Smart Spaces and Next Generation Wired Wireless Networking: 9th International Conference, NEW2AN 2009 and Second Conference on Smart Spaces, ruSMART ... Networks and Telecommunications)

Lecture Notes in Computer Science Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Alfred Kobsa University of California, Irvine, CA, USA Friedemann Mattern ETH Zurich, Switzerland John C. Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen University of Dortmund, Germany Madhu Sudan Microsoft Research, Cambridge, MA, USA Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max-Planck Institute of Computer Science, Saarbruecken, Germany

5764

Sergey Balandin Dmitri Moltchanov Yevgeni Koucheryavy (Eds.)

Smart Spaces and Next Generation Wired/Wireless Networking 9th International Conference, NEW2AN 2009 and Second Conference on Smart Spaces, ruSMART 2009 St. Petersburg, Russia, September 15-18, 2009 Proceedings

13

Volume Editors Sergey Balandin Nokia Research Center Itamerenkatu 11-13, 00180 Helsinki, Finland E-mail: [email protected] Dmitri Moltchanov Yevgeni Koucheryavy Tampere University of Technology Department of Communications Engineering Korkeakoulunkatu 10, 33720 Tampere, Finland E-mail: {moltchan, yk}@cs.tut.fi

Library of Congress Control Number: 2009933595 CR Subject Classification (1998): C.2, B.8, C.4, D.2, K.6, D.4.6, K.6.5 LNCS Sublibrary: SL 5 – Computer Communication Networks and Telecommunications ISSN ISBN-10 ISBN-13

0302-9743 3-642-04188-4 Springer Berlin Heidelberg New York 978-3-642-04188-4 Springer Berlin Heidelberg New York

This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. springer.com © Springer-Verlag Berlin Heidelberg 2009 Printed in Germany Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper SPIN: 12753468 06/3180 543210

Preface

We welcome you to the joint proceedings of the 9th NEW2AN (Next-Generation Teletraffic and Wired/Wireless Advanced Networking) and the Second ruSMART conferences held in St. Petersburg, Russia during September 15-17, 2009. This year NEW2AN featured significant contributions to various aspects of networking. Presented topics encompassed several layers of communication networks: from physical layers to transport protocols. In particular, issues of QoS in wireless and IP-based multi-service networks were dealt with. Cross-layer optimization, traffic characterization were also addressed within the program. It is also worth mentioning the emphasis placed on wireless networks, including, but not limited to, cellular networks, wireless local area networks, personal area networks, mobile ad hoc networks, and sensor networks. The Second Conference on Smart Spaces, ruSMART 2009, was targeted at attracting the attention of academic and industrial researchers to an emerging area of smart spaces that creates completely new opportunities for making fully customized applications and services for the users. The conference is a meeting place for leading experts from top affiliations around the world, with particularly active participation and strong interest from Russian attendees that have a good reputation for high-quality research and business in innovative service creation and applications development. The NEW2AN/ruSMART 2009 call for papers attracted 82 papers from 22 countries, resulting in an acceptance rate of 39%. With the help of the excellent Technical Program Committee and a number of associated reviewers, the best 32 high-quality papers were selected for publication. The conference was organized in seven single track sessions. We wish to thank the Technical Program Committee members of both conferences and the associated reviewers for their hard work and important contribution to the conference. The Technical Program of both conferences benefited from two keynote speakers: - Aaron J. Quigley, University College Dublin, Ireland - Manfred Schneps-Schneppe, Ventspils University College, Latvia This year the conferences were supported by the sponsor packages provided by NOKIA, Nokia Siemens Networks, Ubitel (Russia) and Baltic IT Ltd (Russia) and organized in cooperation with ITC (International Teletraffic Congress), IEEE, and Popov Society. The support of these organizations is gratefully acknowledged. Finally, we wish to thank many people who contributed to the organization. In particular, Jakub Jakubiak (TUT, Finland) carried a substantial load of the submissions and reviews, website maintaining, did an excellent job on the compilation of camera-ready papers and liaising with Springer. Many thanks go to

VI

Preface

Natalia Avdeenko and Ekaterina Antonyuk (Monomax Meetings & Incentives) for their excellent local organization efforts and the conference’s social program preparation. We believe that the 9th NEW2AN and the Second ruSMART conferences provided an interesting and up-to-date scientific program. We hope that the participants enjoyed the technical and social conference program, Russian hospitality and the beautiful city of St. Petersburg.

July 2009

Sergey Balandin Dmitri Moltchanov Yevgeni Koucheryavy

Organization

NEW2AN International Advisory Committee Ian F. Akyildiz Nina Bhatti Igor Faynberg Jarmo Harju Andrey Koucheryavy Villy B. Iversen Paul K¨ uhn Kyu Ouk Lee Mohammad S. Obaidat Michael Smirnov Manfred Sneps-Sneppe Ioannis Stavrakakis Sergey Stepanov Phuoc Tran-Gia Gennady Yanovsky

Georgia Institute of Technology, USA Hewlett Packard, USA Alcatel Lucent, USA Tampere University of Technology, Finland ZNIIS R&D, Russia Technical University of Denmark, Denmark University of Stuttgart, Germany ETRI, Korea Monmouth University, USA Fraunhofer FOKUS, Germany Ventspils University College, Latvia University of Athens, Greece Sistema Telecom, Russia University of W¨ urzburg, Germany State University of Telecommunications, Russia

NEW2AN Technical Program Committee TPC Chair Dmitri Moltchanov Mari Carmen Aguayo-Torres Ozgur B. Akan Khalid Al-Begain Sergey Andreev Tricha Anjali Konstantin Avrachenkov Francisco Barcelo Sergey Balandin Thomas M. Bohnert Torsten Braun Chrysostomos Chrysostomou Georg Carle Ibrahim Develi Roman Dunaytsev Eylem Ekici

Tampere University of Technology, Finland University of Malaga, Spain METU, Turkey University of Glamorgan, UK State University Aerospace Instrumentation, Russia Illinois Institute of Technology, USA INRIA, France UPC, Spain Nokia, Finland SAP Research, Switzerland University of Bern, Switzerland University of Cyprus, Cyprus University of T¨ ubingen, Germany Erciyes University, Turkey Tampere University of Technology, Finland Ohio State University, USA

VIII

Organization

Sergey Gorinsky Markus Fidler Giovanni Giambene Stefano Giordano Ivan Ganchev Vitaly Gutin Martin Karsten Andreas Kassler Maria Kihl Tatiana Kozlova Madsen Yevgeni Koucheryavy Jong-Hyouk Lee Vitaly Li Lemin Li Leszek T. Lilien Saverio Mascolo Maja Matijaˇsevic Paulo Mendes Ilka Miloucheva Edmundo Monteiro Se´an Murphy Marc Necker Mairtin O’Droma Jaudelice Cavalcante de Oliveira Evgeni Osipov George Pavlou Simon Pietro Romano Alexander Sayenko Dirk Staehle Sergei Semenov Burkhard Stiller Weilian Su Veselin Rakocevic Dmitry Tkachenko Vassilis Tsaoussidis

Washington University in St. Louis, USA NTNU Trondheim, Norway University of Siena, Italy University of Pisa, Italy University of Limerick, Ireland Popov Society, Russia University of Waterloo, Canada Karlstad University, Sweden Lund University, Sweden Aalborg University, Denmark Tampere University of Technology, Finland (Chair) Sungkyunkwan University, R. Korea Kangwon National University, R. Korea University of Electronic Science and Techn. of China, China Western Michigan University, USA Politecnico di Bari, Italy University of Zagreb, FER, Croatia INESC Porto, Portugal Salzburg Research, Austria University of Coimbra, Portugal University College Dublin, Ireland University of Stuttgart, Germany University of Limerick, Ireland Drexel University, USA Lulea University of Technology, Sweden University of Surrey, UK Universit` a degli Studi di Napoli “Federico II”, Italy Nokia Siemens Networks, Finland University of W¨ urzburg, Germany Nokia, Finland University of Zurich and ETH Zurich, Switzerland Naval Postgraduate School, USA City University London, UK IEEE St.Petersburg BT/CE/COM Chapter, Russia Demokritos University of Thrace, Greece

Organization

Christian Tschudin Andrey Turlikov Kurt Tutschku Alexey Vinel Lars Wolf

University of Basel, Switzerland State University of Aerospace Instrumentation, Russia University of Vienna, Austria SPIIRAN, Russia Technische Universit¨ at Braunschweig, Germany

NEW2AN Additional Reviewers B. Alhaija A. Baryun C. Callegari S. Diamantopoulos R. Garroppo P. Godlewski J. Granjal C. Hoene

D. Iacono J. Jakubiak I. Komnios J. H. Lee E. Leitgeb D. Milic P. Mitoraj M. Okada

C. Pelizzoni J. Peltotalo V. Pereira M.-D. Perez Guirao S. Poryazov T. Staub M. Waelchli

ruSMART Executive Technical Program Committee Sergey Boldyrev Nikolai Nefedov Ian Oliver Alexander Smirnov Vladimir Gorodetsky Michael Lawo Michael Smirnov Dieter Uckelmann Cornel Klein Maxim Osipov

Nokia Research Center, Helsinki, Finland Nokia Research Center, Zurich, Switzerland Nokia Research Center, Helsinki, Finland SPIIRAS, St.-Petersburg, Russia SPIIRAS, St.-Petersburg, Russia Center for Computing Technologies (TZI), University of Bremen, Germany Fraunhofer FOKUS, Germany LogDynamics Lab, University of Bremen, Germany Siemens Corporate Technology, Germany Siemens CT, Embedded Linux, Russia

ruSMART Technical Program Committee Juha Laurila Sergey Balandin Alexey Dudkov Didem Gozupek Kim Geunhyung Reto Krummenacher Prem Jayaraman Michel Banˆ atre Sergei Bogomolov

Nokia Research Center, Switzerland Nokia Research Center, Finland University of Turku, Finland Bogazici University, Turkey Dong Eui University, Korea STI Innsbruck, Austria Monash University, Australia IRISA, France LGERP R&D Lab, Russia

IX

X

Organization

Gianpaolo Cugola Dimitri Konstantas Markus Taumberger Bilhanan Silverajan Aaron J. Quigley

Politecnico di Milano, Italy University of Geneva, Switzerland VTT, Finland Tampere University of Technology, Finland University College Dublin, Ireland

ruSMART Additional Reviewers Y. Koucheryavy

Organization

XI

Table of Contents

I

ruSMART

Invited Talk ITU G.hn Concept and Home Automation . . . . . . . . . . . . . . . . . . . . . . . . . . Manfred Schneps-Schneppe

1

Session I Extending Context Spaces Theory by Predicting Run-Time Context . . . . Andrey Boytsov, Arkady Zaslavsky, and K˚ are Synnes

8

Cross-Domain Interoperability: A Case Study . . . . . . . . . . . . . . . . . . . . . . . . Jukka Honkola, Hannu Laine, Ronald Brown, and Ian Oliver

22

A Topology Based Approach for Context-Awareness in Smart Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Antonio Coronato and Giuseppe De Pietro Anonymous Agent Coordination in Smart Spaces: State-of-the-Art . . . . . Alexander Smirnov, Alexey Kashevnik, Nikolay Shilov, Ian Oliver, Sergey Balandin, and Sergey Boldyrev

32 42

Session II On-the-Fly Situation Composition within Smart Spaces . . . . . . . . . . . . . . . Prem Prakash Jayaraman, Arkady Zaslavsky, and Jerker Delsing Empower Mobile Workspaces by Wireless Networks and Wearable Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Michael Lawo, Otthein Herzog, Michael Boronowski, and Peter Knackfuß Multimodal Interaction with Intelligent Meeting Room Facilities from Inside and Outside . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.L. Ronzhin and V.Yu. Budkov

52

66

77

Session III Ubi-Check: A Pervasive Integrity Checking System . . . . . . . . . . . . . . . . . . . Michel Banˆ atre, Fabien Allard, and Paul Couderc

89

XIV

Table of Contents

Towards a Lightweight Security Solution for User-Friendly Management of Distributed Sensor Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Pentti Tarvainen, Mikko Ala-Louko, Marko Jaakola, Ilkka Uusitalo, Spyros Lalis, Tomasz Paczesny, Markus Taumberger, and Pekka Savolainen Cross-Site Management of User Online Attributes . . . . . . . . . . . . . . . . . . . . Jin Liu

II

97

110

NEW2AN

Teletraffic Issues Analysis and Optimization of Aggregation in a Reconfigurable Optical ADD/DROP Multiplexer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J.M. Fourneau, N. Izri, and D. Verch`ere Teletraffic Capacity Performance of WDM/DS-OCDMA Passive Optical Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mohammad Gharaei, Catherine Lepers, Olfa Affes, and Philippe Gallion

120

132

Estimation of GoS Parameters in Intelligent Network . . . . . . . . . . . . . . . . . Irina Buzyukova, Yulia Gaidamaka, and Gennady Yanovsky

143

Multi-Skill Call Center as a Grading from “Old” Telephony . . . . . . . . . . . Manfred Schneps-Schneppe and Janis Sedols

154

Traffic Measurements, Modeling, and Control A Real-Time Algorithm for Skype Traffic Detection and Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D. Adami, C. Callegari, S. Giordano, M. Pagano, and T. Pepe

168

HTTP Traffic Measurements on Access Networks, Analysis of Results and Simulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Vladimir Deart, Vladimir Mankov, and Alexander Pilugin

180

The Video Streaming Monitoring in the Next Generation Networks . . . . . A. Paramonov, D. Tarasov, and A. Koucheryavy The Poisson Cluster Process Runs as a Model for the Internet Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jerzy Martyna

191

206

Table of Contents

XV

Peer-to-Peer Systems Proactive Peer-to-Peer Traffic Control When Delivering Large Amounts of Content within a Large-Scale Organization . . . . . . . . . . . . . . . . . . . . . . . . Chih-Chin Liang, Chia-Hung Wang, Hsing Luh, Ping-Yu Hsu, and Wuyi Yue

217

ISP-Driven Managed P2P Framework for Effective Real-Time IPTV Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Seil Jeon, Younghan Kim, Jonghwa Yi, and Shingak Kang

229

Fault-Tolerant Architecture for Peer to Peer Network Management Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Maryam Barshan, Mahmood Fathy, and Saleh Yousefi

241

Security Issues Public Key Signatures and Lightweight Security Solutions in a Wireless Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Dmitrij Lagutin and Sasu Tarkoma

253

On the Operational Security Assurance Evaluation of Networked IT Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Artur Hecker and Michel Riguidel

266

Trust Management Using Networks of Volunteers in Ubiquitous Computing Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mijeom Kim, Mohan Kumar, and Sukju Jung

279

A Fast and Efficient Handover Authentication Achieving Conditional Privacy in V2I Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jaeduck Choi, Souhwan Jung, Younghan Kim, and Myungsik Yoo

291

Wireless Networks: Ad Hoc and Mesh Robust and Efficient Routing in Wireless Mesh Networks with Unreliable Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Apostolia Papapostolou, Vasilis Friderikos, Tara A. Yahiya, and Hakima Chaouchi Video Compression for Wireless Transmission: Reducing the Power Consumption of the WPAN Hi-Speed Systems . . . . . . . . . . . . . . . . . . . . . . . Andrey Belogolovy, Eugine Belyaev, Anton Sergeev, and Andrey Turlikov Link Stability-Aware Ad Hoc Routing Protocol with Multiple Sampling Rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Myungsik Yoo, Junwon Lee, Younghan Kim, and Souhwan Jung

301

313

323

XVI

Table of Contents

Wireless Networks: Capacity and Mobility A Quality of Service Based Mobility Management in Heterogenous Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tara A. Yahiya and Hakima Chaouchi

334

A Novel Cooperative Relaying Scheme for Next Generation Wireless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hong Zhou

346

Frequency Allocation Scheme to Maximize Cell Capacity in a Cellular System with Cooperative Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wooju Lee, Kyongkuk Cho, Dongweon Yoon, Sang Kyu Park, and Yeonsoo Jang

358

Achieving Secondary Capacity under Interference from a Primary Base Station . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Shadi Ebrahimi Asl and Bahman Abolhassani

365

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

377

ITU G.hn Concept and Home Automation Manfred Schneps-Schneppe Ventspils University College Inzenieru st 101,Ventspils, Latvia [email protected]

For long time, many in the buildings industry have been looking for a day when home automation systems would become fully integrated with communication and humaninterface practices, with standards widely employed for information technology. Now the time is coming in the form of the ITU Recommendations G.hn.

1 SmartHouse Concept The most important approach in the field in home automation is the European “SmartHouse Code of Practice” [1]. Figure 1 shows the key role of the residential gateway (home gateway) in a SmartHouse framework.

Fig. 1. Role of the RG in a SmartHouse framework

The SmartHouse consists of a large and wide ranging set of services, applications, equipment, networks and systems that act together in delivering the “intelligent” home in order to address security and control, communications, leisure and comfort, environment integration and accessibility. Table 1 below illustrates the relationship between the technical requirements on bandwidth and SmartHouse services offered. The G.hn approach should enable the ability to manage home electronic systems from one main control point and make our household run smoother, feel better and save energy [2], taking into account many home automation requirements, particularly: S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 1–7, 2009. © Springer-Verlag Berlin Heidelberg 2009

2

M. Schneps-Schneppe Table 1. Examples of SmartHouse services and associated bandwidth

Interoperability. A good example of interoperability is having the lights turn off, the thermostats set back when you press a “goodbye” button on a keypad or when a motion sensor notices that you have exited a room. Remote Access. Remote access capabilities allow us to monitor our home’s environment and alter the settings of the lights, thermostats and other gear if necessary all from your laptop or cellphone. Expandability. It is important that a home automation system can be easily expanded both vertically to incorporate additional products and horizontally to support additional rooms. Manufacturers can support vertical and horizontal expandability by designing their systems to speak a common network language, like IP (Internet Protocol), and by offering wireless products that can communicate with a home’s existing network of wired products. Upgradeability. Software is the driving force of an automation system. The more sophisticated that software is, the more the system can do (see HGI picture below).

ITU G.hn Concept and Home Automation

3

Variety of Interfaces. In the age of universal graphical user interfaces (GUI), is there any reason to continue using a different home automation manufacturer's graphics instead of Web-browser-type operator interfaces? Energy-Savings. One of the hottest topics in the consumer media is energy conservation. Automation systems can help save energy by turning off electronics devices automatically.

2 ITU Recommendations G.hn The ITU concept G.hn is a worldwide standard, addresses technology for wired home-networks. G.hn is the common name for the "next generation" home network technology standard. The G.hn technology goal is to unify connectivity of digital content and media devices by providing a network over three popular types of wiring found in homes today: coax cable, phone lines, and AC power wiring and to supply data rates up to 1 Gbit/s. The ITU G.hn standard’s goal is to specify the physical (layer 1) and link (layer 2) layers for home wired networks (Fig. 2). This work culminated in Recommendation ITU G.9960 specifying G.hn’s Physical Layer. The G.hn Data Link Layer is divided into three sub-layers: 1) Application Protocol Convergence (APC) Layer, which receives Ethernet frames from the application layer and encapsulates them into G.hn MAC Service Data Units, 2) Logical Link Control (LLC), which is responsible for encryption, aggregation, segmentation and automatic repeat-request, and 3) Medium Access Control (MAC), which schedules channel access in according to TDMA method to avoid collisions. G.hn specifies a Physical Layer based on fast Fourier transform (FFT) Orthogonal frequency-division multiplexing (OFDM) modulation and Low-Density Parity-Check

Fig. 2. G.hn node protocol stack

4

M. Schneps-Schneppe

Fig. 3. Home phoneline networking data frame is based on Ethernet standards

FEC code. OFDM systems split the transmitted signal into multiple orthogonal carriers. These carriers are modulated using Quadrature amplitude modulation (QAM). The G.hn Physical Layer is divided into three sub-layers: 1) Physical Coding Sublayer (PCS), for generating PHY headers (Fig. 3), 2) Physical Medium Attachment (PMA), for scrambling and FEC coding/decoding, 3) Physical Medium Dependent (PMD), for bit-loading/stuffing and OFDM modulation. The PMD sub-layer is the only sub-layer in the G.hn stack that is "medium dependent" (ie, some parameters may have different values for each media - power lines, phone lines and coaxial cable). The rest of sub-layers (APC, LLC, MAC, PCS and PMA) are "medium independent". G.hn proponents are working now to make G.hn the future universal wired home networking standard worldwide. G.hn profiles for home automation are on further study yet (Fig. 4).

Fig. 4. Example of a G.hn network

ITU G.hn Concept and Home Automation

5

3 Home Gateway Initiative: RG Software Development Approach 1 There are currently several competing service delivery architectures now. OSGi Alliance is one of erlier, and Home Gateway Initiative is the newiest. The Home Gateway Initiative (HGI) is an open forum launched by a number of telephone companies (Belgacom, BT, DT, FT, KPN, Teliasonera, NTT, Telefonica, Telecom Italia) in December 2004 with the aim to release specifications of the home gateway. Many manufacturers (including Microsoft) have joined the alliance. The initiative will drive the development of residential gateways supporting the delivery of services. The initiative will take as a basis the work undertaken within existing bodies (such as ITU-T, Broadband forum, DLNA, OSGi Alliance, etc). The goals of the initiative are to produce and downstream requirements for a residential gateway enabling end to end delivery of services (Fig. 5), to work with manufacturers in order to leverage volumes, to validate with manufacturer against uses cases and requirements, to ensure interoperability.

Fig. 5. Home gateway environment according to the HGI concept

4 OSGi Alliance: RG Software Development Approach 2 The OSGi Alliance(formerlyas the Open Services Gateway initiative) was founded by Ericsson, IBM, Motorola, Sun Microsystems and others join in 1999. Among its members are more than 35 companies from quite different business areas. The Alliance and its members have specified a Java-based service platform that can be remotely managed (Fig. 6). (We are with Java-based service platform for long timr, see http://abava.blogspot.com/.)

6

M. Schneps-Schneppe

Fig. 6. OSGi Service Gateway Architecture

5 Conclusion The right time is now to develop the G.hn profiles for home automation. According to Wikipedia [4], three home networking organizations that promoted previously incompatible technologies (CEPCA, HomePNA and the Universal Powerline Association), announced that they had agreed to promote G.hn as the single nextgeneration standard for wired home networking, and to work to ensure coexistence with existing products in the market. The Continental Automated Buildings Association (CABA) and HomeGrid Forum signed a liaison agreement to support HomeGrid Forum’s efforts in conjunction with ITU-T G.hn to make it easy for consumers worldwide to connect devices and enjoy innovative applications using existing home wiring. Case studies. The paper is illustrated by case studies (from Latvia): Case 1. The KNX (Konnex) standard based demonstration room is arranged by Urban Art company (Riga) in cooperation with University of Latvia. Time switch programs enable users to heat or ventilate each room individually, while a remote control is also available for operating light switches, monitoring windows and doors for home security. The web server enables users to operate intelligent room from any PC or smart phone, requiring only a common operating system and a browser. Another new feature is the alarm function that sends e-mail or text message warnings to four predefined recipients.

ITU G.hn Concept and Home Automation

7

Case 2. Abavanet company (Ventspils) has developed a series of m-bus controlled devices for water supply automatic measurement (wireline and wireless). Case 3. MikroDators company (Ogre) has produced wireless measuring devices for hot water supplier Rigas Siltums company.

References 1. 2. 3. 4.

SmartHouse Code of Practice, CENELEC, CWA 50487 (November 2005) http://www.electronichouse.com/article/ 10_features_to_look_for_in_a_home_automation_system/ Home Gateway Technical Requirements (2008), http://www.homegateway.org/ http://en.wikipedia.org/wiki/G.hn

Extending Context Spaces Theory by Predicting Run-Time Context Andrey Boytsov, Arkady Zaslavsky, and Kåre Synnes Department of Computer Science and Electrical Engineering Luleå University of Technology, SE-971 87 Luleå {Andrey.Boytsov,Arkady.Zaslavsky,Kare.Synnes}@ltu.se

Abstract. Context awareness and prediction are important for pervasive computing systems. The recently developed theory of context spaces addresses problems related to sensor data uncertainty and high-level situation reasoning. This paper proposes and discusses componentized context prediction algorithms and thus extends the context spaces theory. This paper focuses on two questions: how to plug-in appropriate context prediction techniques, including Markov chains, Bayesian reasoning and sequence predictors, to the context spaces theory and how to estimate the efficiency of those techniques. The paper also proposes and presents a testbed for testing a variety of context prediction methods. The results and ongoing implementation are also discussed. Keywords: context awareness, context prediction, context spaces theory, pervasive computing, Markov model, Bayesian network, branch prediction, neural network.

1 Introduction Pervasive computing is a paradigm where computing systems are integrated into the everyday life and environment in a non-intrusive, graceful and transparent manner. For example, it can be a smart home or office, where doors are automatically opened and light is automatically turned on right before a person enters the room [18]. Or it can be a smart car, which suggests the fastest way to the destination and which assesses its own condition and proposes maintenance plan. Many pervasive computing systems are now being introduced into our life. Context awareness and context prediction are relatively new research areas, but they are becoming an important part of pervasive computing systems. This paper analyzes various context prediction techniques and proposes a plug-in approach to context prediction for pervasive computing systems at run-time. This approach is proposed as an extension of context spaces theory [17, 19]. This paper focuses on how to apply various available context prediction techniques and how to estimate the efficiency of those techniques. This paper also proposes validation of the pluggable context prediction techniques using the “Moonprobe” model and application scenario that imitates movement of vehicle over a sophisticated landscape. The article is structured as follows. Necessary definitions are included in section 2. Section 3 provides a brief overview of the context spaces theory – its essence, S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 8–21, 2009. © Springer-Verlag Berlin Heidelberg 2009

Extending Context Spaces Theory by Predicting Run-Time Context

9

addressed problems, proposed solutions and current research challenges. In section 4 we propose context prediction methods and develop the algorithms for their adaptation to the theory of context spaces. In section 5 we introduce “Moonprobe” model and application scenario – a testing framework that we developed to estimate context prediction efficiency. Section 6 summarizes the paper and proposes future work.

2 Definitions This paper addresses many important issues of pervasive computing systems. Generally, pervasive systems comprise many small and inexpensive specialized devices. If a device is used to specifically obtain information from the environment that device is usually referred to as a sensor. Each device performs its own functions, but to be able to perform them effectively the device usually needs to communicate with other devices and process the information that it obtains from them. One of the most important characteristics of a pervasive computing system is its context. In earlier works on context awareness different definitions of context were proposed. Comprehensive overview of those efforts was presented by Dey and Abowd [6]. They define context as “any information that can be used to characterize the situation of an entity.” In fact, every piece of information that a system has is a part of that system’s context. The system is context aware if it can use context information to its benefit. Reasoning about context is the process of obtaining new knowledge from current and possibly predicted context. Context model is a way of context representation that is used for further reasoning. We assume that context aware pervasive computing systems have the following features: y Sensors supply data that will be used by pervasive system for further reasoning. Examples of sensors may include light sensors, altitude sensors, accelerometers, etc. y Sensors transfer all the data to reasoning engine via a sensor network. y The reasoning engine, which can possibly be a distributed system, performs reasoning, makes context predictions and produces some output that can be used for modifying system’s behavior. Many important issues of pervasive computing systems are left out of scope of this paper, for example, security, privacy, need for distributed computations and other related problems.

3 Context Spaces Theory The theory of context spaces [17, 19] is a recently developed approach for context awareness and reasoning which addresses the problems of sensors uncertainty and unreliability. It also deals with situation reasoning and the problems of context representation in a structured and meaningful manner. Context spaces theory is designed to enable context awareness in clear and insightful way. This theory uses spatial metaphors for representing context as a multidimensional space. To understand context spaces theory we need to introduce several new

10

A. Boytsov, A. Zaslavsky, and K. Synnes

terms. Any kind of data that is used to reason about context is called context attribute. Context attribute usually corresponds to a domain of values of interest, which are either measured by sensors directly or calculated from other context attributes. It can be either numerical value or a value from pre-defined set of non-numerical options. Context state represents the set of all relevant context attributes at a certain time. A set of all possible context states constitutes application space. Therefore, application space can be viewed as a multi-dimensional space where the number of dimensions is equal to the number of context attributes in the context state. The state of the system is represented by a point in the application space and the behavior of the system is represented by a trajectory moving through the application space over time. Situation space is meant to represent real life situation. It can be defined as subspace of the application space. So if context state is in the subspace representing situation S, it means that situation S is occurring. Situation S has the level of occurrence certainty. It depends on the probability of the context state to be within S and it also depends on the subspace within S. See figure 1 for simple illustration. We’ll keep referring to that example for context prediction approaches illustration throughout the article.

Fig. 1. Context spaces theory

In context spaces theory several methods were developed for reasoning about the context. Bayesian reasoning [23] or Dempster-Schafer algorithm [24] are used to get overall confidence in the fact that a situation is occurring. Algebraic operations on situations and some logic-based methods were developed for reasoning in terms of situations. Context spaces theory was implemented in ECORA [20] – Extensible Context Oriented Reasoning Architecture. ECORA is a framework for development of contextaware applications. That framework provides its functionality as a set of Java classes to be integrated into the prototypes of context-aware systems. The research presented in this paper develops context prediction methods that can be used to extend the context spaces theory and benefit ECORA-based applications.

Extending Context Spaces Theory by Predicting Run-Time Context

11

4 Context Prediction for Context Spaces Theory The ability to predict future context will benefit runtime performance of context aware applications. For example, use cases for context prediction can be found in [16]. Predicted context can be used for early warnings, for power management, for system reconfiguration etc. Context prediction is one of research challenges for context spaces theory. In practice, most of current context prediction approaches involve inferring various context features during run-time. The results of inference are then used for context prediction. That inference is actually a machine learning task. For this purpose neural networks [12], Markov chains [5] and Bayesian networks [23] might be sufficiently effective tools. Here we analyze possible context prediction techniques and develop the appropriate algorithms for two-way mapping between the context spaces theory and the analyzed context prediction technique. Sequence predictors for context prediction. Many context prediction approaches were inspired by research in UNIX next command prediction [8, 9]. There authors suggested to represent each UNIX command as a symbol and the whole command flow – as symbol sequence. Also they proposed a set of algorithms for sequence prediction. Sequence prediction techniques were later used in a variety of systems from “Smart Home” architectures to prediction of movement in cellular networks. Various modifications of LZ78 algorithm [26] were used in various papers [1, 4, 7, 10, 15, 22]. It is worth noting the paper [15] which presents general application-independent architecture for context prediction. [15] also suggests that Active LeZi algorithm can be used to predict future situations (note that the concept of a situation in [15] differs from the concept of a situation in context spaces theory). The Active LeZi algorithm itself is described in [10]. According to [15], Active LeZi provides up to 99% of accuracy on 1-step prediction. Sequence prediction techniques are feasible in context spaces theory as well. For prediction purpose context can be represented as a sequence of situations. When situation occurs, a special symbol is added to the sequence. When situation is over, another special symbol can be added to the sequence as well. Sequence prediction techniques can be applied to predict the next symbol in that sequence and, therefore, to predict the occurrence of a situation. For example, context state flow in Fig. 1 can be described by following sequence: (SS3-in)(SS4-in)(SS3-out)(SS4-out)(SS1-in) Sequence prediction algorithms should be adjusted to the fact that situations have certain levels of confidence. It can be done by introducing the threshold for the level of certainty. We consider that the situation is occurring if its level of confidence is above the threshold and we consider that the situation is over if its level of confidence drops below the threshold. In [15] active LeZi showed very good performance in a variety of cases. Incorporation of active LeZi algorithm into context spaces theory is in progress. Its efficiency is currently being investigated. Neural networks for context prediction. Some techniques of context prediction use neural networks to learn from user behavior. For example, [14] describes “Neural Network House” project where special equipment predicts expected occupancy patterns of rooms in the house, estimates hot water usage, estimates the likelihood for a room to be entered soon, etc. In [14] authors used feedforward neural networks trained

12

A. Boytsov, A. Zaslavsky, and K. Synnes

with back propagation. Projects related to indoor movement prediction considered neural network approach as well. In [25] authors addressed the problem of predicting next room the person is going to visit. A neural network took current room number as an input and produced the most probable next room number as an output. Logs of user movement were used to train the network. For prediction purposes authors chose multi-layer perceptron with one hidden layer and back propagation learning algorithm. Neural networks adaptation for context spaces theory can use several approaches. For example, the neural network can accept current situation (with its level of confidence) and predict next situation to occur. Alternatively, the neural network can accept the whole set of current situations and return a whole set of situations expected over a period of time. Additionally, neural network can accept context coordinates and infer the expected future coordinates or expected future situations. Markov models for context prediction. Markov models proved to be a feasible way of context prediction. In [2, 3] authors used Markov chains to predict what internet site user is likely to visit next. Context prediction using Markov chains based techniques and Bayesian networks based techniques were considered in the [13]. In there authors addressed the active device resolution problem, when the user has a remote control to interact with a set of devices, but there are always several devices in user proximity. Some papers use hidden Markov model to learn from user behavior. For example, in [11] hidden Markov models are used to obtain prediction of next room that the person is likely to visit. The layout of rooms in the house, represented as a graph, is handled as a hidden Markov model, and the history is used to obtain the probabilities of moving from one room to another. Context in our approach can be viewed as a Markov model as well. For that we need to represent the context as a graph where every node represents a situation. However, Markov model states have to be mutually exclusive. It is not generally so in context spaces theory. To make situations mutually exclusive, we need to find all kinds of situations intersection and extract them as new situations. To do this we developed the following algorithm. Algorithm MM4CS. Step 1. Create three entities: Entity 1: set of situations. Initially it contains all defined situations. From now on initial situations will be referred to as S1, S2, S3, …, SN. Also they will be referred to as old situation spaces. Newly acquired situations may appear as a result of situation decomposition. They will be referred to according to the situation algebra expressions they were obtained from, for example, S1∩S2∩!S3 or S10∩S8, etc. From now on, for simplicity, when talking about situations and it does not matter whether those situations are initial or newly acquired we’ll refer to them as A,B,C, etc. Subspace of application space that includes whole application space except the situation A will be referred to as !A. Entity 2: set of situation pairs. Elements of the set will be referred like (A, B), where A and B are some situations. Expression (A,*) is a joint name of all elements containing the situation A. Pair of situation with itself like (A,A) are not supported. Situation pairs are unordered, i.e. (A,B) and (B,A) both identify the same set element. Initially the set contains all available pairs of starting set of situations, i.e. (Si, Sj) for every i,j ϵ [1.. N] and i≠j.

Extending Context Spaces Theory by Predicting Run-Time Context

13

Entity 3: dependency graph. Initially it has 2 sets of vertices. Each vertex of each set represents a situation. Vertex will be referred as (A)j where the A represents situation and the superscript represents the set number (1 or 2). Dependency graph will be used for prediction in terms of old situation spaces. Initially it has only vertices (Si)1 and (Si)2 and edges between (Si)1 and (Si)2 (i ϵ [1.. N]). Edges are undirected. Also in the graph special temporary vertices can appear during the runtime. They will be referred as, for example, (A)j:B. Step 2. Take any element from a situation pairs set. Let’s say, it is element (A, B). See, if situation spaces A and B have any intersections in application space. It can be done using situation algebra provided in [17]. If there are no intersections between A and B – just remove the element (A, B) from the situation pair set. If there are any intersections, a set of substeps has to be performed: Substep 2.1. Remove element (A, B) from the set. Substep 2.2. Iterate through the situation pairs list and perform following changes: Substep 2.2.1. Every (A,*) element should be replaced with two new elements. Element (A∩B, *) is created in all cases and element (A∩!B, *) is created if the subspace A∩!B is not empty. Substep 2.2.2. Every (B,*) element should be replaced with two new elements as well. Element (A∩B, *) is created if it was not created on substep 2.2.1 and element (!A∩B, *) is created if the subspace !A∩B is not empty. Substep 2.3. Update dependency graph: Substep 2.3.1. Vertex (A)2 should be removed and several new vertices should be created instead. Vertex (A∩B)2:A should be created in all cases and vertex (A∩!B)2 should be created if subspace A∩!B is not empty. Newly created vertices should have the edges to every element that (A)2 had the edge to. Substep 2.3.2. Vertex (B)2 should be removed and several new vertices should be created instead. Vertex (A∩B)2:B should be created in all cases and vertex (!A∩B)2 should be created if subspace !A∩B is not empty. Newly created vertices should have the edges to every element that (B)2 had the edge to. Substep 2.3.3. Vertices (A∩B)2:A and (A∩B)2:B should be merged to new vertex (A∩B)2. All the edges leading to either (A∩B)2:A or (A∩B)2:B should be redirected to (A∩B)2 instead. Substep 2.4. In situation set remove situations A and B and introduce all nonempty situations of these: A∩B, !A∩B, A∩!B. Step 3. If situation pair list is not empty – go to step 2. If situation pair list is empty – add new situation to the situations list: !S1∩!S2∩!S3∩!...∩!SN. Also add corresponding vertex to the dependency graph: (!S1∩! S2∩!S3∩!...∩!SN)2. It has no edges. Another option is not to mention !S1∩! S2∩!S3∩!...∩!SN situation and consider the system being in process of transition when no situation is triggered. ■ Resulting list of situations will now be referred to as new situation spaces. Resulting dependency graph will have old situation spaces in one set of vertices and new situation spaces in another. Edges between the vertices mean that old situation space has corresponding new situation space as a part of its decomposition. Algorithm has to be applied to the system only once – before the runtime. When this algorithm is complete, mutually exclusive set of situations is obtained. Now this

14

A. Boytsov, A. Zaslavsky, and K. Synnes

new set of situation spaces can be represented as states of the Markov model. All Markov model based context predictors are applicable for it. For illustration see Fig. 2. There are two options of Markov models for the system described in Fig. 1 and it depends on what option do we take on step 3 of an algorithm.

Fig. 2. Markov model for Fig.1

Reasoning in terms of old situation spaces can be easily done using new situation spaces. Let’s say, we need prediction for the situation Si from old situation spaces. It can be done in the following manner. Step 1. Find (Si)1 vertex. It is connected to some other vertices. Let them be (D1)2, (D2)2, (D3)2, … (Dk)2,etc. Step 2. Take predicted levels of confidence for those vertices. It is done using Markov predictor directly. Step 3. Infer the level of confidence of situation: P(Si) = P(D1U D2U D3U…U Dk) Where P(Si) – predicted level of confidence in situation Si, and sign U is a operator for uniting situations. Uniting situations can be done by the means of situation algebra provided by [17]. P(Si) is the demanded result. However, these 3 steps should be done on every case of prediction and therefore they will introduce some run-time overhead. So, Markov models seem to be feasible way of context prediction for context spaces theory. However, to make it applicable for context spaces some pre-processing is needed. Some computation overhead in the run-time will be introduced as well to transition from new situation spaces to old ones. Bayesian networks for context prediction. Bayesian network approach for context prediction was considered in the paper [21]. That research addressed the problem of predicting next room person is likely to visit. Context was represented as dynamic Bayesian network, where current room depended on several rooms visited previously and duration of staying in current room depended on current room itself, time of the day and week day. In [21] dynamic Bayesian network learned from the history of indoor movements. One more case of context prediction using Bayesian networks was described in [13]. There authors addressed active device resolution problem. [13] paper was already discussed in previous section.

Extending Context Spaces Theory by Predicting Run-Time Context

15

Context within context spaces theory can actually be represented by dynamic Bayesian network. In a simplest form it can allow to establish correlations between situations in time (and situations do not have to be mutually exclusive in this case). Dynamic Bayesian networks can also help if there are any additional suggestions about factors that influence the context but are not included directly in the application space. Branch prediction for context prediction. Paper [18] considered applying branch prediction algorithms for context prediction in pervasive computing systems. Branch prediction algorithms are used in microprocessors to predict the future flow of the program after branch instruction. In [18] authors consider another example: branch prediction is used to predict moving of the person around the house or office. Branch prediction algorithms can be applied to context spaces theory as well. Once again, context should be represented in terms of situations, and the situations should be represented as a graph. One option is to use mutually exclusive situation decomposition that was presented for Markov model predictors. Then we can predict moving through the graph over time using branch prediction techniques. Another option is to use the same approach like we took to apply sequence predictors: when situation happens or wears off, special symbol is added to the sequence. Branch predictors can be used to predict next symbol there. Summary. The features of different approaches to context spaces theory can be summarized in following way (see table 1). Table 1. Context prediction approaches summary

Approach Sequence predictors

Benefits and shortcomings Good results are proven in practice. Low adaptation efforts are needed.

Neural networks

Large variety of options to choose and low adaptation efforts needed. However, additional thorough testing is needed by every application to determine what exact neural network type is the most feasible. They can be applied. However, this approach requires splitting the application space in a set of non-overlapping situations, which is not natural for context spaces theory and requires significant pre-processing Approach is able to estimate the influence of different factors, not depending on whether they are in the context or not yet. Low adaptation efforts are needed. The algorithms are simple. However, prediction results are influenced only by small part of the history and the algorithms are capable of working with simple patterns only.

Markov chains

Bayesian networks Branch predictors

Summary This approach is the most perspective . The approach is quite perspective. The efficiency of this approach needs to be evaluated. The approach is very perspective. In general case that approach is least applicable.

16

A. Boytsov, A. Zaslavsky, and K. Synnes

Common challenges and future work directions. As it was shown all context prediction methods have to overcome some specific challenges to be applied to context spaces theory. But there is one common challenge, which was not yet addressed: all the defined context prediction methods deal with a discrete set of possible events or situations. So to apply the prediction methods context should be represented as a set of situations. But the flow of any prediction algorithm depends on how we define situation spaces within application space. Different situation spaces will result in different algorithm flows, even if application space is generally the same. This effect might be vital. So the question arises: what is the best way to define situations inside context space for prediction purposes? Results can depend on exact prediction algorithm or exact application. Situations should be both meaningful for the user and good for prediction. This question needs further research.

5 Testbed for Context Prediction Methods For testing context prediction methods identified above, a testbed is needed. Testbed application should include following features: 1. Widest range of context reasoning and context prediction methods should be applicable. 2. Testbed should be able to estimate the effectiveness of those techniques. 3. Testbed should be configurable and flexible. 4. Architecture of the testbed system must provide the way to replace context reasoning or context prediction method easily. 5. Conforming to the rules above, testbed model still has to be as simple as possible. For validating context prediction methods we introduce “Moonprobe” model and application scenario. “Moonprobe” is a model that simulates vehicle going over some sophisticated landscape in 2D environment. The aim of the vehicle is to reach some destination and not to crash or run out of fuel on its way. This model was developed using XJ Technologies AnyLogic modeling tool ([27]). “Moonprobe” testbed model represents a vehicle. That vehicle is affected by a group of forces (see formula (1)): Fres = Fgr + N + Fen .

(1)

Where: Fres – resulting force. It is the vector sum of all the forces affecting the moonprobe. Fgr – gravity force. It is constant and always affects the probe. Fen – engine force. Moonprobe has an engine, which can be used to dampen the fall or just keep going forward. Engine force is set by probe controlling device. Engine has limited fuel capacity. If the probe ran out of fuel engine force is constantly equal to zero. N – support reaction force. It affects the probe only if it is on the ground. Acceleration of the probe can be found with formula (2). A = (Fgr + N + Fen)/M Where M is the mass of the vehicle.

(2)

Extending Context Spaces Theory by Predicting Run-Time Context

17

In a very simplified manner the model can be described by the following set of equations (see formula (3)).

. |

(3)

|

Where t is time, X is probe coordinate vector, V is probe velocity vector, M is mass of the probe (known system parameter), N is support reaction vector (directed perpendicular to the ground), Fl – fuel level remained, g – gravity vector, FCR – fuel consumption rate (known system parameter), Fen – engine force vector (value and direction set by probe control system). In some cases probe can leave the ground (see Fig. 3). When probe lands, it will experience ground collision.

Fig. 3. Probe leaves the ground

Ground collisions are considered to be dangerous for the probe. Collision effect is estimated by the projection of probe speed perpendicular to the ground level. If it exceeds the threshold, the probe crashes. Engines can be used to slow down the landing and therefore avoid the crash. The “Moonprobe” model deals with the problems that every pervasive system deals with: sensor uncertainty, sensor outages, determining environment characteristics, fusing heterogeneous sensor data etc. By now the moonprobe uses around 20 context parameters to reason about the situations. Moonprobe has a set of situations to be aware of. They can be classified in several major groups. Group 1. Sensor outages. Any sensor can break down. Scenarios of sensor outages are configurable. The behavior of failed sensor is tunable as well, but the most convenient ways seem to be following: (1) Sensors start to show random values (2) Sensors keep returning the same value all the time not regarding to characteristic under measurement (3) Sensors increase their errors

18

A. Boytsov, A. Zaslavsky, and K. Synnes

Fig. 4. Moonprobe system architecture

Fig. 5. "Moonprobe" system working

Time between sensor outage and sensor outage detection can be used as a metric to estimate the quality of reasoning about that situation. Group 2. Current progress of going to the destination point. The probe needs to estimate whether it is going the right way (considering the fact not all the sensors might be working). Group 3. Safety conditions. The probe needs to estimate the level of crash risk. The architecture of the model is following (see Fig. 4). System consists of several components. • •

“Environment and probe” component. It implements the physical model of the system. Also it monitors what happens to the probe (crash, sensor outage etc.). “Sensors” component. Sensors measure the data from the probe in certain moments of time and introduce some errors.

Extending Context Spaces Theory by Predicting Run-Time Context

19

Fig. 6. Situation estimations in “Moonprobe”

• •

“Controlling engine” component. It takes sensed data and provides control information (e.g. desired engine power). “Main” component provides overall assessment of experimental results.

All the context prediction methods described in section 4 can be applied to moonprobe scenario. Context prediction techniques can be incorporated in “Controlling engine” component. There context prediction can be used to find optimal values of engine power to minimize crash risk and reduce fuel consumption. The development of the “Moonprobe” testbed is now complete. Screen dumps of running “Moonprobe” is depicted on Fig. 5(complete) and Fig.6 (partial). Model evaluation has shown that the “Moonprobe” model is really capable of estimating prediction results and that context prediction and context awareness algorithms are really pluggable into it. Exact measurements of the result of different context prediction methods are in progress.

6 Conclusion and Future Work Context spaces theory is a promising approach, which addresses many problems of context awareness in pervasive computing. Adding accurate and reliable context prediction methods is one of the research challenges of that theory. In this paper a set of available context prediction techniques was proposed. Twoway mapping algorithms were developed to apply these context prediction methods to context spaces theory. Efficiency of context prediction methods was addressed. A

20

A. Boytsov, A. Zaslavsky, and K. Synnes

special testbed was developed to evaluate the effectiveness of context prediction methods. Feasibility of the proposed testbed has been also proven. As a result, context spaces theory was enhanced with context prediction algorithms and their applicability and feasibility were demonstrated. By extending context spaces theory with context prediction techniques it can address not only problems of uncertain sensors or situation reasoning, but context prediction problem as well. It will benefit ECORA-based applications and widen the applicability of ECORA to new class of tasks – the tasks which require prediction capability. The proposed approach incorporates pluggable algorithms of context prediction, so for every application it can be defined what exact context prediction approach is the best. Future work will concentrate on accuracy metrics and analytical comparison of the efficiency of context prediction methods. Another interesting challenge for future work is how to define the situation spaces in a manner that both grants usability and enhances context prediction.

References 1. Ashbrook, D.: Learning significant locations and predicting user movement with gps. In: ISWC 2002: Proceedings of the 6th IEEE International Symposium on Wearable Computers, Washington, DC, USA. IEEE Computer Society, Los Alamitos (2002) 2. Albrecht, D.W., Zukerman, I., Nicholson, A.E.: Pre-sending documents on the WWW: A comparative study. In: IJCAI 1999 – Proceedings of the Sixteenth International Joint Conference on Artificial Intelligence (1999) 3. Bestavros, A.: Speculative data dissemination and service to reduce server load, network traffic and service time in distributed information systems. In: Proceedings of the 1996 International Conference on Data Engineering (1996) 4. Bhattacharya, A., Das, S.K.: Lezi update: An information-theoretic approach to track mobile users in PCS networks. In: Mobile Computing and Networking, pp. 1–12 (1999) 5. Cappe, O., Moulines, E., Ryden, T.: Inference in Hidden Markov Models. Springer, Heidelberg (2005) 6. Dey, A.K., Abowd, G.D.: Towards a better understanding of context and contextawareness. Technical report (1999) 7. Das, S.K., Cook, D.J., Bhattacharya, A., Heierman III, E.O., Lin, T.-Y.: The role of prediction algorithms in the MavHome smart home architecture. IEEE Wireless Communications 9(6), 77–84 (2003) 8. Davison, B.D., Hirsh, H.: Toward an adaptive command line interface. In: Advances in Human Factors/Ergonomics: Design of Computing Systems: Social and Ergonomic Considerations, pp. 505–508. Elsevier Science Publishers, San Francisco (1997); Proceedings of the Seventh International Conference on Human-Computer Interaction 9. Davison, B.D., Hisrch, H.: Probabilistic online action prediction. In: Proceedings of the AAAI Spring Symposium on Intelligent Environments (1998) 10. Gopalratnam, K., Cook, D.J.: Active Lezi: An incremental parsing algorithm for sequential prediction. In: Proceedings of the Florida Artificial Intelligence Research Symposium (2003) 11. Gellert, A., Vintan, L.: Person Movement Prediction Using Hidden Markov Models. Studies in Informatics and Control 15(1) (March 2006) 12. Haykin, S.: Neural Networks: A Comprehensive Foundation, 2nd edn. Prentice Hall, Englewood Cliffs (1999)

Extending Context Spaces Theory by Predicting Run-Time Context

21

13. Kaowthumrong, K., Lebsack, J., Han, R.: Automated selection of the active device in interactive multi-device smart spaces (2002) 14. Mozer, M.C.: The neural network house: An environment that adapts to its inhabitants. In: Proceedings of the AAAI 1998 Spring Symposium on Intelligent Environments, pp. 110–114. AAAI Press, Menlo Park (1998) 15. Mayrhofer, R., Radi, H., Ferscha, A.: Recognizing and predicting context by learning from user behavior. Radiomatics: Journal of Communication Engineering, special issue on Advances in Mobile Multimedia 1(1) (May 2004) 16. Nurmi, P., Martin, M., Flanagan, J.A.: Enabling proactiviness through Context Prediction. In: Proc. Workshop on Context Awareness for Proactive Systems, pp. 159–168. Helsinki University Press, Helsinki (2005) 17. Padovitz’s, A.: Context Management and Reasoning about Situations in Pervasive Computing, PhD Theses, Caulfield School of Information Technology, Monash University, Australia (2006) 18. Petzold, J., Bagci, F., Trumler, W., Ungerer, T.: Context Prediction Based on Branch Prediction Methods (July 2003) 19. Padovitz, A., Loke, S.W., Zaslavsky, A.: Towards a theory of context spaces. In: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004, pp. 38–42 (2004) 20. Padovitz, A., Loke, S.W., Zaslavsky, A.: The ECORA framework: A hybrid architecture for context-oriented pervasive computing. Pervasive and Mobile Computing 4(2), 182–215 (2008) 21. Petzold, J., Pietzowski, A., Bagci, F., Trumler, W., Ungerer, T.: Prediction of Indoor Movements Using Bayesian Networks. In: Strang, T., Linnhoff-Popien, C. (eds.) LoCA 2005. LNCS, vol. 3479, pp. 211–222. Springer, Heidelberg (2005) 22. Roy, A., Das Bhaumik, S.K., Bhattacharya, A., Basu, K., Cook, D.J., Das, S.K.: Location aware resource management in smart homes, pp. 481–488 (2003) 23. Russell, S.J., Norvig, P.: Artificial Intelligence: A Modern Approach, 2nd edn. Prentice Hall, Englewood Cliffs (2003) 24. Shafer, G.: A Mathematical Theory of Evidence. Princeton University Press, Princeton (1976) 25. Vintan, L., Gellert, A., Petzold, J., Ungerer, T.: Person Movement Prediction Using Neural Networks. In: First Workshop on Modeling and Retrieval of Context, Ulm, Germany (September 2004) 26. Ziv, J., Lempel, A.: Compression of individual sequences via variable-rate coding. IEEE Transactions on Information Theory 24(5), 530–536 (1978) 27. How to Build a Combined Agent Based / System Dynamics Model Logic in AnyLogic (2008), http://www.xjtek.com/file/161

Cross-Domain Interoperability: A Case Study Jukka Honkola, Hannu Laine, Ronald Brown, and Ian Oliver Nokia Research Center P.O. Box 407 FI-00045 NOKIA GROUP [email protected], [email protected], [email protected], [email protected]

Abstract. We describe a case study of the behaviour of four agents using a space based communication architecture. We demonstrate that interoperability may be achieved by the agents merely describing information about themselves using an agreed upon common ontology. The case study consists of an exercise logger, a game, a mood rendered attached to audio player and phone status observing agents. The desired scenario emerges from the independent actions of the agents.

1 Introduction Interoperability between devices and the software and applications that run on those devices is probably the major goal for many developers of such systems. This can be achieved in a number of ways: particularly through open, agreed standards or often through monopoly. Whichever particular ‘interoperability’ route is taken there will always be a plurality of standards relating to how such systems communicate [6][1]. For example, the Universal Plug and Play interoperability standard is plagued with manufacturer and device specific variations which complicate and nullify to some extent the long and complex standardization process employed to avoid this. Technologies such as the Semantic Web [2] provide enablers for solutions to these problems. Within the Semantic Web exist information representation formats such as the Resource Description Framework (RDF) [10] and the web ontology language OWL [9] which themselves build upon enablers such as XML. Using these technologies we can address and provide solutions1 to the interoperability problem. At one level there are existing solutions such as Web Services (SOAP, WSDL, UDDI etc) and various stacks of middleware for processing representation formats and preservation and reasoning about the semantics of messages. At the other, there are solutions based around more declarative mechanisms such as TripCom [11] and the space-based solutions, for example Java Spaces [4] for the transport and processing of messages and information to assist in interoperability. We do not believe that interoperability will be achieved through standardization committees, nor through standard, globally accepted semantics and ontologies but rather by the unification of semantics in a localized manner, as described in previous work [8]. 1

Plural, never singular!

S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 22–31, 2009. c Springer-Verlag Berlin Heidelberg 2009 

Cross-Domain Interoperability: A Case Study

23

In this paper we describe an approach to solving the interoperability problem through a combination of context gathering, reasoning and agents within a space-based infrastructure taking advantage of technologies such as RDF. We demonstrate this through the ad hoc integration or mash-up of a number of distinct applications to demonstrate the principles of this approach.

2 The M3 Concept The M3 system consists of a space based communication mechanism for independent agents. The agents communicate implicitly by inserting information to the space and querying the information in the space. The space is represented by one or more semantic information brokers (SIBs), which store the information as an RDF graph. The agents can access the space by connecting to any of the SIBs making up the space by whatever connectivity mechanims the SIBs offer. Usually, the connection will be over some network, and the agents will be running on various devices. The information in the space is the union of the information contained in the participating SIBs. Thus, the agent sees the same information content regardless of the SIB to which it is connected. The high-level system architecture is shown in Figure 1.

Agent Agent

Agent

Agent

M3 Space SIB SIB SIB

Fig. 1. A diagram of the general system architecture: Agents, M3 spaces and SIBs

The agents may use five different operations to access the information stored in the space: Insert : Insert information in the space Remove : Remove information from the space Update : Atomically update the information, i.e. a combination of insert and remove executed atomically Query : Query for information in the space Subscribe : Set up a persistent query in the space; changes to the query results are reported to the subscriber

24

J. Honkola et al.

In addition to the four access operations there are Join and Leave operations. An agent must have joined the space in order to access the information in the space. The join and leave operations can thus be used to provide access control and encrypted sessions, though the exact mechanisms for these are still undefined. In its basic form the M3 space does not restrict the structure or semantics of the information in any way. Thus, we do not enforce nor guarantee adherence to any specific ontologies, neither do we provide any complex reasoning2. Furthermore, information consistency is not guaranteed. The agents accessing the space are free to interpret the information in whatever way they want. We are planning to provide, though, a mechanism to attach agents directly to the SIBs. These agents have a more powerful interface to access the information and can be e.g. guaranteed exclusive access to the information for series of operations. Such agents may perform more complex reasoning, for example ontology repair or translation between different ontologies. However, they may not join any other spaces but are fixed to a single SIB and thus a single space. The M3 spaces are of local and dynamic nature, in contrast to semantic web which embodies Tim Berners-Lee’s idea of semantic web [2] as a “giant global graph”. The locality and dynamicity—we envision that the spaces will store very dynamic context information, for example—poses different challenges than the internet-wide semantic web. For example, in order to provide a true interoperability for local ubiquitous agents, the space (i.e. SIBs) will have to provide a multitude of connectivity options in addition to http: plain TCP/IP, NoTA [7], Bluetooth,. . . Furthermore, the space should be fairly responsive. While we do not aim for real-time or near real-time system, even half minute long response times for operations are unacceptable. The responsiveness is one of the factors behind the fundamental decision to not enforce any specific ontologies and allowing the agents to interpret the information freely, as it lessens the computational burden of the infrastructure. Another, and more important reason is that we explicitly want to allow mashing up information from different domains in whatever way the agents see best. Strict ontology enforcement would make this kind of activity extremely difficult as all new ways of mashing up the information would require approval from some ontology governance committee. However, as mentioned above, we still plan to provide means for ontology enforcement for cases where the space provider explicitly wishes to restrict the ways the information is used as there are bound to be also situations where this is the best approach. The information content in a M3 space may be distributed over several SIBs. The distribution mechanism assumes that the set of SIBs forming a M3 space are totally routable but not necessarily totally connected. The information content that the agents see is the same regardless the SIB where they are connected. 2.1 Applications in M3 Spaces The notion of application in M3 space is differs radically from the traditional notion of a monolithic application. Rather, as a long term vision, we see the applications as possible scenarios which are enabled by certain sets of agents. Thus, we do not see an 2

The current implementation of the concept understands the owl: sameAs concept.

Cross-Domain Interoperability: A Case Study

25

email application running in M3 space, but we could have a collection of agents present which allow for sending, receiving, composing and reading email. For this kind of scenario based notion of application, we also would like to know whether the available agents can succesfully execute the scenario. The envisioned model of using this system is that the user has a set of agents which are capable of executing certain scenarios. If a user needs to perform a new scenario that the current set of agents are not capable of executing, she could go and find a suitable agent from some directory by describing the desired scenario and the agents she already has. Thus, we need some formal or semi-formal way of describing agent behavior both with respect to the M3 space and to the environment. While there exists research addressing behavior in multi-agent systems, for example by Herlea, Jonker, Treur and Wijngaards [5], this kind of ad-hoc assembly of agents in order to execute a certain scenario seems to be quite unaddressed in current research. However, slightly similar problems have been addressed in e.g. web service orchestration research [3], but these still seem to concentrate on design-time analysis rather than run-time analysis. As for shorter term, our vision is that sets of existing applications would be enhanced by being able to interoperate and thus allow execution of (automatic) scenarios that would have been impossible or required extensive work to implement without the M3 approach.

3 The Case Study The case study consists of four agents, Exercise logger, SuperTux game, Phone line observer, and Mood renderer, running on several devices. The exercise logger and phone line observer run on Nokia S60 platform phones, and the SuperTux and mood renderer run on Nokia N800 internet tablets. The M3 space infrastructure runs on a Linux laptop. 3.1 Application Development Vision The case study setup illustrates a “legacy enhancement” approach to application development in M3 spaces. Conceptually, we added M3 space capability to existing applications (SuperTux, Mood renderer, SportsTracker, Telephony) even if the SportsTracker and Telephony were implemented as standalone simple applications for practical reasons. The starting point for the case study was a single person (as defined in Person ontology, section 3.2) who would be exercising and tracking the workouts with an exercise logger, playing computer games and listening to music. The goal was to demonstrate the benefits of interoperability between existing application, that is, to be able to execute a scenario where the SuperTux game would award extra lives for exercising, a mood renderer embedded in a media player would play suitable music depending on a game state, and the game and media player would react accordingly if the person receives a call. 3.2 Ontologies The ontologies used in this case study have been defined informally, and are not enforced in any way. The different components of the case study assume that they are used correctly. A pseudo-UML diagram of the complete ontology is shown in Figure 2,

26

J. Honkola et al. SuperTux, Mood renderer, Telephony status observer

SuperTux, Mood renderer

OperatorAccount

Game m3:sessionstart m3:sessionend m3:lives

m3:phonelinestatus

m3:player

m3:mobileaccount

All

SuperTux, Workou monitor

m3:user

Workout

Person

m3:totaldistance m3:totaltime m3:stoptime m3:username m3:starttime

m3:username

Fig. 2. An informal description of used ontologies. The using agents are named on top of the “class” box. m3:person m3:workout

m3:supertux

rdf:type rdf:type ?1

m3:user

m3:player

rdf:type

m3:username

m3:starttime ?3

?2 m3:sessionstart

"SportsTrackerUser" m3:lives

m3:totaltime m3:mobileaccount

"4" "2008−10−30T11:30:02"

?4 m3:phonelinestatus "idle"

"2008−10−29T07:02:30"

m3:stoptime "2008−10−29T08:05:12" m3:totaldistance "2053132"

"3738786"

rdf:type m3:operatoraccount

Fig. 3. An example RDF graph during the execution of scenario

and an example instantiation of the ontology when a game is being played and the phoneline is idle is shown in Figure 3. As a general note, the needs of the scenario studied drove the modeling of the ontologies. Most of the choices of what to include and what to exclude were based on the need of the information in executing the chosen scenario. A broader study might need to revisit the ontologies and generalize end expand them. The agents use different parts of the combined3 case study ontology. The Workout Monitor agent understands Workout and Person ontologies, the SuperTux agent understands all ontologies, the Telephony Observer agent understands OperatorAccount and Person ontologies, and the Mood Renderer understands Game and OperatorAccount ontologies. 3

A combination of Person, OperatorAccount, Game, and Workout ontologies.

Cross-Domain Interoperability: A Case Study

27

Person. The person ontology describes the information about a person necessary for this case study. A person can have a name (m3:username) and an operator account (m3:mobileaccount). Operator Account. The operator account ontology contains information about the phoneline status of the account. In a more realistic case, there could also be information about the phone number, used talking time, amount of data transferred etc. Workout. The workout ontology describes a generic distance-oriented workout. Thus, we include information about the length of the workout, distance traveled, person who has done the workout etc. but no information related to, for example, weightlifting where we probably would like to know the number of repeats and weights instead of time used and distance. The choice of what to include in the ontology was influenced by the information available in the SportsTracker application. Game. The Supertux game ontology includes information about the gaming session start time, stop time, lives left and player. The session start is defined to be the time when the game executable was started, showing a welcome screen. The lives value is inserted when a player starts a game, new or saved, from the welcome screen. When the player quits the game completely, that is, exits the welcome screen, the session stop time is inserted. The ontology could include also information about current score, amount of coins, field being played etc. which the mood renderer could use. 3.3 Agents Next we describe the operation of agents making up the case study. It should be noted that the agents are only communicating implicitly through the M3 space by reading the information inserted to it by other agents. Workout Monitor. The workout monitor reads SportsTracker workout files and writes a summary of the workouts to M3 space. We currently read the information related to general description of the workout and insert that in the M3 space. Any path information is ignored as we have no use for it in the current scenarios. The workout information is related to the person doing the workouts. If a person with same name as the SportsTracker username is found, we attach the workout in question to that person, otherwise we create a new person. We use an SportsTracker internal workout identifier to identify workouts so that we do not insert duplicate workouts if the monitor is run again with same workouts as before. Supertux. Supertux is a classic jump’n’run sidescroller game which has taken strong inspiration from the original SuperMario games for Nintendo. Supertux is open source and available under GPL. The ontologies related to Supertux game are the Person ontology, the Workout ontology and the Supertux ontology. Each Supertux game is assigned with player information. If the person class instance of the player can not be found from the M3 space the

28

J. Honkola et al.

game creates one and inserts player information according to the Person ontology. The person class instance also binds the player to the workout information inserted to the M3 space. Prior starting the game supertux queries workout information from the M3 space. The first query searches for all instances of the Workout class. For each found workout class instance a new query is performed in order to find out the details of the workout. If there are long and recent enough workouts performed by the player the game awards two extra lives to a game level. The game creates also an instance of itself and inserts information such as reference to the person class of the player, session start and stop time to the M3 space. In addition, the game updates how many lives the player has left during playing a game level. Every time the player looses or gains one life in the game, the game removes old livesinformation and inserts the new information to the M3 space. Telephony status observer. The telephony voice line status is part of a OperatorAccount class. Operator accounts are bound to a person i.e. it is assumed that each account belongs to a person4 . The voice line status only has two states, namely active and idle. The phone line status monitor subscribes to voice line status changes provided by Symbian’s CTelephony API. When the user dials a phone number to establish voice connection or when there is incoming call to the phone, CTelephony API provides the current voice line status to the observer application. The observer application transforms the CTelephony states (e.g. EStatusRinging, EStatusDialling, EStatusIdle, . . . ) to corresponding values defined by the OperatorAccount ontology and updates the information to the M3 space. Mood renderer. A mood renderer conceptually would have interfaces to sensory, i.e. mood rendering devices of a smart space invironment in order to cooridinate their controls according to a mood determined by its knowlege processing. The questions would be many about such knowlege for determing a mood and how to render it for a given environment. The mood renderer of the case study is a very simple start on the problem, which side-steps many issues for practical cases, while showing the essence of knowlege processing for the given concept. The mood renderer in this case study is based on music as the only rendering device, and thus, the simple assumption that music, more precisely some audio track, maps to a determinable mood, and still further, that the mapping stems solely from the state of a partical game being played and applies invariently with regard to time. This dodges questions about personal tastes and more than one person contributing to the smart space mood. In choosing a track to play, volume is not controlled, but play, pause and stop are used where appropriate. Mood rendering is based solely on two sources of information in the smart space environment. The first is an operating supertux game and the second is phone status. Note then, that this mood renderer is solely reactive to information about a dynamic smart space environment to which it belongs—for simplicity, it does not contribute information even though it clearly impacts it. Given the simplifications stated, and that the mood renderer understands the ontologies of the supertux game and telephony status observer. It follows their two independent 4

Or a group of persons—we do not prevent that.

Cross-Domain Interoperability: A Case Study

29

contributions to the smart space environment and combines them to render a mood appropriate for the state of game play, while maintaining the courtesy of pausing an audio track, if being played while any phone status of the smart space is active. The mood renderer is implemented as two persistent queries for smart space information. The first is looking for an active game in order to render its mood, and the second is looking for any phone with an active status. When an active game is found, a third persistent query, particular to this game, looks for its level of m3:lives and renders a mood as CALM, for no lives before the real play starts, and then when m3:lives exist, either “UP-BEAT” or “DOWN-BEAT” according to a threshold configuration on the number of lives. When the game ends, audio rendering is stopped. The mood renderer’s behavior can be described as follows: – Start with renderer.setTrack (NONE), renderer.setMode (STOP), and gameSelected=FALSE. – Subscribe to the call-status attribute for all phone-status-observers. Monitor subscription results, for any attibute value of “active”, if currentMode is PLAY, then do renderer.setMode (PAUSE); otherwise, if currentMode is PAUSE, do renderer.setMode (PLAY) i.e. any playing pauses during any phone call, or resumes when no phone call if paused during a game. – Subscribe to a supertux game, which has a session-start and no session-end, or session-start after session-end. Monitor subscription results, and, whenever fulfilled, first ensure that rendering is stopped and end subscriptions for any earlier game. Then render music/mood mapping for the selected game using the next subscription. – Subscribe to session-end and lives attributes of the selected game. When fulfilled, set renderer.setMood (mood), for mood according to lives as follows: • no lives: CALM i.e. game started, but not yet played. • lives above threshold: UP-BEAT • below threshold: DOWN-BEAT When session-end of game is after session-start, stop rendering and end subscriptions about this game.

4 Conclusions The idea of agents interoperating by communicating implicitly through M3 spaces worked well for this case study. We were able to execute the scenario in mind and add the phone agent to it without modifying the existing ontology. However, this work was performed inside a single team in a single company. This kind of close cooperation between people implementing the agents obviously makes things easier. Most of the work required in integrating the different agents into a coherent scenario was related to the mood renderer observing the state of the SuperTux game. The ontology did not directly provide information about all the state changes in the game. For example, when starting to play a level in the game, the mood renderer deduce this by observing the appearance of the lives attribute in the M3 space. This is however something that will probably be a very common case as the ontologies can not and

30

J. Honkola et al.

should not try to describe all possible information that some agent may need. It should suffice that the information is deducible from the explicitly stated information. Another aspect of local pervasive computing environments that was not really addressed in this case study was the handling of resources that can only be used by one agent at a time. In this case the mood renderer represents such resource (audio player), and implicitly it is usually the game that uses it as the mood renderer deduces the mood based on the game state alone. When the phone rings, the mood renderer will stop the music and continue after the call is finished. However, in a more complex case there needs to be (preferably) clear policy for each resource on who can use it. We currently think that this can be handled at the ontology level, with suitable coordination structures and an agent acting as a gatekeeper. In general, this is however a subject for further study. The basic principles of agent-dependent interpretation of information and implicit communication proved useful when the phoneline status information was added to the case study. When we only describe the information and not the actions to be taken by the agents, the agent can select suitable course of action based on the detailed knowledge of the agent in question. In this particular case, the correct course of action for the SuperTux game is to pause when the phoneline is active but not automatically resume the game when it goes idle, as the player is not necessarly ready to continue immediately after ending the call. On the other hand, the mood renderer should continue playing the music immediately after the distraction (in this case call) has ended. If we expanded the case study with more persons with each having mobile phones, the difference with mood renderer and SuperTux regarding the behavior when a call arrives would be even more. Sensible behavior for mood renderer would be to stop the music whenever anyone in the same (acoustic) location receives a call, while the game should only react to calls to the player of the game. Of course, in some cases it might be desirable to have coordinated response from a group of agents to certain events. We believe that this is best handled outside the system, by e.g. requirements in the scenario descriptions or ontology documentation. Anyhow, such coordinated responses would not apply to all agents but rather to only certain groups of agents involved in executing a given scenario. An obvious next step related to the interoperability hypothesis is to have external research partners extend the demo with agents implemented outside Nokia. This would clarify the required level of ontology and agent behavior description as the communication would then approximate more the real world case where the agents would be implemented by multiple vendors.

Acknowledgements The authors would like to thank Vesa Luukkala for helping with ontology modeling, and Antti Lappetel¨ainen for helpful comments.

References 1. Bergamaschi, S., Castano, S., Vincini, M.: Semantic Integration of Semi-structured and Structured Data Sources. SIGMOD Record 28(1), 54–59 (1999) 2. Berners-Lee, T., Hendler, J., Lassila, O.: The semantic web. Scientific American (May 2001)

Cross-Domain Interoperability: A Case Study

31

3. Foster, H., Uchitel, S., Magee, J., Kramer, J.: Compatibility verification for web service choreography. In: Proceedings of IEEE International Conference on Web Services, July 6-9, pp. 738–741. IEEE, Los Alamitos (2004) 4. Freeman, E., Hupfer, S., Arnold, K.: JavaSpaces Principles, Patterns and Practice. AddisonWesley, Reading (1999) 5. Herlea, D.E., Jonker, C.M., Treur, J., Wijngaards, N.J.E.: Specification of Bahavioural Requirements within Compositional Multi-agent System Design. In: Garijo, F.J., Boman, M. (eds.) MAAMAW 1999. LNCS, vol. 1647, pp. 8–27. Springer, Heidelberg (1999) 6. Lewis, G.A., Morris, E., Simanta, S., Wrage, L.: Why Standards Are Not Enough To Guarantee End-to-End Interoperability. In: Proceedings of 7th IEEE International Conference on Composition-Based Software Systems (ICCBSS), Madrid, Spain, February 25–29. IEEE, Los Alamitos (2008) 7. Network on terminal architecture (November 2008), http://www.notaworld.org 8. Oliver, I., Honkola, J.: Personal Semantic Web Through A Space Based Computing Environment. In: Second IEEE Interntional Conference on Semantic Computing, Santa Clara, CA, USA, August 4-7. IEEE, Los Alamitos (2008) 9. Web ontology language, http://www.w3.org/2004/OWL/ 10. Resource description framework, http://www.w3.org/RDF/ 11. Teymourian, K., Nixon, L., Wutke, D., Krummenacher, R., Moritsch, H., K¨uhn, E., Schreiber, C.: Implementation of a novel semantic web middleware approach based on triplespaces. In: Second IEEE International Conference on Semantc Computing, Santa Clara, CA, USA, August 4-7, pp. 518–523. IEEE, Los Alamitos (2008)

A Topology Based Approach for Context-Awareness in Smart Environments Antonio Coronato and Giuseppe De Pietro Institute of High Performance Computing and Networking ICAR-CNR, Via P. Castellino 111, 80131, Naples - Italy [email protected], [email protected]

Abstract. This paper presents logic models and mechanisms to achieve context awareness and future context awareness. The proposed approach relies on handling the topology of the physical environment. We describe methods and tools to specify and implement topology services that can provide mechanisms for both rapid prototyping application services and handling context awareness information. Finally, we report some case studies and applications of the proposed approach1 .

1

Introduction

Ambient intelligence and Smart Environments are emerging discipline and technologies that brings intelligence to our common physical environments. Such intelligent environments relies on the use of a large variety of sensors and sensor networks, smart objects and devices, artificial intelligence technologies, etc. The resulting environments are systems capable of knowing and understanding the physical and virtual context of users and objects and responding intelligently to such knowledge [3]. This paper proposes logic models ed implementation mechanisms to achieve context-awareness in smart environments. All solutions are based on the physical topology of the environment. The logic model relies on the classification of locations in two classes: semantic (Rooms, Corridors, Laboratories, Floors, etc.) and physics (the area sensed by a short range RFID, the one sensed by a temperature sensor, the one covered by a WiFi access point, etc.). Since the physical locations are the ones sensed by sensors and positioning systems, whereas context-aware services and applications need semantic locations (e.g. in which room is the user? Where is he going to? Which is the temperature of the laboratory? etc.) we have defined a logic model that joins semantic locations and physical locations by means of a virtual concept that we named Atomic Location. In addition to this, we have defined logic models to represents properties like the contiguity and distance of locations. This makes the environment capable of inferring several kind of situations. 1

This work has been partly supported by the project OLIMPO within the POR Misura 3.17 funded by the Regione Campania.

S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 32–41, 2009. c Springer-Verlag Berlin Heidelberg 2009 

A Topology Based Approach for Context-Awareness in Smart Environments

33

The logic models are only part of the contribution of this paper. In addition, we have also provided a set of formal tools that enable the designer to specify the topology and some dynamic aspects in a rigorous and verifiable way and a set of ontologies and rules that enable the developer to implement intelligent mechanisms for context-awareness. The choice of formal tools is due to the fact that smart environments and ambient intelligence are more often applied to critical scenarios (e.g., healthcare, emergency situations, disaster recover, etc.). As well known from literature, they represent an effective tool to prevent faults [3]. The rest of this paper is organized as follows. Section 2 presents the logic models. Section 3 describes the formal tools that we apply to specify the topology. Section 4 presents the ontology on which relies our context-service and the rules that make it able to infer context information. Finally, Section 5 concludes the paper.

2

Logic View

The approach presented in this paper relies on a topology model that we have defined to provide a unique and uniform representation for location information, independently of the particular positioning system. The model is based on the concepts of physical and semantic locations. These notions are not new in literature [2], but we have partially re-elaborated them [5]. A physical location specifies the position of a mobile entity and is characterized by different granularities and scopes, depending on the particular positioning system adopted. Instead, a semantic location specifies the meaning of a location and usually groups more physical locations. As an example, GPS coordinates represent physical locations, whereas a semantic location can be a building, an office inside a building, a meeting room, an area in front of a wall-monitor, etc. The proposed model describes physical locations as the proximity to wellknown points. The technique of proximity is applicable when the environment is equipped with sensors to reveal the presence of mobile users, or with positioning systems to detect the position of mobile devices. In such cases, a sensor/positioning device, which covers a specific area, defines a physical location corresponding with the covered area. In the model, the covered area is called SensedArea. Let us show an example with two specific positioning systems. The former relies on the Wi-Fi technology to locate Wi-Fi enabled mobile devices. The latter uses RFID identification systems to locate RFID tagged mobile users. Corresponding sensed areas are: – Wi-FiSensedArea, which is identified by the physical area covered by a specific Wi-Fi AP, i.e. the region in which the AP is able to grant access to a Wi-Fi mobile device; – RFIDSensedArea, which is identified by the physical area covered by a specific RFID reader; i.e., the region in which the RFID reader is able to detect an RFID tagged user.

34

A. Coronato and G. De Pietro

In addition to these, a set of semantic locations, like Building, Floor, Room and Corridor, have been defined. Finally, the concept of AtomicLocation is used to represent the linking element between physical and semantic locations. Its physical dimension corresponds with the one of the SensedArea of the finest positioning system in the environment. In the proposed example, an AtomicLocation corresponds with an RFIDSensedArea because an RFID reader covers a smaller area than the one covered by a Wi-Fi AP. As shown in figure 1, the concept of AtomicLocation is used to build a grid of locations in the physical environment (AtomicLocation Perspective). Therefore, some RFID readers are positioned in order to match with AtomicLocations. Not all the AtomicLocations are covered by an RFIDReader (RFIDSensed Perspective). Differently, each Wi-Fi AP spreads a signal over many AtomicLocations (Wi-FiSensedArea Perspective). Finally, semantic locations in turn group many atomic locations and correspond with well defined physical spaces (SemanticLocation Perspective). As a result, relationships between sensed areas and semantic locations are built by means of atomic locations. This makes the model able to adapt easily

Fig. 1. Logic Models

A Topology Based Approach for Context-Awareness in Smart Environments

35

Fig. 2. Contiguity relationships between locations

to changes like the introduction of new positioning systems or the definition of new semantic locations. The introduction of a new positioning system obviously means that the physical dimension of an atomic location has to be changed, but the location model still remains applicable. This model provides some mechanisms that enable the conferring of semantic to some information. As an example, in addition to the localization problem that has already been discussed, let us focus on the setup of sensors, for example a temperature sensor. Let us also suppose that there’s the environment is equipped with a topology service that handles the topology model. When the sensor is installed, the topology service is updated with information on i) the new resource; ii) its location; and, iii) its covered area. From then on, all information coming from that sensor are associated to the covered area; that is, the sensed temperature is the temperature of the covered area. Another aspect, which is relevant to our aims, is the contiguity of locations. We say that two locations (L1 and L2 ) are contiguous if it is possible to move from L1 to L2 directly and viceversa. The relation of contiguity among locations is logically represented by bi-directional graphs as the one shown in figure 2. In the graph, the weight of each arch, d(x,y), represents the distance among the locations Lx and Ly or the minimum time a mobile entity needs to move from the starting location to the destination. This model is useful for tow main reasons. First, the system can predict the future position of a moving user. For an example, in a museum the visitor who is in a room will next be in one of the contiguous rooms. As a result, the system can prepare its resources depending on the future position. Second, this can help in detecting and avoiding inconsistencies. As a matter of fact, a tracking system can easily detect a large set of false positive using the concepts of distance and time.

3

Specification View

In this section we briefly describe some formal tools adopted to specify the topology of a smart environment and several dynamic aspects.

36

3.1

A. Coronato and G. De Pietro

Ambient Calculus

Ambient Calculus was proposed by Luca Cardelli and Andrew Gordon to describe the movement of processes and devices. It is a framework that derives from π-calculus [9]. In Ambient Calculus, all entities are described as processes. An important kind of process is an ambient, which is a bounded place where computation happens. An ambient delimits what is and what is not contained and executed within it. Each ambient has a name and can be moved as a whole, into and out of other ambients, by performing in and out operations. Ambient Calculus allows a description of complex phenomena in terms of creation and destruction of nested ambients, and movement of processes into and out of these ambients. In Ambient Calculus, n[P] represents an ambient, n is the name of the ambient, and P is the process running inside it. The process “0” is the one that does nothing. Parallel execution is denoted by a binary operator “|” that is commutative and associative. “!P” denotes the unbounded replication of the process P within its ambient. The following expression n[P1 | . . . | Pj | m1 [...] | . . . | mk [...]]

describes an ambient with the name, n, that contains j processes with the names P1 , ..., Pj and k ambients with the names m1 , ...mk . Figure 3 reports the equivalent graphic representation.

Fig. 3. Ambient Calculus: Graphical Representation for Ambients

Some processes can execute an action that changes the state of the world around them. This behavior of processes is specified using capabilities. The process M.P executes an action described by the capability M, and then continues as the process P. There are three kinds of capabilities, for entering (in), for exiting (out ) and for opening up (open) an ambient, respectively. Figure 4 shows these three capabilities. The process “in m.P” instructs the ambient surrounding “in m.P” to enter a sibling ambient named m. The reduction rule, which specifies the change in state of the world is: n[in m.P] | m[Q] → m[n[P] | Q] (a)

The action “out m.P” instructs the ambient surrounding “out m.P” to exit its sibling ambient named m. The reduction rule is: m[n[out m.P] | Q] → n[P] | m[Q] (b)

A Topology Based Approach for Context-Awareness in Smart Environments

37

Fig. 4. Ambient Calculus: Capabilities

The action “open m.P” provides a way of dissolving the boundary of an ambient named m located at the same level as open. The rule is: open m.P | m[Q] → P | Q (c)

Output and input actions are respectively denoted by “M.P” and “(x).P”, to release and capture capabilities. Finally, the restriction operator (Vn)P creates a new (unique) name n within a scope P. The new name can be used to name ambients and to operate on ambients by name. 3.2

Ambient Logic

Ambient Logic is a temporal (modal) logic that allows the expression of properties with respect to a specific location (ambient). Logical formulas in ambient logic include i) those defined for propositional logic, like negation (¬), disjunction (∧), and conjunction (∨); ii) universal (∀) and existential (∃) quantifications, as in first-order-logics; iii) eventually (3) and always () temporal operators, as in temporal logics; and, in additionto classic  logics, iv) spatial operators such as somewhere ( ) and everywhere ( ). The satisfaction relation P |= A means that the process P satisfies the closed formula A (i.e. A contains no free variables). More specifically, the formula P |= A@L means that the process P satisfies the closed formula A at the location L. In the temporal modality, the relation P → P0 indicates that the ambient P can be reduced to P0 using exactly one reduction rule. Similarly, in the spatial modality, the relation P ↓ P0 indicates that the ambient P contains P0 within exactly one level of nesting.

38

3.3

A. Coronato and G. De Pietro

Real-Time Temporal Logic

Despite their name, temporal logics (e.g. Ambient Logic) do not provide mechanisms for reasoning about “time” in a quantitative sense; i.e. they do not enable you to express real-time constraints. For this reason, several extensions to temporal logics have been proposed [1], which fall into two categories: explicit time logics or implicit time logics. For the rest of the paper, we will refer to the Real-Time Temporal Logic (RTTL), which is an explicit time formalism that relies on the use of a special variable T to indicate the value of time at any state and use first-order quantification over that variable to make real-time assertions. With this logic, the formula: ∀ t ≥ T0 : (α ∧ t=T )

means that for any instant after T0 , α is always true. 3.4

Application of Such Formal Tools

This sub-section shows how to apply the formal tools presented so far. In particular, as first it should be provided a structural view of the topology. To achieve this, we use Ambient Calculus, each location being an ambient. Indeed, we can model a room as an ambient of ambient calculus. The room contains resources that are steel described as ambients and is located at a floor, which is also an ambient. Next, we can describe the movements that mobile entities (users and resources) can perform within the environment by means of the in and out capabilities (users are modeled as ambients as well). Finally, constraints regarding the movements within the environment and the temporal duration of movements can be specified using Ambient Logic and the Real Time Temporal Logic respectively.

4

Implementation View

Our implementation relies on the use of Formal Ontology and reasoners. In literature one can find many definitions of ontology. For the purposes of this work, we are interested in ontology as a formal tool for modeling domains [6]. Main elements to take into account in an ontology are classes, sometimes called concepts, which represent entities of the domain being modeled, and relations among classes. A class can have subclasses that represent concepts, which are more specific than the superclass, and instances, which are elements of the real world classified as members of a class. In practical terms, developing an ontology includes: 1. 2. 3. 4.

defining the classes in the ontology; arranging the classes in a taxonomic (subclass–superclass) hierarchy; defining the relations; figuring out relations among classes and entities.

A Topology Based Approach for Context-Awareness in Smart Environments

39

In the proposed methodology, ontology is used to define, in a formal and unambiguous way, all the entities (resources, services, users, etc.) involved in the application domain being designed, and the relations among them. Relations are formally defined as primitives [6] by specifying their meaning and what mathematical properties (reflexive, transitive, commutative, etc.) they satisfy. Figure 5 presents an example of ontology.

Fig. 5. Ontology

It is quite obvious that a Building contains one or more Floors, which, in turn contain Rooms, Corridors, Laboratories, etc. These are semantic locations that are related to physical locations through Atomic Locations. Thus, physical locations like RFID Sensed Area, WiFi Sensed Area, Temperature Sensed Area, etc, as well as semantic locations, maps some atomic locations. It is important to note that other concepts, not reported in the figure, are related to atomic locations. Indeed, each sensor (e.g. RFID Reader, WiFi Accecc Point, Temperature Sensor, etc.) is physically installed in a specific atomic location. At the same way, a User moves from atomic locations to atomic locations. The difference between the relations contains and maps is that the latter one doesn’t imply a perfect correspondence between the locations. In other words, we can say, for example, that a WiFi sensed area contains (maps) a specific atomic location with a certain degree of approximation due to the variability of the electromagnetic fields. On the contrary, a floor contains completely a room without uncertainty. The relation isContiguous has already been defined in section 2. On top of the ontology it is possible to specify several rules that enable the system to infer context information. For example, rules can represent the logic and reasoning mechanisms the environment utilizes to choose the location information with the most proper level of granularity when a mobile object is located

40

A. Coronato and G. De Pietro

Fig. 6. Rules

by more than one positioning system. To achieve this aim, we report in figure 6 two SWRL rules we have realized, built on the previous ontology. In detail, the first rule makes the environment able to conclude that, if a mobile entity is sensed by an RFID reader, then it is located in the atomic location associated with the sensed area covered by that RFID reader. The second rule enables the environment to conclude that, if a mobile entity is sensed by a Wi-Fi access point and is not sensed by an RFID reader, then it is located in the atomic location associated with the sensed area covered by that Wi-Fi access point. When a mobile entity is sensed by both an RFID reader and a Wi-Fi AP, both the rules shown above enable the environment to choose the atomic location with the finest granularity. As a matter of fact, since the mobile entity is sensed by an RFID reader, the condition of the second rule is not verified. Otherwise, the condition of the first rule is verified and, thus, the environment concludes that the mobile entity is located in the atomic location associated with the sensed area covered by the RFID reader. In addition to this, it is possible to conceive other rules (not reported for the sake of brevity) that equip the environment with mechanisms to: 1. assign semantic; as an example, the temperature sensed by a temperature sensor, which is located in an atomic location, is automatically considered as the temperature of the Temperature Sensed Area associated to that atomic location; 2. predict future position of a user; from the current position the user can move only in semantic location that is contiguous to the current one; 3. avoid inconsistent location detections; if a user is located in a location “far” (by considering the physical distance and the minimum time a user needs to move) from the last one in which he has been correctly located, the location system is faulty.

A Topology Based Approach for Context-Awareness in Smart Environments

5

41

Conclusions

In this paper we have presented logic models and implementation mechanisms to achieve context-awareness in smart environments. All solutions are based on the physical topology of the environment. In addition to this, we have presented a framework of formal tools that enable designers to specify in rigorous and verifiable way several aspects of a topology, both static and dynamic. Such a choice has been motivated considering that more often smart environments and smart technologies are applied to critical scenarios, for which a good practice is to specify requirements and functionalities in an unambiguous way. Such solutions appear to be effective in providing smart environments with intelligent facilities.

References 1. Heitmeyer, C., Mandrioli, D.: Formal Methods for Real-Time Computing. John Wiley & Sons, Inc., Chichester (2004) 2. Pradhan, S.: Semantic locations. Personal Technologies 4(4), 213–216 (2000) 3. Cook, D.J., Augusto, J.C., Jakkula, V.R.: Ambient intelligence: Technologies, applications, and opportunities. Pervasive and Mobile Computing (April 15, 2008) (in press) (accepted manuscript), ISSN 1574-1192, doi:10.1016/j.pmcj.2009.04.001, http://www.sciencedirect.com/science/article/B7MF1-4W2W5PH-1/2/ 7ac602bb16ca409e2f70c13aa24ae0d5 4. Saha, G.K.: Software fault avoidance issues. ACM Ubiquity 7(46), 1–15 (2006) 5. Coronato, A., De Pietro, G., Esposito, M.: A Multimodal Semantic Location Service for Intelligent Environments: An Application for Smart Hospitals. Journal of Personal Communications (to appear) 6. Guarino, N.: Formal Ontology, Conceptual Analysis and Knowledge Representation. International Journal of Human-Computer Studies. Special Issue on Formal Ontology, Conceptual Analysis and Knowledge Representation (1995) 7. Cardelli, L., Gordon, A.D.: Ambient logic. Theoretical Computer Science. Elsevier (ed.) (June 2000) 8. Cardelli, L., Gordon, A.: Anytime, anywhere modal logics for mobile ambients. In: 27th ACM Symposium on Principles of Programming Languages (2000) 9. Milner, R.: The Pi Calculus and Its Applications (Keynote Address). In: Int. The Proc. of the 1998 Joint International Conference and Symposium on Logic Programming. MIT Press, Cambridge (1998)

Anonymous Agent Coordination in Smart Spaces: State-of-the-Art Alexander Smirnov1, Alexey Kashevnik1, Nikolay Shilov1, Ian Oliver2, Sergey Balandin2, and Sergey Boldyrev2 1 SPIIRAS, 39, 14 line, 199178, St.Petersburg, Russia {smir,alexey,nick}@iias.spb.su 2 Nokia Research, Itämerenkatu 11-13, 00180, Helsinki, Finland {ian.oliver,sergey.balandin,sergey.boldyrev}@nokia.com

Abstract. Development of new technologies brings people new possibilities such as smart spaces. Smart spaces can provide better user experience by allowing a user to connect new devices flexibly and to access all the information in the multi device system from any of the devices. The paper describes work-in-progress performed under a joint project of SPIIRAS and Nokia. The project is aimed at the analysis of existing anonymous agent coordination languages and adaptation of them to coordination of smart space devices. Keywords: smart space, coordination, anonymous agents.

1 Introduction Modern device usage is moving towards so called “smart spaces” where a number of devices can use a shared view of resources and services [1, 2]. Smart spaces can provide better user experience by allowing a user to bring in new devices flexibly and to access all the information in the multi device system from any of the devices. Examples of smart spaces can be found in [3, 4, 5]. As is assumed by such environment, one of the essential features is the information sub-system that should provide a permanent robust infrastructure to store and retrieve the information of different types from the multitude of different environment participants. Further development of Smart Spaces methodologies and techniques is a key for creating attractive use case studies and building the developer eco-system in the future. In the previous project [6] a good grounding to start implementing some of the key ideas of Smart Spaces has been prepared. In the earlier definitions of Smart Space no coordination between agents has been considered yet. However, in reality there is a need for some coordination between the agents, e.g. for resolving conflicts of simultaneous access to the shared data resource. The main focus of this paper is analyzing the state-of-the-art in the area of agent coordination languages and mechanisms of conflict resolution in at the time of agent coordination. S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 42 – 51, 2009. © Springer-Verlag Berlin Heidelberg 2009

Anonymous Agent Coordination in Smart Spaces: State-of-the-Art

43

The analysis of the state-of-the-art is performed taking into account earlier developed reference model of the smart space [6] and additional requirements such as agents anonymity and compatibility with the developed approach.

2 Reference Model of Smart Space The general reference model of the profile-based context-aware smart space is illustrated by Fig. 1. Each node (a logical unit capable to perform some actions depending on information units stored in accessible information storages) can be located at several physical devices or several nodes can be located at one physical device. A node can access a predefined limited set of information storages to acquire information units from them. The nodes exchange information units (IU) / fragments, which are stored in the distributed storage accessible by the nodes of the smart space. Domain Ontology

Configurator Node User User Service Service

User Node 1

…

User Node k

Distributed Information Unit/Fragment Storage Node 1 … Node n

User Profile

User Profile

Node Profiles Context Context History

Fig. 1. Reference model of the information recycling-enabled smart space

IU represents a logical expression: “subject”-“predicate”-“object” = [true | false]. Subject is usually an actor (human or node that performs or is supposed to perform a certain action, e.g. a multimedia centre). Predicate is an action that has to be performed (e.g., “playing music”). Object points to the target with which the action has to be performed (e.g., a song being played). Information fragment – is an IU extended by the “precondition” statement, which defines when the appropriate information unit is valid, and also might include the “post-condition” statement. The post-condition is aimed to describe what is supposed to be done when the precondition is met the information unit is hold. Each information fragment may consist of several preconditions, information units and post-conditions. The ontology defines possible capabilities of the nodes in the smart space and sets some constraints on these capabilities in the form of IUs and information fragments, which are stored in the information storages. The information storages can be physically located at one or several physical devices or several information storages can be located at one physical device. IUs can

44

A. Smirnov et al.

be transferred between information storages in order to become accessible to appropriate nodes. To estimate the efficiency of the information allocation the cost function has been introduced. The “cost” of IU transfer can be calculated as a sum of IU transmission and IU receiving costs. These costs are different for different information storages. However, cost of IU transmission from the given information storage is constant and does not depend on the destination information storage. Analogously, the cost of IU receiving for a given information storage is constant and does not depend on the transmitting information storage. To increase the efficiency of the smart space operation the personification is required. For this purpose the users and devices have to be described by a set of characteristics required for interaction with other nodes. User nodes communicate with user profiles. The user profiles are stored in information storages accessible by user nodes and contain the following information: - User identification and auxiliary information (user ID, name, personal data, contact information such as e-mail, mobile phone, etc.) - User privacy policies (e.g. calendar can be shared with certain configurator nodes, phonebook cannot be shared) - User preferences (detectable rules of the user preferred behaviour, e.g., microphone loudness, light brightness, etc.). Models and algorithms for detection of the user preferences is out of the scope of the project. Node profiles help to communicate with various nodes. The node profile is stored in an information storage accessible by the configurator node and contains the following information: - Node identification (its ID and name) - Possible statuses of the node (e.g., light is on, 30% brightness) - Node capabilities (what the node can do) - described via a domain ontology The context describes the current status of the smart space. It is represented by the set of statuses of nodes constituting the smart space. The context forms a part of the information environment where the nodes interact [6]. In the current project the information environment is a smart space. The urgency of the information contained in the context can be defined in relation to all nodes taking part in the information exchange. In course of time the context changes, thus a new context appears. The context history stores these contexts. The history of contexts enables: (i) information recycling (in what conditions an information unit/fragment was actual), (ii) finding behaviour patterns for users (user preferences), and (iii) finding behaviour patterns for nodes (anticipation of node statuses). User nodes can use additional modules (e.g., user nodes can apply to the calendar in order to get information about current user’s appointments). This interaction can be done via exchange of same information units. E.g., having access to the current smart space context the calendar can generate information unit that the user is going to have a presentation in the room, where he/she is now. One of the major principles of the smart space organisation is that the participating agents do not know about the presence of each other. There are no any direct links between them (Fig. 2). Each agent can put facts (information units) into the smart

Anonymous Agent Coordination in Smart Spaces: State-of-the-Art

45

space (shared information storage), which are accessible by other participating agents, read them and modify. But it is left unknown which agent put each particular information unit (an agent only knows which information units were put by it). In this study the agents are considered to be non-antagonistic, i.e. they do not put information with an intention to disturb/destroy the smart space. The issues of security are out of the scope of this study. The problem of simultaneous access to the shared information is similar to that in the database management systems. It is necessary to make sure that the information units stored cannot be simultaneously modified and read or modified and deleted, etc. This mechanism used in the database management systems is referred to as transactions. In smart spaces such a mechanism has to be developed and described using ontology.

Agent 1

X

Agent 2

I/F

Shared Information Storage Fig. 2. Communication of anonymous agents

As a result the requirements and associated problems have been formulated as criteria for the state of the art (Table 1). Table 1. Requirements and associated problems Problems to be solved Agent anonymity Conflict resolution Coordination Control flow Interoperability Information transfer Information consistency

Requirements Anonymity in terms of “agents’ knowing each other” Avoiding problems arising from simultaneous access (read/delete/update) to shared information Compatibility with the approach Information driven control has to be provided Interoperability has to be supported by ontologies Compatibility with information transfer via information units (RDF triples) Checking of relationships between information units

3 State-of-the-Art: Results Studied research efforts consider the agent coordination problem from different aspects. These include: agent coordination languages [7-22], coordination of entities

46

A. Smirnov et al.

[23-27], and conflict resolution at the time of agent coordination [28-30]. Such review made it possible to cover all problems set (see Introduction). Below the summary of the technologies and techniques used for problem resolution is presented. 3.1 Agent Anonymity All considered works can be split into two major groups: (i) agents communicate directly and (ii) agents communicate through a certain information space (tuple space, dataspace, shared space of information, etc.). In the latter case the direct communication between agents assumes certain knowledge of each other. The former case is very similar to the smart space philosophy where agents share information via putting it into the shared storage. The Encapsulation Coordination Model (ECM) [18] also assumes anonymous communication through specific communication means, but this approach is not compatible with the smart space approach. 3.2 Conflict Resolution In this section the conflict is considered as a problem of simultaneous access to the shared information is similar to that in the database management systems. Three major techniques for solving this problem have been considered. The database transactions guarantee that database operations are processed reliably, without data corruption. They also provide for information consistency by checking records in the related tables. The semaphores are technique preventing simultaneous access to the same piece of information by two or more entities. They are implemented via variables and have a number of disadvantages (e.g., a semaphore can be locked and not released, deadlocks may occur). The elaboration of semaphores is the technique of monitors. The monitors are usually integrated in compilers or interpreters to enable transparent locking and unlocking of jointly used resources. In the current project the technique of semaphores is planned to be used with elements of the transaction and monitor mechanisms. 3.3 Control Flow Two types of control flows are usually identified: event-driven control and information-driven control. The event-driven control assumes the following behavior “do something if a certain event occurs”. This is the most common way of creating information systems, which assumes production, detection, consumption of, and reaction to events [31]. For example, when a as soon as the temperature in the room decreases below given level the heating is switched on. Information-driven control assumes presence of intelligence. E.g., an agent may decide to “do something if certain knowledge becomes available”. To make this work, the idea of information must be treated in such a way as to give semantic properties (meaning, content) a role in the explanation of system behaviour. On this interpretation, some of the behaviour of information-driven control systems is causally explained by the statistical correlations that exist between internal states and the external conditions about which they carry information [32, 33]. Simple examples include computing systems that support instructions like: if then

Anonymous Agent Coordination in Smart Spaces: State-of-the-Art

47

else . However, the way a condition works may change conditionally under other controls. For example, the way A influences B can depend on C [34]. The major difference is that in the information driven control a performed action is not necessarily related to the new knowledge. This new knowledge can be used by an agent to clarify some existing knowledge that, in turn, becomes the reason for the action [35]. In the smart space approach corresponds to the information-driven control due to the fact that actions are performed by the agents depending on the information available in the shared storage. 3.4 Information Transfer Information transfer formalisms in the reviewed approaches can be divided into two major groups: (i) formalisms specifically developed for particular tasks/projects, and (ii) commonly used formalisms. The first group includes: - tuple based formalism {“a string”, 15.01, 17, “another string”} [9]; - XML dataspaces [8]; 3 foo blahblah 17 - rule based predicates [21] adjacent(X,Y), location(robot, X), location(car, X) The second group includes RDF formalism, i.e. the whole document can be seen as a set of subject-predicate-object triples [27]: {:John :Loves :Mary}. Since in the smart space approach the formalisms are planned to be used by various devices the usage of specifically developed formalisms is not reasonable. Among the commonly used formalisms the rule-based predicates and tuples can be mentioned. The latter are well compatible with RDF used in smart spaces, which is basically an RDF triple. As a result the techniques used in approaches assuming tuple-based information exchange can be considered as compatible with the smart space approach. 3.5 Coordination 3 techniques of coordination are used: - Negotiation - Organizational structuring - Multiagent planning Generally speaking, all three techniques can be called negotiation. However, there is some difference. While pure negotiation assumes information exchange and following certain behavior strategies by agents, the organizational structuring techniques try to

48

A. Smirnov et al.

provide this by supplying an a priori organization by long-term relationships between agents [17], (e.g., master/slave). Multiagent planning assumes existence of a certain planning engine that produces action plans for all agents to follow taking into account their capabilities and preferences. Since the smart space approach assumes the information driven control and consists of anonymous agents the negotiation mechanisms could not be directly implemented. The reason for that is that negotiation assumes direct communication between agents, which is not possible in case of agents’ anonymity and interaction through an information space. However, certain scenarios might involve elements of other coordination techniques such as multiagent planning (e.g., in a conference room the planning node may create presentation schedules for participants). 3.6 Interoperability In most systems the communication between agents is provided by the common understanding of messages, which in turn is supported by ontologies. In other systems the interoperability is achieved via using the same limited specified language but this is not applicable to the smart space approach. In technical level interoperability can be achieved using techniques like web-services, which has a unified description language WSDL and protocol for structuring messages exchange SOAP (e.g., [36]). There are following approaches for determine the degree of interoperability between two systems. The paper [37] introduces the five Levels of Conceptual Interoperability Model: - “System Specific Data”, no interoperability between two systems. Data is used within each system in a proprietary way with no sharing. - “Documented Data”, data is documented using a common protocol, such as the Object Model Template and is accessible via interfaces. - “Aligned Static Data”, data is documented using a common reference model based on a common ontology. - “Aligned Dynamic Data”, the use of the data within the federate/ component is well defined using standard software engineering methods such as UML. - “Harmonized Data”, semantic connections between data that are not related concerning the execution code is made obvious by documenting the conceptual model underlying the component. Usage of the ontologies is perfectly compatible with the smart space approach (Aligned Static Data interoperability level). Though, in different projects different knowledge representation formalisms are used (RDF, plain XML, other formalisms) this is not a critical difference and the technologies/techniques used in such projects can be easily adapted. 3.7 Information Consistency To provide for information consistency two techniques have been found. The first one is used in database transactions. They preserve the consistency of the information in the information space (tuple space, XML dataspace, etc.), e.g., if a records is deleted, the other records depending on it will be deleted automatically. The other technique

Anonymous Agent Coordination in Smart Spaces: State-of-the-Art

49

assumes usage of reasoners compatible with the information representation formalism (RDF). This will make it possible to avoid information inconsistencies in the shared storage. Since in the presented approach the consistency of the information inside the smart space is not important to a certain degree, these problems will not be considered.

4 Conclusion The preliminary list of techniques can be formulated as follows. For resolving the problem of simultaneous access to information the techniques of semaphores and monitors will be used. The particular implementation issues are a subject of the future research. For resolution of conflicts of interests the techniques of organizational structuring and multiagent planning are to be applied. And for interoperability support the technology of ontology management together with the RDF are to be applied. The presented results are work-in-progress. The future work will include development of anonymous agent coordination/behavior strategy. For this purpose it is planned to choose the “driver” techniques and technologies defined as the basis with their further adaptation to the smart space approach and testing through a case study. Acknowledgments. The paper is due to the joint project between SPIIRAS and Nokia Research.

References 1. Oliver, I., Honkola, J.: Personal Semantic Web Through A Space Based Computing Environment. In: Middleware for Semantic Web 2008 at ICSC 2008, Santa Clara, CA, USA (2008) 2. Oliver, I., Honkola, J., Ziegler, J.: Dynamic, Localised Space Based Semantic Webs. In: WWW/Internet Conference, Freiburg, Germany (2008) 3. Oliver, I.: Design and Validation of a Distributed Computation Environment for Mobile Devices. In: European Simulation Multiconference: Modelling and Simulation 2007, Westin Dragonara Hotel, St.Julian’s, Malta, October 22-24 (2007) 4. Oliver, I., Nuutila, E., Seppo, T.: Context gathering in meetings: Business processes meet the Agents and the Semantic Web. In: The 4th International Workshop on Technologies for Context-Aware Business Process Management (2009) 5. Jantunen, J., Oliver, I., Boldyrev, S., Honkola, J.: Agent/Space-Based Computing and RF memory Tag Interaction. In: The 3rd International Workshop on RFID Technology Concepts, Applications, Challenges (2009) 6. Smirnov, A., Krizhanovsky, A., Shilov, N., Lappetelainen, A., Oliver, I., Boldyrev, S.: Efficient Distributed Information Management in Smart Spaces. In: Proceedings of the Third International Conference on Digital Information Management (ICDIM 2008), UK, London, November 13-16, pp. 483–488 (2008); [Electronic Resource], IEEE Catalog Number: CFP08DIM-CDR, ISBN: 978-1-4244-2917-2 7. 3APL An Abstract Agent Programming Language, http://www.cs.uu.nl/3apl/

50

A. Smirnov et al.

8. Cabri, G., Leonardi, L., Zambonelli, F.: XML Dataspaces for Mobile Agent Coordination. In: Proceedings of the 2000 ACM Symposium on Applied Computing, pp. 181–188 (2000) 9. Carriero, N., Gelernter, D.: Linda in context. Artificial Intelligence and Language Processing, Cohen, J. (ed.) 32(4), 444–458 (1989) 10. Castellani, S., Ciancarini, P., Rossi, D.: The ShaPE of ShaDE: a coordination system. Technical Report UBLCS, Dipartimento di Scienze dell’Informazione, Università di Bologna, Italy (1995) 11. Ciancarini, P., Knoche, A., Tolksdorf, R., Vitaly, F.: PageSpace, An Architecture to Coordinate Distributed Applications on the Web. In: Fifth International World Wide Web Conference, Paris (1996) 12. Barbuceanu, M., Fox, M.: COOL: A Language for Describing Coordination in MultiAgent Systems. In: Proceedings of the First International Conference oil Multi-Agent Systems (ICMAS 1995), pp. 17–24 (1995) 13. Dastani, M., Dignum, F., Meyer, J.: Autonomy and Agent Deliberation. In: Proceedings of The First International Workshop on Computatinal Autonomy - Potential, Risks, Solutions, Melbourne (2003) 14. Agent Communication Language, Foundation for Intelligent Physical Agents, FIPA, Ver. 1.0, Part 2 (1997) 15. Hindriks, K., de Boer, F., van der Hoek, W., Meyer, J.-J.C.: Agent programming in 3APL. Autonomous Agents and Multi-Agent Systems 2(4), 357–401 (1999) 16. Katasonov, A., Terziyan, V.: Semantic Agent Programming Language (S-APL): A Middleware Platform for the Semantic Web. In: 2nd IEEE International Conference on Semantic Computing, Santa Clara, USA, pp. 504–511 (2008) 17. Schumacher, M., Chantemargue, F., Hirsbrunner, B.: The STL++ Coordination Language: a Base for Implementing Distributed Multi-Agent Applications. In: Third International Conference, Coordination Languages and Models, Amsterdam, pp. 399–414 (1999) 18. Schumacher, M.: Objective Coordination in Multi-Agent System Engineering. LNCS (LNAI), vol. 2039. Springer, Heidelberg (2001) 19. Tolksdorf, R.: Coordination in Open Distributed Systems. PhD thesis, Technische Universität Berlin (1994) 20. Tolksdorf, R.: Laura - a service-based coordination language. Science of Computer Programming 31(2-3), 359–381 (1998) 21. Rao, A.: AgentSpeak(L): BDI agents speak out in a logical computable language. In: Perram, J., Van de Velde, W. (eds.) MAAMAW 1996. LNCS, vol. 1038, pp. 42–55. Springer, Heidelberg (1996) 22. Wells, G.: Coordination Languages: Back to the Future with Linda. In: Proceedings of the Second International Workshop on Coordination and Adaptation Techniques for Software Entities (WCAT 2005), Glasgow, Scotland, pp. 87–98 (2005) 23. Sixth Framework Programme: Context-aware business application Service Co-ordination in Mobile Computing Environments (2004-2007), http://www.ist-cascom.org 24. Herrero-Perez, D., Martinez-Barbera, H.: Decentralized Coordination of Automated Guided Vehicles. In: Padgham, Parkes, Müller, Parsons (eds.) Proc. of 7th Int. Conf. on Autonomous Agents and Multiagent Systems, Estoril, Portugal, pp. 1195–1198 (2008) 25. Simperl, E., Krummenacher, R., Nixon, L.: A Coordination Model for Triplespace Computing. In: Murphy, A.L., Vitek, J. (eds.) COORDINATION 2007. LNCS, vol. 4467, pp. 1–18. Springer, Heidelberg (2007) 26. Sixth Framework Programme: Triple Space Communication (2006-2009), http://www.tripcom.org

Anonymous Agent Coordination in Smart Spaces: State-of-the-Art

51

27. UBIWARE Platform (2007-2010), http://www.cs.jyu.fi/ai/OntoGroup/UBIWARE_details.htm 28. Wikipedia dictionary (2009), http://en.wikipedia.org/wiki/ACID 29. Dijkstra, E.: Cooperating Sequential Processes, Technical Report EWD-123, Technological University, Eindhoven, Netherlands (1965) 30. Hoare, C.: Monitors: an operating system structuring concept. Communications of the ACM 17(10), 549–557 (1974) 31. Chandy, K.: Event-Driven Applications: Costs, Benefits and Design Approaches, California Institute of Technology (2006) 32. Dretske, F.: The Explanatory Role of Information. Philosophical Transactions: Physical Sciences and Engineering 349(1689), 59–69 (1994) 33. Sloman, A.: What Sort of Control System Is Able To Have A Personality? In: Creating Personalities for Synthetic Actors: Towards Autonomous Personality Agents, pp. 166–208. Springer, Heidelberg (1995) 34. Sloman, A.: Semantics in an intelligent control system. Philosophical Transactions of the Royal Society 349(1689), 43–58 (1994) 35. Sloman, A., Prescott, A., Shadbolt, N., Steedman, M.: Semantics In An Intelligent Control System. Discussion. Philosophical Transactions-Royal Society of London. Physical Sciences and Engineering 349(1689), 43–58 (1994) 36. Watkins, E., Ardle, M., Leonard, T., Surridge, M.: Cross-middleware Interoperability in Distributed Concurrent Engineering 37. Tolk, A.: The Levels of Conceptual Interoperability Model. In: Fall Simulation Interoperability Workshop, Orlanda, Florida (2003)

On-the-Fly Situation Composition within Smart Spaces Prem Prakash Jayaraman1, Arkady Zaslavsky2, and Jerker Delsing2 1

Caulfield School of Information Technology, Monash University, 900 Dandenong Road, Melbourne, Victoria 3145 [email protected] 2 Department of Computer Science and Electrical Engineering, Lulea University of Technology, Lulea, Sweden {arkady.zaslavsky,jerker.delsing}@ltu.se

Abstract. Advances in pervasive computing systems have made smart computing spaces a reality. These smart spaces are sources of large amount of data required for context aware pervasive applications to function autonomously. In this paper we present a situation aware reasoning system that composes situations at runtime based on available information from the smart spaces. Our proposed system R-CS uses situation composition on-the-fly to compute temporal situations that best represent the real world situation (contextual information). Our proposed situation composition algorithm is dependent on underlying sensor data (hardware and software). These sensory data are prone to errors like inaccuracy, old data, data ambiguity etc. R-CS proposes algorithms that incorporate sensor data errors estimation techniques into our proposed dynamic situation composition based reasoning system. R-CS is built as an extension to Context Spaces, a fixed situation set based reasoning system. We implement R-CS dynamic situation composition algorithms over context spaces and validate our proposed R-CS model against context spaces’ fixed situation reasoning model. Keywords: Context Modelling, Smart Spaces, Reasoning Under Uncertainty.

1 Introduction Pervasive systems depend on contextual information to perform tasks in smart environments. The advances in pervasive computing research have made smart spaces a possibility. A smart space is a smart environment that has commuting embedded into it and can provide information that can be used to model the real world into the virtual computing world. We use the term smart spaces to represent such environments in the context of this paper. This contextual information originates from individual or multiple sensory sources. The sensor data by itself has no meaning but when fused with appropriate context provides a virtual view of the physical smart space. We define “Context” as “that which surrounds, and gives meaning to, something else” [1]. In smart spaces (pervasive environments), our definition of Context is realized by fusing data obtained from multiple sensors within the environment. S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 52–65, 2009. © Springer-Verlag Berlin Heidelberg 2009

On-the-Fly Situation Composition within Smart Spaces

53

In this paper we use a situation based reasoning approach. A situation as defined by [16] is “the combination of circumstances at a given moment”. We use contextual elements (attributes) to define these circumstances. For e.g. in a smart room, based on sensor inputs (contextual attributes) for light, noise and location, we can infer the occurrence of situations Meeting, Presentation. Hence a situation is a virtual world representation of a real world smart space. The situation based reasoning model Ranked-Context Spaces (R-CS) proposed in this paper evolves from Context Spaces (CS) [2, 14]. CS is a theoretical approach towards modelling context using situations. Each situation is a composition of context attributes with well defined regions. The CS model uses a fixed set definition of situations. This is acceptable in most cases but in smart spaces where new sensory inputs appear and disappear, the present CS system does not scale. We extend CS fixed situation space representation to a dynamic situation spaces composition where the situation space computed on the run is a collection of context attributes with it corresponding region that best defines the current situation within the smart space. To achieve this we use simple multi-attribute rating technique (SMART) [4] instead of the multi attribute utility theory (MAUT) [5] used by CS. The paper also proposes and implements algorithms into R-CS to incorporate sensor inaccuracies that improves the reasoning accuracy. By incorporating dynamic situation composition into CS model, our context model which is a multi dimensional virtual world representation of the physical smart space grows and shirks in with changing contextual attributes. We use the term multi-dimensional to represent multiple context attribute used to compose a situation. The key contribution of the paper includes proposing and implementing R-CS which incorporates dynamic situation composition and a novel sensor inaccuracy estimation algorithm into CS. We argue that current error estimation and fixed situation set representation of smart spaces used by CS is insufficient for changing pervasive environments. R-CS aims to develop and propose solutions to these challenges identified in CS. This papers contribution is a further work to our previous paper [15]. The rest of the paper is organized as follows. Section 2 presents related works in the area of context modelling. Section 3 provides a background into context spaces theory. Section 4 presents our proposed dynamic situation composition system R-CS, and our proposed sensor inaccuracy estimation algorithm which has been implemented in R-CS. Section 5 validates our proposed R-CS approaches by comparing the outcome of situation reasoning to CS approach. Section 6 concludes the paper.

2 Context Reasoning: An Overview Reasoning technologies generally used in context-aware pervasive system include rule based logic, Bayesian network and neural network. Pervasive environments need models that can handle reasoning under varying degrees of uncertainty. Context modelling and reasoning has been explored and presented by number of researchers. Context ToolKit [11] is a framework that presents a framework for interfacing between devices and software entities that provide contextual information. Five context abstractions namely Widgets, Interpreters, Aggregators, Services and Discoverers can be used by context-aware application developers to prototype applications. The

54

P.P. Jayaraman, A. Zaslavsky, and J. Delsing

widgets acquire context information from sensors, interpreter interprets that into high level information and aggregator collects related context information for a specific entity. Services execute behaviours and discovers maintain a list of services available to the application. Applications use discoverers to find specific components or a set of component that match certain criteria. Context models based on Logic and ontology have been presented in [12, 13]. In this paper we look at situation based reasoning approach. A situation is a higher level abstraction of the physical world which is inferred from low level context obtained from group of sensors (context attributes). A situation comprises number of context attributes, each having a well defined region within the specific situation space. The major challenge in situation reasoning is reasoning under uncertainty. One of the methods used for reasoning under uncertainty is Bayesian reasoning. In [6], a Bayesian technique for location estimation based on inaccurate sensor values is presented and [7] uses this approach for computing location of devices indoor. Applying Bayesian approach has the limitation of prior knowledge of probabilities which may not be always available. Fuzzy based systems [3] have been used in control systems that use Fuzzy Rule set to achieve specific results. Though Fuzzy systems are useful in controlling system process, they are less effective in reasoning situations [8] especially when we have situations with overlapping regions which makes reasoning under uncertainty harder. Neural network based approaches for classifying context has several shortfalls when used with quick deployable context aware applications. Neural network require an extensive training phase over sufficient number of patterns. Training can result in local minima, i.e., achieving less than optimal solutions [9]. Neural network are considered “black boxes” as it’s difficult to back track problem to the cause. Review of context modelling approaches shows that most have shortfalls which makes it difficult to provide a generic approach for context modelling under changing situations and applications domains. To this extent most of the work in the literature has not addressed the problem of dynamic smart spaces where new input data may influence the reasoning process. CS is also one such context model which provides a generic framework for context aware application to reason based on situation modelling. As mentioned in previous section, CS still does not address changing smart spaces. In the next section we present an overview of Context Spaces (CS) theory and introduce the heuristics incorporated in CS. We then identify the shortfalls of CS and propose additional heuristics that are incorporated into R-CS to aid reasoning under uncertainty in smart spaces.

3 Context Spaces The term context has a number of definitions. We provided one such definition in section 1. We elaborate the definition further re-defining context as that which refers to a particular centre of interest, providing added information about whom, where and when. We use context as a representation scheme for data that can be used to compose situations which can be reasoned upon. We use figure 1 o depict the relation between context and situations. The contextual information is dependent on

On-the-Fly Situation Composition within Smart Spaces

55

underlying sensor data (software and hardware) whose relations are computed by adding context to them at the context layer. The Situations layer is a composition of related context attributes each having a well defined region that best describes a situation. (E.g. Meeting, Presentation). CS uses the following definitions to represent the context-situation pyramid in the CS model [2, 14].

Situations

Context

Sensory Originated Data

Fig. 1. Context – Situation Pyramid

A “Context Attribute” defines data obtained from individual or group of sensor that is used in situation reasoning [2, 14]. By itself a “Context Attribute” is a single piece of data that has no meaning until we relate context to it (E.g.: Temperature vs. Temperature of Human Body). A “Situation Space” is a collection of context attributes that define a situation. Each context attribute within the situation has a well defined region. A “region” of a context attribute is a set of acceptable values that falls within the specific situation definition. CS uses a crisp representation of “region”. E.g. For a situation “Moderate Operating Environment of Machine A” context attribute temperature would be within the region “25 – 28 oC”. “Context State” represents the current value of a context attribute. CS uses multi attribute utility theorem to compute confidence in situation occurrence [2, 14]. The confidence is the measurement parameter used to determine the occurrence of a situation. To compute the confidence, CS uses two primary heuristics 1. Inaccuracies of Sensors using error probability 2. Contributing and Relevance factor of each context attribute ai in the situation space S. The heuristics identified provides sensor error probability, relevance and contribution value of the context attribute. The relevance and contribution are values given to the context attributes based on it context state (current value) in the situation space S. A contribution function computes the contribution (between 0 and 1) of context attribute ai over the region Ai defined in the situation space S. The relevance factor gives the attributes importance in the situation S. The situation space definition of CS has fixed set context attribute regions (A1, A2, An) whose importance (relevance given by a weight w) is given by

∑

n i =0

wi = 1

(1)

56

P.P. Jayaraman, A. Zaslavsky, and J. Delsing

We argue that in real world smart environments, this may not always be the case. Hence we propose the use of an extended situation space set and compute a temporal situation space on the run at every instance t, from available set of context attribute regions. The probabilistic error computation used in CS needs to have pre-determined probability but does not learn from other information like sensor data freshness, noise etc. Our proposal incorporates data freshness to estimate the sensor in-accuracy in addition to the probabilistic approach employed by CS aiming to decrease sensor inaccuracy caused due to aging data.

4 Situation Composition On-the-Fly The dynamic situation composition arises from our argument that fixed situation based reasoning does not cater to changing smart spaces where new context information is appears and disappears. Hence we need a model that can adapt to changing situations and compute situation definitions dynamically using available context attributes. Our proposal is to compute situation dynamically based on changing real world situations. We extend the situation space presented in CS from a finite set of highly relevant attribute to a universal situation space of all possible (not infinity) attributes. At any given instance t, R-CS builds a situation space on the run based on sensory input available within the smart space that has a equivalent context attribute definition in the universal situation space. Since our situation space definition is an extended set of all possible attributes, we use simple multi-attribute rating technique (SMART) [4] instead of Multi Attribute Utility Theory (MAUT) used in CS [5]. MAUT is an approach that uses a single utility value to fuse multiple attribute values. MAUT lacks ranking and attaching importance to these attributes. Hence we use SMART that used ranking approach to rank the attributes regions based on relevance and contributing factor. We also employ data quality parameters like data freshness into R-CS which is important while reasoning applications based on sensor originated data. Since our temporal situation space is a subset of the universal situation space, our context model that best represents the smart spaces grows and shrinks in size (attributes). 4.1 Situation Composition Based on Smart Space Information In [2] CS Situation space is defined as, a representation of a real world situation. Our proposal is to define a generic universal situation space as SU, a representation of situation with all possible combinations of context attributes and corresponding weights. As against the context spaces definition of weights in equation (1) we define this weight wi denoting the importance of the attribute region to the situation to be a value between a lower and a higher scale (application specific). CS [2, 14] uses MAUT approach to compute utility. We propose the use of (SMART) [4] that employs MAUT but adds ranking to MAUT. The ranking of a context region is dynamic and is dependent on both the relevance and it contribution to the situation. Based on this ranking, a temporal situation space ST is compute at runtime.

On-the-Fly Situation Composition within Smart Spaces

57

Definition1: Situation Space (SU) – A universal situation space which has all possible sets of context attributes and corresponding regions with their importance

SU = {w1 A1, w2 A2, ...wn An } where min ≤ w ≤ max

(2)

Definition2: Situation Space (ST) – A temporal situation space at time T which represents the real world situation with delta changes that has a list of context attributes and regions that best defines the situation at time T.

S T = {w1 A1 , w2 A2 ,...wm Am } where m ≤ n ,

∑

m i =0

wi = 1 and S T ⊆ SU

(3)

The temporal situation space ST is a dynamic representation of the situation at time t and changes as situation evolves. The temporal situation space is composed of the highly ranked attributes which is determined by the context attributes contribution and relevance values. By the use of a dynamic temporal situation composition, R-CS enforces dynamic ranking of attributes at runtime hence moving away from fixed situation space definitions to situation space definitions dynamically. The universal situation space at any point in time has n number of context attributes. Hence we propose a partition algorithm that partitions the situation space based on the relevance of the context attribute. This partition is application specific. The reason we chose a partitioned situation space is to reduce the complexity of iterating through all the attributes when confidence can be reached by considering the first few partitions. 4.2 Partitioning Parameter

δ

Relevance, the importance of the attribute region in the situation space SU is one of our key parameter to compute the partitioned situation space. We define a partition parameter δ called partitioner. Definition 3: Partition δ is defined as set of conditions C that satisfy a predicate P i.e. {C| P(C)}. The partition parameter partitions the universal situation space based on the predicate P. We use this partitioned space to compute the temporal situation space which takes into consideration the attributes contribution. E.g. the contribution for context attribute temperature for the situation “Machine Operating GOOD” will be 1 if temperature has value between 17 and 19 and will be 0 if it is outside the region. The temporal situation space is computed as a function of the relevance (weight) and the contribution. The algorithm iterates through every partition of the universal situation space until a confidence threshold is reached. The confidence threshold is defined as the difference in the confidence of the situations being reasoned. The higher the threshold, higher is the certainty of occurrence of one situation over the other. To reduce weight distribution while situations overlap, we propose a weight redistribution algorithm. The situation overlap occurs when non-coexisting situations attribute regions overlap with each. The

58

P.P. Jayaraman, A. Zaslavsky, and J. Delsing

weight redistribution is performed over the temporal space hence preserving the weights of context regions in the universal situation space. While reasoning two situations which are non-coexistent, the weights (importance) associated with that attribute regions is recomputed using the equation (5)

Max( wi ) − Min( wi ) Max( wi ) + Min( wi )

(4)

where wi is the set of weights assigned to attribute regions in the temporal situation space ST. Once the weight of overlapping attribute regions is computed, the entire situation space weights are normalized to compute the new weights. Figure 2 and 3 illustrates the pseudo-code to re-compute weights for overlapping regions and code to partition the Universal situation space.

Re-Initialize-Weights(TemporalSituation S, Temporal Situations S’) for each attribute-regions in S if (attribute-regions(S) = attribute-region(S’) attribute-regions(S).overlap = true end if end for for each attribute-region in S compute reduce-weight = (max(S-region-weight) min(S-region-weight)) / (max(S-region-weight) + min(S-region-weight)) if (attribute-region.overlap = true)) newweight = oldweight + reduce attribute = region.setweight (newweight) add attribute-region to returnSituationSpace end if return returnSituationSpace End

Fig. 2. Pseudo Code to recomputed overlapping attribute regions weights

Function Partition(UniversalSittuationsspace, δ) Declare PartitionedSituation for each attribute region in situationsspace for each predicate in δ if importance satisfies predicate add attribute region to partitionedSituation add partition number to attribute region end if end for return PartitionedSituation end procedure

Fig. 3. Pseudo Code to partition universal situation space SU

On-the-Fly Situation Composition within Smart Spaces

59

4.3 Incorporating Sensor Inaccuracy into Dynamic Situations The sensor inaccuracy used by CS is both primitive and has crisp boundary. The contribution using the error function is computed using the formula

ci = Perror ∗ RgionContribution

(5)

The RgionContribution is computed using a crisp boundary and is determined by checking if the sensor value falls within the attribute region. If it does not a value 0is returned and if it is a value 1 is returned. The Perror provides the probability by which the sensor reading is accurate. The crisp region does not suit all real world cases. Also CS does not change the sensor value based on the error probability. E.g. if there is 5% error, then the value can have a ± 0.05 variation from the outer boundaries. This is not considered in CS while computing the contribution. Hence we propose the use of non-crisp boundaries as illustrated in figure 4.

Fig. 4. Comparison between CS Crisp boundary and R-CS membership

To convert the crisp region into a value based on bordering regions, we employ the principle used by Fuzzy membership functions [3]. E.g. if we define a situation HOT whose temperature can be ranging from 34 to 40, a real value (context state) of 40.05 can still fall under the condition HOT if we have some tolerance in the outer regions of the context attribute. Our technique focuses on values that are inside and at the border of the defined region. Hence we re-define the context attribute’s region with two values namely outer range and inner range. The inner range represents values which returns contribution factor of 1 while the outrange is a ± value to the inner range values that returns a contribution based on where the sensor value falls in the outer range. Our approach tests the sensor value against the inner and outer region after applying the error probability over the sensed value. To compute sensor inaccuracy, we also introduce data freshness. By data freshness, we mean how recent the data is? We do not get into quality of context [10] as that is a topic of research by itself. Incorporating probabilistic sensed value and sensor data freshness, our new contribution function is given in (6). We implement these inaccuracy estimation algorithms into our proposed system. The freshness parameter is application specific.

ci = RgionContributioni ∗ σ i whereσ i = Perror ∗ Freshness

(6)

60

P.P. Jayaraman, A. Zaslavsky, and J. Delsing

is the composite error computed from probability of error and freshness. To improve sensor accuracy, more data quality related parameters can be added to σ.

5 Simulation and Evaluations R-CS has been implemented over CS model for sensor fusion and reasoning by incorporating the proposed algorithms for situation partitioning, re-computation of weights and improved error estimation. We present our evaluation by validating the proposed approaches against CS approach. 5.1 Sensor Inaccuracy We compare CS based confidence generation and R-CS based confidence generation using our proposed probabilistic incorporated, freshness based error computation algorithm. To test the effect of the improved error estimation algorithm, we ran simulations to reason a Presentation situation. The situation definition is shown in Table 1. Table 2, provides the output of using probabilistic error correction and data freshness technique. As it shows, the R-CS system computes a confidence of 1 for attribute noise taking into consideration its error rate while returns 0 to people attribute taking into consideration the freshness threshold is greater than 3. The result of our simulation run is shown in figure 5. The X-axis is the number of simulation run and the Y-axis is the confidence computed using CS and R-CS. The Table 1. Presentation Situation Definition Situation:

Presentation

Attributes

Regions

LIGHT NOISE PROJECTOR PEOPLE

“>-=10" " > 20 " "= ON" "> 5 "

"<=20" " < 30" "=OFF" "< 10 "

Table 2. Comparing CS and R-CS error estimation approach

Regions Threshold >2

Actual Sensor Values

Error

CS Freshness

R-CS

Confidence

Light

10 to 20

12

90%

1

1

1

Noise

20 to 30

19.95

90%

2

0

1

People

5 to 10

10

100%

3

1

0

On-the-Fly Situation Composition within Smart Spaces

61

R-CS approach takes into consideration both sensor freshness and sensor error probability. The Y value gives an indication on the how accurate the value read from the sensor is. The higher the accuracy the higher the confidence is and vice-versa. From the graph, we can see that variation in freshness and error probability reflects in the reasoning process shown by the change in confidence computed using CS and R-CS approach. The use of error estimation using data freshness and error rate incorporated in R-CS produces better results while reasoning compared to CS approach. For the simulation, we used a freshness threshold of 2. At simulation run 3, the freshness of all attributes was kept within 2 and the actual sensor values were within the attribute ranges and hence the confidence computed using CS and R-CS coincides. The results show how the effect of data quality of sensors influences the error rate hence the reasoning process. During the simulation, we changed the sensor values from inner to outer regions. We compute the error rate accuracy by changing sensor freshness and error probability values and comparing actual situation occurrence to the one suggested by R-CS and CS. The results show that incorporating data freshness heuristics greats improves the reasoning accuracy.

Confidence Simulation Run

Fig. 5. Varying Freshness Threshold to Compute Error Rate

5.2 Situation Partitioning and Re-computing Weights We computed the confidence using R-CS algorithms presented in figure 2 and 3 and compare it with CS approach in this section. We simulated the system based on different sets of attributes values and partitioners. Table 3 gives the universal situation definitions with the partitioning parameter. The temporal situation space definition computed during simulation considers the first partition before expanding it search into other partitions.

62

P.P. Jayaraman, A. Zaslavsky, and J. Delsing Table 3. Universal Situation Space Definition

Partitioner

0 < δ <= 2

Situation: Attributes A1 A2 A3

Presentation Regions "= DIM" "! ON" ">2" " <= 4" "= ON" "! OFF"

A4 A5

Situation:

">= 2 " "= Presentation Mode" "= Inside" Meeting

Attributes A1

Regions "! DIM"

A2 A3 A4 A5

"> 4 " "!ON" ">1" "! Presentation Mode" "= Inside"

A6

A6

2 < δ <= 5

"< 8 " "= Standby "

"! OFF"

"! OFF"

Relevance (0 to 5) 3 3 2 2 0.8

0.9 Relevance (0 to 5)

"< 10" "= OFF" " <= 3" "= Standby"

P1 P1 P2 P2 P2

"! Outside"

"= ON"

Partition

"= OFF"

"= OFF"

P2 Partition

3

P1

3 2 2 0.8

P1 P2 P2 P2

"! Outside"

0.9

P2

We ran simulations to compute the confidence using R-CS and CS approach using the above situation definitions by using a stream of simulated sensor data. Figure 6a and 6b are screen shots of the R-CS reasoning engine interface implemented in Java and figure 7 presents the results of the reasoning simulations. The simulation screen shot has definition of the situation with range of values and the actual sensor value (which is a simulated sensor stream). Based on the avaialble attributes, the situations Presentation and Meeting are reasoned. The reasoning interface is used to generate a stream of values that correspond to a specific situation which is used to validate the accuracy of our reasoning algorithms. We can see from the screen dumps that some of the attribute regions used to define Presentation and Meeting situations have overlapping real time values (sensor values). Such overlapping situations are not handled by context spaces which are overcome by the proposed R-CS approach that incorporates the weight re-distribution approach to reduce uncertainty due to overlapping attribute region values.

On-the-Fly Situation Composition within Smart Spaces

63

Fig. 6a. Simulation of Situation Presentation in R-CS

Fig. 6b. Simulation of Situation Meeting in R-CS

The result presented in the graph compares the confidence computed using CS and R-CS approach. The X-axis is the number of simulations and the Y-axis is the confidence obtained by the reasoning process. As illustrated in the graph, R-CS approach results in higher confidence using the re-weighted algorithm compared to CS.

64

P.P. Jayaraman, A. Zaslavsky, and J. Delsing

Another key point to note is the difference in the confidence values between Meeting and Presentation situation in R-CS and CS. The difference in confidence computed for situations is greater that CS using the proposed R-CS approach which aids in increasing the confidence of the reasoning process.

Fig. 7. Confidence computed using R-CS and CS approaches

6 Conclusion The paper has proposed, implemented and validated R-CS, ranked dynamic situation composition based context reasoning system. We have presented the heuristics used in context spaces identifying the shortfall in them. We have proposed R-CS as a solution to bridge CS shortfalls by proposing addition heuristics including partitioned universal and temporal situation spaces, sensor data quality computation and improved error estimation algorithm. The error estimation algorithm incorporated into R-CS takes error probability and data freshness to re-compute actual sensor (attribute) value and hence the attribute’s accurate contribution in the situation. This error estimation approach has proved to be more accurate than CS approach. The heuristics proposed aids the reasoning ability of the system. R-CS has been evaluated by implementing the proposed algorithms and comparing them with the CS approach. The results greats improve reasoning with the help of the proposed error estimation and partitioned situation spaces approaches. The results produce better reasoning outcomes when compared to static situation based CS approach. The results have proved our hypothesis and reinforce our proposal of using situation composition on the run and incorporation of heuristics like data freshness into the error estimation algorithm to improve the reasoning ability of the context aware system. We now look at further investigating approaches to identify relationships of newly discovered context attributes to existing situation spaces.

On-the-Fly Situation Composition within Smart Spaces

65

References [1] Context. (n.d.). The Free On-line Dictionary of Computing, from Dictionary.com, http://dictionary.reference.com/browse/context (retrieved June 4, 2008) [2] Padovitz, A., Loke, S.W., Zaslavsky, A.: Towards a Theory of Context Spaces. In: Das, C., Kumar, M. (eds.) Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshop, Orlando, Florida, March 14-17, pp. 38–42. IEEE Computer Society, USA (2004) [3] Mendel, J.M.: Fuzzy Logic Systems for Engineering: A Tutorial. Proceedings of the IEEE 83(3), 345–377 (1995) [4] Barron, F.H., Barrett, B.E.: The efficacy of SMARTER–simple multi-attribute rating technique extended to ranking. Acta Psychologica 93, 23–36 (1996) [5] Butler, J., Morrice, D.J., Mullarkey, P.W.: A Multiple Attribute Utility Theory Approach to Ranking and Selection. Manage. Sci. 47(6), 800–816 (2001) [6] Fox, D., Hightower, J., Liao, L., Schulz, D., Borriello, G.: Bayesian filtering for location estimation. IEEE Pervasive Computing (2003) [7] Castro, P., Munz, R.: Managing context data for smart spaces. IEEE Personal Communications 7(5), 4–46 (2000) [8] Zadeh, L.: Outline of a New Approach to the Analysis of Complex Systems. IEEE Transactions on System, Man and Cybernetics 3 (1973) [9] Shulin, Y., Chang, K.C.: Modular Neural Net Architecture for Automatic Target Recognition. In: Proc. of Signal Processing, Sensor Fusion, and Target Recognition, Orlando, Florida, April 1996, vol. 8-10, pp. 166–177 (1996) [10] Buchholz, T., Kpper, A., Schiffers, M.: Quality of context: What it is and why we need it. In: Proceedings of the Workshop of the HP OpenView University Association, Geneva, Switzerland (2003) [11] Salber, D., Dey, A.K., Abowd, G.D.: A conceptual framework and a tool-kit for supporting the rapid prototyping of context-aware applications. Anchor article of a special issue on context-aware computing in the Human-Computer Interaction (HCI) Journal 16(2-4) (2001) [12] Ranganathan, A., Campbell, R.H.: A Middleware for Context-Aware Agents in Ubiquitous Computing Environments. In: Endler, M., Schmidt, D.C. (eds.) Middleware 2003. LNCS, vol. 2672, pp. 16–20. Springer, Heidelberg (2003) [13] Chen, H., Finin, T., Anupam, J.: An Intelligent Broker for Context-Aware Systems. In: Proc. of Fifth International Conference on Ubiquitous Computing (Ubicomp 2003) (October 2003) [14] Padovitz, A., Loke, S.W., Zaslavsky, A., Burg, B., Bartolini, C.: An Approach to Data fusion for Context-Awareness. In: Dey, A.K., Kokinov, B., Leake, D.B., Turner, R. (eds.) CONTEXT 2005. LNCS (LNAI), vol. 3554, pp. 353–367. Springer, Heidelberg (2005) [15] Jayaraman, P.P., Zaslavsky, A., Delsing, J.: Smart Sensing and Sensor Data Collection on the move for Modelling Intelligent Environments. In: 1st Conference on Smart Spaces (ruSMART 2008), St.Petersburg, Russia (2008) [16] Situation, Wikitionary, http://en.wiktionary.org/wiki/situation (retrieved June 4, 2009)

Empower Mobile Workspaces by Wireless Networks and Wearable Computing Michael Lawo1, Otthein Herzog1, Michael Boronowski1, and Peter Knackfuß2 2

1 TZI - Universität Bremen, Am Fallturm 1, D28359, Bremen, Germany InfoConsult Gesellschaft für Informationstechnik mbH, Anne- Conway- Straße 4; D-28359 Bremen, Germany {mlawo,herzog,mb}@tzi.de, peter.knackfuß@infoconsult.net

Abstract. The concept of Wearable Computing can be used to support work processes of mobile workers e.g. in a factory environment or outdoors. The basis is a wireless network for an ubiquituous remote access to information. In the paper we explain the potential of Wearable Computing and focus on the technological challenges. During the last five years (2004 till 2009) the EC funded the worldwide largest project on Wearable Computing: wearIT@work (www.wearitatwork.com)1. The project did not focus on new technologies. However, with existing technologies new applications were developed. For new user groups of mobile workers a new quality of support had to be achieved. The paper reports at the end of the project on the main findings and lessons learned: An open hardware platform, an open software framework and for seven different application domains solutions were developed. Keywords: Wearable Computing; Mobile Computing; Context Detection; User Interface Design.

1 Introduction Wearable Computing is designed to abolish the distinction between information acquisition to support a task (e.g. repair an engine) and the work itself. This requires new technologies. The information presentation has to be redesigned e.g. using headmounted or arm-mounted displays. Furthermore the system input has to be redesigned e.g. by using speech, a gesture wristband or glove as well as sensors detecting the user’s context automatically (as using GPS signals in a route guidance system in a car). 1

wearIT@work is an Integrated Project to investigate “Wearable Computing” as a technology dealing with computer systems worn as unobtrusively as clothing. From 16 countries the project has 42 partners, among them EADS, HP, Microsoft, SAP, Siemens, Škoda, Thales and Zeiss. The consortium consists of end-user organizations with strong impact on the respective market like automotive and aeronautics. Furthermore strong partners are in the consortium to ensure that solutions found will benefit as far as standardization is addressed. SMEs are in the consortium as consultants and application developers and system integrators as it is expected that based on solutions found new business for this kind of companies is created. The project volume isf 23.7 million €€ and the EC funds it by 14.6 million €€under contract no. 004216.

S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 66–76, 2009. © Springer-Verlag Berlin Heidelberg 2009

Empower Mobile Workspaces by Wireless Networks and Wearable Computing

67

Industrial enterprises can improve their competitive position by Wearable Computing solutions that support or even change existing value-added processes. A radical change of value-added processes offers potentially a higher benefit but also higher risks under technological as organisational perspectives. The following four scenarios in general provide an idea about the different challenges and opportunities: •

•

•

•

We can use Wearable Computing solutions to simplify and accelerate existing processes without changing them. - An example is to take notes on performed tasks directly in a mobile system instead of taking notes first and later input them into a back-office system. – High user acceptance can be expected due to saved time and increased comfort. However only few such scenarios exist. We can change existing processes by eliminating steps or changing the involved actors. The expected gains could be e.g. acceleration, improved quality, cost reduction and/or increased turn-over. - An example is to monitor performed tasks directly in a Wearable Computing system without any preand post- process back-office action. – Here technological and organisational challenges and risks are higher then in the previous scenario. However many such scenarios exist.. We can modify the architecture of the value creation chain notably by the introduction of Wearable Computing systems. – An example is to let mobility become the central element of the accomplishment of an enterprise as UPS did for the delivery of parcels. - It is obvious that the user acceptance is a key and high effort is required to achieve this. We can radically replace the whole value creation system based on the idea of mobility. Then a new business with necessary new core competencies evolves. - An example of another domain is the eCommerce concept of Amazon compared to existing book stores. – This usually requires the establishment of a new enterprise.

Wearable computing systems e.g. in car production or aircraft maintenance offer the mobile worker primarily an ambient support of conversant processes. However, these systems extend also processes by checking e.g. correctness and completeness and collecting data to improve processes using quality assurance systems based e.g. on data mining. Wearable Computing assures especially that processes become more straightforward, the quality increases and idle time decreases. The main technological challenges in any Wearable Computing System exist in the design of user friendly multimodal interfaces supporting primary tasks and robust context detection systems.

2 Wearable versus Mobile Computing Beside Wearable Computing solutions also mobile computing solutions can improve value creation processes. The main difference between wearable and mobile computing (using a laptop, PDA, smart phone) is that mobile computing does not allow the ambient interaction (see fig. 1 left); the user interacts with the real world or the system but cannot do both at a time. Typing-while-driving-a-car is a nice illustrative example.

68

M. Lawo et al.

To ensure an ambient interaction Wearable Computing requires context detection: The system has to be always on and understand the user’s action purpose and environment. Relevant information must be presented in an ambient way (see fig. 1 right). - The integration of sensory devices worn by the user as well as integrated into the user’s environment creates a powerful Wearable Computing system. The “always on” feature requires an efficient energy management essential for any Wearable Computing system.

Fig. 1. Interaction modes of mobile and Wearable Computing systems

Wearable Computing means for the user simultaneous actions: the primary task (e.g. maintaining a machine) happens in the real world, is mobile and basically manual. The secondary task (observing the context dependent information concerning the ongoing action) consists in the observation of a wearable output and eventually the interaction with the wearable application. Here immediately the question arises: How to design this specific task relevant interface? Due to the system restrictions in size, weight, and energy supply in addition to the implicit input (context detection), the developer as well as the user are more challenged as if designing a mobile computing solution. Users and developers have to face the dual task challenge. And that this is not a simple task we know from designing a cockpit or a control station. We have to acknowledge that the cognitive load a user can manage is limited and its extension requires training, sometimes a lot of training. However, when implementing Wearable Computing solutions complex tasks and work processes can be performed in less time and with less effort: the productivity can be increased2 creating a competitive advantage. The approach consists in a 2

E.g. 20 to 50% of an aircraft maintenance task is lost in searching for information. We could improve productivity in our healthcare ward round scenario from 20 minutes at the bedside plus 90 minutes in the back office to 40 minutes at the bedside and no back office work at all.

Empower Mobile Workspaces by Wireless Networks and Wearable Computing

69

complete integration of all components into the clothing reflecting the fact that the primary task is not to work with the computer but to be supported by it in performing primary tasks in the real world. In this case the real advantage arises from wireless networks by the provision of originally stationary IT services independent of time and space by creating smart spaces with the user in the centre taking the full benefit of the infrastructure by the Wearable Computing solution. The benefit increases by decreasing active user interaction with the system. Here we get an optimization problem where the cost for the automatic detection of the context and the user’s intention is the objective and the user acceptance creates the restrictions of the problem and is the key for success. 2.1 Wearable User Interface (WUI) Toolkit The interface between the Wearable Computing system and the user is the key element when designing a system from the user perspective. There are not yet any standards for this technology as we know them from the desktop applications. Similar problems have to be solved as we know them from early designs of graphical user interfaces (GUI). Today a lot of tools are available that facilitate the developer when creating “traditional” applications. In the context of the wearIT@work project a tool for the design of multimodal wearable computing interfaces was developed [Witt08]. This tool allows the developer with little experience in designing Wearable Computing solutions a specification independent of specific input and output devices. This tool supports a multimodal interaction using context sensitive interfaces with an automatic adaptation (fig. 2).

Fig. 2. Wearable User Interface Toolkit [Witt08]

The development is based on reusable components and became a part of the Open Wearable Computing Framework of the wearIT@work project. Further information concerning the Framework and the Toolkit are found in the Technology Repository on the project homepage. Using such tools the software development process is accelerated, technical risks are reduced and the user acceptance can be increased.

70

M. Lawo et al.

2.2 Context Detection To achieve to a large extend an automatic context detection to reduce the user input is a further Wearable Computing specific issue. The context can be detected by sensors in the environment or those integrated into the clothing or attached to the body of the user, where the first has by far higher user acceptance due to our findings. Wearable Computing systems are designed to model and detect user activities [ADOB98], to proactively provide the user with relevant information. Here robust technical solutions are required that reduce the complexity of the user interface. Context information can basically be deducted by sensor information fused with application knowledge. There are different kinds of sensors available fort he context detection like accelerometers, yaw sensors, light sensors as well as microphones, gyroscopes and RFID reader. We differentiate between discrete (events) sensors, e.g. reading a value or identification of a state (RFID-tag), and continuous or steady sensors based on the observation of a signal applying filter techniques; in the simplest case the reach of a threshold is required to detect a specific context. Here machine learning methods are applied [Bish06]. The sensors are applied on different parts of the body or clothing respectively. Thus sensors for indoor localisation are applied in a shoe or a helmet. To detect gestures sensors are integrated into a glove or a wrist band. In general the positioning of the different sensors depends on the context to be detected. For simplicity very often sensors are placed in the user environment instead on the body. However, a sensor cannot be handled separately; the sensor is part of an overall system and requires beside an energy supply usually also an A/D converter, a signal processing unit and a signal transmission unit. We will come later to this point in our findings. 2.3 Energy Consumption and Energy Management Energy efficiency is a critical success factor of Wearable Computing. The user requirements are usually eight hour availability without changing the batteries and hot swappable battery changes (without switching off the device). Especially the wireless data communication has to be energy efficient (e.g. ZIGBEE instead of Bluetooth). Data compression techniques are applied for finding an optimal balance between bandwidth and energy consumption. Cyclic retrievals, reducing the energy requirement for a single operation, the choice of procedures with low energy consumption and the implementation of the respective algorithms on the used processors help to reduce the energy consumption of the usually rechargeable batteries. As weight is a further key issue in Wearable Computing usually Li Polymer batteries are used which provide a high energy density with low weight. Up to date there exists no general approach for an optimal battery. However specific empirical methods and solutions exist e.g. for context detection systems [SLT07]; there a procedure is presented for finding a compromise of energy consumption and detection rate instead of maximising the detection rate while neglecting the required energy.

Empower Mobile Workspaces by Wireless Networks and Wearable Computing

71

The development of efficient batteries during the last couple of years was basically driven by the mass market due to the requirements of cell phones, digital cameras and MP3 players. Although this had already a quite positive effect also for Wearable Computing solutions further efforts are necessary as especially the requirements of multi sensor systems for the context detection are quite different from those of these mobile consumer products.

Fig. 3. Wearable Computing architecture

3 Wearable Computing System Architecture The design space of any Wearable Computing system architecture is determined by the four conflicting criteria of functionality, energy consumption, application domain and configuration. Our research found that there is no universal for all applications suitable system. For the desktop paradigm beside the standard PC we have variations like notebooks, netbooks, PDAs, and smart phones. In Wearable Computing we also have different system designs depending on the criteria above. The architecture (fig. 3) is not a single device but consists beside a main on-body unit with the communication system (taking advantage of the available wireless networks) of a input and output devices (IO devices) as mentioned above, sensors worn by the user and those in the users environment and reach as well as external servers providing application dependent services. Only if these five components are distributed in an appropriate way an optimal solution can be found in the specific design space. To package the hardware of IO devices, main unit and sensors worn by the user specific textile solutions are required to avoid the feeling of a user to be “wired”. A typical solution is the in fig. 4 shown LinkVest that was designed in the wearIT@work project together with the final users for aircraft maintenance but was also evaluated in car production.

72

M. Lawo et al.

Fig. 4. LinkVest

4 Hardware Platform Wearable Computing systems are designed to flexibly support the user under usually changing environmental conditions. Wearable Computing systems therefore require redundancies as even if components fail or features can under the specific circumstances not be used to let the user control the work processes under any condition. To allow a flexible configuration of such systems an open hardware platform is supportive [HLBK06]. This architecture was developed in the context of the wearIT@work project an evaluated in the domains of healthcare, car production, aircraft maintenance and emergency response (see [LTLH07] and [AL09]). Sensors for context detection and localisation are an essential element of the architecture. The open system architecture allows integrating different sensors (see section 2.2) on different levels like functional textiles, embedded microsystems, attachable peripherals and carry on, miniaturized appliances. However, as we wanted to base our applications mainly on COTS3 components two problems became obvious: •

Sensors are in general not energy self-sufficient but require an energy supply; exceptions are passive RFID tags that are inductively provided by the reader. • Sensors usually require different voltage; in case of a sensor cluster that means individual voltage feed with many batteries or an elaborately designed energy management system. At the end of the project we used in different settings 38 hardware components and subsystems that were partially developed during the project. In order to give an objective evaluation of the maturity level of the technologies involved we adopted the Technology Readiness Levels (TRL) from the US Department of Defense [DOD03] where the maturity level is expressed by a numeric value between 1 “basic principles observed and reported” and 9 “actual system proven through successful mission operations”. The above mentioned 38 hardware components and subsystems are found with their initial (at the beginning of the project) and actual TRL in [W@W09]. 3

Commercial-off-the-shelf.

Empower Mobile Workspaces by Wireless Networks and Wearable Computing

73

Fig. 5. Open Wearable Computing Software Framework

5 Software Framework The application development requires not only an openly supporting hardware but also software. Here Wearable Computing Systems require an extension of the middleware (fig. 5). A comprehensive framework has to provide the following services: • • • • • •

Tool kit for the user interface design including speech recognition Interfacing context localisation detection sub systems Supporting mobile audio and video collaboration Allowing seamless communication when switching between the different wireless networks and network cells (WLAN, UMTS, GPRS) Access to complex knowledge as a kind of mobile eLearning (content management) Adaptive workflows reflecting the user needs and desires.

In the wearIT@work project such an open software framework was developed for further use [W@W09]. With this framework applications are configured using the appropriate components. An example of configuring an assembly task application in car production from wearIT@work is shown in fig. 6: a complex assembly task is supported by a wearable system. Beside the direct system support the user can achieve an external expert support. In this example beside the online quantitative and qualitative context detection also the localisation are applied. For the flexible support of the work processes beside the Wearable User Interface Toolkit and speech recognition also the workflow component are utilized. The collaboration module is used to give the user support by a remote expert if necessary.

74

M. Lawo et al.

Fig. 6. Software architecture of an application based on the OWCF

The framework was nearly completely developed from scratch within the project. The TRL definition is used again to evaluate the achieved maturity. At the end the average OWCF maturity level is 6.5 what qualifies the OWCF in between a “system demonstrated in a relevant environment” (maturity level 6), and a “system demonstrated in an operational environment” (maturity level 7). Excluding the Core Framework, half of the components have a maturity level above the average. Four components have a maturity level of 8, indicating that they are completed and qualified through tests and demonstrations. Three out of the five components having a maturity level below average, are ranked 6, indicating that they have been at least demonstrated in a relevant environment. Two components (communication and localization) are ranked 4 indicating that they are still in a somewhat early stage, and that have been validated mostly in a laboratory environment. Excluding the Core Framework, all components went through a significant evolution during the project: eight components have been created within the project itself, and two existed before the project with a low or very low maturity level.

6 Market Situation and Introducing the Technology The Wearable Computing market is already for years an emerging one. The continuous market research [VDC07] shows in the domains of consignment sail and after sales service annual growth rates of around 10%. The development during the last ten years shows especially in the athletics and wellness increasing a trend towards mass customisation. However in our domain of blue collar workers nothing comparable exists beside some remarkable success with pick-by-voice solutions. The hardware became smaller and more powerful with decreasing cost; the hardware cost today

Empower Mobile Workspaces by Wireless Networks and Wearable Computing

75

only one third compared to five years ago and during the next five years we expect a further decrease of 30 to 90% ending with approximately 500 €€. The software cost are however independent of this. The licensing policy and the business models are here more important than the tools and dictate the price. With a project like wearIT@work where large portions of the middleware that creates the competitive advantages are provided as open source or by the mayor software vendors as part of their standard products a great step forward towards standardisation could be done. With the more than fifty systems and components of the wearIT@work Technology Repository indicating the standardised technology readiness level [DoD03]. However, Wearable Computing solutions are not self explaining but require extensive implementation efforts as twenty-five years ago when rolling out CAD solutions revolutionising the design office work or fifteen years ago with the roll out of the PC in the office. Wearable Computing solutions address completely new user groups. Training efforts are necessary to achieve the necessary user acceptance and user efficiency.

7 Conclusion Wearable computing can provide solutions for new user groups e.g. in logistics, maintenance, assembly and production. Wearable Computing systems require the user’s ability to perform two tasks at a time; they support as a dual task primary tasks performed in the real world in an ambient way. They can also serve as intelligent displays and/or speakers. They use personal and environmental sensors providing mobile assistance. The context detection is thus beside the user interface design the second challenge to be mastered. For users simulation systems with scoring were developed to train the dual-task ability. This seems to be a further step towards a practical introduction. With a high level presentation of the project results [PPL09] decision makers get an appropriate publication on the issue into their hands. However, the following lessons were learned within the wearIT@work project when trying to empower mobile workspaces by wireless networks and Wearable Computing [W@W09]: •

• • • •

The simple configuration of COTS sensors to a sensor platform is today (still) not possible; only in exceptional cases (XSens MT) sufficient powerful sensors are at hand. However the sensor cost is often too high avoiding a broader implementation. The different voltage of the COTS sensors requires a specific energy management system. The online activity recognition requires still further research before a successful application in the industrial environment. By context detection the productivity can be increased compared to paper based solutions. The use of RFID tags and readers is actually the state-of-the-art for reliable context detection.

76

M. Lawo et al.

To assure a sustainable exploitation of the project results also after the end of the project in May 2009 the Open Wearable Computing Group (www.owcg.com) was established. The wearIT@work partners herewith pave the way for all those from research, software and hardware, consultants, system integrators and application developers outside the aboriginal consortium.

Acknowledgement The authors acknowledge the European Commission for their support and give gratitude and appreciation to all wearIT@work project partners for their fruitful work and contribution during the development of various ideas and concepts presented in this paper.

References [ADOB98] Abowd, G., Dey, A., Orr, R., Brotherton, J.: Context-awareness in wearable and ubiquitous computing. Virtual Reality 3, 200–211 (1998) [AL09] Amft, O., Lukowicz, P.: From Backpacks to Smartphones: Past, Present and Future of Wearable Computers. IEEE Pervasive Computing (to be published, 2009) [Bish06] Bishop, C.M.: Pattern recognition and Machine Learning. Springer, Heidelberg (2006) [DoD03] Technology Readiness Assessment (TRA) Deskbook (2003), http://www.darpa.mil/STO/solicitations/ sn07-44/pdf/TRA_Desktop.pdf (accessed April 16, 2009) [HLBK08] Herzog, O., Lawo, M., Boronowsky, M., Kenn, H., Nicolai, T., Witt, H., Glotzbach, U.: Mobile City Bremen - Von der Forschung zu innovativen mobilen Lösungen. In: Síeck, J., Herzog, M.A. (Hrsg.) Wireless Communication and Information - New Technologies and Applications, pp. 9–22. Verlag Werner Hülsbusch, Boizenburg (2008) [LTLH07] Lukowicz, P., Timm-Giel, A., Lawo, M., Herzog, O.: WearIT@work: Towards Real-World Industrial Wearable Computing. IEEE Pervasive Computing 6(4), 8–13 (2007) [PPL09] Pezzolo, R., Pasher, E., Lawo, M.: Intelligent Clothing – Empowering the Mobile Worker by Wearable Computing. AKA and IOS Press (2009) ISBN 978-3-89838-612-2 [SLT07] Stäger, M., Lukowicz, P., Tröster, G.: Power and Accuracy Trade-offs in SoundBased Context Recognition Systems. Pervasive and Mobile Computing 3(3), 300– 327 (2007) [VDC07] VDC. Wearable Electronic Systems, 3rd edn., October 2007, vol. 3 (2007), http://www.vdcresearch.com/maw/wearables.asp [W@W09] Technology Repository wearIT@work., http://www.wearitatwork.com/ Technology-Repository.136.0.html (accessed January 7, 2009) [Witt08] Witt, H.: Human-Computer Interfaces for Wearable Computers: A Systematic Approach to Development and Evaluation. Teubner-Vieweg (2008)

Multimodal Interaction with Intelligent Meeting Room Facilities from Inside and Outside A.L. Ronzhin and V.Yu. Budkov St. Petersburg Institute for Informatics and Automation, 39, 14th line, St. Petersburg, Russia {ronzhin,budkov}@iias.spb.su

Abstract. Multimodal user interface capable to perceive speech, movements, poses and gestures of meeting participants in order to determinate their needs provides the natural and intuitively understandable way of interaction with the developed intelligent meeting room. Awareness of the room about spatial position of the participants, their current activities, and roles in a current event, their preferences helps to predict more accurately the intentions and needs of participants. The accomplished integration of Nokia mobile phones with the sensor network and smart services allowed users to control effectors, audio/video and other facilities from outside. Some scenarios of multimodal interaction with the room as well as issues of adaptation of user interface to limitations of mobile phone browser are discussed. Keywords: ambient intelligence, smart space, multimodal interfaces, intelligent meeting room, mobile communication.

1 Introduction An idea of recognition of a current situation and behavior of a user, as well as an unobtrusive satisfaction of his needs underlies the “ambient intelligence” (AmI). These tasks deal with three directions of science and technique: ubiquitous computing, ubiquitous communication, and multimodal interfaces [1]. Integration of diverse computation, information and communication resources into a united framework is one of the important issues at design of ambient intelligence and it identifies the modern tendency to transition from smart devices to an ambient intelligent space. Multimodal interfaces provide natural and intuitively comprehensible interaction between a user and intellectual devices, which are embedded into the environment. All the means should be hidden, thus the user can see only the results of intellectual devices activities and concentrate attention on her/his work. The so-called “smart home” (SH) is the most profoundly studied area from the domain of the ambient intelligence. A smart home can be defined as a dwelling house equipped with computational and informational technologies guessing and reacting upon needs of the inhabitants, working on comfort maintenance, security and good entertainment by means of control of domestic equipment and communications [2]. In spite of the fact that SH idea was well established in the late 1990s, SH technologies still have no popularity among potential users. It is Gann’s opinion [3] that the S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 77–88, 2009. © Springer-Verlag Berlin Heidelberg 2009

78

A.L. Ronzhin and V.Yu. Budkov

principle barriers to uptake are the following: high cost, difficulties of integration with contemporary domestic appliances and lack of usability. Taking into account functionality available to a user it is necessary to distinguish homes with smart devices and homes providing interactive computing both inside and beyond the home. Five classes of SH were proposed in [3]: (1) home, which contains stand-alone intelligent objects, actions of which are mutually independent; (2) home, which contains network of intelligent objects worked by own rules, but due to exchange information between one another, their functions are enhanced; (3) connected home has internal networks connected to external ones and allows interactive and remote control of home systems, as well as access to services both inside and outside the house; (4) learning home, able to record and store data about activities patterns in order to use them in future; (5) attentive home, constantly recording data of family members localization in order to predict users’ behavior, satisfying their needs and unobtrusively interact with them. The classification takes into account not only functional abilities of SH, but also highlights different levels of communication within and beyond the house, starting from the simplest systems with mechanical toggle switches, and to complicated systems, forecasting user’s behavior and interacting with him. Ambient intelligence paradigm and the subsequent development of ambient intelligent space have led to formation of the so-called cognitive approach become of great importance for designing SH systems. Intelligent agents embedded into the environment, allow AmI distinguishing people behavior and reacting to their needs in an unobtrusive and even invisible way owing to intuitive interfaces [1]. The cognitive approach to design, with the aim of AmI, gives to the developer a way to compare demands and cognitive processes of the end user. This goal can be reached owing to intellectual agents networks, which provide synchronization of information streams, remote control and user notification, in the aggregate with adaptive interfaces and the means for achievement of full situational awareness [4]. The knowledge of a context helps to explain behavior of the user in a concrete situation and to train the system to react adequately. Cognitive and perceptive systems of a human being automatically use a context for identification in everyday life. The context can be defined as a set of relevant conditions and ambient influences which make a certain situation unique and distinguished. The context implies a notion of weight of influencing factors, considered subconsciously by people but being beyond perception of artificial systems. The optimal approach to formalization of contextual information is an iterative two-step procedure: (1) collection of the detailed expert description of situations; (2) check of accuracy of automatic recognition of the certain contexts on the basis of previously created descriptions [5]. One of the basic directions within the AmI paradigm is a development of multimodal user interfaces providing natural and intuitively clear way of human-computer interaction. Speech, gestures, handwriting and other means, which are natural of interhuman dialogue, are applied to management of machines in multimodal interfaces [6]. Audio-visual information processing allows automatic identifying the person, his intentions, speech, movements and the current position. Due to the analysis of single

Multimodal Interaction with Intelligent Meeting Room Facilities

79

modalities and their subsequent fusion on the semantic level it is possible to improve naturalness and robustness of interactions. Multimodal integration combines semantic hypotheses coming from modules of single modalities processing and carries on joint interpretation of a user’s command. For recognition of user’s intention (communicative or practical) it is necessary to use information from different sources, and to consider various types of the contextual information. Three types of contexts are proposed to use during the fusion of multimodal information [7]: (1) context of a subject domain, which contains some a priori knowledge, the user’s preferences, models of situations, descriptions of objects and subjects, their possible activities and their location to each other; (2) conversational context describing possible dialogues with the system and a current condition of a discourse; (3) visual context including the analysis of a direction of vision, gestures, actions of the user in the course of the observable situation. Data and knowledge, accumulated by the system in advance, determine an interpretation of user’s intentions and the current situation. The result of recognition of a command is, theoretically, a multimodal representation of user’s behavior, conclusion about his intentions and a succession of activities which are to be performed by the system. There are more fields for applying areas of AmI besides that of a SH. One may state that requirements for a SH were worked out already, but requirements for meeting and lecture rooms are somewhat insufficiently standardized. Sometimes even users have no idea what they should expect from such intelligent rooms. The user cannot quickly become familiar with a simultaneous use of several wide-screen displays, interactive multimedia support, integration of mobile devices and others new resources. All these means and tools must be intuitively comprehensible. Usually such rooms function in a semi-automatic mode, and all the embedded systems are maintained by experts. Peculiar features of multimodal interfaces exploiting and human behavior in the intelligent meeting room of SPIIRAS are regarded in the present paper. Testing of audio-visual processing is made during laboratory meetings and lectures. Besides, control of the equipment was realized on a basis of mobile-phone, while collecting of data concerning SPIIRAS members was performed with the aim of a mobile robot with a multimodal interface, moving along a corridor of the institute.

2 Technological Framework of Intelligent Meeting Room A premises of 72 square meters located inside the institute building was supplied for intelligent meeting room. Monitoring of the room is performed by 16 video cameras mounted on the walls, ceiling and tables and provides tracking of moving objects, face detection and other functions. Three T-shape 4 channel microphone arrays mounted on the different walls serve for localization of sound sources, far-field recording and following speech processing. Besides video recording the personal web cameras mounted on the tables have internal microphones and are used for recording speech of each meeting participant.

80

A.L. Ronzhin and V.Yu. Budkov

A wide touchscreen plasma panel and multimedia projector (projection screen) are located one under another in the left side of the room and provide output of multimodal information. Operated electro gears are connected to the projection screen and curtain rail. The curtains are made from special lighttight cloth in order to suppress the outside influence on the illumination changing in the room. The processing of recorded audio-visual data, control the multimedia and electro mechanic equipment are performed by six four-cored computers, two multichannel audio boards Presound FirePod, as well as some devices providing cable and wireless network. The referred service equipment is mounted in a rack and located on the adjacent room from the meeting one. Thus, users inside the meeting room could see only appliances for input/output information, but other devices and computational resources are invisible. To provide service and the same time be hidden for a user is one of the main features of ambient intelligence. Figure 1 shows a technological framework of the intelligent meeting room. Availability of multimodal user interface is a distinguishing characteristic of the developed intelligent meeting room. The developed earlier technologies of audio-visual data processing were successfully implemented in the room to provide natural and intuitively understandable way of interaction with the room equipment. Most important technologies are automatic speech recognition, speaker identification, sound source localization, detection of position and tracking moving objects and user faces, detection of user pose. A bimodal audio-visual Russian speech synthesis technology (talking head) is used for developed interactive applications. A method for spectral-spatial analysis of speech activity has been developed. Spatial speaker localization is based on the calculation of phase difference between the signals recorded by different microphones. The energy level of mutual signal spectrum and estimation of acceptable position of a speaker is used for finding the boundaries of speech in a multichannel acoustical stream, recorded in noisy environments. Russian speech recognition is realized by SIRIUS engine with a model of compact representation of extra large vocabularies based on two-level morphophonemic prefix graph (TMPG). Integration of morpheme and phonetic levels into a united tree-based structure of vocabulary provides compact representation of word-forms and their phonemic transcriptions [8]. Usage of the proposed graph while decoding continuous Russian speech provides formation of grammatically correct words at the recognition output and increase of recognition speed. A model of text-independent speaker identification based on assessment of cepstral features distribution of the input speech signal was developed. The minimal length of the speech signal, necessary for speaker pattern training and decision making during verification, is thirty seconds. A multithreaded program model for speaker identification provides simultaneous estimation of several participants of a meeting. Determination of position and face tracking are based on an algorithm for tracking movements of natural markers of human face. Automatic restoring of lost tracking points allows the face tracking system to increase robustness of identifying headposition during quick motions and occasional video noise. An algorithm for cursor controlling is adaptive to velocity of head movements. It provides comfortable cursor controlling on high-resolution screen, using a low-resolution camera. These algorithms have been embedded into the multimodal system ICANDO for assistance to disabled people at hands-free PC-controlling [6].

81

Room state monitor

Talking head

Multimedia stenographer

Smart board

St. Petersburg map

SPIIRAS inquiry

TV set, radio, AV player

Multimodal Interaction with Intelligent Meeting Room Facilities

Fig. 1. Technological framework of the intelligent meeting room

An algorithm for position and video tracking of moving object is based on estimation of difference between adjacent frames and takes into account the measurements of users, velocity and trajectory of their movements, acceptable regions of user appearance. It makes the algorithm robust to sudden changing luminosity and capable to differentiate moving objects closely located to each other. Intel OpenCV library is used for base procedures of video capture and processing. Also two statistic poses (staying and sitting) are detected in intellectual room applications. A criterion for pose recognition is height of an object. The list of recognized poses could be extended by some gestures, which users often apply during meetings [9]: nod, nutation, rise of a hand by sitting user, hand pointing. A model of audio-visual speech synthesis (“talking head”) of Russian texts has been developed jointly with United Institute of Informatics Problems (Belarus) and University of West Bohemia (Czech Republic). Two methods for creation of visual synthesis of facial organs have been elaborated [10]: (1) model-based method; (2) data-based method. The former is used for creation of 3D avatars. The latter approach allows creating a 2D personalized audio-visual TTS-synthesis model. In this model visual facial synthesis is combined with acoustical speech synthesizer. Collaborative work of the referred technologies supplies a room control system with data about current situation, participant’s behavior and provides robust recognition of voice command due to the analysis of spatial-temporal, situational information and user preferences. Distant speech recognition based on microphone array processing allows a user to control light, curtains, projector screen, PTZ functions of video cameras and more complex devices like TV set, radio, audio-video player and other multimodal

82

A.L. Ronzhin and V.Yu. Budkov

applications. In all the applications interactive feedback is realized by a talking head, which shows an awareness of the room about participant’s behavior and pronounces required speech information.

3 Multimodal Interaction with the Room from Inside First scenario, which was experimentally tested, was focused on conjugation of the actuators (light, curtains, and screen) with the distant speech recognition system and other manual controls. A user could give a command by voice, touchscreen panel, remote control panel or via web-interface from a computer or a mobile phone. A scheme of user command processing and possible automatic room control in accordance with a current situation is presented in Figure 2.

Fig. 2. Scheme of user and automatic control of the equipment of the room

Data about current states of all the actuators, presence of users and their positions are recorded every time at the arrival of a user command. Boolean descriptions of actuator states were used for the light, the curtains, the screen, the plasma panel, the projector. The plasma panel and the projector have certainly many other functions, but their execution was realized without actuators in the framework of concrete applications. For example, changing graphical content showed by TV set and projector is processed by a computer, and then corresponding video signal outputs via DVI or VGA cables. A description of situational information was simplified in given scenario too. Time of day was described by four categories (morning, day, evening, night). Number of participants presented inside the room was divided into four groups too (0, 1, 2-10, more than 10). Positions of participants were evaluated in relation to the meeting table, the plasma panel, the window. The chairs located in the right side of the room are used in the case of large number of presented participants. Therefore a special category of participant’s position was defined: participants are distributed throughout the room. A situational map of the meeting room is used for verification of events and analysis of the room state. Table 1 presents structure and states of the map.

Multimodal Interaction with Intelligent Meeting Room Facilities

83

Table 1. The situational map of the meeting room and automatic commands

Position of participants

>10 All the participants are nearby the meeting table There is a participant near the plasma/screen There is a participant near the window Participants are distributed throughout the room

1

2-10

0

Number of participants

Night

Evening

Day

Morning

Projector on

Plasma panel on

Curtains are closed

Screen is lowered down

Group L4

Time of day

Group L3

Light groups on

Group L2

Situational information

Group L1

State of actuator devices

Commands generated automatically, when specific combination of actuator states and events occurs

1. Turn-on the light group L4 2. Open the curtains 3. Lower the screen 4. Turn-off the light group L1 5. Open the curtains 6. Turn-off whole the light 7. Lift the screen 8. Close the curtains

… The black cells corresponding to the turned-on devices and other features of the room indicated a current situation. The right column consists of examples of the commands, automatically generated at occurrence of corresponding combination of events and equipment state. These commands were received during matching the real user command and the state of situational map. For some commands the conditions arisen them are slightly changed and adapted for implementation in automatic mode. For instance, a voice command to turn-off the light is said by user inside the room before she/he goes out. In automatic mode this action is performed when all the participants left the room. By this reason commands 6-8 in Table 1 to turn-off the light, lift the screen and close the curtains are performed when the number of participants is zero. By Figure 2 now we can explain how to control the meeting room in the automatic mode. Changing the situation caused by user behavior or day time or switching the actuators calls the procedure of the map analysis. If a predefined situation is detected a corresponding command for activation or deactivation of actuators is sent. The interaction between various software modules distributed on several computers is accomplished by client-server architecture via TCP/IP protocol. At that command and notification of the actuator states are collected and processed in queue. Scenarios of control of multimedia appliances were based on special dialogues of speech interaction between a user and the meeting room. The multimodal applications “SPIIRAS inquiry” and “St. Petersburg map” were adopted based on similar systems

84

A.L. Ronzhin and V.Yu. Budkov

realized in a multimodal kiosk [11]. Voice control system for TV set and radio implements commands to select a channel by its number or title, to change the settings of sound and picture. In the application “Smart board” voice commands intended for selecting color, width of pen, brush or other instruments for handwrited sketches on the touchscreen. Only examples of voice commands are mentioned above, which could be useful at interaction with the intellectual applications. Moreover, most of the commands could be activated by gestures on the touchscreen. In particular, in map-based applications a direct pointing to a graphical object is more needed, but speech commands are used for operation with objects [6]. Besides the current state of the dialogue the spatial position of a user should be taken into account. In contrast to control of the actuator devices the voice commands aimed for to the multimedia applications are perceived only from a space near the plasma panel (not far than 1.5 meters). This limitation helps to decrease number of false voice commands appeared as a result of background noise and parallel user conversations that increases accuracy of distant speech recognition. Special attention should be paid to influence of activity of controlled devices during transitional stages on the systems of audio-visual data processing. For instance, the speech recognition and sound source localization systems should be notified before starting the gears of screen and curtains, because their noise influences on the system performance. The analogical situation is appeared at turning-on the multimedia projector and condition system. Since these devices will work continuously then a system of spatial filtration of sound signal should suppress noises before the speech recognition phase. Opening the curtains can significantly influence on changing the luminosity in the room and lead to fail of the video tracking systems, for example loss of existent objects or appearance a false object in the room. The same problem happens when turning-on/turning-off the light, so the systems of video processing should be preliminary notified about changing the luminosity in the meeting room. Verification of the technological framework and experimental detection of potential conflicts at the room control appeared owing to uncoordinated work of equipment or unpredicted behavior of users are conducted. Analysis of the extended situational map, as well as discursive information of real dialogues, personified user data will allow us to extract templates of behaviors and preferences of main groups of users, scenarios of man-machine interactions and most important commands, which should be automatically performed to facilitate efficiency of meetings and lectures in the intelligent room.

4 Control of Meeting Room Facilities from Outside Remote control of room facilities and observation of current situation from outside were realized by web-interface adaptive to hardware-software features of a client’s device. A user could change state of four light groups, curtains, screen and multimedia projector, as well as get picture from five different cameras located inside the room. Formatting the web-page containing the controls and a picture from camera is automatically adapted to the peculiarities of client’s mobile device and browser. Table 2 contains a list of the Nokia mobile devices and their characteristics, which are taken into account at adaptation of web-page format and used in the experiments.

Multimodal Interaction with Intelligent Meeting Room Facilities

85

Table 2. The list of Nokia devices verified at control of the room Device

Operation system

Screen resolutions

Nokia N73

S60 3rd Edition (initial release) Symbian OS v9.1

240x320

Nokia N95

S60 3rd Edition, Feature Pack 1 Symbian OS v9.2

Nokia 5800

S60 5th Edition Symbian OS v9.4

320х240 240x320 320х240 360x640 640х360 Nokia E61 Nokia E60 Nokia E90 Nokia N810

S60 3rd Edition (initial release) Symbian OS v9.1 S60 3rd Edition (initial release) Symbian OS v9.1 S60 3rd Edition, Feature Pack 1 Maemo Internet Tablet OS 2008 Edition

320x240 352x416 800x352 800x480

Browser Auto Touchresolution orientation screen 234x277 234x302 314x200 234x277 + 234x302 314x200 360x493 360x640 + + 502x288 640х360 314x200 314x220 346x346 346x386 794x284 800x352 696x362 + 800x480

The window size, which could be used for web page view, is significantly varied owing to different screen sizes and browser options in the tested devices. The maximal resolution of browsers is used in the full screen mode, when service buttons are hidden. In the several devices the orientation of the screen could be changed manually and automatically that also increases the number of possible browser resolutions. As a result 14 different browser resolutions are applied in the referred list of the tested devices. Moreover, motion of cursor is discrete that requires to use sufficiently large buttons in order to select them using joystick or buttons for cursor control. The presence of touch-screen improves the control speed, but more usability is achieved with large buttons too. All these factors were taken into account during development of the web-page for control of the room facilities. Base layout of the web-page included buttons for turn activator states and the window with room picture presenting its current state and provide visual feedback of turning activators. At that buttons as check boxes and room picture were not overlaid. For each browser resolution a specific web-page layout was designed in order to maximally use the browser screen. First of all the changes applied to placement of the check-boxes and the window with room picture relatively each other, as well as the font size of captions is changed concerning the screen resolution. Three examples of web-page layouts are presented in the Figure 3 in real scale. Placement of elements in the web page is specified using the CSS style tables. The resolution and orientation of screen are checked every 500 ms using Java Script. At the changing screen parameters the corresponding layout of the page is automatically selected and generated for a client.

86

A.L. Ronzhin and V.Yu. Budkov

Fig. 3. Examples of web-page layouts

To increase size of the controls and the room picture a pop-up menu overlaid the picture window was designed in the last version of the web-page. As a result the room picture window uses the browser resolution completely, but the menu is appeared when user need to change state of the activators or chose another camera, as it is shown in Figure 4. In the initial mode the menu is hidden and a small icon located in right upper corner of the browser reveals about existence of the menu. Since the cameras send picture, which size has aspect ratio of 4x3, at the wide screen the room picture would be shown incorrectly. To avoid this problem the proportion of the picture is saved, but released space is used for talking head model, using of which increases the naturalness of interaction. The talking head pronounces notifications coming from the room server and confirms the performing of the user commands and other changes occurred in the room. The further research will be focused on introduction the multimodal interfaces into the mobile devices, since control by dozen controllers with different functions via web browser and mobile phone is not so convenient owing to not so large screen. Taking into account limited computational resources of the mobile devices a distributed model of audio-visual processing will be used. The signals recorded by the mobile devices will be transferred to the room server, where speech recognition, head tracking and other technologies will be applied for them. Such approach will allow user to communicate with the room using speech, gestures and other natural modalities.

Multimodal Interaction with Intelligent Meeting Room Facilities

87

Fig. 4. Examples of web-page layouts with pop-up menu and talking head model

5 Conclusion The developed intelligent meeting room is a distributed system with the network of intelligent agents (software modules), actuator devices, multimedia equipment and audio-visual sensors. The main aim of the room is providing of meeting or lecture participants with required services based on analysis of the current situation. Awareness of the room about spatial position of the participants, their activities, role in the current event, their preferences helps to predict the intentions and needs of participants. Context modeling, context reasoning, knowledge sharing are stayed the most important challenges of the ambient intelligent design. Assignment of easy-to-use and well-timed services, at that stay invisible for user, is one of another important feature of ambient intelligent. In the developed intelligent room all the computational resources are located in the adjacent premises, so the participants could observe only microphones, video cameras, as well as equipment for output of visual and audio information. Implementation of multimodal user interface capable to perceive speech, movements, poses and gestures of participants in order to determinate their needs provides the natural and intuitively understandable way of interaction with the intelligent room. Development of a network of intelligent meeting rooms gives the opportunity to organize a videoconference between spatially distributed participants and facilitates to increase collaboration, access to higher knowledge/competence, reduce costs for transport and staff, and increase the quality of education due to automatic immediate monitoring by every student during the lessons. Using the various combinations of multimodal interfaces and the equipment of the intelligent meeting room the fundamental issues of human-machine interaction are studied and applied models in security medicine, robotics, logistics and other scientific areas are investigated now. Acknowledgments. The intelligent meeting room of SPIIRAS was supplied in 2008 at the financial support of the Russian Foundation for Basic Research. Full spectrum of mobile devices was donated by Nokia to study issues of remote user interaction with a smart space.

88

A.L. Ronzhin and V.Yu. Budkov

References 1. Ducatel, K., Bogdanowicz, M., Scapolo, F., Leijten, J., Burgelman, J.-C.: ISTAG - Scenarios of Ambient Intelligence in 2010. European Commission Community Research (2001) 2. Aldrich, F.: Smart Homes: Past, Present and Future. In: Harper, R. (ed.) Inside the Smart Home, pp. 17–39. Springer, London (2003) 3. Gann, D., Venables, T., Barlow, J.: Digital Futures: Making Homes Smarter. Chartered Institute of Housing, Coventry (1999) 4. Masakowski, Y.: Cognition-Centric Systems Design: A Paradigm Shift in System Design. In: 7th International Conference on Computer and IT Applications in the Maritime Industries, pp. 603–607 (2008) 5. Degler, D., Battle, L.: Knowledge management in pursuit of performance the challenge of context. Performance Improvement 39(6), 25–31 (2007) 6. Tzovaras, D. (ed.): Multimodal User Interfaces: From Signals to Interaction. Springer, Heidelberg (2008) 7. Chai, J., Pan, S., Zhou, M.: MIND: A Context-based Multimodal Interpretation Framework. Kluwer Academic Publishers, Dordrecht (2005) 8. Ronzhin, A.: Topological peculiarities of morpho-phonemic approach to representation of the vocabulary of Russian speech recognition. Bulletin of Computer and Information Technologies (9), 12–19 (2008) 9. Wallhoff, F., Zobl, M., Rigoll, G.: Action segmentation and recognition in meeting room scenarios. In: International Conference on Image Processing (ICIP 2004), pp. 2223–2226 (2004) 10. Lobanov, B., Tsirulnik, L., Železný, M., Krňoul, Z., Ronzhin, A., Karpov, A.: AudioVisual Russian Speech Synthesis System. Informatics, Minsk, Belarus 20(4), 67–78 (2008) 11. Karpov, A., Ronzhin, A.: An Information Enquiry Kiosk with a Multimodal User Interface. In: 9th International Conference Pattern Recognition and Image Analysis (PRIA 2008), Nizhny Novgorod, Russia, pp. 265–268 (2008)

Ubi-Check: A Pervasive Integrity Checking System Michel Banˆ atre, Fabien Allard, and Paul Couderc INRIA Rennes / IRISA http://www.irisa.fr/aces

Abstract. Integrity checking is an important concern in many activities, such as logistic, telecommunication or even day to day tasks such as checking for someone missing in a group. While the computing and telecommunication worlds commonly use digital integrity checking, many activities from the real world do not beneficiate from automatic mechanisms for ensuring integrity. RFID technology offer promising perspectives for this problem, but also raises strong privacy concerns as they are usually based on global identification and tracking. In this paper we present an alternative approach, Ubi-Check, based on the concept of coupled physical objects which enable integrity checking relying only on local interactions, without the support of a global information system.

1

Introduction

Integrity checking is an important concern in many activities, both in the real world and in the information society. The basic purpose is to verify that a set of objects, parts, components, people remains the same along some activity or process, or remains consistent against a given property (such as a part count). In the real world, it is a common step in logistic: objects to be transported are usually checked by the sender (for their conformance to the recipient expectation), and at arrival by the recipient. When a school get a group of children to a museum, people responsible for the children will regularly check that no one is missing. Yet another common example is to check for our personal belongings when leaving a place, to avoid lost. While important, these verification are tedious, vulnerable to human errors, and often forgotten. Because of these vulnerabilities, problems arise: E-commerce clients sometimes receive incomplete packages, valuable and important objects (notebook computers, passports etc.) get lost in airports, planes, trains, hotels, etc. with sometimes dramatic consequences. While there are very few automatic solutions to improve the situation in the real world, integrity checking in the computing world is a basic and widely used mechanism: magnetic and optical storage devices, network communications are all using checksums and error checking code to detect information corruption, to name a few. The emergence of Ubiquitous computing and the rapid penetration of RFID devices enables similar integrity checking solutions to work for physical objects. S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 89–96, 2009. c Springer-Verlag Berlin Heidelberg 2009 

90

M. Banˆ atre, F. Allard, and P. Couderc

The purpose of this paper is to present the design of such a system, and one of its application. The paper is organized as follows: in next section, we detail the problem. Then we present the design and implementation of the Ubi-Check system. Finally, some related works and perspectives are discussed.

2

The Problem

Let’s focus on a typical application scenario, which well help identify the key issues of the problem. Consider someone at the airport who is going to cross the security gate. He is required to wear off his jacket, his belt, to put in a container his mobile phone, his music player, to remove from his bag his notebook computer, and may be other objects... All that in hurry, with other people in the queue doing the same. Obviously, personal objects are vulnerable to get lost in this situation: objects can get stuck inside the scanner, can stack up on each other at the exit of the scanner, and it is easy to forget something while being stressed to get a flight. Another vulnerability is to get the object of someone else because, such as a notebook computer of the same model. The vulnerability is introduced because: 1. objects belonging to a common set have to be separated from each other in some occasion 2. getting them back together is not checked by reliable process Consider what’s happen in a computer network: digital objects are fragmented into “packets” which can be transported by independently of each other in the network. When they arrive at a destination point, packets are assembled together to rebuild the original object, which is checked for integrity. For this purpose, packets include additional information enabling error detection. Of course, networks are more complex than this simple view, with multiple encapsulation and fragmentation levels, but for the analogy with real objects and people, the basic principle is sufficient: We can consider a set of physical objects as “data” which are going to be transported and eventually separated at some occasions. At some point where the set of physical object is assumed to be complete, integrity checks will take place. For instance, in our airport security gate scenario, the integrity check would be performed on leaving the zone. Our goal is to propose an integrity checking system that could be integrated at strategic places to warn people when missing objects are detected, or that they are carrying someone’s else object. Such a system would turn some area into smart spaces where people would not have to worry of object lost, which is interesting for trains, hotels, etc. Such a system is only interesting if it can be realistically deployed, given the constraints of the real-world. To this end, some important requirements have to be considered :

Ubi-Check: A Pervasive Integrity Checking System

1. 2. 3. 4. 5.

91

ease of use and as low as possible impact on existing processes low cost for the user scalability and reliability ease of on-site integration privacy respect

We think important to insist on the two latter requirements. Integration issues can lead to death of emerging technologies or experimental systems: the cost of integrating something new into an operational infrastructure is very high, and dependence or impact on existing information systems should be as low as possible for a chance of acceptance. Privacy concerns raise strong resistance to RFID technology [8]. As we will see, a core idea of Ubi-Check is to ensure anonymous operation and no dependence on databases.

3

System Design

The Ubi-Check system is based on the principle of coupled objects. Coupled objects are a group of physical objects that are logically associated together, meaning that they carry digital information referencing other objects from the set, or representing their membership to the group. An important property is that this information is physically stored on the object. Typically, this information will be stored on RFID memory tags embedded on the objects. In our application scenario, this means that users of the Ubi-Check system would have their important objects enabled with tags. Ideally, those tags could be embedded into the object at build time by the manufacturer, but user installed tags could of course be added for objects not ready for the service. Then, there are two procedures in the system. A first one consisting of associating all the objects of a group (ie the objects of a person). And a second one

Fig. 1. Group creation and checking

92

M. Banˆ atre, F. Allard, and P. Couderc

where integrity will be checked at the appropriate places. The figure 1 sums up the process, which we detail in the following. 3.1

Group Creation

At this step, the user presents himself in small area in the range of an RFID writer, and a group is initialized for all its tagged objects: a signature is computed from individual identifiers of the tags. The identifiers can be those attributed at tag construction, or generated for the Ubi-Check system. The latter case is better to protect user’s privacy, because new identifiers can be used each time a group is created, thereby reducing the risk of user tracking by their objects. A user could create a new group a each trip for example. As we can see, a group is made of a set of identifiers. We need to store the group representation somewhere, such that the group integrity could be checked at appropriate places. Storage in a database is a straightforward solution, but it would requires that each checkpoint could access this database, through a communication infrastructure which raises several issues: – Deployment and operating cost – Reliability and scalability, because checking operation would be dependant on the availability of the communication infrastructure and the remote database, and the communication load would increase linearly with the number of users of the service – Privacy, as group representation associated with individuals would we stored in a central database. However, depending on the nature of the object identifiers and the group representation that is used, this issue may be mitigated. These issues conflict with our design goals which motivate an alternative solution, that would not depend on a remote service to operate. In the concept of coupled objects previously mentioned, the logical association between the objects (or the group membership) is part of the physical objects themselves. This can be easily implemented with RFID tags, which in addition to the identifier part, can provide a programmable memory of up to a few kilobit. The group representation will be stored in this memory. Because the size is limited and the integrity check should be fast, the group is represented by a signature, computed by a hash code function. A good discussion of hash functions in the context of RFID is [3]. This approach enables full autonomous operation of both the association points and the checkpoints. An additional property can be stored in a particular object, considered as the owner of the group: the cardinal of the the set. The owner tag would typically be associated with an object that the user would always keep with him, such as his watch. We will see in the next section how it is used. 3.2

Checking Phase

Once a group is formed, the user can move away with his objects. He can separate from his objects, but if he pass a checking point without the complete set, a warning is shown.

Ubi-Check: A Pervasive Integrity Checking System

93

The checking point is made of an RFID reader controlling a double antenna set up arranged close to each other (typically separated by one meter), in order to detect objects crossing the checkpoint. A time frame Δt is set to allow a group of objects to cross the gate. In practice, we have used an interval of 2 to 3 seconds with good success for typical pedestrian flow. A cyclic buffer logs all the identifier i passing the gate, the timestamp of the event ti , and the signature Si of the tag. The integrity check is triggered for each group that is reaching the end of its time frame, that is : ∀i such as t0 ≤ tsi ≤ t0 + Δt and Si = X where t0 is the timestamp when the first identifier of the group of signature X is read. The hash code H(i0 , ..., in ) is checked against the X, and three cases have to be considered : 1. H(i0 , ..., in ) = X, meaning that the set is complete. In Ubi-Check this is shown on as green status at the exit of the checkpoint. 2. H(i0 , ..., in ) = X, and one of the identifier has the owner status described in previous section. This means that there is at least one missing object from the group. Ubi-Check reports a warning of missing objects. The number of missing objects is known as the owner tag includes the cardinal of the set. 3. H(i0 , ..., in ) = X, and no identifier has owner status. Ubi-Check reports that you are carrying one or more objects that do not belong to you. 3.3

Implementation and Experimentation

A prototype of the system has been implemented: it uses FEIG HF 13.56 Mhz readers, controlled by a standard embedded PC, and standard HF read/write tags. A single unit can play both the roles of the group creator (association), and checkpoint. The figure 2 shows a simple set up with an LCD display used to report status. Performance of the readers allow typical rate of capture of 10 tags/s, which in practice translates into checking up to 2 users per second. As we can expect with RFID technology, and especially in this context of free mobility and on-the-fly tags acquisition, mis-read are possible. The occurrence are highly dependant on the placement of the tags in the objects, the nature and the environment of the objects. While some advices can be suggested to the users for optimal tag placement, metal proximity and other perturbation cannot always be avoided. However, as the system is based on a multiplicity of tags, read failures typically lead to false warnings, not missed warning as failing the read all the tags from a user is very unlikely. In case of a false warning, the user can pass again the checkpoint. The system was experimented with the at the “Fete de la science” in November 2008, a two days event where the general public was invited to experiment with recent scientific and technological developments. The feedback was very positive regarding the relevance of service. However, the reading reliability is currently not robust enough to allow operational deployments in environments

94

M. Banˆ atre, F. Allard, and P. Couderc

Fig. 2. A simple Ubi-Check set up

with sustained and continuous flow of people, such as airports. But in other contexts with relaxed constraints, such as in hotels, the system performance could be adequate.

4

Related Works

RFID is a hot topic with many issues given its broad application domain and emerging success in security, accountability, tracking, etc. However, the UbiCheck service and its underlying coupled-objects principle differ than many RFID systems where the concept of identification is central and related to database supported information systems. In some works, the tags memory are used to store semantic information, such as annotation, keywords, properties [1,7]. Ubi-Check is in the line of this idea: RFID are used to store in a distributed way group information over a set of physical artifacts. The concept using distributed RFID infrastructure as pervasive memory storage is due to Bohn and Mattern [2]. Maintaining group membership information in order to cooperate with “friend devices” is a basic mechanism (known as pairing or association) in personal area networks (PAN) such as Bluetooth or Zigbee. Some personal security systems based on PAN for luggages were proposed [5], which enable the owner to monitor some of his belongings, such as his briefcase, and trigger an alarm when the object is out of range. A major drawback of active monitoring is the energy

Ubi-Check: A Pervasive Integrity Checking System

95

power which is required, as well as poential conflicts with radio regulations that can exist in some places, such as in particular in airplanes. Still in the context of Bluetooth, RFID has also been used to store PAN addresses in order to improve discovery and connexions establishment time [9]. It can be seen as storing “links” between physical objects, such as in Ubi-Check, but without the idea of a fragmented group. Yet another variant is FamilyNet [6], where RFID tags are used to provide intuitive network integration of appliances. Here, there is a notion of group membership, but it resides on information servers instead of being self-contained in the set of tags as in Ubi-Check. Probably the closest concept to Ubi-Check is SmartBox [4], where abstractions are proposed to determine common high level properties (such as completeness) of groups of physical artifacts using RFID infrastructures.

5

Conclusion

We presented a service for enabling smart spaces to check that people do not leave a protected area without all their belongings, or with objects of other people. The system is based on completely autonomous checkpoints, and logical group distributed over a set of physical artifacts. The strong points of this solution are its independence of any remote information system support or network support, and user’s privacy respect as it is anonymous and does not relies on global identifiers. As we have seen, RF reading reliability have to be improved for some application scenarios. We have also examined other scenarios, such as checking at home the integrity of a complex medical prescription with a group of medication set up by a druggist. In further research we are investigating other variations of the coupled-objects concept to improve trust and accountability in logistic and e-commerce.

References 1. Banˆ atre, M., Becus, M., Couderc, P.: Ubi-board: A smart information diffusion system. In: Balandin, S., Moltchanov, D., Koucheryavy, Y. (eds.) NEW2AN 2008 / ruSMART 2008. LNCS, vol. 5174, pp. 318–329. Springer, Heidelberg (2008) 2. Bohn, J., Mattern, F.: Super-distributed RFID tag infrastructures. In: Markopoulos, P., Eggen, B., Aarts, E., Crowley, J.L. (eds.) EUSAI 2004. LNCS, vol. 3295, pp. 1–12. Springer, Heidelberg (2004) 3. Feldhofer, M., Rechberger, C.: A case against currently used hash functions in RFID protocols, pp. 372–381 (2006) 4. Floerkemeier, C., Lampe, M., Schoch, T.: The smart box concept for ubiquitous computing environments. In: Proceedings of sOc 2003 (Smart Objects Conference), Grenoble, May 2003, pp. 118–121 (2003) 5. Kraemer, R.: The bluetooth briefcase: Intelligent luggage for increased security (2004), http://www-rnks.informatik.tu-cottbus.de/content/unrestricted/ teachings/2004/

96

M. Banˆ atre, F. Allard, and P. Couderc

6. Mackay, W., Beaudouin-Lafon, M.: Familynet: A tangible interface for managing intimate social networks. In: Proceedings of SOUPS 2005, Symposium On Usable Privacy and Security. ACM, New York (July 2005) 7. Noia, T.D., Sciascio, E.D., Donini, F.M., Ruta, M., Scioscia, F., Tinelli, E.: Semantic-based bluetooth-rfid interaction for advanced resource discovery in pervasive contexts. Int. J. Semantic Web Inf. Syst. 4(1), 50–74 (2008) 8. Peris-Lopez, P., Castro, J.C.H., Est´evez-Tapiador, J.M., Ribagorda, A.: Rfid systems: A survey on security threats and proposed solutions. PWC, 159–170 (2006) 9. Salminen, T., Hosio, S., Riekki, J.: Enhancing bluetooth connectivity with rfid. In: PERCOM 2006: Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications, Washington, DC, USA, pp. 36–41. IEEE Computer Society, Los Alamitos (2006)

Towards a Lightweight Security Solution for User-Friendly Management of Distributed Sensor Networks Pentti Tarvainen1, , Mikko Ala-Louko1, Marko Jaakola1, Ilkka Uusitalo1 , Spyros Lalis2 , Tomasz Paczesny3, Markus Taumberger1 , and Pekka Savolainen1 1 VTT Technical Research Centre of Finland, Kaitov¨ ayl¨ a 1, P.O. Box 1100, FI-90571 Oulu, Finland [email protected] 2 Centre for Research and Technology Thessaly (CERETETH), Technology Park of Thessaly, 1st Industrial Area, GR 385 00, Volos, Greece [email protected] 3 Warsaw University of Technology (WUT), Pl. Politechniki 1, 00-661 Warszawa, Poland [email protected]

Abstract. Wirelessly networked sensors and actuators are a cornerstone of systems that try to introduce smartness in a wide range of outdoor and indoor environments. The robust and secure operation of such systems is of central importance and will definitely play a key role in terms of their adoption by organizations and individuals. However, the commonly applied security mechanisms based on current standards are either resource consuming, inconvenient to use, or both. In this paper, a generic, lightweight and user-friendly approach to implement secure network management and confidentiality in a Distributed Sensor Networks (DSNs) is proposed. Keywords: information security, distributed sensor network, wireless network, network management.

1

Introduction

A new era of applications programming is coming, triggered by the appearance of the new generation of wireless embedded microcontroller and sensoractuator devices. Besides mobile phones and PDAs (Personal Data Assistants), programmable nodes with sensing and actuating capabilities are already embedded in household appliances and cars; in the recent years compute-sense-actuate units also come as separate, small, multipurpose and ad-hoc wireless devices (aka motes) which can be deployed in a straightforward way. With the increasing power-efficiency of embedded systems and ad-hoc wireless technologies, we can expect wireless distributed monitoring and control systems and applications spreading from high-end to more commodity use. 

Corresponding author.

S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 97–109, 2009. c Springer-Verlag Berlin Heidelberg 2009 

98

P. Tarvainen et al.

Such systems, henceforth referred to as Distributed Sensor Networks (DSNs), are expected to have a strong connection to our everyday life, and at least economic losses are expected in case of failures during their operation. The additional value of wireless DSNs is largely in their flexible deployment and communication capability. However, this also opens up most of the security1 vulnerabilities of such systems. There are known attack methods to compromise the ad-hoc communication channel between the nodes of a network. There are also precaution mechanisms built into the communication standards, to support the generation of network keys as well as the encryption and decryption of the messages. But increased security usually translates to increased cost, both in terms of development effort and run-time resource consumption. At the same time, the system must be maintenance-free or at least easily manageable even by non-technical users. To make matters worse, most of the security aids provided to the application developer are specific to the networking technology being used, i.e., there is the risk of having to re-define security-related protocols and implementations as part of the system’s evolution. Hard application coding and the lack of portability of the security logic – or low security and reliability – can turn out to be an obstacle for the DSN technology penetration to the mass market. Motivated by these challenges, this paper presents a lightweight and portable security solution for DSNs designed by the authors in the POBICOS project [1]. The solution enables the user to manage such a system in a straightforward way and achieves sufficient data confidentiality at the application level. The rest of this paper is organized as follows: Section 2 briefly discusses the related work. Section 3 provides a short introduction to the DSNs and their inherent vulnerabilities, security threats and requirements. In section 4 we propose two novel approaches to manage security in the DSNs, thus providing practical mechanisms and security protocols for implementation in typical DSN context. Section 5 discusses implementation issues of the security abstraction and, finally, section 6 summarizes the paper and delineates the future work.

2

Related Work

Existing security methods are available for many of the threats present in sensor networks but they are usually too resource consuming to be used in DSNs [2,3,4]. Actuator nodes, when present in the DNS, introduce increased risk. However, most of the research done in the field of DSNs does not consider that actuator nodes could exist in the network. A security related work that takes actuator nodes into account has been published in [5,6,7]. DSN security issues and a public key cryptography based key establishment scheme for DSNs are given in [7]. A cluster based communication architecture around each actuator of a DNS could be used to reduce the key management overhead. To suit this demand, a suchlike, scalable, energy efficient routing algorithm is introduced in [5]. 1

In this paper, the term security is used to refer to information security as well as protection against unauthorized access and control.

Towards a Lightweight Security Solution

99

Sensor networks, such as the ZigBee [8] and the WirelessHART [9], are based on the IEEE 802.15.4 [10] standard. For example, in the ZigBee there are two different modes defined for security-related operations; the “commercial mode” and the “residential mode”. In the “commercial mode”, three different types of encryption keys are used to ensure network security. Hence, the memory required for the ZigBee Trust Center grows with the number of devices in the network and it also requires implementation of key establishment using specific protocol and entity authentication. Due to these issues, the “commercial mode” is not suitable for purposes of the DSNs. In the “residential mode”, only one network key can be used. All devices using this shared key encrypt and decrypt information. This approach requires little resources from the ZigBee Trust Center. The memory required for the Trust Center does not grow with the number of devices in the network. Due to that, this mode can be exploited in the DSN security approach. However, the network protocol is not encrypted during the first steps of delivery of the network key and the “residential mode” lacks in security until the network key is spread to all the devices in the network. Moreover, in the “residential mode” the IEEE 802.15.4 based sensor networks are vulnerable to “insider attacks”, i.e. a malicious node knowing the network key can attack the system from inside.

3

Distributed Sensor Networks (DSNs)

Distributed sensor networks consist of large amounts of spatially distributed, selforganizing, low power, low cost sensor nodes deployed to monitor and possibly control certain physical variables such as temperature, humidity or luminosity. The capabilities of these sensor nodes include computing, sensing, wireless communication and optionally actuating. Each node is also responsible of routing in a multi-hop fashion, constituting effectively an ad-hoc network with other nodes. Earlier it was common to deploy large numbers of similar sensor nodes to a sensor field to monitor usually a single physical variable such as temperature [2]. Nowadays DSNs are becoming more common in the domain of private homes as well, in the spirit of the Internet of Things or cooperating objects. Not only does this cause significant heterogeneity, also in many application scenarios DSNs handle confidential data that has to be kept secure and private from outsiders. This creates the need for security and privacy mechanisms [3,11]. New approaches are required that allow to manage DSNs intuitively while maintaining security and privacy of the users home and data. However, the implementation of these features on networks without infrastructure, consisting mostly of low-resource nodes, is much more troublesome than in infrastructure supported, high-resource networks. The amount of overhead must be kept small to minimize the energy consuming radio transmission time among the sensor nodes, memory space for key storage is limited, and the computational power used for security functions has to be kept small. In addition, the security mechanisms have to be scalable to support networks with varying amounts of nodes [6]. These constraints limit how extensive the used security features can eventually be.

100

P. Tarvainen et al.

Due to the wireless nature of communication the DSNs are vulnerable to several security attacks such as eavesdropping, denial-of-Service (DoS), tampering, selective forwarding, sinkhole attack, wormhole attack, and sybil attack. The DSNs have also specific security requirements such as data confidentiality, data authenticity, data integrity, and data freshness. Detailed descriptions of these threats and requirements can be found for example in [2,4,12,13].

4

Security Protocols and Mechanisms for the DSN

At the network level, our proposed security solution for the DSN Devices offers two levels of security: (1) a One Network Key Approach ( Figure 1) and (2) on utilization of the public and private key pairs, i.e. an Identity-based Cryptography Approach (Figure 2). These two approaches are alternative and selectable by application developer. The security of the DSNs is based on utilization of a security card (S-Card) as a network-specific trust centre, bearing responsibility over all the security-related configuration actions. The S-Card is like a safe deposit box of the network, withholding the network’s sensitive configuration data. The S-Card is networkspecific, thus it does not interfere with other (e.g. next-door neighbours’) networks beside the one it belongs to. User access to the S-Card is secured by a personal security code. Delivery of the network keys into the devices can be performed by means of the S-Card with close proximity. A Trust Center distributes network keys for the purpose of the DSN and end-to-end application configuration management. The Trust Center software is running on the S-Card. 4.1

One Network Key Approach

In the following we focus on the functionality of the S-Card in the case of the One Network Key Approach. (Figure 1). In this approach, the DSN Device securely communicates with other devices using one 128-bit network key and network identification code. For purposes of trust management, the device accepts an active network key originating from the Trust Center via unencrypted key transport with close proximity. The Trust Center maintains a list of devices and network keys of all the devices in the network and controls policies of network admittance. Network key can be updated periodically. Furthermore, it is assumed that “insider attacks” are not possible due to the limitations of the One Network Key Approach, i.e. no rogue device is assumed to get hold of the network key. In user authentication, the DSN security solution exploits the S-Card with integrated keyboard and user-configurable security code. In addition, each SCard contains an extended security code which can be used to reset devices in the network in the cases of security code or S-Card getting lost. In following steps, close proximity is used in communication between the S-Card and the DSN Devices during key distribution.

Towards a Lightweight Security Solution

101

DSN Network 1 Security-Card1: Network Key1, Network ID1 Trust Center Security Code1, Extended Security Code1 Ext

Close Proximity: NWK Key1, NWK ID1 Close Proximity: NWK Key1, NWK ID1

NWK Key1 + NWK ID1 Blocked

Outside Attacker

DSN Network 2 User

Security-Card2: Network Key2, Network ID2

Close Proximity: NWK Key2, NWK ID2 N

Inside Attacker Unblocked NWK Key2 + NWK ID2

Trust Center Security Code2, Extended Security Code2

Close Proximity: NWK Key2, NWK ID2

Fig. 1. One Network Key Approach

A new S-Card is taken into use with the steps as follows: 1. User acquires a S-Card from genuine dealer and brings the S-Card home, 2. The S-Card comes with a manual containing the extended security code for the S-Card. The user stores the extended security code in a safe place, 3. User activates the S-Card by pressing a button on it and is prompted to type in a security code of choice, 4. User types in a security code and is asked to confirm it by retyping, 5. S-Card generates a network key and network ID from the S-Card’s 64-bit hardware address. As a result, the S-Card now contains the user’s security code, extended security code, network key and network ID, 6. User takes the S-Card into use and activates DSN Devices in his/her home A user can manage several DSNs by acquiring additional S-Cards which can each be configured to use the same security code. Each S-Card contains the security credentials of the corresponding network in addition with the user specified security code. The user can move DSN Devices between different DSNs by using a single security code and the S-Cards of each network respectively. Adding a new device to the network can be performed as follows: 1. User brings the S-Card close to a DSN Device, 2. Near Field Connection (NFC) between the S-Card and the DSN Device can now be established,

102

P. Tarvainen et al.

3. User enters the security code (in the case of a new S-Card the security code is entered twice), 4. User is verified by the security code known by the S-Card (the S-Card is personal to the user), 5. The S-Card sends the user’s security code, S-Card’s extended security code, network key and network ID to the DSN Device. In addition, the S-Card sends an up-to-date list of other DSN members, the Member Table, to the new DSN Device, 6. If the user’s security code and the S-Card’s extended security code correspond to the ones previously transmitted to the DSN Device, network key, network ID and Member Table are accepted by the Device. If this is the first security code that the device hears, it learns it and stores it into its memory along with the S-Cards extended security code, network key, network ID and Member Table, 7. Having the required security credentials, the DSN Device attempts to join the network, 8. At this point, the new DSN Device gets its DSN address that is calculated from the underlying network’s network address at the hardware layer (HAL), 9. The new DSN Device broadcasts exactly once, with unreliable transport messaging, a new Member Table after it has added its own address to it, 10. The S-Card and all the other DSN Devices in the network update their Member Tables with the one that contains the new Device After the steps above the DSN IS READY TO OPERATE IN SECURE MANNER, i.e. air interface is secured against “outsider attacks”. Autonomous Device leaving from the network happens as follows: 1. When in range of the DSN, the S-Card monitors the network state by receiving updated Member Tables that are being broadcasted when changes in the network membership occur. For this purpose, the S-Card utilizes similar communication technology used by normal DSN Devices, i.e. it is a member of the DSN when not in NFC-mode. If the S-Card notices that a single DSN Device has dropped out from the Member Table permanently, a global network key change is issued in the network by the S-Card, 2. The S-Card receives an updated Member Table from the DSN that indicates that a DSN Device has left the network, 3. The S-Card waits for a constant time period during which it pings the missing device periodically. If the DSN Device that was missing reappears, i.e. answers to ping, no operations are needed and the S-Card is no longer in the waiting mode, 4. The constant time period ends and the DSN Device hasn’t reappeared in the network, 5. The S-Card generates a new network key from its 64-bit hardware address and issues a global network key change by sending the new network key to each node explicitly by using reliable communications, 6. Once every device in the DSN has acknowledged the new network key transport message, the S-Card changes its own network key to the newly generated

Towards a Lightweight Security Solution

103

one. If a single DSN Device is not in range of the network during the network key change it is dropped out and must be added again to the network as specified in section “Adding a new device to the network” Removing a Device from the network is performed as follows: 1. The user wants to remove a malfunctioning Device X from the DSN via the S-Card, 2. The S-Card initiates a global network key change as specified in section “Autonomous Device leaving from the network” in such a way that the new network key is sent to all devices in the DSN except the Device X which is to be left out of the DSN, 3. After the network key change, the S-Card broadcasts a new Member Table where Device X has been dropped out, 4. The remaining devices in the network communicate now with the new network key encryption and the malfunctioning Device X is left out of the DSN If the user forgets his/her security code, the extended security code of the S-Card can be used to reset a DSN Device into a state where it accepts a new security code, i.e. the step described in section “Adding a new device to the network” can be performed. The device reset must be performed on every device separately with NFC-connection. Similarly, the S-Card’s user-configurable security code is reset when using the extended security code. If the user has lost the extended security code of the S-Card, a genuine dealer must be contacted. If the user loses the S-Card of the DSN, a new S-Card must be acquired from a genuine dealer. Having the new S-Card, the user can reset all his/her DSN Devices by typing the extended security code of the lost S-Card while in NFCconnection mode. This action must be performed on every Device respectively. After this, the new S-Card can be used to reconfigure the network as specified earlier. If both S-Card and the corresponding extended security code are lost, the user is required to get the memories of his/her DSN Devices flashed by a dealer or technician. 4.2

Identity-Based Cryptography Approach

In Identity-Based Cryptography Approach, the users’ or devices’ identity information, such as unique names, can be used as public keys for encryption and/or signature verification [14,15,16]. Identity-based cryptography reduces the complexity and management cost of public-key cryptography systems by eliminating the need for a key directory and public-key certificates. Identity-based cryptography allows any party to generate a public key from a known identity value. A trusted third party, called the Private Key Generator (PKG), included in the Trust Center, generates the corresponding private keys. To operate, the PKG first publishes a master public key, and retains the corresponding master private key. Given the master public key, any party can compute a public key corresponding to the identity ID by combining the master public key with the identity

104

P. Tarvainen et al.

DSN Network 1 Security-Card1: Master Public Key1, Master Private Key1 Trust Center + PKG

Close Proximity: Master Public Key

Public Key1 = Master Public Key1 + Node ID1

Node ID Private Key = Master Private Key + Node ID

Close Proximity: Security Code1, See the steps Extended Security Code1 a above

Encryption with Public Key + Node ID Blocked Outside Attacker Inside Attacker

Decryption with Private Key

User

Security-Card2: Master Public Key2, Master Private Key2

DSN Network 2 Close Proximity: See the steps above

Encryption with Public Key + Node ID

Trust Center + PKG Security Code2, Extended Security Code2

Blocked

Close Proximity: See the steps above

Decryption with Private Key

Fig. 2. Identity-based Cryptography Approach

value. To obtain a corresponding private key, the DSN Device with identity ID contacts the PKG, which uses the master private key to generate the private key for identity ID. As a result, parties may encrypt messages (or verify signatures) with no prior distribution of keys between individual participants. In [17] the authors propose to assign a descriptive identity to nodes, meaning the identity will represent the function of the node in the network. If there is more than one node with the same function, the identity will include additional information to differentiate those nodes, e.g. location or serial information. When DSN Device A wants to send information to another DSN Device B, it will first obtain the identity information of B from device’s own local database, and then use this information, together with master public key, to encrypt the information. Each DSN Device will also be granted a private key associated with its public identity information and will use that key to decrypt information destined to it. The Trust Center generates the key pair for each DSN Device in the network. The private key would be deployed by means of close proximity (Figure 2). The working steps in more detail is as follows: 1. The Trust Center generates a master public key, Master-key, and transfers it to the DSN Device with close proximity, 2. A DSN Device joins the network and authenticates with the Trust Center by using its identity information, Node ID. The membership approval can be done manually by means of close proximity,

Towards a Lightweight Security Solution

105

3. Being approved, the DSN Device is granted with a private key, associated with its identity information by means of close proximity, 4. Devices publish their Node ID in cleartext along with their Node ID and address encrypted with their private key. If Device A wants to communicate with Device B, it decrypts B’s encrypted contact info using the master public key and the published Node ID of B. If the decrypted Node ID matches the published Node ID, A knows that the decrypted address corresponds to B. The information sent to B can be encrypted using A’s private key, and B can decrypt it using the same (symmetrical) process, based on A’s published (or piggybacked) contact info, 5. The encrypted message passes through multiple hops to reach the destination. The message is secure since only the designated DSN Device can decrypt and read the information using its private key In a system of N nodes, N key pairs and N node IDs are needed to retrieve and maintained, so the implementation would not be too complex. Also the Trust Center would need only a bit more resources to generate and distribute the key pairs.

5

Implementation of the Security Abstraction

At network level, the DSN is wireless and it can be located for example on top of star, tree, and mesh topologies. Security related issues are hidden from end-users as far as possible. At node level, the DSN security solution exploits a stack architecture principle made up of a set of layers (Figure 3). Each layer performs a specific set of services for the layer above. The architecture builds on this foundation by providing a Network and Security Adaptation Layer and a framework for a Core Middleware (CMI) Layer. The Core Middleware (CMI) Layer includes a Communications Module (CommM) Layer that allows frame security and device authentication to be based on network and cryptography keys. Furthermore, the layer is responsible for the processing steps needed to securely transmit outgoing frames, securely receive incoming frames, and securely establish and manage network and cryptography keys. In addition, the layer is responsible for network management, device authentication, and software data encryption. The Network and Security Adaptation Layer acts as “glue” between hardware and the core middleware. The layer includes Best-effort Transport, Reliable Transport, and Fragmentation services. The layer is responsible for (1) processing steps needed to securely transmit outgoing frames, and (2) securely receive incoming frames. The underlying network technology (i.e. the Medium Access Control (MAC) Layer and the Physical (PHY) Layer) below the Network and Security Adaptation Layer may vary. The basic principle in our security approach is that the underlying layers adopt the security mechanisms from the used sensor network technology if available. In addition, a software encryption scheme is introduced to support platforms with no prior security mechanisms.

P. Tarvainen et al.

SECURITY SUITES

Data Entity Service Access Point

Management xME-SAP Entity Service Access Point

DSN Defined

EntityHALI

Communications Module (CommM) DatagramTransportI

ReliableTransportI

NetworkMgmtI

Network and Security Adaptation Layer MLDE-SAP

Layer Interface xDE-SAP

API-SAP Generic Instructions

Core Middleware (CMI) Layer

S-Card including Trust Center One Network Key Approach or Identity-based Cryptography Approach

APPLICATION

API-SAP Non-Generic Instructions

MLME-SAP

Medium Access Control (MAC) Layer PLDE-SAP

PHY Layer, HARDWARE

PLME-SAP Air Interface

Underlying NWK Defined

106

Fig. 3. DSN security architecture at node level

In proposed security solution of the DSNs the actual physical network technology below the Network and Security Adaptation Layer may vary and the underlying layers adopt the security mechanisms from the used technology. As an example, in following we focus on implementation of the security abstraction in the case of the ZigBee based networks. To avoid the lack in the “residential mode” the DSN security solution exploits the proposed S-Card approach in close proximity delivery of the network keys to all the devices in the network. After the delivery is completed, the DSN Devices are able to communicate via interface in a secure manner. The proposed One Network Key Approach is able to protect the DSN against the “outsider attacks”, but not against the “insider attacks”. However, there are possibilities to achieve this, although the system will get a bit more complex as the number of keys and the complexity of algorithms grows. A solution against “insider attacks” is to provide node and message authentication by using the proposed Identity-based Cryptography Approach. The Datagram Transport and Reliable Transport use the HW encryption provided by the ZigBee radio processor (instead of the optional SW encryption), so the encryption takes place underneath the Network and Security Adaptation Layer. The encryption key is initialized during the joining into the network. Functionality of the Network Management is as follows: – Network key changes (for hardware encryption) are implemented by configuring the proper key in, and then committing a ZigBee stack restart, – A global network key change sends the new key for every network member explicitly; after this every node reboots into the new security scheme after a coarse synchronization period,

Towards a Lightweight Security Solution

107

Table 1. Commands and events of the NetworkMgmtI -interface

Command or Event

Short Description

Attaches the node into a DSN, which is idencommand int joinNetwork (idtype NetworkID, keytype tified with NetworkID and encrypted with NetworkKey, addrtype *Addr) NetworkKey. After a successful joining, the node’s new device address is in Addr. command int leaveNetwork ()

Removes the node from the current DSN.

command int Returns the current local knowledge of other getNetworkMembers (addrtype network members into Addr in a list form. Total count of the other members is stored in **Addr, int *len) len. This event’s purpose is to update the node’s event void knowledge of other network members. networkMembersChanged (addrtype **Addr, int *len) command int banNodeFromNetwork (addrtype Addr)

Used to ban a node from the network.

command void Writes the node’s DSN address in Addr. getMyNetworkAddr (addrtype *Addr) command int isReachable (addrtype *Addr)

Queries the liveliness of a node.

event void reachableResp (int result)

Denotes the result of liveliness query.

command int Used for setting the network ID locally. The setNetworkIDLocally (idtype command is needed in both ”initial” joining into the DSN, and also during a network NetworkID) change. command int setNetworkKeyLocally (keytype NetworkKey)

Used for setting the network key locally. Similarly like above, the command is needed in both ”initial” joining into the DSN, and also during a network change.

command int refreshNetworkKeyGlobally (keytype NetworkKey)

Used for changing the network key within the whole network. The command enables changing of the network key for all currently networked nodes with the single S-Card authentication operation.

event void networkKeySet (keytype NetworkKey)

Denotes a remote network key change.

108

P. Tarvainen et al.

– Banning a node drops the banned node from the network Member Table, broadcasts this and then sends a new network key for every remaining network member explicitly (like above), – Lengths of DSN ID and single network key should be mapped to ones used in ZigBee. Therefore the most straightforward solution is to adopt in DSN exactly same lengths of ID and network key as in ZigBee. Interfaces (i.e. DatagramTransportI, ReliableTransportI, and NetworkMgmtI) of the Communications Module (CommM) include the commands and events needed in implementation of the protocols described in section 4. As an example, Table 1 describes the commands and events of the NetworkMgmtI -interface when using the One Network Key Approach for securing the DSN.

6

Summary and Future Work

Two approaches to guarantee security in Distributed Sensor Networks (DSNs) has been described. In both of the approaches the security of the DSNs is based on utilization of the security card (S-Card) as a network-specific trust centre, bearing responsibility over all the security-related configuration actions. The proposed One Network Key Approach is able to protect the DSNs against the “outsider attacks” while the proposed Identity-based Cryptography Approach is able to protect the DSNs against both “outsider attacks” and “insider attacks”. Next phase of this work is to implement and validate the approaches in practice. Acknowledgments. We like to thank Dr. Jaroslaw Domaszewicz and Mr. Aleksander Pruszkowski from the Warsaw University of Technology for their significant contributions in the POBICOS project [1] where this work originates to. The POBICOS project is co-funded by the European Commission under EU Framework Programme 7 and the consortium partners of the POBICOS project.

References 1. POBICOS: Www pages of pobicos-project, platform for opportunistic behaviour in incompletely specified, heterogeneous object communities (2009), http://www.ict-pobicos.eu/index.htm 2. Baronti, P., Pillai, P., Chook, V.W.C., Chessa, S., Gotta, A., Hu, Y.F.: Wireless sensor networks: A survey on the state of the art and the 802.15.4 and zigbee standards. Computer Communications 30(7), 1655–1695 (2007) 3. Wang, Y., Attebury, G., Ramamurthy, B.: A survey of security issues in wireless sensor networks. IEEE Communications Surveys & Tutorials 8(2), 2–23 (2006) 4. Walters, J.P., Liang, Z., Shi, W., Chaudhary, V.: Wireless sensor network security: A survey. Auerbach Publications, CRC Press (2006) 5. Hu, F., Siddiqui, W., Sankar, K.: Scalable security in wireless sensor and actuator networks (wsans): integration re-keying with routing. Computer Networks 51(1), 285–308 (2007)

Towards a Lightweight Security Solution

109

6. Czarlinska, A., Luh, W., Kundur, D.: Attacks on sensing in hostile wireless sensoractuator environments. In: Proceedings of Global Telecommunications Conference, GLOBECOM 2007, November 26-30, pp. 1001–1005. IEEE, Los Alamitos (2007) 7. Yu, B., Ma, J., Wang, Z., Mao, D., Gao, C.: Key establishment between heterogenous nodes in wireless sensor and actor networks. In: Shen, H.T., Li, J., Li, M., Ni, J., Wang, W. (eds.) APWeb Workshops 2006. LNCS, vol. 3842, pp. 196–205. Springer, Heidelberg (2006) 8. ZigBee: Zigbee specification. Technical Report 053474r17, ZigBee Alliance, Inc. (January 17, 2008) 9. HART: Wireless hart (2009), http://www.hartcomm2.org/index.html 10. IEEE: Std. 802.15.4-2006, part 15.4: Wireless medium access control (mac) and physical layer (phy) specifications for low-rate wireless personal area networks (wpans). Technical report, IEEE Inc. (September 8, 2006) 11. Boyle, D., Newe, T.: Security protocols for use with wireless sensor networks: A survey of security architectures. In: Proceedings of the 3rd International Conference on Wireless and Mobile Communications, ICWMC 2007, Washington, DC, USA, p. 54. IEEE Computer Society, Los Alamitos (2007) 12. Savola, R., Abie, H.: On-line and off-line security measurement framework for mobile ad hoc networks. Accepted to the Journal of Networks Special Issue, 13 (June 2009) 13. Savola, R.: Current and emerging information security challenges for mobile telecommunications. In: Proceedings of the 10th Int. Symposium On Wireless Personal Multimedia Communications (WPMC 2007), December 3-6, pp. 599–603 (2007) 14. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985) 15. Nguyen, S.T., Rong, C.: Zigbee security using identity-based cryptography. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 3–12. Springer, Heidelberg (2007) 16. Cocks, C.: An identity-based encryption scheme based on quadratic residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001) 17. Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)

Cross-Site Management of User Online Attributes Jin Liu Nokia Siemens Networks (Beijing) No. 14, Jiu Xian Qiao Road, Beijing 100016 [email protected]

Abstract. People spend time on web 2.0 sites to contribute contents and make connections with each other. On these sites a user wants to selectively reveal parts his attributes to other users, and he also wants to know more attributes of another user. Users’ online attributes are often distributed across multiple sites since most users visit more than one web sites. Currently only the attributes within a specific web site can be queried on that site. This paper proposes a new solution, based on federated identity management, to enable an end user to query the cross-site attributes of another person as easily as possible. Keywords: online attributes; federated identity management; cross-site; web 2.0 mashup.

1 Introduction The prosperity of web 2.0 sites witnesses how people enjoy to contribute contents and make connections with other people. Often the user creates personal account at the sites, either to receive better services or required by the site. At the site associated with each account are the user’s attributes, which are in fact fallen into two categories. One is what the user claims by himself, and the other one is what the site claims about the user. When a user creates account, he is usually asked to input his birthday, interest, occupation and so on. Unless the site verifies these information, the data does not represent anything meaningful to other users. The other kind of user data, claimed by the site, is sometimes called ‘reputation’. Examples of these attributes are visit history, activity statistics, his social connections on the site, evaluation by other user and so on. In this paper, we focus on this category of data and use the generic term ‘online attributes’ to denote what the site claims about the user. The online attributes are important assets for the subject user and the web site. The subject user sees his attributes as accumulated activities rectifiable by a third party (the web site), instead of something from his own mouth. For the sites, especially those social network sites with which user interacts intensively, the users’ attributes are among their core competences. To retain existing subscribers and attract new users, web sites encourage its users to contribute content and connect with other users. For other users of the web site, the public attributes of the subject user have a significant influence on whether the contribution content of the subject user (posts, comments etc.) worth reading. S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 110–119, 2009. © Springer-Verlag Berlin Heidelberg 2009

Cross-Site Management of User Online Attributes

111

Although a single site can provide attribute query service on that site, anything more that is not an easy task for both the site and the users. Since an internet user frequently visits more than one web sites, his attributes are distributed on multiple sites. The problem arises when the query user wants to know cross-site attributes of the subject user. This cross-site attributes management is what this paper seeks to address, by introducing identity management technologies. Federated identity, or the ‘federation’ of identity, describes the technologies which serve to enable the portability of identity information across otherwise autonomous security domains. The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, and without the need for completely redundant user administration. Typical use-cases involve things such as cross-domain, web-based single sign-on, cross-domain user account provisioning and cross-domain entitlement management. It can drastically improve the end-user experience by eliminating the need to redundantly login through crossdomain single sign-on. The rest of this paper is organized as follows. Section 2 describes the problem scenario in detail and the state-of-art solutions. The proposed framework and its implementation considerations are described in Section 3. At last, we conclude in Section 4.

2 The Problem and Current Solutions Figure 1 shows the generic issue when querying the cross-site online attributes.

Web site 1

Query User (A)

Web site 2

Web site 3

Subject User (B)

Fig. 1. Generic issue: user A can get user B’s attributes on web site 1, but not those on web site 2 and 3

Suppose user A is a frequent visitor of web site 1, and user B often visits web site 1, 2 and 3, each of which he has some online attributes associated with and stored at. Now when user A browses web site 1 and finds the identity of user B is interesting, A would like to know more about B. Often web site 1 can provide such services to display B’s public attributes on the site. However, there is no way for A to know B’s

112

J. Liu

public attributes on web site 2 and 3. Given the huge amount of web sites, it is impossible for A to go to web site 2 and 3 to query B’s attributes - A has no knowledge at all of which sites B may visit, not mentioning B may register different user names on web site 2 and 3. A concrete example is for a hotel booking web site. Suppose Alice is going to book a hotel, and she notice there are several comments about the hotel by other users. She is not sure about the trusty of the comments and thus it is hard for her to judge the quality of the hotel. Ideally if Alice found one comment author Bob is a active member of online photo sharing web site, and she sees the travel photos taken by Bob, she will be more convinced that Bob’s comment is a trusty reference for her decision. The state-of-arts solution does not provide a satisfactory mechanism for end users to query the cross-site attributes of another user. The internet search engines are often used by users to try to find information about an identity. The querier user has to open a new browser windows and type the subject user’s name into the search engine’s page, then guess which search results maybe relevant by his own judgment. The inconvenience continues as the querier has to open each result link to see whether that link contains useful information about the subject user. Clearly one disadvantage is that user IDs on different sites cannot easily be linked since different sites have different user IDs for the same end user. Furthermore, not all information will be indexed by search engines and search results are not guaranteed to be valid information sources. Another solution is to resort to a personal homepage or its variations. In case the subject user has his personal page which contains the owner’s identity information on other sites, the querier user can get the subject user’s identities on other service providers and use this information to obtain user attributes. However, such an arrangement requires the querier user to go to each service provider separately to obtain the user attributes, thereby interrupting the browsing experience of the second user. Also it is hard for a personal homepage to authenticate the visitor and selectively display information according to visitor’s identity. OASIS SAML [1] defines AttributeQuery and AttributeStatement to enable a relying party to query the attributes about a subject from an SAML asserting party. While AttributeQuery and AttributeStatement are useful building blocks for communications between back-end servers, it does not consider the end user browsing experiences which is the target issue this paper attempts to address. Online reputation has been thoroughly studied [2-5]. Those works investigate how to build a reputation system to generate/use fair reputation value. The results are complementary to this paper: what this paper tries to solve is not the reputation/attributes value itself, but how to aggregate and propagate the attribute to users on other system in a secure and yet convenient way.

3 Framework for Cross-Site Online Attribute Management The typical function of the Identity Provider (IdP) is to authenticate the end user and provide identity assertions/claims to the relying site, illustrated in Figure 2.

Cross-Site Management of User Online Attributes

113

Fig. 2. Standard working diagram of IdP

To solve the cross-site attribute query issue, we propose to reverse the data flow direction and enhance the IdP to act as the attribute hub for its users. Figure 3 illustrates the proposed cross-site online attributes management, where the attribute owner, the web sites, the IdP and the querier are involved. Identity Provider User attribute data Query results Web Sites

Querier Internet activities

Subject user (attribute owner) Fig. 3. Cross-site online attributes management

The attribute owner, who is an end user and is willing to controllably reveal some of his online attributes, gives permission to the web sites specifying what attributes can be transferred to IdP. He also instructs the IdP directly or indirectly about what attributes can be queried by which querier. The web sites maintain user’s online attributes and transfer the attributes to Identity Provider upon the user’s request. Other operation modes like periodically transfer to

114

J. Liu

IdP or actively push whenever there is an update are also possible so long as the subject user permits. The interface between the web site and IdP can be SAML, Web Service or other protocols. The Identity Provider traditionally provide identity assertion service to other relying parties, but here in our proposal the IdP receives identity and attributes assertion from web sites. The IdP returns the attributes to the querier under the privacy policy of the attribute owner. The querier simply sends the query request to IdP directly or through the web site he is browsing, then the available attributes of the target user is returned. The querier may be authenticated by IdP to determine which attributes can be seen by him. 3.1 Implementation Considerations To build a complete cross-site attributes management solution, provision and query are the main operations needs to be considered. 3.1.1 Provision User Attributes to IdP Attributes of subject users must be provisioned to IdP from the web sites before any cross-site query request can be processed. An implementation example is through OASIS SAML AttributeQuery and AttributeStatement message, as shown in Figure 4.

Fig. 4. IdP obtain user attributes from website

1. 2. 3. 4.

The end user logins to his IdP. The IdP authenticates the user through username/ password or other methods. After a successful authentication, the user’s personal portal web page is returned. Within the page there are links of ‘Get my attributes from the web sites’. The user click the ‘Get my attributes’ link for the sites where he wants the IdP to retrieve his attributes.

Cross-Site Management of User Online Attributes

5.

115

IdP sends SAML AttributeQuery message to web site 1. The message is used to get the requested attributes for this user. To retrieve all attributes available from the website, the IdP sends the AttributeQuery that contains no <saml:Attribute> element. An example SAML AttributeQuery takes the form below (simplified): <saml:Issuer> Identity_Provider_name <samlp:AttributeQuery> <saml:Subject> <saml:NameID> user_name

6.

Web site 1 receives the AttributeQuery and responds by providing an AttributeStatement to the IdP. Optionally the site can authenticate the end user before sending the results. An example SAML AttributeStatement takes the form below (simplified): <saml:Issuer> Web_site_1 <saml:AttributeStatement> <saml:Attribute FriendlyName="nickname"> <saml:AttributeValue> Clever_boy

7. 8.

IdP sends SAML AttributeQuery message to web site 2. Web site 2 receives the AttributeQuery and responds by providing an AttributeStatement to the IdP. The <saml:Issuer> field value is Web_site_2. 9. The IdP stores the attributes from the two web sites as the user’s profile data. 10. A successful status is returned to the end user, containing the attributes IdP just retrieved. 3.1.2 Query User Attributes Figure 5 illustrates the message flow of how an end user queries attributes of another user (subject user) from the web page he is browsing.

116

J. Liu

Browser End user (Querier)

Identity Provider (IdP)

Web site 1: Browse

2 - Recognize the user names in the web page - Place a Query IdP icon beside the user name 3: Web page 4: Click Query IdP 5: Request for id & attributes 6: Based on policy: - authenticate the querier - ensure privacy of the owner 7: Public attributes of the target user

Fig. 5. End user queries attributes of another user

1. 2.

The end user browses the site as usual. While the site generates the page, it recognizes there on the page are usernames that IdP has retrieved attributes previously. The site places a ‘Query IdP’ hyperlink icon beside the username to indicate that more information is available at IdP, as shown in Figure 6.

Alice Bob

Query IdP

Cindy

Query IdP

Fig. 6. “Query IdP” icon besides the user name on a web page

3. 4. 5. 6.

The web page is returned to the browser. The user is interested in one username, and he click on the ‘Query IdP’ hyperlink. A query request containing <subject user, web site> is send to IdP IdP then authenticates the querier and check request match the user’s privacy policy.

Cross-Site Management of User Online Attributes

7.

117

IdP sends the subject user’s attributes to the querier in web page illustrated in Figure 7. The IdP in Figure 5 returns the query results directly to the end user, while an alternative is for the IdP to send the attributes via the web site.

You are querying attributes of Bob@site_1 From site_1 : Member since Jan. 2002 Reputation as seller: From site_2 : Registered on Feb. 2003 Total uploaded photos: 800 Average rank of uploaded photos: 8.5/10 From site_3 : Membership grade: golden Most active topics: computer hardware hardware driver lastest software

Fig. 7. Illustrative web page from IdP to the query user, containing the attributes of Bob on multiple sites

3.1.3 Mashup Extensions The attribute-query scenario can be implemented in the mash-up style [6], where the web site generates the structure of the page (together with the "Query IdP" icons), but the actual content is aggregated only at the client user's end. This means that the client user is presented in their browser with personal information about other users in such a way that the web site does not learn the presented personal information. If we bring this concept further, we actually come up with a solution where a web site is able to provide a highly personalized page and yet it is not able to learn most of the sensitive personal information that constitutes the final content of that page. For the sake of users' privacy, this is a highly preferable situation. This way, for example, the site can provide such a page in which the user is presented with a list of their friends, each of them decorated with a personal photo and with their current context (work/home/vacation for example) and even with their current location – all this is done without the SP learning any of the private information, not even the list of friends of the user or their current context and location. 3.2 Advantages The proposed solution brings benefits to all four parties involved. The attribute owner can reveal his online attributes (e.g. reputation, posts) to other users in a secure way and yet with little effort. No matter how many web sites he has

118

J. Liu

accounts, the user have a single place (the IdP) to finely control which of his online attributes can be seen by whom. The web sites can provide fluent browsing experience for their users because the end user no longer needs to interrupt his session at the web site to query for another user’s information. Moreover, by exposing registered users’ attributes to another person who might be not registered yet, a site can enlarge its reaching scope. The end user as querier can now get the cross-site information about another user very easily when they surfing the internet. The information is available for them no more than a click away from the webpage they are viewing. In addition, the information is from a trusty source – the IdP. The benefits to IdP are two folds comparing to a traditional IdP. IdP now provides valuable service to the end user directly instead of as a backend server. IdP also plays more important role as a hub of users’ online attributes. 3.3 Privacy Considerations In the proposed framework, user’s privacy protection means any attribute data transfer/storage must get consent of the attribute owner. The attribute transfer/storage involves three parts: 1. From owner to web sites. Since this part is the same as current internet world, any existing solutions and concerns also apply here. 2. From Web sites to IdP. The web site should set up trust with the peer party to which it will send the user’s attribute, and enable the attribute owner to select a subset of his attributes to be transferred. 3. From IdP to the querier. The main privacy policy enforcement point is at IdP. The policy specifies which attributes can be revealed to which querier, and the default policy is to return nothing. Before IdP returns any attribute to the querier, IdP should authenticate the querier first unless the owner says his attributes can be seen by anybody. Table 1 shows an example privacy policy of a user which contains 3 rules. Rule 1 is that his basic attributes e.g. online status, hobby can be exposed to his friends group, which contains User_A and User_B. A second rule could be that his recent photo works be revealed to User_C and User_D who are members of an online forum. The last one (default rule) is to return no attribute. Then by means of checking the ID of the querier against the user list define in the rule, the IdP can distinguish which group the querier belongs to and then decides whether return the attributes to the querier. Table 1. Attribute owner privacy policy example Rule 1: friend

User list of the rule User_A, user_B

Attributes returned

2: selected member

User_C, User_D



3: stranger

all others

no attributes

Cross-Site Management of User Online Attributes

119

4 Conclusion User online attributes are important assets for the web sites and end users. Cross-site attribute query is a tough challenge in terms of usability and privacy. In this paper, we propose a model based on augmented Identity Provider. The implementation aspects are carefully considered covering both the user interface to end users and backend operations between the Identity Provider and web sites. In next steps we plan to study alternative approaches for IdP to get user online attributes from web site. We believe the proposed framework is a promising solution to the cross-site online attributes management challenge which is becoming more and more evident.

References 1.

2. 3. 4. 5.

6.

Organization for the Advancement of Structured Information Standards, Security Assertion Markup Language (SAML) v2.0 (2005), http://www.oasis-open.org/specs/#samlv2.0 Jøsang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decision Support Systems 43(2) (2007) Chen, M., Singh, J.P.: Computing and Using Reputations for Internet Ratings. In: Proceedings of the Third ACM Conference on Electronic Commerce (2001) Dellarocas, C.: Immunizing Online Reputation Reporting Systems Against Unfair Ratings and Discriminatory Behavior. In: ACM Conference on Electronic Commerce (2000) Resnick, P., Zeckhauser, R.: Trust Among Strangers in Internet Transactions: Empirical Analysis of eBay’s Reputation System. In: Baye, M.R. (ed.) The Economics of the Internet and E-Commerce. Advances in Applied Microeconomics, vol. 11. Elsevier Science, Amsterdam (2002) Merrill, D.: Mashups: The new breed of web app. (2006), http://www.ibm.com/developerworks/library/x-mashups.html

Analysis and Optimization of Aggregation in a Reconfigurable Optical ADD/DROP Multiplexer J.M. Fourneau1 , N. Izri1 , and D. Verch`ere2 1

PRiSM, Universit´e de Versailles-St-Quentin 45, Av. des Etats-Unis, 78035 Versailles, France 2 Alcatel-Lucent Bell Labs France

Abstract. We analyze the performance and optimize the design of a Reconfigurable Optical ADD and DROP Multiplexer (ROADM in the following). The analysis is based on stochastic bounds, a derivation of an extension of Pollacek formula for Batch queues and numerical analysis of discrete time Markov chains.

1

Introduction

Wavelength Division Multiplexing (WDM in the following) is now established as a successful technique to provide high bandwidth for backbones, metropolitan and local area networks. However, future optical networks will also require that the WDM layer delivers advanced functionalities such as dynamic reconfigurability, automatic wavelength provisioning and a better connectivity between sources and destinations. For this reason Reconfigurable Optical Add and Drop Multiplexer (ROADM) appears as a practical solution for cost-effective advanced optical networks and multiple architectures for ROADM has emerged in the last years (see [14] and [11] and references therein). Briefly a ROADM can be viewed as a device consisting in three parts: a demultiplexer, a multiplexer and optical Wavelength Selective Switch (WSS in the following) sandwiched in between (see Fig. 1). Here we denote as a channel a wavelength on a particular link. The first f channels entering the ROADM are in transit and they do not functionally enter the optical WSS (they may physically enter the switch to be optically regenerated). The remaining channels enter the WSS where they are switched. ADD and DROP links are also connected to the WSS. The design and the optimization of an ROADM based network for a given routing matrix is still an open problem and the literature is quite poor on this topic. Here we consider a possible modification of an existing OADM to increase its capacity and flexibility using a partial O/E/O conversion. The WSS receives L links and we have W wavelength per link. The SDH frames carry packets going to the same destination. In the typical architectures, the frames are associated to an origin and a destination (an OD pair in the following). This assumption is S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 120–131, 2009. c Springer-Verlag Berlin Heidelberg 2009 

Analysis and Optimization of Aggregation

121

TRANSIT

OPTICAL SWITCH

DROP

ADD

Fig. 1. Schematic Diagram of a ROADM

modified here due to the aggregation process we now describe. Some channels are in a new mode denoted as aggregation. SDH frames carried on these channels leave the WSS on the DROP link. Then the packets (IP, IP/MPLS, ATM or Ethernet) are extracted of the SDH frame and they are sent into the buffer waiting for a new SDH frame going to their destination. Note that all the packets carried by an aggregation frame enter the buffer again. Similarly all the packets in a drop frame leave the network. The SDH frame which is freed by the packets can receive packets waiting in this buffer. Clearly, we expect to improve the occupancy of the SDH frames when the traffic is not sufficient to fill all the frames for a particular OD pair. As the traffic for that pair is mixed with the traffic with the same destination we expect that the frames are much more efficiently used after the aggregation. However aggregation has a drawback: the time necessary to extract the packets and put them into the electronic buffer waiting for the next frame. We study aggregation channels to improve the CARRIOCAS testbed [1] which is developed by Alcatel and several French organizations. CARRIOCAS is a multi-service network supporting stringent distributed applications in terms of end-to-end delay requirements. Then the optical switches has to be configured in order to optimize between the fulfilling ratio of the OTUs of each wavelength connection and the end-to-end transport delay of each OTU between its OD pair (i.e. the ingress PXC and egress PXC configured for the connection). One must decide for a given matrix of traffic between OD pairs how many channels must be in aggregation mode and which ones are in this mode. Clearly we do not need all the channels to be in aggregation: a packet using a channel in aggregation takes less time to be included into an SDH frame but it takes longer to join its destination. Indeed every aggregation process needs a delay which is larger than the transit time between the demultiplexer and the multiplexer. Thus we have a tradeoff between the occupancy of the SDH frames and the transport time between some OD pairs. We may expect that the first channels in aggregation have a high impact on the occupancy and decrease the delay while the next channels in aggregation slightly change the occupancy and increase the end to end delay. Note also that the end to end delay in an aggregation channel is now random because the packets enter some queues where they wait for an SDH

122

J.M. Fourneau, N. Izri, and D. Verch`ere TRANSIT

OPTICAL SWITCH

DROP

AGGREGATION ADD

Fig. 2. The aggregation channel in a ROADM

frame. This is a clear difference with the usual architecture where after they have been emitted in an SDH frame, packets have a constant transport delay. SDH frames were used until July 2008 on CARRIOCAS pilot networks but the interfaces of the Photonic Cross-Connects (PXC) were upgraded to enable Ethernet packet frames to be directly mapped over Optical Transport Units (OTU). It has the advantages to reduce the wrapping overhead at the aggregation operations. Then it is proposed to change SDH frames into Optical Transport Units (OTU). This change does not modify the assumptions and the dimensioning results of the ROADM model. The rest of the papers is as follows. First in section 2, we give a description of the switch we model and we illustrate the pro and cons of aggregations. Section 3 is devoted to the main results of the analysis. First we prove using the stochastic comparison approach that the population in the buffer is stochastically smaller when we aggregate more channels (even when we add the traffic associated to these channels). This explain that the insertion into an aggregation channel requires less time. Then we establish an analytical formula to obtain the expected number of packets waiting in the buffer. In section 4, we present a numerical analysis of such a buffer and we report some numerical experiments using Xborne [5]. We also present a very simple case study to emphasis some points of the method.

2

A Stochastic Model for a ROADM

Let us now more precisely describe the mechanism and the delays needed for the operations involved in the aggregation process. Remember that we have L fibers and W wavelengths. Therefore the switch must accommodate LW channels and f of them are in transit mode while the remaining are in ADD/DROP mode (let say d or in aggregation mode (say a)). Clearly we have f + a + d = LW .

Analysis and Optimization of Aggregation

123

Let us now consider again the aggregation part depicted in Fig. 2 and let us define the various delays involved. The transit time of a SDH frame on the f transit channels is T1 . When a SDH frame is carried by an aggregation channel, we extract the packets from the frame. We assume that this operation requires T2 unit of times. We assume that the packets have the same size and that the number of packets is a discrete random variable between 0 and K. Once they have been extracted the packets join the ADD buffer in a batch. This buffer also receives packets from the outside. We assume that the arrivals from the outside also follows an i.i.d. batch process. The SDH frames entering the switch are filled with the packets present in the buffer. Filling and sending the frame will also requires a delay equal to T1 . We clearly have a discrete-time systems. T1 and T2 are two constant values depending of the switching system and we assume that T1 < T2 due to some physical constraints (the transit time is faster than the extraction). A packet entering the buffer requires a random response time to leave the buffer and enter a frame. Let T3 be this random variable. We clearly have T3 ≥ 0. In the following we show how to compute T3 , its distribution or its expectation. As the traffic in aggregation is aggregated with the fresh traffic, the packets coming from aggregation channel share the same buffer with the fresh packets coming to the same destination. The buffer is associated with a channel and therefore with a destination and possibly a class of service. Let Bni the batch entering buffer i at time n. The buffer fills a + d frames carried by the same number of channels. Each frame may receive up to K packets. The buffer capacity is B. Let us now compute the end to end delay and show that we can optimize it using aggregation. First note that we do not take into account the propagation delay which is only dependent of the OD pair and which is not impacted by the aggregation process. Assume that a packet enter the network using the ADD link and assume that the channel it used is never aggregated on the path to its destination. Assume that the path length is l. Thus the delay is T3n for entering the network, (l − 1)T1 for the transit and T2 to extract the packets from the DROP link at destination. Now assume that we add a channel in aggregation to help the traffic from that OD pair to enter the network. We prove in the next section that using more frames in aggregation and receiving the traffic in aggregation we still decrease T3 (in the stochastic sense). Therefore E[T3 ] will decrease when we increase a. Now assume that the channel is aggregation will travel along l switches. In some of them it will again be an aggregation channel while in the others it is simply in transit. If we assume that we use the same repartition of the channels for all the switches, we may expect that the expected number of times this channel is in transit is l ∗ f /(f + a) and that the expected number of times it is in aggregation a (T2 +E[T3 ]) is l ∗ a/(f + a). Thus the expected transport time is l f T1 +l a+f . Let us now study the variation of this transport delay with a. As T2 > T1 and T3 ≥ 0 the slope of the function is positive but we must not forget that E[T3 ] decreases when we increase a. Thus the problem is not that simple. . .

124

J.M. Fourneau, N. Izri, and D. Verch`ere

The transport delay is the sum of the insertion time with a), the transit time and the output or extraction time. The end-to-end transit time delay increase with the number of aggregation/de-aggregation operations along the route of the wavelength connection. The insertion time is decreasing with a (the proof is in the next section) and the output time is constant. Thus finding a good number of aggregation channel makes sense. Note that we speak about “good solution” instead of “optimal solution”. Indeed some configurations of aggregation and transit channels may lead to solutions which are not comparable the OD pairs involved in the aggregation are not the same. Thus we prefer to define admissible solutions. A solution is the description of all channels for all switches in the network and the list of channel in aggregation at each switch. Such a solution is feasible if the end to end delay for any OD pair in the traffic matrix is smaller than a threshold. The method we have developed tries to find a feasible solution. Note that the optimization problem us related to the many end to end delay experienced by the traffics in the network. Clearly if we want to optimize the utilization of the SDH frames, it is sufficient to operate all the channels in aggregation mode as a channel in aggregation is much more efficiently used than a transit channel. In the following we prove that E[T3 ] is decreasing with the number of channels operating in aggregation. We model the ADD part of the ROADM as a queue with constant services and a finite or infinite buffer capacity. Of course the buffer is finite but assuming infinite capacity allows to obtain analytical results.

3

Batch Queues with Constant Service Time

Let us first introduce some notation. Let C be the channel capacity and B be the buffer size when it is finite. The arrivals from the aggregation links are in the batch and we also assume that the arrivals of packets from the outside at the ADD link also follows an i.i.d. batch distribution. Clearly we model a discretetime system and we consider a discrete-time Batch/D/C/B queue. We further assume that the services take place before the arrivals. Let Xn be the number of packets in the queue and An be the number of arrivals during slot n. We clearly have: Property 1. The population in the ADD buffer is governed by the following equation when the buffer capacity is infinite: Xn = (Xn−1 − C + An )+ ,

(1)

Xn = (min(B, (Xn−1 + An ) − C)+ ),

(2)

or when B is finite. Furthermore the number of packets in a SDH frame departing the queues is Outn = min(C, Xn + An ). We first prove that when we change one channel from the transit mode to the aggregation mode, the population in the buffer queue is stochastically smaller.

Analysis and Optimization of Aggregation

125

Note that we compare a queue with a servers and a batches of arrivals to a queue with a + 1 servers and a + 1 batches. Thus the property is not that simple. Let us first introduce some definitions and properties about the stochastic comparison of random variables and Markov chains. 3.1

Stochastic Comparison

Let us first define the strong stochastic ordering of random variables (“st-ordering” for short). This ordering is defined by means of the set of increasing functions. We consider here only discrete (finite or infinite) random variables. Indeed, we will consider the set {0, 1, 2, . . . , n} for the state space of a Markov chain or N ∪ ∞ for the comparison of absorption times. We refer to [13] for a far more general introduction to stochastic orders and to [6] for some algorithms. Definition 1. For two random variables X and Y we say that X is smaller than Y in a strong stochastic sense, denoted by X ≤st Y , if E[f (X)] ≤ E[f (Y )], for all increasing real functions f . For discrete random variables, we use the following algebraic equivalent formulation which is far more convenient (see [13] for the equivalence): Definition 2. If X and Y are discrete random variables having respectively p and q as probability distribution vectors, then X is said to be less than Y in the strong stochastic sense, that is X ≤st Y , if   pj ≤ qj , for all k. j≥k

j≥k

Let us now illustrate definition 2 by an example: Example 1. Let α = (0.1, 0.3, 0.4, 0.2) and β = (0.1, 0.1, 0.5, 0.3). It follows then that α ≤st β since: ⎡ 0.2 ≤ 0.3 ⎣ 0.2 + 0.4 ≤ 0.3 + 0.5 0.2 + 0.4 + 0.3 ≤ 0.3 + 0.5 + 0.1 For two Markov chains the st-comparison is usually defined as the comparison at each time step: Definition 3. Let {Xk }k≥0 and {Yk }k≥0 be two DTMC on a state space {0, . . . , n}. We say that the chain {Xk } is st-smaller than {Yk }, denoted by {Xk } ≤st {Yk }, if Xk ≤st Yk , for all k ≥ 0. Note that the bounds on a distribution imply bounds on performance measures that are increasing functions of the state indices (see definition 1). We now prove that the queue size and the distribution of the response time T3 is increasing with a using the stochastic comparison. Let us denote X (a) the

126

J.M. Fourneau, N. Izri, and D. Verch`ere

Markov chain which models the buffer size when the queue receives a batches (a) and is associated with a servers. The arrivals are denoted as An and the state (a) of the chain at time n as Xn . Property 2. X (a+1) ≤st X (a) . Proof: by induction on n we prove that Xna+1 ≤ Xna for all n. First by assumption we have: X0a+1 = X0a = 0. The queues are empty at time (a) 0. Consider now the evolution equation for Xn : (a)

+ Xn(a) = (Xn−1 − C + A(a) n ) .

When we change add one channel and its traffic we change C into C + K. Remember that K is the channel capacity. We also have: A(a+1) = Aan + Bna+1 , n where Bna+1 is the batch of customers arriving in the queue on the added channel. By induction we have: (a+1) (a) Xn−1 ≤ Xn−1 . Due to the physical constraints we clearly have: Bna+1 ≤ K. Thus, a+1 Xn−1 − C + Aan ≥ Xn−1 − C − K + A(a) n + Bn . (a)

(a+1)

Then, (Xn−1 − C + An )+ ≥ (Xn−1 − C − K + An + Bna+1 )+ and after (a) (a+1) substitution we conclude the proof: Xn ≥ Xn . The stochastic comparison of the processes implies that all the increasing rewards of their distribution are also ordered. Thus the average queue size and the tail of the population are also comparable. As the service time is constant, this stochastic relation among the buffer  (a) size is also true for the response time in the queue. Indeed we have: T3 = XK . Thus T3 is stochastically decreasing when we increase a. (a)

3.2

(a)

(a+1)

(a)

Computing the Expectation of T3

Let us now prove an analytic formula for the expectation of E(Xn ) (PolacekKhinchine type of relation). Property 3. Assume the there exists a stationary regime and let us denote by X the stationary limit of Xn . E[A] is the stationary limit of An . Similarly let us denote by Out the stationary limit of Outn . We have: E[X] =

E[A2 ] − E[Out2 ] 2(C − E[A])

Analysis and Optimization of Aggregation

127

Proof: Remember again Equation 1 and consider the expectation of both sides of the equation: E[X] = E[(X − C + A)+ ]. E[(X + A − C)+ ] = =

∞

i=C (i

∞

i=C

− C)P r(X + A = i)

iP r(X + A = i) − C

= E[X + A] −

C−1 i=0

∞

i=C

P r(X + A = i)

iP r(X + A = i) − C

∞

i=C

P r(X + A = i)

Now due to the linearity of the expectation we have E[X + A] = E[X] + E[A].  ∞ Furthermore, E[Out] = C−1 i=0 iP r(X + A = i) + C i=C P r(X + A = i). Indeed Outn = min(C, Xn + An ). Then clearly E[A] = E[Out] which is a simple consequence of the stationarity assumption. Now using a classical argument [9], square Equation 1: Xn2 = ((Xn−1 + A − C)+ )2 . Again we consider sides of the equation. And note that C−1 the expectation of both ∞ E[Out2 ] = i=0 i2 P r(X + A = i) + C 2 i=C P r(X + A = i). E[X 2 ] = E[((X + A − C)+ )2 ] = =

∞  i=C ∞ 

(i − C)2 P r(X + A = i) i2 P r(X + A = i) − 2C

i=C

+C 2

∞ 

iP r(X + A = i)

i=C

P r(X + A = i)

i=C

= E[(X + A)2 ] − +2C

∞ 

C−1 

C−1 

i2 P r(X + A = i) − 2CE[X + A]

i=0

P r(X + A = i) + C 2

i=0

∞ 

P r(X + A = i)

i=C

After substitution we get: E[X 2 ] = E[(X + A)2 ] − 2CE[X + A] + 2CE[Out] − 2C −

C−1 

2

i P r(X + A = i) + C

2

∞ 

i=0

i=C

i=0

i=C

∞ 

CP r(X + A = i)

i=C

P r(X + A = i)

= E[(X + A)2 ] − 2CE[X + A] + 2CE[Out] C−1 ∞   − i2 P r(X + A = i) − C 2 P r(X + A = i) We substitute E[Out2 ] to get: E[((X + A − C)+ )2 ] = E[(X + A)2 ] − 2CE[X + A] + 2CE[Out] − E[Out2 ]

128

J.M. Fourneau, N. Izri, and D. Verch`ere

Remember that E[Out] = E[A], E[X + A] = E[X] + E[A]. Assuming that X and A are independent we have: E[(X + A)2 ] = E[X 2 ] + E[A2 ] + 2E[A]E[X]. Combining all these relations we finally obtain: 2(C − E[A])E[X] = E[A2 ] − E[Out2 ] This is a Polacek-Khinchine type of relation for the average queue size: E[X] =

E[A2 ] − E[Out2 ] 2(C − E[A])

But E[Out2 ] is unknown. However we can provide some bounds for this moment. Property 4. With the same assumptions, we have: E[X] ≤

E[A2 ] 2(C−E[A]) .

Proof: it is sufficient to remark that E[Out2 ] > 0. It is even possible to obtain a lower bound. Indeed Out is the size of a batch between 0 and K with a known expectation (remember that E[Out] = E[A]). One can find in [10] the distribution which maximizes the second moment (see [3] for an example of application to bound the population of a queue): p(i) = 0, ∀0 < i < K, p(0) = 1 − E[A]/K,

p(K) = E[A]/K.

Property 5. With the same assumptions, we have: E[X] ≥

E[A2 ]−KE[A] 2(C−E[A]) .

Proof: it is sufficient to compute the second moment of the former distribution and the results obtained by Shaked and Shantikumar. These formulas can be used to check that a solution is feasible. Indeed if the upper bound for E[X] is sufficient to prove that the end to end delay is smaller than the threshold, the solution is feasible. But if we need a more precise result we turn to numerical techniques.

4

Markov Chain Model, Numerical Results and Tool

We now assume that the buffer capacity is finite and we analyze the Discrete Time Markov Chain (DTMC) given by Eq. 2 when the batches of arriving customers are i.i.d. Assume that the buffer size is finite and equal to B. We obtain a DTMC with B + 1 states which is very simple to analyze with state of the art numerical algorithms (see for instance Stewart’s book [12]). We use Xborne [5] to build the chain and solve the steady-state distribution. XBorne allows the generation of DTMC, or suitably uniformized CTMC [4] and the computation of stochastic bounds based on lumpability [7] or censoring [8] for the steady state and transient distributions [2]. The bounding algorithms are not really needed if B is smaller than 106 . But the accuracy of the numerical computations must be checked carefully. The user only has to provide the buffer size and the distribution of arrivals. Then the matrix is generated and stored on disk. It is finally solved using classical solvers and the average waiting time is computed and returned to the user. The numerical optimization process proceeds as follows:

Analysis and Optimization of Aggregation

129

1. first make an assignment of the channels to the OD pairs, 2. compute the average end to end delay based on the numerical analysis of the input queue to obtain E[T3 ] plus the number of hops (l) which gives (l − 1)T1 + T2 . 3. check if the solution is feasible (i.e. for each OD pair, E[T 3] + (l − 1)T1 + T2 is smaller than the threshold). 4. If now, find a candidate channel (say O1 D1 ) and try to aggregate several flows using this channel. 5. Compute again the end to end delay for the channel modified in the previous step and check if the solution is feasible 6. Continue until the solution is feasible or it is not possible to find a candidate channel for the aggregation. The candidate channel has a small load and a large number of hops. Due to the load, one can aggregate new traffics and due to the length one can cross several ROADMs where aggregation can be performed. The numerical values for the load and the length are found using the numerical solvers described before. Indeed once aggregated the performance of this channel decreases and we must check that the average delay is still smaller the threshold. Let us illustrate the approach on a toy example. We consider an unidirectional ring topology with 5 nodes denoted as S1 to S5 . We assume that the traffic allows to give only one channel per OD. Thus we have 20 OD pairs. To simplify the first assignment we assume that the same channel is used between Si and Sj in the first part of the ring and between Sj and Si in the second part. Thus we only need 10 channels and the assignment matrix to describe the channels in use is: ⎡ ⎤ . 12 3 4 ⎢1 . 5 6 7 ⎥ ⎢ ⎥ ⎢2 5 . 8 9 ⎥ ⎢ ⎥ ⎣ 3 6 8 . 10 ⎦ 4 7 9 10 . As this step there is no channel in aggregation mode. Let us now suppose that the traffic matrix is (the values are the load of the channel): ⎡ ⎤ . 0.9 0.4 0.2 0.2 ⎢ 0.2 . 0.3 0.5 0.2 ⎥ ⎢ ⎥ ⎢ 0.4 0.5 . 0.4 0.8 ⎥ ⎢ ⎥ ⎣ 0.5 0.2 0.2 . 0.1 ⎦ 0.4 0.1 0.2 0.4 . Assume that due to load in OD pair S1 S2 and S3 S5 , the initial assignment is not a feasible solution. Indeed with this large load the average waiting time to enter the network is very large for these two flows. The initial assignment of load to channels follows in the left part of Table 1. Let us first improve S1 S2 . Channel 7 is used to connect S5 to S2 going through S1 and its load is very small. It is a good candidate to improve the solution. Thus

130

J.M. Fourneau, N. Izri, and D. Verch`ere

Table 1. The load with the first assignment (left), the load after the two aggregations (right)

1 2 3 4 5 6 7 8 9 10

1-2 0.9 0.4 0.2 0.2 0.5 0.2 0.1 0.2 0.2 0.4

2-3 0.2 0.4 0.2 0.2 0.3 0.5 0.2 0.2 0.2 0.4

3-4 0.2 0.4 0.2 0.2 0.5 0.5 0.2 0.4 0.8 0.4

4-5 0.2 0.4 0.5 0.2 0.5 0.2 0.2 0.2 0.8 0.1

5-1 0.2 0.4 0.5 0.4 0.5 0.2 0.1 0.2 0.2 0.4

1 2 3 4 5 6 7 8 9 10

1-2 0.5 0.4 0.2 0.2 0.5 0.2 0.5 0.2 0.2 0.4

2-3 0.2 0.4 0.2 0.2 0.3 0.5 0.2 0.2 0.2 0.4

3-4 0.2 0.4 0.2 0.5 0.5 0.5 0.2 0.4 0.5 0.4

4-5 0.2 0.4 0.5 0.5 0.5 0.2 0.2 0.2 0.5 0.1

5-1 0.2 0.4 0.5 0.4 0.5 0.2 0.1 0.2 0.2 0.4

we make channel 7 an aggregation channel in S1 . Its destination is still S2 . We now have a buffer with 2 output channels (1 and 7) and the load is now 0.5 on both channels. Now we look at origin-destination pair S3 S5 on channel 9. First we look for a candidate for aggregation. Channel 4 is used to connect S1 to S5 by S1 ,S2 , S3 and S4 . Again its load is very low. We operate channel 4 in aggregation at node S3 with destination S5 . Now we have in S3 two channels to send packets to S5 and the average load decrease to 0.5. The load on the various channels for all links are given in Table 2 after these two steps of aggregation. Note that the load of channels is not the same for all links in the case of channel 4 because of the aggregation process. We omit to compute the new end to end delay after these two steps of aggregation and we assume that the solution is now feasible. The loads are reported on the right part of Table 1. Note that the investigation process to find a candidate for aggregation is only a greedy heuristic and we never try to give the best solution. As the networks considered are very small the number of OD pairs is not that large and a branch and bound technique will certainly be possible to find an optimum. However we think it is not really important to find an theoretically optimal solution as most of the information on the arrival processes are quite uncertain. Therefore a feasible solution is sufficient.

5

Conclusions

We have designed a tools to improve the performance of ROADM. This tool is based on numerical analysis of DTMC and some greedy algorithms to select channels to be aggregated. The efficiency of the aggregation is proved by stochastic comparison arguments. This tool will be used to design core networks with aggregation channels. Acknowledgement. this work was partially supported by project System@tic CARRIOCAS and by a grant from ANR SETIN 2006 Checkbound.

Analysis and Optimization of Aggregation

131

References 1. Audouin, O., Cavalli, A., Chiosi, A., Leclerc, O., Mouton, C., Oksman, J., Pasin, M., Rodrigues, D., Thual, L.: Carriocas poject: An experimental high bit rate optical network tailored for computing and data intensive distributed applications. In: Asia-Pacific Optical Communications conference (2007) 2. Busic, A., Fourneau, J.-M.: Bounds for point and steady-state availability: An algorithmic approach based on lumpability and stochastic ordering. In: Bravetti, M., Kloul, L., Zavattaro, G. (eds.) EPEW/WS-EM 2005. LNCS, vol. 3670, pp. 94–108. Springer, Heidelberg (2005) 3. Busic, A., Fourneau, J.-M., Pekergin, N.: Worst case analysis of batch arrivals with the increasing convex ordering. In: Horv´ ath, A., Telek, M. (eds.) EPEW 2006. LNCS, vol. 4054, pp. 196–210. Springer, Heidelberg (2006) 4. Dayar, T., Fourneau, J.-M., Pekergin, N.: Transforming stochastic matrices for stochastic comparison with the st-order. RAIRO Operations Research 37, 85–97 (2003) 5. Fourneau, J.-M., Coz, M.L., Pekergin, N., Quessette, F.: An open tool to compute stochastic bounds on steady-state distributions and rewards. In: 11th International Workshop on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS 2003), Orlando, FL. IEEE Computer Society, Los Alamitos (2003) 6. Fourneau, J.-M., Pekergin, N.: An algorithmic approach to stochastic bounds. In: Calzarossa, M.C., Tucci, S. (eds.) Performance 2002. LNCS, vol. 2459, pp. 64–88. Springer, Heidelberg (2002) 7. Fourneau, J.-M., Le Coz, M., Quessette, F.: Algorithms for an irreducible and lumpable strong stochastic bound. Linear Algebra and Applications 386, 167–185 (2004) 8. Fourneau, J.-M., Pekergin, N., Youn`es, S.: Censoring Markov chains and stochastic bounds. In: Wolter, K. (ed.) EPEW 2007. LNCS, vol. 4748, pp. 213–227. Springer, Heidelberg (2007) 9. Nelson, R.: Probability, stochastic processes, and queueing theory. Springer, Heidelberg (1995) 10. Shaked, M., Shantikumar, J.G.: Stochastic Orders and their Applications. Academic Press, San Diego (1994) 11. Shankar, R., Florjanczyk, M., Hall, T.J., Vukovic, A., Hua, H.: Multi-degree roadm based on wavelength selective switches: Architectures and scalability. Optics Communications 279(1), 94–100 (2007) 12. Stewart, W.: Introduction to the numerical Solution of Markov Chains. Princeton University Press, New Jersey (1995) 13. Stoyan, D.: Comparaison Methods for Queues and Other Stochastic Models. John Wiley and sons, Berlin (1983) 14. Tang, J., Alan Shore, K.: Wavelength-routing capability of reconfigurable optical add/drop multiplexers in dynamic optical networks. Journal of Lightwave Technology 24(11), 4296–4303 (2006)

Teletraffic Capacity Performance of WDM/DS-OCDMA Passive Optical Network Mohammad Gharaei1, Catherine Lepers2, Olfa Affes3, and Philippe Gallion1 1

Telecom ParisTech, Ecole Nationale Supérieure des Télécommunications, 46 rue Barrault, 75634 Paris, France {mohammad.gharaei,philippe.gallion}@telecom-paristech.fr 2 Telecom & Management SudParis, 9 rue Charles Fourier, 91011 Evry Cedex, France [email protected] 3 Telecom Lille1, Cité Scientifique - Rue Guglielmo Marconi, BP 20145 - 59653 Villeneuve d'Ascq Cedex, France [email protected]

Abstract. We analyze teletraffic capacity performance of a WDM/DS-OCDMA Passive Optical Network. Hybrid WDM/DS-OCDMA PON is proposed to increase user capacity performance and to be a cost effective method per wavelength of a WDM PON. For each prime code used in this system, an appropriate simultaneous capacity threshold has been evaluated in a manner to ensure good transmission performance (BER~10-9). Since this capacity threshold is inferior to the nominal resource capacity of the considered code, a soft blocking of the system has been determined even if resources in the system are still available. The teletraffic capacity of the WDM/DS-OCDMA system has been then analyzed under the maximum of soft blocking probability constraint for different prime codes. This value is dependent on the probability of channel activity factor. It is demonstrated that using extended quadratic congruent codes (EQC) with better correlation properties, causes the teletraffic capacity to be closer to the nominal teletraffic capacity.

1 Introduction The recent deployments in high broadband telecommunication services and also Internet access with high data rate, build a next step toward a future access network generation. Passive optical network (PON) has been largely accepted as an attractive solution to the last mile bottleneck, providing broadband access networks to end users [1]. PON is a point to multipoint optical network, typically a tree topology, connecting an optical line terminal (OLT) on the service provider side to the multiple optical network units (ONUs) on the subscriber side via a passive star coupler (SC). Time division multiplexing PON (TDM PON) is the commonly accepted PON for network operators, sharing network bandwidth temporally between users. It benefits low installation and maintenance cost although, it does not exploit the huge bandwidth of optical fiber. In order to increase optical bandwidth per user, wavelength division multiplexing PON (WDM PON) was proposed to create point to point links between OLT and users [2]. In WDM PON, each user is assigned a dedicated wavelength S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 132–142, 2009. © Springer-Verlag Berlin Heidelberg 2009

Teletraffic Capacity Performance of WDM/DS-OCDMA Passive Optical Network

133

enjoying a large bandwidth for communication. Protocol transparency and channel independency are the other features of WDM PON. However, the huge bandwidth provided by WDM PON is too expensive per user. Therefore hybrid WDM/TDM PON was proposed to exploit optical bandwidth efficiently with sharing the cost between access network users [3]. Temporal multiplexing per wavelength leads to increase the number of end users in access network. Yet WDM/TDM PON does not support high data rate per user. Also it requires a contention management protocol to avoid the situation in which more users access the channel at the same time. To resolve this contention situation, optical code division multiple access (OCDMA) was proposed [4]-[6]. OCDMA technique permits multiple users access to the transmission media by assigning different optical codewords to different users. It has been demonstrated that using asynchronous CDMA as a quasi contentionless multiple access technique prevents from contention management protocols [7]. In other words, with the contention multiple access protocols there would be no scheduling of transmissions. Different OCDMA techniques have been proposed such as temporal encoding (DSOCDMA) [8], Time/Wavelength encoding (FFH-OCDMA) [9], spectral amplitude coding (SAC-OCDMA) [10] and phase encoding [11]. Let us note that OCDMA is capable to complement WDM by realizing higher spectral efficiency and providing higher user capacity [12]. DS-OCDMA is a convenient technique to be added by WDM which uses temporal encoding. Thus, for a given wavelength in WDM/DSOCDMA PON, each user data bit is encoded with a given sequence of pulses in temporal axes. As a result, different users can simultaneously communicate with each other sharing the same codewords. This approach is then developed for all wavelengths to establish a hybrid WDM/DS-OCDMA network. Quality of service (QoS) in network systems comprises requirements on all aspects of a connection from customer’s point of view. A subset of telephony QoS is grade of service (GoS) requirements, which comprises aspects of a connection relating to network performance and capacity of a network, for example guaranteed maximum blocking probability [13]. Since physical layer of telecommunication networks suffer from different noises and nonlinearities which deteriorate bit error rate (BER) performance, a number of QoS parameters describe the reliability of data transmission, e.g., throughput, and error rate. Generally, multiple access interference (MAI) is considered as the dominant BER performance degradation reason in WDM/OCDMA network [14], [15]. Today, with broadband services demands by huge number of users, determination of system user capacity plays an important role in designing network architecture. Commonly, nominal resource capacity is defined as maximum number of resources in the different systems; these are wavelengths in WDM system and assigned codes in OCDMA system. On the other hand, transmission performance of WDM/DSOCDMA is limited by MAI noise which makes its nominal resource capacity unachievable. Thus we define simultaneous user capacity in OCDMA system as maximum simultaneous active users at acceptable BER performance. Blocking occurs for a new user arrival, when there would be no resource any more for transmission. In WDM/DS-OCDMA PON, there are two types of blocking probability. The first one is hard blocking probability which represents the determined blocking such as reaching to nominal resource capacity in WDM system. The second

134

M. Gharaei et al.

is soft blocking probability which demonstrates the flexible blocking as it is observed in OCDMA systems when calculating simultaneous user capacity. To make a relationship between system capacity and grade-of-service, teletraffic becomes a tool by which investments can be planned [13]. Teletraffic capacity provides information on how a network operator should control data admission to the network so as to ensure a robust QoS. It demonstrates a foreseeable resource capacity with different resource activity rates. Degradation of transmission quality affects the teletraffic capacity of CDMA systems [16]. The teletraffic performance of OCDMA system has been already determined and compared with WDM system by Goldberg et al. [17]. The authors have demonstrated that OCDMA is well suited to applications where conventional hard blocking is undesirable. In this paper, we investigate that the teletraffic capacity performance of OCDMA system is dependent on the code family type. We then analyze teletraffic capacity performance of WDM/DS-OCDMA PON using different prime codes. Initially, we measure the number of simultaneous active users employing different prime codes in DS-OCDMA under system conventional B ER = 10 − 9 . This measurement leads to bring out the notion of simultaneous capacity threshold. Since different prime codes have different correlation properties; they support different simultaneous capacity threshold value. Afterward, these values for different prime codes are used in teletraffic theory to compare the maximum value of teletraffic capacity of WDM/DSOCDMA system. The rest of this paper is organized as follows. In section 2, the simultaneous capacity performance of OCDMA system using different prime codes is defined. In section 3, soft blocking probability of DS-OCDMA is measured for different codes. In section 4, by exploiting the physical limits of OCDMA system in teletraffic capacity, we compare the teletraffic capacity of proposed hybrid WDM/DS-OCDMA PON using different prime codes. Finally we conclude this paper in section 5.

2 System Capacity Performance of WDM/DS-OCDMA PON 2.1 Architecture of WDM/DS-OCDMA PON Fig. 1 shows the proposed network architecture of WDM/DS-OCDMA PON for optical access network where the distance between OLT and ONUs does not exceed 20 km. In this architecture, different optical pulse generators are used at OLT to create short pulses in different wavelength from λ1 to λG . These pulses are forked to N branches in accordance with the code capacity. These pulses are modulated with user data. The modulated data are then coded using temporal OCDMA encoders and subsequently coupled and multiplexed to transport in the access feeder fiber. At the reception part, the filtered wavelengths from λ1 to λG are divided to the same coding branches with the adapted decoder in each branch. Finally, the autocorrelation pulse of the decoder is detected via a receiver at ONUs. Based on OCDMA approach, the encoded data is just detectable by user with the same codeword and it is not decoded by other users.

Teletraffic Capacity Performance of WDM/DS-OCDMA Passive Optical Network

135

OLT Mod

Encoder 1

Decoder 1 λ1

Data

Pulse generator λ1

Mod

Splitter 1:N

.

M

Encoder 2

. . . Data

Mod

.

Data

.

Mod

Mod

Splitter 1:N

Coupler N:1

Feeder fiber

U Encoder 1

E

.

M

.

U

.

RX 2 . . .

Splitter 1:N

Encoder N

Decoder N

RX N ONUs

Decoder 1

RX 1

λG

X

Encoder 2

. . . Data

Mod

Decoder 2

D

Data

Pulse generator λG

RX 1

X

Coupler N:1

Decoder 2

Decoder N

Encoder N

RX 2 . . .

Splitter 1:N

RX N

Data

Fig. 1. Network architecture of hybrid WDM/DS-OCDMA PON

2.2 Simultaneous User Capacity Threshold of WDM/DS-OCDMA PON The WDM/DS-OCDMA nominal resource capacity is determined by simultaneous user capacity threshold for different prime codes. It seems at prior that hybrid WDM/DS-OCDMA PON increase system capacity of WDM PON by G×N. This value is the nominal capacity of the system where G is the number of wavelengths and N is the user multiplexing capacity. However all code resources in each wavelength could not be utilized at the same time due to MAI limitation. Thus the maximum capacity of WDM/DS-OCDMA PON is practically assumed to be G × β where β denotes the simultaneous user capacity threshold of OCDMA system. In this paper, we will focus on impairments resulting from OCDMA system. The performance of OCDMA system is strongly limited by MAI noise. As the number of simultaneously users increases in OCDMA system, BER performance degrades. Since BER performance of OCDMA systems is highly dependent on the code family, we compare the properties of different DS-OCDMA prime codes. First of all, the prime codes are defined as (p,ω,L) where p is the prime number, ω is the weight of the code and L denotes the length of the code sequence. As prime number p is increased in a code type, the weight ω and subsequently nominal user capacity of the code N is respectively enlarged. Prime codes performances are evaluated based on their correlation properties. The autocorrelation A C m and cross correlation CC m , n of prime codes are given by AC m ( s ) =

L −1

∑C i=0

CC m , n ( s ) =

m

{

=ω for s = 0 ( i ) C m (i − s ) ≤ K for 1≤ s ≤ L a

L −1

∑C i=0

m

}

( i ) C n ( i − s ) ≤ K c for 0 ≤ s ≤ L

(1)

136

M. Gharaei et al.

-5

10

BER @10-9 -10

BER

10

-15

10

-20

10

EQC -25

QC

10

PS EP S -30

10

5

10

15 20 Simult aneous active users

25

30

Fig. 2. BER performance versus number of simultaneous active users for different prime code family with p=31

where C m and C n are two different code sequences, and K a and K c are the maximum auto/cross correlation levels. The comparison of correlation properties of prime sequence (PS), extended prime sequence (EPS), quadratic congruent (QC) and extended quadratic congruent (EQC) codes is presented in Table 1. Table 1. Correlation properties of different Prime sequence codes Code family

L 2

ω

N

Ka

Kc 2

PS

p

p

p

p-1

EPS

p(2p-1)

p

p

p-1

1

QC

p2

p

p-1

2

4

EQC

p(2p-1)

p

p-1

1

2

So as to understand the effect of MAI noise in BER performance, we assume N different users for each wavelength in our model. The signal to noise ratio (SNR) is given by the ratio of the autocorrelation peak squared to the variance of the amplitude of the interference. There are (N-1) users’ signals which interfere with desired signal. These interferences are supposed to be uncorrelated and to have an identical variance. Therefore SNR for the code sequence is given by [18]: SNR =

p2 ( N − 1)σ 2

(2)

where σ 2 is the variance of additive noise power. The variance of additive noise power σ is identified as average variance of the cross correlation amplitude [19]. It is calculated over all possible cross correlation 2

Teletraffic Capacity Performance of WDM/DS-OCDMA Passive Optical Network

137

pairs in a given code [19], [20]. Asynchronous OCDMA system has demonstrated a lower bound on the performance [4], [5]. We take into account this assumption for PS and EPS codes. However for QC and EQC codes, we follow the congruent operator to estimate variance of noise power [21]. Fig. 2 shows the number of simultaneous active users in a system using different prime codes which can communicate with a defined BER performance. The degradation of BER performance over increased simultaneous users is observed for all possible OCDMA systems. Different code families take different values since they possess different correlation properties. Hence, we define a threshold value of simultaneous active users at conventional B ER = 10 − 9 for different prime codes. The number of simultaneous active users is fixed at β which represents the simultaneous user capacity threshold. The simultaneous threshold for PS, EPS, QC and EQC code with p=31 are respectively 17, 19, 28 and 30. Let us note that β value is increased as a function of prime number in this system. Beyond this simultaneous threshold β value, the QoS of the transmission will not be guaranteed.

3 Soft Blocking Probability of DS-OCDMA In this section, the soft blocking probability of proposed system is determined when the resource utilization of the system is increased. The state probabilities are directly used to model the performance measurements of the system. Whenever the number of users is greater or equal to the number of channels, the generalized Engset loss model is used [13]. The Engset system is characterized by the following parameters: ρ = offered traffic per user [22], N= number of users, and N% = number of active WDM or/and DS-OCDMA channels. The number of active channels N% is supposed to be a stationary random process over some temporal interval which follows the binomial distribution [23]. Thus the probability distribution in this limited capacity system for a new arrival channel demand concerning about its stochastic random process is given by [13] P ⎡⎣ N% = n ⎤⎦ = E n , N ( ρ ) =

( )ρ N n

n

(1 + ρ ) − N .

(3)

This formula states the probability of a new channel demand rejection corresponding to the case where the system is blocked strictly for a new user channel order. In WDM system model with G users, N% max = G . Thus, neglecting nonlinearities, a WDM system can support a maximum number of users as equal to the number of wavelengths. It has a hard blocking probability since there is not any wavelength available after blocking. However in OCDMA system, N% max ≤ β ≤ N which means that simultaneous user capacity threshold is the maximum value for active OCDMA channel. As soft blocking takes place, there are still at maximum N − β available codes. That’s why it is named as soft blocking probability. Soft blocking probability has its own probability distribution. In order to verify it, binomial distribution has to be defined.

138

M. Gharaei et al.

Binomial P [Yn = m ] =

distribution has probability density function of m (1 − ψ ) n − m . It is a trial which ψ is a "success" outcome and

( )ψ n m

(1 − ψ ) is a "failure" outcome. Subsequently the number of simultaneous active channels M follows the probability distribution which is derived from the total binomial distribution and active channel N% probability distribution. Therefore soft blocking probability is written by:

P [M = m ] =

N

∑ P (Y

n=m

n

= m )E n , N ( ρ ).

(4)

DS-OCDMA system model has a soft blocking probability which means that there would be still accessible channel resource after the simultaneous threshold value but without anymore guarantee. Let us note that ρ parameter is not directly measurable. Just an average transmission rate of a source is observed. So p is defined as the probability of channel activity. The product of (4) results in defining the activity rate of a channel which is represented by: α = p ρ /(1 + (1 − p ) ρ ). The probability of the number of simultaneously active DS-OCDMA channel should be less or equal to the threshold value of β . As a result, the soft blocking probability in proposed architecture is given by Psoft blocking = P [ M > β ] =

∑β ( ) α N

m = +1

N m

m

(1 + α ) − N .

(5)

When WDM/DS-OCDMA channel demands are exceeded simultaneous user capacity threshold (channel demands > β ), new demand is admitted however it does not maintain QoS constraint such as BER performance. To obtain the average number of DS-OCDMA channels supported by the network, the offered traffic should be aggregated. When there is no blocking, the aggregated carried traffic is equal to aggregated offered traffic which is given by: a c = N ( ρ / 1 + ρ ) .

Soft blocking probability

10

10

10

0

10

-5

10

Soft blocking probability

10

-10

-15

10

10

0

-5

-10

-15

PS, channel activity=0.75

PS, channel activity=0.25

EPS, channel activity=0.75

EPS, chan nel activity=0.25

10

-20

QC, channel activity=0.25 EQC, chan nel activity=0.25

10

-20

QC, channel activity=0.75 EQC, channel activity=0.75 EQC, channel activity=1

EQC, chan nel activity=0.5

QC, channel activity=1

QC, channel activity=0.5

EPS, channel activity=1

EPS, chan nel activity=0.5

10

PS, channel activity=1

PS, channel activity=0.5

-25

5

10

15

20

Aggregated offered load (a)

25

30

10

-25

0

5

10

15

20

25

30

Aggregated offered load (b)

Fig. 3. Soft blocking probability versus aggregated offered load for different prime code family with different channel activity ( p ) a) from 0.25 to 0.5 and b) from 0.75 to 1. The horizontal line shows the Max blocking constraint at 10-6.

Teletraffic Capacity Performance of WDM/DS-OCDMA Passive Optical Network

139

Fig. 3 compares the soft blocking probability of DS-OCDMA system exploiting different prime codes versus the aggregated offered load. We have considered 31 users with different channel activity rates. It is confirmed that low channel activity rate p causes low rate of soft blocking probability which makes the network capacity close to nominal capacity. These results demonstrate that EQC code permits to reach higher aggregated offered load with lower soft blocking penalty. Consequently the best aggregated offered load corresponds to the code with better correlation properties.

4 Teletraffic Capacity of WDM/DS-OCDMA PON In this section, we measure teletraffic capacity of WDM/DS-OCDMA PON. The teletraffic capacity with the specification of quantitative measurements for grade of service, forecast the traffic demand and as a result the system teletraffic capacity requirement is one of the objectives of network operators. We define the maximum value of the teletraffic capacity (Max ac ) such that the blocking probability does not exceed the blocking constraint. The blocking constraint is estimated based on system properties such as channel resources and/or commutation loss. To determine the maximum teletraffic capacity in proposed system, we take into account p SMoftaxblocking = 10 − 6 constraint (line inserted in Fig. 3). Fig. 4 shows the teletraffic capacity of WDM/DS-OCDMA architecture using different prime codes. In this model, we consider 31 users per wavelength with totally8 wavelengths. It is demonstrated that using codes with better correlation properties, approaches the teletraffic capacity to the nominal teletraffic capacity corresponding to the nominal resource user capacity. For instance in this model, WDM/EQC-OCDMA PON can stay at maximum nominal teletraffic capacity with a channel activity of 0.55. It is also deducted that teletraffic capacity of WDM system is independent of

250 WDM/DS-OCDMA Nominal Teletraffic Resource Capacity

Teletraffic Capacity

200

150

100 WDM PON WDM/EQC-OCDMA PON WDM/QC-OCDMA PON WDM/EPS-OCDMA PON WDM/PS-OCDMA PON

50

0

0.1

0.2

0.3

0.4 0.5 0.6 Channel activity

0.7

0.8

0.9

Fig. 4. Teletraffic capacity of WDM/DS-OCDMA PON using different prime codes with different probability of channel activity

140

M. Gharaei et al.

-1

10

-2

Max Blocking Constraint

10

-3

10

PS EPS QC EQC

-4

10

-5

10

-6

10

0.1

0.2

0.3

0.4 0.5 0.6 Channel activity

0.7

0.8

0.9

Fig. 5. Shooting points of WDM/DS-OCDMA PON teletraffic capacity using different prime codes versus different probability of channel activity

channel activity p and its hard blocking probability just depends on the number of active channels N. It is depicted as a constant line near zero in Fig. 4. It is also verified from Fig. 4 that in low channel activity rate, the teletraffic capacity is equal to the nominal teletraffic resource capacity. We define the shooting point as the point which the teletraffic capacity initiates to deviate from the nominal teletraffic resource capacity. Fig. 5 demonstrates the shooting points of different prime codes when the Maximum blocking constraints is changed. This figure states how appointing maximum blocking constraint value is important in teletraffic capacity of the network. For example, WDM/EQC-OCDMA PON teletraffic capacity might equal to the nominal resource capacity even with channel activity of 0.8 while we fix a maximum blocking constraint at 10-2. Finally, the results shows that EQC code which have the better correlation properties are more efficient to be used in WDM/DS-OCDMA architecture. Therefore, the DS-OCDMA teletraffic capacity performance using different prime codes leads to define a foreseeable capacity of the system. This foreseeable capacity measurement is primordial for network operators to adapt their statistical channel demands with physical layer network architecture.

5 Conclusions The Capacity of optical access networks plays an important role in designing actual fiber to the home (FTTH) architecture. In this paper, we have proposed a hybrid PON architecture using WDM/DS-OCDMA multiplexing technique. Based on code characteristics, the performance of the simultaneous active users for different prime codes in WDM/DS-OCDMA system is defined and consequently, the simultaneous capacity threshold is estimated for each code. Furthermore, the number of users is extremely increased by bringing into play the higher capacity codes. Then, the soft blocking

Teletraffic Capacity Performance of WDM/DS-OCDMA Passive Optical Network

141

probability of DS-OCDMA is determined with different channel activity versus the aggregated offered load. Finally, teletraffic performance of WDM and DS-OCDMA system with considering the blocking constraint was compared. This comparison leads to justify the increased multiplexing capacity of hybrid WDM/DS-OCDMA system. We have demonstrated that WDM/DS-OCDMA PON with better correlation code properties such as the extended quadratic congruent (EQC) code leads to increase teletraffic capacity. Also by defining the shooting points, network operators can easily set the QoS constraint based on required network capacity in WDM/DSOCDMA PON.

References 1. Effenberger, F., Cleary, D., Haran, O., Kramer, G., Li, R.D., Oron, M., Pfeiffer, T.: An introduction to PON technologies. IEEE Commun. Magazine 45(3), S17–S25 (2007) 2. Park, S.J., Lee, C.H., Jeong, K.T., Park, H.J., Gyun Ahn, J., Song, K.-H.: Fiber-to-thehome services based on wavelength-division-multiplexing passive optical network. J. Lightw. Technol. 22(11), 2582–2592 (2004) 3. Talli, G., Townsend, P.D.: Hybrid DWDM-TDM long-reach PON for next-generation optical access. IEEE Journal of Lightwave Technology 24(7), 2827–2834 (2006) 4. Salehi, J.A.: Code division multiple access techniques in optical fiber networks-Part I: Fundamental principles. IEEE Trans. Commun. 37(8), 824–833 (1989) 5. Salehi, J.A., Brackett, C.A.: Code division multiple access techniques in optical fiber networks-Part II: Systems Performance Analysis. IEEE Trans. Commun. 37(8), 834–842 (1989) 6. Stok, A., Sargent, E.H.: The role of optical CDMA in access networks. IEEE Commun. Magazine 40(9), S83–S87 (2002) 7. Prasad, R.: CDMA for wireless personal communication. Artech House, Norwood (1996) 8. Fsaifes, I., Lepers, C., Lourdiane, M., Gallion, P., Beugin, V., Guignard, P.: Source Coherence Impairments in a Direct Detection DS-OCDMA system. J. Appl. Opt. 46(4), 456–462 (2007) 9. Fathallah, H., Rusch, L.A.: Robust optical FFH-CDMA communications: coding in place of frequency and tempreture controls. J. Lightw. Technol. 17(8), 1284–1293 (1999) 10. Penon, J., El-Sahn, Z.A., Rusch, L.A., LaRochelle, S.: Spectral-Amplitude-Coded OCDMA Optimized for a Realistic FBG Frequency Response. J. Lightw Technol. 25(5), 1256–1263 (2007) 11. Galli, S., Menendez, R., Toliver, P., Banwell, T., Jackel, J., Young, J., Etemad, S.: DWDM-Compatible Spectrally Phase Encoded Optical CDMA. In: IEEE GLOBCOM, vol. 3, pp. 1888–1894 (2004) 12. Sotobayashi, H., Chujo, W., Kitayama, K.: Highly spectral-efficient optical code-division multiplexing transmission system. IEEE J. Sel. Topics. Quantum Electron. 10(2), 250–258 (2004) 13. ITU D Study Group 2. Handbook: Teletraffic Engineering (Januaray 2005), http://www.tele.dtu.dk/teletraffic/handbook/telehook.pdf 14. Shen, S., Weiner, A.M., Sucha, G.D., Stock, M.L.: Bit error rate performance of ultrashortpulse optical CDMA detection under multi-access interferences. Electron. Lett. 36(21), 1795–1797 (2000)

142

M. Gharaei et al.

15. Ramamurthy, B., Datta, D., Feng, H., Heritage, J.P., Mukherjee, B.: Impact of transmission impairments on the teletraffic performance of wavelength-routed optical networks. J. Lightw. Technol. 17(10), 1713–1723 (1999) 16. Evans, J.S., Everitt, D.: On the teletraffic capacity of CDMA cellular networks. IEEE Trans. Veh. Technol. 48(1), 153–165 (1999) 17. Goldberg, S., Prucnal, P.R.: On the teletraffic capacity of optical CDMA. IEEE Trans. Commun. 55(7), 1334–1343 (2007) 18. Yang, G.-C., Kwong, W.C.: Prime codes with applications to CDMA optical and wireless networks. Artech House, Norwood (2002) 19. Maric, S.V., Hahm, M.D., Titlebaum, E.L.: Construction and performance analysis of a new family of optical orthogonal codes for CDMA fiber-optic networks. IEEE Trans. Commun. 43(2/3/4), 485–489 (1995) 20. Prucnal, P.R., Santoro, M.A., Fan, T.R.: Spread spectrum fiber-optic local area network using optical processing. J. Lightw. Technol. 4(5), 547–554 (1986) 21. Pu, T., Li, Y.Q., Yang, S.W.: Research of algebra congruent codes used in twodimensional OCDMA system. J. Lightw. Technol. 2(11), 2557–2564 (2003) 22. Gross, D., Shortle, J.F., Thompson, J.M., Harris, C.M.: Fundamentals of queueing theory. John Wiley & Sons, Inc., Hoboken (2008) 23. Giambene, G.: Queuing theory and telecommunications networks and applications. Springer Science+Business Media, Inc., New York (2005)

Estimation of GoS Parameters in Intelligent Network Irina Buzyukova1, Yulia Gaidamaka2, and Gennady Yanovsky3 1,3

Bonch-Bruevich State University of Telecommunications, Moika emb. 61, 191186 St. Petersburg, Russia [email protected], [email protected] 2 Russian Peoples' Friendship University Ordzhonikidze st. 3, 117923 Moscow, Russia [email protected]

Abstract. This paper presents the method of analyzing the post-selection delay in the SS7 channel and in Intelligent Network (IN) nodes which occur in the process of establishing a connection for IN service. This method is based on the application of theory for BCMP networks. The models are derived from the analysis of the call flow and SS7 nodes involved into call processing. As an example of Intelligent Service Freephone from Capability Set 1 is taken and post-selection delay is calculated for it. Keywords: Intelligent Network, BCMP networks, post-selection delay.

1 Introduction When attracting new subscribers and increasing the loyalty of existing customers for telecoms operators providing Intelligent Network (IN) services, it is vitally important to consider the quality and level of service required. Analysis of quality of service (QoS) and grade of service (GoS) indicators is necessary to ensure the fulfillment of quality of service agreements between telecoms operators and their customers, as well as to ensure parameters satisfy international standards. One of the parameters which influences the degree of customer satisfaction is the post-selection delay while using IN services (GoS parameters, recommendations ITU-T E.723, Е.724 [1, 2]). The aim of this article is to outline a method that allows assessment of one of the GoS parameters within an Intelligent Network and, more precisely, delays which occur during the process of establishing a connection. The need for such calculations became evident during the course of research conducted in work [3], in which different configurations of a Russian IN with nodes located across four time zones were analyzed in terms of the required capacity of signaling equipment. Post-selection delay was already investigated in works [4, 5, 6] where generic modeling methodology for the signaling load and the signaling network performance was introduced. The models were obtained by considering the protocol functions of Signaling System No. 7 (SS7) as well as the information flows through these functions. S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 143–153, 2009. © Springer-Verlag Berlin Heidelberg 2009

144

I. Buzyukova, Y. Gaidamaka, and G. Yanovsky

In this paper modeling methodology is based on the theory of exponential BCMP networks. The models are derived from the analysis of SS7 nodes involved into call processing and analysis of the call flow itself. In section 2 the interaction of network nodes when establishing a connection for IN services is examined. Section 3 sets out the mathematical model of the IN fragment; describing the call setup process in the case of a reliable connection. Section 4 contains a mathematical model of the separate nodes in the network. Section 5 outlines the results of mean call setup time post-selection delay calculations for Freephone services on the basis of source data that approximates real-life data.

2 Constructing a Functional Model for the Call Setup Process in IN In the majority of cases the process of establishing a connection for intelligent services involves interaction between the following SS7 nodes: two signaling points (SP), a signaling transfer point (STP), a service switching point (SSP) and a service control point (SCP). To begin with we examine the signaling message exchange process for call servicing using Freephone service from Capability Set 1 as an example. The diagram (fig.1) shows the SS7 messages that influence the overall total post-selection delay in normal conditions within a functioning network. A detailed description of the process and the signaling messages, which are exchanged between IN nodes and signaling points, is given in works [5], [7] and [8]. SPА

SSP

STP

SCP

SPB

IAM TC Begin (IDP)

TC Begin (IDP) TC Continue

TC Continue ACM

(RRB,CIR,FCI, AC,RRB,CON)

(RRB,CIR,FCI, AC,RRB,CON)

IAM ACM ANM

ANM

Fig. 1. The message exchange process when establishing a connection for Freephone service

Estimation of GoS Parameters in Intelligent Network

145

It is worth mentioning that the SCP node shown in the diagram represents a SCP node along with an integrated service data point (SDP). For illustrative purposes the section of the SS7 network, across which message exchange between nodes takes place, has been omitted from this diagram. While conducting our analysis we shall take into consideration the sequence of processing signaling messages with various SS7 subsystems in all of the aforementioned nodes. It should be noted that request processing time in the SDP node database is one of the contributing factors in request processing time in the SCP node and is accounted for by adding a constant.

3 Constructing an Analytical Model of IN Network An open heterogeneous queuing network with several classes of customers (commonly referred to as a BCMP network) can serve as a model for the call setup process for Freephone services [9, 10]. The network is made up of a finite set of service centers (fig.2) which model the reception, processing and transfer of messages to the network in IN nodes, taking into account the queuing delay. Diamonds in the queuing network diagram represent the transfer of messages along a communication path. So as not to overcomplicate the diagram, diamonds have only been added after two service centers. However, it is worth noting that in reality they are present after every service center. A Poisson flow with signaling arrival rate λ FPH enters the network from outside. A customer within the network corresponds to a message entering the IN nodes. Each customer is assigned a class which can be changed when passing from one service center to another. We refer to a customer of class r ∈ R located in service center i ∈ M as (i,r)customer. A multitude of all types of customers serviced within the network can be represented as L = {(i, r ) : i ∈ M , r ∈ R} . Classes of BCMP-customers, which are used when constructing call setup models for FPH services, take the following form: IAM – (1), TC Begin – (2), TC Continue – (3), ACM – (4), ANM – (5). The following numbers will be used to denote nodes within the network: SPА - 1, SSP - 2, STP - 3, SCP - 4, SPB – 5; and the numbers 6-13 will be used for representing message transfer along the signaling data link. Now we will define the types of service centers in the abovementioned queuing network. Let us say that each service center in this queuing network belongs to one of two of the BMCP network node types described below [10]. We will examine an exponential queuing network. A service center of the first type can be described as a single-server queuing system with an infinite buffer and FIFO order. The service time of customers of all classes in node i has exponential distribution with an service rate μ i , i = 1,5 . Service centers of the first type will be used for modeling SP, STP, SSP and SCP nodes. A service center of the second type is made up of a multi-server queuing system with an infinite number of servers. Service centers of the second type will be used for modeling the transfer of messages along the signaling data link. Service centers of the second type correspond to the diamonds illustrated in the queuing network diagram above.

146

I. Buzyukova, Y. Gaidamaka, and G. Yanovsky

Fig. 2. Model of the call setup process in the form of a heterogeneous queuing network with several classes of customer

Overall, the queuing network model is made up of 13 service centers, five service centers of the first type and eight ones of the second type. Mean post-selection delay for Freephone services can be determined by the following way: (1) = TFPH

q

λ FPH

,

(1)

where q - the mean queuing length of the system. Mean queuing length qi in service center i can be calculated using the following formula: qi =

ρi λ i ⋅ Ti (1) = , 1 − ρ i 1 − λ i ⋅ Ti (1)

where ρ i - offered signaling load in service center i, i = 1,13 ,

λi - arrival rate at service center i, i = 1,13 .

(2)

Estimation of GoS Parameters in Intelligent Network

147

Note that λi = λ FPH , i = 6,13 , - this means that for service centers of the second type the given value coincides with the arrival rate λ FPH entering the network. Taking into account the quantity of service centers of the first and second type in the queuing network, the mean queuing length in the system can be calculated in the following way:

q=

5

13

∑ qi , = ∑

λi ⋅ Ti(1)

i =11 − λi

i =1

⋅ Ti(1)

+ 8⋅

λ FPH ⋅ T p(1) 1 − λ FPH ⋅ T p(1)

,

(3)

where Ti(1) - mean service time in type-1 service center i,

T p(1) - mean service time in type-2 service center. (1) Thus, in order to calculate value TFPH it is necessary to determine the mean service time and mean queuing length in service centers of the first and second type.

4 Analysis of BCMP Service Centers We will construct a generic mathematical model of type-1 service center i in the form of a queuing system of the M/M/1 type (fig.3). Service time Ti of customers of class r in the diagram M/M/1 represents the total message processing time in service center i. The ultimate value depends on signaling message processing time at levels 2 and 3 of the MTP subsystem, message processing time with various SS7 subsystems and signaling message transfer time at level 2 of (1) 1 the MTP subsystem ( Tod ) [8]. i

λi

μi

…

Fig. 3. Model of a type-1 service center in the form of M/M/1 queuing system

The mean value Ti(1) for service time in service center formula: (1) Ti(1) = T1(1) i + Tod , i

i

is determined using the

(4)

where T1(1) i - total value of all the time intervals listed above, excepting signaling message transfer time at MTP2 level. Signaling message transfer time Tod i at level 2 of the MTP subsystem of service center i, including transfer queuing delays, can be calculated with the help of a M/G/1 1

od – outgoing delay.

148

I. Buzyukova, Y. Gaidamaka, and G. Yanovsky

B(x)

… F(x) Fig. 4. M/G/1 queuing system with bunker

queuing system with a bunker (fig.4) which has an unlimited supply of customers corresponding to filling signaling units (FSU) [8]. FSU-messages only arrive to the server if, at the point a customer (of any class) has finished being served in the system, there are no further customers of the appropriate message signal unit (MSU). Distribution function B(x) describes the MSU service process and distribution function F(x) describes FSU service. In models with a bunker messages, as examined in the BCMP network model, correspond to MSU; FSU messages consist of a data packet with a fixed length (6 bytes), ensuring synchronization. Processing time in this system T od consists of transfer queuing delays and signaling message transfer time to the communication path. The mean of this value is calculated according to [8] in the following way: 1 ρ* (1) Tod = Tm + (T f + × k1 × Tm ) , 2 1− ρ*

(5)

where ρ * - offered signaling load at the level of the signaling link (SL) of the МТР subsystem,

T

f

- mean transfer time in FSU,

T m - mean transfer time in MSU, k1 - 1st moment of transfer time allocation in MSU. Offered signaling load

a can be determined using this formula: λ ⋅8⋅ L

a=

64000 ⋅ 3600

=

λ⋅L 8000 ⋅ 3600

,

(6)

where λ = λ FPH MSU/hour - arrival rate of MSU entering signaling link, 64000 b/s - data transfer speed, L - mean length of MSU in bytes.

Mean times T m and T

f

for MSU and FSU transfer to the communication channel

can be determined as the ratio: mean length of message to transfer speed. Note that in service centers various classes of messages with different lengths are serviced. Therefore, values of mean MSU transfer time to the communication channel

Estimation of GoS Parameters in Intelligent Network

149

(1) Tm i will differ for each service center i. Consequently, Tod values for each service i center will also differ. Therefore, using formulae (2) and (4)-(6) we can calculate q i values for each type-1 service center. In service center 1 (SPА) customers of classes 1 and 5 are serviced due to the fact SPА sends IAM and ANM messages. Therefore, arrival rate λ1 of the flow entering service center 1 (fig.4) is calculated using formula:

λ1 = λ1,1 + λ1,5 ,

(7)

and the mean queuing length in service center 1 is determined using formula (2), as follows:

q1 =

(λ1,1 + λ1,5 ) ⋅ T1(1)

.

1 − (λ1,1 + λ1,5 ) ⋅ T1(1)

(8)

We calculate values for mean queuing length in the other queuing network service centers in much the same way. For service center 5 (SPB), in which customers of classes 4 and 5 are serviced (ACM and ANM messages):

q5 =

(λ5, 4 + λ5, 5 ) ⋅ T5

(1)

1 − (λ5, 4 + λ5,5 ) ⋅ T5

(1)

.

(9)

For service center 2 (SSP):

q2 =

(λ 2,1 + λ 2, 2 + λ 2, 4 + λ 2,5 ) ⋅ T2

(1)

1 − (λ 2,1 + λ 2, 2 + λ 2, 4 + λ 2, 5 ) ⋅ T2

(1)

.

(10)

For service center 3 (STP):

q3 =

(λ3, 2 + λ3,3 ) ⋅ T3

(1)

1 − (λ3, 2 + λ3, 3 ) ⋅ T3

(1)

.

(11)

For service center 4 (SCP) customer service time T4 (1) in the service center includes request processing time in the database. Value q 4 is calculated using the formula:

λ ⋅T q 4 = 4, 3 4 (1) 1 − λ4,3 ⋅ T4 (1)

.

(12)

Processing time in type-2 BCMP service center T p corresponds to message transfer time along the signaling data link. This depends on the distance between corresponding IN nodes and signal propagation speed in the physical environment.

150

I. Buzyukova, Y. Gaidamaka, and G. Yanovsky

The mean queuing length in type-2 service center q p is calculated using the mean service time in the given service center T p(1) , thus:

qp =

λFPH ⋅ Tp(1) 1 − λFPH ⋅ T p(1)

.

(13)

Therefore, formula (3) for mean post-selection delay for Freephone services takes this form: (1) TFPH =

q1 + q2 + q3 + q4 + q5

λFPH

+ 8⋅

qp

λFPH

.

(14)

5 Case Study During our analysis of post-selection delay for Freephone services we chose data that was as close as possible to real-life data. Thus, volumes of signaling information sent while rendering services were determined on the basis of Freephone service data from one Russian intercity telecoms operator. Mean values for customer service time in nodes was determined based on ITU-T recommendations [11]. During calculation the following source data was used: - arrival rate λ FPH of Freephone service calls - 2500 calls/hour, - access time of SCP node to SDP database - approx. 1ms, - signaling message transfer time T p(1) = 40ms (provided message transfer is via fiber-optic communication lines). Fig. 5 illustrates how post-selection delay for Freephone services depends on the arrival rate of calls for this service, ranging from 250 to 3000 calls/hour. The upper arrival rate value (3000 calls/hour) corresponds to real operational capacity during busy hours. In the histogram (fig. 6) showing call arrival rate for Freephone services (equal to 2500 calls/hour) mean processing time values in each network node are given. These values allow us to estimate the contribution to processing time in the node to gain an overall value for post-selection delay for the considered IN service. Note that the transfer of signaling data between IN nodes can take place not only via protocol SS7 via STP nodes, but also via an IP network with the help of other protocols (e.g. Sigtran). In the case of message transfer via an IP network the corresponding value T p(1) for signaling message transfer time between nodes has a range of 0.5ms to 100ms. The bar charts in fig. 7 illustrate the dependence of mean post-selection delay on message transfer time via an IP network. Calculations are give for λ FPH =2500

Estimation of GoS Parameters in Intelligent Network

151

t, s 3

2,5

2

1,5

1

0,5

0 250

500

750

1000

1250

1500

1750

2000

2250

2500

2750

3000

λ, calls/hour

Fig. 5. Post-selection delay for Freephone services (SS7 network)

t, s 0,6 0,5 0,4 0,3 0,2 0,1 0 SP_A

SSP

STP

SCP

SP_B

8·Tp

node Fig. 6. Mean processing time in IN nodes

calls/hour. Fig.9 also shows a fraction of this transfer time in relation to message processing time in IN nodes. According to call setup procedure, customers pass through nodes SPA и SPB twice, the SSP node four times, and once through the SCP node. This fact was taken into account when creating the graph. Besides due to a change in network data transfer, the time taken for customers to pass through the STP node is not considered here.

152

I. Buzyukova, Y. Gaidamaka, and G. Yanovsky

It is clear from fig. 7 that message transfer time via an IP network directly influ(1) ences the overall post-selection delay and can contribute up to 20% of value TFPH (if

T p(1) =0.1s). In comparison with the result achieved in the case of message exchange (1) . via a SS7 network, it is possible to see a 200-600ms reduction in time T FPH

t, s 2,00

T_FPH

1,50

T_SP_A T_SSP T_SCP

1,00

T_SP_B T_P 0,50

0,00 5,E-03

0,05

0,1

T p, s

Fig. 7. Post-selection delay for Freephone services (IP network)

6 Conclusion This article puts forward a method for calculating post-selection delay for Freephone services based on a mathematical model of an open exponential BCMP network. It also provides the analysis of this parameter based on source data that approximates real-life data. For general service time distribution in BMCP network nodes, estimates for post-selection delay can be gained with the help of simulation. The method developed here can be used for estimating delays that occur during the call setup process, as well as for other intelligent services. In the latter case it is necessary to take into account the specifics of the call setup procedure for each IN service.

Acknowledgements The authors would like to thank Professor K. Samouylov for many important and useful discussions and his suggestions concerning analytical model.

Estimation of GoS Parameters in Intelligent Network

153

References 1. ITU-T Recommendation E.723. Grade-of-Service Parameters for Signaling System No. 7 Networks. ITU, Geneva (1992) 2. ITU-T Recommendation E.724. GOS Parameters and Target GOS Objectives for IN Services. ITU-T (1996) 3. Buzyukova, I.L., Gaidamaka, Y.V.: Signaling Load Investigation in Intelligent Networks with odes located in different time zones. In: Nauchno-tehnicheskie vedomosti SPB STU. №5, pp. 67–74. St-Petersburg (2008) (in Russian) 4. Bafutto, M., Kuhn, P., Willman, G.: Modelling and Performance Analysis for Common Channel Signalling Networks. AEU 47 #5/6 (1993) 5. Willman, G., Kuhn, P.J.: Performance Modelling of Signalling System. IEEE Communications Magazine 7 (1990) 6. Zharkov, M., Chekmareva, E., Samouylov, K.: Methos of Estimating SS №7 Time Responses in Mobile Cellular Communication System. In: Proc. CONTEL 1993, Zagreb (1993) 7. Goldstein, B.S., Ehriel, I.M., Rerle, R.D.: Intelligent Networks. Radio i Svyaz, Moscow (2000) (in Russian) 8. Samouylov, K.E.: Methods for Performance Analysis of SS7 Networks. RUDN, Moscow (2002) (in Russian) 9. Baskett, F., Chandy, K.M., Muntz, R.R., Palacios, F.G.: Open, Closed, and Mixed Networks of Queues with Different Classes of Customers. Journal of the ACM 22(2), 248–260 (1975) 10. Vishnevsky, V.M.: Theoretical Basis for Designing Computer Networks. Technosphera, Moscow (2003) (in Russian) 11. ITU-T: White Book, Recommendation Q.706: Signalling System No.7 – Message Transfer Part Signalling Performance. ITU, Geneva (1993)

Multi-Skill Call Center as a Grading from “Old” Telephony Manfred Schneps-Schneppe1 and Janis Sedols2 2

1 Ventspils University College, Inzenieru st 101 Ventspils Latvia Institute of Mathematics and Computer Science, University of Latvia, Raina bulv 29 Riga Latvia [email protected]

Abstract. We explore parallels between the older telephony switches and the multi-skill call centers. The numerical results have shown that a call center with equally distributed skills is preferable compared to traditional grading-type design. The annex contains a short version of mathematical proof on limited availability schemes design for small call flow intensity λ and for large λ. The proof explores one excellent V. Beneš' paper (from Bell Labs). On its own merit, the annex could initiate new mathematical research in call center area, more by now the powerful software for numerical analysis is available. Main conclusion is the following: numerical analysis of simple multi-skill call centers propose a new principle for call center design, namely: from throughput point of view a multi-skill call center with equally distributed skills is preferable compared to traditional grading-type design. Keywords: Call center, Skill based routing, Teletraffic, Limited availability, Asymptotic expansion for loss probability.

1 Introduction Due to extremely acute research needs on call center performance analysis all around the world there is a reason to talk about the rebirth of teletraffic theory and in this context it is worth to remember Russian queueing theory papers [1], besides them the very pioneering A. Kolmogorov’s paper [2] on Erlang queue problem (1931) and the world-wide known book on queueing theory written by A. Khinchin [3]. Up to 50 years ago one of the authors (the first one) in his young student age had a chance to deliver his results on optimal grading design (in telephony) to Kolmogorov’s applied probability seminar at Moscow State University. The results have surprised Andrey Kolmogorov, namely: in his opinion, in the case of limited availability of switch outlets the optimal scheme should be in form of grading (Fig. 1a). But…that is true for small call flow only. In the case of high call flow values the optimal one is the scheme with equally distributed outlets as in Fig. 1b [4]. These are two limited availability schemes with 4 inlets and 6 outlets. Each inlet can connect to 3 outlets (searching from left to right): a) the grading scheme contains 4 individual and 2 common outlets, b) the scheme with equally distributed outlets: each outlet is available to 2 inlets. (The numerical results of this phenomenon are shown in Fig. 8 and mathematical proof is given in Annex.) S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 154–167, 2009. © Springer-Verlag Berlin Heidelberg 2009

Multi-Skill Call Center as a Grading from “Old” Telephony

a)

155

b)

Fig. 1. Two limited availability schemes.

The aim of the paper is to point out the parallels between the older telephony switches and the multi-skill call centers. Of course, the call center skill based routing is much more complex problem but the discussion seems to be fruitful for call center architects and mangers as well as the teletraffic studies. The paper is organized as follows. Section 2 presents the basic call center mathematical models. Section 3 introduces multi-skill call center issues. Section 4 contains numerical examples for multi-skill call center optimisation. The results have shown that a call center with equally distributed skills is preferable compared to the traditional grading-type design. Section 5 concludes the abstract with discussion on the results for future research. Finally, the annex contains a short version of mathematical proof on limited availability schemes design for small call flow intensity λ and for large λ [5]. The proof explores one excellent V. Beneš' paper [6] from Bell Labs. On its own merit, the annex could initiate new mathematical research in call center area, more so now as powerful software for numerical analysis is available.

2 Call Center Mathematical Models 1. Let‘s notice by n the number of agents (lines or outlets in telephony). The call arrivals are distributed according to Poisson law with intensity λ (i.e. λ calls in a time unit in average) and service time is distributed according to exponential law with parameter μ (i.e. μ calls are served during a time unit in average). Later we will use parameter A = λ / μ as average incoming load. ACD here means automatic call distribution device with some waiting places. From teletraffic theory point of view we have two different systems: 1) loss system and 2) queueing system (Fig 2).

Fig 2. Simplest one-skill call center

156

M. Schneps-Schneppe and J. Sedols

Case 1. When N=0, then we talk about loss system (calls that cannot be handled are given 'equipment busy' tone) and probability of blocking (call loss) is determined by Erlang B formula En (A) = (An/n!)/(1 + A + A/2! +…+An/n!) Case 2. When N is infinite (to simplify the formula), then we talk about queuing system where calls that cannot be handled immediately are queued and probability of waiting is determined by Erlang C formula

An n Pw = n−1 ni ! n −n A A A n + ∑ n! n − A i =0 i! 2. In reality, the one-skill call center is much more complex (Fig 3).

Fig. 3. Full scale one-skill call center

There is a full ‘bucket’ of teletraffic phenomena: 1) waiting calls are impatient and after abandonment could go away (lost calls) or make retrials, 2) the same is true in case of “waiting places of ACD busy”, 3) the served calls also make retrials (return for additional service), etc. A lot of teletraffic results are useful for throughput analysis of this picture [7].

3 Multi-skill Call Center In a typical call center [8], the arriving calls are classified in different types, according to the required technical skill to answer the call, the language, importance of the call, etc. Agents are also classified in skill groups according to the subset of call types they can handle and (perhaps) their efficiency in handling these calls. Calls arrive at random according to some stochastic process. When a call arrives, it may be assigned

Multi-Skill Call Center as a Grading from “Old” Telephony

157

immediately to an agent that can handle it (if there is one available) or it may be put in a queue (usually one queue per call type). When an agent becomes available, the agent may be assigned a call from one of the queues, or may remain idle (e.g., waiting for more important calls). All these assignments are made according to some routing policy that often incorporates priority rules for the calls and agents. Figure 4 illustrates this setting. We assume that there are K call types and I skill groups. In the figure, Si represents skill group i, λk is the mean arrival rate for call type k, and µ k,i is the mean service rate for call type k by an agent of group i. The load of call types k is the total amount of agents’ time required for their service; for example, if all are served by skill group i, their load is λk /µ k,i . Note that the arrival process is usually not a stationary Poisson process and the service times are usually not exponential. Calls waiting in queue may abandon after a random patience time (this is represented by the horizontal arrows in the figure). Those who abandon may call again later, although those retrials are rarely modelled in practice, usually because of lack of sufficient data. Callers who received service may also call again for a number of reasons; these are called returns. In the (degenerate) special case where each agent has a single skill, we have K single queues in parallel. If each agent has all skills, then we have a single skill set and a single queue. The system is obviously easier to analyse in these extreme cases. With all agents having all skills, the system is also more efficient (smaller waiting times, fewer abandonment) if we assume that the service time distribution for a given call type does not depend on the agent’s skill set. However, this assumption turns out to be wrong in practice: agents are usually faster when they handle a smaller set of call types (even if their training gives them more skills). Agents with more skills are also more expensive; their salaries depend on their skill sets. Thus, for large volume of call types, it makes sense to dedicate a number of single-skill agents (specialists) to handle most of the load. A small number of agents with two or more skills can cover the fluctuations in the proportion of calls of each type in the arriving load. The multi-skill call center described above is far too complex to be available for strong mathematical analysis. As initial point for our study we use paper [9] where the authors consider routing and scheduling problems under the assumption that there is no queuing, assuming that queued calls are blocked, or, equivalently, that queued calls abandon right away. We apply our study to simple call center structures made

Fig. 4. A multi-skill call center

158

M. Schneps-Schneppe and J. Sedols

by analogy to real call center with 57 agents (Fig 5) from [10]. This is a grading-type 5-skill call center considered by Ger Koole and his colleagues where skill sets {2}, {3}, {4}, {2,3}, and {3,4} each get 5 agents, the skill groups with skills {1} and {5} each get 7 agents, and skill groups (1,2}, {4,5}, and (1,2,3,4,5} each get 6 agents. Therefore, speaking in telephony terms, this scheme with 5 inlets (5 call flows) has 29 individual outlets, 22 pairs and 6 common outlets. S1=7 S1,2= 6

S2= S3= S4=5

S2,3= 5 S1,…,

S3,4= 5

5

=6

S4,5= 6

S5=7

Fig. 5. Multi-skill call center with 57 agents

4 Numerical Analysis Example 1. Common outlets first? Let’s start with numerical analysis of similar to the multi-skill call center pictured above, but much more simple. Figure 6 shows three rather simple 4-skill schemes. The first two schemes are popular now. They have four individual and two 4-skill agents. The only difference relates to the access of 4-skill agents: on the last step (Fig 6a) or on the first one (Fig. 6b). The certain part of call center administrators offer to deliver callers to the most knowledgeable agent on the first step (as in Fig. 6b). They suppose that such strategy better supports business objectives and earlier recognize caller requirements. Numerical analysis shows (Fig. 7) that the probability of a call loss is always greater for scheme 6b (than scheme 6a). Therefore, from the throughput point of view this recommendation is questionable. Note that numerical analysis is based on Markov process equations (totally 26=64 linear equations).

a)

b)

c)

Fig. 6. Three call center schemes with 4 inlets (equal Poisson call flows), 6 outlets (agents), availability equals to 3

Multi-Skill Call Center as a Grading from “Old” Telephony

159

Fig. 7. Comparison of schemes 6a and 6b: the probability of call loss is always greater for scheme 6b (than scheme 6a).

Example 2. Traditional gradings are recommended for low load only. Our main interest concerns traditional gradings (as Fig. 6a) and schemes with equally distributed skills, namely all 6 agents are two-skill educated (Fig. 6c). The fact is surprising that grading is preferable for low load values only, but with load growing scheme Fig 6c (as shown in Fig. 7) becomes preferable. And these curves cross at the loss probability as low as 0.0025. That is reachable at total load value 0.73 (as shown in Fig. 8), or load per agent equal 0.728/6 = 0.121.

Fig. 8. Comparison of schemes 6a and 6c: grading (a) is preferable for low load values only, but as load grows the scheme (c) becomes preferable.

Example 3. Impact of waiting places. Obviously, the use of waiting places (see ACD in Fig. 2) always reduces call losses. This effect is illustrated in Fig. 9: due to waiting places the loss curves are moved to the right. What is more interesting: due to waiting places the preference of equally distributed agent skills is growing (see Table 1).

160

M. Schneps-Schneppe and J. Sedols Table 1. The crosspoint of loss curves for schemes 6a and 6c Number of waiting places 0 1 2

Total load 0.72855 0.6427 0.616

Probability of call loss at the crosspoint 0.2542 x 10-2 0.9424 x 10-4 0.4091 x 10-5

Fig. 9. Impact of waiting places: due to waiting places the loss curves are moved to right

Example 4. Doubled agents. Let’s double number of agents in each agent group, moving from Figs 6a and 6c to Figs 10a and 10c. Therefore, we have 12 agents totally now (and we need to solve the linear system of 212=4096 equations). What have we seen? The picture in common is not changed (Fig. 11): the scheme with equally distributed skills between agents is practically preferable at any load. The cross-point of loss curves for schemes 10a and 10c practically remains the same, namely: as it shows in Fig 12, loss curves for schemes 10a and 10c cross at loss probability 0.00323 (instead of 0.00254 for schemes 6a and 6c, see Table). It happens at total load 3.65, or load per agent equal 3.65/12 = 0.33.

a)

c)

Fig. 10. Doubled agent groups (comparing to Fig 6a and 6c)

Multi-Skill Call Center as a Grading from “Old” Telephony

161

Fig. 11. Impact of double number of agents in each agent group

Fig. 12. Loss curves for schemes 10a and 10c are crossed at loss probability 0.00323.

Conclusion. Numerical analysis of simple multi-skill call centers propose a new principle for call center design: from throughput point of view a multi-skill call center with equally distributed skills is preferable compared to traditional grading-type design.

5 Future Work The call center industry is large and growing rapidly; there are millions of employees and hundreds of thousands of call centers world wide. The use of call centers by businesses for customer service has grown phenomenally in recent years. By 2003, AT&T estimated the number of call centers in the U.S. at 350,000, employing 6.5 million people. (More generally, we speak of customer contact centers, since telephony is not

162

M. Schneps-Schneppe and J. Sedols

the only communication channel nowadays.) However, it is undesired to hire too many employees because, besides service levels, contact centers also have to meet economical objectives, in particular, minimizing costs due to employee salaries. Minimizing the number of employees is an important subject because labor is expensive. About 80% of operating costs in call centers are due to personnel. Call center operations are also increasing in complexity as features such as skillbased routing, computer telephony integration, and networking multiple sites are incorporated. For an example of complexity of call center dimensioning let’s refer to Mandelbaum’s paper [11] from Technion, Israel. The following is the set of requirements of the CRM of the U.S. NationsBank (Bank of New-York now). How to manage the relationship against three customer groups: RG1: high-value customers, RG2: marginally profitable customers (with potential), RG3: unprofitable customer? How to fulfill eight different criteria (antagonistic in great extent) given in Fig. 13? How to consider multi-skill effects (e.g. several languages)? The problems of such kind are rather far from the traditional teletraffic issues, but it is the reality!

Fig. 13. NationsBank’s CRM Grade of Service criteria

A lot of teletraffic studies are available here, more so now taking into account the powerful software for numerical analysis as well as simulation. Below you will find the annex, containing a short version of the mathematical proof on limited availability scheme design principles for small call flow intensity λ and for large λ. It could initiate a new mathematical research in call center area. This is a challenge for teletraffic researchers.

6 Annex. On Optimality of Limited Availability Switches In a switched-circuit network, the devices known as switches are used to connect the caller to the callee. Each switch has a number of inlets and outlets. Older switches (so called step-by-step exchanges) can only connect some inlets to some outlets. This is known as Limited Availability. Each inlet is available for a group of subscribers,

Multi-Skill Call Center as a Grading from “Old” Telephony

163

forming a call flow. In Limited Availability Switches, the circuits inside the switch are usually arranged into Grading groups. One simple example of 3-step Grading can be seen in Figure 1a having 4 inlets (in another words, 4 incoming call flows) and 6 outlets (lines). Each inlet can connect to 3 outlets (searching from left to right). Grading scheme contains 4 individuals and 2 common outlets. According to Wikipedia [12], gradings are still popular now, and principles of optimal limited availability discussed below are not widely known. As we have shown above by numerical analysis, the classical gradings are preferable for low call flows only. At call loss around 1%, the loss probability curves are cross, and more preferable are the schemes with uniformly distributed outlets. Now we go to the strong mathematical analysis of this phenomenon. We consider rectangular switches with parameters: n – inlets (call flows, subscriber groups), d – availability (number of steps), v – outlets (total number of lines). Therefore, the switch has n · d contacts (points) divided into v groups (outlets). The switch serves n Poisson call flows (each of intensity λ), the holding time is exponentially distributed (with parameter μ=1, for simplicity of formulas). If all d lines available to some call are busy, the call is lost. Therefore, call processing by the switch is described by means of Markov process with state set S of 2v states. Let’s note: ⏐x⏐- the number of busy lines in state x, Ax – the set of states reachable by adding one busy line in state x, Bx – the set of states reachable by releasing one of ⏐x⏐ busy lines in state x, rxy – number of inlets (subscriber groups) whose calls move switch from state x to state y, s(x) – number of inlets having at least one idle line in state x. Obviously,

s( x) =

∑r

xy

y ⊂ Ax

,

R – matrix of elements rxy ,rx – element of matrix R in ⏐x⏐ degree having indexes (0, x). Obviously, rx means the number of paths to move from state 0 to state x only by means of incoming calls We get the state probabilities px as the solution of linear algebraic system

and probability of call loss is equal

In order to study the principles of optimal availability schemes we apply asymptotic expansion of call loss probability in powers of λ (Theorem 1) and in powers of 1/λ (Theorem 2).

164

M. Schneps-Schneppe and J. Sedols

Theorem 1 [6]. Asymptotic expansion of call loss probability at λ → 0. If the sequence {cm (x), m ≥ 0, x ⊂ S} is defined by

and

than the asymptotic expansion of call loss probability in powers of λ is available at point of λ = 0 and the members not equal to 0 are of power not less then λd . According to this theorem for ⏐x⏐> 0 we have expansion

and the call loss probability is equal to

Theorem 2 [5]. Asymptotic expansion of call loss probability at λ→∞. If the sequence {dm (x), m ≥ 0, x ⊂ S} is defined by

and

Multi-Skill Call Center as a Grading from “Old” Telephony

165

than the asymptotic expansion of call loss probability in powers of λ1 is available at point of λ = ∞. According to this theorem we have the expansion

Call loss probability is equal to

and according to Taylor series

π =

D (0) 1 C (0) D ' (0) − C ' (0) D (0) + + o(1 / λ ) C ( 0) λ [C (0)]2

The first four expansion terms are defined by

where li – the number of i-set contact points (For call centers, it means the number of i-agent skills.), sij – the number of inlets for which at least one line is available in state when only lines i and j are idle, ξji – the number of inlets (part of sij) from which calls are coming to line j when only lines i and j are idle. Theorem 3 [5]. On optimality of gradings at λ→0. At λ→0 and given switch parameters (n, d, v) the optimal limited availability scheme should follow the principles:

166

M. Schneps-Schneppe and J. Sedols

1) The contact field (n, d, v) divides (as possible) in contact sets with 1 and n contact points (In case of call center, it means that each agent has 1 or n skills.), and individuals are available earlier than commons, 2) If the above requirement is not fulfilled than contact sets with another contact points are available after individuals and before commons. The proof is based on Theorem 1. Theorem 4 [5]. On optimality of equally distributed contact points at λ→∞. At λ→∞ and given switch parameters (n, d, v) the optimal limited availability scheme should follow the principles: 1) The contact field (n, d, v) divides in contact sets with r or r+1 contact points (In case of call center, it means that each agent has r or r+1 skills.), where r = [nd/v] ([ ] denotes the whole part) , 2) Contact sets with r contact points are available earlier than contact sets with r+1 contact points, 3) Each contact set has equal (as possible) number of common lines (outlets) with each of the other contact sets. The proof is based on Theorem 3. The first two terms in expansion of loss probability in powers of λ1 don’t give any information on the scheme structure. The third term at power λ2 , equal to L/n, gets minimum value when L = v

value. According to definition

∑l i =1

i

v

∑1 / l i =1

i

takes minimum

= nd , where li are integer numbers, therefore

they should be (as possible) equal i.e. equal to [nd/v] or [nd/v] + 1. From that the requirement 1 of Theorem 4 follows. Let’s prove the requirement 3 is necessary for particular case when nd/v is an integer, i.e. equal r. Then

and we need to minimize the first sum. If we denote the number of common inlets for lines i and j by qij then

Multi-Skill Call Center as a Grading from “Old” Telephony

167

This sum takes minimum value when all sij are equal (as possible). It means that each contact set has equal (as possible) number of common lines (outlets) with each of the other contact sets, and the requirement 3 for particular case is proved necessary.

References 1. Schneps-Schneppe, M.A., Gnedenko, B.V., Kharkevich, A.D.: Looking through the exUSSR teletraffic papers. In: 14th International Teletraffic Congress. Proceedings, vol. 1a, pp. 135–143 (1994) 2. Kolmogorov, A.N.: Matem. Sbornik 38(1-2), 101–106 (1931) 3. Khinchin, A.J.: Papers on mathematical queueing theory, Moscow (1963) 4. Schneps-Schneppe, M.A.: New principles of limited availability scheme design, Elektrosviaz 7, 40–46 (1963) 5. Sedol, J., Schneps-Schneppe, M.: Some qualitative study of limited availability schemes. Problemy peredachi informatsii 1(2), 88–94 (1965) 6. Beneš, V.E.: Markov Processes Representing Traffic in Connecting Networks. Bell System Techn. J. 42, 2795–2838 (1963) 7. http://www.math.vu.nl/~koole/research/ 8. L’Ecuyer, P.: Modeling and Optimization Problems in Contact Centers. In: QEST 2006. Third International Conference, pp. 145–156 (2006) 9. Skills-Based Routing and its Operational Complexities. Wharton’s Call Center Forum (2003), http://ie.technion.ac.il/serveng 10. Koole, G., Talim, J., Pot, A.: Routing heuristics for multi-skill call centers. In: Proceedings of the 2003 Winter Simulation Conference, pp. 1813–1816 (2003) 11. Garnett, O., Mandelbaum, A.: An Introduction to Skills-Based Routing and its Operational Complexities. Technion (May 2000), http://fic.wharton.upenn.edu/fic/f0503mandelbaum.pdf 12. http://en.wikipedia.org/wiki/Limited_availability

A Real-Time Algorithm for Skype Traffic Detection and Classification D. Adami, C. Callegari, S. Giordano, M. Pagano, and T. Pepe Dept. of Information Engineering, University of Pisa, Italy {adami,callegari,giordano,pagano,pepe}@netserv.iet.unipi.it

Abstract. In the last years Skype has gained more and more attention from both the users and the scientific community. Namely, the users are interested in its ability to provide a free and reliable way to make phone calls over the Internet, while the scientific community is interested in the reverse-engineering process, because of the proprietary design of the application. In more detail, both Skype protocols and algorithms are unknown and use strong encryption mechanisms, making it very difficult to even reveal Skype presence inside a traffic aggregate. This issue is of primary interest for the scientific community and, above all, of big economical relevance for the operators. In this paper we propose a novel algorithm for detecting Skype traffic, based on both signature-based and statistical approaches. The proposed algorithm is able to reveal in real time the presence of Skype clients in the monitored network, and to distinguish among the several types of Skype “activities”: direct calls, calls with relay node, SkypeOut calls, and file tranfers. To assess the effectiveness of our method we have tested the system over several traffic data sets, collected in different networks. Moreover we have compared the performance offered by our system with those provided by “classical” classification techniques, as well as by the state-of-the-art Skype classifier.

1 Introduction In recent years, the popularity of VoIP-telephony has progressively grown and the majority of network operators has started offering VoIP-based phone services. Skype [1] has rapidly become the most well-known example of this consolidated phenomenon: originally developed by the entrepreneurs who created the pioneering Web applications Kazaa, Skype ended 2008 with 405 million user accounts (more than 42 million of real users [2]), a 47% increase from 2007 [3]. According to TeleGeography Research [2], in 2008 Skype users spent 33 billion minutes talking to people in other countries, representing 8% of all international voice traffic. Moreover, Skype usage hit an all-time peak on March 30, 2009, when more than 17 million users were online at the same time [4]. Unlike other VoIP applications, which generally rely on the client-server architectural model, Skype operates on a P2P overlay network. The communication among Skype users is established according to the traditional end-to-end paradigm except when a relay node is used for symmetric NATs and firewalls traversal. Skype offers S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 168–179, 2009. c Springer-Verlag Berlin Heidelberg 2009 

A Real-Time Algorithm for Skype Traffic Detection and Classification

169

several free services: voice and video communication, file transfer, chats, buddy lists, and SkypeIn/SkypeOut to direct call towards the PSTN. Due to its tremendously wide spread and success, Skype has recently attracted the attention of both network operators and the research community. More specifically, network operators require the development of efficient techniques for the identification of the traffic generated by Skype to monitor its impact on network performance, design effective security policies, enforce traffic differentiation strategies, and conveniently charge the use of network services. However, as Skype protocols are proprietary, cryptography, obfuscation, and anti reverse-engineering techniques [5] are extensively adopted and ad-hoc techniques are used to evade NATs and firewalls, the identification and characterization of Skype traffic have been, and still are, hot research topics. At the time of writing, the most complete work concerning Skype traffic classification is [6], where the authors present a methodology working in real-time. In more detail, they propose a framework based on two different and complementary techniques, for revealing Skype traffic from a traffic aggregate. The first one, based on Pearson’s Chi Square test, is used to detect Skype’s fingerprints from the packet framing structure, but is agnostic to VoIP-related traffic characteristics. The second approach, instead, relies on a stochastic characterization of Skype in terms of packet arrival rate and packet length, which are used as features of a decision process based on Naive Bayesian Classifiers. In [7], instead, the authors aim at identifying relayed, rather than direct traffic, and Skype is chosen as a case-study to validate their approach. Other works focus on understanding how Skype protocols work. In [5] the authors provide an overview on Skype design and functionalities, exploring many operational aspects under different network scenarios. Users with public IP addresses as well as users behind a port-restricted NAT or UDP-restricted firewall are taken into account. The work [8] aims at studying Skype operations by means of traffic measurements over a five months period. The authors analyze the user behaviour for relayed, rather than direct, sessions only. Results pertain the population of on-line clients and their usage pattern, the number of super-nodes and bandwidth usage. Finally, the paper [9] investigates Skype signalling mechanisms by means of passive measurements, providing insights into Skype signalling mechanisms and analyzing the cost and complexity of managing Skype P2P overlay network. This paper deals with the identification of Skype traffic and, more specifically, proposes a joint signature-based and statistical approach that outperforms state-of-the-art methodologies. Indeed, as reported in the following sections, our algorithm is able to perform a real-time classification of both signalling and data traffic generated by Skype. A further contribution is related to the detailed description of the signalling traffic, generated during the start-up phase, that has not been reported in any previous work. The paper is organized as follows. Section 2 describes the main characteristics of Skype traffic, focusing on the details that are used to perform the detection. Then Section 3 details the proposed algorithm, while Section 4 presents the experimental results. Finally Section 5 concludes the paper with some final remarks.

170

D. Adami et al.

2 Skype Traffic Before detailing the algorithm implemented to detect Skype traffic, we present a brief analysis of Skype features, focusing on those aspects that are relevant to the detection phase. Despite in this paper, for sake of brevity, we do not provide all the details related to Skype network architecture, it is important to highlight that this knowledge is necessary for a complete understanding of the paper and can be found in [6], where the authors present a deep description of Skype architecture and traffic. In more detail, we assume the reader knows the difference between a Skype Client (SC) and a Skype Supernode (SN), the structure of the Start of Message (SoM), the main characteristics of the voice traffic, and the different types of possible calls (e.g. with or without relay node). 2.1 Skype UDP Ping The Skype UDP Ping is a message exchange, carried out periodically by all the SCs, which consists of two keep-alive messages. These messages are characterized by the function field of the message equal to 0x02. It is worth noticing that some UDP flows only consist of the exchange of such messages. 2.2 Skype UDP Probe The Skype UDP Probe is a message exchange performed when Skype application is launched, to discover the SNs and the network characteristics (e.g., presence of NATs, firewalls, etc.). The Skype UDP Probe consists of 4 UDP messages (Long Skype UDP Probe): two request messages from the SC to the SN (U1 and U3), and two reply messages from the SN to the SC (U2 and U4). Figure 1 depicts the message exchange (sx is the size of the payload of packet x). SC

SN variable size

U1

sU2 = 11

U2

sU3 = sU1 + 5 sU4 = 18, 26, 51, or 53

U3 U4

Fig. 1. Long Skype UDP Probe

After the Skype UDP Probe has been executed, the SC performs the algorithm for the SN selection, which consists of the following steps: if sU4 = 18 bytes then the SC opens a TCP connection (on the same port number used for the Skype UDP Probe) and the contacted node becomes its SN else

A Real-Time Algorithm for Skype Traffic Detection and Classification

171

if sU4 ∈ {26, 51, 53} bytes then the contacted node will not be taken into account any longer # it is likely that these messages can be interpreted as SN “negative” replies end if end if A modified version of this message exchange, only involving U1 and U4 packets (Short Skype UDP Probe), is repeated until a SN is selected Moreover, it is worth noticing that the SC periodically repeats this message exchange (Short Skype UDP Probe), so as to be sure to be always connected to an available SN. 2.3 Skype TCP Handshake Once the SN has been selected, the SC has to establish a TCP connection with the SN, so as to be able to access Skype network. This phase is composed of the following steps: – a TCP connection is opened towards the first node that has positively answered to the Skype UDP Probe (using the same port number used for the reception of the Skype UDP Probe messages) – in case the TCP connection fails, another connection is established with another SN that previously acknowledged an Skype UDP Probe – once the connection has been established, a message exchange, named Skype TCP Handshake, is started It is worth noticing that, even though the whole payload is encrypted, these packets are characterized by the TCP PSH flag set and, some of them, by a fixed size packet payload. Figure 2 displays the message exchange. SC

SN PSH=1, variable size

T1

PSH=1, variable size

T2

PSH=1, variable size

T3

PSH=1, sT 4 = 27 PSH=1, variable size PSH=1, sT 6 = 4

T4 T5 T6

Fig. 2. Skype TCP Handshake

From the figure, we note that six messages (T1, T2, T3, T4, T5, and T6) are exchanged: T1, T2, T3, and T5 are variable size messages, while messages T4 and T6 are 27 and 4 bytes long, respectively. Since this phase is based on the opening of a TCP connection over an arbitrary chosen port, it is obvious that this packet exchange can only be realized if there are no restriction on the usable ports. On the contrary, if the SC resides behind a NAT or a firewall, the connection is established over TCP port 80 (Skype HTTP Handshake) or 443

172

D. Adami et al.

(Skype HTTPS Handshake). This is justified by the fact that the firewalls do not usually restrict the usage of such ports, since they are respectively used by the HTTP and HTTPS protocols. It is worth noticing that Skype uses Transport Layer Security (TLS) protocol over port 443 and a proprietary protocol over port 80. The message exchange over both ports is depicted in figure 3. SC

SN PSH=1, variable size (p. 80) / sR1 = 72 (p. 443) PSH=1, variable size PSH=1, sR3 = 27 (p. 80) / variable size (p. 443) PSH=1, variable size PSH=1, sR5 = 4 (p. 80) / variable size (p. 443)

R1 R2 R3 R4 R5

Fig. 3. Skype HTTP/HTTPS Handshake

Let us analyze the two cases separately: – connection over port number 443 • the payload of the first packet is 72 bytes long and the first 56 bytes have a fixed value (named A1 in the following), corresponding to the Client Hello of the TLS 1.0 protocol • the size of R2 is variable, but the first 79 bytes have a fixed value (named A2 in the following), corresponding to the TLS Server Hello message Moreover, some of the fields of Skype SoM, that should be variable, are instead fixed in these packets (i.e., gmt unix time field (bytes 12-15) and random bytes field (bytes 16-43)) – connection over port number 80 • the payload size of the R3 and R5 messages is 27 bytes and 4 bytes, respectively. 2.4 Skype TCP Authentication Once the connection has been established, the SC needs to authenticate itself to the server. In the TCP authentication phase the SC opens a connection with a Login Server, that is the only centralized server of Skype architecture. Four distinct packets are exchanged during the Skype Login Server Connection phase (L1, L2, L3, and L4), as depicted in figure 4. The main characteristics of these messages are: – L1: the payload size is 5 bytes and it contains a fixed value (named A3 in the following), that is a TLS Server Hello message – L2: the payload size is 5 bytes and it contains a fixed value (named A4 in the following)

A Real-Time Algorithm for Skype Traffic Detection and Classification SC

173

LS PSH=1, sL1 = 5

L1

PSH=1, sL2 = 5

L2

PSH=1, variable size

L3

PSH=1, variable size

L4

Possible further messages

Fig. 4. Skype Login Server Connection

– L3: the first 15 bytes have a fixed value (named A5 in the following), while in a variable position we find A4 – L4: the first 4 bytes have fixed value (named A6 in the following) To be noted that Skype application allows the user to save some authentication credentials. In that case, this message exchange is not realized when the application is launched. 2.5 Skype HTTP Update This message exchange is performed every time Skype is launched and it is aimed at retrieving the application updates. It consists of one unencrypted message, which varies depending on Skype version, but presents either a fixed value (named A7 in the following) in the first 29 bytes (Linux versions) or a fixed value (named A8 in the following) in the bytes 95-124 (Windows versions).

3 Detection Algorithm In this section, we describe the algorithm that allows us to perform a real-time classification of Skype traffic, detailing at first the approach used for UDP traffic and then the one used for TCP traffic. Before discussing the algorithm, we list the parameters that are used in the following: – – – – – – – – –

Di : payload size of packet i F: function field of Skype SoM ti : arrival time of packet i Bi, j : bytes from i to j of the packet payload FLOW: UDP or TCP flow, identified by the “classical” 5-tuple tentative: preliminary decision NOx0d : number of packets with function field equal to 0x0d Bsd : number of bytes sent from the source to the destination Bds : number of bytes sent from the destination to the source

174

D. Adami et al.

3.1 UDP Traffic Given a flow FLOW , the procedure aimed at detecting and classifying the signalling traffic over UDP consists of the following steps: if first packet and F == Ox02 then dim f irst pkt = D1 end if if second packet and dim f irst pkt  = 0 then if F  = Ox02 and F  = Ox07 and D2 ∈ / {11, 18, 26, 51, 53} bytes then dim f irst pkt = 0 FLOW  = Short Skype UDP Probe, Long Skype UDP Probe, Skype UDP Ping EXIT end if if F == Ox02 and D2 ∈ {18, 26, 51, 53} bytes and t2 − t1 < 10s then FLOW = Short Skype UDP Probe record the event into the log file “skype events.txt” else if F == Ox02 then FLOW = Skype UDP Ping record the event into the log file “skype events.txt” end if end if end if if third packet and dim f irst pkt  = 0 then if F  = Ox03 and D3  = dim f irst pkt + 5 bytes then dim f irst pkt = 0 FLOW  = Long Skype UDP Probe EXIT if F  = Ox02 then if FLOW == Skype UDP Ping then FLOW  = Skype UDP Ping record the event into the log file “skype events.txt” else FLOW  = Skype UDP Ping end if end if end if end if if fourth packet and dim f irst pkt  = 0 then if F  = Ox02 then if FLOW == Skype UDP Ping then FLOW  = Skype UDP Ping record the event into the log file “skype events.txt” else

A Real-Time Algorithm for Skype Traffic Detection and Classification

175

FLOW  = Skype UDP Ping end if end if if F == Ox02 and D2 ∈ {11, 18, 51, 53} bytes then FLOW = Long Skype UDP Probe record the event into the log file “skype events.txt” end if end if As far as the detection and classification of the data traffic are concerned, the system, given a flow, performs the following operation: for each received packet, if the interarrival time with respect to the previous one is less than 3 seconds, computes the quantities NOx0d , Bsd , and Bds . When NOx0d exceeds a given threshold (experimental results have shown that a value of 95 packets allows us to obtain good performance with an acceptable detection time), the system computes ratio = Bds /Bsd . On the basis of the value of ratio, the system distinguishes three events: – direct call if ratio > 0.5 – file transfer if 0 < ratio < 0.5 – call with relay if ratio = 0 Moreover, the system is also able to correctly detect SkypeOut calls, by using a similar procedure (that we do not detail here, for sake of brevity). 3.2 TCP Traffic Given a flow FLOW , the procedure aimed at detecting and classifying the signalling traffic over TCP consists of the following steps: if first packet then if destination port== 443 and D1 > 55 bytes and B1,56 == A1 then tentative = Skype HT T PS Handshake end if if payload == A3 then tentative = Skype Login Server Connection end if if destination port== 80 and D2 ∈ {167, 169, 175} bytes and (B1,29 == A7 or B95,124 == A8 ) then FLOW = Skype HT T P U pdate record the event into the log file “skype events.txt” end if end if if second packet then if D2 > 4 bytes and tentative == Skype Login Server Connection and B1,5 == A4 then tentative = 0 end if

176

D. Adami et al.

if D2 > 78 bytes and tentative == Skype HT T PS Handshake and B1,80  = A2 then FLOW = Skype HT T PS Handshake record the event into the log file “skype events.txt” # the source is a SN end if end if if third packet then if D3 > 4 bytes and tentative == Skype Login Server Connection and B1,15  = A5 then tentative = 0 end if if D3 == 27 then tentative = Skype HT T P Handshake end if end if if fourth packet then if D4 > 3 bytes and tentative == Skype Login Server Connection and B1,4  = A6 then FLOW = Skype Login Server Connection record the event into the log file “skype events.txt” end if if D4 = 27 bytes then tentative = Skype TCP Handshake end if end if if fifth packet then if D4 == 4 bytes and tentative == Skype HT T P Handshake then FLOW = Skype HT T P Handshake record the event into the log file “skype events.txt” # the destination is a SN end if end if if sixth packet then if D == 4 bytes and tentative == Skype TCP Handshake then FLOW = Skype TCP Handshake record the event into the log file “skype events.txt” # the destination is a SN end if end if In the case of TCP traffic, Skype application completely encrypts the packets payload, making it impossible to reveal a call by means of any signature. Our method is thus based on a statistical analysis of the traffic. In more detail, we are able to detect

A Real-Time Algorithm for Skype Traffic Detection and Classification

177

Skype traffic (in this case we cannot distinguish between calls and file tranfers) in two distinct ways: revealing the Skype TCP Ping traffic or the connection tear-down signalling traffic. In the first case, the idea is to reveal Skype calls based on the fact that during a call, Skype application periodically sends some messages with a payload size of 4 bytes and with an inter-time which is multiple of 1 second. Thus, the system counts the number of 4 bytes long received packets, which respect the following conditions: ti − ti−1 ∈ [1, 10] seconds and the difference between the microseconds part of the two timestamps ∈ [−15, 15]. If such number exceeds a given threshold and the mean packet dimension ∈ [10, 600] bytes, the traffic flow is decided to be a Skype flow. Moreover, if the number of packets is greater than 4, the mean packet dimension ∈ [100, 600] bytes, and the total number of bytes belonging to the flow is greater than 40 Kbytes, then the flow is decided to be a call, otherwise it is considered as signalling traffic. The other approach for detecting a Skype call is based on the detection of the traffic generated by the tear-down phase. In this case, the system counts the number of 19 bytes long received packets, for which ti − ti−1 < 3 seconds. If such number exceeds a given threshold and the mean packet dimension ∈ [10, 600] bytes, the traffic flow is decided to be a Skype flow. Moreover, if the number of packets is greater than 6, the mean packet dimension ∈ [100, 600] bytes, and the total number of bytes belonging to the flow is greater than 40 Kbytes, then the flow is decided to be a call, otherwise it is considered as signalling traffic. To be noted, that in this case, the reception of a packet, whose dimension is greater than 150 bytes, resets the counter. This is justified by the fact that we should not observe data packet in the call tear-down phase.

4 Experimental Results To verify the effectiveness of our algorithm, its performance have been compared with those of standard statistical classifiers and the state-of-the-art Skype classifier originally proposed in [6]. To this aim, we have tested the system both off-line and on-line (real time). Regarding the off-line testing, we have collected around 3 GB of traffic data (in libpcap format), partly over a laboratory LAN in our Dept., and partly over a small LAN connected to the Internet through an ADSL link. Moreover, the traffic traces considered in [6] have also been used. In this way, our data are representative of the types of traffic generated in a research lab as well as by home users. These data have been processed by TStat [10] that isolates the different connections and calculates a set of significant features for each connection. Instead, for the on-line testing, we have installed the system over the gateway of our laboratory LAN. As far as Skype traffic is concerned, we have considered calls between two end hosts running SCs (including voice calls, chats and file transfers) as well as calls to traditional PSTN phones (SkypeOut calls). For sake of generality, we used Skype SCs running under Linux (versions 1.4 and 2.0) as well as under Windows (versions 3.2, 3.6, and 4.0). The goal of our algorithm is to correctly identify Skype flows, hence as performance metrics, we have considered the percentage of False Positives (FP) and False Negatives (FN), according to the definitions given in [6]. Since the lengths of the analyzed flows

178

D. Adami et al.

are quite different, these quantities have been estimated on a per-flow and on a per-byte basis, in order to have an insight not only on the number of flows incorrectly classified, but also on the involved amount of traffic. As far as “general purpose” statistical classifiers are concerned, we implemented the following algorithms: – – – –

Naive Bayes Classifier (NB) Linear Discriminant Analysis (LDA) k-Nearest Neighbor (k-NN) Support Vector Machine (SVM)

In order to squeeze the most out of these classifiers, at first we have extracted the best features, according to the Sequential Backward Selection (SBS) algorithm, and then we have normalized them, so as to obtain homogeneous values. The parameters of the classifiers have been tuned during an appropriate training phase. The results are summarized in tables 1 and 2 for UDP and TCP flows respectively. Table 1. UDP flows

FN (Flows) % FN (Bytes) % FP (Flows) % FP (Bytes) %

Our Algorithm Skype Classifier NB 4.8 97.57 11.69 0.06 26.32 95.98 0 2.4 11.83 0 16.85 6.12

LDA 9.44 95.98 13.74 7.27

k-NN 1.9 6.86 10.95 5.33

SVM 2.01 7.88 14.94 17.47

LDA 20.04 14.45 6.95 2.48

k-NN 24.59 27.01 5.08 0.56

SVM 24.44 39.48 3.37 0.11

Table 2. TCP flows

FN (Flows) % FN (Bytes) % FP (Flows) % FP (Bytes) %

Our Algorithm Skype Classifier NB 27.46 84.95 28.41 0.64 56.38 33.07 0.01 9.68 4.49 0.001 94.58 7.27

The previous results highlight that our algorithm outperforms both the general-purpose statistical approaches and Skype classifier [6] since it also employs the knowledge of some Skype “signatures”. The high value of FN at flow level for TCP traffic is due to the fact that up-to-date the features characterizing such exchanges of data between SCs have not been identified yet. Nevertheless it is important to highlight that the unclassified flows correspond to a very low quantity of traffic (bytes), which means that the system is not classifying the signalling traffic, while the calls are correctly classified.

5 Conclusions In this paper we have proposed a real-time algorithm to detect and classify Skype traffic. In more detail, the presented method, by means of both signature based and statitical

A Real-Time Algorithm for Skype Traffic Detection and Classification

179

procedures, is able to correctly reveal and classify the signalling traffic as well as the data traffic (calls and file transfers). The performance analysis has shown that our algorithm achieves very good results over several types of traffic traces, representative of different access networks. Moreover we have shown that our system outperforms the “classical” statistical traffic classifiers as well as state-of-the-art ad-hoc Skype classifier.

Acknowledgment The authors would like to thank Federico Gentile and Fabio Strazzera for their contribution in support of the presented work. This work has been partially sponsored by the European Project FP7-ICT PRISM, contract number 215350.

References 1. Skype web site, http://www.skype.com (accessed on 2009/04/10) 2. Telegeography web site, http://www.telegeography.com/ (accessed on 2009/04/10) 3. Skype by the numbers web site, http://apple20.blogs.fortune.cnn.com/2009/03/31/skype-by-the-numbers/ (accessed on 2009/04/10) 4. Skype users online now web site, http://idisk.mac.com/hhbv-Public/OnlineNow.htm (accessed on 2009/04/10) 5. Baset, S.A., Schulzrinne, H.G.: An analysis of the skype peer-to-peer internet telephony protocol. In: INFOCOM 2006. 25th IEEE International Conference on Computer Communications, pp. 1–11 (2006) 6. Bonfiglio, D., Mellia, M., Meo, M., Rossi, D., Tofanelli, P.: Revealing skype traffic: when randomness plays with you. SIGCOMM Comput. Commun. Rev. 37(4), 37–48 (2007) 7. Suh, K., Figueiredo, D.R., Kurose, J., Towsley, D.: Characterizing and detecting skyperelayed traffic. In: Proceedings of IEEE INFOCOM 2006 (2006) 8. Guha, S., Daswani, N., Jain, R.: An experimental study of the skype peer-to-peer voip system. In: IPTPS 2006: The 5th International Workshop on Peer-to-Peer Systems, Microsoft Research (2006) 9. Rossi, D., Mellia, M., Meo, M.: Understanding skype signaling. Comput. Netw. 53(2), 130–140 (2009) 10. Tstat - tcp statistic and analysis tool web site, http://tstat.tlc.polito.it/index.shtml (accessed on 2009/04/10)

HTTP Traffic Measurements on Access Networks, Analysis of Results and Simulation Vladimir Deart1, Vladimir Mankov1, and Alexander Pilugin2 1

Alcatel-Lucent Training Center, Department of Access Networks, 111024 Aviamotornaya st. 8а, Moscow, Russia [email protected], [email protected] 2 Moscow Technical University of Communications and Informatics,

Department of Automatic telecommunication, 111024 Aviamotornaya st. 8а, Moscow, Russia [email protected]

Abstract. Many new factors influence on Internet Traffic nowadays including new features of HTTP/1.1, introduction of new browsers, extremely high penetration of P2P applications and changes in WEB content. A new Toolkit was used by authors to measure Traffic on access network of 1500 users in the center of Moscow. The collected data was handled for 2 levels: TCP connections level and HTTP Message level. Intervals between TCP connections and HTTP Request and Response Length were studied in details. Based on the collected statistics a new HTTP Traffic Model was built by using NS2 simulator and PackMIME package. Keywords: WEB measurements, traffic models, HTTP simulation, NS-2.

1 Introduction During the period of 1996-1999 years a lot of Traffic measurements in Internet were done and as a result some effective models of HTTP Traffic [10-13] were conducted. After 10 years we see the next wave of interest for Traffic measurements in the Net as now it differ greatly from it was those days. Users of modern Multiservice Access Networks share a lot of applications based on different protocol stacks. According to recent measurement results [1, 2] the most popular Internet application is still HTTP generating the major part of traffic in Internet. The leading position of HTTP in current Internet is determined by several reasons. Firstly, WEB browsing is still to be the most popular service on Internet and files transferred by users now become longer. Secondly, there are many new Internet applications based on HTTP, such as Instant Messengers, SW updating programs and P2P applications. One of the most important tasks of Internet Service Provider is to monitor traffic and QoS parameters for their users satisfying. Along with general traffic measurements for HTTP throughput analysis of more detailed statistic data should be obtained. The most detailed statistical data can be collected if all packet headers are S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 180–190, 2009. © Springer-Verlag Berlin Heidelberg 2009

HTTP Traffic Measurements on Access Networks

181

stored in a file for future analysis but this approach can cause problems for storing and handling of a big amount of data. Several SW Tools for monitoring and measurements of HTTP traffic exist currently: monitoring by facilities of SNMP protocol [3, 4], monitoring by NetFlow [5, 6], monitoring based on “black box” principle is like in GigaScope [17] and monitoring by means of TCPump [7]. Monitoring via SNMP protocol and by NetFlow Package, imbedded in routers SW, is good for real time measurements but does not give enough granularity level. While using “black box” monitoring Tool we could not estimate fidelity of measured data and could not change algorithm of analysis that would be necessary for specific investigation tasks. The best decision for obtaining detailed statistical data is to use Tools based on TCPdump utilities. The data analyzed in this paper was collected through online processing on a gateway node of a typical public Moscow Internet Service Provider Network with more than 1500 subscribers. All data from incoming and outgoing flows were collected via WireShark and stored in TCPdump format. The data was collected for three days in February 2008 and finally the dataset of 34 hours was analyzed as a representative one in this paper. New statistical characteristics of HTTP behavior differ from previous results but make it possible to build a new simulation model of HTTP traffic on NS2. Simulation results show a good similarity to measured HTTP characteristics. The rest of this paper is organized as following. Section 2 discussed the method of data collecting and processing. Section 3 describes measurement results and their analysis. Section 4 includes description of the Simulation model and analysis of simulation results. At last the conclusion is given in section 5.

2 Data Collection and Processing The main objective of this paper is analyzing of HTTP characteristics that could be implemented in a simulation model for estimation of throughput and QoS in Access Networks. That is why we use the scheme shown on Fig. 1 for data collecting. All users of this small public Access Network are connected to central Switch (Cisco 4506) via 1G Ethernet links. Outgoing and Incoming Traffic is passing through the Port 0 to the Router (Cisco 7206). Due to the mirroring of this port copies of all sent and received IP-packets are coming through the Span Port 0 to the measurement Server with installed WireShark SW [8]. The collected data is stored in TCPdump files about 100 Mbytes each (1). Next step is handling of TCPdump files with Tshark utility (2). The purpose of this process is to filter fields of packet headers that would be stored in database in clear text format. Depending on a traffic volume and throughput of sever this can be done nearly in a real time. Processed data is injected into MySQL database (3). Modern SQLengines make injection in a real time mode that means the entire process of capture packets on the server network interface, handling TCPdump files with Tshark and injection data in DB can be real time procedure. Following step (4) is destined for the preparation of data for data processing (creating new tables in DB, adding new fields, filtering). Further data processing is done by means of PHP scripts (5). It is especially useful when dynamic SQL-query is needed. For handling of SQL-queries WEB server and PHP interpreter are needed. Further data handling is done by statistical SW Package.

182

V. Deart, V. Mankov, and A. Pilugin

Fig. 1. Data Collection and Processing

In practice a PC platform was used for measurements and data processing with following characteristics: CPU 2400 MHz, RAM 4096 MB, HDD Raid0 1 TB, OS Microsoft Windows Server 2003 R2, Wireshark 1.0.2, MySQL server 5.1, Apache HTTP server 2.2.9, PHP 5.2.6. Experimental results show that throughput of the system depends on RAM size and disc subsystem productivity.

3 Measurement Results In the measured network several services are available for users: WEB surfing, E-mail, VoIP and intranet services including File transfer. As the Provider supplies users with unique IP-addresses they can install their own WEB servers and use P2P applications. Only packets transferred by TCP with source or destination port 80 were selected from data flow for further processing. Table 1. Specification of Analyzed Data Set

Bytes up

Bytes down

2 091 467 796

10 634 203 832

Avg. throughput up, Mbps 4,64

Avg. throughput down, Mbps 23,632

Number of TCP connections 715 427

HTTP Traffic Measurements on Access Networks

183

The data was collected for three days in February 2008. From this period a data set of consequent 34 hours was chosen for busy hour selection. As busy hour was defined between 11:00 and 12:00 all collected data for this period were analyzed. Summary of analyzed data is shown in the Table 1. The session oriented model of HTTP traffic was used for definition the metrics of HTTP behavior in this study. In order to provide essential characteristics for the simulation model we determine following metrics: 1. HTTP message level includes HTTP Request and Response length. 2. TCP connection level includes intervals between TCP connections. Due to the persistent connection of HTTP/1.1 it can be more than one request/response in the connection so we need to measure count of Requests (GET commands) in the connection and interval between them. Summary of statistical results on the defined metrics are shown in Table 2. Most of metrics do not fit any existing probability distribution that is why we split empirical distribution in ranges and try to find a good fitted probability distribution for each range. Table 2. Summary of probability distributions of defined metrics

Metric Interval between TCPconnections

Request (GET) count in TCP connection

Interval between Requests (GET) in TCP connection

HTTP Request length HTTP Response length

Range 0-0,0025 sec. 0,0025-0,5 sec. 1-9

0-0,035 sec. 0,035-0,5 seс. 0,5-1250 seс. 0-1500 bytes 45-10000 bytes 10000100000 bytes

Distribution (parameters) Uniform depended max=0,0025) Exponential (λ=134,13) Exponential (λ=134,13)

(min=0,

Empirical table (1-63,33%; 2-19,18%; 3-8,44%; 4-2,39%; 5-1,82%; 6-1,11%; 7-0,92%; 8-0,54%; 9-0,38%; >91,96%) Uniform (min=0, max=0,035) Exponential (λ=8,67) Exponential (λ=8,67) Log-Log (median = 2,64; shape 1,23; lower threshold = 0,50) Normal (mean=624, stand.deviation 232) Weibull (shape = 0,992; scale 2338,26) Gamma 3-par. (shape = 0,848; scale 0,0000479; lower thr. = 10039,0)

= = = =

184

V. Deart, V. Mankov, and A. Pilugin

3.1 Interval of TCP Connections The calculation of interval of TCP connections was based on measurement of time period between arrivals of the two subsequent SYN-packets. We did not distinguish whether these TCP connections belong to one flow or another because the process of generating of HTTP traffic is very changeable – one user can generate tens of simultaneous TCP connections while other tens of users can generate 1-2 TCP connections. It means that intensity of the data flow on a link will influence the mean value of the interval but we are really interested in the form of this distribution. The distribution of interval of TCP connections is shown on a Fig. 2 and it does not fit any existing probability distribution. More than 50% of all intervals are between 0 and 2.5 microseconds. The mean for measured traffic is 5.47 microseconds. The interval of TCP connections is affected by following factors: WEB browser and user behavior. In our case initial requests were coming from a number of independent users thus constructing a flow with exponentially distributed intervals between TCP connections. Modern browsers after handling first Response start to open parallel TCP connections to make the file transfer from the server faster [14] that means we can see a lot of very short intervals. Taking into account this assumption we split the distribution on Fig. 2 in two distributions: uniform in a timescale of 0 – 2.5 microseconds and exponential in a timescale 0 – 0.05 s (Fig. 3). First (initial) requests are generated from users according to exponential distribution of intervals third request can be generated by browser or by user in a proportion calculated from the interval 02.5 microseconds. For generation of TCP connections we will use an exponential distribution of initial connections while for additional TCP connections generated from browsers a uniform distribution will be used. This scheme is consistent with results for WEB flows described in [9].

Fig. 2. Distribution of intervals of TCP connections

HTTP Traffic Measurements on Access Networks

185

(a)

(b) Fig. 3. Presentation of distribution of intervals between TCP connections as a sum of uniform (a) and exponential distributions (b)

3.2 Request Count in TCP Connection Persistent connection is a default feature of HTTP/1.1 that allows browser to support pipelining – to send more than one request (GET) in TCP connection. The number of Request/Response pairs in TCP connection defines the total amount of the received data. Distribution of requests count in TCP connection is shown on a Fig. 4 and CDF of this distribution – on Fig. 5. More than 63% of TCP connections transport only one HTTP request/response pair. This result is consistent with [9] where a number of such connections were about 83%.

186

V. Deart, V. Mankov, and A. Pilugin

(a)

(b) Fig. 4. Distribution of Requests (GET) in TCP connection: a) PDF, b) CDF

3.3 Length of HTTP Response The length of HTTP response depends on a type of a file transferred. For HTML files length will be less than for image and multimedia files. The measured mean size of response file contains 7.8 KB and median is about 2116 Bytes which is consistent with [10, 11, 12]. The distribution of HTTP Response length is shown on Fig. 5. The mean size of response file is about four times larger than median size which demonstrates the heavy-tailed distribution feature of HTTP response length [10, 11]. In [10] Mah et al. and Smith et al. [11] suggested to use Pareto Distribution for characterizing HTTP response size. In [9] Shuai et al. used Generalized Pareto Distribution which means adding of a scale parameter. Both assumptions were unacceptable

HTTP Traffic Measurements on Access Networks

187

Fig. 5. Distribution of HTTP Response length

(a)

(b) Fig. 6. Presentation of distribution of HTTP Response length splitted in 2 ranges: a) Weibull Distribution for the range 1-10 KB, b) Gamma distribution with 3 parameters for the range 10-100 KB

188

V. Deart, V. Mankov, and A. Pilugin

for measured data to find a good fitted probability distribution we had to split data for two ranges (1-10 KB, 10-100 KB) as it is shown on Fig. 6. A Weibull Distribution is good fitted for the first range and Gamma Distribution with 3 parameters fits for the second range. 3.4 Length of HTTP Request The distribution of HTTP Request size fits with a Normal Distribution with a mean of 624 bytes which consists of result [9].

4 Simulation Further investigation includes building of the simulation model based on the measurement results. An NS-2 simulator [15] with PackMIME Package [16] was used for the model. Two traffic generators was used for producing short (1-10 KB) and long (10-100 KB) HTTP Responses. All other measured distributions were included in the model and PackMIME module was updated to be able to generate distribution of intervals between TCP connections shown on Fig. 3. Results of the simulation made for 3 independent 1 min periods shown in the Table 3. Table 3. Comparison of measured and simulated parameters

Measurement Mean results for 3600 measured Simulation s. value for 60s results (1)

Parameter Packets count in upstream 8 556 290 Bytes count in upstream 2 091 467 796 Packets count in downstream 10 234 226 Bytes count in downstream 10 634 203 832 TCP connection count 715 427 Requests (Get) count 1 291 810

Simulation results (2)

Simulation results (3)

187 604

188 093

142 604

180 496

34 857 796

21 607 387 22 346 238 22 410 250

170 570

160 471

166 842

167 368

177 236 730 182 179 226 189 048 596 190 110 551

11 923

11 442

11 961

11 913

21 530

22 843

23 779

23 760

All simulation results for each 1 min period correspond to measured values that prove a good coherence between simulated and real traffic. The simulation model gives us a possibility to change the parameters of simulated traffic in a wide range and investigate the influence of each parameter on QoS (delays, packet loss...). Most important factors influencing QoS parameters are:

HTTP Traffic Measurements on Access Networks

189

1. Bursts of packets arrivals created by TCP; 2. HTTP Responses having a long-tail distribution in a range of 1-100 KB that causes rare but very long series of packets coming to a buffer in a very short time; 3. Additional TCP connections generated by browsers with very short intervals. In order to show the magnitude of the influence of these factors on QoS parameters we would like to present one simulation example. The simulation was done for the model with a buffer size limited to 100 packets to get the estimation of delays in router’s buffer with real characteristics of incoming HTTP traffic. Results of the simulation are shown on the Fig.7.

Fig. 7. Comparison of the simulated and calculated queue delays

Delays calculated via Little formula for M/M/1/100 model are 5-10 times less then simulation delays. We can mark following reasons for such difference: 1. Incoming traffic consists of initial TCP connections with exponentially distributed intervals and additional TCP connections generated by browsers with very short intervals. 2. HTTP Responses have a long-tail distribution in a range of 1 -100 KB that causes a very long series of packets coming to a buffer in very short time.

5 Summary The new Toolkit for measurement of HTTP traffic has been presented in this paper. Data collection on a typical Moscow Internet Service Provider Network was done for 3 days to get a representative statistical data. Measured results were handled for investigation of HTTP and TCP level metrics. For some metrics we do not find big difference with previously made measurements [9, 10, 11, 12]. The authors have suggested a new model for generation of TCP connections. The generation of HTTP Responses suggested to be done with two generators: first - with Weibull distributed files in the range 1 – 10 Kb, second - with Gamma Distribution of file length in the range 10 -100 Kb.

190

V. Deart, V. Mankov, and A. Pilugin

A new traffic simulation model was build with two types of TCP connections generation and with two HTTP Response generators. Simulation results show that delays in the router’s buffer 5 – 10 times higher than calculated delays. For further investigation a new analytical model of HTTP traffic should be conducted.

References 1. The Academic Research group at Sprint, https://research.sprintlabs.com/index.php 2. CAIDA Internet Data - Realtime Monitors, http://www.caida.org/data/realtime/index.xml 3. Tobi Oetiker’s MRTG - The Multi Router Traffic Grapher, http://oss.oetiker.ch/mrtg/ 4. PRTG Network Monitor, http://www.paessler.com/prtg 5. Cisco IOS NetFlow, http://www.cisco.com/en/US/products/ps6645/ products_ios_protocol_option_home.html 6. JUNOSe J-Flow, http://www.juniper.net/techpubs/software/erx/junose82/ swconfig-ip-services/html/ip-jflow-stats-config2.html 7. TCPdump, http://www.tcpdump.org/tcpdump_man.html 8. Wireshark network protocol analyzer, http://www.wireshark.org/ 9. Shuai, L., Xie, G., Yang, J.: Characterization of HTTP Behavior on Access Networks in Web 2.0. In: Telecommunications, 2008. ICT 2008, pp. 1–6. St. Petersburg (2008) 10. Mah, B.: An Empirical Model of HTTP Network Traffic. In: INFOCOM 1997. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies, Driving the Information Revolution, p. 592. IEEE Computer Society, Washington (1997) 11. Smith, D., Hernández Campos, F., Jeffay, F., Ott, D.: What TCP/IP Protocol Headers Can Tell Us About the Web. In: ACM SIGMETRICS Performance Evaluation Review, pp. 245–256. ACM, New York (2001) 12. Crovella, M., Bestavros, A.: Self-similarity in World Wide Web Traffic: Evidence and Possible Causes. IEEE/ACM Transactions on Networking 5(6), 835–846 (1997) 13. Hyoung-Kee, C., Limb, J.: A Behavioral Model of Web Traffic. In: Proceedings of the Seventh Annual International Conference on Network Protocols, p. 327. IEEE Computer Society, Washington (1999) 14. Hopkins, A.: Optimizing Page Load Time, http://www.die.net/musings/page_load_time/ 15. The Network Simulator – NS2, http://www.isi.edu/nsnam/ns/ 16. Cao, J., Cleveland, W., Gao, Y., Jeffay, K., Smith, F., Weigle, M.: Stochastic Models for Generating Synthetic HTTP Source Traffic. In: INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies, Hong Kong, vol. 3, pp. 1546–1547 (2004) 17. Cranor, C., Johnson, T.: Gigascope, Spatscheck O.: How to monitor network traffic 5Gbit/sec at a time. AT&T Labs (2003)

The Video Streaming Monitoring in the Next Generation Networks A. Paramonov1, D. Tarasov2, and A. Koucheryavy2 1

St. Petersburg Science Research Telecommunication Institute (LONIIS), 196128 St. Petersburg, Warshavskay str.11, Russia [email protected] 2 Central Science Research Telecommunication Institute (ZNIIS), 111141 Moscow, 1 Proezd Perova Polja, Russia [email protected], [email protected]

Abstract. The Next Generation Network (NGN) Monitoring System (NMS) is considered. One of the most important problem in the NMS creation is the video streaming monitoring. The IPTV traffic monitoring features are researching at the paper. The self – of similar traffic characteristics, Hurst parameter estimation methods, inverse wavelet transform and multifractal wavelet model (MWM), ONOFF model are using in the paper. The key paper results are the IPTV traffic aggregation interval determination and the comparison the service parameter (queue length) for actual (measured), inverse wavelet transform and ONOFF traffic with similar values of Hurst parameter for G/M/1.

1 Introduction The NGN (Next Generation Network) concept is the most important direction for network development today. The NGN concept is determined in ITU-T Recommendation Y.2012 and Y.2021 [1, 2] and gives the possibilities for operators to implement the not limited number of services on the unique base – public packet-switch network. But, the complexity of NGN technical means and the vendors number extension request more and more attention to the tests [3] and monitoring [4] methods for NGN. The NGN monitoring system (NMS) structure are defined in ITU-T Recommendation Q.3902 [4] and shown on the fig.1. The NGN monitoring system includes the following subsystems: − − −

SS7 monitoring subsystem, SIP, H.248 monitoring subsystem.

All of this subsystems are independent from vendors technical means and could be realized on the probes base produced by any license party. − − −

The next subsystems are dependent from the vendor realizations: faults and reconfigurations monitoring subsystem, IP flows monitoring subsystem,

S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 191–205, 2009. © Springer-Verlag Berlin Heidelberg 2009

192

A. Paramonov, D. Tarasov, and A. Koucheryavy

NMS Center

Faults and reconfigurations subsystem

SS7 Subsystem

SIP Subsystem

Vendors Monitoring system

H.248 Subsystem

IP flows subsystem

VOIP subsystem

Video streaming subsystem

SLA/SLS subsystem

Application servers subsystem

Fig. 1. NMS functional architecture

− − −

Video streaming monitoring subsystem, SLA/SLS (Service Level Agreement/Service Level Specification) monitoring subsystem, Application servers monitoring subsystem.

Any more subsystem could be added to NMS in the future, but the fig.1 is shown the general base for NMS. The monitoring parameters set are not fully determined now. But some important positions are clearness today. They are, for example, - losses, delays, variation of delay in accordance with Recommendation ITU-T Y.1540 [5] and Y.1541 [6]. The good experience for monitoring losses and delays was begun during SS7 monitoring system operation [7]. The NGN applications bringing the some new problems for monitoring in accordance with self – similar traffic characteristics for IP, especially for video streaming traffic – IPTV. Some ITU – T recommendations for IPTV traffic monitoring are acceptable today [8, 9], but the IPTV traffic features request more searching. The right Hurst parameter is the most important functional parameter for IPTV traffic presentation. The value of observation time for Hurst parameter measurement are needed for the monitoring result interpretation. Furthermore, the wavelet analyze for self – similar traffic could be used for video streaming monitoring and for Hurst parameter estimation probable. Both of this problem for NMS creation are the key issues of the present paper.

The Video Streaming Monitoring in the Next Generation Networks

193

2 Background and Related Works The IPTV traffic is the self-similar traffic. The self-similar is determined by autocorrelation function (ACF). Let consider the process x= (x1, x2…..xt….), the t=1,2….. Further consider the aggregate process on the block space m:

X (m) = ( X 1

(m)

,X2

(m)

,.. X t

(m)

..)

(1)

Where

Xt

(m)

=

1 ( X tm− m+1 + … + X tm ) . m

If the ACFm = ACF, where m=2,3……, the process x is the self-similar. The Hurst parameter is the functional determined up the self-similar process. This functional could be found from:

⎛ D( X ( m ) ) ⎞ ⎟⎟ = (2 H − 2) ln(m) , ln⎜⎜ ⎝ D( X ) ⎠

(2)

where H - Hurst parameter, D – dispersion for x and x(m) respectively. The dispersion D (x(m)) are determined as:

D( X ( m ) ) = m 2( H −1) D( X )

(3)

We will use the discrete wavelet transform for estimation IPTV traffic further. The discrete wavelet transform are determined as follows:

W ( a, b) = Φk =

1 ∑ X k (Φ k +1 − Φ k ) a k tk

*

X (t ) = ∑ U J 0 , k φ Jo , k (t ) + k

(4)

⎛t −b⎞ ψ ⎜ ⎟dt ∫ a −∞ ⎝ a ⎠

1

∞

∑ ∑W

J =J 0 k

ψ J , k (t )

J ,k

there Uj and Wj are the coefficient for wavelet transform. The are many function types for Ψ(t) performance. We will use the Haar function further as the neighbor function for the packet traffic. The Haar function Ψ(t) is the next:

0 ≤ t < 1/ 2 ⎧1, ⎪ ψ (t ) = ⎨− 1, 1 / 2 ≤ t < 1 ⎪0, t < 0, t ≥ 1 ⎩

(5)

194

A. Paramonov, D. Tarasov, and A. Koucheryavy

Fig. 2. ONOFF method

We will use the ONOFF method too for generation self – similar traffic for comparison Hurst parameter values at the paper [10]. ONOFF method as it shown in the fig.2 unites some arrival process. Usually, the distribution of ON and OF intervals following Pareto low. For example, we use the model with three traffic generators, each of which generated Poisson arrival process. The diagram for one separate generator is shown in the fig.3. The traffic of all generators was aggregated by ONOFF methods and the common arrival process is shown in the fig.4. At the first case H=0.56 and the arrival process could be consider following Poisson law. For the second case H=0.92 and we could be consider this process as the self-similar. There are many papers where IPTV traffic analyzing. The Hurst parameter estimation methods studying in [11]. The Hurst parameters for different cases for movies and Music Videos (Star Wars, Hackers and soon) from [12] considered in [11] for differences estimation methods. It should be noted, that [11] conclusion is the next: estimation methods for the Hurst parameter can give poor estimates, except the wavelet method and the paper proposed method HEAF (Hurst Exponent Autocorrelation Function). The videoconference traffic model considering in [13]. The Discrete Autoregressive model (DAR) using for traffic modeling and comparison between actual and modeling traffic are discussed. The multifractal wavelet model (MWM) for network application traffic was proposed in [14]. The main idea is the using network measurement results for calculation the Uj and Wj coefficients for wavelet transform. The next idea from [14] is the calculation of new coefficient Uj and Wj for traffic model on the base of Ai , k i random number from the interval

− 1 ≤ Ai ,ki ≤ 1 .

The Video Streaming Monitoring in the Next Generation Networks

195

The WJ,k and UJ,k are determined as follows:

WJ ,k = AJ ,k J U J , k −

J 2

j −1

[

U J ,k = 2 U 0,0 ∏ 1 + (−1) ki Ai ,ki i =0

'

]

(6)

The inverse wavelet transform are made on the base of new coefficients (6):

X (t ) = ∑ U J 0,kφ Jo ,k (t ) + k

0

∞

∑ ∑W

J =J 0 k

ψ J ,k (t )

(7)

J ,k

20

10

1

0

0

200

400

0

600

800

i

1000 1000

Fig. 3. Poisson arrival process

50 40

20

0

0

0 0

200

400

600 i

Fig. 4. Self–similar arrival process

800

1000 1000

196

A. Paramonov, D. Tarasov, and A. Koucheryavy

WJ ,k = 2

−

−

J 2

J 2

j −1

[

AJ ,k J U 0,0 ∏ 1 + (−1) ki Ai ,ki j −1

[

i =0

'

U J ,k = 2 U 0, 0 ∏ 1 + (−1) ki Ai ,ki i =0

'

]

]

We will use (7) for comparison modeling and measured traffic further. The software tool for MWM realization is acceptable in [15].

3 The IPTV Traffic Measurements The IPTV traffic measurements for paper cases study was made at ZNIIS model network [16]. The actual traffic of movies named Ohotnik, likely thriller performed on DVD was analyzed for differences times fragments and for differences aggregation period in processing of measuring data. The minimum observation movies fragment is the 60s. The fragment includes 6863 frames, each of frame has the length 1356 bytes. The fig. 5, fig. 6 and fig. 7 shown the measured traffic for 50ms, 100 ms and 1000 ms aggregation intervals respectively. The Hurst parameter estimation and the autocorrelation function are shown on the fig.8 and fig.9. The H=0.48 and the first view for the measured traffic is the next: the traffic flow following Poisson law. The wavelet transform for Poisson flow is shown on the fig.10 and wavelet transform for measured traffic is shown on the fig.11. The analyze on the fig.10 and fig.11 data shows that Hurst parameter is not efficient metric for self – similarity traffic for the small observation interval and, of course, for the small aggregation interval.

Fig. 5. The measured traffic for 50 ms aggregation interval

The Video Streaming Monitoring in the Next Generation Networks

197

The IPTV traffic is the asymptotic self – similar. Let’s consider the Hurst parameter estimation dependence from aggregation interval length. The movies fragment of Ohotnik searching for the 45 minutes too. The fig.12 shows the Hurst parameter dependence from aggregation interval up to 100 000ms. As we see, the reliable estimation could be made after the 50 000 ms aggregation interval.

Fig. 6. The measured traffic for 100 ms aggregation interval

250000

200000

150000

100000

50000

0 1

4

7

10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 55 58

Duration s Fig. 7. The measured traffic for 100 ms aggregation interval

198

A. Paramonov, D. Tarasov, and A. Koucheryavy

Fig. 8. The Hurst line estimation

r (k ) 0.8

0.6

0.4

0.2

0

0

10

20

30 k

Fig. 9. The autocorrelation function

Fig. 10. Wavelet transform for Poisson traffic

40

50

The Video Streaming Monitoring in the Next Generation Networks

199

Fig. 11. Wavelet transform for measured traffic (fragment 60s)

Fig. 12. The Hurst parameter dependence from aggregation interval

4 The Hurst Parameter and Wavelet Transform Using for Monitoring IPTV Traffic The fragment Ohotnik traffic size 260000 packets and length 45 minutes is shown on the fig.13 for measured traffic and the fig.14 for model traffic in according MWM for differences aggregation intervals. The mean time value for interval between packets is t = 0,0109 ms for the first case and t = 0,0112 ms for the second case. The mean value of the packets flows is a a = 91,74 packets per second and a = 89,29 packets per second for actual and model traffic respectively. The fig. 15 show the autocorrelation function (ACF) and fig. 16 the Hurst parameters for both cases. The ACF is determined as follows:

200

A. Paramonov, D. Tarasov, and A. Koucheryavy N −k

r (k ) =

∑ (X i =1

i

− X )( X i + k − X ) ;

(N − k )σ 2

for measured traffic and

r (k ) =

(

1 (k + 1) 2 H − 2 ⋅ k 2 H + (k − 1) 2 H 2

)

for MWM model traffic. The wavelet transforms for measured and model traffic are shown on the fig.17. Furthermore, let’s try to create the model traffic with similar Hurst parameter value by ONOFF method. The fig 18 show the model traffic, which created by ONOFF method, and the wavelet transform for it.

35

200

30 150

25 20

100

15 10

50

5 0

0

0.5

1

1.5

2

0

2.5

0

6

ai=100 ms

0.5

1

1.5

2

2.5 6

ai=1000 ms

x 10

x 10

10000 8000

1000

6000 4000

500

2000 0

0

0.5

1

1.5

2

0

2.5

0

0.5

1

6

ai=10000 ms

x 10

1.5

2

2.5 6

ai=100000 ms

x 10

Fig. 13. The measured actual traffic for differences aggregation intervals (ai – aggregation interval)

The Video Streaming Monitoring in the Next Generation Networks

201

35 200

30 25

150

20 100

15 10

50

5 0

0

0.5

1

1.5

2

0

2.5 6

ai=100 ms 1500

0

0.5

1

1.5

2

2.5 6

ai=1000 ms

x 10

x 10

10000 8000

1000

6000 4000

500

2000 0

0

0.5

1

1.5

ai=10000 ms

2

0

2.5 6

x 10

0

0.5

1

ai=100000 ms

1.5

2

2.5 6

x 10

Fig. 14. The MWM model traffic for differences aggregation intervals (ai – aggregation interval)

Fig. 15. The ACK for measured and model traffic

~ How we can compare three process X(t) – measured traffic, X (t ) -model traffic,

created by MWM and Xˆ (t ) - model traffic, created by ONOFF method with the similar value of Hurst parameter? We proposed to check the service parameters, for example, queue length for all traffic in the G/M/1 system as it shown on the fig.19.

202

A. Paramonov, D. Tarasov, and A. Koucheryavy

Fig. 16. The Hurst parameter for measured and model traffic

Measured

Model

Fig. 17. The wavelet transform for measured and model traffic

Fig. 18. Wavelet transform for ONOFF traffic

The Video Streaming Monitoring in the Next Generation Networks

τ = 10 ms ~ X (t ) X (t ) Xˆ (t )

L(t ) L

Fig. 19. The G/M/1 system

L = 209 Fig. 20. Average length for actual traffic

L = 212 Fig. 21. Average length for MWM model traffic

203

204

A. Paramonov, D. Tarasov, and A. Koucheryavy 500 450 400 350 300 250 200 150 100 50 0

0

200

400

600

800

1000

1200

L = 126 Fig. 22. Average length for ONOFF traffic

~ The results for measured traffic x(t) is shown on the fig.20, for MWM traffic X (t )

–on the fig.21 and for ONOFF traffic Xˆ (t ) – on the fig.22. The average length for ONOFF method less than average length for measured traffic and MWM traffic almost two times. As wee seethe Hurst parameter is not efficient metric for IPTV traffic performance. The wavelet transform is needed for more better IPTV traffic estimation.

5 Conclusions 1. The data aggregation interval for monitoring video streaming should be not less then 5s. 2. The Hurst parameter is not efficient metric for IPTV traffic estimation. The wavelet transform, for example MWM model, could be used for IPTV traffic estimation.

References 1. Recommendation Y.2012. Functional requirements and architecture of the NGN. Geneva, ITU-T (September 2006) 2. Recommendation Y.2021. IMS for Next Generation Networks. Geneva, ITU-T (September 2006) 3. Recommendation Q.3900. Methods of testing and model network architecture for NGN technical means testing as applied to public telecommunication networks. Geneva, ITU-T (September 2006) 4. Recommendation Q.3902. Operational parameters to be monitored when implementing NGN technical means in public telecommunication networks. Geneva, ITU-T (January 2008) 5. Recommendation Y.1540. Internet protocol data communication service – IP packet transfer and availability performance parameters. Geneva, ITU-T (November 2007)

The Video Streaming Monitoring in the Next Generation Networks

205

6. Recommendation Y.1541. Network performance objectives for IP – based services. Geneva, ITU-T (February 2006) 7. Recommendation Q.752. Monitoring and measurements for Signaling System №7 networks. Geneva, ITU-T (June 1997) 8. Recommendation Y.1901. Requirements for the support of IPTV services. Geneva, ITU-T (January 2009) 9. Recommendation Y.1910. IPTV functional architecture, Geneva, ITU-T (August 2008) 10. Willinger, W., Taggu, M., Sherman, R., Wilson, D.: Self similarity through high variability. IEEE/ACM Transactions on Networking 5(1) (1997) 11. Rezaul, K.M., Pakstas, A., Gilchrist, R., Chen, T.M.: HEAF: A Novel Estimator for Long – Range Dependent Self – similar Network Traffic. In: Koucheryavy, Y., Harju, J., Iversen, V.B. (eds.) NEW2AN 2006. LNCS, vol. 4003, pp. 34–45. Springer, Heidelberg (2006) 12. Frank, H.P., Fitrek, H.P.: Video and Audio Measurements for Pre-encoded Content, http://trece.Kom.aau.dk 13. Lazaris, A., Koutsakis, P., Paterakis, M.: On Modelling Video Traffic from Multiplexed MPEG-4 Videoconference Streams. In: Koucheryavy, Y., Harju, J., Iversen, V.B. (eds.) NEW2AN 2006. LNCS, vol. 4003, pp. 46–57. Springer, Heidelberg (2006) 14. Riedi, R.H., Crouse, M.S., Ribero, U.J., Baraniuk, R.G.: A Multifractal Wavelet Model with Application on Network Traffic. IEEE Transaction on Information Theory 45(3) (April 1999) 15. http://www-dsp.rice.edu/software/multifractal-wavelet-model 16. Vasiliev, A., Koucheryavy, A., Lee, K.O.: Methods of Testing the NGN Technical Facilities. In: International Conference on Advanced Communication Technologies (ICACT 2005). Proceedings, Phoemix Park, Korea, February 21-23 (2005)

The Poisson Cluster Process Runs as a Model for the Internet Traffic Jerzy Martyna Institute of Computer Science, Jagiellonian University, ul. Lojasiewicza 6, 30-348 Cracow, Poland [email protected]

Abstract. In this paper, we investigated a Poisson cluster process as runs of packet arrivals on the Internet. This model assumes that the Poisson cluster process is characterized by runs of packets which correspond to defined clusters in the Poisson process. Using the form of the length runs we studied the probability of a general number of cluster runs in the data stream. We illustrated how the obtained results can be used for the analysis of the real-life Internet traffic.

1

Introduction

Mathematical modeling of the network traffic constitutes only an excerpt of computer or telecommunication network analysis. Nevertheless, it is treated as an essential part of communication theory because it decides about the accuracy of the whole model and influences on the solution. A traditional approach to the inter-arrival times of packets with a distribution of packet lengths is based on the queueing theory. Despite them, as has been shown in many papers about the traffic measurements [2], [3], the structure of broadband traffic has some properties which cannot be explained by this theory. It is associated with their two characteristic possessions, namely the heavy tails (see Fig. 1) and a Long Range Dependence (LRD). It is caused by so-called far-reaching random variables which possess a large value of the coefficient of variation, c = σti . It is defined as a quotient of a variation and a mean value of the observation time. Traditional queueing network models do not explain such properties [16]. Also the so-called ON/OFF model [9], [12], which is a Markov Modulated Poisson Process, cannot explain those properties. Recently, in some papers a new traffic model for computer and telecommunication networks has been suggested which can be employed to explain the existence of heavy tails and the LRD in traffic measurements. It allows for modeling of the IP packet traffic on the Internet. It is a model of the Poisson cluster process introduced by Barlett [1], and further studied in the works [4], [18] or branching Poisson process [15], [5]. The Poisson cluster process was applied, among others, for the modeling of broadband traffics in the backbone networks [10], [11], [17], [14], [7]. S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 206–216, 2009. c Springer-Verlag Berlin Heidelberg 2009 

The Poisson Cluster Process Runs as a Model

207

0

Log10 (1 − F (x))

P areto(α = 0.8) P areto(α = 1.6)

-2

-4

-6 Exp(λ = 1.2)

0

10

20 30 x Fig. 1. Tail on exponential distribution and “heavy-tail” on so-called Pareto distribution

One of the most interesting methods of network traffic measurements, needed for effective network traffic management, network performance evaluation, detection of anomalous network events, etc., are runs. A flow in the network has two-runs when two consecutive samples belong to the same flow. The issue of the runs theory was undertaken in the work [8]. Runs based traffic estimator for all the flows in backbone networks was presented in the paper [13]. An approach based on sampling two-runs to estimate per flow traffic was given by Fang-Hao et al. [6].This method leads to significantly smaller memory requirement compared to random sampling schemes. Main goal of this paper is to introduce the runs in the Poisson cluster process and obtain the probability function of general cluster runs on real-life Internet. The given example illustrates of our approach. The paper is organized as follows: In section 2 we give some of the basic properties of the Poisson cluster process. Section 3 is the main part of the paper, where the runs of Poisson cluster processes are defined and their properties are given. In section 4 the fit of our approach to the data is examined. We conclude in section 5.

2

The Poisson Cluster Process as a Model of IP Packet Arrivals in the Internet Traffic

The model of IP packet arrivals presented below is fully intuitive. It contains a comprehensible and imaginable description of events concerning the irregular data flow in the data stream of broadband networks. The below results follow from [1], [4], [7]. Assume that the first packet in each cluster arrives at the moment Γ with the arrival rate λ of the Poisson arrival process in R. Each cluster consists of several packets which arrive at the moment Yn = Γj + Sjk . Then for each j we have

208

J. Martyna

Sjk =

k 

Xji ,

0 ≤ k ≤ Kj

(1)

i=1

where Xn are the independent identically distributed random variables, kj are the integer independent identically random variables. We assume that Γj , Xji , Kj are mutually independent. For so defined Poisson process we can give, among others, its expectation, variance and covariance values. We first consider the following theorem. Theorem 1. Assuming that EK < ∞ we obtain EN (t) = λ · t(EK + 1),

t≥0

(2)

Proof. Let for each k = 0, 1, . . . the stationary point process N (k) be the k-th point in the cluster. Thus, N (k) possesses points Yjk , j ∈ Z such that Kj ≥ k. We can conclude by properties of the Poisson process that each N (k) is a homo∞ geneous Poisson process on R with the rate λP (K ≥ k). Since N = k=0 N (k) , we can obtain EN (t) =

∞ 

EN

(k)

(t) =

k=0

∞ 

λP (K ≥ k)t = λ · t(EK + 1)

(3)

k

This completes the proof. We see that the mean of N (t) does not depend on the distribution of X. To calculate the covariance of the Poisson cluster process we consider the number of packet arrivals in the time interval (a, b] for a < b and N (t) = N (0, t), t > 0. Thus, we can get the following theorem Theorem 2. Let us assume that EK < ∞. For any interval ∞ < a < b < ∞ we have EN 2 (a, b] < ∞ (4) The proof of the theorem is in the paper of [7]. A study of the structure of covariance of a Poisson cluster process allows us to answer how tails of distribution function in a finite time interval. We assume that the Poisson cluster process is a stationary process N (h, h + 1) for ∀h = 0, 1, . . ., where h, h + 1 are the neighbour intervals within the unit length. Let γN (h) = cov(N (0, 1], N (h, h + 1]) be a covariance function for this process. In order to study of the covariance function, we must analyse the convergence of the integral  ∞

γN (h)dh

(5)

if and only if EK 2 < ∞

(6)

0

We can get the following theorems: Theorem 3  0

∞

γN (h)dh < ∞

The Poisson Cluster Process Runs as a Model

209

The proof of this theorem can be found in the paper [7]. If EK 2 = ∞ then the covariance function depends on the tail of the distribution function of clusters K and of the interraival times of cluster arrivals. Firstly, we assume that EK 2 < ∞. Thus, the central limit theorem is satisfied. Theorem 4. Let us assume that EK 2 < ∞. Thus N satisfies the central limit theorem   N (rt) − λrt(EK + 1)  , 0 ≤ t ≤ 1 ⇒ (B(t), 0 ≤ t ≤ 1), if r → ∞ (7) λrE[(K + 1)2 ] for random variables under the distribution with finite dimensions, where B(t), (0 ≤ t ≤ 1) is a standard Brown motion. The above theorem was proved by Daley in the paper [4] for the general Poisson cluster process. On the other hand, if EK 2 = ∞ then the tail of the distribution function of the cluster has a limitation. It is a regular variation of the tail associated with the stable limitation. We can get the following theorems Theorem 5. Assume that P (K > k) is regularly varied according to the index α ∈ (1, 2). Let EX < ∞. Thus, N satisfies the central limit theorem.  N (rt) − λrt(EK + 1) , 0 ≤ t ≤ 1 ⇒ (Lα (t), 0 ≤ t ≤ 1), if r → ∞ (8) θ(r) and converges for the distribution with finite dimensions, where θ : (0, ∞) → (0, ∞) be an infinitely divisible function such that lim rP (k > θ(τ )) = 1

(9)

r→∞

and Lα (t), (0 ≤ t ≤ 1) is a spectral positive α-stable L´evy motion with Lα (1) ≈ Sα (σalpha , 1, 0) with σα > 0. The proof of this theorem is outlined in the paper [7].

3

Finding the Probability Function of a General Number of Runs of Poisson Cluster Processes

Let a single cluster consist of several packets which arrive at moments Yjk = Γj + Sjk , where for each j we can get a sum Sjk =

k 

Xji ,

0 ≤ k ≤ Kj

(10)

i=1

Let us assume that Xji , j = 1, 2, . . . , n is an independent random variable under the distribution function P (Xji = a1 ) = p,

P (Xji = a2 ) = 1 − p

for i = 1, . . . , k

(11)

210

J. Martyna

We can take samples (X1i , X2i , . . . , Xni ). Each of them consists of a clusters a1 and a2 arriving in a specified succession. We can give the following definition of a cluster runs: Definition 1. Sequence Kj,i , Kj+1,i , . . . , Kj+l,i , j = 1, 2, . . . , n, l = 0, 1, . . . , n − j, i = 1, 2, . . . , k is a cluster runs if Xj−1,i = Xj,i = Xj+1,i = . . . , Xj+l,i = Xj+l+1,i

(12)

Number l + 1 is termed as a length of a cluster runs. To find a probability function of the random variables introduced here, we can apply function G(y1 , y2 ) which is defined as follows: ⎧ ⎨ 0 if | y1 − y2 |> 1 G(y1 , y2 ) = 1 if | y1 − y2 |= 1 (13) ⎩ 2 if y1 = y2 Function G(y1 , y2 ) defines a number in which we can obtain y1 runs of clusters a1 and y2 runs of clusters a2 . Let P (y1j , y2j , m1 , m2 ) be a probability function of a random variable (Y11 , . . . , Y1m1 , Y21 , . . . , Y2m2 , M1 , M2 ). Then, we can obtain the probability P (y1j , y2j , m1 , m2 ) = P (Y11 = y11 , . . . , Y1m1 , Y21 , . . . , Y2m2 , M1 = m1 , M2 = m2 ) = P (Y11 = y11 , . . . , Y1m1 = y1m1 , Y21 = y21 , . . . , Y2m2 , M1 = m1 , M2 = m2 ) ×P (M1 = m1 , M2 = m2 )

(14)

Since the independent random variables Yk have the same (identical) distribution, then for data m1 , m2 each cluster sequence of a1 and of a2 is probably similar. We can see that yi (i = 1, 2) of a cluster runs ai , from which yi1 has length 1, yi2 has length 2, . . ., kmi of a cluster runs has length mi , can be obtained in a number of ways: yi ! yi1 !yi2 ! . . . yimi !

(15)

Taking into considerations function G(y1 , y2 ) we determine a number of ways to obtain cluster runs y1 of a1 of which runs y11 has length 1, . . ., cluster runs y1m1 has length m1 and cluster runs y2 of a2 of which y21 has a length 1, . . . , y2m2 has length m2 . Thus, a number of ways to obtain a given number of cluster runs is given by y1 ! y2 ! · G(y1 , y2 ) (16) y11 !y12 ! . . . y1m1 ! y21 !y22 ! . . . y2m2 ! With the use of the above dependence, we can present Eq. (14) as follows: P (y1j , y2j , m1 , m2 ) =

y1 ! y2 ! · G(y1 , y2 )pm1 (1 − p)m2 y11 !y12 ! . . . y1m1 ! y21 !y22 ! . . . y2m2 ! (17)

The Poisson Cluster Process Runs as a Model

211

Let Yij be a number of clusters in a runs with length j, where i = 1 or 2 and Mi (i = 1, 2) indicates a number of packets in cluster ai . Thus, we have M1 +M2 = m and  jYij = Mi , i = 1, 2 (18) j

Let Yi , i = 1, 2 indicate the number of cluster runs with ai , and Y be a general number of cluster runs. Thus, we have  Yi = Yij , i = 1, 2 (19) i

Y = Y1 + Y2

(20)

We have two cases here: a) y is an even number. Thus, we have y1 = y2 = 12 y. A number of ways in which we can obtain cluster runs y1 with clusters a1 and cluster runs y2 with clusters a2 is equal to G( 12 y, 12 y) = 2. Then   1 1 m1 − 1 m2 − 1 P (Y = y) = P ( y, y, m1 , m2 ) = 2 1 pm1 (1 − p)m2 (21) 1 2 2 2y − 1 2y − 1 b) y is an odd number. Thus, y1 = 12 (y − 1) and y2 = 12 (y + 1) or y1 = 12 (y + 1) and y2 = 12 (y − 1). Since the number of ways to obtain cluster runs y1 with a1 and cluster runs y2 with a2 is equal to G(y1 , y2 ) = 1. Then   1 1 1 1 P (Y = y) = P (y − 1), (y + 1), m1 , m2 + P (y + 1), (y − 1), m1 , m2 2 2 2 2

     m1 − 1 m2 − 1 m −1 m2 − 1 = + 1 1 pm1 (1 − p)m2 (22) 1 1 1 (y − 3) (y − 1) (y − 1) (y − 3) 2 2 2 2 Transforming Eqs. (21) and (22) we can obtain the conditional probabilities of random variables Yi under condition that M1 = m1 and M2 = m2 .    m1 − 1 m2 + 1 m P (Y1 = y1 | M1 = m1 , M2 = m2 ) = / (23) y1 − 1 y1 m1  P (Y2 = y2 | M1 = m1 , M2 = m2 ) =

m1 + 1 y2



m2 − 1 y2 − 1

 m / m2

(24)

The means of random variables of cluster runs we can compute with the use of Eqs. (22) and (23), namely   m1 − 1 m2 + 1 m / y1 − 1 y1 m1 y1    m1  m1 − 1 m2 m = (m2 + 1) / y1 − 1 y1 − 1 m1

E(Y1 | M1 =m1 , M2 = m2 ) =

y1

m1 



y1

(25)

212

J. Martyna

Using the Newton formula we can the above get dependencies in a simple form  (m2 + 1)(m − 1)! (m2 + 1)m1 m E(Y1 | M1 = m1 , M2 = m2 ) = / = (26) m1 (m1 − 1)!m2 m Analogously, we obtain E(Y2 | M1 = m1 , M2 = m2 ) =

(m1 + 1)m2 m

(27)

To find the conditional variation var(Y1 | M1 = m1 , M2 = m2 ) of cluster runs we can compute E[Y1 (Y1 − 1) | M1 = m1 , M2 = m2 ]. Thus, with the use of the dependencies (23) and (24) we can have E[Y1 (Y1 − 1) | M1 = m1 , M2 = m2 ]   m1   m1 − 1 m2 − 1 m = m2 (m2 + 1) / (28) y1 − 1 y1 − 2 m1 y1 =1

Using an expansion of the Newton identity (1 + x)n2 −1 (1 +

1 n1 −1 (1 + x)n1 +n2 −2 ) ≡ x xn1 −1

and comparing the coefficient of x−1 , we obtain   m1   m1 − 1 m2 − 1 m1 + m2 − 2 = y1 − 1 y1 − 2 m1 − 2

(29)

y1 =1

From the above equation and Eq. (22) we get var (Y1 | M1 = m1 , M2 = m2 ) =

m1 (m1 − 1)m2 (m2 + 1) (m − 1)m2

(30)

m1 (m1 + 1)m2 (m2 − 1) (m − 1)m2

(31)

and in analogy var (Y2 | M1 = m1 , M2 = m2 ) = 3.1

The Limiting Distribution of Runs of Poisson Clusters

From the Eqs. (22), (23), and (24) we can obtain the conditional probability functions of random variables Yi under condition that M1 = m1 and M2 = m2 . We have    m1 − 1 m2 + 1 m P (Y1 = y1 | M1 = m1 , M2 = m2 ) = / (32) y1 − 1 y1 m1    m1 + 1 m2 − 1 m P (Y2 = y2 | M1 = m1 , M2 = m2 ) = / (33) y2 y2 − 1 m2

The Poisson Cluster Process Runs as a Model

For an even and odd number of y, we obtain, respectively    m −1 m2 − 1 m P (Y = y | M1 = m1 , M2 = m2 ) = 2 1 1 / 1 m1 2y − 1 2y − 1 P (Y = y | M1 = m1 , M2 = m2 ) =

      m1 − 1 m2 − 1 m1 m2 − 1 m + 1 / 1 1 1 m1 2 (y − 3) 2 (y − 1) 2 (y − 1) 2 (y − 3)

213

(34)

(35)

In 1940, Wald and Wolfowitz [19] proved that the conditional distribution  2m1 4αm1 given by Eqs. (34) and (35) is asymptotic normal N ( 1+α ; (1+α)3 ) for m1 = αm2 (α > 0) and m1 → ∞. We can generalize the above given results. Let Rij be a number of runs with the Poisson clusters not less than j (i = 1, 2; j = 1, 2, . . . , mi ). Let Rj = R1j + R2j be a general number of runs with the length not less than j. Thus, we obtain the conditional probability  m2 + 1 P (R1j | M1 , M2 = m2 ) = pm1 (1 − p)m2 (36) m1 Analogous, we may get the conditional probability  m1 + 1 P (R2j | M1 = m1 , M2 = m2 ) = pm2 (1 − p)m1 m2

(37)

Thus, the mean values of random variables of cluster runs are equal to (j)

E(R1j | M1 = m1 , M2 = m2 ) =

m1 (m2 + 1) , j = 1, 2, . . . , m1 m(j)

E(R2j | M1 = m1 , M2 = m2 ) =

m2 (m1 + 1) , j = 1, 2, . . . , m2 m(j)

(38)

(j)

(39)

For m1 = m2 = 12 m we obtain E(Rij | M1 = M2 = and E(Rj | M1 = M2 =

4

m m ) ≈ j+1 2 2

(40)

m m )≈ j 2 2

(41)

Experimental Results

In this section we examine in more detail the runs in the Poisson cluster process. The data sets, which consist of the times of packet arrivals to a server on the Internet at the University of North Carolina, were obtained on Sunday, April 20, 2003. The data are accessible from the WWW address: http://www-dirt.cs. unc.edu/ts len/2003 Apr 20 Sun 1900.ts len.gz.

214

J. Martyna

Fig. 2. The natural logarithm of the empirical distribution function log(F n ) (the continuous line) and the fitted regression line for the points where t ∈ [0.4×10−3 , 0.7×10−3 ] (the dotted line) [7]

The format of the data set has two columns: the packet arrival time stamp and the packet length. The length of the data set concerns only 245 seconds. Calculation of λ. For the estimation of λ we use a method presented in the paper [7]. To obtain the tail of the distribution function of the interarrival times of process N under the Palm distribution we can use the expression log(F 0 (t)) ∼ −λt,

t→∞

(42)

where F 0 defines the right tail of distribution F0 of the inter-arrival times under the Palm distribution. Fn can be calculated from the sample of the interval times Ti − Ti−1 . This sequence under the Palm distribution consists of the ergodic process and thus supx | Fn (x) − F0 (x) |→ 0 is satisfied. For the large value of t use the linear regression for log(F ) can be used. In Fig. 2 the empirical distribution function Fn (t) is presented which is fitted by the dotted line of regression line. It can be seen that for the interval t ∈ [0.4 × 10−3, 0.7 × 10−3] the right tail of the distribution function is well fitted by a regression line. For the t > 0.7 × 10−3 the so determined regression line is not a good approximation of the empirical distribution function. The negative of the slope of this regression line allows us to estimate λ, which is equal to 1.837 here. Estimation of the mean number of packets in a cluster. To estimate the mean number of packets in a cluster we can use Eq. (2) or Theorem 1.

The Poisson Cluster Process Runs as a Model

215

With the use of dependence λ(EK + 1) ≈ N (t)/T we can compute N (t)/T = 10 × 106/245s ≈ 40816, and further for λ = 1.837 we obtain EK = 22217. Thus, the mean value of packets in a cluster is given by 450. The study of runs. In a sample consisting eight clusters we have the data bytes in succession as follows: 121185, 115293, 117354, 116937, 122053, 117655, 117234, 116843 To be rounded off to 2 thousand data bytes this sample can be given in the form: m = 8, m1 = 6, m2 = 2, a1 , a2 , a1 , a1 , a2 , a1 , a1 , a1 We have here the variables as follows: y11 = 1, y21 = 1, y12 = 1, y13 = 1, y1 = y2 = 2, y = 4. In other words, we have one cluster runs a1 with length 1, two cluster runs a2 with length 1, one cluster runs a1 with length 2 and one cluster runs a1 with length 3. With the use of Eq. (17), we can compute the probability of arrivals of cluster runs a1 and a2 for which the random variables y1 , y2 , m1 , m2 have the values observed in a sample, namely P (y1j , y2j , m1 , m2 ) =

y1 ! y2 ! · · G(y1 y2 )pm1 (1 − p)m2 y11 !y12 ! . . . y1m1 ! y21 !y22 ! . . . y2m2 !

= 3.8 × 10−3 From Borels law of large numbers it appears that in large runs of independent samples of 8 elements we have in approximation 22 samples in a hundred samples which consists of 6 clusters of runs a1 and 2 clusters of runs a2 in accordance with the values of the observed data sets. The null hypothesis H0 testing by use the runs. Let hypothesis H0 denote that the sample is random. The task is to decide whether the sample evidence better supports H0 (decision to ”retain H0 ”) or the alternative hypothesis H1 (decision to ”reject H0 ”). We verify it at the level α = 0.005. From the Eqs. (21) and (22) we obtain P (y = 1) = 0, P (y = 2) = 0, P (y = 3) = 1.8 · 10−9 , P (y = 4) = 4.56 · 10−7 Thus, P (y ≤ 4) = 0.0937. It means that the null hypothesis H0 cannot be rejected.

5

Conclusion

The Poisson cluster process is a new model of data flow in the computer and telecommunication networks. Its aim is to describing both the flow arrival process and the dependencies between several flows. It is fully intuitive, specially in the modeling of computer networks. In the Poisson cluster process the packet arrivals process forms clusters. Moreover, as was shown in the previous sections, these clusters can create a run. With the use of the given dependencies we can catch the succession of particular clusters. Thereby, we can both better understand the data flows and predict their unexpected changes in the communication links.

216

J. Martyna

References [1] Barlett, M.S.: The Spectral Analysis of Point Processes. Journal of Royal Statistical Society, Series B 25, 264–296 (1963) [2] Crovella, M., Bestavros, A.: Self-similarity in World Wide Web Traffic: Evidence and Possible Causes. In: Proc. of the 1996 ACM SIGMETRICS Int. Conf. on Measurement and Modeling of Computer Systems, vol. 24, pp. 160–169 (1996) [3] Crovella, M., Bestavros, A., Taqqu, M.S.: Heavy-Tailed Probability Distributions in the World Wide Web (1996) [4] Daley, D.: Asymptotic Properties of Stationary Point Processes with Generalized Clusters. Zeitschrift f¨ ur Wahrscheinlichkeistheorie und verwandte Gebiete 21, 65–76 (1972) [5] Daley, D., Vere-Jones, D.: An Introduction to the Theory of Point Processes. Springer, Heidelberg (1988) [6] Fang-Hao, K.M., Lekshman, T.W., Mohanty, S.: Fast, Memory Efficient Flow Rate Estimation Using Runs. IEEE/ACM Transactions on Networking 15(6), 1467– 1477 (2007) [7] Fa¨ y, G., Gonzales-Ar´elo, B., Mikosh, T., Samorodinsky, G.: Modeling Teletraffic Arrivals by a Poisson Cluster Process. Queueing Systems 54, 121–140 (2006) [8] Fisz, M.: Probability Theory and Mathematical Statistics. John Wiley & Sons, Chichester (1963) [9] Heath, D., Resnick, S., Samorodnitsky, G.: Heavy Tails and Long Range Dependences in ON/OFF Processes and Associated Fluid Models. Mathematical Operation Research 23, 145–165 (1998) [10] Hohn, N., Veitch, D.: Inverting Sampled Traffic. In: ACM SIGCOMM Internet Measurement Conference, pp. 222–233 (2003) [11] Hohn, N., Veitch, D., Abry, P.: Cluster Processes: A Natural Language for Network Traffic. IEEE Trans. on Signal Processing 51, 2229–2244 (2003) [12] Kulkarni, L.A.: Transient Behaviour of Queueing Systems with Correlated Traffic. Performance Evaluation 27-28, 117–146 (1996) [13] Kodialam, M., Lakshman, T.V., Mohanty, S.: Runs Based Traffic Estimator (RATE): A Simple, Memory Efficient Scheme for Per-Flow Rate Estimation. In: IEEE INFOCOM, vol. 3, pp. 1808–1818 (2004) [14] Latouche, G., Remiche, M.-A.: An MAP-Based Poisson Cluster Model for Web Traffic. Performance Evaluation 49(1), 359–370 (2002) [15] Lewis, P.A.W.: A Branching Poisson Process Model for the Analysis of Computer Failure Patterns. Journal of Royal Statistic Society, Series B 26, 398–456 (1964) [16] Paxson, V., Floyd, S.: Wide-Area Traffic: the Failure of Poisson Modeling. IEEE/ACM Trans. on Networking 3(3), 226–244 (1995) [17] Sohraby, K.: Delay Analysis of a Single Server Queue with Poisson Cluster Arrival Process Arising in ATM Networks. In: IEEE Global Telecommunication Conference, GLOBECOM 1989, vol. 1, pp. 611–616 (1989) [18] Westcott, M.: On Existence and Mixing Results for Cluster Point Processes. Journal of Royal Statistics Society, Series B 33, 290–300 (1971) [19] Wald, A., Wolfowitz, J.: On a Test Whether Two Samples are From the Same Population, vol. 11. AMS (1940)

Proactive Peer-to-Peer Traffic Control When Delivering Large Amounts of Content within a Large-Scale Organization Chih-Chin Liang1, Chia-Hung Wang2, Hsing Luh2, Ping-Yu Hsu3, and Wuyi Yue4 1

Department of Business Administration, National Formosa University, No.64, Wunhua Rd., Huwei Township, Yunlin County 632, Taiwan (R.O.C.) [email protected] http://researcher.nsc.gov.tw/lgcwow 2 Department of Mathematical Sciences, National Chengchi University, No.64, Sec. 2, Jhihnan Rd., Wen-Shan District, Taipei City, Taiwan 116, R.O.C. {93751502,slu}@nccu.edu.tw 3 Department of Management, National Central University, No. 300, Jung-da Rd., Jung-li City, Taoyuan, Taiwan 320, R.O.C. [email protected] 4 Department of Intelligence and Informatics, Konan University, Kobe 658-8501, Japan [email protected]

Abstract. The Peer-to-Peer (P2P) approaches utilize the passive means of delivering large amounts of content due to the ease of content delivery and small amount of effort required for file transmission and failure control by the file provider. However, P2P methods incur network congestion due to the large number of uncontrolled connections established by those retrieving content. Additionally, P2P methods potentially stop file providers from exchanging data with other devices because of congested outbound traffic. Therefore, existing P2P approaches are infeasible for large-scale organizations as a congested uncontrolled network is not ideal in a business environment. Related studies demonstrated that the active method for content can minimize outbound congestion for a provider but it needs the fault tolerance. This study presents a novel application called Enterprise Peer-to-Peer (EP2P), which integrates passive and active approaches. Using EP2P, the outbound traffic from a sender on an Intranet can be controlled efficiently, because the transmission between a provider and many receivers can be changed from passive to active on necessary. Therefore, we suggest organizations use EP2P for the delivery of content. Keywords: peer-to-peer, content delivery, enterprise communication.

1 Introduction Although P2P applications, such as BitTorrent (BT), are extensively adopted to transmit content between peers popularly, organizations do not apply P2P applications for content delivery [1], [2]. Notably, P2P applications are unsuitable for organizations because they consume considerable network bandwidth [3]. S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 217–228, 2009. © Springer-Verlag Berlin Heidelberg 2009

218

C.-C. Liang et al.

P2P applications are efficient for distribution of large files as they divide files into chunks or pieces and transmit each piece individually among those retrieving the files. That is, a retriever can obtain parts of a file without waiting for a busy file provider that is delivering a complete file actively at one time. Modern P2P applications transfer each part of a file that can be shared among peers individually through a passive sharing method. Passive methods allow receivers to retrieve a file; however, such pull-based methods occupy sender outbound traffic (In average, one P2P client can occupy over 55% of sender traffic [4]). Thus, a sender is then unable to share content among peers when outbound traffic is congested. Existing P2P methods use the same solution for this problem; that is, to limit the number of available connections of a provider. However, as a complete solution, this approach is inadequate. Available network connections are still easily exhausted as the number of requests by peers attempting to retrieve files is excessive. Therefore, those retrieving files from a provider have difficulty due to congested traffic. In short, a congested network stops nodes from retrieving content [5]–[12]. Therefore, a mechanism that controls network usage is needed. Distribution of large files among staff in a large-scale company using network carefully is important, but difficult to implement due to the complex Intranet environment [12]–[16], that consists of different network segments connected via various bandwidths [16]. Such complex environments can result in delayed transmission of content and even loss during transmission when using inappropriate content delivery approaches. For example, a retriever may have difficulty retrieving content from a sender with a small bandwidth due to excessive outbound traffic from the sender [18]–[24]. Although P2P applications can share sender’s traffic, no companies currently use P2P applications as distribution approaches because of uncontrolled network usage. Once P2P methods exhaust network resources, numerous applications on the same Intranet will not be able to communicate each other. On the contrary of passive method is the active method. Using active method, the packets can be delivered by the sender actively. Once an active method is used to deliver packets within an Intranet network, network congestion caused by passive methods can be eliminated. However, because many Intranet applications must operate without delays, using an active method to deliver packets is also infeasible. To use P2P application within a company, this work presents a novel hybrid application called EP2P that combines both passive and active approaches [25], [26]. A company can share content among peers with the smallest load for the file owner through the passive P2P method. Through EP2P, the passive file delivery process controlled by a retriever can change to active method controlled by the sender on necessary to make outbound connections controllable. Finally, based on performance and reliability results, we suggest organizations consider utilizing EP2P for content delivery. The remainder of this paper is organized as follows. Section 2 investigates work related to content delivery. In Section 3, the EP2P mechanism is described. In Section 4, the proposed application is validated. Conclusions are finally drawn in Section 5, along with recommendations for future research.

Proactive P2P Traffic Control When Delivering Large Amounts of Content

219

2 Literature Review A file is transferred by a traditional content delivery method means a server provides files that can be retrieved from the server by all clients. Basically, all clients (peers) must send a request to the file server to ask retrieving file A through a passive method firstly (The time to get a request from the sender through a passive delivery method is passive denoted as Trequest ). Once the provider is available to send file and gets one request from a client, the client will owns the right to get file A. Therefore, the client can retrieve the file (The time to get file through a passive delivery method is denoted as passive Ttransmission ). However, this traditional content delivery method is inefficient, because too many retrievers are fighting for the right to get their file from the server. Therefore, the time spent retrieving a large file using the traditional approach will be prolonged until the file has been retrieved by all clients. To resolve above problem, the modern P2P application is thereby invented [27]. A file will be retrieved successfully after all parts of the file are collected and merged [27]–[30]. That is, each peer could be the file provider and file retriever depended on the transmission behavior. However, the network traffic is busy because of the passive content-delivering method [27]. However, such a passive content delivery approach (including the modern P2P application) exhaust the outbound network bandwidth of a sender easily when too many retrievers get a large file from the sender concurrently [2], [3], [10]. Additionally, the content delivery within an organization considers not only receiving completed content but also consuming network resources efficiently [13]. There are two solutions about reducing the sender load of traffic: cost-benefit approach and network-control approach [31]–[33]. Because P2P networks are highly dependent on file-owners’ cooperation, the so-called cost-benefit approach is related to the cost of getting privilege to retrieve files from other owners. The network-control solution is used to manage the network usage of a node. That is, all existing solutions are trying to control the usage of provider’s network connections [32], [33]. However, the above solutions are insufficient for the sender’s outbound congestion, because too many requests still cause the outbound congestion of a sender. That is, the above problem is caused by the retrieving (passive) behavior obviously. Therefore, we might use an active content delivery method to transfer items actively. This is the so-called push-based method [2], [3]. Once a file needs to be delivered from the sender to a receiver (peer), the sender must sends a request to the retriever to get the response back that it is available to receive the file from sender (The time to send and to get a request back to a retriever active ). After a receiver sends back the information like “it is available is denoted as Trequest to receive packets,” the sender will deliver the file to the receiver actively (The time active to send file is denoted as Ttransmission ). However, because of the unmanaged delivering packets through active method, we must consider using a fault-tolerant mechanism to manage packets on transmission [14], [23], [24].

3 The EP2P Mechanism This work proposes an enhanced P2P mechanism, named EP2P employing both passive and active methods to deliver large amounts of content within an organization.

220

C.-C. Liang et al.

3.1 Mechanism Design To illustrate the mechanism, we define the exchange information. The exchange information is sent between each other, which is composed of file names, sender names, file status, retrieving parts, completed parts, receiver names, transmission method, file sizes, and transmission status. The “file name” is utilized for identifying the shared content. The “sender name” and the “receiver name” represent the role of peers. The “file status” is used for each peer to understand the owned parts of the shared file from the sender. Because the sharing file using an EP2P mechanism must be divided into chunks for speeding up the file transmission, separate management of each part is needed [11], [25]. The “retrieving part” indicates the parts of the sharing file which are currently being delivering. The “completed parts” show the parts of the shared file are owned by the sender. Because a sender does not always have the completed file, the “file status” indicates the parts owned by the sender. The “transmission method” is utilized for recognizing the content delivery method between a sender and a receiver. The “file size” is used for verifying the accuracy of each received part. The “transmission status” indicates the situation of a currently transferring part. The above information owned by a peer must be shared and update with its neighboring peers. Using an EP2P mechanism, the passive method is the default method to transfer files. 3.2 Passive Approach of EP2P The EP2P mechanism is launched whenever a file needs to be transmitted. For example, Peer A is a sender, peer B, which is one of the neighboring peers of peer A, is a receiver, and File I is the file needs to be transmitted. Peer A shares file status information described in Table 1 to neighboring peers after peer A divides File I into parts. Peer A records itself as “sender name,” the owned parts of File I as “file status,” the name of File I as “file name,” “passive mechanism” as “transmission method,” and “ready for retrieving file” as “transmission status”. Because peer A is the starting node, the owned parts of File I of peer A are completed. After peer B receives the above information from peer A, peer B records itself as “receiver name,” and records a divided part of File I as the “retrieving part,” then passes these modifications back to peer A. A procedure which uses a passive approach is therefore launched. Peer B retrieves “part 1 of File I” from peer A. Whenever “part 1of File I” is transferred successfully by peer B, the “retrieving part” is changed to “part 2 of File I” and the recording of part 1 into “completed parts” by peer B. These modifications are then passed on to neighboring peers including peer A. The retrieving procedure of “part 2 of File I” from peer A is started by peer B after the above modifications are transferred to peer A completely. Once peer A is unavailable to share File 1, peer B will retrieve “part 2 of File I” from other peers own the part. The “transmission status” will change to “successful transmission” whenever File I is transferred completely. 3.3 Active Approach of EP2P Once the network is congested because of the passive delivery, EP2P can change the transmission method to active approach. The procedure of the active approach of

Proactive P2P Traffic Control When Delivering Large Amounts of Content

221

EP2P is described as follows. The transmission method is changed from a passive method to an active one, whenever peer C needs to connect to peer A for retrieving “part 3 of File I,” but there are too many connections established by receivers using the outbound bandwidth of peer A for the available to transfer of “part 3 of File I” through passive method. The “transmission method” is changed to “active method” by peer A. Peer A then sends this modification to peer C. The passive method transmission of the “part 3 of File I” between peer A and peer C stops. Peer C then waits for “part 3 of File I” sent by Peer A. Peer A sends the needed parts to peer C when the network is available to transfer content. Peer A changes the “transmission status” to “ready for sending file” to peer C. Peer C sends “ready for receiving file” to peer A, when peer C is available to receive the content. Peer A then sends “part 3 of File I” to Peer C. Whenever the size of the received part is the same as the “file size,” Peer C sends “successful transmission” to Peer A. In addition, in the EP2P mechanism, if peer A malfunctions, one of the neighboring peers of peer A other than peer C, sends the request part to peer C actively. The push-base method is finished. 3.4 Modeling To understand the performance of this proposed approach, this work models EP2P as follows. The average packet size per file is denoted as δ , and the average transmission rate (delivered packets/unit time) of the sender is denoted as Bs . Notation Bl is the average transmission rate of each link between sender and receivers. The scenario where an active approach is used with fault tolerance mechanisms is illustrated as follows. A receiver can send a message (request) to the sender and ask it to transmit the file again whenever the file size is incorrect. A file has delivered successfully or not is decided by verifying the acknowledgement sent back from the receiver. In case a sender receives no signal from a receiver after sending a file, the sender must resend the file to the receiver. The average packet size per request is denoted as σ . Generally, δ is far larger than σ . Let λ be the average arrival rate of new files. The average time for delivering files via an active mechanism is denoted as T active . The average time T active is the sum of average times for transmitting requests and for sending files. The average time for transmitting requests by an active mechanism can be estimated as follows:

active request

T

⎧ λ Nσ ⎪ B , if 0 < Bl < Bs , ⎪ l ( N , Bl , Bs ) = ⎨ ⎪ λ Nσ , if Bs ≤ Bl ⎪⎩ Bs

and the average transmission time of sending files to all peers is estimated as follows: ⎧ λ Nδ ⎪ B , if 0 < Bl < Bs ⎪ l active ( N , Bl , Bs ) = ⎨ Ttransmission ⎪ λ Nδ , if Bs ≤ Bl ⎪⎩ Bs

.

222

C.-C. Liang et al.

Although using passive methods need small degree of sender effort in dealing with failure control and file delivery, the file transferred through the passive method also needs a mechanism for checking correctness. The correctness of the retrieved content is verified by checking the file size after the process of file transmission is completed. The receiver retrieves the content again whenever the file size is incorrect [23]. This work models the passive transmission method as follows. The average transmission rate (delivered packets/unit time) of receivers is denoted as Br and the total number of receivers (peers) is denoted as N . Notation T passive is the average time for delivering files using a passive mechanism, which is the sum of the average times for transmitting requests and for sending files. The average time for transmitting requests via a passive method can be estimated as follows: ⎧ λσ ⎪B ⎪ l ⎪ λσ ⎪B ⎪⎪ r passive Trequest ( N , Bl , Br ) = ⎨ λσ ⎪B ⎪ r ⎪M ⎪ λσ ⎪ ⎪⎩ Br

where the ceiling function:

⎡N ⎤ ⎢⎢ 2 ⎥⎥

N,

if 0 < Bl < Br

N,

if Br ≤ Bl < 2 Br

, ⎡N ⎤ ⎢⎢ 2 ⎥⎥ , if 2Br ≤ Bl < 3Br M if N ⋅ Br ≤ Bl

,

means the smallest integer is not less than

N 2

. The

average transmission time of receiving all files for all peers is estimated as follows: ⎧ λδ ⎪B ⎪ l ⎪ λδ ⎪B ⎪⎪ r passive Ttransmission ( N , Bl , Br ) = ⎨ λδ ⎪B ⎪ r ⎪M ⎪ λδ ⎪ ⎪⎩ Br

N,

if 0 < Bl < Br

N,

if Br ≤ Bl < 2 Br

⎡N ⎤ ⎢⎢ 2 ⎥⎥ , if 2Br ≤ Bl < 3Br M ,

if N ⋅ Br ≤ Bl

4 Experiment Results To understand the validation and performance, this work presents following the experiment results as follows. 4.1 Validation To understand the performance, this work models the results of transmission time of file delivery through EP2P active and passive approaches [32]. This work illustrates the level of congestion of the network through the relation between Bs , Br and Bl . Bl < min{Bs , Br } shows that the network is heavily congested because the transmission rate of a link is lower than a peer within this proposed environment.

Proactive P2P Traffic Control When Delivering Large Amounts of Content

223

To find the validation, this work assumes the arrival of files follows a Poisson process. In this proposed system, a receiver or a retriever needs to send a message (request) to a file provider in order to make the provider decide to use an active or passive mechanism to deliver content. This work assumes the ability to transmit packets of each peer is the same for all nodes. Additionally, the average transmission rates of senders and receivers/retrievers are the same and equal to Bs . When the network is heavily congested, that is Bl < Bs , the derived average time for delivering files through an active mechanism is equal to that through passive mechanism. From above description, we have Theorem 1.

Theorem 1: If 0 < Bl < Bs , the average time for delivering files through active mechanism is equal to that through passive mechanism. Proof: If 0 < Bl < Bs , then T active active active = Trequest ( N , Bl , Bs ) + Ttransmission ( N , Bl , Bs )

= (σ + δ ) =T

passive request

λN Bl

passive ( N , Bl , Bs ) + Ttransmission ( N , Bl , Bs )

= T passive .

Therefore, when the network is heavily congested, the average time for delivering files through an active mechanism is equal to the average time for delivering files through passive mechanism. □ When the network is not congested, that is Bl ≥ Bs , the derived average time for delivering files through a passive mechanism is less than or equal to that through an active mechanism (Theorem 2). Theorem 2: If Bl ≥ Bs , the average time for delivering files through a passive mechanism is less than or equal to that through an active mechanism.

Proof: If Bl ≥ Bs , then T active active active = Trequest ( N , Bl , Bs ) + Ttransmission ( N , Bl , Bs )

=

λ (σ + δ ) Bs

N

⎧ λ (σ + δ ) N, ⎪ B s ⎪ ⎪ λ (σ + δ ) ⎡ N ⎤ ⎪ ⎢⎢ 2 ⎥⎥ , ≥ ⎨ Bs ⎪M ⎪ ⎪ λ (σ + δ ) , ⎪ B ⎩ s

if Bs ≤ Bl < 2 Bs if 2Bs ≤ Bl < 3Bs M if N ⋅ Bs ≤ Bl

passive passive = Trequest ( N , Bl , Bs ) ( N , Bl , Bs ) + Ttransmission

= T passive

Hence,

T

active

≥T

passive

when Bl ≥ Bs .

224

C.-C. Liang et al.

Therefore, when the network is not heavily congested, the average time for delivering files through a passive mechanism is less than or equal to that through an active mechanism. □ 4.2 Simulation Results The managers who want to use EP2P to deliver content within the enterprise need to know the possible congestion and the load to deliver content for reference. In this work, we use block rate to represent the congestion of the outbound traffic of a sender and the block rate to represent the packets that cannot be obtained by the receiver which is divided by the total packets that is delivered by the sender in a unit of time. Additionally, the increasing sender load to deliver content actively after using EP2P is worthy to discuss, because the load affects the business operation of applications hosted on the sender. To compare the block rate of three methods in a congested network, this investigation uses one provider and one to 30 devices to send (passive method) or receive (active method) packets from the provider through only one outbound connection of the file provider using Promodel™. This work assumes the sender (Bs) and retrievers/receivers (Br) have the same transmission rate to deliver content. The delivered packets of a request for both methods have the same size (1K byte, σ ) and one packet set is delivered at one time. The average delivering packets of a file ( δ ) is set to the unlimited for 1

observing the congestion. The exponential distribution ( E ( λ ) ) is also assumed. The scenario of this simulation for the active method is designed that one provider delivers packets to 1 to 30 devices (N). Each packet is delivered actively to one device at one time (the inter-delivering time follows exponential distribution: E(0.01 minutes)). The simulation for the passive method is designed that there are one to 30 devices retrieve packets from one provider. The schedule of the pull action of one retriever is following exponential distribution ( λ1 is random, ranging from 0.01 minutes to 5 minutes), the mean time between each retrieving action is set as random. That is, the number of collected packets of each device is various. This work simulates each method 20 times. Each actual simulation time is 5 hours. The schedule of retrieving packets of a retriever follows an exponential distribution. Because the EP2P is composed of active and passive approaches, the EP2P method must have the changing policy to decide whether to change the delivery method from passive approach to active approach. Additionally, once a retriever occupied the traffic for longer time than other retrievers, the retriever will collect more packets than others. The congestion is also existed along with the occupation. To release the congestion, this work assumes that the passive mechanism could shift to active method while the largest amount of collected units of a retriever is x times (denote as EP2P(x), x is from two to ten in this simulation) the smallest amount of collected packets of any other retriever, the delivery method will change from passive method to active method. The sender will deliver packets to all receivers except the device which has the largest amount of collected packets. The delivery method will be changed from active method to passive method when the largest amount of collected packets of a device is smaller than x times the smallest amount of collected units of a device.

Proactive P2P Traffic Control When Delivering Large Amounts of Content

225

Fig. 1. Block Rate

The simulation results are as follows (see Figure 1). Using passive/active methods, the block rate is rising along with the increasing number of retrievers/receivers. Additionally, using EP2P, a sender can deliver more packets than using the passive method. That is, using an EP2P is more efficient than a passive P2P approach. The results show that the active method has the better results than other two approaches. However, using the active method merely, the increasing sender load of content delivery will affect others applications hosted on the sender. Therefore, using active method within an enterprise that needs to use computers efficiently is infeasible. The results show that using EP2P approach, the sender load to deliver content actively is decrease with the increasing number of receivers. That is, using EP2P, the more receivers can reduce the more load on content delivery. Additionally, we found that the more receivers the fewer chances to change delivery method from passive approach to active approach. In average, 28.26% packets is using active EP2P method to deliver from one sender to five receivers, and 9.74% packets is using active EP2P method to deliver from one sender to 30 receivers.

5 Conclusions and Remarks The applications hosted on all devices in the enterprise network must be workable, and network resources must be consumed carefully for content delivery within an enterprise. Therefore, selecting a feasible content-delivery approach is important when distributing files within an organization. A passive P2P application can deliver large files efficiently, but consumes vast amounts of network resources. Previous studies demonstrated that adopting an active application can mitigate network congestion because the sender controls connections; however, increasing provider load for

226

C.-C. Liang et al.

content delivery and limits the performance for other back-office applications [1], [2]. Furthermore, an active method needs a particular fault-tolerance mechanism to ensure that files reach their destinations. Thus managing such above methods carefully is important when delivering substantial amounts of content within an enterprise over a complex network. This work presents a novel hybrid P2P approach, the EP2P scheme, which is composed of passive and active methods, for delivering large amounts of content over an Intranet. To evaluate the experimental results, this work models EP2P and simulates its performance. Experimental results show that a sender can deliver a greater amount of packets more efficiently through EP2P to retrievers/receivers than the current P2P method within an Intranet. Additionally, managers need to ensure that Intranet traffic is controllable and existing back-office applications are not affected. By using EP2P, a company can distribute files with minimal sender effort, and network traffic can be controlled. Additionally, the further studies are important that include how to adopt EP2P within an organization and the user satisfaction to EP2P. That is, the steps to apply EP2P to a real company successfully and the feedback from users are important for a manager to verify how to send content within an organization.

Acknowledgement This work was supported in part by GRANT-IN-AID FOR SCIENCE RESEARCH (No. 21500086) and the Hirao Taro Foundation of KUAAR, Japan.

References 1. Agrawal, M., Rao, H.R., Sanders, G.L.: Impact of Mobile Computing Terminals in Police Work. J. Organ. Comput. El Commer. 13, 73–89 (2003) 2. Liang, C.C., Hsu, P.Y., Leu, J.D., Luh, H.: An effective approach for content delivery in an evolving Intranet environment-a case study of the largest telecom company in Taiwan. In: Ngu, A.H.H., Kitsuregawa, M., Neuhold, E.J., Chung, J.-Y., Sheng, Q.Z. (eds.) WISE 2005. LNCS, vol. 3806, pp. 740–749. Springer, Heidelberg (2005) 3. Liang, C.C., Wang, C.H., Luh, H., Hsu, P.Y.: A robust web-based approach for broadcasting downward messages in a large-scale company. In: Aberer, K., Peng, Z., Rundensteiner, E.A., Zhang, Y., Li, X. (eds.) WISE 2006. LNCS, vol. 4255, pp. 222–233. Springer, Heidelberg (2006) 4. Liu, X., Lan, J., Shenoy, P., Ramaritham, K.: Consistency maintenance in dynamic peerto-peer overlay networks. J. Comput. Netw. 50(6) (2006) 5. Azzouna, N.B., Guillemin, F.: Experimental analysis of the impact of peer-to-peer applications on traffic in commercial IP networks. Eur. Trans. Tele. 15, 511–522 (2004) 6. Bharambe, A.R.: Some observations on BitTorrent performance. Perform. Eval. Review 33(1) (2005) 7. Ragab, K., Kaji, N., Horikoshi, Y., Kuriyama, H., Mori, K.: Autonomous decentralized community communication for information dissemination. IEEE Internet Comput. 1089-7801, 29–36 (2004)

Proactive P2P Traffic Control When Delivering Large Amounts of Content

227

8. Turcan, E., Shahmehri, N., Graham, R.L.: Intelligent software delivery using P2P. In: Proc. IEEE Conf. P2P, pp. 1–8 (2002) 9. Lan, J., Liu, X., Shenoy, P., Ramamritham, K.: Consistency maintenance in peer-to-peer sharing network. In: Proc. IEEE Conf. WIAPP, pp. 1–5 (2003) 10. Datta, A., Hauswirth, M., Aberer, K.: “ Beyond “web of trust”: Enabling P2P E-commerce. In: Proc. IEEE Conf. CEC (2003) 11. Liu, X., Lan, J., Shenoy, P., Ramaritham, K.: Consistency maintenance in dynamic peerto-peer overlay network. J. Comput. Netw. 50, 859–876 (2006) 12. Liu, X., Liu, Y., Xiao, L.: Improving query response delivery quality in peer-to-peer systems. IEEE Trans. Para Dist. Syst. 17(11), 1335–1457 (2006) 13. Bar-Noy, A., Freund, A., Naor, J.: On-line load balancing in a hierarchical server topology. SIAM J. Comput. 31(2), 527–549 (2001) 14. Liang, C.C., Wang, C.H., Hsu, P.Y., Luh, H.: Disaster Avoidance Mechanism for ContentDelivering Service. Comput. Oper. Res. 36(1), 27–39 (2008) 15. Agrawal, M., Rao, H.R., Sanders, G.L.: Impact of mobile computing terminals in police work. J. Organ. Comput. Electron. Commer. 13, 73–89 (2003) 16. Wang, W.M., Liang, C.C., Lu, H.Z., Chow, W.S., Chang, K.Y.: Research of testing process the case of TOPS-system delivery process. TL Tech. J. 34(1), 7–34 (2004) 17. Lu, H.Z., Liang, C.C., Chuan, C.C., Wang, W.M.: Discussion of TOPS/order software deployment, news publish and operation mechanism. TL Tech. J. 35(5), 19–733 (2005) 18. Liang, C.C.: Disseminating Content through a Peer-to-Peer Infrastructure in a Disaster Zones. In: Proc. IEEE Conf. ISM 2009, CD (2009) 19. Liang, C.C., Chuan, C.R., Lu, H.Z., Wang, W.M.: A software deploy model on TOPS/order system and its practice. TL Tech. J. 35(5-1), 19–27 (2005) 20. Acampora, A., Krull, M.: A new approach to peer-to-peer wireless LANs based on ultra wide band technology. Wireless Netw. 14, 335–346 (2008) 21. Guo, H., Shen, G., Wang, Z., Li, S.: Optimized streaming media proxy and its applications. J. Netw. Comput. Appli. 30, 265–281 (2007) 22. Cao, J., Feng, X., Lu, J., Chan, H.C.B., Das, S.K.: Reliable message delivery for mobile agents: push or pull? IEEE Trans. Syst., Man, Cyber.n A, Syst., Humans 34(5), 577–587 (2004) 23. Herrería-Alonso, S., Suárez-González, A., Fernández-Veiga, M., Rubio, R.F.R., LópezGarcía, C.: Improving aggregate flow control in differentiated services networks. Comput. Netw. 44(4), 499–512 (2004) 24. Saxena, N., Pinotti, C.M., Das, S.K.: A probabilistic push-pull hybrid scheduling algorithm for asymmetric wireless environment. In: Proc. IEEE Conf. GLOBALCOM, pp. 5–9 (2004) 25. Bhide, M., Deolasee, P., Katkar, A., Panchbudhe, A., Ramamritham, K., Shenoy, P.: Adaptive push-pull: disseminating dynamic web data. IEEE Trans. Comput. 51(6), 652–668 (2002) 26. Guo, L., Chen, S., Xiao, Z., Tan, E., Ding, X., Zhang, X.: A performance study of BitTorrent-like peer-to-peer systems. IEEE J. Select Areas Commun. 25(1), 155–169 (2007) 27. Défago, X., Schiper, A., Urbán, P.: Total order broadcast and multicast algorithms, taxonomy and survey. ACM Comput. Surv. 36, 372–421 (2004) 28. Li, M., Yu, J., Wu, J.: Free-riding on Bit-Torrent peer-to-peer file sharing systems: modeling analysis and improvement. IEEE Trans. Paral. Dist. Syst. 19(7), 954–966 (2008) 29. Hei, X., Liang, C.: A measurement study of a large-scale P2P IPTV system. IEEE Trans. Multi. 9(8), 1672–1687 (2007)

：

228

C.-C. Liang et al.

30. Cho, K., Fukuda, K., Esaki, H., Kato, A.: The impact and implications of the growth in residential user-to-user traffic. In: Proc. IEEE Conf. SIGOMM, pp. 207–208 (2006) 31. Zhou, J., Hall, W., De Roure, D.C., Dialani, V.K.: Supporting ad-hoc resource sharing on the web: A peer-to-peer approach to hypermedia link services. ACM Trans. Internet Tech. 7(2), 1–92 (2007) 32. Zghaibeh, M., Harmantzis, F.C.: A lottery-based pricing scheme for peer-to-peer networks. Telecommun. Syst. 37, 217–230 (2008) 33. Yamada, H., Okamura, A., Nakamichi, K., Sakai, K., Chugo, A.: QoS control by Traffic Engineering in content delivery networks. FUJITSU Sci. Tech. J. 39(2), 244–254 (2003) 34. Weng, C.E., Lain, J.K., Zhang, J.M.: UEEDA: Uniform and energy-efficient deployment algorithm for wireless sensor networks. Inter. J. Commun. Syst. 21, 453–467 (2008)

ISP-Driven Managed P2P Framework for Effective Real-Time IPTV Service Seil Jeon1, Younghan Kim1,*, Jonghwa Yi2, and Shingak Kang2 1

School of Electronic Engineering Soongsil University, Dongjak-gu, Seoul, 156-743, Korea {sijeon,yhkim}@dcn.ssu.ac.kr 2 Electronics and Telecommunications Research Institute, 161 Kajeong-Dong, Yuseong-Gu, Daejeon, Korea {jhyiee,sgkang}@etri.re.kr

Abstract. Over the years, in attempts to overcome client-server based limitations, a variety of Peer-to-Peer (P2P) technologies have been developed. This feature can contribute to robustness and scalability. However, it introduces network-oblivious traffic because of network-unaware peer selection. As P2P users have increased, so does the damage this problem causes. To solve this problem, various P2P model based on collaboration between ISP and P2P users have been recently suggested and then reduced network-oblivious traffic by removing biased peer selection. However, previous schemes have mainly focused on reducing traffic, which does improve network performance. In order to support effective real-time IPTV services, it should be required to not only reduce network-oblivious traffic, but it should also improve user performance such as delay and jitter because IPTV is an application sensitive to delay and jitter. In fact, the reduction of network-oblivious traffic improves user performance but it cannot always guarantee optimum performance experienced by real-time streaming service users. In this paper, we propose an ISP-driven managed P2P framework and peer selection mechanism for real-time IPTV user. For the evaluation, we use a QualNet 4.0 simulator and show proposed mechanism provides the performance effectively. Ultimately, we confirmed that ISPs should reflect the delay information of organized P2P network as well as the link traffic between each peer for effective real-time IPTV services. Keywords: P2P streaming mechanism, Managed P2P, biased peer selection.

1 Introduction To support the efficient and seamless delivery of an ISP-driven real-time IPTV service encompassing hundreds of thousands of channels, it is essential to cooperate with Peer-to-Peer (P2P) technologies. In fact, several P2P streaming mechanisms are already in use to provide web-based live streaming services with file sharing [1][2]. However, peer selection that does not reflect network topology, without considering *

Corresponding Author.

S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 229 – 240, 2009. © Springer-Verlag Berlin Heidelberg 2009

230

S. Jeon et al.

geographical distance among candidate peers, introduces network-oblivious traffic, which occurs severe problem to Internet Service Provider (ISP) and also leads P2P users to provide degraded performance [3]. While many ISPs developed several P2P traffic shaping techniques (e.g., [4][5]) to solve this problem, P2P users have learned new skills to break through against for a long time. Recently, enhanced CPU performance and memory capacity has allowed high-quality streaming services, such as IPTV. Then, ISPs may have a difficulty in providing the IPTV service by limited infra-structure networks. Due to the reason, a large amount of research emphasizing cooperation between ISPs and P2P user has been suggested in order to overcome previous exhaustive methods. R. Bindal et al. [6] proposed a modified mechanism of tracker and client to solve the biased-neighbor peer selection problem introduced by the tit-for-tat mechanism in BitTorrent. V. Aggarwal et al. [7] mentioned that it requires information to select an ISP-friendly target peer among several peer selection mechanisms providing traffic locality. They demonstrate the performance through ISP-aided information. However, D. R. Choffnes et al. [8] assumed that cooperation and collaboration is not likely to occur between ISPs and P2P user. Thus, they suggested peer selection based on content distribution networks (CDNs), which do not re-quire additional infrastructure, network topology information, or cooperation between ISPs and their subscribers. Their experimental results show improved performance in terms of hop counts and bandwidth. However, they do not describe the reason or reasons why ISPs and P2P users cannot cooperate and collaborate nor do they show the performance achieved compared to previous schemes based on oracle information managed by ISPs. ISP-driven IPTV services are expected to maximize revenue through cooperation between ISPs and content providers (CP). Recently, IETF ALTO (Application-Layer Traffic Optimization) WG [9] and DCIA (Distributed Computing Industry Association) P4P WG [10], targeting cooperative technique, are now standardizing for P2P traffic optimization. The P4P (Provider Portal for Applications) suggested that the notion of P4P-distance interface, which means virtual distance reflecting network status between peers. They confirm that the interfaces allow network providers and applications to jointly optimize their respective performances by using primal-dual decomposition. Summarizing the related work, previous research has mainly focused on the reduction of link utilization, traffic volume, and hop counts. In addition, they show reasonable improvement in user’s quality of service that corresponds to the reduction in traffic volume. Actually, however, when we assume a real-time IPTV ser-vice driven by ISP, the new scheme needs to enhance user quality due to delays and jitter experienced from the source node to each peer as well as reducing oblivious traffic. Because we cannot assure that the sum of optimally selected paths in terms of traffic between peers corresponds to reasonable delay and jitter. In order to obtain an optimized path satisfying this requirement, it needs not only reflected-traffic information from the oracle framework between the requesting peer and candidate peer but also network information from the already constructed overlay network. In this paper, we propose an ISP-driven managed P2P framework and peer selection mechanism for effective real-time IPTV service and show enhanced results in terms of decreasing network-oblivious P2P traffic and increasing user performance for IPTV.

ISP-Driven Managed P2P Framework for Effective Real-Time IPTV Service

231

2 Related Work Several P2P overlay constructions based on physical topology information have been studied. Recently, ALTO WG in IETF and P4P WG in DCIA, a targeting cooperative technique, are now standardizing P2P traffic optimization. Thus, many ISPs anticipate and watch the standardizing process. Both protocols suggest several interfaces to feed topology-related information to the oracle server and coordinate and exchange data, and to query the service. More detailed information of ALTO and P4P as follows.

Fig. 1. ALTO framework

Fig. 1 presents ALTO framework that enables other components to provide interactions. ALTO server generally called an “oracle” knows the topology-related information. Trackers owned by a P2P algorithm or contents provider maintain peerorganized overlay networks. However, because it does not have knowledge of the physical network, it is required to query the network about the location of determined candidate peers and the ALTO server provides guidance that corresponds to the query. To support this framework, ALTO servers update the network information such as its routing state periodically. Fig. 2 shows the P4P network architecture that integrates various content providers and ISPs. P4P distinguish trackers into appTracker owned by contents provider and iTracker owned by ISPs. Before determining the target peer, several candidate peers selected by appTracker. After iTracker receives information of candidate peers from appTracker, it calculates weight according to the distance between peers for maximizing the network’s performance. P4P provides three core interfaces: policy interface allowing ISP policy and identifies congestion information based on the network location of users and P4P distance interface querying the virtual distance between two peers and capability distance providing differentiated service, such as use of the on-demand server or cache server.

232

S. Jeon et al.

Fig. 2. P4P framework

Consequently, previously proposed oracle-based mechanisms including ALTO and P4P enabled cooperation with P2P content providers using various P2P protocol. However, they are limited as a P2P solution for web-based file sharing used to minimize network-oblivious P2P traffic in an ISP network. Thus, when we want to provide real-time IPTV streaming service, we need the framework to consider the improvement of user quality as well as a reduction of network-oblivious P2P traffic. In the next section, we will provide the ISP-driven managed P2P framework and peer selection mechanism for real-time IPTV streaming service.

3 Managed P2P IPTV Framework for IPTV Service 3.1 Managed P2P IPTV Framework This section proposes an ISP-driven managed P2P framework to achieve reduction of topology-oblivious P2P traffic and especially, to improve the quality of real-time streaming. ISP-driven IPTV services need to cooperate with other CPs in order to provide various contents. To manage the content owned by CPs, we assume many CPs will use tracker-based solutions, such as BitTorrent [11]. Among selected candidate peers, optimal peer selection is determined by iTracker, which knows network topology information. Fig. 3 shows the procedures of a proposed managed P2P framework for IPTV service.

ISP-Driven Managed P2P Framework for Effective Real-Time IPTV Service

233

Fig. 3. Channel request/response procedures for managed P2P IPTV service

After the set-top box (STB) completes its boot-up procedures, such as the assignment of an IP address, the following steps present the scheme in detail. • Step 1: A STB sends a “Get Program Request” message containing channel information to the EPG (Electronic Program Guide) server, which performs the same function as a torrent server in BitTorrent. The EPG sends a “Get Program Response” message that includes the IP address of the cTracker that manages the requested channels signal delivery to the STB. • Step 2: After receiving the “Get Program Response” message, the STB directly sends a “Get Peer Request” to the cTracker. At this time, we use an OID (Opaque ID) assigned by iTracker through initial boot-up procedure for topology-hiding. A cTracker knows the OID information of each peer and maintains binding information with OID and IP address through “Get Program Request” message but this technique is out-of-scope in this paper. • Step 3: The cTracker receiving the “Get Peer Request” message sends the “Peer Selection Request” containing OID information of candidate peers to the iTracker. The iTracker sends back a “Peer Selection Response” message containing the IP address of the target peer based on inner topology information to the cTracker. • Step 4: The cTracker sends the finally ordered peer list based on receipt message from iTracker. Then, the STB try to connect peering to the peers in received peer list. 3.2 The Structure of iTracker The iTracker decides on a target peer based on the link traffic and link delay for effective peer selection between the requesting peer and candidate peers. The functional block diagram is as shown in Fig. 4.

234

S. Jeon et al.

Fig. 4. Functional block diagram within the iTracker

The iTracker has several interfaces with the STB, cTracker, Route Monitor, and SNMP server. It consists of several functions in which a topology-hiding OID manager creates an OID per the STB and the total distance calculator that calculates the distance value and network DB storing the link traffic and delay. The SNMP periodically obtains network information from SNMP agents that estimate and store the traffic and delay statistics on an input port at every router. To get the delivery network information, we first need the peering information among peers. This is obtained by the cTracker. The link traffic (te) traversing the link is expressed as the transmission rate of frame and link delay (de) meaning the elapsed time of a transmitted frame between two nodes. 3.3 Target Peer Selection Our scheme satisfies the ISP-objective, which requires reduced network-oblivious P2P traffic and the user-objective, which requires improved user-quality. For the ISPobjective, we define pij as weight for optimal route between the requesting peer (i) and the candidate peer (j), and pe as the weight per link e organizing the route. Then, we are able to acquire pij, which is the sum of each pe corresponding to the path organized between i and j, as shown in equation (1). For the calculation, we use an optimized decomposition method, which is also used in P4P [12].

pij = ∑ pe I e (i, j ) . e

(1)

Equation (1) minimizes P2P traffic and then obtains the result according to the mechanism. However, in order to obtain additional improvements in user quality performance, we need information about the currently organized peers from the

ISP-Driven Managed P2P Framework for Effective Real-Time IPTV Service

235

Fig. 5. The information to select target peer in iTracker

streaming server (S). For an easy description of the proposed peer selection mechanism, we assume that there are two branches from S and each peer is connected with one parent and one child as shown in Fig. 5. In this environment, j4a and j4b are closest peers from i node in each branch. The cTracker selects j4a and j4b as the candidate peer and then sends the IP addresses of {j1a, j2a, j3a} and {j1b, j2b, j3b} organized from the S to each j4a and j4b as well as the OID of j4a and j4b. In actuality, each hop count between i and j4a and, i and j4b is 3 and 4. When we assume that the link traffic traversing one hop is the same, the optimal target peer is j4a. However, we cannot assure that the quality of streaming received from j4a is better than that of j4b. This is because we did not consider the delivery network while the streaming data is delivered through peers organized from S. Thus, we calculate the sum of the link delay in the delivery network containing the candidate peers as shown in equation (2), which means that the sum of the link delay between j1m and j2m and, j2m and j3m, and so on, is organized from candidate peer jxm to the S.

d jm , s = x

∑d

e e∈path{ j1m , j2m }

+

∑d

e e∈path{ j2m , j3m }

+"+

∑d

e e∈path{ jxm , S }

.

(2)

236

S. Jeon et al.

We then acquire a link weight (pw) that totally satisfies both the ISP-objective and the user-objective. As shown in (3), we select the minimized pw among the values that are summed up pi, j with link delay multiplied by gamma γ, which is weight factor to decide the reflected degree of organized network delay. It can be used for ISP’s policy.

pw = min{( pi , j a + γ ⋅ d j a , s ), ( pi , jb + γ ⋅ d jb , s ), ..., ( pi , j m + γ ⋅ d j m , s )} .

(3)

4 Simulation and Results In this section, we evaluate the proposed scheme for an IPTV streaming service. For a delivery model, we use the widely deployed breath-first-search (BFS) tree model used in CoolStreaming [13]. We compare three mechanisms that original “BFS” and “P2P-Link-Traffic” only considering the link traffic between the requesting peer and candidate peer and proposed scheme. The BFS model composes the delivery tree by focusing on the width according to the sequential arrival of each node. The BFS model has the feature to reduce the total forwarding latency of data delivered from the source to the leaf node. For the evaluation of three mechanisms, we use a QualNet simulator v4.0 [14]. We deploy 100 nodes and use OSPF routing protocol to retrieve the route between peers in the ISP network. In consideration of the external environment, we use 6 FTP sessions. The amount P2P traffic that occurs is calculated as the number of forwarded datagrams, except for FTP traffic when the FTP transmission rate is 400KB/s, 1MB/s, and 5MB/s, respectively. 4.1 User’s Streaming Quality The change of performance in terms of user quality is indicated by the depth-level of the peer in the delivery network. We use 50 peers among 100 nodes. Each peer participates in the streaming service sequentially. Fig. 6 shows that the delay variation of leaf peer that located in depth-level 4 as received packet sequence from source. The BFS mechanism is not optimized based on network topology; hence, it is influenced more by unnecessary P2P traversing and background FTP traffic. This results in a great deal of delay and more fluctuation than other mechanisms. In Fig. 6 (b), a P2P-Link-Traffic scheme has 22ms while the proposed scheme has a 12ms average. As the peers participate more, we could predict that the delay times will be doubled or will increase even more when we consider the complexity of the delivery network and the increase in routing hop counts. Fig. 7 shows the jitter variation of the peer receiving streaming data located at the depth-level 4. We observe that the BFS has the irregularity of jitter that corresponds to the delay variation shown in Fig. 6. P2P-Link-Traffic and the proposed scheme

ISP-Driven Managed P2P Framework for Effective Real-Time IPTV Service

237

Fig. 6. Comparison of delay variation

show the changes of variation about twice smaller. However, we confirm that the difference of variation is little more than P2P-Link-Traffic. Through this result, we observe that the proposed scheme has better performance in terms of delay and jitter while providing the streaming service.

238

S. Jeon et al.

Fig. 7. Comparison of jitter variation

4.2 Comparison of P2P Traffic and Intensity Fig. 8 (a) expresses the total amounts of P2P traffic and Fig. 8 (b) shows the intensified degree of P2P traffic, which is calculated by standard deviation. Ultimately, Fig. 8 (a) means how efficiently network resources are saved. However, Fig. 8 (b) shows how efficiently loads are distributed. Each peer has 4 child nodes as the out-degree and we regulate 400KB/s as the streaming rate. We observe that the P2P-Link-Traffic scheme and the proposed scheme have reduced the amount and intensity of the P2P traffic. But we observe that P2P traffic in the proposed scheme is slightly more than in the P2PLink-Traffic scheme. However, the proposed scheme provides performance similar to the one of the P2P-Link-Traffic scheme.

ISP-Driven Managed P2P Framework for Effective Real-Time IPTV Service

239

Fig. 8. Total amounts of P2P Traffic and P2P traffic intensity in ISP’s network

5 Conclusion In this paper, we proposed a managed P2P framework and peer selection mechanism for real-time IPTV streaming service. Previous schemes based on topology information have mainly focused on the reduction of network-oblivious P2P traffic. However, in order to provide effective real-time IPTV service, ISPs need to increase efforts to improve user quality as well as suppressing network-oblivious P2P traffic. Recently introduced P4P, which is effective peer selection mechanism to decrease network-oblivious P2P traffic. However, IPTV is delay-sensitive application. It then needs the mechanism that considers service quality in terms of delay and jitter as well as the reduction of unnecessary P2P traffic. Thus, we propose managed P2P streaming mechanism satisfying the requirements and reflecting link delay of organized P2P network. Our simulation shows that the proposed scheme displays better streaming quality and reduction of P2P network-oblivious traffic. Consequently, it confirms that a managed P2P mechanism should consider the delay information for an already organized delivery network.

Acknowledgments This research was partially supported by the MKE (The Ministry of Knowledge Economy), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institute for Information Technology Advancement) (IITA-2009-(C1090-0902-0036)) and Ubiquitous Computing and Network (UCN) Project, Knowledge and Economy Frontier R&D Program of MKE in Korea as a result of UCN's subproject 09C1-C1-20S.

References 1. CoolStreaming, http://www.coolstreaming.us/hp.php?lang=en 2. TVAnts, http://tvants.en.softonic.com/ 3. Cha, M., Rodriguez, P., Moon, S., Crowcroft, J.: On Next-Generation Telco-Managed P2P TV Architectures. In: Proc. of 2008 IPTPS Conference (2008)

240

S. Jeon et al.

4. Packeteer. Packeteer packetShaper, http://www.packeteer.com/products/packetshaper 5. Sandvine. Intelligent broadband network management, http://www.sandvine.com 6. Bindal, R., Cao, P., Chan, W., Medval, J., Suwala, G., Bates, T., Zhang, A.: Improving Traffic Locality in BitTorrent via Biased Neighbor Selection. In: 26th IEEE International Conference on Distributed Computing Systems, p. 66 (2006) 7. Aggarwal, V., Feldmann, A., Scheideler, c.: Can ISPs and P2P Systems Cooperate for Improved Performance? Proc. of ACM SIGCOMM, Computer Communication Review 37(3) (2007) 8. Choffnes, D.R., Bustamante, F.E.: Taming the Torrent. In: Proc. of ACM SIGCOMM (August 2008) 9. Kiesel, S., Popkin, L., Previdi, S., Woundy, R., Yang, Y.R.: Application-Layer Traffic Optimization (ALTO) Requirements, draft-kiesel-alto-reqs-00.txt (July 4, 2008) 10. Xie, H., Krishnamurthy, A., Silberschatz, A., Yang, Y.: P4P: Explicit Communications for Cooperative Control Between P2P and Network Providers, http://www.dcia.info/documents/P4POverview.pdf 11. BitTorrent, http://www.bittorrent.com 12. Xie, H., Yang, U.R.: P4P – Provider Portal for (P2P) Applications. In: Proc. of SIGCOMM 2008, August 17-22 (2008) 13. Zhang, X., Liu, J., Li, B., Yum, T.-S.: CoolStreaming/DONet: A data-driven Overlay Network for Live Media Streaming. In: IEEE INFOCOM 2005, Miami, FL, USA, March 2005, pp. 2102–2111 (2005) 14. QualNet Network Simulator, http://www.scalable-networks.com

Fault-Tolerant Architecture for Peer to Peer Network Management Systems Maryam Barshan1, Mahmood Fathy1, and Saleh Yousefi2 1

Computer Engineering Faculty, Iran University of Science and Technology(IUST) [email protected], [email protected] 2 Computer Engineering Department, Urmia University [email protected]

Abstract. In this paper we propose a 3-tier hierarchical architecture which is based on peer to peer model for network management purpose. The main focus of the proposed architecture is provisioning fault tolerance property which in turn leads to increasing the availability of the Network Management System (NMS). In each tier of the architecture we use redundancy to achieve the aforementioned goal. However we do not use redundant peers thus no peer redundancy is imposed to the system. Instead we use some selected peers in several roles and therefore only add some software redundancy which is easily tolerable by advanced processors of NMS’s peers. Due to the hierarchal structure failure of nodes in each tier may affect NMS's availability differently. Therefore we examined the effect of failure of peers which play different roles in the architecture on the availability of the system by means of extensive simulation study. The results show that the proposed architecture offers higher availability in comparison to previously proposed peer to peer NMS. It also offered lower sensitivity to failure of nodes. Keywords: availability, fault tolerance, network management, hierarchical P2P networks.

1 Introduction Nowadays the interest of almost all companies in taking advantage of new technologies and reaping their benefits leads to increase of network complexity. One of the challenges is offering various services in a high quality. However emergence of new equipment and services and increasing the number of users with diverse service demands make the management of new generation networks difficult. In order to succeed in management of such complex networks a robust, reliable NMS is required. IETF’s SNMP (Simple Network Management Protocol) and ITU-T’s TMN (telecommunication Management Network) have been two main network management technologies in the computer networking industry. Nowadays, due to some new challenges including dynamic topology configuration, interoperability among heterogeneous networks, QoS guaranteed services, etc they show some weakness points in the management of such complex networks [1, 2]. To address these shortcomings two S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 241–252, 2009. © Springer-Verlag Berlin Heidelberg 2009

242

M. Barshan, M. Fathy, and S. Yousefi

alternate technologies are recently introduced in the network management community: web services and peer to peer (P2P) [3]. The well known characteristics of P2P approaches lead to scalability, flexibility, reliability and improving the quality of current network management solutions. Therefore one of the solutions for addressing network management challenges is to use P2P-based NMSs which are based on overlay networks. A management overlay can potentially encompass different administrative domains. Thus it can put together different human administrators and diverse systems and networks in order to accomplish a management task in a cooperative and integrated manner. Basically a network management system will work effectively and efficiently only when it could gain the information it needs from the network and could be able to change the configuration or apply attributes when necessary. Therefore, one of the requirements of a management system to deliver the needed service is to provide reasonable availability. Availability of a system can be investigated from several viewpoints including QOS [4], security [5] and fault tolerance [6]. Fault tolerance is the ability of a system to offer services even in the presence of a fault. It is one of P2P networks requirements in order to avoid data losses and to support proper message transferring. Redundancy is a technique for applying fault tolerance and increasing reliability and availability of P2P systems. It can be used for different resources. In this paper we propose architecture for increasing the availability of the network management system. We intend to achieve such a goal through increasing fault tolerance property of the NMS by applying redundancy. However the architecture we proposed does not impose any peer (hardware) redundancy but software redundancy. This is mainly because we use some peers in several roles and thus add some software redundancy which is easily tolerable by advance processors of NMS’s peers. We conduct extensive simulation study to examine the performance of the proposed architecture in presence of nodes' failure. We also investigate effect of failure in different nodes and sensitiveness of the architecture to those failures. To the best of our knowledge this work is the first work which addresses fault tolerance in peer to peer network management and the proposed architecture is the first one in its type. The remaining of this paper is organized as follows. In Section 2 related works have been reviewed. In Section 3 the proposed architecture is introduced. In section 4 we evaluate performance of the proposed architecture using extensive simulation study and bring results. Finally, section 5 concludes the paper along with some guidelines for future work.

2 Related Work The work related to our study can be categorized in three main topics including P2P-based network management systems, fault tolerance in P2P systems and fault tolerance in hierarchical P2P systems. Reference [7] has carried out one of the first investigations of using P2P paradigm in network management. The authors of [8] designed a P2P overlay to address fault and performance management. Another use of P2P management which is used for Ambient Networks (ANs) has been reported in by [9]. More importantly in a European Celtic Madeira project [10] the goal is to implement P2P-based management

Fault-Tolerant Architecture for Peer to Peer Network Management Systems

243

systems for mesh and ad-hoc networks. The project uses inherent P2P characteristics for automatic and dynamic network management in this kind of networks. Madeira peers are organized in some clusters with selected nodes as cluster heads. The cluster heads are re-clustered in another layer and this trend is continued until one peer remains at topmost level. The aforementioned process leads to a multi-tier hierarchal P2P architecture. The authors of [11] point out that using such architecture and more specifically a 2-tier hierarchical P2P technology is a flexible, scalable and easy to use solution in network management applications. Note that [10] and [11] like all P2P architecture make use of application layer routing which causes improvement of connectivity between management entities. Furthermore the advantage of using grouping in each layer for balancing management tasks is discussed. Deploying redundancy is a technique for increasing reliability and availability of P2P systems. In DHT (Distributed Hash Table) P2P systems, three kinds of redundancy are discussed: replication and erasure coding or combination of the two methods [12, 13]. Due to high churn rate in P2P networks, the authors in [14] proposed a technique in order to ease fault discovery and network recovery aiming at having provisioning dependability and performance. This method is called MSPastry and is a new implementation of the Pastry for real environments which has consistent message routing. By assuming high dynamic rate in structured P2P networks, reference [15] has designed a failure recovery protocol and has evaluated its performance. Moreover the authors in [16] answer two issues: first how data structure can be built for routing in presence of faulty nodes and the second, how a secure message routing can be achieved? In [17] an efficient method for fault tolerance in hierarchical P2P systems is introduced. It proposes a so called multiple publication technique which normal peers connect to one or more SP (Super Peer) in other groups. When a normal peer finds out that its corresponding SP no longer works, it selects one of the other group’s SP as its new SP. The authors in [18] took advantage of BSP for applying fault tolerance in each group, i.e. whenever a SP fails, it is replaced by a BSP. The paper further proposed a scalable algorithm for assigning peers into groups, selecting SPs and maintaining overlay network. In [19] the authors used redundancy but their methodology is different from the one in [18] in that in each group some SPs form a virtual SP. Then node belonging to the virtual SP uses Round Robin (RR) to serve as a SP. [20] reports using of 2 layers for SP fault tolerance: first all peers, are organized in a flat layer and then peers with more resources arrange another overlay for managing other lessresource peers. In case of a SP failure, peers use flat layer instead of second overlay, because they are already organized in that layer and have necessary connections with other peers in that layer. However, delivery is not guaranteed.

3 Proposed Architecture for P2P-Based NMS Proposed network management system is a 3-tier hierarchical architecture. The layers from down to up are as follows: LLM (Low Level Manager), MLM (Mid Level Manager) and TLM (Top Level Manager). Peers of each layer are arranged in some groups. Note that the aforementioned nodes belong to NMS and are called manager nodes hereafter. The manager nodes are used for the sake of management of some other nodes called managed elements (end nodes) which are actually nodes in the network

244

M. Barshan, M. Fathy, and S. Yousefi

under management. LLM groups are in charge of collecting management data from managed elements. As shown in Fig.1, end nodes connect to their SPs through a star topology. Indeed due to the fact that they are managed devices they do not need to connect to each other in the NMS. This is not in contradiction to their ability to communicate with each other in the network under management. Furthermore, each end node has the address of a BSP for the sake of using it if necessary.

Fig. 1. Connectivity of end nodes and corresponding SP

In the proposed NMS architecture, each peer in LLM can be used as a BSP for other peers which act as SPs for end nodes. For example in Fig. 2, A′ is as a BSP for A and A′′ as a BSP for A′ . The reason why SP of each group is used as BSP of others is applying redundancy with minimum overhead. Thus there is no hardware overhead in this case. In each LLM group one SP and one BSP (the most powerful peers) are selected among all peers for making connection to upper tier (i.e. the MLM layer). The process of selecting SP and BSP nodes is out of scope of this paper. In each LLM group peers are connected to the selected SP and BSP through a star topology. It should be stressed that there is a direct link between a SP and BSP in these groups. This link is used to send alive messages in order to get informed of any failure. Fig. 2 gives a representation of an LLM group structure when the redundancy factor is 2.

Fig. 2. LLM layer intra-groups connectivity

MLM layer is formed by grouping SPs and BSPs of the LLM layer groups. The proposed dynamic topology for the MLM group is depicted in Fig. 3. As shown in the figure, SPs are connected through a degree-three Chordal ring and BSPs are connected to their SPs neighbors. It should be noted that in Fig. 3 each BSP is just in role of backup and does not have any responsibility in MLM functionality until its corresponding SP fails. When the SP fails, the BSP connects to MLM through neighbor of the failed SP. Thus during the time in which the SP is active, it is in charge of managing both LLM and

Fault-Tolerant Architecture for Peer to Peer Network Management Systems

245

Fig. 3. MLM layer intra-groups connectivity

MLM layers and during this whole period BSP just is in charge of collecting management data from its assigned end nodes. Fig. 4 shows set of connections between SPs and BSPs of LLM layers in the MLM layer. As shown in the figure, in addition to link between LLM and MLM layers some horizontal links are created among LLM groups (i.e. the groups in the same hierarchal level). These horizontal links shown by dashed lines in the figure, may be taken advantage in order to make possible more cooperation in the proposed NMS. Moreover, in this layer (i.e. MLM) no additional peers are used thus no hardware cost is imposed to the proposed NMS. It is worthy of mention that Management by Delegation (MbD) can be performed in MLM layer.

Fig. 4. Cooperation between LLM layer SPs and BSPs

In the MLM layer we use a set of SP nodes called VSPs (Virtual SP). Using a Round Robin method at any moment of the time (e.g. any failure time) one of the members of VSP set takes the responsibility of SP in each MLM group. The current SP node makes management decisions and links LLM layers to the TLM layer. Based on this organization some SPs take turn serving other peers. Note that as illustrated in Fig. 5 from the TLM point of view this set can be assumed such as one SP. At any moment of time the peer which is in charge of TLM and MLM connectivity is called RSP (Real SP). MLM groups are formed from SPs and BSPs of LLM layer for being in charge of LLM and TLM connectivity. One of the problems of considering static architecture here is increasing load in edge peers (peers between MLM and TLM layers). To alleviate this problem VSPs are used making dynamic connection with TLM. In fact using VSPs leads to distribution of management data transfer load among some more powerful SPs.

246

M. Barshan, M. Fathy, and S. Yousefi

Fig. 5. Method of connecting MLM to TLM

The topology of TLM layer, shown in Fig. 5, due to its importance and communicating with human administrators is considered Full-mesh. The whole TLM layer can be assumed as one virtual peer, as well. The peers of this layer are different from peers of MLM which were formed from SPs and BSPs of LLM groups. In fact, at first all peers are divided into two parts. One part is used to form LLM layer and then MLM from SPs and BSPs of LLM groups. So the other part is used to organize TLM layer. Finally, the schematic of the proposed architecture which is used in simulation is depicted in Fig. 6.

Fig. 6. A sample of hierarchical proposed architecture

In MLM layer of described architecture any SP/BSP failure is periodically being checked. When the BSP/SP realizes that its corresponding SP/BSP is failed, immediately reports it to TLM through a critical message (failure alarm). Then a source routing algorithm is executed in the TLM in order to update (reconfigure) the architecture through replacing the BSP in the architecture instead of the failed SP. In other words, due to absence of the SP, the replaced BSP takes the responsibility of linking LLM

Fault-Tolerant Architecture for Peer to Peer Network Management Systems

247

layer to the TLM layer. Note that this failure will be reported to human administration in TLM layer and repair process is launched afterward. Due to report of failure toward upper levels (i.e., from LLM and MLM toward TLM and in the case of MbD, from LLM toward MLM), there is no need to take k more than 2 (k denotes redundancy factor). In fact, the probability of coincident failure of a SP and BSP can be ignored.

4 Experimental Results Evaluation of the proposed architecture has been performed through the PeerSim simulator [21]. The simulated NMS is composed of 100 management peers (Fig. 6). The number of TLM peers in this scenario is considered 4 out of 100, while the total number of LLM members is considered 96. These 96 peers have been arranged in some 8-member groups. For each of these 12 groups one SP and one BSP have been selected and moved to MLM layer. 8-member groups are formed in this layer again. As a result the number of LLM members is 74 and the number of MLM members is 24. In each MLM group three SPs are selected as VSPs. Then the mentioned topology is applied to the whole structure and a kind of source routing with minimum latency is implemented to route messages from different elements of the architecture. Failure rates are taken different for each peer type. VSPs in MLM layer have lower failure rate in comparison with other nodes in MLM layer. Furthermore, SPs and BSPs have lower failure rate in comparison with LLM peers. In simulation the failure rate of LLM and TLM peers are assumed to be zero ( λ LLM = λTLM = 0, TLM layer because of Full-mesh topology and LLM layer due to the fact they are connected to the end nodes which are not included in the NMS). The times to failure for MLM peers are taken from exponential distribution with the failure rate (i.e. λMLM and λVSP ) given in each figure. It should be noted that our aim in λ MLM is failure rate of all MLM peers except VSPs. In order to evaluate the availability of proposed NMS architecture we measure percentage of available peers. The measured availability is in TLM's viewpoint. In other word if some peers are available but are not reachable by TLM they are considered as unavailable peers. The following figures are depicted from the average of 1000 experiments. In repairable case, after finishing repair time, the SP takes back its responsibility again. In this case until next failure (10 times of failure are assumed for each peer) the BSP has role just in LLM layer and no longer has responsibility in MLM layer. Moreover in this case, times to repair are considered to be fixed and within a specific period of time (500 time slots = 1/40 simulation time). Furthermore, the number of periodic alive checking is 500 and number of message sending for checking available peers is 100 for the whole of simulation time. The non-fault tolerant architecture which is used for comparison has the same assumption as the proposed architecture in terms of number of peers, number of groups and number of peers in each group. However it has the following differences: not using BSPs in LLM layer, not using VSPs in MLM layer and not using RR method for selecting RSP in each MLM group (indeed in this architecture VSP failure means RSP failure).Thus the topology is considered star in LLM layer (just with SPs), degree-three Chordal ring for MLM layer (without BSPs connections) and Full-mesh for TLM layer.

248

M. Barshan, M. Fathy, and S. Yousefi

The following figures are drawn based on repairable assumption to show the availability improvement in proposed architecture in comparison to the non-fault tolerant architecture (figure 7). We also intend to show the effects of different failure rates (figure 8) as well as sensitiveness of the proposed architecture in presence of VSP and MLM failures (figure 9). Note that in each figure the values of failure rates are mentioned. repairable case λ (MLM)=1/20000, λ (VSP)=1/20000 percentage of available peers

101 100 99 98 97 96 95 94 93

proposed architecure

92

non-fault tolerant architecture

91 0

5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Trial No.

Fig. 7. The proposed architecture availability versus the non-fault tolerant availability Table 1. Average, Min and Max values of the curves of Fig. 7 Repairable case Proposed arch. λ MLM =1/20000 λ VSP = 1/20000 Non-fault tolerant arch. λ MLM =1/20000 λ VSP = 1/20000

Avg

Max

Min

97.91

99.70

97.46

95.34

99.66

94.56

First we show the effectiveness of the proposed architecture in improvement of NMS's availability in Fig. 7. This figure is depicted assuming the same failure rate for MLM and VSP ( λVSP = λMLM = 1/20000) as well as the probability of no failure in TLM and LLM peers. It follows from the figure that NMS's availability in proposed architecture is noticeably improved (on average 97.91% versus 95.34%. Since 1% of availability is more important 2.57% increase on average) in comparison to the non-fault tolerant one. Next in Fig. 8 we aim at studying the effect of failure rate along with peer types on the NMS's availability. In Fig. 8(a) we assume no failure in other peers and vary failure rate of VSP nodes. As concluded from the figure by increasing failure rate the availability of the NMS deteriorates considerably (on average 98.5%, 97.1%, and 94.2% for different failure rates in the figure. i.e. a total of 2.147% decrease on average). In figure 8(b) the availability of NMS is shown for different failure rates of MLM nodes. As is illustrated in the figure it obeys the same trend of Fig. 8(a) unless it shows that effect of failure in VSP nodes is more considerable (on average 99.4%, 98.78%, and 97.65% for different failure rates in the figure. i.e. a total of 0.872% decrease on average) in comparison to other MLM nodes. This phenomena is also validate in Fig 8(c) in which the same failure rates of MLM and VSP nodes present quite noticeable difference (on average 99.39% versus 98.47%. i.e. 0.92% difference on average) in NMS's availability. In this figure other failure rates except ones mentioned are taken zero.

Fault-Tolerant Architecture for Peer to Peer Network Management Systems

repairable case

repairable case

100

percen tag e o f a va ilable p ee rs

percentage of available peers

101 99 98 97 96 95 94 93 proposed architecture, λ (VSP)=1/20000 proposed architecture, λ (VSP)=2/20000 proposed architecture, λ (VSP)=4/20000

92 91 90 0

249

100.50 100.00 99.50 99.00 98.50 98.00 97.50 97.00 96.50 96.00 95.50

proposed architecture, λ (MLM)=1/20000 proposed architecture, λ (MLM)=2/20000 proposed architecture, λ (MLM)=4/20000

0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95

5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Trial No.

Trial No.

8(a). Comparing different VSP failure rates

8(b). Comparing different MLM failure rates

Percentage of available peers

Repairable case 100.5 100 99.5 99 98.5 98 proposed architecture , λ (MLM)=1/20000

97.5

proposed architecture , λ (VSP)=1/20000

97 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Trial No.

8(c). The effects of similar MLM and VSP failure rates Fig. 8. The effect of MLM and VSP failure rates on the NMS's availability Table 2. Average, Min and Max values of the curves of Fig. 8(a) Repairable case Proposed arch. λ VSP =1/20000 Proposed arch. λ VSP =2/20000 Proposed arch. λ VSP =4/20000

Avg

Max

Min

98.50

99.66

97.90

97.11

99.31

96.59

94.21

98.82

93.51

Table 3. Average, Min and Max values of the curves of Fig. 8(b) Repairable case Proposed arch. λ MLM =1/20000 Proposed arch. λ MLM =2/20000 Proposed arch. λ MLM =4/20000

Avg

Max

Min

99.40

99.95

99.27

98.78

99.88

98.59

97.65

99.68

97.16

Table 4. Average, Min and Max values of the curves of Fig. 8(c) Repairable case Proposed arch. λ MLM =1/20000 Proposed arch. λ VSP =1/20000

Avg

Max

Min

99.39

99.89

99.27

98.47

99.80

98.10

250

M. Barshan, M. Fathy, and S. Yousefi

Figure 9 evaluates the sensitivity of the proposed architecture in comparison to non-fault tolerant architecture to peer failure. For this purpose we measure the amount of availability decrease in response of some increase in failure rates. In figure 9(a) we increase the failure rate of VSP nodes from 1/20000 and 2/20000 and measure NMS's availability for our proposed architecture and non-fault tolerant one. Furthermore figure 9(b) shows the same phenomena in the presence of failure in MLM nodes. As it follows from the figures both VSP and MLM failures have less influence on the availability of the proposed architecture than non-fault tolerant architecture. For the failure rate numbers in the figure, the sensitivity of the proposed architecture in comparison to the non-fault tolerant one is 3.38 percent lower (for VSP failure) and 0.31 percent lower (for MLM failure). Repairable case 102

100

Percentage of available peers

Percentage of available peers

Repairable case 102

98 96 94 92 Proposed architecture , λ (VSP)=1/20000 Proposed architecture , λ (VSP)=2/20000 non-fault tolerant architecture , λ (VSP)=1/20000 non-fault tolerant architecture , λ (VSP)=2/20000

90 88 86

100 98 96 94 92 Proposed architecture , λ (MLM)=2/20000 Proposed architecture , λ (MLM)=4/20000 non-fault tolerant architecture , λ (MLM)=2/20000 non-fault tolerant architecture , λ (MLM)=4/20000

90 88

0

5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Trial No.

0

5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Trial No.

9(b) Sensitivity to MLM failure

9(a) Sensitivity to VSP failure

Fig. 9. Comparing the sensitivity of the proposed architecture and non-fault tolerant architecture to VSP and MLM failures Table 5. Average, Min and Max values of the Table 6. Average, Min and Max values of curves of Fig. 9(a) the curves of Fig. 9(b) Repairable case Proposed arch. λ VSP =1/20000 Proposed arch. λ VSP =2/20000 Proposed arch. λ VSP =4/20000 Proposed arch. λ VSP =8/20000 Non-fault tolerant arch.

λ VSP =1/20000 Non-fault tolerant arch.

λ VSP =2/20000 Non-fault tolerant arch.

λ VSP =4/20000 Non-fault tolerant arch.

λ VSP =8/20000

Repairable case Proposed arch. λ MLM =1/20000 Proposed arch. λ MLM =2/20000 Proposed arch. λ MLM =4/20000 Proposed arch. λ MLM =8/20000

Avg

Max

Min

97.86

99.67

97.36

96.32

99.46

95.64

93.47

98.80

92.67

88.59

97.49

86.94

95.33

99.46

94.51

Non-fault tolerant arch.

91.88

99.38

90.75

Non-fault tolerant arch.

λ MLM =1/20000 λ MLM =2/2000

85.76

98.59

84.35

Non-fault tolerant arch.

75.92

97.56

73.16

Non-fault tolerant arch.

λ MLM =4/20000 λ MLM =8/20000

Avg

Max

Min

97.88

99.61

97.30

97.30

99.54

96.73

96.00

99.39

95.42

93.96

99.03

93 .16

95.33

99.56

94.52

94.61

99.54

93.74

93.01

99.54

92.14

90.49

99.06

89.31

5 Conclusion Due to weakness points of traditional client/server based network management systems, we aimed at designing a high available NMS based on Peer to Peer paradigm. In

Fault-Tolerant Architecture for Peer to Peer Network Management Systems

251

this paper we proposed a self-reconfigurable and self fault-managed architecture by applying fault tolerant property. Our main focus is to offer high availability with minimum overhead contrary to costly redundancy mechanisms. For this purpose we use multi-role peers where each node in addition to its normal role plays the role of back up for other selected nodes. Thus, no peer redundancy is added except of some software redundancy which is easily tolerable by today's advance NMS peers. Experimental results show the effectiveness of the proposed architecture in improvement of NMS's availability in comparison to a non-fault tolerant NMS. It also offers less sensitivity to a node failure. We further examined the effect of failure of nodes in different level of hierarchy in availability of the proposed NMS. For future work we intend to study availability of the proposed fault-tolerant architecture from an analytical point of view.

Acknowledgment This work is supported by the Iran Telecommunication Research Center (ITRC).

References 1. Choi, M.-J., Won-Ki Hong, J.: Towards Management of Next Generation Networks. IEICE Trans. Commun. E90–B(11), 3004–3014 (2007) 2. Li, M., Sandrasegaran, K.: Network Management Challenges for Next Generation Networks. In: Proceedings of the IEEE Conference on Local Computer Networks 30th Anniversary (LCN 2005), Sydney, Australia (2005) 3. Cassales Marquezan, C., Raniery Paula dos Santos, C., Monteiro Salvador, E., Janilce Bosquiroli Almeida, M., Luis Cechin, S., Zambenedetti Granville, L.: Performance Evaluation of Notifications in a Web Services and P2P-Based Network Management Overlay. In: 31st Annual IEEE International Computer Software and Applications Conference (COMPSAC 2007), Beijing, china, vol. 1, pp. 241–250 (2007) 4. Menascé, D.A., Almeida, V.A.F., Dowdy, a.W.: Performance by Design: Computer Capacity Planning by Example. Prentice Hall PTR, Englewood Cliffs (2004) 5. Stallings, W.: Cryptography and Network Security Principles and Practices, 4th edn. Prentice Hall, Englewood Cliffs (2005) 6. Avižienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing 1(1), 11–33 (2004) 7. State, R., Festor, O.: A Management Platform Over Peer-to-Peer Service Infrastructure. In: Proceedings of 10th International Conference on Telecommunications, ICT 2003, Vancouver, BC, Canada, pp. 124–131 (2003) 8. Binzenhöfer, A., Tutschku, K., Graben, B.a.d., Fiedler, M., Arlos, P.: A P2P-based framework for distributed network management. In: Cesana, M., Fratta, L. (eds.) Euro-NGI 2005. LNCS, vol. 3883, pp. 198–210. Springer, Heidelberg (2006) 9. Brunner, M., Galis, A., Cheng, L., Colás, J.A., Ahlgren, B., Gunnar, A., Abrahamsson, H., Szabó, R., Csaba, S., Nielsen, J., Schuetz, S., Prieto, A.G., Stadler, R., Molnar, G.: Towards ambient networks management. In: Magedanz, T., Karmouch, A., Pierre, S., Venieris, I.S. (eds.) MATA 2005. LNCS, vol. 3744, pp. 215–229. Springer, Heidelberg (2005)

252

M. Barshan, M. Fathy, and S. Yousefi

10. Llopis, P.A., Frints, M., Abad, D.O., Ordás, J.G.: Madeira: A peer-to-peer approach to network management. In: The Wireless World Research Forum (WWRF), Shanghai, China (April 2006) 11. Zambenedetti Granville, L., Moreira da Rosa, D., Panisson, A., na Melchiors, C., Janilce Bosquiroli Almeida, M., Margarida Rockenbach Tarouco, L.: Managing Computer Networks Using Peer-to-Peer Technologies. IEEE Communications Magazine (October 2005) 12. Rodrigues, R., Liskov, B.: High availability in dHTs: Erasure coding vs. Replication. In: Castro, M., van Renesse, R. (eds.) IPTPS 2005. LNCS, vol. 3640, pp. 226–239. Springer, Heidelberg (2005) 13. Chen, G., Qiu, T., Wu, F.: Insight into redundancy schemes in DHTs. The Journal of Supercomputing 43(2), 183–198 (2008) 14. Castro, M., Costa, M., Rowstron, A.: Performance and dependability of structured peer-topeer overlays. In: IEEE, Proc. Dependable Systems and Networks (DSN 2004), June 2004, pp. 9–18 (2004) 15. Lam, S.S., Liu, H.: Failure Recovery for Structured P2P Networks: Protocol Design and Performance Evaluation. In: SIGMETRICS/Performance 2004. ACM, New York (2004) 16. Hildrum, K., Kubiatowicz, J.: Asymptotically Efficient Approaches to Fault-Tolerance in Peer-to-Peer Networks. In: Fich, F.E. (ed.) DISC 2003. LNCS, vol. 2848, pp. 321–336. Springer, Heidelberg (2003) 17. Lin, J.-W., Yang, M.-F., Tsai, J.: Fault Tolerance for Super-Peers of P2P Systems. In: Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing (PRDC), pp. 107–114 (2007) 18. Garcés-Erice, L., Biersack, E.W., Felber, P., Ross, K.W., Urvoy-Keller, G.: Hierarchical peer-to-peer systems. In: Kosch, H., Böszörményi, L., Hellwagner, H. (eds.) Euro-Par 2003. LNCS, vol. 2790, pp. 1230–1239. Springer, Heidelberg (2003) 19. Yang, B., Garcia-Molina, H.: Designing a Super-Peer Network. In: Proceedings of the 19th International Conference on Data Engineering, Bangalore, India, March 2003, pp. 49–62 (2003) 20. Panisson, A., Moreira da Rosa, D., Melchiors, C., Zambenedetti Granville, L., Janilce Bosquiroli Almeida, M., Margarida Rockenbach Tarouco, L.: Designing the Architecture of P2P-Based Network Management Systems. In: IEEE Symposium on Computers and Communications (ISCC 2006), Pula-Cagliari, Sardinia, Italy (2006). 21. PeerSim: A Peer-to-Peer Simulator, http://peersim.sourceforge.net/

Public Key Signatures and Lightweight Security Solutions in a Wireless Environment Dmitrij Lagutin and Sasu Tarkoma Helsinki Institute for Information Technology HIIT Helsinki University of Technology TKK, Espoo, Finland [email protected], [email protected]

Abstract. Several security solutions have been proposed for wireless networks, most of these are based on lightweight security measures and contain significant drawbacks, such as transit path dependency and high bandwidth overhead. In this work we compare a Packet Level Authentication (PLA), which is a public key based solution, against hash tree and hash chain based solutions in terms of security and energy overhead in wireless environment. We argue that due to advances in the semiconductor technology, public key based security solutions are viable for wireless networks. In many cases they actually achieve a better energy efficiency due to their lower bandwidth overhead. Keywords: Network security, public key cryptography, hash chains, wireless networks.

1 Introduction Currently the Internet is plagued by various security problems, such as denial-ofservice attacks and unsolicited e-mail. Wireless networks that are becoming increasingly popular further increase this problem, since wireless devices usually have limited battery power and bandwidth, allowing a successful attack to drain the victim from the bandwidth or energy. In order to improve the Internet's security, a strong network layer solution that can detect and stop malicious traffic as soon as possible is preferred. Most of the network layer security proposals are lightweight solutions based on a hash tree or hash chain methods. While such proposals decrease the computational requirements they increase the complexity of the system and include severe limitations. In this paper, we analytically investigate and compare the Packet Level Authentication (PLA), which is based on signing every packet in the network by public key signature technique, against lightweight hash chain and tree based solutions. We compare security properties of different solutions and analyze the overall bandwidth overhead in the wireless environment taking both the computational requirements and bandwidth overhead into account. This paper is structured as follows. Chapter 2 describes various security solutions, and their properties are evaluated in Chapter 3. Chapter 4 contains an analysis of the energy consumption in a wireless environment of various solutions. These results are evaluated in Chapter 5 and Chapter 6 contains conclusions and discusses future work. S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 253–265, 2009. © Springer-Verlag Berlin Heidelberg 2009

254

D. Lagutin and S. Tarkoma

2 Background This section covers existing security solutions that aim to provide integrity protection and data origin authentication on the network layer. 2.1 Packet Level Authentication (PLA) Packet Level Authentication (PLA) [1] is a novel way to provide availability and protect the network infrastructure from several kinds of attacks, like denial-of-service (DoS) attacks, on the network layer. PLA is based on the assumption that per packet public key cryptographic operations are possible at wire speed in high speed networks due to new cryptographic algorithms and advances in semiconductor technology. PLA aims to detect and stop malicious traffic as quickly as possible freeing resources to the benevolent traffic. A good analogy to the principle of PLA is a paper currency. Anyone can independently verify whether the bill is authentic simply by verifying built-in security measures such as a watermark and hologram. There is no need to contact the bank that has issued the bill. Similarly, PLA gives every node a ability to check whether the packet has been modified, duplicated or delayed without a previously established trust relation with the sender of the packet. Such packets can discarded immediately by any node in the network. The PLA relies on IP header extension techniques to add an own header to the packet. The PLA header contains following fields. The trusted third party certificate corroborates the binding between the sender's identity and its public key. It also guarantees that the sender is a valid entity within the network. To reduce computational and bandwidth overhead, PLA utilizes identity-based implicitly-certified keys [2], where the sender's public key is calculated from the TTP certificate. The PLA header also includes timestamp and sequence number fields that make possible to detect delayed and duplicated packets, which can be a sign of a replay attack. Finally, there is a cryptographic signature over the whole packet ignoring some IP header fields like hop limit, since these change during the lifetime of the packet. The signature protects the integrity of packet and together with sender's public key it offers non-reputability; the sender cannot deny sending the packet. A lightweight version of PLA does not contain TTP certificate in every packet to reduce the bandwidth and computational overhead. In this case a TTP certificate is transmitted periodically and routers should cache it to fully authenticate the sender. Cryptographic Solutions and Performance Since PLA includes signatures and public keys in every packet, it is not feasible to use traditional cryptographic solutions like RSA. To reduce the bandwidth overhead, PLA uses elliptic curve cryptography (ECC) [3]. A 163-bit EEC key used with PLA offers the same cryptographic strength as a 1024-bit RSA key [4]. An FPGA-based hardware accelerator has been developed for PLA [5]. According to simulations, an ASIC based on Altera's harcopy [6] technology built on 90 nm manufacturing process would achieve 850,000 signature verifications per second with a power consumption of just 22.4 W.

Public Key Signatures and Lightweight Security Solutions

255

2.2 Hash Trees The hash tree is a tree where leaves are hashes of data blocks, like packets. Nodes higher in a tree are hashes of their respective children. A Merkle tree [7] is a complete binary hash tree. Hash trees can be used to protect the integrity of the network traffic [8], [9]. The idea is to create a Merkle tree which consists of packet's hashes, calculate the root hash of the tree, and sign it with a cryptographic signature. Then packets are sent along with the tree's root signature and a necessary amount of tree hashes to reconstruct the root hash. The verifier of the packet can reconstruct the root hash and verify the root signature. As an advantage, using hash trees reduces the amount of required cryptographic verifications to verify the integrity of the packet. This saves computational resources, since hash calculations are significantly faster to perform than cryptographic verifications. In order to give the ability to independently verify the integrity of a single received packet, additional hashes along with a root signature must be included into every sent packet. A hash tree with width w requires log2(w) additional hashes to be included in sent packets. 2.3 Hash Chain Based Solutions A hash chain is formed by hashing a random seed value s multiple times with an oneway hash function H. The result of the hash operation is used as an input for the next element of hash chain, i.e., h1 = H(s), h2 = H(h1) = H(H(s)), and so on. The final element of the hash chain is the anchor. The hash chain is used in the reverse order to create signatures, if the length of the chain is n, then the anchor, hn, is used first, followed by hn-1 and hn-2. By tying identities to hash chains, hash chains can be used to authenticate nodes and traffic in the network [10]. Security properties of hash chains come from the fact that the hash function H is an one-way function, therefore it is not possible to determine x if only H(x) is know. Therefore, only the owner of the hash chain can know previous values of the chain, while any other party can easily verify that hn = H(hn-1) after the value hn-1 has been disclosed. There exist three different secure ways to distribute values of the hash chain to other parties: one-time signatures, time-based approaches and interaction-based approaches. An example of a time-based hash-chain approach is Timed Efficient Stream LossTolerant Authentication (TESLA) [11], which is a protocol designed to authenticate broadcast and multicast traffic. TESLA assumes that sender and receiver have loosely synchronized clocks. Adaptive and Lightweight Protocol for Hop-by-hop Authentication (ALPHA) [12] is a interaction-based hash chain scheme. ALPHA uses a three-way signature process where both the sender and receiver use two hash chains, it also allows any node on the path to verify and authenticate the protected traffic. First, the sender sends S1 packet containing its hash chain anchor and a message authentication code (MAC) calculated over the payload with a previous hash chain value. The receiver replies with A1 packet indicating that he is willing to receive the packet. Finally, the sender sends the

256

D. Lagutin and S. Tarkoma

actual data together with a previous hash chain value. Intermediate nodes can verify payload's integrity using the MAC from the cached S1 packet. Therefore ALPHA requires two control packets to be transmitted for an each data packet, to reduce such bandwidth overhead there exist two variants of ALPHA. ALPHA-C transmits multiple MACs in a single S1 packet, while ALPHA-M constructs a hash tree over w packets and the whole tree is authenticated with a single S1 packet. 2.4 Energy Requirements of Wireless Transmission Determining the actual energy costs of a wireless communication is not simple, since measuring power consumption accurately is difficult and because the energy consumption depends on several factors like the location, amount of obstacles, used network topology, transmission distance, and weather conditions. According to Zhong's presentation [13], energy consumption of a GSM cell phone is roughly 13.8 μJ/bit for upload and 5.6 μJ/bit for download. For wireless IEEE 802.11 LAN, the energy consumption is 1.1 μJ/bit and 0.75 μJ/bit for upload and download respectively. In a simulated study of IEEE 802.11 power saving mechanisms [14], 50 nodes were placed in a 1000 m x 1000 m area. In a best case, the network was able to deliver 150 kbits of traffic per Joule of energy, with an average path length of 3 hops. Therefore, the energy consumption per hop was about 2.22 μJ/bit. Energy-efficient transmit power control for IEEE 802.11a/h wireless LANs was also studied in [15]. According to simulations, the proposed scheme achieved a transmission power of 14.3 nJ/bit over 10 meter and 111 nJ/bit over 25 meter transmission distance using a star network topology. These results assume that the networking hardware utilizes a special power conservation scheme and do not take into account interference from buildings or weather conditions. Power efficiency of 14.3 nJ/bit is significantly better than any real-life measurements found in literature, thus is not a very realistic figure. Nevertheless, this result can be considered to be the lower bound of wireless LAN's power consumption under the optimal conditions. The trade-off between energy costs of computation and wireless transmission has been studied in [16]. The study argues that extra computing power should be used to decrease bandwidth overhead wherever possible to reduce the overall energy consumption.

3 Comparison of Security Properties between PLA, Hash Tree and Hash Chain Based Approaches In this chapter we evaluate security properties of PLA, the lightweight PLA that does not contain a TTP certificate in each packet, basic hash tree approach described in Section 2.2, ALPHA-C, and ALPHA-M. TESLA was omitted from the comparison since it depends on the synchronized clocks and is a less flexible solution, while the basic ALPHA scheme would produce a too high bandwidth overhead. The results of evaluation based on various criteria are summarized in Table 1. The width of the hash tree and the amount of MACs sent simultaneously in ALPHA-C is denoted by w. By authentication we do not mean simply tying the packet to a specific cryptographic identity, but determining whether the cryptographic identity is trusted one and has

Public Key Signatures and Lightweight Security Solutions

257

permissions to use the network. For measuring the bandwidth overhead we assume that a 163-bit ECC public key and 160-bit hash function are used for an adequate security [4]. With a compression bit, the public key uses 164 bits of the header space. The first criteria (C1) is the independent transmission of packets. This is especially important for a real-time communication, like a video or voice conferencing, where a low latency is preferred. PLA allows an each packet to be sent immediately, while other approaches utilize hash trees or cumulative transmissions of MACs, which require that the sender must cache w packets before sending the first one. The C2 criteria evaluates the support for the fully independent integrity verification in intermediate nodes. PLA and a basic hash tree approach allow every node to independently verify each packet, since all necessary information is already present in every sent packet. However, a basic hash tree approach must cache intermediate hashes and already verified root signatures for an optimal performance. ALPHA-M and -C do not support this criteria and require states for integrity verification. With the C3 criteria we evaluate whether the solution supports fully independent authentication. The results are the same as above, expect that lightweight PLA does not satisfy this criteria since it does not include a TTP certificate in every packet. Table 1. Evaluation of security mechanisms Criteria C1. Independent transmission of packets. C2. Independent integrity verification C3. Independent authentication C4. Transit path independence C5. Bandwidth overhead per data packet

Lightweight PLA

Basic hash trees

ALPHA-M ALPHA-C

Yes

Yes

No

No

No

Yes

Yes

No

No

No

Yes

No

No

Yes

Yes

No

No

Lightweight PLA header (586 bits)

Full PLA header (1022 bits)

Yes, but needs caching for best performance Yes, but needs caching for best performance Yes, at a lower performance Public key (164 bits) + root signature (326 bits) + log2(w) hashes

1 + log2(w)

1 hash (160 bits)

None

None

4/w hashes

C6. Other bandwidth None overhead C7. Per packet Signature computational verification requirements C8. Load on verifying node

PLA

Constant

Key extraction At most 1 + log2(w) and signature hash calculations, 1/w verification signature verifications Constant Variable

hashes

At most 1 + log2(w) hash

(w + 3)/w hashes 1 hash calculation

calculations Constant

Constant

The C4 criteria evaluates whether packets can travel along multiple transit paths between the sender and receiver. PLA allows every node to independently verify each packet, regardless which path the packet takes. A basic hash tree based approach also supports independent verification, but the performance will degrade if packets belonging to the same hash tree will take multiple paths. ALPHA schemes require intermediate nodes to cache S1 packets and therefore all further data packets must travel along the same path in the network.

258

D. Lagutin and S. Tarkoma

The C5 criteria is about bandwidth overhead per data packet. A simple PLA header contains the sender's public key, signature, timestamp, and a sequence number. In addition to above, full PLA header contains trusted third party (TTP) certificate. In order to support independent verifications using a basic hash tree approach, log2(w) hashes must be included in packets in addition to the public key and the root signature. ALPHA-M requires the undisclosed hash chain element to be present in data packets in addition to log2(w) hashes. For ALPHA-C including the undisclosed hash element is enough. In all cases some extra fields are necessary for IP extension headers, these are not included in comparison. The next criteria (C6) contains other bandwidth requirements. Both ALPHA schemes require two control packets (S1 and A1) to be transmitted per w packets. In ALPHA-M w denotes the width of the hash tree while with ALPHA-C it is the amount of MACs transmitted in a single S1 packet. ALPHA-C transmits a MAC for every packet, while ALPHA-M uses a single MAC for the whole tree. The criteria C7 is per packet computational requirements, excluding minor checks like verification of a timestamp or sequence number. Lightweight PLA requires a signature verification to be performed. Full PLA utilizes implicit certificates, where the sender's public key is extracted and the packet's signature is verified in a single operation, which also verifies the TTP certificate. Basic hash tree and ALPHA-M approaches require 1 + log2(w) hash calculations if the received packet is the first one from the tree. Intermediate hashes can be cached and therefore verification of subsequent packets will require less hash calculations. Additionally, basic hash tree approach requires a single signature verification per hash tree. ALPHA-C does not utilize hash trees, therefore only a single hash calculation needs to be performed. The last criteria (C8) evaluates whether the load on verifying nodes is constant or variable. For PLA and ALPHA approaches, the load is constant; intermediate nodes must perform a signature verification or hash calculations per each packet respectively. In the basic hash tree approach the signature must be verified for each packet from a previously unknown hash tree. Therefore verifier's load may differ significantly depending on the order in which packets arrive. This drawback introduces a significant denial of service vulnerability. The attacker can simply flood packets belonging to different hash trees, since the verifying node will not have has packet's hashes in its cache, it must must calculate the whole hash tree and perform the root signature verification for each malicious packet. As a result, the verifying node will be overloaded, since it does not have a capacity to verify the signature of each packet1. 3.1 Summary of Security Properties The main difference between PLA and hash chain based approaches is that PLA supports fully independent verifications of packets by any node in the network: a node which has received the packet can verify its authenticity independently without having any kind of contact with sender of the packet. In addition, PLA does not require nodes to store per-packet or per-sender states for a basic authentication. While ALPHA supports hop-by-hop authentication, it requires that some data is cached by 1

This is the fundamental assumption of hash tree based approaches.

Public Key Signatures and Lightweight Security Solutions

259

intermediate nodes and all packets take the same path in the network. A basic hash tree approach supports independent verifications of packets, but its performance will degrade unless all packets take the same path in the network and verifying nodes cache intermediate hashes. Basically all solutions are trade-offs between usage of bandwidth, computational resources, features and implementation complexity. ALPHA is a less robust solution in a case of route changes or failures. If the route changes after the first S1 packet, rest of the packets from the same hash tree or cumulative transmission cannot be verified unless the S1 packet is retransmitted. Since intermediate route changes are usually not visible to recipient or the sender of the traffic, further data packets in the session will probably be dropped by intermediate nodes located on the new path. Using large values of w with ALPHA or a hash tree approach increases the latency of communication and therefore is not suitable for real-time traffic. For example, voice over IP (VoIP) applications send usually from 34 to 50 packets per second [17]. Therefore, using 16 packets wide hash tree, or sending 16 MACs simultaneously with ALPHA-C, would introduce up to 470 ms of extra latency. In order to support the strong source authentication with ALPHA, used hash chain anchors must be authenticated by some other means, e.g., a public key signatures. ALPHA requires different hash chains to be used for every sender/receiver pair, therefore such authentication can introduce a significant overhead if the receiver is communicating with a large number of senders.

4 Energy Consumption in a Wireless Environment In this chapter we investigate energy requirements of various security solutions for receiving and verifying data wirelessly. In ad-hoc network where nodes would also forward data wirelessly, the energy cost of wireless communication would roughly double. For wireless LAN power consumption, we use the absolute best case values from Section 2.4; 14.3 nJ/bit for 10 meter transmission distance and 111 nJ/bit for 25 meter distance [15]. We also include higher wireless LAN power consumption values which are much more realistic [13], marked as “Real-life wireless LAN” in figures. PLA is assumed to use a cryptographic accelerator based on a 90 nm Hardcopy ASIC technology, which consumes 26 μJ of energy per signature verification [5]. Since we do not have a real ASIC available for cryptographic calculations, following results are calculated analytically. We calculate the bandwidth overhead of various security approaches and compare the energy cost of transmitting such extra traffic versus the cost of performing cryptographic operations. The energy cost of hash calculations was ignored since it is not significant compared to the cost of wireless transmission or signature verifications. The per packet energy advantage of various approaches in comparison to PLA can be summarized using the following formula. Etotal = B*Ewireless + Ecrypto .

(1)

Where B is an average per packet bandwidth advantage in bits against PLA (negative values denote bandwidth disadvantage), Ewireless is the energy cost of wireless reception per bit, and Ecrypto is the energy cost of the signature verification.

260

D. Lagutin and S. Tarkoma

4.1 PLA Versus Hash Tree Approach First we compare PLA with a basic hash tree approach for integrity protection, since both techniques support fully independent packet verification by any node. In this respect, they offer identical security properties. In the hash tree approach a single signature is generated and verified for the whole hash tree while with PLA every packet's signature is verified separately. In order for both schemes to offer the same level of protection and thus to make comparison fair, the PLA header information, like a sequence number, timestamp, and TTP certificate, must be included in every packet in the hash tree approach. In this respect, the bandwidth overhead is the same for both of these two approaches. The only difference is the size of extra hashes that must be included in hash tree approach to make independent verifications of packets possible. The results are shown in Fig. 1, with hash tree width w = 1 hash trees are not used and the signature verification is performed for each packet. Y-axis values denote per packet energy advantage, positive values mean that a hash tree approach has an energy advantage over PLA, while negative values describe the reverse situation.

Fig. 1. Per packet energy advantage of hash trees versus PLA in a wireless LAN

Following observations can be made from Fig. 1, if the cost of wireless transmission is very low then hash trees save energy in some cases. However, as the width of the hash tree grows to thousands of packets, the total energy consumption actually increases in comparison to PLA, since large hash trees have a significant bandwidth disadvantage due to inclusion of extra hashes. As the cost of wireless transmission increases, even using narrow hash trees increases the total energy consumption. If real-life estimates for the power consumption of wireless LAN are used, the total

Public Key Signatures and Lightweight Security Solutions

261

energy consumption becomes completely dominated by cost of wireless communication. As a result, the hash tree approach becomes very energy inefficient due to their large bandwidth overhead. These calculations do not include energy required for performing hash calculations, and they also do not take into account packet fragmentation, which is introduced by the inclusion of extra hashes to the packet. Fragmentation would increase the amount of sent packets, and therefore the amount of signature verifications, since additional packets must be protected by hash tree signatures. Both of these would further increase the energy consumption of the hash tree approach. 4.2 PLA versus ALPHA-C and -M ALPHA variants use additional control packets that have their own headers. For bandwidth overhead calculations, we assume that packets contain standard IPv6 and UDP headers, therefore the length of these control packets, excluding IP header extension fields, is 704 bits. In addition, ALPHA-M includes hashes to data packets. As a result, if width of the hash tree w is very small, the bandwidth overhead per packet becomes large due to additional control packets per each tree. While with big values of w the bandwidth overhead is also large due to extra hashes included to data packets. In a case of ALPHA-C, w denotes the number of MACs sent simultaneously in the S1 packet. Due to IP packet size limitations roughly 70 MACs can be included in a single S1 packet, therefore w is limited to 64 in the figure for ALPHA-C. In order to make an apples-to-apples comparison, we compare the bandwidth overhead of ALPHA-M to the lightweight PLA ignoring PLA's timestamp and sequence number fields. I.e, for PLA we take into account the bandwidth overhead of a public key and signature. This is fair, since ALPHA does not contain these security measures but they can be added to ALPHA at the expense of additional bandwidth overhead. Similarly, ALPHA lacks a TTP certificates and trust mechanism, therefore a comparison to full PLA would not give an accurate picture. Using a lightweight PLA decreases computational requirements of signature verification by about 17% [18] compared to full PLA, where also the validity of TTP certificate is verified. Results are shown in Fig. 2 in the same format as before, positive values denote the situation where ALPHA has an energy advantage over lightweight PLA. ALPHA-C results are marked as a dashed line while solid line denotes ALPHA-M. Situation where w = 1 denotes the case of basic ALPHA where hash trees or cumulative transmission are not utilized at all. It can be seen from the figure that ALPHA-M achieves smallest bandwidth overhead per packet when w = 8. When the width of the hash tree is smaller, the bandwidth overhead is higher due to control packets, while large trees introduces higher overhead because of extra hashes in data packets. If the cost of wireless communication is very low, then ALPHA-M has a small energy advantage when the hash tree is not very wide. When cost of wireless communication is closer to real-life figures, then it once again dominates the overall energy costs and PLA becomes much more energy efficient solution. This results do not take into account energy costs of hash calculation and packet fragmentation, which would slightly increase the energy consumption of ALPHA-M.

262

D. Lagutin and S. Tarkoma

Fig. 2. Energy advantage of ALPHA-C and -M versus lightweight PLA in a wireless LAN

Because the bandwidth overhead of ALPHA-C in data packets is constant, increasing w decreases the overall overhead. It can be seen from the figure that lightweight PLA's bandwidth overhead becomes bigger than ALPHA-C's when w is 8 or higher. ALPHA-C achieves a best energy efficiency when the maximum amount of MACs is included in a single S1 packet. It is important to note disadvantages of ALPHA-C. It is a path dependent solution that do not support independent verifications, and it also requires intermediate nodes to cache one MAC per each data packet. ALPHA-C offers a significant bandwidth and energy advantage only when w is 12 or higher, such large values can cause problems with a latency sensitive communication. For example, to keep the latency of VoIP traffic below 100 ms, not more than four or five packets can be buffered, and in that case ALPHA-C has an energy disadvantage against PLA.

5 Evaluation In the past it has been assumed that public key based security solutions are inherently inefficient in terms of energy consumption and therefore are unsuitable for mobile and wireless devices. Our analysis shows that with an efficient hardware accelerator for cryptographic operations, the cost of wireless transmission will dominate the verification related power consumption. Therefore PLA, which is based on public key signatures, is actually more energy efficient since it uses less bandwidth compared to hash tree or hash-chain based solutions like ALPHA. These results may seem unbelievable but they are valid. In real-life cases wireless reception uses almost 1 μJ/bit of energy, while the cost of performing a signature verification is only 26 μJ. Therefore, even if the PLA can reduce a bandwidth overhead

Public Key Signatures and Lightweight Security Solutions

263

only by 100 bits per packet, it already becomes much more energy efficient solution. While some studies [14] have achieved orders of magnitude better energy efficiency, they have achieved those in a special simulated environment without taking account natural obstacles and building, therefore they can not be considered as a realistic estimate of energy consumption of the wireless communication. It is important to note that we have compared the cost of wireless reception and signature verification. Due to nature of elliptic curve cryptography, signature generation requires significantly less resources than signature generation, while in wireless networks upload energy consumption is usually higher than download consumption. Therefore, for a sending node the energy consumption of cryptographic operations would be even less. The same applies for the wireless ad-hoc network where nodes often forward the traffic and perform two wireless operations, reception and transmission, per a single signature verification. Therefore, this comparison is actually a worst case scenario for a public key based solution. We have not taken into account an idle power consumption of the chip performing signature verifications. If the node receives only a handful of packets per second, then a power consumption per signature verification will be higher. On the other hand, in this case the power consumption would also increase for a wireless reception, since the wireless interface also has a fixed idle power consumption. In any case, the cost of wireless communication would still dominate the overall power consumption in most cases, even if we double or triple the energy consumption of a signature verification. In the future, the power consumption of semiconductors will likely continue to decrease at a rapid pace [19]. The same does not apply to the energy cost of wireless transmission since it also depends on physical properties of the transmission medium that can not be changed. Therefore, the energy consumption of cryptographic computations will likely to decrease faster in the future compared to energy consumption of the wireless communication. This would make PLA even more attractive in the future, since it decreases the bandwidth overhead at the expense of the computing power. As a disadvantage, an efficient PLA implementation requires a dedicated hardware for cryptographic operations increasing deployment costs. If buffering a large amount of packets is feasible then ALPHA-C becomes a very energy efficient solution due to its lower bandwidth overhead. However, PLA is overall much more flexible solution, since it does not depend on the transit path and does not require caching of packets at the sender's end for the optimal performance. Therefore, PLA can also be used with a latency sensitive communication and dynamic wireless ad-hoc networks.

6 Conclusions and Future Work We have compared security features and energy requirements of Packet Level Authentication, which is a based on per packet cryptographic signatures, with hash tree and hash chain approaches that utilize hash calculations for integrity protection. Strong network layer solutions can revolutionize network security, since they allow malicious traffic to be detected and stopped near its origin. Our results show that public key based security solutions with an efficient hardware implementation achieve in many cases a better energy efficiency in wireless environments due to their lower bandwidth overhead. Public key based solutions such

264

D. Lagutin and S. Tarkoma

as PLA are also more flexible since they are not path dependent and do not require caching at the sending end or at intermediate nodes. PLA is also more future proof solution since the power efficiency of semiconductors will likely to improve faster than the power efficiency of wireless communication. As a downside, PLA requires a dedicated hardware for performing cryptographic operations in a efficient way. Our future work will concentrate on researching real-life deployment issues of PLA. We also plan to investigate what kind of trust management solution would be an efficient and secure for wireless networks.

References 1. Lagutin, D.: Redesigning Internet - The packet level authentication architecture. Licentiate’s thesis, Helsinki University of Technology, Finland (2008) 2. Brumley, B., Nyberg, K.: Differential properties of elliptic curves and blind signatures. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 376–389. Springer, Heidelberg (2007) 3. Miller, V.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986) 4. Barker, E., et al.: Recommendation for Key Management Part 1: General. National Institute of Standards and Technology, NIST Special Publication 800-57 (2007) 5. Forsten, J., Järvinen, K., Skyttä, J.: Packet Level Authentication: Hardware Subtask Final Report. Technical report (2008), http://www.tcs.hut.fi/Software/PLA/ new/doc/PLA_HW_final_report.pdf (accessed February 4, 2009) 6. Altera: HardCopy Structured ASICs: technology for business (2009), http://www.altera.com/products/devices/hardcopy/hrdindex.html (accessed March 2, 2009) 7. Merkle, R.: Secrecy, authentication, and public key systems. Doctoral dissertation, Department of Electrical Engineering, Stanford University (1979) 8. Wong, C., Lam, S.: Digital signatures for flows and multicasts. In: Proceedings on the 6th International Conference on Network Protocols (ICNP 1998), pp. 198–209 (1998) 9. Lundberg, J.: A Wireless Multicast Delivery Architecture for Mobile Terminals. Doctoral dissertation, Department of Computer Science, Helsinki University of Technology (2006) 10. Hauser, R., et al.: Reducing the Cost of Security in Link State Routing. In: NDSS 1997 (1997) 11. Perrig, A., Canetti, R., Tygar, J.D., Song, D.: The TESLA Broadcast Authentication Protocol. CryptoBytes 5(2), 2–13 (2002) 12. Heer, T., Götz, S., Morchon, O.G., Wehrle, K.: ALPHA: An Adaptive and Lightweight Protocol for Hop-by-hop Authentication. In: Proceedings of ACM CoNEXT 2008 (2008) 13. Zhong, L.: Make “sense” for Computing. Public presentation (2008), http://www.ece.rice.edu/corp/annualmtg/mtgarchive/ 2008archive/lzhong_affil08.pdf (accessed February 5, 2009) 14. Jung, E., Vaidya, N.H.: Improving IEEE 802.11 power saving mechanism. Wireless Networks 14(3), 375–391 (2007) 15. Qiao, D., et al.: Interference analysis and transmit power control in IEEE 802.11a/h wireless LANs. IEEE/ACM Transactions on Networking 15(5) (2007) 16. Barr, K.C., Asanovic, K.: Energy-aware lossless data compression. ACM Transactions on Computer Systems 24(3), 250–291 (2006)

Public Key Signatures and Lightweight Security Solutions

265

17. Cisco: Voice Over IP - Per Call Bandwidth Consumption (2009), http://www.ciscosystems.com/en/US/tech/tk652/tk698/ technologies_tech_note09186a0080094ae2.shtml (accessed February 10, 2009) 18. Järvinen, K., Skyttä, J.: High-Speed Elliptic Curve Cryptography Accelerator for Koblitz Curves. In: Proceedings of the 16th IEEE Symposium on Field-programmable Custom Computing Machines, FCCM 2008, Palo Alto, California, USA (2008) 19. International Technology Roadmap for Semiconductors (ITRS). ITRS 2008 (2008), http://www.itrs.net/ (accessed January 15, 2009)

On the Operational Security Assurance Evaluation of Networked IT Systems Artur Hecker and Michel Riguidel Institut T´el´ecom, T´el´ecom ParisTech, LTCI CNRS {hecker,riguidel}@telecom-paristech.fr

Abstract. In this paper, we introduce and discuss the system security assurance assessment problematic. We first define and position security assurance in the context of modern networked IT systems. We then motivate and discuss its use. Next, we define the problem of the operational security assurance evaluation. We present and compare two orthogonal approaches to such an evaluation: a spec-based approach, which is an extension of the Common Criteria to systems in operation, and a direct approach, which relies on network management. Finally, we show examples and the pros and the cons of both approaches.

1

Introduction

In the recent years, security of networked IT systems became a major concern due to the high number of successful attacks, the ongoing convergence between infrastructures and the elevated vigilance level in the society. Protocol security alone does not suffice anymore. Intrusions happen at the user level, often with explicit user participation. There is no determined point of entrance: data get in over any access method (wired, wireless or virtual) and from any mobile device. Consequently, multi-tier control, application-level gateways, antivirus software, host firewalls and intrusion detection systems (IDS) became indispensable. Application-level security is more diversified; it requires reactive management to fulfill its goals (e.g. recent signature data bases, alarm treatment). The security policy dictates the reactivity of this management, since the latter is in direct relation to the achieved security level. This in turn creates new critical dependencies and translates to vulnerabilities. The impact of security concerns on network management (NM) is dramatic: security management installs an inscrutable maze of interdependent policies spanning over both functional and non-functional parts and requiring both solid transversal experience (from operating systems’ quirks to router configuration idiosyncrasy, from common application threats to specific wireless LAN characteristics) and perfect knowledge of the newest security tools. This management lacks any sustainable systematic and is thus prone to errors. High resilience can only be achieved in the intersection of security and reliability. An attack against a system working at capability limits is easier than an attack against an idle system (e.g. DoS); QoS is difficult to sustain without S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 266–278, 2009. c Springer-Verlag Berlin Heidelberg 2009 

On the Operational Security Assurance Evaluation

267

measures against abusive usage, identity usurpation, etc. With currently available tools, NM staff tinkers with configurations at the appliance level to resolve problems that arise at the system level. The results of such interaction with the system are highly doubtful and often lead to problems in the first place. Problems with a newly applied configuration are either recognized a posteriori (e.g. after complaints, a breakdown, a successful attack), or the network resilience is too dependent on the intuition of highly experienced and irreplaceable staff. The latter has problems justifying investments in the non-functional system aspects. At the end of the accounting period at latest, it becomes crucial to present proofs that the recently installed security feature actually prevented something; or, ideally, that it blocked attacks whose cost would have been higher than the cost of the security component per se. Evaluations of security mechanisms are therefore crucial for internal auditing, performance evaluation, optimizations, but, more importantly, for the security policy enforcement: we need to choose security features with asserted capacities (prevention), and we need quantifiable and verifiable results of its actual operation (detection, reaction). Measures are typically only available at the appliance level (logs, etc.). From a system perspective, this is insufficient: the appliances interact to assure the actual function, and we need system-level data to judge the security functions? operations. In summary, we need to provide evidence that the new system is capable of assuring certain security properties (qualitative, system design phase), and evidence whether and to which degree it actually does it (quantitative, operational phase). This is the task of the security assurance assessment. In this paper, we present the operational security assurance evaluation problematic in IT systems. Our intention is to sensitize readers to the importance of such an evaluation and to discuss the pros and cons of it. We first position the system security assurance in respect to other critical aspects such as dependability, security and trust. We discuss the existing security methodology and explain why evaluating security assurance of IT systems is not easy. We share our experiences from research projects dealing with these issues and elaborate on two almost orthogonal assurance evaluation approaches, presenting for both approaches the methodology, the possibilities and the limitations. We conclude with an outlook to future work.

2 2.1

System Security Assurance Assessment Security Assurance Definition

Security assurance (SA) of an entity is the objective confidence that this entity meets its security objectives [1]. The accent here is on the objective confidence, which translates to verifiable, measurable evidence that we assume one can capture. Hence, we need to gather data, interpret it and present proofs that the security objectives are fulfilled. However, security functions are implemented as parts of the entity. This is especially important in the system context: system’s security functions rely

268

A. Hecker and M. Riguidel

themselves on the correct realization of the system per se and on its current state. They also consume system’s resources and contribute to state changes. For this reason, without further assumptions system’s security assurance is not the mere question of compliance (i.e. distance between its as-should and its as-is states). Generally, it is necessary but insufficient to assess compliance: for instance, the SA of a distributed security function depends on the reliability of the used communication facilities. The SA depends on the actually applied security functions and mechanisms (their theoretical strength, effectiveness, capacities, etc.), their management (configuration, activation, updates, processes - not just technical, also the administrative part), their operational availability and thus, in particular, on the reliability of their realization as a system part. Consequently, SA of a system is situated in the intersection of its dependability and security. Security assurance is different from security. This is important: since security is highly subjective and depends on a preliminary risk analysis, in general it is impossible to compare security policies, even for similar realizations. This is one of the reasons why the security metrics research has difficulties producing reasonable results: it is unclear what to measure and where. Operational security assurance also uses metrics but is profoundly different: using the security policy as an existing and indisputable requirement set, it assesses the confidence in the correct operation of the security functions. Security assurance is also different from trust: high security assurance level only implies correctly working security. It does not allow statements on general system operation. Besides, trust is more subtle and global: not only can a principal mistrust a secure system, but the trust influences risk assessment, environment perception, the established protection profile, the security policy, its realization and fault expectations. Conversely, trust into an entity is reflected in the evaluation phase, i.e. in the interpretation of the gathered evidence: a higher trust into an entity will yield more positive conclusions from a given security assurance value. This is comparable to an investigation: a mistrusting detective is less likely to conclude innocence even from a watertight alibi. 2.2

Security Assurance Assessment Problem

For IT products, the security assurance can be evaluated by the means of the well-known Common Criteria (CC) [1]. The CC evaluation is based upon the principle of conformity of the deployed security measures to a previously established protection profile (PP) [1]. This implies that the evaluated asset is a relatively stable, closed region, separated from the surrounding environment. It further presumes that one can define a set of necessary protection measures and thus implies an a priori risk and threat assessment on the asset within the environment. Once the PP is established, one works through it, checking if the respective measure is thoroughly conceived, implemented and tested. In practice, it is difficult to decompose an IT system in a list of discrete independent entities to check. Many entities are virtual and represent an overlap of some real entities.

On the Operational Security Assurance Evaluation

269

The CC have evolved and now support, in a limited manner, the assurance evaluation of e.g. operating systems (CCv3). However, this evolution has been remarkably slow, followed by countless limitations. The main reason for it is in the very concept behind the CC [3]. A major problem arises when evaluating systems with blur boundaries, such as modern software and telecommunication systems, exhibiting high degrees of modularity, openness and pervasiveness (see [2] and [4] for field experience). It is increasingly difficult to tell the asset from the environment: the boundaries are fuzzy and often dynamically changed in operation. Conversely, the knowledge of the security assurance levels of isolated products does not directly translate to the security assurance of a system composed by the latter. This is a problem known as composition. It is addressed in the CCv3, but in a very limited scope [5]. Finally, the CC define a methodology for the evaluation of the product design and development phases, but not for the usage phase. Yet, in a modern distributed system, a part of the complexity is due to the number of different products in different operational states (configuration, failures, load, etc). As for today, there is no known general method to estimate the security assurance of an operational system [4]. Its complexity can be discussed along the following lines: – Openness: modern IT systems are highly open. Especially the telecommunications systems are characterized by their numerous interfaces, allowing various and rich exchanges. – Aggregation: IT systems are complex systems. It is difficult to derive system state from the elementary measurements. Certain decisive system parts are virtual (e.g. soft elements like flows, applications, services) and can be changed in runtime (updates, component reconfiguration), yielding a changed system behavior. – Dynamics: Modern IT systems exhibit high dynamics at the system level. Structure and topology are not preset, but rather established in runtime, based on various optimization criteria or service needs. It is hard to tell in advance, which component or data will be involved in the treatment, or which execution path will be taken. Because of this complexity, until now there is no accepted operational security assurance assessment methodology for networked IT systems. Yet, with the increasing complexity of security realizations, the network management needs new (semi-)automated assessment and management tools. 2.3

The Assessment Process

In any methodology, the security assurance assessment process relies at least on the following three blocks: – Modeling technique: used to produce a model of the targeted system specifying which data, on which level, from which component, and at which

270

A. Hecker and M. Riguidel

moment is to be captured. Models specify the relations between the individual objects (association, aggregation, inheritance) and data interpretation (e.g. normalization, stabilization, evaluation [6]), expressing how an object influences the final SA estimate. In network management (NM) terms, this creates the information model. – Monitoring infrastructure: a system capable of capturing modeled data in a fashion satisfying the semantic constraints (e.g. sampling theorem, freshness, etc). In NM terms, this covers management and communication models (architecture, protocols). It is important to minimize self-interference: such monitoring should be designed in a least intrusive manner, i.e. with the smallest impact on functional and, ideally, non-functional properties of the targeted system. In particular, monitoring should be non-critical: turning it on or off should not impact the targeted system. – Administration console: this additional element should provide possibilities for observing the SA estimate’s evolution in time and to set thresholds and alarms on the obtained values. Besides, it should be capable of controlling the information model, e.g. adding/removing objects, changing data treatment, etc. Moreover, it should be capable of controlling the monitoring infrastructure, e.g. turning it on and off, adding newly deployed monitors, probes, sensors, etc.

3

Possible Approaches to SA Assessment

We present and analyze two different approaches to the operational SA assessment in modern IT systems. The first approach is a spec-based, vertical methodology. The second approach proposes a direct, horizontal system evaluation. 3.1

Spec-Based System SA Evaluation

Description Every spec-based approach requires a preliminary analysis producing the specification. The methodology tests the conformity of a deployed system to a given specification. For an operational IT system, the security specification can be produced by applying state-of-the-art analysis. Based on an a priori system evaluation (risk assessment), an expert establishes a convenient system security policy (SSP). The SSP defines system-level protection profiles (e.g. SLPP [4]), security target (ST) and specifies objects, subjects, and their mutual authorizations. ST describes security architecture specifying security functions, mechanisms and configurations of all entities [1]. Besides, an SSP typically specifies residual risks, i.e. risks against which no countermeasure is installed. For SA evaluation, similar to CC, such a methodology uses assurance level (AL) based verification. Each AL specifies assurance requirements on the PP/STs measures (representing the functional security spec), therefore specifying what and how to evaluate. The SSP of the target system can be checked against the pre-established PP according to AL specifications. This leads to the attribution

On the Operational Security Assurance Evaluation

271

of the highest assurance level whose requirements are fulfilled. The assurance requirements are hierarchical: AL(n-1) requirements are contained in ALn, so it suffices to check if all ALn requirements are fulfilled by the SSP. Just like the CC, this is so far an on-paper evaluation. To evaluate a system in operation, we can now extend this methodology to cater for the inherent system dynamics: we need to find how good the SSP complies to ALn in a given time period. Presuming that all AL(n-1) requirements are fulfilled, we check which characteristic ALn requirements (i.e. ones not present in the ALk, k
272

A. Hecker and M. Riguidel

Still, the measured degree of compliance is based on theoretically vague arguments. The fact of the non-compliance to the established PP/SSP spec should be treated as security policy violation. The assurance level should thus fall to 0% regardless of the insufficiency, or directly to the level that does not mandate the assurance requirement corresponding to the failed check. The latter has been done in Bugyo [9]. The idea of providing comparable assurance levels might be seducing but is not very sound: it presumes at least the same (and fixed) environment. However, in systems (and especially telecom systems and other dynamic IT systems), the environment might change in time. It cannot be predetermined (as with CC for OS evaluation), as systems are very open by default. In dynamic systems, environments are dynamic, too: users and attackers come and go, usage scenarios change, surrounding systems change, etc. Hence, comparing assurance levels between open, dynamic systems is questionable, even without taking into account the subjectivity of the confidence perception. For instance, the question whether the assurance of a combat plane (hostile environment) is higher than that of a civil plane (friendly environment) does not make much sense. Yet the same IT infrastructure can be both a combat and civil platform, depending on time, context, usage, place, etc. The main limitation of this approach however is the lacking support for system changes. Any system change would need a complete re-evaluation, which obviously cannot be done in real time and must be treated at some meta-level. To mitigate this, the approach could support multiple possible system forms and configurations, for each of which it would need a complete preliminary spec establishment. Yet, we believe that this is too big a constraint in practice, rapidly resulting in prohibitive cost. Although spec-based evaluation seems doable within these limitations, the very difficult part remains the normalization of measurements. Indeed, since it implicitly aims for comparable levels, the representation of different base measures needs to be projected to some implementation-independent scale. Also, the processing and weighing should be constrained to represent the same impact on the displayed level in case of a comparable problem. In practice, it means that only known modules (software, hardware, etc.) can be assessed by that approach by using known indicators (or metrics in current jargon) and algorithms, since only for these the causes and influences are identified and the weights can be reasonably predefined to produce a comparable result. In that context, known typically translates to certified. Therefore, this approach requires identification of reliable parties and would hugely rely on the certification of evaluators, manufacturers, and assessment systems and evaluated parts. A final problem is out of scope of the approach itself. This approach uses risk assessment (RA) as a fixed reference point. However, the RA is not standard: different expert opinions and methodologies exist, resulting in different risk perceptions and, consequently, in different proposed security architectures. Thus, even without the above doubts, a comparable level can only be achieved if the RA per se is standardized [10].

On the Operational Security Assurance Evaluation

273

Fig. 1. Example enterprise IT system

Fig. 2. Spec-based SA evaluation: example model

Example. Consider the example of a simple enterprise IT system with a wireless access to a web-based Intranet (Figure 1). A risk analysis produced a security policy insisting on access control and data confidentiality. Network access is controlled by access points submitted to an AAA server in a separate network (802.1X). A firewall filters traffic only allowing TCP/80 and TCP/443 packet level access from the valid wireless subnet to both servers. Web-servers redirect all web requests to an SSL-protected site to protect sessions. In the spec-based approach, a model similar to the example in Figure 2 will be established for a given AL. We start with the targeted system’s security at the top level. Boxes represent security-relevant entities, and the arcs their decomposition. The values aside the boxes show to which extent the entity’s SA is impacted by the respective lower level entity. To cater for emergent properties, absent at the decomposition level, some entities retain their own weights. In Figure 2, Access Control is decomposed in Firewall (0.2) and Authentication Service (0.6), but it also relies on the correlation of the identification data, not visible by any lower level entity (0.2). The lower part of the box contains the actual tests. Note that normalization and composition are needed at test result level. Since ALs are strictly hierarchical, a reduced version of the same model would represent a lower AL. Let the composition be done by a weighted sum. So, if all tests succeed, but the used AAA Server shows a too old version, the

274

A. Hecker and M. Riguidel

top-level SA estimate decreases to 0.82. If, additionally, the reachability test at the authentication service fails, the whole service becomes unavailable, yet the SA estimate is still at 0.712. Note that in this model, Webserver is an abstract entity representing both the real servers and the failover mechanism.

3.2

Direct System SA Evaluation

Methodology. The main idea behind the direct SA evaluation is to provide NM with tools to enable judging of the current SA situation. It implicitly presumes the subjectivity of the SA evaluation in terms of interpretation of the obtained values. This methodology does not need additional specifications, but relies on the available NM experience with the system in operation instead. It requires a solid understanding of the system’s topology, its operational quirks, its different possible modes of operation as well as its evolution in time. This knowledge is used to produce a partially ordered list of real, reoccurring vulnerabilities. The latter are ordered according to their degree of pain from the NM point of view. This pain summarizes the impact on operation, the reoccurrence frequency and the difficulty (cost) to correct it. The list establishment process is iterative but mostly independent of the real system implementation. In other words, the system can be slightly changed during the process cycles. What the vulnerability list reflects are not the flaws in the given security architecture, not the bottlenecks in the dependability subsystem, not the bugs in specific software modules but the problems with the really implemented superposition of all that at the service level. It takes some time to establish this list: a fact that underlines the necessity of experience with the system to be able to improve it. The methodology is extensible; it can start with one or two vulnerabilities and be extended to some dozens vulnerabilities. Moreover, the vulnerabilities can be deleted from the list, if the system has undergone an appropriate redesign process. Note that the listed vulnerabilities are usually characteristic to a given system, due to the pragmatic system design choices. Implicitly, they represent compromises accepted during the design and implementation (cost/performance, residual risks, security/usability, redundancy/dependability, etc.). The list is the system’s characteristic vulnerability footprint. Based on this list and its knowledge of the system, the NM enriches each list item with the available knowledge regarding its occurrence and resolution. This is expressed as ontologies, i.e. abstract entities of different layers, complexities and levels of view. Ontology can be a hardware or software module, but just as well a service session, a flow, a whole subsystem or a loose combination of several seemingly unrelated system parameters [11]. The ontologies can easily overlap and be mutually dependent (logical connections, chain-reaction effects, requirements). When a new vulnerability needs to be considered, the model is extended to represent the new and the affected ontologies (by adding or increasing the detail

On the Operational Security Assurance Evaluation

275

degree). If a vulnerability is removed, the corresponding ontologies are dropped, and dependencies are regarded as fulfilled. The ontology description determines the ontology name, its role, an informal description (text) and the parameters and thresholds relevant to the vulnerable state identification. This model is used at any moment to capture the data (directly or indirectly) on all modeled ontologies. When new vulnerabilities are added, new requirements arise at the monitoring subsystem: typically, new probes need to be deployed to fulfill these requirements, i.e. capture the values of the described parameters. The captured values are evaluated to produce an ontology-local indicator value. Different ontology indicators can be aggregated dependent on the modeled dependencies. The evaluation and aggregation processes are iterative, meaning that several cycles might be necessary to converge to a stable value. The convergence is achieved by using appropriate algorithms for ontology indicator calculation and aggregation. The stability of the displayed final value (or a set of values, if no dependencies can be found between the ontologies) represents the confidence that the administration can have in the typical system execution. In other words, the absolute value is of hardly any importance, but its variation in time provides evidence for approaching or reaching documented vulnerable states. Therefore, the administration defines system-dependent thresholds to set off alarms. 3.3

Discussion

This methodology does not rely on preliminary specs (although it can profit from these) and does not require risk assessment, but builds on the available system management experience instead. The problem with the RA is that it results in independent processes with separate life cycles and constraints. Since these processes are supplementary to the actual system operation, they are often perceived as a burden. Their intrinsic administrative formality, combined with technical complexity, contributes to a considerable degree of reluctance, or even results in an active resistance, to their application. In contrast, the experience with the system in operation is natural to NM. However, this methodology needs to provide tools to express this experience. As a full system approach, it naturally covers more than just the system security assurance. Yet, the original purpose of the security assurance assessment to improve the overall system resilience - can be implicitly fulfilled. By capturing a footprint of the whole system in operation, the methodology also captures usage characteristics. The evaluation of the produced values might need to take into account current system usage. The independence of the risk assessment as well as the direct manner of the evaluation enables a potentially better integration in the system management process. In particular, the methodology explicitly supports system changes: as long as these changes are vulnerability-irrelevant, the same model can be used. To support system evolution, it can be designed to be extensible: by creating a web of ontologies, it is possible to add and remove new parts. (Note that the

276

A. Hecker and M. Riguidel

implied monitoring constraints are independent of the methodology; to be able to capture data, we need respective physical, logical and architectural provisions in any existent methodology.) 3.4

Limitations

The methodology presumes a solid experience with the system, its states of operation, its evolution in time and its vulnerable parts. For new system setups (and, generally, for new services) such experience is often unavailable. This approach needs to evolve with the targeted system. It needs accompanying management and organizational processes for monitoring, control and data analysis. A dedicated team has to be in charge of its improvement. While in our view this is absolutely in line with any try to produce secure operational IT, it is still a major requirement and it does not come for free. As an iterative system process, the vulnerability list establishment generally takes some time. This methodology is not a ready-to-go system assessment. In some systems it can have a considerable setup phase. Just as security per se, it needs maintenance before it produces the results in operation. Moreover, for some vulnerabilities, it might be difficult to find the contributing parameters. Note that the methodology does not require that NM understands where exactly the problem comes from (and even the latter does not mean that one can fix it), but it requires that one be able to identify and measure anything characteristic to that vulnerability so as to provide its operational description. Direct system evaluation produces a value typical for this instantiation of the system in question. Two identical systems set up in two different environments are very likely to produce different values. The displayed value is thus incomparable. Example. We use the example from Figure 1. The direct approach is by definition an empirical approach; an example therefore needs additional information. Let the main reoccurring tasks in the example network be a) resolve webserver unavaibility; b) restore network throughput. The causes of a) and b) are not exactly known, but indicators exist: a) is characterized by the fact that the traffic in the network is high, but the load on the server machines is low, while b) is characterized by rapid network traffic drop at the switch and stalled sessions at servers. None of these is a necessary or sufficient indicator for the actual problem. Using probes to capture related data, the SA subsystem regularly observes the requested combinations and decreases the operational SA value, when the estimate of the latter approaches critical values. This permits to react before or while the problem occurs, whereas afterwards it is difficult to gather evidence (e.g. stalled sessions will eventually time out, etc). NM can try evasive measures (like rebooting one of the servers) to see if the situation improves. NM can progressively enrich each ontology with new evidence, with the goal to once resolve the real cause. Synthesis. Table 1 presents a quick overview of the above discussion, highlighting features and limitations of both methodologies.

On the Operational Security Assurance Evaluation

277

Table 1. Comparison of Security Assurance Assessment Approaches Spec-based SA evaluation Prerequisites A prior risk assessment Requirements A fixed environment Normalization Metrics certification System component certification End-result Confidence with which a specified AL is achieved, or the last AL to be fulfilled Comparable Yes (with comparable risk analysis) Limitations Too close to compliance checking No usage consideration - risk of oversecuring Lacking support for system changes Features Comparable levels Established methodology, like CC Difficulties Data aggregation and normalization

4

Direct SA evaluation A solid system experience Vulnerability identification Continuous system maintenance System management processes

Confidence that the system behaves as usual No Potentially long setup time Incomparable values

Limited support for changes NM integration Long learning phase Value stabilization

Conclusion

Operational security assurance assessment is a complex task and not yet completely resolved. However, the work done in the awarded CELTIC Bugyo project establishes an important state of the art in this domain. This paper has introduced a clear definition of the security assurance and discussed the problems with the operational SA assessment. We believe that the provided definition and the following discussion permit to better understand the complex notion of security assurance and the problem with its operational evaluation. Our analysis clearly distinguishes SA from related subjects like security, dependability and trust. We believe that assessing security assurance is a more serious approach than any attempt to assess the functional security per se: the subjectivity of the security definitions vs. the brittleness of software does not currently allow for any reasonable engineering practices in that sense. The situation with the security assurance is different and permits the definition of SA metrics. Further research is necessary on the latter to define constraints and conditions of their design. This paper presents two principally possible and distinct approaches to an operational SA evaluation of networked IT systems and discusses their pros, cons and limits, illustrated through examples. We currently pursue this work by developing a new system health tool relying on direct system evaluation methodology as presented in this paper. Our goal is to produce a framework, guidelines and tools for network management to help master dynamic and not fully understood IT systems.

278

A. Hecker and M. Riguidel

References 1. CC, Common Criteria for IT Security Evaluation, v3.1 (2006 – 2007) 2. Herrmann, D., Keith, S.: Application of Common Criteria to Telecomm Services: A Case Study. Computer Security Journal XVII(2), 21–28 (2001) 3. Hearn, J.: Does the common criteria paradigm have a future? IEEE Security & Privacy 2(1), 64–65 (2004) 4. Keblawi, F., Sullivan, D.: Applying the common criteria in systems engineering. IEEE Security& Privacy 4(2), 50–55 (2006) 5. Galitzer, S.: Introducing Engineered Composition (EC): An Approach for Extending the Common Criteria to Better Support Composing Systems. In: Proc. Workshop for Application of Engineering Principles to System Security Design, WAEPSSD (2003) 6. Pham, N., Riguidel, M.: Security Assurance Aggregation for IT Infrastructures. In: IEEE ICSNC 2007 (2007) 7. Zuccato, A., Marquet, B., Papillon, S., Alden, M.: Service oriented modeling of communication infrastructure for assurance. In: IEEE Information Assurance Workshop (2006) 8. Bulut, E., Khadraoui, D., Marquet, B.: Multi-Agent based Security Assurance Monitoring System for Telecommunication Infrastructures. In: Proc. Communication, Network, and Information Security? (2007) 9. CELTIC Bugyo project, http://projects.celtic-initiative.org/bugyo/ 10. Rossebø, J.E.Y., Cadzow, S., Sijben, P.: eTVRA, a Threat, Vulnerability and Risk Assessment Tool for eEurope. In: Stølen, K., et al. (eds.) iTust 2006. LNCS, vol. 3986, pp. 467–471. Springer, Heidelberg (2006) 11. Riguidel, M., Hecker, A., Simon, V.: Armature for Critical Infrastructures. In: IEEE SMC 2006, Taipei, Taiwan (2006)

Trust Management Using Networks of Volunteers in Ubiquitous Computing Environments Mijeom Kim1, Mohan Kumar2, and Sukju Jung1 1 Central R&D Laboratory, KT 17 Woomyeon-dong, Seocho-gu, Seoul, 137-792, South Korea {mkim,sjju}@kt.com 2 The University of Texas of Arlington Box 19015, Arlington, TX 76019, USA [email protected]

Abstract. Trust management is essential for secure node collaboration in ubiquitous computing environments for mission critical applications in military, crisis management, telemedicine and others. In this paper, we design and develop a novel hierarchical architecture called NeVo (Network of Volunteers) to facilitate trust management. The architecture uses a small subset of the nodes called volunteers to perform basic services such as resource provisioning, service discovery and mobility management in the network. The proposed mechanism operates autonomously through nodes’ cooperation. We choose service discovery to illustrate how the proposed trust management mechanism are accomplished through interactions among nodes. Simulation studies demonstrate that NeVo exhibits high efficiency and performance compared to existing distributed approaches in open pervasive environments. Keywords: Trust management, Ubiquitous computing, Service discovery.

1 Introduction The ubiquitous computing paradigm foresees pervasive communicating/computational nodes embedded in environments, but requiring minimum user attention [1]. In this new paradigm, nodes will need to interact with other nodes in military, crisis management, telemedicine and other mission critical applications. For secure collaboration, nodes are required to recognize trustworthy peers in open networks where nodes easily join and leave. Trust management is a basic and critical requirement in such pervasive environments. In traditional networks, trust management is typically achieved by centralized servers. For trustworthy transactions between consumers and producers in commercial Internet applications such as eBay or Amazon, centralized reputation systems are widely used [14]. However, in open ubiquitous computing environments, we cannot guarantee availability and accessibility of the central servers, thus distributed approaches for trust management are widely proposed. While distributed approaches provide flexibility and S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 279–290, 2009. © Springer-Verlag Berlin Heidelberg 2009

280

M. Kim, M. Kumar, and S. Jung

robustness by eliminating the central point of attack or compromise, they suffer from high communication overheads and computation complexity. In this paper, we propose a trust management scheme utilizing a flexible architecture called Network of Volunteers (NeVo). In NeVo, a small subset of the nodes called volunteers, serve the entire system by forming networks of volunteers to provide basic services, e.g., resource management and directory services for ubiquitous computing environments. Without loss of generality, in this paper, we assume multi-hop ad hoc networks including sensor networks that are common in pervasive computing environments. NeVo exploits node heterogeneity in terms of mobility and capability and provides reliability in uncertain environments. As we mentioned before, there are limitations in both centralized and decentralized security systems: while permanent centralized servers may not be expected to be available, distributed systems incur high complexity and overheads. NeVo exploits the hierarchical and distributed structure to overcome both aforementioned problems. In our scheme, volunteer nodes maintain trust values for a subset of global nodes as opposed to traditional distributed approaches that require all nodes to maintain and evaluate trust values for others locally. Service discovery is selected to illustrate the proposed security mechanism. The paper is organized as follows. In Section 2, we present related work of this research. Section 3 outlines NeVo operations and explains how service discovery can be performed within the architecture. Section 4 presents the trust management scheme utilizing NeVo. Simulation studies on the trust management scheme are presented to compare with distributed approaches in Section 5, and in Section 6 we draw conclusions of the work presented in this paper and discuss future work.

2 Related Work Trust management supports the establishment of trust relationships between distributed entities that may have no direct knowledge of each other. In traditional wired networks, centralized trust management systems are commonly used, for example reputation systems in online commercial sites. However, in open environments, trust management is achieved in a distributed manner [4, 6, 10, 11, 13, 15, 16] mainly because it is hard to have centralized systems available and accessible for the specific services. In distributed trust management systems, every node has the same responsibilities in terms of gathering and evolving trust information. Thus each node performs trust management locally that may be heavy and complex especially for lightweight devices. This situation gets worse as the trust management model is fine-grained with more elaborate concepts such as context (category) [4, 6], risk management [5, 7, 13] and uncertainty (knowledge, confidence level) [3, 8]. As the number of entities increases, an entity may lack resources to maintain sufficient trust information and policies for other entities in the system. Therefore, the main problems in distributed systems are high overheads and complexities associated with each individual entity. Recommendation and delegation can help to tackle with the limitations of an individual node’s capabilities. However, dissemination of recommendation also has the same problem of high communication overhead as network size increases in

Trust Management Using NeVo in Ubiquitous Computing Environments

281

distributed systems. In addition, recommendation systems often suffer from issues of long trust chains, because the meaning of ‘trust’ changes with depth in the chain [9]. Delegation greatly enhances flexibility and scalability by making entities to rely on third-party assessments [6, 13]. The meaning of reputation is somewhat different from that of recommendation. Reputation is anonymous in the sense that it is an aggregation of trust information from different sources and as such we cannot associate a level of trust with the opinion expressed [15]. Reputation can benefit new joining entities that have no initial knowledge about others in the environment. Recently, trust models for sensor networks are also developed for detecting a list of attacks including black hole, selective forwarding, integrity/modification attacks [18, 19]. Trust and reputation information can be accelerated for new-comers, i.e. is useful in case of mobile nodes and/or newly initiated nodes.

3 NeVo (Network of Volunteers) The core idea of NeVo is that stable and capable nodes become volunteers to provide basic services such as QoS provisioning and mobility management in the network. Relatively dynamic and less capable nodes register with volunteers and depend on them. The volunteer with which a node registers is called a local volunteer of the node. The node that registers with its local volunteer is called a client of the local volunteer. 3.1 Building Networks of Volunteers Each node maintains three characteristic attributes - resource value (vr), mobility degree (dm) and willingness value (vw) such that vr, dm, vw ∈ Ν and 1 ≤ vr, dm, vw ≤ 10. First, vr represents a node’s resources quantitatively. Second, dm is a relative value to indicate dynamism of a node and it is a function of the average speed of the node. Third, vw is also relative, set by the node’s user or owner indicating the degree of the node’s willingness to volunteer. According to vr, dm and vw, each node’s solicit retrial ⎡ 10

10

⎤

number (ω) is determined by: ω = ⎢( v ⋅ w1 + d m ⋅ w2 + v ⋅ w3 ) ⎥ where, w1, w2, and w3 w ⎢ r ⎥ are weights (0 ≤ w1, w2, w3 ≤ 1 and w1 + w2 + w3 = 1). Probability of a node becoming a volunteer is inversely proportional to ω. A node makes maximum of ω number of attempts to be a client before it becomes a volunteer. Each client has a volunteer directory to maintain known volunteers’ information. Each volunteer maintains a volunteer directory and a client directory for information of its clients. A client registers with the closest k volunteers among known volunteers. Therefore, each client has k local volunteers, each of which maintains the same directory entry for the common client. In [2], we investigate the system parameter k and show that the appropriate value for k is 2. Volunteers use periodic announcement messages to indicate their existence. Whenever a client receives a non-duplicate announcement message, it inserts (or updates) the volunteer information including hop distance in the volunteer directory. During registration, a client lets the new local volunteer know about existing local volunteers. Additionally, the client informs the existing local volunteers of the new one. This

282

M. Kim, M. Kumar, and S. Jung

registration process allows volunteers to become aware of peers, forming logical networks of volunteers. When a volunteer receives a registration message, it inserts the client’s information into the client directory and the peer volunteers’ information into the volunteer directory. 3.2 State Transition Diagram To investigate the self-organizing property of NeVo in more detail, we illustrate the node state transition diagram in Fig.1. We name a node in VOLUNTEER state, a volunteer, a node in CLIENT state, a client, and a node in SOLICIT state, a solicitor. A node joins the network Gets k local volunteers

Number of solicit processes < ω SOLICIT

0 ~ k-1 volunteers

Has less than k local volunteers

CLIENT

Number of solicit processes ≥ ω

Has no clients and gets k local volunteers

k volunteers

VOLUNTEER

Fig. 1. Node State Transition Diagram

A node, Ni is in the SOLICIT state when it joins a network. While in the SOLICIT state, Ni makes a one-hop broadcast, soliciting volunteer information from its neighbors. Neighboring nodes respond with their volunteer directory information. Ni gathers volunteer information from neighbors and builds its own volunteer directory (besides soliciting, Ni can acquire information of volunteers by listening to announcement messages.) Then, Ni attempts to register with k nearest volunteers. If Ni cannot get k volunteers even after ω solicit attempts, it becomes a volunteer. First, Ni self-registers with own client directory and inserts its information into own volunteer directory. Next, Ni starts to send announcement messages. On the other hand, if Ni registers with k volunteers in less than ω solicit attempts, it becomes a client. When a client loses one of its local volunteers and cannot register with another volunteer, the client enters the SOLICIT state. When a volunteer loses all clients (due to, e.g. sudden movement beyond its coverage), it enters the CLIENT state if it can register with k other volunteers. 3.3 Service Discovery Utilizing NeVo We consider service discovery as a basic service that exploits NeVo. Any node (a volunteer or a client) can be a service provider (SP) as well as a service requestor (SR). For service discovery, a registration message from a client needs to include its

Trust Management Using NeVo in Ubiquitous Computing Environments

283

service description (functionalities). A service request message includes message id, SR id, DTLr and requested service description. Message id and SR id distinguish each request. DTLr is Distance To Live (DTL) field to set boundary of the request and measured by the number of volunteers to visit. When a SR needs a service, it sends a service request message to its k local volunteers. Upon receiving the request message, a volunteer looks for requested SPs (clients that provide the matched service) in its client directory. If a match is found, the volunteer forwards the request message to the matched SPs. Additionally, the volunteer reduces DTLr by 1 and forwards the request message to known volunteers if DTLr > 0. When a SP receives the forwarded service request message, and if the request message is a duplicate, the SP discards it. Otherwise, the SP needs to decide whether to accept the request according to its current conditions such as workload. The SP may either reject the request (by ignoring it) or accept it by replying to the original SR along with detailed service information including Quality of Service (QoS) information and current load. The SR selects the best preferable service by comparing several replies with details of the service information.

4 Trust Management 4.1 Trust Notation and Operators We denote a trust degree by T(N1→N2) = where t, c ∈ ℜ and 0 ≤ t, c ≤ 1. T consists of two components, trust value (t) and confidence level (c) that N1 (source node) has about N2 (target node). When N1 is the node under consideration, its trust degree with N2 is denoted by T(N2). Trust value indicates how much N1 trusts N2 and confidence level (knowledge level) means how much N1 knows N2, i.e. accuracy of the corresponding trust value t. Confidence level increases as more experience and reputation are accumulated to form the trust value. T0 is an initial trust degree set by the disposition of the source node when it has no advance knowledge for the target node. We define several operators that apply to trust degree T as follows. z

The aggregation operator, ⊕ , combines or aggregates two opinions of the source node (N1) about the target node (N2). This is expressed as, T(N1→N2) = T1(N1→N2) ⊕ T2(N1→N2) = < ( t1

c1 +t2 c 2 ), min(1, c1+c2) > c1 + c2 c1 + c 2

Where, T1(N1→N2) = < t1, c1 > and T2(N1→N2) = < t2, c2 > when c1 + c2 ≠ 0. The recommendation operator, ⊗ , is used to determine the trust degree of a target node (N3) through a recommender (N2)’s opinion, given the belief of the source node (N1) in the recommender. Our definition of operator ⊗ is,

z

T(N1→N3) = T1(N1→ N2) ⊗ T2(N2→N3) = < t1t2, c1c2 > where, T1(N1→N2) = < t1, c1 > and T2(N2→N3) = < t2, c2 >.

284 z

M. Kim, M. Kumar, and S. Jung

The range operator, | |, is used to extract the range of absolute trust value, given the confidence level. When |T| = |< t, c >| = [a ~ b], min|T| = a and max|T| = b. We define operator | | as follows, |T(N1→N2)| = |< t, c >| = [max(0, t - t (1 − c) ) ~ min(1, t + t (1 − c) )]. 2

2

If min|T(N1→N2)| > τ (a given threshold), N1 considers N2 as a trustworthy peer. Binary operators, ⊕ and ⊗ are commutative and associative. Therefore, the two operators can be expanded to apply for multiple trust degrees as follows. n

n n ⊕ Ti(N1→N2) =< t ci , min(1, c ) > where Ti(N1→N2) = < ti, ci >. i =1 ∑i n ∑ k i =1

∑c j =1

n

k =1

j

n

n

i =1

j =1

⊗ Ti(Ni-1→Ni) = < ∏ t i , ∏ c j > where Ti(Ni-1→Ni) = < ti, ci >. i =1

4.2 Trust Management Extension to the Basic NeVo Operations To facilitate trust management using NeVo, all entries in volunteer directories and client directories need an additional field for T. The basic operations of NeVo need to extend for trust management as follows. When a neighbor receives a solicit message from Ni, the neighbor replies with its volunteer directory that includes trust degrees (Trec) of known volunteers. Upon reception of a reply from one of neighbors, Ni computes a new T for each volunteer in the reply. If Ni has a record for the volunteer with Told in its volunteer directory, Ni updates with the new trust degree, Tnew = Told ⊕ ( T0 ⊗ Trec). Otherwise, Ni inserts a new record with Tnew = T0 ⊗ Trec. After updating and inserting known volunteers’ information with new trust degrees, Ni takes T into account to choose its k local volunteers besides hop distances. Similarly, announcement messages include trust degree (Trec) for the source volunteer. When a node Ni receives a non-duplicate announcement message, Ni computes a new trust degree Tnew for the volunteer, in a manner similar to that in the solicit process. After updating or inserting the volunteer’s record with Tnew, Ni may retransmit the updated announcement message containing Tnew to its neighbors. Initially, when a volunteer sends an announcement message, it sets Trec = <1, 1> since it has full confidence and trust in itself. When a volunteer Vi registers Ni, the former initializes T(Ni) as T0. To insert records for Ni’s other local volunteers in the volunteer directory, Vi initializes T for them as T0. If Vi has already records for some of Ni’s other local volunteers, Vi increases T for them by one basic unit defined in the system. That is, T of a volunteer increases as it has more clients. Our definition of increasing T by a basic unit is to increase t and c both by 0.1. Decreasing T by a basic unit is to decrease t by 0.1 and to increase c by 0.1. A client replaces one of its local volunteers when the former deems the latter is not trustworthy any more.

Trust Management Using NeVo in Ubiquitous Computing Environments

285

4.3 Trust Evolution through Service Discovery When a volunteer Vi receives a service request message from a SR (Ni), the former checks T(Ni) in its client directory. Only when Vi deems Ni is trustworthy, Vi accepts the request and processes it. When Vi finds the matched service provided by a trustworthy SP (Nj), Vi forwards the request along with T(Vi → Ni) to Nj. Additionally, Vi reduces DTLr by 1 and if DTLr > 0, forwards the request along with T(Vi → Ni) to trustworthy known volunteers. Upon receiving the forwarded request, a volunteer Vj processes the request only if Vi is trustworthy in its view. In this way, service requests are forwarded to only trustworthy entities. When Nj receives a forwarded service request from Vi, Nj decides whether to accept the request according to its opinion of trustworthiness for Ni (e.g. T(Nj → Ni) = T(Nj → Vi) ⊗ T(Vi → Ni)), in addition to the current conditions such as workload. Before selecting one among multiple SPs, Ni has the option to get T values of the SPs from their local volunteers. Fig. 2 illustrates an example of the evolution process when DTLr = 2 and k = 2. Vi1 and Vi2 are two local volunteers of the SR (Ni) and similarly, Vj1 and Vj2 are two local volunteers of the selected SP (Nj). Service discovery has been processed along the path Ni → Vi1 → Vj1 → Nj → Ni. Once Ni has utilized the service from Nj, all related nodes update their T values for other nodes as the following steps. For this, Ni and Nj exchange their local volunteers’ identities first.

Vi1

p p

o n

Vj1q

Ni

Nj SP

SR Vi2

Service Discovery Path Evaluation Path (Ni evaluates Nj)

Vj2 q Fig. 2. The process to update trust

n Ni sets its satisfaction degree of the interaction with Nj with regard to fulfillment of Nj. o According to the perceived satisfaction degree, i) Ni sets the evaluated trust, and sends it to Vi1; and ii) Ni increases or decreases T(Vi1) and T(Vj1) by a basic unit. If Ni has no entry for Vj1 in its volunteer directory, Ni initializes T(Vj1) before updating. p After receiving Tevl(Ni → Nj), Vi1 computes Tevl(Vi1→ Nj) = T(Vi1 → Ni) ⊗ Tevl(Ni → Nj) and sends it to Vj1 and Vj2. Vi1 also increases or decreases T(Vi1 →Vj1) given Tevl(Vi1→ Nj). q After Vj1 receives Tevl(Vi1→ Nj), it finally updates T(Vj1→ Nj) in the client directory taking into account T(Vj1 → Vi1) and Tevl(Vi1→ Nj). Vj2 also performs in the similar way.

286

M. Kim, M. Kumar, and S. Jung

The above evolution process is described by Ni’s experience. According to Nj’s experience, the corresponding evolution processes is needed, started by Nj. When the selected SP is a volunteer, the evaluation for the SP is propagated through the local volunteers of the SR.

5 Evaluation For comparison with distributed trust management approaches, we develop a trust management protocol applicable to the pull scheme. Since the pull scheme is totally distributed based on broadcast, it is appropriate to develop a distributed trust management protocol for the pull scheme. In this section, first, we present the simulation setup and second, we explain the developed distributed trust management protocol for the pull scheme. Finally, we compare performance and efficiency of the two trust management protocols with the simulation results. 5.1

Simulation Setup

We perform simulation studies using ns2 version 2.27 [12] and choose MANETs for simulation scenarios with a total of 50 nodes in a 700 x 700 m2 network area. We run 100 rounds and, in each round, every node requests a randomly selected type of service. Also, the related trust evolution process in terms of the SR’s experience is performed. As more rounds are processed, trust values become more accurate. We distinguish two types of nodes - good and bad. When a bad node sends recommendation or evaluation with the actual trust degree, Ta = < ta, ca >, it sends the fake trust degree Tf = < 1 - ta, 1 >. In addition, when a bad node provides services, it does not satisfy service requestors. We summarize other main simulation parameters in Table 1. We set k = 2. Table 1. Simulation parameters

Categories Trust management related parameters Service discovery related parameters

Parameters Incentive for direct interactions Incentive for recommendations Initial trust degree (T0) Threshold to be a trustworthy peer (τ) Number of service types DTLr

Values 0.2 0.1 < 0.5, 0 > 0.2 10 2

Incentives in the trust management category operate such that a source node increases or decreases trust value by the defined amount depending on its positive or negative opinion and increases confidence level by the same amount for a target node. Here, since we set T0 = < 0.5, 0 >, the initial minimum absolute trust value is 0.25 (0.5 – 0.5 (1 – 0)/2). As we set 0.2 for threshold of minimum absolute trust value, initially a node trusts strangers for potential interactions with them. In our simulation, every node is a SP that provides a service of a certain type. A service type is assigned to each node in a round robin fashion.

Trust Management Using NeVo in Ubiquitous Computing Environments

287

The main outputs we extract from the simulation studies are:

· · · · ·

tm: minimum absolute trust value of the selected SP (min|T|) nt: total number of messages sent during simulation rf: failure rate of service discovery on total requests during simulation (%) dr: average delay of successful service discovery (seconds) ℮: efficiency value to indicate performance on cost defined as ℮ = tm rs / ur where rs (success rate) = 100 - rf and ur (resource usage) = nt / number of total requests

5.2 Trust Management Protocol for the Pull Scheme The pull scheme operates in a totally distributed manner such that whenever a SR needs a service, it floods a service request message with DTLr and any SP that has the matched service replies to the SR. Note that DTLr in the pull scheme is operated by hop count between nodes. We develop a distributed trust management protocol for the pull scheme as follows. 1 When a SR (Ni) needs a service, it floods a service request message with DTLr (set as 2). 2 Upon receiving the service request, a SP (Nj) replies only when it deems Ni is trustworthy. 3 After collecting all service replies within a given duration (set as 1 second), Ni looks up its cache for trust degrees of all replied SPs. 3.1 If Ni has replies from trustworthy SPs, Ni selects a service of the most trustworthy SP (Nk). 3.2 If Ni does not have a reply from a trustworthy SP but has replies from unknown SPs, Ni floods a recommendation request message for the unknown SPs with DTLr (set as 1). 3.3 Upon receiving the recommendation request message, a recommender (Nr) replies only when it considers that Ni is trustworthy. 3.4 After collecting all recommendation replies within a given duration (set as 1 second), Ni selects a service of the most trustworthy SP (Nk) by evaluating all recommendations. 4 After utilizing the service of Nk, Ni updates T(Nk) according to fulfillment of Nk by the defined incentive (0.2). Similarly, Nk also evaluates T(Ni). 5 If there are recommenders of Nk, Ni evaluates each recommender. Service discovery fails when the SR does not get any reply from SPs that happens when all SPs within the coverage consider the SR is untrustworthy. In the trust management for the pull scheme, every node maintains trust degrees of others in the cache. In the simulation, all nodes assign same amount of storage for the cache. The allocated cache space is from 0% to 100% of the total storage amount required to save trust degrees of all nodes in the network. 5.3 Simulation Results Fig. 3 shows the average tm of all rounds against bad node ratio (refer to the legend in Fig. 4). We refer the trust management utilizing NeVo as T_NeVo and the trust management protocol for the pull scheme as T-Pull hereafter.

M. Kim, M. Kumar, and S. Jung

1.0

2.5

0.8

2.0

delay(second)

0.6 0.4 0.2

T_NeVo T_Pull(Cache:20%)

1.5

T_Pull(Cache:40%)

1.0

T_Pull(Cache:60%)

0.5

T_Pull(Cache:100%)

10 0

60

40

20

90 10 0

80

70

60

50

40

30

20

0

10

80

0.0

0.0

0

Trust Value

288

Bad Node Ratio (%)

Bad Node Ratio (%)

Fig. 3. Average of all rounds’ average tm

Fig. 4. Average delay of successful discoveries

With T_NeVo, each node can usually select more trustworthy SPs with the same bad node ratio. However, with 100% bad node ratio, T_Pull using 20% cache allocation shows the highest trust values of selected SPs. With high bad node ratios, nodes cannot tell trustworthiness of others well due to forged recommendations from bad nodes. Therefore, we assert that the trust values for the selected SPs with 20% cache allocation are not really high since SRs cannot have accurate trust values for SPs. Fig. 4 depicts the average delay of all successful service discoveries. With T_NeVo, the SR does not need to wait for all service replies for further evaluation since the SR can trust and select any SP recommended by the local volunteers. In contrast, using T_Pull, there are two time durations, each lasting one second: i) the wait period to receive all service replies; and ii) the wait period to receive all recommendation replies. Fig. 5 demonstrates service discovery failure rates with varying bad node ratios. 12 10

Failure rate (% )

Failure rate (%)

100 80 60 40 20

Bad Node Ratio (%)

(a) Bad node ratio < 1

90

100

80

70

60

50

40

30

20

10

0

0

T_NeVo

8

T_Pull(Cache:20%)

6

T_Pull(Cache:40%)

4

T_Pull(Cache:60%)

2

T_Pull(Cache:100%)

0 0

10

20

30

40

50

Bad Node Ratio (%)

(b) Bad node ratio < 0.5

Fig. 5. Service discovery failure rates (%)

In Fig. 5 (a), we see the failure rates are much higher with T_NeVo when bad node ratio is higher than 50%. The plots for bad node ratios in the range 0 to 50 are magnified in Fig. 5 (b), showing that with lower bad node ratio, T_NeVo has lower failure rates. In T_Pull, as bad node ratio increases, many SRs and SPs cannot tell trustworthiness of each other without direct interaction since all bad recommenders lie about others. In contrast, with T_NeVo, for successful service discovery, all related nodes including the SR, the SP, and their local volunteers need to trust each other. If majority of nodes are bad, first, SRs have difficulty in finding trustworthy local volunteers.

140000 120000 100000 80000 60000 40000 20000 0

289

Bad Node Ratio (%)

T_NeVo

6

T_Pull(Cache:20%)

4

T_Pull(Cache:40%) T_Pull(Cache:60%)

2

T_Pull(Cache:100%)

0

0 10

80

60

40

20

Efficiency value

8

0

Number of messages

Trust Management Using NeVo in Ubiquitous Computing Environments

Fig. 6. Number of total messages

Bad Node Ratio (%)

Fig. 7. Efficiency values (℮)

Fig. 6 shows the protocol overhead of both schemes in terms of the number of message exchanges during simulation (refer to the legend in Fig. 7). T_NeVo incurs considerably less number of message exchanges despite the messages for building and maintaining NeVo. In T_Pull, the higher cache allocation reduces communication overhead because each node maintains trust degrees for more peers, which results in decrease of recommendation requests. Fig. 7 presents efficiency values to indicate performance of trust management on protocol overhead (cost). As we expected, T_NeVo shows much better efficiency compared to T_Pull.

6 Conclusion and Future Work For secure interaction among participants in open networks, we propose a hierarchical distributed trust management scheme utilizing a flexible architecture called NeVo (Network of Volunteers). In the proposed trust management scheme, trust values of clients are maintained globally and consistently at their local volunteers resulting in the decrease of total overhead compared to the distributed approaches. We choose service discovery to illustrate the trust management protocols. However, the proposed security mechanisms can be applied to any service or application that requires interactions among nodes. For future work, we plan to design authentication protocols to integrate to the proposed trust management scheme. Identities of nodes are likely to be unknown in pervasive environments, which is a rather fundamental obstacle for node authentication [17]. Therefore, we will also consider the issue of identification and privacy.

References 1. Weiser, M.: The Computer for the 21st Century. Scientific American, 94–104 (September 1991); reprinted in IEEE Pervasive Computing, 19–25 (Janurary-March 2002) 2. Kim, M., Kumar, M., Shirazi, B.A.: Service Discovery using Volunteer Nodes for Pervasive Environments. In: Proc. of IEEE International Conference on Pervasive Service 2005 (July 2005) 3. Carbone, M., Nielsen, M., Sassone, V.: A Formal Model for Trust in Dynamic Networks. In: Proc. of the 1st Int. Conference on Software Engineering and Formal Methods, September 2003, pp. 54–63 (2003)

290

M. Kim, M. Kumar, and S. Jung

4. Capra, L.: Engineering Human Trust in Mobile System Collaborations. In: Proc. of ACM Sogsoft 2004, October 31-November 6, pp. 107–116 (2004) 5. Grandison, T., Sloman, M.: Trust Management Tools for Internet Applications. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 91–107. Springer, Heidelberg (2003) 6. Kinateder, M., Rothermel, K.: Architecture and Algorithms for a Distributed Reputation System. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 1–16. Springer, Heidelberg (2003) 7. Terzis, S., Wagealla, W., English, C., Nixon, P.: Trust Lifecycle Management in a Global Computing Environment. In: Priami, C., Quaglia, P. (eds.) GC 2004. LNCS, vol. 3267, pp. 291–313. Springer, Heidelberg (2005) 8. Josang, A.: A Logic for Uncertain Probabilities. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 9(3), 279–311 (2001) 9. Shand, B., Dimmock, N., Bacon, J.: Trust for Ubiquitous, Transparent Collaboration. In: Proc. of IEEE PerCom 2003, pp. 153–160 (2003) 10. Blaze, M., Feigenbaum, J., Strauss, M.: Compliance Checking in the PolicyMaker Trust Management System. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 254–274. Springer, Heidelberg (1998) 11. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: RFC2704 - The KeyNote Trust Management System (version 2) (1999) 12. Fall, K., Varadhan, K.: The ns manual (formally ns notes and documentation), http://www.isi.edu/nanam/ns/doc/index.html (cited 13, December 2003) 13. Cahill., V., et al.: Using Trust for Secure Collaboration in Uncertain Environments. IEEE Pervasive Computing Mobile And Ubiquitous Computing 2(3) (2003) 14. Resnick, P., Zeckhauser, R., Friedman, E., Kuwabara, K.: Reputation Systems. Communications of the ACM 43(45) (August 2000) 15. English, C., Wagealla, W., Nixon, P., Terzis, S., Lowe, H., McGettrick, A.: Trusting collaboration in global computing systems. In: Nixon, P., Terzis, S. (eds.) iTrust 2003. LNCS, vol. 2692, pp. 136–149. Springer, Heidelberg (2003) 16. Perich, F., Undercoffer, J., Kagal, L., Joshi, A., Finin, T., Yesha, Y.: In Reputation We Believe: Query Processing in Mobile Ad-Hoc Networks. In: Proc. of IEEE Mobiquitous 2004 (2004) 17. Zakiuddin, I., Creese, S., Roscoe, B., Goldsmith, M.: Authentication in Pervasive Computing: Position Paper, http://www.pampas.eu.org/Position_Papers/QinetiQ.pdf 18. Lewis, N., Foukia, N.: Using Trust for Key Distribution and Route Selection in Wireless Sensor Networks. In: IEEE Globecom 2007, November 26-30 (2007) 19. Pirzada, A.A., McDonald, C.: Trust Establishment In Pure Ad-hoc Networks. Wireless Personal Communications 37, 139–163 (2006)

A Fast and Efficient Handover Authentication Achieving Conditional Privacy in V2I Networks* Jaeduck Choi, Souhwan Jung, Younghan Kim, and Myungsik Yoo School of Electronic Engineering, Soongsil University, 1-1, Sangdo-dong, Dongjak-ku, Seoul 156-743, Korea [email protected], {souhwanj,younghak,myoo}@ssu.ac.kr

Abstract. This paper proposes a fast and efficient handover authentication with conditional privacy in V2I networks. One of the main challenges for achieving secure V2I communications is to accomplish a fast and efficient handover authentication for seamless IP-based services. Anonymous authentication with authority traceability is another important security issue. The basic idea is that a handover authentication occurs only between a vehicle and a roadside unit to reduce the cost of authentication time and communication overhead. After performing the handover authentication, the roadside unit notifies an AAA server of the authentication result and vehicle’s pseudonym ID, which does not affect the fast handover authentication. The proposed scheme is more efficient than the existing schemes in terms of authentication time and communication overhead. In addition, our work is the first study on conditional privacy preservation during a handover process in V2I networks. Keywords: VANET, V2I, Handover Authentication, Conditional Privacy.

1 Introduction Vehicular Ad-hoc Network (VANET) technologies have got recently considerable attention in the fields of research, standardization, and industry owing to their applications in roadway scenarios. VANETs can be classified into Vehicle-to-Vehicle (V2V) networks to provide driving safety and Vehicle-to-Infrastructure (V2I) networks to support seamless IP-based services during high-speed mobility. V2I applications contain various infotainment services such as VoIP, mobile IPTV, and Internet access. In V2I networks, the seamless mobility to vehicles across heterogeneous access network is essential. A variety of access network technologies such as IEEE 802.11 families including 802.11p Wireless Access in Vehicular Environments (WAVE) [1], IEEE 802.16 Wireless Broadband (WiMAX), and 3GPP *

This research is supported by the Ubiquitous Computing and Network (UCN) Project, Knowledge and Economy Frontier R&D Program of the Ministry of Knowledge Economy (MKE) in Korea as a result of UCN’s subproject 09C1-C1-20S, and partly supported by the Korea Science and Engineering Foundation (KOSEF) grant funded by the Korea government (MEST) (No. 2009-0053879).

S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 291–300, 2009. © Springer-Verlag Berlin Heidelberg 2009

292

J. Choi et al.

UMTS - on the link layer are converging their IP backbone or infrastructure through mobile IP technologies [2-6]. IEEE 802.11 technology offers high bandwidth in the hot spot coverage, but it does not support mobility and roaming functions. IEEE 802.16 is the broadband wireless access technology providing high-speed data rate and mobility. 3GPP provides wide coverage and nearly universal roaming, but it suffers from low data rates. Therefore, the convergence of IEEE 802.11, WiMAX, and 3GPP can provide a convenient network access with high data rates anytime and anywhere in moving vehicles. One of the main challenges for secure V2I communications is to achieve a fast and efficient handover authentication. V2I networks are composed of various wireless networks such as IEEE 802.11, WiMAX, and 3GPP. Furthermore, there are extremely large amounts of network entities and data packets in situations of high traffic density such as traffic jams. For example, drivers and passengers have generally a propensity to use multimedia services such as movie and TV program during traffic jam. According to Dedicated Short Range Communications (DSRC) [7], a vehicle should also send each message with a time interval 100 ~ 300 ms. Therefore, a handover authentication in V2I networks should be fast and efficient in terms of the authentication delay and communication overhead. It should also satisfy the fundamental security requirements and conditional privacy. In other words, the handover authentication should provide the authentication for network access and ensure the data confidentiality and integrity of the value-added services between the vehicle and the Roadside Unit (RSU). Conditional privacy is another important security issue in V2I networks. Drivers do not want their private information such as their name, position, and travel route to be revealed during a handover authentication process. However, when car accidents or certain crimes occur, the identity information of the driver must be revealed by law enforcement to establish liability. In this paper, we propose a fast and efficient handover authentication achieving conditional privacy in V2I communications. To the best of our knowledge, our work is the first study that deals with the conditional privacy issues during a handover process in V2I networks. The basic idea is that a handover authentication occurs only between a vehicle and a RSU to reduce the cost of authentication time and communication overhead. After performing the handover authentication, an RSU notifies an AAA server of the authentication result and vehicle’s pseudonym ID to provide conditional privacy, which does not affect the fast handover authentication. The rest of the paper is as follows. Section 2 reviews the existing handover authentication in wireless networks and describes security requirements for secure V2I communications. Section 3 presents the proposed handover authentication in V2I networks. The security and performance aspects of our scheme are discussed in Session 4. Finally, the concluding remarks are presented in Section 5.

2 Related Works and Security Requirements 2.1 Related Works Many studies have examined the problem of handover authentication for network access authentication on the link layer such as WLAN, WiMAX, and 3GPP. The handover authentication schemes can be classified into two categories: the AAA-based

A Fast and Efficient Handover Authentication Achieving Conditional Privacy

293

scheme and the non-AAA-based scheme. The existing AAA-based schemes, such as the IEEE 802.11i EAP authentication method [8], the proactive key distribution method [9], and the mobility prediction method [10], can be easily applied to V2I networks due to the direction of the roadway route. The movement of vehicles in V2I is relatively predictable since it is restricted to the roads. This has an advantage for handover authentication protocols. The predictability of the movement directions reduces the authentication time for handover since it can distribute authentication keys in advance. In other words, the authentication delay is nearly zero. However, in the case of urban areas, the driving patterns can go in any direction so that they are similar to the movement pattern of mobile nodes in normal wireless networks. Also, they still suffer from Round-Trip Time (RTT) latency and communication overhead between a vehicle and an AAA server. Therefore, these schemes are not best suited for real-time services during the high-speed mobility of vehicles. To cope with this problem, the handover authentication schemes without communicating with the AAA server have recently been proposed [11-12]. These are referred to as non-AAA-based schemes, and they reduce authentication latency and communication cost for handover. Kim et al. proposed an innovative light-weight authentication scheme called Secure Fast Roaming using ID-based Cryptography (SFRIC) [11]. The SFRIC employs ID-based cryptography to simplify the authentication process, which does not require contacting an authentication server or exchanging certificates. In this scheme, the client's identifier such as its MAC address can be used as its public key for verification and encryption. It provides both the mutual authentication and the key agreement. Furthermore, Kim's scheme can complete the handover authentication within the period 20 ms. Zhang et al. proposed a location privacy preserving handover authentication scheme based on an Elliptic Curve Cryptosystem (ECC) blind signature in vehicular networks [12]. Zhang's scheme using a blind signature not only protects the identity of a vehicle, but also reduces the movement tracking probability during the handover of the vehicles through a number of access points. Furthermore, Zhang's scheme reduces the authentication delay since it uses a fast exponentiation computation instead of a timeconsuming pairing computation. None of the existing handover authentication schemes provides conditional privacy. Although Zhang's scheme preserves user privacy, it is impossible for law enforcement to trace user's identity when car accidents or crimes occur. Hence, a fast and efficient handover authentication scheme with the conditional privacy is required. 2.2 Security Requirements for Secure V2I Networks We define security requirements for secure V2I communications as follows. • Requirements for a fast and efficient handover authentication − It should be efficient in terms of the time of cryptography operations used during a handover authentication. − It should reduce the number of authentication messages and authentication procedures. • Requirements for a secure handover authentication − It should provide the mutual authentication for network access between a vehicle and an RSU.

294

J. Choi et al.

− It should generate a dynamic session key for the secure communications between a vehicle and an RSU to provide data confidentiality and integrity. − It should support the conditional privacy, that is, other users and RSUs cannot guess the user's original ID, position, and travel routes. However, law enforcement should be able to reveal the real identity of the user when car accidents and crimes occur.

3 The Proposed Handover Authentication Protocol First, an AAA server of Mobile Service Provider (MSP) generates one RSA key pair (rsaPK -MSP and rsaPK +MSP) and two secret keys θ and ω, where θ is a trapdoor key of RSU and ω preserves user identities. After generating these keys, the AAA server distributes its RSA public key and the secret key θ to all RSUs. In this paper, we assume that APs can securely store all sensitive values. • Initial full authentication phase Figure 1 shows an initial full authentication phase. A vehicle should perform the initial full authentication such as EAP-TLS, EAP-PKMv2, and EAP-AKA with the AAA server through the RSU1. Once a vehicle completes the initial authentication, the AAA server generates the privacy identity of the vehicle and its signature as in (1) and (2). In addition, the AAA server computes the temporary handover authentication key gaimodp for the vehicle as in (3). Then, it sends these values to the vehicle through a secure channel.

PIDvehicle ( i ) = h(ω , IDvehicle (i ) || IDMSP || Texpire )

(1)

SIDvehicle (i ) = rsaSignrsaPK − ( PIDvehicle ( i ) , Texpire )

(2)

g ai mod p (where, ai = θ ⊕ bi , bi = h(θ , PIDvehicle ( i ) || IDMSP || Texpire ))

(3)

MSP

secret key : θ

secret key : θ

+ rsaPK MSP

+ rsaPK MSP

− secret key : θ , ω , rsaPK MSP

PIDvehicle( i ) = h(ω , IDvehicle ( i ) || IDMSP || Texpire ) SIDvehicle( i ) = rsaSignrsaPK − ( PIDvehicle ( i ) , Texpire ) MSP

bi = h(θ , PIDvehicle ( i ) || IDMSP || Texpire ) PIDvehicle ( i ) , SIDvehicle( i ) , g ai mod p, Texpire

ai = θ ⊕ bi , g ai

PIDvehicle ( i ) , SIDvehicle ( i ) , Texpire secret key : g ai mod p

Fig. 1. Initial full authentication phase

• Handover authentication phase When the vehicle moves into the new RSU2 to persist the connectivity for mobility, a fast authentication procedure should be performed as shown in Figure 2.

A Fast and Efficient Handover Authentication Achieving Conditional Privacy

295

Step 1: The vehicle chooses a random number x as its Diffie-Hellman (DH) secret key and computes its DH half-key gxmodp. The vehicle generates the credential μ using the temporary authentication key gaimodp to be authenticated by the RSU2 as in (4). It then sends the message including necessary data to the RSU2.

μ = h( g a mod p, PIDvehicle (1) || IDRSU || Tcurrent || Texpire || g x mod p) 1

2

(4)

Step 2: Upon receiving the message, the RSU2 checks the current time Tcurrent and the validation period Texpire. The RSU2 generates the handover authentication keys a1 and b1 of the vehicle using the trapdoor key θ of the RSU2 as in (5). Then, it computes the credential μ' and compares the received credential μ with μ'. If the validation is successful, the RSU2 verifies SIDvehicle(1) using the RSA public key of the MSP. If the RSU2 fails to verify the signature SIDvehicle(1) of privacy identity, the handover authentication is rejected. Finally, the RSU2 computes the credential ν with its DH half-key gymodp and a session key gxymodp for the mutual authentication and key agreement as in (6). The RSU2 then sends all parameters to the vehicle.

b1 = h(θ , PIDvehicle (1) || IDMSP || Texpire ), a1 = θ ⊕ b1

(5)

ν = h( g a mod p, g xy mod p || g x mod p || g y mod || Tcurrent )

(6)

1

Step 3: After receiving the message, the vehicle computes a session key gyxmodp and authenticates the RSU2 by computing ν'. If successful, the vehicle sends the final message including a hash value of the temporary handover authentication key and session key h(ga1modp, gxymodp) to the RSU2 to confirm the mutual authentication and key agreement. PIDvehicle (1) , SIDvehicle (1) ,

secret key : θ

secret key : θ

Texpire , g a1 mod p

+ rsaPK MSP

+ rsaPK MSP

Vehicle

RSU1

− secret key : θ , ω , rsaPK MSP

RSU2

AAA Server

x

choose x and compute g mod p compute μ

IDRSU (2) , PIDvehicle (1) , SIDvehicle (1) , IDMSP , μ, Tcurrent , Texpire , g x

check Tcurrent and Texpire compute b1 and a1 = θ ⊕ b1 authenticate vehicle by computing μ and verify SIDvehicle (1) choose y and compute g y mod p and g yx mod p compute ν PIDvehicle (1) , IDMSP , IDRSU ( 2) , ν, Tcurrent , g y compute g yx mod p authenticate vehicle by computing ν

IDRSU (2 ) , PIDvehicle (1) , h ( g a1 mod p, g xy mod p )

IDRSU (2) , PIDvehicle (1) , Tcurrent

Fig. 2. Handover authentication phase

296

J. Choi et al.

Step 4: The RSU2 verifies the received message. If it is successful, the RSU2 allows the vehicle to access the wireless networks. Finally, the RSU2 notifies the AAA server of the authentication result with the identities of vehicle and RSU2, which means that the AAA server can provide conditional privacy. Note that the last procedure does not affect the fast handover authentication.

4 Discussion on Security and Performance 4.1 Security Considerations

The proposed scheme satisfies the security requirements for a handover authentication in V2I networks. This section discusses the security aspects of the proposed scheme. • Authentication for network access An RSU authenticates a vehicle by checking the credential μ and SID. An attacker who does not register to an MSP or perform an initial full authentication with an AAA server of the MSP cannot access the wireless networks since the attacker does not know the temporary authentication key gaimodp for handover authentication. Furthermore, the adversary cannot generate the signature SID of privacy identity since he/she does not know the RSA private key of the AAA server. Therefore, the proposed scheme allows only the legitimate vehicle to access the wireless networks. If one RSU is compromised, an attacker can access the Internet using only valid PIDs and SIDs. Note that the attacker cannot access the wireless networks using arbitrary PIDs since he/she cannot make the SID value signed with the private key of AAA server. However, the AAA server can perceive the illegal situation where the PID and SID are being doubly used for network access. Hence, the AAA server can take action against this breach of protocol by limiting usage. • Conditional privacy In our scheme, a vehicle uses a pseudo identity (PID) generated by using the one-way hash function h() with the secret key ω of the AAA server during an initial full authentication phase. Therefore, it is difficult for other users and RSUs to derive the user's real ID from the PID overheard from a public network. For conditional privacy preservation, the RSU forwards the PIDvehicle and the RSU's position to the AAA server after performing the handover authentication. In other words, the AAA server has the ability to trace the position of the PIDvehicle and reveal vehicle's real identity IDvehicle using its secret key ω when a car accident or crime occurs. None of the existing handover authentication schemes considers conditional privacy. • Session key agreement for data confidentiality and integrity The proposed scheme provides the mutual authentication by verifying two credentials μ and ν. After performing the mutual authentication, a vehicle and an RSU generate a session key gxymodp using the Diffie-Hellman algorithm based on the Discrete Logarithm Problem (DLP), which is the problem of exactly computing gxymodp from given g, p, gxmodp, and gymodp. Then, two nodes derive the symmetric keys from the DH session key to ensure the data confidentiality and integrity of the value-added services between the vehicle and the RSU.

A Fast and Efficient Handover Authentication Achieving Conditional Privacy

297

• Perfect Forward/Backward Secrecy (PFS/PBS) The DH key exchange is a cryptographic protocol that provides the PFS/PBS. The PFS and PBS mean that even if a long-term secret key is every compromised at any point in time, it never reveals all the preceding and following session keys. In our scheme, the long-term secret keys are the ephemeral random values x and y of a vehicle and an RSU. This guarantees the freshness of the DH session key if two nodes have chosen their random exponents (xi and yi) properly. • Man-in-the-Middle (MITM) attack Communication between a vehicle and an RSU is secure against the MITM attack. An attacker who does not know a user's temporary authentication key gaimodp cannot make independent connections with the victims and relay messages between them. 4.2 Performance Considerations

The proposed scheme provides a reasonable authentication time for handover authentication. We consider two performance metrics to evaluate the handover authentication schemes: the authentication delay and communication overhead. We obtained the time cost of cryptography operation by the experiment using MIRACL library [13] on a Pentium IV 3GHz as depicted in Table 1. Although there are alreadydeveloped technologies for improving the pairing computation, the computational overhead is still expensive and highly theoretical compared to other operations. Table 1. Execution time of cryptographic operations Security size TE TRV TM

C

F

T=C/F

1,385,265 1024 bit

TP

615,645 1,092,284

0.463 ms 0.206 ms

2,992.56 MHz

0.365 ms

37,790,790

12.628 ms

C: total number of CPU clock cycles, F: frequency of the internal CPU timer TE: modular exponentiation , TM: elliptic curve point multiplication TP: pairing operation, TRV: RSA verification.

Table 2. Time cost of cryptography for handover authentication optimized by pre-computation Kim et al.

Zhang et al.

Proposed Scheme

Tvehicle

1 TP

1 TM

1 TE

TRSU

2 TP

1 TM

2 TE + 1 TRV

Ttotal

37.884 ms

0.73 ms

1.595 ms

Tvehicle: optimized total time for handover authentication at the vehicle TRSU: optimized total time for handover authentication at the RSU Ttotal: total cryptography time for handover authentication (Tvehicle + TRSU).

298

J. Choi et al. Table 3. Comparison on the cost of authentication messages in V2I networks

CRSU_AAA Cvehicle_RSU CRSU_RSU Cauth_msg

IEEE 802.11i Mishra et al. [8] [9] 8 3 14α 2α 8+14α 3+2α

Pack et al. [10] 2 4α 2+4α

Kim et al. [11] 3α 3α

Zhang et al. Proposed [12] scheme 1 5α 3α 2β 5α+2β 1+3α

(b) 0 < α <2, β = 0.5

(a) 0 < α <2, β = 0.1

(c) 0 < α <2, β = 0.9 Fig. 3. Improvement S of the proposed scheme

Table 2 shows the time costs of the cryptography operation for a handover authentication optimized by pre-computation. The existing schemes based on the AAA server are excluded from our comparison since their authentication delay is nearly zero. Zhang's scheme provides the fastest handover authentication, while Kim's scheme requires more time delay due to the pairing operation. In our scheme, the authentication time is acceptable since the time delay is less than the critical 20 ms threshold [14]. We assume that the expected authentication message delivery cost between an RSU and an AAA server (a wired network) is one unit, and the expected authentication message delivery cost between a vehicle and the RSU (a wireless network) is α unit. The delay in the route from the RSU to the AAA server is a critical factor in the total latency for handover authentication since the AAA server is often

A Fast and Efficient Handover Authentication Achieving Conditional Privacy

299

located in a remote location. Therefore, the cost α has the range 0<α<1. However, there may be a situation when the communication cost in the wireless channel is higher than the cost between the RSU and the AAA server due to the contention among wireless nodes. Therefore, we also consider that the cost α has the range (1<α<2). The expected authentication message delivery cost between RSUs is β units with the range (0<β<1) since the channel is a wired network. Finally, the communication cost for authentication messages is Cauth _ msg = CRSU _ AAA + Cvehicle _ RSU + CRSU _ RSU

(7)

The improvement S of the proposed scheme over existing schemes is S=

(Cauth _ msg of existing scheme) − (Cauth _ msg of proposed scheme) (Cauth _ msg of existing scheme)

(8)

Table 3 compares the authentication messages exchanged in the proposed handover authentication with existing schemes. Figure 3 shows that the proposed scheme is more efficient in terms of communication overhead than the existing AAA-based schemes. In the case of non-AAA-based schemes, Kim's scheme is the most efficient. However, Kim's and Zhang's schemes do not provide conditional privacy.

5 Conclusions In this paper, we have presented a fast and efficient handover authentication achieving conditional privacy in V2I communications. V2I networks are composed of various wireless networks such as WLAN, WiMAX, and 3GPP. Furthermore, there are extremely large amounts of network entities and data packets under high-traffic density conditions. The main challenges facing secure V2I communications are a fast, efficient, and secure handover authentication. The proposed scheme has been identified to be not only able to improve efficiency in terms of the authentication delay and communication overhead, but also capable of providing the conditional privacy preservation with basic security requirements in wireless networks.

References 1. IEEE Standard 1609.2-2006, IEEE Trial-use Standard for Wireless Access in Vehicular Environments - security services for applications and management messages (2006) 2. Mussabbir, Q., Yao, W., Niu, Z., Fu, Z.: Optimized FMIPv6 using IEEE 802.21 MIH services in vehicular networks. IEEE Trans. Veh. Technol. 56(6), 3397–3407 (2007) 3. Koodli, R.: Mobile IPv6 Fast Handovers, IETF RFC 5268 (2008) 4. McCann, Mobile IPv6 Fast Handovers for 802.11 Networks, IETF RFC 4260 (2005) 5. Jang, H., Jee, J., Han, Y., Park, S., Cha, J.: Mobile IPv6 Fast Handovers over IEEE 802.16e Networks, IETF RFC 5270 (2008) 6. Yokota, H., Dommety, G.: Mobile IPv6 Fast Handovers for 3G CDMA Networks, IETF RFC 5271 (2008) 7. ASTM E2213-03, Standard Specification for Telecommunications and Information Exchange Roadside and Vehicle Systems - 5GHz Band Dedicated Short Range Communications (DSRC) Medium Access Control (MAC) and Physical Layer (PHY) Specifications (2003)

300

J. Choi et al.

8. IEEE 802.11i Medium Access Control (MAC) Security Enhancements, Amendment 6 to IEEE Standard for Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements - Part 11: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications (2004) 9. Mishra, A., Shin, M.H., Petroni Jr., N.L., Clancy, T.C., Arbaugh, W.A.: Proactive Key Distribution Using Neighbor Graphs. IEEE Wirel. Commun. 11(1), 26–36 (2004) 10. Pack, S., Choi, Y.: Fast handoff scheme based on mobility prediction in public wireless LAN systems. IEE Proc.-Commun. 151(5), 489–495 (2004) 11. Zhang, C., Lu, R., Ho, P., Chen, A.: A location privacy preserving authentication scheme in vehicular networks. In: Proc. WCNC 2008, pp. 2543–2548 (2008) 12. Kim, Y., Ren, W., Jo, J., Yang, M., Jiang, Y., Zheng, J.: SFRIC: A secure fast roaming scheme in wireless LAN using ID-based cryptography. In: Proc. ICC 2007, pp. 1570–1575 (2007) 13. MIRACL, Multiprecision Integer and Rational Arithmetic C/C++ library, http://www.shamus.ie 14. Petroni Jr., N.: An empirical analysis of the 4-way hand-shake. IEEE 802.11-03/0563-00-000i, http://www.drizzle.com/~aboba/IEEE

Robust and Efficient Routing in Wireless Mesh Networks with Unreliable Nodes Apostolia Papapostolou1,2, Vasilis Friderikos2 , Tara A. Yahiya1 , and Hakima Chaouchi1 1

Telecom and Management SudParis, UMR CNRS 5157, Paris {apostolia.papapostolou,tara.yahiya,hakima.chaouchi}@it-sudparis.eu 2 Centre for Telecommunications Research at Kings College, London {apostolia.papapostolou,vasilis.friderikos}@kcl.ac.uk

Abstract. Wireless Mesh Networks (WMNs) are presently one of the most promising global telecommunication systems. It is expected that they will profoundly change the landscape of wireless broadband. This is because providing last mile connectivity to a backbone network (such as the Internet) continues to be a challenge of fundamental importance for the evolution of next generation wireless networks. In this paper, we address the main challenging issues related to the routing methods in the WMNs. We propose several routing algorithms which provide robustness and energy efficiency guarantees in an unideal environment which is characterized by frequent or rare node failures/misbehaviour. Numerical investigations illustrate that the proposed algorithms guarantee successful communication with power efficiency and low overhead even when faulty nodes subsist in the environment. Keywords: Wireless Mesh Networks, Routing Protocols, Fault Tolerance.

1

Introduction

Over the last few years the cumulative impact of the success of wireless networks and the Internet sparked a significant research interest into novel architectural designs for providing broadband Internet access. Admittedly, Wireless Mesh Networks (WMNs) have emerged as an important technology for providing, low cost and rapid deployable broadband last mile connectivity to the Internet and provision of backhaul support for 3G cells and IEEE 802.11 ’x’ hot spots. WMNs are characterized as a cooperative engagement of static nodes. To provide end-to-end communication throughout the network, peer hosts cooperate with each other to handle network functions, such as packet routing. Although WMNs are considered to be static, the coexistence of a wide variety of hosts imposes a number of undesirable effects in the routing mechanism. Since routing in WMNs relies on multi-hop communications, its effectiveness is highly influenced by the individual behavior of the nodes which participate in relaying 

This paper is conducted in the French national research project ANR 2006 SUN: Situated and Ubiquitous Networks.

S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 301–312, 2009. c Springer-Verlag Berlin Heidelberg 2009 

302

A. Papapostolou et al.

packets between one or more source-destination pairs [1]. Likely, a node may activate or deactivate his/her device arbitrarily causing random disconnections with severe consequences in the network performance. Providing robustness and tolerance under this unanticipated user behavior in an power efficient manner is a challenging task and the main goal of our work. Different routing strategies for multi-hop networks are proposed in the literature, but almost all of them have a good performance under the assumption that all nodes are reliable and behave ideally. Authors in [2] proposed an algorithm called End-to-End estimation-based fault tolerant routing algorithm (E2FT) which deploys first an estimation routing process and then a route selection process which decides a multipath route for packet delivery. However, E2FT uses end-to-end performance measurement and therefore estimation results are not affected by the intermediate nodes, which might be unreliable. [3] proposed a routing scheme which uses a stochastic learning-based weak estimation procedure with the objective to minimize the required overhead while guaranteeing a certain rate of delivery packets. However, the algorithm yields inefficient usage when the network get bigger. [4], [5] studied the energy-robustness tradeoff and proved that multipath routing based on energy-efficiency is not the best strategy. They proposed an alternative philosophy for fault tolerance based on minimizing the number of failure modes by reducing the number of intermediate nodes prone to failure. In this paper, we propose several routing algorithms which provide robustness and energy efficiency guarantees in an unideal environment which is characterized by frequent or rare node failures. Our algorithms try to take advantage of this dynamic environment with an objective of decreasing the complexity of continuously adopting to network changes. The rest of the paper is organized as follows: In section 2, the proposed system model is introduced. Section 3 describes our solutions based on the fault tolerant routing algorithms. Sections 4 and 5 present our simulation results and conclude the paper, respectively.

2 2.1

System Model and Problem Statement Unreliable Network Model

We consider a WMN consisting of a single gateway node and a number of users equipped with a wireless device which are located within a rectangular area A. We model this network as a graph G = (V, E), where V is the set of all nodes and E is the set of links between nodes which can directly communicate (see section 2.2). We denote the gateway node as s and we designate its position in this plane. Each wireless node i, with i ∈ V/s, is uniquely characterized by its (xi , yi ) coordinates which are randomly distributed within this area but fixed. Therefore, we consider a static network in terms of mobility. The traffic is always initiated from the gateway node and destinated to any of the user devices. The euclidian distance between a pair of nodes i and j is denoted as dij . For successfully delivering traffic from s to any destination node, each one of the |V|−1 wireless nodes may act as a relay for forwarding packets from the source or

Robust and Efficient Routing in WMNs with Unreliable Nodes

303

other wireless nodes to other nodes, and thus multi-hop paths are constructed. A Shortest Path Tree (SPT) algorithm, such as Dijkstra, is employed for selecting these paths. To incorporate the unreliability factor, we assume that each node may switch on or off his wireless device randomly and independently from other nodes. For simplicity, we assume that the gateway node, s, is always on. To represent the behavior of a node i, we define a random variable A(i) such that  1, if i is active A(i) := (1) 0, otherwise. A node i is considered to be active if his device is turned on. We define the probability a node i ∈ V/s being active, i.e. P r{A(i) = 1}, as node reliability probability and denote it as on(i). If this probability is above a given threshold T , i.e. on(i) ≥ T , we consider node i as reliable. We assume that on(i) follows uniform distribution, U (α, 1), where α is a parameter we use to characterize the reliability of the network. As α increases, the network’s reliability increases, since on(i), ∀i ∈ V/s tends to take higher values. A path, p, consisting of the gateway node s and M ≤ |V| − 1 wireless nodes i, j . . . , m ∈ V/s is denoted as p = [s, i, j, . . . , m], where (i, j) ∈ E. The set of all paths from the source node to the remaining nodes is denoted as π = {p2 , p3 , . . . , p|V|−1 }, where pi is the path with terminating node i. The behavior of a path pm = [s, i, . . . , m], depends on the node reliability probabilities of the nodes which construct it, i.e. on(i), . . . , on(m). Similarly, we can define a random variable which characterizes the state of a path p as  1, if A(i) = 1, ∀i ∈ p B(p) := (2) 0, otherwise. Therefore, B(p) =



A(i)

(3)

i∈p

We define the probability of a path p being robust or reliable, i.e. P r{B(p) = 1}, as path reliability probability and denote this metric as on(p). A path is reliable if all its nodes are reliable and its path reliability probability can be calculated as  on(p) = on(i) (4) i∈p

2.2

Transmit Power Model

The required power to be transmitted over a link (i, j) is denoted as Pij . We consider the signal to noise ratio (SNR) constraint that should be satisfied, in order to achieve a transmission rate rij over that link. Following the Shannon capacity formula, the rate rij is a function of the transmit power, Pij , and the received SNR, SN Rij , and can be formulated as rij = B log2 (1 + SN Rij )

304

A. Papapostolou et al. bh P

where B is the frequency bandwidth and SN Rij = Nijo Bij where hij denotes the channel gain of the link (i, j) and No is the thermal noise at the receiver j. For calculating the channel gain hij , we assume a widely used path loss model, i.e. hij = 10−P Lij /10 , where P Lij is the path loss associated with the link (i, j) and d given by P Lij = P Lo + 10n log10 ( dijo ). P Lo is the path loss at reference distance do , and n is the path loss exponent. Therefore, in order to achieve a transmission rij oB rate rij over a link (i, j), the required transmit power is Pij = N − 1). The bhij (2 power required to transmit over a path p, P (p), is defined as the summation of the power needed to transmit on all links which are included in this path, given that all adjacent nodes are active,  Pp = Pij , ∀p : B(p) = 1 (5) ∀(i,j)∈p

The total transmit power is the power required for delivering source traffic to all corresponding destination nodes which are active. If a terminating node ni of the path pi is not active the power required for transmitting over this path is not added in the total transmit power. Thus,  Pπ = Ppi (6) ∀pi ∈π: B(pi )=1

2.3

Routing Overhead Model

Since nodes are unreliable, a node failure may cause communication disconnections and therefore the current SPT needs to be recomputed. However, such SPT recalculations are accompanied with the so-called routing overhead which has two main types, namely the communication and computational overheads. The communication overhead is related to the number of control packets that need to be exchanged among nodes for announcing node or link failures and advertising available communication links. However in this paper, we focus on the computational overhead which is related to the computational complexity that is involved every time paths need to be recalculated. To execute a single SPT, the computational complexity is O(|V|2 ), where |V| is the number of nodes which are considered in the SPT construction, [6]. Thus, the total routing overhead is OHπ = κ × O(|V|2 )

(7)

where κ is the number of times the SPT need to be recalculated. However, for analyzing the number of required SPT recalculations, several factors should be considered. Whether a proactive or reactive routing approach is followed, the amount of packet traffic and the sampling rate are some of the most important ones. If the sampling interval is small, then more node transitions will be captured and therefore the associated overhead will grow accordingly. On the other hand, if we consider a large sampling interval then many state transitions will be missed jeopardizing the network robustness and power optimality. For simplicity and fairness we assume that there is always traffic from the source node to each wireless node and the sampling rate is such that node transitions are individually captured. In other words, we select a worst-case analysis.

Robust and Efficient Routing in WMNs with Unreliable Nodes

2.4

305

Problem Statement

The ultimate objective of this paper, is to derive an efficient and robust mechanism for successfully routing packets through multi-hop communication between the source node and the remaining nodes in an unreliable environment. For power efficiency, the routing algorithm should accommodate the transmit power requirement factor, whereas for robustness, the node reliability probabilities or the path reliability probabilities should be considered. We represent the problem by a bi-objective function with one constraint. The first objective is the minimization of the total transmit power and the other is the reduction of the overhead which is required to adapt to node state transitions. The overhead can be quantified in terms of computational complexity, i.e. number of SPT calculations. The constraint refers to successful delivery guarantees which should be satisfied. Thus, the bi-objective function to be solved can be formulated as Transmit Power Objective min Pπ π Overhead Objective min OHπ π Such that B(pi ) = 1, ∀pi ∈ π, if A(i) = 1

(8) (9) (10)

Since the problem has two objectives two straightforward mechanisms exist for optimally solving each one of them. For optimizing the power consumption, the simplest choice is to re-calculate the SPT every time one or more nodes change state, i.e. from active to inactive and vice-versa. However, this leads to the worst performance if the second objective is concerned. On the other hand, if minimizing the computational complexity is the only objective, then an unsophisticated approach is to allocate nodes with high probability of being inactive as leaves in the traffic forwarding tree. Thereby, only reliable nodes are utilized for relaying messages from the source to all destinations. By following this approach, however, great power savings may be sacrificed, especially if some of these unreliable nodes have a very advantageous position for traffic forwarding. In the following section we propose to use simple and efficient algorithms to solve both objective functions simultaneously.

3

Fault Tolerant Based Routing Algorithms

In this section, we propose and describe different routing mechanisms which guarantee robustness under such an unideal environment. 3.1

Node State Adaptive Routing – NSAR

According to this approach, the SPT is updated for any node state transition. The rational behind this approach is dual; a relay node shut down should be considered for ensuring connectivity but also the potential activation of an inactive node should be taken into account for possible power savings in case of relaying

306

A. Papapostolou et al.

messages through that node. Since power optimization is the only objective and the transmit power over a link (i, j) has a functional dependency with the distance between its adjacent nodes i and j, the link weights should be based on the corresponding distances. We select as the link cost to be used by the SPT algorithm, the square of the distance between each pair of active nodes i and j  2 dij , if i  = j and A(i) = A(j) = 1 w1 (i, j) := , ∀(i, j) ∈ E (11) ∞, if otherwise. This metric guarantees stability, loop-free and computationally efficient routing. At each sampling point the algorithm senses which nodes, either leaves or relays from the current SPT, have changed their state, from active to inactive and vice-versa. If at least one node has changed state, the SPT is recalculated. 3.2

Reliability Threshold Based Routing – RTBR

The aim of this approach is to reduce the routing overhead by trying to proactively avoid the number of transmission failures. For this reason, unreliable nodes are neglected during the SPT construction phase, i.e. they are allocated as leaves. For the residual reliable nodes, the SPT is determined in terms of power optimization. The rational behind this strategy is simple; unreliable nodes should not be employed for relaying source traffic. As mentioned in section 2.1, a node is considered as reliable if its reliability probability exceeds a given threshold T . The value of this threshold is an important parameter in this case. The higher its value, the more the leaves resulting in overhead reduction but in power performance degradation as well. The weight for a link between an unreliable nodes with all other nodes is assumed to greatly exceed their physical distance. For the residual reliable nodes, the link metric is chosen as in NSAR algorithm. Thus,  ∞, if on(i) < T or on(j) < T w2 (i, j) := , ∀(i, j) ∈ E. (12) w1 (i, j), otherwise. At each sampling point the algorithm senses which nodes have failed and recalculates the SPT if these nodes are relays to active paths, i.e. paths with active destination nodes. A special case is when this threshold value is 0, i.e. all nodes are considered as reliable. Notice that we must not coincide RTBR - T = 0 with NSAR, since the SPT in RTBR - T = 0 the SPT is updated only in the event of a relay node failure, whereas in NSAR this happens for any node transition. 3.3

Reliability and Distance Based Routing – RDBR

This algorithm targets at achieving a good trade off between the power and overhead objectives. For accomplishing this, the SPT looks for short and simultaneously reliable links. For this reason, the link metric incorporates both distance and node reliability probabilities. Intuitively, the weight of a link should be inversely proportional to its adjacent node reliability probabilities. Accordingly, higher reliable nodes are prioritized during the SPT determination which

Robust and Efficient Routing in WMNs with Unreliable Nodes

307

seeks for links with low cost. We select the minimum of the reliability probabilities of the adjacent nodes, since a single node failure is enough for disabling the communication over that link. Since probabilities are bounded by 0 and 1, i.e. 0 ≤ on(i) ≤ 1, the distance values should be normalized in this range as well the fairness between both objectives. Thereby, we select the following link metric  ∞, if i = j w3 (i, j) := (13) d2ij min{on(i),on(j)} , otherwise where dij is the normalized version of distance and is given by dij =

dij

max dij

∀(i,j)∈E

As in RTBR, at each sampling point this algorithm senses which nodes have failed and recalculates the SPT if these nodes are relays to active paths. 3.4

Multi-path Routing – MP

The rational behind multi-path routing is to provide robustness through path diversity. We study the case in which the gateway node s calculates two nodedisjoint paths to each destination node i, ∀i ∈ V/s. If the first shortest path includes one or more relay nodes which have failed, then forwarding the traffic through the second path is less likely to be unsuccessful, since these two paths forward traffic through different nodes. As link metric we can utilize either w2 or w3 and we can refer to RTBR-MP, RDBR-MP routing mechanisms, respectively. Regarding the SPT complexity, initially, two node-disjoint shortest paths are computed contributing by 2 to the total overhead. A new SPT re-calculation is required when neither the first nor the second shortest path is reliable for at least one active terminating node. Thus, in the worst case, the total number of SPT updates is equal to the number of failed relay nodes in the secondary SPs if the corresponding first SPs are unreliable. To make it clearer, we do not consider the second path relay failures if the corresponding first path is reliable. The lower bound is 2 or 3, if there is no need for SPT re-calculation or the relays we account for turn off in synchronization. 3.5

By-Passing Technique

An alternative approach for providing robustness under these node failures is by letting each active node increase its power and transmit to the next active node of the corresponding path. We call this technique By-passing, since failed relays are ’by passed’ by their previous nodes while forwarding traffic to the corresponding destinations. This is feasible when these active nodes are within communication range, i.e. they can communicate directly. Otherwise, the SPT should be recalculated. This technique can be used by all previous schemes instead of recalculating the SPT in the case of a relay failure, resulting in reduced number of SPT calculations. However, the communication overhead, i.e. the number of control packets that need to be exchanged is increased since the routing tables should contain not only the next hop but also the two-hops away information for every destination.

308

3.6

A. Papapostolou et al.

Local Repair Technique – LRT

So far we were trying to minimize the computational overhead by reducing the number of the required SPT iterations, κ. Alternatively or additionally, we can reduce the number of nodes which are considered during the SPT computations, |V|. This can be achieved by considering only the nodes which belong to the branch from the gateway where the transiting node (or failing node) belongs. This mechanism can also be employed by all routing schemes in the region of the failing relay node. By adopting this mechanism, it is obvious that only the corresponding branch is optimized in terms of power consumption. Thus, the entire SPT is not optimal and this is actually the cost of this overhead alleviation. Note that for each routing mechanism, the number of required SPT updates is the same regardless a local or global calculation. Thus, to compare the overhead performance of the algorithms, we compute the total number of nodes affected after the node transitions (or relay failures) at any given sampling point.

4 4.1

Performance Evaluation Simulation Setup

As a simulation environment we consider a rectangular area of length 1.5 km on each side with a gateway node s at position (0,0) and 19 wireless nodes randomly located within this area. The gateway node is always active whereas the rest of the nodes switch between active and inactive states randomly. The probabilities nodes being active, node reliability probabilities, might be different among them but they follow the same uniform distribution, on(i) ∼ U (α, 1), ∀i, where α ∈ [0.1, 0.5]. For a given α value, the node reliability probabilities are determined and based on these, 1000 Monte Carlo samplings are taken to finally compare the average performance achieved by each of the different routing mechanisms. Two performance metrics are employed, namely the power and overhead (computational), as explained in sections 2.2 and 2.3. 4.2

Simulation Results

Fig. 1 compares the performance of the RTBR algorithm for different values of threshold, T=0, T=0.7 and T=0.9, as the network reliability increases. For all values of T, both power (Fig. 1(a)) and overhead (Fig. 1(b)) have a decreasing tendency as α increases and this is because the network becomes more reliable, that is more nodes are available for selecting the optimal paths and less relay failures occur. Moreover, as the value of T increases, the power consumption increases, whereas, the complexity decreases. This is because more nodes are considered as unreliable and therefore the selected SPT is further from the optimal but at the same time more stable. In Fig. 2 we compare the performance in terms of power (Fig. 2(a)) and overhead (Fig. 2(b)) achieved by the NSAR, RTBR-T=0, and RDBR algorithms.

Robust and Efficient Routing in WMNs with Unreliable Nodes

(a) Power

309

(b) Overhead

Fig. 1. Performance comparison of the RTBR algorithm for different threshold values versus network reliability level

(a) Power

(b) Overhead

Fig. 2. Performance comparison among NSAR, RTBR-T=0 and RDBR algorithms versus network reliability level

Once again we observe that improving the performance of one metric comes with the cost of degrading the performance of the other. However, even by simply restricting the number of SPT recalculations to the number of relay failures (RTBR-T=0) instead of considering all node state transitions (NSAR), the relative performance improvement in terms of overhead is higher than the performance degradation in terms of power. Additionally, we observe that for more unreliable cases (α ∈ [0.1, 0.3)) the performance of RDBR is better than RTBR-T=0 when both objectives are concerned. In Fig. 3 we examine the impact in the performance when multi-path routing is enabled for the RTBR-T=0 and RDBR algorithms. Regarding power (Fig. 3(a)), we observe that the performance is identical with or without multi-path routing for both algorithms. However, in Fig. 3(b), we observe overhead increase

310

A. Papapostolou et al.

(a) Power

(b) Overhead

Fig. 3. Impact of Multi-Path routing

(a) Power

(b) Overhead

Fig. 4. Impact of by-passing technique

in the case of multi-path routing. This is due to the initial calculation of two SPTs. The conclusion that can be drawn from the combination of both figures is that the additional forwarding path did not offer any advantage in the system performance. However, this does not imply that multi-path routing should be disregarded from the list of possible solutions for robust and sufficient routing. Increasing the number of alternative paths or decreasing the number of users might lead to a performance gain when multi-path routing is employed. Fig. 4 illustrates the performance when the by-passing technique is enabled by both RTBR-T=0 and RDBR algorithms. The power penalty (Fig. 4(a)) is not significant and the corresponding overhead (Fig. 4(b)) is the same and equal to 1 for both cases, which is the initial SPT calculation. A straightforward conclusion from both figures is that the by-passing method is the optimal solution, as it has the least possible overhead and the accompanied power is low. However, as

Robust and Efficient Routing in WMNs with Unreliable Nodes

(a) Power

311

(b) Overhead

Fig. 5. Impact of Local Repair Technique (LRT)

explained in section 3.5, the communication range constraints and the increased packet overhead restrict the benefits of this solution. In addition, the rate may be decreased since the supported bit rate depends on the distance between the communicating nodes. However, it still remains a promising one. Finally, Fig. 5(a) and Fig. 5(b) depict the impact in the performance in terms of power and overhead, respectively, for NSAR, RTBR-T=0, and RDBR when we restrict the region of calculating the shortest paths only in the branches of the failed relays. Note that in this case the overhead is measured in terms of number of participating users. We observe that especially for the NSAR algorithm the reduction in this type of overhead is very significant while the power penalty is not so considerable and it decreases as the network reliability increases. This is because this algorithm is very sensitive to any node state transition and even for a single state alteration all nodes take part in the SPT calculation.

5

Conclusion

The ease of deployment, low cost and multi-hop communication capability are some of the key characteristics of WMNs. Routing in multi-hop WMNs has always been a challenging research avenue. Especially, when these routes rely on the behavior of individual users the robustness of the network becomes susceptible. In this paper, we proposed several routing mechanisms which provide robustness in a such unreliable environment which is mainly characterized by frequent or rare node failures and recoveries. Adapting to every node state transition, suspending unreliable nodes from forwarding traffic and selecting routing paths based on a new link metric which captures both inter-node distance and their failure proneness are our basic routing proposals. In addition, we investigated three supplementary techniques for further performance enhancement. Path diversity through mutlipath, bypassing intermediate nodes by simply increasing transmit power to reach the next well-operating node or restricting the

312

A. Papapostolou et al.

resolution mechanism only in the region of the incident failures were employed by all basic routing mechanisms. We conducted extensive simulations for comparing their performance in terms of energy and computation efficiency for environment with different network reliability levels. Numerical results showed a performance advantage for the basic scheme based on the joint link metric and the supplementary techniques of bypassing and local repair. As future work, we will study the performance of these algorithms after considering more network aspects in the system model, such as the interference factor, the existence of multiple-rate links and the communication routing overhead.

References 1. Akyildiz, I.F., Wang, X., Wang, W.: A Survey on Wireless Mesh Networks. IEEE Radio Communications 43(9), S23–S30 (2005) 2. Xue, Y., Nahrstedt, K.: Fault Tolerant Routing in Mobile Ad Hoc Networks. IEEE WCNC, 1174–1179 (March 2003) 3. Nandiraju, N.S., Nandiraju, D.S., Agrawal, D.P.: Multipath Routing in Wireless Mesh Networks. IEEE MASS, 741–746 (October 2006) 4. Krishnamachariy, B., et al.: The Energy-Robustness Tradeoff for Routing in Wireless Sensor Networks. IEEE ICC 3, 1833–1837 (2003) 5. Zhou, N., Wu, H., Abouzeid, A.A.: Reactive Routing Overhead in Networks with Unreliable Nodes. ACM MCN, 147–160 (2003) 6. Fredman, M.L., Tarjan, R.E.: Fibonacci Heaps and Their Uses in Improved Network Optimization Algorithms. J. ACM 34(3), 596–615 (1987) 7. Kawatra, R.: A Hop Constrained Min-Sum Arborescence with Outage Costs. Computers & Operations Research 34(9), 2648–2656 (2007)

Video Compression for Wireless Transmission: Reducing the Power Consumption of the WPAN Hi-Speed Systems Andrey Belogolovy1, Eugine Belyaev1, Anton Sergeev2, and Andrey Turlikov2 1

Intel Corporation, Communication Technoloty Lab Russia, Leninskiy av. 160, 196247 St.Petersburg, Russia {andrey.belogolovy,eugeniy.a.belyaev}@intel.com 2 St. Petersburg State Universty of Aerospace Instrumentation, Bolshaya Morskaya str. 67, 198000 St.Petersburg, Russia {slaros,turlikov}@vu.spb.ru

Abstract. In this paper, we consider the power consumption aspects of video over wireless transmission in wireless personal area networks. We show that lossless and lossy compression always gives power consumption gains if we consider joint power consumption of transmission and compression units. Keywords: wireless video transmission, compression, power saving, HDTV, WPAN, NGmS, 802.15.3с, wireless display.

1 Introduction Video transmission in wireless personal networks (WPAN) has become a hot topic in the modern industry. The ability to use 60GHz spectrum led to new communication standards development to cover short range video delivery tasks. The standards like WirelessHD [1], IEEE 802.15.3c [2] and NGmS (Next Generation millimeter-wave Systems) are designed especially to transmit the uncompressed high-definition video (HD video) over wireless for video cable replacements in home or office use, to exchange multimedia data in WPAN networks using the handheld devices or to connect the handhelds to the remote display panels. Traditionally the compression (lossless or lossy) was aimed to decrease the data size to be transmitted, and everyone understands that if the channel bandwidth may become smaller that the uncompressed data size, then using of compression is the only solution. But if the channel bandwidth is always high enough to fit the uncompressed data the question is: do we need a compression in the transmission chain? Regarding the mobile devices such as handhelds the one of the most interesting questions is the battery power consumption and battery live time. When the device also has a capability to use the remote display connected with wireless protocol like NGmS or other the question is: how much will affected the total power consumption of the handheld by the video over wireless transmission? And is there any possibility to decrease the power consumption and to save battery? In this paper, we show that even if we have a very high bandwidth channel that can fit all raw HD video data, it is always better to use lossless or lossy video compression S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 313–322, 2009. © Springer-Verlag Berlin Heidelberg 2009

314

A. Belogolovy et al.

before transmission to decrease the power consumption. It is clear that the compression scheme will also consume the battery power, but we show that it is possible to develop a very small and power efficient compression scheme based on JPEG-LS [3] or H.264/AVC [4] standards that allows to minimize the total power consumption of transmission and compression comparing to the uncompressed video transmission power consumption. The paper is organized as follows. In section 2 we formally define the problem of selecting an efficient video compression method while minimizing the total power consumption of the whole system. We also suggest the simple power-rate model introducing the overall power consumption at the transmitter as a function of the input data rate. In section 3, we present the compression schemes based on JPEG-LS and H.264/AVC standards showing what set of options we select to be used. Then we estimate the compression efficiency (simulation results for rate-distortion functions) considering HD video of three types: computer screen graphics, synthetic movie and natural movie. In section 4, we apply the power-rate model to estimate the power consumption of the real video compression/transmission system taking NGmS networking as an example. Section 5 concludes the paper.

2 Problem Statement The goal of this work is to estimate the efficiency and advisability of compression in wireless video cable replacement from the power consumption point of view for the overall system. The main estimation criteria are the total power consumption at the transmitter side and the quality of the reconstructed video sequence at the receiver after transmission. Therefore first of all we should find a relation between these criteria and define a power-distortion model connecting energy consumption for video processing/transmission and quality (PSNR) of the received frames. Such a model consists of several parts. Firstly we introduce analytical power-rate function that refers to the overall power consumption at the transmitter required to support different compression rates. Models that use Shannon bound for power-rate approximation such as [5] are absolutely unsuitable here for WPAN systems due to much smaller WPAN rates for the given power consumption level. Therefore below we present and describe new wirelessoriented linear power-rate model. Secondly real rate-distortion function is estimated for different video compression algorithms. For that we implemented the compared encoders in RTL. So the results obtained are well correlated with practice and our final goal – designing of the hardware low-complexity video transmission system. Existing complexity-rate models like in [6] are unfortunately quite inaccurate and provide very rough estimates only. Summarizing the described two stages i.e. basing on analytical power-rate function and experimental rate-distortion function it is possible to estimate the required powerdistortion function for the selected encoder and video transmission system. In this work we assume the following scenario: the maximum channel bandwidth is high enough to fit all possible compressed video data (even if it is compressed with compression ratio 1, i.e. uncompressed). We want to compare the power consumption

Video Compression for Wireless Transmission

315

of the uncompressed transmission and two compression schemes in lossless mode, and then to compare two compression schemes when they produce the same reconstructed image PSNRs in the case of lossy. We consider that data in wireless transport will be transmitted using the two following states: Idle state. In this state data transmission is disabled and transport power consumption is P0 . z. The power consumption of the MAC (Media Access Control layer) and PHY (Physical Layer) is reduced because there are no data for handling and processing. Maximum rate transmission state. In this state a data is transmitted with the maximum possible modulation and coding scheme that provides rate Rmax and the wireless power consumption at the transmitter is

Pmax .

Only these two transmission rates are available irrespectively to the amount of input data to be delivered. If an input data rate R is lower than Rmax then the transmitter uses transmission state with

Rmax rate and goes to the idle state time-to-time. So

the average power consumption of the wireless transmitter can be defined as

Ptransmitter ( R ) =

Pmax − P0 ⋅ R + P0 , Rmax

(1)

where R is the average bit-rate of transmitted video sequence. Therefore, the total power consumption of the transmitter side Ptransmitter considering video compression unit can be written as Ptransmitter ( R ) =

Pmax − P0 ⋅ R + P0 + Pencoder Rmax

(2)

Pencoder is the power consumption of the video encoder (see Fig. 1). So the main idea of using video compression is that in average Ptransmitter (R ) of

where

such a system should be lower than the power demand in the uncompressed video transmission case: Ptransmitter ( R) ≤ Pmax

(3)

It is obvious from the expressions (2) and (3) that the overall power gain is ensured when the encoder consumes less than Pmax − P0 watts and the average compression ratio exceeds 1.0 (e.g. an amount of the transmitted data is not increased after compression). One can see that the proposed model is quite simple. At the same time it takes into account the power consumption of the whole transmitter for signal processing, coding and radiating. Obviously Rower-Rate function of real systems strongly depends on the implementation, selected platform and technology and may be non-linear.

316

A. Belogolovy et al.

Fig. 1. Power-Rate model used for estimating the total power consumptions of the wireless video transmission system

3 Low Power Video Encoding In this section, we consider the options we used to implement the video compression encoders that will consume the less possible power. We are trading off the compression performance efficiency to the encoding complexity and, as the result, the power consumption. 3.1 Selecting Video Encoder for Low Power Video Transmission

To meet the power consumption limitations defined above it is suggested here to use video encoders with relatively small level of operational complexity and very small memory utilization. To decrease complexity costs at the encoder side intra-coding mode only is used, i.e. the frames are compressed independently and are not stored after compression. Therefore we can not apply algorithms that exploit temporal redundancy such as motion estimation/compensation (ME/MC) or differential coding. It is clear that motion estimation/compensation requires at least one previously saved memory-based frame to find motion vectors. For HD resolution 1920x1080x24 bpp one frames takes ~6 Mbytes and can be stored using external memory units. That is quite expensive from the implementation complexity and the power consumption point of view. Moreover the operational complexity of the ME/MC algorithms is also very high. In this work we concentrate on estimating power-distortion functions using the following two compression algorithms in the intra-coding mode: H.264/AVC and JPEGLS. The reasons behind this choice are as follows. We consider H.264/AVC standard for compression because it is the latest industrial standard and has very high potential for profiling and complexity decreasing. JPEG-LS is selected because it is the latest international standard for lossless and near lossless still image compression. As it is shown in [8] and [9], when tested over a benchmark set of images of a wide variety of

Video Compression for Wireless Transmission

317

types, JPEG-LS provides the best lossless compression performance in comparison with other algorithms (JPEG2000 [10], MPEG2 [11]) at a much lower complexity level. Another near-lossless compression algorithm CALIC [12] is not selected because it has much higher complexity level despite the fact that it shows slightly better average lossless compression ratio. The selected video encoding system should be really universal i.e. it should encode photorealistic, synthetic images and computer graphics with similar efficiency without single-purpose orientation to the compression of one image type only. Therefore compressors like PNG and GIF that are oriented to the mostly computer graphics are not considered. JPEG2000 performs reasonably well in terms of its ability to efficiently deal with various types of images and provides competitive compression ration but anyway it’s is too complex due to arithmetic coding and multiple bitwise operations [9]. Both JPEG-LS and H.264/AVC in intra-mode do not require the entire image as a single atomic unit for efficient intra-compression. An image is split into smaller pieces, each piece is encoded independently and sequentially. More specifically, an image is partitioned into one or more disjoint rectangular regions called slices. Slices are quite small that greatly decreases the level of memory consumption. The slice size in our approaches is 1920x16 (<100 KByte for 24 bits/pixel). Therefore for intracoding schemes considered a low-cost internal chip-based memory can be used. In the case of several slices loss during transmission, other slices of the frame can be decoded and reconstructed successfully. It increases noise immunity and an ability of error concealment at the decoder side that is very important for video transmission over the time-variant wireless channel. Also the slicing structure of the processing decrease the end-to end latency. 3.2 JPEG-LS Based Compression

The main advantage of the JPEG-LS is a possibility to set up the max error value per pixel by choosing the difference bound for near-lossless coding (so-called “near” parameter or “lossy-factor”). Its advantage is an extremely small level of memory consumption at the encoder side (< 10KByte in our tests). Here we estimated JPEG-LS coding performance using different color space representations of the input frames. ƒ ƒ ƒ ƒ

RGB, original Red-Green-Blue color space; YUV [4] color space, 8 bit/sample; YCoCg-R [13] colors space; RCT [10] colorspace transform from JPEG 2000 standard.

YCoCg-R and RCT use 8 bit per luma and 9 bit for chroma (color) components. They were tested using 2 modes: without subsampling and with 4:2:0 subsampling. It should be also noted that in case of a noise-like input image the size of the encoded row of pixels could exceed the size of the original one before the compression. Then the original row of pixels is transmitted without coding to provide an average compression ratio more or equal than 1.0. During the experimental campaign RCT showed the best results from the position of rate-distortion ratio (PSNR vs. bit-rate) and was selected for further comparison with H.264-based scheme. As the result for HD picture size and 60 frames per second rate, we were able to design and implement in RTL the encoder with total power consumption of ~10mW working at 150MHz clock rate. TSMC 60nm technology was used.

318

A. Belogolovy et al.

70 Desktop 65

PSNR, dB

60 55 50 45 40 35 30 0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

1.1

1.2

1.3

1.4

70 Elephant 65

PSNR, dB

60 55 50 45 40 35 30 0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

1.1

1.2

70 KungFu

PSNR, dB

65 60 55 50 45 40 35 30 0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

1.1

1.2

1.3

1.4

1.5

rate, Gbps JPEG-LS

H.264/AVC

Fig. 2. Rate-Distortion function of JPEG-LS (square marks) and H.264/AVC (diamond marks) compression algorithms for video sequences “Desktop”, “Elephant” and “KungFu”

Video Compression for Wireless Transmission

319

3.3 H.264/AVC Based Compression

The smallest possible configuration of the H.264/AVC encoder for the lossy compression mode (quantization parameter QP = 1 - 51) consists of the following operations: ƒ ƒ ƒ ƒ ƒ ƒ

RGB to RCT color space transform Intra DC-prediction 4x4 DCT and 4x4 IDCT Scalar quantization. Intra/IPCM decision algorithm Context-based Adaptive Variable Length Coding.

For absolutely RGB-lossless compression mode (QP = 0) the same blocks are used except for DCT/IDCT and scalar quantization that are omitted. The best color space transform was chosen similar to JPEG-LS approach. To provide the average compression ratio more or equal than 1.0 we propose additionally using IPCM macro-block type (for acceptable processing of the video signals with noise). As the result for HD picture size and 60 frames per second rate, we were able to design and implement in RTL the encoder with total power consumption of ~20mW working at 150MHz clock rate. TSMC 60nm technology was used. 3.4 Compression Efficiency

In this section, we present the simulation results obtained with 3 test image sequences: “Desktop”, “Elephant” and “KungFu”. The first test corresponds to computer desktop working: running office applications (MS Visio and Paint), dragging windows. The sequence was captured directly from the PC display driver. The second test is a small fragment of the cartoon “The Elephant Dreams”. Because the cartoon is synthetic (i.e. created without cameras), there are no noises in the frames. The last test “KungFu” is a small fragment from a natural video with motion and camera noises. The simulation result curves below show the best combination of the encoding mode, colorspace transform and subsampling scheme for the corresponding compression algorithm used. Below in the graphs 70dB PSNR means the infinity, i.e. absolutely RGB-lossless quality, all other PSNRs are real peak signal-to-noise ratios obtained in the simulations. One can see that JPEG-LS shows better results for higher rates that are closer to the point of lossless coding while H.264/AVC is better for low rates.

4 Estimating Power Consumption for NGmS Transmission In this section, we apply the power-rate model proposed in section 2 for estimating power consumption of the real wireless video compression and transmission system. We consider the power consumption of the wireless video cable replacement chip that uses either JPEG-LS or low-complexity H.264/AVC compression and NGmS transmission taking into account the power consumption of the whole system. The power consumption targets for 60GHz NGmS wireless transport (MAC and PHY together) are as follows: Idle State. P0 = 0.3 i.e. zero transmission rate consumes 300mW.

320

A. Belogolovy et al.

2.1 Desktop

Power, W

1.9 1.7 1.5 1.3 1.1 0.9 0.7 0.5 0.3 30

35

40

45

50

55

60

65

70

40

45

50

55

60

65

70

40

45

50

55

60

65

70

2.1 Elephant

1.9

Power, W

1.7 1.5 1.3 1.1 0.9 0.7 0.5 0.3 30

Power, W

2.1 1.9

35

KungFu

1.7 1.5 1.3 1.1 0.9 0.7 0.5 0.3 30

35

PSNR,dB JPEG-LS

H.264/AVC

Uncompressed

Fig. 3. Power-Quality function estimated for NGmS video transmission system using JPEG-LS (square marks) and H.264/AVC (diamond marks) encoders. The level of power consumption for uncompressed video transmission is also shown (circular mark).

Video Compression for Wireless Transmission

321

Maximum Transmission State. Pmax = 2 , Rmax = 3 i.e. max 3Gbps rate consumes 2W. Applying the given parameters to the equations obtained in section 2 we have PTransmitter ( R ) = 0.57 ⋅ R + 0.3

(4)

Basing on the unit RTL synthesis the power consumption of the schemes described above is ~10mW for JPEG-LS based solution, and ~20mW for low complexity H.264/AVC based solution. One can see that the level of power consumption for the both encoders is less than the limit defined by equation (3). The average compression ratio of JPEG-LS in lossless mode is more than 3 times. It leads to average power gain more than 2 times (1.2 watts) in comparison with uncompressed video transmission system. Average power consumption of transmission scheme based on low-complexity H.264/AVC encoder is less than uncompressed approach by 0.9 watts. It is important to note that all the measurements and estimations are done for HDTV resolution and frame per second rate. In case of lower resolution the absolute gain for video transmission systems will decrease. Additional reduction of transmission power consumption can by obtained by using of lossy video compression which provides necessary power-quality trade-off. The total power consumption of transmission and compression is presented in the Fig. 3. PSNR=70 dB corresponding to absolute RGB-lossless visual quality.

5 Conclusion In the paper, we have presented a way to decrease the power consumption of the video transmission over 60GHz wireless by using low complexity lossless and lossy compression. In section IV, we show that for absolutely lossless video delivery the power consumption of joint compression and transmission can be 2 times lower than that of uncompressed video transmission, for lossy compression modes the power consumption gain can be as high as 5 times. The low complexity compression schemes proposed can be used as for the remote wireless display connection as for multimedia data exchange among different handhelds, because they can provide both lossy and lossless quality. The lossy options of the schemes were considered because the primary gain of compression usually is the radio spectrum efficiency. Using the compression we always save some bandwidth. This fact will also be useful in the future when the wireless video coexistence issues will be raised. Having the adaptive video compression option enabled in 60GHz wireless chips will make possible the quality-bandwidth trade-off if the network capacity is too small for the given number of users in it. The power consumption gain is not the only advantage of the compression, it may also improve the end-to-end video delivery latency. Nevertheless the compression scheme itself consumes some time budget, but after compression the data amount to transmit becomes smaller, and the network utilization decreases. Having the multiuser network with MAC layer collision detection or scheduling, the lower is the stream size, the smaller is the end-to-end networking delay. The task for the future research is to consider the delay gains with and without compression with some 60GHz network model (PHY-MAC level).

322

A. Belogolovy et al.

References 1. WirelessHD® Consortium, http://wirelesshd.org/ 2. IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANS), Task Group 3c, Millimeter Wave Alternative PHY, http://www.ieee802.org/15/pub/TG3c.html 3. ISO/IEC JTC 1/SC 29/WG1 FCD 14495-public draft, JPEG-LS: lossless and near-lossless coding of continuous tone still images (July 16, 1997) 4. ITU-T. Recommendation H.264 and ISO/IEC 14496-10 (AVC). Advanced video coding for generic audiovisual services (2007) 5. Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley Series in Telecommunication. John Wiley & Sons, New York (1991) 6. Li, Z., Zhai, F., Katsaggelos, A.K.: Joint Video Summarization and Transmission Adaptation for Energy-Efficient Wireless Video Streaming. EURASIP Journal on Advances in Signal Processing, special issue on Wireless Video (2008) 7. He, Z., Liang, Y., Chen, L., Ahmad, I., Wu, D.: Power-rate-distortion analysis for wireless video communication under energy constraints. IEEE Transactions on Circuits and Systems for Video Technology 15, 645–658 (2005) 8. Weinberger, M.J., Seroussi, G., Sapiro, G.: The LOCO-I lossless image compression algorithm: Principles and standardization into JPEG-LS. IEEE Trans. Image Proc. Available as Hewlett-Packard Laboratories Technical Report No. HPL-98-193 (2000), http://citeseer.ist.psu.edu/weinberger00locoi.html 9. Cruz, D.S., et al.: An analytical study of JPEG 2000 functionalities. In: Proceedings of SPIE, vol. 4115 (2000) 10. ITU-T and ISO/IEC JTC 1, JPEG 2000 Image Coding System: Core Coding System, ITU-T Recommendation T.800 and ISO/IEC 15444-1, JPEG 2000 Part 1 (2000) 11. ISO/IEC 13818 (MPEG-2): Generic coding of moving pictures and associated audio information (November 1994) 12. Wu, X., Memon, N.D.: Context-based, adaptive, lossless image coding. IEEE Trans. Commun. 45(4), 437–444 (1997) 13. Malvar, H., Sullivan, G.: YCoCg-R: A Color Space with RGB Reversibility and Low Dynamic Range. Joint Video Team (JVT) of ISO/IEC MPEG & ITU-T VCEG proposal JVT-I014r3 (2003)

Link Stability-Aware Ad Hoc Routing Protocol with Multiple Sampling Rates Myungsik Yoo, Junwon Lee, Younghan Kim, and Souhwan Jung School of Electronic Engineering, Soongsil University Dongjak-Gu, Seoul, 156-743, Korea

Abstract. Due to uncertainty of existence of relay nodes (and links), the routing protocol becomes one of the key research issues in ad hoc networks. Most of existing routing protocols search the communication path based on the link stability measured with a single sampling rate. These protocols may mislead to a fragile communication path when the ad hoc network environment becomes dynamic (high node mobility and high noise power). In this paper, we propose the link stability-aware routing protocol with multiple sampling rates for ad hoc networks. The proposed routing protocol takes advantages of both low sampling rates and high sampling rates, which makes it possible to enhance the capability of estimating future behavior of wireless links. It is verified through the simulations that the proposed routing protocol can provide more stable routing path in the dynamic ad hoc network environment.

1

Introduction

Due to the fast advance in wireless communication technologies, the ubiquitous community services become feasible where one can easily access network services anywhere and anytime. Among many technologies, ad hoc networks have drawn much attention since it can be rapidly deployed with high flexibility. However, unlike in the wired networks, the communications in ad hoc networks are hindered by some inherent features such as high bit error rate of wireless links and node mobility. These impairments cause frequent link disconnection, which costs a high control overhead whenever setting up new communication path. Ad hoc routing protocol aims to establish the solid communication path in volatile ad hoc communication environment. There have been many ad hoc routing protocols proposed up to date. Among them, the ad hoc routing protocols that rely on the link stability have been actively proposed. In this routing protocols, the link stability is the most important criterion in the route selection. In the simplest form, the link stability is measured based on the reception of messages (for example, hello, route request, route reply messages) from neighboring ad hoc nodes. In other words, the wireless links that are able to deliver the messages become one of the candidate links for routing path, whereas the wireless links that are unable to deliver messages are eliminated from the routing path. AODV 1, DYMO 2, OLSR 3, DSDV 4 are in this routing protocol S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 323–333, 2009. c Springer-Verlag Berlin Heidelberg 2009 

324

M. Yoo et al.

category. However, these routing protocols cannot react against the variation of link stability caused by dynamic ad hoc environment such as high node mobility, therefore take high control overhead whenever setting up new path. To remedy the shortcoming of above routing protocols, some researchers proposed ad hoc routing protocols, which measure the link stability based on the received signal strength. This category of routing protocol include associativitybased routing (ABR) 5, signal stability-based adaptive routing (SSA) 6, route lifetime assessment based routing protocol (RABR) 7,8, link life based routing protocol (LBR) 9. In associativity-based routing (ABR), the wireless links are classified into as either the stable or the unstable based on the number of received beacons from neighboring nodes. In signal stability-based adaptive routing (SSA), each node quantifies the link quality by averaging the received signal strength. In route lifetime assessment based routing protocol (RABR), each node estimates wireless link quality based on an affinity parameter, which is obtained from signal strength and its variation. By measuring the rate of changes in signal strength, it estimates the link stability (whether two neighboring nodes are moving either towards or away). In link life based routing protocol (LBR), each node takes the samples of received signal strength and converts them into the distance factor. Based on the changes of distance between two neighboring nodes, it predicts whether two nodes are moving towards, away, or static. It is observed that the above routing protocols measure the link stability based on a single sampling rate. We find out that the use of single sampling rate limits the capability of estimating the variation of received signal strength, which will be described in detail in the next section. In this paper, we propose a new ad hoc routing protocol, which takes multiple samples of received signal strength with multiple sampling rates, and convert them into link stability. It turns out that having multiple sampling rates helps to enhance the performance of ad hoc routing protocol by more correctly estimating future behavior of wireless links. The rest of the paper is organized as follows. In Section 2, the motivation of our work is presented. The proposed routing protocol is explained in Section 3. Section 4 presents the simulation results to support the effectiveness of our proposed protocol. Finally, we conclude the paper in Section 5.

2

Motivations

Since being exposed to the inherent wireless communication impairments, the receiving node in ad hoc network is expected to receive time-varying signal strength. Under static communication environment (e.g., low noise power and low mobility), the received signal strength show a little variation, while under dynamic communication environment (e.g., high noise power and high mobility), it shows high variation. Given that ad hoc routing is related with multi-hop wireless links whose link quality varies widely due to node mobility, it is important for routing protocol to accurately estimate the stability of wireless link. The ad hoc routing protocol with a single sampling rate quantifies the link stability as follows. For a given wireless link j, the receiving nodes takes a sample

Link Stability-Aware Ad Hoc Routing Protocol

325

of received signal strength in a given sampling period (called τ ), then obtains the weighted average using following equation, avg P rjτ [t] = α × avg P rjτ [t − τ ] + (1 − α) × P rjτ [t],

(1)

where P rjτ [t] is the received signal strength measured at t, avg P rjτ [t − τ ] is the weighted moving average of received signal strength up to time t − τ , and α = 0.8. avg P rjτ [t] indicates the stability of wireless link, which is used as a routing criterion. In Eqn. (1), two factors can affect the ability to trace the original signal strength curve; α and sampling rate 1/τ . To avoid the wide fluctuation in tracing the signal strength, normally α is set to high. In this paper, we set α to 0.8. For the effect of sampling rate on tracing capability, the use of high sampling rate can trace the original curve in fine granularity, while the use of low sampling rate can trace in coarse granularity (slow tracing in the high rising and falling edges). It is observed that the use of a single sampling rate limits the capability of estimating the future behavior of wireless link. Fig. 1 and Fig. 2 show two cases of example that the use of a single sampling rate may mislead to choose the link with weak signal strength. In the examples, the routing protocol tries to select one of the wireless links A and B at specific time t. In Fig. 1, the link A has a stable signal strength higher than threshold because of low mobility, while the link B has a high peak of signal strength since the node connected to link B quickly moves in and away. For each wireless link, four curves are shown in the figure; the original signal strength curve, avg P rjτ [t] with high sampling rate (take a sample every τ ), avg P rjτ [t] with low sampling rate (take a sample every 8 τ ), and the one with multiple sampling rates. If the routing protocol uses a high sampling rate, it smoothly follows the original signal strength curves A and B due to the fine-grained trace. However,

Fig. 1. Limitation of having a single sampling rate: Case A

326

M. Yoo et al.

Fig. 2. Limitation of having a single sampling rate: Case B

when the routing protocol needs to select the wireless link at time t (when the high peak presents), it makes the mistake to choose link B instead of link A if the session needs to use the link longer than the peak duration. On the other hand, if the routing protocol uses a low sampling rate, it smoothly follows the curve A (the stable link), but it becomes slow in following the curve B due to the coarse-grained trace. Therefore, it selects the link A. From the example in Fig. 1, one can conclude that the use of high sampling rate may mislead to the wrong link when the short high peak of signal strength presents. Other example in Fig. 2 shows that two links A and B cross the signal strength since one node connected with link A moves away and the other node connected with link B moves in and stays. At time t, the routing protocol with a high sampling rate correctly selects the link B, while the one with a low sampling rate makes the mistake to choose link A instead of B due to slow tracing (at the rising and falling edges). In fact, as the sampling rate becomes lower, the crossing point appears in later time. Thus, one can conclude that when there is a crossing point in the signal strength curves, the use of low sampling rate may mislead to the wrong link. The examples in Fig. 1 and Fig. 2 support that the use of a single sampling rate has limitation on estimating the link behavior especially when the signal strength changes due to node mobility. To overcome such shortcomings, we propose a novel ad hoc routing protocol called link stability-aware routing protocol with multiple sampling rates (simply SARP-MSR). SARP-MSR takes the multiples samples of signal strength with specified multiple sampling rates. For example, let define four sampling rates 1/τ, 1/(2τ ), 1/(4τ ), 1/(8τ ) as shown in Fig. 3. Then four sampling processes independently take the samples with a given sampling rate and take the weighted average using Eqn. (1). How to deal with the multiple averages will be discussed in the next section.

Link Stability-Aware Ad Hoc Routing Protocol

327

Fig. 3. Example of multiple sampling rates

As shown in the examples in Fig. 1 and Fig. 2, the routing protocol with multiple sampling rates can choose the right link even with the presence of high peak and cross-point in signal strength. By combining the advantages of both low and high sampling rates, SARP-MSR can trace fast due to high sampling rates so that the cross-point in signal strength can be resolved, and at the same time it can reduce the effect of rising and falling edges due to low sampling rates so that the high peak in signal strength can be resolved. Thus, it can be said that the use of multiple sampling rates can enhance the estimation capability of routing protocol.

3

Stability-Aware ad Hoc Routing Protocol with Multiple Sampling Rates

The proposed routing protocol SARP-MSR aims to establish a stable communication path, which stays in service for its whole communication session. To achieve such goal, SARP-MSR protocol performs two distinct phases, namely link stability quantification phase and route acquisition phase. During the link stability quantification phase, the link stability of each wireless link is obtained using the multiple sampling rates, while during the route acquisition phase, the stable communication path is set up, in which each wireless link on the path is chosen based on the link stability. 3.1

Link Stability Quantification Phase

In the link stability quantification phase, each ad hoc node periodically measures the received signal strength and convert them into link stability. If a node has multiple interfaces (receiving links), link stability quantification phase is performed independently for each wireless link. HELLO messages that are periodically exchanged between two neighboring nodes may be used for measuring the signal strength. Let P r, 1/τ , t denote the received signal strength, sampling rate, current time, respectively. Then for each sampling interval [t − τ, t], the receiving node measures P r in dBm, which is denoted as P rτ [t]. In this paper, we set τ to 1.0 second. For a given 1/τ , one can describe a single wireless link j with the average using Eqn. (1). Now, one can define multiple sampling rates by introducing sampling factor k, where k = 0, 1, · · · , r. The sampling period becomes τ · 2k , which increases exponentially with k. τ · 2r is the longest sampling period, while τ · 20 is the

328

M. Yoo et al.

shortest sampling period. For example, when r is 3, there are four sampling periods; τ, 2τ, 4τ, 8τ . k Then, P rjτ ·2 [t] is a sample of signal strength taken at time t for a given sampling period τ · 2k . One can obtain the averages of signal strength for each k defined sampling rate by applying Eqn.(1). Then, avg P rjτ ·2 [t] is the weighted moving average of signal strength at time t for a given sampling period τ · 2k . As a result, we have (r + 1) averages obtained from each sampling rate, which need to be combined together into a single average value by applying following recursive equation where β is set to 0.5. r

Avgj0 [t] = avg P rjτ ·2 [t],

(2) (r−1)

Avgj1 [t] = β × Avgj0 [t] + (1 − β) × avg P rjτ ·2

(r−2)

Avgj2 [t] = β × Avgj1 [t] + (1 − β) × avg P rjτ ·2 .. . Avgjk [t] = β × Avgj

(k−1)

[t], [t],

0

[t] + (1 − β) × avg P rjτ ·2 [t].

In the equation, the final average value Avgjk [t] indicates the link stability for link j (LSjk [t]). Note that the short-term behaviors of wireless link (the weighted average with high sampling rate) is reflected more on the link stability. The link stability obtained for each wireless link is to be used in the route acquisition phase. 3.2

Route Acquisition Phase

In the route acquisition phase, a source node starts the route search by flooding route request (RREQ) message over ad hoc network. Meanwhile, each ad hoc node independently executes the link stability quantification phase for each wireless link while exchanging HELLO messages with neighboring nodes and obtains the link stability as explained in 3.1. Upon receiving RREQ message, the intermediate node selects the next hop wireless link based on the link stability. Among active wireless links, the link with the highest link stability at time t is chosen and others are eliminated. At the destination node, the communication path where the first arriving RREQ message took is selected, and the route reply (RREP) message is sent back to the source node. The communication path is used for the duration of requested session. If the path is disconnected before the session ends, then the route acquisition phase searches the route again globally or locally. 3.3

Extension of Link Stability with Deviation

While the average of received signal strength can be used as a good criterion for link selection, the deviation is also a good indicator that shows the degree of variation in the received signal strength. The link stability defined in 3.1 can

Link Stability-Aware Ad Hoc Routing Protocol

329

be simply extended by introducing the deviation, which can be obtained using following equation. dev P rjτ [t] = α × dev P rjτ [t − τ ] + (1 − α) × (| avg P rjτ [t] − P rjτ [t] |), (3) where P rjτ [t] and avg P rjτ [t] are the sample and average of received signal strength measured for the interval [t − τ, t] respectively, and α is set to 0.8. k Now, for the multiple sampling rates defined in 3.1, one can define dev P rjτ ·2 [t] as a weighted moving deviation from the average at time t for a given sampling period τ · 2k . Then, by applying following equation where β is set to 0.5, one can incorporate (r + 1) deviations into a single deviation value. r

Devj0 [t] = dev P rjτ ·2 [t], Devj1 [t]

=β×

Devj0 [t]

+ (1 − β) × dev

(4) (r−1) P rjτ ·2 [t], (r−2)

Devj2 [t] = β × Devj1 [t] + (1 − β) × dev P rjτ ·2 .. . Devjk [t] = β × Devj

(k−1)

[t],

0

[t] + (1 − β) × dev P rjτ ·2 [t].

Then, the link stability defined in 3.1 can be extended using following equation. LSjk [t] = Avgjk [t] − γ × Devjk [t],

(5)

where γ is a decrement constant, which is set to 1.0. According to the Eqn. (5), the wireless link with high average, but low deviation in received signal strength is given a high link stability.

4 4.1

Simulation Results Simulation Environment

To evaluate the performance of proposed SARP-MSR, we consider ad hoc network where 50 nodes are uniformly spread in 3000 × 3000m2. As the simulation begins, each mobile node is randomly moving around inside the network where the moving speed and moving direction are randomly generated according to random walk. The wireless link is modeled using two-path model 10, and only additive white Gaussian noise (AWGN) is added to the signal. The signal power tranmsitted at the source ad hoc node is assumed to be 10mW . In the performance evaluation, the routing protocol based on SARP-MSR (stability-aware routing protocol with multiple sampling rates) is compared with the one based on SSA(signal stability based adaptive routing). In particular, for SARP-MSR, it is indicated as SARP-MSR(AVG) when link stability is obtained from averages only, while it is indicated as SARP-MSR(DEV) when link stability is obtained from both averages and deviations. For a communication session that is set up between randomly selected source and destination nodes, we measure the performance of routing protocols in terms

330

M. Yoo et al.

of route lifetime. Once being set up, the route is considered as a disconnected one if one of wireless links on the path is lost. When the received signal strength is weaker than −197.83dBm, the wireless link is considered to be disconnected. The route lifetime is defined as the time span until the route is disconnected. We run multiple (100 times) simulations for different pair of source and destination, and average the performance results. The performance is evaluated for simulation parameters such as node mobility, noise power and path span (hops). Other parameters used in simulations are summarized in Table 1. Table 1. Simulation parameters Parameter Definition Network Size [m] 3000 * 3000 Number of Nodes 50 Hello Message Interval τ [sec] 1.0 Node Mobility [Km/h] 10 - 40 Node Moving Direction [degree] 0 - 360 SNR Range [dB] 5 - 14 Shortest distance 4-7 between S and D [Hop] Weighted Factor α 0.8 Weighted Factor β 0.5 Decrement Constant γ 1.0

4.2

Simulation Results

The route lifetime under different mobility conditions is compared in Fig. 4. We set average SNR to 11 dB and path span to 5 hops. As ad hoc nodes move faster

Fig. 4. Effect of mobility on route lifetime

Link Stability-Aware Ad Hoc Routing Protocol

331

Fig. 5. Effect of SNR on route lifetime

Fig. 6. Effect of path span on route lifetime

in random direction, more and more communication links show high variation in received signal strength. Consequently, some of links suffer from high possibility of disconnection. The figure shows that the routing path selected by SARP-MSR stays alive longer than the one selected by SSA. The gain of SARP-MSR(AVG) over SSA is achieved by the use of multiple sampling rate. In addition, the gain of SARPMSR(DEV) over SARP-MSR(AVG) is achieved by extending link stability with deviation. From the figure, it can be concluded that SARP-MSR performs better under various node mobility conditions. The route lifetime under different SNR conditions is compared in Fig. 5. We set average node mobility to 30 Km/h and path span to 5 hops. It is obvious that SNR has significant impact on the received signal strength (wireless link quality). The figure shows that SARP-MSR outperforms SSA under various SNR conditions.

332

M. Yoo et al.

The route lifetime under different path span (in hop) between source and destination is compared in Fig. 6. We set average node mobility to 30 Km/h and average SNR to 11 dB. The longer the communication path, the higher the possibility to experience link disconnection. The figure supports that SARPMSR can survive longer path span better than SSA.

5

Conclusion

Finding a stable communication path is one of the most challenging problems in ad hoc network. To overcome the shortcomings of ad hoc routing protocols with a single sampling rate, we propose the enhanced routing protocol with multiple sampling rates. SARP-MSR can more accurately estimate future behavior of wireless link due to following factors; – SARP-MSR can trace fast when the signal strength is stable because of fast sampling rates. – SARP-MSR can reduce the high rising and falling edges when the signal strength varies widely because of low sampling rates. – SARP-MSR can be simply enhanced by introducing deviations. From the simulations, it is shown that the proposed SARP-MSR performs better than the one with a single sampling rate under various communication environments. Thus, it can be concluded that our proposed routing protocol can provide more stable communication path under dynamic ad hoc network environment.

Acknowledgement This work was financially supported by Seoul R&D Program (No. 10544).

References Perkins, C.E., Royer, E.M.: Ad Hoc On-Demand Distance Vector (AODV) Routing. In: Proceedings of IEEE Workshop on Mobile Computing Systems and Applications, February 1999, pp. 90–100 (1999) Chakeres, I., Perkins, C.: Dynamic MANET On-demand (DYMO) Routing: draft-ietfmanet-dymo-04. IETF MANET Working Group (March 2006) Clausen, T.H., Hansen, G., Christensen, L., Behrmann, G.: The Optimized Link State Routing (OLSR) Protocol, Evaluation Through Experiments and Simulation. In: Proceedings of IEEE Symposium on Wireless Personal Mobile Communications (September 2001) Perkins, C.E., Bhagwat, P.: Highly Dynamic Destination-Sequenced Distance-Vector (DSDV) Routing for Mobile Computers. In: Proceedings of ACM SIGCOMM, pp. 234–244 (August 1994) Toh, C.K.: Associativity-Based Routing (ABR) for Ad Hoc Mobile Networks. Wireless Personal Communications 4(2), 1–36 (1997)

Link Stability-Aware Ad Hoc Routing Protocol

333

Dube, R., Rais, C.D., Wang, K.Y., Tripathi, S.K.: Signal Stability-Based Adaptive (SSA) Routing for Ad Hoc Mobile Networks. In: IEEE Personal Communications Magazine, pp. 36–45 (February 1997) Agarwal, S., Ahuja, A., Singh, J.P., Shorey, R.: Route-Life Time Assessment Based Routing (RABR) Protocol for Mobile Ad-Hoc Networks. In: Proceedings of IEEE International Conference on Communications, June 2000, vol. 3, pp. 1697–1701 (2000) Paul, K., Bandopadhyay, S., Mukherjee, A., Sara, D.: Communication Aware Mobile Hosts in Ad-Hoc Wireless Network. In: Proceedings of IEEE International Conference on Personal Wireless Communications, Jaipur, India (February 1999) Manoj, B., Ananthapadmanabha, R., Murthy, C.: Link Life Based Routing (LBR) Protocol for Ad Hoc Wireless Networks. In: Proceedings of IEEE Computer Communications and Networks, October 2001, pp. 573–576 (2001) Murthy, C., Manoj, B.: Ad Hoc Wireless Networks: Architectures and Protocols, p. 8. Prentice Hall, Englewood Cliffs (2004)

A Quality of Service Based Mobility Management in Heterogenous Wireless Networks Tara A. Yahiya and Hakima Chaouchi Telecom and Management SudParis, UMR CNRS 5157 9 rue C. Fourier, 91011 Evry CEDEX, France {tara.yahiya,hakima.chaouchi}@it-sudparis.eu

Abstract. Rapid progress in the research and development of wireless networking and communication technologies has created different types of wireless communication systems. Nevertheless, the integration of heterogeneous networks poses many challenges especially the problem of handover decision as resolving it influences mainly on the handover performance. In this paper, we introduce a handover decision algorithm based on Neyman-Pearson method and then we combine with Fast Mobile IPv6 protocol for mobility management. This combination enables an optimized and a seamless handover. In order to study the performance of our method, we choose to study two emerging technologies: WiFi based on IEEE 802.11e and Mobile WiMAX based on IEEE 802.16e standard. Numerical investigations illustrate that our proposed method enables a handover optimization in terms of (i) guaranteeing the quality of service parameters for different type of ongoing sessions during the handover, (ii) reducing handover latency and (iii) minimizing ping-pong effects. Keywords: Handover, Mobile WiMAX, WiFi, Neyman-Pearson.

1

Introduction

The next generation network will be seen as a new initiative to bring together all heterogeneous wireless and wired systems under the same framework, to provide connectivity anytime and anywhere using any available technology. Network convergence is therefore regarded as the next major challenge in the evolution of telecommunications technologies and the integration of computer and communications. One of the important points in this context is the development of mechanisms that are able to support transparent service continuity across different integrated networks through the use of appropriate interworking architecture, handover decision algorithms, context adaptation strategies, etc. The reason is that wireless networks differ in their key functionalities like quality of service (QoS) support and service differentiation, access control, or signalling for authentication, authorization and accounting (AAA), etc. In fact, integrating different types of mobile and wireless networks is not a new aspect, it has been evolved by introducing new technologies either by 3G or IEEE work group. There is a significant amount of work for integrating different types of S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 334–345, 2009. c Springer-Verlag Berlin Heidelberg 2009 

A Quality of Service Based Mobility Management

335

networks involving technologies such as GSM, GPRS, UMTS, or WiFi. In order for these systems to interoperate, interworking architectures are designed and address different levels of integration. Typically, two types of interworking architecture are proposed: (1) loosely and (2) tightly coupled integration models [1]. In a heterogeneous environment, mobile terminals can move between different access networks. They will benefit from different network characteristics (coverage, bandwidth, latency, power consumption, cost, etc.) that can not be compared directly. Thus, the more challenging problem is the handover decision and resolving it can influence the handover performance. It is referred to vertical handover decision which needs more criteria (not only Received Signal Strength Indication RSSI) compared to horizontal handover. We distinguish five categories: cost or utility functions [2], user-centric [3], fuzzy logic and neural network-based [4], multicriteria and context-aware strategies [5], [10]. In this paper, we introduce an architecture of interworking based on looscoupling method for the integration of heterogenous wireless network. However, in order to study the performance of our architecture, we selected to integrate two emerging technologies as a case study: Mobile WiMAX and WiFi networks. We used a cross-layer design for mobility management based on FMIPV6 combined with a new handover decision based on Neyman-Pearson lemma to optimize and achieve a seamless handover [14]. Therefore, the article is organized as follows: section 2 introduces our proposed system design including, the interworking architecture, the handover decision. Section 3 and 4 present our simulation results and conclude the paper.

2

Proposed System Design

During the last years, IEEE 802.11 Wireless Local Area Networks have been deployed widely and 802.11 access points (APs) can cover areas of a few thousand square meters, making them suitable for enterprise networks and public hot spot scenarios such as airports and hotels. Recently, Wireless Metropolitan Area Networks (WMAN) using IEEE802.16e standard received much attention because of the high data rate support, the intrinsic QoS and mobility capabilities and the much wider area of coverage that enables ubiquitous connectivity. An interworking between those two networks has been considered as a viable option towards realizing the 4G scenario. In this section, we describe our proposed system design which includes first an interworking architecture between both WiFi for WLAN and Mobile WiMAX for WMAN. Our interworking architecture can be applied to different technologies, however, we will study the integration of two different technologies as a case study: mobile WiMAX based on IEEE 802.16e and the WiFi based on IEEE 802.11e. 2.1

Interworking Architecture

The general WiFi/Mobile WiMAX interworking environment we consider is illustrated in figure 1. We adopt the interworking architecture based on loose

336

T.A. Yahiya and H. Chaouchi

coupling, which is compliant with the proposals in [6]. The necessary changes in both WiFi and Mobile WiMAX systems are rather limited as it will integrate both systems at the IP layer and relies on the IP protocol to handle mobility between access networks. The main characteristic of this architecture is to assume two overlapped cells of a Mobile WiMAX and a WiFi, where both cells are served by a Base Station (BS) and an Access Point (AP) respectively. We assume that the AP is connected to the WiFi access network which can have a dedicated gateway to the Mobile WiMAX and traffic from Mobile WiMAX to WiFi or vice versa will be routed through this gateway. The mobile terminal has dual interfaces: WiMAX and WiFi. As shown in figure 1, the Mobile WiMAX supports access to a variety of IP multimedia services via WiMAX radio access technologies which is called Access Service network (ASN) [13]. The ASN is owned by a Network Access Provider (NAP) and comprises one or more BS and one or more ASN gateways (ASNGW) that form the radio access network. Access control and traffic routing for Mobile Stations (MSs) in Mobile WiMAX is entirely handled by the Connectivity Service Network (CSN), which is owned by a Network Service Provider (NSP), and provides IP connectivity and all the IP core network functions. The WiFi access network may be owned either by the NAP or by any other part ( e.g., public WiFi operator, or an airport authority), in which case the interworking is enabled and governed by appropriate business and roaming agreement. For enabling the interworking of WiFi/Mobile WiMAX, the Mobile WiMAX CSN core network incorporates three new functional elements: the Mobile WiMAX AAA server, the CSN-GW, the WiFi access gateway (WAG) and the Packet Data Gateway (PDG). The WiFi must also support similar interworking

Fig. 1. A Loosely-coupled Mobile WiMAX-WiFi Interworking Architecture

A Quality of Service Based Mobility Management

337

functionality to meet the access control and routing enforcement requirements. The Mobile WiMAX AAA server in the Mobile WiMAX domain terminates all AAA signalling originated in the WiFi that pertains to Handed over MS. This signalling is typically based on Radius [7] or Diameter [8]. The Mobile WiMAX AAA server interfaces with other Mobile WiMAX components, such as the WAG and PDG. The Mobile WiMAX AAA server can also route AAA signalling to/from another Mobile WiMAX AAA server, in which case it serves as a proxy and is referred to as Mobile WiMAX AAA proxy. To support mobility, the Foreign Agents (FA) is located in ASN Gateway are considered as the local FAs in the interworking architecture. However, for enabling vertical handover, a Mobile IP Home Agent (HA) has been added to the architecture. While the HA may be local by either network, it must be accessible by both networks. As shown in figure 1, traffic from Handed over MS is routed to the WAG and finally to the PDG . This routing is enforced by establishing appropriate traffic tunnels after a successful access control procedure. The PDG function much like a CSN-GW in Mobile WiMAX domain. It routes the user data traffic between the Handed over MS and an external packet data network (in our case, the IP multimedia network), and serves as an anchor point that hides the mobility of the WLAN stations within the WiFi domain. The WAG functions mainly as a route policy element, ensuring that user data traffic from authorized Handed over MS is routed to the appropriate PDGs, located in either the same or a foreign Mobile WiMAX. 2.2

Handover Decision Based Neyman-Pearson Lemma

Handover decision criteria assist the determination of which access network should be chosen. Traditionally, handoff occurs when there is a deterioration of signal strength received at the mobile terminal from the Access Point/Base Station in WiFi and mobile WiMAX respectively. However, in vertical handoff between WiFi and mobile WiMAX, there is no comparable signal strength available to aid the decision as in horizontal handoff because the received signal strength sample from WiFi and mobile WiMAX are heterogeneous quantities that can not be compared directly. Thus, additional criteria should be evaluated such as monetary cost, offered services, network conditions, terminal capabilities (velocity, battery power, location information, QoS) and user preferences. It is worthy to mention that the combination of all these criteria and the dynamistic of some of them will increase significantly the complexity of the vertical handover decision process. Therefore, we propose a simple method that combines all these criteria in a lemma called Neyman-Pearson [14]. In order for a mobile terminal to decide which network to handover, it has to gain information about all the networks in the neighborhood. We suppose that the mobile terminal is supporting Media Independent Handover (MIH) which collects the information elements (IE) based on IEEE 802.21 or any other mechanism of information gathering. Accordingly, the mobile terminal will have a vision of the expected network or the target network for handing over. In order to model this scenario, we suppose that the mobile terminal has a matrix of

338

T.A. Yahiya and H. Chaouchi

the gathered information such that each rows represent the networks and the columns represent the IEs. Thus, the matrix can be constructed as: ⎡ ⎤ IE1 lE2 · lEn ⎢ Net1 a1 a2 · an ⎥ ⎢ ⎥ ⎢ Net2 b1 b2 · bn ⎥ ⎢ ⎥ ⎢ Net3 c1 c2 · cn ⎥ ⎢ ⎥ ⎣ · · · · · ⎦ Netm z1 z2 · zm,n By using the lemma of Neyman-Pearson, we perform a hypothesis test between two point hypotheses H0 : θ = θ0 and H1 : θ = θ1 . Thus, the likelihood-ratio test which rejects H0 in favor of H1 is Λ(x) =

L(θ0 |x) ≤ η where P (Λ(X) ≤ η|H0 ) = α L(θ1 |x)

(1)

is the most powerful test of size α for a threshold η. In our case, the hypothesis H0 is representing one IE of the target network, and the H1 hypothesis is representing the IE of the neighboring networks. We will perform the likelihood ratio between the target network and all the neighboring networks in order to determine the network that is the most approaching to the target network. In order to determine the likelihood ratio among all neighboring networks for the same IEs, let us consider these IEs as a random sample of X1 , ..., Xn from the N (μ, σ 2 ) distribution where the mean μ is known, and want to test for H0 : θ = θ0 against H1 : θ = θ1 . The likelihood for this set of normally distributed data is

 n 2  2  2 −n/2 i=1 (xi − μ) L σ ;x ∝ σ exp − (2) 2σ 2 We can compute the likelihood ratio to find the key statistic in this test and its effect on the test’s outcome:  L σ12 ; x Λ(x) = = L (σ02 ; x)



2 −n/2 n  σ1 1 −2 2 −2 exp − (σ1 − σ0 ) (xi − μ) (3) σ02 2 i=1 n 2 This ratio only depends on the data through i=1 (xi − μ) . Therefore, by the Neyman-Pearson lemma, the most n powerful 2test of this type of hypothesis for this data will depend only on i=1 (xi − μ) . Also, by inspection, we can see n 2 that if σ12 > σ02 , then Λ(x) is an increasing function of i=1 (xi − μ) . So we n 2 should reject H0 if i=1 (xi − μ) is sufficiently large. Since the mobile terminal has to compare the target hypothesis with the alternative hypothesis, it may have several values for the same IE of the different networks. This will be decided by the use of the utility function suggested by [9].

A Quality of Service Based Mobility Management

339

In order to investigate the performance of our decision algorithm, we combine it with the Fast Mobile IPv6 (FMIPV6) protocol of mobility management [15]. The rational behind this selection is that the FMIPV6 is using methods of triggering handover before the connection is lost (make-before-break).This means that there is a kind of cross-layer design that enable the occurrence of handover in the right time.

3

Performance Evaluation

In order to investigate the performance of our handover decision, we use OPNET simulator combined with Matlab tool and Traffic Analyzer utility for considering many scenarios that can be derived from real-life. Due to the limited space of the article, we considered only the scenarios where the MSs are handing over from Mobile WiMAX to WiFi networks, leaving the inverse case for future works. 3.1

Scenario 1

In the first scenario, we consider a WiFi cell which is overlapped with 10 different cells of mobile WiMAX and WiFi networks. A mobile terminal within this cell hands over either from WiFi to WiFi networks or WiFi to Mobile WiMAX according to the decision method based on Neyman-Pearson lemma. The rational behind this scenario is to study the effect of ping-pong rate when deciding handover based on our method. 3.2

Scenario 2

In the second scenario, we consider that there is only one AP, which provides access services to two class of users: WiFi data users and handed over MSs (HMSs). All HMSs are considered statistically identical, and the same holds true for WiFi data users. Differentiation between these user classes and enforcement of corresponding policies is typically enabled by employing several service set identifiers (SSIDs). For example, regular WiFi data users may associate with the SSID periodically broadcast by the AP, whereas HMSs may associate with another SSID that is also configured in the AP, but not broadcasted. In this case, the WiFi can apply distinct access control and routing policies for the two user classes and forward the traffic of WiFi data users, say, to the Internet and the traffic of HMSs to the Mobile WiMAX CSN. We assume that the transmission rate of HMS stations is 384 kbps and that no transmission errors occur (the channel is ideal). Each HMS has an ongoing non real-time data session of Hypertext Transfer Protocol (HTTP), i.e., a MS is downloading web pages. Note that, since it is hard to keep the same QoS metrics and the class for all type of applications when switching between these two different networks, therefore mapping between service flows and access categories must be performed. We choose to map http application to best effort access category (IEEE 802.11e AC) and non real-time Polling service flow (IEEE 802.16e nrtPS) since both classes have the same QoS parameters.

340

3.3

T.A. Yahiya and H. Chaouchi

Scenario 3

We re-use scenario 2 with another different non real-time data session of File Transfer Protocol (FTP) that trying to upload a file size of 64 kbps with an exponential inter request time of 360 second. The reason behind choosing the FTP is that it is a non real-time application that is sensitive to the handover delay especially when uploading a file, as the response time with the FTP server is one of the most important QoS parameter that should be taken into account. Again, we map http application to best effort in IEEE 802.11e AC and nrtPS in IEEE 802.16e, however, we are giving the FTP application higher priority than HTTP applications. 3.4

Simulation Results

Our primary consideration for studying the performance of the handover decision algorithm, is to study the ping-pong effect in scenario 1. We can define the rate of ping-pong handover as the number of ping-pong handovers per total handover executions. Nping−pong HO Pping−pong HO = (4) NHO In above equation, NHO and Nping−pong HO are the numbers of handover executions and ping-pong handovers respectively. Figure 2 shows the ping-pong rate of our algorithm regarding well-known decision algorithms in the literature: The cost function [2] and the fuzzy logic method [4]. Our algorithm has lower probability of ping-pong effect comparing to other methods especially when the

Fig. 2. The rate of ping-pong handover

A Quality of Service Based Mobility Management

341

Fig. 3. HTTP traffic received during handover

number of handover executions is increasing. The reason behind this, is the augmenting number of IEs that are included in the decision, followed by the fuzzy logic which has less probability of ping-pong rate comparing to the cost function. This is due to the instability nature of the cost function regarding the fuzzy logic which is using predetermined rules rather than assigning weights to the differen IEs of the different networks. Next, we study the effect of the handover on the HTTP traffic, i.e, the traffic received during the handover (figure 3). Considering that a MS is handing over from Mobile WiMAX to a WiFi network with an ongoing HTTP session, i.e, the MS is downloading web pages from the HTTP server during the handover. We quantify the traffic received in the procedure of handover. The traffic received determines the average bytes per second forwarded to the HTTP application by the transport layer in the MS. Note that the traffic received or the downlink traffic is stable before and after handover but it experiences more interruptions during the handover due to Layer 3 handover delays in addition to the Layer 2 handover delays. However, this interruption is considerable for a very short period that does not violate this parameter of QoS. Next, we consider the response time parameter for downloading web pages from the HTTP server. The response time is one of the main parameter of QoS related to HTTP applications. It specifies the time required to retrieve the entire page with all the contained inline objects. In figure 4, the upload response time for the HTTP traffic is taking different random variable during the handover. Note that in the normal case, the response time is about 10 second for uploading the page web, however due to the delay of handover, the response time increases and takes different values. However, even when the response time is increasing, this has a low effect on the user wait time. For the second scenario, we consider once more the traffic sent and received for the FTP application. Again, the traffic received is the average bytes per second forwarded to the FTP application by the transport layer in the MS. While the

342

T.A. Yahiya and H. Chaouchi

Fig. 4. HTTP upload response time during handover

Fig. 5. FTP upload traffic during the handover

traffic sent is the average bytes per second forwarded to the FTP application by the transport layer in the MS. Figure 5 shows that the traffic received is less than the traffic sent for the FTP traffic due to the delay of handover, as it is a normal behavior due to the TCP mechanism of retransmission. As a conclusion for the last figures, we obtain the packet loss rate (PLR) for both HTTP and FTP traffic and we conclude the PLR is almost all negligible since the rate of loss is very minor (figure 6). However, the PLR in the case of HTTP is less than its corresponding of FTP since the response time of the FTP

A Quality of Service Based Mobility Management

343

Fig. 6. Packet Loss Rate for HTTP and FTP Traffics

Fig. 7. TCP Retransmission Count for HTTP and FTP connections

is higher due to the file size that the MS is uploading, as well as the HTTP has higher priority than FTP traffic. Figure 7 shows the number of TCP retransmissions for the connection. The written data is retransmitted from the TCP unacknowledged buffer. The number of retransmission is low before and after the handover. While it starts to increase during the handover especially for FTP connection regarding HTTP connection. The increasing number of retransmission is due to the physical layer disconnection and the increase of packet error rate.

344

4

T.A. Yahiya and H. Chaouchi

Conclusion

In this paper, we proposed an architecture of networking between WiFi and Mobile WiMAX networks. This architecture is based on IP protocol for mobility management. Then, we proposed an optimized handover decision algorithm based on Neyman-Pearson method for minimizing the effect of ping-pong compared with well known decision algorithms in the literature. According to this algorithms, we studied the delay experienced by the mobile users when handing over from mobile WiMAX to WiFi network. Neyman-Pearson method is combined with predictive triggers issued by Fast Mobile IPv6 protocol in order to enable an optimized and a very seamless handover. We conducted extensive simulations for comparing the performance of our algorithm in terms of ping-pong rate, handover latency, quality of service parameters for two different types of non real-time applications. Numerical results showed that the proposed algorithm combined with cross-layer design for handover optimization, enables a seamless handover, a very low handover latency, as well as an assurance of the QoS in terms of response time for HTTP and FTP traffics. As future work, we will study the effect of Host Identity Protocol (HIP) on the process of handover combined with our decision algorithm.

Acknowledgment This research is fully funded by ANR SUN (Situated Ubiquitous Networks) Project.

References 1. McNair, J., Zhu, F.: Vertical Handoffs in Fourth-Generation Multinetwork Environments. IEEE Wireless Communications 11(3), 8–15 (2004) 2. Wang, H., Katz, R., Giese, J.: Policy-enabled Handoffs across Heterogeneous Wireless Networks. In: Proceedings of Second IEEE Workshop on Mobile Computing Systems and Applications, WMCSA 1999, pp. 51–60 (1999) 3. Calvagna, A., Di Modica, G.: A User-Centric Analysis of Vertical Handovers. In: Proceedings of the 2nd ACM International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots, pp. 137–146 (2004) 4. Makela, J., Ylianttila, M., Pahlavan, K.: Handoff Decision in Multi-service Networks. In: The 11th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC 2000, pp. 655–659 (2000) 5. Ribeiro, R.: Fuzzy Multiple Attribute Decision Making: A Review and New Preference Elicitation Techniques. Fuzzy Sets and Systems 7, 155–181 (1996) 6. Akyildiz, I., Xie, J., Mohanty, S.: A survey of mobility management in nextgeneration all-IP-based wireless systems. IEEE Wireless Communications 11(4), 16–28 (2004) 7. C.R., et al.: Remote Authentication Dial in User Services (RADIUS), Interent Engineering Task force RFC 2138 (September 2003) 8. P.C., et al.: Diameter base protocol, Interent Engineering Task force RFC 3588 (September 2003)

A Quality of Service Based Mobility Management

345

9. Wang, H., Katz, R., Giese, J.: Policy-enabled handoffs across heterogeneous wireless networks. In: Proceedings of the 2nd IEEE Workshop on Mobile Computing Systems and Applications (WMCSA 1999), New Orleans, USA, February 1999, pp. 51–60 (1999) 10. Chan, P.M.L., Sheriff, R.E., Hu, Y.F., Conforto, P., Tocci, C.: Mobility management incorporating fuzzy logic for a heterogeneous IP environment. IEEE Communications Magazine 39(12), 42–51 (2001) 11. Ahmed, T., Kyamakya, K., Ludwig, M.: A context-aware vertical handover decision algorithm for multimode mobile terminals and its performance. In: Proceedings of IEEE/ACM Euro American Conference on Telematics and Information Systems (EATIS 2006), Santa Marta, Colombia, February 2006, pp. 19–28 (2006) 12. IEEE Std 802.16e: IEEE Standard for local and metropolitan area networks Part 16: Air Interface for Fixed and Mobile Broadband Wireless Access Systems (February 2006) 13. Andrews, J.G., Ghosh, A., Muhamed, R.: Fundamentals of WiMAX Understanding Broadband Wireless Networking. Pearson Education, Inc., London (2007) 14. Neyman, J., Pearson, E.: Joint statistical papers. Hodder Arnold (January 1967) 15. Han, J.C.B.P.Y., Jang, H., McNair, J.: A cross-layering design for ipv6 fast handover support in an ieee 802.16e wireless man. IEEE Network 21(6), 54–62 (2007)

A Novel Cooperative Relaying Scheme for Next Generation Wireless Networks Hong Zhou Faculty of Engineering, Osaka Institute of Technology, 5-16-1, Asahi-ku, Ohmiya, Osaka, 535-8585, Japan [email protected]

Abstract. In this paper, we propose a novel cooperative relaying scheme for next generation wireless networks mainly employing time switched transmitting diversity and bidirectional communication technologies. All possible realizations of the proposed scheme are comprehensively investigated. Computer simulation confirms the effectiveness of the proposed scheme, and that one realization using code combining method has better transmission quality and efficiency than the conventional STBC based relaying scheme. Keywords: cooperative relaying, bidirectional communication, MRC diversity, Code combining, STBC.

1 Introduction Cooperative communication[1] has recently attracted much interests in implementation of next generation wireless networks with limited resources such as energy, bandwidth, size and number of antenna of terminals, Many proposed cooperative communication systems employ cooperative relaying scheme using Alamouti’s space time block code (STBC)[2]. A basic transmission unit of STBC based cooperative relaying scheme is shown in Fig.1. If each wireless terminal has only one antenna and operates at half-duplex mode, and if there is not direct communication path between source terminal S and destination terminal D, transmission of information signal from S to D via cooperative relaying terminals Ri (i=1,2) consists of two phases. In the 1st phase, S broadcasts the information signal to all Ri. In the 2nd phase, after carrying out STBC decoding among Ri, cooperative terminals transmit the information signals to D. Transmitting diversity gain is obtained by STBC decoding at D, and high communication quality can be attained compared with the direct communication between S and D under the same communication channel conditions. However, there still exist some technical problems in such relaying schemes as follows. z

Since the scheme can only use coherent detection and maximum ratio combining (MRC) diversity reception, it becomes the big restrictions on the design and realization of wireless systems and terminals. Moreover, it is necessary to estimate the communication channel states timely and correctly for carrying out coherent detection and STBC decoding. Imperfect estimation of channel states brings about big

S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 346–357, 2009. © Springer-Verlag Berlin Heidelberg 2009

A Novel Cooperative Relaying Scheme for Next Generation Wireless Networks

z

347

degradation in transmission quality. On the other hand, the pilot signals inserted in transmitting information signals for estimating channel states cause decline in transmission efficiency. Moreover, large number of real arithmetic operations and sophisticated special circuits are required for estimation, compensation and STBC decoding, all bring about increase of system complexity and power consumption. Because the transmission errors occurring at the 1st phase of the scheme can not be covered by STBC transmission in the 2nd phase, causing great degradation in whole transmission performance, a kind of ARQ (Automatic Repeat reQuest) transmission is necessary in the 1st phase to eliminate the transmission errors. However, retransmissions in ARQ operation decrease the transmission efficiency. Moreover, retransmission scheme is not suitable for real time communication like voice, movie, etc. Retransmission also makes communication control protocol complicated. 㪩㪈 㪪㪫㪙㪚

㪞 D

㪪

㪉㫊㫋㩷㩷㫇㪿㪸㫊㪼

㪈㫊㫋㩷㩷㫇㪿㪸㫊㪼 㪩㪉

Fig. 1. Basic transmission unit of STBC based cooperative relaying scheme

In order to solve the abovementioned technical problems, we propose a novel cooperative relaying scheme based on bidirectional communication[3] and time switched transmission diversity (TSTD) technologies. The proposed scheme uses the combination of many technologies described as follows. z

z

The proposed scheme utilizes TSTD which is a kind of time division multiplex (TDM) transmission diversity, rather than STBC, to do orthogonal transmission among cooperative terminals. This makes it possible to use not only coherent detection, MRC diversity but also various other kinds of demodulation and diversity schemes, giving great flexibility in design and realization of communications systems and wireless terminals. Taking advantage of TSTD, the proposed scheme can adopt differential detection[4], instead of coherent detection, for demodulation. Since differential detection does not need estimation of channel information, all relative problems, such as degradation in transmission performance due to imperfect estimation of channels, decline in transmission efficiency by introduction of the pilot signals, increasing in system complexity and power consummation by introducing additional circuits for estimation and compensation, can be all solved.

348 z

z

H. Zhou

However, the frequency efficiency of TSTD based relaying scheme is a half of that of conventional STBC based scheme. To solve this problem, taking advantage of the feature of two-way communications which exist in most wireless networks, we propose a novel bidirectional cooperative relaying scheme[3]. In a STBC based relaying system like Fig.1, information data transmitted from D to S can be sent out only after D received the data from S. The proposed bidirectional cooperative relaying scheme can send out information data from S and D simultaneously, achieving the same frequency efficiency as STBC based relaying scheme. Taking advantage of TSTD again, the proposed scheme can utilize code combining (CC), rather than MRC, for combining diversity branches. CC takes full advantage of diversity transmission and error control coding technologies, improves transmission quality by increasing the error correcting capability of the transmission system. Therefore, unlike MRC, it is effective not only in flat fading, but also in all transmission quality degradation factors. When applied to cooperative relaying, since CC diversity reception performed at the 2nd phase can also correct the transmission errors generated in the 1st phase, relatively high transmission quality can be achieved even without retransmission at the 1st phase.

2 System Model of the Proposed Scheme The system model of proposed scheme is shown in Fig.2 and Fig.3, respectively for the 1st and 2nd transmission phase. Terminal S1 wants to transmit a message to terminal S2 and vice versa. It is assumed that there are two cooperative terminals R1 and R2. It is also assumed that the communication routes as well as synchronization among all wireless terminals have already been established. At the 1st phase, S1 broadcasts a symbol A which is sent for S2, to R1 and R2 using the first half of one symbol interval T. At the same time, S2 broadcasts B sent for S1 to R1 and R2, using the second half of T. Each cooperative terminal Ri receives the symbols A and B in TDM manner, processes them and then generates a combination signal A + B , using a method described in next section. At the 2nd phase, R1 and R2 broadcast their combination signals A + B to S1 and S2, respectively using the first and second half of T. Then, S1 (S2) receives two combination signals A + B respectively from R1 and R2 in TSTD manner. Since S1 (S2) knows its own transmitted symbol A ( B ), it can subtract this back-propagating selfinterference from received A + B , getting the symbol B ( A ) sent for it. After diversity branch combining, S1 (S2) recovers information message with increased reliability. The methods of generating combination signals and subtracting self-interference used in the proposed scheme depend on modulation, detection and diversity combining schemes. In next sections, various realizations of the proposed method are described taking into account various combinations of detection and diversity combining schemes. Equivalent complex baseband notation is used and AWGN is not taken into consideration in the explanation. As for modulation scheme, we consider only Phase Shift Keying (PSK).

A Novel Cooperative Relaying Scheme for Next Generation Wireless Networks

A 0

A

0

B T

R1

0

h11

h21

h12

h22

A

B

0

S2

T

A 0

B T

T

S1

349

B

R2 T

T

0

Fig. 2. System model of the proposed scheme (the 1st phase) A + B

0

T R1

A

A

+

+

B

B

0

+

A +

B

B

A

h21

h11

0

T S1

T S2

h12

h22

A + B

0

T R2

Fig. 3. System model of the proposed scheme (the 2nd phase)

2.1 The Proposed Scheme Using Coherent Detection and MRC Diversity First, we give a realization of the proposed scheme (called scheme 1 hereafter) using coherent detection and MRC diversity reception. As like STBC based relaying scheme, all complex channel gains hij(i,j=1,2) must have been estimated in this case. Scheme 1 can be further classified into three kinds of realization schemes according to the methods of generating combination signal and subtracting self-interference. Scheme 1-1 In the 1st phase, S1 and S2 respectively broadcast PSK modulated symbols A = e jα and B = e jβ to R1 and R2 using the method described above. The cooperative terminal, say R1, receives two flat-fading suffered signals h11e jα and h21e jβ , then performs fading compensation and coherent detection using estimated complex channel gains h11 and h21 , restoring digital information data. Using the digital data, R1 carries out PSK

350

H. Zhou

modulation again and regenerates symbol A = e jα and B = e jβ . Finally, the combination signal A + B is made according to (1). R2 performs similar processing.

A + B = e jα ⋅ e jβ = e j (α + β )

(1)

At the 2nd phase, R1 and R2 respectively broadcast their combination signals to S1 and S2 using the method described above. Receiving terminal, say S2 receives flatfading suffered signals h21e j(α+β ) and h22e j (α +β ) from R1 and R2 respectively in TSTD manner. Here, fading is assumed slow enough that channel state does not change during the 1st and 2nd phases. Because S2 knows self-interference signal B = e jβ and the channel states h21, h22 , it processes fading compensation and self-inference subtraction according to (2) and (3), getting desired signal A = e jα . Finally, S2 performs MRC diversity reception according to (4). h21e j (α + β ) × (h21 ) * × (e jβ ) * =|h 21 | 2 e jα

(2)

h22e j (α +β ) × (h22 )* × (e jβ )* =|h 22 |2 e jα

(3)

|h 21 | 2 e jα + | h22 | 2 e jα = (| h21 | 2 + | h22 | 2 )e jα

(4)

Terminal S1 performs similar processing. Scheme 1-2 In the 1st phase, almost all processing are the same as those of scheme 1-1, except that the combination signal is generated by (5).

A + B = e jα + e jβ

(5)

In the 2nd phase, almost all processing are the same as those of scheme 1-1, except that fading compensation and self-inference subtraction are carried out by (6) and (7) for S2. [h21 (e jα + e jβ ) − h21 (e jβ )] × (h21 )* =|h 21 | 2 e jα

(6)

[h22 (e jα + e jβ ) − h22 (e jβ )] × (h22 )* =|h 22 |2 e jα

(7)

S1 performs similar processing. Scheme 1-3 Almost all operations in the phase 1 and 2 are the same as those of scheme 1-1 except the method of regenerating symbols A = e jα and B = e jβ at cooperative terminals Ri. Here, digital information data are not restored from received signals. Ri just performs fading compensation processing using known hij, and regenerate A and B in a kind of soft decision manner: hij A × (hij )* = A , and hij B × (hij )* = B . Since scheme 1 uses the same methods of detection and diversity combining, it is expected that scheme 1 achieves the similar transmission performance, at the same time, faces the same technologies problems with STBC based scheme. However, since it is not necessary for cooperative terminals to do encoding cooperatively

A Novel Cooperative Relaying Scheme for Next Generation Wireless Networks

351

each other and receiving processing can be performed symbol-by-symbol at the 2nd phase, scheme 1 is in general more flexible than STBC based scheme in design and implementation of systems and wireless terminals. 2.2 The Proposed Scheme Using Differential Detection and MRC Diversity

Next, we propose second realization of the proposed scheme (called scheme 2 hereafter) using differential detection and MRC diversity reception. Here, modulation method is assumed differentially coded PSK (DPSK). The greatest merit of this scheme is that it is unnecessary to estimate channel information hij(i,j=1,2). Like scheme1, scheme 2 can also be further classified into three kinds of schemes. Scheme 2-1 In the 1st phase, all processing are the same as those of scheme 1-1 except that DPSK and differential detection are used. In the 2nd phase, using known self- interference e jΔβ n , S2 performs fading compensation and demodulation by differential detection, subtraction of self-interference and MRC diversity reception according to (8)(9)(10) respectively. h21e j (α n + β n ) × [ h21e j (α n−1 + β n−1 ) ]∗ × (e jΔβ n )∗ =| h21 |∗ e j ( Δα n + Δβ n ) × e − jΔβ n =| h21 |2 e jΔα n

(8)

h22 e j (α n + β n ) × [ h22 e j (α n−1 + β n−1 ) ]∗ × (e jΔβ n ) ∗ =| h22 |∗ e j ( Δα n + Δβ n ) × e − jΔβ n =| h22 |2 e jΔα n

(9)

| h21 |2 e jΔα n + | h22 |2 e jΔα n = (| h21 |2 + | h22 |2 )e jΔα n

(10)

where n means n-th symbol duration. Terminal S1 performs similar processing. Scheme 2-2 Almost all operations in the phase 1 and 2 are the same as those of scheme 2-1 except regenerating method of symbols A = e jα and B = e jβ n at cooperative terminals. Digital data are not restored from received signals. Using known symbol of previous duration e jα ( n −1) , R1 just performs fading compensation by differential detection and regenerates A = e jα in a some kind of soft decision manner, according to (11)(12). n

n

(h11e jan ) × (h11e

jα ( n −1 ) *

e jΔα n × e

) / | h11 |2 = e jΔα n

jα ( n −1 )

= e jα n

(11) (12)

B is regenerated in the same way. R2 performs similar processing.

Scheme 2-3 jα jβ n In the 1st phase, R1 receives h11e n and h21e , regenerates the combination signal without compensation of fading by (13).

A + B = h11e jαn × h21e jβn = h11h21e j (αn + βn )

(13)

352

H. Zhou

In the 2nd phase, S2 performs fading compensation and demodulation by differential detection, subtraction of self-interference according to (14)-(17). h11h21h21e j (α n +β n ) × (h11h21h21e

j (α ( n −1 ) + β ( n −1 ) ) *

) = h11 h 21 e j ( Δα n +Δβ n ) 2

4

h11 h 21 e j ( Δα n +Δβn ) × (e jΔβn )* = h11 h 21 e jΔαn 2

4

2

h12 h22 h22e j (α n + β n ) × (h12 h22 h22 e

j (α ( n −1) + β ( n −1) ) *

4

(15)

) = h12 h 22 e j ( Δα n +Δβn ) 2

4

h12 h 22 e j ( Δαn + Δβn ) × (e jΔβ n )* = h12 h 22 e jΔαn 2

4

2

4

4

2

4

2

4

2

(16) (17)

h11 h 21 e jΔαn + h12 h 22 e jΔαn = ( h11 h 21 + h12 h 22 )e jΔαn 2

(14)

4

(18)

Finally, MRC diversity reception is carried out by (18). S1 performs similar processing. As mentioned above, the proposed scheme 2 solves the problem of estimating channel information by using differential detection. However, it is expected that transmission quality degrades in comparison to scheme 1. 2.3 The Proposed Scheme Using Code Combining (CC) Diversity

In order to solve the problem of transmission quality degradation of scheme 2, assuming convolutional error control code is used in communication, we further propose third realization scheme (called scheme 3 hereafter) which adopts DPSK modulation, differential detection and code combining (CC) diversity reception. Code combining (CC) is a maximum-likelihood decoding technique for combining an arbitrary number N of noisy received convolutional code words respectively from N diversity branches. The error correcting capability of CC combined code is N times that of original code. The combiner is just a very simple digital switch sequentially connected to the decision output of each diversity branch. It has been confirmed that CC diversity with error-and-erasure correction Viterbi (EECV) decoding gives better transmission performance than MRC diversity [5][6]. Almost all transmission processing of scheme 3 are the same as those of scheme 2 except that CC is used in diversity branch combining and EECV decoder is used for error correction decoding. Corresponding respectively to scheme 2-1, 2-2 and 2-3, the proposed scheme 3 can also be further classified into 3-1, 3-2 and 3-3.

3 Performance Analysis Computation simulations are performed to evaluate the performance of the proposed schemes. Table 2.1 shows simulation conditions. In simulation, it is assumed that cooperative terminals R1 and R2 locate at the middle of S1 and S2 and all communication channels have same average signal to noise power ratio (SNR). It is also assumed that all communication channels suffer from only frequency-flat fading. All proposed schemes do not carry out retransmission operation at the 1st phase.

A Novel Cooperative Relaying Scheme for Next Generation Wireless Networks

353

Table 1. Computer simulation conditions

Modulation method Demodulation method Transmitting diversity Diversity combining method Communication channels Error correction code Decoding method

STBC based Proposed Proposed Proposed scheme scheme 1 scheme 2 scheme 3 QPSK π / 4 shift DQPSK Coherent detection Differential detection STBC TSTD MRC CC Frequency flat fading with maximum Doppler frequency fD=50Hz Convolutional code, R=1/2, K=3 Hard decision Viterbi(HDV) EECV

㪈㪇㪄㪈

㪘㫍㪼㫉㪸㪾㪼㩷㪙㪜㪩

㪈㪇㪄㪊

㪈㪇㪄㪌 㪪㪫㪙㪚㩷㫊㪺㪿㪼㪅㩷㫎㪅㩷㫉㪼㫋㫉㪸㫅㫊㪅 㪪㪫㪙㪚㩷㫊㪺㪿㪼㪅㩷㫎㪆㫆㪅㩷㫉㪼㫋㫉㪸㫅㫊㪅 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪈㪄㪈 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪈㪄㪉 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪈㪄㪊 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪉㪄㪈 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪉㪄㪉 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪉㪄㪊

㪈㪇㪄㪎

㪈㪇㪄㪐

㪇

㪌

㪈㪇

㪈㪌

㪉㪇

㪉㪌

㪊㪇

㪊㪌

㪪㪥㪩㪆㪺㪿㪸㫅㫅㪼㫃㩷㩿㪻㪙㪀

Fig. 4. Transmission quality comparison of scheme 1, 2 and STBC based scheme (Perfect estimation of channel states)

Fig. 4 shows the average BER performance versus SNR per channel for scheme 1 and 2, assuming perfect estimation of channel states. For comparison, it is also shown in the figure the performance of conventional STBC based scheme with and without retransmission at the 1st phase. Firstly, the proposed scheme 1 (scheme 1-1, 1-2 and 1-3) has almost the same BER performance as STBC based scheme without retransmission. This result confirms that the self-interference signals are completely removed from the received combination signals in the 2nd phase, and the proposed bidirectional cooperative relaying scheme dose not bring about loss in transmission quality. Next, compared with scheme 1-1 and 1-2, scheme 1-3 has about 1dB diversity gain for achieving the same BER. This is considered the result of soft decision in regeneration of transmitted signals at cooperative terminals. On the other hand, the BER performance of the proposed scheme 2 (scheme 2-1, 22 and 2-3) deteriorates as expected compared with STBC based scheme and scheme 1 because of using differential detection. Especially for scheme 2-3, because it employs the simplest amplify-and-forward (AF) method for signal regeneration at cooperative

354

H. Zhou 㪈㪇㪇

㪘㫍㪼㫉㪸㪾㪼㩷㪙㪜㪩

㪈㪇㪄㪈

㪈㪇㪄㪉

㪈㪇㪄㪊

㪪㪫㪙㪚㩷㫊㪺㪿㪼㪅㩷㫎㩷㫉㪼㫋㫉㪸㫅㫊㪅 㪪㪫㪙㪚㩷㫊㪺㪿㪼㪅㩷㫎㪆㫆㪅㩷㫉㪼㫋㫉㪸㫅㫊㪅 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪈㪄㪈 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪈㪄㪊 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪉㪄㪈 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪉㪄㪉

㪈㪇㪄㪋

㪈㪇㪄㪌

㪇

㪌

㪈㪇

㪈㪌

㪉㪇

㪉㪌

㪊㪇

㪊㪌

㪪㪥㪩㪆㪺㪿㪸㫅㫅㪼㫃㩷㩿㪻㪙㪀

Fig. 5. Transmission quality comparison of scheme 1, 2 and STBC based scheme (Estimating channel states once/125symbols)

terminals, scheme 2-3 gives the worst BER performance, and is not likely a practical transmission scheme. However, since it does not need estimation of channel states, scheme 2 has much simpler system implementation than STBC based scheme and scheme 1. However, in actual communications, it is very difficult to estimate channel states perfectly, especially under fast fading environments where channel states change rapidly. For imperfect situation, we assume here the channel states are estimated once for every fixed 125 symbols and the estimated results are used till the next estimation. Fig.5 shows simulation results. For both STBC based scheme and scheme 1, transmission quality degrades sharply and error floor phenomenon appears due to imperfect estimation of channel states. On the other hand, by taking advantage of differential detection, scheme 2 does not require estimation of channel states and shows no any degradation in BER performance. As a result, the performance difference between scheme 2 and STBC based scheme as well as scheme 1 is reduced. Fig. 6 gives the average BER performance of the proposed scheme 3 (scheme 3-1, 3-2 and 3-3) assuming perfect estimation of channel states. For comparison, it is shown again in the figure the performance of STBC based scheme with and without retransmission at the 1st phase. In spite of using differential detection and having much simpler system implementation, scheme 3-2 and 3-3 show almost identical BER (for SNR<15dB) to, or even better BER (for SNR>15dB) than STBC based scheme without retransmission. This is considered the results of using CC diversity reception and EECV decoding. Scheme 3 can correct transmission errors both in the 1st and in the 2nd phases by using CC diversity. In contrast, by using MRC diversity at the 2nd phase, STBC based scheme without retransmission at the 1st phase can only improve the transmission quality of the 2nd phase, but is not able to cover the transmission errors in the 1st phase, causing worse whole transmission performance than scheme 3.

A Novel Cooperative Relaying Scheme for Next Generation Wireless Networks

355

㪈㪇㪄㪈

㪘㫍㪼㫉㪸㪾㪼㩷㪙㪜㪩

㪈㪇㪄㪊

㪈㪇㪄㪌

㪈㪇㪄㪎

㪈㪇㪄㪐

㪪㪫㪙㪚㩷㫊㪺㪿㪼㪅㩷㫎㪅㩷㫉㪼㫋㫉㪸㫅㫊㪅 㪪㪫㪙㪚㩷㫊㪺㪿㪼㪅㩷㫎㪆㫆㩷㫉㪼㫋㫉㪸㫅㫊㪅 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪊㪄㪈 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪊㪄㪉 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪊㪄㪊

㪇

㪌

㪈㪇

㪈㪌

㪉㪇

㪉㪌

㪊㪇

㪊㪌

㪪㪥㪩㪆㪺㪿㪸㫅㫅㪼㫃㩷㩿㪻㪙㪀

Fig. 6. Transmission quality comparison of scheme 3 and STBC based scheme (Perfect estimation of channel states)

Don't forget that scheme 3 does not use retransmission at the 1st phase. This means if retransmission is also introduced, scheme 3 is expected to achieve better BER performance with the same number of times of retransmission, or require less number of times of retransmission (thus get higher transmission efficiency) for achieving the same BER performance, compared with STBC based scheme with retransmission. On the other hand, scheme 3-3 gives the worst BER performance due to the same reason as scheme 2-3, and is not likely a practical transmission scheme. Transmission performance of scheme 3 is also investigated assuming imperfect estimation of channel states. Fig. 7 shows the simulation results assuming again channel states are estimated once every 125 symbols. The BER performance of STBC based scheme is also shown in the figure for comparison. Thanks to differential detection as well as strong performance improvement capability of CC diversity, scheme 3 achieves almost identical BER (for SNR<28dB) to, or better BER (for SNR>28dB) even than STBC based scheme with retransmission. It should be noted that scheme 3 achieves such surprising BER performance without any retransmission at the 1st phase. This fact implies that scheme 3 has higher transmission efficiency for achieving the same BER in comparison to STBC based scheme. In order to confirm this, transmission throughputs of scheme 3 and STBC based scheme are also investigated under the same transmission conditions as Fig. 7. Fig. 8 depicts the throughput performance (normalized by the throughput of scheme 3) of two schemes. Since scheme 3 does not use retransmission, its throughput is fixed in 1. In contrast, in order to maintain transmission quality to some degree, the conventional STBC based scheme must carry out many times of retransmission at the 1st phase under severe channel conditions; causing sharp degradation in transmission throughput when SNR is lower than 20dB.

356

H. Zhou 㪈㪇㪇 㪈㪇㪄㪈

㪘㫍㪼㫉㪸㪾㪼㩷㪙㪜㪩

㪈㪇㪄㪉 㪈㪇㪄㪊 㪈㪇㪄㪋 㪪㪫㪙㪚㩷㫊㪺㪿㪼㪅㩷㫎㪅㩷㫉㪼㫋㫉㪸㫅㫊㪅 㪪㪫㪙㪚㩷㫊㪺㪿㪼㪅㩷㫎㪆㫆㪅㩷㫉㪼㫋㫉㪸㫅㫊㪅 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪊㪄㪈 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪊㪄㪉 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪊㪄㪊

㪈㪇㪄㪌 㪈㪇㪄㪍

㪇

㪌

㪈㪇

㪈㪌

㪉㪇

㪉㪌

㪊㪇

㪊㪌

㪪㪥㪩㪆㪺㪿㪸㫅㫅㪼㫃㩷㩿㪻㪙㪀

Fig. 7. Transmission quality comparison of scheme 3 and STBC based scheme (Estimating channel states once/125symbols) 㪈㪅㪉

㪘㫍㪼㫉㪸㪾㪼㩷㫋㪿㫉㫆㫌㪾㪿㫇㫌㫋

㪈 㪇㪅㪏 㪇㪅㪍 㪇㪅㪋 㪇㪅㪉 㪇

㪪㪫㪙㪚㩷㫊㪺㪿㪼㪅㩷㫎㪆㫆㩷㫉㪼㫋㫉㪸㫅㫊㪅 㫇㫉㫆㫇㪅㫊㪺㪿㪼㪅 㪇

㪌

㪈㪇

㪈㪌

㪉㪇

㪉㪌

㪊㪇

㪊㪌

㪪㪥㪩㪆㪺㪿㪸㫅㫅㪼㫃㩷㩿㪻㪙㪀

Fig. 8. Transmission throughput comparison of scheme 3 and STBC based scheme (Estimating channel states once/125symbols)

From all results mentioned above, it is confirmed that the proposed scheme 3 can achieve better, or at least equal BER performance with much higher transmission throughput in comparison to the conventional STBC based scheme under practical communication conditions. Considering additionally much simple implementation of system and wireless terminals, simple system control protocol as well as small power consumption, it can be said that scheme 3 is a much attractive choice for wireless networks.

A Novel Cooperative Relaying Scheme for Next Generation Wireless Networks

357

4 Conclusions In this paper, we propose a novel cooperative relaying scheme for next generation wireless networks mainly employing TSTD and bidirectional communication technologies. All possible realizations of the proposed scheme are comprehensively investigated with respect to various methods of modulation, demodulation, and diversity combining. The transmission performances of all realizations of the proposed scheme are studied by computer simulation and compared with that of the conventional STBC based cooperative relaying scheme. In comparison to STBC based scheme, the proposed scheme 1 using coherent detection and MRC diversity can achieve the same transmission performance, and has the same technology problems. But it is more flexible in design and implementation of networks and wireless terminals. The proposed scheme 2 using differential detection and MRC diversity has much simpler implementation of systems and terminals, but gives relatively poor transmission performance. The proposed scheme 3 using differential detection and CC diversity solves almost all the technical problems of STBC based relaying scheme mentioned in introduction section, achieves the same or even better BER performance and much higher transmission throughput under real communication conditions. Only frequency flat fading is considered in this paper. It is expected that scheme 3 will give better transmission performance (quality and efficiency) than conventional STBC based scheme in severer communication environments including frequency selective fading, random FM noise, channel interference, and so on. With additional merits of the simplest implementation of systems and terminals, the least complexity of signal processing and the smallest power consumption, it can be said that scheme 3 is a good option for system designers in selection cooperative schemes for next generation wireless networks.

References 1. Sendoaris, A., Erkip, Aazhang, B.: Increasing uplink capacity via user cooperation diversity. In: Proc. of IEEE ISIT (1998) 2. Alamouti, M.: A simple transmit diversity technique for wireless communications. IEEE J. Select. Areas in Commun. 16, 1451–1458 (1998) 3. Rankov, B., Wittneben, A.: Spectral efficient protocols for half-duplex fading relay channels. IEEE J. Select. Areas in Commun. 25(2), 379–389 (2007) 4. Tarokh, V., Jafarkhani, H.: A differential detection scheme for transmit diversity. IEEE J. Select. Areas in Commun. 18(7), 1169–1174 (2000) 5. Zhou, H., Deng, R.H., Tjhung, T.T.: Performance of combined diversity reception and convolutional coding for QDPSK land mobile radio. IEEE Trans. Veh. Techno. 43(3), 499–508 (1994) 6. Zhou, H., Okamoto, K.: Comparison of code combining and MRC diversity reception in mobile communications. In: Proc. of IEEE WCNC 2004, Atlanta, USA (March 2004)

Frequency Allocation Scheme to Maximize Cell Capacity in a Cellular System with Cooperative Relay Wooju Lee, Kyongkuk Cho, Dongweon Yoon, Sang Kyu Park, and Yeonsoo Jang Dept. of Electronics and Computer Eng., Hanyang University, Seoul, Korea [email protected]

Abstract. When deploying the fixed relay stations (RSs) in a cellular system, additional co-channel interferences occur necessarily. To avoid the co-channel interferences, an effective frequency allocation (FA) scheme is essentially required. Cooperative relay can achieve the diversity gain as well as coverage extension of the cellular system. FA schemes with non-cooperative relay have been widely studied, but little research has been done for those with cooperative relay. Since cooperative relay is that RS and base station (BS) simultaneously transmit the same signal using the same time and frequency resources, FA scheme with cooperative relay has different FA patterns compared with that for non-cooperative relay. In this paper, we propose an improved FA scheme with cooperative relay in the system. The proposed scheme can maximize the cell capacity through minimizing co-channel interferences and achieving the cooperative source diversity gain. Through a computer simulation, we demonstrate the proposed FA scheme with cooperative relay can increase average cell, user, and edge user throughputs compared with those for conventional systems under the IEEE 802.16j environment. Keywords: Cooperative relay, Frequency allocation, OFDMA, Cellular system.

1 Introduction Recently, the demand of mobile phone services for a high-speed multimedia data transmission has been increased. One of the cost-effective methods to satisfy this demand is a fixed relay station (RS) in a cellular system [1]-[3]. When deploying the fixed RSs, additional co-channel interferences occur in the system. To avoid the co-channel interferences, an effective frequency allocation (FA) scheme is essentially required. Cooperative relay can achieve the diversity gain as well as coverage extension of the system. FA schemes with non-cooperative relay have been widely studied [4]-[6], but little research has been done for those with cooperative relay. Since cooperative relay is that RS and base station (BS) simultaneously transmit the same signal using the same time and frequency resources, FA scheme with cooperative relay has different FA patterns compared with that for non-cooperative relay. In this paper, we propose an improved FA scheme with cooperative relay in the system. The proposed scheme can maximize the cell capacity through minimizing cochannel interferences and achieving the cooperative source diversity gain. Through a computer simulation, we demonstrate the proposed FA scheme with cooperative relay S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 358–364, 2009. © Springer-Verlag Berlin Heidelberg 2009

FA Scheme to Maximize Cell Capacity in a Cellular System with Cooperative Relay

359

can increase average cell, user, and edge user throughputs compared with those for conventional systems under the IEEE 802.16j environment. The remainder of the paper is organized as follows; Section 2 reviews the 3-sector and cooperative relay systems. Section 3 introduces the proposed FA scheme with cooperative relay. Simulation results are presented in Section 4 and the final section gives conclusions.

2 System Model 2.1 3-Sector System A conventional 3-sector system has a BS in the center of a cell, and each sector has a directional antenna used for the 120 degree - sectorization. Fig. 1 shows a FA pattern in a 3-sector system. A different sub-carrier set is allocated to each sector in the cell to minimize the co-channel interferences among adjacent sectors and cells [7], [8].

Fig. 1. Frequency allocation pattern in a 3-sector system

2.2 Cooperative Relay System A cooperative relay system is that RS and BS simultaneously transmit the same signal using the same time and frequency resources to obtain the cooperative source diversity [9]. Time framework in the cooperative relay system has two time slots as shown in Fig. 2. In the first time slot, only BS transmits a data to RSs and Mobile Stations (MSs). In the second time slot, BS and RS transmit a data to MSs. Relay link is defined as the transition link from BS to RSs, and access link is defined as the transition link

Fig. 2. Time framework in a cooperative relay system

360

W. Lee et al.

from BS and RSs to MSs in [10]. In this paper, we assume that the total transition time in the cooperative relay system is equally divided in the first and second time slots. Fig. 3 shows a transmit protocol in the cooperative relay system. Property of this transmit protocol is that the BS and RS jointly transmit a same data through the same frequency in the second time slot. MS can obtain the cooperative source diversity gain by receiving the same data through the independent paths in the second time slot [9].

Fig. 3. Transmit protocol in a cooperative relay system

Fig. 4 shows FA patterns in the cooperative relay system at each time slot. Fig. 4(a) and (b) show the FA patterns in the first and second time slots, respectively. Since BS and RS in the second time slot transmit the same data through the same frequency, 3-sectored BS and RS have the same frequency band in the second time slot.

Fig. 4. Frequency allocation patterns in a cooperative relay system

3 Proposed Frequency Allocation Scheme with Cooperative Relay In this section, we introduce proposed FA scheme with cooperative relay. Fig. 5 shows the proposed FA scheme in cooperative relay system. Fig. 5-(a) and (b) show the proposed FA patterns with cooperative relay in the first and second time slots, respectively. Fig. 5-(c) shows the frequency sub-sets, and Fig. 5-(d) shows allocated frequency bands in the second time slot and the status of BS and RS.

FA Scheme to Maximize Cell Capacity in a Cellular System with Cooperative Relay

361

Fig. 5. Proposed frequency allocation scheme with cooperative relay

Fig. 6. One-tier multi-cell structure of the proposed frequency allocation pattern with cooperative relay in the second time slot

362

W. Lee et al.

From Fig. 5-(b), we can see that the FA scheme with cooperative relay can avoid intra-cell co-channel interferences. Moreover, we also confirm the proposed scheme can avoid inter-cell as well as intra-cell co-channel interferences in the multi-cell environment as shown in Fig. 6. So, the proposed scheme can minimize co-channel interferences with simplicity and consistency and achieve the cooperative source diversity gain.

4 Simulation Environment and Results 4.1 Simulation Environment We compare the system performance of the proposed FA scheme to that of conventional 3-sector and cooperative relay systems. Table 1 shows simulation parameters. Table 1. Simulation parameters Simulation Parameter Cell layout

Hexagonal 19 cells

Cell radius BS antenna pattern

1000 m 3 sector directional

BS antenna pattern

3 Sector : θ 3 dB = 70°, Am = 20dB ⎡ ⎛ θ ⎞ ⎤ A(θ ) = − min ⎢12 ⎜ ⎟ , Am ⎥ ⎣⎢ ⎝ θ 3dB ⎠ ⎦⎥

RSNumber antennaofpattern RS

where − 180 ≤ θ ≤ 180

6 per one cell

RS RSdistance/ antennadistribution pattern

650m / Uniform

RS antenna pattern

Omni directional

Carrier frequency

3.4 GHz

Bandwidth

10 MHz (1024 subcarriers)

Number of MS

36 per one cell

Request Data Rates per MS

2M bps

MS distribution

Uniform distribution

Path loss model

802.16j Type A SUI-- 5

Channel model Tx, Rx antenna gain Body loss

BS: 18 dBi, RS: 12 dBi, MS: 0 dBi BS: -

3 dB, RS: -

3 dB, MS: - 2 dB

Tx power

BS: 43 dBm, RS : 33 dBm

Height

BS: 30 m, RS : 10 m, MS: 2 m

In the simulation, a cell layout consists of hexagonal 19 cells and each cell radius is 1 Km. BS and RS antenna patterns are 3-sector directional and omni directional, respectively. IEEE 802.16j (Relay Task Group) Type-A model is used as shadowing and path loss models [11], where the quantity of -174 dBm/Hz is a thermal noise power density. 802.16 SUI-5 model is used as a fading model [12]. Sub-carrier is uniformly allocated to each MS, 36 MSs are uniformly distributed per cell, and each sector has 12 MSs.

FA Scheme to Maximize Cell Capacity in a Cellular System with Cooperative Relay

363

4.2 Simulation Results We compare the system performances of average cell, user, and edge user throughputs based on the signal to interference and noise ratio (SINR) between the proposed and conventional schemes. The SINR of the user k on the sub-carrier i is expressed as:

SINRi = k

Pn ⋅ Li , n k

(1)

N 0W + ∑ Pj ⋅ L i , j k j ≠n

where, Pn is transmission power of the user k in the sector n; Li,nk is the channel gain of the user k in the sector n on the sub-carrier i; Pj ·Li,jk is the co-channel interference of the user k in the sector j on the sub-carrier i; and N0W is noise power. The throughput of the user k is calculated as:

Rk = ∑ Bsubcarrier Z ik log 2 (1 + SINRik )

(2)

i

where Zik is the indicator of the resource assignment. If the sub-carrier i is assigned to the user k, then Zik = 1; otherwise Zik = 0. And the cell throughput is evaluated as:

Rtot = ∑ Rk = ∑∑ Bsubcarrier Z ik log 2 (1 + SINRik ) k

k

(3)

i

Table 2 shows simulation results of the average cell, user, and edge user throughputs for different system models. Average cell and user throughputs of the proposed FA scheme with cooperative relay have 46.9 Mbps and 1.3 Mbps, respectively. The simulation results show that the proposed FA scheme can increase cell capacity compared with that for the conventional systems. Especially, for the average edge user throughput, it shows that the proposed FA scheme has 180% and 45% performance improvements compared with those for 3-sector and cooperative relay systems, respectively. Table 2. Simulation results Simulation Results

3 sector

Cooperative relay

Proposed FA scheme

Unit

Avg. Cell Thrpt.

37.7

41.6

46.9

Mbps

Avg. User Thrpt.

1,048

1,154

1,303

Kbps

Avg. Edge User Thrpt.

338

669

965

Kbps

5 Conclusions In this paper, we proposed an improved FA scheme with cooperative relay in a cellular system. The proposed FA scheme could maximize the cell capacity through minimizing

364

W. Lee et al.

co-channel interferences and achieving the cooperative source diversity gain. The simulation results showed that the proposed FA scheme with cooperative relay could increase cell capacity compared with that for the conventional systems under the IEEE 802.16j environment. Especially, for the average edge user throughput, it showed that the proposed FA scheme had 180% and 45% performance improvements compared with those for 3-sector and cooperative relay systems, respectively. Acknowledgments. This research was supported by NSL program through the Korea Science and Engineering Foundation funded by the Ministry of Education, Science and Technology (S10801000165 -08A0100-16510).

References 1. Eklund, C., Marks, R.B., Stanwood, K.L., Wang, S.: IEEE standard 802.16: A Technical Overview of the WirelessMANTM Air Interface for Broadband Wireless Access. IEEE Commun. Mag. 40(6), 98–107 (2002) 2. P802.16j Baseline Document. IEEE 802.16j-06/026r4 3. Pabst, R., et al.: Relay-Based Deployment Concepts for Wireless and Mobile Broadband Radio. IEEE Commun. Mag. 42(9), 80–89 (2004) 4. Huining, H., et al.: Range extension without capacity penalty in cellular networks with digital fixed relays. In: Proc. IEEE Globecom 2004, pp. 3053–3057 (2004) 5. Huang, L., et al.: Comparison of two frequency reuse schemes in fixed relay system. In: Proc. IEEE WCNC 2005, pp. 432–436 (2005) 6. Guan, L., Zhang, J., Li, J., Liu, G., Zhang, P.: Spectral Efficient Frequency Allocation Scheme in Multihop Cellular Network. In: Proc. IEEE VTC 2007, pp. 1446–1450 (2007) 7. Yeom, J.H., Lee, Y.H.: Mitigation of Inter-Cell Interference in the WiMAX System. In: Proc. IEEE International Symposium on Mobile WiMAX, pp. 26–31 (2007) 8. Lee, Y., Park, S., Yun, S.: Resource Management for Fixed Relay Based Cellular Systems with Sectorization. IEICE Trans. Commun. E89–B(2), 625–628 (2006) 9. Cooperative Relaying in Downlink for IEEE 802.16j. IEEE 802.16j-07/124r1 10. Harmonized definitions and terminology for 802.16j Mobile Multihop Relay. IEEE 802.16j-07/124r1 11. Multi-hop Relay System Evaluation Methodology (Channel Model and Performance Metric). IEEE 802.16j-06/013r3 12. Channel Models for Fixed Wireless Applications. IEEE 802.16.3c-01/29r4

Achieving Secondary Capacity under Interference from a Primary Base Station Shadi Ebrahimi Asl and Bahman Abolhassani Electrical Engineering Department, Iran University of Science and Technology Tehran, Iran

Abstract. There are two main challenges for cognitive underlay transmission in a host channel. The first challenge is how to assign a host channel efficiently among a set of cognitive channel applicants such that primary users perceive no harmful interference. Further, the second challenge is how to achieve a good capacity under high power signal from primary transmitter of the host channel. In this paper, we propose a primary interference suppression technique for cognitive underlay transmission in a host channel by using direct sequence spread spectrum. We show that cognitive users can efficiently suppress high power signal from a primary base station by using adequate spreading factors. Further, we propose an adaptive cognitive underlay channel assignment (ACUCHA) algorithm in a host channel for an ad hoc cognitive network which is overlaid with a primary cell. We show that by using the proposed primary interference suppression in cognitive links the proposed secondary channel assignment algorithm achieves 261.14 Mbps capacity when there are 100 cognitive channel applicants and spreading factor is 100. Also, we show that the achieved capacity is gained without producing harmful interference temperature in the host channel and perceptible interference in adjacent channels. Keywords: Underlay transmission; Interference temperature; Direct sequence spread spectrum; Jammer suppression.

1 Introduction The ever increasing demand for wireless applications and limited spectrum has made more challenges for the researchers to design and develop new algorithms to overcome this problem. On the other hand, studies have shown that the frequency bands devoted to primary users (PUs) are not used efficiently all the time [1]. To address this problem, cognitive radio has been introduced as a secondary user in a licensed channel such that it produces no harmful interference to the PU of that channel [1]. Accordingly, if a group of cognitive radios aim to use a common host channel they must use a channel assignment algorithm to avoid transmission collisions and any probable disturbance to PUs. Channel assignment problem has been fully studied in the literature [1]. However, solutions for traditional wireless networks are not suitable for cognitive networks. In cognitive underlay transmission, non-harmful transmission for PUs adds a new dimension of complexity to the problem of channel assignment. S. Balandin et al. (Eds.): NEW2AN/ruSMART 2009, LNCS 5764, pp. 365–376, 2009. © Springer-Verlag Berlin Heidelberg 2009

366

S. Ebrahimi Asl and B. Abolhassani

In order to reduce the probability of disruption on PUs, cooperative channel assignment among cognitive users has been studied in the literature [1][2]. In this case, a channel assignment algorithm must avoid assigning the host channel to cognitive users that are within no-talk zone1 of a PU. Also, channel assignment problem must be performed such that the total interference received by the PU never becomes greater than a predetermined level [1][3][4]. Another problem for channel assignment in cognitive underlay transmission is how to achieve good secondary capacity when primary signal is available in the host channel. Since cognitive users are generally low power radios in comparison with PUs, they receive the primary signal as high power interference. In this case, cognitive transmissions are overwhelmed by primary signal like the so-called near-far problem in CDMA networks. However, unlike close loop power control, which is used in CDMA networks to overcome this problem, no modification is permitted to the primary system. Thus, cognitive users must suppress the high power interference from the primary base station (PBS) to improve their achieved capacities. In [5], using adaptive array antennas by cognitive radios has been proposed to reduce the interference between primary and secondary networks, although the number of antennas in the array is the concern. Ref. [6] and [7] study performance of cognitive links with the assumption that a cognitive radio respectively knows or estimates the primary signal to subtract it from the total received signal. In this paper, we propose a primary interference suppression technique by using direct sequence spread spectrum (DSSS). We consider the signal from a primary base station as a destructive noise jammer. Then, we show that cognitive users can efficiently suppress primary jamming signal by using adequate spreading factors. Also, we propose an adaptive cognitive underlay channel assignment (ACUCHA) algorithm in a host channel for a cognitive ad hoc network which is overlaid with a primary cell. The proposed algorithm tracks no-talk zone of a PU from the measured data of at least three cognitive users. Then, it assigns the host channel to a set of cognitive users that are located out of no-talk zone of the PU such that the increased interference temperature at the PU becomes below a predetermined harmful level. We investigate performance of the proposed ACUCHA in three primary interference suppression scenarios with regard to the bandwidth of the host channel. We show that by using the proposed primary interference suppression in cognitive links the proposed ACUCHA algorithm achieves 261.14 Mbps capacity for the cognitive network without producing harmful interference temperature in the host channel and perceptible interference temperature in adjacent channels when there are 100 cognitive channel applicants and spreading factor is 100. The rest of this paper is organized as follows. In Section 2, we introduce our proposed primary interference suppression in cognitive underlay transmission. In Section 3, we describe the proposed ACUCHA algorithm. Simulation results are presented in Section 4. Conclusion is presented in Section 5. We use term secondary transmission and cognitive transmission interchangeably throughout this paper.

1

No-talk zone is defined as an area in which a cognitive transmitter is very close to a primary user such that it can disturb the primary user if it uses the channel.

Achieving Secondary Capacity under Interference from a Primary Base Station

367

2 Primary Interference Suppression in Cognitive Underlay Transmission In cognitive underlay transmission, a cognitive transmitter (CT) can use a host channel when there is primary transmission in the channel. However, the CT is allowed to use the host channel as long as it keeps its interference to PUs of the channel below a predetermined harmful level. In order to make a quantitative measure of interference, FCC introduced interference temperature (IT) in 2003 IT ( f C , BC ) = P ( f C , BC ) /( kBC ) =

1 BC

∫

BC

S ( f C , BC )df

,

(1)

kBC

where IT(fC,BC) is the IT in a channel with central frequency fC and bandwidth BC, P(fC,BC) is the average power in watts on the channel, S(fC,BC) is the power spectral density of P(fC,BC) and k is Boltzmann's constant ( 1.38 × 10 −23 Joules per Kelvin). In IT model, a cognitive transmitter (CT) selects a host channel and measures IT level in it to find a spatial opportunity. We define spatial opportunities of a host channel as places around a PBS whose IT levels are below harmful IT level for PUs. As an illustrative example, see Fig. 1. The signal strength in a frequency channel is depicted as a function of distance to PBS in Fig. 1(a). According to the above explanation, radius d0 from the PBS is a spatial opportunity. A CT which is located in a spatial opportunity can use the host channel if it satisfies two conditions. First, it must locate out of no-talk zones of PUs. Second, its received transmit power by PUs must become below a specified harmful level. As an example, since CT1 in Fig. 1(a) is in the no-talk zone of a PU it cannot use the host channel. However, CT2 can use the host channel if it satisfies the second condition. On the other hand, a cognitive receiver that is located in a primary cell receives high power signal from a PBS as the main interference for its link. Since a cognitive transmitter is generally a low power radio, the exerted interference from the PBS considerably degrades performance of the cognitive link. Thus, although a CT in a spatial opportunity can use the host channel, it achieves a poor capacity in practice. In this paper, we use DSSS as a primary interference suppression technique for a cognitive link. We consider high power signal from a PBS as a destructive noise jammer. Thus, cognitive receivers can suppress this high power jamming signal to some degree depending on the selected spreading factors in their links. Jamming is an intruding action in which a jammer transmits some signals intentionally in a frequency band to corrupt the main signal of the channel. In this paper we consider cognitive transmissions as the main signals of a host channel. Then, a PBS is a jammer that produces jamming signal for cognitive transmissions. Fig. 1 shows our studied network architecture. A PBS transmits data over frequency bandwidth f − f C ≤ W P / 2 for PUs that are within radius D from it. If we assume N CTs and their relevant receivers in the cognitive ad hoc network, named i=1, 2,…, N, we can specify the BPSK-DSSS signal of the CTi as s i (t ) = 2 P d i (t )ci (t )Cos (2πf C t ) ,

(2)

368

S. Ebrahimi Asl and B. Abolhassani

(a) Studied network.

(b) The signal strength in a frequency channel [1].

Fig. 1. (a) Spatial opportunities are places whose IT levels are below harmful IT level. Out of band emission, saturation effects or unauthorized transmissions are external interference which increase IT level in a host channel. (b) The radius of no-talk zone of the PU is dn. Cognitive ad hoc network is considered within a square overlaid with a primary cell.

where P is transmitting power, d i (t ) and ci (t) are the associated data and spreading code for CTi. The spreading factor (SF) of a DSSS transmission is specified as SF = W C W D ,

(3)

where WD and WC are respectively the bandwidths of the main lobes of the cognitive data and spreading code. The power spectral density of the cognitive signal can be specified as S( f ) =

P WC

⎛ 2 2 ⎞. ⎜⎜ ( Sinc 2 ( f − f C ) ) + ( Sinc 2 ( f + f C ) ) ⎟⎟ W W C C ⎠ ⎝

(4)

If NT CTs simultaneously use the host channel ( N T ≤ N ), the received signal by ith cognitive receiver is ri (t ) = s i (t ) + n PBS (t ) +

NT

∑ s (t ) +n (t ) , j

0

(5)

j =1& j ≠ i

NT

∑s

where n PBS (t ) is the signal from PBS, nMAI =

j =1& j ≠i

j

(t ) is cognitive multiple access

interference (MAI) and n0(t) is the AWGN ambient noise. Thus, the signal to interference ratio of ith cognitive link can be specifies as γ i = si

n PBS +

NT

∑s

j =1& j ≠ i

j

+ n0

.

(6)

Achieving Secondary Capacity under Interference from a Primary Base Station

369

Three interference suppression scenarios may be considered with regard to the bandwidth of cognitive power spectral density (WC) and the bandwidth of the host channel (Wp): Case 1: WC = WD , WD<Wp In this case, cognitive users do not use DSSS technique. Thus, the main lobe and some side lobes of the cognitive power spectral density locate in the host channel. Also, since cognitive users do not use interference suppression technique a CR receives high interference from PBS in this case. Bit error probability of the ith cognitive link can be written as ,

2 Eb ) NPBS + NMAI + N0

Pbi = Q( γ i ) = Q(

(7)

where NPBS, NMAI and N0 are respectively power spectral density of the PBS, the MAI from other CTs and ambient noise. Using (1) and (4), (7) can be rewritten as 2

Pbi = Q( 1 NT P PP + ∑ WP WD i =1&i ≠ j WD

fC +

P R

),

WD

(8)

2

2 ∫WD Sinc (( f − fC ) WD )df + N0 2

fC −

2

where Pp is the transmit power from PBS, and R is cognitive rate. Case 2: Wc=Wp In this case, the bandwidth of the main lobe of a cognitive power spectral density is equal to the bandwidth of host channel. Since primary jamming signal completely covers the main lobe of a cognitive power spectral density, it is a barrage noise jammer for a cognitive link. Bit error probability of the ith BPSK-DSSS cognitive link can be written as [8] P ib = Q( γ i ) = Q(

2 Eb ) 0.903 (NPBS + NMAI + N0 )

.

(9)

Using (1) and (4), (9) can be rewritten as 2

P = Q( i b

P 1 NT P 0.903( P + ∑ WP WC i =1&i ≠ j WC

fC +

P R

)

WC

.

(10)

2

2 ∫W Sinc (( f − fC ) WC )df + N0 ) C 2

fC −

2

Case 3: Wc> Wp In this case, the bandwidth of the main lobe of a cognitive power spectral density is bigger than the bandwidth of the host channel. Thus, the main lobe and all side lobes

370

S. Ebrahimi Asl and B. Abolhassani

Fig. 2. Different primary interference suppression scenarios with regard to the bandwidth of the host channel.

Fig. 3. A channel assignment time is composed of two intervals: a data gathering interval and a channel ownership refresh time.

of a cognitive power spectral density locate out of the bandwidth of the host channel. Since primary jamming signal covers some parts of a cognitive power spectral density, it is a partial noise jammer for a cognitive link. Bit error probability of the ith cognitive link can be written as [8] 2Eb ) . N PBS 2( ) + N MAI + N 0 ) WC

Pbi = Q ( γ i ) = Q (

(11)

Using (1) and (4), (11) can be rewritten as 2

Pbi = Q( P 1 2( P ) + W P WC WC

NT

∑

P i =1& i ≠ j W C

P R

W fC + C 2

∫

fC −

WC 2

)

.

(12)

2 Sinc (( f − f C ) )df + N 0 WC 2

As it is understood from (12), primary interference suppression is improved when CTs spread their data out of the bandwidth of the host channel. However, CTs are not allowed to increase their transmit bandwidth very much into adjacent channels since they increase out of band emission which consequently results in increased IT in adjacent channels.

3 Proposed ACUCHA Algorithm In this Section, we introduce the proposed ACUCHA algorithm as a secondary channel assignment algorithm for network architecture depicted in Fig.1. We make several main assumptions:

Achieving Secondary Capacity under Interference from a Primary Base Station

371

1. Primary communication model is based on frequency division duplex in uplink and downlink channels. 2. A common control channel is considered for CTs through which they share their measured data. 3. We assume that each CT is aware of its location. 4. Cognitive users use BPSK-DSSS as a medium interface in their transmission. The cross correlation between spreading codes of the cognitive users is considered very low. All cognitive users use a same SF. 5. We use AWGN channel with 2-Ray ground reflection path loss model. We do not consider fading effects. ACUCHA algorithm is a cooperative algorithm which iteratively is executed by all cognitive channel applicants in a channel assignment time to find all qualified cognitive channel owners. The proposed algorithm is classified into six steps. In the first two steps, CTs share their measured data on the common control channel in a data gathering interval. In the following two steps, each CT independently finds all cognitive channel owners. Then, all selected cognitive channel owners use the host channel for a channel ownership refresh time (CHORT). We define a CHORT as a permitted time for a CT to use the host channel. Finally, the last step returns the algorithm to the first step such that CTs find new cognitive channel owners in upcoming channel assignment time. The six steps are as follows: Step 1: Observation Since spectrum sensing is not a major interest of this paper, we assume that the cognitive network has already selected downlink channel of the primary system as a host channel for secondary transmissions. We also assume that there is no external interference in the downlink channel. Thus, with regard to IT limits, all CTs within the primary cell have spatial opportunities in the downlink channel. Step 2: Cooperation In this step, each CT shares its measured data with other cognitive channel applicants in a data gathering interval. First, the CT estimates its distance to the PU. Using perfect 2-Ray ground reflection (i.e., Γ= -1and Et =0) the distance to the PU can be calculated as d = 4 Pt Gt Gr ht2 hr2 Pr ,

(13)

where Pt is the transmitted power from the PU and Gt and Gr are respectively the gains of the antennas of the PU and the CT. Also, ht and hr are respectively the heights of the antennas of the PU and the CT. Then, the CT puts its location and the estimated distance to the PU on the control channel. At the end of data gathering interval all CTs are aware of the measured data from all other CTs. Step 3: Estimation of no-talk zone In this step, each CT estimates no-talk zone of the PU by the information gathered in Step 2. First, by intersection of at least three estimated distances to the PU, the CT estimates the location of the PU. Then, it calculates the radius of no-talk zone. Using (1) and (13),

372

S. Ebrahimi Asl and B. Abolhassani

d n = 4 PGt Gr ht2 hr2 (k BC ITL ) ,

(14)

where ITL is the harmful IT level for the PU. Step 4: Decision In this step, each CT independently finds the cognitive channel owners for the current CHORT. First, the CT omits all CTs which are in the no-talk zone of the PU. Then, the CT calculates the induced IT of the remaining CTs at the location of the PU. Then, the CT sorts all ITs in an ascending order, say IT1, IT2, …, ITN which N is the number of CTs which are out of no-talk zone. Starting from the least IT, the CT adds the sorted ITs to find a non-harmful complement from ITs ⎡ ⎢ 1 = ∑ IT j = ⎢ W j =1 ⎢ P ⎣ NT

ITTotal

NT

P ∑ W i =1 C

1 f C + WP 2

∫

Sinc 2 (( f − f C )

1 f C − WP 2

⎤ 2 ⎥ ) df ⎥ WC ⎥ ⎦

(kWP ) < ITL ,

(15)

where ITtotal is the amount of increased IT at the location of the PU. Finally, the CT considers all CTs which produce IT1, IT2, …, IT N T as cognitive channel owners in the current CHORT. Since all CTs do this procedure with a same set of data gathered from the common control channel all of them find a same set of cognitive channel owners. Step 5: Transmission In this step, all selected cognitive channel applicants in Step 4 can use the host channel for the current CHORT. All other CTs must avoid transmission. Step 6: Orientation Since all CTs and the PU are assumed to move within the primary cell, a cognitive channel owner may enter to the no-talk zone of the PU. Hence, in this step all CTs return to Step 1 to adaptively find all authorized cognitive channel owners in all following CHORTs.

4 Simulation Results We investigate performance of the proposed ACUCHA algorithm by using the proposed primary interference suppression through computer simulations. We consider one channel ownership refresh time as CHORT=0.5 s. We run the proposed ACUCHA algorithm for an experiment time T=10 s for several number of cognitive channel applicants. We examine three primary interference suppression scenarios. In SF=1, CTs do not use spread spectrum (WD<Wp). In SF=30, the bandwidth of the cognitive power spectral density overlaps the bandwidth of the host channel (Wc=Wp). We also examine SF=50 and SF=100 in which the bandwidth of cognitive power spectral density exceeds the bandwidth of the host channel (Wc>Wp). We calculate the capacity of the cognitive network as NT

NT

i =1

i =1

C N = ∑ C i = ∑ W D log(1 + γ i ) ,

(16)

Achieving Secondary Capacity under Interference from a Primary Base Station

373

Table 1. Networks' parameters Parameters

Secondary User 200 kHz 100×10-3 Watt 0 - 10 m/s 1.7 m 10 250 m 22.59 dB

Bandwidth Power Velocity Antenna height Antenna gain Coverage area ITL

Primary User fC = 300 MHz,WP= 6 MHz 10 Watt 0-10 m/s 10 m,1.7 m 20,5 150 m

where Ci and Cn are respectively the achieved capacity by ith cognitive link and the cognitive network itself. Since primary interference suppression is performed by cognitive users through spreading spectrum into wider bandwidth, secondary transmissions produce out of band increased IT in adjacent channels. We calculate out of band IT as

⎡ 1 ITout = ⎢ ⎢⎣Wout

NT

P

∑W ∫ i =1

C Wout

Sinc 2 (( f − f C )

⎤ 2 )df ⎥ ( kWout ) . WC ⎥⎦

(17)

We consider Wout as the spectrum frequency from 200 MHz to 400 MHz subtracted the bandwidth of the host channel. Fig. 4 shows the average achieved capacity by cognitive network in one CHORT. According to (8), in SF=1 cognitive links experience high interference from PBS. We observe that in this case the achieved capacity by cognitive network is the poorest compared with other SFs. We observe that when cognitive users use SF=30, the achieved capacity improves. It is because in this case cognitive receivers multiply the received interference by a factor 0.903 which consequently results in better capacity. Also, when CTs spread their data out of the bandwidth of the host channel (SF=50,100) the achieved capacity improves more. According to (12), in this case cognitive receivers suppress the primary jamming signal with higher degree. Fig. 5 shows the average increased in-band IT in a CHORT as a function of number of cognitive channel applicants. It is seen that in SF=1 the increased in-band IT is the highest. In addition, in higher SFs the amount of increased in-band IT becomes lower. For example, if we specify network status A as when there are 60 cognitive channel applicants in the cognitive network, in network status A and SF=100 the increased in-band IT is ITin=22.35 dB while it is ITin=22.41 dB in SF=30. Since in SF=1CTs do not use spreading technique they produce high in-band IT. On the other hand, in higher SFs a CT spreads its power spectral density over wider spectrum frequency than the bandwidth of the host channel. Thus, according to (1) the amount of induced in-band IT of a CT decreases. Obviously, in this condition more CTs can simultaneously use the host channel before the increased in-band IT reaches the harmful level. As an example, according to Fig. 6 in network status A and SF=100 there are 40 cognitive channel owners while there are 29 in SF=30. It is also understood from Fig. 5 that in all SFs the amount of increased in-band IT increases when the number of cognitive channel applicants increases. However, the amount of increased

374

S. Ebrahimi Asl and B. Abolhassani

in-band IT does not pass 22.49 dB which is 0.09 dB less than harmful IT level. This is because the proposed ACUCHA algorithm considers 0.09 dB IT as a safe margin to the harmful IT level. Therefore, the proposed algorithm avoids assigning the host channel to all cognitive channel applicants that produce more than 0.09 dB ITs on the PU. Some of these unsuccessful cognitive channel applicants whose ITs are more than 0.09 dB are located in the no-talk zone of the PU. Radius of no-talk zone is depicted in Fig. 7 as a function of number of cognitive channel applicants. It is observed that the radius of no-talk zone becomes smaller in high SFs. Since a CT produces lower in-band IT in a high SF it can come closer to the PU.

Fig. 4. Achieved capacity of cognitive network

Fig. 6. Average number of cognitive channel owners

Fig. 5. Increased in-band IT

Fig. 7. Radius of no-talk zone

Achieving Secondary Capacity under Interference from a Primary Base Station

375

Fig. 8. Increased out of band IT

Further, comparing Fig. 4 and Fig. 5 it is concluded that although the host channel becomes near to harmful IT level, the number of cognitive channel owners increases when there are more cognitive channel applicants. The reason is that when the number of cognitive channel applicants increases the distribution of them in the cognitive network increases too. Thus, the proposed ACUCHA algorithm assigns the host channel to those applicants that are located farther to the PU since they produce lower IT on it. This effect can also be understood from Fig. 7 in which the radius of no-talk zone increases when number of cognitive channel applicants increases. Similarly, it is observed in Fig. 4 that the achieved capacity by the cognitive network increases when there are more cognitive channel applicants in the network. Generally, it is understood that in high SFs the proposed ACUCHA algorithm achieves better capacity and lower in-band IT. However, as we described in Section II in high SFs some parts of secondary power spectral densities locate out of the bandwidth of the host channel. Thus, in high SFs the amount of out of band emission increases which consequently results in increased IT in adjacent channels. Fig. 8 shows the amount of increased out of band IT in a CHORT in adjacent channels as a function of number of cognitive channel applicants in the cognitive network. It is observed that when CTs do not use spreading technique the amount of out of band IT is the lowest. Also, as we expect in higher SFs out of band IT increases. For example, in network status A and SF=100 the average out of band IT is ITout= -1.12dB. However, in network status A and SF=30 out of band IT is ITout=10.2. Generally, however, the increased out of band IT is not very much such that it disturbs the PUs in the adjacent channels.

5 Conclusion In this paper, first we propose a primary interference suppression technique for cognitive underlay transmissions in a host channel by using direct sequence spread spectrum. We show that cognitive users can efficiently suppress primary jamming signal by using adequate spreading factors. Also, we propose an adaptive cognitive underlay channel assignment (ACUCHA) algorithm in a host channel for a cognitive ad hoc

376

S. Ebrahimi Asl and B. Abolhassani

network which is overlaid with a primary cell. We investigate performance of the proposed channel assignment algorithm in three interference suppression scenarios with regard to the bandwidth of the host channel. We show that by using the proposed primary interference suppression in cognitive links the proposed ACUCHA algorithm achieves 261.14 Mbps capacity for the cognitive network without producing harmful interference temperature in the host channel and perceptible interference temperature in adjacent channels when there are 100 cognitive channel applicants and spreading factor is 100.

References 1.

2.

3.

4.

5.

6. 7. 8.

Akyildiz, I.F., Lee, W.Y., Vuran, M.C., Mohanty, S.: Next generation /dynamic spectrum access/cognitive radio wireless networks: A survey. Computer Networks 50(13), 2127– 2159 (2006) Sadek, A.K., Liu, K.J.R., Ephremides, A.: Cognitive Multiple Access Via Cooperation: Protocol Design and Performance Analysis. IEEE Transactions on Information Theory 53(10), 3677–3696 (2007) Xing, Y., Mathur, C.N., Haleem, M.A., Chandramouli, R., Subbalakshmi, K.P.: Dynamic Spectrum Access with QoS and Interference Temperature Constraints. IEEE Transactions on Mobile Computing 6(4), 423–433 (2006) Hong, M., Kim, J., Kim, H., Shin, Y.: An Adaptive Transmission Scheme for Cognitive Radio Systems Based on Interference Temperature Model. In: 6th Annual IEEE Consumer Communications & Networking Conference, pp. 69–73 (2008) Taranto, R., Yomo, H., Popvski, P., Nishimonri, K., Prasad, R.: Cognitive Mesh Network Under Interference from Primary User. Wireless Personal Communications Journal 45(3), 385–401 (2008) Devrove, N., Vu, M., Tarokh., V.: Achievable rates and scaling laws for cognitive radio channels. EURASIP Journal on Wireless Communications and Networking (2) (2008) Popovski, P., Yomo, H., Nishimori, K., Taranto, R.D.: Rate Adaptation for Cognitive Radio under Interference from Primary Spectrum User, arxiv.org/pdf/0705.1227 Peterson, R.L., Ziemer, R.E., Borth, D.E.: Introduction to spread spectrum communication. Prentice-Hall, USA (1995)

Author Index

Abolhassani, Bahman 365 Adami, D. 168 Affes, Olfa 132 Ala-Louko, Mikko 97 Allard, Fabien 89 Balandin, Sergey 42 Banˆ atre, Michel 89 Barshan, Maryam 241 Belogolovy, Andrey 313 Belyaev, Eugine 313 Boldyrev, Sergey 42 Boronowski, Michael 66 Boytsov, Andrey 8 Brown, Ronald 22 Budkov, V.Yu. 77 Buzyukova, Irina 143 Callegari, C. 168 Chaouchi, Hakima 301, 334 Cho, Kyongkuk 358 Choi, Jaeduck 291 Coronato, Antonio 32 Couderc, Paul 89 Deart, Vladimir 180 De Pietro, Giuseppe 32 Delsing, Jerker 52 Ebrahimi Asl, Shadi

Izri, N.

120

Jaakola, Marko 97 Jang, Yeonsoo 358 Jayaraman, Prem Prakash Jeon, Seil 229 Jung, Souhwan 291, 323 Jung, Sukju 279

Kang, Shingak 229 Kashevnik, Alexey 42 Kim, Mijeom 279 Kim, Younghan 229, 291, 323 Knackfuß, Peter 66 Koucheryavy, A. 191 Kumar, Mohan 279 Lagutin, Dmitrij 253 Laine, Hannu 22 Lalis, Spyros 97 Lawo, Michael 66 Lee, Junwon 323 Lee, Wooju 358 Lepers, Catherine 132 Liang, Chih-Chin 217 Liu, Jin 110 Luh, Hsing 217 Mankov, Vladimir 180 Martyna, Jerzy 206

365 Oliver, Ian

Fathy, Mahmood 241 Fourneau, J.M. 120 Friderikos, Vasilis 301 Gaidamaka, Yulia 143 Gallion, Philippe 132 Gharaei, Mohammad 132 Giordano, S. 168 Hecker, Artur 266 Herzog, Otthein 66 Honkola, Jukka 22 Hsu, Ping-Yu 217

52

22, 42

Paczesny, Tomasz 97 Pagano, M. 168 Papapostolou, Apostolia Paramonov, A. 191 Park, Sang Kyu 358 Pepe, T. 168 Pilugin, Alexander 180

301

Riguidel, Michel 266 Ronzhin, A.L. 77 Savolainen, Pekka 97 Schneps-Schneppe, Manfred

1, 154

378

Author Index

Sedols, Janis 154 Sergeev, Anton 313 Shilov, Nikolay 42 Smirnov, Alexander 42 Synnes, K˚ are 8 Tarasov, D. 191 Tarkoma, Sasu 253 Tarvainen, Pentti 97 Taumberger, Markus 97 Turlikov, Andrey 313 Uusitalo, Ilkka

97

Verch`ere, D.

120

Wang, Chia-Hung

217

Yahiya, Tara A. 301, 334 Yanovsky, Gennady 143 Yi, Jonghwa 229 Yoo, Myungsik 291, 323 Yoon, Dongweon 358 Yousefi, Saleh 241 Yue, Wuyi 217 Zaslavsky, Arkady Zhou, Hong 346

8, 52