1 / 68

Internet Connection with Wireless Sensor Networks

Internet Connection with Wireless Sensor Networks Lixia Zhang The Croucher Foundation Advanced Study Institute Wireless Sensor Networks December 6, 2006 Disclaimer Personal view Sharing my own experience from 25 years with TCP/IP development PHTYMH

liam
Télécharger la présentation

Internet Connection with Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Connection with Wireless Sensor Networks Lixia Zhang The Croucher Foundation Advanced Study Institute Wireless Sensor Networks December 6, 2006

  2. Disclaimer • Personal view • Sharing my own experience from 25 years with TCP/IP development • PHTYMH Potentially harmful to your mental health ASI

  3. Waves of research efforts • A new direction is proposed • Center of research gravity shifted • Many efforts devoted to the new topic • And . . . • Are we pushing the frontier of science, engineering, or technology? ASI

  4. Why talking the connection between Internet and sensor networking ? • Understand what we have learned • How our past result may guide our future effort ASI

  5. What is the "connection" ? Between the Internet and wireless sensor networks? • Sensors will be connected to the Internet! ASI

  6. But the most important connection The similarities between the two • Sensor networks: a new technology emerging on the horizon today • That's where the Internet was 30 years ago • Today's Internet: a global scale communication infrastructure • Sensor networking: Expected to succeed as the Internet has • and growing into large-scale deployment ASI

  7. Why multi-scale distributed sensor-networking will transform ecology Radioastronomy Computing Field ecology Supercomputers Single Telescopes Individual observations … because it has done so over and over again Very Large Array Internet NEON D. Estrin, keyntote@3rd IMUA Conf

  8. The second similarity • Both are man-built artifacts • A fundamental question: Have we mastered the principles for designing successful large-scale distributed systems? • Where to find these principles? ASI

  9. Here's what a famous scientist had to say • "The principle of science, the definition, almost, is the following: the test of all knowledge is experiment. Experiment is the sole judge of scientific 'truth'. " ASI

  10. "But what is the source of knowledge? Where do the laws that are to be tested come from? • Experiment, itself, helps to produce these laws, in the sense that it gives us hints." ASI

  11. The best way to find/learn the design principles • Is to build a sensor network • then one can learn from the successes, and more importantly from the lessons • We do not have to start from a blank sheet of paper • The Internet: real-world example of the largest system human ever built • Learn from a critical examination of the successes and lessons of the Internet ASI

  12. Programs H/W-/W Platforms /Publications LWIM Paper (ACM ISLPED) DARPA DSN Under-sea Networks Ubiquitous Computing Distributed Tracking Robotic Ecology (DARPA ISAT 1999) DARPA LWIM LWIM-III (UCLA) SmartDust, Diffusion (MobiCom 1999) DARPA AWAIRS TinyOS (OSDI 2000) WINS(UCLA/ROckwell) Embedded Everywhere (NRC Report 2001) DARPA SensIT MICA(Berkeley) ACM SenSys and ACM/IEEE IPSN DARPA PACC MICA2(Berkeley/Crossbow) NSF CENS STC ACM TOSN DARPA NEST NSF CASA ERC HelioMote Telos NSF NeTS-NOSS Cyclops NSF Cyber Physical Systems? Illumimote LEAP A Walk Through History 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 D. Estrin, keyntote@3rd IMUA Conf

  13. Brief History of the Internet • 1968 - DARPA (Defense Advanced Research Projects Agency) contracts with BBN (Bolt, Beranek & Newman) to create ARPAnet • 1970 - First five nodes: • UCLA • Stanford • UC Santa Barbara • U of Utah, and • BBN • 1974 - TCP specification by Vint Cerf • 1984 – On January 1, the Internet with its 1000 hosts converts en masse to using TCP/IP for its messaging from William F. Slater, III Chicago Chapter of the Internet Society ASI

  14. aren't there big enough differences Between Internet and sensor networking • That would make the Internet experience irrelevant? e.g. • Wireless bandwidth is intrinsically limited • But see the progress in WiFi speed over the last few years • "a fundamental challenge in wireless sensors is the energy problem" ASI

  15. ASI

  16. The fundamental challenge • Lies on discovering the principles for large scale systems • Technologies can, and will, be moving forward to meet whatever the market needs ASI

  17. Network Design in Practice • The initial packet switchted network design and validation were done while the system was small • Focus: solving the functional problems to get the system up and running • TCP/IP: delivering packets across networks made of different networking technologies • Early experiments necessarily done in a small setting that can be understood and controlled • ARPAnet started with a few nodes, then grew to dozens of nodes. ASI

  18. Scalability Consideration during the design phase: • Designs explicitly assumes that the network would grow large • Larger number of nodes getting connected • Larger number of route table entries; • Larger volume of data traffic • More types of new applications • And with different performance requirements ASI

  19. Internet scaling up • A success design in enabling growth to large-scale. • The Internet now faces new challenges resulted from its growth • Many new (unforeseen) problems popped up from practice • Many open challenges • Take a look at a real large scale distributed network ASI

  20. The Internet as a Large System • Expected impact of larger size • More users • Larger traffic volume • Bigger routing tables • Wider range of heterogeneity in networking technology the Internet has grown both in size and in importance ASI

  21. 1. Growing Large Includes:Changes in User Community • Small-scale: a close-nit, friendly research community • Large-scale open system: facing brutal real world • Expected user population growth • Unexpected changes in types of users: diverse interest • Millions of users contribute and gain from the Internet • Spammers, phishing, DDoS ASI

  22. Dangerous Financial Phish Phishing ASI

  23. DDoS Example: ASI

  24. could sensors possibly be abused? • In day-1 of Internet, no one thought it could possibly be abused either • What bad things can be done to sensor networking? • Military applications? • Terrorists? • Bottom line: When sensor networks start providing valuable services to some people, there will be some others who have a different interest ASI

  25. Small, knowledgeable, close-knit research community 2. Growing Large Includes:Changes in Operational Community • Small-scale: knowledgeable operators committed to growth and promotion of system • Collaboration toward the common goal. • Large-scale: diverse operators with competing agendas • Highly diverse levels of expertise • Competition instead of collaboration  Large operator community with different degrees of expertise ASI

  26. Operational Errors: an example • Operational errors have been the cause of most major outages so far • One common configuration error: route leak-out Global Internet regional ISP ASI

  27. A few route leak-out cases • Apr. 25, 1997 At 11:30 am EST, a router in AS7007 accidentally advertised to its peers 73,000+ routes. A large number of networks became unreachable as a result. This incident was partly aggravated by some BGP implementations’ inability to remove the false routes; even after AS7007 disconnected their router, the false routes still persisted for at least seven hours • Apr. 7, 1998 AS8584 announced over 11,000 prefixes belonging to other networks …… • Apr. 7, 1999 AS7374 leaked many routes via the Internet exchange point CIX (AS1280). It appears to be announcing routes for most of the Internet ... • Apr. 6, 2001 Cable and Wireless (AS3561) had a configuration error that caused it to propagate route announcements from a downstream customer AS15412…. • ........ • December 2004 AS9121 announced routes to almost all the Internet destinations, successfully hijacked a large number of prefixes hosted by tier-1 ISPs such as ATT and UUNET ASI

  28. Persistent existence "Understanding BGP Misconfiguration", SIGCOMM 2002 ASI

  29. foo.com. NS ns1.foo.com. foo.com. NS ns2.foo.com. foo.com. NS ns3.foo.com. ns1.foo.com. A 1.1.1.1 ns2.foo.com. A 2.2.2.2 ns3.foo.com. A 3.3.3.3 foo.com. NS ns1.foo.com. foo.com. NS ns2.foo.com. foo.com. NS ns3.foo.com. ns1.foo.com. A 1.1.1.1 ns2.foo.com. A 2.2.2.2 ns3.foo.com. A 3.3.3.3 Another example: DNS misconfiguration DNS stores all data in Resource Records (RR) • NS Resource Record: • Provides the names of a zone’s authoritative servers • Stored both at the parent and at the child zone com • A Resource Record • Associated with a NS resource record • Stored at the parent zone (glue A record) foo.com ASI

  30. Common config. error: Lame Delegation foo.com. NS A.foo.com. foo.com. NS B.foo.com. A.foo.com. A 1.1.1.1 B.foo.com. A 2.2.2.2 com 1) Non-existing server foo 2) Non-authoritative 3) Useless referral A.foo.com B.foo.com ASI

  31. Lame Delegation: how bad is it? ASI

  32. Internet Microsoft DNS servers Major incidents due to config. errors “Microsoft's websites were offline for up to 23 hours -- the most dramatic snafu to date on the Internet --because of an equipment misconfiguration” -- Wired News, Jan 2001 ASI

  33. 3. Growing Large Includes: unforeseen protocol impl. consequence • We are not talking about implementation bugs here • Though it is a serious problem • i.e. all the viruses/worms resulted from exploitation of bugs (in either OS or applications) • The problem: protocol implementors do not understand the consequence of specific protocol implementation decisions ASI

  34. Benign implementation  security threat • In spring'03 U. Wisc experienced sudden increase in incoming traffic: potential DDoS? • Notified the ISP and blocked the attack traffic • The traffic did not stopped ASI

  35. The culprit ASI

  36. What happened? • Several popular Netgear products "relied on a separate NTP-based time source to set the current date and time, as it did not have an internal battery and clock. The product is hard-coded with specific NTP time sources that are accessible through the public Internet." • "The Candidate Firewall Product met all the criteria elements in the Baseline and Residential modules and therefore has attained ICSA Labs Firewall Certification." These home routers: send 1 NTP query per second! ASI

  37. ISP 4. Growing Large Includes: unforeseen protocol design consequence • In designing a protocol: exactly what information should/not be carried in the protocol message? • One common view: the more the better • One design case: BGP aggregator attribute 1.2.3.0/24 Aggr=R1 R3 R1 1.2.3.0/25 R2 1.2.3.128/25 ASI

  38. AS Path= <568>,AG=R1 AS Path= <209, 268>, R1 AS Path= <568>,AG=R2 AS Path= <209,568>, R2 subtle design issues show up at worst time • R1 and R2 connect to the upstream ISP. • AS X: local decision to prefer R1 or R2 as entry point. • AGG value differs depending on choice of R1 or R2. • During a worm attack: wild route fluctuationglobal flood of updates AS209 R1 R2 We are here Local instability  global overhead ASI

  39. 5. Growing Large Includes: unforeseen component behaviors • Routing protocols are designed with quick reactions to all topological changes • Unforeseen: started seeing small number of unstable edge networks • Inevitable in large scale • Global impact C Internet D A B X Y E ASI

  40. Let's fix it: BGP Damping Design • Use penalty to track route instability • Increase upon receiving an update • Otherwise decay exponentially • Suppress the route if penalty is over the cutoff threshold • Reuse when the penalty drops below the reuse threshold ASI

  41. Expected BGP Damping Behavior C Internet D damped … A B X Y E C Internet D  A B X Y E ASI

  42. "Route Flap Damping Exacerbates Internet Routing Convergence" • "We analyze a previously not well-studied interaction between BGP's route withdrawal process and its route flap damping mechanism for ensuring the overall stability of the Internet routing system. • "This interaction can, depending upon the topology, suppress up to one hour the propagation of a route that has been withdrawn once and re-announced." ASI

  43. C Internet D A  BA XBA A B another flap! X Y E 6. Growing Large Includes: unforeseen dynamics in large scale C Internet XCBA D XDBA W XEBA W XDCBA … W A B damped! X Y E ASI

  44. Secondary Charge Path exploration Secondary charging ASI

  45. 7. Growing Large Includes:Growth in value and importance! • Value and importance of the Internet attract malicious attacks • There exists an underground economy that is driving all the bad traffic in the Internet today • Using our network, our technology to attack us • This was not expected • Thus the original Internet protocol design and implementation were vulnerable in face of these attacks ASI

  46. www.google.com ? Answer: www.google.com A 4.4.4.10 Authority: google.com NS ns.google.com Additional: ns.google.com A 4.4.4.1 www.google.com = 4.4.4.10 8. Growing Large Includes:Trust Exploited By Attackers Original DNS design: information piggybacking  performance improvement Google DNS server UCLA Caching Server Query www.google.com UCLA Laptop ASI

  47. www.google.com = 128.9.128.127 Query www.google.com DNS cache poisoning byattracting servers to bad place Response www.attacker.com A 128.9.128.127 attacker.com NS ns.attacker.com attacker.com NS www.google.com ns.attacker.com A 128.9.128.2 www.google.com A 128.9.128.127 UCLA Caching Server attacker.com DNS server Query www.attacker.com UCLA Laptop Remote attacker ASI

  48. www.google.com ? answer Answer: www.google.com A 128.9.128.127 Authority: google.com NS ns.google.com Additional: ns.google.com A 128.9.128.2 www.google.com = 128.9.128.127 www.google.com? Query www.google.com DNS cache poisoning by Exploiting weakness in protocol design google.com NS ns.google.com ns.google.com A 4.4.4.1 128.9.128.2 www.google.com A 128.9.128.127 Google DNS server UCLA Caching Server UCLA Laptop ASI

  49. Putting the Problems in Context • The above is only a small sample set of observed problems due to growing large • The original protocol design/implementation enabled Internet growth to large scale, but are not well suited to maintain it at large scale ASI

More Related