velocity Intel Developers Forum, live demo 800 motes, 8 level dynamic network, 50 temperature sensors for HVAC deployed in 3 hours. $100 vs. $800 per node. Seismic testing demo: real-time data acquisition, $200 vs. $5,000 per node vs.

8 Sensor Networks Take Off!
Industry Analysts Take Off! $8.1B market for Wireless Sensor Networks in 2007 Source: InStat/MDR 11/2003 (Wireless); Wireless Data Research Group 2003; InStat/MDR 7/2004 (Handsets)

9 Wireless Sensor Networking
Decision Systems Significant reduction in the cost of installing sensor networks Enables new class of services Increases sensor deployment Monitoring Systems Control Systems Enterprise Applications Analog Sensors and Actuators Digital Sensors and Actuators Serial Devices Physical World

10 WDRG, 2003 $748,000,000 in ‘03

11 Cost of Sensor Networks
Computing Power Mesh Networking $ Installation, Connection and Commissioning Sensors Time

12 Low Data Rate WPAN Applications (Zigbee)
BUILDING AUTOMATION CONSUMER ELECTRONICS security HVAC AMR lighting control access control TV VCR DVD/CD remote INDUSTRIAL CONTROL PC & PERIPHERALS asset mgt process control environmental energy mgt mouse keyboard joystick PERSONAL HEALTH CARE RESIDENTIAL/ LIGHT COMMERCIAL CONTROL patient monitoring fitness monitoring security HVAC lighting control access control lawn & garden irrigation

13

14 Mesh Systems Add: MoteIV, Arch Rock Merged:
Chipcon/Figure8  TI/Chipcon Integration Associates/CompXs

15 Founded July 2002 Series A Feb 2004 Series B Feb 2005 Dust Networks
Angels, In-Q-Tel, ~$1.5M 28 employees in Jan 04 Series A Feb 2004 Foundation IVP Series B Feb 2005 Crescendo Cargill

16 Network Architecture Goals Challenges High reliability
Low power consumption No customer development of embedded software Customer visibility into all aspects of network operation/status/health Minimal/zero customer RF/networking expertise necessary Challenges 1W emitters in regulated but unlicensed RF bands Extreme computation and communication resource constraints MIPS, RAM, bps

17 What do OEMs and SIs want?
^ and scientists and and engineers and startups and grad students and…. Reliability Low installation and ownership costs No wires; >5 year battery life No network configuration No network management Typically “trivial” data flow Regular data collection 1 sample/minute…1 sample/day? Event detection Threshold and alarm

18 Hardware Software Networking Reliability Temperature, humidity, shock
Aging MTBF = 5 centuries Software Linux yes (manager/gateway) TinyOS no (motes) Networking RF interference RF variability

19 Networks must be Goals Reliable Scalable Low Power Flexible
count the 9s! Scalable thousands to tens of thousands of nodes Low Power Self forming, self healing Zero wires Flexible Monitoring, maintenance, log file transfer, … Battery only or powered infrastructure

20 RF environments are dynamic
Challenges RF environments are dynamic Time-varying multi-path Time-varying interference Sensor Networking is challenging Traditional traffic models don’t apply Internet, WiFi Cell phones Computational resources are limited

21 Implications of RF Challenges
“Transmit and forget” is unreliable Lost packets Single-path networks (trees) are very dangerous Lost motes Single-channel networks are fatal Lost networks

22 Temporal Diversity Spatial Diversity Frequency Diversity RF Solutions
Don’t quit until you get an acknowledgement Spatial Diversity Multiple paths from every mote Frequency Diversity Frequency hopping in addition to direct sequence spread spectrum

23 Operating Frequency Bands
IEEE & WiFi Operating Frequency Bands Channel 0 Channels 1-10 868MHz / 915MHz PHY 2 MHz 868.3 MHz 902 MHz 928 MHz 2.4 GHz PHY Channels 11-26 5 MHz 2.4 GHz GHz Gutierrez

24 900 MHz cordless phone -50dBm Solid mote signal -20dBm

25 No definition of duty cycling routers
Zigbee 1.0 Single channel networks are built into standard. This will be fatal for reliability. Tree-based routing recommended by standard will likely not be adopted, especially given the single-channel radio. No definition of duty cycling routers Assumes powered routers, battery powered leaf nodes No explicit prevention of router duty cycling – Zigbee 2.0?

26 Cluster-tree Topology
Clustered stars - for example, cluster nodes exist between rooms of a hotel and each room has a star network for control. Communications flow Full function device Reduced function device

27 Reduced function devices are a non-starter for most applications
Techno-Rant Reduced function devices are a non-starter for most applications Tree-based routing is fatal Cluster-tree combines both Mesh != multi-hop Mesh = path diversity Fixed frequency is fatal Wireless means no wires

28 Radio Reliability in a Crowded Spectrum
UWB? Unclear potential for duty cycling DSSS doesn’t cut it Helpful, but only about 10dB +20 dBm doesn’t cut it Helpful, but expensive in batteries & cordless phones Must frequency hop Time synchronization required… …but you probably needed that anyway. Lots of channels, lots of bandwidth, better scaling, …

29 Spatial effect of multipath

30 Beware of static measurements and RF pathloss simulations
Site surveys need to be done over at least 24 hours Simulation tool results need much more speckle Pictures from

31 Path stability vs. Received Signal Strength

32 Distance vs. Received Signal Strength
RSSI and distance for Consolidated network 60 1/R2? 1/R4? 40 Distance [meters] 20 -100 -90 -80 -70 -60 -50 -40 RSSI [dBm]

33 Frequency dependent fading and interference
From: Werb et al., “Improved Quality of Service in IEEE Networks”, Intl. Wkshp. On Wireless and Industrial Automation, San Francisco, March 7, 2005.

34

35

36

37

38

39 M Tu W Th F M Tu

40 PER is not due to gaussian BER
Real RF links Indoor propagation not well modeled by R^k for any k Attenuation ~ Free space (R2) + Uniform(0,30) dB + rand(t) * uniform(0,30) dB Not symmetric, time varying PER is not due to gaussian BER

41 Transmitter efficiency
Transmitter slope efficiency is typically 10—50% but… Transmitter overhead is typically >10x the max output power, so… Changing transmit power may be useful for interference reasons, but it has little effect on battery life Transmitter efficiency Pout [mW] 1 Pin [mW] 20 25

42 Energy per packet Energy spent in turning on the transmitter and sending packet overhead (preamble, start symbol, headers and footers) typically exceeds the energy cost of the payload, often by 10x The same is true for the receiver, but how do you know when to turn it on? Energy per packet Etx [uJ] Lpayload [bits] 102…103

43 Network Types X X Why not use 802.11? Star Star-Mesh Full Mesh
Powered mesh infrastructure Star-connected sensors No infrastructure Mesh-connected sensors X X Why not use ?

44 Link-level acknowledgement
Time Diversity Link-level acknowledgement Keep trying until you get confirmation of success Assume packet error rate, PER=20%=0.2 Try N times Overall failure probability is (PER)N Overall success probability is 1- (PER)N N Probability of failure Probability of success 1 0.2 0.8 2 0.04 0.96 3 0.008 0.992 4 0.0016 0.9984 5

45 Assume overall reliability is 99% on each of k paths
Path diversity Assume overall reliability is 99% on each of k paths Probability of success on at least one path is 1 - (1-0.99)k k=2  99.99% Path diversity allows smooth recovery from unexpected events Alarms are generated in network and flow to manager Manager takes appropriate action (e.g. add bandwidth, new parent, …)

46 Min_Parents = 2

47 Power-optimal communication
Assume all motes share a network-wide synchronized sense of time, accurate to ~1ms For an optimally efficient network, mote A will only be awake when mote B needs to talk A A wakes up and listens B transmits B B receives ACK A transmits ACK Worst case A/B clock skew Expected packet start time

48 Packet transmission and acknowledgement
Radio TX/RX turnaround Packet TX Radio TX startup ACK RX Mote Current Energy cost: 295 uC

49 Fundamental platform-specific energy requirements
Packet energy & packet rate determine power (QTX + QRX )/ Tpacket E.g. (300 uC uC) /10s = 50 uA

50 Idle listen (no packet exchanged)
ACK RX Radio RX startup Mote Current Energy cost: 70 uC

51 Scheduled Communication Slots
Mote A can listen more often than mote B transmits Since both are time synchronized, a different radio frequency can be used at each wakeup Time sync information transmitted in both directions with every packet A B TX, A ACK Ch 6 B Ch 3 Ch 4 Ch 5 Ch 7 Ch 8

52 Energy cost of latency reduction is easy to calculate:
Qlisten / Tlisten E.g. 70uC/10s = 7uA Low-cost “virtual on” capability Latency vs. power tradeoff can vary by mote, time of day, recent traffic, etc. A B B TX, A ACK Tlisten

53 Measured average latency over many hops is Tframe/2
Latency reduction Global time synchronization allows sequential ordering of links in a “superframe” Measured average latency over many hops is Tframe/2 G T2, ch y A T1, ch x Superframe B

54 People draw digraphs A A C C B B Graph DiGraph A A C C B B
MultiDiGraph MultiGraph

55 … Time and Frequency Time A Freq B C
One Slot A C B Freq CB BA 902.5 MHz 903 MHz 927.5 MHz One Cycle of the Black Frame Graphs & Links are abstract, with no explicit time or frequency information. Frames and slots are more concrete Time synchronization is required Latency, power, characteristic data rate are all related to frame length Relative bandwidth is determined by multiplicity of links

56 Time and Frequency Time Channel A
BA CB BA CB BA CB BA Channel Cycle N Cycle N+1 Cycle N+2 A C B Every link rotates through all RF channels over a sequence of NCH cycles 32 slots/sec * 16 ch = 512 cells/sec Sequence is pseudo-random

57 50 channels, 900 MHz 900MHz 930MHz

58 16 channels, 2.4 GHz 2.4GHz 2.485 GHz

59 Configure, don’t compile
IP Network XML SmartMeshTM Console SmartMesh Manager Mote ~100 ft Reliability: 99.99%+ Power consumption: < 100uA average

60 50 motes, 7 hops 3 floors, 150,000sf >100,000 packets/day

61

62 Scalability: Outdoor Test Network
1,100 m 600 m 1400 Motes Managers Acres Approaching 8 mote-centuries

63 Communication Abstraction
SmartMesh Manager IP Network XML Packets flow along independent digraphs Digraphs/frames have independent periods Energy of atomic operations is known, (and can be predicted for future hardware) Packet TX, packet RX, idle listen, sample, … Capacity, latency, noise sensitivity, power consumption models match measured data Build connectivity & applications via xml interface A C B E G F H Analog I/O Digital Serial Port Network Services Configurable Data Filter/Control

64 Multiple graphs  Multiple frames
Time BA CA BA CA BA CA CA BA Channel BC CB AC BC CB Cycle M of red frame A C B Cycle M+1

65 Frames overlayed Packet collisions avoidable with integer-multiple
Time BA CB CA BC BA CA BA AC CA CA BA CB Channel Packet collisions avoidable with integer-multiple length frames (here Tred = 3Tblack) or Use mutually prime frame lengths to randomize Infrequent scheduling collisions will occur - all but RX/RX can be solved by frame priority - mote w/ RX/RX will expect some packet collision A C B

66 Plenty of Time and Frequency Diversity
GE BA FE CB CA EC EC BC GE BA FE CA FE BA EC GE AC CA FE CA BA EC CB GE Channel A C B Many links can share the same time slot (channel diversity) >1000 links/second in same RF space ~100 payload bytes/link Path limit: ~3k payload bytes/s Network limit: ~150k payload bytes/s (w/ no frequency re-use) E G F

67 Subnetworks: single-hop, low latency
Black superframe All motes 200 slots Maintains time synch Data, Health reports up Control info down Red superframe Mote F is light switch Mote A is light 1 slot, ~30ms latency Blue superframe Mote H is temp sensor Mote B is HVAC control point 30 slots, ~1second latency Motes A and B are likely powered All frames on all the time All other motes run at <100uA G C B E A F H

68 Subnetworks 2: reliable multi-hop control
Black superframe All motes 10s period Maintains time synch Data, Health reports up Control info down Red superframe ~2s latency Mote H is industrial process sensor Mote A is industrial process controller Both frames on all the time All motes run at <100uA G C B E A H F

69 Subnetworks 3: high speed links
Black superframe All motes Maintains time synch Data, Health reports up Control info down Red superframe Mote G is a microphone sending real-time compressed voice 2 slots, 1 payload delivered to A every 2 cycles ~12kbps Blue superframe Mote H is a camera transferring an image 2 slots, 1 payload delivered to A per cycle ~25kbps Red & Blue frames are only on occasionally All motes run at <100uA under “normal” conditions Motes on active high speed frames burn 25% to 50% of (Irx+Itx)/2 Zero collisions, zero lost packets A C B E G F H Without black graph

70 Subnetworks 3, et cetera G->E E->C C->A Red frame:
1 packet delivered from G to D every other slot W D A F X C B H->B H->C C->A B->A Blue frame: 1 packet delivered from H to A every slot E P H G Y W->X X->Y Y->Z Gold frame: 1 packet delivered from W to Z every other slot R Q Z S H->B H->C C->A B->A Green frame: 1 packet delivered from S to P every slot

71 Trade performance and power
Many Knobs to Turn Trade performance and power Sample & reporting rate Latency High bandwidth connections Tradeoffs can vary with Time Location Events Use power intelligently if you’ve got it

72 Latency (generation to final arrival) Data maintained
Available data SmartMesh Manager IP Network XML Connectivity Min/mean/max RSSI Path-by-path info: TX: attempts, successes RX: idle, success, bad CRC Latency (generation to final arrival) Data maintained Every 15 min for last 24 hours Every day for last week Lifetime Available in linux log files or via XML

73 Micro Network Interface Card
mNIC No mote software development Variety of configurable data processing modules Integrators develop applications, not mesh networking protocols For compute-intensive applications, use an external processor/OS of your choice. Analog I/O Digital Serial Port Network Services Configurable Data Filter/Control

74 Energy Monitoring Pilot
Honeywell Service: monitor, analyze and reduce power consumption Problem: >> $100/sensor wiring cost Solution: Entire network installed in 3 hours (vs. 3-4 days) 9 min/sensor Software developed in 2 weeks (XML interface) 18 months, 99.99%

75 Chicago Public Health – Dust, Tridium, Teng
Temperature and power monitoring

76 Tridium NiagraAX

77 Micro Network Interface Card
mNIC No mote software development Variety of configurable data processing modules Integrators develop applications, not mesh networking protocols For compute-intensive applications, use an external processor/OS of your choice. Analog I/O Digital Serial Port Network Services Configurable Data Filter/Control Sensor uP

78 Perimeter Security Passive IR Passive IR and Camera 1.5 in
MEMS and GPS 2.5 in 2.5 in

79 Border Monitoring System, Kirtland AFB
SAIC Dust Networks

80 SAIC Dust Networks

81 SAIC Dust Networks

82 SAIC Dust Networks

83 Oil Refinery – Double Coker Unit
Scope limited to Coker facility and support units spanning over 1200ft Expanded to 27 units, implemented 14 to start No repeaters were needed to ensure connectivity Gateway connected via Ethernet port in control room to process control network Electrical/Mechanical contractor installed per wired practices GW Only instruction given to contractor – Design and mount instruments per wired HART best practices. 14 unit Network expanded to 27 -- Expanding to 50+ in ‘06

84 Applications Public Safety Information Resource Metering Traffic
Monitoring Parking Management Conditioned Maintenance

85 Basic Enforcement Operation
1 Sensor nodes are deployed along streets Sensor nodes detect the arrival, presence and departure of vehicles. Information is collected via the low power mesh, and relayed back to a central database over cellular data networks. The central database maintains an up-to-the-minute map of parking events and violations for the entire city. PCOs are dispatched in efficient routes to ticket violations. Detailed historical and statistical information on parking is used to improve policy and operations over time. 2 3 4 5 6

86 Medium Access Approaches
Medium Access (MAC) How do motes share the radio spectrum? How many can co-exist? Aloha Slotted Aloha CSMA (sometimes CSMA/CA) CSMA/CD TDMA TDMA/CA

87 Aloha Simplest MAC protocol Fine for very light traffic (5%)
talk when you want to! Standard for early wireless sensor networks Fine for very light traffic (5%) Chaotic collapse above ~10% Theoretical throughput limit ~18% (1/e2) Aloha! Aloha! A Aloha! Aloha! Aloha! Aloha! G Aloha! Aloha! B

88 Packets sent in time slots Requires time synchronization
Slotted Aloha Packets sent in time slots Still collisions, but fewer Requires time synchronization Theoretical throughput limit ~37% (1/e) Aloha! Aloha! A Aloha! Aloha! Aloha! Aloha! G Aloha! Aloha! B

89 A listens to channel: idle  TX
CSMA CSMA = Carrier Sense Multiple Access Listen before talk Only transmit if the channel is clear “Carrier” is actually RF energy and/or valid symbols A listens to channel: idle  TX A ? TX packet ACK G B listens (busy) B listens (idle) B ? ? TX packet ACK

90 A, B listen at the same time Both detect an idle channel
CSMA Challenges A, B listen at the same time Both detect an idle channel Both begin to transmit, and collide ~10% of packet time w/ radios A listens (idle) A ? TX packet ACK G B listens (idle) B ? TX packet ACK

91 A, B listen at the same time Both detect an idle channel
CSMA Challenges A, B listen at the same time Both detect an idle channel Both begin to transmit, and collide ~10% of packet time w/ radios A listens (idle) A ? TX packet ACK Collision! G B listens (idle) B ? TX packet ACK

92 A, B both listen, detect a packet
CSMA Challenges A, B both listen, detect a packet At end of packet, both transmit and collide A ? ? ? ? ? ? TX packet ACK X TX packet ACK G ? ? ? ? TX packet ACK B

93 A, B both listen, detect a packet
CSMA Challenges A, B both listen, detect a packet At end of packet, both transmit and collide A ? ? ? ? ? ? TX packet ACK Collision! X TX packet ACK G ? ? ? ? TX packet ACK B

94 A, B can’t hear each other “Hidden node” or “Hidden terminal” problem
CSMA Challenges A, B can’t hear each other “Hidden node” or “Hidden terminal” problem In the limit, reduces CSMA to Aloha A ? TX packet ACK G ? TX packet ACK B

95 A, B can’t hear each other “Hidden node” or “Hidden terminal” problem
CSMA Challenges A, B can’t hear each other “Hidden node” or “Hidden terminal” problem In the limit, reduces CSMA to Aloha A ? TX packet ACK G Collision! ? TX packet ACK B

96 Many approaches Hot topic in academia CSMA Solutions
Random exponential backoff P-persisent CSMA RTS/CTS Slotted CSMA Synchronized CSMA Hot topic in academia MACA, B-MAC, S-MAC, T-MAC, …

97 Good packets vs. attempted transmits, Aloha

98

99 TDMA = Time Division Multiple Access Divide time into slots
With , a slot is ~10ms ~100 slots/second Like Aloha, but with assigned TX time slots Unique TX slots means no collisions Many motes can receive if desired A BG AG DC CB BG G B

100 TDMA with multiple channels
Assign each mote a time slot and channel to transmit. All channels can be used simultaneously Big increase in available bandwidth gives ~ (100 slots/s)(16chan) = 1600 cells/sec Uniquely assigned  no collisions RX need to be scheduled now too No TX, no RX  sleep! Ch0 DC CB A BG AG DC CB Ch1 G BG AG Ch2 Ch3 B

101 Dynamic Bandwidth Allocation
TDMA Challenges Time synchronization Cell scheduling Dynamic Bandwidth Allocation

102 All or some of remaining cells are “open listens”
TDMA with CSMA Backbone TDMA network Baseline connectivity and time synchronization Guaranteed bandwidth ~10% of cells in a 10,000 mote network All or some of remaining cells are “open listens” Slotted Aloha by default Fancier algorithms possible All motes can listen, or just those with power Ch0 DC CB A BG AG DC CB Ch1 G BG AG Ch2 Ch3 B

103 All or some of remaining cells are “open listens”
TDMA with CSMA Backbone TDMA network Baseline connectivity and time synchronization Guaranteed bandwidth ~10% of cells in a 10,000 mote network All or some of remaining cells are “open listens” Slotted Aloha by default Fancier algorithms possible All motes can listen, or just those with power Ch0 DC CB A-Z? A-Z? A? D? A BG AG A-Z? A-Z? DC CB Ch1 G A? D? A-Z? A-Z? BG AG Ch2 E? F? A-Z? A-Z? E? F? Ch3 B

104 Flexibility of hybrid TDMA/CSMA
TDMA provides framework 50 uA baseline current for synchronization and control Static bandwidth allocated efficiently Collision free CSMA or Slotted Aloha for dynamic bandwidth Accurate timing improves all algorithms Power/performance tradeoffs in filling the cell matrix Use powered infrastructure where you find it

105 Technology directions
Reliable Four 9s today Moving beyond six 9s Scalable Thousands per site today Tens of thousands per site Low Power A decade on a D cell today >10x reduction in radio power demonstrated in academia Flexible Configurable networks today Dynamically move along optimal power/performance curves

106 Standards IEEE Zigbee Wireless HART ISA/SP100

107 Goals: uP Mote on a Chip? (circa 2001) Standard CMOS Low power
Minimal external components antenna ~2 mm^2 ASIC uP SRAM Radio ADC Temp Amp ~$1 inductor crystal battery

108 UCB Hardware Results ~2003 2 chips fabbed in 0.25um CMOS
“Mote on a chip” worked, missing radio RX 900 MHz transceiver worked Records set for low power CMOS ADC 8 bits, 100kS/s Microprocessor 8 bits, 1MIP 900 MHz radio 100kbps, “bits in, bits out” 20 m indoors 3V

109 Chipcon cc2430

110 Chipcon cc2430 Key Features • 32 MHz single-cycle low power 8051 MCU • 2.4 GHz IEEE compliant RF transceiver • 32, 64, and 128 kByte in-system programmable flash • Ultra low power: Ideal for battery operated systems • Prevailing development tools • Industry leading ZigBee(TM) protocol stack (Z-Stack) available • 8 kByte SRAM, 4 kByte with data retention in all power modes • RoSH compliant 7 mm x 7 mm QLP48 package • Powerful DMA functionality • Four flexible power modes for reduced power consumption • AES security coprocessor • Programmable watchdog timer • Power on reset/Brown-out detection • One IEEE MAC timer, one general 16-bit timer and two 8-bit timers • Two programmable USARTs for master/slave SPI or UART operation • True random number generator • Digital RSSI/LQI support • Digital battery monitor • On-chip temperature sensor • Hardware debug support • Reference design with external PA providing +10 dBm output power available 

111 2.4GHz Radio in 0.13um CMOS Cook et al, ISSCC ’06
Goal: ISM, frequency hopping, fast startup, lowest power -Direct-VCO drive of PA and mixers -Passive voltage gain (15dB) into passive mixers -FLL not implemented

112 TX Performance -Enough swing available for 6.4mW out max.
-Biased for Class C operation

113 NF vs. Power Consumption Measured at RSSI Output
CC2420 NF, 55mW -Enough swing available for 6.4mW out max. -Biased for Class C operation

114 Die Photo 2.2mmx2.2mm Active Area: 800µm2

115 Radio Performance With software: 10 years  D cell With software:
200k Bit rate (bps) 100k 300k IRX (mA) 5 10 20 15 25 With software: 10 years  D cell X cc2420 X cc1000 With software: 10 years  coin cell Molnar 04 (0.4mA) X Cook 06 (300 mW) X X Otis 05 (0.4mA)

116 Goals: Zero uP Mote on a Chip Standard CMOS Low power
Minimal external components antenna Zero ~4 mm^2 ASIC uP Security Temp SRAM inductor Location Amp ADC Radio Time crystal battery

117 Die area, power, 20052009 ADC Digital Memory RF Leakage
10-12 bits, zero area, zero power Digital 32 bit uP 1mm2 0.25mm2 Crypto - ~ uP Dedicated datapath? 0.25mW/MHz  50uW/MHz Memory ROM & Flash 128kB/mm2 0.5MB/mm2 RAM 16kB/mm2  64kB/mm2 ~mW/MHz  ~ uW/MHz RF 2mm2  1mm2 10s of mW  100s of uW Leakage 10s 85C?  85C (circuit solutions; processes get worse)

118 Sago Mine Accident (Jan 2006)
Lack of good sensor information Limited knowledge of worker location Wired communication system Worker Location 650 m Explosion Wired phone to surface

119 Bandwidth and Multipath
Increasing BW only helps if 1/BW is similar to path difference

120 RF Geolocation Performance
1 m of measurement error = 3.3 ns

121 Security Goals Encryption Integrity Certification Binding
Make sure that no one can see the data Integrity Make sure that no one can fake the data, fake control packets, screw up the network with replay of old packets, screw up the network with random packets Make sure that random bit errors don’t screw up the network Certification Networks only accept trusted motes Motes only join trusted networks Binding Motes only join the right network

122 Threat models Easy Medium Hard No access to hardware
No crypto expertise Medium Access to hardware outside the network (demo network) Single PC College students Competitors Hard Access to active hardware in the network PC cluster (~hundreds of 2006 to 2020 vintage PCs) Theft, sabotage, industrial espionage, hacking Ocean’s 11 Osama, Putin, Chirac Unocal China David Wagner, UCB People are almost always the weakest link.

123 Shared key, or symmetric key
Public Key & Shared Key Shared key, or symmetric key Encryption of payloads, authentication of headers Block ciphers: AES, DES, XTEA, … In software on 8bit micros ~ 10 ms In hardware on chips ~ 1us Issues: key storage, key exchange Public key Certification of identity of motes, managers Key exchange for shared key systems Seconds to minutes on 8 bit micros Export concerns?

124 Shared-key Encryption & Integrity
Authenticate payload & headers using AES128 CBC-MAC Generates “secure checksum” Message Integrity Code – 4 or 8 bytes Encrypt payload and MIC with AES128 CTR Append a 2 byte checksum Redundant, less strong, less secure than the MIC That’s what forces us to do On reception Verify CRC Decrypt payload, MIC Verify message integrity (calculate MIC over received packet and compare to transmitted MIC) A B Packet ACK PHY header MAC header NET header APP payload MIC CRC Authenticate integrity Checksum Encrypt in place

125 Public Key Certification - Use Cases
One supplier/integrator One supplier, separate integrator Multiple suppliers, one integrator Multiple suppliers, multiple integrators, multiple neighboring customers Building 2 HVAC network Security Network Fire network Tenant networks Building 1 HVAC network Security Network Fire network Tenant networks ? ? New mote ?

126 Simplest public key system for identity certification
Messages encrypted with the private key can only be decrypted with the public key At manufacture, a mote gets a ‘signed’ copy of its ID Encrypted with the manufacturers private key On joining, the mote presents its ID and the signed copy of the ID The network verifies that the signature is valid by decrypting it with the public key and checking to see if it is the right ID Manufacturer A Secret key Sa Public key Pa Mote Y Cy Cy=E(Sa, Y) Network/Manager Public key ring: Pa, Pb,… Y, Cy Verify D(Pa,Cy) = Y ? Mote X Cx Verify D(Pb,Cy) = Y ?

127 From manufacture to 3AM join
Manufacturing PC Mote N Mote P1 Mote P2 Manager Protocol version# Mote ID Joining Key Signed(ID, JK) Store/ sleep Data/advert packet Data/advert packet Join request Signed(ID,JK) Manager verifies signature Operator accepts new mote Activate child Path key encrypted with P1 key Path key encrypted with JK Mote N key encrypted with JK Configure? Path key encrypted with JK Mote N key encrypted with JK configACK Encrypted with Path Key Add link N->P2 Path key encrypted with P2 key Add link N->P2 Path key encrypted with N key

128 Manager Mores Prudish Prudent Promiscuous Never
Any mote, anywhere, any time

129 Manager Mores Prudish Prudent Promiscuous Never
meets some combination of criteria: Mote has valid certificate Mote on access control list Manager accepted this mote before Human/higher-authority approval Console/web Button PDA (RF or cable) Single-hop from manager w/ specified minimum signal strength Promiscuous Any mote, anywhere, any time

130 Key length and security
Crypto strength (n) Symmetric Cipher ECC key size RSA key size MIPS-years to crack NIST expiry date 80 Triple DES (80) 160 1024 8x1011 2010 128 AES 128 256 3072 2x1026 >2030 AES 256 512 15,000 6x1052 1 million Pentiums running for 1 year is ~ 109 MIPS-years 1 billion (Pentium x1000) running for 1 century is ~ 1017 MIPS-years

131 Open Problems, Hardware
None. Sensors ADC uP Radio RF Ranging Integration

132 Open Problems, Software
Definitions, metrics, and optimization of reliability and power consumption for Academically Dull Applications (low rate data collection and control) Simple models are fine (until proven otherwise) Interference, multi-path, radio power, etc. Start w/ reliability >99.9%, duty cycle <10% and improve Time synchronization Powered Infrastructure w/ Certification, Binding, Commisioning Reducing barriers to access Interfacing to PDAs, cell phones, web


Download ppt "From Smart Dust to Reliable Networks"

Similar presentations


Ads by Google