Formal Approach for Modeling, Verification and Performance Analysis of Wireless Sensors Network

. The Control of energy consumption by sensor networks and the maximization of the sensor network lifetime are the most fundamental issues. Due to the variety of protocols dedicated to the different sensor’s layers and the difficulty of a real network deployment, designers need some mechanisms and tools to validate the energy consumption and to observe its impact on the network’s lifetime before deployment. In this context, we have proposed a modeling approach considering the global behavior of a sensor network and allowing the estimation of the network's energy consumption. This approach is based on the concept of components oriented modeling and the expressiveness of Colored Petri Nets (CP-NET). Thus, the global model representing sensor behavior is obtained by interfacing different models each one representing the behavior of a particular component of the sensor. In this work, our interest was firstly focused on the radio because it’s the most energy consumer. When observing the node functioning, we show that the radio behavior is mainly controlled by the MAC component. Therefore, we were also interested in MAC component. The generated model has been used to estimate the energy consumption and to evaluate the network lifetime. Adopting the oriented components modeling approach, we may obtain two global models, where only MAC protocol change. Obtained models, representing the behavior of mostly used MAC protocols, allow comparing the impact of these two protocols on the network's global behavior and particularly on its lifetime.


Introduction
A wireless sensor network (WSN) is a wireless network consisting of spatially distributed autonomous devices using sensors to cooperatively monitor physical or environmental conditions, such as temperature, sound, vibration, pressure, motion or pollutants, at different locations [10]. The nodes are small in size and communicate wirelessly in short distances. These tiny nodes can perform sensing, data processing and communicating. A large amount of node's energy is used when sensing the field and uploading or communicating the sensor nodes readings to a central user location known as base station.
In addition to their application diversity, sensor networks may be deployed in a variety of physical media, including air [10], liquids [4], and physical structures. Providing efficient network functioning in different situations requires nodes collaboration. Many protocols have been developed to adapt the WSN performance to a subsets of sensor network scenarios. Selecting the appropriate protocols to a particular network scenario is a challenge in itself. Thus, given the increasing sophistication of WSN algorithms -and the difficulty of modifying an algorithm once the network is deployed -there is a clear need to use formal methods to validate system performance and functionality prior implementation.
Advanced WSN algorithms present a set of challenges to formal analysis tools: 1) Modeling time-dependent behavior. WSN algorithms may use timers; message transmission may be subject to message delays, etc. In addition, lifetime of the network is often a crucial goal, requiring power consumption modeling which is time depending. 2) Considering different geometric entities such as locations, distances, etc.
3) Modeling different forms of communication. The frequently used model of communication is the broadcast where only nodes within a certain distance from the sender receive the signal with sufficient signal strength. In addition, the broadcast may be subject to transmission delays. The details that need to be modeled depend on the algorithm and its level of abstraction. 4) Incorporating probabilistic behaviors. 5) Simulating and analyzing systems with a large number of sensor nodes scattered randomly in a sensing area. 6) Analyzing correctness and performance are critical aspects. Furthermore, the formalism should be intuitive and should support specifying appropriate abstraction level. In this paper, we advocate the use of Colored Petri Nets (CP-nets) [3] for the formal specification, simulation, and further analysis of WSNs behavior. CP-nets were choose as they allow to model events driving behavior (message sent, environment sensing ...). They also allow to take into account all WSN's aspects in the same formalism: the hardware that implements a single node; the protocol layers; the application code and the physical environment as viewed by nodes. A WSN is composed of a set of identical node. Thus, it's interesting to model the behavior of a specific node and then instantiate it, based on the number of the nodes composing the studied WSN, to obtain a global model of the WSN. CP-nets allow such instantiation so easily using colored tokens. Moreover, CP-nets authorize hierarchical modeling, possibly with different levels of details. Thus, the global model may be modularly built. Such possibility allow to easily substitute sub-models specifying the same component functioning. Based on such ability, it will be possible to compare the impact of specific component on the same context. Another advantage, and not least, is that the numerous existing CP-nets analyze tools may be exploited to formally validate the model. Exploiting the proposed model, we can formally analyze the global safety properties of the network.
In a previous work [16], we have presented a CP-nets model representing the global behavior of a specific WSN. The difference, compared to the work presented in this paper, is that the new work introduces a generic modeling approach which may be adapted to model any considered WSN. Moreover, energy model has been introduced in this new model since energy aspect is very important for WSN.
The remain of the paper is organized as follows: section 2 presents a survey of existing approaches considering the WSNs validation and particularly works based on Petri nets. Section 3 presents the proposed generic CP-nets model representing the WSN behavior. Section 4 shows experimentation and performance analysis of the proposed model. Finally, section 5 concludes the paper.

Related Works
Due to the increasing sophistication of the algorithms dedicated to WSN and the difficulty of modifying an algorithm once the network is deployed, there is a clear need to validate system functionality and performance prior to implementation.
Different existing approaches based on simulation [1] enable rapid exploration and validation of system designs before deployment. The formal validation of the WSN performance has also been considered by existing works. Based on the considered requirements (performance evaluation or model checking purposes), a specific modeling technique is selected and employed. Petri nets were one of the adopted models for WSN modeling. In [8], Petri nets were used to model the validity of an encryption scheme applied to WSNs. In [4], a CP-net model was exploited to analyze the behavior for one of the routing protocols (Vector Based Forwarding) in WSN. The authors of [6] described the data flow of WSN using generalized stochastic Petri nets (GSPN). Obtained model was used to analyze the impact of data aggregation on network latency and consequently in sensor's battery life. However, the proposed model didn't show a real estimation of node's energy consumption. In [10] authors proposed two methods to model the processor's energy consumption: Markov chains, and Petri nets. They demonstrate that the use of Petri nets is more accurate than the use of Markov chains. Using Petri nets they developed a model of a node that can accurately estimate the processor energy consumption. The global WSN model can be obtained by the composition of the node models. This paper has only focused on the processor energy consumption and didn't consider the other components consumption.
There are many other works related to the modeling and the analyzing of WSN [2], [6].
The major drawback is that most of existing works [13] have considered specific modeling problem. Generally, they represent the behavior of a specific protocol (routing, MAC...). In most case, the proposed model is based on an ordinary Petri net which not exploit the CP-nets features to obtain more compact model. By observing the behavior of the various nodes' components, we can notice that they are too dependent on each other. Thus, to observe the real impact of a specific component on the network behavior, a global model must be used.
To our knowledge, Glonemo [9] is the only existing approach modeling the global behavior of a WSN based on a formal model. Moreover, it is the first work interesting to formally prove the maximization of the networks lifetime. In the presented model, each component of the node is modeled by a dedicated automaton. The overall model of each node results on the product of the different automaton representing the behavior of the various components of the node. Similarly, the model representing the global WSN behavior is the product of all nodes automaton. The problem of the state explosion is the major constraint of this approach. In this case, generating all the system's states and above checking the desired properties is too difficult even impossible.
To avoid state explosion constraint, we present a formal generic modeling approach, based on CP-nets, allowing to represent the global WSN behavior. The use of CP-nets allows defining a generic model representing the behavior of a specific component. The global model of the studied WSN is obtained be instantiating the CP-net model associated with each specific component. Such initiation is made using the initial marking of a subset of places. Using such approach, interfacing (synchronizing) all models, representing the behavior of the WSN components, is directly made based on the CP-nets semantic.

Proposed CP-net model representing WSN behavior
Based on the WSN characteristics, a components oriented modeling approach may be adopted during the development of the proposed model. Indeed, the behavior of a particular node is defined through a synchronization of all its sub-components. Hence, modeling separately each sub-component behavior and then interfacing interacting components seems to be a convenient method. Consequently, the global model is built more easily. Based on such approach, we can easily alter and obtain a global model where only a subset of components changes. The generated global models allow comparing two solutions where only a subset of component changes (such as the MAC protocol, for example) in a realistic context. Based on the obtained results, designers may choose the most suitable components according to the application's objectives. The proposed model must also allow studying properties related to energy consumption and their impact on the network lifetime before the deployment of the WSN. Thus, proposed model must include appropriate techniques to reliably estimate energy consumption.
The proposed approach which may be followed to obtain the global model of the WSN will be introduced based on two components of the node's behavior: radio and MAC components. In fact, as previously shown one of the major objectives of this work is the study of energy consumption and its impact on the network lifetime before deployment. Our interest was firstly focused on the radio because it's the most energy consumer. Seen that the radio behavior is mainly controlled by the MAC component. Therefore, we were also interested in this component. The proposed model was developed based on a hierarchical approach. The decomposition of the global component model is performed according to a functional approach. A local sub-model is associated with each function detailing its achievement. The high-level of the model represents the basic functions as standalone modules. It is simplified and gives an overview of the system that is being modeled. In the high-level model, each sub-module is represented by a substitution transition. Each module (specifically each of the substitution transitions) is associated with a CP-net describing its realization. Models associated with those different modules are synchronized through fusion places.
All presented modeling specificity is fairly general, so they could be applied to various WSN applications and protocols. For constructing and analyzing the model, CPN-Tools is used.

3.1
CP-net modeling the radio component By observing the functioning of the radio component (transmitter and receiver), we distinguish four states:  Idle state: where the radio is on, but it is not really exploited. In other words, the node is not currently receiving or transmitting. This state induces a great waste of energy due to the passive listening of the channel.  Sleep state: where the radio is turned off. In this state, energy is saved.  Transmission state: where the radio is transmitting a packet.  Reception state: where the radio is receiving a packet.
When functioning, the radio component transit from one state to another based on input events. While it is in a particular state, the radio consumes energy. To consider this consumption, a power value is associated with each state. By multiplying this value to the time spent in the specific state, we obtain the energy consumed during the period of stay in this state. We have also associated with each transition, between two different states, the time and the amount of energy required for its firing. By multiplying these two parameters, we obtain energy consumed for the achievement of the state's transition. To calculate the energy required to reach destination state from a source state, we have defined the following function:

Eng = (CT -TE)* PE + (PT * TT)
Where  CT: the current time  TE: time of entry to the starting state  PE: power value associated to the current state  PT: the power associated with the transition  TT: time needed to transit from the source state to the destination state.
The first term of this equation computes the amount of energy consumed in the previous state. The second term represents the amount of energy required to reach the destination state from the source state. So, the residual energy of node may be updated by subtracting the energy consumption devoted to both: the state and the transition (calculated based on equation 1). Such abstraction allows to easily model a real estimation of the nodes residual energy. More elaborate equation can also be considered. Only in this paper, we are interested in the modeling approach and not in the energy consumption estimation. As described above, the model representing the generic behavior of the radio component includes four substitution transitions as shown in Figure 1 (the high-level of the radio model). Each substitution transition models a generic function:  The substitution transition "Sleep" models the passage to the state "Sleep".  The transition to the state "Idle" is modeled by the substitution transition "Idle".  The transition to state "Transmission" is modeled by the substitution transition "Transmit".  The substitution transition "Receive" models the transition to state "Reception".

Fig. 1. The CP-net modeling the behavior of Radio component
A substitution transition is enabled when at least one of its internal transitions is enabled. A sub-CP-net is associated with each of these substitution transitions refining its realization. Due to the paper limitation, we will not detail all the subnets associated with those transitions. Note that each sub-net included a place "SensorEng" associating with each node its residual energy. Those places are fused. Thus, they handle the same tokens providing a real estimation of the nodes remaining energy.

3.2
CP-net radio transmit The subnet associated with the substitution transition "Transmission" is represented by Figure 2.
The occurrence of a token in the place "Order to send" indicates that the node has a message to send and it has already found the Channel Free. Therefore, the node will fire the transition "S-trans", "I-trans" or "R-trans" depending respectively whether it was in the state "Sleep", "Idle" or "Receive". The place "Order to send" allows interfacing the transmission radio model with external models particularly the MAC model. Indeed, when the application generates a message to be send, the MAC layout first verifies that the channel is free. If it is the case, the MAC component will order the radio to transit to the transmission state. Thus, the input place "Order to send" in the transmission radio model must be fused with the equivalent output place in the MAC component model.
Firing each of those transitions consumes time and energy. Thus, we have associated with each of those transitions a function computing this consumption as described above (section 3.1). We can then update the residual energy of the node modelled by a token in the place "SensorEng". This computation is modelled by the functions "TrSleepTrans", "TrReceiveTrans" and "TrIdleTrans" associated respectively with the transitions "S-trans", "R-trans" and "I-trans". When the node enters each of these states, the time of entry will be memorized in the token indicating the state of the node.

CP-net modeling the MAC layer
The radio functioning is the main source of energy consumption and the activity of this component is widely controlled by the MAC layer. The activity of MAC protocols may be divided in two phases: transmission and reception control. These two phases are independent on how they are implemented by the specified MAC protocol.

Fig. 3. The subnet "MAC transmit"
For transmission control, the MAC protocols verify that the channel is free for transmission, reserve it, alert the destination node of the message and really transmit the message when the destination is able to receive. For reception control, the MAC protocols periodically verify if there is any message destined to the node. When there is such message, inform the transmitter node that the node is able to receive and then receive the message and send an acknowledgement message.
The previously given description is independent of how each sub-step is implemented. The previously presented sub steps interact with each other and with external components. Based on this generic description a generic model has been associated with each MAC protocol phase: transmission and reception control. When these models are presented, we will mainly focused on how each sub-model was interfaced with external ones.
The generic behavior of the transmission control phase in MAC protocols is modelled by the CP-net of Figure 3. A node, which has a packet to send (modelled by a specific token in the place "Alert msg to transmit"), should therefore precede the transmission of its packet by an alert phase. During this phase, the transmitter node must inform the destination node that it has a message destined to it. All nodes not concerned by this message may switch off their radio, during the transmission period, to save energy. Alert phase should be longer enough to ensure that the destination node will be informed. This sub-step is modelled by the substitution transition "Alert to transmit". The input of this transition is that the channel is free and the transmitter node is already in transmission state. The first information is modelled by the tokens in place "Channel free". This place is fused with the equivalent place in a model representing the verification of the channel and its allocation to the asker node (substitution transition "Check channel"). The second information is modelled by the tokens in the place "Transmit" fused with the same place of the subnet Transmission. The output of this substitution transition is the authorization of the transmission modelled by a token in the place "CTS". When alert phase is achieved, the MAC component begins message transmission (modelled by the substitution transition "Transmit Msg") when it has already received the permission from the destination node. At the end of the transmission phase, the transmitter node waits for an acknowledgement message before returning to the MAC idle state. Reception of the acknowledgement message and its processing is modelled by the substitution transition "Ack reception". The implementation of each substitution transition will depend on the specificities of the chosen MAC protocol. Due to the paper limitation, we will not detail them. However, the interface places are always the same.
The generic behavior of the reception control phase in MAC protocols is modelled by the CP-net represented by Figure 4. The first sub-step of this phase models the nodes wake-up and the channel probation. Indeed, nodes are assumed to be the most of time in a radio sleep states to save energy. Periodically, each node wakes-up and probes the channel. If it detects a signal on the channel informing that there is a message destined to it, the node remains listening in order to receive the data packet after sending a clear to send control message to the transmitter node. Message reception represents the second sub-step of the reception phase. At the end of the reception, the receiver node sends an acknowledgement message to the transmitter node to accuse the correct reception of the data packet.  In the CP-net model "Mac Receive", the first sub-step is modelled by the substitution transition "Wake up and probe". The second sub-step is modelled by the substitution transition "Receive Msg". The last sub-step is modelled by the substitution transition "Transmit Ack". In the same way as MAC transmission phase, the implementation of each substitution transition, modeling MAC reception sub-steps, will depend on the specificities of the chosen MAC protocol. The places described in Table 1 allow interfacing this model with the models of external components.
Adopting the oriented components modeling approach and based on the expressive power of CP-nets, we presented global and hierarchical generic models representing the behavior of two particular components of a node: radio and MAC components. The high level subnets are independent of the modelled components specificities. Indeed, all radio components despite their diversity, transit between four states. In the same way, all MAC protocols distinguish two phases: transmission and reception control. Each of these phases includes the same subset of sub-steps as shown above. However, the subnets modeling the achievement of each sub-step will depend on the chosen components. Based on such properties only subnets associated with substitution transition will be modified to model the specificities of chosen components. Interfacing places are always the same as described above.
All presented models may be instantiated according to the number of nodes composing the final network to be studied. The instantiation is made through the initial marking of the CP-net. For example, to model a WSN including 5 nodes, the place "Sensor" will handle 5 tokens specifying the identities of the nodes. While place "SensorEng" will handle 5 tokens associating with the identity of each sensor its initial energy reserve. Thus, we note that obtaining a global model representing the WSNs behavior is very simplified. We don't need to duplicate or to synchronize the subnets, as it is the case with Glonemo model. Therefore, the presented model is not constrained by the problem of states space explosion.

MODEL EXPLOITATION
As the model is executable, it may be simulated. The simulated network is composed of 6 nodes including the base station. Nodes were deployed randomly in a rectangle area of 500*500 2 . Table 1 presents the different parameters used to evaluate our network's performance. During the simulation, we can observe the energy spent and the correct messages transmission from the source node to the base station. A set of monitors can be integrated to the CP-net model to observe its simulation and produce output files which may be used for drawing curves. Simulation may be also used to estimate the network lifetime and to compare and choose the appropriate protocols (routing, MAC, activity scheduling...) to prove their efficiency regarding the considered application.

4.1
Impact of MAC protocols on sensor's energy consumption In order to observe the influence of MAC protocols, we simulate two network models where only the MAC subnets change. The topology of the simulated WSN is represented by Figure 5. In the simulated WSN, we assume that initially all nodes have the same energy reserve. We assume that node 1 has two data message to transmit to the base station. Simulations stop when the second message sent by the node 1 reached the base station. Table 2 shows the simulation results.
The first MAC protocol simulated is the B-MAC [17]. This protocol uses the preamble sampling technique to reduce power consumption during idle listening. In other words, the transmitter should precede the sending of its packet by a long preamble in order to ensure that its receiver is waked. WiseMAC [15] is the second MAC protocol simulated. Based on the information of the sampling schedule of directs neighbors, transmitter node may use a shorter preamble. The sleep schedules of the neighboring nodes are updated based on specific information included in the acknowledgment message (ACK). Table 2. Energy consumption for two messages transmission the use of a long preamble is necessary to both models (for WiseMAC sampling schedule information is not already known). These transmission costs 384678 µjoules. For the second transmission, the cost of energy remains the same using the B-MAC. However, it decreased to 86740 µjoules using the WiseMAC protocol. Indeed, knowing the wake-up period of its direct neighbor, the transmitter avoids sending a long preamble consuming a lot of energy as it is always the case with the protocol B-MAC. Fig6 shows the different level of energy consumption for each node after the reception of the second packet by the sink node. Noting that, we measure the energy consumption only during the transmission of an event. However, if we simulate our network model for a long period we may show an important difference between the two protocols.

4.2
Calculating worst case of the WSN lifetime The developed CP-net may be also used to estimate the worst case of the WSN lifetime which corresponds to the shortest network's lifetime. Whereas, we must first choose the criteria that defines the loss of this network. Indeed, the life of a network is always determined relative to a particular criterion: either the first node is dead or when no more nodes have remaining energy or when the network is no longer connected. For our simulation, we choose the first criterion. In other word, we will stop simulation just after the first node's battery exhaustion. In our case, only the node 1 is assumed to have alert message destined to the base station. We suppose that the initial energy reserve of all nodes is equal to 1 Joule. For this simulation, we study the impact of chosen MAC protocols on the network lifetime. Based on these results, we show that the use of WiseMAC protocol increases the lifetime of the network compared to the B-MAC protocol. In addition, observing previous results, we see that the total number of messages sent by node 1 during its lifetime when using the WiseMAC is much greater compared to B-MAC protocol. So, we can conclude that the WiseMAC guarantees the network efficiency as it ensures a long lifetime.

CONCLUSION
This paper has presented a CP-net modeling approach considering the global behavior of a WSN. We have particularly focused on two specific WSN components: radio and MAC component. We have introduced the high-level nets modeling the generic behavior of these components. These models include the different places interfacing them with external components models. We also explained how to easily replace a subset of models to observe their impact on the whole WSN behavior. Indeed, the proposed formalism is based on an oriented components modeling approach. Thus, each sub-net is developed separately and then interfaced with other components. The major work must be done to define the input and the output interfacing places of each model. The proposed model may be easily instantiated, through the initial marking of a subset of places. Instantiated CP-net models the global behavior of the whole WSN depending on the nodes madding the studied network. The simulation is feasible for hundreds of nodes. The simulation studies presented in this paper allowed verifying the impact of the chosen MAC protocol on the WSN lifetime. The comparison of two models, where only the sub-net of the MAC layer changes, helped to see that WiseMAC protocol increases the lifetime of the network by 36% compared to B-MAC protocol. Moreover, since the model is based on a formal model, formal validation techniques may be exploited. We are working on the exploitation of existing formal verification tools, to validate the behavior of the studied model.