Download X - Berkeley Robotics and Intelligent Machines Lab

Document related concepts

Power over Ethernet wikipedia , lookup

Wireless security wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Net bias wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Computer network wikipedia , lookup

Distributed firewall wikipedia , lookup

Zigbee wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

RapidIO wikipedia , lookup

Serial digital interface wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Cellular network wikipedia , lookup

Network tap wikipedia , lookup

Airborne Networking wikipedia , lookup

IEEE 802.11 wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Deep packet inspection wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

UniPro protocol stack wikipedia , lookup

IEEE 1355 wikipedia , lookup

Transcript
From Smart Dust to Reliable Networks
Kris Pister
Prof. EECS, UC Berkeley
Founder & CTO, Dust Networks
Outline
• Background
– The Science Project
• Market
– The Hype
• Technology
– Challenges
– Status
• Applications
• Open Research Problems
Grand Challenge
A
B
C
Reliably, at low power
Smart Dust Goal
c. 1997
Smart Dust, 2002
SENSORS
ADC
PHOTO
8-bits
1V
1-2V
FSM
RECEIVER
375 kbps
16 mm3 total circumscribed volume
TRANSMITTER
175 bps
~4.8 mm3 total displaced volume
1V
1V
SOLAR POWER
3-8V
2V
OPTICAL IN
OPTICAL OUT
UCB “COTS Dust” Macro Motes
Services
David Culler, UCB
Networking
TinyOS
WeC 99
James McLurkin MS
Rene 00
Small microcontroller
- 10 kbps
EEPROM storage (32 KB)
Simple sensors
Mica 02
Demonstrate
scale
- 8 kb code, 512 B data
Simple, low-power radio
Dot 01
Designed for
experimentation
-sensor boards
-power boards
NEST open exp. platform
128 KB code, 4 KB data
50 KB radio
512 KB Flash
comm accelerators
University Demos – Results of 100 man-years of research
Motes dropped from UAV, detect
vehicles, log and report direction
Intel Developers Forum, live demo
800 motes, 8 level dynamic network, and velocity
Seismic testing demo: real-time
data acquisition, $200 vs. $5,000 per
node
vs.
50 temperature sensors for HVAC
deployed in 3 hours. $100 vs. $800
per node.
Sensor Networks Take Off!
Industry Analysts Take Off!
800
700
Units (Millions)
600
$8.1B market for
Wireless Sensor
Networks in 2007
500
400
300
Wi-Fi nodes
Handsets
Wireless Sensor Nodes
200
100
0
2003
2004
2005
2006
2007
Source: InStat/MDR 11/2003 (Wireless); Wireless Data Research
Group 2003; InStat/MDR 7/2004 (Handsets)
Wireless Sensor Networking
Decision Systems
Monitoring
Systems
Control
Systems
Enterprise
Applications
• Significant
reduction in the
cost of installing
sensor networks
• Enables new
class of services
• Increases sensor
deployment
Analog Sensors
and Actuators
Digital Sensors
and Actuators
Physical World
Serial Devices
WDRG, 2003
$748,000,000 in ‘03
Cost of Sensor Networks
Mesh Networking
Computing
Power
Installation,
Connection and
Commissioning
$
Sensors
Time
Low Data Rate WPAN Applications (Zigbee)
security
HVAC
AMR
lighting control
access control
asset mgt
process
control
environmental
energy mgt
BUILDING
AUTOMATION
CONSUMER
ELECTRONICS
PC &
PERIPHERALS
INDUSTRIAL
CONTROL
patient
monitoring
fitness
monitoring
TV
VCR
DVD/CD
remote
PERSONAL
HEALTH CARE
RESIDENTIAL/
LIGHT
COMMERCIAL
CONTROL
mouse
keyboard
joystick
security
HVAC
lighting control
access control
lawn & garden irrigation
Mesh Systems
Add: MoteIV, Arch Rock
Merged:
•Chipcon/Figure8  TI/Chipcon
•Integration Associates/CompXs
Dust Networks
• Founded July 2002
– Angels, In-Q-Tel, ~$1.5M
– 28 employees in Jan 04
• Series A Feb 2004
– Foundation
– IVP
• Series B Feb 2005
– Crescendo
– Cargill
Network Architecture
• Goals
–
–
–
–
High reliability
Low power consumption
No customer development of embedded software
Customer visibility into all aspects of network
operation/status/health
– Minimal/zero customer RF/networking expertise
necessary
• Challenges
– 1W emitters in regulated but unlicensed RF bands
– Extreme computation and communication resource
constraints
• MIPS, RAM, bps
What do OEMs and SIs want?
•
•
•
•
^ and scientists and and engineers
and startups and grad students and….
Reliability
Reliability
Reliability
Low installation and ownership costs
– No wires; >5 year battery life
– No network configuration
– No network management
• Typically “trivial” data flow
– Regular data collection
• 1 sample/minute…1 sample/day?
– Event detection
• Threshold and alarm
Reliability
• Hardware
– Temperature, humidity, shock
– Aging
– MTBF = 5 centuries
• Software
– Linux yes (manager/gateway)
– TinyOS no (motes)
• Networking
– RF interference
– RF variability
Goals
• Networks must be
– Reliable
• count the 9s!
– Scalable
• thousands to tens of thousands of nodes
– Low Power
• Self forming, self healing
• Zero wires
– Flexible
• Monitoring, maintenance, log file transfer, …
• Battery only or powered infrastructure
Challenges
• RF environments are dynamic
– Time-varying multi-path
– Time-varying interference
• Sensor Networking is challenging
– Traditional traffic models don’t apply
• Internet, WiFi
• Cell phones
– Computational resources are limited
Implications of RF Challenges
• “Transmit and forget” is unreliable
– Lost packets
• Single-path networks (trees) are very
dangerous
– Lost motes
• Single-channel networks are fatal
– Lost networks
RF Solutions
• Temporal Diversity
– Don’t quit until you get an acknowledgement
• Spatial Diversity
– Multiple paths from every mote
• Frequency Diversity
– Frequency hopping in addition to direct
sequence spread spectrum
IEEE 802.15.4 & WiFi
Operating Frequency Bands
868MHz / 915MHz
PHY
2.4 GHz
PHY
2.4 GHz
Gutierrez
Channel 0
Channels 1-10
868.3 MHz
902 MHz
Channels 11-26
2 MHz
928 MHz
5 MHz
2.4835 GHz
900 MHz cordless phone
-50dBm
Solid mote
signal
-20dBm
Zigbee 1.0
• Single channel networks are built into
standard. This will be fatal for reliability.
• Tree-based routing recommended by
standard will likely not be adopted,
especially given the single-channel radio.
• No definition of duty cycling routers
– Assumes powered routers, battery powered leaf
nodes
– No explicit prevention of router duty cycling –
Zigbee 2.0?
Cluster-tree Topology
Clustered stars - for example,
cluster nodes exist between rooms
of a hotel and each room has a
star network for control.
Full function device
Reduced function device
Communications flow
Techno-Rant
• Reduced function devices are a non-starter
for most applications
• Tree-based routing is fatal
• Cluster-tree combines both
• Mesh != multi-hop
– Mesh = path diversity
• Fixed frequency is fatal
• Wireless means no wires
Radio Reliability in a Crowded Spectrum
• UWB?
– Unclear potential for duty cycling
• DSSS doesn’t cut it
– Helpful, but only about 10dB
• +20 dBm doesn’t cut it
– Helpful, but expensive in batteries
– 802.11 & cordless phones
• Must frequency hop
– Time synchronization required…
…but you probably needed that anyway.
– Lots of channels, lots of bandwidth, better
scaling, …
Spatial effect of multipath
Beware of static measurements and RF pathloss simulations
• Site surveys need to be done over at least 24
hours
• Simulation tool results need much more
speckle
Pictures from www.wirelessvalley.com
Path stability vs. Received Signal Strength
Distance vs. Received Signal Strength
RSSI and distance for Consolidated network
1/R2?
1/R4?
Distance [meters]
60
40
20
0
-100
-90
-80
-70
-60
RSSI [dBm]
-50
-40
Frequency dependent fading and interference
From: Werb et al., “Improved Quality of Service in IEEE 802.15.4 Networks”, Intl.
Wkshp. On Wireless and Industrial Automation, San Francisco, March 7, 2005.
M
Tu
W
Th
F
M
Tu
Real RF links
• Indoor propagation
– not well modeled by R^k for any k
– Attenuation ~
Free space (R2)
+ Uniform(0,30) dB
+ rand(t) * uniform(0,30) dB
– Not symmetric, time varying
• PER is not due to gaussian BER
Transmitter efficiency
Transmitter efficiency
Pout
[mW]
1
0
Pin [mW]
20
25
• Transmitter slope
efficiency is typically
10—50% but…
• Transmitter overhead is
typically >10x the max
output power, so…
• Changing transmit power
may be useful for
interference reasons, but it
has little effect on battery
life
Energy per packet
Energy per packet
Etx
[uJ]
0
0
Lpayload [bits]
102…103
• Energy spent in turning on
the transmitter and sending
packet overhead (preamble,
start symbol, headers and
footers) typically exceeds
the energy cost of the
payload, often by 10x
• The same is true for the
receiver, but how do you
know when to turn it on?
Network Types
Star
Powered mesh
infrastructure
X
Full Mesh
Star-Mesh
Star-connected
sensors
No
infrastructure
X
Why not use 802.11?
Mesh-connected
sensors
Time Diversity
• Link-level
acknowledgement
– Keep trying until you get
confirmation of success
• Assume packet error rate,
PER=20%=0.2
• Try N times
• Overall failure probability
is (PER)N
• Overall success
probability is 1- (PER)N
N Probability Probability
of failure
of success
1 0.2
0.8
2 0.04
0.96
3 0.008
0.992
4 0.0016
0.9984
5 0.00032
0.99968
Path diversity
• Assume overall reliability is 99% on each of
k paths
– Probability of success on at least one path is
1 - (1-0.99)k
– k=2  99.99%
• Path diversity allows smooth recovery from
unexpected events
– Alarms are generated in network and flow to
manager
– Manager takes appropriate action (e.g. add
bandwidth, new parent, …)
Min_Parents = 2
Power-optimal communication
• Assume all motes share a network-wide synchronized
sense of time, accurate to ~1ms
• For an optimally efficient network, mote A will only
be awake when mote B needs to talk
A
A wakes up and listens
B
B transmits
B receives ACK
A transmits ACK
Expected packet start time
Worst case A/B clock skew
Packet transmission and acknowledgement
Mote
Current
Radio TX startup
Packet TX
Radio TX/RX turnaround
ACK RX
Energy cost: 295 uC
Fundamental platform-specific energy requirements
• Packet energy & packet rate determine power
– (QTX + QRX )/ Tpacket
– E.g. (300 uC + 200 uC) /10s = 50 uA
Idle listen (no packet exchanged)
Mote
Current
Radio RX startup
ACK RX
Energy cost: 70 uC
Scheduled Communication Slots
• Mote A can listen more often than mote B transmits
• Since both are time synchronized, a different radio
frequency can be used at each wakeup
• Time sync information transmitted in both directions
with every packet
A
B TX, A ACK
B
Ch 3
Ch 4
Ch 5
Ch 6
Ch 7
Ch 8
Latency reduction
• Energy cost of latency reduction is easy to calculate:
– Qlisten / Tlisten
– E.g. 70uC/10s = 7uA
• Low-cost “virtual on” capability
• Latency vs. power tradeoff can vary by mote, time of
day, recent traffic, etc.
A
B
Tlisten
B TX, A ACK
Latency reduction
• Global time synchronization allows sequential
ordering of links in a “superframe”
• Measured average latency over many hops is Tframe/2
G
T2, ch y
A
T1, ch x
B
Superframe
People draw digraphs
A
A
C
C
B
B
Graph
DiGraph
A
A
C
C
B
B
MultiDiGraph
MultiGraph
Time and Frequency
Time
One Slot
A
Freq
C
B
902.5 MHz
B
A
903 MHz
…
B
B
A
C
927.5 MHz
One Cycle of the Black Frame
•Graphs & Links are abstract, with no explicit time or frequency information.
•Frames and slots are more concrete
•Time synchronization is required
•Latency, power, characteristic data rate are all related to frame length
•Relative bandwidth is determined by multiplicity of links
Time and Frequency
Channel
Time
BA
BA
CB
BA
CB
BA
BA
BA
Cycle N
Cycle N+1
• Every link rotates through all RF channels over a
sequence of NCH cycles
• 32 slots/sec * 16 ch = 512 cells/sec
• Sequence is pseudo-random
CB
Cycle N+2
BA
A
B
C
50 channels, 900 MHz
900MHz
930MHz
16 channels, 2.4 GHz
2.4GHz
2.485 GHz
Configure, don’t compile
TM
SmartMesh
Console
IP Network
XML
SmartMesh
Manager
Mote
~100 ft
Reliability: 99.99%+
Power consumption: < 100uA average
50 motes, 7 hops
3 floors, 150,000sf
>100,000 packets/day
Scalability: Outdoor Test Network
1,100 m
3.5
3.5
3.5
te
Mo
4
226
Mote
6
157
Mote
6
158
Mote
6
022
Mote
6
023
Mote
6
024
te
Mo
4
Mote
6
159
225
4
3
3
Mote
Mote
Mote
Mote
108
Mote
6
155
Mote
6
021
Mote
6
020
Mote
6
019
te
Mo
4
223
4.5
Mote
6
154
Mote
107
Mote
6
149
Mote
6
150
Mote
6
016
Mote
6
017
Mote
6
018
6
6
096
4.5
6
6
Mote
6
Mote
6
Mote
6
188
Mote
te
Mo
6
3
Mote
6
Mote
084
3
085
3
3
086
Mote
Mote
4.5
083
Mote
15
082
081
6
Mote
6
Mote
075
6
Mote
076
6
077
Mote
6
Mote
078
6
Mote
079
Mote
148
194
4.5
te
Mo
193
Mote
Mote
3
3
3
3
3
3
3
6
Mote
6
Mote
072
6
Mote
071
6
070
Mote
6
Mote
069
6
6
Mote
6
Mote
6
Mote
6
Mote
6
Mote
6
Mote
8
064
008
065
007
066
051
Mote
13
4.5
13
Mote
Mote
Mote
11.5
061
Mote
10
005
Mote
16
006
19
Mote
253
013
Mote
050
8
8
13
13
Mote
4.5
Mote
Mote
10
004
Mote
049
Mote
4.5
232
10.5
Mote
250
247
242
8
3
8
001
6
SmartMesh
Manager
4.5
Mote
Mote
Mote
9.5
Mote
1
Mote
4.5
233
Mote
11.5
4.5
4.5
11.5
Mote
4.5
6
264
255
252
027
Interferer
(PosC)
246
026
238
025
3
8
Mote
9
287
277
263
8
028
8
8
6
8
Mote
8
3
060
059
Mote
6
038
Mote
Mote
4.5
Mote
12.5
Mote
11.5
620
Mote
10
039
Mote
16
621
032
Mote
4.5
4.5
Mote
4.5
Mote
4.5
8
375
Mote
4.5
Mote
4.5
366
Mote
376
4.5
Mote
4.5
Mote
4.5
Mote
362
349
346
333
4.5
Mote
Mote
365
377
280
Mote
6
Mote
624
6
Mote
5
041
040
Mote
5
042
Mote
323
332
Mote
7
348
6.5
Mote
4.5
14
3-6m
Mote
397
4.5
4.5
422
4.5
Mote
445
460
442
3
9.5
Mote
e
635
Mote
5
634
Mote
Mote
633
4.5
Mote
16
632
Mote
6
5
Mote
5
643
Mote
Mote
Mo
te
Mo
te
6
651
3
3
5
650
Mote
6
649
Mot
Mote
Mote
13.5
Mote
528
648
13.5
Mote
5
Mote
6
044
Mote
5
658
Mote
6
659
Mote
560
Mot
SmartMesh
Manager
8
Mote
6
3
671
Mote
6
672
M
M
673
3
3
4.5
M
M
3
683
ot
3-6m
3
3
3
3
3
3
3-6m
3-6m
699
697
ot
57
3
M
57
2
M
ot
e
58
58
M
M
5
ot
ot
58
58
ot
59
59
ot
3
61
61
61
5
60
ot
e
60
7
e
60
8
9
M
0
ot
e
61
8
4.5
M
ot
e
61
7
4.5
M
2
M
4.5
ot
e
e
ot
e
61
6
4
e
M
ot
e
61
5
4
e
61
ot
1
5
4.
5
4.
ot
5
m
3-6
e
4
M
4
M
60
M
5
4.
0
ot
6
e
ot
5
4.
5
4.
60
ot
4
4.5
M
4
M
e
60
e
60
e
M
2
ot
4.5
M
ot
4.5
e
60
3
M
3
5
4.
N
5
4.
4
ot
ot
59
4.5
M
1
e
4
5
60
e
60
59
e
4
M
4
ot
59
ot
ot
e
e
6
M
8
M
M
59
e
9
ot
ot
e
7
5
4.
Netw ork deployed at 1 Thayer Road, Santa Cruz, CA, on rough
pasture. Modifications to Implementation plan due to deployment fit
into "thin and hourglass" shape of site (no minimum plan distances
compromised). All measurements given in meters, and accurate to
w ithin +/-25 centimeters (gopher hole offsets).
ot
e
e
59
M
4.5
M
ot
4
M
4
ot
9
4
M
6
M
OPEN SPACE DEPLOYMENT
58
8
7
e
58
e
e
e
4
M
ot
4
M
ot
4
4
e
58
3
e
4
ot
ot
4
e
M
Forest Edge
M
4.5
M
5
4.
Mote
ot
4
M
Mote
1
4.5
Mo
te
5
4.
3-6m
M
Mote
684
6
59
4.5
565
e
0
5
4.
700
6
59
564
5
4.
696
ot
4.5
e
59
Mo
te
Mo
te
2
5
4.
Mote
Mote
ot
4.5
4.5
e
5
4.
3-6m
Mote
685
6
5
4.
701
6
695
M
563
566
ot
4.5
M
4.5
Mo
te
Mo
te
551
M
1
567
4.5
4.5
9
5
4.
Mote
Mote
58
Mo
te
550
57
e
2
552
3
e
0
5
4.
3-6m
Mote
686
5
58
5
4.
702
5
694
ot
4.5
e
5
4.
Mote
Mote
5
4.
3-6m
Mote
687
6
ot
58
e
537
ot
e
5
4.
3
6
693
5
4.
703
Mote
M
Mot
536
M
ot
4.5
M
5
5
4.
Mote
Mote
688
5
3-6m
5
692
57
4
8
4.5
M
e
4
57
e
5
4.
Mote
3-6m
Mote
689
6
ot
4
e
4
13
3
3
3
698
Mote
5
4.
691
3
57
7
5
4.
6
690
Mote
57
6
5
4.
Mote
57
Mo
te
5
4.
3
674
6
682
e
e
e
5
4.
Mote
ot
571
5
4.
3
3
3
3
3
3
675
6
681
M
Mote
5
4.
Mote
ot
4.5
Mote
16
3
676
5
048
6
5
4.
Mote
Mote
4.5
562
Mo
te
5
4.
677
6
047
6
5
4.
Mote
Mote
Mo
te
4.5
549
5
4.
045
5
046
5
5
4.
Mote
Mote
5
4.
678
6
680
6
5
4.
679
Mote
Mote
ot
4.5
Mote
3
5
670
3
3
Mote
3
6
669
5
Mo
te
Mote
5
4.
3
Mote
3
5
4.5
553
538
8
Mo
te
3.5
5
h
es
tM er
ar ag
Sm Man
661
Mote
Mote
Mo
te
4.5
548
5
4.
Mote
668
6
Mo
te
568
Mo
te
e
5
19
9
6
667
Mote
4.5
4.5
554
4
561
662
8
Mote
Mo
te
e
539
Mot
5
5
663
4.5
547
4
3.5
535
Mote
5
6
664
Mote
5
Tree
Stump
Mote
5
6
665
3
5
666
Tree
Trunk
Mote
3
3
3.5
3.5
Mote
Mo
te
660
Mote
Mote
4.5
555
Mo
te
5
657
16
6
656
5
Mote
Mo
te
569
4.5
3
3
3
3
3
3
3
Mote
534
6
655
e
540
529
Mote
4.5
4
8
Mote
570
559
Mo
te
4
652
Mote
Mo
te
4.5
546
4
653
5
3
3
Mote
Mo
te
4.5
556
5
5
654
6
Mo
te
e
4
Mote
4.5
4.5
545
Mot
541
647
Mo
te
5.5
5
533
Mote
16
646
542
Mote
530
Mote
4.5
645
4
6
3
3
3
Mote
Tree
Stump
4.5
558
16
3
6
644
4
642
3
3
Mote
641
Mo
te
557
8
6
640
e
8
Mote
3
3
3
3
6
639
Mot
Mote
036
Mote
3 Trees
458
4.5
544
5.5
Mote
4
3
6
4
636
5
4
Mote
4
637
6
4
Mote
4
638
6
Mo
te
8
532
Mote
6
543
Mote
035
6
443
378
4
631
3
630
3
629
3
043
3
628
3
627
3
626
Mote
M
ot
e
61
4
524
4.5
Mote
526
515
505
484
4.5
4.5
4.5
Mote
482
4
Mote
483
Mote
527
3-6m
506
507
457
Mote
Mot
4
Mote
Mote
423
Mote
6
531
Mote
4
6
4
Mote
4
5
444
9.5
Mote
4
Mote
Mote
525
504
4.5
Mote
Mote
5
5
14
9.5
Mote
Mote
424
398
4
Mote
516
4.5
4.5
425
Mote
5
6
Mote
4.5
Mote
4
481
4.5
4.5
4
Mote
14
514
Mote
Mote
4
461
456
4.5
307
4
6
4
485
4.5
9.5
9.5
Mote
282
Mote
Mote
Mote
Mote
Mote
441
9.5
Mote
16.5
14
509
Mote
4.5
Mote
Mote
6.5
Mote
Mote
4.5
4.5
Mote
4
480
4.5
4.5
Mote
Mote
3
3
3
3
3
3
3
6
14
503
Mote
4.5
Mote
057
Mote
4
486
4.5
Mote
4
462
Mote
16
622
523
4.5
4.5
363
522
4.5
4.5
Mote
4
479
4.5
4.5
4.5
4.5
Mote
Mote
426
421
Mote
14
517
502
4.5
Mote
4
Mote
455
Mote
14
513
Mote
4
487
4.5
Mote
4.5
4.5
Mote
446
Mote
14
510
Mote
463
454
447
Mote
440
427
4.5
399
Mote
14
501
4.5
Mote
4
478
4.5
14
14
4.5
SmartMesh
Manager
Mote
4
488
4.5
Mote
4
464
Mote
Mote
4.5
4.5
Mote
Mote
4.5
Mote
14
439
428
4.5
Mote
Mote
034
Mote
4.5
Mote
Mote
Mote
9
10.5
379
6
623
4.5
400
Mote
521
500
4.5
Mote
4
477
4.5
Mote
4.5
4.5
Mote
Mote
4
489
4.5
Mote
4
465
429
420
4.5
308
520
4.5
4.5
Mote
419
4.5
4.5
396
4.5
Mote
14
518
512
7
Mote
14
452
453
4.5
3-6m
401
395
380
8
Mote
4.5
Mote
8
Mote
Mote
4.5
306
Mote
14
448
4.5
418
402
Mote
Mote
Mote
14
14
511
4.5
Mote
4
476
4.5
4.5
Mote
4.5
3-6m
4.5
Mote
Mote
14
499
4.5
Mote
4
466
4.5
Mote
4.5
4.5
Mote
4.5
394
4.5
364
Mote
14
438
4.5
3
4.5
283
3
10
033
6
625
Mote
16
381
3
258
Mote
Mote
417
403
4.5
Mote
Mote
14
430
4.5
4.5
4.5
347
Mote
Mote
4.5
281
Mote
4.5
Mote
4.5
305
3
3
4.5
Mote
4.5
4.5
404
393
382
4
490
4.5
4.5
4.5
SmartMesh
Manager
Mote
Mote
Mote
4
475
Mote
451
431
Mote
4.5
Mote
4.5
Mote
4
467
450
449
437
Mote
14
519
498
4.5
Mote
Mote
4.5
4.5
Mote
8
324
Mote
14
6
392
383
Mote
4
491
4.5
4.5
322
309
Mote
14
Mote
4.5
416
4.5
Mote
Mote
Mote
14
432
415
4.5
Mote
4.5
8
Mote
3
Mote
4.5
Mote
4.5
405
Mote
16
4.5
4.5
4.5
4.5
4.5
Mote
4.5
4.5
4.5
361
350
345
4.5
Mote
Mote
325
4.5
284
Mote
Mote
4.5
367
360
4.5
Mote
8
3
8
031
6
Mote
Mote
Mote
259
13
4.5
351
4.5
4.5
406
4.5
4.5
4.5
4.5
Mote
055
13
Mote
Mote
4.5
Mote
4.5
391
384
374
368
359
4.5
3
3
Mote
4.5
4.5
260
030
4.5
344
Interferer
(PosB)
4.5
4.5
390
Mote
Mote
4
474
4.5
4.5
Mote
4.5
3.5
321
Mote
3
304
285
279
3
Mote
Mote
Mote
19
Mote
058
Mote
Mote
16
385
Mote
3-6m
4.5
Mote
257
Mote
8
373
Mote
Mote
8
4.5
4.5
4.5
261
3
4.5
335
326
4.5
Mote
3.5
310
4.5
Mote
Mote
Mote
Mote
Mote
334
4.5
303
3
3
3
3
8
10.5
244
6
3
Mote
029
245
Mote
236
4.5
331
Mote
4
320
Mote
3.5
4.5
286
278
243
8
8
Mote
235
Mote
4.5
Mote
Mote
4.5
4.5
262
256
12.5
Mote
4.5
237
054
8
234
Mote
6
13
13
056
Mote
6
Mote
Mote
Mote
Mote
Mote
Mote
4
311
3
3
3
3
4
037
Mote
10
4.5
327
3-6m
Mote
4.5
468
433
4.5
4.5
Mote
4.5
4.5
4.5
302
Mote
4.5
369
4.5
3-6m
4.5
4.5
4.5
Mote
8
Mote
8
Mote
Mote
4.5
319
Mote
4
4.5
4.5
4.5
SmartMesh
Manager
4.5
Mote
Mote
Mote
Mote
Mote
4.5
358
4.5
Mote
352
Interferer
(PosE)
343
328
4.5
Mote
4.5
3-6m
3-6m
336
312
3
3
4
Interferer
(PosA)
Mote
4.5
301
Mote
4.5
353
4.5
Mote
Mote
Mote
5
318
4.5
5
Mote
288
276
Interferer
(PosD)
3
Mote
4.5
342
4.5
Mote
497
4.5
4.5
4.5
4.5
Mote
5
313
4.5
4.5
4.5
4.5
4.5
Mote
Mote
Mote
Mote
Mote
Mote
4.5
9.5
337
4.5
4.5
4.5
4.5
4.5
4
10
2
SmartMesh
Manager
4.5
619
251
8
8
SmartMesh
Manager
9
002
8
Mote
8
8
Mote
8
Mote
5
300
289
4.5
Mote
4
492
4.5
Mote
Mote
Mote
4.5
414
4.5
4.5
Mote
4
473
4.5
4.5
4.5
Mote
4.5
407
389
Mote
4
469
434
4.5
Mote
4.5
8
372
4.5
4.5
329
4.5
4.5
4.5
275
Mote
5.5
317
4.5
4.5
Mote
Mote
Mote
4.5
265
Mote
5.5
314
299
4.5
354
Mote
4.5
413
4.5
4.5
Mote
4.5
370
496
4.5
4.5
4.5
Mote
4.5
408
388
386
371
Mote
4.5
357
4.5
4.5
Mote
4.5
Mote
4
493
4.5
4.5
4.5
Mote
4.5
4.5
4.5
5.5
4.5
290
4.5
4.5
4.5
Mote
4.5
356
4.5
Mote
4.5
341
338
316
Mote
8
Mote
6
Mote
Mote
Mote
274
4
003
3-6m
355
4.5
Mote
4.5
8
4.5
4.5
4.5
Mote
315
298
4.5
4.5
266
254
10.5
Mote
4.5
239
053
3
Mote
Mote
Mote
Mote
Mote
Mote
6
4.5
291
4.5
4.5
Mote
Mote
4.5
273
267
13
248
8
8
Mote
Mote
Mote
240
231
Mote
3-6m
340
4.5
4.5
Mote
4.5
Mote
3-6m
339
330
297
4.5
4.5
Mote
Mote
8
Mote
Mote
Mote
Mote
Mote
4.5
292
272
4.5
4.5
Mote
241
8
4.5
4.5
4.5
268
249
Mote
Mote
Mote
052
Mote
495
4.5
Mote
4
472
Mote
4.5
Mote
4
470
435
4.5
296
Mote
4.5
4.5
Mote
4.5
412
4.5
4.5
Mote
293
271
Mote
4.5
409
4.5
4.5
Mote
4.5
4.5
4.5
8
063
Mote
4.5
387
Mote
Mote
Mote
014
Mote
16
269
062
Mote
4.5
4.5
4.5
3
3
3
3
3
3
3
Mote
Mote
Mote
4
494
471
436
4.5
Mote
295
294
270
147
067
Mote
4.5
411
4.5
4.5
4.5
Mote
068
4.5
073
Mote
4.5
410
4.5
Mote
Mote
Mote
Mote
Mote
Mote
4
8
015
080
8
074
196
195
4.5
te
Mo
4.5
187
Mote
Mote
198
4.5
197
4.5
te
Mo
4.5
te
Mo
4.5
190
Mote
4.5
6
3
Mote
3
6
087
3
088
3
089
Mote
te
Mo
4.5
4.5
203
192
6
201
4.5
te
Mo
4.5
te
Mo
Mote
16
Mote
202
4.5
4.5
16
094
3
010
3
093
3
3
009
3
092
3
091
6
te
Mo
4.5
te
Mo
4.5
16
Mote
16
Mote
8
4.5
090
Mote
4.5
200
4.5
te
Mo
4.5
204
191
Mote
205
te
Mo
4.5
199
4.5
te
Mo
4.5
Mote
095
3
097
3
3
3
6
098
te
Mo
4.5
206
4.5
te
Mo
4
8
3
6
099
3
6
100
3
3
101
Brush
Pile
Tree
4.5
212
14
Mote
207
4.5
te
Mo
4
Mote
208
4.5
te
Mo
4
211
te
Mo
14
Mote
te
Mo
4
210
4.5
te
Mo
4
189
Mote
209
4.5
te
Mo
4
214
213
152
te
Mo
4
te
Mo
4.5
te
Mo
4
4.5
151
4
216
4.5
215
4.5
4
Mote
6
te
Mo
4
224
153
SmartMesh
Manager
Mote
19
106
Stump
"Well"
Mote
6
156
3.5
Mote
6
109
3
218
217
4.5
8
3
105
Mote
Mote
6
SmartMesh
Manager
Mote
3.5
Mote
011
6
3.5
6
3.5
6
104
103
Mote
3
102
Mote
110
6
3.5
6
Stump
Tree
Mote
3.5
Mote
012
6
3.5
6
Mote
6
Mote
111
6
3
6
112
Mote
te
Mo
te
Mo
te
Mo
Mote
4
4.5
te
Mo
4
222
4.5
160
219
4
221
4.5
3.5
Mote
119
3.5
Mote
6
118
3.5
Mote
6
117
3.5
Mote
3.5
6
3.5
Mote
116
3
3
3
6
115
3.5
Mote
220
4.5
te
Mo
3
6
114
3
Mote
3
6
113
3
Mote
4
te
Mo
te
Mo
4.5
4.5
te
Mo
4
227
4.5
230
4
228
te
Mo
161
3.5
3.5
te
Mo
229
4.5
te
Mo
4.5
Mote
6
162
4.5
te
Mo
174
Mote
6
163
-1400 Motes
-20 Managers
- 32 Acres
3.5
3.5
3.5
Mote
6
164
Mote
6
173
3.5
Mote
6
165
175
Mote
6
172
3.5
Mote
6
166
3.5
3.5
3.5
3.5
3.5
Mote
6
167
Mote
6
176
Mote
6
171
3.5
Mote
120
3.5
Mote
Mote
6
170
186
Mote
6
177
3.5
6
121
Mote
6
169
Mote
6
185
Mote
6
178
3.5
Mote
6
122
Mote
6
168
3.5
Mote
3.5
3.5
133
Mote
6
Mote
6
179
3.5
3
Mote
3
Mote
Mote
184
Mote
6
180
3.5
6
6
132
Mote
6
181
134
6
183
3.5
3
3
3
Mote
123
3
3
3
6
124
Mote
6
131
3
Mote
Mote
Mote
Mote
9.5
135
3.5
6
125
Mote
6
136
3
Mote
6
Mote
6
182
146
Mote
6
3
6
126
Mote
130
3
3
3
Mote
6
129
Mote
Mote
6
Mote
137
3
Mote
Mote
145
6
3
6
128
6
138
3
Mote
Mote
3
6
127
Mote
144
6
139
3
Mote
3
3
Mote
6
3
3
6
140
3
Mote
143
Mote
3
6
142
6
141
3
Mote
Mote
4
Approaching 8 mote-centuries
459
16
Mote
508
600 m
Communication Abstraction
• Packets flow along independent digraphs
• Digraphs/frames have independent periods
• Energy of atomic operations is known, (and can
be predicted for future hardware)
IP Network
XML
– Packet TX, packet RX, idle listen, sample, …
SmartMesh
Manager
• Capacity, latency, noise sensitivity, power
consumption models match measured data
• Build connectivity & applications via xml
interface
A
C
Network
Services
B
Configurable
Data Filter/Control
Analog
I/O
Digital
I/O
Serial
Port
E
H
G
F
Multiple graphs  Multiple frames
Channel
Time
B
A
B
A
C
A
B
A
C
A
B
A
B
A
C
A
B
A
B
A
C
A
B
A
B
C
B
C
C
B
C
B
Cycle M of red frame
A
C
A
C
B
Cycle M+1
Frames overlayed
Channel
Time
B
A
BA
B
C
CB
B
A
CA
BA
B
A
C
A
B
A
A
C
B
C
A
B
A
C
B
A
C
C
A
B
A
• Packet collisions avoidable with integer-multiple
length frames (here Tred = 3Tblack) or
• Use mutually prime frame lengths to randomize
• Infrequent scheduling collisions will occur
- all but RX/RX can be solved by frame priority
- mote w/ RX/RX will expect some packet collision
Plenty of Time and Frequency Diversity
Channel
Time
GE
E
C
BA
FE
CB
FE
GE
B
C
CA
F
E
C
A
F
E
A
C
B
E
G
F
C
A
F
E
GE
F
E
EC
F
E
E
C
B
A
BA
B
A
B
A
•
E
C
B
A
F
E
C
B
A
C
C
A
B
A
B
A
GE
Many links can share the same time slot
(channel diversity)
• >1000 links/second in same RF space
•~100 payload bytes/link
• Path limit: ~3k payload bytes/s
• Network limit: ~150k payload bytes/s (w/
no frequency re-use)
Subnetworks: single-hop, low latency
G
C
B
E
H
A
Black superframe
• All motes
• 200 slots
• Maintains time synch
• Data, Health reports up
• Control info down
Red superframe
• Mote F is light switch
• Mote A is light
• 1 slot, ~30ms latency
Blue superframe
• Mote H is temp sensor
• Mote B is HVAC control point
• 30 slots, ~1second latency
F
Motes A and B are likely powered
All frames on all the time
All other motes run at <100uA
Subnetworks 2: reliable multi-hop control
G
C
B
E
A
H
Black superframe
• All motes
• 10s period
• Maintains time synch
• Data, Health reports up
• Control info down
Red superframe
• ~2s latency
• Mote H is industrial process sensor
• Mote A is industrial process controller
F
Both frames on all the time
All motes run at <100uA
Subnetworks 3: high speed links
A
C
B
E
H
F
Black superframe
• All motes
• Maintains time synch
• Data, Health reports up
• Control info down
Red superframe
• Mote G is a microphone sending real-time
compressed voice
• 2 slots, 1 payload delivered to A every 2 cycles
• ~12kbps
Blue superframe
G
• Mote H is a camera transferring an image
• 2 slots, 1 payload delivered to A per cycle
• ~25kbps
Red & Blue frames are only on occasionally
All motes run at <100uA under “normal” conditions
Motes on active high speed frames burn 25% to 50%
of (Irx+Itx)/2
Zero collisions, zero lost packets
Without black graph
Subnetworks 3, et cetera
W
E->C
Red frame:
1 packet delivered from G
to D every other slot
H->B
H->C
C->A
B->A
Blue frame:
1 packet delivered from H
to A every slot
G->E
D
C->A
A
F
X
C
B
E
P
H
Y
G
R
Q
S
W->X X->Y
Y->Z
Gold frame:
1 packet delivered from W
to Z every other slot
Z
H->B
H->C
C->A
B->A
Green frame:
1 packet delivered from S
to P every slot
Many Knobs to Turn
• Trade performance and power
– Sample & reporting rate
– Latency
– High bandwidth connections
• Tradeoffs can vary with
– Time
– Location
– Events
• Use power intelligently if you’ve got it
Available data
• Connectivity
– Min/mean/max RSSI
• Path-by-path info:
– TX: attempts, successes
– RX: idle, success, bad CRC
• Latency (generation to final arrival)
• Data maintained
– Every 15 min for last 24 hours
– Every day for last week
– Lifetime
• Available in linux log files or via
XML
IP Network
XML
SmartMesh
Manager
Micro Network Interface Card
mNIC
• No mote software development
• Variety of configurable data
processing modules
• Integrators develop applications, not
mesh networking protocols
• For compute-intensive applications,
use an external processor/OS of your
choice.
Network
Services
Configurable
Data Filter/Control
Analog Digital Serial
I/O
I/O
Port
Energy Monitoring Pilot
• Honeywell Service: monitor,
analyze and reduce power
consumption
• Problem: >> $100/sensor
wiring cost
• Solution:
– Entire network installed in 3
hours (vs. 3-4 days)
– 9 min/sensor
– Software developed in 2
weeks (XML interface)
– 18 months, 99.99%
Chicago Public Health – Dust, Tridium, Teng
Temperature and power monitoring
Tridium NiagraAX
Micro Network Interface Card
mNIC
• No mote software development
• Variety of configurable data
processing modules
• Integrators develop applications, not
mesh networking protocols
• For compute-intensive applications,
use an external processor/OS of your
choice.
Network
Services
Configurable
Data Filter/Control
Analog Digital Serial
I/O
I/O
Port
Sensor
uP
Perimeter Security
Passive IR
Passive IR and
Camera
1.5 in
MEMS and GPS
2.5 in
2.5 in
Border Monitoring System, Kirtland AFB
SAIC
Dust Networks
SAIC
Dust Networks
SAIC
Dust Networks
SAIC
Dust Networks
Oil Refinery – Double Coker Unit
GW
14 unit Network expanded to 27
-- Expanding to 50+ in ‘06
• Scope limited to Coker
facility and support units
spanning over 1200ft
• Expanded to 27 units,
implemented 14 to start
• No repeaters were needed
to ensure connectivity
• Gateway connected via
Ethernet port in control
room to process control
network
• Electrical/Mechanical
contractor installed per
wired practices
Applications
Public
Safety
Parking
Management
Conditioned
Maintenance
Resource
Metering
Traffic
Monitoring
Public
Information
Basic Enforcement Operation
Basic Enforcement Operation
1 Sensor nodes are deployed
along streets
2 Sensor nodes detect the arrival,
presence and departure of
vehicles.
3
Information is collected via the
low power mesh, and relayed
back to a central database over
4 cellular data networks.
The central database maintains
an up-to-the-minute map of
parking events and violations
5 for the entire city.
PCOs are dispatched in
6 efficient routes to ticket
violations.
Detailed historical and
statistical information on
parking is used to improve
policy and operations over
time.
Medium Access Approaches
• Medium Access (MAC)
– How do motes share the radio spectrum?
– How many can co-exist?
•
•
•
•
•
•
Aloha
Slotted Aloha
CSMA (sometimes CSMA/CA)
CSMA/CD
TDMA
TDMA/CA
Aloha
• Simplest MAC protocol
– talk when you want to!
– Standard for early wireless sensor networks
• Fine for very light traffic (5%)
• Chaotic collapse above ~10%
• Theoretical throughput limit ~18% (1/e2)
A
G
B
Aloha!
Aloha!
Aloha!
Aloha!
Aloha!
Aloha!
Aloha!
Aloha!
Slotted Aloha
• Packets sent in time slots
– Still collisions, but fewer
• Requires time synchronization
• Theoretical throughput limit ~37% (1/e)
Aloha! Aloha!
A
G
B
Aloha!
Aloha! Aloha!
Aloha!
Aloha!
Aloha!
CSMA
• CSMA = Carrier Sense Multiple Access
– Listen before talk
– Only transmit if the channel is clear
– “Carrier” is actually RF energy and/or valid
symbols
A listens to channel: idle  TX
A
?
TX packet
ACK
G
B listens (busy)
B
?
B listens (idle)
?
TX packet
ACK
CSMA Challenges
•
•
•
•
A, B listen at the same time
Both detect an idle channel
Both begin to transmit, and collide
~10% of packet time w/ 802.15.4 radios
A listens (idle)
A
?
TX packet
ACK
G
B listens (idle)
B
?
TX packet
ACK
CSMA Challenges
•
•
•
•
A, B listen at the same time
Both detect an idle channel
Both begin to transmit, and collide
~10% of packet time w/ 802.15.4 radios
A listens (idle)
A
TX packet
?
ACK
Collision!
G
B listens (idle)
B
?
TX packet
ACK
CSMA Challenges
• A, B both listen, detect a packet
• At end of packet, both transmit and collide
A
G
X
B
?
?
?
TX packet
?
?
?
?
? TX packet
ACK
? TX packet
ACK
ACK
?
CSMA Challenges
• A, B both listen, detect a packet
• At end of packet, both transmit and collide
A
G
X
B
?
?
?
TX packet
?
?
?
?
ACK
?
? TX packet
ACK
Collision!
? TX packet
ACK
CSMA Challenges
• A, B can’t hear each other
• “Hidden node” or “Hidden terminal”
problem
• In the limit, reduces CSMA to Aloha
A
? TX packet
ACK
G
B
? TX packet
ACK
CSMA Challenges
• A, B can’t hear each other
• “Hidden node” or “Hidden terminal”
problem
• In the limit, reduces CSMA to Aloha
A
? TX packet
ACK
G
Collision!
B
? TX packet
ACK
CSMA Solutions
• Many approaches
–
–
–
–
–
Random exponential backoff
P-persisent CSMA
RTS/CTS
Slotted CSMA
Synchronized CSMA
• Hot topic in academia
– MACA, B-MAC, S-MAC, T-MAC, …
Good packets vs. attempted transmits, Aloha
TDMA
• TDMA = Time Division Multiple Access
• Divide time into slots
– With 802.15.4, a slot is ~10ms
– ~100 slots/second
• Like Aloha, but with assigned TX time slots
– Unique TX slots means no collisions
– Many motes can receive if desired
A
BG
G
B
AG
DC
CB
BG
TDMA with multiple channels
• Assign each mote a time slot and channel to transmit.
–
–
–
–
All channels can be used simultaneously
Big increase in available bandwidth
802.15.4 gives ~ (100 slots/s)(16chan) = 1600 cells/sec
Uniquely assigned  no collisions
• RX need to be scheduled now too
• No TX, no RX  sleep!
Ch0
DC
CB
Ch1
BG
AG
A
G
Ch2
B
Ch3
DC
CB
BG
AG
TDMA Challenges
• Time synchronization
• Cell scheduling
• Dynamic Bandwidth Allocation
TDMA with CSMA
• Backbone TDMA network
– Baseline connectivity and time synchronization
– Guaranteed bandwidth
– ~10% of cells in a 10,000 mote network
• All or some of remaining cells are “open listens”
– Slotted Aloha by default
– Fancier algorithms possible
• All motes can listen, or just those with power
Ch0
DC
CB
Ch1
BG
AG
A
G
Ch2
B
Ch3
DC
CB
BG
AG
TDMA with CSMA
• Backbone TDMA network
– Baseline connectivity and time synchronization
– Guaranteed bandwidth
– ~10% of cells in a 10,000 mote network
• All or some of remaining cells are “open listens”
– Slotted Aloha by default
– Fancier algorithms possible
• All motes can listen, or just those with power
Ch0
DC
CB A-Z? A-Z?
A?
D?
Ch1
BG
AG
A-Z? A-Z?
DC
CB
Ch2
A?
D?
A-Z? A-Z?
BG
AG
Ch3
E?
F?
A-Z? A-Z?
E?
F?
A
G
B
Flexibility of hybrid TDMA/CSMA
• TDMA provides framework
– 50 uA baseline current for synchronization and
control
– Static bandwidth allocated efficiently
– Collision free
• CSMA or Slotted Aloha for dynamic
bandwidth
– Accurate timing improves all algorithms
• Power/performance tradeoffs in filling the
cell matrix
– Use powered infrastructure where you find it
Technology directions
• Reliable
– Four 9s today
– Moving beyond six 9s
• Scalable
– Thousands per site today
– Tens of thousands per site
• Low Power
– A decade on a D cell today
– >10x reduction in radio power demonstrated in academia
• Flexible
– Configurable networks today
– Dynamically move along optimal power/performance curves
Standards
•
•
•
•
IEEE 802.15.4
Zigbee
Wireless HART
ISA/SP100
Mote on a Chip? (circa 2001)
• Goals:
– Standard CMOS
– Low power
– Minimal external components
antenna
Temp
~$1
uP
SRAM
Amp ADC Radio
~2 mm^2 ASIC
battery
inductor
crystal
UCB Hardware Results ~2003
• 2 chips fabbed in 0.25um CMOS
– “Mote on a chip” worked, missing
radio RX
– 900 MHz transceiver worked
• Records set for low power CMOS
– ADC
• 8 bits, 100kS/s
• [email protected]
– Microprocessor
• 8 bits, 1MIP
• [email protected]
– 900 MHz radio
• 100kbps, “bits in, bits out”
• 20 m indoors
• 0.4mA @ 3V
Chipcon cc2430
Chipcon cc2430
•
Key Features
• 32 MHz single-cycle low power 8051 MCU
• 2.4 GHz IEEE 802.15.4 compliant RF transceiver
• 32, 64, and 128 kByte in-system programmable flash
• Ultra low power: Ideal for battery operated systems
• Prevailing development tools
• Industry leading ZigBee(TM) protocol stack (Z-Stack) available
• 8 kByte SRAM, 4 kByte with data retention in all power modes
• RoSH compliant 7 mm x 7 mm QLP48 package
• Powerful DMA functionality
• Four flexible power modes for reduced power consumption
• AES security coprocessor
• Programmable watchdog timer
• Power on reset/Brown-out detection
• One IEEE 802.15.4 MAC timer, one general 16-bit timer and two 8-bit timers
• Two programmable USARTs for master/slave SPI or UART operation
• True random number generator
• Digital RSSI/LQI support
• Digital battery monitor
• On-chip temperature sensor
• Hardware debug support
• Reference design with external PA providing +10 dBm output power available
2.4GHz Radio in 0.13um CMOS
• Cook et al, ISSCC ’06
• Goal: ISM, frequency hopping, fast startup, lowest power
TX Performance
NF vs. Power Consumption
Measured at RSSI Output
CC2420 NF, 55mW
Die Photo
• 2.2mmx2.2mm
• Active Area:
800µm2
Radio Performance
25
X
20
With software:
10 years  D cell
IRX (mA)
cc2420
15
X
10
cc1000
With software:
10 years  coin cell
5
Cook 06 (300 mW)
Molnar 04 (0.4mA)
X
Otis 05 (0.4mA)
X
100k
X
200k
300k
Bit rate (bps)
Mote on a Chip
• Goals:
– Standard CMOS
– Low power
– Minimal external components
Zero
antenna
uP
Security
Temp
Location
Amp ADC Radio
Time
SRAM
~4 mm^2 ASIC
battery
inductor
crystal
Die area, power, 20052009
• ADC
– 10-12 bits, zero area, zero power
• Digital
–
–
–
–
32 bit uP 1mm2 0.25mm2
Crypto - ~ uP
Dedicated datapath?
0.25mW/MHz  50uW/MHz
• Memory
– ROM & Flash 128kB/mm2 0.5MB/mm2
– RAM 16kB/mm2  64kB/mm2
– ~mW/MHz  ~ uW/MHz
• RF
– 2mm2  1mm2
– 10s of mW  100s of uW
• Leakage
– 10s uA @ 85C?  <1uA @ 85C (circuit solutions; processes get
worse)
Sago Mine Accident (Jan 2006)
• Lack of good sensor information
• Limited knowledge of worker location
• Wired communication system
Worker
Location
650 m
Explosion
Wired
phone to
surface
Bandwidth and Multipath
• Increasing BW only helps if 1/BW is
similar to path difference
RF Geolocation Performance
• 1 m of measurement error = 3.3 ns
Security Goals
• Encryption
– Make sure that no one can see the data
• Integrity
– Make sure that no one can fake the data, fake control
packets, screw up the network with replay of old
packets, screw up the network with random packets
– Make sure that random bit errors don’t screw up the
network
• Certification
– Networks only accept trusted motes
– Motes only join trusted networks
• Binding
– Motes only join the right network
Threat models
• Easy
– No access to hardware
– No crypto expertise
• Medium
–
–
–
–
Access to hardware outside the network (demo network)
Single PC
College students
Competitors
• Hard
– Access to active hardware in the network
– PC cluster (~hundreds of 2006 to 2020 vintage PCs)
– Theft, sabotage, industrial espionage, hacking
•
•
•
•
Ocean’s 11
Osama, Putin, Chirac
Unocal China
David Wagner, UCB
People are almost always the weakest link.
Public Key & Shared Key
• Shared key, or symmetric key
–
–
–
–
–
Encryption of payloads, authentication of headers
Block ciphers: AES, DES, XTEA, …
In software on 8bit micros ~ 10 ms
In hardware on 802.15.4 chips ~ 1us
Issues: key storage, key exchange
• Public key
–
–
–
–
Certification of identity of motes, managers
Key exchange for shared key systems
Seconds to minutes on 8 bit micros
Export concerns?
Shared-key Encryption & Integrity
•
Authenticate payload & headers using AES128 CBC-MAC
– Generates “secure checksum” Message Integrity Code – 4 or 8 bytes
•
•
Encrypt payload and MIC with AES128 CTR
Append a 2 byte checksum
– Redundant, less strong, less secure than the MIC
– That’s what 802.15.4 forces us to do
•
A
Packet
ACK
On reception
B
– Verify CRC
– Decrypt payload, MIC
– Verify message integrity (calculate MIC over received packet and compare to
transmitted MIC)
PHY
header
MAC
header
NET
APP payload
header
MIC
Authenticate integrity
Encrypt in place
Checksum
CRC
Public Key Certification - Use Cases
•
•
•
•
One supplier/integrator
One supplier, separate integrator
Multiple suppliers, one integrator
Multiple suppliers, multiple integrators, multiple
neighboring customers
Building 2
•HVAC network
•Security Network
•Fire network
•Tenant networks
Building 1
•HVAC network
•Security Network
•Fire network
•Tenant networks
?
?
?
New
mote
Simplest public key system for identity certification
• Messages encrypted with the private key can only be decrypted with
the public key
• At manufacture, a mote gets a ‘signed’ copy of its ID
– Encrypted with the manufacturers private key
• On joining, the mote presents its ID and the signed copy of the ID
• The network verifies that the signature is valid by decrypting it with
the public key and checking to see if it is the right ID
Manufacturer A
Secret key Sa
--------------------Public key Pa
Network/Manager
Public key ring: Pa, Pb,…
Cy=E(Sa, Y)
Mote Y
Cy Mote X
Cx
Y, Cy
Verify D(Pa,Cy) = Y ?
Verify D(Pb,Cy) = Y ?
From manufacture to 3AM join
Mote N
Manufacturing
Protocol version#
PC
Mote ID
Joining Key
Signed(ID, JK)
Store/
sleep
Mote P1
Mote P2
Manager
Data/advert
packet
Data/advert
packet
Join request
Signed(ID,JK)
Manager verifies signature
Operator accepts new mote
Configure?
Path key encrypted with JK
Mote N key encrypted with JK
Activate child
Path key encrypted with P1 key
Path key encrypted with JK
Mote N key encrypted with JK
configACK
Encrypted with Path Key
Add link N->P2
Path key encrypted with P2 key
Add link N->P2
Path key encrypted with N key
Manager Mores
• Prudish
– Never
• Prudent
• Promiscuous
– Any mote, anywhere, any time
Manager Mores
• Prudish
– Never
• Prudent
– meets some combination of criteria:
•
•
•
•
Mote has valid certificate
Mote on access control list
Manager accepted this mote before
Human/higher-authority approval
– Console/web
– Button
– PDA (RF or cable)
• Single-hop from manager w/ specified minimum signal strength
• Promiscuous
– Any mote, anywhere, any time
Key length and security
Crypto
strength
(n)
Symmetric
Cipher
ECC key
size
RSA key
size
MIPS-years NIST
to crack
expiry date
80
Triple DES
(80)
160
1024
8x1011
2010
128
AES 128
256
3072
2x1026
>2030
256
AES 256
512
15,000
6x1052
1 million Pentiums running for 1 year is ~ 109 MIPS-years
1 billion (Pentium x1000) running for 1 century is ~ 1017 MIPS-years
Open Problems, Hardware
• None.
Sensors
ADC
uP
Radio
RF Ranging
Integration
Open Problems, Software
• Definitions, metrics, and optimization of
reliability and power consumption for
Academically Dull Applications (low rate data
collection and control)
– Simple models are fine (until proven otherwise)
• Interference, multi-path, radio power, etc.
• Start w/ reliability >99.9%, duty cycle <10% and improve
•
•
•
•
Time synchronization
Powered Infrastructure w/ 802.11
Certification, Binding, Commisioning
Reducing barriers to access
– Interfacing to PDAs, cell phones, web