Recent work in wireless embedded networked systems has followed heterogeneous designs, incorporating a mixture of elements from extremely constrained 8- or 16-bit “Motes ” to less resourceconstrained 32-bit embedded “Microservers.” Emstar is a software environment for developing and deploying complex applications on such heterogeneous networks. Emstar is designed to leverage the additional resources of Microservers by trading off some performance for system robustness in sensor network applications. It enables fault isolation, fault tolerance, system visiblity, in-field debugging, and resource sharing across multiple applications. In order to accomplish these objectives, Emstar is designed to run as a multiprocess system and consists of libraries that implement message-passing IPC primitives, services that support networking, sensing, and time synchronization, and tools that support simulation, emulation, and visualization of live systems, both real and simulated. We evaluate this work by discussing the Acoustic ENSBox, a platform for distributed acoustic sensing that we built using Emstar. We show that by leveraging existing Emstar services, we are able to significantly reduce development time This work was made possible with support from The Center for Embedded Networked Sensing (CENS) under the NSF Cooperative Agreement CCR-0120778, and the UC MICRO program (grant

The traditional approach of providing network security has been to borrow tools from cryptography and authentication. However, we argue that the conventional view of security based on cryptography alone is not sufficient for the unique characteristics and novel misbehaviors encountered in sensor networks. Fundamental to this is the observation that cryptography cannot prevent malicious or non-malicious insertion of data from internal adversaries or faulty nodes. We believe that in general tools from different domains such as economics, statistics and data analysis will have to be combined with cryptography for the development of trustworthy sensor networks. Following this approach, we propose a reputation-based framework for sensor networks where nodes maintain reputation for other nodes and use it to evaluate their trustworthiness. We will show that this framework provides a scalable, diverse and a generalized approach for countering all types of misbehavior resulting from malicious and faulty nodes. We are currently developing a system within this framework where we employ a Bayesian formulation, specifically a beta reputation system, for reputation representation, updates and integration. We will explain the reasoning behind our design choices, analyzing their pros & cons. We conclude the paper by verifying the efficacy of this system through some preliminary simulation results.

In this paper, we analyze attacks on existing time synchronization protocols for wireless sensor networks. We propose a secure time synchronization toolbox to counter these attacks. This toolbox includes protocols for secure pairwise and group synchronization of nodes that lie in each other’s power ranges and of nodes that are separated by multiple hops. We provide an in-depth analysis of security and energy overhead of the proposed protocols.

to facilitate research on networked sensing applications at scale. Kansei embodies a unique combination of characteristics as a result of its design focus on sensing and scaling: (i) Heterogeneous hardware infrastructure with dedicated node resources for local computation, storage, data exfiltration and back-channel communication, to support complex experimentation. (ii) Time accurate hybrid simulation engine for simulating substantially larger arrays using testbed hardware resources. (iii) High fidelity sensor data generation and real-time data and event injection. (iv) Software components and associated job control language to support complex multi-tier experiments utilizing real hardware resources and data generation and simulation engines. In this paper, we present the elements of Kansei testbed architecture, including its hardware and software platforms as well as its hybrid simulation and sensor data generation engines. I.

Energy consumption is a crucial characteristic of sensor networks and their applications as sensor nodes are commonly battery-driven. Although recent research focuses strongly on energy-aware applications and operating systems, energy consumption is still a limiting factor. Once sensor nodes are deployed, it is challenging and sometimes even impossible to change batteries. As a result, erroneous lifetime prediction causes high costs and may render a sensor network useless before its purpose is fulfilled. In this paper, we present AEON (Accurate Prediction of Power Consumption), a novel evaluation tool to quantitatively predict energy consumption of sensor nodes and whole sensor networks. Our energy model, based on measurements of node current draw and the execution of real code, enables accurate prediction of the actual energy consumption of sensor nodes. Consequently, it prevents erroneous assumptions on node and network lifetime. Moreover, our detailed energy model allows to compare different low power and energy aware approaches in terms of energy efficiency. Thus, it enables a highly precise estimation of the overall lifetime of a sensor network.

The development of a reliable large-scale wireless sensor networks (WSNs) is very difficult because of their stringent resource constraints, harsh energy budget, and demanding application requirements. We identify that three OS features – OS protection, virtual memory, and preemptive scheduling – will significantly improve the reliability of WSN systems and facilitate developing complex WSN software. However, due to the limitation of hardware, it is impossible to implement these features with traditional OS design techniques. To solve this problem, we design a new OS kernel, the tkernel, to perform extensive load-time code modification and enhance the system abstraction visible to programmers. After the modification, the application and OS work in a collaborative way supporting the aforementioned features. Having implemented the t-kernel on MICA2 motes with an 8-bit processor and 4KB RAM, we evaluate its performance by measuring the overhead and execution speed. We analyze the CPU utilization in sensor network applications, and verify that, though CPU-bound computation tasks may slow down 0.5–4 times, the performance of applications under typical workloads does not degrade. The t-kernel significantly enhances developers ’ ability to design sophisticated applications and protects WSNs from accidental programming errors. To the authors ’ best knowledge, the t-kernel is unique in the follow ways: it performs efficient binary translation on highly resource constrained sensor nodes with only 4KB RAM, it provides software based virtual memory without repeatedly writable swapping devices, and it protects OS from application error without memory protection or privileged execution hardware. 1

Harvard architecture CPU design is common in the embedded world. Examples of Harvard-based architecture devices are the Mica family of wireless sensors. Mica motes have limited memory and can process only very small packets. Stack-based buffer overflow techniques that inject code into the stack and then execute it are therefore not applicable. It has been a common belief that code injection is impossible on Harvard architectures. This paper presents a remote code injection attack for Mica sensors. We show how to exploit program vulnerabilities to permanently inject any piece of code into the program memory of an Atmel AVR-based sensor. To our knowledge, this is the first result that presents a code injection technique for such devices. Previous work only succeeded in injecting data or performing transient attacks. Injecting permanent code is more powerful since the attacker can gain full control of the target sensor. We also show that this attack can be used to inject a worm that can propagate through the wireless sensor network and possibly create a sensor botnet. Our attack combines different techniques such as return oriented programming and fake stack injection. We present implementation details and suggest some counter-measures.

Effective debugging usually involves watching program state to diagnose bugs. When debugging sensor network applications, this approach is often time-consuming and errorprone, not only because of the lack of visibility into system state, but also because of the difficulty to watch the right variables at the right time. In this paper, we present declarative tracepoints, a debugging system that allows the user to insert a group of action-associated checkpoints, or tracepoints, to applications being debugged at runtime. Tracepoints do not require modifying application source code. Instead, they are written in a declarative, SQL-like language called TraceSQL independently. By triggering the associated actions when these checkpoints are reached, this system automates the debugging process by removing the human from the loop. We show that declarative tracepoints are able to express the core functionality of a range of previously isolated debugging techniques, such as EnviroLog, NodeMD, Sympathy, and StackGuard. We describe the design and implementation of the declarative tracepoints system, evaluate its overhead in terms of CPU slowdown, illustrate its expressiveness through the aforementioned debugging techniques, and finally demonstrate that it can be used to detect real bugs using case studies of three bugs based on the development of the LiteOS operating system.

Reliable sensor network software is difficult to create: applications are concurrent and distributed, hardware-based memory protection is unavailable, and severe resource constraints necessitate the use of unsafe, low-level languages. Our work improves this situation by providing efficient memory and type safety for TinyOS 2 applications running on the Mica2, MicaZ, and TelosB platforms. Safe execution ensures that array and pointer errors are caught before they can corrupt RAM. Our contributions include showing that aggressive optimizations can make safe execution practical in terms of resource usage; developing a technique for efficiently enforcing safety under interrupt-driven concurrency; extending the nesC language and compiler to support safety annotations; finding previously unknown bugs in TinyOS; and, finally, showing that safety can be exploited to increase the availability of sensor networks applications even when memory errors are left unfixed. Categories and Subject Descriptors C.3 [Special-Purpose and Application-Based Systems]: real-time and embedded systems; C.4 [Performance of Systems]:

We investigate how to efficiently and accurately simulate wireless packet delivery. Starting from recent experimental results that have quantified signal-to-noise ratio (SNR) curves, temporal variations in propagation strength, and the effects of hardware variations, we model packet delivery using SNR. We experimentally measure noise in many different environments and propose three algorithms to simulate noise from these traces. We evaluate these algorithms in comparison to existing simulation approaches used in EmStar, TOSSIM, and ns-2 using the Kantorovich-Wasserstein distance on conditional packet delivery functions. We demonstrate that using a closest-fit pattern matching (CPM) noise model can capture complex temporal dynamics which existing approaches do not, increasing packet simulation fidelity by a factor of 2 for good links and a factor of 3 for intermediate links. Furthermore, as our models are generated from real-world traces, they are not bound to specific environments and can be easily applied to new ones. 1.