Refine
Document Type
- Conference Proceeding (78)
- Article (unreviewed) (18)
- Article (reviewed) (8)
- Part of a Book (5)
- Report (1)
Conference Type
- Konferenzartikel (77)
- Sonstiges (1)
Has Fulltext
- no (110) (remove)
Is part of the Bibliography
- yes (110) (remove)
Keywords
- Kommunikation (11)
- Eingebettetes System (8)
- Intelligentes Stromnetz (4)
- Sicherheit (4)
- Energieversorgung (3)
- Messung (3)
- Sensortechnik (3)
- Applikation (2)
- Drahtloses lokales Netz (2)
- Internet (2)
Institute
- Fakultät Elektrotechnik und Informationstechnik (E+I) (bis 03/2019) (110) (remove)
Open Access
- Closed Access (54)
- Open Access (23)
- Closed (16)
- Bronze (3)
The excessive control signaling in Long Term Evolution networks required for dynamic scheduling impedes the deployment of ultra-reliable low latency applications. Semi-persistent scheduling was originally designed for constant bit-rate voice applications, however, very low control overhead makes it a potential latency reduction technique in Long Term Evolution. In this paper, we investigate resource scheduling in narrowband fourth generation Long Term Evolution networks through Network Simulator (NS3) simulations. The current release of NS3 does not include a semi-persistent scheduler for Long Term Evolution module. Therefore, we developed the semi-persistent scheduling feature in NS3 to evaluate and compare the performance in terms of uplink latency. We evaluate dynamic scheduling and semi-persistent scheduling in order to analyze the impact of resource scheduling methods on up-link latency.
Vehicle-to-Everything (V2X) communication promises improvements in road safety and efficiency by enabling low-latency and reliable communication services for vehicles. Besides using Mobile Broadband (MBB), there is a need to develop Ultra Reliable Low Latency Communications (URLLC) applications with cellular networks especially when safety-related driving applications are concerned. Future cellular networks are expected to support novel latencysensitive use cases. Many applications of V2X communication, like collaborative autonomous driving requires very low latency and high reliability in order to support real-time communication between vehicles and other network elements. In this paper, we classify V2X use-cases and their requirements in order to identify cellular network technologies able to support them. The bottleneck problem of the medium access in 4G Long Term Evolution(LTE) networks is random access procedure. It is evaluated through simulations to further detail the future limitations and requirements. Limitations and improvement possibilities for next generation of cellular networks are finally detailed. Moreover, the results presented in this paper provide the limits of different parameter sets with regard to the requirements of V2X-based applications. In doing this, a starting point to migrate to Narrowband IoT (NB-IoT) or 5G - solutions is given.
The next generation cellular networks are expected to improve reliability, energy efficiency, data rate, capacity and latency. Originally, Machine Type Communication (MTC) was designed for low-bandwidth high-latency applications such as, environmental sensing, smart dustbin, etc., but there is additional demand around applications with low latency requirements, like industrial automation, driver-less cars, and so on. Improvements are required in 4G Long Term Evolution (LTE) networks towards the development of next generation cellular networks for providing very low latency and high reliability. To this end, we present an in-depth analysis of parameters that contribute to the latency in 4G networks along with a description of latency reduction techniques. We implement and validate these latency reduction techniques in the open-source network simulator (NS3) for narrowband user equipment category Cat-Ml (LTE-M) to analyze the improvements. The results presented are a step towards enabling narrowband Ultra Reliable Low Latency Communication (URLLC) networks.
Integration of BACNET OPC UA-Devices Using a JAVA OPC UA SDK Server with BACNET Open Source Library
(2014)
Although short range wireless communication explicitly targets local and very regional applications, range continues to be an extremely important issue. The range directly depends on the so called link budget, which can be increased by the choice of modulation and coding schemes. Especially, the recent transceiver generation comes with extensive and flexible support for Software Defined Radio (SDR). The SX127x family from Semtech Corp. is a member of this device class and promises significant benefits for range, robust performance, and battery lifetime compared to competing technologies. This contribution gives a short overview into the technologies to support Long Range (LoRa ™), describes the outdoor setup at the Laboratory Embedded Systems and Communication Electronics of Offenburg University of Applied Sciences, shows detailed measurement results and discusses the strengths and weaknesses of this technology.
IPv6 over resource-constrained devices (6Lo) emerged as a de-facto standard for the Internet of Things (IoT) applications especially in home and building automation systems. We provide results of an investigation of the applicability of 6LoWPAN with RPL mesh networks for home and building automation use cases. The proper selection of Trickle parameters and neighbor reachable time-outs is important in the RPL protocol suite to respond efficiently to any path failure. These parameters were analyzed in the context of energy consumption w.r.t the number of control packets. The measurements were performed in an Automated Physical Testbeds (APTB). The results match the recommendation by RFC 7733 for selecting various parameters of RPL protocol suite. This paper shows the relationship between various RPL parameters and control traffic overhead during network rebuild. Comparative measurement results with Bluetooth Low Energy (BLE) in this work showed that 6Lo with RPL outperformed BLE in this use case with less control traffic overheads.
WirelessHART protocol was specifically designed for real-time communication in the wireless sensor networks domain for industrial process automation requirements. Whereas the major purpose of WirelessHART is the read-out of sensors with moderate real-time requirements, an increasing demand for integration of actuator applications can be observed. Therefore, it must be verified that the WirelessHART protocol gives sufficient support to real-time industry requirements. As a result, the delay of especially burst and command messages from actuator and sensor nodes to the gateway and vice versa must be analyzed. In this paper, we implemented a WirelessHART network scenario in WirelessHART simulator in NS-2 [8], simulated and analyzed its time characteristics under ideal and noisy conditions. We evaluated the performance of the implementation in order to verify whether the requirements of industrial process and control can be met. This implementation offers an early alternative to expensive test beds for WirelessHART in real-time actuator applications.
Temperature regulation is an important component for modern high performance single -core and multi-core processors. Especially high operating frequencies and architectures with an increasing number of monolithically integrated transistors result in a high power dissipation and - since processor chips convert the consumed electrical energy into thermal energy - in high operating temperatures. High operating temperatures of processors can have drastic consequences regarding chip reliability, processor performance, and leakage currents. External components like fans or heat spreaders can help to reduce the processor temperature - with the disadvantage of additional costs and reduced reliability. Therefore, software based algorithms for dynamic temperature management are an attractive alternative and well known as Dynamic Thermal Management (DTM). However, the existing approaches for DTM are not taking into account the requirements of real-time embedded computing, which is the objective in the given project. The first steps are the profiling and the thermal modeling of the system, which is reported in this paper for a Freescale i. MX6Q quad-core microprocessor. An analytical model is developed and verified by an extensive set of measurement runs.
Experiences with a telecare platform integration of ZigBee sensors into a middleware platform
(2012)
The M-Bus protocol (EN13757) is in widespread use for metering applications within home area and neighborhood area networks, but lacks a strict specification. This may lead to incompatibilities in real-life installations and to problems in the deployment of new M-Bus networks. This paper presents the development of a novel testbed to emulate physical Metering Bus (M-Bus) networks with different topologies and to allow the flexible verification of real M-Bus devices in real-world scenarios. The testbed is designed to support device manufacturers and service technicians in test and analysis of their devices within a specific network before their installation. The testbed is fully programmable, allowing flexible changes of network topologies, cable lengths and types. Itis easy to use, as only the master and the slaves devices have to be physically connected. This allows to autonomously perform multiple tests, including automated regression tests. The testbed is available to other researchers and developers. We invite companies and research institutions to use this M-Bus testbed to increase the common knowledge and real-world experience.
Active safety systems for advanced driver assistance systems act within a complex, dynamic traffic environment featuring various sensor systems which detect the vehicles’ surroundings and interior. This paper describes the recent progress towards a performance evaluation of car-to-car communication (C2C) for active safety systems - in particular for crash constellation prediction. The methodology introduced in this work is designed to evaluate the impact of different sensors on the accuracy of a crash constellation prediction algorithm. The benefit of C2C communication (viewed as a virtual sensor) within a sensor data fusion architecture for pre-crash collision prediction is explored. Therefore, a simulation environment for accident scenarios analysis reproducing real-world sensor behaviour, is designed and implemented. Performance evaluation results show that C2C increases confidence in the estimated position of the oncoming vehicle. With C2C enhancement the given accuracy in time-to-collision (TTC) estimation is achievable about 110 ms earlier for moderate velocities at TTC range of [0.5s..0.2s]. The uncertainty in the vehicle position prediction at the time of collision can be reduced about half by integrating C2C communication into the sensor data fusion.
6LoWPAN (IPv6 over Low Power Wireless Personal Area Networks) is gaining more and more attraction for the seamless connectivity of embedded devices for the Internet of Things (IoT). Whereas the lower layers (IEEE802.15.4 and 6LoWPAN) are already well defined and consolidated with regard to frame formats, header compression, routing protocols and commissioning procedures, there is still an abundant choice of possibilities on the application layer. Currently, various groups are working towards standardization of the application layer, i.e. the ETSI Technical Committee on M2M, the IP for Smart Objects (IPSO) Alliance, Lightweight M2M (LWM2M) protocol of the Open Mobile Alliance (OMA), and OneM2M. This multitude of approaches leaves the system developer with the agony of choice. This paper selects, presents and explains one of the promising solutions, discusses its strengths and weaknesses, and demonstrates its implementation.
Die Vielfalt der Protokolle, die praktisch auf allen Ebenen der Netzwerkkommunikation zu berücksichtigen ist, stellt eine der großen Herausforderungen bei der fortschreitenden Automatisierung des intelligenten Hauses dar. Unter dem Überbegriff Internet der Dinge (Internet of Things) entstehen gegenwärtig zahlreiche neue Entwicklungen, Standards, Allianzen und so genannte Ökosysteme. Diese haben die Absicht einer horizontalen Integration gewerkeübergreifender Anwendungen und verfolgen fast alle das Ziel, die Situation zu vereinfachen, die Entwicklungen zu beschleunigen und Markterfolge zu erreichen. Leider macht diese Vielfalt momentan die Welt aber eher noch komplexer und bringt damit das Risiko mit sich, genau das Gegenteil der ursprünglichen Absichten zu erreichen. Dieser Beitrag versucht, die Entwicklungen möglichst systematisch zu kategorisieren und mögliche Lösungsansätze zu beschreiben.
Wireless Sensor Networks (WSN) have emerged as interesting topic in the research community due to its manifold applications. One of the main challenges of this field is the energy consumption of the nodes, which typically is quite restricted due to the required lifetime of such WSNs. To solve that problem several energy-saving MAC protocols have been developed so far. One of them recently presented by the authors is the so-called SmartMAC as an extension to the IEEE802.15.4 standard. In this paper, we present the implementation details of the porting of the SmartMAC protocol to the discrete event network simulator NS3. We develop this module for NS3 to simulate the performance, multi node execution, and multi node configuration. Along with this model, we also present an energy model for the evaluation of the energy consumption. The current implementation in NS3 is based on the LR-WPAN (Low-Rate Wireless Personal Area Networks) as specified by the IEEE802.15.4 (2006) standard. The simulation results show that the SmartMAC with its sleep and wake-up mechanisms for the transceivers, is significantly more efficient than the current NS3 MAC (Medium Access Control) scheme.
A Localization System Using Inertial Measurement Units from Wireless Commercial Handheld Devices
(2013)
This paper describes a newly developed technology for the calculation of trajectories of mobile objects, which is based on commercially available sensors being integrated into modern mobile phones and other gadgets. First, a step counting technique was implemented. Second, a novel step length estimator is proposed. These two algorithms utilize the data from accelerometer sensor only. Third, the heading information was obtained using a gyroscope with complementary filter in quaternion form. The combined algorithm was implemented on a low-power ARM processor to provide the trajectory points relative to an initial point. The proposed technique was tested by 10 subjects, in different shoes with different paces. The dependence of the performance of the technology on the attaching point of the mobile device is weak. The proposed algorithms have better balance and estimation accuracy and depend in less degree on the variety in physical parameters of people in comparison with the existing techniques. In experiments inertial measurement units were mounted in different places, i.e. in the hand, in trousers or in T-shirt pockets. The return position error did not exceed 5% of the total travelled distance for all performed tests.
Ranging errors are inevitable in all local positioning systems, including those based on Time-of-Flight (ToF) technique. Results of experiments show that the major cause for these errors is a signal degradation from multipath propagation. This effect is especially critical in case of Non-Light-of-Sight (NLOS) conditions. This paper describes causes that affects ranging errors for nanoLOC™-TOF-technology and presents estimations for the probability density functions of such errors under different NLOS conditions. The provided estimations allow the improvement of the accuracy of the localization through the subsequent mitigation of the ranging errors from the measurements. Additionally, it is proposed to increase the number of cases of NLOS-conditions for the improvement of the accuracy.
On the possibility to use leaky feeders for positioning in chirp spread spectrum technologies
(2014)
Real Time Localization Systems using electromagnetic waves have significantly evolved during the last years. They also might be used in industrial and in mining environments. Here, topologies might include tunnels, where it might be difficult to ensure the field coverage. Leaky feeder cables are a common solution in case of normal radio communication. In this paper, we study the possibilities to use leaky feeders also for Time-of-Flight based real time localization in such linear topologies, like tunnels, but possibly also for 2D-localization. Theoretical analysis is verified with real-life measurements, which were performed using Chirp Spread Spectrum Technologies.
Ultra wide band (UWB) signals are well suited both for short-range wireless communication and for high-precision localization applications. Channel impulse response (CIR) analysis in UWB systems is a major element in localization estimation. In this paper, practical aspects of CIR are presented. I.e. a technique for the construction of the accumulated echo-gram of a multipath delayed signal is proposed. Decawave hardware was used to demonstrate the technique of analysis of fine structure of signals with a sub-nanosecond resolution. Temporal stability, reliability and two-way characteristics of such echo-grams are discussed as well. The results of using two EVK1000 radio modules as a radar installation to detect a target in indoor environments prove that a low cost UWB intrusion detection and through-the-wall-vision systems might be developed using the proposed technique.
Real-Time Ethernet has become the major communication technology for modern automation and industrial control systems. On the one hand, this trend increases the need for an automation-friendly security solution, as such networks can no longer be considered sufficiently isolated. On the other hand, it shows that, despite diverging requirements, the domain of Operational Technology (OT) can derive advantage from high-volume technology of the Information Technology (IT) domain. Based on these two sides of the same coin, we study the challenges and prospects of approaches to communication security in real-time Ethernet automation systems. In order to capitalize the expertise aggregated in decades of research and development, we put a special focus on the reuse of well-established security technology from the IT domain. We argue that enhancing such technology to become automation-friendly is likely to result in more robust and secure designs than greenfield designs. Because of its widespread deployment and the (to this date) nonexistence of a consistent security architecture, we use PROFINET as a showcase of our considerations. Security requirements for this technology are defined and different well-known solutions are examined according their suitability for PROFINET. Based on these findings, we elaborate the necessary adaptions for the deployment on PROFINET.
Recently, the demand for scalable, efficient and accurate Indoor Positioning Systems (IPS) has seen a rising trend due to their utility in providing Location Based Services (LBS). Visible Light Communication (VLC) based IPS designs, VLC-IPS, leverage Light Emitting Diodes (LEDs) in indoor environments for localization. Among VLC-based designs, Time Difference of Arrival (TDOA) based techniques are shown to provide very low errors in the relative position of receivers. Our considered system consists of five LEDs that act as transmitters and a single receiver (photodiode or image sensor in smart phone) whose position coordinates in an indoor environment are to be determined. As a performance criterion, Cramer Rao Lower Bound (CRLB) is derived for range estimations and the impact of various factors, such as, LED transmission frequency, position of reference LED light, and the number of LED lights, on localization accuracy has been studied. Simulation results show that depending on the optimal values of these factors, location estimation on the order of few centimeters can be realistically achieved.
Wireless sensor networks have recently found their way into a wide range of applications among which environmental monitoring system has attracted increasing interests of researchers. Such monitoring applications, in general, don way into a wide range of applications among which environmental monitoring system has attracted increasing interests of researc latency requirements regarding to the energy efficiency. Also a challenge of this application is the network topology as the application should be able to be deployed in very large scale. Nevertheless low power consumption of the devices making up the network must be on focus in order to maximize the lifetime of the whole system. These devices are usually battery-powered and spend most of their energy budget on radio transceiver module. A so-called Wake-On-Radio (WoR) technology can be used to achieve a reasonable balance among power consumption, range, complexity and response time. In this paper, some designs for integration of WOR into IEEE 802.1.5.4 are to be discussed, providing an overview of trade-offs in energy consumption while deploying the WoR schemes in a monitoring system.
Environmental Monitoring is an attractive application field for Wireless Sensor Network (WSN). Water Level Monitoring helps to increase the efficiency of water distribution and management. In Pakistan, the world’s largest irrigation system covers 90.000 km of channels which needs to be monitored and managed on different levels. Especially the sensor systems for the small distribution channels need to be low energy and low cost. The distribution presents a technical solution for a communication system which is developed in a research project being co-funded by German Academic Exchange Service (DAAD). The communication module is based on IEEE-802.15.4 transceivers which are enhanced through Wake-On-Radio (WOR) to combine low-energy and real-time behavior. On higher layers, IPv6 (6LoWPAN) and corresponding routing protocols like Routing Protocol for Low power and Lossy Networks (RPL) can extend range of the network. The data are stored in a database and can be viewed online via a web interface. Of course, also automatic data analysis can be performed.
Wireless sensor networks have found their way into a wide range of applications among which environmental monitoring systems have attracted increasing interests of researchers. The main challenges for the applications are scalability of the network size and energy efficiency of the spatially distributed motes. These devices are mostly battery-powered and spend most of their energy budget on the radio transceiver module. A so-called Wake-On-Radio (WOR) technology can be used to achieve a reasonable balance among power consumption, range, complexity and response time. In this paper, a novel design for integration of WOR into IEEE802.1.5.4 is presented, which flexibly allows trade-offs in energy consumption between sender and receiver station, between real-time capability and energy consumption. For identical behavior, the proposed scheme is significantly more efficient than other schemes, which were proposed in recent publications, while preserving backward compatibility with standard IEEE802.15.4 transceivers.
Digital networked communications are the key to all Internet-of-Things applications, especially to smart metering systems and the smart grid. In order to ensure a safe operation of systems and the privacy of users, the transport layer security (TLS) protocol, a mature and well standardized solution for secure communications, may be used. We implemented the TLS protocol in its latest version in a way suitable for embedded and resource-constrained systems. This paper outlines the challenges and opportunities of deploying TLS in smart metering and smart grid applications and presents performance results of our TLS implementation. Our analysis shows that given an appropriate implementation and configuration, deploying TLS in constrained smart metering systems is possible with acceptable overhead.
The Bluetooth community is in the process to develop mesh technology. This is highly promising as Bluetooth is widely available in Smart Phones and Tablet PCs, allowing an easy access to the Internet of Things. In this paper work, we investigate the performance of Bluetooth enabled mesh networking that we performed to identify the strengths and weaknesses. A demonstrator for this protocol has been implemented by using the Fruity Mesh protocol implementation. Extensive test cases have been executed to measure the performance, the reliability, the power consumption and the delay. For this, an Automated Physical Testbed (APTB), which emulates the physical channels has been used. The results of these measurements are considered useful for the real implementation of Bluetooth; not only for home and building automation, but also for industrial automation.
The paper describes the methodology and experimental results for revealing similarities in thermal dependencies of biases of accelerometers and gyroscopes from 250 inertial MEMS chips (MPU-9250). Temperature profiles were measured on an experimental setup with a Peltier element for temperature control. Classification of temperature curves was carried out with machine learning approach.
A perfect sensor should not have thermal dependency at all. Thus, only sensors inside the clusters with smaller dependency (smaller total temperature slopes) might be pre-selected for production of high accuracy inertial navigation modules. It was found that no unified thermal profile (“family” curve) exists for all sensors in a production batch. However, obviously, sensors might be grouped according to their parameters. Therefore, the temperature compensation profiles might be regressed for each group. 12 slope coefficients on 5 degrees temperature intervals from 0°C to +60°C were used as the features for the k-means++ clustering algorithm.
The minimum number of clusters for all sensors to be well separated from each other by bias thermal profiles in our case is 6. It was found by applying the elbow method. For each cluster a regression curve can be obtained.
6LoWPAN (IPv6 over Low Power Wireless Personal Area Networks) is gaining more and more attraction for the seamless connectivity of embedded devices for the Internet of Things. It can be observed that most of the available solutions are following an open source approach, which significantly leads to a fast development of technologies and of markets. Although the currently available implementations are in a pretty good shape, all of them come with some significant drawbacks. It was therefore decided to start the development of an own implementation, which takes the advantages from the existing solutions, but tries to avoid the drawbacks. This paper discussed the reasoning behind this decision, describes the implementation and its characteristics, as well as the testing results. The given implementation is available as open-source project under [15].
The application of leaky feeder (radiating) cables is a common solution for the implementation of reliable radio communication in huge industrial buildings, tunnels and mining environment. This paper explores the possibilities of leaky feeders for 1D and 2D localization in wireless systems based on time of flight chirp spread spectrum technologies. The main focus of this paper is to present and analyse the results of time of flight and received signal strength measurements with leaky feeders in indoor and outdoor conditions. The authors carried out experiments to compare ranging accuracy and radio coverage area for a point-like monopole antenna and for a leaky feeder acting as a distributed antenna. In all experiments RealTrac equipment based on nanoLOC radio standard was used. The estimation of the most probable path of a chirp signal going through a leaky feeder was calculated using the ray tracing approach. The typical non-line-of-sight errors profiles are presented. The results show the possibility to use radiating cables in real time location technologies based on time-of-flight method.
In this work, we consider a duty-cycled wireless sensor network with the assumption that the on/off schedules are uncoordinated. In such networks, as all nodes may not be awake during the transmission of time synchronization messages, nodes will require to re-transmit the synchronization messages. Ideally a node should re-transmit for the maximum sleep duration to ensure that all nodes are synchronized. However, such a proposition will immensely increase the energy consumption of the nodes. Such a situation demands that there is an upper bound of the number of retransmissions. We refer to the time a node spends in re-transmission of the control message as broadcast duration. We ask the question, what should be the broadcast duration to ensure that a certain percentage of the available nodes are synchronized. The problem to estimate the broadcast duration is formulated so as to capture the probability threshold of the nodes being synchronized. Results show the proposed analytical model can predict the broadcast duration with a given lower error margin under real world conditions, thus demonstrating the efficiency of our solution.
Die immer weitreichenderen Anwendungen des Smart Metering und des Smart Grid stellen immer höhere Anforderungen an Kommunikationstechnologien, die die Zielkonflikte aus Echtzeitfähige, Stabilität, Kosten und Energieeffizienz möglichst anwendungsoptimiert und auf einem immer höheren Niveau lösen. Insbesondere im Bereich der so genannten Primärkommunikation zwischen einem Sensor- oder Aktorknoten und einem Datensammler mit Gatewayfunktionalität konnten in den vergangenen Jahren wesentliche Fortschritte erzielt werden. Zu nennen sind hierbei insbesondere die Aktivitäten der ZigBee Alliance rund um den offenen Spezifikationsprozess des ZigBee Smart Energy Profiles (SEP) und der OMS-Gruppe beim ZVEI, die auf dem Wireless M-Bus nach EN13757-4 aufbauen, der sich seinerseits lebhaft und zielgerichtet weiter entwickelt. Der Beitrag diskutiert die vorhandenen Einschränkungen und die verfügbaren Lösungsansätze. Er illustriert diese anhand einiger öffentlich geförderter Projekte, an denen das Team des Autors beteiligt ist.
In dem Maße, in dem sich die industrielle Automatisierung verändert, verändern sich auch die Anforderungen an die Sicherheit. Neben der funktionalen Sicherheit rückt dabei immer mehr die Datensicherheit in den Mittelpunkt. Als „best practice“ bietet es sich an, bewährte Sicherungstechniken aus der IT auch in der industriellen Kommunikation einzusetzen.
This paper presents the elements and the results from the European research project inCASA (Integrated Network for Completely Assisted Senior Citizen’s Autonomy), which designed and implemented a seamless integration of heterogeneous systems and network protocols for regionally distributed telecare and telehealth applications. The integration includes a multitude of physical interface, the transcoding of data models using embedded middleware, and a backend system with open interfaces. The implementation was verified in field tests in five European countries.
Immer mehr Anwendungen der Heim- und der Gebäudeautomatisierung werden vernetzt, weil damit erweiterte Funktionen ermöglicht oder Kosten gespart werden können. Dabei führt eine Reihe von Aspekten zu einem erhöhten Risiko für diese vernetzten Systeme. Gegenwärtig arbeiten verschiedene Gruppen an Sicherheitslösungen für die vernetzte Heim- und Gebäudeautomatisierung. Der Beitrag gibt einen Überblick über diese Aktivitäten und zeigt die wesentlichen Entwicklungsrichtungen auf.
Während neue Komponenten für „Short Range Wireless Networks“ längere Zeit eher moderate technische Fortschritte gebracht haben, sind in jüngerer Zeit einige außerordentlich interessante strategische Entwicklungslinien deutlich geworden, die in diesem Beitrag an Hand von konkreten Produktbeispielen vorgestellt werden.
Home Care Applications and Ambient Assisted Living become increasingly attractive. This is caused as well by market pull, as the number of elderly people grows monotonously, as well as by technology push, as technological advances and attractive products pave the way to economically advantageous offerings. However, in real-life applications, a significant number of challenges remain. Those include seamless communication between products from different supplier, due to the lack of sufficiently standardized solutions, energy budgets, and scalability of solutions. This paper presents the experience from the InCASA project (Integrated Network for Completely Assisted Senior Citizen's Autonomy), where architectures for heterogeneous physical and logical communication flows are examined.
The communication technologies for automatic meter reading (smart metering) and for energy production and distribution networks (smart grid) have the potential to be one of the first really highly scaled machine-to-machine-M2M-applications. During the last years, two very promising developments around the wireless part of the smart grid communication were initialized, which possibly could have an impact on the network architectures and the markets far beyond Germany and far beyond energy automation. Besides the specification of the OMS Group of a security extension to the Wireless M-Bus protocol (EN13757-4), the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) has designed a Protection Profile (PP) and a Technical Directive (TR) for the communication unit of an intelligent measurement system (Smart Meter Gateway), which were released in March 2013. This design uses state of the art technologies and prescribes their implementation in real-life systems. At first, the proposed paper will present the most important characteristics of this architecture. It will then give an insight into the implementation of the OMS security protocols, which imply the usage of a mutually authenticated SSL protocol also in the Local Metrological Network. This is achieved with the help of an additional Authentication and Fragmentation Layer (AFL). This secure communication will be terminated in a BSI conformant secure smart meter gateway, which is developed in a different project and described in the second step. Finally, the contribution will discuss the integration of such a metering network into an overall telecommunication network and PKI infrastructure.
The communication technologies for automatic me-ter reading (smart metering) and for energy production and distribution networks (smart grid) have the potential to be one of the first really highly scaled machine-to-machine-(M2M)-applications. During the last years two very promising devel-opments around the wireless part of smart grid communication were initialized, which possibly have an impact on the markets far beyond Europe and far beyond energy automation. Besides the specifications of the Open Metering System (OMS) Group, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) has designed a protection profile (PP) and a technical directive (TR) for the communication unit of an intelligent measurement sys-tem (smart meter gateway), which were released in March 2013. This design uses state-of-the-art technologies and prescribes their implementation in real-life systems. At first sight the expenditures for the prescribed solutions seem to be significant. But in the long run, this path is inevitable and comes with strategic advantages.
Automatic Meter Reading (AMR) is a major enabler for the upcoming smart grid. Potentially, it will be one of the first really large-scale M2M-communication solutions for sensor applications.
To date, the definition of the standardized communication stacks for Local Metrological Network (LMN) in AMR is still ongoing. This holds true both for ZigBee Smart Energy Profile and for Wireless M-Bus according to EN 13757. During this process, there is the necessity for flexible, albeit optimized solutions, which support the different existing and upcoming versions of the communication protocols. In the case of Wireless M-Bus, the major contender for European and possibly Asian installations, this is valid not only for the different operation modes (C-, N-, P-, Q-, R-, S-, and T-modes), which work in different frequencies (i.e. 868 MHz, 433 MHz, and 169 MHz) but also for the application layer, where additional bodies, like EN137575, Open Metering System (OMS) Group, or national bodies follow their approaches.
This contribution describes requirements, design techniques and experiences from the development of highly efficient Wireless M-Bus protocol stacks with support of good flexibility and portability between microcontroller platforms and RF-transceivers. The presented approach is not limited to the use of modern software engineering design processes, as such, but also includes essential additional features like testing or simulation, as well as tools for commissioning and monitoring.
Die Energiewende ist ein elementares Thema, für Deutschland wie auch für viele andere Regionen weltweit. Bei der Bereitstellung effizienter und stabiler Verteilnetze stellen Kommunikationslösungen einen zentralen Baustein dar, um auf der Grundlage eines zeitnahen Monitorings koordinierte Regelalgorithmen zu realisieren. Dies gilt für alle Ebenen der Versorgung, wobei aus Sicht der Kommunikationstechnik die unterste Ebene der Verteilnetze am interessantesten ist: Hier sind die anspruchsvollsten Anforderungen im Hinblick auf die Kosten- und die Energieoptimierung der Kommunikationsknoten sowie die Administrierbarkeit, die Stabilität und die Skalierbarkeit der Gesamtlösung zu berücksichtigen. Das Steinbeis-Transferzentrum Embedded Design und Networking an der Hochschule Offenburg unter der Leitung von Prof. Dr.-Ing. Axel Sikora hat in verschiedenen Projekten mit renommierten Partnern umfangreiche Lösungen für diese sogenannte Primärkommunikation entwickelt.
Die Kommunikationstechnik für die Zählerfernauslesung (Smart Metering) und für die Energieerzeugungs- und -verteilnetze (Smart Grid) hat das Potenzial, zu einer der ersten hoch skalierten M2M-Anwendungen zu werden. In den vergangenen Jahren konnten zwei vielversprechende Entwicklungen im Umfeld der drahtlosen Kommunikation für die Smart-Grid-Kommunikation vorbereitet werden, die das Marktgeschehen über Deutschland und über die Versorgungstechnik hinaus beeinflussen könnten. Neben der Spezifikation der OMS-Gruppe ist die Erarbeitung eines Schutzprofils (Protection Profile, PP) sowie einer Technischen Richtlinie (TR) für die Kommunikationseinheit eines intelligenten Messsystems (Smart Meter Gateway) durch das Bundesamt für Sicherheit in der Informationstechnik (BSI) zu nennen. Diese greifen, wie der Beitrag beschreibt, den Stand der Technik auf und geben praxisorientierte Umsetzungen vor.
The Internet of Things (IoT), ubiquitous computing and ubiquitous connectivity, Cyber Physical Systems (CPS), ambient intelligence, Machine-to-Machine communication (M2M) or Car-to-Car (C2C)-communication, smart metering, smart grid, telematics, telecare, telehealth – there are many buzzwords around current developments related to the Internet.
This contribution gives an overview on such IoT-applications, as they are already used today to improve the availability of information, increase efficiency, push system limits and extend the value chain. At a closer look, the economic and technical development can be separated into different phases. It is interesting that we are currently at the threshold to a new phase, with decentralized and cooperative communication and control nodes as cornerstones. Thus, embedded systems and their connectivity are in the middle of the scene.
This recent development is described along with some example projects from the author’s team which are used in industrial automation, energy supply and distribution (home automation and smart metering), traffic engineering (cooperative driver assistance systems), and in telehealth and telecare.
Due to climate change and scarcity of water reservoirs, monitoring and control of irrigation systems is now becoming a major focal area for researchers in Cyber-Physical Systems (CPS). Wireless Sensor Networks (WSNs) are rapidly finding their way in the field of irrigation and play the key role as data gathering technology in the domain of IoT and CPS. They are efficient for reliable monitoring, giving farmers an edge to take precautionary measures. However, designing an energy-efficient WSN system requires a cross-layer effort and energy-aware routing protocols play a vital role in the overall energy optimization of a WSN. In this paper, we propose a new hierarchical routing protocol suitable for large area environmental monitoring such as large-scale irrigation network existing in the Punjab province of Pakistan. The proposed protocol resolves the issues faced by traditional multi-hop routing protocols such as LEACH, M-LEACH and I-LEACH, and enhances the lifespan of each WSN node that results in an increased lifespan of the whole network. We used the open-source NS3 simulator for simulation purposes and results indicate that our proposed modifications result in an average 27.8% increase in lifespan of the overall WSN when compared to the existing protocols.
Climate change and resultant scarcity of water are becoming major challenges for countries around the world. With the advent of Wireless Sensor Networks (WSN) in the last decade and a relatively new concept of Internet of Things (IoT), embedded systems developers are now working on designing control and automation systems that are lower in cost and more sustainable than the existing telemetry systems for monitoring. The Indus river basin in Pakistan has one of the world's largest irrigation systems and it is extremely challenging to design a low-cost embedded system for monitoring and control of waterways that can last for decades. In this paper, we present a hardware design and performance evaluation of a smart water metering solution that is IEEE 802.15.4-compliant. The results show that our hardware design is as powerful as the reference design, but allows for additional flexibility both in hardware and in firmware. The indigenously designed solution has a power added efficiency (PAE) of 24.7% that is expected to last for 351 and 814 days for nodes with and without a power amplifier (PA). Similarly, the results show that a broadband communication (434 MHz) over more than 3km can be supported, which is an important stepping stone for designing a complete coverage solution of large-scale waterways.
In the field of smart metering it can be observed that standardized protocol, like Wireless M-Bus or ZigBee, enjoy a rapidly increasing popularity. For the protocol implementations, however, up to now, mostly legacy engineering processes and technologies are used, and modern approaches such as model driven design processes or open software platform are disregarded. Therefore, within the WiMBex project, it shall be demonstrated that it is possible to develop a commercial class Wireless M-Bus implementation following state-of-the art design process and using TinyOS as an open source platform. This contribution describes the overall approach of the project, as well as the state and the first experiences of the current work in progress.
Institute of Reliable Embedded Systems and Communication Electronics, Offenburg University of Applied Sciences, Germany has developed an automated testing environment, Automated Physical TestBeds (APTB), for analyzing the performance of wireless systems and its supporting protocols. Wireless physical networking nodes can connect to this APTB and the antenna output of this attaches with the RF waveguides. To model the RF environment this RF waveguides then establish wired connection among RF elements like splitters, attenuators and switches. In such kind of set up it’s well possible to vary the path characteristics by altering the attenuators and switches. The major advantage of using APTB is the possibility of isolated, well controlled, repeatable test environment in various conditions to run statistical analysis and even to execute regression tests. This paper provides an overview of the design and implementation of APTB, demonstrates its ability to automate test cases, and its efficiency.
The IEEE 1588 precision time protocol (PTP) is a time synchronization protocol with sub-microsecond precision primarily designed for wired networks. In this letter, we propose wireless precision time protocol (WPTP) as an extension to PTP for multi-hop wireless networks. WPTP significantly reduces the convergence time and the number of packets required for synchronization without compromising on the synchronization accuracy.
Energy and environment continue to be major issues of human mankind. This holds true on the regional, the national, and the global level. And it is one of the problems, where engineers and scientists in conjunction with political will and people's awareness, can find new approaches and solutions to save the natural resources and to make their use more efficient.
The communication between objects, i.e. between cars (car-2-car, C2C), between cars and infrastructure (car-2-infrastructure, C2I) and between cars and vulnerable road users (car-2-VRU, C2VRU) is a major stepping stone towards traffic applications to enable efficient and safe traffic flow. However, these applications pose very high requirements to the communication protocols, which go beyond the capabilities of an available standardized solution.
This contribution shows how iterative design processes can help to fulfill these requirements, while re-using a maximum of elements from one level to the next and thus avoiding unrealistic overhead. In especially, the added value of simulation and emulation in this iterative process is elaborated.
The paper describes the hardware and software architecture of the developed multi MEMS sensor prototype module, consisting of ARM Cortex M4 STM32F446 microcontroller unit, five 9-axis inertial measurement units MPU9255 (3D accelerometer, 3D gyroscope, 3D magnetometer and temperature sensor) and a BMP280 barometer. The module is also equipped with WiFi wireless interface (Espressif ESP8266 chip). The module is constructed in the form of a truncated pyramid. Inertial sensors are mounted on a special basement at different angles to each other to eliminate hardware sensors drifts and to provide the capability for self-calibration. The module fuses information obtained from all types of inertial sensors (acceleration, rotation rate, magnetic field and air pressure) in order to calculate orientation and trajectory. It might be used as an Inertial Measurement Unit, Vertical Reference Unit or Attitude and Heading Reference System.
A highly scalable IEEE802.11p communication and localization subsystem for autonomous urban driving
(2013)
The IEEE802.11p standard describes a protocol for car-to-X and mainly for car-to-car-communication. It has found its place in hardware and firmware implementations and is currently tested in various field tests. In the research project Ko-TAG, which is part of the research initiative Ko-FAS, cooperative sensor technology is developed for the support of highly autonomous driving. A secondary radar principle based on communication signals enables localization of objects with simultaneous data transmission. It mainly concentrates on the detection of pedestrians and other vulnerable road users (VRU), but also supports pre crash safety applications. Thus it is mainly targeted for the support of traffic safety applications in intra-urban scenarios. This contribution describes the Ko-TAG part of the overall initiative, which develops a subsystem to improve the real-time characteristics of IEEE802.11p needed for precise time of flight real-time localization. In doing this, it still fits into the regulatory schemes. It discusses the approach for definition and verification of the protocol design, while maintaining the close coexistence with existing IEEE802.11p subsystems. System simulations were performed and hardware was implemented. Test results are shown in the last part of the paper.
The IEEE802.11p standard describes a protocol for car-to-X and mainly for car-to-car-communication. It has found its place in hardware and firmware implementations and is currently tested in various field tests. In the research project Ko-TAG, which is part of the research initiative Ko-FAS, cooperative sensor technology is developed and its benefit for traffic safety applications is evaluated. A secondary radar principle based on communication signals enables localization of objects with simultaneous data transmission. It mainly concentrates on the detection of pedestrians and other vulnerable road users (VRU), but also supports pre crash safety applications. The Ko-TAG proposal enriches the current IEEE802.11p real-time characteristics needed for precise time-of-flight real-time localization. This contribution describes the development of a subsystem, which extends the functionality of IEEE802.11p and fits into the regulatory schemes. It discusses the approach for definition and verification of the protocol design, while maintaining the close coexistence with existing IEEE802.11p subsystems. System simulations were performed and hardware was implemented. The next step will be field measurements to verify the simulation results.
Automated RF Emulator for a Highly Scalable IEEE802.11p Communication and Localization Subsystem
(2014)
The IEEE802.11p standard describes a protocol for car-to-X and mainly for car-to-car-communication. In the research project Ko-TAG, which is part of the research initiative Ko-FAS, cooperative sensor technology is developed for the support of highly autonomous driving. The Ko-TAG subsystem improves the real-time characteristics of IEEE802.11p needed for precise time of flight real-time localization while still fitting into the regulatory schemes. A secondary radar principle based on communication signals enables localization of objects with simultaneous data transmission. The Ko-TAG subsystem mainly concentrates on the support of traffic safety applications in intra-urban scenarios. This paper details on the development of a fully automated RF emulator used to test the Ko-TAG subsystem.
The RF emulator includes the physical networking nodes, but models the RF environment using RF-waveguides. The RF emulator allows the controlling of path loss and connectivity between any of the nodes with the help of RF attenuators and programmable RF switches, while it is shielded against its surrounding RF environment in the lab. Therefore it is an inexpensive alternative to an RF absorber chamber, which often is not available or exceeds the project’s budget.
Details about the system definition can be found in earlier papers. Test results are shown in the last part of the paper.
Automatisierte Tests für ein IEEE802.11p-kompatibles Kommunikations- und Lokalisierungssubsystem
(2014)
A novel approach of a testbed for embedded networking nodes has been conceptualized and implemented. It is based on the use of virtual nodes in a PC environment, where each node executes the original embedded code. Different nodes are running in parallel and are connected via so-called virtual interfaces. The presented approach is very efficient and allows a simple description of test cases without the need of a network simulator. Furthermore, it speeds up the process of developing new features.
A novel approach of a test environment for embedded networking nodes has been conceptualized and implemented. Its basis is the use of virtual nodes in a PC environment, where each node executes the original embedded code. Different nodes run in parallel, connected via so-called virtual channels. The environment allows to modifying the behavior of the virtual channels as well as the overall topology during runtime to virtualize real-life networking scenarios. The presented approach is very efficient and allows a simple description of test cases without the need of a network simulator. Furthermore, it speeds up the process of developing new features as well as it supports the identification of bugs in wireless communication stacks. In combination with powerful test execution systems, it is possible to create a continuous development and integration flow.
The low cost and small size of MEMS inertial sensors allows their combination into a multi sensor module in order to improve performance. However the different linear accelerations measured on different places on a rotating rigid body have to be considered for the proper fusion of the measurements. The errors in measurement of MEMS inertial sensors include deterministic imperfection, but also random noise. The gain in accuracy of using multiple sensors depends strongly on the correlation between these errors from the different sensors. Although for sensor fusion it usually assumed that the measurement errors of different sensors are uncorrelated, estimation theory shows that for the combination of the same type of sensors actually a negative correlation will be more beneficial. Therefore we describe some important and often neglected considerations for the combination of several sensors and also present some preliminary results with regard to the correlation of measurements from a simple multi sensor setup.
The increasing number of transistors being clocked at high frequencies of modern microprocessors lead to an increasing power consumption, which calls for an active dynamic thermal management. In a research project a system environment has been developed, which includes thermal modeling of the microprocessor in the board system, a software environment to control the characteristics of the system’s timing behavior, and a modified Linux scheduler, which is enhanced with a prediction controller. Measurement results are shown for this development for a Freescale i.MX6Q quad-core microprocessor.
eTPL: An Enhanced Version of the TLS Presentation Language Suitable for Automated Parser Generation
(2017)
The specification of the Transport Layer Security (TLS) protocol defines its own presentation language used for the purpose of semi-formally describing the structure and on-the-wire format of TLS protocol messages. This TLS Presentation Language (TPL) is more expressive and concise than natural language or tabular descriptions, but as a result of its limited objective has a number of deficiencies. We present eTPL, an enhanced version of TPL that improves its expressiveness, flexibility, and applicability to non-TLS scenarios. We first define a generic model that describes the parsing of binary data. Based on this, we propose language constructs for TPL that capture important information which would otherwise have to be picked manually from informal protocol descriptions. Finally, we briefly introduce our software tool etpl-tool which reads eTPL definitions and automatically generates corresponding message parsers in C++. We see our work as a contribution supporting sniffing, debugging, and rapid-prototyping of wired and wireless communication systems.
Efficient, low-cost, secure and reliable communication solutions are a major stepping stone for smart metering and smart grid applications. This especially holds true for the so called primary communication or local metrological network (LMN) between a local meter or actuator and a data collector or gateway, where the highest requirements with regard to cost, bandwidth, and energy efficiency have to be taken into consideration. Multiple developments and field tests are going on in this field, however, energy autarkic devices are hardly found, yet.
Efficient, secure and reliable communication is a major precondition for powerful applications in smart metering and smart grid. This especially holds true for the so called primary communication in the Local Metrological Network (LMN) between meter and data collector, as the LMN comes with the most stringent requirements with regard to cost, range, as well as bandwidth and energy efficiency. Until today, LMN field tests are operated all over the world. In these installations, however, energy autarkic systems play a marginal role. This contribution describes the results of the framework 7 (FP 7) WiMBex project (“Remote wireless water meter reading solution based on the EN 13757 standard, providing high autonomy, interoperability and range”). In this project an energy autarkic water meter was developed and tested, which follows the specification of the Wireless M-Bus protocol (EN 13757). The complete system development covers the PCB with the RF transceiver and the microcontroller, the energy converter and storage, and the software with the protocol. This contribution especially concentrates on the design, the development and the verification of the routing protocol. The routing protocol is based on the Q mode of EN13757-5 (Wireless M-Bus) and was extended by an additional energy state related parameter. This extension is orthogonal to the existing protocol and considers both the charge level and the charge characteristics (rate of occurrences, intensity). The software was implemented in NesC under the operating system TinyOS. The system was verified in an automated test bed and in field tests in UK and Ireland.
Efficient, low-cost, secure and reliable communication solutions are a major stepping stone for smart metering and smart grid applications. This especially holds true for the so called primary communication or local metrological network (LMN) between a local meter or actuator and a data collector or gateway, where the highest requirements with regard to cost, bandwidth, and energy efficiency have to be taken into consideration. Multiple developments and field tests are going on in this field, however, energy autarkic devices are hardly found, yet. This contribution describes the development of an automatic water meter reading (AWMR) technology based on Wireless M-Bus to provide water utility companies with an automatic remote water meter reading solution. It addresses the special needs of home utilities by providing a remote metering solution independent from the electricity infrastructure, both in terms of data communication and in terms of power supply. For this project, a cost efficient integrated energy harvesting system powered by the available water flow was developed, to enable operation independently of the mains grid, and eliminate the need for battery replacement for near-zero maintenance costs.
Bluetooth Low Energy extends the Bluetooth standard in version 4.0 for ultra-low energy applications through the extensive usage of low-power sleeping periods, which inherently difficult in frequency hopping technologies. This paper gives an introduction into the specifics of the Bluetooth Low Energy protocol, shows a sample implementation, where an embedded device is controlled by an Android smart phone, and shows the results of timing and current consumption measurements.
Due to its numerous application fields and benefits, virtualization has become an interesting and attractive topic in computer and mobile systems, as it promises advantages for security and cost efficiency. However, it may bring additional performance overhead. Recently, CPU virtualization has become more popular for embedded platforms, where the performance overhead is especially critical. In this article, we present the measurements of the performance overhead of the two hypervisors Xen and Jailhouse on ARM processors in the context of the heavy load “Cpuburn-a8” application and compare it to a native Linux system running on ARM processors.
There is an increasing demand by an ever-growing number of mobile customers for transfer of rich media content. This requires very high bandwidth which either cannot be provided by the current cellular systems or puts pressure on the wireless networks, affecting customer service quality. This study introduces COARSE – a novel cluster-based quality-oriented adaptive radio resource allocation scheme, which dynamically and adaptively manages the radio resources in a cluster-based two-hop multi-cellular network, having a frequency reuse of one. COARSE is a cross-layer approach across physical layer, link layer and the application layer. COARSE gathers data delivery-related information from both physical and link layers and uses it to adjust bandwidth resources among the video streaming end-users. Extensive analysis and simulations show that COARSE enables a controlled trade-off between the physical layer data rate per user and the number of users communicating using a given resource. Significantly, COARSE provides 25–75% improvement in the computed user-perceived video quality compared with that obtained from an equivalent single-hop network.
The Datagram Transport Layer Security (DTLS) protocol has been designed to provide end-to-end security over unreliable communication links. Where its connection establishment is concerned, DTLS copes with potential loss of protocol messages by implementing its own loss detection and retransmission scheme. However, the default scheme turns out to be suboptimal for links with high transmission error rates and low data rates, such as wireless links in electromagnetically harsh industrial environments. Therefore, in this paper, as a first step we provide an analysis of the standard DTLS handshake's performance under such adverse transmission conditions. Our studies are based on simulations that model message loss as the result of bit transmission errors. We consider several handshake variants, including endpoint authentication via pre-shared keys or certificates. As a second step, we propose and evaluate modifications to the way message loss is dealt with during the handshake, making DTLS deployable in situations which are prohibitive for default DTLS.
Security in IT systems, particularly in embedded devices like Cyber Physical Systems (CPSs), has become an important matter of concern as it is the prerequisite for ensuring privacy and safety. Among a multitude of existing security measures, the Transport Layer Security (TLS) protocol family offers mature and standardized means for establishing secure communication channels over insecure transport media. In the context of classical IT infrastructure, its security with regard to protocol and implementation attacks has been subject to extensive research. As TLS protocols find their way into embedded environments, we consider the security and robustness of implementations of these protocols specifically in the light of the peculiarities of embedded systems. We present an approach for systematically checking the security and robustness of such implementations using fuzzing techniques and differential testing. In spite of its origin in testing TLS implementations we expect our approach to likewise be applicable to implementations of other cryptographic protocols with moderate efforts.
The Transport Layer Security (TLS) protocol is a cornerstone of secure network communication, not only for online banking, e-commerce, and social media, but also for industrial communication and cyber-physical systems. Unfortunately, implementing TLS correctly is very challenging, as becomes evident by considering the high frequency of bugfixes filed for many TLS implementations. Given the high significance of TLS, advancing the quality of implementations is a sustained pursuit. We strive to support these efforts by presenting a novel, response-distribution guided fuzzing algorithm for differential testing of black-box TLS implementations. Our algorithm generates highly diverse and mostly-valid TLS stimulation messages, which evoke more behavioral discrepancies in TLS server implementations than other algorithms. We evaluate our algorithm using 37 different TLS implementations and discuss―by means of a case study―how the resulting data allows to assess and improve not only implementations of TLS but also to identify underspecified corner cases. We introduce suspiciousness as a per-implementation metric of anomalous implementation behavior and find that more recent or bug-fixed implementations tend to have a lower suspiciousness score. Our contribution is complementary to existing tools and approaches in the area, and can help reveal implementation flaws and avoid regression. While being presented for TLS, we expect our algorithm's guidance scheme to be applicable and useful also in other contexts. Source code and data is made available for fellow researchers in order to stimulate discussions and invite others to benefit from and advance our work.
Exploiting Dissent: Towards Fuzzing-based Differential Black Box Testing of TLS Implementations
(2017)
The Transport Layer Security (TLS) protocol is one of the most widely used security protocols on the internet. Yet do implementations of TLS keep on suffering from bugs and security vulnerabilities. In large part is this due to the protocol's complexity which makes implementing and testing TLS notoriously difficult. In this paper, we present our work on using differential testing as effective means to detect issues in black-box implementations of the TLS handshake protocol. We introduce a novel fuzzing algorithm for generating large and diverse corpuses of mostly-valid TLS handshake messages. Stimulating TLS servers when expecting a ClientHello message, we find messages generated with our algorithm to induce more response discrepancies and to achieve a higher code coverage than those generated with American Fuzzy Lop, TLS-Attacker, or NEZHA. In particular, we apply our approach to OpenssL, BoringSSL, WolfSSL, mbedTLS, and MatrixSSL, and find several real implementation bugs; among them a serious vulnerability in MatrixSSL 3.8.4. Besides do our findings point to imprecision in the TLS specification. We see our approach as present in this paper as the first step towards fully interactive differential testing of black-box TLS protocol implementations. Our software tools are publicly available as open source projects.