design for dependability of wireless sensor networks

Design for dependability of Wireless Sensor Networks

La conception pour la dependabilitédes réseaux de capteurs

José Machado da SilvaFaculdade de Engenharia,

U. Porto, Portugal

Réseaux de Capteurs: Impacts et Défis pour la SocietéÉcole d’Eté – Université de Bejäia

Porto, Portugal

José Machado da Silva Design for Dependability of WSN 7/12/2013 / p. 2

Engineering studentsUndergraduate – ~ 6200PhD – 754

Teaching staff – 604

Students/teaching staff ratio – 14.5

International students on PhDprogrammes – 139

Cooperation with international universities – 526

Dissertations undertaken within mobility programs (2009/2010) – 40


Pont Hintz Ribeiro, 4 Mars 2001

Réseaux de Capteurs: Impacts et Défis pour la Societé


Critical infrastructures require monitoring mechanisms that enable usto detect failures and attacks as early as possible.

Power cut, affected ~700x106 people, August 2012

Réseaux de Capteurs: Impacts et Défis pour la Societé


the usefulness of WSNs to monitor critical infrastructures is primarilydetermined by the dependability of the WSN itself.

Outline

Introduction to dependabilityAspects and characteristics of WSN to be addressed to improve their dependabilityExample of faults detection in WSNTest of a pressure sensor in an abdominal aortic stent-graft


Dependability

Attributes analysis

Availability

Security

Reliability

Maintainability

Risks

Defects

Failures

Errors

Means to achieve

dependability

Prevention

Detection

Fault tolerance

Techniques to be employed

Built-In-Self-Test (BIST)

Built-In-Self-Repair (BISR)

Reconfiguration

Data Fusion

Sensor node architecture components

PROCESSINGSUB-SYSTEM

COMMUNICATIONSUB-SYSTEM

SENSINGSUB-SYSTEM

POWER MGMT.SUB-SYSTEM

ACTUATIONSUB-SYSTEM

Limited Lifetime

Require Supervision

Limited Memory

Slow Processing

Lossy, slow Transmission


Failures may happen and attacks may be targeted at any layer of theWSN architecture from the node hardware and operating system, through the networking protocol stack, up to the middleware and service layers.

Challenges to achieving reliabilitywireless communicationconstrained resources

Available power resources; processing speed; storage capacity; communication bandwidth; harsh environment

Making systems long-livedAllow reconfigurationLocalized algorithms used to prevent single points of failureLow duty cycle operation designs

Design for Dependability of WSN


Long lifetimes - Energy efficiency

Low and predictable DelayTens of ms for discrete manufacturingSeconds for process controlTens of seconds to minutes for asset monitoring

Scalability – Up to 100 sensors/actuators in areas of few m2

Robustness – A large WSN, with sufficient node capacity, admits losing nodes to hardware failure without the entire system failing by means of redundancy, re-routing and preventive maintenance.

requires information on the probable node failure rates at field conditionssensor devices are planned to be unattended for long periods without maintenancedesign for testability of the nodes’ hardware



Design for Dependability of WSNMany sensor networks have mission-critical tasks; reliability needs to be taken into account at design time.

safety, secrecy, securitydeducing information from surroundings is possibleinformation leakage results in privacy breacheswireless communication facilitates packet sneaking in by an adversary.

Reliability in message deliveryLost messages may compromise the correct behavior of the monitoring system

sent packetssuccessreceived packets .. NoPNo ×=



Errors may result from the interaction of hardware, software and the environment – sensor node electronics are subject to stress

environmental contaminants and conditions (temperature, temperature changes, and humidity, vibration) ripple voltage, and overvoltage.Power-up (heat) and shutdown (cool) generate thermo-mechanical stresses.

Quality and reliability are not freebut poor quality and reliability usually cost more than good quality and reliability.


Resistance of individual nodes against failures and attacks

intrusion detection and prevention, separation of critical parts of the system, software-based remote code attestation.

Dependability of the networking layerrobust network topologies, secure and reliable transport of data, prevention of traffic analysis.

Dependable and persistent distributed data storage service within the network

network-failure and attack resistant.



FeaturesSelf-calibrationSelf-diagnosticsAbility to compensate for variations and ambient conditions

MonitorEventsInteraction

Intelligent sensorsHaving adequate information from which the sensor can assure the validity of the measurement and the ability to communicate with the other intelligent devices in the system

Information redundancy (retransmission, erasure codes), route fix

Sensor node architecture abilities


Task leveltrade-off functionality for reduced computations

Algorithm levelcollaborative signal processing and coordinated communications

Protocol levelpower aware routing and selective multicasting

Physical levelradio power control and dynamic bandwidth management

Energy Conservation in WSNs


G. Anastasi, M. Conti, M. di Francesco, A. Pasarella, “Energy Conservation inWireless Sensor Networks: A Survey”, Ad Hoc Networks, vol. 7, no. 3, May 2009, Elsevier.

Event triggered activity1. Microphones detect bird call2. Algorithms estimate bird location3. Camera with bird in field of view captures photograph

Communication - the most energy demandingcomponent on a typical sensor nodeProcessing vs. communication

Compute an 8-bit 1024 FFT 80 nJ [Wang JSSC05]

RF Tx/Rx of an 8 bit sample (20 m) 32 nJ [Cook ISSCC06]

Energy Conservation in WSNs


Wireless protocols efficiency

A Comparative Study of Wireless Protocols: Bluetooth, UWB, ZigBee, and Wi-FiThe 33rd Annual Conference of the IEEE Industrial Electronics Society (IECON), 2007


802.15.4 low-power consumption / low data rate (979 nJ/bit)

802.11b high-power consumption / high data rate (112 nJ/bit)

Use multiple radios to implement “wake-on-wireless”, where a low power radio is used to wake up a high power radio.

T. Pering, V. Raghunathan, and R. Want. Exploiting radio hierarchies for power-efficient wireless device discovery and connection setup. In VLSID ’05, 2005.D. Lymberopoulos, N. B. Priyantha, M. Goraczko, F. Zhao, “Towards EnergyEfficient Design of Multi-Radio Platforms for Wireless Sensor Networks”, SPOTS’08,2008

Wireless protocols efficiency


Wireless linkReceived signal strength

- On the Extended Relationships Among EVM, BER and SNR as Performance Metrics, 4th International Conference on Electrical and Computer Engineering ICECE 2006.- Measurement–Based Physical Layer Modeling for Wireless Network Simulations5th IEEE Int.Symp. Modeling, Analysis, and Simulation of Computer and Telecommunications Systems (MASCOTS‘07)

( )nBERPER −−= 11


“ … up to 90% of all innovations are driven by electronics and software”.

H.-G. Frischkorn. Automotive software – the silent revolution. Automotive Software Workshop, San Diego, CA, Jan 2004.

The ISO 26262 standard for functional safety in automotive electronics highly recommends that fault injection be included as part of the dependability analysis of critical systems.

ISO/DIS 26262: Road vehicles – Functional safety, volume 4–6. International Organization for Standardization, Geneva, Switzerland, 2009.



The errors induced by faults form identifiable patterns.Error patterns

corresponding to faults are evident in, and can be derived from,system metrics.allow faults to be distinguished by type, persistence, etc.

Controllability – able to define experimental parameters accurately, in time (e.g., fault activation-trigger and duration), space (e.g., fault location) and value (e.g., fault type).Observability – The effect(s) of a fault should be readily apparent. Observations must be made at each node and compared with respect to the time, space and value domains.Repeatability

Testability of WSN


Failure of WSN modules (such as communication and sensing module) due to (fault dictionary)

fabrication process problems, environmental factors, enemy attacks and so on; battery power depletion; out of the communication range

Faulty nodespermanente: remain faulty until being replaced,static: new faults are generated during fault detection.

Testability of WSN


Self-detection / passive detectionSensor nodes run their own fault detection operations (e.g. remaing energy; status of sensor)Eventually communication is not used

Active detectionFault detection run at the network level – in-cell update cycleCommunication between cell manager and cell membersE.g., if a cell does not send an acknowledge in given time it is declared faulty

Fault detection in WSN


Hard fault – sensor node cannot communicate with other nodes because of the failure of a certain module Soft fault – the failed node can continue to work and communicate with other nodes but the data sensed / transmitted is not correct.Fault detection:

Good node is considered good – PGGFaulty node is considered faulty – PFFFaulty node is considered good – PFGGood node is considered faulty – PGF

Fault detection accuracy = PGG + PFF

p – the probability of a node’s failure



Fault recoveryAwake sleeping sensor nodes or introduce new sensor nodes to replace the faulty onesA sensor node may be appointed as a backup cell manager to replace this one in case it fails

E.g. if the manager detects a fault in itself (passive detection) it sends a message to communicate that it is going downThe backup manager assumes management and the other sensor nodes communicate with this new manager



Neighbor nodes: two nodes within a single hop’s communication scope.

Neighbor(Si), Nb(Si) - The set of all neighbours of node Si

Num(Nb(Si)) - the total number of neighbors of node Si



Si

mti: measure of Si @ instant t

θ1, θ2 ; predefined threshold levelscij={0/good,1/faulty}: test between Si and Sj,

mti – mt

j ≤ θ1 → cij= 0∆dmij

∆ti = - ≤ θ2 → cij= 0∆ti= ti+1-ticij=cji



S2; m2

S1; m1

S3; m3

S4; m4

S5; m5

S6; m6

S7; m7

S8; m8

S9; m9

S10; m10ti ti+1

θ1S4

S1

S3

Peng Jiang, A New Method for Node Fault Detection in Wireless Sensor Networks, Sensors 2009, 9, 1282-1294.

Ti: ={LG, LF, AG, AF}LG, likely good if

LF, probably faulty otherwise

AG, actual good if

AF, actual faulty otherwise



( )∑ ∑

∈

<)( 2

)(

SiNbSj

SiNbNumcij

for Nb(Si)

set cij=0;

for s=1:N

if |dmijt|> θ1cij=1,

else

if |∆dmij∆ti |> θ2cij=1,

endif

next

( )∑ ∑

=∧∈

=<LGTSiNbSj

LGT

j

jSiNbNum

cij)( 2

)(

If Ti=LG and Tj is not LG, for all j, then:Ti = AG; Ti = AF, otherwise

k average number of neighbors of each node



( )

( ) ( ) ( )

( )

( ) ( )∑

∑

∑

∑

−

=

−

−

=

−

−

=

−

−

=

−

−−=

−=

⎪⎩

⎪⎨⎧

+

+=−−=

−=

1

0glg

1

0flg

1

0glf

1

0flf

11

1

,21

,1211

1

m

j

iikik

m

j

jkjjk

m

j

jkjjk

m

i

iikik

ppcpP

ppcpP

oddkk

evenkkmppcpP

ppcpP

x = Num(Nb(Si)) initially diagnosed as possibly normal (LG).y is the number of AG nodes initially diagnosed as (LG) in x nodes.



( )⎪⎩

⎪⎨⎧

+

+=

oddxx

evenxxn

,21

,12

( )

( )

⎟⎠

⎞⎜⎝

⎛+⎟⎠

⎞⎜⎝

⎛⎟⎠

⎞⎜⎝

⎛=

⎟⎠

⎞⎜⎝

⎛+⎟⎠

⎞⎜⎝

⎛⎟⎠

⎞⎜⎝

⎛−=

⎟⎠

⎞⎜⎝

⎛+⎟⎠

⎞⎜⎝

⎛⎟⎟⎠

⎞⎜⎜⎝

⎛−=

⎟⎠

⎞⎜⎝

⎛+⎟⎠

⎞⎜⎝

⎛⎟⎟⎠

⎞⎜⎜⎝

⎛=

∑∑∑∑

∑∑∑∑

∑∑∑∑

∑∑∑∑

=

−−

=

−−−

−

=

−

=

=

−−

=

−−−

−

=

−

=

=

−−

=

−−−

−

=

−

=

=

−−

=

−−−

−

=

−

=

k

a

akaak

xk

a

axkaaxk

n

z

zzxzx

k

x

xk

k

a

akaak

xk

a

axkaaxk

n

z

zzxzx

k

x

xk

k

a

akaak

xk

a

axkaaxk

n

y

yxyxk

k

x

xk

k

a

akaakf

xk

a

axkaaxk

n

y

yxyxk

k

x

xk

PPcPPPcPPccpP

PPcPPPcPPccpP

PPcPPPcPPccpP

PPcPPPcPPccpP

0flfglfflf

0flfglf

1

0flgglg

1FF

0flfglfglg

0flfglf

1

0flgglg

1GG

0flfglfglf

0flfglf

1

0flgglg

1GF

0flfglflg

0flgglf

1

0flgglg

1FG

1

1

Reliable vital signals monitoringresults from a clinical trial indicate that sensing is the primary source of unreliability

patient movement, improper sensor placement, sensor disconnections

- Reliable Clinical Monitoring using Wireless Sensor Networks: Experiences in a Step-down Hospital Unit, Proceedings of the 8th ACM Conference on Embedded Networked Sensor Systems , SenSys '10.


Smart cardiovascular medical device

Cluster of capacitive pressure sensors Maximizes the system sensitivity to leakages

SensorLC resonant circuit with oscillating frequency sensitive to pressure variations

ReceiverDelivers energy and detects sensors’ resonance frequencies through an inductive coupling link

Frequency band 12.5 MHz to 20.0 MHz (allocated for medical applications)


Readout Stimulus Sensor’s response


Square wave (100 kHz)

Time (μs)

Am

plitu

de (V

)

vdif

Am

plitu

de (V

)

Time (μs)


Detecting multiple sensors



Smart cardiovascular medical deviceLikely faults in the pressure sensor

Capacitor Defects

Effects on Measurements

Stuck capacitorLeads to a constant resonant frequency

measurement

Reduction of capacitor’s

nominal measurement

range

Allows detecting pressure deviations but in a narrow

range, these measurements could still be taken as admissible

Large deviation of capacitor’s nominal value

Could lead to a false defective stent-graft

detection (e.g. a leaking stent-graft)

Collapsed capacitor

Shows no oscillation frequency

Bending of the structure

Deviation of the inductance and capacitor

values

Aging of the structure

Increase of inductor resistance


Fault detection

1 ≡ 1 • From the transmitted power data the quality factor (Q) can be obtained

• Using the measured fosc and Q, the k and Rs values are estimated



1 2

21 2

Sensor faults detection


Block Diagram

Telemetry System Signal Acquisition Data Modeling

frequency sweep after QRS detection measure transmitted power and impedance

Transmitted Power (P) and Impedance (ZL)

Extraction of sensor’s components nominal

values for fault detection

Ls, Rs, Cs

QRS Detection

Power (P) Impedance (ZL)


Cristina Oliveira, José Machado da Silva, Fault Detection System for a Stent-Graft Endoleakage Monitor18th International Mixed-Signals, Sensors and Systems Test Workshop (IMS3TW), 2012

Results

Extracted Rs and Cs are higher than calculations, because during the assembly of the A–CNTs onto the flexPCB using a special conductive glue extra parasitic capacitance and resistance are inserted. The antenna’sinductance measured with a network analyzer prior to the assembly of the A–CNTs is 18.08 μH. The antennais not purely inductive, since the overlap of the top and bottom coils introduces a significant seriescapacitance, which causes the difference in the inductance value.


A Textiles Embedded Body Sensor Network

ObjectiveSensor modules interconnected withtextile conductive yarns capture EMGand kinematic activity signals from thelower limbsSend aggregated information to anexternal processing unit.

CPM

Sensor

José Machado da Silva et all, “A Wearable Sensor Network for Human Locomotion Data Capture – The conductive yarns infrastructure”. 9th International Conf. on WearableMicro and Nano Technologies for Personalized Health, 2012


A Textiles Embedded Body Sensor Network

Characteristics

• Tx/Rx at 10Mbps;• Pulse modulation;• PLC;• Line fault detection;• Energy Efficient;• Line impedance

independent functionality.

Pulse Generator

(Tx)

SchmittTrigger

(Rx)

LDO

Fault DetectionCircuitry

Pulse Generator

(Tx)

SchmittTrigger

(Rx)

LDO

Fault DetectionCircuitry

Data inData in

Data outData out


A Textiles Embedded Body Sensor Network1º PrototypeData Acquisition

• Acceleration• Angular rate• Surface EMG

Status• First prototypes concluded and validated• Second prototypes just received– ¼ of PCB Area– Stitching PCB

Sensor V2 EMG V2

30 mm

60 m

m

sEMG (Textile Electrodes) Acceleration

CPMEMGSensor

System Layout

2º Prototype


Test and calibration of wired sensorsA proprietary I2C based test infrastructure

SCPS – Setup, Capture, Process, Scan


José Machado da Silva 7/12/2013 / p. 44

Design for dependability of Wireless Sensor Networks

Many steps have been taken, but there’s still a long way to go!


Buttyan, L.; Gessner, D.; Hessler, A.; Langendoerfer, Peter, "Application of wireless sensor networks in critical infrastructure protection: challenges and design options," Wireless Communications, IEEE , vol.17, no.5, pp.44,49, October 2010Lee, M.H.; Choi, Y.H. Fault detection of wireless sensor networks. Comput. Commun. 2008, 31, 3469-3475.Nakamura, E.F.; Figueiredo, C.M.S.; Nakamura, F.G.; Loureiro, A.A.F. Diffuse: A topologybuilding engine for wireless sensor networks. Signal Processing, 2007, 87, 2991-3009.Gao, J.L.; Xu, Y.J.; Li, X.W. Weighted-median based distributed fault detection for wireless sensor networks. J. Softw. 2007, 18, 1208-1217.Wang, T.Y.; Chang, L.Y.; Dun, D.R.; Wu, J.Y. Distributed fault-tolerant detection via sensor fault detection in sensor networks. In Proceedings of the IEEE 10th International Conference on Information Fusion, Quebec, Canada, 2007; pp. 1-6.Koushanfar, F.; Potkonjak, M.; Sangiovanni-Vincentelli, A. On-line fault detection of sensor measurements. In Proceedings of the IEEE, Sensors. IEEE Press: Toronto, 2003; Vol. 2, pp. 22-24.A. Willig, Recent and Emerging Topics in Wireless Industrial Communications: a Selection, IEEE Transactions on Industrial Informatics, Vol. 4, N. 2, May 2008.R. Zurawski, Networked Embedded Systems: An Overview, Chapter 1 in Networked Embedded Systems (R. Zurawski, Editor), pp. 1.11-1.16, CRC Press, 2009

Bibliography


design for dependability of wireless sensor networks

Documents