Design for IoT - ETH Z...38 Resources conflicting Predictability The closer the system works at its...
Transcript of Design for IoT - ETH Z...38 Resources conflicting Predictability The closer the system works at its...
Computer Engineering and NetworksTechnische Informatik und Kommunikationsnetze
Design for IoT
Lothar ThieleETH Zurich, Computer Engineering and Networks
- Trustable Things -
2
Landscape
3
© www.braingrid.org© www.openpr.com
4
Smart World
physical/biological/socialprocesses
observing influencing
reasoningdecidingbig data
CYBER
•WORLD
•PHYSICAL
•WORLD
Nature
Hardware &Software
Computation
Communication
5
Endeavors
in long-term autonomous embedded systems
6
Building Automation - Monitoring
© Siemens Building Technologies
Characteristics:
• Certified wireless multihop firedetection system
• High dependability requirements(availability, real-time guarantees)
• Battery-powered with long lifetime
Experience:
• new algorithms, models, methods
• tremendeous engineering effort
7
High-Resolution Air Pollution Maps
Application Goal
Trustable high-resolution air quality maps.
Long-term operation.
•O3
•NO2
•CO
•PM0.1
•Public transport vehicles equipped with air quality sensors
•High-resolution air pollution maps
•wearable air qualitysensors
8
Mobile stations installed on top of trams in Zurich
• Continuously in operation since April 2012
• Monitor main pollutants and environmental parameters
• PM0.1, O3, CO, NO2, temperature, humidity
• more than 100 million measurements and counting …
High-Resolution Air Pollution
9
Wireless Monitoring Technology
allows to quantify mountain phenomena at diverse modalities and scales,
provides information for processunderstanding and modeling
can be used for safety critical applications in an hostile environment.
PermaSenseMonitoring in the Extreme
[Jan Beutel et al.: PermaSense]
10
PermaSenseMonitoring in the Extreme
Development of early warning systems
New scientific knowledge
11
Camera
12
13
Camera
5 field sites in surveillance
> 6 years autonomous operation
> 1 Billion data points
14
Dependability and Trust
15
© http://www.satiztpm.it/
© nkonnect
16
Dependability and Trust
Society will increasingly depend on the Internet of Things.
Dependability and trust are keyfor societal acceptance.
17
Predictability and Dependability
natural hazards desaster management
health factory
surveillance
care
mobility
automation
18
Scalingto Billions of Devices
Data
Edge-Fog-Cloud ComputingNetworksStandardsBig Data & Analytics
Energy
Zero Power SystemsEnergy HarvestingApproximate ComputingNear-Threshold ArchitecturesBrain-Like Computing
Trust
Security and Privacy
This Talk
Information
19
What are the reasons for low dependability
(or tremendous engineering effort)?
20
Reason 1: Resource Constraints
Communication Bandwidth
Memory
Computation Energy
Low Cost Sensors© Adrian Ionescu
21
An IoT System View© Luca Benini
50
22
Near-Threshold Multiprocessing – PULP© Luca Benini
23
Near-Threshold Multiprocessing – PULP© Luca Benini
803 GOPS/W 60k GOPS/W
24
Reason 2: Adaptivity
• Adaptivity and feedback due to
• changes in environment
• user interaction
• switching between (power saving) modes, …
• Typical for applications in
• surveillance
• early warning
• personalized medical and health
• industrial control, …
© Mark Dixon
Event-DrivenBehavior
25
Adaptive Behavior
Example: Acoustic sensing of mountain phenomena
1. acoustic events are detected
2. host decides on relevance
3. switching on other sensor modalities
4. high rate sensor data communication
27
Resources Dependability
The closer the system works at its resource limits, the less reliable it operates.
conflicting
28
Resources Dependability
The closer the system works at its resource limits, the less reliable it operates.
conflicting
computation
communication
queue
task energy
memory
29
Resources Dependabilityconflicting
computation
communication
queue
task energy
memory
The closer the system works at its resource limits, the less reliable it operates.
30
Resources Dependabilityconflicting
computation
communication
task energy
memoryqueue
The closer the system works at its resource limits, the less reliable it operates.
31
Resources Dependabilityconflicting
overprovisioningis not an option
The closer the system works at its resource limits, the less reliable it operates.
Why is this a challenge?
32
Resources Dependabilityconflicting
overprovisioningis not an option
The closer the system works at its resource limits, the less reliable it operates.
Why is this a challenge?
adaptivity increases non-determinismand requires system-wide coordination
Adaptivity
33
System Challengesdependable
34
System Challenges
adaptive
low resources
µW
sleep welloperate efficiently
wake-up quicklyswitch gears quickly
dependable
35© http://www.systematic-paris-region.org
Some Design Principles
36
Interference
37
Resources Predictabilityconflicting
Interference is one of the prominent mechanisms.
The closer the system works at its resource limits, the less reliable it operates.
Adaptivity
memory demanddepends on total sum
application1
application2
application1
application2
application1
application2
38
Resources Predictabilityconflicting
The closer the system works at its resource limits, the less reliable it operates.
Adaptivity
memory demanddepends on total sum
application1
application2
CPU1 CPU2
shared resource
shared resources and
communication may couple
time and power domains
with cyclic dependencies
Interference is one of the prominent mechanisms.
39
Resources Predictabilityconflicting
The closer the system works at its resource limits, the less reliable it operates.
Adaptivity
memory demanddepends on total sum
application1
application2
CPU1 CPU2
shared resource
shared resources and
communication may couple
time and power domains
with cyclic dependencies
interference from other
modalities lead to cross-
sentivities and necessitate
calibration / sensor fusion
CO2CO
NOx
T
H2O
VOC
O3
Interference is one of the prominent mechanisms.
40
Remove unwanted interference by design.
Interference
41
PartitioningTime
42
PartitioningTime Space
43
What about other properties?
Energy
©Cypress
Clock and Power
© Mentor Graphics
44
Example: Wireless Node Platform
BOLTSingle Processor APP COM
Sensor
Interface
Network
Protocol
Sensor
Interface
Network
Protocol
Classic IoT/Sensor Node Architecture
memory
interference
time-
interference
BOLT
Partitioning in Space
clock & power-
interference
45
Example: Wireless Node Platform
BOLTSingle Processor APP COM
Sensor
Interface
Network
Protocol
Sensor
Interface
Network
Protocol
memory
interference
time-
interference
BOLT
firewall for
BOLT Architecture
clock and power
Classic IoT/Sensor Node Architecture
46
Example: Wireless Node Platform
BOLTSingle Processor APP COM
Sensor
Interface
Network
Protocol
Sensor
Interface
Network
Protocol
Classic Architecture
memory
interference
time-
interference
BOLT
BOLT Architecture
•Application Processor
•Communication
Processor
•BOLT
[Sutton et al. "Bolt: A stateful processor interconnect.]
Total Sleep Power ≈ 8.1 µW
BOLT Sleep Power ≈ 1.3 µW
47
Remove unwanted interference by design.If you can not, bound it.
Interference
48
Example: Wireless Node Platform
BOLTSingle Processor APP COM
Sensor
Interface
Network
Protocol
Sensor
Interface
Network
Protocol
Classic Architecture
memory
interference
time-
interference
BOLT
firewall for
BOLT Architecture
clock and power
49
Example: Wireless Node Platform
BOLTSingle Processor APP COM
Sensor
Interface
Network
Protocol
Sensor
Interface
Network
Protocol
BOLT
BOLT Architecture
REQ
ACK
SPI
INDA
MSP430FR5969
DCO
FRAM
R/W
REQ
ACK
SPI
INDA
R/W
SP
I A
GP
IO
PO
RT
3D
MA
0
SP
I C
DM
A1
GP
IO
PO
RT
4
MSP430
CORE
INDC INDC
50
Example: Wireless Node Platform
BOLTSingle Processor APP COM
Sensor
Interface
Network
Protocol
Sensor
Interface
Network
Protocol
BOLT
BOLT Architecture
REQ
ACK
SPI
INDA
MSP430FR5969
DCO
FRAM
R/W
REQ
ACK
SPI
INDA
R/W
SP
I A
GP
IO
PO
RT
3D
MA
0
SP
I C
DM
A1
GP
IO
PO
RT
4
MSP430
CORE
INDC INDC
Use formal methods to bound
interference.
• Static Timing Analysis
• Hardware Verification
51
•UPPAAL Model Checker
52
Example: Wireless Node Platform
Use formal methods to bound
interference.
• Static Timing Analysis
• Hardware Verification
Predictability
Compostionality
53
Remove unwanted interference by design.If you can not, bound it.
If you can not, use it to your advantage.
Interference
Computer Engineering and NetworksTechnische Informatik und Kommunikationsnetze
55
Let us look at wireless communication
Long Range Network (LoRa)
[Orestis Georgiou et al: Can LoRa scale? 2016.] [Ferran Adelantado et al: Understanding the Limits of LoRaWAN.
IEEE Comm. 2016]
56
Let us look at wireless communication
Wireless Mesh Networks
57
Can we expect that this construction works
reliably and efficiently?
58
Can we expect that this construction works
reliably and efficiently?
No, it doesn't !
Complex and non-deterministic interference
No chance to provide tight bounds
59
Use interference to your advantage
60
Synchronous Transmissions
Transmissions are overlappingin time and space.
Nevertheless, the receiver decodesuseful information.
Do not avoid interference but use it to your advantage!
62
Interference Management
Make use of interference Partitioning in time
Low Power Wireless Bus
• energy (resource) efficient
• adaptive
• robust and predictable
• provable guarantees[Ferrari et al: Low Power Wireless Bus, 2012.]
63
But is the underlying principle competitive?
64
65
Evaluation Scenario
66
Evaluation Scenario
67
Evaluation Scenario
68
Results
The best protocolsuse the design principles just
presented.
This year and the year before.
69
Reality or Fiction
71
72
packet losstime synchronization
communication disconnect
buffer overflow
energy harvesting
data analysis
sensor fault
failing interconnects
computing faults
73
But: «Sensing in the Extreme» is very special
74
High-Resolution Air Pollution Maps
Application Goal
Trustable high-resolution air quality maps.
Long-term operation.
•O3
•NO2
•CO
•PM0.1
•Public transport vehicles equipped with air quality sensors
•High-resolution air pollution maps
•wearable air qualitysensors
75
Can We Trust Sensor Readings?
as recommendedby manufacturer
Example: Widely used commercial low-cost NO2 Sensor
76
Can We Trust Sensor Readings?
• EPA (United States Environmental ProtectionAgency)
• Community Air Sensor Network (CAIRSENSE) project (2016)
…
77
Can We Trust Sensor Readings?
Example: Widely used commercial low-cost NO2 Sensor
after sensor array calibration usinglow-cost ozon, humidity and temperature sensors
[Maag et al: Pre-Deployment Testing, Augmentation and Calibration of Cross-Sensitive Sensors, 2016.]
78
We will rely on the IoT Infrastructure.
It should be trustable.
We are in demand of appropriatemodels, design, testing and verification methods.
79
ETH Zurich
Computer Engineering and Networks Lab
Geodesy and Geodynamics Lab
Micro and Nanosystems
Federal Office for the Environment
University of Zurich
Department of Geography
EMPA
Natural Resources & Pollutants
Acknowledgements
Current and Previous Contributors:
Jan Beutel, Olga Saukh, Zimu Zhou
Reto da Forno, Andres Gomez, Tonio Gsell, Romain Jacob, Balz Maag, Matthias Meyer, Lukas Sigrist, Mina Soliman, Felix Sutton, Roman Lim, Marco Zimmerling, Bernhard Buchli, David Hasenfratz, Federiuco Ferrari, Matthias Keller, Matthias Woehrle, Andreas Meier, Clemens Moser, Lennart Meier, Philipp Blum
80