Download WIRELESS SENSOR NETWORKS: SECURITY ISSUES AND

Document related concepts

IEEE 802.1aq wikipedia , lookup

Wi-Fi wikipedia , lookup

Deep packet inspection wikipedia , lookup

Internet protocol suite wikipedia , lookup

Computer security wikipedia , lookup

Distributed firewall wikipedia , lookup

IEEE 1355 wikipedia , lookup

Wireless USB wikipedia , lookup

Computer network wikipedia , lookup

Policies promoting wireless broadband in the United States wikipedia , lookup

Network tap wikipedia , lookup

Airborne Networking wikipedia , lookup

Wake-on-LAN wikipedia , lookup

IEEE 802.11 wikipedia , lookup

Zigbee wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript
CONSTRUCTING A 6LOWPAN HOME AREA NETWORK
Ruben Edgardo Gonzalez
B.S., California State University, Sacramento, 2000
PROJECT
Submitted in partial satisfaction of
the requirements for the degree of
MASTER OF SCIENCE
in
COMPUTER ENGINEERING
at
CALIFORNIA STATE UNIVERSITY, SACRAMENTO
FALL
2010
© 2010
Ruben Edgardo Gonzalez
ALL RIGHTS RESERVED
ii
CONSTRUCTING A 6LOWPAN HOME AREA NETWORK
A Project
by
Ruben Edgardo Gonzalez
Approved by:
__________________________________, Committee Chair
Isaac Ghansah, Ph. D.
__________________________________, Second Reader
Nik Faroughi, Ph. D.
____________________________
Date
iii
Student: Ruben Edgardo Gonzalez
I certify that this student has met the requirements for format contained in the University
format manual, and that this project is suitable for shelving in the Library and credit is to
be awarded for the Project.
__________________________, Graduate Coordinator
Suresh Vadhva
Department of Computer Engineering
iv
________________
Date
Abstract
of
CONSTRUCTING A 6LOWPAN HOME AREA NETWORK
by
Ruben Edgardo Gonzalez
In order to comply with future requirements related to the Smart Power Grid, wireless
sensors will need to be embedded in household appliances. These appliances, through
their embedded sensors, will communicate with the Utility Companies, as well as
customers, and provide information related to energy consumption. In order to
communicate this information, these sensors use radio signals that require special
protocols in order to communicate with a central home gateway as well as a Utility
Company’s Smart Meter. In this project the “IPv6 over 802.15.4” protocol, also called
6LowPAN, is used to construct a Wireless Sensor based Home Area Network. This is the
same wireless technology that will be embedded in appliances in order to form a wireless
sensor network. Because of the wireless nature of this type of network, they are
susceptible to security threats; the topic of security is addressed. But how do you built a
wireless sensor Home Area Network? What are the ingredients, in terms of technologies,
needed to construct such a network? Are there any security issues that need to be
addressed before implementing such a network? These questions are answered in this
project.
v
Specific topics addressed include the radio signal protocol, the operating system needed
to run in the target device as well as the host machine, the programming language needed
to create applications that could run on the target device and the actual hardware used to
host the operating system and run the applications. In addition, a chapter is dedicated to
the discussion of security issues that this type of network is likely experience. The project
culminates with the procedure employed to construct a small Home Area Network using
the 6LowPAN protocol and related technologies. All of topics related to 6LowPAN have
been documented on this report to help readers understand the key ideas needed to
construct a home area network using open source tools and the 6LowPAN protocol.
_____________________________________, Committee Chair
Isaac Ghansah, Ph. D.
_______________________
Date
vi
DEDICATION
To Angela, because you have been the rock that keeps me grounded. By your example
you teach me to be patient and never give up.
vii
ACKNOWLEDGEMENT
Special thanks to Dr. Ghansah, for being so patient with me and guiding me through the
different facets of the Master’s Program.
Special thanks to Dr. Faroughi for being the second reader of this report and always
responding to my questions and being such a helping hand.
viii
TABLE OF CONTENTS
Page
Dedication ......................................................................................................................... vii
Acknowledgement ........................................................................................................... viii
List Of Tables .................................................................................................................... xi
List Of Figures .................................................................................................................. xii
Chapter
1. INTRODUCTION .........................................................................................................1
1.1 Challenges for Wireless Embedded Devices in the Smart Home ............................1
1.2 Wireless Technologies Available ............................................................................3
1.3 Network Protocols That Work with 802.15.4 ..........................................................7
1.4 Using an IP Based Protocol for 802.15.4 .................................................................9
1.5 Software, Programming Tools and Wireless Devices ..........................................10
1.6 Project Outline ......................................................................................................10
2. THE 802.15.4 AND 6LowPAN STANDARDS ..........................................................12
2.1 Introduction to the IEEE 802.15.4 Standard ..........................................................12
2.2 6LowPAN Overview .............................................................................................23
3. HARDWARE AND SOFTWARE TECHNOLOGIES USED ...................................32
3.1 TinyOS and the nesC Programing Language.........................................................32
3.2 Hardware Architecture of TelosB Devices ............................................................40
4. WIRELESS SENSOR NETWORK SECURITY AND 6LowPAN ............................46
ix
4.1 Understanding Security Threats .............................................................................47
4.2 Smart Home Components and its Associated Security Issues ...............................51
4.3 Network Topology and Security, Beyond the IEEE 802.15.4 Standard ................57
4.4 The Need for Wireless Sensor Network Security Tools ........................................61
5. DESIGN, IMPLEMENTATION AND TESTING ......................................................63
5.1 Description of the Project ......................................................................................63
5.2 The Ingredients for the Project ..............................................................................63
5.3 Installing the Developers Environment .................................................................64
5.4 Detecting the TelosB Board and Loading Applications ........................................65
5.5 Running a 6LowPAN Based Tutorial ....................................................................68
5.6 Implementing the Experiment................................................................................69
6. CONCLUSION ............................................................................................................88
Reference ...........................................................................................................................96
x
LIST OF TABLES
Page
Table 1: Frequency Bands, Channelization and RF Parameters ....................................... 17
Table 2: Smart Meter Datasheet Stats ............................................................................... 51
Table 3: Message Integrity Code and Security Levels ..................................................... 53
xi
LIST OF FIGURES
Page
Figure 1: Smart Grid Network ............................................................................................ 2
Figure 2: The OSI Model .................................................................................................. 15
Figure 3: The IEEE 802.15.4 Layer Architecture ............................................................. 16
Figure 4: Association Message Sequence Chart—Coordinator........................................ 19
Figure 5: Active Scan Message Sequence Chart .............................................................. 20
Figure 6: 802.15.4 Data Frame ......................................................................................... 21
Figure 7: IP Protocol Stack vs 6LowPAN Stack .............................................................. 24
Figure 8: Addressing in a 6LowPAN Network................................................................. 27
Figure 9: 802.15.4 Frames: Full and Minimal Addressing ............................................... 30
Figure 10: 6LowPAN Protocol Stack ............................................................................... 30
Figure 11: IPv6 Neighbor Discovery ................................................................................ 31
Figure 12: TinyOS Directory and Related Sub-Directories .............................................. 35
Figure 13: Typical Memory Layout of a Microcontroller ................................................ 37
Figure 14: A nesC application and its components .......................................................... 38
Figure 15: A nesC Component and Corresponding Code ................................................ 39
Figure 16: Memsic TelosB Mote TPR2420 ...................................................................... 42
Figure 17: TelosB Mote tpr2420 Block Diagram ............................................................. 43
Figure 18: Star Topology Representation ......................................................................... 58
Figure 19: Peer-to-Peer Topology Representation ........................................................... 59
xii
Figure 20: Compilation of a TinyOS Application ............................................................ 67
Figure 21: IPBaseStation Folder ....................................................................................... 70
Figure 22: IPBaseStation Module nesC File ..................................................................... 71
Figure 23: IPBaseStation Configuration File .................................................................... 72
Figure 24: Installation of the IPBaseStation Program ...................................................... 73
Figure 25: Running the Driver on TelosB Mote ............................................................... 75
Figure 26: Running the Edge Router and Console ........................................................... 76
Figure 27: The serial_tun.conf File ................................................................................... 77
Figure 28: Installing an IPv6 Network Tool ..................................................................... 78
Figure 29: Motes at Equal Distance from Router ............................................................. 79
Figure 30: Verifying Mote 1 is Alive ............................................................................... 80
Figure 31: Telnet Session to Edge Router ........................................................................ 82
Figure 32: Edge Router Console Commands.................................................................... 83
Figure 33: Using the IPv6 Netcat Utility .......................................................................... 84
Figure 34: Mote 1 Serves as a Router for Mote 2 ............................................................. 85
Figure 35: New Routing Scheme for Network ................................................................. 86
Figure 36: Resetting Routing Map .................................................................................... 86
xiii
1
Chapter 1
INTRODUCTION
The use of wireless embedded devices in home appliances to report electricity
consumptions in homes is one of the most important features in the Smart Grid
infrastructure. This implementation not only gives information to the utility company to
record energy consumption, but at the same time, it could provide accurate information to
homeowners in terms of dollars being spent per appliance. This will in turn help
consumers to plan, modify, and reduce energy consumption accordingly. In this project,
an IP-based wireless sensor home area network will be constructed to simulate a Smart
Home network where wireless devices already live inside appliances. This network will
be accessible from a remote server, which will act as a utiliy server to monitor the status
of the home area network nodes. But how do you build such an infrastructure? What are
the technologies and protocols available in order to implement such a vision? In order to
answer these questions, let us first consider the challenges that need to be met by these
wireless-embedded devices and the building of this type of network, which will be part of
the Smart Grid infrastructure.
1.1 Challenges for Wireless Embedded Devices in the Smart Home
One of the main goals of the Smart Grid is to have the ability to obtain information about
energy consumption of customers, as it happens in order to meet energy demand. This
can help utility companies to plan when energy supplies dip low due to heavy demand
2
[1]. This energy consumption information is transmitted back to the utility company as it
happens. To make this possible, the Smart Grid is relying on technology and protocols
that will serve as vehicles or conduits to bring this information back to administrators and
regulators. Figure 1 shows various sections of the Smart Grid, where the ‘Electric, Gas
and Water Meters’ represents some of the components found in a Smart Home. For our
purposes, we will be concentrating on a leaf of the Smart Grid, namely the Smart Home
where a Wireless Home Area Network will be used to relay information through a smart
meter, which in turn will relay the energy consumption back to the utility company’s
Data Center.
Figure 1: Smart Grid Network
Implementing a Wireless Home Area Network (WHAN) to be compatible with smart
meter brings several challenges. First, the type of wireless devices that are to be
implemented in this type of network needs to support current and future smart meters.
Second, embedded devices that will live inside appliances must be energy efficient so
that they do not create so much energy overhead that energy conservation is overwritten
by the embedded device. Third, the information provided by these appliances needs to be
secure and confidential, as this may expose a customer and even a utility company to
3
theft or fraud. And last, the implementation of such a network needs to be inexpensive in
terms of price and time required to implement. Taking one step at a time, the first item to
consider constructing a network would be to see what wireless technologies are available
in order to implement the wireless network.
1.2 Wireless Technologies Available
To choose the right wireless technology that can transport information in a robust and
secure way is probably a decision that can not only affect todays vision of the Smart
Home, but also tomorrows. Because future compatibility is one of the challenges that
need to be met, choosing the wrong wireless technology today translates in millions of
dollars already invested down the drain if future expansion is needed. Therefore, in order
to choose the right wireless technology and determine what is best for future expansion,
this introduction will consider both proprietary as well as open standard wireless
technologies and will point out why one of them was chosen by industry. Please note that
when the word ‘industry’ is mentioned in this context, it does not mean the solution
creators or vendors, but rather the utility companies in charge of implementing these
solutions. Although it would be good to point out that utility companies are independent
from each other and each has the freedom to choose their own solutions, proprietary or
not. Let us examine these available technologies first before we quickly overview the
chosen standard for this project.
4
1.2.1 Wireless Proprietary Technologies
Proprietary technologies, either wireless or not, are backed by a company support to
ensure that a particular technology will work. Unfortunately, the support is directly
related to the lifetime of the company. The company goes out of business or changes
direction in terms of technology and the supports will have an end of life. The following
are a couple of examples of proprietary wireless technologies.
a. On-Ramp: Provides a wireless communication system comprised of one or more
Access Points with the capacity to communicate bi-directionally with thousands
of wireless nodes; all designed to easily integrate with a variety of third-party
product platforms. The system utilizes a proprietary On-Ramp’s secure, lowpower Ultra-Link Processing technology to achieve range and coverage far
beyond existing systems for metro-scale deployments and other challenging
wireless environments [2].
b. WIMAN: A high-performance wireless modem network, which equips the
Internet Service Provider with the advanced technology necessary to provide
customers with secure, high-speed, wireless Internet connectivity. The WIMAN
system incorporates point-to-point and point-to-multi-point applications in one
synchronized metropolitan network, eliminating the possibility of interference [3].
In these two examples, the first one shows a wireless protocol technology that has been
tailored for Smart Grid applications. Again, the pitfall of choosing a proprietary protocol
is that it is tied to the lifetime of the company that supports it.
5
1.2.2 Open Standards Wireless Technologies
On the other hand, you have open wireless standards that are overseen by the IEEE 802
LAN/MAN Standards Committee [4]. This committee develops Local Area Networks
(LAN) and Metropolitan Area Networks (MAN) standards, mainly for the lowest two
layers of the Open Systems Interconnection (OSI) model. Among these wireless
standards you find the following:
a. 802.11: Set of standards carrying out wireless local area network (WLAN)
computer communication in the 2.4, 3.6 and 5 GHz frequency bands.
b. 802.15: Set of standards that is managed by the 15th working group of the IEEE
802 and specializes in Wireless Personal Area Network standards. It includes
seven task groups, which are numbered from 1 to 7.
c. 802.16: Wireless Broadband standards have been commercialized under the name
“WiMAX” (from "Worldwide Interoperability for Microwave Access") by the
industry alliance called the WiMAX Forum. The most popular implementation of
the IEEE 802.16 standard is the Mobile WirelessMAN.
d. 802.20: standard to enable worldwide deployment of multi-vendor interoperable
mobile broadband wireless access networks.
e. 802.22: Standard for Wireless Regional Area Network (WRAN) using white
spaces in the TV frequency spectrum.
Among all of these open standards, there is only one that stands heads and shoulders
among them. Actually this is not mere coincidence as it was specifically designed to meet
6
the demands of a Low Rate Wireless Personal Area Network (LR-WPAN). The standard
is the 802.15.4, which is overseen by the 802.15 group [4], and the following subsection
will briefly state why this wireless technology standard is ideal for this type of
application, namely a Smart Home Area Network.
1.2.3 The IEEE 802.15.4 Standards Stands Out from the Rest
Early in this introduction, in Section 1.1, we mentioned that there were four challenges
that wireless embedded devices needed to meet. The 802.15.4 standard helps to meet
those challenges and it is the appropriate protocol to build the right foundation. Because
802.15.4 is an open standard backed by an international organization (IEEE) and not a
private company, it ensures that compatibility is guaranteed across different vendors.
This ensures that future issues can be resolved without having to replace old devices.
Perhaps this is not a guarantee, but some standards driven by groups have met this
challenge. The Universal System Bus (USB) protocol is an example of this, as the latest
version of the protocol (USB3) is backward compatible [5]. The second challenge is the
ability of these standard to meet the energy savings requirement that these devices must
have. It would not make sense that a device would spend more energy in transmitting
information than the energy the device consumes without the added wireless device. The
802.15.4 carries information on radio transceivers and is supposed to spend about 1% of
the energy that an 802.11 device would typically spend [6]. Following this energy saving
is the challenge of maintaining a secure and confidential transmission of information
from this low rate devices. The 802.15.4 devices provide security mechanisms that are
built within the standard that aids to create a secure transportation of information across
7
the air [74]. The last challenge is that the implementation needs to be inexpensive in
terms of price and time to implement. Although this is a relatively new standard, the
implementation by vendors has been underway for a while now. This translates into
cheaper prices as competition makes prices go down. If Moore’s Law [8] can be made as
a valid argument, the size of the Silicon gets reduced and it means that there are more
features that can be added into a single piece of Silicon. Which in turn means that prices
can be reduced. But having a wireless protocol is just a piece of the puzzle. What about a
network protocol to transport the information?
1.3 Network Protocols That Work with 802.15.4
Now that we have determined that the 802.15.4 standard is the best solution for the
wireless needs in a Smart Home scenario, the question is what is the best protocol to
transport the information across a network? Because 802.15.4 has become a standard
wireless signal, there are various types of protocols that either have been created or have
been adapted to work together with 802.15.4. Some of these protocols are:
a. MiWi [9]: A proprietary wireless protocols designed by Microchip Technology
[10] that uses small, low-power digital radios based on the IEEE 802.15.4
standard for wireless personal area networks
b. WirelessHART [11]: Open-standard wireless networking technology developed
by HART Communication Foundation. The protocol utilizes a time synchronized,
self-organizing, and self-healing mesh architecture. The protocol currently
supports operation in the 2.4 GHz band using IEEE 802.15.4 standard radios
c. ZigBee [12]: This standard enables broad based deployment of wireless networks
8
with low cost, low power solutions providing the ability for devices to run for
years on inexpensive batteries in a typical monitoring application.
d. 6LowPAN [13]: An IP-based protocol, developed by the Internet Task Force
(IETF) “IPv6 over 802.15.4” working group [20], that enables a broad based
deployment of wireless networks and provides low power solution. It enables
IPv6 packets to be carried on top of 802.15.4 radio signals.
As discussed earlier, a proprietary protocol would not be a good choice due to the
possible end of life of a company. In addition, it means that the support is tied to the
intellectual technology of a few individuals in the company and modifications are not
possible without support from them. On the other hand, by choosing a standard protocol
that is not tied the life of the product to any company and support, modification of the
source code can be done in house without having to resort to an external vendor. This
also means that new technologies can be adapted easier if the need arises. Out of the three
standard-based protocols above, only the ZigBee protocol requires a licensing fee. This
means that a developer in order to use the source code for commercial purposes must
register with the ZigBee alliance. In contrast, an open-standard protocol like 6LowPAN
does not require a licensing fee for commercial use, but because it is licensed under the
General Public License (GPL), it requires that the modified source code to be made
available to the public [7].
9
1.4 Using an IP Based Protocol for 802.15.4
The question at this point would be which protocol to use for the layer above the
802.15.4. A proprietary protocol would be out of the question for this project due to cost
and source code unavailability.
Considering the other protocols, the ZigBee protocol is the most successful out of them
all and the utility companies and many industry sponsors have embraced it. However,
ZigBee is not an IP-based protocol and this means that there has to be an extra layer of
logic in order to communicate with any internal node, in the wireless sensor network
from outside the network. Currently the ZigBee alliance is working on ZigBee 2.0 and it
is to have IP protocol support. The 6LowPAN protocol, which uses IPv6 over 802.15.4 is
relatively speaking in its infancy and although support of the protocol is forthcoming,
time will tell if this protocol will stand on its own. For this project, the 6LowPAN would
be used as it is an IP based and an open source protocol and it can be integrated with
existing open source software.
So, why is using an IP-based protocol a good idea? IP delivers technology that has been
tested and is reliable for addressing, routing and other related networking tasks. Using IP
technology, vendors can build devices such as remote controllable thermostats,
consumer-based energy storage appliances, customer displays and others and share a
common network infrastructure to minimize cost and complexity. Even network devices
not yet invented, if they are built on IP, they are guaranteed to work on an IP network.
All of these minimize cost and complexity, as there is no external logic to be built, in
order to monitor and debug this wireless network from a remote data center.
10
1.5 Software, Programming Tools and Wireless Devices
Constructing a wireless sensor network for this project, in addition to what it has already
been considered above, requires the following four other elements:
a. Software or Operating System for the Embedded Device
b. Programming Language to Build Applications
c. Hardware or Wireless Embedded Device
d. Host Operating System to Compile and Install
For the operating system, TinyOS was chosen as it is an open source operating system
and 6LowPAN can be easily integrated with it. In addition, TinyOS has a great support
by open source developers and the TinyOS website. In addition to the operating system,
the programming language used will the nesC programming language. This programming
language is a device oriented programming language and can be easily integrated into the
TinyOS environment. The hardware or wireless embedded device where all of this will
takes place will be the TelosB Mote manufactured by Memsic, Inc. which has built-in
sensors. The host operating system, which will be used to program the devices will be
Ubuntu 9.10.
1.6 Project Outline
In order to fully understand from the ground up how everything works in terms of
hardware, software, network topologies, and security, this project will discuss these
protocols and technologies to piece and make sense out of what is a complex topic. A lot
of information found in various forums assumes that the reader is familiar with all
11
required background knowledge in order to understand the topic at hand. Taking this into
consideration, the information found herein is supposed to help the reader to understand
this topic, namely the construction of a 6LowPAN wireless sensor home area network,
from the ground up.
To build a foundation, the project will start with an introduction to the IEEE 802.15.4
standard in chapter 2 and explain in details the inner workings of the standard and how
those apply to the actual hardware device. It will also provide information about how the
802.15.4 layers intercact with each other as well as the immediate external layer; for our
purposes the IP layer. Next in the same chapter, 6LowPAN, which is IPv6 over 802.15.4,
will be explored. In this section, the major differences between 6LowPAN and IPv6 will
be outlined and advantages and features of 6LowPAN will be discussed. It will also
discuss how to fit a IPv6 packet into an IEEE 802.15.4 frame and the need for an
adaptation layer to make this happen. In addition, the use of IPv6 tools will be addressed,
which are used in the 6LowPAN implementation of the project, as documented in chapter
5. Then in chapter 3, the TinyOS operating system will be researched and explained
along with the relationship with the nesC programming language. Thereafter, in the latter
section of chapter 3, the target device used in this experiment, namely the TelosB board
and hardware architecture will be reviewed in detail. Because security has to be taken
into consideration before deploying a Home Area Network, chapter 4 will discuss the
topic of security and how network topology affects a 6LowPAN-based network. Finally,
all the pieces will come together and the research will culminate in the construction of the
IPv6 over 802.15.4 Home Area Network.
12
Chapter 2
THE 802.15.4 AND 6LowPAN STANDARDS
This project was is very complex taking into account all the different technologies
involved. The details of how it was put together will be explained in chapter 4. However,
putting the project together and understanding how these different technologies
intertwine with each other are two different things. This chapter represents the knowledge
gained in these technologies and what it was learned from them. Some information
related to the low level details of 6LowPAN protocol has been left for the reader to
explore and this chapter can serve as guide for others to understand how this protocol
along with its related technologies work with one another. This document can guide the
reader on how to get started to construct a wireless sensor based HAN and on the path of
knowledge about this important component of the Smart Grid.
2.1 Introduction to the IEEE 802.15.4 Standard
There are various wireless technologies today that deliver a robust and reliable signal for
devices to communicate. For example the IEEE 802.11 standard is mature and reliable
and can be easily used as a solution in a home network to be part of the smart grid
solution. However, this standard is not designed to be energy efficient and thus battery
life would be significantly reduced to mere hours in some applications. In order to
address this need and to implement a more efficient way to handle the low-data volume
universe of control and sensor networks, the IEEE 802.15.4 standard was created [14]. In
this section an overview of this standard will be briefly discussed.
13
2.1.1 A Brief Overview of the IEEE 802.15.4 Standard
The need for a wireless standard that can be energy efficient is one of the demands that
this protocol meets. However, the standard goes further. It defines the protocol and
interconnection of devices via radio communication in a personal area network (PAN). It
specifies the physical layer (PHY) and media access control (MAC) for low-rate wireless
personal area networks (LR-WPANs) [14]. The IEEE 802.15 Working Group maintains
the standard [15].
There are a variety of proprietary network protocols that can be used to sit on top of these
802.15.4 layers and offer great off-the-shelf functionality [16]. However, for the purposes
of this project, only the 6LowPAN protocol will be discussed, which is an open standard
protocol based on IPv6. This protocol will be explored in much more detail in the Section
2.2. There are other protocols that can be implemented to interface with the 802.15.4,
which were mentioned early in the introduction, namely MiWi [9], WirelessHART [11],
and ZigBee [12] protocols, but are left to the reader to explore. The main idea is that the
IEEE 802.15.4 standard is flexible enough to accommodate either proprietary or open
standard protocols. However, these protocols are not mentioned in the 802.15.4 standard
and neither is networking techniques or topologies. According to Jon T. Adams [16],
The desire by the working group was to develop a standardized protocol
and radio, and allow various different approaches to the networking and
applications functions. In light of this, several different networking
techniques have been developed outside of the standard to take advantage
of this radio.
14
However, networking applications, as well as the actual network implementations, have
exploitations points that can be used by a hacker or someone trying to sabotage a
network. This will be discussed later in the security chapter of this document. For the
purposes of this document, as far as the protocol used in this project, only the 6lowPAN
protocol will be considered as well as the possible implementations of its related network
topologies.
2.1.2 The IEEE 802.15.4 Standard and OSI Stack Model
For those who are not familiar with the OSI Stack Model, you can find details and
information here [21]. In essence,
[The OSI Stack Model] is a way of sub-dividing a communications system
into smaller parts called layers. A layer is a collection of conceptually
similar functions that provide services to the layer above it and receives
services from the layer below it. On each layer an instance provides
services to the instances at the layer above and requests service from the
layer below [22].
15
Figure 2: The OSI Model
The IEEE 802.15.4 standard defines uses for just two of these layers and leaves the rest
of the above layers to be implemented by vendors and/or developers. The two layers
being used by the standard are the Physical (PHY) and the [Data Link] Medium Access
Control (MAC) [14]. Figure 3 shows the layer architecture of the IEEE 802.15.4
standard. Worth noticing is that the layer architecture does not exactly corresponds to the
OSI layer model. This is due to the usage of the 802.2 Logical Link Control (LLC)
sublayer; which accesses the MAC layer through the Service-Specific Convergence
Sublayer (SSCS) [16]. The “Physical Medium” in figure 3 represents the Radio
Frequency (RF) link and should be interpreted as part of the PHY layer. The PHY
manages the physical RF transceiver and performs channel selection and energy and
16
signal management functions [17]. Layers and their relationship with the other media
layer, namely the network layer will be discussed in the following section.
Figure 3: The IEEE 802.15.4 Layer Architecture
2.1.3 The 802.15.4 Layers
The PHY layer, as mentioned above, manages the RF Link parameters. These parameters
include modulation type, coding, spreading, symbol/bit rate and channelization. This
channelization identifies 27 channels across three different frequency bands, which are
unlicensed bands available in different geographic regions [18]. To date, there have been
three amendments that affect the PHY layer and two of them are related to regional
modulations [15].
17
Table 1: Frequency Bands, Channelization and RF Parameters
The 868.3 Mhz channel is limited to a 0.1% duty cycle by regulation, while the other
channel’s duty cycle is unrestricted. Besides controlling channelization, the 802.15.4
PHY also contains primitives, which manages and control packet data flow [18]. As a
measure to avoid collision between packets, the PHY uses what is called Carrier Sense
Multiple Access with Collision Avoidance (CSMA-CA) to access the radio channel. This
radio channel is a packet radio specifications and the PHY defines 4 different frames that
have unique functions [19]. The first one is the Data frame and is used to send the data
payload. The second one is the Acknowledgement frame and is used by a receiving
station that a data packet was received without error. The third is the Beacon frame and
stations that may be implementing significant power saving modes use it. Coordinator
and router devices that are attempting to establish networks can also use the beacon
18
frame. The last frame is the MAC command frame, which provides some unique abilities
to send low-level commands from one node to another. The following two figures show
how these frames work between two devices [14]. The first figure shows an association
message sequence chart between a node and a Personal Area Network (PAN)
coordinator.
19
Figure 4: Association Message Sequence Chart—Coordinator
20
The second chart shows an active scan being performed by a second device in a peer-topeer network and the beacon packets at work.
Figure 5: Active Scan Message Sequence Chart
21
Notice the interaction between the PHY and MAC layer on both charts. Although the
details of these interactions are beyond the scope of this document, it is worth noticing
how these frames between the PHY and MAC layers are constructed and how they are
assembled from one to the other. Figure 6, as found in the Frame Structure section of the
IEEE 802.15.4 standard [14], depict the 802.15.4 data frame. It should also be mentioned
that the frame structure is similar to the other three frame types.
Figure 6: 802.15.4 Data Frame
The meaning of the acronyms in the figure 6 can be found in the acronyms and
abbreviation section of the IEEE Standard 802.15.4-2006 [14]:
MHR: MAC Header
MSDU: MAC Service Data Unit
MFR: MAC Footer
SHR: Synchronization Header
PHR: PHY Header
PSDU: PHY Service Data Unit
PPDU: PHY Protocol Data Unit
22
So, how do devices distinguish themselves from one another? In order to be uniquely
identified, all IEEE 802.15.4 devices have a unique 64-bit address similar to MAC
addresses found on 802.11 wireless Ethernet cards. Because of the size of this address
and the constrictions on packet size as used in the IEEE 802.15.4 standard, it is
recommended that a reduced 16-bit address be used as a local address [16]. This task of
reduction is left to the PAN coordinator when a device joins the network [23]. The
specifics of this exchange are part of the software layer and its implementation is beyond
the scope of this document.
The MAC layer contains primitives that allow transfer for both inbound and outbound
data. The MAC sub-layer provides access to the upper layers and is responsible for
generating network beacons that allow devices to find an existing network [24]. The
device will know, through this mechanism, whether a channel is contention-based or
contention-free to access it. The MAC layer also manages the ability of a device to find a
network to associate with. If that is the case, then a message is sent to the network layer,
the other media layer not specified by the IEEE 802.15.4 standard, and thus the network
layer manages the exchange of addresses through the PAN coordinator as mentioned
above. Hence the device is given the new short address that would be local to that
particular network. If the device is no longer part of the network, it also provides a
mechanism to disassociate as well [25]. In simple terms, the device receives a
Disassociate command from the PAN coordinator and the short address given to it is no
longer valid. If the device needs to associate itself again, it may or may not receive the
same short address. The PAN coordinator is part of the Network layer and this particular
23
mechanism of associating and disassociating is beyond the scope of this document.
However, the Network layer is part of the Media Layers, where the MAC and PHY layers
are the first two, and the IEEE 802.15.4 standard provides only guidance, or suggestions,
on possible network types [14]. Nevertheless, the standard specifies mechanisms at the
MAC and PHY layers that are needed for the formation of a network. For this reason
network implementation, however implemented, can impact security on a wireless sensor
network [26]. Security issues of these implementations will be discussed in the chapter on
security.
2.2 6LowPAN Overview
The name 6LowPAN is an abbreviation from combining “IPv6” and “Low Power
Wireless Premise Area Networks.” As the abbreviation implies, this protocol defines the
frame format for transmission of IPv6 packets over 802.15.4 radio signals. This section
will address the 6LowPAN protocol and not IPv6 as the implementation differs greatly
due to their target devices, packet size and physical data transport. Thus, because an
entire book on IPv6 can be written on the implementation and configuration of this
Ethernet based IP protocol, the details of IPv6 will not be discussed in detail and this
document assumes that the reader is already familiar with IPv6. Further reading about the
IPv6 protocol can be found here [27].
Major differences between 6LowPAN and IPv6:
Packet Size: The 6LowPAN packet is 127 bytes [30], which is a lot smaller than the 1280
bytes for IPv6 [27]. So how is it possible to transport a 1280 byte packet into a 127
24
frame? How this encapsulation and mechanism takes place will be considered in the
following section.
Physical Transport Mechanisms: The transport mechanism from node to node for the
6LowPAN is a low-power radio transmitter based on the IEEE 802.15.4 standard, while
IPv6 uses Ethernet transport. Figure 7 shows a comparison of the IP and the 6LowPAN
protocol stack.
Figure 7: IP Protocol Stack vs 6LowPAN Stack
Although the stacks are similar in term of following the OSI model, the major point of
departure is the Data Link and Physical layers. Because of this difference, a full-blown
IPv6 protocol is not possible using 6LowPAN due to the constraints of the 802.15.4
transport, device memory constraints and processor limitation.
Security: There is no security implemented as an IPv6 feature in 6LowPAN. This is due
to the overhead that implementing IP Security (IPSec) would incur in such a memory and
power constraint devices. In the other hand, IPSec is mandatory for IPv6 [27] and with
plenty of memory and processor power, IPSec is not an issue. In order for security to be
25
implemented in 6LowPAN-based device, the protocol is dependent on the security
mechanisms of the 802.15.4 standard [31]. This security consideration will be brought
out in the security chapter of this document.
2.2.1 Advantages and Features of 6LowPAN
Address space expansion is one of the main reasons why 6LowPAN is so essential to the
millions of wireless devices that have the potential to live inside every appliance in every
home in the world. The implementers gave IPv6 a much larger address space (128-bits)
than the IPv4 address (32-bits) [27]. As a result, the 6LowPAN takes advantage of the
same IPv6 address space and each device can be assigned a unique address. In addition,
6LowPAN follows the same IPv6 addressing rules where the 128-bit address is broken
down in a 64-bit prefix and a 64-bit interface ID (IID). The 64-bit prefix, or upper 64-bits
of the 128-bit address, is hierarchical and identifies the network you are on where it is
globally [61]. The other half of the 128-bit address identifies the network interface and
this must be unique to the network and it is formed statelessly from the interface MAC
address. However, this still leaves a 64-bit address that in order to be transported needs to
be compressed in 6LowPAN. So how does this compression work? 6LowPAN works on
the principle of flat address spaces, where the wireless network is one IPv6 subnet, and
each device has a unique MAC address. In other words, it flattens the naming and
addressing hierarchy and thus simplifies the connectivity model [75]. This MAC address
can either be the 64-bit address or a 16-bit assigned by the PAN coordinator. Hence, in
order to transport the IPv6 address and reduce overhead, the 64-bit prefix (the upper
portion of the 128-bit address) is removed, as all the nodes in the network already know
26
this prefix [61]. In addition, the IID can be also removed for link-local communication in
the sub-network where only the Interface Identifier is needed. Appending the Interface
Identifier to the prefix FE80::/64 forms the IPv6 link-local address for an IEEE 802.15.4
interface.
Furthermore, the IID can be compressed for multi-hop destination and source addresses.
Figure 8 shows an addressing example and how it is viewed from the point of view of the
6LowPAN network.
27
Figure 8: Addressing in a 6LowPAN Network
Notice that internally, only the Interface Identifier is needed and thus reducing the
overhead of a 128-bit address to be carried on a 802.15.4 frame. This also includes the
edge router, as the entire IPv6 address is only important to the outside world. For the
implementation of this project, each node was given an identifier manually, including the
edge router, at compile time, as stateless address configuration was not implemented.
In addition, an added advantage of 6LowPAN is the ability to use an established and
mature protocol; 6LowPAN takes advantage of the extensive interoperability with other
28
devices that share the same IP protocol. These devices can either be other 802.15.4 type
of devices or devices that use Ethernet or 802.11. Hence, connections can be established
remotely without the use of complex gateways that in the past, were necessary to
translate between proprietary protocols and standard IP [75]. At the same time, it can take
advantage of already established security by means of authentication or firewall
mechanisms in IP standards. Because 6LowPAN networks are supposed to work as
subnets, part of stub networks, these security mechanisms can be implemented for non802.15.4 devices coming from outside networks, which includes the Internet. One key
point to adopt IPv6 for wireless networks is the familiarity with established networking
management tools for commissioning, managing, and debugging [75] such as netcat,
ping, traceroute, telnet and others. Some of these tools were used in the implementation
for this project.
One key feature in using 6LowPAN is the energy savings that can be implemented with
this protocol. Because 802.15.4 carries information on radio transceivers roughly the
same band as an 802.11 device but using about 1% of the power [6], 6LowPAN takes full
advantage of this technology. For example, when you implement 6LowPAN on a TI
MSP430 microcontroller and CC2420 radio, which are part of this project experiment
and compliant with the IEEE 802.1.4 standard, the energy overhead ranges from 2.8% for
very small data payloads to under 2% for data payloads near frame capacity [28]. Not
exactly 1% savings over an 802.11 device, but the savings are obvious in terms of battery
life.
29
The ability to support address auto-configuration is also a key advantage of 6LowPAN as
this can be done dynamically just by introducing a device into the network. The address
is formed using the interface identifier for the IEEE 802.15.4 device. The standard also
points out that this interface identifier can be set manually by software by setting the
MAC address to predetermined address and thus changing the identifier according to the
new MAC address [30].
Among the key features of 6LowPAN is the ability to transport an IPv6 packet over an
802.15.4 packet given the size difference. As previously stated, the Maximum
Transmission Unit (MTU) for IPv6 is 1280 bytes and therefore it is too big to fit into an
802.15.4 frame. In contrast, the maximum frame defined by the IEEE 802.15.4 standard
is 127 bytes [29], where the maximum length of the MAC header is 25 bytes and this
leaves the remaining load to be 102 bytes. Link-layer security imposes further overhead,
which in the maximum case, 21 bytes of overhead in the AES-CCM-128 case, leaves
only 81 bytes available [30]. AES-CCM-128 is an Advance Encryption Standard (AES)
that uses a cipher block chaining message authentication code, which is discussed in the
chapter 4. Depending of the addressing being used, 64-bit versus 16-bits, this also affects
the payload and thus it is further reduced.
30
Figure 9: 802.15.4 Frames: Full and Minimal Addressing
Furthermore, the 802.15.4 overhead can be increased when you implement link-layer
security and there is a need for fragmentation. Because of the above difference between
the IPv6 packet and an 802.15.4 frame, it is needed to have an adaptation layer between
the IPv6 layer and the 802.15.4 MAC layer.
Figure 10: 6LowPAN Protocol Stack
31
This Adaptation Layer will achieve the functions of header compression, fragmentation,
reassembly, and mesh route forwarding. Details of how compression, fragmentation,
reassembly and mesh route forwarding occur at the adaptation layer can be found in the
IETF Request for Comments (RFC) 4944 under ‘LowPAN Adaptation Layer and Frame
Format’ [31].
One feature that 6LowPAN inherits is the network discovery feature of IPv6. As a result,
nodes may be susceptible to threats, as mesh routing is expected to be common in
802.15.4 networks. This part is covered in the security chapter of this document.
Figure 11: IPv6 Neighbor Discovery
Having considered all of these features and advantages of 6LowPAN, lets consider the
hardware and software where this protocol will be implemented.
32
Chapter 3
HARDWARE AND SOFTWARE TECHNOLOGIES USED
This chapter will discuss the hardware and software componets required to put the project
implementation together. At the same time, it will give readers the oportunity to
familiarize themselves with these key ingredients of the project and lay a good
foundation. The first section will address the operating system along with its companion
programing language. The second section will talk about the device that makes all of this
possible.
3.1 TinyOS and the nesC Programing Language
The TinyOS Operating System and the nesC Programing Language are very much
intertwined with one another. Although it may be possible to create a C program to run
on TinyOS (nesC modules are written in a modified C programming language), the
ability to create a program small enough to run on any given platform would be very
expensive in terms of size. Because nesC is able to take advantage of TinyOS libraries, it
has the ability to create small code that is able to fit in very memory constrained
platforms like the TelosB platform. At this point, a discussion of the TinyOS operating
system and the nesC Programming Language will be covered in more detail on the
following sections.
3.1.1 The TinyOS Operating System
The TinyOS is an operating system that was exclusively designed for wireless embedded
sensor networks [33] and its design focuses on ultra low-power operation [34]. Because
33
each device on this network is so memory constrained, the operating system along with
the implemented applications needs to fit in such a tiny memory devices.
At a high level, TinyOS provides three things to make writing systems and applications
easier [34]:
A component model, which is grounded in the nesC programming language and defines
how to write small, reusable pieces of code and compose them into larger abstractions.
This enables rapid innovation and implementation while at the same time minimizes code
size [34]. At the same time, it allows you to write pieces of reusable code, which declares
their dependencies. The nesC section will cover how this is implemented.
A concurrent execution model, which defines how components interleave their
computations as well as how interrupt and non-interrupt code interact and enables
TinyOS to support many components while requiring little RAM. The concurrency
execution model of TinyOS has two level scheduling hierarchy structures [35]. The first
level is where events preempt tasks and the second one is where tasks do not preempt
other tasks. By events it is understood that it is a process that is time critical and that
requires a very small amount of processing like the Timer or an Interrupt. A task would
be a process that is not time critical and any component can post a task, which TinyOS
will run at some later time. Tasks are atomic with respect to other tasks and run to
completion, though they can be preempted by events as stated above. Because tasks
cannot be preempted by other task there is no need to worry about data race between
tasks, as race conditions at this level do not exist.
34
Application programming interfaces (APIs), services, component libraries and an overall
component structure that simplify writing new applications and services. TinyOS itself
has a set of APIs for common functionality, such as sending packets, reading sensors, and
responding to events. TinyOS also contains a component library that includes network
protocols, distributed services, sensor drivers and data acquisition tools that can be used
by a sensor capable device. These can be used as found in the libraries or they can be
further modified, or create new ones from any of these, to create custom applications.
Figure 11 shows the TinyOS directory along with its subdirectories where these
component libraries are located along with applications and source code.
35
Figure 12: TinyOS Directory and Related Sub-Directories
Because TinyOS is an open-source operating system, an international community of
developers, researchers and private industry supports it. One of the reasons that make this
operating system so popular is the ability to support various embedded network platforms
such as Epic, Iris, Mica, Shimmer, TelosB and TinyNode. The TinyOS operating system
is freely available to download [36] and it can be loaded to a Microsoft Windows based
36
machine using Cygwin, but for the purposes of this project the Ubuntu 9.10 operating
system was used as a host operating system. More detail information about how to install
this remarkable operating system can be found in the implementation section of this
document an by visiting the TinyOS website [37]. Next the nesC programming language
will be explored.
3.1.2 The nesC Programming Language
The nesC (network embedded systems C) Programming Language is a component-based,
event-driven programming language used to write TinyOS applications with features to
reduce RAM and code size and enable significant optimizations. It is an extension of C
designed to embody the structuring concepts and execution model of TinyOS [38]. It is
designed under the expectation that whole-program compilers will generate code [38] and
this should allow for better code generation and analysis [39]. Static race conditions
between events should be detected and you are warned about these conditions if they
exist at compile time [34].
The nesC programming language is supposed to be a “static language” and memory
should be allocated as module variable. If a module needs a buffer, this buffer should be
allocated statically. The nesC programming language does not encourage dynamic
memory allocation through malloc, as there is a danger when this method is used. This is
due to a lack of hardware protection on most embedded microcontrollers. The stack
grows down and the heap grows up and trouble is certain [40]. Of course, the nesC
37
programming language is a good tool to address memory limitations imposed by
hardware.
Figure 13: Typical Memory Layout of a Microcontroller
Hence, the programming language imposes restrictions on dynamic memory allocation,
pointer usage and dynamic component instantiation or destruction [41]. These restrictions
make nesC applications safe from memory crashes.
The nesC programming language supports and reflects TinyOS’s design and is based on
the concept of components, and directly supports TinyOS event based concurrency
model.
Component Specification
Because nesC is a component based programming language, there are three concepts that
a programmer needs to be familiar with: Interface, Module and Configuration. An
Interface specifies functionality to the outside world and it tells it what commands can be
called and what events need handling. Think of an interface as connectors from either a
module or a configuration that connect to either a module or a configuration. A Module
implements a component’s specification with nesC code that is very similar to C and it
38
does not use the component features of the programming language. A Configuration
implements a component by wiring together multiple components that can either be a
module or another configuration type of component and thus taking full advantage of the
component features of the nesC programming language. Figure 14 illustrates the
relationship between these three components that make a nesC application in TinyOS.
Figure 14: A nesC application and its components
Figure 14 shows a tiny sample code on how this can be illustrated [42]. The blocks to the
left of the code in figure 14 correspond to a configuration called TimerC. This
configuration has two interfaces called StdControl and Timer. Also the configuration is
composed of two modules called TimerM and HWClock. This corresponds to the
implementation in the code where it calls these two components. Then the StdControl
39
interface of the TimerC (configuration) is connected internally with the Stantard interface
of the TimerM (module). This is coded as StdControl = TimerM.StdControl. The Timer
interface for the TimerC (configuration) and TimerM (module) is also connected and the
code is Timer = TimerM.Timer. Internally the two modules, TimerM and HWClock, are
connected through the Clock interface, where HWClock is the provider and TimerM is
the user. This is reflected by the code TimerM.Clk -> HWClock.Clock.
Figure 15: A nesC Component and Corresponding Code
Concurrency Model of nesC
It is based on the run to completion tasks and interrupts handlers, which may interrupt
tasks and other interrupts. As mentioned at the outset of this section, the nesC compiler
signals the potential data races, which are caused by interrupt handlers. These data races
occur due to the concurrent updates to share state. In order to prevent data races, the nesC
compiler understands the concurrency model and determines the target of every update
[42]. To further understand how the concurrency model works, it is important to know
40
how nesC code runs in TinyOS. The code can either run asynchronously, in response to
an interrupt, or synchronously in the case of a scheduled task. Asynchronous code is code
that is reachable from at least one interrupt handle and a synchronous code is only
reachable from task [42]. Because tasks have a run-to-completion rule and sequential
execution through the TinyOS scheduler, synchronous code is atomic with respect to
other synchronous code. By atomic is meant that any share state between two tasks is
updated atomically. Because run to completion rule, preemption is not possible between
tasks. However, there are still potential races between synchronous and asynchronous
code, as well as between asynchronous with other asynchronous code. As a result, any
update from a shared state between these two cases is a potential race condition. To solve
this issue, the programmer has to either convert all of the sharing code to tasks or make
them synchronous code or to use atomic sections to update the shared state. By atomic
sections, in this context, it is understood that is a small code sequence that nesC ensures
will run atomically. The implementation of these mechanisms is beyond the scope of this
document. However, it is important to understand that concurrency is central to nesC
components. For further information about nesC concurrency and inner workings of
nesC, see "TinyOS Programming" by Phillip Levis and David Gay.
3.2 Hardware Architecture of TelosB Devices
There are various devices that will work to construct a wireless network. They can be
configured and ready to go from off-the-shelf solutions that will most of the time require
proprietary software that cannot be modified. However, for this project an open source
solution was sought and was essential in order to understand the inner workings of the
41
hardware as well as the software. By software, it should be understood that it is in terms
of the operating system and the programming language. As far as hardware is concerned,
it is not only the microcontroller being used, but rather is a combination of several
architecture components that make up what is known as a platform.
Some of these platform names are mica, intelmote2, eyesIFX, TelosB [43] and others.
For the purpose of this project, the TelosB platform will be used. From this point
forward, when the word ‘mote’ is used, it will refer to the TelosB device and both terms
can be interchanged. A ‘mote’ is a commonly used name for a node on a wireless sensor
network.
3.2.1 TelosB Mote Device and Architecture
The TelosB platform was developed and made available to the research community by
U.C. Berkeley [44]. A key factor on this platform is the ability to use open source
software to modify and experiment. A large community of developers backs up this open
source software, targets the TelosB platform specifically and helps in the development
and advancement of the software, namely TinyOS and nesC programming language. At
this time, lets dive into the hardware aspect of the TelosB mote.
The TelosB used for this project, model TPR2420, is built by Memsic Inc. (formerly
XBow) and is a low power device that in theory is supposed to run on a couple of AA
batteries for a long time (see power requirements section below).
42
Figure 16: Memsic TelosB Mote TPR2420
It has a built-in 802.15.4 compliant RF transceiver and it works with a 2.4 GHz ISM
band. The data rate is 250 kbps [45]. For the mote to be low power, it uses a Texas
Instrument MSP430 16 bit Ultra-Low-Power microcontroller with 10KB of RAM. The
MSP430 microcontroller datasheet can be found on the Texas instrument website [46].
There is another version of this Memsic mote, but it does not possess a built-in sensor
suite. The sensor suite for the TPR2420 includes a light, temperature and humidity sensor
[44]. In addition, it contains two expansion connectors and on-board jumpers that can be
configured to control external devices.
43
Figure 17: TelosB Mote tpr2420 Block Diagram
3.2.2 TelosB Mote Power Requirements
As the power requirements of the TelosB mote is discussed, keep in mind that using this
device on a home appliance, to form a network, may not need the sleep state that is
capable of entering. The reason is that a device embedded in a home appliance may be
capable of drawing DC current from the device itself in addition to a backup battery. It
can be configured in a way that when electricity is missing (i.e., a power outage or device
is unplugged), a battery can be used to give the device functionality when otherwise it
would be inoperable. The design of such a solution is beyond the scope of this document
as every appliance manufacturer can implement a design unique to their needs.
The TelosB TPR2420 can run on either on 2 AA batteries or it can be connected to a
USB port where it can draw its current. The module, which consists of the processor,
44
flash memory, RAM, EEPROM, ADC, DAC, and other interfaces, not including the RF
transceiver, draws about 1.8 mA on active mode and 5.1 µA on sleep mode. In addition,
the RF transceiver draws about 23 mA in receive mode, 21 µA on idle mode, and 1 µA
on sleep mode [44]. Therefore, on sleep mode, the mote can last quite a long time.
3.2.3 Mote Application and Limitations
Because of its built-in sensors, the TelosB TPR2420 can be used for an array of
applications from Radio & Networking Research, Large-scale Wireless Networks and
Distributed Computing Platforms [47]. For this project, these motes will be used to
construct a 6LowPAN protocol based home area network, which would be accessible to a
user via the Internet.
Because motes can act as routers, a distance of 20 to 30 meters (65 to 98 ft) must be
maintained between motes, where 30 meters would be the delimiting distance to ensure
an ideal network. In this project, one of the motes will be located out of range of the edge
router. Thus, communication between this out of range mote and the edge router would
be dependent on another mote closer to the edge router acting as a router himself.
Because appliances are usually scattered throughout a typical home, in order to build a
wireless home network with motes, the distance from the electricity smart-meter must be
at the most 30 meters. Otherwise, a utility company would have to install a device that
would serve as a relay (router) in order to ensure communication between appliances and
the smart-meter. More of how realistic these distance limitations worked out in our
project will be addressed in the implementation section.
45
Other limitations include the ability to process information given its limitations of
memory and network speed. With a mere 48K bytes of program flash memory, 10K bytes
of RAM, and 1MB of external flash for data logging, programming, data processing, and
storage needs to be efficient and compact. This is where TinyOS shines and the Internet
protocol used in this project is ideal and compact. The Internet protocol is based on the
IPv6 as discussed in Section 2.2 and is adapted to work on 802.15.4-based devices.
46
Chapter 4
WIRELESS SENSOR NETWORK SECURITY AND 6LowPAN
The Smart Grid is a complex and changing entity. To solidify the Smart Grid it requires a
lot of knowledge and effort as the grid starts at the Utility Company and it ends at the
customer’s home. Keeping this in mind and as mentioned from the onset of this
document, this project will deal with just one part of the Smart Grid, namely the Smart
Home. Please note that currently there is what is known as “Smart Homes”, which are
automated with different technologies installed. For the purpose of this document, a
Smart Home will be understood as one that is part of the Smart Grid and that has a home
area network with motes embedded in appliances for the purpose to give feedback to the
Utility Company. It would be an advantage to understand security, even from the point of
view of a consumer, because it can affect everyone who is to use this technology and it
should be understood in terms of privacy and personal and home security. This section
will cover four important topics. The first one will help us understand what security
threats are out there and how this affects us. Although this document is intended to be
technical in nature, it will bring to light certain issues that as the time of this writing still
remain unanswered. Second, attention will be concentrated on the technologies already
mentioned and discussed in the above sections and how these relate to security. Third, the
network topology of a typical Smart Home will be discussed and will not bother with the
industrial site scenario where hundreds of devices scatter through out a property, which is
47
beyond the scope of this project. And last, available tools and their capabilities as well as
limitations to analyze and explore a wireless sensor network will be briefly explored.
4.1 Understanding Security Threats
Antivirus programs are used in personal computers with the aim to shield these
computers from malignant viruses. These antivirus programs bring a level of comfort to
the user. However, they usually do more than just protect against malignant viruses. They
protect computer equipment as well as the information stored against worms, Trojan
horses, and malware installed in these personal computers without the consent of the
user. The purpose of a computer virus or malware may vary from making personal
computers unusable, to stealing information stored in them perhaps to steal the user’s
identity or to use these personal computers as a launching pad to attack other networks or
computers. Whatever the reason may be, the truth is that wireless networks based on
6LowPAN technology, or other 802.15.4 related technology, share similar threats for the
same reasons. In a recent Blog, Carol Stimmel, interim director of the E Source Inteligent
Grid Service said the following:
Using a few relatively simple programs, almost anyone can potentially
wreak havoc by spying on network traffic and attacking security systems.
With a little creativity, hackers can steal electricity; attack end-use devices
like smart switches and thermostats, and even see when people aren’t
home [48].
Organized crime, and even State Sponsored Cyber Attacks, knowing the address of a
PAN coordinator for instance, can use this knowledge to cause harm. Unfortunately for
all of us, State Sponsored Cyber Attacks are a reality that even the US Government is
48
aware and recognizes the impact of such event. Organized crime may not be far behind
[49]. A United States Army article entitled “Countering State-Sponsored Cyber Attacks:
Who Should Lead?” said the following
An actual state-sponsored or organized group controlled cyber attack
could undermine the U.S. information network infrastructure and disrupt
the nation’s functioning sectors—public, private, and governmental [50]
This network infrastructure includes the Smart Grid as it is currently envisioned. The
weakest link on the Smart Grid may be the Smart Home with all those wireless 802.15.4
devices that are part of the Smart Home Network. Of course there is no such thing as an
Anti-Virus that can be installed on an 802.15.4 device. But knowing and understanding
vulnerabilities can help us prepare for this possible attacks. In addition, understanding the
technology, in this case the 6LowPAN protocol, can give us a real sense of what can be
done to ensure that security is a real possibility. Of course, once it is known what is under
the proverbial hood, these issues also expose the weaknesses and limitations of this
technology. This knowledge will give the person who lays the landscape or topology of
the network a leg up on what tools are available in order to counter possible attacks. At
the same time, knowing how a 6LowPAN network can be attacked can aid network
designers in what tools to use or how to prepare. Lets take a look at some of these attacks.
4.1.1 Physical Attacks
These are attacks where physical destruction, relocation, theft and other related activity
could either damage or make a sensor inoperable. In the case of theft, an attacker can
learn crucial security information as well as the electronics involved from the sensor
49
itself. The sensor may posses a private or public key, which the intruder can acquire by
interrogating the captured node [51]. This becomes a very serious threat for the security
of the Smart Grid. If the vision of a Smart Grid where every household in the United
States has sensors embedded in appliances, what can stop a criminal from removing the
sensor part of an appliance and learning about key encryption for that particular
household or neighborhood. From the research done to write this document, as of the
time of this writing, the majority of scenarios presented by researchers and industry deal
with large networks that most likely would be found at an industrial facility. Yet, when it
comes to a Smart Home, this environment seems to be avoided, neglected or not
discussed in regards to physical threats. This type of physical attack, like theft of
appliances or tampering with devices already owned, raises very troubling questions with
regards to integrity and confidentiality. How can manufactures of these appliances be
able to embed a device that is tamper proofed on one of these appliances? How would
manufacturers of wireless sensors be able to guarantee this on a home scenario? This
remains to be seen and is part of the communication that needs to be established among
competing technologies. The Zigbee Alliance has a branding certification program right
now [52], but whether these questions will be answered or are being addressed at this
point in time is beyond the scope of this document.
4.1.2 Denial of Service (DoS) Attacks
These types of attacks can be triggered in both the 802.15.4 layers and the network layers
and above. At the 802.15.4 layer level, the PHY layer can be affected by intentional or
unintentional electromagnetic signals. These can either slow a network or make it
50
inoperable. Can these also be applied to a Smart Meter? That is a possibility and
manufacturers must explore these possibilities. At the same 802.15.4 layer level, the Link
(MAC) Layer can be victim of collision and contention of falsified frames. At the
Network level and above, there can be an outburst of packets being falsified and thus
making the nodes spend time handling these packets instead of the real packets and thus
slowing down the network [51].
4.1.3 Wormhole Attacks
In this type of attack is a passive attack and it only takes place near the wormhole or
carefully situated intruder. The attacker records packets at one location in the network
and tunnels them to another location so that these messages are replayed. In order to
detect and detect a wormhole attack, a distributed algorithm is used, in which each
beacon node acts as a detector, each sensor participates in hop counting, while the base
station controls the start and end of the detecting process and attempts to locate the
intruder based on alarm messages received by nodes near the proximity of the wormhole
[53]. For the Smart Home application, this means that manufacturers embedding devices
in appliances have to provide built-in mechanisms were a Smart Home network would
not be victim to a wormhole attack.
4.1.4 Other Wireless Sensor Network Attacks
Other types of attacks include Selective forwarding, Sinkhole attacks, Sybil attacks, Hello
flood attacks and Acknowledgement spoofing. Of course, this list does not cover all
known attacks, but it gives us an idea of the type of threats out there. Having this
51
knowledge would help the wireless network designer prepare ahead of time when
implementing a wireless sensor network.
4.2 Smart Home Components and its Associated Security Issues
In this section, the technologies that would be part of a Smart Home Network will be
discussed. The built-in security features will be addressed, as well as their respective
security issues. Understanding these technologies ensures a solid and secure Smart Grid
endpoints, namely the Smart Home. Before getting started, it would be insightful to take
a look at a current datasheet for a Smart meter [54] to see the type of technology that is
used in a Smart Home network.
Table 2: Smart Meter Datasheet Stats
52
In the HAN (Home Area Network) Communication section of the above datasheet, the
Smart Meter uses 802.15.4 at a frequency of 2.4 Ghz and data rate of 250 Kbps. The
protocol used for this Smart Meter is the ZigBee 1.0 protocol, but under the
Protocols/Security, the addressing used is IPv6, which may imply that a future version of
ZigBee, likely ZigBee IP, will be supported. In addition, it shows that the meter uses two
Advanced Encryption Standard (AES), the AES-128 and the AES-256. The Secure Hash
Algorithm 256-bit is an algorithm that is built above the PHY/MAC layer and is beyond
the scope of this document. It is worth mentioning, and it should be obvious, that the
same information is available to hackers. However, having this information available is a
good starting point to build a secure wireless sensor area network.
4.2.1 IEEE 802.15.4 Security
Because of the nature of a wireless sensor networks, security is a concern at every level
of the OSI layers (see Section 2.1.2). The 802.15.4 is no exception. In this section we will
discuss the built-in security features of the IEEE 802.15.4 standard and how these can be
used to make a wireless sensor network a more robust and secure network.
The IEEE 802.15.4 standard provides built-in encryption based on the 128-bit Advanced
Encryption Standard (AES). Manufactures that build an 802.15.4 compliant must include
an AES-128 hardware engine in order to market it well. Hence, the 802.15.4 chips
provides the essential mechanisms to provide security and cryptographic support [55].
The 802.15.4 Link layer provides the following cryptographic mechanisms for security
services [55]. The first one is data confidentiality, where there is assurance that the
53
transmitted information is only disclosed to authorized parties to whom the data was
intended. The second is data authenticity, which offers assurance that a message sent has
not been modified by an intruder and that the message is legitimate and received without
tampering. Sending a message integrity code (MIC) with each packet provides message
authentication and integrity check. The MIC is a cryptographic algorithm that is based on
symmetric-key cryptography and uses keys by higher layer processes. The mechanism of
how these keys are established, as well as their maintenance, is beyond the scope of this
document and information can be found here [56]. Depending on the security levels
ordered, the MIC could range from 32, 64 and 128 bits (Table 3). For more details on
cryptographic security mechanisms used for protected MAC frames, refer to Clause 7 of
the IEEE 802.15.4 standard [14].
Table 3: Message Integrity Code and Security Levels
The last one is Replay Protection, which can assure us that if an intruder duplicates
information, this can be detected. The replay protection uses a counter mechanism that is
associated with cipher keys. This counter mechanism uses the outgoing frame counter for
54
the device called the Frame Counter, which is used to provide replay protection and
semantic security of the cryptographic building block used for securing outgoing frames
[57]. The way it works is that the counter is incremented each time an outgoing frame is
secured. When the counter reaches its maximum value, the associated key becomes
invalid, thus a key update is necessary. This provides a mechanism for ensuring that the
keying material for every frame is unique.
In addition to the encryption mechanisms, 802.15.4 provides other means in which an
application can take advantage of the security mechanisms at the MAC layer. For
instance, there are two important packet types that are relevant to the security of
802.15.4: the data packets and acknowledgement packets [19]. The application layer
would specify its security requirements, whether it wants it enable or not, by setting the
appropriate control parameters into the radio stack through the MAC sublayer, which
handles all access to the physical radio channel [58]. Hence, security at this level depends
on how the firmware/software is implemented above the 802.15.4 layers. For these
reason, it is imperative that a good understanding of how hardware and software interact
in order to create an application that would take advantage of all the security features that
the IEEE 802.15.4 standard has to offer.
4.2.2 Tiny OS and nesC Programming Language Security Roles
As previously discussed, TinyOS and the nesC Programming Language are very much
intertwined. Because of the hardware constraints, namely memory, having a good
knowledge of these limitations can give a Software Engineer a sense of what
55
compromises to make when it comes software and firmware design. In the Guidelines for
Smart Grid Cyber Security (NIST 7628) it says the following with respect to poor
software engineering practices:
Poor software engineering practices can lead to software that misoperates
and may represent a security problem. Such problems are well known in
software, but it should be recognized that embedded firmware may also be
susceptible to such vulnerabilities, and that many of the same good
software engineering practices that help prevent these vulnerabilities in
software may also be used for that purpose with firmware [59].
As mentioned in the 802.15.4 security section above, the mechanisms to implement
security are already built-in the standard. Yet enabling these security features creates
overhead in terms of application size and power depletion as the bigger the application
the more processing power is needed. Of course, for this latter point, a device in the
Smart Home scenario may draw power from an AC/DC converter as the device life will
depend on an appliance and it may use DC through a battery when the device becomes
unplugged or there is a power outage. Again, keeping in mind that this will only apply to
the Smart Home where AC is a source of alternative energy.
4.2.3 6LowPAN Protocol Security
As discussed in the previous sections, 6LowPAN has very special characteristics like a
small packet size, low bandwidth for low power devices and works in very constraint
memories. These characteristics make it difficult but not impossible to implement
security. However, implementing full IPv6 security is another story. For example, IPv6
uses IP Security (IPSec) and because of the aforementioned constraints this IPv6 feature
56
is difficult, if not impossible, to implement [60]. Issues related to IPSec on 6LowPAN
networks would be payload size, impact on bandwidth communication and latency,
power or energy needed to process such a big payloads and the need for processing speed
beyond of what today’s 802.15.4 compatible microcontrollers can offer. Of course,
6LowPAN is not alone when it comes to security and good knowledge of 802.15.4 helps
to see this. Below this 6LowPAN layer, the 802.15.4 link-layer provides access control,
message integrity, message confidentiality, and replay protection, as already mentioned
in the 802.15.4 security section above. However the limitations cannot be ignored and
when designing a network, an engineer needs to plan accordingly.
Neighbor discovery is one of the features that 6LowPAN uses in mesh networks, as
neighbor discovery is part of the IPv6 protocol. As a result, mesh networks are
susceptible to threats as outlined in the network security section below. For this reason, it
is a good idea that developers and/or implementers make good use of 802.15.4 link layer
security such as replay protection at a minimum to alleviate or reduce these ad-hoc based
threats [31]. This type of network implementation implies that the majority of devices in
the network, if not all, are Full Function Devices (FFD) as they are able to route packets
in a mesh environment. However, as previously mentioned, this may not be the case for a
typical Smart Home and the use of Reduced Function Devices (RFD) is a likely candidate
for home appliances. An RFD device will typically implement the minimum set of
features necessary. As a result, the RFD may rely quite strongly on the mechanisms
defined at the 802.15.4 link layer. How will all these issues will be coordinated by
57
manufactures and implemented is beyond the scope of this documents and time will tell
how to solve this issues.
Other mechanisms that 6LowPAN can use to make security stronger [61] are
Authentication Header (AH), which provides integrity protection and authentication only
[62], Encapsulating Security Payload (ESP), which encrypts for confidentiality [63], and
a mode of ESP that defines using AES-CCM [64], that is suitable for use with 6LoWPAN
nodes.
Currently, as of the time of this writing, under the NIST Guidelines for Smart Grid Cyber
Security, there is not much information about 6LowPAN, IPv6 over 802.15.4, and admits
that there is more research to be done. Instead of guidelines, the document raises several
questions regarding the implementation and development of IPv6 over 802.15.4 [59].
Currently, as of the writing of this document, 6LowPAN security is not mature, although
there is much research underway.
4.3 Network Topology and Security, Beyond the IEEE 802.15.4 Standard
The IEEE 802.15.4 standard does not specify the type of network topology to use in a
wireless sensor network. However, it defines how the MAC and PHY layer would work
on a Low Rate -Wireless Personal Area Network (LR-WPAN) whose characteristics is a
star or peer-to-peer topology. Although there are various topologies that can be discussed
in the case of a wireless sensor network, only two possible scenarios will be covered and
follow the suggested topology to use for a 802.15.4 network [23]. For this project’s
58
wireless sensor home area network, this would be the aforementioned star and the peerto-peer topologies.
4.3.1 Start Topology
This topology consists of a central hub, switch or computer where the nodes
communicate with each other thru this central device.
Figure 18: Star Topology Representation
The disadvantages are that if the central device is no longer functioning, the nodes cannot
communicate with each other. For the purposes of the Smart Home scenario,
communication between devices is not necessary. This is because the nodes, devices
embedded in appliances, do not really need information from one another in order to coexist.
The central device can either be an edge router that can give energy feedback to a
customer and at the same time route packets to a Smart Meter. Or it can directly route
packets to the Smart meter without involving the customer. All information received
59
from these devices can be tabulated and sent to the Utility Company through the smart
meter and related relay points.
4.3.2 Peer-to-Peer Topology
This is a type of topology commonly used in wireless sensor network in which each node
is in communication with one another as long as they are within reach from one another.
So why would each device need to communicate with one another? In the Smart Home
scenario, the purpose of communicating with another device is for the purpose of routing
packets to a Smart Meter when a device is out of reach. The distance between a Smart
Meter and the television in the living room, for example, can be too far from each other.
Because there are other appliances that may be closer to the Smart Meter and within
reach of the television, these appliances can serve as routers to send the packets to its
intended destination, in this scenario it would be the Smart Meter.
Figure 19: Peer-to-Peer Topology Representation
60
In order to construct either on of these two topologies, two different types of devices are
employed. One is called the full-function device (FFD) and the other one is a reducedfunction device (RFD). The difference between them is that the FFD can operate in three
modes serving as a personal area network (PAN) coordinator, a regular coordinator or a
device and the RFD cannot be a coordinator and can only associate itself with one FFD.
In addition, it cannot communicate to another RFD. Thus, the RFD is intended for
applications that are very simple and because of its simplicity it would only use minimal
resources and memory capacity [65].
Having presented the above information, the question is what is the likely scenario to be
found in the Smart Home environment? This question may be answered in due time but
there are some things to consider. For instance, you may have a star topology in which
the only FFD is the Smart Meter and the rest of the devices in a home are RFD. This is
because RFD can connect to a FFD but not to another RFD. Because RFDs are simpler,
they are also less expensive. In the other hand what do you do if you need to route
packets from a device that is too far to reach a Smart Meter? You may need to implement
a peer-to-peer topology, keeping in mind that if a RFD device is present, it will connect
to either the PAN coordinator, or to another FFD playing a coordinator role.
Either one of these topologies introduces a set of security issues that were mentioned in
Section 4.1 of this document and can vary from physical threats to DoS attacks. A
physical attack is a scenario that is interesting from the point of view of how the energy
industry and alliances are planning to solve. In this scenario, a home owner/criminal can
61
extract all key material, data and code stored on an embedded device [26]. Can a tamper
resistant embedded device be the solution? This can add cost and most likely not be a
viable solution.
4.4 The Need for Wireless Sensor Network Security Tools
One of the key ingredients to create a secure Smart Home network is the ability to find
vulnerabilities in such a network. Because of the nature of this networks where wireless
communications are taking place by radio signals, a tool is needed that has the ability to
capture such signals. Currently these tools exist, but are in their infancy of development
and as the technology continues to evolve, more developers and companies will march
towards a standard. One of the advantages of using the IPv6 protocol on a wireless sensor
network is that the same IP tools, not security tools strictly speaking, currently in use can
be adapted in the 6LowPAN to debug a network. For instance, a small sensor can be
interrogated by using the “ping” command to see whether the device is alive or not. This
is a very simple tool that can help a developer, utility person, or who ever to know that a
device is working. You can even “telnet” to the device and ask it to give you information
about the device status as long as you know the address of the device and port available.
These are tools are already in place and developers can use these oldies but goodies.
Other tools that are security related worth mentioning but are specific to other protocols
and require additional hardware are: GoodFET [66], which is a hardware analysis tool
that allows debugging of platforms/chipsets and it focuses on the power-glitching to
62
bypass hardware security mechanisms. There is also a ZigBee centric tool called
KillerBee [67] and is an analysis tool that allows capture and analysis of the network and
its respective devices. For the KillerBee, there is no cost for the software and it can be
downloaded for free, but you need two small-embedded cards that would run about $80.
There is also another more expensive one called USRP2 from Ettus Research [68], and
the cost is prohibited at about $2k.
63
Chapter 5
DESIGN, IMPLEMENTATION AND TESTING
5.1 Description of the Project
The project consists in enabling the 6LowPAN protocol on a wireless sensor home area
network, where two of these boards are thought as being embedded in any household
appliance (nodes) and a third one is used as an edge router, which is how a Smart Meter
works. These devices will be arranged in a star and peer-to-peer topology dynamically.
What does this meant? It means that the devices are rearranged so that the topology
changes from star to peer-to-peer with one of these motes out of reach from the edge
router. Once the topology has changed, the mote closer to the edge router will be able to
route packets and thus still be able to find the node that is out of reach. Using IPv6 tools
remotely thru the Internet, these devices can be located and be interrogated on their
status.
5.2 The Ingredients for the Project
For this project to work, the following items were needed in order to accomplish it:
Developer's Environment: Apple Laptop loaded with Ubuntu 9.10, Java Enabled, TinyOS
environment installed on Ubuntu, GNU gcc, vim file to enable color coding for nesC
files.
Hardware: Three CrossBow TelosB boards with MS430 micro-controller and CC2420
radio chip, USB Hub with 4 ports.
64
5.3 Installing the Developers Environment
To install the environment, instructions were followed as found in the TinyOS website.
There were several issues that came up due to incompatibility between the version of
Ubuntu being used and the latest version of TinyOS. As a consequence, the operating
system version switched from Ubuntu 8.04 to Ubuntu 9.10, which was about a year and a
half older and that solve the issues. The following are the steps were followed to get this
accomplished. The steps vary somewhat from those found in the TinyOS website [69].
Some of the outputs are included in these steps.
Installing TinyOS 2.1 on Ubuntu 9.10 (Koala)
1. Add the TinyOS repository to your list of packages start by opening sources.list
sudo vi /etc/apt/sources.list
2. Add the following line at the bottom of sources.list
deb http://tinyos.stanford.edu/tinyos/dists/ubuntu hardy main
3. Update sources.list by typing
sudo apt-get update
4. Install TinyOS 2.1
sudo apt-get install tinyos-2.1.1
You should get two questions answer yes to both. During the install you will have to say
OK and Yes to EULA information. In addition, you will be prompted to accept a Sun
Microsystems License for Java. Press OK.
5. Edit your ~/.bashrc file in your home directory to set up the environment for
TinyOS development at login
65
sudo gedit ~/.bashrc
Add the following two lines:
source /opt/tinyos-2.1.1/tinyos.sh
export CLASSPATH=$TOSROOT/support/sdk/java/tinyos.jar:.
Save and exit the .bashrc file. Next run the command
source ~/.bashrc
ruben@ruben-desktop:~$ source /home/ruben/.bashrc
Setting up for TinyOS 2.1.1
Run the following to prevent errors with java apps
sudo tos-install-jni
ruben@ruben-desktop:~$ sudo tos-install-jni
Installing 32-bit Java JNI code in /usr/lib/jvm/java-1.5.0-sun/jre/lib/i386 ...
done.
5.4 Detecting the TelosB Board and Loading Applications
When this project started, the eZ430-RF2500 Wireless Development Tool [70]
manufactured by Texas Instrument was used. However, this board would not work in this
environment due to its proprietary non-open-source environment. As a result the board
was switched to the Memsic TelosB board and started working with that board from that
point on. Once the device was inserted in the USB port, the mote was detected showing
the following result:
66
At this point, the board has been detected and it was time to start playing with the board.
Note that the device is located in /dev/ttyUSB0 and it looks like a file, but is not. This is
the way peripherals appear under the Linux operating system and are found under the dev
(device) directory.
5.4.1 Compiling and loading a TinyOS program.
In order to see an actual program run on the TelosB board, a program called Blink was
used and it can be found in the apps directory of the TinyOS subdirectory. The following
are the steps needed to load Blink on a TelosB board.
1.
cd to /opt/tinyos-2.1.1/apps/Blink
2.
Compile the Blink application
The compilation process is graphically shown in figure 20. Notice that there are two
compilers, nesC and gcc, involved in the process of creating the executable.
67
Figure 20: Compilation of a TinyOS Application
3. List available motes with the ‘motelist’ command.
4. Install application to the specified mote:
After doing the above steps, the LED display on the TelosB board began to blink. Please
note that in case of certain applications, where there is more than one mote that needs to
be programmed, you can use the following command: make telosb install,1 for the first
one, make telosb install,2 for the second one, and so on.
68
This was the first program loaded on the TelosB board. However, in order to get familiar
with the TinyOS environment, several tutorials needed to be performed as found in the
TinyOS website before engaging the 6LowPAN protocol. These tutorials [35] include
Getting Started with TinyOS, Modules and the TinyOS Execution Model, Mote-mote
radio communication, Mote-PC serial communication and SerialForwarder and Sensing
and Writing Low-Power Applications. These tutorials are very time consuming, but are
needed to fully understand the capabilities of all technologies involved. After fully
understanding these tutorials and feeling comfortable with the TinyOS environment, it
was time to move into the 6LowPAN applications. It is highly recommended to go over
the nesC reference manual [71], as it has tons of information about how to write a
program and it helps in understanding existing ones as found under the TinyOS directory.
Furthermore, it would be a great learning tool to go over the source code of every tutorial
covered, as this will show how the component based programs work. See Section 3.1.2
for a quick overview of how the nesC programming language works.
5.5 Running a 6LowPAN Based Tutorial
The 6LowPAN protocol can be implemented by running the BLIP tutorial as found in the
TinyOS website. The name BLIP stands for ‘Berkeley Low-power IP Stack’ and is an
implementation in TinyOS of a number of IP-based protocols, including IPv6. Of course
this gives way to 6LowPAN as you are actually running IPv6 over the 802.15.4 signals.
This tutorial shows how to install and configure an IPv6-based subnet. The steps are the
following:
69
1. Install and activate an edge router
2. Configure routing to other networks
3. Begin activating blip node routers
The details of the installation can be found here [72]. In the actual tutorial, because the
board being used for this experiment is the TelosB, substitute the word 'mica' for 'telosb'
and ensure that the USB is working correctly and that it has detected the board. This is
done by executing the 'motelist' command, as indicated in Section 5.4 above, while the
board is attached to the computer in order to find the correct USB port that is working.
Because BLIP does not use the TinyOS Active Message (AM) layer, a small amount of
radio support is needed to provide a separate message dispatch mechanism, and arbitrate
between the AM and the IEEE 154 layers; this allows applications to include both IP and
AM-based protocols. For the purpose of this project, the AM-based protocol was not
pursued as a topic. You can find information and much more detail about this topic here
[73].
Once the tutorial was completed, time to move on with the project.
5.6 Implementing the Experiment
The first part of the project involved a simulation where a utility company needs to
communicate with a device and extract information from it. Three TelosB boards are
needed to accomplish this part of the project, as mentioned in the introduction. The first
board will be the edge router and will play the role of a Smart Meter or PAN coordinator.
70
The other two boards will be the nodes in the network and will be called “mote 1” and
“mote 2”. Please note that this same experiment can be conducted with more than two
TelosB devices playing the role of nodes in the network. However, for simplicity only
two nodes are being used to illustrate. At this point, the edge router is ready to be
installed.
5.6.1 Installing an Edge Router
The first thing that needs to be done is move to the “apps” directory and find a directory
within called IPBaseStation. This directory contains various files including a make file
which helps us to build and load the application that will be installed in the edge router.
Figure 21: IPBaseStation Folder
In this directory you will also find two IPBaseStation files. One is an actual Module file
(BaseStationP.nc), which means that it uses C-like programming language to engage the
hardware. Keeping in mind, what it was learned in Section 3.1.2, that this is a component
oriented programming language, it can be seen how at this level, the IPBaseStation
module is coded so that interfaces will be available to be used by a Configuration file.
71
Figure 22: IPBaseStation Module nesC File
The way the interfaces are declared do not tell us anything about how the interfaces will
be used. Will they be used or provide? The answer to this is found on how it is
implemented in the Configuration file (Figure 23). Notice how this module file is being
called in the “components” section of the IPBaseStationC.nc file and uses the interfaces
created in the Module file.
72
Figure 23: IPBaseStation Configuration File
Once we are in this directory, we install the IPBaseStation program.
73
Figure 24: Installation of the IPBaseStation Program
Thereafter, the routing driver needs to be built. Move to the following directory:
/opt/tinyos-2.1.1/support/sdk/c/sf
74
Once you are on this directory execute the following command:
$ ./bootstrap
You only need to do this once. This command creates a directory named “config-aux”
that contains a shell script file that is used to install the driver. Once this is done, execute
the following command:
$ ./configure
This command ensures that all libraries and dependencies are installed in order to build
the driver. You are ready to build the driver.
$ make
Once the make command has completed its work, under this directory, go back to the blip
directory and repeat the same above procedure by executing the same three commands. If
there is no issues found during this latter procedure in the blip directory, you are ready to
run the driver. Figure 25 includes the command used to install the edge router driver.
75
Figure 25: Running the Driver on TelosB Mote
Once this command is executed, the edge router is up and running. The command also
provides information relating to the channel used, the driver and a telnet program
installed along with the port that it uses. However it does not tell us anything about the
edge router address or what IPv6 address (short or long) is being used. Press “RETURN”
on the keyboard and it will enter into console mode. Here you can print configuration
information, statistics and execute relevant command like switching to another channel or
shutting down the driver if needed. A list of commands is displayed by typing ‘help’ at
the command prompt. You can access the same console through a telnet session, but
more of that later.
76
Figure 26: Running the Edge Router and Console
Once this is done, node routers, mote 1 and mote 2 can be installed.
5.6.2 Building and Installing Node Routers
Under the apps directory, there is an application that provides a UDP echo service on port
7, as well as a very simple UDP-based shell on port 2000. This application will be used
and installed in the motes. Attach one of the motes to the USB port and move to the
UDPEcho directory. Once there, execute the make command to install the application.
The format for the command is “make <platform> blip install.ID”, where <platform> is
the telosb platform being used and the ID can be any number with the exception of the
first number of the edge router address.
77
$ make telosb blip install.1
When you install the application in the mote, the installation file grabs the prefix
specified in the serial_tun.conf file for the edge router and appends the ID number at the
end. For example, the edge router uses the address fec0::64, where the fec0:: is the prefix.
Figure 27: The serial_tun.conf File
Thus, if the ID is the number 1, then the ID number is appended to the prefix and it will
become fec0::1, if the ID number is 2 then fec0::2, and so on. The ID number is in fact
the Interface Identifier, which in our case is appended manually. This ensures that each
node in the network will have a unique IP address. Because is manually done, you must
keep track of the number assigned to each node. The same installation procedure was
performed for mote 2 which obtained the IP address of fec0::2.
78
5.6.3 IPv6 Network Tools
It is good to keep in mind that some IPv4 networking tools can be used to debug an IPv6
based networks, but not all. Tools like “ping” are used to know whether a node is alive or
not and are needed to perform this type of basic functions. For this reason, a need to
install the appropriate IPv6 tools was needed for the host operating system. For the
purpose of this experiment, the ping6, nc6 (netcat6) and tracert6 were installed, as they
were not part of the Ubuntu 9.10 distribution.
Figure 28: Installing an IPv6 Network Tool
5.6.4 Putting it All Together
Once the nodes are loaded with the UDP shell, the batteries were inserted in the motes
and then distributed the devices in a way that both were about equal distance, about 40
79
feet, from where the edge router would be located. Then loaded the driver on the edge
router and began to test the network.
Figure 29: Motes at Equal Distance from Router
Access to the motes and the edge router through the Internet was required, as
accessibility from a Utility Company to a HAN is being simulated. For this scenario, the
edge router plays the role of a Smart Meter and the motes play the role of the embedded
sensors in appliances. A computer accessing the edge router, through the Internet, plays
the role of the Utility Company’s remote server. So the first thing to check is whether the
nodes were working properly. The ping6 command was used thru the host operating
system to verify connectivity.
80
Figure 30: Verifying Mote 1 is Alive
Various distances from the router to the edge router were experimented on and it was
found that at about 50 feet is where packets began to be dropped. A good distance were
about no packets where dropped was at about 40 feet. Remember that as indicated in
Section 3.2.3, the motes are documented to work from 65 to 98 feet. The need for a
shorter distance may be due to electro magnetic interference (EMI) as the edge router is
sitting, while conducting the experiment, very close to other electronic devices including
a monitor, a laptop, a wireless telephone and a wireless router. Other possible
interferences may be over the air signals, neighbors wireless routers, walls, and others.
5.6.5 Connecting thru the Internet
There are key pieces of information needed in order to accomplish this task. The first key
is to know the IP address of the host computer. In reality, the way the Smart Grid as is
being proposed and drawn at the consumer end, there are two PAN coordinators. The first
one is a PAN coordinator that validates a smart meter as being part of a legitimate pool of
81
household Smart Meters. The second PAN coordinator is the Smart Meter, as previously
mentioned, where it validates appliances as being part of the home network. For the
purpose of this experiment, the IP address of the host machine will be likened to the first
level PAN coordinator and the edge router IPv6 short address to the IP address of the
Smart Meter. Yet there are other two pieces of information that are needed to
communicate with the edge router and with either one of the nodes in the network
through the Internet. They are the ports where the edge router, port 6106, and the nodes,
port 2000, are listening. Having this information now, lets see two ways to connect.
5.6.6 Connecting Directly to the Edge Router
For this step, you need to type “telnet <host machine IP address> < edge router port>. If
you have configured your machine with a name for the host, you can substitute that
instead of typing the IP address. The name of the host machine is ‘ubuntu’ and the IP
address is 172.16.31.140. Please note that this experiment was done in a private network
and not through the Internet. However, the same principles apply and connectivity was
made thru the private network. After verifying that the host was alive, by means of the
‘ping’ command, connected to the open port through telnet; where the edge router is
listening. Once the command prompt comes up, the ‘help’ option was typed to find other
commands used by the edge router in order to find information about the network.
82
Figure 31: Telnet Session to Edge Router
The commands are shown in figure 31 and will kind of give you a starting point on
information about the commands themselves. In these commands you will find options
that would be important to a remote administrator. For instance you can print
configuration information, print statistics, invalidate a router, print the current routing
map and recalculate routes if you are not happy with the map results.
83
Figure 32: Edge Router Console Commands
The above console shows, under routes, the star topology connectivity between the edge
router and the two motes.
5.6.7 Connecting to the Host Machine
The other way to connect to an edge router and any of the nodes is to ssh to the host
machine. Then once you connect to the host machine, you can do the above steps to telnet
to the router, or use the ‘nc6’ command to connect to any of the nodes on the network.
Once you connect to the mote using ‘nc6’, the screen does not give you any feedback of
connectivity. Type ‘help’ and it will tell you the available commands. These few
commands also can be valuable for any remote administrator. However, it is just a sample
of the networking tools that can be embedded in these devices.
84
Figure 33: Using the IPv6 Netcat Utility
5.6.8 Routing to a Mote Out of Range
For this part of the experiment, a mote was placed out of range of the edge router. As a
result, the edge router, in order to communicate with the mote out of range, will need to
rely on the routing capabilities of the mote in proximity. For this scenario, that would
correspond to mote 1 and mote 2 would be the device placed out of range of the radio
signal of the router edge.
85
Figure 34: Mote 1 Serves as a Router for Mote 2
To prove that it was out of range, the ‘ping6’ command was used to see whether mote 2
was reachable. It was not at first, but after a few minutes, mote 1 began to route packages
from mote2 to the edge router. The telnet console was used to connect to the edge router
from another computer. Once in the blip console, it was verified that the new route was
valid by typing ‘routes’ at the command prompt.
86
Figure 35: New Routing Scheme for Network
Worth noticing is the ability for this motes to adapt once a mote was out of reach. This is
due to the network discovery properties of 6LowPAN, which is a IPv6 feature (see figure
11). All of the other procedures were preformed as in the star topology with the same
results and will not be repeated on this part of the documentation. After completing this
part, the motes were brought back within equal distance from the edge router and noticed
that the routing and network configuration was still the same. Going from edge router to
mote 1, then to mote 2 (figure 35). At the edge router console, the command ‘routes’ was
typed to verify this and then typed the ‘newroutes’ command. Thereafter, mote 1 was no
longer working as a router for mote 2 and they went back to the original start topology.
Figure 36: Resetting Routing Map
87
So, if this were the kind of device that would be embedded in appliances, then it would
mean that these devices are capable of routing packets to reach the smart meter. Would
that be a likely scenario? Perhaps. However, it is worth noticing that the motes used for
this implementation are FFD, since they have the ability to connect to more than one
device. If FFDs are targeted to be embedded in appliances, this will raise cost, as a FFD
device will cost more than a RFD device. As discussed in previous section, a RFD device
only has the ability to connect to one device. One possible solution would be to have a
central device that can collect the information from the RFD devices and relay them to a
Smart Meter. Placement of this central device will have to be close enough to talk to a
Smart Meter. Only time will tell whether this is a solution that the industry will follow.
88
Chapter 6
CONCLUSION
There was a lot of technology to be learned in this project. Even concentrating on one
subject as part of the Smart Grid, the Smart Home seemed to be a big topic for
discussion. As this document was reviewed, this writer could not help but to think of all
the efforts that are going into this vision, namely the Smart Grid, and all the questions
that are being raised due to disjointed efforts in the industry. Things are beginning to
improve when it comes to communication among groups that have a stake in the
proverbial pie. For instance, the ZigBee group did not embrace the IETF IPv6 over
802.15.4 standard when it was first proposed. Today, the ZigBee group is beginning to
adopt IPv6 through the IPSO alliance with the ZigBee IP standard. This writer’s
observation is that there seems to be a lot of good players in this arena, but they seem to
be either speaking another language with each other or not communicating at all. This
can gravely affect the way security is conducted and can hinder the efforts underway to
improve the Smart Home.
Currently there are a lot of efforts taking place with open-standard technology. From
hardware to software, that seems to be a thread of commonality at least from the research
community. Yet, there are companies that continue to create devices with their respective
firmware and software that are not disclosing the products’ inner workings because of
patented technology. Perhaps that would not make such a difference, as you still need
802.15.4 to transport any packet in this environment. But as discussed, it is how the
89
layers above the 802.15.4 layers are implemented that affects security. Having a black
box in terms of code can transpose a dream Smart Home into someone’s nightmare. An
example of such a black box is the Microsoft Operating System, which has been affected
by security issues for years. Time will tell how all of this plays out as utility companies
will have to choose who will be the provider of these technologies and they themselves
will reap the fruits of their choice. Whatever that may be!
When it comes to the Smart Grid, one of the observations made by this writer was that
speakers, who are either researchers or advocates, and those who sell the concept of
security in the Smart Grid, speak in broad terms. There were several presentations that
this writer attended, on-line and in person; and without acquiring the required
background, it is easy to get lost in the topic. The Smart Grid is a huge entity; and in
order to explain it, it needs to be broken down on specific topics and thereafter
concentrating on a specific topic in order to understand the entire picture. For example,
the majority of topics found for wireless sensor networks are applicable to industrial
environments where it makes sense that hundreds of devices would be sprinkled around a
property for reasons related to the industrial environment. This includes taking
temperature, humidity or any other similar measurement. Yet, not one paper that was
worth quoting spoke about the home environment. This document tackles the subject of a
Smart Home and brings legitimate questions that can be further researched. For instance,
the majority of papers researched assumed that batteries would power devices. For the
implementation part of this project, a battery-powered device had to be used as it is the
only off-the-shelf solution affordable enough to experiment. Is that the case for a home
90
environment? No! Most likely these devices will depend on the DC power that can be
drawn from appliances. Exceptions would be if a device is disconnected or there is a
power outage. Even if that were the case, why would you want an unplugged device to be
connected to the home area network? The Smart Home brings another set of
circumstances that nobody is talking about. Let’s briefly discuss what they are.
Currently, the ZigBee Alliance is certifying products that are ZigBee compliant. Yet, as
this topic was researched and as mentioned above, information on methodologies used,
threats to which they were exposed and how any of these certified devices are secured
was not found. Their marketing claims that it is secure and thus they give a certification
label to a particular appliance. Yet, has this wireless sensor been given to academia in
order to see how secure it is? In other words, would these appliances be so secure that
they cannot be reversed engineered to extract vital information from them? There are
tools currently that can help to analyze vulnerabilities of a wireless sensor network, but
time will tell whether these tools can either help or hinder security in the Smart Home.
As far as the technologies and methodologies learned in this project, they can give the
reader a sense of understanding the big picture. The 802.15.4 is now the standard radio
transport technology for low-power wireless devices. This radio signals follow a standard
that is solid and users needing a low-power wireless technology are not hampered by
proprietary radio technologies tied to the lifetime of a company where support may be
limited. Taking advantage of the capabilities of this radio technology is the 6LowPAN
protocol standard. This protocol is needed to take advantage of already developed IPv6
91
tools and will benefit from mature infrastructure methodologies. Also, with respect to the
software and programming components of this project, understanding how the TinyOS
operating system interacts with the nesC programming language and how the component
oriented programming is essential to fit in such a memory constraint environment was
essential. Also, the hardware involved in the project helps to understand the relationship
between the 802.15.4 standard and the device needed to form a wireless network.
Reading the 802.15.4 standard can help the reader, student, developer or hardware
engineer to envision how registers in the device are set and their relationship with the
outcome of setting such registers.
On the security section, many possible security threats and how each piece of the puzzle,
namely technologies, can bring its set of threats was understood. Solutions to these
threats where explored and recommendations were given. There is no need to reiterate
what was discussed in the security section. However, it is worth mentioning that there is
one more issue of security that was not covered. That is the issue of the priorities of
confidentiality (C), integrity (I), and availability (A). Because confidentiality is given last
priority on this pyramid of priorities, some people may have an issue with that in terms of
personal and confidential information. This priority scheme may apply to the Smart
Home where confidential information is imperative and the AIC priority scheme ends at
the Smart Meter and the CIA starts from that point on for the home only. This is a very
good topic to explore in the future and can be left for research.
92
In the implementation chapter, there was much that was learned. This is where all the
knowledge acquired came together and the advantages of using an IP-based protocol
shined. Having understanding of the capabilities of 6LowPAN and how this protocol
inherits IPv6 properties can be viewed as a blessing and a curse. Obviously the blessing
comes with the features of IPv6 that corresponds to addressing, routing, compatibilities
with IP-based networking debugging tools and others. The curse, as some may see it, is
the neighbor discovery feature that may allow security threats to always be lurking as
outlined in the chapter 5; and due to the wireless nature of these types of wireless sensor
networks, this will always be a threat. However, the construction of a wireless sensor
network based on 6LowPAN did teach us the following points in the context of a Smart
Home:
a. That depending on the embedded device, an appliance may have the capability to
route information to a smart meter. In our case, the edge router was playing the
role of a smart meter; and the rest of the motes, the role of appliances.
b. The user or the utility company may interrogate an appliance on its status
remotely. In the case of a user, this can be done through a device getting
information from devices in the Smart Home and displaying this information in
human terms. The utility company can do this as well through software acquiring
relayed information from Smart Meters.
c. A utility company may know how many devices are attached to a smart meter at
any particular time, and that utility company may even add a new device to the
93
network if needed. The utility company may even invalidate a wireless network
router if it is not needed.
d. This type of network is self-healing, which means that the topology can adapt
itself according to the geographic location of a wireless sensor device. As
demonstrated by the experiment, the network can change from a star topology to a
peer-to-peer topology dynamically. The topology can also be manually set so that
it can change according to the wishes of a network administrator.
All of the above was possible by using the 6LowPAN and using IPv6 networking based
tools, and it is just a sample of what can be done with this IP-based protocol. Please note
that the routing commands are part of the edge-router driver software and not part of the
6LowPAN. Yet, 6LowPAN is how these commands are transported and executed. There
are other things that could have been implemented such as enabling the sensor to work in
conjunction with 6LowPAN, but this would require external software to collect
information transmitted by the sensors and to be displayed in human form. Thus, this last
point is beyond the scope of this document and this option was not explored using
6LowPAN.
There are some issues that we run into when it comes to optimal distance and reliability
of IP packets being delivered to their intended destination. For example while using the
‘ping’ command, it was noticed that the amount of packets dropped was related to the
distance. The greater the distance between the edge-router and the mote, the more packets
it dropped. As indicated in the implementation chapter, this may be related to EMI, walls,
94
or other unknown interference. A workable distance was used in order to make the
wireless sensor network work optimally.
Another issue that was briefly discussed was cost. However, we discussed cost in terms
of comparing an FFD and a RFD. In this discussion, we stated that because an RFD is a
simpler device, the cost should naturally be lower of that of a FFD. This is because an
RFD device does not have the routing capabilities of an FFD mote and in the Smart
Home scenario, there are alternatives to relay or route information to the Smart Meter.
Hence an FFD embedded in every appliance does not make economic sense. Keeping this
in mind, the device used for this experiment is an FFD and it has built-in sensors at a cost
of $130 per unit. There is an added cost for these units due to the sensors built-in.
Therefore a good question to ask is how much would an RFD device cost with embedded
sensors? Whatever the price, it needs to make economic sense. If these types of device
are to be embedded in every appliance in a typical household, the price of the device
needs to be significantly lower than that of the appliance. Otherwise, if the price of an
appliance increases significantly, how can manufactures justify the increase? If savings
justify the increase, then how does that savings compare to the actual price of the
appliance? These are questions that need to be asked and only time will tell what the
outcome will be.
To conclude, this has been an awesome learning experience of these technologies.
Looking back, this writer wishes that certain things could have been different as to how
this project was conducted. Perhaps having vulnerability-exploring tools may have made
95
it a bit more interesting, but that would mean expanding the technology net outside
6LowPAN since these security tools currently available do not support 6LowPAN.
Having said that, nothing stops the reader or this writer from doing so as this project has
been completed. This was an enjoyable project, although at times tedious due to not being
familiar with the TinyOS operating system, the nesC programming language or the
802.15.4 wireless sensor technology. After researching and implementing the project, the
enthusiasm of this writer for the Smart Home technologies is very high. From hardware
to firmware, understanding of how a Smart Home would work has been very fulfilling.
96
REFERENCE
[1]
Silver Spring Networks Website. “Flexibility for Demand Response Programs. ”
http://www.silverspringnet.com/solutions/demand_response.html
[2]
On-Ramp Wireless Website. “Product Overview.”
http://www.onrampwireless.com/sensor-technologies/products/product-overview
[3]
Airdata WIMAN Systems, Inc.Website. http://www.wiman.net
[4]
IEEE 802 Website. "Overview and Guide to the IEEE 802 LMSC."
http://www.ieee802.org/IEEE-802-LMSC-Overview-and-Guide-01.pdf
[5]
[6]
USB Website. “USB 3.0 Features.”
<http://www.usb.org/developers/presentations/pres0410/13_SSUSB_DevCon_USB_3.0_Update_Ismail.pdf>
A.A. Ahmed. et al. “A Survey on Network Protocols for Wireless Sensor
Networks.” Proc. IEEE Int’l Conf. Information Technology: Research and
Education, August 2003.
<http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=1270626>
[7]
Wikipedia Website. “Zigbee: Licensing.”
http://en.wikipedia.org/wiki/ZigBee#Licensing
[8]
Wikipedia. "Moore’s Law." http://en.wikipedia.org/wiki/Moore's_law
[9]
Wikipedia Website. “MiWi.” < http://en.wikipedia.org/wiki/MiWi>
[10]
Microchip Technology Website. <http://www.microchip.com/>
[11]
Wikipedia. "WirelessHART" http://en.wikipedia.org/wiki/WirelessHART
97
[12]
Wikipedia. "ZigBee." <http://en.wikipedia.org/wiki/ZigBee>
[13] Wikipedia Website “6LowPAN.” http://en.wikipedia.org/wiki/6LoWPAN
[14]
IEEE Standard 802.15.4-2006, IEEE Computer Society
[15]
IEEE Standards Association Website. “IEEE 802.15: Wireless Personal Area
Networks. " < http://standards.ieee.org/about/get/802/802.15.html>
[16]
Jon T. Adams. "An introduction to the IEEE STD 802.15.4."
[17]
A. Victor. et al. "Build an IEEE 802.15.4 Wireless Sensor Network for
Emergency Response Notification for Indoor Situations."
<http://www.ieee.org/documents/final_paper_aaron_victor_build_802.15.4_wirel
ess_network.doc>
[18]
Jon T. Adams. "Zigbee Wireless Technology and the IEEE 802.15.4 Radio –
Enabling Simple Wireless."
<http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.120.380&rep=rep1&t
ype=pdf>
[19]
Naveen Sastry. David Wagner. "Security Considerations for IEEE 802.15.4
Networks." <http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.68.6564&
rep=rep1&type=pdf>
[20]
"IPv6 over Low power WPAN Working Group."
<http://datatracker.ietf.org/wg/6lowpan/charter>
98
[21]
Bradley Mitchell. "OSI Model Reference Guide: Standard network layer
architecture."
<http://compnetworking.about.com/cs/designosimodel/a/osimodel.htm>
[22]
Wikipedia. "OSI model." <http://en.wikipedia.org/wiki/OSI_model>
[23]
IEEE Standard 802.15.4-2006, Section 5.3. IEEE Computer Society
[24]
IEEE Standard 802.15.4-2006, Section 5.3.2. IEEE Computer Society
[25]
IEEE Standard 802.15.4-2006, Section 7.1.4. IEEE Computer Society
[26]
Chris Karlof, David Wagner. "Secure Routing in Wireless Sensor Networks:
Attacks and Countermeasures." pages 113,114
[27]
Wikipedia. "IPv6." <http://en.wikipedia.org/wiki/IPv6>
[28]
David Culler; Jhonathan Hui. “6LowPAN Tutorial, Tiny OS Technology
Exchange 2007.”
<http://robotics.eecs.berkeley.edu/~pister/290Q/Handouts/6LoWPANtutorial.pdf>
[29]
IEEE Standard 802.15.4-2006, IEEE Computer Society, p 45
[30]
G. Montenegro. et al. "Transmission of IPv6 Packets over IEEE 802.15.4
Networks: Maximum Transmission Unit."
<http://www.tech-invite.com/RFC/49xx/RFC4944.pdf>
[31]
G. Montenegro. et al. "Transmission of IPv6 Packets over IEEE 802.15.4
Networks." <http://www.tech-invite.com/RFC/49xx/RFC4944.pdf>
99
[32]
G. Montenegro. et al. "Transmission of IPv6 Packets over IEEE 802.15.4
Networks: Stateless Address Autoconfiguration." http://www.techinvite.com/RFC/49xx/RFC4944.pdf
[33]
Wikipedia, TinyOS. <http://en.wikipedia.org/wiki/TinyOS>
[34]
Philip Levis. David Gay. "TinyOS Programming.", Section 1.2. July 16, 2009.
[35]
TinyOS Website. “TinyOS Tutorial.”
<http://docs.tinyos.net/index.php/TinyOS_Tutorials>
[36]
TinyOS Website. "Installing TinyOS 2.1.1.”
<http://docs.tinyos.net/index.php/Installing_TinyOS_2.1.1#Twostep_install_on_your_host_OS_with_Debian_packages>
[37]
TinyOS Website. <http://www.tinyos.com>
[38]
David Gay. et al. " nesC 1.1 Language Reference Manual.”
<http://nescc.sourceforge.net/papers/nesc-ref.pdf>
[39]
nesC Website. UC Berkeley WEBS Project. "A Programming Language for
Deeply Networked Systems." http://nescc.sourceforge.net/
[40]
Philip Levis. David Gay. "TinyOS Programming.", Section 3.5. July 16, 2009.
[41]
Matt Welsh. "nesC: A component-oriented language for networked embedded
systems." Intel Research Berkeley and Harvard University
[42]
David Gay. et al. "The nesC Language: A Holistic Approach to Networked
Embedded Systems." <http://www.cs.berkeley.edu/~pal/pubs/nesc-pldi03.pdf>
100
[43]
TinyOS Website. "Platform Hardware.”
<http://docs.tinyos.net/index.php/Platform_Hardware>
[44]
Memsic Website. "TelosB Mote Platform Datasheet."
<http://www.memsic.com/support/documentation/wireless-sensornetworks/category/7-datasheets.html>
[45]
Wikipedia. “List of wireless sensor nodes.”
<http://en.wikipedia.org/wiki/List_of_wireless_sensor_nodes>
[46]
Texas Instrument Website. "MSP430F1611."
<http://focus.ti.com/docs/prod/folders/print/msp430f1611.html>
[47]
Memsic Website. "Wireless Modules." <http://www.memsic.com/ products/
wireless-sensor-networks/wireless-modules.html>
[48]
Carol Stimmel. “Are Killer Bees Swarming Around Your Smart Grid?”
<http://www.esource.com/email/service/IGS/2010/JUN >
[49]
Dennis C. Blair. "Annual Threat Assessment of the Intelligence Community for
the Senate Select Committee on Intelligence."
<http://intelligence.senate.gov/090212/blair.pdf>
[50]
Levon Anderson. "Countering State-Sponsored Cyber Attacks: Who Should
Lead?"
<http://www.csl.army.mil/usacsl/Publications/infoaspowervol2/IAP2%20%20Sec
tion%20Two%20(Anderson).pdf>
101
[51]
Gordon W. Skelton, PhD. "Cyber-Physical Security for Wireless Sensor
Networks."
<http://cimic.rutgers.edu/positionPapers/PositionPaper-GordonSkelton.pdf>
[52]
ZigBee Alliance Website. “ZigBee Home Automation Certified Products.”
<http://www.zigbee.org/Products/CertifiedProducts/ZigBeeHomeAutomation.
aspx>
[53]
He Ronghui, Ma Guoqing, Wang Chunlei, Fang Lan. “Detecting and Locating
Wormhole Attacks in Wireless Sensor Networks Using Beacon Nodes.” World
Academy of Science, Engineering and Technology. page 286
<http://www.waset.org/journals/waset/v55/v55-50.pdf>
[54]
Silver Spring Networks Website. “Silver Spring, GE kV2c™ Meter Datasheet.”
<http://www.silverspringnet.com/pdfs/SilverSpring-Datasheet-GE_kV2c.pdf>
[55]
Moazzam Khan. et al. "Key Exchange in 802.15.4 Networks and its Performance
Implications: Security in IEEE 802.15.4."
[56]
Wikipedia. “Symmetric-key algorithm.”
<http://en.wikipedia.org/wiki/Symmetric-key_algorithm >
[57]
IEEE Standard 802.15.4-2006, Section 7.5.8.1.4. IEEE Computer Society
[58]
Chen-Yuan Chen. “The development of enhancing mechanisms for improving the
performance of IEEE 802.15.4.” Department of Computer Science, National
Pingtung University of Education, Taiwan
<http://www.academicjournals.org/ijps/PDF/pdf2010/Jun/Shih%20et%20al.pdf>
102
[59]
Guidelines for Smart Grid Cyber Security: Vol. 3, Supportive Analyses and
References. <http://csrc.nist.gov/publications/nistir/ir7628/nistir-7628_vol3.pdf>
[60]
S. Park. et al. "IPv6 over Low Power WPAN Security Analysis.", page 6
<http://www.potaroo.net/ietf/all-ids/draft-daniel-6lowpan-securityanalysis-04.txt>
[61]
Shelby & Bormann. “6LowPAN: The Wireless Embedded Internet.”
[62]
S. Kent. "IP Authentication Header" <http://datatracker.ietf.org/doc/rfc4302/>
[63]
S. Kent. "IP Encapsulating Security Payload."
<http://datatracker.ietf.org/doc/rfc4303/>
[64]
R. Housley. " Using Advanced Encryption Standard (AES) CCM Mode with
IPsec Encapsulating Security Payload (ESP)."
http://datatracker.ietf.org/doc/rfc4303/
[65]
Vijay Kumar Garg. “Wireless communications and networking.” page 689
[66]
GoodFET Website. <http://goodfet.sourceforge.net>
[67]
KillerBee Website. <http://www.willhackforsushi.com>
[68]
Ettus Research LLC Website. <http://www.ettus.com/products>
[69]
TinyOS Website. “Getting Started.”
<http://docs.tinyos.net/index.php/Getting_started_using_Ubuntu_9.10_and_Telos
B_motes>
103
[70]
Texas Instrument Website. “MSP430 Wireless Development Tool.”
<http://focus.ti.com/docs/toolsw/folders/print/ez430-rf2500.html >
[71]
David Gay, et al. "nesC 1.1 Language Reference Manual." May 2003
<http://nescc.sourceforge.net/papers/nesc-ref.pdf>
[72]
TinyOS Website. “Blip Tutorial.”
<http://docs.tinyos.net/index.php/BLIP_Tutorial>
[73]
Philip Buonadonna. et al. "Active Message Communication for Tiny Networked
Sensors." <http://www.tinyos.net/papers/ammote.pdf>
[74]
Hongwei Li. et al. "Application and Analysis of IEEE 802.14.5 Security
Services."
[75]
Geof Mulligan. "The 6LowPAN Architecute." 6LowPAN Working Group,
Internet Engineering Task Force.