United States Military AcademyWest Point, New York Ancile: A Framework for Pervasively Shared Situational Awareness Fernando Maymí Fernández Ph.D. Student Ph.D. Program in CISE University of Puerto Rico, Mayagüez . Manuel Rodríguez Martínez Advisor Department of Electrical and Computer Engineering University of Puerto Rico, Mayagüez . EXPERIMENTAL RESULTS The results of our simulations in show that, in the absence of any centralized control, the nodes can make good routing decisions based on geography, power, and network topology that yield good delivery rates at a low total cost. Furthermore, the fact that these decisions are made with no knowledge of the network’s topology means that the nodes don’t need to maintain information on the locations or movement of any other nodes, which is significant for military applications since it reduces the amount of sensitive information in each node. Significantly, we have seen that our approach yields results that are no worse than those of another well-known and accepted protocol, LBM. As the distance traveled by the message increases, in fact, our approach seems to incur a lesser cost than LBM. With further refinements, we hope to make the use of utility functions for geocasting even more efficient and reliable. ABSTRACT Ancile is a distributed architecture for information sharing that satisfies the needs of tracking personnel and notifying them of events of interest in their vicinity. It was successfully demonstrated to be effective in notifying soldiers to mortar rounds that were already in the air; the soldiers who would have been hit by the rounds had sufficient time to leave the impact area before the rounds struck. Our current research is producing knowledge about how a mobile ad-hoc, peer-to-peer, distributed geospatial database management system might work in extremely challenging conditions such as those found during disaster response or in combat. This novel research could dramatically change the manner in which we conduct such operations. INFORMATION EXCHANGE When portable units come within range of each other, an information exchange takes place that allows each unit to determine what, if any, information it should share with its neighbor(s). At the heart of this process is the identification of specific information items that are of local (both temporally and geographically) interest to a device. While the locality is easy to quantify using a number of factors such as position, time of day, direction and speed of travel, it is significantly more challenging to describe what, exactly, is of interest. FRAMEWORK OVERVIEW The Ancile network is centered on a number of top-level information stores wherein data is organized, validated, managed, and distributed to all other nodes. These stores provide services that require centralization such as maintaining the global information schema, which describes all information types within the system. We can find three principal services at this layer. First, we have the Event Acquisition Service (EAS) whose role is to gather events from the system, preserve them in a database, and retrieve them when needed. The next service is the Event Monitor Service (EMS) whose role is to monitor the events related with some situation X. When the right quantity or quality of events has occurred in relation with situation X, the EMS must issue a notification to all interested parties. The EMS must communicate with the Event Notification Service (ENS), which is the service in charge of disseminating the events to the devices that registered to listen in for events related with a particular situation. The number and location of services can be varied to scale the system with respect to the number of devices and the importance of the situation being managed. In this research, we consider the geocast problem within the context of mobile embedded devices. The networks formed by these devices is disadvantaged with regard to both power and bandwidth and care must be taken to preserve these parameters to the extent possible. None of the existing approaches places a premium on preservation of power. Unlike the others, we use utility functions to allow each node to independently determine whether it is advantageous to relay or ignore a given message. A utility function maps a set of items to a value which represents their utility. Though the term originates in economic theory, it has become an important part of the field of game theory. Though each individual node behaves selfishly, the aggregate behavior results in fairly good performance in realistic environments. All nodes who receive an information update, query or response determine whether or not to respond to that message by either ignoring it or by relaying the message in hopes that some other node may be able to use it. When a node chooses to relay the message, it will incur a cost in power required for transmission. A node that ignores a message incurs no cost, since it does not transmit. Its probability of obtaining any utility, however, may be lower since it is not helping the information flow through the network and must rely on others to do so. Putting it all together, at time t, node i derives utility from a decision to relay message m according to the following formula: Where the parameter Di,m is the distance between the local node and an imaginary line connecting the message’s author and its destination, and is calculated as follows. Clearly, a node is more likely to relay a message when its distance to the line of action is small, it has received many interesting messages before (presumably as a result of its earlier decisions), it has few neighbors, and it hasn’t consumed much energy. • CONCLUSIONS AND FUTURE WORK • It is possible to warn dismounted personnel to critical events of interest in near-real time • The system promises to support a complete set of situational awareness data for dismounted personnel • Dissemination mechanisms for very large data sets and the security of that data are critical to success • Human-computer interaction is critical to wide-spread user adoption REFERENCES  Maymi, F.J., Rodriguez-Martinez, M., Manz, P.C., Qian, Y., “Ancile: Pervasively Shared Situational Awareness,” IEEE Internet Computing Magazine, Jan/Feb 2008.  Avidan, A., “Warning, The Critical Element to Mitigate the Effects of a CBRN Attack” Proceedings of the 2005 National Defense Industry Association Conference, October 2005.  Gourley, S.R., “Lightweight Counter-Mortar Radar” Army Magazine, April 2002.  Manz, P.C. and Maymi, F.J., “System for Event Warning/Notification and Reporting for Individual Entities,” U.S. Patent Application CECOM 5533, filed on 19 Jul 06, and corresponding Patent Cooperation Treaty filing on 31 Aug 06.  Manz, P.C. and Maymi, F.J., “System and Method for Tactical Distributed Event Warning/Notification for Individual Entities,” U.S. Patent Application CECOM 5532, filed on 19 Jul 06, and corresponding Patent Cooperation Treaty filing on 31 Aug 06.  Maymí, F.J., Technical Report 051001-ANC-01: Dismounted Infantry Tracking and Strike Warning System; October 2005: Information Technology and Operations Center, West Point, NY.  Maymí, F.J., Ancile Threat Warning Integration Test Report; May 2005: Information Technology and Operations Center, West Point, NY.  Robinson, B.T., “Who Goes There?” IEEE Spectrum, October 2003.. Given that end users are able to feed events into the system, the information store managers (i.e., EAS system) must be able to corroborate, refute, or leave unchanged any information item that arrives from the portable units. When an item is corroborated, its integrity level increases to that of the database manager, which should be among the highest ones. As the message is received by other devices in the future, it will be noted as validated and thus afforded a higher confidence level. If the item is refuted, a message is generated which instructs all portable units to ignore and delete the information item. Another concern in designing this system is the issue of captured or compromised devices. In case a portable device is stolen, what do you do? The answer is that you design the units so that they minimize the risk of information or system compromise by maintaining a minimum amount of sensitive data onboard.