A framework for reliable and dynamic wireless sensor-actuator networks

(1)

Fachgebiet Programmierung eingebetteter Systeme Fakult¨at IV - Elektrotechnik und Informatik

Technische Universit¨at Berlin

A Framework for Reliable and Dynamic

Wireless Sensor-Actuator Networks

vorgelegt von

Helena Gruhn

Master of Science in Bioinformatics

geb. in Berlin

von der Fakult¨

at IV – Elektrotechnik und Informatik

der Technischen Universit¨

at Berlin

zur Erlangung des akademischen Grades

Doktor der Ingenieurwissenschaften

– Dr.-Ing. –

genehmigte Dissertation

Promotionsausschuss:

Vorsitzender:

Prof. Dr. Stephan Kreutzer

Berichtende:

Prof. Dr. Sabine Glesner

Prof. Dr. Johan Eker

Prof. Dr. Uwe Nestmann

Tag der wissenschaftlichen Aussprache: 02. Dezember 2015

Berlin, 2016

(2)

(3)

Abstract

The number of persons requiring medical assistance in industrial nations grows with the demographic change. Unfortunately, the growth is unproportional to the availability of well-trained care personal. Wireless sensor-actuator net-works have the potential to support care personal. Nodes worn by patients may supervise individually critical vital parameters and trigger an alarm if a critical value is reached. Medical help can be provided earlier lowering the risk of permanent health issues. Nevertheless, wireless sensor-actuator net-works are error-prone. They have to be designed fault-tolerant to function reliably. However, an approach for provably reliable wireless networks is still non-existing.

This thesis proposes a solution for this problem by providing a framework for the generation, supervision and maintenance of fault-tolerant wireless sensor-actuator networks. A network is defined as fault-tolerant and reliable, if it is biconnected. At least two node-disjoint paths between every pair of nodes have to exist within the network.

The main contributions of this thesis are threefold. First, an algorithm for the generation of fault-tolerant networks for given floor plans is provided. The generated topologies are biconnected and require only a reasonable number of nodes. Furthermore, they provide the infrastructure for a localization of nodes by covering each position within the floor plan with three signals. Sec-ond, a heuristic and distributed algorithm for the detection of bottlenecks in dynamic networks is introduced. Bottlenecks are possible breakpoints of the network and have to be discovered early to avoid a disconnection of nodes. The core is the assumption that every network is representable in the form of a graph. Graph theoretic measures are applied to detect topological changes. The two characteristics used for the heuristic are the algebraic connectivity and the Fiedler vector, both reflect the connectivity of the network. Time variations indicate critical topological changes in dynamic networks. A decen-tralized continuous algorithm is proposed, which estimates both characteristics utilizing the properties of a propagating discrete wave. The algorithm requires only local information avoiding a single-point of failure in the form of a central node. Third, an algorithm for the analysis and correction of faulty topologies is introduced. The topology of a network is analyzed using the well-known Ford-Fulkerson algorithm. The Ford-Ford-Fulkerson algorithm determines the maximal flow within a flow network. The maximal flow equals the number of edge-disjoint paths within a network with an edge capacity of one. Through a slight modification of the network, node-disjoint paths are found. If the number of node-disjoint paths is less than two, a bottleneck exists within the network. The bottleneck node is then identified and the network corrected through the placement of correction nodes. Finally, the placements are examined to avoid redundant correction nodes.

The correct function of the algorithms is validated using a case study of a retirement home. All algorithms work without human interaction. Their ap-plication facilitates and accelerates the design, supervision and maintenance of wireless networks. The described framework provides a basis for the reliable application of sensor-actuator network in health care facilities.

(4)

(5)

Zusammenfassung

Der demographische Wandel in den Industrienationen führt zu einem Anstieg der Anzahl pflegebedürftiger Personen. Damit einhergehend steigt der Bedarf nach qualifiziertem Pflegepersonal. Dieser ist schwierig abzudecken. Gesund-heitsassistenzsysteme in Form von drahtlosen Sensor-Aktornetzwerken könnten das Pflegepersonal in der täglichen Routine unterstützen. Patienten könnten mit Sensoren zur Beobachtung wesentlicher Vitalparameter ausgestattet wer-den, die bei Erreichen eines kritischen Wertes einen Alarm auslösen.

Drahtlose Netzwerke sind im Allgemeinen fehleranfällig, müssen aber ange-wandt im Gesundheitswesen zuverlässig funktionieren. Knoten und Verbindun-gen können ausfallen. Bisher gibt es noch keinen Ansatz für den Entwurf und Betrieb von nachweislich zuverlässigen drahtlosen Netzwerken.

Diese Arbeit präsentiert ein Framework zur Generierung, Überwachung und Wartung zuverlässiger drahtloser Sensor-Aktornetzwerke. Im Fokus steht dabei die Topologie des Netzwerkes. Die Zuverlässigkeit eines Netzwerkes wird über seine Konnektivität definiert: jedes Netzwerk muss fehlertolerant sein und im Notfall zwei voneinander unabhängige Kommunikationspfade für Alarm-nachrichten bereitstellen, falls ein Pfad korrumpiert ist. Somit muss jedes Netzwerk zweifach zusammenhängend sein.

Die wichtigsten Beiträge dieser Arbeit sind: ein Algorithmus zur Generierung fehlertoleranter Netzwerke für einen gegebenen Grundriss, eine Heuristik sowie ein Algorithmus zur Erkennung von Kommunikationsengpässen in dynami-schen Netzwerken und ein Algorithmus zur Analyse und Korrektur fehlerhafter Netzwerktopologien. Der Generator erzeugt zweifach zusammenhängende Net-zwerktopologien mit Signalabdeckungsraten, die eine Lokalisation von Knoten im Netzwerk durch Triangulierung erlauben. Die Erkennung von Kommunika-tionsengpässen beruht auf der Annahme, dass sich jedes Netzwerk als Graph darstellen lässt. Topologieänderungen werden durch die Evaluierung zeitlicher

¨

Anderungen zweier Konnektivitätsmaße, der algebraische Konnektivität und des Fiedler-Vektors, erkannt. Der Algorithmus zur Kommunikationsengpass-detektion ermöglicht eine dezentrale Selbstüberwachung des Netzwerkes ohne externe Intervention. Zur Berechnung der Konnektiviätsmaße werden nur lokal auf einem Knoten vorhandene Informationen benötigt. Die Korrekturroutine nutzt den bekannten Ford-Fulkerson Algorithmus zur Berechnung des maxi-malen Flusses innerhalb des Netzwerkes. Bei einer Kantenkapazität von eins und durch eine Modifikation des Netzwerkes entspricht dieser der Anzahl der Knoten-disjunkten Pfade im Netzwerk. Wenn nur ein Pfad gefunden wird, existiert ein Kommunikationsengpass. Dieser wird lokalisiert und mithilfe eines neuplatzierten Korrekturknotens behoben. Die Platzierung redundan-ter Knoten wird durch einen zusätzlichen Optimierungsschritt vermieden. Die Anwendbarkeit des Ansatzes wird durch eine ausführliche Evaluierung gezeigt. Alle Algorithmen wurden dazu implementiert bzw. im Falle des verteilten Netzwerkalgorithmus simuliert und anschließend anhand von unter-schiedlichen Fallbeispielen getestet.

Das präsentierte Framework ermöglicht und vereinfacht den Entwurf, die au-tonome Überwachung und die Wartung fehlertoleranter drahtloser Sensor-Ak-tornetzwerke.

(6)

(7)

5.6. Discussion . . . 75 5.7. Summary . . . 78 6. Continuous Self-Monitoring 79 6.1. Observations . . . 79 6.1.1. Hypotheses . . . 85 6.2. Validation . . . 85 6.3. Heuristic . . . 92 6.4. Network Self-Monitoring . . . 93 6.4.1. Distributed Computation . . . 94 6.5. Summary . . . 96 7. Topology Correction 97 7.1. Analysis . . . 98 7.1.1. Bottleneck Detection . . . 99 7.1.2. Bottleneck Localization . . . 101 7.1.3. Runtime Optimization . . . 102 7.2. Correction . . . 103

(9)

Contents 9

7.3. Optimization . . . 105

7.3.1. Correction Node Evaluation . . . 106

7.4. Algorithm . . . 106

7.4.1. Time Complexity . . . 108

7.4.2. Termination . . . 109

7.5. Summary . . . 109

8. Implementation & Evaluation 111 8.1. Implementation Structure of the Framework . . . 111

8.2. Tool Evaluation . . . 112 8.2.1. Topology Generation . . . 112 8.2.2. Topology Correction . . . 114 8.3. Evaluation of Self-Monitoring . . . 117 8.3.1. Evaluation . . . 118 8.3.2. Discussion . . . 119

8.4. Case Study - Retirement Home . . . 121

8.5. Summary . . . 123 9. Conclusion 125 9.1. Results . . . 125 9.2. Discussion . . . 126 9.3. Future Work . . . 127 A. Appendix 131 A.1. Study Design 1 . . . 131

A.2. Study Design 2 . . . 137

A.3. Study Design 3 . . . 142 List of Figures List of Listings List of Algorithms List of Tables List of Acronyms Bibliography

Supervised Student Theses Publications of Helena Gruhn

(10)

(11)

1

Introduction

The basic concept of Service-Oriented Architectures (SOA) is to encapsu-late functionalities of a system within services and to provide individualized, more complex services through service composition. Service-Oriented Actuator Networks (SOSANETs) [RE07] implemented as Wireless Sensor-Actuator Networks (WSANs) apply these concepts offering adaptable network functionalities and structures, which are easily adjustable to changing user de-mands.

The application of WSANs as medical assistance systems has the potential to improve the quality of service and to lower the risk of endangering the pa-tient health. They offer earlier detection and faster handling of life-threatening situations. The health-critical application domain requires reliable and fault-tolerant networks. These two safety properties have to be ensured at design level and need to be reassured at runtime due to a continuously changing topology of the network. Changes are induced through the movement of mo-bile nodes carried by patients and caregivers as well as through structural adjustments to changing user demands and possible malfunctions of the hard-ware.

1.1. Problem

This thesis addresses the problem of designing and maintaining provably reli-able dynamic WSANs focusing on their topology. WSANs applied in health-critical domains have to provide an infrastructure that assures reliable delivery of emergency messages and localization of persons in need.

This problem is tripartite. First, the network has to be designed safely, i.e., the network has to be fault-tolerant and reliable. It has to provide supplemen-tary emergency routing paths between nodes to ensure the reliable delivery of alert messages. Second, topological changes have to be supervised at run-time to allow a fast discovery of critical developments as e.g. the formation of bottlenecks. Third, future network structures, regardless of whether they are willingly produced by the provider or randomly evolved during runtime, need to be analyzed and, if necessary, repaired quickly to avoid a disruption of the network functionalities.

(12)

12 Introduction

Today’s common practice for the evaluation of the reliability of WSANs is to either simulate the networks or to build a test network for extensive testing. These options allow only a limited view on the network, because they do not cover the whole state space. Conclusions concerning the reliability of the net-work are drawn from the observed netnet-work behavior. They are not verified by analyzing the topology of the network. With a verification of the approach these shortcomings can be overcome.

1.2. Objectives

The aim of this thesis is to provide a framework for the design, analysis, main-tenance and supervision of reliable dynamic WSANs. The framework has to meet the following criteria:

1. Fault-tolerance Networks, applied e.g. as assistance systems in the medical domain, have to be fault-tolerant to provide a sufficient reliability in the area of use. The approach shall be able to assure the steady availability of this feature and to propose an appropriate topological solution in case of an occurring error.

2. Dynamics The topology of dynamic WSANs is changing through the addition/removal of nodes and services, through connection errors or the movement of nodes. The proposed solution has to adapt the network to changes fast and reliably.

3. Automated design and maintenance support The vision is to have a high acceptance and application rate of WSANs within medical and care facilities. Automated tools have to support the conceptual and maintenance phase of WSANs development.

4. Cost-efficiency Networks need to be observed steadily, to catch critical topology changes on time. Hardware with limited resources is used. Distributed algorithms have to work resource-efficient to avoid a high maintenance need and to save costs.

5. Usability The automation of the proposed solution requires rare in-teraction with the user. Nevertheless, the required inin-teraction has to be user-friendly. The chosen communication formats have to be intuitive and efficient.

1.3. Proposed Solution

In this thesis we propose a framework for the development and trustworthy execution of reliable and dynamic WSANs. The framework is based on the idea to represent WSANs in form of graphs and to analyze them using graph theoretic results. Well-known graph theorems and measures can be applied

(13)

1.3 Proposed Solution 13

to verify the reliability of WSANs. The approach is divided into three parts, which correspond to the life cycle of WSANs. They are shown in Figure 1.1.

Figure 1.1.: Overview of the proposed solution

The first part is a network topology generation algorithm that supports the design of WSANs. The algorithm proposes a network topology for a given floor plan. It executes a set of placement strategies to distribute nodes within the facility. The signal absorption of walls is considered during the placement. The developed strategies ensure the biconnectivity of the resulting network. At least two communication paths connect any pair of nodes of the network. The network is fault-tolerant and suitable for health-assistance systems. The generated topology ensures a coverage value of three within the whole care facility, which is a prerequisite for localization. The ability to localize patients within the network is helpful, e.g., when working with dementia patients. The application of this method allows to speed up the conceptual phase and to lower the development time and costs.

The second part is focused on the execution phase. A heuristic and an algo-rithm to detect and classify topological changes within a network have been

(14)

14 Introduction

developed. The heuristic is based on two characteristics of the matrix repre-sentation of a network: the algebraic connectivity λ2 and the Fiedler vector v2

[Fie73, Fie75]. The algebraic connectivity λ2 is a measure for the connectivity

of the network. The Fiedler vector v2 is roughly a measure for the

intercon-nectivity of nodes and can be used to define subgraphs within a graph. Every node is represented as an entry. Time variations of both matrix characteristics are studied to detect the occurrence of bottlenecks. The algorithm estimates the algebraic connectivity λ2 and the Fiedler vector v2. An instance of the

algorithm is executed on every node of the network. It is a local method using only information provided by neighboring nodes. The local computation has several advantages. Energy is saved. A central node is avoided. Such a node is a single-point-of-failure in the whole network. It lowers the overall degree of reliance. After the detection of a bottleneck the algorithm triggers an alarm message.

Part three is the analysis and correction of faulty network topologies. After detection of a critical topology change the current state of the network is fixed and analyzed offline to identify the degree of the alarming development. Cal-culating the maximal flow between all node pairs, the number of node-disjoint paths is determined. Both values are equal due to the fact that the edge weight is set to one for all edges within the graph and a slight manipulation of the flow network, which ensures that every node is visited only once during the calculation. If less than two paths exist, the network is not biconnected and not fault-tolerant anymore. Next, the position of bottlenecks is identified. A proposition for a network extension that reestablishes the fault-tolerance of the network can be derived. All three parts are supported by tools to facilitate and accelerate the development and maintenance of the network.

The offline algorithms generate Reactive Objects Language (Rebeca ) models [Sir04] of the generated network topologies. In this thesis Rebeca was identi-fied as a well suited modeling language for WSANs. Rebeca allows to verify not topology related properties of the network using the Rebeca Model Checker. Rebeca supports planning and construction of WSANs as well as managing the steady user demand changes through the possibility of modeling.

Altogether, the approach provides a basis for a trustworthy and user-friendly application of WSANs e.g. in the health care and medical domain. Project re-sources are saved fastening the conceptual phase, simplifying the maintenance through in-network supervision and a static analysis and correction support. Furthermore, the acceptance of the technology is raised and its distribution is facilitated.

1.4. Motivation

The western industrial society is aging due to the demographic change. The percentage of people with retirement age is growing. Additionally, the av-erage life expectancy is rising as a result of the medical progress of the last decades. Nevertheless, elderly people develop (multi-)morbidities. These are better treatable each year but seldom completely curable. This leads to a high

(15)

1.5 Main Contributions 15

demand for qualified care personal, which is not coverable in a satisfactory way [Win06].

WSANs deployed as health-assistance system in care facilities, are a promis-ing approach to ease this situation. Every resident and caregiver is equipped with at least one individualized node, which covers her/his need for support. For example, a senior with cardiatric problems is provided with a mobile Electrocardiogram (ECG ) to monitor his heartbeat. The appearance of a heart attack is detected immediately and forwarded to a node worn by a caregiver. The caregiver is able to provide aid faster. The saved time can make a big difference on the outcome of the treatment.

Applied in such a way, WSANs support effectively the staff by providing in-formation about critical health developments of residents in time.

1.5. Main Contributions

In summary, our main contributions are:

• An algorithm that derives a reliable network topology for a given floor-plan and a given reliability measure (e.g. minimal coverage of 3 nodes within the building) (Chapter 5).

• A heuristic that identifies and evaluates occurred topological changes based on connectivity characteristics (Chapter 6).

• An algorithm that detects topological changes using only local informa-tion. The algorithm applies hereby the known theory of discrete wave functions [SSB12] to calculate connectivity characteristics (Chapter 6). • An algorithm that examines a given network structure to verify the

exis-tence of two independent communication paths between all pairs of nodes (Chapter 7).

• An algorithm that corrects unreliable network topologies. It proposes a topological solution to reestablish the fault-tolerance of WSANs (Chap-ter 7).

All together, the groundwork for the application of WSANs in safety-critical domains such as health care and medicine is outlined in this thesis.

1.6. Context of this Work

This work was developed in the context of the DFG-funded research train-ing group SOAMED1_{. The aim of SOAMED is to provide a theoretical and}

1

Service-oriented Architectures for the Integration of Software-based Processes, exemplified by Health Care Systems and Medical Technology, GRK 1651, www.soamed.de

(16)

16 Introduction

methodical foundation for the conception and deployment of service-oriented health care applications.

This thesis contributes to SOAMED developing a framework for the correct construction and deployment of service-oriented WSANs as health assistance systems. Nevertheless, the framework is not limited to medical service-oriented systems, but can also be applied to other kinds of dynamic sensor network structures.

1.7. Outline

The thesis is organized as follows: In Chapter 2 the necessary background of the thesis is introduced. A brief description of WSANs and SOSANETs is given. Furthermore, the necessary graph theoretical background is followed by an introduction into the presented actor model and Rebeca. Related work is discussed in Chapter 3. Afterwards, an overview of the proposed framework for reliable dynamic WSANs is given in Chapter 4. In Chapter 5 the topology generation approach is introduced. The developed heuristic and the network self-monitoring algorithm are derived in Chapter 6. Chapter 7 discusses the topology analysis and correction approach. In Chapter 8 the implementation of the presented algorithms is shortly described and validated. A retirement home is used as case study. The content of this thesis is summarized and discussed in Chapter 9. An outlook on future work is given.

(17)

2

Background

In this chapter a brief introduction of the main concepts of this thesis is given. Wireless Sensor-Actuator Network , which build the technological foundation for our envisioned medical assistance systems are presented in Section 2.1. The architecture of nodes is described. The applied network communication model and possible network algorithm designs are shortly explained. A discussion of the concept of Service-Oriented Sensor-Actuator Network s follows. The application of the service orientation paradigm to WSANs promises to result in dynamic and customizable WSANs as needed in the health care domain. Selected topics of graph theory that are relevant for this thesis are introduced in Section 2.2. Graphs and their matrix representation are presented. Network connectivity and related topics as well as necessary spectral graph theoretic ideas are discussed. The focus lies on the algebraic graph connectivity and the Fiedler vector that are core elements of our network self-monitoring approach. Afterwards, polygons are briefly explained in Section 2.3, which are needed for our network maintenance routine.

The reliable network topologies are transformed into formal models, providing the structural foundation for future behavioral verifications of WSANs. The actor model and the actor-based formal language Rebeca (Reactive Objects Language) are introduced at the end of this chapter in Section 2.4.

2.1. Wireless Sensor-Actuator Networks

Wireless Sensor-Actuator Network s are a flexible and low priced implementa-tion of health-assistance networks. They allow a broad applicaimplementa-tion of these networks in the health care domain.

In this section WSANs [AK04, ASSC02, SW08, VDMC10, New10] are in-troduced. In the first part node architectures, communication models, and common sensor network algorithm designs are briefly described. Afterwards, a service-oriented approach [RE07] to design WSANs is proposed. This intro-duction is preceded by a short overview over the concept of service-oriented architectures [Mel10, PVDH07, Jos08].

(18)

18 Background

2.1.1. Node Architecture

WSANs are networks of devices denoted as nodes that enable an interaction between humans or computers and the surrounding environment. Nodes may be stationary or moving, aware of their location or not. They may be homoge-nous in a network or not.

Sensor nodes, which may be low-sized and low-complex, measure data of the environment and communicate the monitored data. They are equipped with a sensing unit, a microprocessor, a storage unit, a power unit, an Analog to Dig-ital Converter (ADC ) and a communication subsystem consisting of receiver and transmitter as depicted in Subfigure 2.1a. The sensing unit monitors envi-ronmental phenomena, the ADC converts the collected analog data into digital data that is evaluated by the microprocessor and transmitted to nearby nodes. Actuator nodes manipulate the environment. Their architecture differs only slightly from the sensor node architecture. They are equipped with a Digital to Analog Converter (DAC ) instead of an ADC to transform digital action commands into analog signals that are executed by an actuation unit (see Subfigure 2.1b).

Figure 2.1.: Components of a) sensor and b) actuator nodes

Integrated sensor-actuator nodes are capable of sensing and acting. They have an actuation and a sensing unit as well as ADC and DAC additionally to the shared equipment components.

2.1.2. Communication

Nodes communicate in WSANs wirelessly via message exchange. Two nodes are able to exchange messages if they are in each other’s transmission range (TR). A classic model for the transmission range of a node is the Unit Disc Model illustrated in Figure 2.2.

The TR is modeled as a unit disc whose center is the node itself and whose radius equals the transmission range. Two nodes are able to communicate if

(19)

2.1 Wireless Sensor-Actuator Networks 19

Figure 2.2.: Unit disc model

their Euclidean distance (d) is less or equal to their transmission range. The example presented in Figure 2.2 shows three nodes n1, n2 and n3. Node n2 can

exchange messages with nodes n1 and n3, which are not able to communicate

with each other directly.

In WSANs messages can be sent to a defined recipient or they may be broad-casted. Every node in the transmitting range of the broadcasting node is able to receive and resent the sent message.

2.1.3. Algorithm Design

There are two general groups of sensor network algorithms: global and dis-tributed algorithms. A global algorithm is aware of the state of the entire network and can operate directly on the whole network. Every node knows only its own state and runs its own algorithm in distributed algorithms. Mes-sages need to be exchanged between adjacent nodes to gain information about the entire network.

Distributed algorithms are either centralized or decentralized. In a centralized approach the locally computed data is propagated through the network to a central node, also called sink, that aggregates all data and triggers actions based on that information. The central node is a single-point-of failure in the network. A decentralized approach uses information available at a node to lo-cally calculate globally valid knowledge. For example, it evaluates if a failure of a link is critical for the whole network without the knowledge of the entire network topology.

Decentralized distributed algorithms reduce the communication and energy consumption of a network. The network lifetime is prolonged. The avoidance of a central node increases the reliability of the network as no single-point-of-failure exists.

(20)

20 Background

2.1.4. Service-Oriented Sensor-Actuator Networks

Service-Oriented Sensor-Actuator Network s allow a user to combine various sensing and actuation nodes without prior knowledge of the underlying hard-ware. This is possible through a thoughtful application of the SOA paradigm to WSANs. SOSANETs may be used to build open, interoperable and cus-tomizable networks as they are needed in an application area as the health care domain, which has to suit a large variety of individual needs.

Int this chapter the concept of SOA is introduced and the benefits of SOSANETs are outlined.

Service-Oriented Architecture

There are many different definitions for the term Service-Oriented Architecture. All definitions have some common elements.

SOA is a paradigm used to raise the flexibility of large systems. Its core idea is to encapsulate software functionalities into publicly available services and, with that, to allow a platform- and programming language-independent (re-)use of these functionalities.

Services can be called and executed locally or via a network by third par-ties, e.g., other services. To enable that, every service has an interface, which defines the service invocation logic and provides a public, machine-readable service description, which follows a standard definition language. This de-scription is published by the service provider in the registry where it can be discovered by possible service users. The choice of the right service may not only depend on the availability of the correct functionality but often also de-pends on quality of service criteria as, e.g., the failure rate or the response time. Besides the interface for the interaction with other services, each service has an implementation part, which implements the functionalities of the service. The implementation is opaque to the service user. The user only expects to get an anticipated result.

This design allows the loose coupling of independent services. Services can discover each other, communicate with each other and even dynamically be bound at runtime to solve complex tasks. This possibility is one of the major benefits of SOA.

Service-Oriented Sensor-Actuator Networks

Service-oriented WSANs or Service-Oriented Sensor-Actuator Network were first introduced in [RE07]. Services are light-weight code units, which imple-ment sensing and actuation capabilities supported by the local node. These services are exposed to applications as a collection of self-contained in-network services.

The advantages of this approach are versatile and inherited from the benefits of SOA. As the communication with a service is performed via a standardized interface, users only need to specify the functionalities needed by a service without the necessity to understand implementation details or to know on

(21)

2.2 Graph Theory 21

which node or network a service is executed. This decoupling between services and WSAN allows to exchange, maintain and relocate nodes without modi-fying the interface of the service. Services of possible different providers can interact with each other and are dynamically composable through this interop-erability. The manifold composition possibilities of every single service allow to apply the same services to solve diverse tasks. This retaskability lowers the development costs of SOSANETs by eliminating the need for frequent re-programming. Additionally, a service-oriented network design allows multiple independent users to access the same network at once and with that to reuse software, hardware and collected data.

2.2. Graph Theory

Health-monitoring assistance networks are composed of n nodes interacting with each other, directly or indirectly with the support of other nodes. These networks can be mapped into undirected graphs [New10].

In this section selected topics of graph theory [Tit03, Die06, New10, B¨us10], on which our monitoring and maintenance algorithms are based, are described. First, we elaborate on network connectivity, paths between nodes and path detection [GR01, Big93] and afterwards we discuss eigenvalues and eigenvectors of graphs [VM11, Chu97, BH11] focusing on the algebraic connectivity and the Fiedler vector [Fie73, Fie75].

2.2.1. Graphs

Following types of graphs are used in this thesis to compute network properties. Definition 1. (Undirected Graph)

An undirected graph G = (V, E) is an ordered tuple consisting of two dis-joint sets. V = _{v1, v2, . . . , vn} is the set of vertices and E ⊆ {(vi, vj)|i, j ∈

{1, . . . , n}} denotes the edge set.

In an undirected graph edges have no orientation. The edge (vi, vj) is identical

with edge (vj, vi).

A graph H = (V (H), E(H)), where (V (H) _{⊆ V (G)) and (E(H) ⊆ E(G)) is} called a subgraph of G.

Definition 2. (Directed Graph)

A directed graph G = (V, A) is an ordered tuple consisting of two disjoint sets. V = _{v1, v2, . . . , vn} is the set of vertices and A ⊆ V × V denotes the set of

arcs. An arc (vi, vj)∈ A represents a directed edge between two vertices. vi is

(22)

22 Background

A directed graph is a suitable representation for networks with one-directional communication.

If not stated differently, we refer always to undirected graphs without self-loops.

2.2.2. Graph Matrices

Definition 3. (Adjacency Matrix)

Let G=(V,E) be a graph. The n_{× n matrix A(G) = {a}ij} , where

aij =

(

1, if {vi, vj} ∈ E, i.e., the pair of vertices (vi, vj) is connected

0, otherwise.

(2.1) is called the adjacency matrix of graph G.

A compact mathematical way to represent graphs is the adjacency matrix, which is symmetric for undirected graphs.

Definition 4. (Neighborhood)

Let A(G) = _{aij} be the adjacency matrix of graph G=(V,E). The

neighbor-hood N (vi) (also denoted Ni) of node vi is defined as the set of neighbors of

node vi that may interchange data with node vi, formally

N (vi) = {vj ∈ V |aij = 1}. (2.2)

The number of nodes in N (vi) is denoted |N (vi)|.

Two vertices vi, vj ∈ V (G) are adjacent and called neighbors if there exists an

edge between them, thus, (vi, vj)∈ E(G).

The term neighborhood (of vertex vi) is used to refer to vertices that are

con-nected with vertex vi through an edge.

Definition 5. (Degree)

Let _{N (v}i) be the neighborhood of vertex vi. The degree of vertex vi is defined

as deg(vi) = |N (vi)|.

To refer to the number of vertices connected to vertex vi the term degree is

used.

Definition 6. (Degree Matrix)

Let G=(V,E) be a graph. The degree matrix of graph G, with entries dii =

di = deg(vi) and dij = 0 for i 6= j, is defined as the diagonal n × n matrix

D(G) .

A matrix representing the degrees of a graph is the degree matrix. The entries dii of D(G) are simply the row sums of the adjacency matrix A(G), i.e., dii=

Pn j=1aij.

(23)

2.2 Graph Theory 23

Definition 7. (Matrix Rank)

The rank of a m× n matrix A, rank(A), is defined as the maximum number of linear independent columns in the matrix. The number of linear independent columns equals the number of linear independent rows in a matrix.

rank(Am,n)≤ min(m, n) (2.3)

Definition 8. (Laplacian Matrix)

Let G=(V,E) be a graph, A(G) the adjacency matrix and D(G) the degree matrix of G.

The n× n Laplacian matrix L(G) = {lij} is defined as L(G) = D(G)-A(G),

where lij =      deg(vi), if i = j −aij, if i6= j and aij 6= 0 0, otherwise. (2.4)

A matrix representation of graphs that summarizes all topological information is the Laplacian matrix. Often Laplacian is used instead of Laplacian matrix of a graph.

Properties of the Laplacian:

• L is symmetric, i.e., li,j = lj,i

• rank(L) ≤ n-1 → linear dependency of rows and columns Definition 9. (Normalized Laplacian Matrix)

The n× n normalized Laplacian L(G)={lij} is defined as L = D−1L, where

lij =      1, if i = j − ai,j deg(vi), if i6= j and aij 6= 0 0, otherwise. (2.5)

The normalization of the Laplacian matrix L using its diagonal matrix D does not change the eigenvectors x, but influences the vector of eigenvalues λ:

Lx = λx −→ D−1Lx = D−1λx −→ D∗x = λ∗x, where λ∗k = dk,kλk (2.6)

(24)

24 Background

Figure 2.3 illustrates the relationship between introduced matrices. It depicts a random graph with four nodes and its matrix representations.

2.2.3. Paths, Connectivity and Bottlenecks

Definition 10. (Path)

Let G = (V,E) be a graph. A path p1k = ((v1, v2), (v2, v3), . . . , (vk−1, vk)),

with (vi,vi+1) ∈ E, for all 1≤i<k, is an ordered sequence of edges where two

consecutive edges share an end (the preceding edge) and a start (subsequent edge) vertex.

A path represents an undirected route between two vertices in a graph, i.e., pik =pki.

Paths that do not share the same edges are called independent or edge-disjoint. Paths with disjoint vertex sets are called disjoint or vertex-independent. The term internally vertex-disjoint refers to paths that share the same start and end vertices but are in-between vertex-independent. In this thesis, we use the terms internally vertex-disjoint and vertex-disjoint synony-mously for vertex-independent paths with the same start and end vertices. Definition 11. (Connected Graphs)

A graph G = (V,E) is connected if any pair {vi, vj} ∈ V, i 6= j, of vertices of

G is linked by a path in G.

If this requirement is not fulfilled the graph is disconnected.

The connectivity of a pair of vertices in a graph equals the number of inde-pendent paths between them. To refer to either edge-indeinde-pendent or vertex-independent path the terms edge or vertex connectivity are used. In this thesis, the focus lies on the vertex connectivity. The term connectivity is used inter-changeable with the term vertex connectivity.

Definition 12. (Biconnected Graphs)

A graph G = (V,E) is biconnected if there exist at least two vertex-disjoint paths between every pair _{vi, vj}, i6=j, of vertices of G.

Generally, a graph is k-connected if there exist k vertex-independent path between all vertex pairs of a graph.

A cut-vertex (or bottleneck vertex) is a vertex whose sole removal would result into the disconnection of a connected graph. A biconnected graph has no cut-vertex.

Figure 2.4 illustrates the concepts of independent paths introduced above. Both subfigures show the same graph with seven vertices. Between vertices vs and vt exist two edge-disjoint paths, p1 = ((vs, v1), (v1, vb), (vb, v2), (v2, vt))

(25)

2.2 Graph Theory 25

Figure 2.4.: Independent Paths and Bottleneck Vertex

and p2 = ((vs, v3), (v3, vb), (vb, v4), (v4, vt)), (see Fig. 2.4a) and only one

vertex-disjoint path, p1 (see Fig. 2.4b), as p1 and p2 share vertex vb. The vertex vb is

a bottleneck vertex whose deletion would disconnect the graph.

2.2.4. Flow Networks

Definition 13. (Flow Network)

Let G = (V,A) be a directed graph. A flow network N = (G, cap, vs, vt) is

a directed graph G with two designated vertices vs, vt ∈ V, which are called

source and sink, and a capacity function cap: V _{× V → R}≥0_{, where}

cap(vi, vj) =

(

> 0, arc(vi, vj)∈ A

0, otherwise. (2.7)

To analyze and correct network topologies during the maintenance phase we regard them as flow networks.

Definition 14. (Flow)

Let N = (G, cap, vs, vt) be a flow network. A flow f : A → R≥0 is a function

that assigns a non-negative value to every arc (vi, vj)∈ A of N such that

• The flow of an arc (vi, vj) can never be greater than its capacity:

f (vi, vj)≤ cap(vi, vj),∀ arcs (vi, vj)∈ A

• The flow into a node equals the flow leaving a node for all nodes except source and sink:

X vi∈V f (vi, vj) = X vk∈V f (vj, vk), ∀vi, vk ∈ Nj, vi 6= vk

(26)

26 Background

• For completeness, the capacity and flow of every nonexistent arc (vi, vj)

equals zero:

f (vi, vj) = cap(vi, vj) = 0,∀ arcs (vi, vj) /∈ A

A mental image to embrace the idea behind flow networks is to envision them as water supply networks. The capacity of an arc is then the maximal amount of water that can flow through a water pipe in a certain time interval.

Definition 15. (Value of a Flow)

Let N = (G, cap, vs, vt) be a flow network. The value of a flow val(N ) between

nodes vs and vt in network N is defined as the flow on all edges leaving node

vs.

val(N ) = X

vj∈Ns

f (vs, vj) (2.8)

It is equivalent to the flow on all edges pointing to vt:

val(N ) = X

vj∈Nt

f (vj, vt) (2.9)

The maximal permissible flow on an arc equals the capacity of the arc. The maximal flow between a source and a sink in a flow network is the permissible flow with maximal capacity.

Definition 16. (Residual Network)

Let f be a permissible flow on flow network N = (V, A, cap, vs, vt). The

cor-responding residual network Nf = (V, Af, capf, vs, vt) is a network with the

same vertex set as N but with different edge capacities, which are denoted as residual capacities, and a different edge set. Only edges with residual capacity capf(vi, vj) = cap(vi, vj)− f(vi, vj) > 0 are included into Nf. The edge set the

residual network is denoted Af ={(vi, vj)∈ A | capf(vi, vj) > 0}.

To calculate the maximal flow of a network, we need its residual network. Definition 17. (Augmenting Path)

Let Nf = (V, Af, capf, vs, vt) be a residual network. All paths (vs, . . . , vt) from

source to sink node in the residual network are called augmenting path. The capacity of the path equals the sum of capacities of all edges along the path. As long as an augmenting path exists for a residual network, the flow deter-mined in a flow network is not maximal.

The Ford-Fulkerson Algorithm is a well-known algorithm for the com-putation of the maximal flow of the graph [FJF56]. The core idea of the Ford-Fulkerson algorithm is to compute the maximal flow of a network by re-peatedly determining augmenting paths between the source node vs and the

(27)

2.2 Graph Theory 27

sink node vt on its residual network. If no augmenting path is found anymore,

the maximal flow has been computed.

The algorithm starts with a flow value of f(vs,vt)=0 and a residual network

Nf where all residual capacities equal the capacities of the flow network. An

augmenting path for Nf is computed using a breath-first search routine. The

flow is increased by the maximal capacity of the found augmenting path and the residual network is recalculated considering the flow on the augmenting path. These three steps are repeated until no more augmenting paths exist. The time complexity of the algorithm is known to be O(maxFlow*_|E|). The approach of the algorithms is illustrated in Figure 2.5. Used capacities are visualized using backwards1 _{oriented arcs.}

Figure 2.5.: Ford-Fulkerson algorithm

Subfigure 2.5a shows a flow network Nf with four vertices. The current flow of

this network is zero. The residual network and the flow network are identical at this point. The next step of the Ford-Fulkerson algorithm is the compu-tation of an augmenting path between sink and source of the flow network. Subfigure 2.5b shows the found path (orange, dashed lines) whose capacity is two. Considering this paths, the flow of the network is increased by two. The residual network is recalculated and the result is depicted in Subfigure 2.5c. Afterwards, the next augmenting path is determined (Subfigure 2.5d) It has a capacity of three. The current flow f (vs, vt) equals five. Subfigure 2.5e shows

the new state of the residual graph. There exist no more augmenting paths. The maximal flow of network Nf has been derived.

We apply the Ford-Fulkerson algorithm and the Max Flow-Min Cut Theorem to detect bottlenecks in a WSAN as described in Chapter 7.

1

(28)

28 Background

2.2.5. Graph Spectrum

The (Laplacian) spectrum of a graph is defined as the set of eigenvalues of its Laplacian matrix. In this thesis, we exploit changes in the spectrum of the Laplacian of a graph to gain information about topological changes occurred in the graph.

Definition 18. (Eigenvalues and Eigenvectors) An eigenvector x _{∈ R}n

of a matrix A _{∈ R}n×n _{is a non-zero unit vector x whose direction does not}

change through multiplication with the matrix A.

Ax = λx,_{|x| = 1, λ ∈ R} (2.10)

λ is called an eigenvalue of matrix A.

It is illustrated using numerical examples.

A_{· v = w →} 3 0 −1 6 ! · 1 2 ! = 3 3 ! A_{· x = λ · x →} 3 0 −1 6 ! · 1 3 ! = 3_· 1 3 ! = 3 9 !

A is an arbitrary matrix, v an arbitrary vector and vector w their product. Vector v changes its direction and length through the multiplication with ma-trix A (Subfigure 2.6a).

In contrary, vector x is an eigenvector of matrix A . It only changes its length, not the direction, when multiplied with matrix A (see Subfigure 2.6b).

Figure 2.6.: Eigenvectors

The spectrum of the graph Laplacian is well studied [Fie73, MA91, BH11]. Properties of the spectrum, which are relevant in the context of this thesis, are listed below:

(29)

2.2 Graph Theory 29

• The Laplacian matrix L ∈ Rn×n _{has n eigenvalues λ}

1, λ2, . . . , λn. They

are sorted λ1 ≤ λ2 ≤ λ3 ≤ . . . ≤ λn with associated eigenvectors

v1, v2, . . . , vn.

• The smallest eigenvalue λ1 equals zero, because rank(L) ≤ n-1. The

associated eigenvector v1 is ([1, 1, . . . , 1]T)/√n.

• If graph G is connected, the second lowest eigenvalue λ2 is greater than

zero:

0 = λ1 < λ2 ≤ λ3 ≤ . . . ≤ λn (2.11)

and rank(L) = n-1.

All eigenvalues of the Laplacian of a connected graph, except the smallest one, are strictly greater zero. A graph is disconnected, if the second smallest eigenvalue, λ2, equals zero and rank(L) < n-1.

We illustrate this statement with the help of an example based on the one presented in [New10]. Suppose a graph is divided into m not connected sub-graphs, H1, H2, . . . , Hm. The vertices are numbered so that the first n1 vertices

belong to subgraph H1, the following n2 vertices to subgraph H2 and so on.

The graph is represented as Laplacian matrix with the following structure.

L =     0 . . . 0 . . . ... ... ...    

Every box in the graph Laplacian represents the Laplacian of the corresponding subgraph. By definition, the diagonal of a box lists the degrees of the vertices of the represented subgraph. All other box entries are either -1, if an edge exists between the two nodes represented by this position, or zero, if not. Hence, m linear independent eigenvectors can be immediately derived for the matrix above. In such an eigenvector, the entries for rows corresponding to one subgraph are one. All other entries are zero. For example:

x1 = (1, 1, . . . , 1

| {z }

n1

, 0, 0, . . . , 0)

is an eigenvector of the Laplacian with eigenvalue zero corresponding to the subgraph represented by the first box in the matrix. A second eigenvector of L that is linear independent to x1 and has an eigenvalue with the value zero

is: x2 = (0, 0, . . . , 0 | {z } n1 , 1, 1, . . . , 1 | {z } n2 , 0, 0, . . . , 0)

Such an eigenvector with eigenvalue zero can be found for every subgraph. This leads to the conclusion that there exist at least m eigenvectors with eigenvalues

(30)

30 Background

zero for a graph with m independent subgraphs [W+_{01]. Therefore, if a graph}

consists out of only one component, it is connected and equation 2.11 holds.

2.2.6. Algebraic Connectivity

Definition 19. The algebraic connectivity of a graph is defined as λ2.

If the second smallest eigenvalue λ2 of the graph Laplacian is greater than

zero the graph is connected. This heuristic is extendable: the magnitude of λ2 is a measure of the graph connectivity [Fie73]. A graph with a higher

alge-braic connectivity λ2 is

”more connected“. We illustrate this statement using an example. Imagine two graphs with equal number of vertices, e.g. 10. (see Figure 2.7).

Figure 2.7.: Two graphs with the same number of vertices. K10is fully connected.

C10 is sparely connected.

One graph is the fully connected graph K10with a total of 45 edges. The second

graph is the circle graph C10 where every node has exactly two neighbors and

the graph consists out of only 10 edges.

Calculating the algebraic connectivity of both graphs, we get λ2(K10) = 10

and λ2(C10) = 0.382. The algebraic connectivity of K10 is much larger than of

C10.

2.2.7. Fiedler Vector and its Application

M. Fiedler [Fie75] introduced the idea to use λ2 and its corresponding

eigen-vector v2 for partitioning. Definitions and properties related to this work are

summarized in this chapter, not including proofs [BM13b, Moh92, CCJS97, ST96, HK92]. A heuristic is introduced that utilizes the Fiedler vector for spectral graph partitioning.

The eigenvector v2 corresponding to λ2 is often called the Fiedler vector

af-ter M. Fiedler. In a well-balanced partition the numbers of vertices of two subgraphs are equal and the number of edges connecting subgraphs with one another is minimal. The most common approach to partition a graph with respect to the Fiedler vector v2 is to use the sign of the Fiedler vector entries

(31)

2.2 Graph Theory 31

v2(i) of the graph as splitting criterion [BM13b]. Vertices with positive Fiedler

values v2(i) > 0 form one subgraph, vertices with negative values v2(i) < 0

the second one. Vertices with v2(i) = 0 are not clearly assigned and can join

either subgraph. Each subgraph can be further partitioned by calculating the Fiedler vector of its Laplacian. This process is repeated until the aspired num-ber of clusters is reached. Although such a partition is seldom optimal due to the heuristic nature of the approach, it is often satisfying.

Vertices with edges that connect separated subgraphs have Fiedler vector en-tries close to zero. Figure 2.8 illustrates an example graph partitioning with respect to its Fiedler vector.

Figure 2.8.: Spectral clustering of a random graph. a) The unordered graph. b) Its Fiedler vector. Each bar represents the Fiedler vector entry for one node. c) Sorted graph. Node 2 is a bottleneck node.

In Subfigure 2.8a an unordered graph is shown. The Fiedler vector is computed for this graph and its entries for all vertices are visualized in the bar diagram in Subfigure 2.8b. All vertices with positive entries built one subgraph (green, dashed vertices), all with negative entries the second subgraph (solid vertices). The Fiedler vector entry of vertex v2is closest to zero. This vertex is most likely

a bottleneck vertex. Using this information the graph is re-sorted. Subfigure 2.8c shows the result. Both subgraphs and the bottleneck are obvious. All messages exchanged between a vertex of the green dashed subgraph and a vertex of the blue subgraph have to be transmitted through the orange and framed bottleneck vertex v2.

2.2.8. Distributed Computation of the Algebraic Connectivity

and the Fiedler Vector

We exploit the changes of the algebraic connectivity λ2 and the Fiedler vector

v2 of a dynamic network over time to detect topological changes occurred in

this network. We need an approach to compute both matrix characteristics of the network continously and resource-friendly. Such an approach is presented in [SSB12].

The authors describe, how to compute λ2 and v2 in a distributed manner

without any central node. Every node ni runs an instance of the algorithm

and derives estimates of λ2 and v2(i), which is the Fiedler vector entry of node

(32)

32 Background

is to simulate the propagation of waves on the network to estimate the Fiedler vector. Each node initiates a wave, which is propagated through the network. These waves overlay after a certain time interval influencing one another. The amplitude of a local wave is dependent on the states of neighboring waves and reflects the topology of the network.

Such a wave can be decomposed into harmonics with different frequencies ωk,

varying magnitudes Ak and phases φk:

u(t) =

n

X

k=1

Ak(t)sin(ωkt + φk(t)), (2.12)

In [SSB12] it is shown that the number of frequencies of a wave equals the number of eigenvalues of the Laplacian of the network. The second smallest frequency ω2 relates to the algebraic connectivity λ2 and the magnitude of this

frequency A2 relates to the local Fiedler vector component v2(i).

Below, we a brief overview over the technical details of this approach is given. We refer to the original work for further details [SSB12].

The propagation of the wave u(t, x) is descibed by the wellknown wave equa-tion:

∂2_u

∂t2 − c

2_{∆u = 0,} _(2.13)

where u is the wave amplitude, c the wave speed, and ∆ the Laplace operator. It is assumed that the spatial propagation of the wave can be substituted by c2_{Lu in a graph analogy (for details see [SSB12]). Equation 2.13 is applied to}

graphs in the following form:

u(m)_{− 2u(m − 1) + u(m − 2)}

| {z } ∂2 u ∂t2 + c2_{Lu(m − 1)} | {z } c2 ∆u = 0, (2.14)

where_{L is the normalized Laplacian of a graph. An obvious physical} interpre-tation does not exist anymore, u is simply a generic quantity and c a constant. The equation is rewritten in an iterative form:

ui(m) = 2ui(m− 1) − ui(m− 2) − c2 n X j=1 Lijuj(m− 1), (2.15) where i = 1, . . . ,n.

By expanding the Laplacian such that the sum only contains neighboring nodes we get ui(m) = 2ui(m− 1) − ui(m− 2) + c2 |Ni| X j∈Ni uj(m− 1), (2.16)

(33)

2.2 Graph Theory 33

which is the local rule used to compute the wave propagation. It requires three different input values to compute the amplitude of the

”wave“ at time m. The first part, 2ui(m− 1), is a multiplication of a constant with the result

of the preceding evaluation of Equation 2.16 at time m_{− 1. The second one,} ui(m− 2) is the evaluation result of the equation at time m − 2. Part three,

c2P

j∈Niuj(m− 1), are the summarized and averaged evaluation results of all

neighbors of node ni including node ni.

The discrete wave equation iteration is stable on any graph for the initial condition

u(_{−1) = u(−2)} (2.17)

and 0 < c <√2 (proof is given in [SSB12]).

Every node nievaluates Equation 2.16 at every time step. The results are saved

as a time series over a certain time interval. The required neighborhood infor-mation is obtained through a message exchange between all adjacent nodes. With proceeding time not only adjacent nodes but all nodes exchange infor-mation with one another. The topology of the network and the position of the computing node are reflected in the computation.

Every variation in the network topology influences the wave propagation. If no topological changes occur, the computed time series stabilizes. It is altered and destabilized by newly occurring topology changes.

To determine the algebraic connectivity and the Fiedler value, the simulated wave, which is represented by the computed time series, is split into its fre-quency components. The decomposition is done using the Fast Fourier Trans-form [Mey14] on each node. The second smallest frequency component ω2

and its magnitude A2 are extracted and λ2 and v2(i) computed by solving the

following equations: λ2 = 2 c2 · (1 − cos(ω2)) (2.18) v2(i) = M−1 X l=0 u(l)cos(ω2l) (2.19)

M represents the length of time series ui.

Summarized, the time series calculated at a node ni is utilized to determine

λ2 and v2(i). This entry is dependent on the whole state of the network. It

is calculated using only information gained through message exchange with adjacent nodes. The approach uses only local information to estimate the whole network.

Our network self-monitoring algorithm that utilizes this approach is presented in Section 6.

(34)

34 Background

2.3. Polygons

Polygons are used to compute a valid placement for a correction node during the maintenance routine. A short introduction of these geometric figures is given in this section.

Definition 20. (Polygon)

A polygon P is a set of vertices and edges P = {V, E} with V = {vi}i=1···n,

E =_{ei}i=1···n, ei = (vi, vi+1) and en = (vn, v1).

A polygon is an undirected graph, where each vertex vi ∈ V is connected

exactly by two edges. It is also a plane figure, which is bounded by a finite set of straight edges, also called sides, that form a circuit. The meeting points of two edges are called vertices or corners. A polygon has n vertices and n edges. In this thesis, only simple polygons are considered, which do not self-intersect. The perimeter P of a non-intersecting polygon is:

P =X

i

|ei| (2.20)

To calculate the area A and the centroid C of a polygon each vertex vi,

i = 1, 2, . . . , n, is described by a coordinate pair (xi, yi) ∈ R2.

The area A of a non-self-intersecting polygon is given by [Bou88]:

A = 1 2 n−1 X i=0 (xiyi+1− xi+1yi) (2.21)

The centroid C = (Cx, Cy) of the polygon is calculated using the following two

equations. Cx = 1 6A n−1 X i=0

(xi+ xi+1)(xiyi+1− xi+1yi)

(2.22) Cy = 1 6A n−1 X i=0

(yi+ yi+1)(xiyi+1− xi+1yi)

(2.23)

(35)

2.4 Formal Modelling Approaches for WSANs 35

2.4. Formal Modelling Approaches for WSANs

The focus of this thesis is to provide an approach to design, supervise and maintain reliable WSANs. The next logical step would be to verify the func-tionalities of these networks, e.g. the availability of complex services. The groundwork for this future step is provided by identifying a suitable formal model and a fitting formal modeling language for WSANs.

In this section, the actor model [HBS73, Agh86] is introduced, which is a formal model suited for the representation of WSANs. Furthermore, a brief description of Rebeca [Sir04], which is an actor-based modeling language, is given.

2.4.1. Actor Model

The actor model is a programming model for concurrent systems. It explores concurrently executed processes without assuming anything about their con-crete realization.

The actor itself is a primitive (fundamental unit) of computation. It embod-ies processing, storage and computation. Every actor has an unique address. Actors communicate asynchronously passing message.

The model guarantees the delivery of messages. The arrival order of messages and the delivery time is unknown. Only one message is processed at a time. Each incoming message is mapped to a three-tuple of actions to be performed:

1. create a finite set of actors 2. forward to other actors 3. change the own behavior Figure 2.9 illustrates this behavior.

There is no presumed sequence for listed actions. The current state of an actor and the content of the incoming message determine its next action. Actors are history sensitive. As listed above, actor creation is a part of the model. This allows the dynamic allocation of resources by generating actors in response to the magnitude of a computation required to solve a problem. This prop-erty makes the actor model suitable for modeling open systems, which are reconfigurable and extensible i.e. WSANs.

2.4.2. Rebeca

Rebeca (Reactive Objects Language) is a modeling language based on the ac-tor model. It was developed to model and verify concurrent, reactive and distributed systems. Rebeca has a Java-like syntax and is suitable for users

(36)

36 Background

Figure 2.9.: Scheme representing the three possible actions of an actor after re-ceiving a message. Actor #1 can: 1. create a new actor to process the message, 2. forward the message to a second actor or 3. process the message and, with that, change its own state implicitly define a new behavior for handling the next message.

without strong mathematical and formal backgrounds. At the same time it has a formal foundation and can be used for verification. Rebeca models can be verified, e.g., using the Rebeca model checker Modere [JMS06] or with the help of the Rebeca verifier Roudabeh [SSJ+04].

A Rebeca model is a closed system. It represents a parallel composition of a set of concurrent, reactive objects, so called Rebecs. The communication between Rebecs is asynchronous. The content of the exchanged messages triggers the execution of actions.

The grammar of the Reactive Objects Language is listed in Table 2.1 [SJ11].

Model ::=Class* Main Stmt::=v=e; _{| v= newC(<e>,*)} Class ::=reactiveclass C(Nat) _{| Call(<e>,*)}

{KRs Vars MsgSrv*} | if(e) MSt [else MSt] KRs ::=knownrebecs _{<Vdcl;>*} Call ::=v.M_{| self.M | sender.M} Vars ::=statevars _{<Vdcl;>*} Mst ::=_{{Stmt*} | Stmt}

Vdcl ::=T<v>,+ Main::=main {Reb*}

MsgSrv::=msgsrv M(<T v>,*){Stmt*} Reb ::=T r(<T r>*):(<T e>*)

Table 2.1.: Rebeca grammar

Angle brackets

”hi“ stand for meta parentheses and square brackets ”[ ]“ for optional parts. The superscript

”+“ denotes repetitions of more than once,”*“ for zero or more repetitions.

”h. . .i“ and repetitions denote comma separated lists. C stands for class, T for type, M for message server, r for rebecs and v for variable names. Finally, N at denotes a natural number and e expressions.

(37)

2.4 Formal Modelling Approaches for WSANs 37

To illustrate and explain the grammar the example shown in Listing 2.1 is used. It shows a class definition in Rebeca.

reactiveclass R1 ( 4 ) { knownrebecs _{{R2 r}2;} statevars_{} msgsrv i n i t i a l ( ) {self . msg1 ( ) ; } msgsrv msg1 ( ) {r2. p r o v i d e S e r v i c e 1 ( ) ;} } main _{ R1 r1 (R2 r2) : ( ) ; }

Listing 2.1: Exemplary Rebeca class declaration

A new reactiveclass named R1 is defined in the example. Its integer argu-ment (here:4) defines the length of the message queue of a rebec.

The body of the reactiveclass definition has three parts. First, following the keyword knownrebecs the initial communication partners of a rebec are listed. A rebec of type R1 can communicate with rebec r2 of class R2.

Sec-ond, the local state of the rebec is set using statevars. Third, the behavior is defined using message servers msgsrv that are also called methods. Local variables and a sequence of statements, e.g. assignments, may be declared. The message server called initial holds the initialization tasks of a rebec. In the example, during initialization the method msg1() is called. The execution of msg1 triggers the execution of the method provideService1() at rebec r2.

This is equivalent to a service request sent from one node to a certain other node. It is also possible to model the dynamic change of network topologies by sending rebec identifiers as variables.

The main method is used to instantiate a reactiveclass. Rebec r1 of type R1 is

linked with rebec r2 of type R2. No parameters for the initial message server

(empty brackets) are given.

Only the main method, the reactiveclass head and the knownrebecs dec-laration is needed to model the topology of a network. Figure 2.10 illustrates the Rebeca representation of the topology of a graph. A network with five nodes is shown. Nodes pictured in the same color are similar. They have the same architecture and offer the same services. They are modeled in Rebeca as entities of the same class. Differently colored nodes belong to other reactive classes. The notation on the nodes represents the unique identifiers of the nodes.

(38)

38 Background

Figure 2.10.: Rebeca code modeling the topology of the pictured graph

Rebeca offers additional extensions that allow to model probabilities (pRebeca [VK12]) or time (TimedRebeca [RSA+_{14]). For example, it is possible to model}

the repeated transmission of a message after a predefined time interval. Or that a message is transmitted with a certain probability. These features are necessary to model and verify the behavior of a network. A good overview of verification approaches for Rebeca is given in [SJ11].

2.5. Summary

The relevant background used in our approach has been presented in this sec-tion. Wireless sensor-actuator networks have been introduced emphasizing on the benefits of applying the service-orientation paradigm to sensor-actuator networks. An introduction into relevant topics of graph theory has been given focusing on aspects, which are needed to model and analyze WSANs. It fol-lowed a brief introduction of polygons, a description of the actor model and the reactive object language Rebeca.

The work of other authors that is related to this approach is presented in Chapter 3.

Remark: Graphs represent networks, vertices represent nodes and edges/arcs represent links. The previous word pairings are used interchangeably in this thesis.

(39)

3

Related Work

Health care assistance systems designed as wireless sensor-actuator networks have to ensure a reliable transmission of emergency messages. Hereby, they do not endanger the health of supervised patients through the loss of alerts. They require a topology that is capable of handling typical faults like node failure, which might occur in any networks using wireless communication channels. In this thesis methods to guarantee reliable delivery of messages before and af-ter topological changes are investigated. Our approach to achieve transmission reliability is to design fault-tolerant topologies, to monitor them at runtime in order to catch critical changes in an early state, and to correct unavoidable failures in an efficient manner. In this chapter we discuss related approaches to our work.

In Section 3.1, we discuss reliability approaches and methods to ensure fault-tolerance in Wireless Sensor (-Actuator) Networks (WS(A)Ns). We especially put our focus on current fault-tolerance strategies based on relay node place-ment and the use of backup nodes. As we develop a method to generate fault-tolerant topologies for WSANs, we discuss current approaches for the generation of network topologies in Section 3.2. In Section 3.3 we focus on the research field of topology management. We discuss existing diagnostic tools for the analysis of topological properties of WSNs, present actual methods for creating topology aware networks and give a brief overview of topology correc-tion methods. Bottleneck deteccorrec-tion is the goal of our network self-monitoring algorithm. A distributed approach based on spectral properties of the Lapla-cian of a graph is used to draw conclusions about the network topology. Two connectivity characteristics, the algebraic connenctivity and the Fiedler vector are observed. Their time variations is evaluated to gain topological informa-tion. We discuss distributed eigenvector computation algorithms in Section 3.4. Our aim is to prove the fault-tolerance of networks by showing that they are biconnected. In Section 3.5 we argue why existing modeling and verifica-tion approaches for WS(A)Ns are not feasible for this task. This chapter is summarized in Section 3.6

(40)

40 Related Work

3.1. Reliability and Fault-Tolerance Approaches

It is crucial for health care assistance systems to reliably deliver emergency messages. With our approach we provide transmission reliability through the generation and supervision of biconnected, fault-tolerant topologies. If nodes fail, alternative routing paths exist to transmit data from patients to care givers. Possible failures are detected early to avoid a loss of health-critical information like, e.g., an emergency call of a patient.

In this section a brief overview of reliability models and fault-tolerance tech-niques for connectivity failures in communication networks and WSNs.

3.1.1. Reliability Approaches

There are various approaches to define reliability for communication networks. The brief overview is based on the core ideas described in [Jer98], which are still valid today. The author sub-divides existing approaches into three groups based on the following measures:

• connectivity, • capacity, • performability.

The first type of approaches applies connectivity measures to model reliability. The k_{− terminal probabilistic connectivity is the most prominent reliability} measure considering random network failures. It is defined over a subset of K ⊆ N nodes for a network with N nodes and measures the probability that there exists a path between a random node s_{∈ K and every other node in} sub-set K [SGPV12]. Other connectivity models evaluate the threat of intelligent attacks from outside and define the reliability as the ability of the network to not be disrupted by a deterministic intervention1_.

Network capacity approaches define a network as reliable if it is capable to transmit a required amount of data from a source node to a target node. Some approaches focus only on the overall capacity of the network (e.g. [Lee80]). Others are interested in measuring the capacities that are simultaneously achieved at all nodes [BPZ92, LATB96]. The benefit of this is that the impact of the taken routing path is considered.

Reliability models based on performability2 _{include the impact of different}

routing paths on the service quality of the network (e.g. [SSG91]). It is the most complex of the described approaches because it considers much more de-tails about the traffic flow.

In this thesis we define the reliability of the network through the graph con-nectivity to suit the high safety demands of the medical domain. We require networks to provide at least two routing paths between any node pair. In case

1

E.g., an intelligent enemy tries to disconnect the network. 2

Performability is a composed measure. It unites the performance of the system with its dependability.