robustness in wireless sensor networks · david simplot-ryl robustness in wsn setop 2008 key...

David SIMPLOT-RYL Robustness in WSN

SETOP 2008

Robustness in wireless sensor networks

David SIMPLOT-RYL

Centre de recherche INRIA Lille – Nord Europe IRCICA/LIFL, CNRS 8022, Université de Lille 1

http://www.lifl.fr/~simplot [email protected]


SETOP 2008

Outlines

I. Wireless Sensor Networks

II. Activity scheduling and coverage problem

III. Key distribution in wireless sensor networks

IV. Routing with guaranteed delivery


SETOP 2008

RFID Tags

  Smart labels   Radio Frequency Identification Tag   By opposition to bar code which use optical

principles   A stronly limited component:

  500 times smaller than a classical microprocessor

Chip with a size of some mm² RFID Tag

Intel Pentium 4


SETOP 2008

EAS Application

  Electronic Article Surveillance   Once powered, the tag emits   The reader listen channel and activate alarm

as early as transmission is detected   During checkout, the tag is burned out

  Problem: power and hear the tag whatever the tag orientation


SETOP 2008

Applications

  Batch identification   It is the capability to collect information from a set of tags   In opposition to optical identification

Marathon Automatic clocking in

Automatic luggage sorting

Automatic inventory 50 items in less than one second


SETOP 2008

More POPS, smaller POPS…

100µm

Courtesy, Alien Technology

POPS = Portable Objects Proved to be Safe POPS = Petits Objets Portables et Sécurisés


SETOP 2008

The MIT Auto-ID Center Vision of “the internet of things” Co

urte

sy, A

uto-

ID C

ente

r


SETOP 2008

Networking the physical world

RF Tag

Networked Tag Readers

Savant Control System


SETOP 2008

Auto-ID Center classification

Class V tags Readers. Can power other Class I, II and III tags;

Communicate with Classes IV and V.

Class IV tags: Active tags with

broad-band peer-to-peer communication

Class III tags: semi-passive RFID tags

Class II tags: passive tags with additional

functionality

Class 0/Class I: read-only passive tags


SETOP 2008

Benefits of class IV tags

  Decentralized behavior   The request is

broadcasted in the whole network by using multi-hop method

  Similar to sensor networks Complete population

Reader

Monitoring station


SETOP 2008

Sensor Nets for Search and Rescue

Inactive Sensor


SETOP 2008



SETOP 2008


Active Sensor


SETOP 2008

Application

  In the UC Berkeley Botanical Garden, 50 “micromotes” sensors are dangled like earrings from the branches of 3 redwood trees to monitor their growth.


SETOP 2008

Event-driven model


SETOP 2008

On-demand model


SETOP 2008

WASP Project

Wirelessly Accessible Sensor Populations

Philips Research Eindhoven, Philips Forschung Laboratorium, IMEC, CSEM, TU/e, Microsoft Aachen, Health Telematic Network, Fraunhofer IIS, Fokus, IGD, Wageningen UR, Imperial College London, STMicroelectronics, INRIA, Ecole Polytechnique Federale Lausanne, Cefriel, Centro Ricerce Fiat, Malaerdalen University, RWTH Aachen, SAP, Univ of Paderborn


SETOP 2008

SVP Project

Surveiller et Prévenir

CEA, INRIA, Institut Maupertuis, Aphycare, LIP6, M2S, Thales, ANACT


SETOP 2008

Outlines






SETOP 2008

Sensor Networks

=> Nodes periodically turn into sleep or active mode => Need for activity scheduling and self-organization => Connectivity and area coverage must be preserved


SETOP 2008

Sensor Coverage   How well do the sensors observe the physical space

  Sensor deployment: random vs. deterministic   Sensor coverage: point vs. area   Coverage algorithms: centralized, distributed, or localized   Sensing & communication range   Additional requirements: energy-efficiency and connectivity   Objective: maximum network lifetime or minimum number of sensors

  Area (point)-dominating set   A small subset of sensor nodes that covers the monitored area (targets)   Nodes not belonging to this set do not participate in the monitoring –

they sleep   Localized solutions

  With and without neighborhood information


SETOP 2008

Sensor coverage (2)

  Avoid blind points


SETOP 2008

Sensor coverage (3)

  Avoid lost of connectivity


SETOP 2008

Area-dominating set   With neighborhood info [Tian and Geoganas, 2002]

  Each node knows all its neighbors’ positions.   Each node selects a random timeout interval.   At timeout, if a node sees that neighbors who have not yet sent any messages

together cover its area, it transmits a “withdrawal” and goes to sleep   Otherwise, the node remains active but does not transmit any message

  With neighborhood info based on Dai and Wu’s Rule k [Carle and Simplot-Ryl, 2004]   Each node knows either 2- or 3-hop neighborhood topology information   A node u is fully covered by a subset S of its neighbors iff three conditions hold

  The subset S is connected.   Any neighbor of u is a neighbor of S.   All nodes in S have higher priority than u.


SETOP 2008

Wu & Dai dominating sets

  (Simplified version [Carle and Simplot-Ryl 2004])

  Each node has a priority (e.g. its ID)   Variations:

<degree, ID> <battery, degree, ID> <random, battery, degree, ID> …

  A node is not dominant iff   The set of neighbors with higher

priority is connected and covers the neighborhood


SETOP 2008

Connected area dominating sets

[Carle, Simplot-Ryl 2004][Gallais et al. 2006]   We change notion of coverage

  A node u is covered by a subset A of its neighborhood if the monitoring area of u is covered by nodes of A

  Remaining battery is used as priority   Timeout is used to inform transmit priority   Examples:


SETOP 2008

Connected area dominating sets (2)

  We obtain a Connected Area Dominating Set


SETOP 2008

Coverage without neighborhood info

  PEAS: probabilistic approach [F. Ye et al, 2003]   A node sleeps for a while (the period is adjustable) and decides to be

active iff there are no active nodes closer than r’.   When a node is active, it remain active until it fails or runs out of battery.   The probability of full coverage is close to 1 if

where r is the sensing (transmission) range

  No guarantee of coverage or connectivity!


SETOP 2008

Ranges

Monitored Area, noted as S(u)

SR < CR < 2SR Sensing Range, noted as SR

Communication Range, noted as CR

SR = CR 2SR ≤ CR

CR

SR SR SR


SETOP 2008

  Neighbor discovery phase

  Evaluating phase   Back-off scheme: avoid blind point (no neighboring nodes can

simultaneously decide to withdraw)   A node decides to sleep: OFF message sent to one-hop neighbours  Receiving OFF messages during the timeout: corresponding neighbors

are removed from the neighbor table ⇒ At the end of the timeout, decision is made considering

only non-turned-off neighbors

  Connectivity is ensured as long as 2SR ≤ CR

Overview TGJD

Time

Neighbor Discovery phase

Evaluating phase

Sensing phase

One round


SETOP 2008

Carle, Gallais, Simplot-Ryl and Stojmenovic, 2005

(CGSS)

  Evaluating phase   Each node waits during a random timeout   Once timeout ends, a node evaluates its coverage and decides   Advertisement is then sent to one-hop neighbors

  It only contains the position (x,y)

  Any message received during the timeout stands for a new neighbor to be considered

Neighbor Discovery phase

Evaluating phase

Sensing phase

One round

Time


SETOP 2008

  Connectivity is ensured for any SR/CR ratio since full coverage must be provided by a connected set (cf. Dai and Wu)

CGSS: Connectivity and Advertisements

  Which information must be broadcasted?  Positive-only, PO: u broadcasts its position iff it remains active  Positive and negative, PN: u emits whatever the decision is.

SR=CR


SETOP 2008

CGSS: Positive-only (SR=CR)

1 2

3 4

5

6

7

1

3

4

5

6

7

active

empty

?

? 1

1

1

2

active 1

2

2

2active

3

3

?

active

?

4

4?

active

sleep 5

?

?

active


SETOP 2008

CGSS: Positive and Negative

(SR=CR)

1 2

3 4

5

6

7

1

3

4

5

6

7

active

empty

1

1

1

2

active 1

2

2

2active

3

3

active

4

4

active

sleep 5

?

?

sleep

I’m OFF

6


SETOP 2008

CGSS / TGJD: Overview

  Main results:   Similar number of active nodes   Both provide full area coverage

  CGSS:   provides connectivity for nodes with any SR/CR ratio   Uses a quicker, more simple and more flexible coverage evaluation

scheme

  CGSS: Much lower communication overhead   Impacts network lifetime once communication costs are considered

  CGSS: Knowledge comes with activity   No impact on area coverage once messages get lost


SETOP 2008

=> Loss of messages induce coverage loss for TGJD

30

40

50

60

70

80

90

100

0 200 400 600 800 1000 1200

% o

f co

ve

red

are

a

time

Density 70

TGJDPOPNPR

PNR

Experimental results impact on protocol performances once messages get lost


SETOP 2008

Work in progress

  Extend CGSS to k-coverage   Insert a parameter (layer k) in activity

messages   While i<k and covered at layer i,

evaluate coverage at layer i+1   Each node looks at its k-coverage   Decides to be active or not

  Non-ideal physical layer for sensing   Unit disk may not be always valid ;-)   Would it really impact existing protocols?   Coverage evaluation scheme would be modified   Or shorter sensing radii could be announced

Layer i

Layer i+1


SETOP 2008

Outlines






SETOP 2008

Key pre-distribution in WSN

  Security issues in wireless sensor networks:   Fault insertion and pervasive listening   No collaboration problem

  Cryptography for communication between valid nodes   Public key mechanisms require too much computation power   Use of symmetrical schemes

  Nodes can be captured   A single shared secret can be compromised by the capture of a single

node (Nodes can be captured at anytime! Even during bootstrap!)   Each node contains a subset of a key space

 Let K be a set keys. Each node has a randomly chosen subset of K of size n

 Two nodes can communicate if they share a key  Remark: if 2n>k, two nodes can always communicate


SETOP 2008

Illustration

S1 S2

Key pre-distribution: each node receives n keys (here n=3)

Determine the key spool (here K=12)


SETOP 2008

Illustration (2)

Random deployment

Initialization phase: neighbour discovery + key establishment

S1 S2

Hello, I am Bob

Hello, I am Alice

With ID


SETOP 2008

Illustration (2)

Random deployment

Initialization phase: neighbour discovery + key establishment

S1 S2

Hello, I am Bob

Hello, me too

Without ID


SETOP 2008

Illustration (3)

S1 S2

Initialization phase (continued)

Find common key

  Nodes can proceed to mutual authentication by using this key or establish a pairwise key

  But since the enemy can capture nodes and listen even during initialization phase, a link which uses a key derived of “ ” is considered as corrupted


SETOP 2008

Probability of key establishment

% of key space size Number of keys

K=10 000

  What matters?   n, the number of embedded keys   p, the probability of key establishment

K, the size of key space is derived from n and p

K=100


SETOP 2008

Key predistribution in WSN (continued)

  Robustness of the network   Percentage of compromised links (i.e. links that can be listened) vs

number of captured nodes

  Common strategy = increase the size K  It diminishes the probability of communication establishment  The number of nodes has to be increased in order to preserve

connectivity probability  Probability of connectivity of the network if evaluate via random

network model  This model does not take physical proximity for link establishment

  The metric has to be modified:  Percentage of compromise links vs percentage of captured

nodes


SETOP 2008

Examples of randomly

generated graphs according to

different probabilities p and different densities


SETOP 2008

Probability of connectivity


SETOP 2008

Compromised nodes

Reducing p does not improve robustness (because of connectivity constrainsts)


SETOP 2008

Summary

Offline: generation of key spool and distribution of keys

Sensing phase

t

Deployment

Initialization phase


SETOP 2008

Key-predistribution and activity scheduling

Sensing phase

Deployment

Sensing phase Sensing phase

t

1 round


SETOP 2008

Multi-deployment scheme

  Multi-deployment   Set of nodes are sequentially deployed with disjoint key spaces   The number of deployed sensor nodes is linear with number of rounds

  Multi-deployment with re-use of already deployed nodes   Introduction of “bridge” nodes which can connect nodes of different

deployments   These nodes are supposed to be stronger than usual nodes. It is not

clear that capture of bridge nodes are considered

  Evaluation = simple repetition of basic scheme


SETOP 2008

Evaluation

Sensing phase

Deployment

Sensing phase

Deployment

Sensing phase

Deployment

t

1 round


SETOP 2008

Conclusion (1)

  Augmentation of number of keys does not improve robustness of the networks

  Network lifetime enhancement:   Multi-deployments schemes are efficient but what is the cost of

redeployments?   Activity scheduling requires that all nodes are present at the beginning

and leads to low robustness

  Future works:   Combination of activity scheduling and re-deployment (re-use of still

active nodes by using not completely disjoint key spaces)   Topology control: there are no need to establish pairwise key with all

neighbors (e.g. RNG)


SETOP 2008

Conclusion (2)

  Other solutions seem promising:   Define unique session key for each couple of nodes with a probability of

100%   Key spool = symmetric matrix K such K=AxB   In each node we embed a random row and a random column   Key establishment = exchange of rows and multiplication by own

column

  To do: evaluation of amount of data needed for key establishment compared to key-predistribution scheme


SETOP 2008

Outlines






SETOP 2008

Basic principles

  Nodes know their own geographical position and positions of their neighbors   localized

  When a node has a packet for a given destination (knowing its position), it decides which neighbor is the next hop   memory-less

  Example:   S forwards to neighbor B closest

to D   [Finn 1987]

S DA

B


SETOP 2008

Some variations

  Nearest forward progress [Hou]   small steps

  More forward progress [Kleinrock]   big steps

  Random progress [Nelson, Kleinrock]   ???

  …   Most close to SD with

progress [Elhafsi, Simplot-Ryl]   Variation of DIR [Basagni et al.]

which is not loop free [Stojmenovic]

AB C D

E FS

A’


SETOP 2008

Transmission radius

D

H

G

F

E DIR is not loop-free !

•  Greedy and MFR are loop free

•  If we include constraints on positive progress, the protocol is loop-free

•  What if there is no neighbor with (strictly) positive progress? •  Dead-end Recovery process


SETOP 2008

D F

E C

B A

Right hand rule

R L

L R

S

W

V

U

P

Face routing – guaranteed delivery

[Bose et al. 1999]   Construct planar subgraph   Route in planar subgraph:

  SABCEBFED   SC…ABFD…W…VP


SETOP 2008

Planarization

  GG = Gabriel Graph   RNG = Relative Neighborhood Graph   GG contains RNG   They are both planar (if the initial graph is the UDG)

RNG GG


SETOP 2008

Example of GG


SETOP 2008

FACE is not energy efficient

  For two reasons:   The path itself can be long   Because of GG, edges are short can be inefficient

  Two counter-measures:   Stop the recovery as soon as possible

 When in dead-end: note the distance to the destination  Apply FACE until reaching a node which is closer than this distance  Frey and Stojmenovic have shown that only one face is used for

each recovery  This scheme is called GFG Greedy-FACE-Greedy [Data et al.]

where greedy part can be energy efficient (see later)   Apply Shortest path over FACE

  inefficient since edges maintained in GG are the shortest ones  Other solutions exist (see later)


SETOP 2008

Cost-over-progress scheme

  [Data, Stojmenovic]   The principle is to consider each neighbor with positive

progress and to evaluate the cost of the complete path   Current node = U   Considered neighbor = V   Destination = D

  Cost of one step = cost(U,V)   Number of steps = |UD| / progress

 Progress = |UD|-|VD|   Evaluation of the cost of the path under homogeneous hypothesis:

cost(U,V)*|UD|/progress   When minimizing this total cost |UD| is constant, so it is

equivalent to minimize cost/progress

U

V

D


SETOP 2008

Introducing shortest path in greedy part

  After choosing the next neighbor, SP can be apply   Ruiz et al. proposed to apply this after MFR   Problem: SP can include nodes which are farther to the destination   the path has to be embedded in the message   or at least the “truncated SP”


SETOP 2008

Removing memorization of the SP

  In order to prevent the insertion of SP (or truncated SP) in message, we can use positive path   A path is said to be positive is the distance to the destination is strictly

decreasing

  Summary: 1.  the current node choose the target neighbor (e.g. MFR)

If there is no target, go to 5 (recovery) 2.  It computes the shortest positive path to this node 3.  It sends the packet to the next node in this path 4.  Go to 1

5.  Note the distance from the current node to the destination 6.  Apply FACE until reaching a node which is closer, then go to 1

Gre

edy

Rec

over

y


SETOP 2008

Selecting the target neighbor

  Ruiz et al. proposed to apply MFR   Cost-over-progress can also be applied   More accurate: we can replace the cost by the cost of the

shortest positive path…   Summary:

1.  the current node choose the target neighbor which is the neighbor with strictly positive progress which minimizes cost-over-progress where the cost is the cost of the shortest positive path

If there is no target, go to 5 (recovery) 2.  It computes the shortest positive path to this node 3.  It sends the packet to the next node in this path 4.  Go to 1

5.  Note the distance from the current node to the destination 6.  Apply FACE until reaching a node which is closer, then go to 1

Gre

edy

Rec

over

y


SETOP 2008

Performances

Cost/progres

SP after MFR

SPP after C/P


SETOP 2008

Energy-efficient recovery

  The main problem is length of the edges in GG   idea:

  before applying GG:   apply a connected dominating set algorithm which minimizes the

number of dominant nodes

  A set of nodes is said to be dominant iff each node of the network is in this set of a neighbor of one node in this set


SETOP 2008

Wu & Dai dominating sets

  (Simplified version [Carle and Simplot-Ryl 2004])

  Each node has a priority (e.g. its ID)   Variations:

<degree, ID> <battery, degree, ID> <random, battery, degree, ID> …

  A node is not dominant iff   The set of neighbors with higher

priority is connected and covers the neighborhood


SETOP 2008

Energy-efficient recovery

  The main problem is length of the edges in GG   idea:

  before applying GG:   apply a connected dominating set algorithm which minimises the

number of dominant nodes

  A set of nodes is said to be dominant iff each node of the network is in this set of a neighbor of one node in this set

  Then, apply FACE over the dominating set where routing along an edge uses shortest positive path


SETOP 2008

GG over CDS


SETOP 2008

Performances

Cost/Progress

SP after MFR

without DS with DS

SP

P af

ter C

/P


SETOP 2008

What else?


SETOP 2008

Multicasting

  Same problem but the message as to be sent to several targets


SETOP 2008

MST-based splitting decision

  Ingelrest et al. have shown that MST is a good approximation of the Steiner tree and propose to use it for splitting decision:


SETOP 2008

Greedy part

  For each group, apply a variation of cost-over-progress   The cost is as usual (techniques presented in the first part apply)   But what progress???

  Again, we use MST in order to estimate to distance

  If U is the current node, the progress when considering V is |MST(U,t1,…,tN)|-|MST(V,t1,…,tN)|

U

V

t2

t1


SETOP 2008

Recovery part

  We can apply a variation of FACE:   When a dead-end is detected we note the distance to the closest target/

destination and we apply FACE to this destination until we reach a node for whom there exists a target closer than this distance.

  Other possibility: replace the line to the destination by the MST edge


SETOP 2008

Performances

MSTEAM

Ruiz et al. 2007

Centralized Algorithm


SETOP 2008

Next?


SETOP 2008

Conclusion & perspectives

  Best-known position-based routing (unicast and multicast) have been presented

  With geographical information   Basic algorithm: YES (MFR)   Energy efficient (EE): YES (cost/progress, ……)   Guaranteed delivery (GD): YES (FACE, GFG)   EE+GD:

  Without geographical information   Basic algorithm: YES (VCap)   Energy efficient (EE):   Guaranteed delivery (GD):   EE+GD:

YES (VCost…) YES (LTP) YES (HECTOR)

YES (ETE)

ETE’


SETOP 2008

Conclusion & perspectives

  Are these protocols efficient in real world?

  Big problem: the guaranteed delivery part requires planarization of the connection graph…

  Planarization of an arbitrary graph cannot be done in a localized way

  Challenge: which properties are needed for the physical layer in order to find a localized algorithm for the planarization


SETOP 2008

Robustness in wireless sensor networks

David SIMPLOT-RYL

Centre de recherche INRIA Lille – Nord Europe IRCICA/LIFL, CNRS 8022, Université de Lille 1

http://www.lifl.fr/~simplot [email protected]

robustness in wireless sensor networks · david simplot-ryl robustness in wsn setop 2008 key...

Documents