8 research outputs found
Towards high-throughput and robust rate adaptation for backscatter networks
Recently backscatter networks have received booming interest because, they offer a battery-free communication paradigm using propagation radio waves as opposed to active radios while providing comparable sensing functionalities, ranging from light and temperature sensors to recent microphones and cameras. While sensing data on backscatter nodes has been seen on a clear path to increase in both volume and variety, backscatter communication is not well prepared and optimized for conveying such continuous and high-volume data. To bridge this gap, we propose a high-throughput rate adaptation scheme for backscatter networks by exploring the unique characteristics of backscatter links and the design space of the ISO 18000-6C (C1G2) protocol. Our key insight is that while prior work has left the downlink unattended, we observe that the quality of downlink is affected significantly by multipath fading and thus can degrade the uplink and overall throughput considerably. Therefore, we introduce a novel rate mapping algorithm that chooses the best rate for both the downlink and uplink. Also, we design an efficient channel estimation method fully compatible with the C1G2 protocol and a reliable probing trigger, substantially saving probing overhead. Our scheme is prototyped using a COTS RFID reader and tags. The results show that we achieve up to 2.5x throughput gain over state-of-the-art approaches across various mobility, channel, and network-size conditions
Recommended from our members
Leveraging Backscatter for Ultra-low Power Wireless Sensing Systems
The past few years have seen a dramatic growth in wireless sensing systems, with millions of wirelessly connected sensors becoming first-class citizens of the Internet. The number of wireless sensing devices is expected to surpass 6.75 billion by 2017, more than the world\u27s population as well as the combined market of smartphones, tablets, and PCs. However, its growth faces two pressing challenges: battery energy density and wireless radio power consumption. Battery energy density looms as a fundamental limiting factor due to slow improvements over the past several decades (3x over 22 years). Wireless radio power consumption is another key challenge because high-speed wireless communication is often far more expensive energy-wise than computation, storage and sensing. To make matters worse, wireless sensing devices are generating an increasing amount of data. These challenges raise a fundamental question --- how should we power and communicate with wireless sensing devices. More specifically, instead of using batteries, can we leverage other energy sources to reduce, if not eliminate, the dependence on batteries? Similarly, instead of optimizing existing wireless radios, can we fundamentally change how radios transmit wireless signals to achieve lower power consumption? A promising technique to address these questions is backscatter --- a primitive that enables RF energy harvesting and ultra-low-power wireless communication. Backscatter has the potential to reduce dependence on batteries because it can obtain energy by rectifying the wireless signals transmitted by a backscatter reader. Backscatter can also work by reflecting existing wireless signals (WiFi, BLE) when these are available nearby. Because signal reflection only consumes uWs of power, backscatter can enable ultra-low-power wireless communication. However, the use of backscatter for communicating with wireless sensing devices presents several challenges. First, decreasing RF power across distance limits the operational range of micro-powered backscatter devices. This raises the question of how to maintain a communication link with a backscatter device despite tiny amount of harvested power. Second, even though the backscatter RF front-end is extremely power-efficient, the computational and sensing overhead on backscatter sensors limit its ability to operate with a few micro-Watts of power. Such overhead is a negligible factor of overall power consumption for platforms where radio power consumption is high (e.g. WiFi or Bluetooth based devices). However, it becomes the bottleneck for backscatter based platforms. Third, backscatter readers are not currently deployed in existing indoor environments to provide a continuous carrier for carrying backscattered information. As a result, backscatter deployment is not yet widespread. This thesis addresses these challenges by making the following contributions. First, we design a network stack that enables continuous operation despite decreasing harvested power across distance by employing an OS abstraction --- task fragmentation. We show that such a network stack enables packet transfer even when the whole system is powered by a 3cmx3cm solar panel under natural indoor light condition. Second, we design a hardware architecture that minimizes the computational overhead of backscatter to enable over 1Mbps backscatter transmission while consuming less than 100uWs of power, a two order of magnitude improvement over the state-of-the-art. Finally, we design a system that can leverage both ambient WiFi and BLE signals for backscatter. Our empirical evaluation shows that we can backscatter 500bps data on top of a WiFi stream and 50kbps data on top of a Bluetooth stream when the backscatter device is 3m away from the commercial WiFi and Bluetooth receivers
Design and Analysis of Security Schemes for Low-cost RFID Systems
With the remarkable progress in microelectronics and low-power semiconductor technologies, Radio Frequency IDentification technology (RFID) has moved from obscurity into mainstream applications, which essentially provides an indispensable foundation to realize ubiquitous computing and machine perception. However, the catching and exclusive characteristics of RFID systems introduce growing security and privacy concerns. To address these issues are particularly challenging for low-cost RFID systems, where tags are extremely constrained in resources, power and cost. The primary reasons are: (1) the security requirements of low-cost RFID systems are even more rigorous due to large operation range and mass deployment; and (2) the passive tags' modest capabilities and the necessity to keep their prices low present a novel problem that goes beyond the well-studied problems of traditional cryptography. This thesis presents our research results on the design and the analysis of security schemes for low-cost RFID systems.
Motivated by the recent attention on exploiting physical layer resources in the design of security schemes, we investigate how to solve the eavesdropping, modification and one particular type of relay attacks toward the tag-to-reader communication in passive RFID systems without requiring lightweight ciphers. To this end, we propose a novel physical layer scheme, called Backscatter modulation- and Uncoordinated frequency hopping-assisted Physical Layer Enhancement (BUPLE). The idea behind it is to use the amplitude of the carrier to transmit messages as normal, while to utilize its periodically varied frequency to hide the transmission from the eavesdropper/relayer and to exploit a random sequence modulated to the carrier's phase to defeat malicious modifications. We further improve its eavesdropping resistance through the coding in the physical layer, since BUPLE ensures that the tag-to-eavesdropper channel is strictly noisier than the tag-to-reader channel. Three practical Wiretap Channel Codes (WCCs) for passive tags are then proposed: two of them are constructed from linear error correcting codes, and the other one is constructed from a resilient vector Boolean function. The security and usability of BUPLE in conjunction with WCCs are further confirmed by our proof-of-concept implementation and testing.
Eavesdropping the communication between a legitimate reader and a victim tag to obtain raw data is a basic tool for the adversary. However, given the fundamentality of eavesdropping attacks, there are limited prior work investigating its intension and extension for passive RFID systems. To this end, we firstly identified a brand-new attack, working at physical layer, against backscattered RFID communications, called unidirectional active eavesdropping, which defeats the customary impression that eavesdropping is a ``passive" attack. To launch this attack, the adversary transmits an un-modulated carrier (called blank carrier) at a certain frequency while a valid reader and a tag interacts at another frequency channel. Once the tag modulates the amplitude of reader's signal, it causes fluctuations on the blank carrier as well. By carefully examining the amplitude of the backscattered versions of the blank carrier and the reader's carrier, the adversary could intercept the ongoing reader-tag communication with either significantly lower bit error rate or from a significantly greater distance away. Our concept is demonstrated and empirically analyzed towards a popular low-cost RFID system, i.e., EPC Gen2. Although active eavesdropping in general is not trivial to be prohibited, for a particular type of active eavesdropper, namely a greedy proactive eavesdropper, we propose a simple countermeasure without introducing extra cost to current RFID systems.
The needs of cryptographic primitives on constraint devices keep increasing with the growing pervasiveness of these devices. One recent design of the lightweight block cipher is Hummingbird-2. We study its cryptographic strength under a novel technique we developed, called Differential Sequence Attack (DSA), and present the first cryptanalytic result on this cipher. In particular, our full attack can be divided into two phases: preparation phase and key recovery phase. During the key recovery phase, we exploit the fact that the differential sequence for the last round of Hummingbird-2 can be retrieved by querying the full cipher, due to which, the search space of the secret key can be significantly reduced. Thus, by attacking the encryption (decryption resp.) of Hummingbird-2, our algorithm recovers 36-bit (another 28-bit resp.) out of 128-bit key with ( resp.) time complexity if particular differential conditions of the internal states and of the keys at one round can be imposed. Additionally, the rest 64-bit of the key can be exhaustively searched and the overall time complexity is dominated by . During the preparation phase, by investing effort in time, the adversary is able to create the differential conditions required in the key recovery phase with at least 0.5 probability.
As an additional effort, we examine the cryptanalytic strength of another lightweight candidate known as A2U2, which is the most lightweight cryptographic primitive proposed so far for low-cost tags. Our chosen-plaintext-attack fully breaks this cipher by recovering its secret key with only querying the encryption twice on the victim tag and solving 32 sparse systems of linear equations (where each system has 56 unknowns and around 28 unknowns can be directly obtained without computation) in the worst case, which takes around 0.16 second on a Thinkpad T410 laptop
Intelligent Sensor Networks
In the last decade, wireless or wired sensor networks have attracted much attention. However, most designs target general sensor network issues including protocol stack (routing, MAC, etc.) and security issues. This book focuses on the close integration of sensing, networking, and smart signal processing via machine learning. Based on their world-class research, the authors present the fundamentals of intelligent sensor networks. They cover sensing and sampling, distributed signal processing, and intelligent signal learning. In addition, they present cutting-edge research results from leading experts