Beruflich Dokumente
Kultur Dokumente
Cooperating Objects
Series Editor
Pedro José Marron
123
Stefano Tennina Petr Jurčík
Anis Koubâa Instituto Superior de CISTER
Mário Alves Research Centre
Ricardo Severino Porto
Nuno Pereira Portugal
Eduardo Tovar
CISTER/INESC-TEC Research Centre Jan-Hinrich Hauer
Politécnico do Porto (ISEP/IPP) Telecommunication Networks Group
Porto Technische Universität Berlin
Portugal Berlin
Germany
Roberta Daidone
Marco Tiloca Mélanie Bouroche
Gianluca Dini School of Computer Science and Statistics
Department of Information Engineering Trinity College Dublin
University of Pisa Dublin
Pisa Ireland
Italy
IEEE 802.15.4 (15.4, for short) and ZigBee are among the most prominent
communication technologies for low-power wireless networking such as wireless
sensor/actuator networks (WSANs). These technologies have been widely used
both in academia and industry in a variety of wireless sensing/actuation applica-
tions. Also, they have been used as a baseline for other standard communication
protocols/models such as WirelessHART and 6LoWPAN.
This book outlines the most important characteristics of 15.4 and ZigBee and
how they can be used to engineer WSN systems and applications, with a particular
focus on Quality-of-Service (QoS) aspects. It starts by providing a snapshot of the
most relevant features of these two protocols, identifying some gaps in the stan-
dard specifications. Then it describes several state-of-the-art open-source imple-
mentations, models, and tools that have been designed by the authors and have
been widely used by the international community. The book also outlines the
fundamental performance limits of 15.4/ZigBee networks, based on well-sustained
analytical, simulation, and experimental models, including how to dimension such
networks to optimize delay/energy trade-offs.
The Part II of the book illustrates several add-ons to the baseline 15.4 and
ZigBee protocols that improve their QoS properties, including security, reliability,
timeliness, and energy-efficiency. Finally, the Part III of the book aims at pro-
viding a flavor of some real-world applications and system architectures based on
these technologies.
The book builds on a solid critical mass and original contributions from the
authors, resulting from extensive analytical, simulation, and experimental work
carried out over more than 6 years. To the best of our knowledge, this is the first
book tackling engineering aspects of 15.4 and ZigBee for low-power wireless
networks (such as wireless sensor/actuator networks). Thus, we believe it will
serve as baseline reading material for students and as a reference to orient
researchers and system designers in this area.
v
Contents
2 Protocol Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.1 IEEE 802.15.4 MAC Implementation in TinyOS 2. . . . . . . . . . 27
2.1.1 TinyOS 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.1.2 MAC Decomposition . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.1.3 Radio Arbitration in Beacon-Enabled PANs . . . . . . . . . 31
2.1.4 Interface Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.2 ZigBee Cluster-Tree Network Layer Implementation
in TinyOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
2.2.1 Software Architecture. . . . . . . . . . . . . . . . . . . . . . . . . 38
2.2.2 Joining a ZigBee Network . . . . . . . . . . . . . . . . . . . . . 38
2.2.3 Tree Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
vii
viii Contents
10 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
The first part of this book describes the features of the standard IEEE 802.15.4 and
ZigBee communication protocols and an open source implementation. Then, a set
of modeling and design tools is presented.
Chapter 1
Snapshot of the IEEE 802.15.4 and ZigBee
Protocols
Abstract This chapter presents the most important features of the IEEE 802.15.4
and ZigBee protocols. It particularly focuses on the Data Link and Network
Layers, which are the most relevant in the context of this book. Finally, a brief
discussion on the issues that the standards still leave open is presented. A possible
set of solutions to those problems will be formulated as amendments in the second
part of the book.
ZigBee defines two layers of the Open Systems Interconnection (OSI) model: The
Application Layer (APL) and the Network Layer (NWL), as depicted in Fig. 1.1.
Each layer performs a specific set of services for the layer above. The different
layers communicate through Service Access Points (SAP’s). These SAPs enclose
two types of entities: (1) a data entity (NLDE-SAP) to provide data transmission
service and (2) a management entity (NLME-SAP) providing all the management
services between layers.
The ZigBee Device Object (ZDO) in Fig. 1.1 is responsible for communicating
information about itself and its provided services. The ZDO is located in EndPoint
0. The Application Objects are the manufacturer’s applications running on top of
the ZigBee protocol stack. These objects, located between Endpoints 1 to 240,
adhere to a given profile approved by the ZigBee Alliance. The address of the
device and the EndPoints available provide a uniform way of addressing individual
application objects in the ZigBee network. The set of ZDOs, their configuration
and functionalities form a ZigBee profile. The ZigBee profiles intent to be a
uniform representation of common application scenarios. Currently, the ZigBee
available profiles include the Network Specific (stack identifier 0); Home Controls
(stack identifier 1); Building Automation (stack identifier 2) and Plant Control
(stack identifier 3).
Fig. 1.2 ZigBee network topologies. a Star topology. b Mesh topology. c Cluster Tree topology
• ZigBee End Device (ZED) or simply Sensor Node (SN): does not allow other
devices to associate with it; does not participate in routing; it is just a sensor/
actuator node; can be a Reduced Function Device (RFD) implementing a
reduced subset of the protocol stack.
Throughout this book, the names of the devices and their acronyms are used
interchangeably. ZigBee/IEEE 802.15.4 enables three network topologies star,
mesh and cluster-tree (Fig. 1.2).
In the star topology (Fig. 1.2a), a unique node operates as a ZC. The ZC
chooses a PAN identifier, which must not be used by any other ZigBee network in
the vicinity. The communication paradigm of the star topology is centralized, i.e.,
each device (FFD or RFD) joining the network and willing to communicate with
other devices must send its data to the ZC, which dispatches it to the adequate
destination. The star topology may not be adequate for traditional Wireless Sensor
Networks (WSN) for two reasons. First, the sensor node selected as a ZC will get
its battery resources rapidly ruined. Second, the coverage of an IEEE 802.15.4/
ZigBee cluster is very limited while addressing a large-scale WSN, leading to a
scalability problem.
The mesh topology (Fig. 1.2b) also includes a ZC that identifies the entire
network. However, the communication paradigm in this topology is decentralized,
i.e., each node can directly communicate with any other node within its radio
6 1 Snapshot of the IEEE 802.15.4 and ZigBee Protocols
Table 1.1 Major features of the star, mesh and cluster-tree network topologies
Star Mesh Cluster-Tree
Scalability No Yes Yes
Synchronization Yes (no) No Yes
Inactive period All nodes ZEDs All nodes
Guaranteed bandwidth Yes (GTS) No Yes (GTS)
Redundant paths N/A Yes No
Routing protocol overhead N/A Yes No
Commercially available Yes Yes No
range. The mesh topology enables enhanced networking flexibility, but it induces
additional complexity for providing end-to-end connectivity between all nodes in
the network. Basically, the mesh topology operates in an ad-hoc fashion and
allows multiple hops to route data from any node to any other node. In contrast
with the star topology, the mesh topology may be more power-efficient and the
battery resource usage is fairer, since the communication process does not rely on
one particular node.
The cluster-tree network topology (Fig. 1.2c) is a special case of a mesh net-
work where there is a single routing path between any pair of nodes and there is a
distributed synchronization mechanism (IEEE 802.15.4 beacon-enabled mode).
There is only one ZC which identifies the entire network and one ZR per cluster.
Any of the FFD can act as a ZR providing synchronization services to other
devices and ZRs.
Table 1.1 summarizes some of the differences between ZigBee mesh and
cluster-tree topologies.
The synchronization (beacon-enabled mode) feature of the cluster-tree model
may be seen both as an advantage and as a disadvantage, as reasoned next.
On one hand, synchronization enables dynamic duty-cycle management in a per
cluster basis, allowing nodes (ZEDs and ZRs) to save their energy by entering the
sleep mode. In contrast, in the mesh topology as defined in the IEEE 802.15.4
standard specification, only the ZEDs can have inactive periods. These energy
saving periods enable the extension of the network lifetime, which is one of the
most important requirements of WSNs. In addition, synchronization allows
the dynamic reservation of guaranteed bandwidth in a per-cluster basis, through
the allocation of Guaranteed Time Slots in the Superframe Contention Free Period
(CFP). This enables the worst-case dimensioning of cluster-tree ZigBee networks,
namely it is possible to compute worst-case message end-to-end delays and
ZigBee Router buffer requirements. On the other hand, managing the synchroni-
zation mechanism throughout the cluster-tree networks is a very challenging task.
Even if we can cope with minor synchronization drifts between ZRs, this problem
can grow for larger cluster-tree networks (higher depths). As previously men-
tioned, the de-synchronization of a cluster-tree network leads to collision problems
due to overlapping Beacons and Superframes. For instance, the CAP of one cluster
can overlap the CFP of another cluster, which is not admissible.
1.1 General Aspects 7
Regarding the routing protocols, the tree routing protocol in the cluster-tree is
lighter than the mesh routing protocol (AODV) in terms of memory and processing
requirements. The routing overhead, as compared with the AODV [2] in the mesh
topology, is reduced. Note that the tree routing protocol considers just one path
from any source to any destination, thus it does not consider redundant paths, in
contrast to AODV. Therefore, the tree routing protocol is prone to the single point
of failure problem, while that can be avoided in mesh networks if alternative
routing paths are available (more than one ZigBee Router within radio coverage).
Note that if there is a fault in a ZigBee Router, network inaccessibility times
may be inadmissible for applications with critical timing and reliability require-
ments. Therefore, designing and engineering energy and time-efficient fault-
tolerance mechanisms to avoid or at least minimize the single point of failure
problem in ZigBee Cluster-Tree networks is of crucial importance. Besides the
Beacon/Superframe scheduling and the single-point-of-failure problems, there are
other implementation-related obstacles that makes the use of the cluster-tree
topology a challenging task, such as: (1) the dynamic network resynchronization,
for instance in case of a new cluster joining or leaving the network; (2) the
dynamic rearrangement of the all the duty cycles in the case of a router failure;
(3) a new router association or even rearranging the superframe duration of some
routers to adapt the bandwidth allocated to that branch of the tree; (4) the rear-
rangement of the addressing space allocated to each router; and (5) supporting
mobility of nodes, routers or even hole clusters.
From a general perspective, all these impairments have lead to the lack of com-
mercial or academic solutions based on the ZigBee Cluster-Tree model. Neverthe-
less, we consider this model as a promising and adequate solution for WSN
applications with multiple Quality of Service (QoS) requirements, such as timeliness
and energy-efficiency, which triggered us to implement it and explore its potential.
The IEEE 802.15.4 Full Function Devices (FFD) have three different operation
modes:
• The Personal Area Network (PAN) Coordinator: The principal controller of the
PAN. This device identifies its own network as well as its configurations, to
which other devices may be associated. In ZigBee, this device is referred to as
the ZigBee Coordinator (ZC).
• The local Coordinator: Provides synchronization services through the trans-
mission of beacons. This device should be associated to a PAN Coordinator or a
previously associated local Coordinator and does not create its own network. In
ZigBee, this device is referred to as the ZigBee Router (ZR).
• The End Device: A device which does not implement the previous functional-
ities and should associate with a ZC or ZR before interacting with the network.
In ZigBee, this device is referred to as the ZigBee End Device (ZED).
8 1 Snapshot of the IEEE 802.15.4 and ZigBee Protocols
The Reduced Function Device (RFD) is an end device operating with the
minimal implementation of the IEEE 802.15.4. An RFD is intended for applica-
tions that are extremely simple, such as command a light switch or read from a
passive infrared sensor; they do not have the need to send large amounts of data
and may only associate with a single FFD at a time.
Throughout this book the IEEE 802.14.5 operational modes and the ZigBee
device names are used interchangeably (e.g., PAN Coordinator ¼ ZigBee Coor-
dinator, local Coordinator ¼ ZigBee Router (or Cluster Head) and End Device ¼
ZigBee End Device). The designation of Coordinator represents both ZC and ZRs.
The IEEE 802.15.4 physical layer is responsible for data transmission and
reception using a certain radio channel and according to a specific modulation and
spreading technique.
The IEEE 802.15.4 offers three operational frequency bands: 2.4 GHz, 915 and
868 MHz (Fig. 1.3). There is a single channel between 868 and 868.6 MHz
(20 kbit/s), 10 channels between 902 and 928 MHz (40 kbit/s), and 16 channels
between 2.4 and 2.4835 GHz (250 kbit/s). The protocol also allows dynamic
channel selection, a channel scan function in search of a beacon, receiver energy
detection, link quality indication and channel switching. All of these frequency
bands are based on the Direct Sequence Spread Spectrum (DSSS) spreading
technique.
The physical layer of IEEE 802.15.4 is in charge of the following tasks:
• Activation and Deactivation of the Radio Transceiver. The radio transceiver
may operate in one of three states: transmitting, receiving or sleeping. Upon
request of the MAC sub-layer, the radio is turned ON or OFF. The turnaround
time from transmitting to receiving and vice versa should be no more than 12
symbol periods, according to the standard (each symbol corresponds to 4 bits).
• Energy Detection (ED). Estimation of the received signal power within the
bandwidth of an IEEE 802.15.4 channel. This task does not make any signal
identification or decoding on the channel. The energy detection time should be
equal to 8 symbol periods. This measurement is typically used by the Network
Layer as a part of channel selection algorithm or for the purpose of Clear
Channel Assessment (CCA), to determine if the channel is busy or idle.
• Link Quality Indication (LQI). Measurement of the Strength/Quality of a
received packet. It measures the quality of a received signal. This measurement
may be implemented using receiver ED, a signal to noise estimation or a
combination of both techniques.
• Clear Channel Assessment (CCA). Evaluation of the medium activity state: busy
or idle. The CCA is performed in three operational modes: (1) Energy Detection
mode: The CCA reports a busy medium if the detected energy is above the ED
threshold. (2) Carrier Sense mode: The CCA reports a busy medium only is it
detects a signal with the modulation and the spreading characteristics of IEEE
802.15.4 and which may be higher or lower than the ED threshold. (3) Carrier
Sense with Energy Detection mode: This is a combination of the aforemen-
tioned techniques. The CCA reports that the medium is busy only if it detects a
signal with the modulation and the spreading characteristics of IEEE 802.15.4
and with energy above the ED threshold.
• Channel Frequency Selection. The IEEE 802.15.4 defines 27 different wireless
channels. Each network can support only part of the channel set. Hence, the
physical layer should be able to tune its transceiver into a specific channel when
requested by a higher layer.
The Medium Access Control (MAC) protocol supports two operational modes
(Fig. 1.4):
• The non beacon-enabled mode. When the ZC selects the non-beacon enabled
mode, there are neither beacons nor superframes. Medium access is ruled by an
unslotted CSMA/CA mechanism.
• The beacon-enabled mode. In this mode, beacons are periodically sent by the
ZC or ZR to synchronize nodes that are associated with it, and to identify
the PAN. A beacon frame delimits the beginning of a superframe defining a time
interval during which frames are exchanged between different nodes in the
PAN. Medium access is basically ruled by Slotted CSMA/CA. However,
the beacon-enabled mode also enables the allocation of contention free time
slots, called Guaranteed Time Slots (GTSs) for nodes requiring guaranteed
bandwidth.
The superframe is defined between two beacon frames and has an active period
and an inactive period. Figure 1.5 depicts the IEEE 802.15.4 superframe structure.
The active portion of the superframe structure is composed of three parts, the
Beacon, the Contention Access Period (CAP) and the Contention Free Period
(CFP):
• Beacon (BCN). The beacon frame is transmitted at the start of slot 0. It contains
the information on the addressing fields, the superframe specification, the GTS
fields, the pending address fields and other PAN related data.
• Contention Access Period (CAP). The CAP starts immediately after the beacon
frame and ends before the beginning of the CFP, if it exists. Otherwise, the CAP
ends at the end of the active part of the superframe. The minimum length of the
CAP is fixed to aMinCAPLength ¼ 440 symbols. This minimum length ensures
that MAC commands can still be transmitted when GTSs are being used.
A temporary violation of this minimum may be allowed if additional space is
needed to temporarily accommodate an increase in the beacon frame length,
needed to perform GTS management. All transmissions during the CAP are
The association procedure takes place when a device wants to associate with a
Coordinator. This mechanism can be divided into three separate phases: (1)
channel scan procedure; (2) selection of a possible parent; (3) association with the
parent.
IEEE 802.15.4 enables four types of channel scan procedures: (1) the energy
detection scan, where the device obtains a measure of the peak energy in each
channel; (2) the active scan, where the device locates all Coordinators transmitting
beacon frames; this scan is performed on each channel by first transmitting a
beacon request command; (3) the passive scan, where similarly to the active scan,
the device locates all Coordinator transmitting beacon frames with the difference
that the scan is performed only in a receive mode, without transmitting beacon
requests; and (4) the orphan scan, used to locate the Coordinator with which the
scanning device had previously associated.
After the channel scan procedure is completed, the NWK layer receives a list of
all detected PAN descriptors (containing information about the potential parents).
Based on the information collected during the scan, the device can choose the most
suitable parent (that permits associations). The IEEE 802.15.4 protocol standard
leaves the way to take the association decision to the system designer. Never-
theless one of the most relevant parameters to be considered is the Link Quality
Indicator (LQI).
For a device to associate to a Coordinator, it must send an association com-
mand frame. Then, if the Coordinator accepts the device, it adds it to its neighbor
table as its child. An association response command frame is, in the case of a
successful association, sent to the device (through a mechanism called indirect
transmission, explained later in this chapter), embedding its short address.
Otherwise, in the case of an unsuccessful association, the association response
embeds the problem status information. The Coordinator replies to the association
command frame with an acknowledgment embedding the pending data control
flag active, meaning that it has data ready to be transmitted to the device. The
association procedure is completed when the device sends a data request com-
mand frame to the Coordinator requesting the pending data (the association
response command). After a successful association, the device stores all the
information about the new PAN by updating its MAC PAN Information Base
(MAC PIB) and can start transmissions.
The disassociation from a Coordinator is done via a disassociation request
command. The disassociation can be initiated either by the device or by the
Coordinator. After the disassociation procedure, the device loses its short address
and is not able to communicate. The Coordinator updates the list of associated
devices, but it can still keep the device information for a future re-association.
1.2 IEEE 802.15.4 13
The Guaranteed Time Slot (GTS) mechanism allows devices to access the medium
without contention, in the CFP. GTSs are allocated by the Coordinator and are
used only for communications between the Coordinator and a device. Each GTS
may contain one or more time slots. The Coordinator may allocate up to seven
GTSs in the same superframe, provided that there is sufficient capacity in the
superframe. Each GTS has only one direction: From the device to the Coordinator
(transmit) or from the Coordinator to the device (receive). Figure 1.6 illustrates
message sequence diagram for a GTS allocation.
The GTS can be deallocated at any time at the discretion of the Coordinator or
the device that originally requested the GTS allocation. A device to which a GTS
has been allocated can also transmit during the CAP. The Coordinator is the
responsible for performing the GTS management; for each GTS, it stores the
starting slot, length, direction, and associated device address. All these parameters
are embedded in the GTS request command. Only one transmit and/or one receive
GTS are allowed for each device. Upon the reception of the deallocation request
the Coordinator updates the GTS descriptor list by removing the previous allocated
slot and rearranging the remaining allocation starting slots. The arrangement of the
CFP consists in shifting right the allocated GTS descriptors with starting slot
before the recent deallocated GTS descriptor and consequently the final CAP slot
variable is updated. Figure 1.7 illustrates an example of this procedure.
In Fig. 1.7, the 1st timeline represents the three allocated GTS. The 2nd
timeline shows the deallocation of GTS 2 that starts on the 10th time slot and has
duration of 4 time slots. The final timeline show GTS 3 shifted right by 4 time
slots. The first CTF time slot shifted right from slot 8 (in timeline 1) to slot 12 (in
timeline 3).
The Coordinators monitor GTS activity and if there are no transmissions during
a defined number of time slots the GTS allocation expires. The expiration occurs if
no data or no acknowledgement frames are received by the device or by the
Coordinator, on every 2n superframes, where n is defined as:
(
n ¼ 2ð8macBeaconOrderÞ ; if 0 macBeaconOrder 8
ð1:2Þ
n ¼ 1; if 9 macBeaconOrder 14
Figure 1.8 depicts a flowchart describing the slotted version of the CSMA/CA
mechanism. It can be summarized in five steps:
1. Initialization of the algorithm variables: NB equal to 0; CW equals to 2 and BE
is set to the minimum value between 2 and a MAC sub-layer constant
(macMinBE).
2. After locating a backoff boundary, the algorithm waits for a random defined
number of backoff periods before attempting to access the medium.
3. Clear Channel Assessment (CCA) to verify if the medium is idle or not.
4. The CCA returned a busy channel, thus NB is incremented by 1 and the
algorithm must start again in Step 2.
5. The CCA returned an idle channel, CW is decremented by 1 and when it
reaches 0 the message is transmitted, otherwise the algorithm jumps to Step 3.
In the slotted CSMA/CA, when the battery life extension is set to 0, the CSMA/
CA must ensure that, after the random backoff (step 2), the remaining operations
16 1 Snapshot of the IEEE 802.15.4 and ZigBee Protocols
can be undertaken and the frame can be transmitted before the end of the CAP. If
the number of backoff periods is greater than the remaining in the CAP, the MAC
sub-layer pause the backoff countdown at the end of the CAP and defers it to the
start of the next superframe. If the number of backoff periods is less or equal than
the remaining number of backoff periods in the CAP, the MAC sub-layer applies
the backoff delay and re-evaluate whether it can proceed with the frame trans-
mission. If the MAC sub-layer do not have enough time, it defers until the start of
the next superframe, continuing with the two CCA evaluations (step 3). If the
battery life extension set to 1, the backoff countdown must only occur during the
first six full backoff periods, after the reception of the beacon, as the frame
transmission must start in one of these backoff periods.
The non slotted mode of the CSMA/CA (Fig. 1.9) is very similar to the slotted
version except the algorithm does not need to rerun (CW number of times) when
the channel is idle.
The Inter-Frame Spacing (IFS) is an idle communication period that is needed for
supporting the MAC sub-layer needs to process data received by the physical
layer. To allow this, all transmitted frames are followed by an IFS period. If the
transmission requires an acknowledgment, the IFS will follow the acknowledge-
ment frame. The length of the IFS period depends on the size of the transmitted
frame: A Long Inter-Frame Spacing (LIFS) or Short Inter-Frame Spacing (SIFS).
The selection of the IFS is based on the IEEE 802.15.4 aMaxSIFSFrameSize
parameter, defining the maximum allowed frame size to use the SIFS. The CSMA/
CA algorithm takes the IFS value into account for transmissions in the CAP. These
concepts are illustrated in Fig. 1.10.
1.2 IEEE 802.15.4 17
Fig. 1.11 Indirect transmission example. In the first beacon the coordinator informs the device of
the presence of a data packet. The device decodes this information and issues a data request. The
data packet is then sent by the coordinator to the device and the information of pending data is
removed from the beacon frames
data request message embedding its extended address. The Coordinator sear-
ches in its neighbor tables for the short address corresponding to the extended
address received in the command frame and transmit the corresponding pending
data. In the next Coordinator beacon the pending address list is updated.
3. Normal transmissions. The frames are transmitted to the medium with con-
tention, by applying the CSMA/CA algorithm, i.e., data frames and command
frames transmitted during the CAP. Depending of the operation mode (beacon-
enabled or non beacon-enabled) the CSMA/CA algorithm has two versions, the
slotted or the unslotted respectively.
The IEEE 802.15.4 protocol standard identifies three different transmissions
scenarios during the CAP:
• Successful data transmission. The sender successfully transmits the frame to the
intended recipient. The recipient receives the frame and sends an acknowl-
edgment if required. If it is an acknowledged request, the sender starts a timer
that expires after macAckWaitDuration symbols. Upon the reception of the
acknowledge frame (before the timer expires), the sender disables and reset the
timer. The data transfer is completed successfully.
• Loss of frame. The sender successfully transmits the frame to the medium, but it
never reaches the destination, so that an acknowledgement frame is not trans-
mitted. The sender timer expires (after macAckWaitDuration) and the sender
retransmits the frame again. This procedure is repeated up to a maximum of
aMaxFrameRetries times after which the transmission aborts.
• Loss of acknowledgment. The sender successfully transmits the frame to the
intended recipient that upon reception replies with an acknowledgement frame.
The sender never receives the acknowledgment and retries the transmission.
The MAC sub-layer will only accept frames from the PHY layer if it satisfies
the following requirements:
• The frame type subfield of the frame control field does not contain an illegal
frame type.
• If the frame type indicates that the frame is a beacon frame, the source PAN
identifier must match macPANId, unless macPANId is equal to 0 FFFF, in
which case the beacon frame must be accepted regardless of the source PAN
identifier.
• If a destination PAN identifier is included in the frame, it must match
macPANId or the broadcast PAN identifier (0 FFFF).
• If a short destination address is included in the frame, it must match either
macShortAddress or the broadcast address (0 FFFF). Otherwise, if an extended
destination address is included in the frame, it must match aExtendedAddress.
• If only source addressing fields are included in a data or MAC command frame,
the frame is accepted only if the device is a Coordinator and the source PAN
identifier matches macPANId.
1.3 ZigBee 19
1.3 ZigBee
The ZigBee Network Layer is responsible for network management (e.g., asso-
ciation/disassociation, starting the network, addressing, device configuration and
the maintenance of the NIB-NWK Information Base) and formation, message
routing and security-related services.
The ZigBee Network Layer supports two service entities. The Network Layer
Data Entity (NLDE) provides a data service, allowing the transmission of data
frames and topology specific routing. Figure 1.12 depicts the Network Layer
reference model.
Joining and leaving a network must be supported by all ZigBee Devices. Both
ZigBee Coordinators and Routers must support the following additional
functionalities:
• Permit devices to join the network using the following:
– Association indications from the MAC sub-layer.
– Explicit join requests from the application.
• Permit devices to leave the network using the following:
– Network Leave command frames.
– Explicit leave requests from the application.
• Participate in assignment of logical network addresses.
• Maintain a list of neighboring devices.
The ZigBee Coordinator also defines some important additional network
parameters. It determines the maximum number of children (Cm ) any device is
allowed to have. From this set of children, a maximum number (Rm ) of devices can
be router-capable devices. The remaining are ZEDs (Cm Rm ). Every device has
an associated depth, representing the number of hops a transmitted frame must
travel, using only a parent-child links, to reach the ZigBee Coordinator. By
default, the ZC is assumed to have a depth of 0, while its direct children have a
depth of 1. The ZC also determines the maximum depth (Lm ) of the network. The
maximum number of children, routers and network depth are used for calculating
the addresses of the devices in the network, in a fully distributed addressing
scheme.
A parent device that has a CskipðdÞ value of zero is not capable of accepting
children and must be treated as an end device. A parent device that has a CskipðdÞ
value greater than zero must accept devices and assigns addresses, if possible.
A parent device assigns an address that is one greater than its own to the first router
that associated. The next associated router receives an address that is separated
according to the return value of the Cskipðparent0 s depthÞ function. The maximum
number of associated routers is defined in the network parameter nwkMaxRouters.
Considering a parent node with a depth d and an address of Aparent , the number
of child devices n is between 1 and Cm Rm .
1 n ðCm Rm Þ: ð1:4Þ
The Achild address of the n-th child router is calculated according to Eq. (1.5a,
b) (n is the number of child routers):
Neighbor Routing. This type of routing uses the neighbor tables. If the target
device is physically in range it is possible to send messages directly to the des-
tination. Physically in range means that the source ZC or ZR has a neighbor table
entry for the destination. This routing mechanism is mostly used as addition to
22 1 Snapshot of the IEEE 802.15.4 and ZigBee Protocols
other routing mechanisms and for the ZigBee Routers to route messages to its
children devices, when they are the destination.
Table Routing—Ad-hoc On-Demand Distance Vector (AODV). ZigBee
Table Routing is based on the AODV routing algorithms. Each ZigBee Coordi-
nator and Router that supports this Table Routing must maintain two tables: (1) the
routing table, a long-lived and persistent table with the information of routes, and
(2) a route discovery table with the information of the route discovery procedures
where each entry only lasts the duration of the discovery.
The Ad-hoc On Demand Distance Vector (AODV) [2] routing protocol was
designed for ad hoc mobile networks. AODV is capable of both unicast and
multicast routing. AODV allows mobile nodes to obtain routes quickly for new
destinations, and does not require nodes to maintain routes to destinations that are
not in active communication. AODV allows mobile nodes to respond to link
breakages and changes in network topology in a timely manner. The operation of
AODV is loop-free, and by avoiding the Bellman-Ford counting to infinity prob-
lem offers quick convergence when the ad-hoc network topology changes (typi-
cally, when a node moves in the network). When the link breaks, AODV causes
the affected set of nodes to be notified so that they are able to invalidate the routes
using the lost link. It is an on demand algorithm, meaning that it builds routes
between nodes only if requested by source nodes. It maintains these routes as long
as they are needed by the sources. Additionally, AODV can form trees, connecting
multicast groups, composed of the group members and the nodes needed to con-
nect. AODV uses sequence numbers to ensure the freshness of routes. It is loop-
free, self-starting, and scales to larger numbers of nodes.
In ZigBee Networks, the routing management is done by the means of NWK
command frames. The available commands are the following:
• Route request Command send to search for a route to a specified device, can also
be used to repair a route.
• Route reply Command send in response of a route request, also used to request
state information.
• Route Error notification of a source device of the data frame about the failure in
forwarding the frame.
• Leave notification of a device leaving the network.
• Route Record notification of a list of nodes used in relaying a data frame.
• Rejoin request notification of a device rejoining the network.
• Rejoin response rejoin response of a rejoin request.
The route choice for a communication flow is based on the total link cost
represented by C, meaning that the path with the lowest cost is chosen. The total
link cost is the sum of individual point-to-point link cost. The calculation of C is as
follows: for a defined path P, where L defines the length of a set of devices
[D1 ; D2 ; DL ] and a link [Di ; Diþ1 ] the path cost C is defined as:
1.3 ZigBee 23
X
L1
C fP g ¼ C f½D1 ; Diþ1 g: ð1:7Þ
i¼1
Each C f½D1 ; Diþ1 g is the individual point-to-point link cost, calculated by the
following formulation:
(
7
Cð1Þ ¼ ð1:8Þ
min 7; round p14
l
The next hop (N) address when routing down is given by:
D ðA þ 1Þ
N ¼Aþ1þ CskipðdÞ: ð1:10Þ
CskipðdÞ
If the destination address is not a descendant, the device relays the packet to its
parent.
vicinity and centralizes all the communication (data exchange between nodes must
be relayed by the ZigBee Coordinator). As a consequence, the network coverage is
limited to the transmission range of the ZigBee Coordinator, which restricts the
geographical region under monitoring/control and thus maybe particularly
unsuitable for WSNs. Therefore, there is a tradeoff between supporting scalability
(at the cost of more energy consumption and less delay guarantees, like mesh-
based networks offer) and achieve real-time and energy-efficient communications
(like star-based networks offer). It would be more appropriate if both features
(synchronization and scalability) could be simultaneously supported into the same
network.
The Cluster-Tree network concept is outlined in the ZigBee specification.
However, in the IEEE 802.15.4/ZigBee standards there is not a clear description
on how the cluster-tree model can be implemented. The available information
regarding this topology gives a broad overview on how the cluster-tree network
should operate. More specifically, the cluster-tree model includes more than one
ZigBee Router that periodically generate beacons to synchronize nodes (or clusters
of nodes) in their neighborhood. If these periodic beacon frames are sent in an
unorganized fashion, without any particular schedule, they will collide with each
other or with other frames. These collisions results in the loss of synchronization
between a parent ZigBee Router and their child devices, which prevents them to
communicate. Therefore, beacon frame scheduling mechanisms must be defined to
avoid beacon frame collisions in ZigBee cluster-tree networks.
Only some basic approaches dealing with this problem were proposed for
discussion by the Task Group 15.4b [5], which is a group aiming to improve some
inconsistencies of the original specification. However, no algorithms for providing
collision-free beacon frame generation have been proposed in the standard so far.
In this book, the goal is to show first an implementation of the IEEE
802.15.4/ZigBee standard in nesC/TinyOS [6], whose code is publicly available for
download [7], especially focusing on the cluster tree model at the NWK layer on top
of the Beacon Enabled mode at the MAC layer. Then, this baseline enables WSN
networking with Quality of Service and scalability, achieved by mean of amend-
ments to the standard, proposed in previous work and described in the second part of
this book along with some tools to help engineering these networks and forecast
performance estimations. Finally, an overview of some example application
domains where the solutions proposed are in place is given at the end of this book.
References
Abstract The first part of this chapter provides an overview of an open source
IEEE 802.15.4-2006 MAC implementation for the TinyOS 2 operating system.
It discusses the design challenges, describes the functional decomposition of the
implementation and explains what steps were necessary for the implementation to
meet TinyOS 2 requirements. In the second part of the chapter a similar overview
of the ZigBee Cluster Tree Network Layer implementation in TinyOS 2 is given.
Particular emphasis is put on describing how a tree-based network is formed
through the available child-parent association mechanisms, and the routing of
data packets which exploits the addressing scheme to achieve routing in a single-
line-of-code.
2.1.1 TinyOS 2
MLME-SAP MCPS-SAP
TKN154[Non]BeaconEnabledP
Coord-
DataP AssociateP DisassociateP IndirectTxP PollP PibP
RealignmentP
FrameTx
FrameRx
Coord-
Dispatch- BroadcastP
QueueP
Resource Promiscuous-
Radio[Tx/Rx/Off] ModeP
SimpleTransfer-
RadioControlP
ArbiterP
Fig. 2.1 The MAC architecture: Components are represented by rounded boxes, interfaces by
connection lines. The radio driver and symbol clock components are external to this architecture
30 2 Protocol Implementations
signaled the granted() event by the arbiter the component can use the resource
exclusively; and after usage the resource must be released.1 The implementation
extends this model by allowing a component that owns the radio resource to
dynamically transfer the ownership to a specific other component. This is
explained in Sect. 2.1.3.
Most of the components on the second level (medium gray boxes) represent the
different time intervals in an 802.15.4 superframe: the BeaconTransmitP and
BeaconSynchronizeP components are responsible for transmission/reception of the
beacon frame, the DispatchSlottedCsmaP component manages frame transmission
and reception during the CAP and the CoordCfpP and DeviceCfpP components are
responsible for the CFP. In nonbeacon-enabled mode a superframe structure is not
used and these components are replaced by the DispatchUnslottedCsmaP com-
ponent, which is then responsible for frame transmission and reception in non-
beacon-enabled mode.
The CSMA-CA algorithm requires one (unslotted) or two (slotted) clear
channel assessments (CCA) to be performed one/two back-off slot boundaries
before the actual transmission. Moreover, in case of a CCA failure the transmis-
sion has to be delayed for a random time period of 0–255 back-off periods (equals
0–5100 ls in the 2.4 GHz band). The transmission of an acknowledgements must
start between 12 symbols (equals 192 ls in the 2.4 GHz band) and 32 symbols
(512 ls in the 2.4 GHz band) after the reception of the last symbol of the previous
data or MAC command frame. Since on a typical mote platform, these require-
ments can practically not be met by a platform independent MAC protocol [8],
rather they should be pushed from the MAC to the PHY, ideally to hardware. For
these reasons, the implementation does not include the (un)slotted CSMA-CA
algorithm: the DispatchSlottedCsmaP and DispatchUnslottedCsmaP components
are responsible for the initialization of the CSMA-CA parameters, but the algo-
rithm is implemented and executed in the platform specific radio driver
(Sect. 2.1.4.2). In either beacon- or non-beacon-enabled mode the ScanP and
PromiscuousModeP components are providing services for channel scanning and
enabling/disabling promiscuous mode, respectively. The radio arbitration mecha-
nism is used to coordinate the activities of the components on this level so that
they do not overlap in time: typically a component is active only while it has
exclusive access to the radio resource. It then performs a certain task (e.g.,
transmission of a beacon or performing a channel scan) and afterward either
releases the resource or passes it on to some other component. This mechanism
avoids race conditions when accessing the radio hardware and is detailed in
Sect. 2.1.3.
The components on the top level (white boxes) implement the remaining MAC
data and management services, for example, PAN association or requesting
(polling) data from a coordinator. These services typically utilize data and command
frame transmission/reception based on the (un)slotted CSMA-CA algorithm and
1
https://github.com/tinyos/tinyos-main/blob/master/doc/txt/tep108.txt.
2.1 IEEE 802.15.4 MAC Implementation in TinyOS 2 31
consequently the components are wired via a send queue, DispatchQueueP, to either
DispatchSlottedCsmaP (in beacon-enabled PANs) or DispatchUnslottedCsmaP
(in nonbeacon-enabled PANs). A component on this level typically provides a
certain MAC MLME/MCPS primitive to the next higher layer, it is responsible for
assembling the particular data or command frame and it accepts and processes
incoming frames of the same type. For example, the DataP component provides the
MCPS-DATA primitive to the next higher layer to send a frame to a peer device. On
receipt of the MCPS-DATA.request primitive DataP will assemble the data frame
and enqueue it in the send queue DispatchQueueP. The Dispatch[Un]SlottedCsmaP
component will eventually dequeue the frame, and manage its transmission, e.g.
whenever the CAP has become active. Afterwards, it will signal a completion event
to the DataP component, which in turn propagates a MCPS-DATA.confirm event
back to the next higher layer including an appropriate status code that denotes
whether the transmission was successful or not.
The next higher layer accesses all MAC services either via the TKN154Beac-
onEnabledP component (in beacon-enabled PANs) or via the TKN154NonBeac-
onEnabledP component (in non-beacon-enabled PANs). These configuration
components are nesC facades [2] responsible for wiring the MAC components
together, respectively. They allow to disable/remove certain MAC functionality by
specifying empty placeholder [2] components. Table 2.1 lists all MAC compo-
nents together with the provided MCPS/MLME primitives.
2
https://github.com/tinyos/tinyos-main/blob/master/doc/txt/tep108.txt.
32 2 Protocol Implementations
Table 2.1 The components of the MAC implementation and the provided interfaces
Component Name function [Provided IEEE 802.15.4 Interface]
AssociateP PAN association
[MLME-ASSOCIATE,MLME-COMM-STATUS]
DisassociateP PAN disassociation
[MLME-DISASSOCIATE,MLME-COMM-STATUS]
BeaconTransmitP periodic beacon transmission
[MLME-START]
BeaconSynchronizeP periodic beacon tracking
[MLME-SYNC(-LOSS), MLME-BEACON-NOTIFY]
CoordBroadcastP transmission of coordinator broadcast frames
CoordCfpP GTS management on coordinator
[MLME-GTS]
CoordRealignmentP management of realignment commands
[MLME-ORPHAN, MLME-COMM-STATUS]
DataP assembling/dispatching data frames
[MCPS-DATA, MCPS-PURGE]
DeviceCfpP GTS management on device
[MLME-GTS]
DisassociateP PAN disassociation
[MLME-DISASSOCIATE]
DispatchQueueP send queue for data/command frames
DispatchSlottedCsmaP frame transmission/reception during CAP
(excluding the CSMA-CA algorithm)
DispatchUnslottedCsmaP frame transmission/reception in nonbeacon-enabled PANs
(excluding the CSMA-CA algorithm)
IndirectTxP managing indirect transmissions
PibP maintaining the PAN Information Base
[MLME-RESET, MLME-GET, MLME-SET]
PollP requesting data from a coordinator
[MLME-POLL]
PromiscuousModeP enabling/disabling promiscuous mode
RadioClientC virtualizing access to RadioControlP
RadioControlImplP access control to the radio
RadioControlP configuration for RadioControlImplP
RxEnableP enabling the receiver during idle time
[MLME-RX-ENABLE]
ScanP channel scanning
[MLME-SCAN]
SimpleTransferArbiterP radio resource arbitration
TKN154BeaconEnabledP MAC configuration when used
in a beacon-enabled PAN
TKN154NonBeaconEnabledP MAC configuration when used
in a non-beacon-enabled PAN
2.1 IEEE 802.15.4 MAC Implementation in TinyOS 2 33
mode. If the component responsible for managing the CAP is granted the access to
the radio too late (because there are other tasks served before), then incoming
frames may be lost.
The second is suboptimal, because a superframe is dynamic and some parts of it
are dependent on others. For example, a beacon defines whether the following CFP
is present and missing an incoming beacon means that the entire superframe
cannot be used. Consequently the components that represent the superframe should
be able to decide cooperatively at what time which of them should be active.
Instead of treating them as independent clients that compete for access to the radio,
it is more natural to let them coordinate when and in what order they access the
radio. Therefore we extend the standard Resource interface by a single command
and a single event that enables immediate transfer of the resource from one client
to another. The transfer does not involve posting a separate task and may override
the default queuing policy. This extended interface is called TransferableRe-
source, it is shown in Fig. 2.2.
In the following we call the radio resource the radio token, because a token
better matches the notion of transferability. Figure 2.3 shows an example of how
the radio token is shared between the components responsible for an incoming
superframe: as long as the next higher layer has requested synchronization with the
coordinator, the BeaconSynchronizeP component will always have a request
pending for the radio token (1). After it has been granted the radio token (2) it will
try to track the beacon from the coordinator. Once the beacon has been received,
the radio token will immediately be transferred to the DispatchSlottedCsmaP
component (3), which is then responsible for managing the CAP. When the CAP
has finished the radio token is transferred to the component responsible for the
CFP (4). Finally, at the end of the CFP the token is passed back to BeaconSyn-
chronizeP (5) to be able to receive the next beacon. Afterward, as long as no other
components request the radio token, the steps (3)–(5) repeat indefinitely.
Only the component that owns the radio token may access the radio and
whenever a component does not own the token, it is typically inactive: it may
accept requests from the next higher layer, but it will typically have to wait until it
is transferred/granted the token before it can serve the requests. A component
owning the radio token must make sure that it gives up the token at latest when the
interface TransferableResource {
async command error t request();
async command error t immediateRequest();
event void granted();
async command error t release();
async command bool isOwner();
async command error t transferTo(uint8 t dstClient);
async event void transferredFrom(uint8 t srcClient);
}
Fig. 2.2 The TransferableResource interface extends the standard Resource interface
by an additional command transferTo() and an event transferredFrom() to transfer the
ownership of the resource from one client to another
34 2 Protocol Implementations
5. transferTo()
3. transferTo() 4. transferTo()
Beacon- Dispatch
DeviceCfpP
SynchronizeP SlottedCsmaP
1. request()
Radio[Tx/Rx/Off]
2. granted()
[Un]SlottedCsmaCa
SimpleTransfer-
RadioControlP
ArbiterP
Fig. 2.3 Transferring the radio token between the components responsible for an incoming
superframe. The commands request(), transferTo() and the granted() event are part of the
TransferableResource interface
corresponding part of the superframe has finished (cf. Fig. 1.5). For example,
whenever the DispatchSlottedCsmaP component is given the token from the Be-
aconSynchronizeP component, it will first set an Alarm to expire at the end of the
CAP (less a platform specific guard time). And when this Alarm expires, it will
transfer the token to the component responsible for the CFP.
As shown in Figure 2.4 other components can also request the radio token from
the arbiter. Through interfaces not shown here a client of the arbiter can always
check, whether other clients have requested the token and then release it. For
example, whenever the PipB component requests the token to serve a MLME-
RESET request from the next higher layer, then the components responsible for the
superframe will always give up the token via the TransferableResource.release()
command. When a token is released the arbiter will allocate it to the next client
based on a round-robin policy. Figure 2.4 shows all possible transitions of the
radio token from one component to another.
In a nonbeacon-enabled PAN a superframe structure is not used and the radio
token is never transferred between components. Instead components request it
(via TransferableResource.request()) and release it (via TransferableResource.
release()) according to the standard TinyOS resource arbitration policy.3
3
https://github.com/tinyos/tinyos-main/blob/master/doc/txt/tep108.txt.
2.1 IEEE 802.15.4 MAC Implementation in TinyOS 2 35
SimpleTransfer-
RadioControlP
ArbiterP
Fig. 2.4 Resource arbitration in a beacon-enabled PAN: Components that never actively request
the radio token are shown in white boxes; components that may request the token are shown in
medium gray color. The commands request(), transferTo(), release() and the granted() event are
part of the TransferableResource interface
TinyOS 2 does not support dynamic memory allocation, instead most allocation
and binding is pushed to compile time, which makes code more robust and pre-
dictable. This also holds for the allocation of message buffers: a component that
wants to send a packet is responsible for allocating a message_t buffer, which is
the TinyOS 2.x message buffer abstraction that is used by protocols on network
layer and above (cf. TEP 111).4 Consequently the implementation adapts the MAC
primitives to support message_t and the TinyOS buffer swapping semantics. This
is relevant for two MAC primitives, MCPS-DATA and MLME-BEACON-NOTIFY;
Fig. 2.5 shows the revised interface definitions.
In contrast to the primitives specified in the 802.15.4 standard, these interfaces
do not transport control information (source/destination address of the frame, etc.)
explicitly. Rather, this information is already contained in a message_t and can be
4
https://github.com/tinyos/tinyos-main/blob/master/doc/txt/tep111.txt.
36 2 Protocol Implementations
Fig. 2.5 The MCPS_DATA and MLME_BEACON_NOTIFY primitives are adapted to support
message_t and buffer swapping
The MAC requires the radio driver to provide the six interfaces shown in Fig. 2.6.
These interfaces push many time-critical operations from the MAC to the radio
driver, because the latter can include platform- and chip-specific code and is thus
in a better position to meet the tight timing constraints in beacon-enabled PANs
(cf. Sect. 2.1.2).
The RadioRx, RadioTx interfaces enable receive mode and allow the MAC to
transmit a frame at a specific point in time, respectively. The RadioOff interface
allows to disable the transceiver and the SlottedCsmaCa, UnslottedCsmaCa
interfaces transmit a frame based on the (un)slotted CSMA-CA algorithm. The
MAC specifies the initial CSMA-CA parameters but the algorithm itself is
implemented and executed in the radio driver. Also, the radio driver is responsible
for performing any random back-offs and for the transmission of acknowledge-
ments. The EnergyDetection interface is similar to the one defined in the standard.
It allows to obtain the maximum energy on a given channel over a certain time
period.
2.1 IEEE 802.15.4 MAC Implementation in TinyOS 2 37
interface RadioRx {
async command error t enableRx(uint32 t t0, uint32 t dt);
async event void enableRxDone();
async command bool isReceiving();
event message t* received(message t *frame);
}
interface RadioTx {
async command error t transmit(ieee154 txframe t *frame, uint32 t t0, uint32 t dt));
async event void transmitDone(ieee154 txframe t *frame, error t result);
}
interface RadioOff {
async command error t off();
async event void offDone();
async command bool isOff();
}
interface UnslottedCsmaCa{
async command error t transmit(ieee154 txframe t *frame, ieee154 csma t *csma);
async event void transmitDone(ieee154 txframe t *frame, ieee154 csma t *csma, bool ackPendingFlag,
error t result);
}
interface SlottedCsmaCa{
async command error t transmit(ieee154 txframe t *frame, ieee154 csma t *csma,
const ieee154 timestamp t *slot0Time, uint32 t dtMax, bool resume, uint16 t remainingBackoff);
async event void transmitDone(ieee154 txframe t *frame, ieee154 csma t *csma,
bool ackPendingFlag, uint16 t remainingBackoff, error t result);
}
interface EnergyDetection {
command error t start(uint32 t duration);
event void done(error t status, int8 t maxEnergyLevel);
}
Fig. 2.6 The interfaces that a radio driver must provide to the MAC implementation
The currently supported platforms are: telosb, shimmer2(r) and micaz. To make
the MAC available on a new TinyOS 2 mote platform essentially the following
three requirements have to be met:
1. The platform must include a radio driver that provides the interfaces listed in
Sect. 2.1.4.2. When a platform supports only the non-beacon-enabled mode
then the radio driver does not have to provide the SlottedCsmaCa interface, if it
supports only the beacon-enabled mode, then the UnslottedCsmaCa interface is
not required. In addition, the radio driver must use the TinyOS 2 Notify
interface to be updated about changes in the PHY PIB, and provide a set of
PHY-specific constants.5
2. The MAC implementation uses Alarm and Timer interfaces with a precision of
an 802.15.4 symbol (62.5 kHz for the 2.4 GHz band) and an accuracy of 40
ppm. The Alarm and Timer interfaces are standard TinyOS 2 interfaces that are
provided by a platform’s timer subsystem.6 However, a TinyOS 2 platform
typically does not provide these interfaces with the required precision/accuracy.
In this case the platform’s timer subsystem must be extended accordingly
(possibly including the use of additional hardware).7
5
for an example see $TOSDIR/chips/cc2420_tkn154/CC2420TKN154C.nc and TKN154_PHY.h
6
https://github.com/tinyos/tinyos-main/blob/master/doc/txt/tep102.txt.
7
For an example see https://github.com/tinyos/tinyos-main/tree/master/tos/platforms/telosb/mac/
tkn154/timer.
38 2 Protocol Implementations
This section focuses on the implementation of the ZigBee network layer (NWK) in
TinyOS 2 [9], built on top of the IEEE 802.15.4 MAC primitives (Sect. 2.1.4.1). In
particular, the goal is to detail how to form a network and how to route packets.
Whenever not specified differently, the process described is referred to a Cluster
Tree network model.
The software of the network layer and its interfaces is sketched in Fig. 2.7. The
main components are the NLDE and NLME service access points. The former
exposes to the upper layer (in this scenario, a generic application layer) the
NLDE_DATA interface to send and receive packets. The latter is composed by a
list of APIs for network management, including network formation and discovery,
nodes’ join, network synchronization and leave. These interfaces take advantage of
the APIs provided by the underlying MAC layer to achieve their task.
In the following, network formation and transmission/reception of packets are
described in more details.
The join procedure is necessary for every ZigBee Router and ZigBee End Device
to join the network. Only the ZC and ZRs are allowed to associate devices. It is
8
for an example see $TOSDIR/platforms/telosb/mac/tkn154/Ieee802154BeaconEnabledC.nc and
$TOSDIR/platforms/telosb/mac/tkn154/TKN154platform.h
2.2 ZigBee Cluster-Tree Network Layer Implementation in TinyOS 39
Fig. 2.7 NWK Layer Software Architecture with the list of interfaces
There is a need to differentiate the type of associating device (ZR or ZED) and
separately count them and their assigned addresses in order to comply with the
address scheme (refer to Sect. 1.3.1). This address distribution enables the con-
struction of the cluster-tree topology
The Tree Routing procedure, as briefly explained in Sect. 1.3.2, is based on the
addresses of the devices. When the MAC sub-layer of a device receives a data
frame it issues the MCPS_DATA.indication primitive to the NWK layer.
Figure 2.9 depicts a flow chart showing the procedures when the NWK receives
a data frame. The NWK layer, upon reception of a data frame, will first verify if
the routing destination field equals its own short address and, if true, it transfers the
data payload to the upper layer, by issuing the NLDE_DATA.indication primitive.
If the routing destination address is not for itself, the device must calculate the next
hop destination address.
In case of a ZigBee Coordinator, if the destination of the data frame is its own
child, after checking in the neighbor table, it assigns the next hop with the short
address of the respective child, present in its neighbor table. Otherwise, it needs to
calculate the next hop by applying the Tree Routing formula for that effect (refer to
Sect. 1.3.3). Note that routing is always downstream, since the ZC has no parent.
In case of a ZigBee Routers there is an initial verification if the destination is
upstream or downstream. This verification is done by applying the conditions of
Eq. 2.2:
networkaddress\routing fields ptr ! destination address
and
routing fields ptr ! destination address\ðnetworkaddress þ cskip routingÞ
ð2:2Þ
If the conditions of Eq. 2.2 are true, then routing is downstream. The device
checks if the destination is a child device (by consulting its neighbor table) and if
not it calculate the next hop by applying the Tree Routing formula for that effect
(Sect. 1.3.3). If the conditions are false, the device just routes up to its parent.
After the next hop decision, the message is transmitted by issuing the
MCPS_DATA.request primitive to the MAC sub-layer.
The data frame transmission procedure is similar to the routing mechanism.
After the creation of the frame, the device must assign a destination address to the
routing fields. If the device is a ZED, the only option is to route to its parent
(upstream). Otherwise, if the device is the ZigBee Coordinator or a ZigBee Router,
it must check if the destination is a child device or must calculate the next hop
address.
References
More details about the methodology, as well as its application to evaluate the
impact of the sink’s mobility on the worst-case performance of the cluster-tree
network, can be found in [2], while here our goal is to show the application of the
methodology to the ZigBee-based Cluster-Tree topology.
The general cluster-tree topology can be represented by the particular ZigBee
cluster-tree topology where ZigBee coordinator corresponds to the root, ZigBee
router to the router and ZigBee end device to the end-node. The beacon-enabled
mode is considered, since it supports cluster-tree topology and enables the provision
of guaranteed bandwidth through the GTS mechanism. Each GTS can be used to
transfer time-sensitive data either in transmit direction, i.e., from child node to its
parent router (upstream data link), or receive direction, i.e., from parent router to its
child node (downstream data link). There can be allocated a maximum of 7 GTSs in
each superframe. Hence, using this explicit GTS allocation, the maximum numbers
of child routers and end-nodes (that require guaranteed bandwidth) associated to
MAX MAX
each router are constrained as follows Nrouter þ Nendnode 7. According to the IEEE
802.15.4 [3] standard, all clusters have the same duty-cycle. Hence, the WC-TDCS
(Worst-Case - Time Division Cluster Scheduling) is given by the non-overlapping
sequence of equally sized SDs, and the period of WC-TDCS is equal to BI.
Each GTS includes effective data transmission and overheads (i.e., inter-frame
spacing (IFS) and eventual acknowledgement and retransmissions [3]). In practice,
most WSN applications are likely to use frames that are smaller than the maximum
allowed size of a MAC frame (MPDU), which is equal to aMaxPHYPacketSize
(1016 bits) [3]. Thus, in order to achieve more accurate results the parameter
MPDUmax representing the user-defined maximum size of MAC frames is
introduced.
Next, the expression for the effective bandwidth guaranteed by one time slot,
which is related to the worst-case data transmission, is derived. The worst-case
time required for the overall successful transmission of a frame (i.e., the last
retransmission succeeded—see Fig. 3.1) is then expressed as:
ðmacMaxFrameRetries X þ 1Þ
Tframe ¼ ð3:1Þ
ðfrm size=rate þ ack XÞ þ IFS
where frm size is the user-defined maximum size of transmitted frame including
the data payload, MAC and PHY headers (i.e., PPDU), rate is the data rate
(assuming 250 kbps), IFS is equal to SIFS or LIFS depending on the MPDUmax ,
ack stands for macAckWaitDuration, X ¼ 1 for an acknowledged transmission or
X ¼ 0 for an unacknowledged transmission.
The worst-case number of frames with user-defined maximum size that can be
transmitted during one time slot is expressed as:
3.1 Worst-Case Analysis and Dimensioning 47
Fig. 3.1 The worst-case time required for an overall successful transmission of frame1
(macMaxFrameRetries ¼ 2)
$ %
TS
Nframe ¼ ð3:2Þ
Tframe
where TS is the duration of a time slot and is equal to SD=16. In the remaining time
(i.e. TS Nframe Tframe ), a MAC frame smaller than MPDUmax can only be
transmitted if the whole transmission can be completed before the end of the GTS.
The size of the last frame (PPDU), which can be transmitted within a given GTS,
is then expressed as:
TS Nframe Tframe IFS
last frm size ¼ ack X rate ð3:3Þ
macMaxFrameRetries þ 1
If the size of the last frame is smaller than the minimum size of frame,
PPDUmin , then last frm size ¼ 0.
Finally, assuming a full duty-cycle (i.e., SO ¼ BO) the bandwidth guaranteed
by one GTS time slot in a given superframe is expressed as:
Nframe frm size þ last frm size
R100%
TS ¼ ð3:4Þ
SD
Each parent router must reserve a GTS with enough time slots for each of its child
nodes. For upstream data links, the resulting bandwidth of GTS, guaranteed by a
TS
parent router at depth i and given by NiU time slots in transmit direction, must be
greater than or equal to the total incoming arrival rate rðiþ1ÞU of a child node at
depth i þ 1. On the contrary, for downstream data links, a parent router at depth i
TS
must reserve a GTS with NiD time slots in receive direction to its child router at
depth i þ 1 such that the resulting link bandwidth is greater than or equal to its
total incoming arrival rate riD . It results that:
TS rðiþ1ÞU TS riD TS rdata
NiU ¼ NiD ¼ Nendnode ¼ ð3:5Þ
RTS RTS RTS
48 3 Models and Tools
TS
Note that Nendnode is the number of GTS time slots guaranteed to each end-node
by its parent router. Hence, a GTS with NiTS time slots provides rate-latency service
bRi Ti , where Ri ¼ NiTS RTS is the guaranteed bandwidth and Ti is the maximum
latency that the data must wait to be served.
The service latencies Ti depend on the TDCS such that their worst-case values
are achieved for the non-overlapping WC-TDCS (i.e., a TDCS of a data flow along
the longest routing path in a WSN). Since the proposed methodology is based on
the balanced properties of the cluster-tree topology model, the same service
latency, equal to the worst-case one at a given depth, is provided to all data links at
a given depth in upstream/downstream direction. The worst-case service latencies
at each depth, except depth 0, are given by the distance between the active portions
of consecutive clusters on the longest routing path to the sink. The period of
WC-TDCS is equal to the time which spans between two consecutive active
portions of the same cluster (i.e., BI).
Note that the service latencies of any application-specific or overlapping TDCS
will be equal or shorter than the latencies of non-overlapping WC-TDCS. In these
cases, the worst-case latency at a given depth is equal to the longest latency in
upstream/downstream direction at this depth, which does not to be equal to the one
along the longest routing path in a WSN.
The worst-case service latency guaranteed to a flow over an upstream data link
at a given depth is expressed as:
– the latency guaranteed by a router to its end-node:
TS
Tendnode ¼ BI Nendnode TS
– the latency guaranteed by a router at depth i to a child router at depth i þ 1, for
8i, 0 \ i \ H:
TS TS
TiU ¼ BI SD NiU Nðiþ1ÞU TS
– the latency guaranteed by the router at depth 0 to the child router at depth 1:
MAX TS
TS TS
T0U ¼ BI SD N0D þ Nrouter 1 N0U N1U TS
On the other hand, the worst-case service latency guaranteed to a flow over a
downstream data link at a given depth is expressed as:
TS MAX
LCFP Nendnode Nendnode
R0 ¼ MAX
RTS
Nrouter
As a result, the maximum arrival rate of the sensory data is:
TS MAX
MAX LCFP Nendnode Nendnode
rdata ¼ MAX
Nrouter
RTS
P
H1 MAX j MAX
j¼0 ðNrouter Þ Nendnode þ x
ð3:7Þ
for Hsink ¼ 0.
On the other hand, for 1 Hsink H, the corresponding link bandwidth
guaranteed by the parent router at depth ðHsink 1Þ to the sink router at depth Hsink
is equal to:
TS MAX
LCFP Nendnode Nendnode
RðHsink 1Þ ¼ MAX
RTS
Nrouter
As a result, the maximum arrival rate of the sensory data is:
TS MAX
MAX LCFP Nendnode Nendnode
rdata ¼ MAX
Nrouter
RTS
P
Hsink 1 MAX Þ Hj MAX
j¼0 ðNrouter Nendnode þx
ð3:8Þ
for 8Hsink , 1 Hsink H.
MAX
The average arrival rate rdata of sensory data must be lower than rdata in any
case. The value of burst bdata is selected according to the burstiness of sensory data.
Finally, the analytical model briefly sketched here has been implemented into a
Matlab tool [7], which can run in Command Line Interface (CLI) mode or
Graphical User Interface (GUI) mode. Figure 3.2 shows the GUI of such tool. On
its left hand side, the network setting and parameters of sensory data are entered.
After the computation, the results and, optionally, several charts are shown on the
right hand side.
3.2.1 OPNET
This section presents the structure of the IEEE 802.15.4/ZigBee simulation model
[12] that was implemented in the Opnet Modeler simulator.
52 3 Models and Tools
Fig. 3.3 The structure of the IEEE 802.15.4/ZigBee Opnet simulation model
3.2 Simulation Models 53
The network layer implements address-based tree routing (a mesh routing is not
supported yet) according to the ZigBee [13] specification. The frames are routed
upward or downward along the cluster-tree topology according to the destination
address by exploiting the hierarchical addressing scheme provided by ZigBee [13].
This addressing scheme assigns an unique address to each node using the sym-
metric hierarchical addressing tree given by three parameters, namely the maxi-
mum number of children (i.e., routers and end devices) that a router or a coordinator
may have (Cm ), the maximum depth in the topology (Lm ), and the maximum
number of routers that a router or a coordinator may have as children (Rm ).
The application layer can generate unacknowledged and/or acknowledged best-
effort and/or real-time data frames transmitted during CAP or CFP, respectively.
There is also a battery module that computes the consumed and remaining energy
levels. The energy consumption is estimated as U I t based on the execution
time (t), the voltage (U), and current draw (I). The particular current draws can be
set for a node operating in receive mode, transmit mode, idle mode or sleep mode.
A node in sleep mode can neither transmit nor receive data; a node must be woken
up to idle mode first. The default values are set to those of the widely-used MICAz
[14] or TelosB [15] motes.
This section depicts some important user-defined attributes relating to the GTS
mechanism and the real-time data traffic. All attributes are described in the
reference guide [16] in deeper details.
A coordinator and each router may accept or reject the GTS allocation request
from its children according to the value of the attribute GTS Permit. Each node
(except the coordinator) can specify the time when the GTS allocation request
(GTS Start Time attribute) and deallocation request (GTS Stop Time attribute) are
dispatched to its parent. The allocation request includes the number of required
time slots (Length attribute) and the transmit or receive direction.
Each node can generate data frames inside the time interval given by Start Time
and Stop Time attributes. The size of frame payload (MSDU) is defined by the
Packet Size attribute. The Packet Inter-arrival Time attribute defines the inter-
arrival time between two consecutive frames. The frames are stored in a buffer.
The frames exceeding the buffer capacity (Buffer Capacity attribute) are dropped.
When the requested GTS is active, a frame (MPDU) is removed from the buffer,
prefixed with the headers (SHR and PHR), and it is dispatched to the network with
an outgoing data rate equal to physical data rate (250 kbps).
In Sect. 4.1 the simulation model described here will be applied to assess the
performance of the GTS mechanism and to compare the results against the the-
oretical model of Sect. 3.1.
3.2 Simulation Models 55
3.2.2 CASTALIA
Overview
Castalia is a discrete event simulator for Wireless Sensor Networks (WSNs)
and Body Area Networks (BANs) [17]. It is written in the C++ language and based
on the popular simulation platform OMNeT++ [18]. Castalia has been developed
by the National ICT Australia, and is released under the Academic Public License.
Also, users and developers can receive support from a dedicated forum [19].
Castalia allows users to test and validate algorithms, protocols, and applications
for WSNs. In order to do that, it provides realistic models for the radio and the
wireless channel [20].
In particular, the radio model is based on real radios for low-power commu-
nication, including the CC2420 chipset [21]. Also, it models RSSI and carrier
sensing in a realistic way, and considers different modulation types and trans-
mission power levels. As to the wireless channel, Castalia takes into account nodes
mobility, and relies on the lognormal shadowing model, which has been shown to
provide accurate estimates for average path loss [22]. Finally, Castalia considers
also node clock drift, allows for modeling physical processes, and provides
implementations of routing and MAC protocols, including IEEE 802.15.4 [3].
Furthermore, Castalia is highly parametric, and is tailored to evaluate different
platform characteristics for specific applications. It is worth remarking that Cas-
talia is not sensor-platform specific. Instead, it is a generic framework aimed to be
used for preliminary evaluations, before implementing applications and algorithms
for specific platforms. This is what mainly distinguishes Castalia from other WSNs
simulator as Avrora [23].
Finally, Castalia has been designed to be highly adaptable and extendable, thus
allowing the user to enhance its functionalities, and create and import new mod-
ules. This is possible thanks to the modular organization and other tools provided
by OMNeT++, upon which Castalia has been built. Also, since events are managed
by the OMNeT++ simulation engine, Castalia makes it possible to easily focus on
designing and modelling WSNs.
Castalia Architecture
As stated above, Castalia is built upon the OMNeT++ platform. However, the
user is not required to have a deep knowledge of OMNeT++, in case she wants to
use Castalia in a basic way. On the other hand, a fair understanding of OMNeT++
basic concepts is required in order to enhance or develop applications and
protocols within Castalia. In such a case, messages and modules provided by
OMNeT++ become fundamental concepts to deal with.
In short, an OMNeT++ simple module represents the basic unit of execution.
More specifically, it receives messages sent by other modules or itself, and per-
forms some actions according to the message kind and content. Also, the received
message can alter the module execution state, and can schedule new messages to
56 3 Models and Tools
Vðp; tÞ stands for the value of the physical process at point p and time t. Vi ðtÞ
represents the value of the i-th source at time t, while di ðp; tÞ denotes the distance
of point p from the i-th source at time t. The K and a parameters determine in
which way the value is diffused from a source. Finally, Nð0; rÞ is a zero-mean
gaussian random variable, with standard deviation r.
As an alternative, Castalia provides the Cars Physical Process. Such model
reproduces the behavior of a number of cars moving along a path in a linear way.
Basically, cars are moving sources available for sensor nodes readings. The actual
values read from cars are dispersed in space according to the Customizable
Physical Process formula (see Eq. 3.9), with K ¼ 0:1 and a ¼ 1. The user is
allowed to set both the speed and the interarrival time of considered cars.
3.2 Simulation Models 57
node-specific information as the clock drift and the baseline power consumption,
i.e. the minimum power that the node consumes.
The Mobility manager module deals with how sensor nodes move through the
simulated space. It keeps track of the node location over time, and makes such
information available to other modules of the same node through a function call.
Also, it is responsible for periodically notifying the current node position to the
wireless channel.
The Application module represents the applicative software running on the
sensor node. This layer is responsible for receiving sensed data from the Sensors
manager module, processing data according to the application specifications, and
dealing with packets forwarding and reception. Castalia provides a number of
simple although effective implemented applications, aimed at testing its main
features, and making the user familiar with the simulation framework.
The Routing, MAC, and Radio modules constitutes the actual communication
stack of sensor nodes. As to the network layer, Castalia provides two routing
protocols, i.e. bypassRouting and multipathRingsRouting. As the name suggests,
the former one does not implement any actual routing policy. Instead, the multi-
pathRingsRouting protocol defines a sink node, and organizes network nodes in
different levels, but no one of them has a specific parent. Each node receives a
level number (or ring number) during the setup phase. More specifically, the sink
node starts the setup phase by sending a setup packet with level 0. Upon receiving
such packet, a node adds 1 to the level and broadcasts it to other nodes. This
process goes on until all connected nodes have a level number. In order to send a
packet to the sink, a network node actually broadcasts the packet, including its
own level number. Then, any node with smaller level number rebroadcasts the
packet. This process ends when the sink receives the packet. This routing protocol
3.2 Simulation Models 59
results to be quite robust. However, in case of high transmission rates, the network
might be easily congested, and performance can be seriously affected.
As to the MAC layer, Castalia provides four MAC modules, i.e. TunableMAC,
TMAC, IEEE 802.15.4, and BaselineBANMac. TunableMAC is a duty-cycled
MAC, which reflects the behavior of a simple CSMA/CA MAC protocol, and does
not support acknowledgments and RTS/CTS control packets. T-MAC aims at
keeping performance high by adapting its duty cycle according to traffic
requirements. IEEE 802.15.4 focus on the MAC layer of the IEEE communication
standard [3], and includes CSMA-CA functionalities (slotted and unslotted),
beacon-enabled networks with association, direct data transfer mode, and Guar-
anteed time slots (GTS). BaselineBANMac implements the IEEE 802.15.6 draft
proposal for BAN [8].
The Radio module makes an effort to reproduce the behavior and features of
real low-power radios. Its main features include multiple states, multiple trans-
mission power levels, different power consumpion levels, multiple modes of
operation and modulation schemes, Channel Clear Assessment (CCA) capability,
and fine grained interference calculation.
Castalia Usage
Castalia provides the user with three different scripts, namely Castalia, Cas-
taliaResults, and CastaliaPlot. Basically, Castalia is used to actually simulate
WSN scenarios. On the other hand, CastaliaResults allows users to visualize and
interpret simulation results. Finally, CastaliaPlot is used to create graphs of the
obtained simulation results.
The Castalia script takes an .ini configuration file as input. Such file includes a
list of parameters to be considered and their values, and provides a description of
the WSN scenario to be simulated. Parameters values specified within the .ini file
overwrite potential default values provided in other Castalia configuration files.
Also, parameters can be organized into sections, namely configurations. This
allows the user to simulate specific configurations, and potentially combine them.
More information about available parameters can be found in Castalia user’s
manual [20].
The Castalia script parses the .ini file, retrieves simulation parameters to be
considered, and then runs the actual simulation for the specified application sce-
nario. Also, the user can specify how many repetitions must be performed. Finally,
it is possible to produce an additional output file, containing a trace of all events
occured during the simulation.
The output produced by the Castalia script is a text file containing simulation
results. Although such file is human readable, the user can rely on the Castali-
aResults script to visualize and interpret it more easily. Specifically, CastaliaRe-
sults takes as input the simulation output file produced by the Castalia script.
Then, it parses such file in order to find out what output has been recorded by
different modules (e.g. Application, Sensors Manager, Wireless Channel) during
the simulation. By means of specific options, it is possible to focus on different
outputs, and properly visualize data in a comfortable tabular form.
60 3 Models and Tools
Finally, the CastaliaPlot script allows for automatically drawing graphs straight
from the output of CastaliaResults. More specifically, CastaliaPlot takes the
output of CastaliaResults as input. Then, the table produced by CastaliaResults is
drawn by CastaliaPlot according to the set of options specified by the user.
CastaliaPlot supports different image formats and graph styles, and relies on the
gnuplot program [24] to produce graphs.
1
On [31], $TOSROOT/apps/tests/tkn154/packetsniffer.
62 3 Models and Tools
Fig. 3.8 Z-Monitor distributed sniffers concept: The Z-Monitor instances collect data to a central
database, where the full network without duplicated packets is available to external clients for
monitoring/debugging
so that it will be easier and practical to analyze the behavior of large scale
networks (for which a first implementation is already on-going as sketched in
Fig. 3.8), (ii) extending parsing component to support new COTS protocols
implementations such as TinyRPL, which has recently been released (see,
e.g., [32]), and (iii) integrating advanced filtering and statistical analysis features.
References
1. Z. Hu, B. Li, Fundamental performance limits of wireless sensor networks. in Ad Hoc and
Sensor Networks, ed. by Y. Xian, Y. Pan (Nova Science Publishers, New York, USA, 2004)
2. P. Jurčík, Real-time Communication over Cluster-tree Wireless Sensor Networks
(Department of Control Engineering, Faculty of Electrical Engineering, Czech Technical
University in Prague, Czech Republic in collaboration with CISTER-ISEP Research Unit,
Polytechnic Institute of Porto, Portugal, Prague, Ph.d. Programme on Electrical Engineering
and Information Technology, 2010)
3. Institute of Electrical and Electronics Engineers, Inc., New York. IEEE Std. 802.15.4-2006,
IEEE Standard for Information Technology—Telecommunications and Information
Exchange between Systems—Local and Metropolitan Area Networks—Specific
Requirements Part 15.4: Wireless Medium Access Control (MAC) and Physical Layer
(PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs), 2006
4. A. Cunha, R. Severino, N. Pereira, A. Koubâa, M. Alves, Zigbee over tinyos: Implementation
and experimental challenges. in Proceedings of the 8th Portuguese Conference on Automatic
Control (CONTROLO), 2008, pp. 911–916
References 63
Abstract This Chapter provides an overview of the performance limits of the 15.4
and ZigBee custer-tree protocols, building on the models and tools that have been
presented in Chap. 3. A thorough performance analysis permitted to identify some
limitations in the standard protocols, some of which we resolve with the add-ons
that are presented in the second part of the book (Chaps. 5 and 6).
This section presents the performance assessment of the GTS mechanism defined
by the IEEE 802.15.4 standard [1]. This is done using the simulation tool presented
in Sect. 3.2.1.1 and the results compared against the analytical framework
described in Sect. 3.1.
Since there is no medium access contention inside the GTS, a simple star network
containing a coordinator and one associated end device is sufficient for perfor-
mance evaluation. Thus, having additional nodes would have no influence on the
simulation results. For the sake of simplicity, and without loss of generality, we
assume the allocation of only one time slot GTS in transmit direction and a 100 %
duty-cycle (i.e., SO ¼ BO). In what follows, the change of the SO means that the
BO also changes, while keep satisfying SO ¼ BO. This means that the optional
inactive portion is not included in the superframe. Small frame sizes are used in
the simulation and the results (e.g., average, maximum, minimum delays) are
computed from a set of 1000 transmissions. Hence, the simulation time of one run
is equal to the duration of 1000 superframe periods.
In Sect. 4.1.3, the performance of the GTS mechanism from the Opnet simulation
model is evaluated against the analytical model of the GTS mechanism proposed
in [2], which is based on the Network Calculus formalism.
The Network Calculus-based analytical model relies on the affine arrival curve
and rate-latency service curve [3]. This means that each generated application data
flow has a cumulative arrival function RðtÞ upper bounded by the affine arrival
curve ab;r ðtÞ ¼ b þ r t, where b denotes the burst tolerance and r denotes the
average arrival rate. The analytical model is bit-oriented, which means that
the application data are generated as a continuous bit stream with data rate r. On
the other side, the simulation model has a more realistic frame-oriented basis,
where the frames with a specified size are generated with a given period. Con-
sequently, the burst tolerance b and arrival rate r, as defined in the analytical
model, should be implemented in the simulation model in the following way.
A FIFO buffer with a specified capacity substitutes a data burst with a given size,
and the arrival data rate is defined as follows:
Packet size
r¼ ½bps ð4:1Þ
Packet Interarrival Time
The smallest data unit in the analytical model is a bit, while in the simulation
model it is a frame with a bounded size.
This section shows how the Superframe Order, the arrival data rate and the size of
the frame payload impact the throughput of the allocated GTS and the media
access delay of the transmitted frames.
Throughput as a function of the SO and arrival data rate. The purpose of this
section is to evaluate and compare the data throughput during one time slot GTS,
for different values of the Superframe Order and for different arrival rates. For a
given SO, the data throughput is related to the time effectively used for data
transmission inside the GTS. Since the frames are transmitted without acknowl-
edgement, the wasted bandwidth can only result from IFS or waiting for a new
frame if the buffer is empty.
The frames can be dispatched at the physical data rate (250 Kbps) if the buffer
does not become empty before the end of GTS. Otherwise, if the buffer becomes
empty, the frames are not stored in the buffer but they are directly dispatched to the
4.1 Performance Analysis of the IEEE 802.15.4 GTS Mechanism 67
network according to their arrival data rate Eq. 4.1, which is often lower than the
physical data rate.
Figure 4.1 plots the average throughput of one GTS time slot allocated for
different SOs (with a duty-cycle equal to 1) as a function of the arrival data rate,
for two sizes of frame payload (40 and 41 bits). To identify the impact of the
arrival data rate on the throughput, the buffer capacity is fixed to 2 mKbits.
To show the impact of the IFS on the GTS throughput, the size of the frame
payload is set to 40 and 41 bits. When the frame payload size is smaller or equal to
40 bits (MPDU is equal to 144 bits assuming MHR of 88-bit size), the SIFS
(48 bits) is used. Otherwise, if the frame payload size is greater or equal to 41 bits,
then the LIFS (160 bits) is used. Note that, one additional bit in the frame payload
causes 112 additional bits in the IFS. It can be easily observed in Fig. 4.1 that the
impact of the IFS on the wasted bandwidth is more significant for low SO values.
When the size of the frame payload (Packet Size) is fixed, the inter-arrival time
(Packet Inter-arrival Time) has to be changed according to Eq. 4.1 in order to reach
the required arrival data rates. For instance, to achieve 5 Kbps arrival data rate, it
can be computed that the frame payload with 40 bits size has to be generated every
28.8 ms. We use the same settings as in the analytical model [2] and the Packet Size
and Packet Inter-arrival Time attributes have been configured as constant values
that correspond to the required data rates during each simulation run.
The behavior of the throughput for low SO values and the lowest arrival data
rate (5 Kbps) is quite different from the rest of the experiments. This occurs since
the Superframe Duration for SO ¼ 0 is equal to 15.36 ms, but for 5 Kbps arrival
data rate the frame payload is generated every 28.8 ms. Thus, in every two su-
perframes, one of them has no available frame in the buffer, and therefore the
throughput is roughly the half of the ones resulting from other arrival data rates,
where at least one frame is available in the buffer every superframe.
If the size of the frame payload is equal to 41 bits, it results that for SO ¼ 0 the
throughput is zero for all arrival data rates, since the whole transmission (including
the frame and LIFS) cannot be completed before the end of the GTS.
For low SO values, the throughput grows since the buffer does not become
empty during a GTS duration, and a significant amount of bandwidth is wasted by
the IFS. On the other hand, the throughput for high SO values falls, since the buffer
becomes empty before the end of the GTS. For a large GTS, a significant amount of
bandwidth is wasted when waiting for the incoming frame payload from the
application layer. The throughput for high SO increases with the arrival data rate
(i.e., lower Packet Inter-arrival Time), since the waiting time for the incoming
frame payload decreases. It can be easily observed that the throughput performance
for high SO values is identical and independent of the size of the frame payload.
Analytical results versus simulation results. In Fig. 4.2, the analytical and the
simulation models have a very similar behavior in terms of the GTS throughput as
a function of the arrival data rate. The throughput performance for high SO values
has identical values and shape for both models. The simulation results are influ-
enced by the frame-oriented approach of the simulation model, which is more
significant for low SO values. The analytical model is bit-oriented, therefore it
saturates available transmission bandwidth and therefore the throughput perfor-
mance of the simulation model is upper bounded by the maximum throughput of
the analytical model (analytical results are drawn with dashed lines).
Fig. 4.2 GTS throughput as a function of the arrival data rate: simulation versus analytical model
4.1 Performance Analysis of the IEEE 802.15.4 GTS Mechanism 69
the impact of the SO values on the media access delay of the frame for 100 %
duty-cycle. The most suitable SO values for providing the lowest delay bound are
also determined. Two initial states of the buffer, namely empty or full, are
consider.
Figure 4.3a presents the media access delay as a function of the arrival data
rate, for a frame payload size and a buffer capacity equal to 40 bits and 4 Kbits,
respectively. Observe that the media access delay depends neither on the arrival
data rate nor on the initial size of the buffer for higher values of arrival data rate
(20–120 Kbps). In this case the behavior is almost identical to each other and the
lowest delay bound is achieved for SO values equal to 2–3. This occurs since for
low SO values (SO\5) the maximum delay is achieved for full buffer. For
increased values of the arrival data rate, only the time for filling the buffer grows.
This explains also the identical behavior for initially full or empty buffer. For SO
values higher or equal to 5, all frames stored in the buffer (with capacity equal to
4 Kbits) can be transmitted during a GTS and the media access delay grows with
SO. The value of this breakpoint depends on the buffer capacity (Fig. 4.3b).
The delay behavior for the lowest arrival data rate is a monotonic function with
the minimum for SO ¼ 0. The arrival data rate is too slow and the buffer becomes
always empty during a GTS for all SO values. Thus, the value of media access
delay grows with SO and does not depend on the buffer capacity. When the buffer
is initially full, the maximum delay is achieved at the beginning, and then the
buffer becomes gradually empty. For SO 6, the buffer is filled up during a
Superframe Duration and the behaviours of initially full and empty buffers are met.
The specific delay behaviour, for an arrival data rate equal to 10 kbps, is explained
in more details, with the support of the results shown in Fig. 4.3b.
Figure 4.3b shows the media access delay of the frame as a function of the
buffer capacity, for a frame payload size and an inter-arrival time equal to 40 bits
and 14.4 ms (i.e., r = 10 Kbps), respectively. For the low SO values (0 and 1), the
number of generated frames during a Superframe Duration is higher than
the maximal number of potentially transmitted frames during the GTS so that the
number of stored frames in the buffer grows. The maximum delay of the frame is
reached when the buffer is full. Therefore, the media access delay depends only on
the buffer capacity and grows with it. For increasing SO values, only the time when
the buffer will be full grows. The delays are roughly constant since when the SD is
doubled, (i.e., SO value is incremented by one) the GTS duration has to be doubled
too. In what follows, the number of generated and transmitted frames is also
doubled, thus their ratio stays constant.
When the buffer is initially empty and SO values are higher than 2, the media
access delay depends only on the SO values instead of the buffer capacity, and it is
roughly equal to the SD minus one time slot GTS duration. This occurs since the
number of generated frames is lower than the maximum number of potentially
transmitted frames so that no frame is stored in the buffer between two consecutive
GTSs. When the buffer is initially full, the media access delay still depends on the
buffer capacity until the value of SO causes that the full buffer becomes empty
70 4 Performance Analysis and Network Dimensioning
Fig. 4.3 The media access delay. a The media access delay as a function of the arrival data rate.
b The media access delay as a function of the buffer capacity
during a GTS. Afterward, the delay depends only on the value of SO. The max-
imum delay is reached at the beginning, before the buffer becomes empty.
In this special case, for the lowest buffer capacity (500 bits), the media access
delay function is monotonic and grows with SO values, which makes SO ¼ 0 the
most suitable for providing the lowest delay. For higher buffer capacities, the most
suitable value of SO in terms of the lowest delay is definitely 2 and does not
depend on the buffer capacity, when the buffer is initially empty.
Analytical results versus simulation results. The simulation and analytical
results of the media access delay as a function of the buffer capacity or burst size b
are compared in Fig. 4.4. The analytical results are obtained for the arrival data
rate equal to 5 Kbps. The same arrival data rate cannot be used for the simulation
model, because the delay for arrival data rate equal to 5 Kbps does not depend on
the buffer capacity (Fig. 4.3a). According to the results shown in Fig. 4.3a, the
arrival data rate equal to 20 Kbps has been selected as the closest one. Hence, we
4.1 Performance Analysis of the IEEE 802.15.4 GTS Mechanism 71
Fig. 4.4 The media access delay as a function of the buffer capacity/burst size: simulation versus
analytical model
cannot compare the values, but only the behavior of the models in terms of media
access delay. This behavior is roughly similar for both models, and the lowest
delay is achieved for SO ¼ 2 in higher buffer capacity (2–10 Kbits), or for SO ¼ 0
in case of lower buffer capacity (0.5 and 1 Kbits). The difference between frame-
oriented and bit-oriented approaches of the simulation and analytical models,
respectively, can be observed for the higher SO values. In case of the analytical
model, the delay curves converge slowly into a single one (analytical results are
drawn with dashed lines).
In summary, WSN applications with low data rates and low buffer capacities
achieve the lowest delay bound for SO ¼ 0. However, for higher buffer capacities
(more than 1 Kbits) and higher arrival data rates (more than 10 Kbps) the most
suitable value of SO for providing real-time guarantees is 2. The simulation and
analytical results are roughly identical in terms of the media access delay, and the
simulation results are upper bounded by the analytical results.
The OPNET [5] simulation model [6] for the IEEE 802.15.4 supporting the slotted
CSMA/CA mechanism was used as a means to compare experimental and simu-
lation results, for the same scenarios. In general, both the simulation and experi-
mental scenarios consist of 1 PAN Coordinator and 10 End Devices generating
traffic (data frames with 63 bytes of length) at pre-programmed inter-arrival times
(at the Application Layer) and a network/protocol analyzer capturing all the data
for later processing and analysis. The generated data frames have a constant size
and are equal in all nodes.
The global offered load (denoted as G) generated by all node’s application
layers depends on the inter-arrival times, which are exponentially distributed
(Poisson arrivals). Basically, the performance of the slotted CSMA/CA mechanism
will be evaluated as a function of the offered load G in the network. The simulation
and the experimental scenarios are depicted in Figs. 4.5 and 4.6, respectively.
In Fig. 4.5, it is possible to observe the network layout and the attributes of each
End Device node (wpan_sensor_node model).
Figure 4.6 depicts the experimental testbed, using MICAz motes. In general,
the hardware testbed consists of one Coordinator, 10 End Devices, one packet
sniffer and one configuration node.
The configuration node consists of a MICAz mote attached through a serial
board to a computer. This node is used to setup the message inter-arrival times,
frame size or any other network parameter of the traffic generating nodes thus
providing a way of changing the nodes configuration without the need of repro-
gramming. This setting is done by simply sending a packet with all the network
parameters values embedded in the payload at the beginning of each run, thus
enabling the traffic generation of the end devices. In order to do this, a command is
typed in the terminal window of the computer. At that point, the end-devices
4.2 Performance Analysis of the IEEE 802.15.4 CSMA/CA Mechanism 73
already synchronized with the coordinator’s beacon, start transmitting data frames.
The data frames were embedded with the necessary data in their payload to enable
the analysis.
The packet analyzer used to capture all the generated packets was the Chipcon
CC2420 Packet Analyser [7]. It generates a text file with all the received packets
and the corresponding timestamps. A parser application was developed to retrieve
the necessary data from the packet’s payload (by parsing the sniffer’s capture file)
and export it to a spreadsheet for processing and result analysis.
In this section the simulation and the experimental results are presented and briefly
analyzed. Setting BO and SO is one of the most important tasks of the PAN
Coordinator. By changing the inter-arrival times, it was possible to achieve dif-
ferent traffic loads (G values). Figure 4.7 presents the results concerning Network
Throughput (S) obtained through simulation (Fig. 4.7a) and from the hardware
testbed (Fig. 4.7b), for different BO=SO settings.
As expected, with low SO settings lower Network Throughput levels are
achieved. This is due to two factors. First, with lower SO settings the overhead of
the beacon frame is much more significant since beacons are more frequent.
Second, CCA deference is more frequent, which leads to more collisions at the start
of each superframe. Increasing the superframe order above SO = 5 has very little
effect in the Network Throughput, since the probability of deference is much lower,
thus reducing the amount of collisions and leading to a higher S around 68 %.
If greater superframe durations are considered, some node can start its trans-
mission before other nodes wake up. These latter nodes will then sense the channel
busy, and thus go to backoff with higher backoff delay value (after increasing BE).
Therefore, the transmission deference problem is going to be more frequent with
lower superframe orders, as the interval between superframes is lower. The
probability of transmission deference is minimized with higher SO and when the
nodes have different SO enabling the transmissions with less challengers trying to
access the medium. As presented in Fig. 4.7b, the same behavior was observed
Fig. 4.7 Network throughput for different BO. a Simulation results. b Experimental results
4.2 Performance Analysis of the IEEE 802.15.4 CSMA/CA Mechanism 75
Fig. 4.8 Probability of success for different BO. a Simulation results. b Experimental results
with the experimental testbed, however the maximum S achieved was lower than
in the simulation results (around 58 %).
Figure 4.8 compares the transmission Success Probability (Ps ) and the offered
load, for a given superframe order (SO). The results show that the probability of a
successful transmission is quite low when offered load increases, and particularly
lower for low SO due to the multiple collisions caused by deference as already
explained.
The comparison between simulation and experimental results for two SO
settings ( SO ¼ 7 and SO ¼ 1) is presented in Fig. 4.9.
Notice, that although the results are similar (the behavior predicted by the
simulation results holds), there is a difference of approx 10 % between simulation
and experimental throughput results. This might be mainly because the simulation
model does not consider the physical constraints of the MICAz mote, especially
the processing power, the TinyOS constraints and overheads and the normal
interferences of a real wireless medium.
throughput decreases when increasing the macMinBE. However, this does not mean
a worse behavior for higher macMinBE. In fact, the macMinBE has an important
influence on the amount of traffic sent to the network by the MAC sublayer (GMAC ).
In a small-scale network with only ten nodes, the increase of macMinBE reduces
the load effectively transmitted in the network. This is because high backoff delays
will cause more wasted backoff periods not used by any of the competing nodes.
This is explained by the small number of competing nodes in the network. As it is
expected, increasing the backoff delay interval (starting with high macMinBE)
results in a better success probability, while avoiding collisions in small scale
WSNs. Most of the traffic sent is correctly received for high macMinBEs.
This section compares the analytical results based on the Network Calculus model
(briefly summarized in Sect. 3.1 and further detailed in [8]) with the experimental
results obtained through the use of IEEE 802.15.4/ZigBee technologies. The ana-
lytical results are computed using the Matlab tool presented in Sect. 3.1, and the
experimental results are obtained using a test-bed based on the TelosB motes [9].
Fig. 4.11 The test-bed deployment and sensory data traffic upper bounded by arrival curve adata .
a The test-bed deployment for Hsink ¼ 1. b The sensory data traffic
78 4 Performance Analysis and Network Dimensioning
raw list of the transmitted packets, and the Daintree Sensor Network Analyzer
(SNA) [13] that provides additional functionalities, such as displaying the
graphical topology of the network.
The application running on the sensor nodes are configured to generate 5 bytes
at the data payload of every message. Hence, the maximum size of the MAC frame
is equal to MPDUmax ¼ 208 bits (i.e., MHR = 72 bits, MFR = 16 bits, NHR =
64 bits, and Data Payload = 56 bits) assuming only destination PAN identifier and
both source and destination addresses are present. Note that the maximum size of
frame is then equal to 256 bits (i.e., SHR + PHR + MPDUmax ). The minimum size
of frame is equal to PPDUmin ¼ 200 bits (i.e., SHR + PHR = 48 bits, MHR =
72 bits, MFR = 16 bits, NHR = 64 bits).
According to Eq. (3.4), the bandwidth guaranteed by one time slot for SO ¼ 4
is equal to 3.125 kbps with 100 % duty-cycle. Hence, in the experimental scenario
with a 12.5 % duty-cycle (i.e., BO ¼ BOmin ¼ 7), the guaranteed bandwidth of one
time slot is equal to RTS ¼ 3:125 0:125 ¼ 0:3906 Kbps. Let’s assume
TS
Nendnode ¼ 1. Then, according to Eqs. (3.7) and (3.8), the maximum arrival rates
of the sensory data are obtained as follows:
MAX
– rdata ¼ 455 bps for Hsink ¼ 2
MAX
– rdata ¼ 683 bps for Hsink ¼ 1
MAX
– rdata ¼ 911 bps for Hsink ¼ 0 (root)
MAX
As a result of rdata min rdata and rdata RTS , an average arrival rate equal to
rdata ¼ 390 bps, which corresponds to 3 frames (256-bit each) generated during
one Beacon Interval (BI = 1.96608 s), is considered. The burst tolerance is
assumed to be equal to bdata = 576 bits. Hence, each sensor node transmits sensory
data bounded by the arrival curve adata ¼ 576 þ 390 t.
Finally, let us summarize the complete network setting:
Interestingly, the proposed analytical methodology can be used for the planning of
the cluster-tree topology as well. Let us consider the example of a convergecast
application gathering sensory data at the root (i.e., Hsink ¼ 0) and using the net-
work settings as mentioned in Sect. 4.3.1. However, in this case, the largest
4.3 Performance Analysis and Worst-Case 79
4.3.2.1 Evaluation
MAX
Fig. 4.12 The worst-case delay and buffer requirement as a function of Nrouter and H. a The
worst-case end-to-end delay. b The buffer requirement of the sink router
80 4 Performance Analysis and Network Dimensioning
It can be observed that end-nodes have the smallest buffer requirement as they are
the leaves of the tree, and that the buffer requirement grows in the direction of the
sink router. Since the sink can be associate to any router in a WSN and in order to
avoid buffer overflow, all routers at depth i should allocate a buffer of capacity
equal at least to the maximum buffer requirement at a given depth i (e.g., all routers
at depth 0 allocate a buffer of capacity equal to 15.995 Kbits), which effectively
demonstrates how these analytical results can be used by a system designer.
Figure 4.13b shows the theoretical worst-case buffer requirements compared
with the maximum values obtained through real experimentation, for Hsink ¼ 2.
First, the theoretical buffer requirements are divided into three portions according
their origin. Observe that the cumulative effect of the burst is more important than
the cumulative effect of the service latencies. The effect of the service latencies
may be more important for other settings of bdata and rdata . So, the different settings
of the sensory arrival curve affect the buffer requirements. The minor effect of the
upstream service latency at depth 0 is given by priority rules, such that the data
arriving during the transmit GTS (i.e., over the upstream link) are stored in the root
until the receive GTS (i.e., downstream link), at the end of the same SD, is active
and data is dispatched.
Delay bounds. Figure 4.14 compares the worst-case, maximum and average
values of per-hop delays bound in each router, and the end-to-end delay bounds for
Hsink ¼ 2. A first observation confirms that theoretical results upper bound the
experimental results. The difference in theoretical worst-case (DTH max ) and experi-
mental maximum (DEXP max ) delays is given by the aforementioned continuous
and stepwise behaviors of the analytical model and test-bed, respectively.
The experimental delays comprise mainly the service latencies decreasing in the
direction of the sink. Hence, the maximum per-hop delays also decrease in the
direction of the sink, as can be observed in Fig. 4.14. The end-to-end delays
bounds are quite high, even though the bdata and rdata are low. This is mainly due to
high value of SO ¼ 4 (i.e., BI = 1.966 s). Hence, the end-to-end delay bounds can
be reduced using lower values of SO or higher bandwidth guarantees, using lower
IFS, for example. Observe also that the worst-case end-to-end delay obtained by
Fig. 4.13 The worst-case buffer requirement. a Buffer requirement as a function of the depth and
sink position. b Theoretical versus experimental
4.3 Performance Analysis and Worst-Case 81
the per-flow approach introduces less pessimism than the delay from the per-hop
approach (roughly by 50 % smaller).
Duty-cycle versus timing performance. In Sect. 3.1.3 was mentioned that to
maximize the lifetime of a WSN, low duty-cycles are required. On the other hand,
low duty-cycles enlarge the timing performance of a WSN. These assumptions
were confirmed in Fig. 4.15, where the theoretical worst-case and experimental
maximum end-to-end delays are shown as a function of duty-cycle for Hsink ¼ 0.
Fig. 4.15 The theoretical worst-case and experimental maximum end-to-end delays as a function
of duty-cycle for Hsink ¼ 0
82 4 Performance Analysis and Network Dimensioning
References
1. Institute of Electrical and Electronics Engineers, Inc., New York. IEEE Std. 802.15.4-2006,
IEEE Standard for Information technology—telecommunications and information exchange
between systems—local and metropolitan area networks—specific requirements Part 15.4:
Wireless medium access control (MAC) and physical layer (PHY) specifications for low-rate
wireless personal area networks (WPANs), September 2006
2. A. Koubâa, M. Alves, E. Tovar, Gts allocation analysis in IEEE 802.15.4 for real time
wireless sensor networks, in Proceedings of the 14th Workshop on Parallel and Distributed
Real Time Systems (WPDRTS), Apr 2006
3. J.-Y. Le Boudec, P. Thiran, Network Calculus: A Theory of Deterministic Queuing Systems
for the Internet (Springer-Verlag, Berlin, 2001)
4. A. Koubâa, M. Alves, E.Tovar, A comprehensive simulation study of slotted csma/ca for
IEEE 802.15.4 wireless sensor networks, in Proceedings of the 5th Workshop on Factory
Communication Systems (WFCS), pp. 183–192, June 2006
5. I. OPNET Technologies, The opnet modeler network simulator version 15.0.a (2009)
6. P. Jurčík, A. Koubâa, IEEE 802.15.4/zigbee opnet simulation model v3.0 (2009). http://
www.open-zb.net
7. Texas Instruments, SmartRF Protocol Packet Sniffer, www.ti.com/tool/packet-sniffer
8. P. Jurčík, Real-time communication over cluster-tree wireless sensor networks. Ph.D.
programme on electrical engineering and information technology, Department of Control
Engineering, Faculty of Electrical Engineering, Czech Technical University in Prague, Czech
Republic in collaboration with CISTER-ISEP Research Unit, Polytechnic Institute of Porto,
Portugal, Prague, January 2010
9. Memsic, TPR2420CA TelosB Mote May (2013), http://www.memsic.com/wireless-sensor-
networks
10. Tinyos working group (2010). http://www.tinyos.net
11. A. Cunha, A. Koubâa, R. Severino, M. Alves, Open-zb: an open source implementation of the
IEEE 802.15.4/zigbee protocol stack on tinyos, in Proceedings of the 4th IEEE International
Conference on Mobile Ad-hoc and Sensor Systems (MASS), Oct 2007
12. Chipcon. C2420dk development kit datasheet (2009). http://www.ti.com
13. D. Networks, Daintree sensor network analyzer (sna) (2009). http://www.daintree.net
Part II
Quality of Service Amendments
The second part of this book presents some modifications to the 15.4 and ZigBee
protocols that make them perform better, particularly when scalability and quality-
of-service are at stake. Most of this add-ons are backward compatible with the
standard specifications, i.e. nodes supporting the new add-ons can still cooperate
with the ones implementing the ‘‘default’’ protocols. In the last part of the book, we
will see that some of these amendments are actually used in real-world applications.
Chapter 5
Amendments to the IEEE 802.15.4
Protocol
Abstract This chapter presents specific amendments to the IEEE 802.15.4, so that
some of the open issues that have been previously identified. In particular, a new
implicit GTS allocation mechanism (i-GAME) is proposed that over performs the
default one. Then, a node grouping mechanism (H-NAMe) is proposed so that the
hidden nodes problem is mitigated and consequently energy-efficiency, throughput
and latency are improved. Also, we present a very simple mechanism to exploit
differentiate the traffic based on multiple priority. Finally, an overview of several
improvements affecting the security and privacy of the messages against external
attacks and spoofing is presented. Importantly, all these mechanisms have been
implemented and integrated in the 15.4 protocol stack and experimentally
validated.
The IEEE 802.15.4 Medium Access Control (MAC) protocol has the ability to
provide very low duty cycles (down to 0.006 %) as well as real-time guarantees by
using the Guaranteed-Time Slot (GTS) mechanism. This feature is quite attractive
for time-sensitive WSNs. In fact, when operating in beacon-enabled mode, the
IEEE 802.15.4 protocol allows the allocation/deallocation of GTSs in a superframe
for nodes that require real-time guarantees. Hence, the GTS mechanism provides a
minimum service guarantee for the corresponding nodes and enables the prediction
of the worst-case performance for each node’s application.
However, the GTS mechanism, as proposed in the standard [1], presents some
limitations in terms of efficiency and deployment in WSNs with a large number of
nodes. In fact, during each superframe (divided into sixteen time slots) only up to
seven GTSs (1 up to 15 time slots per GTS) can be allocated, forming the
Contention-Free Period (CFP) (see Fig. 1.5). The remaining time slots in the
superframe compose the Contention Access Period (CAP) using Carrier Sense
1
Here the focus is on the implementation of the mechanism, while the theory behind it, which is
based on the Network Calculus analysis, is not reported. Interested reader can refer to [2].
5.1 Implicit GTS Allocation Mechanism 87
Besides the details of the mechanism for which the reader is redirected to [2], in
this section the focus is on presenting some practical considerations for the
implementation of the i-GAME mechanism in IEEE 802.15.4. An interesting
feature of i-GAME is that its implementation only requires minor add-ons to the
standard protocol, i.e., it does not impose any changes to the existing protocol.
The idea consists in using the reserved 6th bit in the GTS characteristics frame,
embedded in a GTS allocation request command field (compare Fig. 5.1 and
Fig. 1.5). This bit is referred to as Allocation Type.
The Allocation Type bit set to 0 corresponds to an explicit GTS allocation. In
this case, the allocation process will follow the standard recommendations. If it is
set to 1, it refers to the i-GAME implicit allocation mechanism detailed in [2]. In
this case, to keep the IEEE 802.15.4 with no changes, the flow specification
information Fspec ¼ ðb; r; DÞ2 should be embedded in the higher layer packets, as
presented in Fig. 5.2.
An admission control algorithm, such as the one presented in [2], should be
implemented at a higher layer (e.g., Network Layer) and should return the decision
to the MAC sublayer (Fig. 5.3). Hence, upon reception of an implicit GTS allo-
cation request (Allocation Type = 1), the MAC sublayer of the PAN coordinator
should forward the Flow Specification Field (shown in Fig. 5.2) to the higher layer
for processing by the admission control module. The burst size and the arrival rate
fields should be expressed by four bits each (16 classes for each field). The Delay
Requirement field is expressed by five bits (32 classes). Using this frame format,
the PAN coordinator should define a fixed range for each value (class) of the
corresponding field. These patterns should be known in advance by all nodes
associated to the PAN before initiating an implicit allocation.
Fig. 5.1 The GTS characteristics extension field format for implicit request allocation
2
b is the burst size, r is the arrival rate and D the maximum delay requirement.
88 5 Amendments to the IEEE 802.15.4 Protocol
The specification of these classes and ranges is out of the scope of this work and
are generally application dependent. When the flow specification is received by the
admission control module, it evaluates the acceptance of the new flow based on
the [2, Algorithm 2]. The decision should then be notified to the MAC sublayer
through the service access point. In case of acceptance, the MAC sublayer allo-
cates the time slots in the CFP in round robin order to all accepted nodes. For that
purpose, the MAC sublayer should establish a certain order to allocate the time
slots according to round robin scheduling. Each beacon frame of a new beacon
interval should indicate which nodes are allowed to use the GTS in the current
superframe, with respect to the established order.
A complete implementation of the IEEE 802.15.4 protocol has been formerly done
under TinyOS operating system [3] and running in MICAz motes [4]. The explicit
GTS allocation mechanism has been implemented in the MAC layer module as an
interface between the MAC and the Network layers, according to the IEEE
802.15.4 standard specification [1]. We have also implemented the i-GAME
admission control mechanism in the Network layer of a PAN Coordinator, based
on the implementation guidelines provided in Sect. 5.1.1 with only few add-ons to
the MAC layer. The i-GAME mechanism implementation does not affect the non-
coordinator nodes since they only require setting the Allocation Type bit in the
GTS request to the appropriate value: 1—implicit, 0—explicit.
5.1 Implicit GTS Allocation Mechanism 89
Fig. 5.4 Number of nodes allocating a GTS with i-GAME versus the GTS length
collisions. It then scales to multiple clusters via a cluster grouping strategy that
guarantees no transmission interference between overlapping clusters. Details of
this mechanism are not reported here due to space constraints, but interested
readers can refer to [7].
In this section, we explain how to instantiate the H-NAMe mechanism to the IEEE
802.15.4 protocol, namely addressing beacon-enabled cluster-tree networks. This
topology is scalable and enables energy-efficient (dynamically adaptable duty-
cycles per cluster) and real-time communications. In addition, the cluster-tree
topology fits into the H-NAMe network model [7].
Basically, the idea is that using the H-NAMe algorithm, groups of nodes can be
defined in terms of their mutual collision domain to each of them a time window in
each superframe duration will be allocated. The idea is to use part of the CAP for
the GAP, as illustrated in Fig. 5.7. Note that a minimum duration of 440 symbols
must be guaranteed for the CAP in each superframe [8].
In the intra-cluster grouping strategy, a node that has been assigned a group will
track the beacon frame for information related to the time window allocated to its
group, and will contend for medium access during that period with the other nodes
of the same group. The GAP Specification field is depicted in Fig. 5.8 to be
embedded in the beacon frame.
The GAP is specified by the Group ID field that identifies the node group. Up to
8 groups per cluster can be defined. The time window in the superframe is specified
by a given number of Backoff Periods (BP). A group is then characterized by its
start time slot and end time slot (between 0 and 15) and the corresponding backoff
period offsets, which are computed by an empirical formula such as:
5.2.2.1 Setup
The H-NAMe mechanism has been implemented in nesC/TinyOS [9], over the
first Open-ZB implementation [3] of the IEEE 802.15.4/ZigBee protocols, to
demonstrate its feasibility and efficiency using commercial-off-the-shelf (COTS)
technologies.
For that purpose, a thorough experimental analysis was carried out to under-
stand the impact of the H-NAMe mechanism on the network performance, namely
in terms of network throughput (S) and probability of successful transmissions
(Ps ), for different offered loads (G), in one cluster with a star-based topology. Both
metrics have been also used to evaluate the performance of the Slotted CSMA/CA
MAC protocol. S represents the fraction of traffic correctly received normalized to
the overall capacity of the network (250 kbps). Ps reflects the degree of reliability
achieved by the network for successful transmissions. This metric is computed as
the throughput S divided by G, representing the amount of traffic sent from the
application layer to the MAC sub-layer, also normalized to the overall network
capacity.
To have a clearer idea on the impact of the hidden-node phenomenon inde-
pendently from other parameters, a superframe order sufficiently high (SO ¼ 8)
has been chosen to avoid the collisions related to the CCA deference problem
encountered for low SO, in the slotted CSMA-CA mechanism, as presented
in [10]. The CCA deference problem occurs when it is not possible for a frame to
be transmitted in the remaining space of the superframe and its transmission must
be deferred to the next one.
The experimental test-bed consisted of 18 MICAz motes [4] scattered in three
groups hidden from each other, a ZC and a protocol analyzer Chipcon
CC2420 [11], capturing the traffic for processing and analysis (Fig. 5.9).
The protocol analyzer generates a log file containing all the received packets
and the corresponding timestamps, enabling to retrieve all the necessary data
embedded in the packets payload. The 18 nodes have been programmed to
94 5 Amendments to the IEEE 802.15.4 Protocol
generate traffic at the application layer with preset inter-arrival times. The three
node groups were placed at ground level near walls, in order to reinforce the
hidden-node effect (Fig. 5.9).
Figure 5.10 presents the GAP created by the H-NAMe mechanism.
Each node group was assigned with four time slots for transmission, which
represents a theoretical duration of 983.04 ms per group (SO ¼ 8). This allocation
was made according to the principle of equal group access duration for an equal
number of nodes per group.
5.2.2.2 Results
The performance evaluation of the H-NAMe mechanism has been carried out
using BO ¼ SO ¼ 8 (100 % duty cycle), with a constant frame size of 904 bits.
Several runs were performed (one for each packet inter-arrival time), to evaluate
the network performance at different offered loads (G).
5.2 Hidden Node Avoidance Mechanism 95
Figure 5.11 presents the throughput (S) and the success probability (Ps )
obtained from three experimental scenarios: a network with hidden-nodes without
using the H-NAMe mechanism (triangle markers curve); the previous network
using the H-NAMe mechanism (circle markers curve) and a network without
hidden-nodes (square markers curve). The depicted average values for the
throughput and probability of success were computed with a 95% confidence
interval for a sample size of 3000 packets at each offered load. The respective
variance is displayed at each sample point by a vertical bar in black. From these
results, we can observe that even at low offered loads H-NAMe leads to a con-
siderable performance improvement. For instance, for an offered load (G) of 30 %,
the success probability (Ps ) using H-NAMe is roughly 50 % greater than without
H-NAMe.
96 5 Amendments to the IEEE 802.15.4 Protocol
Considering higher loads, it is clear that the H-NAMe doubled the throughput
of the conventional network with hidden-nodes. At 90 % of offered load (G), the
throughput of the network using H-NAMe reached 67 % and is increasing, while
without using H-NAMe a saturation throughput of 32 % is achieved, representing
an improvement of more than 100 %.
In conclusion, the H-NAMe mechanism presents a significant improvement of
the network performance in terms of throughput and success probability, at the
small cost of some additional overhead to setup the different groups in the
networks.
It was already stressed that the IEEE 802.15.4 standard [1] supports timeliness
QoS through the mechanism of the GTS, which enables a deterministic access to
the medium, but it has several limitations, in particular for higher traffic loads
conditions.
Therefore, while GTS is considered a good solution for the QoS requirement of
the low-rate WPAN applications (for which IEEE 802.15.4 was originally
designed), the requirements of dense sensor networks demand a more flexible
mechanism where QoS support be extended to the CAP.
As shown in [12, 13], the behavior of slotted CSMA/CA is mostly affected by four
initialization parameters, which are: (i) the minimum back-off exponent (mac-
MinBE), (ii) the maximum back-off exponent (aMaxBE), (iii) the initial value of
the CW (CWinit) and (iv) the maximum number of back-offs (macMaxCSMA-
Backoffs). Changing the value of any of these parameters will have an impact on
the performance. For instance, a performance valuation study in [10] has shown
that the average delay of broadcast frames increases with macMinBE, whereas the
probability of success remains independent of macMinBE in large-scale WSNs.
However, the probability of success increases for high macMinBE values, in small-
scale WSNs. Based on those observations, we propose to offer differentiated
services for time-critical messages. In this section, the service differentiation
mechanisms are particularly based on the macMinBE, aMaxBE and CWinit
parameters.
Note that IEEE 802.15.4 defines two frame types: (i) data traffic, which typ-
ically represents sensory data broadcast to the network (without using acknowl-
edgments), and (ii) command traffic, which comprises critical messages (such as
alarm reports, PAN management messages and GTS allocation requests) sent by
5.3 Traffic Differentiation Mechanism for CSMA/CA 97
sensor nodes to the PAN Coordinator. Due to their importance, command frames
are sent using acknowledged transmissions and require a particular QoS support to
be delivered to their destination in a bounded time interval. We consider command
frames as the high priority service class and data frames as the low priority service
class. The differentiated service strategies are presented in Fig. 5.12. The idea is
simple. Instead of having the same CSMA/CA parameters for both traffic types,
each class is assigned to its own attributes.
Let’s assume (i) [macMinBEHP , aMaxBEHP ] and CWHP as the back-off interval
and the contention window initial values for high priority traffic, related to com-
mand frames, and (ii) [macMinBELP , aMaxBELP ] and CWLP the initial values for
low priority traffic, related to data frames. While, the slotted CSMA/CA described
in Sect. 1.2.2.4 remains unchanged, the adequate initial parameters that corre-
spond to each service class must be applied. In addition to the specification of
different CSMA/CA parameters, Priority Queuing can be applied to reduce
queuing delays of high priority traffic (Fig. 5.12). In this case, slotted CSMA/CA
uses priority scheduling to select frames from queues, and then applies the ade-
quate parameters corresponding to each service class. Note that if a low priority
frame is selected, i.e., the high priority queue is empty, then the back-off process
corresponding to this frame will not be preempted by a high priority frame arriving
during that service time. It will have to wait until the low priority frame is sent, or
rejected if the maximum number of back-off is reached.
The heuristics for adequately setting the CSMA/CA parameters are the fol-
lowing. Intuitively, a first differentiation consists in setting CWHP lower than
CWLP . It results that low priority traffic has to assess the channel to be idle for a
longer time before transmission. A second differentiation is related to the back-off
interval. Providing lower back-off delay values for high priority traffic by setting
macMinBEHP lower than macMinBELP would improve its responsiveness without
degrading its throughput, as it has been observed in [12], where these intuitive
heuristics were previously evaluated.
98 5 Amendments to the IEEE 802.15.4 Protocol
The mechanism was implemented over the open-ZB [3] IEEE 802.15.4 stack
implementation in ERIKA [14] Real-Time Operating System (RTOS). ERIKA is a
multiprocessor RTOS kernel for embedded devices, which implements a set of
Application Programming Interfaces (APIs). That version of the open-ZB protocol
stack implementation was specially designed to cope with the stringent timing
requirements imposed by the IEEE 802.15.4 operating in beacon-enabled mode.
As shown in [15], fulfilling these requirements can become quite challenging at
high duty-cycles or if the network traffic considerably increases, when relying on
other operating systems like TinyOS, which do not provide any kind of real-time
guarantees. Because of this fact and since the performance assessment of the
proposed mechanism involves a significant stress on the network, and conse-
quently in the OS and protocol stack, this platform was chosen to assess and
validate the traffic differentiation strategies.
Implementing the mechanisms of traffic differentiation imposed few minor
modifications to a those MAC functions in charge of queuing/dequeuing messages
and initializing the slotted CSMA/CA parameters. Everything else remained
unchanged. A thorough description of the implementation is carried out in [16].
In order to keep the system backward compatible, a new mode of operation
(TRADIF) was implemented in addition to the standard IEEE 802.15.4 imple-
mentation, in such a way that it could be enabled or disabled. In TRADIF mode,
support was provided for the two queuing strategies: FIFO and PQ. Since in the
proposed mechanism only two priority levels are assumed, Priority Queuing mode
support has been provided by maintaining two transmission queues: High Priority
(HP) queue and Low Priority (LP) queue.
In the standard mode, when a message is to be sent, it is enqueued in the send
buffer and its transmission is triggered. This is unchanged for the FIFO mode of
TRADIF. In Priority Queuing mode, when a message is to be sent, it is enqueued
in the High Priority (HP) or Low Priority (LP) Queue, depending on the priority of
the message.
throughput S divided by G, representing the amount of traffic sent from the appli-
cation layer to the MAC sub-layer, also normalized to the overall network capacity.
The experimental setup consisted of five FLEX boards [17] programmed with the
open-ZB [3] IEEE 802.15.4 implementation over the ERIKA operating system
with the traffic differentiation add-on.
One of these devices was programmed as Coordinator and the others as End
Devices. The End Devices were used to generate traffic, both high and low pri-
ority, while the Coordinator, apart from synchronizing the devices through beacon
transmission, was also used to manage the experiment by transmitting control
information included in its beacon payload.
The payload included information about the amount and type of traffic to be
generated by the end devices and signals to start and end the experiment.
This information was sent to the Coordinator device through a serial port
connection. The end devices, upon receiving the beacon, would set the traffic
generator alarms (of both high and low priority), with intervals as specified in the
beacon payload.
To measure output parameters such as throughput, delays and queue overflows,
the same strategy was used. Different counters were inserted at various stages of
the transmission procedure, starting from the traffic generation at application layer
to transmission from the physical layer.
Finally, a Chipcon CC2420 packet sniffer [11] was used to capture the traffic
for processing and analysis. The packet analyzer generates a log file containing all
the received packets and the corresponding timestamps, enabling to retrieve all the
necessary data embedded in the packets payload. A parser application was
developed to carry out that task.
The set of experiments consisted of varying low priority traffic while keeping high
priority traffic constant, and measuring the throughput of the high priority traffic
for the different scenarios. The values of CSMA parameters used for each of these
scenarios are listed in Table 5.2.
Although, the IEEE 802.15.4 standard [1] allows for a higher setting of aMaxBE,
(up to 8), we used the same scenarios to enable a fair comparison with the simulation
results in [12]. Each case was examined for FIFO as well as Priority Queuing
scheduling policies.
The network was set to work in full duty cycle with BO ¼ SO ¼ 6, with
no-hidden nodes, and the traffic generation was controlled using timers, generating
high priority frames at a rate of 40 frames/second and low priority frames ranging
from 3 frames/second up to 600 frames/second.
Several runs were carried out for each traffic interval stopping the experiment
every time the number of high priority packets received reached 1000. In the
following discussions, Application layer traffic is denoted by Gapp and the MAC
layer traffic by Gmac. Similarly, Gapphp and Gapplp are used to denote Application
layer high priority and low priority traffics, and Gmachp , Gmaclp used for MAC layer
high and low priority traffic, respectively.
Figure 5.13 shows the comparison of the success rates of the high priority
application traffic of the four scenarios of Table 5.2, for both FIFO and Priority
Queuing mode. These results are analogous to the ones obtained through simulation
in [12].
The contention window size for high priority frames is kept equal to 2 (standard
value) in all cases, while it is increased to 3 for low priority frames in Sc2 and Sc4. On
the other hand, the value of macMinBE is kept constant (2, standard value) for low
priority traffic in all cases, whereas it is set to 0 for high priority traffic in Sc3 and Sc4.
Concerning the FIFO mechanism, it can be observed that all three scenarios of
parameter tuning (Sc2, Sc3, Sc4) result in higher success rates compared to the
standard case (Sc1). Sc1, presents the lowest success probability. Sc3, in which
macMinBEHP is decreased to 0, results in improved success rates, but it is still very
close to the standard case (change of 0–5 %). This is so because setting
macMinBEHP lower than macMinBELP means lower back-off delays for high
priority traffic (refer to slotted CSMA/CA algorithm, Fig. 1.8), but the number of
back-offs and contention window size, which are directly related to the contention
success probability, are unchanged. On the other hand, setting CWLP greater than
CWHP means that high priority traffic need the channel to remain idle for shorter
time before transmitting, which means higher probability of success in every
sensing attempt. The comparatively higher success rates in Sc2 and Sc4
(improvement of 20–25 %) reflect this, showing greater improvement in perfor-
mance by setting CWLP [ CWHP , compared to changing macMinBEHP .
A similar behavior is observed for PQ mode. For both queuing strategies,
results were very alike concerning scenarios 2 and 4, showing that the correct
setting of the CW has the greatest effect in the throughput of both queuing modes.
One of the noticeable changes from the FIFO cases is the fall of success proba-
bility of Sc3. Again, the effect of changing macMinBEHP , which would decrease
the back-off delay of high priority packet, does not make much difference on
contention success. Therefore, Sc1 and Sc3 have approximately the same success
rates for Priority Queuing at higher traffic loads.
Sc2 and Sc4, again have better success rates since setting having CWHP lesser
than CWLP means that high priority traffic need the channel to remain idle for
shorter time before transmitting and hence has more chances of success. In this
case again, changing CWLP to 3 improves the success rate of high probability
packets by 20–25 %. As shown, the priority queuing mechanism slightly improves
the probability of success when compared to FIFO. However, its main contribution
is in reducing the queuing delay as shown in [12], since the high priority queue
will always take precedence over low priority queue, thus reducing queuing delay
for high priority packets.
To separately evaluate the effect of the priority queuing mechanism, a single
sender was used to generate equal amount of high and low priority frames.
The queue size for both high and low priority queues was set to hold 15 messages.
The Application layer traffic generation rate was increased at equal rate. The
number of packets enqueued of both types was calculated by parsing the output file
of the sniffer used to receive packets.
Figure 5.14 shows the packets enqueued against the packets generated by the
application of both high and low priority. It is visible that beyond 20 % of channel
capacity, while the low priority frames are dropped due to queue overflow, the
high priority frames are unaffected. Moreover, it indicates that at high traffic load,
priority queuing plays an important role in ensuring the precedence of high priority
frames. This will result in a lower queuing delay for high priority packets.
However, the improvement of this differentiation scheme to the throughput of high
priority command frames is more significant than the degradation of the
throughput of low priority data frames (Fig. 5.15), which further demonstrates the
efficiency of this differentiation mechanism. As shown, the Probability of Success
of low priority frames for PQ Sc2 and Sc4 is just slightly lower (5 %) at high
offered loads than with the default MAC, taking advantage of lower CW at lower
loads, thus increasing throughput.
IEEE 802.15.4 provides a number of security services and makes them available to
the higher layers [1]. In particular, data confidentiality, data authenticity and replay
protection are supported on a per-frame basis. The standard includes a security
suite based on the Advanced Encryption Standard (AES) 128 bits symmetric-key
cryptography [18]. The security suite relies on three main elements: an Auxiliary
Security Header (ASH), security modes and settings, and security procedures.
In a generic MAC frame the MAC payload is prefixed with the MAC Header
(MHR) and appended with the MAC Footer (MFR). If communications are
secured, security information is included in the Auxiliary Security Header (ASH).
The IEEE 802.15.4 standard does not support security for ACK frames, other
frame types can optionally support encryption, authentication or both. To transmit
a secured frame, a node builds the ASH, inserts it next to the standard MAC
header, and secures frames before transmitting them (see Fig. 5.16).
5.4 Security Services 103
The ASH carries all the information needed for security processing, including
(i) the Security control header containing security options, (ii) the Frame counter
for the anti-replay service, and (iii) the Key Identifier Field containing information
for key retrieval. According to the information carried within the ASH, recipients
retrieve the right cryptographic key and correctly unsecure MAC frames. The
Security Control field contains two relevant subfields: the Security Level subfield,
which indicates the actual frame protection provided, and the KeyIdMode, which
indicates whether the cryptographic key has to be obtained implicitly or explicitly.
NO-SEC is the simplest security suite. Its inclusion is mandatory in all radio
chips. It does not manage any security material and does not provide any security
guarantee.
CTR provides confidentiality by using the AES block cipher with counter
mode. To encrypt frames, the sender splits the cleartext payload into blocks of 16
bytes each. Each block relies on a nonce, a varying fresh quantity aimed at
avoiding replay attacks. The sender includes the ASH in the clear and the
encrypted payload into the data payload field of the packet. Figure 5.17 shows the
format of a CTR encrypted frame.
CBC-MAC provides authentication by using either a 4, 8, or 16 bytes MIC. The
MIC can only be computed by parties with the symmetric key and protects the
frame header as well as the data payload. The sender appends the MIC to the plain
payload. The recipient recomputes the MIC and compares the result to the value
appended to the frame payload, so infering whether the frame is authentic or not.
Figure 5.18 shows the format of a CBC-MAC authenticated frame.
The CCM security mode allows for both encryption and authentication.
Broadly, CCM performs authentication as CBC-MAC does, but then it encrypts
both payload and MIC. Also CCM has three variants depending on the MIC size.
Figure 5.19 shows the format of an IEEE 802.15.4 frame when CCM is used.
The IEEE 802.15.4 standard provides four different Key Identifier Modes
(KeyIdModes), that is, four different ways to retrieve cryptographic keys. Namely:
KeyIdMode0, KeyIdMode1, KeyIdMode2 and KeyIdMode3. Ideally, the higher the
index is, the more complex is the key retrieval procedure. The KeyIdMode0 allows
nodes only to secure communications by means of a static, wide shared, single
key. KeyIdMode1 allows for using more keys, selected from the KeyTable by
means of the Default Key Source and the KeyIndex subfield of the ASH. The
KeyIdMode2 and the KeyIdMode3 allows for selecting keys from the Key Table
by means of the KeyIndex and the KeySource subfields of the ASH. The Key
Identifier field of the Auxiliary Security Header is present only if this subfield has a
value not equal to KeyIdMode0.
In KeyIdMode0, the key is determined implicitly by the originator and the
recipients of the frame. Figure 5.20 shows the structure of the ASH for this
KeyIdMode.
In KeyIdMode1, the key is determined from the Key Index subfield of the Key
Identifier field of the ASH, in conjunction with the Default Key Source from the
PIB. Figure 5.21 shows the structure of the ASH for this KeyIdMode.
In KeyIdMode2, the key is determined explicitly from the Key Source subfield
and the Key Index specified in the ASH. Figure 5.22 shows the structure of the
ASH for this KeyIdMode.
Similarly, in KeyIdMode3 the key is determined explicitly from the Key Source
subfield and the Key Index subfield of the Key Identifier field. As shown in
Fig. 5.23, it differs from KeyIdMode2 only for the Key Source subfield size.
Firstly, the Outgoing frame security procedure performs some consistency checks.
Figure 5.25 shows the sequence chart of these checks and the error codes reported
in case of failure. If the consistency checks succeed, the key is retrieved by using the
Outgoing frame key retrieval procedure. In case of failure, the procedure returns
with a status of UNAVAILABLE_KEY. Otherwise, it proceeds with the ASH
insertion and the encryption/authentication process. Finally, the procedure updates
the frame counter to the macFrameCounter attribute. If the frame counter reaches
the 09ffffffff value, the procedure returns with a status of COUNTER_ERROR.
In case of success, the procedure returns the secured frame.
Figure 5.26 shows the main phases of the Incoming frame security procedure
performed by a node when it receives a secured frame. Table 5.5 lists the main
features of the Incoming frame security procedure and of subprocedures it invokes.
Similarly to the outgoing frame procedure, the first step is performing some
consistency checks. Figure 5.27 shows the sequence chart of these checks and the
5.4 Security Services 109
error codes reported in case of failure. If the consistency checks succeed, the nodes
proceeds doing the Incoming security level checking procedure, the Incoming
frame security material retrieval procedure, and the Incoming key usage policy
checking procedure to retrieve the key and unsecure the frame.
Finally, the procedure increments the frame counter and sets the FrameCounter
element of the DeviceDescriptor to the resulting value. If the FrameCounter ele-
ment reaches the 09ffffffff value, it sets the Blacklisted element of the
KeyDeviceDescriptor.
The IEEE 802.15.4 security mechanisms described above require a not negligible
amount of resources, in terms of both memory and power supply. Furthermore,
when communication is secured, a performance decrease is experienced. In par-
ticular, this is due to the communication overhead and the processing overhead
introduced by security (Fig. 5.27).
IEEE 802.15.4 security implementation requires a not negligible amount of
memory to contain three main components: (i) security data structures, such as the
Key Table or the Device Table, (ii) operations to manage them, and (iii) security
procedures. This should be seriously taken into account while implementing IEEE
References
1. Institute of Electrical and Electronics Engineers, Inc., New York. IEEE Std. 802.15.4-2006,
IEEE Standard for Information Technology—Telecommunications and Information Exchange
Between Systems— Local and Metropolitan Area Networks—Specific Requirements Part
15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for
Low-Rate Wireless Personal Area Networks (WPANs), September 2006
2. A. Koubâa, M. Alves, E. Tovar, A. Cunha, An implicit gts allocation mechanism in IEEE
802.15.4 for time-sensitive wireless sensor networks: theory and practice. Real-Time Syst. J.
39(1–3), 169–204 (2008)
3. A. Cunha, A. Koubâa, R. Severino, M. Alves, Open-zb: an open source implementation of the
IEEE 802.15.4/zigbee protocol stack on tinyos. In Proceedings of the 4th IEEE International
Conference on Mobile Ad-hoc and Sensor Systems (MASS), Oct 2007
4. MEMSIC MPR2400CB, 2.4GHz MICAz Processor Board, datasheet (2013), http://
www.memsic.com/wireless-sensor-networks
5. A. Koubâa, Y.-Q. Song, Evaluation and improvement of response time bounds for real-time
applications under non-pre-emptive fixed priority scheduling. Int. J. Prod. Res. 42(14),
2899–2913 (2004)
6. L.-J. Hwang, S.-T. Sheu, Y.-Y. Shih, Y.-C. Cheng, Grouping strategy for solving hidden node
problem in IEEE 802.15.4 lr-wpan. In Wireless Internet, 2005. Proceedings. First
International Conference on, pp. 26–32, July 2005
7. A. Koubâa, R. Severino, M. Alves, E. Tovar, Improving Quality-of-Service in Wireless
Sensor Networks by mitigating hidden-node collisions, IEEE. Trans. Ind. Info. 5(3),
299–313, August 2009
8. IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs). IEEE
P802.15 Wireless Personal Area Networks—MAC and Security Baseline Proposal—
Normative Text, March 2010. https://mentor.ieee.org/802.15/dcn/10/15-10-0196-02-0006-
mac-and-security-b
9. Tinyos working group, 2010. www.tinyos.net
10. A. Koubâa, M. Alves, E.Tovar, A comprehensive simulation study of slotted csma/ca for
IEEE 802.15.4 wireless sensor networks. In Proceedings of the 5th Workshop on Factory
Communication Systems (WFCS), pp. 183–192, June 2006
112 5 Amendments to the IEEE 802.15.4 Protocol
Abstract Similarly to the previous one, this chapter focuses on several amend-
ments to the ZigBee network layer, as proposed by the standard. In particular, a
cluster scheduling solution is proposed and paramount to achieve networking at
larger scales, while still be able to meet the quality of service requirements. Then
new routing algorithms are proposed based on the possibility to group several
nodes based on some common property, such as, e.g., their geographical position.
Finally, using the mechanisms defined at the Data Link layer, new security and
privacy mechanisms are available at the higher layers of the protocol stack.
This section presents the problem of how to schedule the activity portions of the
clusters in a cluster-tree ZigBee-like network [1, Sect. 1.4.2].
6.1.1 Motivation
Fig. 6.1 The beacon frame collision problem. a Direct beacon frame collision. b Indirect beacon
frame collision
6.1 Time Division Cluster Scheduling for ZigBee Cluster-Tree Networks 115
Indirect beacon frame collisions occur when two or more coordinators cannot
hear each other, but have overlapped transmission ranges (indirect neighbors) and
send their beacon frames at approximately the same time (hidden-node problem),
as shown in Fig. 6.1b. Two undesirable situations may occur. The first is when a
child node N1, already associated to a parent coordinator ZR1, and the coordinator
ZR2 start both sending their beacon frames at almost the same time, therefore
resulting in the loss of the child node synchronization with its parent. The second
case is when two coordinators (in the example ZR1 and ZR2) belonging to the
same PAN cannot hear each other and send their beacon frames at the same time.
In this case, any node in the overlapping transmission range of both coordinators
will be prevented from joining the network. Note that collisions between data and
beacon frames may also happen, for example when a coordinator sends its periodic
beacon frame during the active period of an adjacent cluster. Hence, this problem
must also be dealt with.
The most intuitive idea is to organize beacon frame transmissions in a non-
overlapping way such that no beacon frame will collide with another even if
coordinators are in direct or indirect neighborhood. In addition, to avoid collisions
with data frames, a beacon frame must not be sent during the superframe duration
of another coordinator. Thus, the beacon frame scheduling problem comes back to
a superframe scheduling problem, since each superframe starts with a beacon
frame.
In [4], a Superframe Duration Scheduling (SDS) algorithm has been proposed,
while in [5] an optimization problem has been formulated and illustrated. In this
book, our goal is to give the intuition of how the mechanism can be implemented
to build Cluster-Tree networks. Any interested reader can refer to the above
mentioned references for more details.
The TDCS mechanism can be implemented in a simple manner, with only minor
add-ons to the protocol. The implementation of this mechanism assumes that: (i)
the ZigBee Network Layer supports the tree-routing mechanism (see Sects. 1.3.3
and 2.2.3), thus the network addresses of the devices are assigned accordingly; (ii)
the ZigBee Coordinator is the first node broadcasting beacons in the network; (iii)
the ZigBee Routers start to send beacons only after a successful negotiation; and
(iv) the same Beacon Interval (BI) is used by every ZigBee Router.
The TDCS approach relies on a negotiation prior to beacon transmission. Upon
success of the association to the network, a ZR (initially behaving as a ZED) sends
a negotiation message to the ZC (routed along the tree) embedding the envisaged
(BO, SO) pair, requesting a beacon broadcast permit. Then, in the case of a
successfully negotiation, the ZC replies with a negotiation response message
containing a beacon transmission offset (the instant when the ZR must start
transmitting the beacon, which is translated to the StartTime parameter of the
116 6 Amendments to the ZigBee Protocol
primitive MLME_START.request, i.e., the offset after the reception of the parent’s
beacons). In case of rejection, the ZR must disassociate from the network. Fig-
ure 6.2 depicts the architecture of the TDCS implementation in the IEEE 802.15.4/
ZigBee protocol stack.
The admission control algorithm which determines the schedulability is
implemented in the Application Support Layer, behaving as a service module of this
layer. The TDCS requires minor changes to the Network Layer. Thus, to assign a
value of the StartTime argument when calling the MLME_START.request primitive,
a new NLME_START_ROUTER.request primitive is needed. As mentioned before,
the StartTime parameter will be used as a transmission offset referring to the parent
ZigBee Router (ZR). In the ZC, the value of this parameter is 0.
After a successful negotiation of the beacon transmission, the ZR will have two
active periods: its own (the superframe duration) and the parent’s superframe
duration. In its own active period, the ZR is allowed to transmit frames to its
associated devices or relay frames to the descendant devices in the tree. The
frames destined upstream are sent during its parent’s active period.
During the ZR superframe, all the frames that need to be transmitted to its parent
are stored in the upstream buffer. When the device enters the parent superframe,
ittries to transmit the messages. Guaranteeing the synchronization of all devices is
the major challenge achieved by the MAC in its implementation (Sect. 2.1). The
devices must be always synchronized with their respective parents.
The negotiation of the beacon transmission is performed through a simple
protocol that uses the data frames payload with a predefined format.
Figure 6.3 depicts the Time Division Cluster Scheduling negotiation frame
format, which includes the following fields:
• Negotiation type Indicates the type of the negotiation command. This field can
have the following values: 1 for a negotiation request, 2 for a negotiation accept
and 3 for a negotiation deny.
• Beacon Order Indicates the beacon order of the ZR device.
Although the IEEE 802.15.4/ZigBee [2, 3] standard protocols have been shown as
prominent technologies for WSNs, this stack presents some gaps and limitations
that were addressed and amended in previous sections. In this section, the general
The Z-Cast Multicast mechanism relies on the creation of multicast routing tables
inside each ZigBee Router, to store the membership information of all nodes
belonging to a certain group in the network. The multicast routing table contains
two fields: Multicast_group_address and GMs_address. The Multicast_group_
address field is a 16 bit address; it contains the group Multicast_address that
identifies a certain group. The GMs_address field contains the list of the addresses
of the child nodes being members of the group all along the cluster-tree network.
Table 6.1 illustrates an example of the Multicast routing table in a ZigBee Router.
Routing Table Update. The MRT table entries must be updated for every join
and leave operations in the network. When a node joins a certain group, all ZigBee
Routers between the joining node and the ZigBee Coordinator must add the
multicast address of the group—if it does not exist—to the Multicast_group_
address field and the address of the joining node to the GMs_address field of their
MRT tables because the multicast message will be forwarded to the ZigBee
Coordinator before reaching the group members. Thus, a ZigBee Router must
know not only the membership information of its directly associated nodes, but
also all the membership information of the child Routers of its tree. By reaching a
ZigBee Router, Updating the MRT is very important as the proposed mechanism
relies on this table to decide if the multicast data will be forwarded by unicast or
broadcast, or instead it will be discarded.
When a node leaves a multicast group, all ZigBee Routers that are between the
leaving node and the ZigBee Coordinator (ZC) must delete the node address from
the GMs address. In the case when all the members have left the group, the
corresponding multicast group address entry must also be deleted from the MRT
table. Figure 6.6 illustrates an example of a joining operation where the ZigBee
Routers G and I update their multicast routing table accordingly, after nodes H and
K join the existing group. In this example, a network where Cm ¼ 4, Rm ¼ 4, and
Lm ¼ 3 is considered.
In this section, the Z-Cast routing mechanism for ZigBee cluster-tree WSNs is
detailed. The Z-Cast routing mechanism comprises two main operations depending
where it is implemented: (i) an algorithm to be implemented in the ZC to decide on
This section presents some practical considerations for the implementation of the
Z-Cast mechanism in IEEE 802.15.4/ZigBee. An important feature of Z-Cast is
that its implementation requires minor add-ons to the existing protocol.
The idea consists in classifying the 16-bit ZigBee address into two classes:
unicast addresses and multicast addresses. They are distinguished by the value of
the high-order 4 bits of the addresses: a value of 0xF (binary 1111) identifies an
address as a multicast address; any other value identifies an address as a unicast
address. Each device, upon the reception of a frame, reads the routing information
fields (Fig. 6.7) and checks the destination address.
If the destination address is a unicast address, the four high-order bits are
different from 1111 and the ZigBee tree routing algorithm will be applied. If these
four bits are set to 1111, it refers to the Z-Cast multicast mechanism. The multicast
routing algorithm should be implemented at the network layer like the cluster-tree
routing implementation and should return decision to the MAC layer.
If the routing destination address is a multicast address, the device must check
its multicast Routing Table to decide if the multicast packet will be routed to the
child devices or will be discarded. The fifth bit of the multicast address is reserved
to the ZigBee Coordinator ZC flag. If the ZC has received the multicast packet, it
sets the fifth bit to 1. Otherwise, this bit remains equal to 0. The multicast message
must be processed by the ZRs only if it comes from the ZC. Hence, upon reception
of a multicast packet, the ZR should check the origin of the multicast frame. If the
packet is coming from the ZC, the packet is processed. Otherwise, it will be routed
to the parent device until reaching the ZC.
In WSNs, while at the MAC and PHY levels of the classical ISO/OSI stack, the
protocols and algorithms are now well standardized, at the upper tiers of the
protocol stack there are still open issues and only recommendations from alliances
exist, like the ZigBee alliance [3, 11, 12].
However, in the ZigBee-like Cluster-Tree network architecture for real world
applications (see e.g., [8] and Chap. 8), it is often assumed that the flow of the
messages is only a point-to-multipoint downlink flow from the gateway (GW, or
the ZigBee Coordinator) to the rest of the nodes (e.g., for asking the nodes for
sensor readings or even propagate a new firmware for reprogramming purposes)
and a multipoint-to-point uplink flow backward (e.g., for sensor readings report).
Thus, only parent-child communication is really necessary1 and simple solutions
for routing can be applied, like the classical convergecast solution proposed for
ZigBee cluster tree (see Tree Routing in Sect. 1.3.3 or the Z-Cast solution in
Sect. 6.2.1). In this section a possible enhancement dealing with geographic
awareness is described.
In this case, a network like the one depicted in Fig. 6.82 is proposed. Assuming
the GW is the root of the tree, in general this device may also act as a special
cluster head (CH), having its own end devices (WSN Nodes) associated with it. In
Fig. 6.8, a two hop tree is considered, where each vertex of the tree is a Cluster
Head/ZigBee Router (CH, a.k.a. ZR) node. As a consequence, each vertex is
composed by a cluster of WSN Nodes, each of them having its own CH.
In Fig. 6.8, the connections among the nodes are represented using for the edges
of the graph two different line types: (i) the continuous lines indicate the final
cluster tree topology, where a node is associated to its parent, while (ii) the dashed
lines indicate that the nodes are in the communication range of each other, but they
1
If a node wishes to communicate with another node in the same Cluster Tree, the message will
follow the rigid structure of parent-child only communications, so reaching the appropriate level
in the tree before being forwarded to the correct branch toward its final destination.
2
The role of the Queried Area in Fig. 6.8 will be clarified later in this section.
6.2 Geographical and Multicast Routing for ZigBee Cluster-Tree Networks 123
Fig. 6.8 Position based routing over a cluster tree topology within a WSN
currently are not associated to each other, i.e., the link is inactive. The presence of
such redundancy in the links among the nodes constitutes the basis to implement
any form of robustness for communication protocols against link and node failures.
As a consequence, some CH are in the communication range with more than
one CH and the same applies to the WSN Nodes. As a matter of fact, the final tree,
where each node must choose only one parent among the alternatives it might
have, would be formed assuming some convenient metrics, like the link quality
[13] and the energy available on the nodes. Nevertheless, the cluster tree network
architecture is flexible enough to allow for mechanisms to dynamically rebuild the
tree topology by periodically checking the status of nodes and links.
The association of WSN Nodes within a cluster and among the CH with each
other up to the gateway is performed following the standard procedures defined for
the IEEE 802.15.4 protocol [2], where a cluster head is elected as a local WSN
Cluster coordinator and starts transmitting beacon signals to keep its child nodes
synchronized.
Assuming that each node knows its own position3 and communicates it within a
DATA packet, as soon as its association with a cluster-head is successfully
accomplished. Given these assumptions, a simple, efficient and scalable position
aware tree-based routing algorithm can be implemented in the cluster-tree archi-
tecture, as follows.
For the sake of simplicity in the exposition, let us suppose using coordinates in a
bi-dimensional reference system, i.e., each node has its own position expressed as:
Pi ¼ ðxi ; yi Þ; i ¼ 1; . . .; N
3
This can be done in several ways, either by pre-programming the nodes with their own position
or by configuring them at the deployment time (as done, e.g., in [14]) or by implementing a kind
of position discovery algorithm [15, 16]. In any case how each node would get its own position
estimation is out of scope of the present document.
124 6 Amendments to the ZigBee Protocol
where N is the number of nodes in the network and xi ; yi are the coordinates of the
node i, which can be either absolute (e.g., GPS coordinates) or relative (e.g., to the
position of the gateway).
When a WSN Node tries to associate to a CH in a WSN Cluster, it commu-
nicates its own position Pi to the CH, so that the CH can compute its served area,
by simply computing the rough area as a box B, such that:
B ¼ ½ðxs ; ys Þ; ðxe ; ye Þ
where:
The collection of the sensor readings, i.e., the flow back from the WSN Nodes
up to the sink gateway, can be implemented in the usual way along the tree, by
simply recognizing that each node communicates only with its parent. This
mechanism easily allows also for implementing data aggregation or even sensor
fusion at each vertex in the tree.
This mechanism is granted to reach all the nodes in a given queried area,
provided that there is enough network connectivity and with no or little topology
changes. It is scalable, provided that it doesn’t require any storage of neighbor
tables for routing, but only updated the local served areas on each CH. Its func-
tionality has been proved in a real-world environment in the frame of the EMMON
project, dealing with large scale WSNs (see Chap. 8 for an overview and [17] for
more details).
ZigBee security mechanisms fit very well with the security services provided by
the MAC layer of IEEE 802.15.4 [2]. Communications can be protected by means
of symmetric key encryption, in an end-to-end fashion. In particular, ZigBee
security relies on the Advanced Encryption Standard (AES) [18] and the CCM*
Mode (i.e. encryption and authentication). Also, two distinct security modes are
available, that is the Standard Security Mode and the High Security Mode. They
are discussed in more details, later in this section.
Security is provided on an end-to-end basis in a cross-layer fashion, that is both
from the Network (NWK) and the Application Support sub-layer (APS).
126 6 Amendments to the ZigBee Protocol
Specifically, the layer that originates a ZigBee frame is responsible for initially
securing it. ZigBee frames can be both encrypted and authenticated. In case
authentication is requested, an additional Message Integrity Code (MIC) is
appended next to the frame payload. Note that only data frames and command
frames can be secured, that is ACK frames are always sent in the clear.
Protected frames include an additional Auxiliary Security Header (ASH) just
before the payload. The structure of the ASH is shown in Table 6.2. The Security
control field indicates by means of which key an outgoing (incoming) ZigBee
frame has to be (is) secured, the MIC size in bytes (i.e. 0, 4, 8, 16) and whether or
not the payload is encrypted. The Frame counter field is used to verify frame
freshness and prevent processing of duplicate frames (anti-replay). When present,
the Source address field indicates the extended 64-bit address of the device
responsible for securing the frame. Finally, the Key sequence number field indi-
cates the key sequence number of the Network Key potentially used to secure the
current frame.
In order to activate security, the nwkSecurityLevel parameter must be set to a
value greater than zero. ZigBee security is based on the reuse of cryptographic
keys by different layers, in order to reduce storage costs. More specifically, in
certain cases APS frames can be secured by means of security material maintained
by the NWK layer. The APS layer deals also with key management (i.e. key
establishment and key transport) and provides device management services.
A Trust Center node, which typically coincides with the ZigBee Coordinator,
handles key management and other security services.
In order to protect communications within a ZigBee network, up to five dif-
ferent kinds of cryptographic keys are supposed to be used.
• The Network Key is used to protect NWK frames. It is the same within the whole
ZigBee network, and is typically generated by the Trust Center. It is supposed to
be periodically renewed.
• A Data Link Key can be shared between any two peers to protect APS frames.
• A Key-Transport Key is derived from a Data Link Key. It is used to protect
messages carrying a Network Key, in case of Network Key distribution or
renewal.
• The Master Key is a long term secret used during the Symmetric Key Key
Establishment (SKKE) protocol. However, it is present only in High Security
Mode.
• A Key-Load Key is derived from a Data Link Key. It is used to protect messages
carrying a Master Key. As Master Keys, Key-Load Keys are present only in
High Security Mode.
ZigBee frames generated at the APL layer are protected according to their specific
type. Figure 6.11 shows an example of protected ZigBee APS data frame.
• APS data frames are protected using either the Network Key or the Link Key
shared with the recipient node. More specifically, the actual key to be used
depends on the specific application profile which the particular data frame refers
to.
• Transport Key commands are used to carry cryptographic keys. The key used to
protect them must be selected according to the key to be transported and pro-
tected. For instance, Key-Transport Keys are used to protect Network Keys.
• Other APS commands are supposed to be protected by means of the Data Link
Key shared with the recipient node. In case such a key could not be retrieved,
the Network Key can be used. In the latter case, if the NWK layer is already
applying security (i.e. the nwkSecureAllFrames parameter is set to TRUE), then
the APS layer must not have to.
As stated before, ZigBee provides two distinct security modes. The Standard
Security Mode is designed for lower-security residential applications (e.g. Home
Automation scenarios). The Trust Center device is supposed to maintain a Net-
work Key and control network admittance policies. Besides, the Network Key is
either pre-installed on devices, or obtained unsecurely before joining the network.
Finally, potential Data Link Keys must be pre-installed, and almost no key
management functionalities are provided.
On the other hand, the High Security Mode is designed for high security com-
mercial applications. The Trust Center is supposed to maintain a list of devices,
Master Keys, Data Link Keys and Network Keys. In addition, the High Security
Mode mandates devices authentication and Link Keys establishment with the Trust
Center, by means of the Symmetric Key Key Establishment (SKKE) protocol, based
on Elliptic Curve Cryptography [19]. According to the SKKE, two peers agree on a
Master Key and exchange ephemeral quantities. Then they generate a common
Data Link Key by means of a Key Derivation Function, and confirm with each other
that the new key has been correctly established. Figure 6.12 summarizes the rela-
tionships among cryptographic keys in High Security Mode.
Each application profile describes also some clusters, i.e. sets of parameters and
commands (some mandatory) that devices have to use in order to interoperate
within the network. Nowadays, the most important and promising ZigBee appli-
cation profiles are Home Automation [11] and Smart Energy [12].
The ZigBee Home Automation profile [11] defines device descriptions and
standard practices for applications needed in a residential or light commercial
environment. In particular, it provides standard interfaces and device definitions to
allow interoperability among ZigBee devices produced by various manufacturers
of home automation products. Installation scenarios range from a single room to an
entire home. The key application domains included so far are lighting, HVAC,
window shades and security. Also, this profile primarily focuses on sporadic real
time control of devices. Other applications will be added in future versions. The
Home Automation profile refers to the ZigBee Standard Security Mode, and tends
to limit the key material only to the Network Key, discouraging auto key updates.
The ZigBee Smart Energy Profile (SEP) [12] provides device descriptions and
standard practices for Demand Response and Load Management Smart Energy
applications, and is tailored for residential or light commercial environment.
Possible scenarios include single homes or even an entire apartment complex.
Currently, key application domains are metering, pricing, and demand response
and load control applications.
SEP considers security as a major issue and includes precise mechanisms to
secure communications, as well as a proper Key Establishment Cluster [12].
Besides, it refers to the ZigBee Standard Security Mode, but provides several
improvements and enhancements. Each device has a pre-installed Trust Center
Link Key (TCLK), which must be provided to the Trust Center through out-of-band
means during device’s commissioning. Also, the Key-Transport Key TK is
obtained from TCLK. Finally, the Trust Center is supposed to provide a newly
joined device with the Network Key NK, protecting it by means of the associated
Key-Transport Key TK.
Once the new device has joined the network, the Trust Center must update the
pre-installed TCLK, that is a new Link Key LK must be established, in order to
protect data communications. The key establishment process is supposed to follow
the Certificate-Based Key Establishment (CBKE) method. Every device, including
the Trust Center, holds a certificate issued by a trusted Certification Authority
(CA). Specifically, devices hold implicit certificates, which do not include an
explicit signature by a CA, nor any public key. Thereby, implicit certificates are
supposed to be smaller than conventional certificates, as well as more efficient to
handle, since there is no signature to verify. Also, they make it possible to compute
the certified public key, which is retrieved by means of the CA public key. Note
that it depends on the specific implementation whether computing the certified
public key is more efficient than verifying a signature.
According to the CBKE method, two peers exchange their respective certifi-
cates as well as some ephemeral quantities. Then, they authenticate themselves
130 6 Amendments to the ZigBee Protocol
with each other, generate a common Data Link Key by means of a Key Derivation
Function, and confirm with each other that the new key has been correctly
established. Figure 6.13 summarizes the relationships among cryptographic keys
in ZigBee Smart Energy Profile.
Finally, SEP allows any two peers to establish a Data Link Key with each other.
In particular, since they both trust the Trust Center device, they do not need to
perform an actual key establishment. That is, they request a Data Link Key with
each other to the Trust Center. Figure 6.14 depicts two ZigBee devices receiving a
pairwise Data Link Key from the Trust Center. Note that devices which are not the
Trust Center would not be allowed to initiate key establishment with another
device that is not the Trust Center.
In the following, we point out some deficiencies and inefficiencies regarding the
ZigBee security mechanisms. In particular, we refer to the security features
described by the ZigBee Smart Energy profile [12], since it seems bound to become
the reference security model for most of ZigBee applications. First, we take into
account some issues regarding the key revocation and renewal upon devices’
leaving. Second, we discuss possible inefficiencies regarding the management of
devices’ certificates during the authentication process. More details about these two
issues as well as possible solutions are thoroughly discussed in [20].
Let us suppose a ZigBee device leaves the network. This could happen in case it
explicitly requests to leave the network, or it has been compromised and has to be
evicted. However, after being removed from the network, a former ZigBee device
still retains some security material. That is, it still owns the current Network Key,
the Trust Center Link Key, and potential Data Link Keys it has previously
established with other ZigBee devices. By exploiting these cryptographic keys, an
adversary would be able to overhear and actively take part in network commu-
nications. In addition, she might even perform severe routing attacks, as the
sinkhole or the selective forwarding attack [21]. As a consequence, it is vital to
revoke and potentially renew compromised security material, i.e. perform a net-
work rekeying, in order to keep on assuring secure communications.
Revoking the Trust Center Link Key and the Key-Transport Key the evicted
device shares with the Trust Center is a very simple operation, which does not
result in any particular issues. On the contrary, as to Data Link Keys shared among
a number of peer devices, neither the ZigBee Specification [3] nor the Smart
Energy Profile [12] specify what to do in case one of them leaves the network.
However, it would be wise to invalidate also all the Data Link Keys a leaving node
has established with other peer devices which are still members of the ZigBee
network. Unfortunately, ZigBee provides no mechanisms to explicitly inform a
device that another one has left.
As to the Network Key, ZigBee provides two ways to refresh it: broadcast-
based refresh and unicast-based refresh. In the broadcast-based refreshing, the new
Network Key is protected by means of the current one, and broadcast to all devices
with a single rekeying message. This is certainly an acceptable solution for pro-
tecting the Network Key periodic refreshing against an external adversary.
However, this approach is not acceptable for refreshing the Network Key upon a
device’s leaving from the network. In fact, in this case the current Network Key is
definitely compromised and cannot be trusted anymore. The unicast-based
refreshing can be used instead. In the unicast-based refreshing, the new Network
132 6 Amendments to the ZigBee Protocol
As stated above, SEP provides a key establishment process which follows the
Certificate-Based Key Establishment (CBKE) scheme, based on implicit public
certificates. Specifically, every ZigBee device holds a certificate issued by a
Certification Authority (CA), and uses it during the key establishment process. In
particular, the Trust Center and every newly joined device must authenticate
themselves with each other, by verifying their respective certificates.
Each device is provided with an implicit certificate and the public key of the
CA releasing the certificate, also called CA root key. As already explained, implicit
certificates include neither the subject public key nor a traditional CA’s signature.
In fact, the certified public key is computed from the implicit certificate by means
of the CA root key. As a consequence, each device is supposed to store the root
key of every possible certification authority releasing implicit certificates. We can
reasonably assume that a Trust Center has no storage limitations, and thus can
keep a large set of CA root keys. On the other hand, keeping a large set of CA root
keys could be a problem for ZigBee end devices, due to storage resources shortage.
6.3 Security Services 133
References
12. ZigBee Alliance, ZigBee Smart Energy Profile Specification, March 2011, www.zigbee.org
13. N. Baccour, A. Koubâa, L. Mottola, M. Zuniga, H. Youssef, C. Boano, M. Alves, Radio link
quality estimation in wireless sensor networks: a survey. ACM Trans. Sens. Netw. 8(4), 34:
1–33 (2012)
14. T. He, S. Krishnamurthy, L. Luo, T. Yan, L. Gu, R. Stoleru, G. Zhou, Q. Cao, P. Vicaire, J.A.
Stankovic, T.F. Abdelzaher, J. Hui, B. Krogh, Vigilnet: an integrated sensor network system
for energy-efficient surveillance. ACM Trans. Sen. Netw. 2(1), 1–38 (2006)
15. S. Tennina, M. Di Renzo, F. Graziosi, F. Santucci (2011). Distributed Localization
Algorithms for Wireless Sensor Networks: From Design Methodology to Experimental
Validation, Wireless Sensor Networks, (Ed.), ISBN: 978-953-307-325–5, InTech,
doi:10.5772/38731. Available from: http://www.intechopen.com/books/wireless-sensor-
networks/distributed-localization-algorithms-for-wireless-
16. S. Tennina, M.Di. Renzo, F. Graziosi, F. Santucci, ESD: a novel optimisation algorithm for
positioning estimation of WSNs in GPS-denied environments—from simulation to
experimentation. Int. J. Sen. Netw. 6(3/4), 131–156 (2009)
17. Emmon—Embedded monitoring, May 2012, www.artemis-emmon.eu
18. National Institute of Standards and Technology, Federal Information Processing Standards
Publication 197, Specification for the ADVANCED ENCRYPTION STANDARD (AES), Nov.
2001
19. Certicom Research, Standards for Efficient Cryptography: SEC 1 (Working Draft) Ver. 1.7:
Elliptic Curve Cryptography, Nov. 2006
20. G. Dini, M. Tiloca. Considerations on security in zigbee networks, in Proceedings of the
IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing
(SUTC), pp. 58–65, June 2010
21. C. Karlof, D. Wagner, Secure routing in wireless sensor networks: attacks and
countermeasures, in Sensor Network Protocols and Applications, 2003. Proceedings of the
First IEEE. 2003 IEEE International Workshop on, pp. 113–127, May 2003
22. A. Rafaeli, D. Hutchison, A survey of key management for secure group communication.
ACM Comput. Surv. 35(3), 309–329 (2003)
Part III
System Architectures and Applications
The reader is now ready to use the principles, tools and methodologies presented in
the previous parts to the design and implementation of efficient WSN-based
monitoring systems for real world applications. In this third and final part of the
book, few examples from our own experiences are reported.
The first one presents advances in Structural Health Monitoring (SHM) using
WSNs. SHM and damage identification at the earliest possible stage have been
receiving increasing attention from the scientific community and public author-
ities, since service loads, accidental actions and material deterioration may cause
damage to the structural systems, resulting in high administrative costs for
governments and private owners and, in some situations, loss of lives. As such,
there is an enormous eagerness to add sensing/actuating capabilities to physical
infrastructures like bridges, tunnels and buildings, turning them into smart
structures able to detect and respond to abnormal situations. The fact that
conventional sensor platforms use wires increases the cost of the monitoring
systems and creates huge difficulties in their installation and maintenance. In some
situations, it is actually not possible or not admissible to deploy wired SHM
systems, e.g., due to visual impact. Consequently, despite the challenges imposed
by SHM applications in terms of highly reliable and timely measurements
particularly for larger structures, WSNs have been emerging as a natural
alternative technology.
The second example focuses on engineering a end-to-end WSN-based system
for environmental monitoring. WSNs have attracted growing interest in the last
decade as an infrastructure to support a diversity of ubiquitous computing and
cyberphysical systems. However, most research work has focused on protocols or
on specific applications. As a result, there remains a clear lack of effective, feasible
and usable system architectures that address both functional and non-functional
requirements in an integrated fashion. In particular, our experience within the
EMMON [1, 2] project is reported and a system architecture for large-scale, dense,
real-time embedded monitoring is outlined.
136 System Architectures and Applications
The third and last example overviews the deployment considerations of a WSN
to monitor Data Center environmental conditions and power consumptions. Data
centers are a central piece of today’s Internet infrastructure and have become
critical for many medium and large organizations. A data center is a facility (one
or more rooms, floors or buildings) custom built to house large computing systems,
including networking, storage systems and also power distribution and cooling.
The operation of a data center is an instantiation of a Cyber-Physical System (CPS)
in the sense that it requires managing physical parameters, such as power and
environmental variables of the data center (e.g., temperature, humidity, pressure),
that are coupled with computations. This is especially true in future data centers,
where management of cloud-related workload will be performed more aggres-
sively. This workload management includes distributing or consolidating work-
loads throughout data center machines, and this impacts physical parameters
(power and environmental) of the data center in a very dynamic manner.
References
integrity of the structure. Hence, to scale the system, there is a need for a routing
mechanism that can cope with the tight synchronization requirements this appli-
cation imposes.
In particular, according to [2], the maximum drift between samples should be
computed as presented in Eq. 7.1:
Csi Csj 1 8i ¼ 1. . .N 6¼ j ð7:1Þ
fs
where Csi is the clock of the i-th sensor, N is the total number of sensors and f s is
the sampling frequency. Then, assuming the TelosB platforms [3] whose crystal
features a drift of 20 ppm in relation to its nominal frequency, for keeping the
drift below 5 ms, according to the application requirements, it would be necessary
to synchronize a node every 250 s at most. This result imposes the existence of a
synchronization mechanism in the WSN, so that all nodes have the same time
reference.
Fig. 7.1 Network tree topology showing 15 clusters and respective TDBS cluster scheduling
to cope with the new Cluster-Tree topology while carrying out the simultaneous
data acquisition is described next.
C2 represents the second cluster active in the cycle. The offset from the beacon of
Cluster-Head x to tsync is computed as follows:
Cx C
parent
Ttsync ¼ Ttsync TTDBSoffset
From its parent’s beacon, each Cluster Head will compute its offset using the
TDCS offset to its parent (TTDBSoffset , check Fig. 7.1). Each Sensing Node
belonging to the cluster will read the tsync information from the beacon of its
Cluster Head and set a timer to generate an interrupt at tsync at which time the
sensor node will be signaled for synchronization.
dCtsync
x
¼ TtCsync
x
dclock ;
where Ttsync ¼ nclusters Tsframe þ pTsframe xTsframe , being Tsframe the period of a
cluster’s superframe, equal to aBaseSuperframeDuration 2SO , dclock the expected
clock drift for the quartz clock in the device, nclusters the total number of clusters in
the network, and p the portion of superframe after the last cluster until tsync . Notice
this expression is only valid for this non-overlaping kind of cluster scheduling.
Since, the drift at each superframe is given by dsframe ¼ dclock Tsframe , we can
write: dCTsync
x
¼ ðnclusters þ p xÞdsframe
For cluster 12, for instance, assuming the example in Fig. 7.1, dCTsync 12
¼
15 dsframe þ p dsframe 12 dsframe ¼ ð3 þ pÞ dsframe
Since synchronization must be tight in this kind of applications, we must take
this drift into account at network setup time. Moreover, each Router throughout the
Cluster-Tree, will also present a drift while waiting for its time to transmit its
own beacon (after the parent’s beacon), defined by the parent to child drift
dCPCx ¼ xdsframe and will also impact our synchronization strategy.
On top of this, we should not neglect that since the arrival of each beacon, there
is a processing delay, defined by dCBPx Dd ¼ ddbeaconproc , being d the depth of the
7.4 Theoretical Analysis of the Scalability 141
device in the three and dbeaconproc the processing delay upon beacon reception,
which we assume as a finite constant value and was found experimentally. This
delay is even more significant for these kinds of devices with low processing
power. According to our reasoning, assuming a worst-case where all drifts will
sum, the drift for a device at cluster Cx at depth d is given by:
dCsync
x Dd
¼ dCTsync
x
þ dCPCx þ dCBPx Dd ð7:2Þ
As observed, the drift is independent of the position of the cluster in the TDCS
cycle. It only depends of the total number of clusters, and the cluster’s depth in the
tree. Table 7.1 shows some results obtained from Eq. 7.2, considering different
network scenarios and assuming p ¼ 0:67:
References
Abstract In this chapter, EMMON [1, 2], a system architecture for large-scale,
dense, real-time embedded monitoring is outlined. EMMON provides a hierar-
chical communication architecture together with integrated middleware (MW) and
command and control (C&C) software. It has been designed to use standard
commercially-available technologies, while maintaining as much flexibility as
possible to meet specific applications requirements. The EMMON architecture has
been validated through extensive simulation and experimental evaluation,
including a 400+ node test-bed in a real end-user environment, which is, to the best
of our knowledge, the largest single-site WSN deployment in Europe to date.
Moving from the exhaustive analysis of existing technologies and related work
available in [3] and from our own experience, the best practices to be applied to a
large scale and dense real-time system architecture’s design, such as EMMON’s
one, are as follows. (i) Keep it simple: simple solutions are easier to handle and
debug. Interacting with end-users helps identifying the appropriate requirements,
often leading to a reduction of the complexity. Example, it is useless to design
complex congestion control algorithms if the congestion probability is negligible.
Nevertheless, it is worthwhile to stress that ‘‘simple’’ doesn’t mean ‘‘trivial’’:
finding the simplest solution to achieve a goal might be a complex task itself!
(ii) Modular design: proceeding by steps in a modular design approach is of
paramount importance. Only the most basic system’s features should be included
in the first phase of the design cycle and their correctness evaluated through
analytical and simulation models, as well as experimental validation. (iii) Embed
tests in the design cycles: extensive tests using a test-bed should be included in the
design refinement cycles (test-it-fix-it). Many properties and problems appear only
in real-world deployments; therefore, it is paramount to deploy the test-bed in an
environment that exhibits similar conditions as the final deployment, as well as
tuning consistent simulation models. (iv) Interoperability matters: for example, the
best Medium Access Control (MAC) protocol may not fit with the best routing
protocol; therefore, assessing the interoperability between technologies is funda-
mental to evaluate the adequacy of each of them in the system frame. (v) Technical
maturity: in engineering projects, choosing mature technologies, extensively used
by the community, is the key for the success. (vi) Availability of expertise:
achieving interoperability among components requires a huge effort. Hence, it is
often preferred to use technologies for which knowledge is available within the
design team. (vii) QoS provision: predictable resource guarantees are achieved
through network models such as cluster-tree, rather than mesh-like. These network
models rely on the use of contention-free MAC (e.g., TDMA or token passing) and
tree-routing protocols as well as the possibility to reserve end-to-end resources.
The main goal of EMMON is to provide an architecture for WSN systems that is
scalable. The term ‘‘scale’’ applies to the number (fewer or more nodes in the
overall system), the spatial density (number of nodes in a restricted region), or the
size of the geographical region covered. The ability of a WSN system to easily/
transparently adapt itself with no or negligible degradation of overall system
performance1 to dynamic changes in scale is named ‘‘scalability’’.
By applying the best practices described in Sect. 8.1, building on the alterna-
tives identified in [3] and to cope with scalability issues while addressing QoS
requirements, the design approach is to ‘‘divide and conquer’’, i.e., to adopt a
hierarchical, multi-tier network architecture as sketched in Fig. 8.1.2 Furthermore,
following extensive consultation with experts from a wide number of fields [4],
EMMON adopts a fully geographical approach3: users specify the area from which
they want data, as opposed to the nodes that should be queried. EMMON’s main
characteristics are summarized in what follows and further detailed in Sects. 8.3,
8.4 and 8.5.
(i) The synchronized version of the IEEE 802.15.4 MAC is used at the lowest
tiers. By dividing the time into active and sleep periods, this MAC helps to
achieve the goals of timeliness, time synchronization and lifetime. Nodes are
synchronously active or sleeping, with a dynamically adaptable duty-cycle.
This enables to find the best delay/throughput vs. energy trade-off. Both best-
effort (CSMA/CA, during the CAP) and real-time (GTS, during the CFP)
traffic classes are supported.
1
End-to-end delay, throughput, security, reliability and lifetime.
2
Details on the Portable Device as an optional element at Tier-2.b are out of scope of this work.
3
The geo-routing has been already described in Sect. 6.2.2 as an amendment of the ZigBee
protocol stack.
8.2 EMMON System Architecture 145
(ii) WSN nodes are organized into a ZigBee-based Cluster-Tree network model
(Sect. 6.1), rooted at a gateway playing the role of the sink. A cluster-tree is a
hierarchical architecture per-se. However, to avoid collisions between
clusters, while meeting end-to-end deadlines of time-bounded data flows,
clusters’ active portions are scheduled in a non-overlapping fashion using the
Time Division Cluster Scheduling (TDCS) [5].
(iii) Assuming the Cskip-based Distributed Address Assignment Mechanism
(DAAM) (Sect. 1.3.1), for the upstream flows the tree-based convergecast
model is adopted: this means that routing has negligible memory footprint
and processing delay, since it does not need large neighbor tables. For the
downstream flows, tables are not needed either, since an efficient geograph-
ical-based routing has been devised (Sect. 6.2.2).
(iv) Data aggregation, sensor and data fusion mechanisms are implemented at all
levels of the architecture: (a) on the sensor nodes (SNs), by aggregating
multiple readings taken over time (temporal aggregation); (b) on the cluster
heads (CHs), by aggregating multiple readings coming from different sensors
or children CHs (spatial aggregation); (c) on the gateway (GW), where sensor
fusion is done by considering multiple reports coming from the CHs; (d) on
the C&C, where correlation of the incoming sensor reports with other
available data (e.g., current car traffic conditions in air-quality monitoring) are
enabled.
146 8 Environmental Monitoring
(v) A novel EMMON-specific middleware (Sect. 8.4) runs on all the elements of
the system: it glues all the components together, from the C&C clients to the
SNs, leading them to work properly over heterogeneous communication
technologies (Fig. 8.1). It also greatly helps in networking and system
management operations, thanks to its distribution of the intelligence as low as
possible in the network’s tiers.
(vi) The EMMON C&C subsystem is the interface for end-users (Sect. 8.5). It is
composed by a Server which leverages on the middleware to bridge the WSN
with a user-friendly graphical interface on the Clients.
The extensive analysis conducted in [3], constituted the starting point for the design
of an appropriate network architecture that achieves efficiency in large scale and
dense WSNs. In particular, according to the guidelines listed in Sect. 8.1, a number
of alternative technologies were evaluated, and the output was that such efficiency
is achievable if: (i) the network architecture is multi-tier and (ii) the widely used
IEEE 802.15.4 standard is adopted as short-range communication protocol.
While the adoption of the IEEE 802.15.4 standard is a natural choice, the use of
a multi-tier architecture raises a number of challenges. In particular, although
considered by far the best network design approach for the purpose, thanks to the
flexibility it offers, two issues must be tackled: (i) how many tiers and how many
communication technologies should be used, and (ii) what kind of nodes are the
most appropriate for each tier (e.g., in terms of energy and computation resources).
In order to achieve scalability and QoS, while maintaining a low level of com-
plexity in the network, several design decisions were made. At the higher tiers, the
Internet Protocol (IP) is used as the base networking protocol and the EMMON
architecture supports the case where gateways, equipped with, e.g., WiFi or 3G
radios, constitute a backbone (ad hoc) network or can communicate directly with a
remote C&C server over Internet (Fig. 8.1). At the lowest tiers, a clustered WSN
architecture is assumed, since clusters: (i) help localize routes and reduce the size
of the routing table, (ii) conserve bandwidth and prolong battery life through duty
cycling, and (iii) result in a reduction in coverage redundancy, medium access
collisions, transmission range and/or number of hops required to reach the sink [6].
While the random node deployment paradigm is appealing for large-scale
WSNs due to its inherent low deployment costs, if nodes are randomly scattered
some of them might be unreachable or have to use a very high transmission power
to maintain network connectivity, resulting in faster battery exhaustion. Hence,
8.3 Communication Protocol Architecture 147
EMMON assumes some control over node deployment; in particular CHs are
assumed to be placed in order to maximize the network connectivity. The system
also relies on nodes being position-aware: either they know their own position pre-
run-time (e.g., as a parameter configured at deployment time, as in [7]), or they can
estimate it [8].
Finally, given the type of applications targeted by EMMON and since no end-
user typically expressed requirements for peer-to-peer communication [4], hori-
zontal data flows are not supported. Therefore, EMMON only supports commu-
nication from nodes to the C&C (i.e., upward flow), to send measurements reports
and alarms notifications, and from the C&C to nodes (i.e., downward flow), for
disseminating user-defined operations, network management commands or to
reconfigure/reprogram at run-time group of nodes. Downstream control (i.e., for
actuation) or network management traffic may also be supported, if required.
Given the above design choices, the resulting EMMON architecture is as sketched
in Fig. 8.1. Tier-0 consists of simple wireless sensor nodes, performing sensing
tasks and delivering data to the devices at the upper tier in the hierarchy using the
IEEE 802.15.4 protocol. They are cheap enough to be deployed in large quantities,
therefore, we assume they have very limited computational, memory and energy
capabilities. Several SNs are grouped to form a WSN Cluster at Tier-1 in a star
topology, where a Cluster Head is responsible for cluster management and data
aggregation. CHs may be slightly more powerful than ordinary sensor nodes in
terms of computational and storage capabilities, and might have lesser energy
constraints (e.g., longer lasting batteries). Multiple CHs are grouped to form a WSN
Patch at Tier-2, where a fixed gateway is present. GWs have the highest compu-
tational capabilities in the WSN and have IP-based communication capabilities to
reach a remote C&C Server at Tier-N, as well as unlimited energy supply.
A WSN Patch adopts a Cluster-Tree model, with the GW as root and the SNs as
leaves. As discussed in Sect. 8.2, the synchronous version of the IEEE 802.15.4
protocol was chosen and the TDCS algorithm is used to preserve the coordination.
Recalling from Sect. 6.1, this mechanism involves the definition of the Start Time
values of the MAC protocol, such that the active portions of each cluster are
interleaved during the inactive portion of all the others sharing the same collision
domain, as in Fig. 7.1.
Finally, saying that inter-clusters collisions are avoided using time-division
means that we have implicitly assumed that every node belonging to a WSN Patch
operates on the same radio channel. A frequency-division approach is then
exploited to minimize inter-patches collision probability. Similarly to [9],
EMMON assumes that neighbor (or even overlapping) WSN Patches use distinct
radio channels, while channel re-use is allowed for any pairs of WSN Patches
distant enough from each other [10].
148 8 Environmental Monitoring
The middleware API was careful designed after consultation with environmental
monitoring experts from different fields [4] to capture the functionalities that are
required by them, thereby enabling the middleware to optimise its internal mech-
anisms’ non-functional properties. In particular, EMW provides a fully geograph-
ical data service, i.e., users specify the area from which they want data, as opposed
to the nodes that should be queried. Users can make use of three types of operations:
queries, reports and alarms, which provide data respectively once-off, periodically,
and when a user-specified condition is met. Figure 8.2 shows the API used to define
a report on street1, that will measure the CO2 levels every 2 min and report (via the
handler provided) the average of these values every 30 min. The optional QoS class
specifier allows users to specify QoS parameters, and the spatial aggregation
threshold is used to specify the amount of aggregation performed (c.f. Sect. 8.4.3).
Figure 8.2 also shows how an alarm is defined over a park, that will be triggered
when the temperature is above 50 for more than 2 min continuously. The
parameters normalTolerance and alarmTolerance specify the minimum
sensing period respectively when the alarm condition is not met and when it is.
Figure 8.3 illustrates these parameters: at time 0:00, the condition is not sat-
isfied, so the temperature is sensed normalTolerance later (1 min). At time
1:00, the condition is satisfied, so temperature is sensed again every alarm-
Tolerance (20 s), until 2:00, where the alarm condition is not met and the
period reverts to normalTolerance. At 3:00, the condition is met again, so
temperature is sensed every 20 s until time 5:00, when the condition has been
satisfied for 2 min and therefore an alarm is triggered (via the handler).
The middleware spans all the tiers of the architecture defined in Sect. 8.2. The
functionalities differ in every tier, with many of them being implemented on
several tiers, as can be seen in the overall architecture (see Fig. 8.4).
8.4 EMW: EMMON Middleware 149
Fig. 8.4 EMW architecture: the light blue boxes are components from other software layers.
White boxes were implemented for the first EMMON demonstrator [1]
data users are interested in, as discussed in the previous section, and that it is
possible to choose a suitable aggregation process that is simple enough to be
performed on even the most limited platforms as discussed in the next section).
To facilitate spatial aggregation, every reading is tagged with the area to which it
corresponds.4 As the devices at tiers 0 and 1 (sensor nodes and cluster heads) have
very low computational power, memory and energy storage, data aggregation
requires a process that can be performed iteratively, and runs even on the most
constrained nodes. An aggregation component that aggregates two readings only
when the subarea of the aggregated reading for which no data is available is
smaller than a user-defined threshold, spatialAggregationThreshold.
has been implemented.
Figure 8.5 illustrates this process. Cluster heads apply spatial aggregation (in
this case Minimum) first to the readings from the sensor nodes in their cluster, and
then aggregate the outcome with the values coming from their child cluster heads
(if they have any), provided that the area of the combined reading for which no
4
In the first instantiation, positions are statically defined, and the area associated with a reading
is the bounding box around the sensors it comes from.
8.4 EMW: EMMON Middleware 151
Fig. 8.5 Recursive spatial aggregation process: two readings are aggregated when the subarea of
their combined area for which no data is available is smaller than a user-defined threshold
The EMMON C&C is the most visible part of the system. It aims at enabling the
monitoring of a (large) number of sensors and provide all the functionalities
available in the WSN to end-users. For that, it is composed of two main com-
ponents: the Server and the Clients.
152 8 Environmental Monitoring
Fig. 8.6 C&C Graphical User Interface: it allows to define the monitoring areas for querying
real-time sensor measurements and see the historical data
The C&C Server is responsible for interacting with the WSN, storing the
measurements into a local repository and making them available to the C&C
Clients. It is a central repository which contains a module responsible for receiving
the data from the sensors, storing it in a database and notifying the clients of new
values. It also includes a middleware component that implements the middleware
API used to interact with the WSN. C&C Clients are the end points of the system,
showing (visually) the WSN data and providing functionality to interact with the
WSN. Unlike traditional software, the EMMON C&C Clients do not interact with
each sensor individually, but with monitoring objects (e.g., a room), which can
group several sensors (Fig. 8.6).
In the implementation of the C&C Client, the user can define simple monitoring
objects by drawing rectangles over a geo-referenced map querying the desired
information. This allows the visualization of real-time readings from the moni-
toring objects and corresponding historical data through a chart and in a table.
Actually, the EMMON C&C encompasses more features and services such as: (i)
Web services, to make the data received from the WSN available to external
systems and to allow external systems to provide data; (ii) the use of polygons
instead of rectangles to define monitoring objects and (iii) the possibility to specify
sensor class or tagging aggregation types.
This section provides a snapshot of EM-Set, the EMMON toolset, used to plan,
simulate and analyze the performance of the EMMON network. More details are
in [10].
8.6 System Planning, Simulation, Analysis Toolset 153
Fig. 8.7 EMMON toolset for network planning, dimensioning simulation analysis and test/
programming
154 8 Environmental Monitoring
5
Maximum number of hops between a SN and the GW.
8.7 EMMON Demonstrator 155
generation ratio (nodes use the contention-based access period and the contention
free period of the IEEE 802.15.4 superframe, respectively). BE traffic is intended
to simulate periodic sensor reports, while RT traffic accounts for alarm notifica-
tions. As a consequence, only CHs generate RT traffic: this reflects that only CHs
should reliably trigger alarm notifications toward the GW, by filtering out noisy
SNs readings.
The value of SO has been fixed to 4, which means an active portion of 960
symbols, while BO has been computed for each scenario by the TDCS tool, as well
as the set of CHs start times, in order to fit with the number of clusters (). Every
cluster in a WSN Patch is assumed to have the same value of the couple (BO, SO),
as in Fig. 7.1. Therefore, in the setup of Table 8.1, BO ranges between 7 and 9,
corresponding to beacon interval (BI) values of 2 and 8 s, respectively, and
duty cycles of 12.5 and 3.125 %, respectively.
As performance indices, the end-to-end (e2e) delay for BE (e2e-BE) and RT
(e2e-RT) traffic classes and the packet loss ratio are considered here, while other
available figures (e.g., per-node energy consumptions) are not shown, due to space
constraints.
The same experiments were run live into the test-bed. However, only best effort
traffic was generated, using the CAP portion of the IEEE 802.15.4 MAC. The
traffic was monitored through protocol analyzers with the help of sniffer tools
(Sect. 3.3) to compute the statistics for the e2e delay.
Table 8.2 shows an excerpt of the results related to network performance. In
particular, a subset of all the scenarios is presented with an increasing level of
network complexity, enabling the comparison between simulation and experi-
mental results for the e2e-BE delay, as well as between simulation and theoretical
worst case analysis for the e2e-RT. For the sake of comparison, since GTS slots
are allocated only to CHs, both e2e-BE and e2e-RT delays are computed as sum of
per-hop delays of messages sent from child to parent in the tree, recursively up to
the GW. The packet loss ratio for BE traffic only is also shown: these values
account for the number of packets whose sending failed after three retransmis-
sions. On the contrary, due to the design and setup choices (i.e., to assign GTS
slots to CH children only), RT traffic experienced no packet loss.
156
Table 8.2 Excerpt of results from the campaign defined in Table 8.1: simulation, worst-case and experimental results
Tot nodes r (clusters) R (SNs per CH) Rm Lm BO BI(s) CAP-best effort CEP-real time
Pkt loss (%) End-to-end delay (s) End-to-end delay (s)
Simulation Simulation Experimental Simulation Analytical
avg std max avg std max avg std max worstCase
25 5 5 4 2 7 2.048 0.56 1.73 1.12 3.73 1.32 0.36 2.06 1.95 1.13 3.92 5.82
45 5 10 4 2 7 2.048 2.39 1.80 1.12 3.80 1.59 0.40 1.99 1.97 1.13 3.91 5.82
65 5 15 4 2 7 2.048 5.53 1.81 1.12 3.82 1.67 0.38 2.14 1.97 1.14 3.91 5.82
85 5 20 4 2 7 2.048 8.48 1.82 1.13 3.83 1.68 0.56 2.19 2.00 1.15 3.91 5.82
101 5 24 4 2 7 2.048 10.20 1.83 1.15 3.84 1.71 0.53 2.35 2.04 1.14 3.90 5.82
97 17 5 5 3 9 8.192 2.47 13.96 5.52 36.03 12.99 5.16 45.70 14.65 5.35 34.02 41.86
257 17 15 5 3 9 8.192 10.29 16.28 6.58 47.02 14.45 5.30 23.53 41.86
401 17 24 5 3 9 8.192 13.08 16.38 7.49 44.20 14.61 5.36 23.53 41.86
97 17 5 3 4 9 8.192 2.75 22.56 12.89 109.90 18.84 5.89 23.85 23.63 12.89 68.73 69.87
257 17 15 3 4 9 8.192 10.84 23.86 12.53 116.30 22.15 10.70 62.82 69.84
401 17 24 3 4 9 8.192 13.32 20.97 9.67 54.85 19.17 8.14 55.62 69.84
97 17 5 2 5 9 8.192 2.14 23.18 9.03 38.97 25.14 7.87 95.38 24.44 9.00 57.97 94.76
257 17 15 2 5 9 8.192 10.49 27.11 11.47 75.04 24.79 9.17 52.78 94.76
401 17 24 2 5 9 8.192 13.16 28.22 13.02 78.44 24.17 9.44 54.93 94.76
121 21 5 2 5 9 8.192 2.23 23.08 9.04 39.13 24.29 8.91 57.34 94.76
321 21 15 2 5 9 8.192 10.28 26.30 11.58 76.18 23.95 9.49 54.08 94.76
501 21 24 2 5 9 8.192 12.84 27.15 12.35 67.63 23.92 9.39 38.89 94.76
8 Environmental Monitoring
8.7 EMMON Demonstrator 157
Although experimental results are available only for scenarios with up to 100
nodes, i.e., the maximum dimension of a single WSN Patch in the testbed, the
following conclusions can be drawn: (i) the statistics of the e2e-BE delay match
the experimental ones; (ii) the analytical tool for worst case dimensioning gives an
upper bound of the maximum e2e-RT delay; (iii) as expected, while the statistics
of e2e-RT delay are not influenced by the clusters’ size (R), for e2e-BE delay the
impact of a more crowded network becomes not negligible; and (iv) by looking at
the scenarios with C ¼ 17 and by averaging among the 5 values of R, a topology
with a wider ðRm ¼ 5; Lm ¼ 3Þ rather than a deeper ðRm ¼ 2; Lm ¼ 5Þ tree shows
gains in the e2e-BE and e2e-RT delays of almost 68.2 and 66.2 %, respectively.
Additionally, the difference in terms of packet loss for the same scenarios is
negligible. Finally, these results highlight that the EMMON network architecture
scales well with the number of nodes in a WSN Patch.
References
10. S. Tennina, R. Gomes, M. Alves, V. Ciriello, G. Carrozza, The dark side of demmon: what is
behind the scene in engineering large-scale wireless sensor networks, in Proceedings of the
14th ACM International Conference on Modeling, Analysis and Simulation of Wireless and
Mobile Systems, MSWiM ’11, pp. 41–50, ACM, New York, 2011
11. C.-J.M. Liang, N.B. Priyantha, J. Liu, A. Terzis, Surviving wi-fi interference in low power
zigbee networks, in Proceedings of the 8th ACM Conference on Embedded Networked Sensor
Systems, SenSys ’10, pp. 309–322, ACM, New York, 2010
12. Ekahau heatmapper—the free wi-fi coverage mapping site survey tool (2011),
www.ekahau.com
Chapter 9
Energy-Efficiency in Data Centers
Abstract Moving from a still on-going work [1], this section reports the progress
being developed towards energy-efficient operations and the integrated manage-
ment of cyber and physical aspects of data centers. In particular, an integrated
system composed by wired and wireless sensors is presented: it monitors power
consumptions of the servers and environmental conditions, with the goal of
achieving an overall reduction of data centers’ energy consumptions. As like as the
EMMON system (Chap. 8), the architecture proposed is intended to be hierar-
chical, modular and flexible enough to achieve high temporal and spatial resolu-
tion of the sensor measurements, with negligible latencies of sensors’ reports to the
data center management control station.Overall, the advantage of having fine-
grained power and environmental measurements in this application scenario is
twofold: (i) measuring the power consumption at the single server level has
enormous benefits for the business logic of data centers’ owners, since they can
offer services and billing to their customers based on the actual consumption, and
(ii) although there are in literature models to predict heat-flows used in com-
mercial Computer Room Air Cooling (CRAC) systems, those models often lack of
spatial resolution, so the availability of micro-climate conditions would help
improving those models as well as continue feeding them with real data will
improve the reliability and accuracy of their forecasts. Fine-grained measurements
are also the basis to provide different views of the system, each of them cus-
tomized to different users. The proposed architecture allows to set the desired
resolution of the readings upon user’s requests, for example to investigate some
problems in a specific area (row, room or floor) of the data center building. Every
single sensor can be configured by setting user defined alarms and trigger mea-
surements reports adaptively, by changing or (re-)configuring specific thresholds at
run-time.
The system architecture is divided into three main sections. (i) The data-producing
entities, such as the sensor networks, which gather environmental data, IT
equipment or building equipment, which gather the data from the environment,
and also power consumption data. The data from these sensor networks is deliv-
ered to a (ii) data distribution system that acts as a broker between the (iii) data
producing entities and the consuming applications (e.g., logger applications, alarm
monitor, user interface applications).
At the core of the architecture depicted in Fig. 9.1 there is a data distribution
middleware, which takes care of handling the data coming from different sources
such as the environmental and power sensors and deliver this data to the appli-
cations interested in them. The applications can be a data logger that gathers
historical information, visualization tools, alarms monitors or any other application
that can be developed in the future.
In the following subsections, the proposed system architecture is described in
more detail, highlighting each component of the data gathering, while for the data
distribution system interested reader can refer to [1].
measurements, the proposed architecture for the data collection is a mix of wired
and wireless technologies.
The WSN is a stacked multi-tier architecture, where each level represents a
network tier with the corresponding devices and communication technology used.
The lower level, Level-0 consists of sensor nodes, i.e., computational units with
several physical sensors attached, which perform sensing tasks and deliver data to
the devices at the next level in the hierarchy through a wired bus. At level-1,
cluster heads are responsible for querying the sensor nodes within their respective
cluster. A cluster is composed by one cluster head (bus master) and several sensor
nodes (bus slaves) attached to the wired bus. Then, these cluster heads are
responsible for data aggregation and sensor fusion. They communicate using IEEE
802.15.4/ZigBee with devices at the next level in the hierarchy. At the level-2 of
the network hierarchy, (environment) gateways are present. These devices have
the highest computational capabilities among the devices present in the sensor
network field. Gateways provide the data gathered from the sensor network to the
data distribution system in a standard format. Finally, in level-3, the data distri-
bution provides means to deliver the data gathered from the sensor network to the
applications. The data distribution system supports any number of gateways and
applications in a distributed and transparent way.
Sensor Nodes: starting from the bottom of the network architecture, a Sensor
Node is a communication/computation enabled device physically linked (e.g., over
a I2C bus) to a given number of sensors. These sensors are responsible for mea-
suring different physical parameters like, e.g., temperature, humidity, pressure, as
well as several power sensors to monitor the power consumption of each server in
the rack.
To keep the complexity low, at this tier of the Network Architecture, the Sensor
Nodes communicate with one Cluster Head over a bus, e.g., using a RS485/
MODBUS technology [2]. In particular, the Cluster Head node acts as a local
coordinator and master of the bus. The sensor nodes are deployed one each rack
and their sensors get measurements from all the elements of the rack.
Cluster Heads: the Clusters are connected with each other in a ZigBee/IEEE
802.15.4 mesh topology to form a WSN Patch, where a common Gateway is in
charge of gathering data and sending them over long range communication
technology (e.g., WiFi). In terms of HW platforms, the Cluster Head node is the
same platform as a generic Sensor Node, with an on-board ZigBee modem [3].
Gateways: The sensor network can have one or more Gateways. Gateways
maintain representations of the data flows from the sensor network to the data
distribution system. They perform the necessary adaptation of the data received
from the WSN. The gateways can be deployed as one per room serving all the
rows of racks in that room more gateways can also be deployed to improve radio
coverage, for load-balancing or for redundancy.
162 9 Energy-Efficiency in Data Centers
This section presents a first step toward enabling a large installation of wireless
communicating devices. It is often assumed that the presence of lots of metallic
surfaces (such as racks) and power cables suspended on the ceiling, makes a data
center room a harsh environment in terms of radio signal propagation. Therefore,
an analysis of the radio conditions of a typical data center has been conducted to
assess the validity of that assumption and evaluate its impact. The measurements
were performed in a data center (located in Lisbon, Portugal) owned by the largest
Portuguese telecommunications operator, Portugal Telecom (PT), which also
provides hosting and cloud-based services. The objective of such measurement
campaign has been twofold: (i) evaluate the available IEEE 802.15.4 channels for
the monitoring network to be deployed in the data center, and (ii) test the con-
nectivity among IEEE 802.15.4 radios in the field, in order to identify the
requirements for the formation of the network topology.
Firstly the background noise level, i.e., the possible interference on the monitoring
network due to external IEEE 802.11/WLANs has been monitored. To do this, a
frequency spectrum analyzer [4] has been used. As expected, there are only few
IEEE 802.15.4 channels in the 2.4 GHz band available. Channel 26, as it shown a
negligible interference from 802.11, was the preferred channel for the WSN
connectivity measurements. In general, these background noise measurements
show that the number of available channels in a typical data center might be low.
For the connectivity measurements, in this scenario 9 TelosB [5] nodes (a GW and
8 routers) running on batteries and 3 TelosB powered by USB, acting as sniffers
were used. The routers were placed at the top of the center rack of 9 rows on a data
center.
First, the connectivity between routers was checked. For this, the GW was
placed on a corner of the data center and the routers (R1 –R8 ) were left on the center
of the rows. This experiment tested that the chain among the GW and all the
routers was working, i.e., the GW started emitting beacons, R1 gets these beacons,
associates to the GW and start emitting its own beacons. Then R2 gets R1 ’s
beacons, associates with R1 and starts emitting its own beacons, and so on until R8 .
At run time, all routers were able to emit non-interfering beacons, on a time-
division fashion.
9.2 Data Center Radio Environment 163
Then, the 3 sniffer nodes were used to take measurements, as follows. First, the
3 nodes were placed on one half of the row and then on the other half of the same
row (being the 3 nodes spaced about 1.5 m apart from each other, where the one
furthest from the middle was 5 m from the center), then packets for 5 min were
collected in each half section of the row and repeated this procedure for 9 rows.
The measurements were performed by looking at a counter in the beacon
payload that was incremented each time a beacon was transmitted. By extracting
the source address and the counter in the beacons from the sniffers’ logs, the
packet loss probability on each measurement point and with respect to each router
was measured, as well as information about the Received Signal Strength (RSS) of
each received packet. By combining these data, it was possible to build maps of
the coverage for each beacon emitter. Figure 9.2 shows an example of such results
for the GW and the cluster head R1 . The packet loss is better than what one could
have expected: in general the majority of the routers was able to cover half of the
room with negligible losses (i.e., packet loss ratio \ 2 %). Only spots of con-
nectivity loss areas were evidenced, e.g., in proximity of a pillar in the room: these
conditions can be resolved by planning accurately the position of the cluster heads.
9.3 Remarks
This study enables to understand better the radio conditions. These findings are in
line with those of previous work [6, 7]: even in a data center room of reasonable
dimensions, each wireless node could interfere with up to 65 % of the nodes.
Then, having too many nodes interfering with each other is an obstacle toward
gathering sensor readings with high temporal resolution, and this needs to be
considered in the design.
Overall, this architecture, which mixes wired and wireless technologies in a
modular and flexible fashion, enables interesting trade-offs between fine-grained
monitoring and low-latency.
References
1. N. Pereira, S. Tennina, E. Tovar, Building a microscope for the data center, in 7th
International Conference on Wireless Algorithms, Systems, and Applications (WASA 2012),
Yellow Mountains, Aug 2012
2. Modbus over serial line—specification and implementation guide-v1.0 (2002), http://
www.modbus.org/docs/Modbus_over_serial_line_V1.pdf Feb 2002
3. Zigbee modules and mesh modules (2012), www.digi.com/products/wireless-wired-
embedded-solutions/zigbee-rf-modules/zigbee-mesh-module
4. Metageek’s wispy, www.metageek.net/products/wi-spy
5. Memsic, TPR2420CA TelosB Mote May (2013), www.memsic.com/wireless-sensor-networks
References 165
6. C.-J.M. Liang, J. Liu, L. Luo, A. Terzis, F. Zhao, Racnet a high-fidelity data center sensing
network, in Proceedings of the 7th ACM Conference on Embedded Networked Sensor Systems,
SenSys ’09, (ACM, New York, 2009), pp. 15–28
7. B. Weiss, H.L. Truong, W. Schott, T. Scherer, C. Lombriser, P. Chevillat, Wireless sensor
network for continuously monitoring temperatures in data centers. IBM RZ 3807 (2011)
Chapter 10
Conclusions
assignment methods (Sect. 5.1), or (iii) by avoiding the impact of hidden terminals
in wireless communications (Sect. 5.2), (iii) to classify the network traffic into
several priority levels rather than only two (Sect. 5.3), (iv) to minimize the energy
consumption while achieving QoS requirements through an appropriate scheduling
of the nodes activity periods (Sect. 6.1), and (v) to address the nodes based on
some common property (Sect. 6.2).
Finally, the third part of the book takes advantage of all the lessons learnt in the
previous chapters to show the reader several examples from our own experience in
real-world network design and deployment. The application domains range from
structural health (Chap. 7) to environmental (Chap. 8) and data center (Chap. 9)
monitoring. The heterogeneity of these case studies clearly demonstrates how the
solutions offered by the chosen technology as well as the developed methodologies
and tools are flexible to adapt with a minimal fine tuning of the parameters to
several application domains.
Overall, once again, we believe this book will serve as a baseline reading
material for students and researchers as well as a reference to orient system
designers in this area.
About the Authors