A Quantitative Analysis of Collision Resolution Protocol for Wireless Sensor Network

In this paper, we present formal analysis of 2CS-WSN collision resolution protocol for wireless sensor networks using probabilistic model checking. The 2CS-WSN protocol is designed to be used during the contention phase of IEEE 802.15.4. In previous work on 2CS-WSN analysis, authors formalized protocol description at abstract level by defining counters to represent number of nodes in specific local state. On abstract model, the properties specifying individual node behavior cannot be analyzed. We formalize collision resolution protocol as a Markov Decision Process to express each node behavior and perform quantitative analysis using probabilistic model checker PRISM. The identical nodes induce symmetry in the reachable state space which leads to redundant search over equivalent areas of the state space during model checking. We use “ExplicitPRISMSymm” on-the-fly symmetry reduction approach to prevent the state space explosion and thus accommodate large number of nodes for analysis.


Introduction
In last few years, our lives have been greatly influenced by a wireless communication technology that promotes the development of low cost tiny sensor devices which are capable of sensing, processing and communicating.These tiny sensor devices are collaborated to form an ad hoc and self-configurable network, generally referred as the Wireless Sensor Network (WSN) [1].These tiny sensor devices have been used in a wide array of appli-cations such as battlefield surveillance, home automation, target tracking, traffic monitoring, health-care monitoring, etc.Although WSN supports a wide array of applications, it has severe resource limitations [2].The tiny sensor devices are composed of very limited resources such as memory, bandwidth, processor, and energy [3].In WSN, the data collected by tiny sensor devices have to be transmitted from source to sink node with maximum accuracy and least resource utilization.
To communicate with each other, each node initiates neighbor discovery process which collects the neighbor nodes information by receiving packets from them.If two or more nodes send their packets at the same time, a collision may occur at the receiving node.A key challenge for successful neighbor discovery is to resolve the collisions that occur at the receiving node.Here, we focus onto two cells sorted wireless sensor network (2CS-WSN) collision resolution protocol [4] designed to be used during the contention phase of IEEE 802.15.4 [5].
In this paper, we consider formal verification of 2CS-WSN collision resolution protocol using probabilistic model checker PRISM [6].Given a probabilistic model, expressed as a stochastic process such as Markov Decision Process (MDP) [7], and a property specification, such as "node 1 has delivered a data packet with probability 1", the probabilistic model checking verifies whether model satisfies the given specification or not.
José A. Mateo et al. have also presented formal analysis of 2CS-WSN protocol using PRISM in [8].They formalize protocol description at very abstract level using counter abstraction based approach.In counter abstraction approach, the abstract state contains a counter for each possible local state that a process can be in.For example, for 2CS-WSN model, authors defined counters like TC (Transmission Cell) and WC (Waiting Cell) which denote the number of nodes currently in TC and WC.As a limitation of this approach, we cannot analyze the behavior of individual node i.e. whether node 1 has performed successful transmission or not.
We use Markov Decision Process (MDP) as formalization to capture the complete behavior of each node in 2CS-WSN protocol.We evaluate quantitative properties such as "probability of node 1 to transmit successfully within 10 seconds".Major constraint of our modeling approach is the verification of protocol model with large number of nodes.As the number of nodes increases, states will grow exponentially which is known as state space explosion problem.State explosion prevents the analysis of protocol with large number of nodes.To prevent the state space explosion, we use "ExplicitPRISMSymm" on-the-fly symmetry reduction technique [9], thus making it feasible to analyze protocol with large number of nodes.
We can perform modifications in our modeling approach according to the situations occur in the protocol.For example, we can assign priority to any node like cluster head, so any message from higher priority node will be transmitted before all other messages.
The paper proceeds with the informal description of 2CS-WSN collision resolution protocol in next section.In section 3, we discuss the protocol modeling using counter abstraction based approach and its limitations.Section 4 explains protocol formalization using MDP.Experimental results are explained in section 5 followed by conclusion in section 6.

Background
In this section, we give brief introduction of probabilistic model checking and symmetry reduction.Symmetry reduction is a well-known abstraction technique to prevent the state space explosion in concurrent system analysis.

Probabilistic Model Checking
Probabilistic model checking integrates automated verification techniques aim to quantitatively analyze the probabilistic systems.Calculating likelihood of the occurrence of certain events during the system execution is referred as quantitative analysis.
PRISM is a widely used probabilistic model checker, has been developed at the University of Birmingham [6].It has been used to model and analyze a wide range of applications such as distributed randomized algorithms, wireless communication protocols, game theory, quantum computing etc. [10].PRISM supports a range of probabilistic models and property specification languages based on temporal logic, and have been extended with costs and rewards [11].
The system to be analyzed is described in a high-level PRISM specification language then transformed into an internal representation, such as symbolic [12] or explicit [11].Symbolic uses Multi Terminal Binary Decision Diagram (MTBDD) [13] mathematical data structure for compact representation of state space.Whereas explicit enumerate complete state space in memory.Properties are expressed as temporal logical formulas, enriched with probabilistic operators, and may include additional features such as time bounds or rewards depending on the model [11].
The probabilistic model checker exhaustively search entire reachable state space associated with the system model, and generate two types of outputs, either true/false which indicate whether the specification holds in model or not, or the numerical value, for example, the probability or expected time to reach a state satisfying the specification [11].

Symmetry Reduction
One of the major problems associated with probabilistic model checking is the state space explosion.This problem is more severe with concurrent system analysis as it contains non-distinguishable components [14].We can consider 2CS-WSN protocol as a concurrent system consisting identical nodes where behavior of each node is similar.As the number of nodes increases in the protocol, the reachable state space grows exponentially.The identical nodes induce symmetry in the reachable state space which leads to redundant search over equivalent areas of the state space during model checking [15].
Symmetry reduction discovers the equivalence classes of symmetrical states to prevent the state explosion in concurrent system analysis.Symmetry reduction reduces the size of system model by choosing only one state as a representative from each equivalence class of states [16].This smaller model referred as quotient model, which is yet similar in function to its original model.
PRISM has built-in symmetry reduction technique "PRISMSymm" [17] works with symbolic representation of probabilistic models.In [9], authors have proposed symmetry reduction technique "ExplicitPRISMSymm" for explicitly represented probabilistic models.
Model building task is much faster using symbolic compare to explicit.But explicit performs better in property evaluation compare to symbolic.For verification of any system, model building is one time task only, where property evaluation can be performed frequently on built model [9].Thus, we have used "Explicit-PRISMSymm" symmetry reduction technique for analysis of 2CS-WSN protocol.

2CS-WSN Collision Resolution Protocol
2CS-WSN protocol is originally adapted from 2C (two cell) algorithm introduced in [4] for wired network.Here, time is slotted and nodes can transmit at the beginning of a given time slot.The main issue in collision resolution protocol is how to detect a collision.The collision detection method in both the wired 2CS protocol and wireless 2CS-WSN protocol is as follows: • Collision detection in 2CS: In a given time slot, node transmits a packet and receives a feedback message from the central station.The feedback message represents C if collision takes place otherwise represents NC. • Collision detection in 2CS-WSN: In 2C, it is assumed that, there is a central station which continuously monitors the channel and provides the feedback message.However, this assumption is unrealistic in self-configuring wireless ad hoc network.For instance, a wireless node may infer that its transmission has collided if the reply to its request does not arrive.Figure 1 shows the working of 2CS-WSN protocol [8].If a node wants to send a message, it is consider into Transmission Cell (TC).The transmission is successful if node receives an acknowledgment of a sent message.If acknowledgment does not receive, the node will randomly choose whether to retransmit or join waiting cell for later transmission.This aspect is model using probabilities.Let's denote TC P the probability to remain in TC and WC TC 1 P P = − probability to join the waiting cell (WC).When the transmission cell becomes empty, nodes move from WC to TC [18].
In next slot, if TC contains more than one node, then nodes again redistribute in TC and WC with the help of probabilities.This process repeat until only one node remains in TC and transmit successfully.

Example
Figure 2 demonstrate how collision resolves between 3 nodes with the help of two waiting cells WC1 and WC2.Initially each node stays into TC, then each node randomly decides either to stay in TC or to move into WC1 with respective probabilities TC P and WC P .In this example, node N1 and N3 choose to stay in TC, whereas N2 decide to move into WC1.Further N1 and N3 attempt to retransmit, and collide again.In next slot, N1 move to WC1, at the same time N2 shift to WC2.Now there is only one node N3 in TC, thus achieve successful transmission.Now TC becomes empty and N1 and N2 move to TC and WC1 respectively.This process repeats until all nodes achieve successful transmission.

Abstract Model of 2CS-WSN Protocol Based on Counter Abstraction Approach
José A. Mateo et.al have also presented formal analysis of 2CS-WSN collision resolution protocol using probabilistic model checking [8].They formalize protocol description based on counter abstraction approach.

Counter Abstraction
Counter abstraction is a well-known abstraction method [19] for concurrent system consisting n number of identical processes.
Let's consider a probabilistic model of a concurrent system consisting n finite number of concurrently executing processes.Let { }

2CS-WSN Protocol Model as Counter Abstraction
Authors of [8] formalize abstract model of 2CS-WSN protocol as Discrete Time Markov Chain.According to the protocol description, the node can be in one of two conditions, i.e.TC or WC.
In formalization, they maintain different counters for transmission cell and waiting cells.Let's consider a protocol configured with 2 waiting cells.Then representation of system state can be: (TC, WC1, WC2) where TC represents the number of nodes collide in TC and WC1, WC2 represents the number of nodes waiting in each respective cell.For example, state ( ) represents that 4 nodes collide in TC and 2 and 1 nodes are waiting to into WC1 and WC2 respectively.
Here, major restriction of counter abstraction is that the model cannot capture the behavior of individual node.We cannot analyze the performance of a single node behavior.For example, we cannot measure collision resolution time for individual node.

Formalization of 2CS-WSN Protocol as Markov Decision Process
The MDP model for the 2CS-WSN protocol will be obtained by composing MDPs for each node.Initially all nodes collide into TC, then they choose to move into state TC or WC1 with TC P or WC P probability, which is indicated by the synchronize action ?move_to_TC_or_WC1.At the same time, nodes waiting into WC1 moves to WC2 with ?move_to_WC2.
Node can transmit a packet if collision does not occur into local state TC, and node moves from TC to FIN. whenever counter Ntc reaches to zero, nodes from local states WC2 and WC1 move to WC1 and TC respectively.This process repeats until all nodes transmit successfully.
Let's consider 2CS-WSN protocol configured with one waiting cell WC1 and transmission probability TC 0.5 P = . Here, we consider two nodes which are colliding with each other in TC.The state space generated for two such nodes is shown in Figure 4 with probability distribution.In general, for any system consisting n number of nodes with k possible local states will have maximum n k total number of reachable states.In 2CS-WSN, nodes can be in one of three possible local states(TC, WC1 or FIN) 3 k = , thus MDP model of two nodes will consist maximum 3 2 states.State space of such model tends to grow exponentially large with increasing number of nodes.Due to this state space explosion problem, verification of protocol with large number of nodes is not feasible.A model of such system frequently contains the symmetrical components in form of nodes where behavior of all nodes is indistinguishable.
For example, symmetrical components exist in 2CS-WSN protocol model, e.g. two states s1: (TC,WC1) and s2: (WC1,TC) are symmetric to each other in Figure 4.There is a transition from state s1: (TC,WC1) to s4: (FIN,WC1).After applying permutation ( ) 1, 2 on source s1 and destination s4, we will get states s2: (WC1,TC) and s5: (WC1,FIN) respectively.Figure 4 shows that the transition between s2 to s5 also exists.Here, two states s1 and s2 represent same situation, where one node is into transmission cell and another into waiting cell.Hence, both the states (s1, s5) belong to a same equivalence class.Same way, both destination states (s4, s5) also represent the same situation.
In formal verification, all states belonging to the same equivalence class indicate the same event in the system.Therefore, considering only one state instead of all from each equivalence class will not affect the results.Symmetry reduction exploits this fact and reduces the state space: only one representative from each equivalence class of states is chosen.

Quantitative Analysis
We now proceed to quantitative analysis of 2CS-WSN protocol.In [8] [18], authors conclude that TC 0.5 P = and 5 waiting cells ( ) WC1, WC2, , WC5  are best configurations to achieve minimum collision resolution time.Thus, to evaluate the MDP model of protocol, we consider TC 0.5 P = and 5 number of waiting cells with varying number of nodes.For experiments, we used virtual machine configured with Xeon Processor, 20 GB RAM and Linux Operating system.

Property Specifications
To analyze the protocol, significant properties are expressed using PCTL logical formulas.Specific properties for probabilistic model checking can be grouped into three different categories [20]: 1).Probabilistic Reachability: This type of property verifies that event will take place or not with defined probability at some point in the future during the system execution.Two probabilistic reachability properties for 2CS-WSN protocol are as follows: First we want to verify that whether all nodes have performed successful transmission or not.This is computed by using the following formula: ( ) where z = number of nodes.
-P1: "Eventually with probability at least 1, all nodes successfully transmit" ( ) If the property evaluate to true then it ensures that the protocol eventually terminates successfully.-P2: "Eventually with probability at least 1, node 1 successfully transmit" ( ) This property ensures that whether node n1 has performed successful transmission or not.
2).Time Bounded Probabilistic Reachability: These properties allow to evaluating the specific event within bounded time deadline.-T1: Minimum probability of protocol termination within time T.
( ) -T2: Minimum probability that node 1 correctly transmit its packet within time T.
( ) 3).Expected Reachability: Reachability reward properties can be analyzed by associating rewards/costs to PRISM model.For evaluation, tool accumulates expected reward values along a path until a certain point is reached.
According to the original protocol description [8] [18], time required by single node to move from one cell to another is 1.6 ms.We associate reward named as "time" of 1.6 to our MDP model.Thus, each transition of system model is associated with 1.6 reward value.Following properties allow to calculating expected time required by the specific event.
-R1: Maximum expected time taken by protocol to resolve all the conflicts { } ( ) -R2: Maximum expected time taken by node 1 to successfully transmit its packet

Evaluation
We built an MDP model of 2CS-WSN protocol using PRISM's explicit representation.We first analyze property P1, that evaluate to true, which ensures that protocol has successfully resolved all the collisions.Time bounded probabilistic property T1 calculates the probability of protocol termination within given time.As the time deadline T increases, probability of protocol termination is also increase.
We validate our MDP model by comparing "Expected reachability value of property R1" for different number of nodes with the results given in [8].Collision resolution time required for specific number of nodes using our model is same as results given in [8].
In 2CS-WSN protocol verification, as the number of node increases, reachable states also increase.Thus, the full MDP model with large number of nodes cannot build using explicit representation.Therefore, we have applied "ExplicitPRISMSymm" on-the-fly symmetry reduction technique [9] to build a quotient explicit MDP model of protocol with large number of nodes.On-the-fly symmetry reduction reduces symmetrical states at the time of exploration of reachable states.Thus, it saves time from exploring symmetrical states and also free storage space by only storing state from each equivalence class of states.The reduced model built by choosing representative states and their corresponding transitions known as quotient model.
In Figure 5, graph shows the comparison between full explicit model and quotient explicit model.We observe that full explicit model cannot build with more than 6 numbers of nodes.Whereas using on-the-fly symmetry reduction we are able to build a model up to 21 numbers of nodes.
Properties P2, T2 and R2 cannot analyze using counter abstraction based approach.But using our MDP formalization, we can analyze properties related to individual node as it represents information of each node.
PRISM gives facility to define symmetry parameters as NBS and NFS, in which we can specify number of non-symmetric nodes.Here NBS represents number of non-symmetric nodes before symmetric nodes and NFS defines number of non-symmetric nodes after symmetric nodes.That means, all symmetric nodes must be defined in a consecutive manner.
For example, we want to verify that what is the probability that node n1 will successfully transmit its packet within given deadline.For that, we can specify symmetry reduction parameters as 1.0 which perform the symmetry reduction on all nodes except node 1.
We have evaluated property T2 against node 1 with varying the time deadline and number of nodes.Table 1 shows the probability of successful transmission by node 1 with different time deadlines.We observe that as the number of node increases, probability of node 1 transmission is decreases for short deadlines.
We have also evaluated property R2, "expected collision resolution time" for n1 with different TC P values range from 0.1 to 0.9.We have taken the results of property R2 with different number of nodes.
Figure 6 shows the graph for experimental results of property R2.From experimental results, we infer that as the number of node increases, time required for successful transmission by node 1 also increases.Experimental results show that TC 0.4 P = or TC 0.5 P = is best choice as the parameter for retransmission probability, which minimize the collision resolution time.

Conclusions
We formalized 2CS-WSN collision resolution protocol as Markov Decision Process and performed quantitative analysis using probabilistic model checking techniques implemented in the model checker PRISM.We have analyzed quantitative properties such as "probability of node 1 to transmit successfully within 20 seconds".
From experimental results, we infer that probability of transmission TC 0.4 P  or 0.5 and waiting cells 5  can be considered as a best configuration option to minimize collision resolution time.
In collision resolution protocol, all nodes are identical; behavior of all nodes is similar.In protocol model, as the number of node increases, state space explosion problem arises.We have successfully applied "Explicit-PRISMSymm" on-the-fly symmetry reduction technique to prevent the state explosion in probabilistic model checking and make the protocol analysis with large number of nodes feasible.
of processes currently in local state i upl .

Figure 3
shows the control-flow diagram of MDP formalizing the operational behavior of the th i node.The model of the th i node consists of four locations TC, WC1, WC2 or FIN.Initially the th i node is in the state TC.An integer variable Ntc , 1 Nwc and 2 Nwc keeps track of the number of nodes that are currently in the local state TC, WC1 or WC2.The edges in the control-flow diagram refer to the conditions that must be satisfied to move into the next state.For synchronization of all the nodes, we use notation like ? to represent that all nodes in current state will simultaneously transit into the next state if condition satisfy.

Figure 3 .
Figure 3. Conceptual MDP model of i th node of 2CS-WSN protocol.

Figure 5 .
Figure 5. Model building time using full explicit model Vs.Quotient explicit model.

Figure 6 .
Figure 6.Expected collision resolution time for node 1 with varying P TC and number of nodes.

Table 1 .
Probability of successful transmission by node n1 with varying the time deadline and number of nodes.
denote the possible local variables of a single process.A system state s can be represented in form ofUnique possible local state upl upl uplbe the set of possible unique local states that a process can be in.Here, up N denotes the number of possible unique local states.In counter abstraction method, the abstract state contains a counter for each possible local state that a process can be in.An abstract state up N