Recall: Private Key Cryptography CS162 • Private Key (Symmetric) Encryption: – Single key used for both encryption and decryption Operating Systems and • Plaintext: Unencrypted Version of message Systems Programming • Ciphertext: Encrypted Version of message Lecture 25 Plaintext Plaintext Encrypt Decrypt A Touch more Security and Insecure Quantum Computing + IoT Transmission SPY (ciphertext) CIA Key Key December 7th, 2015 • Important properties – Can’t derive plain text from ciphertext (decode) without Prof. John Kubiatowicz access to key http://cs162.eecs.Berkeley.edu – Can’t derive key from plain text and ciphertext – As long as password stays secret, get both secrecy and authentication • Symmetric Key Algorithms: DES, Triple-DES, AES
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.2
Recall: Public Key Encryption Details Non-Repudiation: RSA Crypto & Signatures • Idea: K can be made public, keep K private public private • Suppose Alice has published public key KE Insecure Channel • If she wishes to prove who she is, she can send a message x encrypted with her private key KD (i.e., Bpublic Bprivate Aprivate Apublic she sends E(x, KD)) – Anyone knowing Alice’s public key KE can recover x, verify that Alice must have sent the message Alice Insecure Channel Bob » It provides a signature • Gives message privacy (restricted receiver): – Alice can’t deny it non-repudiation – Public keys (secure destination points) can be acquired by anyone/used by anyone • Could simply encrypt a hash of the data to sign a – Only person with private key can decrypt message document that you wanted to be in clear text • What about authentication? – Use combination of private and public key • Note that either of these signature techniques work – AliceBob: [(I’m Alice)Aprivate Rest of message]Bpublic perfectly well with any data (not just messages) – Provides restricted sender and receiver – Could sign every datum in a database, for instance • But: how does Alice know that it was Bob who sent her Bpublic? And vice versa… – Need a certificate authority to sign keys! 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.3 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.4 RSA Crypto & Signatures (cont’d) Digital Certificate Authorities
• How do you know KE is Alice’s public key? • Trusted authority (e.g., Verisign) signs binding I will pay between Alice and KE with its private key KVprivate
Bob $500 – C = E({Alice, KE}, KVprivate) – C: digital certificate • Alice: distribute her digital certificate, C
• Anyone: use trusted authority’s KVpublic, to extract Alice’s public key from C
– D(C, KVpublic) = D(E({Alice, KE}, KVprivate), KVpublic) = {Alice, KE}
• Where does someone get KVpublic from? I will pay – Typically compiled into the browser (for instance)! Bob $500 – Can you trust this??
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.5 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.6
Properties of RSA Public Cryptosystems Simple Public Key Authentication
• Requires generating large, random prime numbers • Each side need only to know the other side’s public key – Algorithms exist for quickly finding these (probabilistic!) – No secret key need be shared A • Requires exponentiating very large numbers • A encrypts a nonce (random num.) x B – Again, fairly fast algorithms exist – Avoid replay attacks, e.g., • Overall, much slower than symmetric key crypto attacker impersonating client or – One general strategy: use public key crypto to exchange server a (short) symmetric session key • B proves it can recover x, generates » Use that key then with AES or such second nonce y • How difficult is recovering d, the private key? • A can authenticate itself to B in the same way – Equivalent to finding prime factors of a large number • A and B have shared private secrets Notation: E(m,k) – » Many have tried - believed to be very hard on which to build private key! encrypt message m (= brute force only) with key k – We just did secure key distribution! » (Though quantum computers could do so in polynomial time!) • Many more details to make this work securely in practice!
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.7 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.8 Summary of Our Crypto Toolkit Putting It All Together - HTTPS • If we can securely distribute a key, then • What happens when you click on https://www.amazon.com? – Symmetric ciphers (e.g., AES) offer fast, presumably strong confidentiality • Public key cryptography does away with • https = “Use HTTP over SSL/TLS” (potentially major) problem of secure key – SSL = Secure Socket Layer distribution – TLS = Transport Layer Security – But: not as computationally efficient » Successor to SSL » Often addressed by using public key crypto to – Provides security layer (authentication, encryption) exchange a session key on top of TCP • Digital signature binds the public key to an entity » Fairly transparent to applications • Public Key Pairs can serve as Identities! – Verified by certificate authority – Or distributed by other techniques
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.9 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.10
HTTPS Connection (SSL/TLS) (cont’d) Inside the Server’s Certificate • Browser (client) connects Browser Amazon • Name associated with cert (e.g., Amazon) via TCP to Amazon’s • Amazon’s RSA public key HTTPS server • A bunch of auxiliary info (physical address, type of • Client sends over list of cert, expiration time) crypto protocols it supports • Name of certificate’s signatory (who signed it) • Server picks protocols to • A public-key signature of a hash (SHA-256) of all this use for this session – Constructed using the signatory’s private RSA key, i.e.,
• Server sends over its – Cert = E(HSHA256(KApublic, www.amazon.com, …), KSprivate))
certificate » KApublic: Amazon’s public key • (all of this is in the clear) » KSprivate: signatory (certificate authority) private key • …
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.11 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.12 HTTPS Connection (SSL/TLS) cont’d Administrivia • Midterm 2 grading still continuing Browser Amazon • Browser constructs a random – ETA: very soon. session key K used for data – Have a couple of sub problems still to grade communication – Solutions have been posted – Private key for bulk crypto K • Final Exam • Browser encrypts K using – Friday, December 18th, 2015. Amazon’s public key – 3-6P, Wheeler Auditorium • Browser sends E(K, KA ) public K – All material from the course to server » (excluding option lecture on 12/7) • Browser displays » With slightly more focus on second half, but you are still responsible for all the material • All subsequent comm. encrypted w/ symmetric cipher – Two sheets of notes, both sides (e.g., AES128) using key K – Will need dumb calculator – E.g., client can authenticate using • Targeted review sessions: See posts on Piazza a password – Possibly 3 different sessions focused on parts of course
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.13 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.14
Use Quantum Mechanics to Compute? Quantization: Use of “Spin” • Weird but useful properties of quantum mechanics: North – Quantization: Only certain values or orbits are good » Remember orbitals from chemistry??? – Superposition: Schizophrenic physical elements don’t quite Spin ½ particle: Representation: know whether they are one thing or another (Proton/Electron) |0> or |1> • All existing digital abstractions try to eliminate QM – Transistors/Gates designed with classical behavior – Binary abstraction: a “1” is a “1” and a “0” is a “0” • Quantum Computing: Use of Quantization and Superposition to compute. South • Interesting results: • Particles like Protons have an intrinsic “Spin” – Shor’s algorithm: factors in polynomial time! when defined with respect to an external – Grover’s algorithm: Finds items in unsorted database in time magnetic field proportional to square-root of n. • Quantum effect gives “1” and “0”: – Materials simulation: exponential classically, linear-time QM – Either spin is “UP” or “DOWN” nothing between
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.15 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.16 Now add Superposition! A register can have many values! • The bit can be in a combination of “1” and “0”: • Implications of superposition: – Written as: = C0|0> + C1|1> – An n-bit register can have 2n values simultaneously! – The C’s are complex numbers! – 3-bit example: 2 2 – Important Constraint: |C0| + |C1| =1 = C000|000>+ C001|001>+ C010|010>+ C011|011>+ • If measure bit to see what looks like, C100|100>+ C101|101>+ C110|110>+ C111|111> 2 – With probability |C0| we will find |0> (say “UP”) • Probabilities of measuring all bits are set by 2 coefficients: – With probability |C1| we will find |1> (say “DOWN”) 2 • Is this a real effect? Options: – So, prob of getting |000> is |C000| , etc. – This is just statistical – given a large number of protons, a – Suppose we measure only one bit (first): 2 2 2 2 2 fraction of them (|C0| ) are “UP” and the rest are down. » We get “0” with probability: P0=|C000| +|C001| +|C010| +|C011| Result: = (C000|000>+ C001|001>+ C010|010>+ C011|011>) – This is a real effect, and the proton is really both things 2 2 2 2 until you try to look at it » We get “1” with probability: P1=|C100| +|C101| +|C110| +|C111| Result: = (C100|100>+ C101|101>+ C110|110>+ C111|111>) • Reality: second choice! • Problem: Don’t want environment to measure – There are experiments to prove it! before ready! – Solution: Quantum Error Correction Codes!
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.17 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.18
Spooky action at a distance MEMs-Based Ion Trap Devices • Ion Traps: One of the more promising quantum • Consider the following simple 2-bit state: computer implementation technologies = C00|00>+ C11|11> – Built on Silicon – Called an “EPR” pair for “Einstein, Podolsky, Rosen” » Can bootstrap the vast infrastructure that currently exists • Now, separate the two bits: in the microchip industry – Seems to be on a “Moore’s Law” like scaling curve Light-Years? » 12 bits exist, 30 promised soon, … » Many researchers working on this problem – Some optimistic researchers speculate about room temperature • If we measure one of them, it instantaneously sets other one! – Einstein called this a “spooky action at a distance” • Properties: – In particular, if we measure a |0> at one side, we get a |0> at the other – Has a long-distance Wire (and vice versa) » So-called “ballistic movement” • Teleportation – Can “pre-transport” an EPR pair (say bits X and Y) – Seems to have relatively long decoherence times – Later to transport bit A from one side to the other we: – Seems to have relatively low error rates for: » Perform operation between A and X, yielding two classical bits » Memory, Gates, Movement » Send the two bits to the other side » Use the two bits to operate on Y » Poof! State of bit A appears in place of Y
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.19 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.20 Model: Quantum Computing with Ion Traps Operations on coefficients + measurements • Qubits are atomic ions (e.g. Be+) Input Output – State is stored in hyperfine levels Unitary – Ions suspended in channels between Electrode Control Complex Measure Classical Qubit Ions Transformations electrodes State Answer • Quantum gates performed by lasers (either one or two bit ops) • Basic Computing Paradigm: – Only at certain trap locations – Ions move between laser sites to – Input is a register with superposition of many values perform gates » Possibly all 2n inputs equally probable! • Classical control – Unitary transformations compute on coefficients Electrodes » Must maintain probability property (sum of squares = 1) – Gate (laser) ops Gate Location – Movement (electrode) ops » Looks like doing computation on all 2n inputs simultaneously! • Complex pulse sequences to cause – Output is one result attained by measurement Ions to migrate • Care must be taken to avoid • If do this poorly, just like probabilistic computation: disturbing state – If 2n inputs equally probable, may be 2n outputs equally • Demonstrations in the Lab probable. – NIST, MIT, Michigan, many others – After measure, like picked random input to classical function! – All interesting results have some form of “fourier transform” computation being done in unitary transformation Courtesy of Chuang group, MIT 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.21 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.22
Shor’s Factoring Algorithm Finding r with xr 1 (mod N) • The Security of RSA Public-key cryptosystems depends on the difficulty of factoring a number N=pq k (product of two primes) \ \ \ \ – Classical computer: sub-exponential time factoring k/ 1 / k/ x / k k – Quantum computer: polynomial time factoring r 1 w • Shor’s Factoring Algorithm (for a quantum computer) w y\ \ Easy 1) Choose random x : 2 x N-1. r / x / Easy 2) If gcd(x,N) 1, Bingo! r 1 w 0 y Hard 3) Find smallest integer r : xr 1 (mod N) w\ Easy 4) If r is odd, GOTO 1 Quantum ()x / Easy 5) If r is even, a x r/2 (mod N) (a-1) Fourier w 0 Transform 0 1 k Easy 6) If a N-1(mod N) GOTO 1 (a+1) = kN Easy 7) ELSE gcd(a ±1,N) is a non trivial factor of N. r r r • Finally: Perform measurement – Find out r with high probability – Get |y>|aw’> where y is of form k/r and w’ is related 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.23 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.24 Quantum Computing Architectures Quantum Circuit Model • Why study quantum computing? – Interesting, says something about physics » Failure to build quantum mechanics wrong? – Mathematical Exercise (perfectly good reason) – Hope that it will be practical someday: » Shor’s factoring, Grover’s search, Design of Materials » Quantum Co-processor included in your Laptop? • To be practical, will need to hand quantum computer • Quantum Circuit model – graphical representation design off to classical designers – Time Flows from left to right – Baring Adiabatic algorithms, will probably need 100s to 1000s – Single Wires: persistent Qubits, Double Wires: classical bits (millions?) of working logical Qubits » Qubit – coherent combination of 0 and 1: = |0 + |1 1000s to millions of physical Qubits working together – Universal gate set: Sufficient to form all unitary transformations – Current chips: ~1 billion transistors! • Large number of components is realm of architecture • Example: Syndrome Measurement (for 3-bit code) – Measurement (meter symbol) – What are optimized structures of quantum algorithms when they are mapped to a physical substrate? produces classical bits – Optimization not possible by hand • Quantum CAD » Abstraction of elements to design larger circuits – Circuit expressed as netlist » Lessons of last 30 years of VLSI design: USE CAD – Computer manpulated circuits and implementations 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.25 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.26
Adding Quantum ECC Encoded Correct An Abstraction of Ion Traps T: /8 (T)Not Transversal!SX Ancilla • Basic block abstraction: Simplify Layout Correct T XT Correct Correct Correct in/out ports
n-physical Qubits Correct Correct Correct H per logical Qubit H Computation Syndrome Correct • Quantum State Fragile encode all Qubits Errors – Uses many resources: e.g. 3-level [[7,1,3]] QEC Ancilla straight 3-way 4-way turn gate locations code 343 physical Qubits/logical Qubit)! Correct • Still need to handle operations (fault-tolerantly) – Some set of gates are simply “transversal:” • Evaluation of layout through simulation » Perform identical gate between each physical bit of logical encoding – Others (like T gate for [[7,1,3]] code) cannot be handled transversally – Yields Computation Time and Probability of Success » Can be performed fault-tolerantly by preparing appropriate ancilla • Simple Error Model: Depolarizing Errors • Finally, need to perform periodical error correction – Errors for every Gate Operation and Unit of Waiting – Correct after every(?): Gate, Long distance movement, Long Idle Period – Correction reducing entropy Consumes Ancilla bits – Ballistic Movement Error: Two error Models • Observation: 90% of QEC gates are used for ancilla production 1. Every Hop/Turn has probability of error 70-85% of all gates are used for ancilla production 2. Only Accelerations cause error 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.27 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.28 Example Place and Route Heuristic: Collapsed Dataflow Vision of Quantum Circuit Design • Gate locations placed in dataflow order – Qubits flow left to right – Initial dataflow geometry folded and sorted – Channels routed to reflect dataflow edges • Too many gate locations, collapse dataflow – Using scheduler feedback, identify latency critical edges Classical Control – Merge critical node pairs Schematic Capture QEC Insertion Teleportation Network – Reroute channels (Graphical Entry) Partitioning Layout • Dataflow mapping allows pipelining of computation! OR Network Insertion Error Analysis … Custom Layout and Optimization Scheduling q0 q0 CAD Tool q1 q1 Implementation q2 q2 Quantum Assembly q3 q3 (QASM) 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.29 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.30
Quantum CAD flow Sample Optimization: Reducing QEC Overhead
QEC Insert Correct Input Circuit QEC
Circuit Tolerant Optimization Synthesis Fault Fault-Tolerant Correct Correct Circuit ReSynthesis (ADCR ) optimal (No layout) H Correct Correct Correct H Correct
Teleportation Mapping, Correct Circuit Communication Network Scheduling, Functional Partitioning Partitioned Estimation
Insertion System Classical control • Standard idea: correct after every gate, and long Circuit communication, and long idle time Output Layout – This is the easiest for people to analyze • This technique is suboptimal (at least in some ReMapping Hybrid Fault domains) Error Analysis Analysis Complete Layout – Not every bit has same noise level! P
Most Vulnerable Circuits success • Different idea: identify critical Qubits – Try to identify paths that feed into noisiest output bits ADCR computation – Place correction along these paths to reduce maximum noise 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.31 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.32 Investigating 1024-bit Shor’s Comparison of 1024-bit adders
ADCRoptimal for ADCRoptimal for 1024-bit QRCA and QCLA 1024-bit QCLA
• Full Layout of all Elements • 1024-bit Quantum Adder Architectures – Use of 1024-bit Quantum Adders – Optimized error correction – Ripple-Carry (QRCA) – Ancilla optimization and Custom Network Layout – Carry-Lookahead (QCLA) • Statistics: • Carry-Lookahead is better in all architectures – Unoptimized version: 1.351015 operations – Optimized Version 1000X smaller • QEC Optimization improves ADCR by order of magnitude – QFT is only 1% of total execution time in some circuit configurations
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.33 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.34
1024-bit Shor’s Continued 1997 - The Internet of Every Computer
• Circuits too big to compute Psuccess – Working on this problem • Fastest Circuit: 6108 seconds ~ 19 years • Smallest Circuit: 7659 mm2 – Compare to previous estimate of 0.9 m2 = 9105 mm2
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.35 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.36 2007 - The Internet of Every Body 2017 - The Internet of Everyday Things
Low resolution Sensor, Test4, Increasing frequency
1
0.5
0 Acceleration (g) Acceleration
-0.5
-1
0 2 4 6 8 Time (sec) 10 12 14 16 18
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.37 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.38
Why “Real” Information is so Important Resources in a Smart Space (2011 Corning Glass)
Save Resources • Potential Displays Everywhere – Walls, Tables, Appliances, Smart Phones, Google Glasses…. Improve Productivity • Audio Output Everywhere • Inputs Everywhere – Touch Surfaces Enable New Knowledge – Cameras/ Increase Gesture Tracking Comfort Enhance Safety & Security – Voice Preventing Failures • Context Tracking – Who is Where – What do they want High-Confidence Transport Improve Food & H20 Protect Health – Which Inputs map to which applications
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.39 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.40 A Day Made of Glass ©Corning 2013
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.41 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.42
2014 2013
The Nest makes headlines!
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.43 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.44 2014 2014
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.45 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.46
Broad Technology Trends ‘Low-Tech’ Enabling Technology
Moore’s Law: # transistors Bell’s Law: a new computer Network on cost-effective chip doubles class emerges every 10 years every 18 months Computers Per Person 1:106 Mainframe
Mini 1:103 Workstation PC Laptop 1:1 PDA Cell
Today: 1 million transistors per $ 103:1 years Mote! Same fabrication technology provides CMOS Microcontroller Flash Radio Sensors radios for communication and micro-sensors Storage Communication IEEE 802.15.4 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.47 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.48 Meeting the needs of Sample App #1: Home Control IoT (the Swarm) Cloud Services External Config Personal/Local Network Swarm
Content Smart Temperature The FOG HVAC Control
• Discover and Manage resource Media
• Integrate sensors, portable devices, cloud components Network
• Guarantee responsiveness, real-time behavior, throughput Occupancy • Self-adapt to failure and provide performance predictability History Control Identity Multimedia • Secure, high-performance, durable, available information Detection Personalized • Monetize resources when necessary: micropayments
Cameras Config 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.49 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.50
Sample App #2: Sample App #3: Adaptive Weather Prediction Air Traffic Control History
Local Data Collected Processing Data Local Data Processing Weather History Prediction Local Data Facilities Local Data Processing Processing Local Data Processing History History History
History Local Data Data Data History History Processing Processing Processing
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.51 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.52 Sample App #4: Smart Seminar Room An Application Model Speaker Local Projector Input Channel Sensors Camera/ Real-Time with Components Microphone Transform Aggregation SwarmLet and Archive Array (“The Application”) Distributed RAW RAW Archival • A Swarm Application is a Storage 4K RAWRAW RAW Archiv Connected graph of Components e – Globally distributed, but locality and QoS aware External Consumers – Avoid Stovepipe solutions through reusability AVB/TSN Speaker • Many components are Shared Services written by Network Tracking/ programmers with a variety of skill-sets and motivations Compositing Low BW – Well-defined semantics and a managed software version scheme Archiv – Service Level Agreements (SLA) with micropayments e • Many are “Swarmlets” written by domain programmers
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.53 12/7/15– They care what applicationKubiatowicz CS162 does, ©UCB not Fall how2015 it does it Lec 25.54
The Missing Link? SWARMLETs
• SWARMLET: a software component written by Energy- domain programmer that is easy to write but exhibits Unpad Home efficient sophisticated behavior by exploiting services security/ home Health Apps emergency monitoring distributed within the infrastructure • Swarmlets specify their needs in terms of human- understandable requirements SWARM-OS – Necessary Services, Frame rates, Minimum Bandwidths – Locality, Ownership, and Micropayment parameters for sensors and/or data AtActuators/ t / • Swarmlets may evolve into Shared Services Output Sensors/ Storage Resources devs • Programmers of Services used by Swarmlets think in Input devs Networks terms of contracts provided to Swarmlets Computing SWARM-OS: A mediation layer that discovers resources and connects them with applications 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.55 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.56 What about the “FOG” and “Cloud”? TinyOS – Framework for Innovation New Abstraction: the Cell • Properties of a Cell: Service Level Guarantees – A user-level software component with guaranteed resources Over-the-air Applications and Services Programming – Has full control over resources it owns (“Bare Metal”) – Contains at least one memory protection domain (possibly more) Network – Contains a set of secured channel endpoints to other Cells Protocols Blocks, Scheduling, Streaming Logs, Files Management drivers – Contains a security context which may protect and decrypt Link information Radio Flash MCU, ADC, • When mapped to the hardware, a cell gets: Serial Timers, Sensor – Gang-schedule hardware thread resources (“Harts”) WSN mote platformBus,… I/F – Guaranteed fractions of other physical resources Wireless Storage Processing Sensors » Physical Pages (DRAM), Cache partitions, memory bandwidth, power – Guaranteed fractions of system services Communication Centric • Predictability of performance Resource-Constrained – Ability to model performance vs resources Event-drivenCWSN'11 Execution – Ability for user-level schedulers to better provide QoS
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.57 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.58
Implementing Cells: Space-Time Partitioning Cell Implementation Platform: Tessellation Version 2 • Tessellation Operating System Space – Provides basic Cell Implementation – Build on the Xen Hypervisor Time • Why Xen? – Provides clean starting point for resource containers • Spatial Partition: • Partitioning varies over time – Leverage mature OS (Linux) device support, critical Performance isolation drivers can be isolated in a stub domain – Fine-grained multiplexing and – Each partition receives a guarantee of resources – Framework for developing VM schedulers vector of basic resources » Resources are gang-scheduled – Mini-OS, a lightweight POSIX-compatible Xen guest » A number HW threads OS, is basis for the customizable app runtime • Controlled multiplexing, not » Chunk of physical memory – Support for ARM and x86 uncontrolled virtualization » A portion of shared cache • Unikernels: Software Appliances » A fraction of memory BW • Partitioning adapted to the – Small compiled kernels with only enough components to » Shared fractions of services system’s needs support one application – Every component has its own resource container • Dynamic resource optimization framework 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.59 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.60 Trusted Swarm Platform DataCentric Vision • Hardware resources are a commodity – Computation resource fails? Get another Decrypt Encrypt – Sensor fails? Find another – Change your location? Find new resources Signature, Policy Signature, Policy Version, GUID Version, GUID • All that really matters is the information • External Data Encrypted Distributed Public Key – Integrity, Privacy, Availability, Durability All The Time Infrastructure – Hardware to prevent accidental information leakage • Only decrypted in “Data Jails” (trusted platform) • Permanent state handled by Universal Data – Build in hardware or in software with secure attestation Storage, Distribution, and Archiving – Data leaving cell automatically reencrypted • We need a new Internet for the Internet of • Trusted Platform given keys to do its work Things? – Keys never given out to application software – Communication and Storage are really duals • Built through secure boot mechanisms (i.e. TPM/etc) – Why separate them?
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.61 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.62
The Global Data Plane GDP Secure Log Subscriber Writer: Cloud Services Cloud Services Signed LOG Source of Server Packets LOG Subscriber Replica Server
LOG Replica Random Archival Storage and Random Server Random Reader Optimized Streaming Reader Reader • Locality Optimization/QoS • Single Writer/Append only – Flat 256-bit address space – Owner Key Signs entries – Routes adapted as elements – LOG server rejects bad Aggregate/Filter move entries – Hardware QoS exploited – Tradeoff in granularity, i.e. Personal Universal Tivo – Multicast trees built as needed frequency of signatures • Multiple Cache • Durability Readers/Subscribers – Replicas/Reed-Solomon coding – Random access/push based 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.63 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.64 Simple Log-based Use-case Security of Data in Log
• Two Completely Different uses of Keys: – Each LOG associated with an Owner public key Sensors Data LOG LOG Distillation » This key must be known and protected by writers w/key LOG LOG Service » All data in GDP must be signed Single writer log Service – Each LOG associated with one or more keys for Encryption w/key » The use of encryption keys not mandated by GDP infrastructure Actuator » However, will (shortly) have sample/recommended use cases and LOG (MultiWriter, libraries to support different styles of encryption Aggregator, • Writer has sole control over integrity of data Control) – LOG servers may deny existence of data, but can not forge it • Lightweight Logs One Log per Device – Public key of writer established at LOG creation time • Log Input Secured via Owner Key/Checked by consumer – Next version of GDP will have authentication support • Automatic construction and registration of LOGs • Optional encryption for privacy – New sensors tied into GDP via secure registration process • Timestamps to help ensure freshness – Ultimately, interaction with Control Plane
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.65 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.66
Build DataStores on top of GDP through Composition Example: DataBase CAAPI Client Slave • Common Access APIs (CAAPIs): Support common Client DataBase w/key data access methods such as: w/key Client CAAPI Service – Key/Value Store DataBase DataBase Client w/o key – Object Store/File System Projection CAAPI (RAM) – Data Base (i.e. Google Spanner) Service DataBase Projection w/key DataBase Read/Write LOG • CAPPIs exported by services that consume the LOG Service (RAM) – Much more convenient way to access data (R/W) Replica Read/Write • The LOG is the Ground Truth for data, but data is LOG Service projected into a more convenient form (R/O) LOG – To do Random File access, Indexing, SQL queries, LOG Latest value for given Key, etc Long Distance Communication Replica – Optional Checkpoints stored for quick restart/cloning • CAAPI Service can be taken down, replicated, and restarted • Time-stamp driven transactions (Google Spanner)
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.67 12/7/15• Cloud-based computationKubiatowicz CS162 (Spark) ©UCB Fall 2015 Lec 25.68 The Global Data Plane (Physical View and Status) SwarmBox (HW and SW) [Lutz, Wawrzynek, GDP Log servers can Device Applications Proactive EnvironmentsKubiatowicz] Log Server,Connect to any GDP Router GDP Router • Fanless Industrial Computer SwarmBox th Localization, Identification, Gestures [+Log Server] • Intel 5 Generation i5 GDP Root Cloud Services Processor Swarm Services Context Modeling, Machine Learning GDP discovery GDP Router • IEEE 1588 Ethernet port(s) on local subnet • BLE and WiFi SwarmOS Brokerage, Computation, Hosting, using Zeroconf • Service Proxying, Service GDP GDP 8GB DRAM Client Service • 64GB SSD or 1 TB disk drive Services Launch/Monitor/Teardown, Time Access, GDP Router • USB Device/Service Discovery GDP-aware Clients, Cloud can host GDP clients, SwarmBox Global Data Services, and Devices servers, and routers Communications, Routing, Data Storage [+GDP router] GDP connect to any Plane Local GDP Domain behind Client router. Firewall GDP Routers form network with other GDP routers COTS System Linux, DHCP, Firewall, IP Router (all communication local, exported as to (with public or private IP addresses). Software Container/VM, 802.1AS rest of GDP through GDP interfaces) Initial connection through well-known Root routers. SwarmBox • Current status: deployed infrastructure with substantial functionality Intel NUC, i210 enet, Beagle Bone Black Hardware – GDP router works behind firewalls and preserves locality – Tolerates failure and incremental addition of new routers – Log servers check data signatures and push updates to subscribers • Current status: Version 2 now available – Discovery GDP infrastructure through combination of Zeroconf – Pre-loaded with a variety of Software Components protocol (same as Apple Bonjour) and/or connection with well-known – Management through Docker and Ansible GDP Root Routers – Operating version of the GDP Router and Log Server – Delivery of data through push-based multicast (works across subnets) • Complete list of current boxes available at: – SwarmBox can serve as GDP Router, Log Server, and Client https://www.terraswarm.org/testbeds/wiki/Main/SwarmBoxes 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.69 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.70
Properties of the GDP (Summary) The Revolution • Universal way to address every stream of information – Publish/Subscribe view of information Computers People Everything – Large flat address space (at least 256 bits) 1T – Mechanisms for access control, privacy, and transactions – Streams of data persisted automatically for later access 100B • Location Independence Above network level – Build Swarmlets once and run them anywhere 10B – Migrate or replicate running swarmlets – Locality optimization/QoS handled by underlying system 1B • Common Access APIs (CAAPIs) provide standard Interfaces – Key/Value Store, Data Bases, File Systems 10M • Deep Archival Storage: – Automatic Geographically Distributed Archival Storage 19902000 2010 2020 • One system for sensors and big data
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.71 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.72 The Revolution Good Luck on the Final! • Quantum Computing Computers People Everything – Shor’s Factoring Algorithm: Factor large numbers in 1T $100 polynomial time – Ion Traps provide potential to scale with Moore’s law 100B – Quantum CAD: Optimize limited resources Cost to $1 Connect » Makes particular sense for Quantum Computers! 10B • Internet of Everyday Things 1¢ – Soon – everything connected all the time 1B – Wireless, Wired, FOG and Cloud Things – How to build a useful infrastructure for the future? 10M Connected » Computation everywhere » Global Data Plane: Truly ubiquitous storage 1990 2000 2010 2020 » Applications that span many services and geographical distances
12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.73 12/7/15 Kubiatowicz CS162 ©UCB Fall 2015 Lec 25.74