Gregory Chockler
Murat Demirbas
Seth Gilbert Nancy Lynch Calvin Newport Tina Nolte
MIT, CSAIL
• For sensor-actuator networks dependability becomes crucial • Developing reliable and provably correct algorithms for wireless ad hoc networks require a formal model of wireless broadcast • What makes a good model ?
Usability: Simplicity & Power Model should allow algorithm designers to ignore the low-level details Model should allow complicated and interesting algorithms Realism: Fidelity to the real world phenomena Algorithms designed and verified using the model should work as expected in the real world 2
1. Wireless broadcast is reliable Origin: “Coordinated Attack” is unsolvable in the presence of unreliable channels [even a single message loss]
FLP result
Reality check: Collisions are common place * Even under low traffic loads, MAC layer (collision avoidance by back off) cannot avoid all concurrent transmissions Hidden Node Effect 802.11, BMAC, SMAC, TMAC Electromagnetic interference *Understanding packet delivery performance in dense WSN , Zhao Govindan Taming the underlying challenges of multihop routing in SN , Woo et al.
Experimental evaluation of wireless simulation assumptions , Kotz et al.
Complex behavior at scale: An experimental study of … Ganesan et al.
3
2. Transmitter can detect collision 3. Collisions are uniform Origin: Ethernet model Reality check: Transmission power swamps the receiver Collisions are partial Transmission is partially affected by transmissions in neighboring regions Physical characteristics of radio broadcast 4
4. Collision detection is reliable Origin: Ethernet model / Convenience Reality check: • Capture effects prevent reliable collision detection * A strong transmission captures the receiver and a weaker transmission goes unnoticed • Noisy channels prevent reliable collision detection * Exploiting the Capture Effect for Collision Detection and Recovery , Whitehouse, Woo, Jiang, Polastre, Culler. EmNetsII, 2005.
5
• Partial Collision Model (PCM) • Vote-veto algorithm for consensus in PCM ** Two phase algorithm that tolerates partial collisions Constant round consensus • Solvability of consensus under varying quality of collision detection ** ** Consensus and Collision Detectors in Wireless Ad Hoc Networks , Chockler, Demirbas, Gilbert, Newport, Nolte. To appear in PODC 05 6
• Preliminaries • Collision Detection (CD) • Partial Collision Model (PCM) • Vote-Veto Algorithm • Ongoing Work 7
• Ad hoc network, number and id of nodes unknown • Nodes can fail by crashing anytime broadcast is an atomic operation (unlike in one-to) • Synchronized rounds Broadcast at most one message Receive messages Perform state transition 8
• Basic properties Integrity: each message received is previously broadcast No duplication: each message is received at most once • Eventual Collision Freedom (ECF) Exists a round r_ecf s.t. ForAll r>r_ecf, if at most b nodes broadcast in r, then all correct nodes receive all messages in r MAC protocols can satisfy collision free period for unknown r_ecf, b To achieve ECF, we employ an active-passive service that obliviously provides eventual good advice to nodes 9
Necessary for coping with undetectable message loss Receiver side monitoring and notification of collisions No info wrt # of lost messages or identities of senders • Completeness: Ability to detect collisions Majority-complete: a collision is detected if a majority of messages in a round is lost 0-complete: collision is detected if all messages in a round is lost • Accuracy: No false positives Always and eventually accurate CD • Receiver side collision detection is easily implementable in mote and 802.11 platforms 10
• Integrity, No duplication, ECF, and CD No restriction on the pattern of collisions Usability: Simple Powerful enough to solve consensus in constant rounds for majority-complete CD and log rounds for 0-complete CD Realism: Both ECF and majority/0-complete CD are easily achievable in current wireless networks (Mote and 802.11) ** We have implementations for Mica2/TinyOS platform *Exploiting the Capture Effect for Collision Detection and Recovery, A new backoff alg for the IEEE802.11 distributed coordination fn., … 11
• Agreement: No two nodes in P decide differently • Validity: Decision v is proposed by a node in P • Termination: All correct nodes eventually decide Single-hop consensus All nodes in P are within single-hop Building block for multi-hop consensus Applications: Beam control scenario Virtual Traffic Lights scenario Reliable (multi-hop) reprogramming 12
• Two phases: vote and veto • The algorithm is adaptive, employs active-passive service • Vote phase: Every active node sends out its vote If a node hears no collision, the node updates its vote to minimum of received votes If a node hears collision or different votes, it decides to veto • Veto phase: If no veto messages are received or collisions detected, then a node can decide, else nodes continue to next round • Intuition: By having a dedicated veto phase, effects of collision is detectable 13
Let r be the first round any node decides Since no node vetoed in r, every node received only a single vote and no collision detection during vote phase in r-1 Since maj-◊AC detects when ≥ half the messages are lost, each node receives a majority of messages broadcasted in vote phase in r-1 Since every majority set intersects, all nodes received the same unique vote.
ECF, active-passive service, eventual accuracy leads to a vote phase where every participant converge to a vote. After the second vote phase no node vetoes, hence every node decides in at most 5 rounds after Earliest-Stabilization-Time. 14
• Vote-Veto algorithm for AC, Maj-AC, ◊AC, ◊Maj-AC • Three phase algorithm that iterates over each bit of the vote for 0-AC, 0-◊AC
Θ(1) Θ(1) Θ(log|V|) Θ(1) Θ(1) Θ(log|V|) 15
• Mica2/TinyOS platforms • Collision detection may be maj-complete Detects a preamble of a message during reception of a message Courtesy of Whitehouse et al.
case RX_STATE: { ...
if (((data_in == (0xaa)) || (data_in == (0x55)))) { signal CollisionDet.collision(); } … • Vote-Veto implementation is around 250 lines of NesC • Experiments on MistLab MIT (motelab) 16
• We have implemented Virtual Traffic Lights on Mica2/TinyOS Experiments with up to 15 nodes in single hop on the MistLab testbed(MIT/CSAIL) show success Ongoing work on evaluation of CD • Practical implementation of the Virtual Node architecture Implementation of a reliable virtual node by means of maintaining a replicated state on unreliable, mobile nodes • Efficient multi-hop consensus algorithms • Extending to Byzantine faults 17
• Consensus algorithm using 0-complete CD • Consensus for no-collision-freedom model 18
• Phase 1 : Each active node proposes an estimate Every node adopts the minimum estimate it hears • Phase 2 : one round for each bit in the estimate If a node has 1 in the corresponding bit, it broadcasts a message If a node has 0, it listens & decides to veto if it hears a message or collision • Phase 3 : Any node that decides to veto broadcasts a veto If any node performs a veto, nodes start from phase 1 19
Θ(1) Θ(1) Θ(log|V|) Θ(1) Θ(1) Θ(log|V|)
Θ(log|V|) Θ(log|V|) Θ(log|V|) Impossible Impossible Impossible 20