20071114 usn 개요 i (rfid usn기초).ppt [호환...
TRANSCRIPT
USN 개요 - I[F d l f RFID/USN][Fundamentals of RFID/USN]
2007. 11. 14
김재현 / 아주대학교
WWireless IInformation aNNd NNetwork EEngineering RResearch Lab. Ajou University, Korea
Contents
USN 개념 및 소개USN 기본 개념USN 기본 개념
RFID 기술 및 응용
센서 네트워크 장점 및 응용센서 네트워크 장점 및 응용
USN 플랫폼 구성 요소 및 역할USN Protocol StackTechnologies for USNStandards for USN
결론
참고문헌
김재현 / 아주대학교USN 개요 - I 2
USN 개념 및 소개
김재현 / 아주대학교USN 개요 - I 3
USN 개념 및 소개
USN (Ubiquitous Sensor Network) 이란 ?Infrastructure network for realizing ubiquitous computingInfrastructure network for realizing ubiquitous computing environment using sensor nodes with sensing, processing and wireless communication capabilities
모든 사물에 전자 태그 부착
사물 정보 및 환경정보까지 감지
네트워크에 연결하여 실시간 관리
U qUbiquitousSSensor
Network네트워크에 연결하여 실시간 관리 Network
물류/유통 : SCM,재고관리동물관리
USNUSN홈 네트워크
쇼핑센터 : 자동계산대동물관리
USNUSN
병원환자 관리
홈 네트워크교통 : 텔레매틱스
ITS시스템
교통요금
김재현 / 아주대학교USN 개요 - I 4
환경 : 공해감시
(자연)재해관리
병원환자 관리
RFID 기술 및 응용
김재현 / 아주대학교USN 개요 - I 5
RFID 기술 및 응용
RFID (Radio frequency Identification) 이란 ?RFID is a simple form of ubiquitous sensor networks that are used toRFID is a simple form of ubiquitous sensor networks that are used to identify physical objects
Remote identificationNon-line-of-sightAutomatic reading
Tag RF Channel Reader Local Server Network
김재현 / 아주대학교USN 개요 - I 6
* RF – Radio Frequency
RFID 기술 및 응용
RFID 주파수 및 응용 분야
ID cardName: Rei ItsukiNo : 00012345
POST CARD
No.: 00012345Div.: Mu VCCompany: Hitachi, Ltd.
Embedded μ-chip
Invitation forHitachi Exhibition 2002
GlobalPassport, ID card
13.56Mhz(ISO 18000-3)
433.92MHz(ISO 18000-7)
960MHz (ISO 18000-6)
2.45GMhz(ISO 18000-4)
125KHz,134KHz(ISO 18000-2)
860MHz
김재현 / 아주대학교USN 개요 - I 7
RFID 기술 및 응용
RFID 기술 별 가격 전망
$100
Acti S
$50
$10ive C
hip
Sem
i-Active$10
$1
30c
e Chip P
assiv30c
10c
ve Chip
Chipless
5c
1c 이상
s
김재현 / 아주대학교USN 개요 - I 8
자료출처 : ID TechEx
RFID 기술 및 응용
RFID 가격 별 적용 분야 및 특성
분야 이용목적 기능특성태그 가격대
위치측정
10만원 정도
1만원 정도
군사의료
군용품의료기기
위치측정진단기능보안
교통 (요금지불,도난방지 보험 등)
차량 주행증자동 요금지불
주행 중 요금지불인증 보안
1천~5천원
도난방지,보험 등) 자동 요금지불 인증,보안
출입통제유통 (컨테이너,파렛트)
출입통제컨테이너,파렛트,가축등의 추적
보안
100~1000원
50원
항공,세탁물가구,미술품
물품관리고속 읽기,쓰기위조 방지
제조(공장),목재 자산관리 위조 방지50원
10원 정도
( ),소매(고가품목) 제품,목재 등의 추적 추적
소매(저가품목)교통(티켓)
소매품 관리 및 추적교통기관의 티켓추적
저 가격,저 기능추적 기능
김재현 / 아주대학교USN 개요 - I 9
자료출처 : IDTechEx
RFID 기술 및 응용
RFID 기술 발전 전망
2006년2005년 2007년 ~2010년구 분
2004년
지능화네트워크화, 초소형화, 초저가화고속화, 소형화, 저가화
태그/칩
, ,, ,
저전력 CMOS 칩 NANO, MEMS 초소형 칩 폴리머 칩
표면 탄성파 재질 이용 회로코일-콘덴서 회로
프린팅 안테나 패키징 칩 내장형 안테나 패키지 안테나
리더단일 대역 빔성형 안테나/RF 기술 다중대역, 광대역 안테나/SDR 기술
프린팅 안테나/패키징 칩 내장형 안테나 패키지 안테나
코드 읽기 전용 태그 센서통합 다기능 태그 자율통신 태그
리더
네트워크
연동
리더/인터넷 연동 이동통신망/휴대인터넷 연동 4G/BCN 연동
고속 다중 인식: 100 Tag/초 200 Tag/초 300 Tag/초
텔레매틱스, 홈네트워크 연동
서비스•업무 자동화•장거리 다중 물품 인식•고가 물품 관리
• 물품 정보 인식/ 추적
• 환경감지 정보 이용/관리/추적• 사물 위치 측정/추적
• 생활용품 인식/ 관리
• 사물간 자율 통신
텔레매틱스, 홈네트워크 연동
김재현 / 아주대학교USN 개요 - I 10
RFID 기술 및 응용
RFID 시스템에서의 간섭 및 해결방안Tag-to-Tag interferenceTag-to-Tag interference
Occur when multiple tags respond to the same reader simultaneouslyCan be avoided only by having each tag respond at different times
d h l i i lli i l i h l hi i fNeed to the multi-tag anti-collision algorithm to resolve this interference
김재현 / 아주대학교USN 개요 - I 11
RFID 기술 및 응용
RFID 시스템에서의 간섭 및 해결방안Reader-to-Tag interferenceReader-to-Tag interference
Occurs when a tag is in the interrogation zone of multiple readers and more than one reader transmits simultaneously.
C b id d l b h i i hb i d diffCan be avoided only by having neighboring readers operate at different times or different frequencies.Need to the multi-reader anti-collision algorithm to resolve this interference.
R1 Read Range
T1T2
T3
R1
T3R2 Read Range
Reader
김재현 / 아주대학교USN 개요 - I 12
Tag
RFID 기술 및 응용
RFID 시스템에서의 간섭 및 해결방안Reader-to-Reader interferenceReader-to-Reader interference
Occurs when the signal from neighboring readers interfereCan be avoided only by having neighboring readers operate at different times or different frequencytimes or different frequency.Need to the multi-reader anti-collision algorithm to resolve this interference.
R2 Interference Range
R1 Read Range
R1 R2
R2 Read Rangeg
T2
T1ReaderTag
김재현 / 아주대학교USN 개요 - I 13
RFID 기술 및 응용
Multi-tag anti-collision algorithm in RFID
Arbitration Air Interface(R->T / T->R)
EPC Data rate(R->T / T->R)
Security
ISO 18000 6 Framed Pulse interval ASK / not 33 kbps /ISO 18000-6TYPE A
Framed Slotted
Pulse interval ASK / FM0
notdefined
33 kbps /40 kbps
None
ISO 18000-6 Probabilistic Manchester-ASK / not 8/40 kbps /None
TYPE B Binary tree FM0 defined 40 kbpsNone
AutoID Class 0
Bit-by-bit Binary Tree
Pulse Width Mod./FSK
64/96b40/80 kbps /40/80 kbps
24-bit killClass 0 y p
AutoID Class 1
Binary treeusing 8 bin slots
Pulse Width Mod. / Pulse Interval AM 64/96b
70.18 kbps/140.35 kbps
8-bit kill
EPCglobal Gen 2
ProbabilisticSlotted
Pulse interval ASK /Miller, FM0
96/496b40 kbps /640 kbps
32-bit kill,Access
김재현 / 아주대학교USN 개요 - I 14
RFID 기술 및 응용
RFID 태그 인식 기술TYPE ATYPE A
STATE
2nd REQSlot4Slot3Slot2Slot11st REQREADER
IDLE1011 COLL 0101
TAG1(1011)
STATE IDLE1011 COLL 0101
1011
TAG3(0011)
TAG2(1010)
0011
1010
0011
1010
TAG4(0101)
( )
Frame size = 4
00
0101
00
Frame size = ?
김재현 / 아주대학교USN 개요 - I 15
Frame size 4 Frame size ?
Need to vary the Frame size for the number of tags
RFID 기술 및 응용
RFID 태그 인식 기술TYPE BTYPE B
T1 T2
T3
T4
0
1
0
T1 T2 T4
0 01 1 1 1
1 2 3 4 5 6 7 98 10 11 12Iterations
1 2 3 4 5 6 7 98 10 11 12Coll Succ IdleColl Coll Coll Coll IdleSucc Succ Succ
김재현 / 아주대학교USN 개요 - I 16
RFID 기술 및 응용
RFID 태그 인식 기술Class 0Class 0
REPLY
TAG
X(0)
READER
REPLY
TAG READERTAGREADERTAGREADERREADER
X(0)REPLYCMDREPLYX(0)CMD
TAG1(001)
STATE
0
X
0 1
X 001 X
TAG3(100)
TAG2(011) 0 1 0
1 1TAG3(100) 1 1
김재현 / 아주대학교USN 개요 - I 17
RFID 기술 및 응용
RFID 태그 인식 기술Class 1Class 1
Reader TAG
COMMAND PingIDPingIDS llIDCOMMAND
REQ.Bin 0(000)
Bin 1(001)
Bin2(010)
Bin 3(011)
Bin 4(100)
Bin 5(101)
Bin 6(110)
Bin 7(111)
POINTERLENGTHVALUE
STATUS
PingID0000 00000000 0100
1010IDLE IDLE SUCC IDLE IDLE SUCC IDLE IDLE
PingID0000 00000000 01111010010
IDLE SUCC COLL IDLE IDLE IDLE IDLE IDLE
ScrollID0000 00000000 01111010001
TAG 1
TAG 2(1010001110101010)
(1010010101001010)
00111010
01010100 10100101
(1010001110101010)
(1010010101001010)
(1010001110101010)
(1010010101001010)
TAG 1 sends ITM ( Full ID )(1010001110101010)
(1010010101001010)
(1010001110101010)
(1010010101001010)TAG 3
(1010010101001010)
(1010010010011010)0100100101001101
(1010010101001010)
(1010010010011010)
(1010010101001010)
(1010010010011010)
(1010010101001010)
(1010010010011010)
(1010010101001010)
(1010010010011010)
김재현 / 아주대학교USN 개요 - I 18
RFID 기술 및 응용
RFID 태그 인식 기술Class 1Class 1
………………0 1 1 0 0 1 1 1Tag_1 1 0 0 0 00
………………0 1 1 1 0 1 0 1Tag_2 1 1 0 0 0
………………0 1 1 1 0 1 1 1Tag_3 0 1 0 0 0
0
0
0 0 0[LEN] 1
Bin000
Bin111
Bin110
Bin101
Bin100
Bin011
Bin010
Bin001
0 00Pi ID [LEN] 1 [VALUE] 0 010 0 0[LEN] = 1 0 0
00 0 0[LEN] = 4 0 0
0
1 1
PingID [LEN]=1,[VALUE]=0
PingID [LEN]=4,[VALUE]=0011
01
ScrollID [LEN]=7,[VALUE]=0011001
00 0 0[LEN] = 4 0 0 1 1PingID [LEN]=7,[VALUE]=0011101
ScrollID [LEN]=10,[VALUE]=0011101011
김재현 / 아주대학교USN 개요 - I 19
Sc o [ ] 0,[ U ] 00 0 0
ScrollID [LEN]=10,[VALUE]=0011101110
RFID 기술 및 응용
RFID 태그 인식 기술Class 1 Gen 2Class 1 Gen 2
R dReader
Command QueryRepSelectQuery Tag1 Tag2ACKQueryRep
Session S.C.
T t I F
0n.a.
000 A A
S0
A
2
B
10
n a
n.a.S0
n a
S0
Target I.F.
Q Sn.a.n.a.
000 A A
S0 S0
A
2
Bn.a.n.a.
n.a.
n.a.
n.a.
Act Send RN16WaitSend RN16.Send EPC (ID)
where S C : Slot Counter I F : Inventoried Flag S : Session Act : Action
김재현 / 아주대학교USN 개요 - I 20
where, S.C. : Slot Counter, I.F. : Inventoried Flag, S : Session, Act. : Action
센서 네트워크 장점 및 응용센서 네트워크 장점 및 응용
김재현 / 아주대학교USN 개요 - I 21
센서 네트워크 장점 및 응용
Sensor Network ApplicationsBuilding AutomationBuilding AutomationPersonal Health CareIndustrial Control
PERSONAL HEALTH CARE
Telecom ServicesHome Control
INDUSTRIALCONTROL
Consumer ElectronicsPC & Peripherals
TELECOM SERVICESCONTROL SERVICES
PC & BUILDING AUTOMATION CONSUMER HOME
김재현 / 아주대학교USN 개요 - I 22
PERIPHERALSAUTOMATION ELECTRONICSCONTROL
센서 네트워크 장점 및 응용
Sensor Network ApplicationsBuilding AutomationBuilding Automation
Security, HVAC, AMR, lighting control, and access controlPersonal Health Care
Patient monitoring and fitness monitoringPatient monitoring and fitness monitoringIndustrial Control
Asset management, Process control, and energy managementTelecom Services
m-commerce, info services, and object interactionHome Control
Security, HVAC, lighting control, access control, and irrigationConsumer Electronics
TV VCR DVD/CD and remoteTV, VCR, DVD/CD, and remotePC & Peripherals
Mouse, keyboard, and joystick
김재현 / 아주대학교USN 개요 - I 23
센서 네트워크 장점 및 응용
Characteristics of USNLarge number of sensor nodes
Maybe 10 to 100,000 nodes (scalability)Node position may not be predeterminedLow cost
Low energy consumptionTo relocate & recharge large number of nodes is impossibleLife time of sensor network depends on battery life time
Network self-organizationLarge number of nodes in hostile locations
Manual configuration unfeasibleN d f il & d j i h kNodes may fail & new nodes join the networkAd-hoc sensor network protocols
Collaborative/Distributed processingL ll i l i f d d dLocally carry out simple computation -> forwards and aggregate data
Query ability (Sensor Database)Single node or group of nodesB d ll d f i &
김재현 / 아주대학교USN 개요 - I 24
Base nodes collect data from given area & create summary messages
센서 네트워크 장점 및 응용
USN and Ad-hoc Network Comparison
Items for comparison Sensor Network Ad-hoc Network
Number of nodes 100 ~ 1000 10 ~ 100
Deployment Densely Relatively sparsely
Failure Prone to failure Not prone to failurep
Communication Broadcast Point-to-point
Topology change Very frequent Almost steadyTopology change Very frequent Almost steady
Power Limited Rechargeable
Resource Limited Relatively highResource Limited Relatively high
ID Local ID Global ID(IP address)
김재현 / 아주대학교USN 개요 - I 25
* Source – APNOMS 2005 Tutorial, Okinawa, Japan
플랫폼 구성 요소 및 역할USN 플랫폼 구성 요소 및 역할
김재현 / 아주대학교USN 개요 - I 26
USN 플랫폼 구성 요소 및 역할
USN Protocol StackCoordinating to minimize duty cycle and communicationCoordinating to minimize duty cycle and communication
Adaptive topology, routing, and adaptive MACIn-network processing
Data centric routing and programming models
Logical Function of layersLogical Function of layers
Application User Queries, External Database
Transport Application Processing, Aggregation, Query Processing
Network Adaptive topology, Geo-Routing
Data link MAC, Time, Location, Adaptive
Ph i l C i ti S i A t ti
김재현 / 아주대학교USN 개요 - I 27
Physical Communication, Sensing, Actuation
USN 플랫폼 구성 요소 및 역할
USN Protocol StackPhysical LayerPhysical Layer
NeedsSimple, but robust modulation, transmission, and receiving technique
Transmission mediaRadio
ISM (Industrial, Scientific, Medical) 915MHz band widely suggestedInfraredOptical media
Open research issuesModulation scheme
Need simple and low-power modulation schemeHardware design
Tiny, low-power, low-costPower-efficient hardware management strategy
김재현 / 아주대학교USN 개요 - I 28
USN 플랫폼 구성 요소 및 역할
USN Protocol StackData Link LayerData Link Layer
Responsible for multiplexing of data streams, Medium Access control (MAC) and Error ControlMedium Access Control (MAC)Medium Access Control (MAC)
Creation of the network infrastructureFairly and efficiently communication resources sharing between sensor nodes
MAC for Sensor NetworkSMACS (Self-Organizing Medium Access Control for Sensor Networks)EAR (Eaves-drop-And-Register) AlgorithmCSMA-Based MAC schemeHybrid TDMA/FDMA-Based MAC scheme
Power Saving Modes of OperationError Control
FEC (Forward Error Correction)ARQ (Automatic Repeat Request)
김재현 / 아주대학교USN 개요 - I 29
USN 플랫폼 구성 요소 및 역할
USN Protocol StackNetwork LayerNetwork Layer
NeedsData Routing
iRequirementPower efficiency, Data-centric, Data aggregation
S h D i tiScheme DescriptionFlooding Broadcasts data to all neighbor nodes
Gossiping Sends data to one randomly selected neighbor
LEACH Forms a cluster to minimize energy loss
SPIN Sends data to sensor nodes only if they are “interested”, has 3 types of messages (ADV, REQ, DATA)
Directed diffusion Sets up gradients for date to flow from source to sink during interest disseminitionDirected diffusion Sets up gradients for date to flow from source to sink during interest disseminition
Power Efficiency Routing
Pick a route based on : Max. Power Available(PA), min Energy (ME), , Min Hop(MH), or Max Min PA
Smecn Create a sub-graph of the sensor network that contains the minimum energy path
김재현 / 아주대학교USN 개요 - I 30
Smecn Create a sub graph of the sensor network that contains the minimum energy path
SAR Creates multiple trees where the root of each tree is one hop neighbor from the sink
USN 플랫폼 구성 요소 및 역할
USN Protocol StackTransport LayerTransport Layer
NeedsMaintain the flow of data if the sensor networks applications requires it
ResearchCommunication between user and sink node
TCP or UDP via the internet or satelliteCommunication between sink node and sensor node
UDP type protocol, because sensor node has limited memory
NamingNot based on global addressingAttribute-based naming
김재현 / 아주대학교USN 개요 - I 31
USN 플랫폼 구성 요소 및 역할
USN Protocol StackApplication LayerApplication Layer
NeedsDepending on the sensing tasks, different types of application software built and usedand used
Application layer protocolsSMP (Sensor Management Protocol)
S d i i i i h k i SMPSystem administrators interact with sensor networks using SMPTADAP (Task Assignment and Data Advertisement Protocol)SQDDP (Sensor Query and Data Dissemination Protocol)
김재현 / 아주대학교USN 개요 - I 32
Location Technology in USN
김재현 / 아주대학교USN 개요 - I 33
Location Technology in USN
Discovery of absolute or relative locationGeographical routing (location attribute based naming andGeographical routing (location attribute based naming and addressing)Tracking of moving objectsContext (location) aware applicationsContext (location) aware applications
Challenges in USNEnergy constraintgyHarsh environment with multi-pathsMinimal infrastructure (Few beacons, No backend computation)
M t h i f l ti iMany techniques for location sensingTOA (Time Of Arrival)TDOA (Time Difference Of Arrival)TDOA (Time Difference Of Arrival)AOA (Angle Of Arrival)SSR (Signal Strength Ranging)GPS t
김재현 / 아주대학교USN 개요 - I 34
GPS, etc.
Time Synchronization in USN
김재현 / 아주대학교USN 개요 - I 35
Time Synchronization in USN
Critical at many layers of sensor networkCommunication localization distributed DSP etcCommunication, localization, distributed DSP, etc.Conventional approaches
GPSIndoors?, cost, size, energy
NTP (Network Time Protocol)Delay and jitters due to MAC and store-and-forward relayingy j y gDiscovery of timer servers (nodes synchronize with one of a pre-specified list of time servers)
Reference-broadcast synchronization (RBS)Reference-broadcast synchronization (RBS)Very high precision sync. with slow radios
Beacons are transmitted, using physical-layer broadcast, to a set of receiversTime synchronization is based on the difference between reception times, do not sync sender with receivers
김재현 / 아주대학교USN 개요 - I 36
SUSN Management
- USN Management
- USN Management Requirement
- USN Management Goal
- USN Management Architecture
USN M t F ti l A- USN Management Functional Area
김재현 / 아주대학교USN 개요 - I 37
USN Management
Why isn’t SNMP (Simple Network Management Protocol) adaptable to USN?Protocol) adaptable to USN?
Sensor-specific failures are not handledDifficult to find the failed nodesPhysical connections are not utilizedCommonly, there is not a management agentSpecifying nodes is difficultSpecifying nodes is difficultNetwork is self-configured, so that management server doesn’t have all information of sensor nodes
Ch llChallengesPresent many and drastically different challenges. For example:
Deployment of nodes, Discarding of nodesp y , gRequire augmentation to (or new approaches over) traditional network and service management techniquesNeed to take into account specific characteristics of WSNs (e g energy
김재현 / 아주대학교USN 개요 - I 38
Need to take into account specific characteristics of WSNs (e.g., energy waste)
USN Management Requirements
Fault toleranceHandle loss of nodes - Lack of Power, Physical damage, Environmental interferenceinterference
ScalabilityHandle high density of nodes - The number of sensor nodes is an extreme value of millions
P d ti tProduction costsMake them low cost - Cost of a single node is very important to justify the overall cost of the network
Operating environmentp gSurvive and maintain communication - The bottom of an ocean, biologically contaminated field, battlefield
Transmission mediaWireless Radio infrared optical mediaWireless - Radio, infrared, optical media
Hardware constraintsNodes are tiny - Very small size, very light node, limited memory, limited battery
Power consumptionPower consumptionLimited Tx, computation, lifetime - Replenishment of power is impossible
Changing TopologyNodes - Nodes moving, new nodes, loss nodes
김재현 / 아주대학교USN 개요 - I 39
USN Management Goal
Promote resources productivityMaintain the quality of the services providedMaintain the quality of the services providedApplication-dependent and the management solution design is affected
USN USNM tAffectApplications Management
DesignAffect
Developing management solutions for USNNot trivialBecome worse due to the physical restrictions of sensor nodesBecome worse due to the physical restrictions of sensor nodes
Energy, bandwidth, ……Significantly different with the management of traditional networks
김재현 / 아주대학교USN 개요 - I 40
networks
USN Management Architecture
김재현 / 아주대학교USN 개요 - I 41
USN Management Functional Areas
Functions
Fault
- Faults in USNs are not an exception and tend to occur frequently, thus fault management is a critical function
- This is one of the reasons that make USN management different from traditional network managementS lf di ti th t k it it lf d fi d f lt il bl d- Self-diagnostic : the network monitors itself and find faulty or unavailable nodes
- Self-healing : the network prevents disruptions or that acts to recover itself or the node after the self-diagnostic
- Self-organization : is the property which the sensor nodes must have to organize themselves to Configuration form the network
- Self-configuration : nodes setup and network boot up must occur automatically
Accounting-It includes functions related to the use of resources and corresponding reportsIt establishes metrics quotas and limits that can be used by functions of other functional areasAccounting -It establishes metrics, quotas and limits that can be used by functions of other functional areas
-It must provide self-sustaining functionalities
Performance- There is a trade-off to be considered : the higher the number of managed parameters, the
higher the energy consumption and the lower the network lifetimePerformance - On the other hand, if enough parameter values are not obtained, it may not be possible to manage the network appropriately
Security- Security functionalities for USNs are intrinsically difficult to be provided because of their ad-
hoc organization, intermittent connectivity, wireless communication and resource limitations
김재현 / 아주대학교USN 개요 - I 42
Security- A USN is subject to different safety threats : internal, external, accidental, and malicious
S ifi i f SSpecific Management Functions of USN
- Power Management
- Topology Management
- Security Management
- Context-Awareness Management
김재현 / 아주대학교USN 개요 - I 43
Power Management
Manage how a sensor node uses its powerExampleExample
Sensor node may turn off its receiver after receiving a message from one of its neighbors g
Avoid getting duplicated messagesWhen the power level of the sensor node is low
B d t t it i hb h it i l iBroadcast to its neighbor when it is low in powerCannot participate in routing messagesReserve the remaining power for sensing
RequirementsUsing batteryLimited PowerExpand the life time of sensor nodeReduce the overhead
김재현 / 아주대학교USN 개요 - I 44
Reduce the overhead
Power Management in Layers
Physical layerLow Power Modulation SchemeTransceiver, Sensor, Process : Small, Low Power, Low Cost
Data link layerEnergy efficiency MAC protocolgy y p
Adaptive duty cycling – S-MAC, ASCENT, SPANWake up on-demand – STEM, Wake-on-Wireless
Reduce the collision, signaling, frame overheadPower saving mode (ex. On/Off mode)
Network LayerEnergy-efficiency routinggy y gEnergy-efficiency data aggregation algorithmsLocation based routing
Transport LayerTransport LayerUse UDP message protocol between Sink and Sensor nodeLimited memory and processing power
Application Layer
김재현 / 아주대학교USN 개요 - I 45
Application LayerEnergy-efficiency Applications
Topology Management
GoalTo coordinate the sleep transitions of all nodes while ensuringTo coordinate the sleep transitions of all nodes, while ensuring adequate network connectivity, such that data can be forwarded efficiently to the data sink.
RequirementsHeterogeneous nodeD t di & d t di i tiData discovery & data disseminationLimited memory & power constraintApplication requirementsApplication requirementsNode mobility
Ad-hoc Self-organizationgLCA (Linked Cluster Algorithm)LAA (Link Activation Algorithm)
김재현 / 아주대학교USN 개요 - I 46
DEA (Distributed Evolution Algorithm)
Topology Management (Con’t)
Some TechniquesSMACS (Self-Organizing Medium Access Control for SensorSMACS (Self-Organizing Medium Access Control for Sensor networks)EAR (Eavesdrop And Register)SAR (Sequential Assignment Routing)SWE (Single Winner Election)MWE (M lti Wi El ti )MWE (Multi Winner Election)
김재현 / 아주대학교USN 개요 - I 47
Security Management
RequirementsPeanut CPU (slow computation rate)( p )Battery power: trade-off between security and battery lifeLimited memoryHigh latency: conserve power turn on periodicallyHigh latency: conserve power, turn on periodically
Security Management in USNApplications need security (privacy)Absence of security enables attacks such as spoofing & replay attacks, resulting in DoS or system compromiseIntrusion prevention : First line of defenseIntrusion detection : Second line of defense
Main Security Threats in USNRadio links are insecureRadio links are insecureSensor nodes are not temper resistant
Attacker types
김재현 / 아주대학교USN 개요 - I 48
Mote-classOutside / inside
Security Management (Con’t)
AttacksPhysical attackPhysical attackDenial-of-serviceBattery exhaustionClock synchronizationLocation discoveryAttacks on routing
Spoofed, altered, or replayed routing informationSelective forwardinggSinkhole attackSybil attackW h lWormholesHELLO flood attacksAcknowledgment spoofing
김재현 / 아주대학교USN 개요 - I 49
Security Management (Con’t)
CountermeasuresLink layer encryption selective forwardingLink layer encryption – selective forwardingUsing a counter – Replay attacksLimiting the number of neighbors per node – Insider attacksBi-directionality of the link – HELLO floodGeographically routing – Wormhole attacks
김재현 / 아주대학교USN 개요 - I 50
Context Management
Gathering the “User Context”RequirementRequirement
User intent predictionApplication deployment supportR ti t t i
Activity
Runtime context serviceReal-time serviceInter-user coordination and collaboration
Environment Self
ContextAny information that can be used to characterize the situation of an entityConsidered relevant to the interaction of an entityConsidered relevant to the interaction of an entityConsidered relevant to the interaction between a user and an application, including themselves
Context ModelContext ModelThe ACTIVITY – behavior, taskThe ENVIRONMENT – physical status, social surroundings
김재현 / 아주대학교USN 개요 - I 51
The SELF – status of device itself
Context Management (Con’t)
Key ComponentsContext discovery and acquisitionContext discovery and acquisitionUser interfaceContext management and modelingC i i d h iContext composition and gathering
Group Context ManagementEnable syntactic and semantic interoperability between context-Enable syntactic and semantic interoperability between contextaware applicationsEnable seamless integration of various kinds of contexts and make it easy to be inferredeasy to be inferred
User ContextUser intent predictionApplication development supportRuntime context serviceInter user coordination and collaboration
김재현 / 아주대학교USN 개요 - I 52
Inter-user coordination and collaboration
Standards for USN- IEEE 802.15.4
- ZigBee
김재현 / 아주대학교USN 개요 - I 53
Standards for USN
IEEE 802 Wireless Space
WWAN IEEE 802.22
WMANWiMax
IEEE 802.20
Ran
ge
WLAN WiFi
WiMaxIEEE 802.16
ZigBee802.15.4
15 4c802.15.3802 15 3WPAN
WLAN WiFi802.11
Bluetooth15.4c 802.15.3cWPAN
0.01 0.1 1 10 100 1000
802.15.1
김재현 / 아주대학교USN 개요 - I 54
Data Rate (Mbps)
Standards for USN
IEEE 802.15.4 overviewLow Cost Power and Rate (20 40 250Kbps)Low Cost, Power, and Rate (20, 40, 250Kbps) Short Range (less than 10m)Dynamic device addressingSupport for low latency devices Reliable by fully handshake protocolCSMA-CA channel access. Low power consumptionApply toApply to
u-Smart Home Network : Energy save, Consumer Electronics, Toy, SecurityH l h h k d i i SHealth care check and monitoring System
TopologyStar or peer-to-peer topology
김재현 / 아주대학교USN 개요 - I 55
p p p gy
Standards for USN
IEEE 15.4 PHY
2MHz 5MHzChannel 1-10 Channel 11-26Channel 0
868MHz 902MHz 928MHz 2 4GHz 2 4835GHz
Frequency 868MHz 915MHz 2.4GHz
D t R t 20kb 40kb 250kb
868MHz 902MHz 928MHz 2.4GHz 2.4835GHz
Data Rate 20kbps 40kbps 250kbps
Modulation BPSK BPSK O-QPSK
# of Channel 1 10 (2MHz) 16 (5MHz)
Packet period 53.2ms 26.6ms 4.25ms
Receiver sensitivity < -92dBm < -92dBm < -85dBm
Range 10 20m(1mW) 10 20m(1mW) 10 20m(1mW)
김재현 / 아주대학교USN 개요 - I 56
Range 10~20m(1mW) 10~20m(1mW) 10~20m(1mW)
Standards for USN
MAC overviewFeatures of the MAC sub-layerFeatures of the MAC sub layer
Beacon managementChannel accessGuaranteed time slot managementGuaranteed time slot managementFrame validationAcknowledged frame deliveryAssociation and disassociationAssociation and disassociationSecurity mechanisms
FFD (Full Function Device)A device capable of operating as a coordinator or device, implementing the complete protocol set.
RFD (Reduced Function Device)A device operating with a minimal implementation of the IEEE 802.15.4 protocol.Can not be a coordinator device
김재현 / 아주대학교USN 개요 - I 57
Standards for USN
802.15.4 MAC/PHY Frame Format
Frame Sequence Address Payload FCS
2octet 1 4-20 n ≤ 102 2
MAC
MHR MSDU MAF
control number info Payload FCS
3.75~50.625~2.5
1octet
MAC
SHR PHR Physical Service Data Unit (PSDU)
Preamble SFD FL MAC Protocol Data Unit (MPDU)
PHY
Physical Protocol Data Unit (PSDU)
- FCS : Frame Check Sequence - MHR : MAC Header - MSDU : MAC Service Data Unit
PPDU size : 13.5 + ( 4 to 20) + n (≤ 135.5 Octet)
김재현 / 아주대학교USN 개요 - I 58
- MAF : MAC Footer - FL : Frame Length - SFD : Start Frame Delimiter - SHR : Synchronization Header - PHR : Physical Header - PPDU : Physical Protocol Data Unit
Standards for USN
IEEE 802.15.4 Operational Modes
IEEE 802.15.4 MAC
Beacon Enabled Non Beacon Enabled
Superframe Unslotted CSMA/CA
Contention Access Period (Without GTS)
Contention Access/ Contention Free Periods
(With GTS)
Slotted CSMA/CA Slotted CSMA/CA
/ Slot Allocations
김재현 / 아주대학교USN 개요 - I 59
Standards for USN
IEEE 802.15.4 Superframe Structure
김재현 / 아주대학교USN 개요 - I 60 60
Standards for USN
IEEE 802.15.4 Superframe StructureThe superframe structure without GTSsThe superframe structure without GTSs
Frame Beacon
Inactive PeriodContention Access Period
The superframe structure with GTSsThe superframe structure with GTSsFrame Beacon
Inactive PeriodContention
Access Period
Contention Free Period
김재현 / 아주대학교USN 개요 - I 61
CSMA/CA protocol
Use different Inter Frame Space (IFS) to differentiate traffictraffic
SIFS (Short Inter Frame Space) : High PriorityPIFS (PCF Inter Frame Space) : Medium PriorityDIFS (DCF Inter Frame Space) : Low Priority
DIFS Contention WindowPIFSDIFS
Sense channel during DIFS
Slot time
Busy Medium Backoff-Window Next FrameSIFS
Defer Access Backoff slot reduced when channel is idle
김재현 / 아주대학교USN 개요 - I 62
CSMA/CA protocol
Exponential Back-off AlgorithmCW : Contention Window ( 0 to CW min ~ CW max ) :CW : Contention Window ( 0 to CW_min ~ CW_max ) :
Backoff delay = int(CW * Random()) * Slot TimeSlot time : Receiver turn on time + propagation delay + media busy detection timedetection time
CW_min : 11.a = 15, 11.b = 7, 11.b HR = 31, CW_max = 1023 CW is doubled when transmission is failed
CW_max=255 255300
Example
127150
200
250
CW_min=7
3163
0
50
100
1 2 3 4 5 6
김재현 / 아주대학교USN 개요 - I 63
1 2 3 4 5 6
CSMA/CA protocol
CSMA/CA with ACKDefer access based on Carrier SenseDefer access based on Carrier Sense
CCA from PHY and Virtual Carrier Sense stateDirect access when medium is sensed free longer than DIFS, otherwise d f d b k ffdefer and backoffReceiver of directed frames to return an ACK immediately when CRC correct
When no ACK received, then retransmit the frame after a random backoff (up to a maximum limit)
김재현 / 아주대학교USN 개요 - I 64
CSMA/CA protocol
Hidden Node ProblemWhile STA-A sends data to STA-BWhile STA-A sends data to STA-B
STA-C may try to communicate with STA-BResulting in the collision in STA-B
STA-A don’t know whether there is STA-C or notUse RTS-CTS dialogue to resolve Hidden Node Problem
STA-BSTA-A STA-C
Collision
김재현 / 아주대학교USN 개요 - I 65
CSMA/CA protocol
CSMA/CA with RTS-CTS
김재현 / 아주대학교USN 개요 - I 66
CSMA/CA protocol
Exposed Node ProblemBy RTS-CTS dialogueBy RTS-CTS dialogue
B C EDAF
RTS RTS
DATA DATA
CTS CTS
DATA DATA
ACKACK
김재현 / 아주대학교USN 개요 - I 67
Reserved area
ZigBee OverviewZigBee Overview
김재현 / 아주대학교USN 개요 - I 68
Basic Network Characteristics
65,536 network (client) nodes27 channels over 2 bands27 channels over 2 bands250Kbps data rateO ti i d f ti i iti l li ti dOptimized for timing-critical applications and power management
Full Mesh Networking SupportFull Mesh Networking Support
Network coordinatorFull Function nodeReduced Function node
Communications flowVirtual links
김재현 / 아주대학교USN 개요 - I 69
Basic Radio Characteristics
ZigBee technology relies upon IEEE 802.15.4, which has excellent performance in
l SNR i t
김재현 / 아주대학교USN 개요 - I 70
low SNR environments
ZigBee Mesh Networking
김재현 / 아주대학교USN 개요 - I 71
ZigBee Mesh Networking
김재현 / 아주대학교USN 개요 - I 72
ZigBee Mesh Networking
김재현 / 아주대학교USN 개요 - I 73
ZigBee Mesh Networking
김재현 / 아주대학교USN 개요 - I 74
ZigBee Mesh Networking
김재현 / 아주대학교USN 개요 - I 75
ZigBee Stack Architecture (1/2)
Application/ProfilesZigBee or OEM
(User Defined)
ZigBee Characteristics- Addressing
Assign the address to node dependApplication Framework
Assign the address to node depend on network configuration
- Location
Network/Security Layers
MAC Layer
ZigBee
Alliance
Platform
Have a location information depend on a network topology in sensor network
PHY LayerIEEE - Synchronization
Common Sync Technology is used
(NTP RBS TPSN FTSP)(NTP, RBS, TPSN, FTSP)
김재현 / 아주대학교USN 개요 - I 76
ZigBee Stack Architecture (2/2)
Initiate and join network
Applicationj
Manage networkDetermine device relationshipsSend and receive messagesSend and receive messages
Application ZDOApplication ZDO
App Support (APS)SSPSecurity functions
Device managementDevice discovery
Medium Access (MAC)
NWKSSP
Network organizationRoute discovery
Device bindingMessaging
Service discovery
Physical Radio (PHY)
( )Message relaying
Messaging
김재현 / 아주대학교USN 개요 - I 77
ZigBee Device Types
ZigBee Coordinator (ZC)One required for each ZB network.Initiates network formationInitiates network formation.
ZigBee Router (ZR)ZigBee Router (ZR)Participates in multihop routing of messages.
ZigBee End Device (ZED)Does not allow association or routing.gEnables very low cost solutions
김재현 / 아주대학교USN 개요 - I 78
ZigBee Network Topologies
ZigBee CoordinatorZigBee RouterZigBee End Device
김재현 / 아주대학교USN 개요 - I 79
ZigBee End Device
<Mesh>
Security in ZigBeey g
김재현 / 아주대학교USN 개요 - I 80
Security in ZigBee
ZigBee Protocol Stack Overview
김재현 / 아주대학교USN 개요 - I 81
Security in ZigBee
Application LayerAPS (Application Support) sublayerAPS (Application Support) sublayer
APSDE(APS Data Entity)Generation of the application level PDU (APDU)
i di d iBinding and FragmentationGroup address filteringReliable transport / Duplicate rejection
APSME(APS Management Entity)Binding managementAIB management / Group managementSecurity
ZDO (ZigBee Device Object)InitializingInitializingAssembling configuration information
Manufacturer defined application objects.
김재현 / 아주대학교USN 개요 - I 82
Security in ZigBee
Network (NWK) LayerNLDE (Network Layer Data Entity)NLDE (Network Layer Data Entity)
Generation of the Network level PDU (NPDU)Topology-specific routing
NLME (Network Layer Management Entity)Configuring a new deviceStarting a networkStarting a networkJoining, rejoining and leaving a networkAddressingNeighbor discoveryRoute discoveryReception controlpRoutingSecurity
김재현 / 아주대학교USN 개요 - I 83
ZigBee Protocol Stack OverviewZigBee Protocol Stack Overview
MAC Layer & PHY Layer : IEEE 802.15.4-2003 (LR-WPAN)Over-the-air data rates of 250 Kbps 40 Kbps and 20 KbpsOver-the-air data rates of 250 Kbps, 40 Kbps, and 20 Kbps
Star or peer-to-peer operation
Allocated 16-bit short or 64-bit extended addresses
Optional allocation of guaranteed time slots (GTSs): TDMA
Carrier sense multiple access with collision avoidance (CSMA-CA) channel access
Fully acknowledged protocol for transfer reliability (use retransmission)
Low power consumption
Energy detection (ED)
Link quality indication (LQI)16 channels in the 2450 MHz band, 10 channels in the 915 MHz band, and 1 channel in the 868 MHz band
김재현 / 아주대학교USN 개요 - I 84
Frame StructureFrame Structure
김재현 / 아주대학교USN 개요 - I 85
Frame StructureFrame Structure
APS layerExtended header
for fragmentation
NWK layerRadius
the range(maximum number of hops) of a radius-limited transmission.Sequence number
prevent routing same packetsSource route subframe
for source routing, store the route information from source to destination
MAC la erMAC layerPAN ID
allows communication between devices within a network and enables i i b d i h k
김재현 / 아주대학교USN 개요 - I 86
transmissions between devices another networks
Design objectives for ZigBee SecurityDesign objectives for ZigBee Security
ZigBee devices areb d ti i t llbased on tiny microcontrollershave low memory (code and data)deployed in home/industrial scenarios p yeasy to use
So we needencryption primitive must be simple to implement and executeencryption primitive must be simple to implement and executelow overhead for key storage / maintenanceflexible enough to support home/industrialeasy to use
김재현 / 아주대학교USN 개요 - I 87
Design objectives for ZigBee SecurityDesign objectives for ZigBee Security
Secure the InfrastructureNetwork access controlNetwork access controlIntegrity of packet routingPrevent unauthorized use of packet transport
Application data securityMessage integrity
protects message from being modified in transitAuthentication
provides assurance on the originator of messageFreshness
prevents replay attacksp eve s ep y c sPrivacy
prevents an eavesdropper from listening messages
김재현 / 아주대학교USN 개요 - I 88
History of ZigBee Security
Version r14Entity authentication is addedEntity authentication is addedIncorporating errata and clarifications
Version r15, r16Residential/Commercial mode is changed to Standard/Hi-security modeCommand tunneling is addedgPermission control table is addedIncorporating errata and clarifications
V i 17Version r17Entity authentication is used for frame counter synchronizationMore test vectors for securityMore test vectors for securityIncorporating errata and clarifications
김재현 / 아주대학교USN 개요 - I 89
ZigBee SecurityZigBee Security
- AES : Advanced Encryption Standard, one of block cipher function- CCM : CTR-CBC-MAC mode of operation
김재현 / 아주대학교USN 개요 - I 90
- CCM* : CTR-CBC-MAC mode of operation with some modification- CTR : CounTeR mode of operation- CBC-MAC : Cipher-Block Chaining-Message Authentication Code mode of operation
ZigBee Device Types on SecurityZigBee Device Types on Security
Trust center(TC)ZigBee CoordinatorZigBee CoordinatorTrust Manager
Authenticate devices that request to join network
Network ManagerMaintains and distributes network keys
Configuration ManagerE bl d d i bEnables end-to-end security between devices by assisting in setup of link keys
RouterRouting security informationLiaison for devices which not have network key
End device
김재현 / 아주대학교USN 개요 - I 91
Key TypesKey Types
Link keyMaster key Derived using SKKE yBasis of security between two devices (insider protection)Derived using SKKE between two d i
yBasis for long-term security
devices
Network KeyNetwork Keyshared key : basis of network-wide securityprotects infrastructure and application data from outsider attacks
Keys can be factory-installed or setup over the air or using out-of-band mechanismseavesdropping should be prevented when this is setup
Link and Network keys can be updated periodically
김재현 / 아주대학교USN 개요 - I 92
y p p y
* SKKE : Symmetric-Key Key-Establishment
SymmetricSymmetric--Key Key Establishment Key Key Establishment (SKKE) Protocol(SKKE) Protocol
김재현 / 아주대학교USN 개요 - I 93
QEU, QEV : 16-byte random sequence
SymmetricSymmetric--Key Key Establishment Key Key Establishment (SKKE) Protocol(SKKE) Protocol
Initiator U Responder V
Secret Key GenerationZ = HashMasterKey(U | V | QEU | QEV)
Secret Key GenerationZ = HashMasterKey(U | V | QEU | QEV)
Key Derivation Functionmackey = Hash(Z | 0x01)linkkey = Hash(Z | 0x02)
Key Derivation Functionmackey = Hash(Z | 0x01)linkkey = Hash(Z | 0x02)
Keyed Hash FunctionMacTag2 = Hashmackey(0x03 | U | V | QEU | QEV)
Keyed Hash FunctionMacTag2' = Hashmackey(0x03 | U | V | QEU | QEV)
(3) Send SKKE-3 frame(with MacTag2)
Compare MacTag2 and MacTag2'(If different, stop SKKE)
김재현 / 아주대학교USN 개요 - I 94
* | : Concatenation
V believe that U is correct device
SymmetricSymmetric--Key Key Establishment Key Key Establishment (SKKE) Protocol(SKKE) Protocol
U believe that V is correct device
김재현 / 아주대학교USN 개요 - I 95
Standard ModeStandard Mode
Residential mode in ZigBee 2006Provide reduced security in ZigBee
No SKKENo SKKENo device authentication during joining procedureUse only one key type : Network key
Key typeKey typeNetwork key
Provides network layer frame security & integrity (protect external attack)
AdvantageMinimize storageLow capability device can act as trust centerTrust center can be easily replaced with anotherTrust center can be easily replaced with another deviceEasy to maintain
DisadvantageDisadvantageCannot protect internal attacksNo authentication during joining procedure
김재현 / 아주대학교USN 개요 - I 96
HiHi--security Modesecurity Mode
Commercial mode in ZigBee 2006Provide full security in ZigBee
Do SKKE
C : KN , KM,AC, KL,AC KM,BC, KM,BC
Do SKKEDevice authentication during joining procedureUse all key types
D : KN , KM,AD, KL,AD
Key typeMaster keyLink key
Provides APS layer frame security & integrity B : K K KProvides APS layer frame security & integrity (protect internal attack)
Network keyProvides network layer frame security & integrity (protect external attack) A : KN , KM,AB, KL,AB
B : KN , KM,AB, KL,AB KM,BC, KL,BC
(protect external attack)
AdvantageProvide all security functions in ZigBee
ZigBee CoordinatorZigBee Router
KM,AC, KL,AC KM,AD, KM,AD
DisadvantageIncrease storage overheadLow capability device cannot act as trust center
ZigBee End Device
KN Network Key
K M t k b t A d B
김재현 / 아주대학교USN 개요 - I 97
Low capability device cannot act as trust center
KL,AB Link key between A and B
KM,AB Master key between A and B
ZigBee Security ServiceZigBee Security Service
128-bit Symmetric Key CryptographyBlock Cipher Mode : 128-bit AES(Advanced EncryptionBlock Cipher Mode : 128 bit AES(Advanced Encryption Standard)Low overheadStrongStrongNIST(National Institute of Standards and Technology) approved security
Frame SecurityEncryption & Message Authentication : AES-CCM*Device level and/or network levelIntegrity is option : 0, 32, 64 or 128 bit MIC(Message IntegrationIntegrity is option : 0, 32, 64 or 128 bit MIC(Message Integration Code)
Message protection vs. Message overhead
김재현 / 아주대학교USN 개요 - I 98
ZigBee Security ServiceZigBee Security Service
Key ManagementHash
AES MMO(AES M t M O )AES-MMO(AES-Matyas-Meyer-Oseas)Cryptographic Hash
HMAC(keyed-Hash Message Authentication Code) with AES-MMOKey Establishment Protocoly
SKKE protocolNetwork key & Link key Update
AuthenticationSKKE ProtocolEntity Authentication
Similar to SKKE protocolUse network key instead of master keyNot establish link key
Device ManagementDevice UpdateDevice Leaving
김재현 / 아주대학교USN 개요 - I 99
g
Example of Frame Security Example of Frame Security (APS layer, Outgoing)(APS layer, Outgoing)
UnsecuredPayload
Frame Counter(4)
Source Address(8)
Security Control(1)
<Nonce N>
Security Level(3bits)
Key Identifier(2bits)
Extended Nonce(1bit)
Reserved(2bits)
000
Link Key
Authentication data
00 CCM* Encryption &
Authentication
Nonce
Security Control(1)
Frame Counter(4)
Key Sequence Number(1)
APS Header Auxiliary frame Header Secured APS payload & MIC
김재현 / 아주대학교USN 개요 - I 100
* Colored block represent same value
Example of Frame Security Example of Frame Security (Network layer, Outgoing)(Network layer, Outgoing)
UnsecuredPayload
Frame Counter(4)
Source Address(8)
Security Control(1)
<Nonce N>
Security Level(3bits)
Key Identifier(2bits)
Extended Nonce(1bit)
Reserved(2bits)
011
Network Key
Authentication data
00 CCM* Encryption &
Authentication
Nonce
Security Control(1)
Frame Counter(4)
Source Address(8)
Key Sequence Number(1)
NWK Header Auxiliary frame Header Secured NWK payload & MIC
김재현 / 아주대학교USN 개요 - I 101
* Colored block represent same value
Procedures Procedures --Device Authentication & UpdateDevice Authentication & Update
Hi-Security Mode
Receive NWK address
device updatep(a device joined!)
Transport master key(if master key not preconfigured)
Do device authentication and establish link key
Transport network key
Authenticate between router and joiner device
김재현 / 아주대학교USN 개요 - I 102
Procedures Procedures --Device Authentication & UpdateDevice Authentication & Update
Standard Mode
김재현 / 아주대학교USN 개요 - I 103
Procedures Procedures --Network key updateNetwork key update
TrustCenter Device1 Device2
T t K C d(NWK K N)
Replace alternate or active network key with network key
N
Transport-Key Command(NWK Key, N)
Switch-Key Command(N)
Make network key N the activeMake network key N the active network key or Ignore
Transport-Key Command(NWK Key, N)
Replace alternate or active network key with network key
N
Switch-Key Command(N)
Make network key N the active network key or Ignore
김재현 / 아주대학교USN 개요 - I 104
Procedures Procedures --EndEnd--toto--end key establishmentend key establishment
김재현 / 아주대학교USN 개요 - I 105
Procedures Procedures --Network leaveNetwork leave
RouterTrustCenter Device
Remove Device Command
Leave CommandLeave Command
RouterTrustCenter Leaving Device
Leave Command
Update-Device Command
김재현 / 아주대학교USN 개요 - I 106
ApplicationApplication--specificspecific
Out of band methods for key setup
Wired line(RS-232), NFC, RFID, USB, etc.
Cost/Security tradeoff for number of link keys needed
With 128KB flash / 8KB RAM / debug mode : about 6-10 link keys
Policy for expiration and update of keysy p p y
Hours or days
P li f ti d iPolicy for accepting new devices
ID/Password, MAC address filtering, etc.
김재현 / 아주대학교USN 개요 - I 107
Disadvantage/Disadvantage/Weakness in ZigBee SecurityWeakness in ZigBee Security
No MAC layer security
Due to program code size or message length limitationDue to program code size or message length limitation
Possible attacksWorm-hole attack Acknowledgement spoofing Attack which targetsWorm-hole attack, Acknowledgement spoofing, Attack which targets channel reservation, etc.
Trust center based security
Authentication, End-to-end key establishment contain communication between device and trust center
If device is far from TC, then it has too much overhead
김재현 / 아주대학교USN 개요 - I 108
Security Stack ImplementationSecurity Stack Implementation
Hardware environmentChipset : Chipcon CC2430
802.15.4 support
128KB flash memory128KB flash memory
8KB RAM
Support AES block cipher modes
Board : Aiji ZDB Ver 2.0
Software environmentIAR Embedded Workbench for MCS-51 Evaluation(C code)
Chipcon 802.15.4 packet sniffer
Implement security stack on UbiFOS(ZigBee stack of Aiji system)
김재현 / 아주대학교USN 개요 - I 109
Test EnvironmentTest Environment
Using Chipcon 802.15.4 Sniffer for CC2430
김재현 / 아주대학교USN 개요 - I 110
Test Test -- Device authentication(1Device authentication(1--hop)hop)
Direction : Device ←→ TC
Association Request →
Beacon Request →
Beacon ←q
Association Response ←
Transport-Key(Master key) ←
김재현 / 아주대학교USN 개요 - I 111
SKKE-1 ←
Test Test -- Device authentication(1Device authentication(1--hop)hop)
SKKE-2 →
SKKE-3 ←
SKKE-4 →
Transport-key(Network key) ←
김재현 / 아주대학교USN 개요 - I 112
End-Device Announcement
(broadcast)
Problem in Problem in Device Authentication Authentication ProcedureProcedure
Device authentication in Hi-security modeTC must do & complete SKKE protocol with joiner device
For multi-hop environmentpRouting some messages from TC(joiner device) to joiner device(TC)
Attacker can target this featureAttacker can target this featureRepeat authentication procedure
ibl if k d ’ h kpossible even if attacker doesn’t have master key
김재현 / 아주대학교USN 개요 - I 113
Problem in Problem in Device Authentication Authentication ProcedureProcedure
Too much Overhead
김재현 / 아주대학교USN 개요 - I 114
Possible SolutionPossible Solution
Reduce the message exchange between TC and device, and router
and device.
Reduce unnecessary network traffic from attacker
Reduce authentication time
김재현 / 아주대학교USN 개요 - I 115
Performance : Preliminary Results
Actual completion time during device authentication (for 2-hop)ZigBee 2007 r16 : about 300msgProposed : about 220ms => 26.7% Improvement
Performance Expectation(@ 250kbps, no processing delay)
Completion Time(@250kbps)
0.25
0 15
0.2
)
R16Proposed
0.1
0.15
Tim
e(s)
0
0.05
김재현 / 아주대학교USN 개요 - I 116
0 2 4 6 8 10Number of hops between Coordinator and Joiner
결론
USN 개념 및 소개USN 기본 개념USN 기본 개념
RFID 기술 및 응용
센서 네트워크 장점 및 응용센서 네트워크 장점 및 응용
USN 플랫폼 구성 요소 및 역할USN Protocol StackTechnologies for USNStandards for USN
김재현 / 아주대학교USN 개요 - I 117
참고문헌
유승화, “RFID/USN 시장 및 기술 동향”, 2004.S. Birari and S. Iyer, “PULSE : A MAC Protocol for RFID Networks”, USN2005, Dec. 2005.J. R. Cha and J. H. Kim, "Performance evaluation of EPCglobal Gen 2 protocol in wireless channel," in Proc. OPNETWORK 2006, Washington D.C, USA, Aug. 28 -Sep. 01, 2006.차재룡, 김재현, "RFID 시스템에서의 태그 수를 추정하는 ALOHA 방식 Anti-차재룡, 김재현, RFID 시스템에서의 태그 수를 추정하는 ALOHA 방식 Anticollision 알고리즘," 한국통신학회논문지, 제 30권, 9A, pp.814-821, 2005년 9월.ISO/IEC 18000-6:2003(E), Part 6: Parameters for air interface communications at 860-960 MHz, Nov. 26, 2003.Auto-ID Center, Draft Protocol Specification for a Class 0 Radio FrequencyAuto ID Center, Draft Protocol Specification for a Class 0 Radio Frequency Identification tag., 2003.Jong T. Park, "Management of Ubiquitous Sensor Network," APNOMS Tutorial, Okinawa, Japan, 2005.B Heile "Wireless Sensors and Control Networks: Enabling New Opportunities withB. Heile, Wireless Sensors and Control Networks: Enabling New Opportunities with ZigBee," ZigBee Alliance, 2006.ZigBee Alliance, ZigBee-2007 Specification: ZigBee Document 053474r16, 2007.오승환, “WiMedia UWB환경하에서 동기화 및 QoS 제공 메커니즘 연구”, 2007.
김재현 / 아주대학교USN 개요 - I 118
Back-up Slidesp
김재현 / 아주대학교USN 개요 - I 119
Wireless Personal Area Network (WPAN) basics(WPAN) basics
김재현 / 아주대학교USN 개요 - I 120
IEEE 802.15 OverviewIEEE 802.15 Overview
802.15.1 802.15.3 WiMedia 802.15.4ObjectivesObjectives Bluetooth High Rate UWB Low Rate/Zigbee
Frequency Frequency bandband 2.4~2.4835Ghz 2.4GHz 3.1GHz~10.6GHz 868/915MHz
2 4GHzbandband 2.4GHz
MACMACFH/TDD79 Ch,
1600hop/sec
CSMA/CA,S-Aloha,
TDMA
CSMA/CATDMA
TopologyTopology Piconet,Scatternet
Piconet,Child piconet,
Neighbor piconet
Peer2Peer Star,Peer2peer
Data RateData Rate < 3Mbps(sync.)< 723Kbps(Async.) < 55Mbps 53.3Mbps
~480Mbps 20k~250kbps
QPSK, DQPSK, 16/32/64 QAM BPSK(868/915M
ModulationModulation GFSK 16/32/64-QAM (11,22,33,44,55
Mbps)QPSK, DCM
(Hz)
O-QPSK(2.4GHz)
RangeRange 1m(1mW)100m(100mW) 5~10m 10~20m
김재현 / 아주대학교USN 개요 - I 121
100m(100mW)
Major Major VenderVender
Nokia,Sony,
Ericsson
Xtremespectrum,
Timedomain
HP, Intel, Microsoft, Samsung
Philips, Motorola
IEEE 802.15.1 OverviewIEEE 802.15.1 Overview
ConceptShort Range, Low Power, Low Cost
Class Maximum Permitted Power Range
Class 1 100 mW (20 dBm) ~ 100 m
Class 2 2 5 mW (4 dBm) 10 m
Can be used for
Class 2 2.5 mW (4 dBm) ~ 10 m
Class 3 1 mW (0 dBm) ~ 1 m
Data (max 753 kbps) / Voice(3.64kbps) Access Appliance Cable replacementPersonal Ad-Hoc Connectivityy
Standard (Bluetooth SIG and IEEE802.15.1)1999 : Version 1.0b2001 : Version 1 1 (1Mbps)2001 : Version 1.1 (1Mbps)2004 : Version 2.0 (3Mbps)2007 : Version 2.1 (3Mbps)
T l
김재현 / 아주대학교USN 개요 - I 122
Topology Piconet, Scatternet
Examples of 802.15.1 ApplicationExamples of 802.15.1 Application
Make calls from a wireless headset connected remotely to a cell phonea cell phone.Eliminate cables linking computers to printers, keyboards and the mousekeyboards, and the mouse.Hook up MP3 players wirelessly to other machines to do nload m sicdownload music.Set up home networks so that a couch potato can
t l it i diti i th dremotely monitor air conditioning, the oven, and childrens’ Internet surfing.C ll h f t l ti t t liCall home from a remote location to turn appliances on and off, set the alarm, and monitor activity.
김재현 / 아주대학교USN 개요 - I 123
Channel AllocationChannel Allocation
TDD/Single slot
M lti l t ll tiMulti-slot allocation
김재현 / 아주대학교USN 개요 - I 124
Service Profile and Protocol StackService Profile and Protocol Stack
Appropriate protocol stack for service profilesExample :Example :
UDP TCP
OBEXvCard/vCal
WAPWAE
AT TCS
Dial Up Networking
FAX Profile
Headset profile
PPP
IPUDP TCP AT-
CommandsTCS BIN SDP
LMPL2CAP
RFCOMM
Audio Stream
Radio
BaseBand SCOACL
LMP
- LMP : Link Manager Protocol - HCI :Host Control Interface - SDP : Service Discovery Protocol L2CAP : Logical Link Control and Adaptation Protocol TCS : Telephony Control protocol Spec
김재현 / 아주대학교USN 개요 - I 125
- L2CAP : Logical Link Control and Adaptation Protocol - TCS : Telephony Control protocol Spec. - SCO Synchronous Connection Oriented Link - ACL: Asynchronous Connectionless Link - OBEX OBject EXchange protocol - WAE : WAP Application Environment
Explanation of Protocol Stack(1)Explanation of Protocol Stack(1)
IEEE 802.15.1 consist of core protocols, cable replacement and telephony control protocols, and adopted protocols.Core protocols
RadioSpecify details of the air interface, including frequency, the user of frequency hopping, modulation scheme, and transmit power
BasebandC d ith ti t bli h t ithi i t dd iConcerned with connection establishment within a piconet, addressing, packet format, timing, and power control
LMPResponsible for link setup between Bluetooth devices and ongoing linkResponsible for link setup between Bluetooth devices and ongoing link management. This includes security aspects such as authentication and encryption, plus the control and negotiation of baseband packet sizes.
L2CAPAd t l t l t th b b d l L2CAP idAdapt upper-layer protocols to the baseband layer. L2CAP provides both connectionless and connection-oriented services.
SDPDevice information, services, and the characteristics of the services can
김재현 / 아주대학교USN 개요 - I 126
, ,be queried to enable the establishment of a connection between two or more Bluetooth devices.
Explanation of Protocol Stack(2)Explanation of Protocol Stack(2)
Cable Replacement ProtocolRFCOMMRFCOMM
Present a virtual serial port that is designed to make replacement of cable technologies as transparent as possible.
Telephony Control ProtocolTelephony Control ProtocolTCS BIN
A bit-oriented protocol that defines the call control signaling for the t bli h t f h d d t ll b t Bl t th d iestablishment of speech and data calls between Bluetooth devices.
Adopted ProtocolsDefined in specifications issued by other standards-makingDefined in specifications issued by other standards making organizations and incorporated
PPP, TCP/UDP/IPOBEXOBEX
A session-level protocolProvides functionality similar to that of HTTP, but in a simpler fashion
WAE/WAP
김재현 / 아주대학교USN 개요 - I 127
Application environment and protocol
Topology
S tt t
PiconetStandby state Scatter netStandby stateMasterPark stateSlave
Active stateS iff t tSniff stateHold state
ScatternetScatternet
Stand by
Parked
Master
Slave
김재현 / 아주대학교USN 개요 - I 128
IEEE 802.15.2 OverviewIEEE 802.15.2 Overview
ObjectiveDevelop coexistence model for 802 11 and BluetoothDevelop coexistence model for 802.11 and Bluetooth
Coexistence MechanismCollaborative Coexistence MechanismsCollaborative Coexistence Mechanisms
AWMA (Alternative Wireless Medium Access)PTA (Packet Traffic Arbitration)
Non Collaborative Coexistence MechanismsAdaptive Frequency Hopping Adaptive Packet Selection and SchedulingAdaptive Packet Selection and SchedulingTransmission Power Control/Rate Scaling
김재현 / 아주대학교USN 개요 - I 129
Collaborative Coexistence Mechanisms
CollaborativeCoexistence802 11 Device 802 15 1 DeviceCoexistenceMechanism
802.11 Device 802.15.1 Device
AWMAMedium FreeGeneration
Medium Free
802.11MAC
802.15.1Link ManagerStatus Status
Generation
PTAControlTx Confirm Tx Confirm
Tx RequestTx Request
802.11 PLCP 802.15.1
(status) (status)
+ PHY Baseband
김재현 / 아주대학교USN 개요 - I 130
IEEE 802.15.3 IEEE 802.15.3 (High Rate)(High Rate) OverviewOverview
ObjectiveLow complexity Low cost Low power Short Range QoS Capable PeerLow complexity, Low cost, Low power, Short Range, QoS Capable, Peer to peer communication, High data rate (> 20Mbps)
PHY 2.4GHz 5 Channels
MAC FunctionalityF t C ti TiFast Connection Time Ad hoc Network QoS supportSecurity Dynamic MembershipEfficient data transferEfficient data transfer
Topology Piconet, Child piconet, Neighbor piconet
김재현 / 아주대학교USN 개요 - I 131
, p , g pPiconet Coordinator (PNC), Device (DEV)
Examples of 802.15.3 ApplicationExamples of 802.15.3 Application
Connecting digital still cameras to printers or kiosksLaptop to projector connectionLaptop to projector connectionConnecting a personal digital assistant (PDA) to a camera or PDA to a printercamera or PDA to a printerSpeakers in a 5:1 surround-sound system connecting to the receiverthe receiverVideo distribution from a set-top box or cable modemSending music from a CD or MP3 players to headphonesSending music from a CD or MP3 players to headphones or speakersVideo camera display on televisionp yRemote view finders for video or digital still cameras
김재현 / 아주대학교USN 개요 - I 132
802.15.3 PHY802.15.3 PHY
2.4 GHz PHY now as PHY part of 802.15.3Channel AllocationChannel Allocation
CHNL_ID Center frequency High-density 802.11b coexistence
1 2 412 GH X X1 2.412 GHz X X2 2.428 GHz X3 2.437 GHz X4 2 445 GH X
Modulation with Trellis Coded Modulation (TCM)
4 2.445 GHz X5 2.462 GHz X X
Modulation with Trellis Coded Modulation (TCM)
Modulation Data RateQPSK 11 MbpsQ p
DQPSK (Basic) 22 Mbps16-QAM 33 Mbps32-QAM 44 Mbps
김재현 / 아주대학교USN 개요 - I 133
Q p64-QAM 55 Mbps
Qualities of the 802.15.3 MAC
Coordinator (PNC) – Device (DEV) topologyPNC assigns time for connectionsPNC assigns time for connectionsCommands go to and come from the PNC.
Communication is peer-to-peerCommunication is peer to peerQuality of Service
TDMA architecture with guaranteed time slots (GTSs)g ( )
Security and Authentication
김재현 / 아주대학교USN 개요 - I 134
MAC Frame FormatMAC Frame Format
Easy Connection and Disconnection AuthenticationAuthenticationAddressingSecurity-Key settingBootstrap
Any DEV can be PNCPower save mode MAC frame is in Superframe
MAC Header
Non SecureSecure
MAC frame bodyMAC frame body
1
Stream index
3
Fragmentation control
1 1 2
SrcID
DestID
PNID
2
Frame
control
MAC Header
0 ~ 4 Ln
FCS Frame payload
MAC frame body
0 ~ 4
FCS
8
Integrity Code
Ln
Security Payload
2
SFC
2
SECID
MAC frame body
김재현 / 아주대학교USN 개요 - I 135
1 3 1 1 2 2 0 4 Ln0 4 8 Ln 2 2
- SrcID : Source ID – DestID : Destination ID – PNID: Piconet ID - SFC : Secure Frame Count - SEC ID : Security ID
Superframe StructureSuperframe Structure
Super frame #m-1 Super frame #m Super frame #m+1
Beacon #m CAP Asynchronous Isochronous Asynchronous Isochronous
CFP (Contention Free Period)
Beacon #
Contention Access GTS GTS GTS GTS
CFP (Contention Free Period)#m Access
Period MTS1 MTS2 GTS1
GTS2 … GTS
n-1GTS
n
1 000 65 535μs1,000 ~ 65,535μs
CSMA/CAData/Control
S-ALOHAData/Control
TDMAData
김재현 / 아주대학교USN 개요 - I 136
- MTS : Management Time Slots - GTS : Guaranteed Time Slots
Access methodsAccess methods
BeaconTDMA only sent by the PNCTDMA, only sent by the PNC
CAPCSMA/CA, types of data and commands can be restricted byCSMA/CA, types of data and commands can be restricted by PNCPNC can replace the CAP with management time slots (MTSs)
i l tt d l husing slotted-aloha access.
CFPTDMA assigned by the PNCTDMA, assigned by the PNCGTSs are unidirectional
김재현 / 아주대학교USN 개요 - I 137
Types of GTSTypes of GTS
GTS may have different persistenceDynamic GTS: position in superframe may change fromDynamic GTS: position in superframe may change from superframe to superframePseudo-static GTS: PNC may change position, but needs to communicate and confirm with both DEVs
MTSU d f PNC/DEV i tiUsed for PNC/DEV communicationMay be used to substitute for CAP
김재현 / 아주대학교USN 개요 - I 138
Topology
Independent piconet: PNC and DEVDependent piconetDependent piconet
Child piconet : # DEV > 255, extended area, Communication with PNC or DEV in parent piconetp pNeighbor piconet : when no available channel in parent piconet, communication with PNC or DEV in neighbor piconet
Reserved time Bea CAP GTS GTS GTS
CFPReserved time
BeaconContention
Access Period GTS 1 GTS 2 … GTS n
CFPBeacon
Reserved time conCAP GTS
1GTS
2 …GTS
nReserved time
DEV1 C-
C
DEV2
CDEV
1
CP
김재현 / 아주대학교USN 개요 - I 139
C-PNC
C-DEV2
P-PNC
PNC selection/handoverPNC selection/handover
Alternate coordinators (ACs) broadcast capabilitiesBased on criteria “best” AC is chosen and becomes theBased on criteria, “best” AC is chosen and becomes the PNCPNC begins to issue beaconPNC begins to issue beaconPNC hands over task if more “capable” AC joins the piconetpiconet
Exception only if security policy is verified
김재현 / 아주대학교USN 개요 - I 140
Joining/transferring dataJoining/transferring data
DEV joins with association commandPNC allows based on resourcesPNC allows based on resourcesDEV authenticates (if required)DEV ithDEV can either
Send data in CAP (if allowed)Request GTS for specific connectionRequest GTS for specific connection
GTSs may be either Stream data: connection has QoS requirementsQ qNon-stream: connection has no QoS requirements
김재현 / 아주대학교USN 개요 - I 141
Wimedia Alliance (UWB)Wimedia Alliance (UWB)
‘06년 1월 IEEE 802.15.3a 활동 중단MBOA와 DS CDMA 대립 때문MBOA와 DS-CDMA 대립 때문
Wimedia Alliance와 UWB forum으로 양분, 독자 표준 추진 중
Wimedia Alliance develop, maintain, enhance andWimedia Alliance develop, maintain, enhance and reference technical specifications including:
PHY and MACConvergence architecture to provide coexistence and fairness including support for multiple applications (e.g., Wireless USB, Wireless 1394 FireWire, bluetooth, IP, etc.)Wireless 1394 FireWire, bluetooth, IP, etc.)A protocol adaptation layer for the Internet ProtocolIP-based application profiles
김재현 / 아주대학교USN 개요 - I 142
MultiMulti--band OFDM Alliance (MBOA)band OFDM Alliance (MBOA)
Multi-band OFDM PHYThe overall 7 5GHz frequency bandwidth of UWB is divided intoThe overall 7.5GHz frequency bandwidth of UWB is divided into 14 bands, with each having a bandwidth of 528MHz. In each 528MHz band, 100 out of 128 sub-carriers are used for data transmission
< Band group allocation of MBOA PHY on the UWB >
김재현 / 아주대학교USN 개요 - I 143
Band group allocation of MBOA PHY on the UWB
WiMedia MACWiMedia MAC
UWB MAC Superframe Structure256 medium access slots (MASs)256 medium access slots (MASs)Beacon Period (BP)Data Transfer Period (DTP)Prioritized Contention Access (PCA) and Distributed Reservation Protocol (DRP)
김재현 / 아주대학교USN 개요 - I 144
Prioritized Contention Access (PCA)
TXOP Limit
TXOP foreshorten
Tx
CW DataBurst & Burst ACK (B-ACK)
MIFS SIFSAIFS Slot Time
Tx
Rx
DRP beagin
Priority AC CW_min CW_max TXOP-limit
AIFSN PHY Parameter Value
pMIFSTime 6 * TSUM = 1 875 us
PCA QoS Parameters Supported in MBOA MAC Interframe Spaces(IFS) defined for MBOA
1 AC_BK 15 1023 1 frame 7
2 AC_BK 15 1023 1 frame 7
0 AC_BE 15 1023 1 frame 4
3 AC BE 15 1023 1 f 4
pMIFSTime 6 TSUM 1.875 us
pSIFSTime 32 * TYSM = 10 us
pCCADetectTime 15 * TSYM = 5.625 us
pSlotTime 8 us3 AC_BE 15 1023 1 frame 4
4 AC_VI 7 511 1024 us 2
5 AC_VI 7 511 1024 us 2
6 AC_VO 3 255 256 us 1
김재현 / 아주대학교USN 개요 - I 145
7 AC_VO 3 255 256 us 1
Distributed Reservation Protocol (DRP)
The contention free DRP channel accessCoordinated by information carried by the beaconsCoordinated by information carried by the beacons
Soft DRPHard DRPBPST
MAS AIFSB Sl MAS
SIFS MIFS SIFSBackoff
slot
AIFSBeacon Slot
김재현 / 아주대학교USN 개요 - I 146
Merge of multiple BPs
Overlapping BPsWhen the BPST of a device falls within an alien BPWhen the BPST of a device falls within an alien BP
After receiving Alien BeaconChange own BPST to the BPST of Alien BPSelect own the beacon slot used in Alien BP
김재현 / 아주대학교USN 개요 - I 147
Merge of multiple BPs
Non-overlapping BPsWhen a device detects an alien BP that not overlap in time withWhen a device detects an alien BP that not overlap in time with its own BP
Detect Alien BP DRP reservation with reservation type of alien BPReceive alien beacon, then calculate own new BPST
김재현 / 아주대학교USN 개요 - I 148