Mirov 2014 - police scenario experiment

Plan is to get as much data as possible about behavior of real nodes when deployed as described by Police scenario with ProtectLayer application with full implementation enabled. Main goal is to field-test late version of prototype application.

Presentation of experiment details:


  • Test scenario will be as similar to Cikhaj 2013 experiment as possible for reference comparison
  • Nodes with ProtectionLayer uploaded and enabled from lab
  • Nodes will be positioned on snow towers (marked with red spray) spread over meadow around base station
  • Node will send “still alive” message every 5 seconds
  • First team of participants will pretend to be police (every one will carry MSN node, radio transmission power set to lowest value)
  • Second team will pretend to be intruders (every one will carry intruder node, radio transmission power set to lowest value) - see virtual movement detection
  • Movement detection will be simulated by radio proximity of nodes (movement is detected when node will receive sufficiently strong signal from intruder node)
  • If MSN is detected (MSN node is close), node will send message to base station
  • If movement is detected (intruder node is close), node will send message to base station
  • IDS will send periodically IDS message (30 sec?) - warning, dropper detected
  • Base station node will emit change of privacy level message (controlled by BS physical button)
  • Additional nodes will monitor traffic in promiscuous mode to provide as much debugging information as possible (sw from Jirka)
    • loggers, all connected to same notebook?
    • time synchronization
  • Following parameters will be inspected:
    • overall functionality of prototype
    • fraction of delivered messages with “still alive”
    • fraction of delivered messages with movement detection
    • fraction of delivered messages with IDS warning
    • possibility to track attacker as he moves

  1. Place nodes, BS, sniffers. All nodes are waiting for magic packet
  2. Connect sniffers to BS
  3. # Send magic packet from BS == Privacy level == 0
  4. capture 10 minutes of traffic
  5. Move intruder and MSN throw network (direct straight, around)
  6. # Send privacy level change from BS == Privacy level == 1 (encrypted traffic)
  7. capture 10 minutes of traffic
  • Privacy [Dusan]
    • OK protection of packet
    • change of privacy level
    • authenticated broadcast
    • OK pass message to IDS
    • !TEST phantom routing
    • OK for debugging: payload content is also copied into open PL header (sniffer will directly see)
  • IDS [Martin]
    • !TEST monitoring packets
    • !TEST packet dropping detection / selective forwarding
    • !TEST warning packet to BS, IDS forwarder
  • KeyDistrib & Crypto [Petr/Lukas]
    • !TEST unique key established based on predistributed keys
    • !TEST working encryption/decryption with software AES
    • !TEST working key derivation
    • !TEST crypto support for other components
    • predistributed hash chains for privacy level
  • Routing [Petr]
    • OK fixed routing tree
    • OK only to base station, not node-to-node
    • OK id of node as AM ID given at programming
    • OK map of sensors and routing connections
      • 3 circles, 5metres each
      • max. 20 neighbors, flag with position quadrant, one parent (to BS)
  • Motion detection (virtual ePir) [Filip]
    • OK detection of intruder
    • OK detection of MSN
    • 10 sec timer before selected behavior is enabled
  • User app (keep alive messages, react on motion detect, MSN detected) [Filip]
    • OK alive, motion-detected (z Cikhaj 2013)
    • OK MSN detected
  • Base station app [Dusan]
    • log incoming messages to notebook
    • authenticated broadcast on button click
  • Time synchronization via time stamps in sniffer logs [Dusan]
    • OK modification to sniffer client software
      • no time beacon needed as no storage to eeprom is performed
  • Ordinary nodes [Martin]
    • Police app + protect layer
  • Sniffers [Lukas]
    • default sniffing app, connected to one laptop, time stamp
  • Base station [Dusan]
    • dump incoming message via serial to laptop (modified sniffing app)
    • emit change privacy level after button press
  • Intruder / MSN [Filip]
    • same app, difference in node ID?
    • emit presence message
  • 31.1.2014 Running testbed app without privacy protection, messages routed to BS
  • 6.2.2014 testbed test (hard test)
    • what is not working here will be disabled for experiment
  • 6.2.2014 Application upload, battery charge
  • 7.2.2014 Physical packaging
  • 9 & 10.2.2014 Experiment!
  • nodes
  • sniffers nodes
  • charged batteries, battery chargers
  • cables
  • camera!!
  • red spray
  1. Moved to default channel (comment -DCC2420_DEF_RFPOWER=11, -DCC2420_DEF_CHANNEL=20 in relevant Makefiles (node, bs, sniffer))
  2. RestoreFromFlash EEPROM disabled (ProtectLayerGlobals.h #define SKIP_EEPROM_RESTORE)


cd /opt/tinyos-2.1.1/apps/BaseStation
make telosb install,14 bsl,/dev/ttyUSB2
run listener: java net.tinyos.tools.Listen -comm serial@/dev/ttyUSB2:telosb


cd /tinyos/PL_BaseStation/src
make telosb install,14 bsl,/dev/ttyUSB0
run listener:java net.tinyos.tools.PrintfClient -comm serial@/dev/ttyUSB0:telosb

Ordinary node:

cd /tinyos/PL_PoliceApp/src
make telosb install,21 bsl,/dev/ttyUSB1
run listener:java net.tinyos.tools.PrintfClient -comm serial@/dev/ttyUSB1:telosb