Robustness

1
Robustness
Prabal Dutta In collaboration with Jonathan
Hui, David Chu, Joe Polastre, David Culler,
Anish Arora, Mike Grimmer and Bob Cuenin
2
Robustness Is it an application, a service,

• full of health and strength

suited to endurance
rough or crude boisterous
full-bodied
or a way of thinking?
3
Robustness Its all of these things and more

• ro?bust (ro-bust)
• adj.
• is said of a system that has demonstrated an
  ability to recover gracefully from the whole
  range of exceptional inputs and situations in a
  given environment
• one step below bulletproof
• carrying the additional connotation of elegance
  in addition to just careful attention to detail
• compare with smart opposite is brittle
• Have we been building smart dust or brittle dust?

4
Motivation

• Designing sensor networks for military apps
• Harsh environments
• Little or no ongoing physical access
• Large scale
• Some common wisdom
• Every touch breaks
• Human-in-the-loop operations are not scalable
• Calibration
• Manual reprogramming
• The real world is a hostile place
• Weather
• Terrain
• Animals
• Of course, there is much more
• Self-Stabilization (important literature)
• Six-Sigma Approach to Robust Design

5
Motivation DARPA NEST Extreme Scale Project

• Multi-University effort led by Ohio State
• Goal Detection, Classification, and Tracking of
  Civilians, Soldiers, and Vehicles
• Size 10,000 nodes (objective) 1500 (deployed)

6
Physical Robustness

• Considerations
• Weather-proofing
• Water (battery shorts)
• Solar (over-heated electronics)
• Wind (false detections)
• Shock (batteries)
• Reducing Human-in-the-loop
• One-touch
• One-glance
• One-listen
• Modular
• Antennas
• Batteries
• Stackable
• Self-Correcting
• Tamper Proof (FIPS-140)

7
Physical Robustness eXtreme Scale Mote (XSM)
8
Deluge (Jonathan Hui)

• Reliably disseminate large objects (i.e. size gtgt
  RAM) over a multi-hop sensor network from few to
  many nodes.
• Epidemic propagation
• Continuous propagation effort by advertising
• Reaches nodes with intermittent connectivity
  (c.f. GDI)
• Will always find a path if it exists Very
  ROBUST
• Isolated bootloader
• Trusted code guaranteed to execute on reset
• Golden Image
• Trusted TinyOS app write-protected in external
  flash
• Rollback gesture
• Reset node to Golden Image by resetting the node
  several times
• Data Integrity
• PC-generated CRCs on program images and
  data-structures

9
Robust Wireless Multi-hop Network Reprogramming

• Wireless multi-hop programming is extremely
  useful
• But what happens if the program image is bad?
• Manually reprogramming 10,000 nodes is
  impossible!
• Current approaches provide robust dissemination
  but no mechanism for recovering from Byzantine
  programs

10
Recoverability through the Grenade Timer

• No hardware protection
• Basic idea presented by Stajano and Anderson
• Once started
• You cant turn it off
• You can only speed it up
• Our implementation

11
ROSEBUDS

• Work with David Chu and Jonathan Hui
• ROSEBUDS
• Recovery-Oriented (Network is recoverable)
• Security-Enabled (Program Dissemination is
  Secure)
• Broadcast Using a Dissemination Service (Deluge)
• Security Goals
• Nodes only accepts signed objects
• Compromised node cannot be used to violate SG1
• Incremental authentication (no buffering needed)
• Delay-tolerant (no time synchronization)

12
ROSEBUDS

• Implementation
• Components Nodes, (Owners) Server, Factory
• Factory assigns node id (IEEE OUI serial )
• Node generates ECC keys, gives pub key to Server
• Factory signs id, ECC pub key at mfg time
• Node preloaded w/ id, cert, Server RSA pub key
• Server queries network for object version
• Creates new package with version 1
• Performs Object Transmission
• Security Overhead 14 more octets, larger
  packets
• Crypto Suite
• SHA-1 for hash (upper 64-bits) 13 ms/hash
• RSA-1024 for signatures 1.5 s/check
• ECCDH for node pair-wise key-exchange 1-2
  min/key exchange
• Status prototype implementation of security but
  not yet integrated with dissemination service

13
Future Work - Trio

• Build on
• XSM (sensors, signal cond)
• Telos (MCU, radio, flash)
• Remove
• AA alkaline batteries
• XSM Antenna
• Add
• Telos-XSM Interface board
• GPIO, ADC, I2C
• Prometheus (solar cell and recharging circuit)
• Lithium batteries
• Super capacitor
• Humidity sensor
• Acoustic wakeup
• Expose
• Pushbuttons, LEDs
• In Support of
• Permanent deployments
• Weather resistance

Solar Cell
Integrated Antenna (PIFA)
Push buttons
802.15.4 Radio
USB Port
Telos
Interface Board
XSM
Lithium Battery

• Trio comes from
• size ? 3x3x3
• 3 PCBs
• cube-shaped

Super Capacitor
14
Challenge - Robust Signal Processing

• Are traditional techniques appropriate?
• Signal variability
• Limited computational resources
• Non-optimal Space-Time-Message complexity
• Non-Gaussian noise (frequently)
• Frequency-domain analysis
• Wavelets
• Bayesian frameworks
• Particle filtering

The real world is its own best model. - Rodney
A. Brooks
15
Challenge - Robust Parameter Calibration

• Evolution of local techniques
• Hard-coded constants (.h files)
• Service-specific (routing)
• Config service (//!! )
• SNMS
• Challenge is robust, distributed, cross-layer
  calibration and tuning
• Example shower with two knobs

Service A
Service A
Service B
Service B
Service C
Service C
16
Conclusions

• Recall
• ro?bust (ro-bust)
• adj.
• is said of a system that has demonstrated an
  ability to recover gracefully from the whole
  range of exceptional inputs and situations in a
  given environment
• Robustness is a global attribute (weakest link
  problem)
• Robustness opportunities sensors, modules,
  packaging, signal processing, network algorithms,
  middleware services, design methodologies, and a
  way of thinking
• Robustness is about grace under duress

17
Discussion
18
Conclusions and Future Work

• Improve (or obviate) sensor wakeup circuits
• Lower false-alarm rate
• Low-power (zero-power?) wakeup
• Reduce sensing power (op amp ? FET ? ASIC)
• Decrease signal processing power consumption
• Consider space, time, message (and energy)
  complexity

19
Sensor Suite

• Passive infrared
• Long range (15m)
• Low power (10s of micro Watts)
• Wide FOV (360 degrees with 4 sensors)
• Gain 80dB
• Wakeup
• Microphone
• LPF fc 100Hz 10kHz
• HPF fc 20Hz 4.7kHz
• Gain 40dB 80dB (100-8300)
• Wakeup
• Magnetometer
• High power, long startup latency
• Gain 86dB (20,000)

20
The eXtreme Scale Mote

• Key Differences between XSM and MICA2
• Low-power Sensors
• Grenade Timer
• Radio Performance

21
Hardware Evolution
Telos Low-power CPU 802.15.4 Radio Easy to
use Sleep-Wakeup-Active
MICAz MICA2 - CC1000 802.15.4
Radio Sleep-Wakeup-Active
XSM2 XSM Improvements Bug Fixes
XSM MICA2 Improved RF Low-power sensing
Recoverability Passive Vigilance-Wakeup-Active
22
Genesis The Case for a New Platform

• Cost
• Eliminate expensive parts from BOM
• Eliminate unnecessary parts from BOM
• Optimize for large quantity manufacturing and use
• ? Network Scale by 100x (10,000 nodes)
• Reliability How to deal with 10K nodes with bad
  image
• ? Detection range by 6x (10m)
• New sensors to satisfy range/density/cost
  tradeoff
• ? Lifetime 8x (720hrs ? 1000hrs)
• Magnetometer Tstartup 40ms, Pss 18mW
• UWB Radar Tstartup 30s, Pss 45mW
• Optimistic lifetime 6000mWh / 63mW lt 100 hrs
• Must lower power
• Radio
• Fix anisotropic radiation and impedance mismatch

23
ExScal
24
Requirements (of the hardware platform)

• Functional
• Detection, Classification (and Tracking) of
• Civilians, Soldiers and Vehicles
• Reliability
• Recoverable Even from a Byzantine program image
• Performance
• Intrusion Rate 10 intrusions per day
• Lifetime 1000 hrs of continuous operation (gt 30
  days)
• Latency 10 30 seconds
• Coverage 10km2 (could not meet given
  constraints)
• Supportability
• Adaptive Dynamic reconfiguration of thresholds,
  etc.