Resiliency Assessment of Wireless Sensor Networks: a Holistic Approach

Wireless Sensor Networks (WSNs) are emerging as a promising technology to foster the design and the implementation of self-configuring, self-healing, and cost-effective monitoring infrastructures. In the last decade, they have been used in several pilot research applications, such as detection of fires [1], object tracking [2, 3], security monitoring [4], supply chain monitoring [5] and stability monitoring of civil engineering structures, such as buildings [6], bridges [7], railroad tunnels [8], and dams [9, 10]. The commercial use of WSN is expected to grow dramatically in the next few years. However, industries in the field of wired sensing and monitoring infrastructures are still questioning the adoption of WSN in critical applications, despite attracted by their interesting features and by the possibility of reducing deployment and management costs of more than one order of magnitude [8]. This gap between research achievements and industrial development is mainly due to the little trust that companies repose in the reliability of WSNs. One of the causes of this distrust is represented by the lack of work defining critical application requirements forWSN and by the absence of effective approaches to be used at design time for assessing non functional properties, such as WSN dependability. Indeed, dependability assessment plays a central role in raising the level of trust of WSNs for critical applications. WSNs are exposed to several faults due to both wireless medium characteristic, the limited energy budget they are equipped with, harsh environment [11], and cheap adopted hardware. Even if digital signals are less prone to electromagnetic interference, packets might be lost or delivered with errors, sensors may be frozen to wrong fixed values and nodes may periodically reset due to malfunctioning. In these systems, data sensed by WSN nodes has to be properly delivered to the sink node (i.e., the node responsible of data collection), in spite of ”changes” introduced during WSN operation (e.g., a node failure). The situation is finally exacerbated by the highly dynamic nature of WSN and their proneness in manifesting transient failures [11], and self-reconfigurations. Such a complex behavior introduces several challenges for WSN developers. The design of WSNs is hardened by the lack of effective methods and approaches to master the intrinsic complexity of WSN assessment, especially when aiming to design WSNs able to perform with a persistent level of dependability while withstanding to manifesting changes, i.e. able to perform with a given level of resiliency [12]. As discussed in Chapter 2, past research efforts have been devoted to define the concept of connection (or network) resiliency for computer networks [13] and ad-hoc networks [14], i.e., the number of “changes”, in terms of node failures, that can be accommodated while preserving a specific degree of connectivity in the network. However, while these concepts still apply to WSNs, they are not enough to characterize the data-driven nature of WSNs. The service delivered by the WSN does not encompass only the connection, but also the computation, i.e., even when sensor nodes are potentially connected ( a path exists between nodes and the sink node), data losses can still occur. To overcome this limit, this thesis defines the concept of data delivery resiliency and qualifies the concept of WSN resiliency as a non functional properties composed by both connection resiliency and data delivery resiliency. Data delivery resiliency is defined in this thesis as the number of changes in terms of node failure that the WSN can accommodate while preserving packet delivery efficiency greater than a threshold. The concept of connection resiliency and data delivery resiliency are not interrelated. While the concept of connection resiliency relates to the WSN topology, i.e. the degree of path redundancy in the network, the concept of data delivery resiliency is related to i) the computational load on nodes which may causes packet losses due to buffer overrun, ii) application requirements, e.g. at least a given amount of produced measurements must be delivered to the sink node, iii) routing and MAC protocols impacting on the data delivery features and packet error rate, and iv) radio interferences and packet loss/corruption phenomenon on the propagation medium. Hence, assessing the data delivery resiliency as well as the connection resiliency is a crucial task in designing dependable WSNs, since it could help to i) anticipate critical choices e.g., concerning node placement, running software, routing and MAC protocols, ii) mitigate risks, e.g., by forecasting the time when the WSN will not be able to perform with a suitable level of resiliency, and iii) prevent money loss, e.g., providing a criteria to plan and schedule maintenance actions effectively. It is easy to figure out that resiliency assessment ofWSNs is dramatically exacerbated by the complexity of potential changes that may take place at runtime. The workload impacts on the number of packets sent on the network. The path followed by packets depends on the routing algorithm, on the topology, and on the wireless propagation profile (packets can be lost). The energy profile is affected by the workload, by the number of forwarded packets, and by the battery technology. All above factors impact on the failure behavior, e.g., a node can fail due to battery exhaustion. A node can also fail independently, due to faults in the sensing hardware. In turn, a failure of a node may induce a partition of the network into two or more subsets, involving a large set of nodes to be unavailable, i.e., isolated, since they are no more able to deliver data to the sink. Clearly, such high degree of inter-dependence complicates the assessment task, by dramatically increasing the number of variables and dynamics to encompass. Finally, but not less important, resiliency assessment cannot neglect actual hardware/software platforms features and the sensing hardware being used: different power consumptions and failure rates are indeed experienced when varying the underlying platforms, such as sensing hardware, radio chip and node operating system. Resiliency assessment cannot deviate from the use of models. State-of-art techniques for the assessment of non-functional properties, such as power consumption or dependability are mostly based on behavioral simulators and analytical models, as deeply discussed in Chapter 2. WSN Behavioral simulators, such as ns-2 [15] or TOSSIM [16], are close to real WSNs. They typically belong to the the final user (e.g. the deployer) domain of knowledge and allow to reproduce the expected behavior of single WSN nodes on the basis of the real application planned to execute. However, they are not designed to express and to evaluate non-functional properties. Such an analysis requires to evaluate statistical estimators and hence it needs several simulations runs in order to achieve results with an acceptable confidence. This in turn increases the time needed for the simulation by order of magnitudes, given the low-level of detail of these approaches. Analytical models, such as Petri nets and Markov chains, are the reference for resiliency assessment techniques. They have been successfully used for decades for the assessment of computer systems, including WSNs [17, 18]. However, the highly dynamic nature of WSNs requires the definition of detailed and complex models which are difficult to develop and hardly re-usable for different scenarios For instance, if a modeling team would invest for a fine grain model of a WSN, taking into account software, routing issues and hardware platforms, even a tiny change in the design parameters of the considered WSNs, such as the software or the topology, would probably require a modeling phase ex-novo, incurring in unaffordable design costs, while such aspects are well and easily reproduced in behavioral models. As matter of fact, the assessment of WSN resiliency following a mere analytical approach requires strong simplifying assumptions that often lead to rather abstract results. To overcome the limitation of available approaches, this thesis proposes a novel and holistic approach for the resiliency assessment of WSNs.