HICSS-38, Big Island, January 3, 2005 11
A Tutorial A Tutorial onon
Wireless Sensor Networks Wireless Sensor Networks
Stephan OlariuStephan Olariu
Sensor Network Research GroupSensor Network Research Group
Old Dominion UniversityOld Dominion University
[email protected]@cs.odu.eduedu
HICSS-38, Big Island, January 3, 2005 22
Tutorial roadmapTutorial roadmap
The vision: The vision: smart environmentssmart environments
What are wireless sensor networks?What are wireless sensor networks?
ApplicationsApplications
Conquering scale: a virtual infrastructureConquering scale: a virtual infrastructure
Middleware for wireless sensor networksMiddleware for wireless sensor networks
TaskTask--based managementbased management
Leveraging the virtual infrastructureLeveraging the virtual infrastructure
Information assurance in wireless sensor networksInformation assurance in wireless sensor networks
Concluding remarksConcluding remarks
HICSS-38, Big Island, January 3, 2005 33
Bricks and mortarBricks and mortar……
HICSS-38, Big Island, January 3, 2005 44
How it all started How it all started ……
SmartDustSmartDust program (sponsored by DARPA) defined program (sponsored by DARPA) defined sensor networks as:sensor networks as:
A sensor network is a deployment of massive numbers of small, inexpensive, self-powered devices that can sense, compute, and communicate with other devices for the purpose of gathering local information to make global decisions about a physical environment
HICSS-38, Big Island, January 3, 2005 55
SmartDust –– the vision
An airplane traverses a battlefield and deploys massive numbers of small sensorsThe sensors randomly scatter spatially as they landThe sensors self-organize into an ad hoc network such that information can be transmitted in a multi-hop route to a collection pointThe sensors monitor and report on troop movements, armaments, mine fields, etc
HICSS-38, Big Island, January 3, 2005 66
The National Research Council expanded the DARPA definition:
Sensor networks are massive numbers of small, inexpensive, self-powered devices pervasive throughout electrical and mechanical systems and ubiquitous throughout the environment that monitor (i.e., sense) and control (i.e., effect) most aspects of our physical world
Later NRC got involved, too…
HICSS-38, Big Island, January 3, 2005 77
What are sensors?
Sensors pack:Sensors pack:micromicro--sensor technologysensor technologylow power signal processinglow power signal processinglow power computationlow power computationlow power shortlow power short--range communications capabilitiesrange communications capabilitiesmodest nonmodest non--renewable energy budgetrenewable energy budget
As a rule, sensors linked by some wireless mediumAs a rule, sensors linked by some wireless medium
No fabricationNo fabrication--time identity!time identity!
HICSS-38, Big Island, January 3, 2005 88
Typical sensor diagram
Transceiver
Embedded Processor
Sensor
Battery
Memory
Transceiver
Embedded Processor
Sensor
Battery
Memory
1Kbps- 1Mbps3m-300m
Lossy Transmission
8 bit, 10 MHzSlow Computation
Limited Lifetime
Requires Supervision
Multiple sensors
128Kb-1MbLimited Storage
HICSS-38, Big Island, January 3, 2005 99
Types of sensors
PressurePressureTemperatureTemperatureLightLightBiologicalBiologicalChemicalChemicalStrain, fatigueStrain, fatigueTiltTiltAccelerationAccelerationSeismicSeismicMetal detectors
What are some What are some examples of examples of
sensors?sensors?
Metal detectors
HICSS-38, Big Island, January 3, 2005 1010
Thus, sensors can measureThus, sensors can measure……
Distance to an objectDistance to an objectDirection of objectDirection of objectAmbient temperatureAmbient temperaturePresence of chemicalsPresence of chemicalsLight intensityLight intensityVibrationsVibrationsMotionMotionSeismic/tremor dataSeismic/tremor dataAcoustic dataAcoustic data
HICSS-38, Big Island, January 3, 2005 1111
Goal: mmGoal: mm33 devices!devices!
MICA mote (1MICA mote (1stst generation sensor node)generation sensor node) Specs (2Specs (2ndnd generationgeneration sensor node)sensor node)
Size Size 2mm x 2.5mm2mm x 2.5mmProcessor/Memory Processor/Memory AVRAVR--like RISC processor, 3K of memory, 8 bit onlike RISC processor, 3K of memory, 8 bit on--chip ADC, chip ADC,
paged memory system, 32 KHz oscillatorpaged memory system, 32 KHz oscillatorRadioRadio:: FSK radio transmitter,FSK radio transmitter,OtherOther: : Programming interface, RS232 compatible UART, 4Programming interface, RS232 compatible UART, 4--bit bit
input port, 4input port, 4--bit output port, encrypted communication bit output port, encrypted communication hardware supporthardware support
CostCost less than $1.00 (in quantity)less than $1.00 (in quantity)What can it do?What can it do? Communicate 40+ feet indoors (walls), 19,200Kbps, frequenCommunicate 40+ feet indoors (walls), 19,200Kbps, frequency cy
separation 180KHzseparation 180KHz
HICSS-38, Big Island, January 3, 2005 1212
Sensors: modus operandi…
Conserve energysleep a lot, wake up periodicallywork locally, communicate sparingly
Work unattendedMust be adaptive to the environmentSupplement modest energy budget by scavenging(remember the night-vision goggles?)Hopefully, energy will not be a major problem
HICSS-38, Big Island, January 3, 2005 1313
Wireless sensor networks (WSN)Wireless sensor networks (WSN)
Distributed system with no central controlDistributed system with no central control
MassiveMassive numbernumber of sensors of sensors densely deployeddensely deployed in in the area of interest the area of interest
Random deploymentRandom deployment: individual sensor positions : individual sensor positions cannot be engineered cannot be engineered
Main goal:Main goal: global info from local dataglobal info from local dataOnly as good as the information it produces
information qualityinformation quality
information assuranceinformation assurance
HICSS-38, Big Island, January 3, 2005 1414
Wireless networks 101
InfrastructureInfrastructure--based networksbased networkscellular networkscellular networks
satellite networkssatellite networks
RapidlyRapidly--deployable networksdeployable networksadad--hoc networkshoc networks
wireless sensor networkswireless sensor networks
heterogeneous networksheterogeneous networks
Hybrid networksHybrid networkswireless Internetwireless Internet
HICSS-38, Big Island, January 3, 2005 1515
WSN versus ad hoc networksWSN versus ad hoc networks
Number of nodes: orders of magnitude higher in WSNorders of magnitude higher in WSNDensity of deployment:Density of deployment: orders of magnitude higher in orders of magnitude higher in WSNWSNReliability:Reliability: Sensors are prone to failure!Sensors are prone to failure!Topology:Topology: highly dynamic in WSN due to sleephighly dynamic in WSN due to sleep--awake awake cyclecycleCommunications:Communications: broadcast in WSN, pointbroadcast in WSN, point--toto--point in point in ad hoc networksad hoc networksModest resources Modest resources power budget, computational and power budget, computational and communications capacitycommunications capacityAnonymityAnonymity of nodes in WSNof nodes in WSN
HICSS-38, Big Island, January 3, 2005 1616
Communication issuesCommunication issues
Sink: longSink: long--range radio connecting WSN to outside range radio connecting WSN to outside world world
Communication: Communication: sensorsensor--toto--sink(s): multisink(s): multi--hop hop
sink(s)sink(s)--toto--sensors: broadcast or multicastsensors: broadcast or multicast
Modest power budget/onModest power budget/on--board memory imposeboard memory imposesimple and powersimple and power--efficient communication protocolsefficient communication protocols
optimaloptimal number of sensors performing given tasknumber of sensors performing given task
multimulti--hop communicationshop communications
minimalminimal MAC layer contentionMAC layer contention
HICSS-38, Big Island, January 3, 2005 1717
Sample WSN deploymentsSample WSN deployments
Military security Military security
Industrial sensing networks Industrial sensing networks (temperature, pressure, (temperature, pressure, displacement, tilt)displacement, tilt)
Civil structural monitoring (strain, Civil structural monitoring (strain, fatigue and corrosion)fatigue and corrosion)
Environmental monitoring Environmental monitoring
Agricultural applications Agricultural applications (temperature, humidity, etc.)(temperature, humidity, etc.)
Typical size: 4.3 x 2.4 x 1 inchesTypical size: 4.3 x 2.4 x 1 inches
HICSS-38, Big Island, January 3, 2005 1818
Basic functional view of WSNBasic functional view of WSN
Deployment area
Sink
End user
Satellite
Internet
Event
Multi-hop routing
HICSS-38, Big Island, January 3, 2005 1919
Detailed view of WSN systemDetailed view of WSN system
sensorssensorslocal sink nodelocal sink node
(in(in--network data repositories)network data repositories)
Sink Sink (mobile/airborne)(mobile/airborne)
(connection to outside world)(connection to outside world)
deployment areadeployment area
highhigh--level level InterestsInterests
(tasks/queries)(tasks/queries)
useruserReturnedReturned
resultsresults
Internet/satelliteInternet/satellite LowLow--level level tasks/queriestasks/queries
HICSS-38, Big Island, January 3, 2005 2020
Interfacing Interfacing WSNsWSNs
sink sinksink← ←
HICSS-38, Big Island, January 3, 2005 2121
Applications of WSNApplications of WSN
HICSS-38, Big Island, January 3, 2005 2222
Broad application classes
Monitoring of static environmentsenvironmental monitoringhabitat monitoringsurveillance
Monitoring of moving objects/targetstracking animals in wildlife preservesmovement tracking of enemy vehiclescross-border infiltration
HICSS-38, Big Island, January 3, 2005 2323
Specific application domains
Environmental forest fire detection and control (real-time reaction)precision agriculture (monitoring pesticide level in the water supply, level of soil erosion)
Biomedicaltele-monitoring of physiological data (storage for medical research, help the elderly)drug administration in hospitals (attach guard sensors to medication to prevent errors)
HICSS-38, Big Island, January 3, 2005 2424
Medical applicationsMedical applications
HICSS-38, Big Island, January 3, 2005 2525
Habitat monitoringHabitat monitoring
Courtesy: USC WebsiteCourtesy: USC Website
HICSS-38, Big Island, January 3, 2005 2626
Ecosystem monitoringEcosystem monitoring
Primary node
Secondary nodes
•Dense network of physical, chemical sensors in soil and canopy
•Measure and characterize previously unobservable ecosystem processes
HICSS-38, Big Island, January 3, 2005 2727
Supply chain managementSupply chain management
HICSS-38, Big Island, January 3, 2005 2828
Traffic control
Can networked sensors control traffic flow better than a loose network of people?
HICSS-38, Big Island, January 3, 2005 2929
EmbedSense™A wireless sensor data acquisition system
Can be used in monitoringCan be used in monitoringtemperature, pressure, andtemperature, pressure, andnoise level in jet enginesnoise level in jet engines
Uses a Uses a piezopiezo--electric powerelectric powersourcesource
No batteries No batteries -- big advantagebig advantage
http://http://www.microstrain.comwww.microstrain.com
HICSS-38, Big Island, January 3, 2005 3030
SecuritySecurity--related applicationsrelated applications
Military/homeland security Military/homeland security monitoring friendly forces equipment and ammunition (via monitoring friendly forces equipment and ammunition (via attached sensors)attached sensors)
battlefield surveillance (monitoring critical terrain, battlefield surveillance (monitoring critical terrain, routes, bridges and straits for enemy activity)routes, bridges and straits for enemy activity)
battle damage assessment (field reports from attached battle damage assessment (field reports from attached sensors give reports in realsensors give reports in real--time)time)
early detection of biological, chemical, or nuclear attack early detection of biological, chemical, or nuclear attack detection detection
containment of terrorist attacks: sensors deployed across containment of terrorist attacks: sensors deployed across metropolitan areas to guide public and first respondersmetropolitan areas to guide public and first responders
HICSS-38, Big Island, January 3, 2005 3131
Securing US portsSecuring US ports
Only 2% Only 2% of the containers entering our ports are checked!
HICSS-38, Big Island, January 3, 2005 3232
Securing container transitSecuring container transit
HICSS-38, Big Island, January 3, 2005 3333
…… and handlingand handling
HICSS-38, Big Island, January 3, 2005 3434
What futurists predictWhat futurists predict……
Exponential improvements in size, power, computation, Exponential improvements in size, power, computation, communication, etc. will continue to expand the communication, etc. will continue to expand the definition and application domains of WSN definition and application domains of WSN
The ever increasing capabilities of pervasive and ubiquitous sensor networks will improve the intelligence, autonomy, and adaptability of electrical and mechanical systems such that they will soon converge with and surpass the capabilities of humans
HICSS-38, Big Island, January 3, 2005 3535
The future: smart environments The future: smart environments
Primitive elements, massively embedded in the physical Primitive elements, massively embedded in the physical world, that canworld, that can sense, compute, actuate and network sense, compute, actuate and network togethertogether
These primitives selfThese primitives self--organize to create a smart organize to create a smart environment that encapsulates the real physical world environment that encapsulates the real physical world
Endowing the physical world with these primitives is Endowing the physical world with these primitives is prerequisite to constructing smart environmentsprerequisite to constructing smart environments
Smart environment exported to the users!Smart environment exported to the users!
HICSS-38, Big Island, January 3, 2005 3636
BioBio--mimetic modelsmimetic models……
How do we get from the basic implementations of SmartDust to the future of intelligent, autonomous sensor networks?
Possible solution: We can learn much about the progression from simple to complex by mimicking the evolution of Life
HICSS-38, Big Island, January 3, 2005 3737
Acquiring location awareness in WSNAcquiring location awareness in WSN
HICSS-38, Big Island, January 3, 2005 3838
Why localization? Why localization?
Security Office
Sensors
Intrusion monitoring system
Reporting node
Security Personnel
HICSS-38, Big Island, January 3, 2005 3939
Localization Localization –– approachesapproaches
Vary with assumptions and requirementsVary with assumptions and requirementsenvironment of deployment (indoor vs. outdoor)environment of deployment (indoor vs. outdoor)
network makeup (homogeneous vs. heterogeneous)network makeup (homogeneous vs. heterogeneous)
hardware availablehardware available
anchor/beacon densityanchor/beacon density
signal propagation models signal propagation models
timing and energy requirementstiming and energy requirements
time synchronization time synchronization
error requirements, and error requirements, and
device mobilitydevice mobility
HICSS-38, Big Island, January 3, 2005 4040
Localization Localization –– a taxonomya taxonomy
CoarseCoarse--grain localization (training)grain localization (training)
FineFine--grain localizationgrain localization
Triangulation Triangulation LaterationLateration: use multiple distance measurements between : use multiple distance measurements between known pointsknown points
AngulationAngulation: measures angle or bearing relative to points : measures angle or bearing relative to points with known separationwith known separation
ProximityProximity: measures nearness to a known set of : measures nearness to a known set of pointspoints
Scene analysis:Scene analysis: examine a view from a certain examine a view from a certain vantage pointvantage point
HICSS-38, Big Island, January 3, 2005 4141
Localization Localization –– a taxonomy (conta taxonomy (cont’’d)d)
Approaches based on extensive specialized hardware:Approaches based on extensive specialized hardware:OutdoorsOutdoors
GPSGPS
IndoorsIndoorsActive Badge (cellular proximity, infrared badges, central Active Badge (cellular proximity, infrared badges, central server)server)Active BAT (ultrasoundActive BAT (ultrasound--based; more accurate location based; more accurate location identification)identification)Cricket (ultrasound emitters and object receivers, objects Cricket (ultrasound emitters and object receivers, objects selfself--localize)localize)RADAR (IEEE802.11 based, uses signal strength and S/N RADAR (IEEE802.11 based, uses signal strength and S/N ratio to deduce 2D position of wireless devices indoors)ratio to deduce 2D position of wireless devices indoors)
HICSS-38, Big Island, January 3, 2005 4242
Refresher: how triangulation worksRefresher: how triangulation works
Anchor 1 Anchor 2
d1 d2
Arbitrary Node
HICSS-38, Big Island, January 3, 2005 4343
How triangulation works (contHow triangulation works (cont’’d)d)
Anchor 1 Anchor 2
A
B
d1 d2
HICSS-38, Big Island, January 3, 2005 4444
How triangulation works (contHow triangulation works (cont’’d)d)
Anchor 1 Anchor 2
A
B
D
d1
d2
Anchor 3
HICSS-38, Big Island, January 3, 2005 4545
How triangulation works (contHow triangulation works (cont’’d)d)
Anchor 1 Anchor 2
A
B
D2D1
d1
d2
Anchor 3
HICSS-38, Big Island, January 3, 2005 4646
A simple localization protocol
HICSS-38, Big Island, January 3, 2005 4747
Conquering scaleConquering scale
HICSS-38, Big Island, January 3, 2005 4848
How do we conquer scale?How do we conquer scale?
Golden Rule: Divide and Conquer!Golden Rule: Divide and Conquer!
Graft a virtual infrastructure on top of physical Graft a virtual infrastructure on top of physical networknetwork
How is this done?How is this done?specialspecial--purpose: protocol drivenpurpose: protocol driven
general purpose: designed without regard to protocolgeneral purpose: designed without regard to protocol
GeneralGeneral--purpose infrastructure should be leveraged purpose infrastructure should be leveraged by by manymany protocols!protocols!
HICSS-38, Big Island, January 3, 2005 4949
Localized protocolsLocalized protocols
WSN topology changes frequentlyWSN topology changes frequently
SelfSelf--organization must be adaptive to local changesorganization must be adaptive to local changes
Global protocols require global information for Global protocols require global information for making local decisions: making local decisions: global protocols do not scale!global protocols do not scale!
Localized protocols require Localized protocols require only localonly local information for information for sensor decisionssensor decisions
Maintenance must also remain localMaintenance must also remain local
HICSS-38, Big Island, January 3, 2005 5050
Simple hierarchical view of WSNSimple hierarchical view of WSN
The entire WSN is divided The entire WSN is divided into a number of clustersinto a number of clusters
Sensors talk only to their Sensors talk only to their cluster head (CH)cluster head (CH)
CHs at increasing levels in the CHs at increasing levels in the hierarchy need to transmit hierarchy need to transmit data over relatively longer data over relatively longer distancesdistances
To distribute energy To distribute energy consumption evenly, all the consumption evenly, all the nodes take turns in becoming nodes take turns in becoming the CH for a time interval the CH for a time interval called the cluster periodcalled the cluster period
HICSS-38, Big Island, January 3, 2005 5151
ClusteringClustering
Used in most existing WSNUsed in most existing WSNClustering by self-organization: many protocols availableLocal changes may trigger global updates
HICSS-38, Big Island, January 3, 2005 5252
Components of the virtual infrastructureComponents of the virtual infrastructure
Dynamic coordinate systemDynamic coordinate systemlocationlocation--based identifiersbased identifiers
coarsecoarse--grain location awarenessgrain location awareness
Clustering schemeClustering schemecheap scalabilitycheap scalability
MiddlewareMiddlewarework modelwork model
hierarchical specification of work and hierarchical specification of work and QoSQoS
tasktask--based management modelbased management modellowlow--level implementation of work modellevel implementation of work model
HICSS-38, Big Island, January 3, 2005 5353
The dynamic coordinate systemThe dynamic coordinate system
CentrallyCentrally--places places training training agent (TA)agent (TA)
Components:Components:
coronascoronas
wedgeswedges
Individual sensors acquireIndividual sensors acquire
corona numbercorona number
wedge numberwedge number
Coordinate system is Coordinate system is dynamic and does not dynamic and does not require sensor IDsrequire sensor IDs
My coordinates My coordinates are (4,2)are (4,2)
HICSS-38, Big Island, January 3, 2005 5454
Training optionsTraining options
CoarseCoarse--grain location grain location awareness essentialawareness essential
Training with GPS?Training with GPS?
CoCo--located TA?located TA?
Several TAs?Several TAs?
External TA? (e.g. External TA? (e.g. helicopter)helicopter)
HICSS-38, Big Island, January 3, 2005 5555
The cluster structureThe cluster structure
Cluster: locus of all sensors having the same Cluster: locus of all sensors having the same coordinatescoordinates
Clustering falls out for free once coordinate system Clustering falls out for free once coordinate system availableavailable
Accommodates sensors with no IDsAccommodates sensors with no IDs
Clusters can be further subdivided Clusters can be further subdivided –– color graphscolor graphs
HICSS-38, Big Island, January 3, 2005 5656
What are color graphs?What are color graphs?
Simple way to enrich Simple way to enrich hierarchyhierarchy
Clusters are furtherClusters are further
subdivided into subdivided into pp color color
sets sets
What result are What result are pp(global) color graphs(global) color graphs
HICSS-38, Big Island, January 3, 2005 5757
WhatWhat’’s so nice about color graphs?s so nice about color graphs?
Very robust: each color graph is connected with high probabilityThus, can serve for routing!They are (rich) cousins of circular arc graphs: vast body of knowledge to tap into for protocol design!Graceful degradation as energy budget depleted
HICSS-38, Big Island, January 3, 2005 5858
Middleware for WSN?Middleware for WSN?
Appropriate middleware must provide standardized Appropriate middleware must provide standardized and portable system abstractionsand portable system abstractions
Standardize interface to WSNStandardize interface to WSN
Requirements for middleware for WSNRequirements for middleware for WSNnegotiate negotiate QoSQoS parameters on behalf on WSNparameters on behalf on WSN
support and coordinate concurrent applicationssupport and coordinate concurrent applications
translate hightranslate high--level complex goals into lowlevel complex goals into low--level taskslevel tasks
coordination among sensorscoordination among sensors
handle heterogeneity of sensorshandle heterogeneity of sensors
HICSS-38, Big Island, January 3, 2005 5959
The work modelThe work model
Application levelApplication levelInterestInterest
TaskTask Network/cluster levelNetwork/cluster level
CapabilityCapabilitySensor levelSensor level
Primitive operationsPrimitive operations
HICSS-38, Big Island, January 3, 2005 6060
The work modelThe work model
Application layer
--
Event
Interest Interest Result set, status
(error conditions, etc.)
Clusterr level
Communication
Capability(P-tasks+QoS)
Negotiated QoS
Sink
Sensor Network Layer
Middleware
sensor 1 sensor 2 sensor n
Micro-taskResults, status
CPL CPL CPL
HICSS-38, Big Island, January 3, 2005 6161
A taskA task--based management schemebased management scheme
HICSS-38, Big Island, January 3, 2005 6262
Developing a taskDeveloping a task--based management schemebased management scheme
The problem is to develop, based on the work model, a task-based management scheme that supports:
Automated mapping of application level units of work to network level units of work subject to the negotiated QoSconstraintsFor a given network level unit of work, a scalable recruitment scheme for dynamically assigning sensors to the workforce performing this unit of work, subject to energy constraintsSupporting secure group communications among sensors
HICSS-38, Big Island, January 3, 2005 6363
TaskTask--based managementbased management
A task is a A task is a tupletuple T(A,c,S,D,T(A,c,S,D,ππ,q) where:,q) where:
A A –– action to be performedaction to be performed
c c –– color set to be usedcolor set to be used
S S –– source clustersource cluster
D D –– destination clusterdestination cluster
ππ –– routing path from S to Drouting path from S to D
q q –– desired desired QoSQoS levellevel
HICSS-38, Big Island, January 3, 2005 6464
Complexity of collaboration in WSN
Sensor limitations make collaboration imperiousFundamental problems for effective collaboration
anonymityscale
For example, consensus building protocols such as contention resolution, leader election, synchronization, invariably assume unique identifiersTherefore, classical collaboration schemes are not adequate for WSNs with anonymous nodes
HICSS-38, Big Island, January 3, 2005 6565
In-network storage(WSN as databases)
HICSS-38, Big Island, January 3, 2005 6666
Interacting with WSN
Querying: standard way of interacting with WSNMiddleware pushes queries into WSNQuery types:
one-shot: run once on the current data set; provides snapshot view of data/networkpersistent: issued once and then logically run recurrently on the database; useful for analysis of data collected over time (especially for in-network storage)
Responding to a query:push/pull –– application-specificdata aggregation capability desirable
HICSS-38, Big Island, January 3, 2005 6767
Sensor databasesSensor databases
One-shot Persistent
WSN
Sink
WSN
Sink
Persistent query
Push-based:whenever change in data occurs, results are pushed to user
Pull-based:pulls results based on current data
One-shot query
In-network storage and processing reduces energy expenditure and promotes WSN longevityTrades off communication with local computation Makes sense: communication more expensive than
computation
HICSS-38, Big Island, January 3, 2005 6868
Persistent queries (PQ)Persistent queries (PQ)
PQ=(Q, PQ=(Q, triggertrigger, , terminationtermination))
Execution of PQExecution of PQexecuted when the query is issuedexecuted when the query is issued
subsequently executed when subsequently executed when triggertrigger condition holdscondition holdstimertimer--basedbasedeventevent--basedbased
stops execution when stops execution when terminationtermination condition satisfiedcondition satisfied
HICSS-38, Big Island, January 3, 2005 6969
Trigger conditionsTrigger conditions
TimerTimer--basedbasedimmediateimmediate
at a specific timeat a specific time
at regular time intervalsat regular time intervals
EventEvent--basedbaseda simple conditiona simple condition
an aggregate condition (based on the combined value of data an aggregate condition (based on the combined value of data in a locale)in a locale)
a relationship between previous and current data valuesa relationship between previous and current data values
HICSS-38, Big Island, January 3, 2005 7070
Challenges in PQChallenges in PQ
Example: Intrusion detection/target tracking
Internet+
-S
+
-S +
-SS +
-S +
-S
+
-STarget
WSNS
S
AdaptivityAdaptivity to dynamically changing environmentsto dynamically changing environmentsScalabilityScalabilityGraceful degradation under extreme conditionsGraceful degradation under extreme conditions
fluctuations such as increased workloads, fluctuations such as increased workloads, burstybursty datadatahow can the system keep up? how can the system keep up? maybe drop some data or work with filtered datamaybe drop some data or work with filtered data
HICSS-38, Big Island, January 3, 2005 7171
Information assurance inInformation assurance inWSNWSN
HICSS-38, Big Island, January 3, 2005 7272
What is information assurance?
Information operations that protect and defend information and information systems ensuring their availability, integrity, authentication, confidentiality, and non repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities
HICSS-38, Big Island, January 3, 2005 7373
Key componentsKey components
Network survivability:Network survivability: ability of the WSN to function ability of the WSN to function in the wake of failures by minimizing their impactin the wake of failures by minimizing their impact
Information availability (information survivability):Information availability (information survivability):need for a user to have uninterrupted and secure need for a user to have uninterrupted and secure access to information on the WSN access to information on the WSN
Network security:Network security: attempts to provide basic security attempts to provide basic security services services
Information security:Information security: an ongoing process that utilizes an ongoing process that utilizes software and hardware to help secure information software and hardware to help secure information flow flow
HICSS-38, Big Island, January 3, 2005 7474
ThusThus……
Information assurance is more inclusive than Information assurance is more inclusive than information securityinformation security
Assurance involves not only Assurance involves not only protectionprotection and and detection but also detection but also reaction reaction (mainly survivability and (mainly survivability and dependability of the system that has been subject dependability of the system that has been subject to successful attack)to successful attack)
It also includes proactive (offensive) information It also includes proactive (offensive) information operations, termed operations, termed information warfareinformation warfare, against , against attackersattackers
HICSS-38, Big Island, January 3, 2005 7575
Extending WSN longevity
Sink
Path of the query
Path of the reply
Enforce (quasi-) optimal number of sensors per taskPower control to maintain network connectivity in spite of sensor failure/energy depletionTopology control to enhance effective functional lifetime of WSN
HICSS-38, Big Island, January 3, 2005 7676
Problems with sleeping
Basic schemeBasic schemesleep sleep –– wakeup cycleswakeup cyclesat wakeup: check for at wakeup: check for ““calls for participationcalls for participation””if eligible to participate stay awakeif eligible to participate stay awake
Sleeping affects Sleeping affects density of deploymentdensity of deploymentreadiness of the WSNreadiness of the WSNresponse timeresponse time
Adjusting sleep time dynamically promotesAdjusting sleep time dynamically promotessystem longevitysystem longevityconnectednessconnectedness
HICSS-38, Big Island, January 3, 2005 7777
WSN health monitoringWSN health monitoring
Query resource availabilityQuery resource availabilityEnergy map: spatial and temporal energy gradient of Energy map: spatial and temporal energy gradient of the WSNthe WSNUsage pattern: identifyUsage pattern: identify
periods of activity for sensorsperiods of activity for sensorshot spotshot spots
Selectively place additional sensors at hot spots to Selectively place additional sensors at hot spots to improve performance (not always an option)improve performance (not always an option)SelfSelf--healing a must!healing a must!Who should be responsible?Who should be responsible?
HICSS-38, Big Island, January 3, 2005 7878
Information security inInformation security inWSNWSN
HICSS-38, Big Island, January 3, 2005 7979
What happens in the wired world?
In wired communications signal confined in copper or optical fiberPrecautions taken to avoid unauthorized access
devices are physically protectedcabling is protected from eavesdroppingfirewalls are installed
Attacks of interruption and interception of data unlikely (but possible)The main thrust is securing the access point rather than theapplication!
HICSS-38, Big Island, January 3, 2005 8080
What happens in the wireless?
It is not possible to avoid unauthorized devices to reach the network areaAny device within reach of radio-frequency signals can get access to data being transmittedThus, attacks of interruption and interception of data are likelyWhat can be done: spread spectrum increases the difficulty for
signal interruptioneavesdropping
It is important to understand that wireless communications affect only the physical, data link and network layers of the OSI stackIn particular, all methods of cryptography developed at transport layer and above remain valid: can we afford them??
HICSS-38, Big Island, January 3, 2005 8181
A taxonomy of security-related problems
Operational security concernsOperational security concerns
Application levelApplication levelthe main focus is on techniques that guarantee a desired the main focus is on techniques that guarantee a desired applicationapplication--level functionalitylevel functionality
Network levelNetwork levelthe main concern revolves around techniques that ensure the main concern revolves around techniques that ensure secure communications in WSNsecure communications in WSN
HICSS-38, Big Island, January 3, 2005 8282
A taxonomy of security-related problems
Infrastructure security concernsInfrastructure security concernsGoal: protect the infrastructure throughout the network lifetimeProblem: develop a scheme to secure infrastructure against an external adversary such that:
the scheme will work uniformly during training (construction of the infrastructure), and network operation phases the scheme will work assuming threats to confidentiality, integrity, availability, as well as threats to the physical layer (jamming)
HICSS-38, Big Island, January 3, 2005 8383
Major insecurities in WSN
Problems arising from lack of individual IDsauthentication is hardnon-repudiation is hard to enforcenode impersonation is easy
Problems arising from sleep-awake cycles and system longevity
trust relationships hard to establish
Eavesdropping: may give an adversary access to secret information violating confidentialitySensors run the risk of being compromised
by infiltrationby tampering
HICSS-38, Big Island, January 3, 2005 8484
Security goals
Availability: ensures the survivability of network services despite denial-of-service (DoS) attacksConfidentiality: ensures that information is not disclosed to unauthorized entitiesIntegrity: guarantees that a message being transferred is never corruptedAuthentication: enables a node to ensure the identity of the peer node with which it communicatesNon-repudiation: ensures that the origin of a message cannot deny having sent the messageAnonymity: hide sources, destinations and routes
HICSS-38, Big Island, January 3, 2005 8585
A succinct list of attacks
Eavesdropping: an attacker that monitors traffic can read the data transmitted and gather information by examining the source of a packet, its destination, size, number, and time of transmissionTraffic analysis: allows an attacker to determine that there is activity in the network, the location of base stations, and the type of protocol being used in the transmissionMan-in-the-middle: attack establishes a rogue intermediary pretending to be a valid sensor Tampering: involves compromising data stored inside sensor usually by node capturingDoS attacks: can be grouped into three categories
disabling of service (e.g., sinkhole, HELLO flood attack),exhaustion, and service degradation (e.g., selective forwarding attack)
Can we guard against them?
HICSS-38, Big Island, January 3, 2005 8686
Philosophy of our solutionPhilosophy of our solution
““An ounce of prevention An ounce of prevention is worth is worth
a pound of curea pound of cure””
HICSS-38, Big Island, January 3, 2005 8787
What do we do?
Physical-layer encoding: virtually stamps out infiltration by the adversary Also, leverage the virtual infrastructure!Problems discussed
tamper resistanceauthenticationtraffic anonymity
HICSS-38, Big Island, January 3, 2005 8888
Genetic materialGenetic material
Prior to deployment sensors are injected with the Prior to deployment sensors are injected with the following following genetic material:genetic material:
a publica public--domain pseudodomain pseudo--random number generatorrandom number generator
an initial time an initial time ---- at this point all the sensors are at this point all the sensors are synchronous to the sinksynchronous to the sink
Each sensor can generate pointers into:Each sensor can generate pointers into:a random sequence a random sequence tt11, t, t22, , ……, , ttii, , ……, , of time epochsof time epochs
a random sequence a random sequence nn11, n, n22, , ……, , nnii, , ……, , of frequency channelsof frequency channels
for every for every nnii a random hopping sequence a random hopping sequence ffi1i1, f, fi2i2, , ……, , ffipip, , ……,,
HICSS-38, Big Island, January 3, 2005 8989
Illustrating time epochs, etcIllustrating time epochs, etc
HICSS-38, Big Island, January 3, 2005 9090
Synchronization Synchronization –– generalitiesgeneralities
Synchronization does not scale!Synchronization does not scale!Thus, synchronization must beThus, synchronization must be
shortshort--livedlivedtasktask--basedbased
Just prior to deployment, the sensors are Just prior to deployment, the sensors are synchronized synchronized Due to clock drift reDue to clock drift re--synchronization is necessarysynchronization is necessarySensors synchronize by following the master clock Sensors synchronize by following the master clock running at the sinkrunning at the sinkIdea: determine the epoch and the position of the Idea: determine the epoch and the position of the sink in the hopping sequence corresponding to the sink in the hopping sequence corresponding to the epoch epoch
HICSS-38, Big Island, January 3, 2005 9191
Synchronization Synchronization –– the detailsthe details
The sink dwells The sink dwells ττ micromicro--seconds on each seconds on each frequency in hopping sequencefrequency in hopping sequenceAssume that when a sensor wakes up during its Assume that when a sensor wakes up during its locallocal time epoch time epoch ttii the master clock is in one of the master clock is in one of the time epochs the time epochs ttii--11, , ttii,, or or tti+1i+1
Each sensor knows the Each sensor knows the lastlast frequencies frequencies λλii--11, , λλii,,and and λλi+1i+1 on which the sink will dwell in the time on which the sink will dwell in the time epochs epochs ttii--11, , ttii,, and and tti+1i+1
The strategy:The strategy: tune in, cyclically, to tune in, cyclically, to λλii--11, , λλii,, and and λλi+1i+1spending time spending time ττ/3/3 units on each of themunits on each of them
HICSS-38, Big Island, January 3, 2005 9292
Synchronization – the details (cont’d)
Assume the sensor meets the sink on frequency Assume the sensor meets the sink on frequency λλii in in some unknown slot some unknown slot ss of of ttii--11, , ttii,, or or tti+1i+1
To verify the synchronization, the sensor attempts To verify the synchronization, the sensor attempts to meet the sink in slots to meet the sink in slots s+1, s+2s+1, s+2 and and s+3s+3 according according to its own frequency hopping for epoch to its own frequency hopping for epoch tti+1i+1
If a match is found, the sensor declares itself If a match is found, the sensor declares itself synchronizedsynchronizedOtherwise, it will return to scanning frequenciesOtherwise, it will return to scanning frequencies
HICSS-38, Big Island, January 3, 2005 9393
Making sensors tamper-resistant
Philosophy: no additional hardware!Tampering threat model for sensors
forcing open in-situremoval from the deployment area
Play it safe: if in doubt blank out memory
HICSS-38, Big Island, January 3, 2005 9494
Using neighborhood signatures
Immediately after deployment each sensor transmits on a specified sets of frequencies, using a special frequency hopping sequenceEach sensor collects an array of signal strengths from the sensors in its localeNSA – the Neighborhood Signature ArrayRemoval from deployment area changes in the NSA!
HICSS-38, Big Island, January 3, 2005 9595
NSANSA--based authenticationbased authentication
Idea: neighbors exchange NSA information, Idea: neighbors exchange NSA information, creating a matrix of signatures creating a matrix of signatures A sensor that wishes to communicate with a A sensor that wishes to communicate with a neighbor identifies itself with its own NSAneighbor identifies itself with its own NSAUpon receiving the NSA the sensor checks its Upon receiving the NSA the sensor checks its validityvalidityAdditional twist: store several instances of the Additional twist: store several instances of the matrix of matrix of NSAsNSAsAuthentication dialogue: Authentication dialogue: ““what is your second to the what is your second to the last NSA?last NSA?””
HICSS-38, Big Island, January 3, 2005 9696
Handling DoS attacks
Our physicalOur physical--layer encoding layer encoding
+ Tamper resistance + Tamper resistance
+ Infrastructure anonymity+ Infrastructure anonymity
Make Make DoSDoS attacks nextattacks next--toto--impossible!impossible!
HICSS-38, Big Island, January 3, 2005 9797
What is anonymity?
Think of eThink of e--voting: the voting: the sourcesource of a message must be of a message must be protectedprotected
Denial of service: the Denial of service: the destinationdestination must be anonymousmust be anonymous
Mutual anonymity: both Mutual anonymity: both sourcesource and and destinationdestination of a of a communication remain anonymous to each othercommunication remain anonymous to each other
TrafficTraffic anonymity is extremely important!anonymity is extremely important!
StructuralStructural anonymityanonymity
HICSS-38, Big Island, January 3, 2005 9898
Anonymity in WSN
Goal: prevent Goal: prevent DoSDoS attacksattacksdata sinksdata sinkstraffic patternstraffic patternscommunication pathscommunication pathsvirtual infrastructurevirtual infrastructure
Threat modelThreat modelinternal adversary internal adversary –– observes local traffic observes local traffic external adversaryexternal adversary –– observes the entire networkobserves the entire networknetwork has not been infiltratednetwork has not been infiltrated
Strategy: hide source, destination and routing pathsStrategy: hide source, destination and routing pathsTactics: add noise to trafficTactics: add noise to trafficHowever, adding noise (spurious traffic) is expensiveHowever, adding noise (spurious traffic) is expensive
HICSS-38, Big Island, January 3, 2005 9999
An exampleAn example
HICSS-38, Big Island, January 3, 2005 100100
Our solution
Randomize destinations Randomize destinations timetime--dependent destinationsdependent destinations
tasktask--dependent destinationsdependent destinations
Randomize trafficRandomize trafficstipulating paths in transactionstipulating paths in transaction
computing timecomputing time--dependent pathsdependent paths
HICSS-38, Big Island, January 3, 2005 101101
Traffic anonymity: centralized solutionTraffic anonymity: centralized solution
HICSS-38, Big Island, January 3, 2005 102102
Traffic anonymity: distributed solutionTraffic anonymity: distributed solution
Idea: time-dependent routing!Time is rules into epochs t1, t2, … ti …Generic epoch ti has own routing scheme
HICSS-38, Big Island, January 3, 2005 103103
Secure group communications in WSNSecure group communications in WSN
WSN environments are inherently collaborativeGroups of sensors need to communicate securely, e.g.
nodes participating in a transactionnodes collocated in a cluster
Conventional public key cryptography is infeasible (why?)Group key management and distribution is one way to support secure group communicationsGroup key management challenges in WSN include sensor anonymity, massive large scale, resource limitations, etc.
HICSS-38, Big Island, January 3, 2005 104104
A key distribution scheme for secure communications
This scheme supports group key initialization and subsequent group key management in the trained WSNThe scheme draws on Exclusion Basis Systems (EBS), a combinatorial formulation of the key distribution problemThe scheme leverages the infrastructure in two ways:
it leverages the training protocol for the purpose of group key initialization, and it leverages the coordinate system during network operation for mapping a particular node, using its location as hash key, to the set of EBS keys the node currently holds
HICSS-38, Big Island, January 3, 2005 105105
Major highlights of EBS
In EBS systems, each group member is assigned a In EBS systems, each group member is assigned a unique subset of keys from a key pool unique subset of keys from a key pool
Specifically, an EBS is defined as a collection Specifically, an EBS is defined as a collection ΓΓ of of subsets of the set of memberssubsets of the set of members
Each subset corresponds to a key and the elements Each subset corresponds to a key and the elements of a subset are the sensors that have that key of a subset are the sensors that have that key
An EBS is characterized by the triple E(An EBS is characterized by the triple E(n,k,m), where), wheren is number of members numbered 1 to nis number of members numbered 1 to nk is size of the subset of keys each member holds, and is size of the subset of keys each member holds, and m is the number of reis the number of re--key messages needed to evict any key messages needed to evict any
member (and remember (and re--key the systemkey the system))
HICSS-38, Big Island, January 3, 2005 106106
Major highlights of EBS (contMajor highlights of EBS (cont’’d)d)
To construct EBS(n,k,m) for feasible n,k, and m, we employ a canonical enumeration of all possible ways of forming k-subsets of objects from a set of k+m objects
Canonical matrix for EBS(10,3,2)Canonical matrix for EBS(10,3,2)Rows correspond to keys in the key pool (not shaded), and session key (shaded) Columns correspond to members
M0 M1 M2 M3 M4 M5 M6 M7 M8 M9 K1 1 1 1 1 1 1 0 0 0 0 K2 1 1 1 0 0 0 1 1 1 0 K3 1 0 0 1 1 0 1 1 0 1 K4 0 1 0 1 0 1 1 0 1 1 K5 0 0 1 0 1 1 0 1 1 1 T 1 0 0 0 0 1 0 0 1 0 S 1 1 0 0 0 1 1 0 0 0 U 1 1 1 1 1 1 1 1 0 0
HICSS-38, Big Island, January 3, 2005 107107
EBS at work: key initialization
Let the EBS system in use be EBS(Let the EBS system in use be EBS(n,k,mn,k,m))At preAt pre--deployment each node is loaded with deployment each node is loaded with k, mk, m and the set and the set {{kk11,k,k22, , ……,,kkk+mk+m} that represent the EBS key pool, in addition to } that represent the EBS key pool, in addition to the state loaded for training purposesthe state loaded for training purposesEach node Each node xx computes independently the set of keys assigned to computes independently the set of keys assigned to it as follows:it as follows:
do the training protocol (node side)do the training protocol (node side)
hash key = Calculate the unique cluster Id(C(x),W(x))hash key = Calculate the unique cluster Id(C(x),W(x))
Corona(x), Wedge(x)Corona(x), Wedge(x)
myKmyK--subset = Hash(Canonical matrix of EBS(n,k,m) hash key) subset = Hash(Canonical matrix of EBS(n,k,m) hash key)
stopstop
startstart
Calculate subCalculate sub--cluster Idcluster Idand use that as hash keyand use that as hash key
HICSS-38, Big Island, January 3, 2005 108108
Key initialization Key initialization –– an examplean example
Assume EBS(32,3,4), and a coordinate system with Assume EBS(32,3,4), and a coordinate system with 2 coronas and 8 wedges2 coronas and 8 wedges
Also, assume that the population in each cluster is Also, assume that the population in each cluster is to be divided to 2 subto be divided to 2 sub--clustersclusters
the details of the subthe details of the sub--clustering scheme are clustering scheme are omitted here: each node places itself in a subomitted here: each node places itself in a sub--cluster in its own clustercluster in its own cluster
Suppose Corona(x)= 1 and Wedge(x)=4Suppose Corona(x)= 1 and Wedge(x)=4
Node Node xx computes the set of keys assigned to itcomputes the set of keys assigned to it
HICSS-38, Big Island, January 3, 2005 109109
Key initialization – an example (cont’d)
(0,0)(0,0)(0,1)(0,1)(0,2)(0,2)
(0,3)(0,3)(0,7)(0,7)
(0,6)(0,6)(0,5)(0,5)(0,4)(0,4)
(1,0)(1,0)
(1,1)(1,1)(1,2)(1,2)
(1,3)(1,3)
(1,4)(1,4)
(1,5)(1,5) (1,6)(1,6)
(1,7)(1,7)
(0,0)(0,0)(0,1)(0,1)(0,2)(0,2)
(0,3)(0,3)(0,7)(0,7)
(0,6)(0,6)(0,5)(0,5)(0,4)(0,4)
(1,0)(1,0)
(1,1)(1,1)(1,2)(1,2)
(1,3)(1,3)
(1,4)(1,4)
(1,5)(1,5) (1,6)(1,6)
(1,7)(1,7)
The coordinate systemThe coordinate system
1. 1. Choose at random a sub cluster (say 0)Choose at random a sub cluster (say 0)2. Compute the globally unique sub2. Compute the globally unique sub--cluster cluster
ID (24)ID (24)3. Derive the hash key (24+1)3. Derive the hash key (24+1)4. Hash in to Canonical(32,3,4)4. Hash in to Canonical(32,3,4)5. The bit string 0100011 corresponding to 5. The bit string 0100011 corresponding to
keys Kkeys K22,k,k66,k,k7 7 is returned is returned [0,1][0,1]
[2,3][2,3][4,5][4,5][6,7][6,7]
[14,15][14,15]
[12,13][12,13][10,11][10,11][8,9][8,9]
[16,17][16,17]
[18,19][18,19][20,21][20,21]
[22,23][22,23]
[24,25][24,25]
[26,27][26,27] [28,29][28,29]
[30,31][30,31]
[0,1][0,1][2,3][2,3][4,5][4,5]
[6,7][6,7][14,15][14,15]
[12,13][12,13][10,11][10,11][8,9][8,9]
[16,17][16,17]
[18,19][18,19][20,21][20,21]
[22,23][22,23]
[24,25][24,25]
[26,27][26,27] [28,29][28,29]
[30,31][30,31]
A map of all subA map of all sub--clustersclusters
HICSS-38, Big Island, January 3, 2005 110110
To sum upTo sum up
Wireless sensor networks Wireless sensor networks –– the next paradigm shiftthe next paradigm shift
Sensors: Sensors: ““smart dustsmart dust”” –– like entitieslike entities
Virtual infrastructure Virtual infrastructure –– generalgeneral--purposepurpose
Can be leveraged for all sorts of applicationsCan be leveraged for all sorts of applications
Research in its infancyResearch in its infancy
Stay tuned for moreStay tuned for more……