Gregory Chockler
Murat Demirbas
Seth Gilbert Nancy Lynch Calvin Newport Tina Nolte
MIT, CSAIL

• For sensor-actuator networks dependability becomes crucial • Developing reliable and provably correct algorithms for wireless ad hoc networks require a formal model of wireless broadcast • What makes a good model ?
  Usability: Simplicity & Power  Model should allow algorithm designers to ignore the low-level details  Model should allow complicated and interesting algorithms Realism: Fidelity to the real world phenomena  Algorithms designed and verified using the model should work as expected in the real world 2

1. Wireless broadcast is reliable Origin: “Coordinated Attack” is unsolvable in the presence of unreliable channels [even a single message loss]
FLP result
Reality check: Collisions are common place *  Even under low traffic loads, MAC layer (collision avoidance by back off) cannot avoid all concurrent transmissions   Hidden Node Effect 802.11, BMAC, SMAC, TMAC  Electromagnetic interference *Understanding packet delivery performance in dense WSN , Zhao Govindan Taming the underlying challenges of multihop routing in SN , Woo et al.
Experimental evaluation of wireless simulation assumptions , Kotz et al.
Complex behavior at scale: An experimental study of … Ganesan et al.
3

2. Transmitter can detect collision 3. Collisions are uniform Origin: Ethernet model Reality check: Transmission power swamps the receiver Collisions are partial   Transmission is partially affected by transmissions in neighboring regions Physical characteristics of radio broadcast 4

4. Collision detection is reliable Origin: Ethernet model / Convenience Reality check: • Capture effects prevent reliable collision detection *  A strong transmission captures the receiver and a weaker transmission goes unnoticed • Noisy channels prevent reliable collision detection * Exploiting the Capture Effect for Collision Detection and Recovery , Whitehouse, Woo, Jiang, Polastre, Culler. EmNetsII, 2005.
5

• Partial Collision Model (PCM) • Vote-veto algorithm for consensus in PCM **   Two phase algorithm that tolerates partial collisions Constant round consensus • Solvability of consensus under varying quality of collision detection ** ** Consensus and Collision Detectors in Wireless Ad Hoc Networks , Chockler, Demirbas, Gilbert, Newport, Nolte. To appear in PODC 05 6

• Preliminaries • Collision Detection (CD) • Partial Collision Model (PCM) • Vote-Veto Algorithm • Ongoing Work 7

• Ad hoc network, number and id of nodes unknown • Nodes can fail by crashing anytime  broadcast is an atomic operation (unlike in one-to) • Synchronized rounds    Broadcast at most one message Receive messages Perform state transition 8

• Basic properties   Integrity: each message received is previously broadcast No duplication: each message is received at most once • Eventual Collision Freedom (ECF)    Exists a round r_ecf s.t. ForAll r>r_ecf, if at most b nodes broadcast in r, then all correct nodes receive all messages in r MAC protocols can satisfy collision free period for unknown r_ecf, b To achieve ECF, we employ an active-passive service that obliviously provides eventual good advice to nodes 9

Necessary for coping with undetectable message loss   Receiver side monitoring and notification of collisions No info wrt # of lost messages or identities of senders • Completeness: Ability to detect collisions   Majority-complete: a collision is detected if a majority of messages in a round is lost 0-complete: collision is detected if all messages in a round is lost • Accuracy: No false positives  Always and eventually accurate CD • Receiver side collision detection is easily implementable in mote and 802.11 platforms 10

• Integrity, No duplication, ECF, and CD  No restriction on the pattern of collisions Usability:   Simple Powerful enough to solve consensus in constant rounds for majority-complete CD and log rounds for 0-complete CD Realism:   Both ECF and majority/0-complete CD are easily achievable in current wireless networks (Mote and 802.11) ** We have implementations for Mica2/TinyOS platform *Exploiting the Capture Effect for Collision Detection and Recovery, A new backoff alg for the IEEE802.11 distributed coordination fn., … 11

• Agreement: No two nodes in P decide differently • Validity: Decision v is proposed by a node in P • Termination: All correct nodes eventually decide Single-hop consensus   All nodes in P are within single-hop Building block for multi-hop consensus Applications:    Beam control scenario Virtual Traffic Lights scenario Reliable (multi-hop) reprogramming 12

• Two phases: vote and veto • The algorithm is adaptive, employs active-passive service • Vote phase:    Every active node sends out its vote If a node hears no collision, the node updates its vote to minimum of received votes If a node hears collision or different votes, it decides to veto • Veto phase:  If no veto messages are received or collisions detected, then a node can decide, else nodes continue to next round • Intuition: By having a dedicated veto phase, effects of collision is detectable 13

Let r be the first round any node decides Since no node vetoed in r, every node received only a single vote and no collision detection during vote phase in r-1 Since maj-◊AC detects when ≥ half the messages are lost, each node receives a majority of messages broadcasted in vote phase in r-1 Since every majority set intersects, all nodes received the same unique vote.
ECF, active-passive service, eventual accuracy leads to a vote phase where every participant converge to a vote. After the second vote phase no node vetoes, hence every node decides in at most 5 rounds after Earliest-Stabilization-Time. 14

• Vote-Veto algorithm for AC, Maj-AC, ◊AC, ◊Maj-AC • Three phase algorithm that iterates over each bit of the vote for 0-AC, 0-◊AC
Θ(1) Θ(1) Θ(log|V|) Θ(1) Θ(1) Θ(log|V|) 15

• Mica2/TinyOS platforms • Collision detection may be maj-complete    Detects a preamble of a message during reception of a message Courtesy of Whitehouse et al.
case RX_STATE: { ...
if (((data_in == (0xaa)) || (data_in == (0x55)))) { signal CollisionDet.collision(); } … • Vote-Veto implementation is around 250 lines of NesC • Experiments on MistLab MIT (motelab) 16

• We have implemented Virtual Traffic Lights on Mica2/TinyOS   Experiments with up to 15 nodes in single hop on the MistLab testbed(MIT/CSAIL) show success Ongoing work on evaluation of CD • Practical implementation of the Virtual Node architecture  Implementation of a reliable virtual node by means of maintaining a replicated state on unreliable, mobile nodes • Efficient multi-hop consensus algorithms • Extending to Byzantine faults 17

• Consensus algorithm using 0-complete CD • Consensus for no-collision-freedom model 18

• Phase 1 :   Each active node proposes an estimate Every node adopts the minimum estimate it hears • Phase 2 : one round for each bit in the estimate   If a node has 1 in the corresponding bit, it broadcasts a message If a node has 0, it listens & decides to veto if it hears a message or collision • Phase 3 :   Any node that decides to veto broadcasts a veto If any node performs a veto, nodes start from phase 1 19

Θ(1) Θ(1) Θ(log|V|) Θ(1) Θ(1) Θ(log|V|)
Θ(log|V|) Θ(log|V|) Θ(log|V|) Impossible Impossible Impossible 20