Program and deploy your SN in minutes –Single System Image Program –“Write Once, Run… Wherever” –Each program runs on an SN “slice” i.e., a Virtual Sensor Network VSN “Painless” administration –Self-organizing, automated dispatch. –Sensor network can grow or shrink as resources become available install and run the Sensorium eXecution Environment (SXE) Sensorium Resource Manager and Sensorium Service Dispatcher do the rest. Extensibility –Support for new sensing hardware/modality or new computation ability requires implementing Java classes given interfaces and API. –Programs continue to use simple, high-level STEP language and can immediately leverage new devices or capabilities. Reasonable cost –Programs are interpreted and executed by the framework. Induced computational overhead is reasonable and can be minimized by thoughtful implementation. The Sensor Network is the Computer Implementing a Multi-Modal Wireless Network Security Service on the snBench Michael Ocean, Azer Bestavros and Assaf Kfoury Computer Science Department, Boston University Observing Wireless Network Behavior The snBench can be extended to support wireless network monitoring (security/intrusion detection) that is easily tasked and integrates other modalities (e.g., video). The experiment environment: –CS Graduate Research Lab 2 Linksys Access Points imaged with OpenAP Linux and Kismet (open-source) wireless monitoring package 4 Axis Pan-Tilt-Zoom on a dedicated gigabit network Crossbow motes, servers, compute node, 750GB SQL server, etc. Adding Wireless Sesning to the infrastructure –DLink Access Points run as “Kismet drones” passively monitoring all and report wireless frames over Ethernet. –Separate Kismet server process interprets drone’s results and detects “Alert” events via (published) UDP protocol, »DEAUTHFLOOD »DISASSOCTRAFFIC »Etc. –Packet analysis can be run on the AP but performance (and extensibility) improves when processed elsewhere. Other processors can be plugged in and customized to detect different attacks/events (flag “any traffic from sender X”, etc). –Extensions to the Sensor eXecution Environment (SXE) provide access to KismetSensor as a “first class” sensor device. A KismetSensor process communicates with Kismet server via UDP protocol. notification on detected intrusion letonce WIFIPKT = DetectWifiAlertEvent(Sensor) in leteach SRC = WIFIPKT.getfield(“MAC”) in level_trigger( not(isnil(WIFIPKT)) concat($NOW$,“:Found banned MAC”, SRC,“ at”, WIFIPKT.getfield(“time”) )) Build a MAC blacklist on detected intrusion letonce WIFIPKT = DetectWifiAlertEvent(Sensor) in leteach SRC = WIFIPKT.getfield(“MAC”) in level_trigger( not(contains(SQL.get(“BLACKLIST”),SRC)), SQL.put(“BLACKLIST”,SRC) ) Take a picture when a wireless intruder is detected letonce WIFIPKT = DetectWifiAlertEvent(Sensor) in leteach SRC = WIFIPKT.getfield(“MAC”) in level_trigger( contains(SQL.get(“BLACKLIST”),SRC), SQL.put( “wifi_intrusion_$EVAL_COUNT$”, drawstring(concat(“MAC ”, SRC), snapshot( findadjacentsensor(“Image”, WIFIPKT.getfield(“SOURCE_AP”))))) Programs ran for 48 hours (stable). Simulated detectable attacks via laptop with open-source tools (AirJack, Netstumbler). –Simulated attacks were detected. Response processed on an average of 2.8 seconds in “polling” mode. Optimizations reduced processing time to 550ms using “simulated interrupts.” Anything under 30 seconds is likely acceptable for intrusion response time – consider the attacker and the situation; “OK! I did it, now run!” ? findadjacentsensor does not move the PTZ cameras –Use signal strength to improve captured image by moving the cameras to the best vantage point and take an image from all applicable sensors Implement SendDisassociate() and DetectWifiCommEvent() take defensive action against an attacker. –For example: Forcibly Disassociate a Blacklisted User Whenever Detected…Anywhere! letonce WIFIPKT = DetectWifiAlertEvent(Sensor) in leteach SRC = WIFIPKT.getfield(“MAC”) in level_trigger( not(isnll(WIFIPKT)), SendDisassociate(WIFIPKT.getfield(“BASESTATION”), SRC)) Motivation and Scope Inexpensive networked video sensing elements will be pervasively deployed in our environment. Harnessing the power of these emergent sensory environments (Sensoria) will hinge on our ability to build applications capable of gathering, interpreting and storing data from distributed sensors and to provide scalable mechanisms for managing the networks and systems resources that these applications consume. These resources must be composed, tasked and administered in some structured, extensible and maintainable fashion – enter the Sensor Network WorkBench The snBench provides users with their own virtual Sensor Network via programming and run-time infrastructure enabling developers to specify and deploy distributed applications over a heterogeneous network of Sensing and Computing Elements. What sensors can I use and what functionality do they expose? snBench: the Life-Cycle of a SN Application Program –The high-level functional style specification language SNAFU glues together atomic operations. Compile –A SNAFU program is compiled into a Sensorium Task Execution Plan (STEP). Map and Link –Run-time support components break the STEP into smaller sub-STEPs that fit on available resources. Load and Execute –STEPs are dispatched to Sensor eXecution Environments (SXEs). SNAFU SN Applications As Functions SNAFU programs describe a data-flow with sensory data flow manipulated by a series of functions. STEP Sensorium Task Execution Plan The explicit evaluation strategy for an SN app. Data percolates up toward the root from the leaves. Sensor eXecution Environments SXEs accept partial STEP graphs and evaluate them. trigger( (motion(snapshot(cam2)) && (2am<NOW<4am)), snapshot(cam2))) SXE trigger cam2 snapshot motion clock4AM 2AM << && SXE Example The user writes a SNAFU program that strings together the sensors and operations the user is interested in The SNAFU program is compiled into STEP and the infrastructure does the rest! Adding Wireless Sensing to the snBench The experiment environment (the CS grad lab) is shown. Common areas of the lab are fitted with various sensing equipment. (sensing equipment relevant to the experiment is shown). Results, Progress and Future Work SNAFU Intrusion Detection Programs