A cloud-based architecture for emergency management and first responders localization in smart city environments

ARTICLE IN PRESS

JID: CAEE

[m3Gsc;March 3, 2016;14:55]

Computers and Electrical Engineering 0 0 0 (2016) 1–21

Contents lists available at ScienceDirect

Computers and Electrical Engineering journal homepage: www.elsevier.com/locate/compeleceng

A cloud-based architecture for emergency management and first responders localization in smart city environmentsR Francesco Palmieri a,∗, Massimo Ficco b, Silvio Pardi c, Aniello Castiglione a a

Department of Computer Science, University of Salerno, Italy Department of Industrial and Information Engineering, Second University of Naples, Italy c National Institute of Nuclear Physics (INFN), Naples Section, Italy b

a r t i c l e

i n f o

Article history: Received 30 August 2015 Revised 14 February 2016 Accepted 15 February 2016 Available online xxx Keywords: Smart city Hybrid cloud Crisis management Location-awareness Indoor positioning

a b s t r a c t Homeland security represents one of the most relevant application contexts for smart cities, attracting the interest of both authorities and the research community. In case of a crisis event occurring in the urban area, authorities are responsible for effectively managing response operations. A critical challenge in emergency management is the lack of real-time coordinated reaction capabilities driven by integrated decision making facilities based on the information obtained by first responders acting on the crisis site. This work aims at supporting coordinated emergency management in smart cities based on the localization of first responders during crisis events. We present a hybrid cloud architecture for managing computing and storage resources needed by command & control activities in emergency scenarios, complemented by a first responder localization service relying on a novel positioning approach which combines the strength of signals received from landmarks placed by first responders on the crisis site with information obtained from motion sensors. © 2016 Elsevier Ltd. All rights reserved.

1. Introduction The Smart City paradigm originates from the recent advances in ubiquitous communications and Internet of Things, applied in an urban scenario with the aim of creating new fully integrated ICT infrastructures covering next-generation cities. Such cities will massively provide innovative services for the optimization of traffic/transportation flows, smart energy management, smart touristic and public services, intelligent lighting/electricity control and monitoring, as well as public surveillance, fire and incident detection, advanced healthcare and emergency response/crisis management. The aforementioned ICT infrastructures, introduce important modifications in both city governance and citizen involvement in public services, through the substantial improvements in communication and information management services, integrated information intelligence, collaborative decision making, distributed monitoring and remote control facilities, resulting in a perceivable socio-economic growth and an enhanced quality-of-life in urban areas. In such an extremely integrated and collaborative scenario, the management of emergency and crisis events affecting the urban area becomes one of the most interesting and useful services that can be provided within the smart city context. R

Reviews processed and recommended for publication to the Editor-in-Chief by Guest Editor Dr. F. Xhafa. Corresponding author. Tel.: +39 089969594; fax: +39 089969821. E-mail addresses: [email protected] (F. Palmieri), massimo.fi[email protected] (M. Ficco), [email protected] (S. Pardi), [email protected], castiglione@ acm.org (A. Castiglione). ∗

http://dx.doi.org/10.1016/j.compeleceng.2016.02.012 0045-7906/© 2016 Elsevier Ltd. All rights reserved.

Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

JID: CAEE 2

ARTICLE IN PRESS

[m3Gsc;March 3, 2016;14:55]

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

These events point out the vulnerabilities that exist in urban areas and in critical infrastructures and may bring significant threats to society values and its associated life-sustaining functions, by introducing an urgent need for effective responses, often under critical uncertainty conditions. One of the main requirement in case of such events is the real-time availability of incident control and crisis management intelligence, with the need for collecting, integrating and processing all the possible data coming from the crisis scenario. In particular, supporting of First Responders (FRs) represents one of the most critical activities during crisis events, requiring the timely collection of relevant location-aware information for the command & control centers, in order to perform the necessary analysis and to coordinate relief efforts. Resiliency in the ICT infrastructure supporting smart city services is another fundamental requirement since both the loss of processing capabilities in command & control centers and the damage (or worst, the loss) of communication capabilities together with the poor efficiency of positioning systems, are the main current drawbacks. Multiple redundant command & control centers can be deployed to cope with the first challenge, also empowered by mobile/ubiquitous computing and communication technologies, resulting in different Mobile Emergency Operation Centers (MEOC) involved, under the control and coordination of a single Command Emergency Operation Center (CEOC), i.e., the headquarter. Therefore, during rescue operations, there is still a gap among the situation of forces on the ground (e.g., police, firefighters etc.), the partial overview at the different MEOCs, and the overall overview at the CEOC. Cloud computing technology, based on the concepts of converged infrastructure, unlimited scaling and shared services, can be the immediate response for the high dynamicity, resiliency and adaptivity needs characterizing the processing and storage capabilities of the command & control centers. Such runtime and storage capabilities are of paramount importance for implementing integrated intelligence facilities in crisis management by transforming the traditional service provisioning models and facilitating access and storage of emergency domain data, coming from a large amount of heterogeneous sources, as well as providing on-demand IT resources for MEOCs, and allowing their integrated processing and analysis at the CEOC level through the use of flexible pools of IT resources available on-demand. On the other hand, the other fundamental enabling technology for providing crisis management services in the smart city area, and, more specifically, supporting all the on-field activities needed in first responder localization, is wireless communication, involving a large number of heterogeneous mobile smart sensing devices interconnected through Wireless Wide Area communication (WWAN—e.g., LTE, UMTS, HSDPA, Satellite Cellular) or Wireless Local Area Networks (WLAN—e.g., WiFi, Bluetooth or ZigBee) facilities. Such devices may range from dedicated landmarks or sensing equipment to citizens’ smart phones involved participatory and opportunistic sensing or signaling activities. Whereas the first responders localization problem in outdoor environments is straightforwardly solved by combining the Global Positioning System (GPS) capabilities and the available mobile satellite-empowered communication technologies, the positioning/localization of devices and people within indoor environments (e.g., houses and office buildings) mainly characterizing smart city scenarios, is still the subject of many research and development efforts [1]. In particular, the interworking between the WWANs and the current generation of WLANs, allowed leveraging these wireless network technologies for provisioning of location-based services relying on the communication capabilities of multiple heterogeneous sensing devices. More specifically, the spreading of wireless hot-spots into urban areas and the availability of positioning solutions based on Wireless Sensor Networks (WSN), as well as the current generation of mobile devices supporting several technologies used for localization, have fostered the development of new indoor positioning systems based on pre-installed (fixed) infrastructures [2]. Unfortunately, during a crisis or disaster, the presence of pre-installed landmarks or operational anchors nodes in the involved sites could not be assumed as guaranteed, and the training data needed to calibrate the positioning systems could not be available, fostering the need for landmark-free systems, that can perform self-localization without relying on any external landmarks. However, in landmark-free systems errors may be accumulated due to sensor noise, if no landmarks are available for recalibration. So, at the state of art, there are no commercially available positioning solutions that can be reliably used by FRs in the contexts in which they operate. For this reason, it is mandatory to investigate solutions for combining the landmark-based and landmark-free technologies, according to the danger area in which FRs have to operate. Starting from the above considerations, in this work, we explore an effective emergency management solution for smart cities based on a hybrid decentralized service-oriented cloud platform for managing command & control activities in urban areas and acquiring, through mobile communication and smart sensing facilities, the location-aware information necessary to support the FRs in crisis scenarios. No assumptions can be done about the working conditions (presence or absence of landmarks etc.) because of unpredictable events that can affect both the location of command & control centers and the availability of fixed positioning infrastructures. On-field activities involving the FR localization services, are based on a hybrid positioning approach, managed at the remote sensor level and supported by the cloud runtime/storage facilities, that combines the strength of signals received from landmark nodes, which have to be manually placed by FRs within the crisis area (e.g., at the building entrance and along a flight of stairs), and the information gathered from motion sensors, such as gyroscopes, accelerometers and compasses available on the crisis scenario. Specifically, landmarks are used as navigational support through relative positioning, whereas motion sensors can be used for inferring the action of the FR (such as speed and orientation), in order to achieve a more accurate positioning in a quite short time. The work is organized as follows. Section 2 presents the needed background information together with a perspective of the related experiences available in literature. The architecture of the proposed hybrid cloud for managing emergency in smart cities has been presented in Section 3 whereas the details of the associated first responders localization service are reported in Section 4. Some specific security aspects are discussed in Section 5, and the effectiveness of the proposal has Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

ARTICLE IN PRESS

JID: CAEE

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

[m3Gsc;March 3, 2016;14:55] 3

Fig. 1. Emergency scenario.

been evaluated in Section 6. Finally, some discussions and research perspectives in the involved scenario are presented in the conclusion section. 2. Background and related work 2.1. The emergency management scenario A generic operational scenario during crisis management is represented in Fig. 1. FRs that act on the sites of interest must be enabled to collaborate and collect location-aware sensible data (e.g., temperature, chemical information) through dedicated sensing devices. Collected data has to be sent to the different MEOCs, which manage the local activities, by performing the first aggregation and processing task, and generating context-related knowledge by relying on the hybrid cloud services. Only the CEOC has a global vision and enough computing and storage resources, so that it can perform high-level analysis and coordinate the MEOCs activities by issuing the proper commands. The management of such scenario requires a suite of technologies able to provide real-time location-aware information and communication support to FRs. Typically, different networks are involved: •

•

•

•

Personal Area Networks (PANs): ad-hoc networks in which a number of sensory data sources (used to acquire contextaware information) are arbitrarily connected to a smaller number of mobile devices (associate to the FRs); Incident or Event Area Network (IAN): a network deployed for the disaster occasion, allowing person-to-person communication and forming a logical cell; Jurisdiction Area Network (JAN): a communication network constituted by the proper devices installed in a specific jurisdiction to form a fixed or mobile infrastructure providing services associated to the jurisdiction; and Extended Area Network (EAN): a network being able to support wide areas like national territories.

2.2. The sensor-cloud paradigm Several research efforts integrating remote sensing services into cloud infrastructures are available [3], resulting in the socalled sensor-cloud paradigm. Petrolo et al. [4] propose a cloud of things architecture enabling smart city services, whereas [5] presents an integrated cloud-based framework for efficiently managing and analyzing socio-environmental data in the context of smart cities. The authors in [8] present the capabilities required in a cloud environment to acquire integrated intelligence for urban management systems. Starting from such idea, Khan et al. [7] present a cloud-based architecture for context-aware citizen services for smart cities, whereas [9] proposes a cloud-based service for smart cities specifically focused on big data management and analysis. The work in [6] illustrates a new platform for using cloud computing capacities for provision and support of ubiquitous connectivity and real-time applications and services for smart cities’ needs, whereas [10] proposes a novel Web enabled architecture combining cloud and sensors in a smart city environment. 2.3. Indoor positioning for FR localization Analogously, positioning of devices and people within indoor environments has been the subject of many research and development efforts [1]. Regarding the on-field crisis management facilities provided in our proposed smart city service, and Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

JID: CAEE 4

ARTICLE IN PRESS

[m3Gsc;March 3, 2016;14:55]

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

more specifically the framework needed for FR Localization, the positioning solutions currently available in the literature can be classified into two main categories: Landmark-based and Landmark-free, depending on what kind of sensing devices are used. Landmark-based systems rely on certain proximity measurements between a mobile device and multiple landmarks that are deployed in the involved environment [11,12]. Specifically, fingerprint-based approaches require a preliminary site survey over the areas of interest in order to build the fingerprint database. Several efforts have been made to reduce this mapping effort, for instance, by performing measurement at a coarser, room-level granularity [13–15]. However, the overall pre-deployment effort remains substantial. Also if the ideas from Dair et al. [16] make the need for mapping unnecessary, they assume the presence of a very dense deployment of Wi-Fi transmitters, that is not common in typical Wi-Fi installations. Therefore, the considerable manual cost and efforts, in addition to the inflexibility to environment dynamics are the main drawbacks of fingerprint-based methods. Model-Based approaches are based on signal propagation properties and access point locations, and use geometrical models to figure out locations [17]. The advantage of using these approaches is that they reduce the measurement efforts compared to fingerprinting schemes, at the cost of decreased localization accuracy, due to the irregular signal propagation in indoor environments. Since RF propagation characteristics may widely vary, the model parameters would have to be estimated specifically for each indoor space involved. Moreover, they still depend on knowledge of the landmark locations. However, accurately tracking mobile devices by using received signal strength (RSS) is a challenging task since RSS values are affected by a non-negligible noise in a complex indoor environment due to attenuation, shadowing and multi-path effects. Moreover, during a crisis or disaster, the landmark positions can be unknown, and the training data needed for calibration can be not available. Alternatively, infrastructure-less solutions can be adopted. In particular, as described earlier, the landmark nodes can be manually deployed by the FRs, and used as navigational support through relative positioning and path-based navigation. For example, FRs can move along a line of nodes in order to find the way to the exit or a specific location. Landmark-free approaches use the action sequences inferred from compass and accelerometer, and reconstruct the location trajectory, for example, via semi-supervised manifold learning techniques [18]. However, in Landmark-free systems errors may be accumulated due to sensor noise if no landmarks are available for re-calibration. Therefore, it is necessary to address the problem by using a hybrid positioning approach that combines Landmark-based and Landmark-free systems, as asserted in our previous work [20], which has been extended and integrated in the proposed smart city service architecture. 2.4. Research project from the European Union The European Union (EU) has funded a bundle of research projects on security for the benefits of European citizens. Under its wider Research and Development (R&D) budget for 2007–2013, the EU has invested EUR 1.4 billion for security research. In particular, the goal of security research organized under the European Seventh Framework Programme (FP7) has supported initiatives to make Europe more secure and resilient for its citizens and critical infrastructures to threats such as terrorism, organized crime and natural disasters, as well as strengthening its SMEs and industrial competitiveness. The Security assembly maintains the European Security R&D Portal1 for sharing information and interaction among the participating projects. The security research has supported about 154 projects. In Table 1, some selected projects in the context of emergency management of crisis events are reported, and a brief discussion is provided in the following. E-SPONDER: It aims at developing a suite of data-centric technologies, which will provide actionable information analysis and decision support for FRs. Provided services are based on the fusion of heterogeneous field-derived data within a central system. E-SPONDER objectives include: (i) improvement of front-end data collection technologies installed on portable and fixed platforms; (ii) definition of correlation techniques of collected data; (iii) development of Web-portals to make available this information to commanders. Moreover, the project aims to realize an “all-connected” approach, to ensure a persistent connection between FRs, MEOCs, and CEOCs. The proposed connection infrastructure consists of: • • • •

as for PAN, the IEEE 802.15 standard for data retrieval from the FR sensors and positioning devices; as for IAN, the IEEE 802.11 mesh for the first level FRs network; as for JAN, the IEEE 802.16 standard for MEOCs interconnection; and as for EAN, the ETSI DVB-RCS and the 3G/TETRA standards to support, respectively, the satellite and the backup links among the MEOCs, the CEOCs and public Internet.

Finally, E-SPONDER develops a computer-supported simulation environment, to facilitate emergency response planning and training of FRs. Fig. 2 shows the implemented experimental testbed that consists of two system nodes, which emulate the typical characteristics of the emergency network. The first node runs the various software network emulators, including Wi-Fi, WiMAX, and SAT virtual networks. The second one implements a software IP router that has the function to dispatch the traffic among different emulators. The two sub-systems exchange packets through wired Ethernet links. ESS: The ESS consortium aims at developing a synchronization framework that manages the data and information flow between the different public authorities involved in emergency management operations and the crisis managers (rescue

1

European Security Research and Development Portal, available at http://ec.europa.eu/enterprise/policies/security/index_en.htm .

Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

ARTICLE IN PRESS

JID: CAEE

[m3Gsc;March 3, 2016;14:55]

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

5

Table 1 EU research projects on emergency management. Project name

Start date

Duration (months)

Cost (EUR)

E-SPONDER - A holistic approach towards the first responder of the future http://www.e-sponder.eu/ ESS - Emergency Support System http://www.ess-project.eu/ SGL - Second Generation Locator for urban search and rescue operations http://www.sgl-eu.org/ EULER - EUropean software defined radio for wireless in joint security operations INFRA - Innovative & Novel First Responders Applications http://www.infra-fp7.eu/ SAFE-COMMS - Counter-terrorism crisis COMMunications Strategies for recovery and continuity DITSEF - Digital & Innovative Technologies for Security & Efficiency of First responder operations, http://www.ditsef.eu/ CrisComScore - Developing a Crisis Communication Scorecard http://www.jyu.fi/hum/laitokset/viesti/en/research/projects/eucrisiscommunication SECRICOM - Seamless Communication for Crisis Management for EU safety http://www.secricom.eu/ COPE - Common Operational Picture Exploitation http://cope.vtt.fi/ BeSeCu - Behavior Security and Culture I-SSB - The Integrated Safe & Smart Built http://www.issb-project.com/ WINSOC - WIreless sensor Network with Self-Organization Capabilities for critical and emergencies applications http://www.winsoc.org/ SICMA - SImulation of Crisis Management Activities http://www.sicmaproject.eu

Jul. 2010

48

12.92M

Jun. 2009

48

14.02M

Jan. 2008

48

6.20M

Mar. 2009 Apr. 2009

36 24

15.46M 3.82M

Apr. 2009

24

1.39M

Jan. 2010

36

4.18M

Feb. 2008

39

1.01M

Sep. 2008

44

12.41M

Feb. 2008

36

3.88M

May 2008 Jan. 2007

36 48

2.09M 9.72M

Jan. 2006

36

2.44M

Mar. 2008

30

2.17M

Fig. 2. E-SPONDER emulation test-bed.

Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

JID: CAEE 6

ARTICLE IN PRESS

[m3Gsc;March 3, 2016;14:55]

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

Fig. 3. Euler logical components.

forces, police, fire-department, homeland-security, municipality, etc.). The ESS provides to the involved actors a uniform and ubiquitous platform for collecting, analyzing, and sharing real time data to support management decisions. Other objectives are: (i) to provide an open API in order to enable any public authority, if needed, to extend the platform by introducing new applications customized for its particular needs, (ii) to develop portable and mobile smart communication elements for supporting the management and coordination of emergency operations, and (iii) to integrate ad-hoc networking technology (intelligent sensors) for addressing emergency and crisis management requirements. SGL: The project focuses on rapid location of entrapped or buried victims, and the continuous monitoring of the air conditions in the voids of damaged and partially collapsed structures. Entrapped people and voids are associated with characteristic visual, sound and chemical profiles, due to specific images or spectral emissions, to acoustic signatures and chemical markers. Therefore, the project considers the development of innovative portable devices equipped with probes for continuously monitoring the conditions of voids and data measurements regarding vital medical parameters of the victims. The project includes a network of sensors equipped with wireless communications, and an advanced environmental simulator for training and testing. Moreover, a cloud-based platform is developed, which integrates all collected data, controls the flow of the information from the field to CEOCs, and supports data fusion. EULER: The EULER project gathers major players in Europe in the field of wireless communication systems and software defined radio (SDR). The project aims at demonstrating how the benefits of SDR can be leveraged in order to drastically enhance interoperability and fast deployment of a communication infrastructure, in case of crisis involving many different actors. In particular, it aims at defining a new high-data-rate waveform for homeland security, strengthening and maturing ongoing efforts in Europe in the fields of SDR standardization and implementation of software-defined radio platforms. Fig. 3 illustrates the main logical components of the EULER broadband Personal Mobile Radio (PMR) network serving public safety bodies. Each MEOC (Euler node) acts as a backbone node. The objective is to spontaneously form an inter-vehicular ad-hoc network suitable for supporting cross-IAN communication services. In particular, MEOCs constitute a wireless mesh core network, which supports all the communications between FRs’ terminals, as well as provides access to existing telecommunications infrastructures. Each Euler node consists of three subsystems: •

• •

NIB, implementing the “legacy” waveform interface, through which the node acts as a network infrastructure with respect to its fleet on the field; GW, translating data and signaling, for communications that involve other IANs; and EWF, implementing the Euler waveform, through which the node interacts with its peers, i.e., other Euler nodes that serve the other IANs.

The mobile terminals can constitute ad-hoc networks extending the coverage of the Euler nodes wireless mesh core network. Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

JID: CAEE

ARTICLE IN PRESS F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

[m3Gsc;March 3, 2016;14:55] 7

Fig. 4. DITSEF localization approach.

DITSEF: In the context of the project, a room-based WSN architecture for providing localization of FRs is proposed. Specifically, wireless sensors are grouped in cells, each covering an entire room, as illustrated in Fig. 4. For larger rooms, two or more cells may be adopted in order to provide adequate signal strength across the entire area. Each cell consists of a Central Router (CR) and a set of Peripheral Routers (PR). Bridge Routers (BR) are located in between rooms in order to preserve network consistency from the most faraway room up to the Coordinator (CO). The CO is connected to the MEOC, which is responsible for managing the entire network and storing information about the cell layout, the network topology, and the rooms’ coordinates. Finally, each user is equipped with a mobile node (M), which initiates the localization procedure on request. A software platform controls the wireless nodes and collects data regarding the location of users. The layout of the WSN coverage area is represented by a graphical interface, which also displays the locations of users and wireless nodes. The adopted localization technique is “Scene Analysis” based on Received Signal Strength (RSS). 3. A hybrid cloud architecture for emergency management Together with wireless and ubiquitous networking, supporting connectivity anywhere and at anytime for all the sensor and communication devices operating in the urban area, another fundamental enabling technology for new smart city services is cloud computing. IT offers an integrated and extremely scalable run-time and storage environment for all the applications available in the smart city. Indeed, in presence of a continuously growing amount of information sources in the smart city context, the basic challenge in the implementation of advanced city-wide services, consists in collecting, integrating, aggregating and processing the huge amount of data originated by heterogeneous sources in order to transform them in the knowledge needed by smart services provided in the urban area. This may imply managing many thousands of geographically distributed devices, as well as performing cross-platform harmonization of their produced data, which becomes really feasible only by relying on the virtually unlimited storage and computing resources provided by cloud infrastructures as well as on the novel distributed processing framework empowered by these organizations. Furthermore, the virtualization facilities provided by clouds can significantly boost the limited computing capacity of hardware-constrained sensing devices or smartphones, making them able to handle the complex processing tasks needed by modern smart city applications. In our specific operating scenario, each emergency or crisis event may involve multiple sites/buildings in the city. Moreover, multiple crisis events can potentially overlap in the same time. For these reasons, neither the extension and the complexity of the three key networks PAN, IAN and JAN, nor the amount of resources available for managing collection and processing of field-related information is predictable in advance. Because this uncertainty, the computing infrastructure supporting operations during the crisis management, including the store, retrieve and run-time processing of radio maps (RMs) needed by the positioning framework, must be flexible and elastic, and must be able to guarantee a rapid recovery in case Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

JID: CAEE 8

ARTICLE IN PRESS

[m3Gsc;March 3, 2016;14:55]

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

Fig. 5. The layered hybrid cloud architecture.

of a failure of one of the mobile sensing or command & control nodes. In addition, the limited number of private resources allocated at the individual node level for crisis management could represent a critical issue, in case of large number of simultaneous events to manage, or in case of a sudden increase of network complexity. Hence, the need to expand the private infrastructure over a set of non-proprietary resources dynamically and on-demand. The solution to all the above issues will result in a flexible architectural scheme, which supports cooperation among different entities (computing systems/clusters, storage, sensing equipment, etc.) based on a scalable framework for dynamic and transparent configuration and interconnection of multiple types of resources belonging to multiple data centers and associated to different public and private cloud infrastructures. Accordingly, the hybrid cloud paradigm represents one of the best candidates for guaranteeing the required level of flexibility to manage MEOC and CEOC run-time and storage services, and at the same time for respecting local equipment limitations or boundary constraints. The proposed cloud architecture, supporting emergency/crisis management in smart cities, can be modeled and represented by using the standard nomenclature and layered framework introduced by NIST, which includes the “Infrastructure as a Service” (IaaS), “Platform as a Service” (PaaS) and “Software as a Service” (SaaS) layers, each properly specialized for our specific goals (see Fig. 5). At the lowest level, we find a hybrid IaaS stratum, which integrates private and public computing and storage resources. These two classes of resources, even if relaxed in term of hardware and software constraints, are highly integrated thanks to the usage of the high-level network virtualization component, and then strongly coupled with the open source cloud platform that acts as a global supervisor for all the resource provisioning and management tasks. The IaaS component is responsible to guarantee the harmonized coexistence of hybrid resources in a transparent and secure environment. This is obtained with the use of LAN extension facilities working on both private and public transport networks, based on the IPsec-on-demand paradigm or other dynamic tunneling services. The PaaS level provides all the specialized run-time functions for our specific operating scenario. It is composed by a set of different environments for managing legacy run-time frameworks. It includes the MEOC platform that can be dynamically deployed over mobile nodes providing enough storage and processing resources, as well as the CEOC Platform managing database, large storage and high level analytics facilities and any other component handled in a centralized way. It also includes the Emergency Orchestrator, that is a configuration and monitoring component for the whole crisis management service. Its role is supporting the initial instantiation of all the components needed to run the crisis management codes: virtual machines, distributed storage space, as well as run-time frameworks and software environments for hardware constrained remote sensing devices. During the operations, the Orchestrator is responsible for monitoring the resource usage and dynamically expanding or reducing them, according to the cloud auto-scaling paradigm. In its activities, it can rely on both public and private resources, depending on their extemporaneous availability at the overall cloud level. The last level provides the legacy software needed to setup MEOC and CEOC services. Resilience and fail-over are guaranteed by the underlying federated cloud infrastructure, which is able to transparently re-instantiate any software or basic processing component on a different site in case of failure. These components are directly used by the on-field emergency operators, as well as MEOC and CEOC officers. Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

ARTICLE IN PRESS

JID: CAEE

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

[m3Gsc;March 3, 2016;14:55] 9

Fig. 6. The cloud infrastructure in the emergency management scenario.

3.1. Network virtualization Network Virtualization in our hybrid cloud model allows the flexible orchestration of resources available in the different sites participating to the cloud, and belonging to different administrative domains, by supporting the connection of the CEOC and MEOC remote nodes/sites to the remote sensing and signaling platforms within specific emergency management contexts. Such orchestration can greatly benefit from the deployment of fully virtualized network topologies, enforcing guaranteed bandwidth constraints, as well as the traffic isolation requirements for virtualized run-time facilities/VM clusters and mobile sensing devices, within a single Virtual LAN (VLAN)-based cooperating environment. The resulting architectural framework is enabled by simple and affordable VPN-as-a-service solutions, which facilitate vertical and horizontal communication, achieved through proper interfaces and software tools, between the public and private clouds and the remote sensing devices involved in the crisis management and FR localization services. Fig. 6 depicts a typical scenario in which the crisis event requires the extension of the global cloud over a public provider, instantiating remote VMs on his own LAN. The various MEOC nodes, each interconnecting with one or more sensing platforms, provide resources to mobile nodes by instantiating the proper VMs and allocating the needed storage space. This kind of scenario is made feasible through dynamic tunneling over VLAN technologies and using tenant encapsulation to guarantee the isolation from other VM context. 3.2. Environment setup and orchestration When a crisis event happens, CEOC operators instantiate the global framework through the PaaS components and the Orchestrator interface. The first deployment is supported by a set of templates characterized by the custom parameters related to resources needed for each virtual machine, as well as the firewalling/access control policies and the whole sensing environment to be set up. In addition all the parameters to be monitored and the threshold to be used as alarm factors during operations (i.e., CPU or memory usage, network traffic, packet loss) are configured and the related runtime facilities are initialized accordingly. At the IaaS level, virtual machines are instantiated into a single operating environment with full visibility among them, by using the computing nodes present in the MEOC units, and the local data center in CEOC. In order to isolate the traffic a set of secure VPNs (eventually supported by MPLS LSPs [19] or GRE tunnels) can be set up by creating the required JAN. The MEOC nodes are also responsible for setting up the basic location/positioning services by connecting the landmark nodes over the IAN. After the first setup, the Orchestrator is responsible for continuously monitoring and managing the infrastructure in order to guarantee its operations and resilience in term of failover and crash recovery (see Fig. 7). Moreover the parameters monitored during the crisis management operations can be used in order to auto-scale the Virtual Machines running specific services. For example, if some VM used in a MEOC station exceeds the CPU or Memory consumption threshold during the continues Radio Map computation, a new machine can be instantiated at runtime on another node and work in load balancing with the previous one to support the new requirements. Moreover if a physical resource located on a MEOC or on the CEOC fails and becomes unreachable and unrecoverable, the Orchestrator can decide to expand the infrastructure over the Public Cloud with the goal to ensure the service continuity. 4. The first responder localization framework The location and positioning approach used for FR localization in our smart city service is essentially based on a multisensor assisted pedestrian navigation scheme. It combines RSS—fingerprinting with pedestrian dead reckoning (PDR) algorithms. Moreover, 3D positioning can be easily achieved by adding relative height information (by barometer measurements). An appropriate Kalman filtering technique is used for sensor information fusion. Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

ARTICLE IN PRESS

JID: CAEE 10

[m3Gsc;March 3, 2016;14:55]

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

Fig. 7. Orchestration in the hybrid cloud architecture.

Specifically, the proposed approach assumes that a fixed wireless infrastructure does not exist in the crisis area. During a mission, FRs deploy a limited set of landmarks nearby specific places (e.g., at the building entrance and along a flight of stairs, close to the lift), which can be used as reference points. Once deployed, known their placement and a partial knowledge of the floor-plan, the system is able to estimate an approximate radio map (RM) of the indoor space, which can be used to identify approximately the place in which the FR is moving. Therefore, we assume that FRs hold mobile devices and navigate in the crisis environment by relying on landmarks that work as reference points. Mobile devices can periodically send out beacon signals and measure RSS values from all the deployed landmarks, which can be used to estimate a coarse position (e.g., the room in which the mobile device is moving). Moreover, each mobile device has additional sensors (compass and accelerometer) for measuring the moving direction and speed of the FR, which can be used to estimate more accurate navigation information. 4.1. Landmark-based position inference Assuming that during an emergency, FRs do not have the RM of the environment in which they will operate, we propose a solution for simplifying the calibration process of the positioning infrastructure (landmarks) deployed by FRs in the crisis area. Specifically, known the description of the involved area and the position of placed landmarks, the proposed solution allows MEOC to compute at run-time the RM of the indoor space, which can be used by the FRs’ mobile devices to estimate a coarse indoor position. In our previous work [24], we presented a framework which allows to describe the characteristics of the considered area (in terms of hallways, rooms, walls, obstacles), by means of a graphical tool. Moreover, by indicating the location in which the landmarks are placed, the framework computes the RSS RM of the considered environment, by using a Multi-WallFloor (MWF) propagation model. It models the path loss (PL) between a receiver and a transmitter, located at a distance d, according with Eq. (1).

P L(d )dB = 10 log 10 log

Pt ⇒ Pr

(4π )2 d02 d2 + 10 log + 10 log β Gt Gr λ2 d02

(1)

where d0 is the distance from the transmitter, (Pt , Gt ) and (Pr , Gr ) are respectively the transmitter and receiver power and antenna gain, whereas λ is the wavelength, and β gathers all the attenuation factors met along the propagation path towards the receiver. In Eq. (2) the factor β dB is specialized according with Eq. (3), in which kwi and Lwi are respectively the number and loss coefficients due to the obstacles of type i, such as walls, doors, windows, and so on, whereas k fl and L fl denote respectively for the number and loss coefficients of the floors. The values for Lwi and L fl can be obtained by the literature ([21]).



P L(d )dB = (d0 )dB +

βdB =

M  i=1

kwi Lwi +

F 

d2 d02



+ βdB ,

(2)

dB

k fl L fl .

(3)

l=1

Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

ARTICLE IN PRESS

JID: CAEE

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

[m3Gsc;March 3, 2016;14:55] 11

Considering the large noise that the wireless signal has in an indoor environment (due to including refraction, reflection, and diffraction, caused by absorption structures and human bodies), the use of a MWF for 3D positioning in the absence of a rigorous training phase (the RSS site survey process) can provide a low accuracy. Thus, we adopt a 2D propagation model and the barometric measurements for the height estimation. Therefore, if the analysis is conducted on a single floor, the loss coefficients related to the floors can be neglected, and Eq. (2) can be rewritten by Eq. (4), to which is referred as Multi-Wall Classic (MWC) approach.



P L(d )dB = (d0 )dB +

d2 d02



+

M 

kwi Lwi .

(4)

i=1

dB

Moreover, assuming that the received signal strength prediction is strictly connected to the path loss estimation, in order to estimate the RSS average, Eq. (4) can be manipulated and reformulated in order to obtain the RSS expressed by Eq. (5):

  2 2   GGλ d0 1 μPr μd , μLwi = Pt t r . 4π d0 μd M k i=1 wi μLw

(5)

i

Eq. (5) provides the average value of Pr under the assumption that the transmitted power, the number of obstacles kwi , the receiver and transmitter antenna gain are known and invariant along the time. The distance d and the loss coefficients are modeled as stochastic processes, of which μd , σd2 , and μLw , σL2w are their first order moments (i.e., mean and variance). i

i

However, MW approach exploits a discretization of the environment in a grid of squared cells, each one of dimension equal to [qX; q(X + 1 )]x[qY ; q(Y + 1 )], where q denotes for the cell quantization step, whereas X and Y are the indexes identifying the coordinates of the cell in the grid. The grid has to fully cover the indoor environment involved into the analysis. Each cell is characterized by an inside uniform distribution of signal strength referred to its center (i.e., at an average distance d from a transmitter) provided by Eq. (6):

μR =



(x − q(2X X + 1 )/2 )2 + (y − q(2Y Y + 1 )/2 )2 .

(6)

This discretization process introduces an uncertainty σR2 in the distance estimation, whose value can be straightforwardly estimated with q2 /3. However, it is not the only that contributes to the uncertainty of the MW approach. In particular, stemming from the guideline figured out in [22], the uncertainty can be achieved applying the law of propagation on uncertainty in the case of uncorrelated variables, which can be expressed by Eq. (7):

 2

 2

∂ Pr ∂ Pr σPr =  σd2 + ∂ d d=μ ∂ Lw j L

wj =

D

μL w

σL2w .

(7)

j

j

Eq. (7) shows that the standard deviation of MWC model depends on these two main contributors. The former is connected to the quantization step, which can be used to modify the value in the model, whereas the latter relies on the capability of measuring the loss coefficient of the obstacles with high precision. Summarizing, the average and standard deviation achieved through the MWC approach are respectively expressed by Eq. (5) and Eq. (7). They are used in the proposed approach to compute the quality of the computed RM. A variation of the MWC approach is the linear one (MWL), in which the attenuation factor is proportional to an α coefficient (i.e., linearly dependent from d) as represented by Eq. (8):



P L(d )dB = (d0 )dB +

α d2



d02

+ dB

M 

kwi Lwi ,

(8)

i=1

where kwi and Lwi are respectively the number and the loss coefficients associated to the obstacles of type i, such as walls, doors, windows (in presence of M different types of obstacles), and so on. In order make things more easy, in this work we used a linear model known as MWL, in which the α coefficient has been set to 3.6, determined after a series of measurements within the experimental environment and in accordance to the suggestions provided by Kaemarungsi and Krishnamurthy [25]. In order to evaluate the quality of the RM, computed by means of the MWF-based model, a deterministic position inference method is adopted. In particular, the most common algorithms adopted to infer location use the Euclidean-based method to compute distance between the measured RSS sample and each RSS fingerprint in the RM ([23]). The coordinates associated with the vector in the RM that provides the smallest Euclidean distance is returned as the position estimation. Specifically, during the operational phase, in order to estimate the user position, the RSS sample collected from the landmarks is compared with all the existing RSS fingerprints in the computed RM. The metric used to make such comparison is the signal distance between the two RSS vectors, expressed as follows ([23]):



=

nAP   k=1

ssk − fi,k

2



=

nAP 

2 , di,k

(9)

k=1

Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

ARTICLE IN PRESS

JID: CAEE 12

[m3Gsc;March 3, 2016;14:55]

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21 Table 2 Precision versus the grid spacing. Precision (%)

Accuracy (m)

73 81 86 89

1 2 3 4

where the vector SS = [ss1 , ss2 , . . . , ssnLK ] is the RSS sample measured at current FR location from nLK landmarks, whereas the vector Fi = [ fi,1 , f1,2 , . . . , fi,nLK ] represents the set of RSS values computed by the proposed approach, considering the presence of nAP wireless base stations (access points). The fingerprint entry Fi that has the closest match to the collected SS sample, i.e., the one exposing the lowest distance di, k ) is used by the system as the estimation of the current FR location. The ssi element is assumed to be the mean of the nAP RSS measurements. Finally, we have evaluated the quality of the presented MWC-based fingerprinting approach in an actual case scenario, by using the following two metrics: •

Accuracy (α ) is the degree of closeness of the estimated position δ (est, i) to the actual (true) user location δ act . It is the mean error on K estimations computed as:

α=

K 1 (δ(est,i) − δact ). K

(10)

i=1

•

Precision (ρ ) is the percentage of runs where the estimated position differs from the true location by less than a fixed accuracy α T :

ρ=

K 1 ((δ(est, j ) , δact )), K j=1

with

(δ(est, j ) , δact ) =

0 1

(11)

if δ(est, j ) − δact ≥ αT if δ(est, j ) − δact < αT

For instance, a positioning system that provides an accuracy/precision level equal to 1.5 m/75% achieves an accuracy of 1.5 m, with at most a probability of 75%. Moreover, we modeled the environment as a space composed of square areas, each representing a grid’s cell. Several measurement campaigns have been performed by varying the size of the cells. Table 2 shows the likelihood of returning the correct location (precision) with respect to the grid spacing, which can be assumed equal to the accuracy of the positioning system. 4.2. Managing pedestrian navigation MWC-based fingerprinting allows to infer coarse positions with an accuracy of the order of 2 m and a precision of about 80%. The provided quality of positioning can be considered acceptable for supporting FRs in a crisis scenario. In general, it may be sufficient to know only the room in which the FR is located. On the other hand, for a finer localization, it can be necessary to know how the FR is moving in the room, or however, within the grid’s cell. Thus, inertial systems theory yields a corrector for the state prediction. It can be used to estimate relative motion (with respect to the center of the grid’s cell) over short intervals. As relative positioning solution, a footmount inertial pedestrian navigation (IMU) is adopted. Moreover, a step-based pedestrian dead reckoning (PDR) algorithm is used to estimate step detection, step length and step direction [26]. The step detection is based on pedestrian gait cycle, which includes the following sequential phases: push-off, swing, heel strike and stance [27]. The gait cycle phases can be detected from acceleration. The stride length of pedestrian walking can be estimated by using personal constants and a linear relationship with the detected frequency [28]. The step direction determination is estimated by gyroscope measurements. Finally, in order to identify changes in the height a pressure measurement p from barometer can be converted to altitude information h by the following barometric equation:

 p = p0 1 −

L∗h T0

 gM RL .

(12)

where p0 and T0 are respectively the sea level pressure and temperature, whereas L is the temperature lapse rate, M is the molar mass of dry air, R is the universal gas constant and g is the well-known earth gravitation constant. The above parameters can be assumed constant for standard atmospheric conditions and their values are provided in [29]. Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

ARTICLE IN PRESS

JID: CAEE

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

[m3Gsc;March 3, 2016;14:55] 13

Fig. 8. Kalman-based approach used for pedestrian dead reckoning.

The method for PDR is based on an Adaptive Kalman Filtering (AKF)-based framework described in [26]. It is used to estimate the errors which accumulate due to the IMU drifts. The AKF is updated with velocity measurements and angular rates by the Zero-Velocity-Update strategy (ZUPT) every time the foot is on the floor [30]. The ZUPT resets the velocity to zero each time the foot comes to rest on the ground, and thus, limits the error growth of the system to a linear function. Fig. 8 shows the main blocks of the methodology. 4.3. The proposed hybrid navigation model The implemented navigation model predicts the new position starting from the knowledge of the previous one, estimated by using the aforementioned MWC-based approach. Specifically, it is a hybrid model that uses RSS-based fingerprinting, the barometric height, and IMU measurements to infer the measurement vectors needed for estimating positioning data. The overall navigation model can be expresses as follows:

⎡

⎤

⎡

px ( i ) ωx ( i ) ⎣ py (i )⎦ = ⎣ωy (i ) pz ( i ) hz ( i − 1 )

+ +

⎤

rx ( i ) ry (i )⎦,

(13)

where the vector [px , py , pz ] represents the FR position, (ωx , ωy ) is the 2D position estimated by MWC-based fingerprinting, (rx , ry ) is the relative movement with respect (ωx , ωy ). The relative movement (rx , ry ) is estimated by the IMU according to Eq. 14:







rx ( i ) r (i − 1 ) = ry ( i ) r (i − 1 )

+ +



sx (i )cosθ +  ( i ), sy (i )senθ

(14)

Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

ARTICLE IN PRESS

JID: CAEE 14

[m3Gsc;March 3, 2016;14:55]

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

where s represents the estimated stride length, θ is the estimated heading of the user, whereas  is the system process noise vector. 5. Security issues Lessons learned from past experiences highlight that securing huge and highly critical infrastructures, such as smart city emergency services, presents multiple severe challenges mainly concerning the overall availability as well as communication reliability, integrity and confidentiality and large scale identity management, combined with all the complexities and technological oddities related to the integration of multiple wireless communications mechanisms. Furthermore, the inherently critical nature of the first responders localization service in the most general city-wide emergency management scenario, make it a primary target for acts of terrorism and vandalism. Therefore, the introduction of new emergency-related services within the smart city architecture requires an intrinsic security strategy to safeguard this critical infrastructure. While physical security of all the devices deployed on the field is a fundamental design consideration, the fact that they are potentially vulnerable requires that network security design not rely on them for ensuring integrity of the service itself. For example, fraud or denial of service problems can be introduced by tampering on physical devices, so that, adequate security facilities must be provided to ensure that the involved devices (e.g., landmarks, location sensors, FR mobile devices, etc.) are not replaced by rogue ones, and that their data sent or received through the network cannot be manipulated. In addition, the data communications architecture must be built by using standard protocols and security technologies, providing protection from unauthorized access that could allow intruders to tamper with both cloud and on-field devices. The security system must also ensure authentication of service-related information and commands, and guarantee the integrity and confidentiality of the transmitted and received location data, by also protecting upstream assets. In particular, the FR location in case of disaster can be a critical asset that should not be disclosed, for example in presence of a terrorist attack. The security architecture must ensure that such information remains private both in transit to the CEOC and when stored into intermediate systems provided at the MEOC level. Assuming that all the data stored on the hybrid cloud infrastructure is inherently secure, thanks to the large number of mature security solutions available in these environments, the only security practice that must be used to cope with all the aforementioned challenges is the strong encryption of all the transmitted/received data and control commands, which can guarantee end-to-end authentication as well as provide the required degree of confidentiality and deny unauthorized third party access to private FRL service information. Despite this kind of encryption introduces a significant computational burden, that could become critical for hardware-constrained field devices, due to the small amount of data and to the relative frequency of messages exchanged during the service activities, the encryption impact can be considered negligible also for the smallest devices involved. Since the only menaces that can occur in the above scenario are related to impersonation, Man-in-The-Middle or eavesdropping attacks, the choice of providing strong end-to-end authentication and data confidentiality between all the system components through asymmetric encryption techniques such as X.509 certificates and SSL/TLS, makes the proposed service robust against these threats, by preventing their occurrence at all. Clearly, this requires the use of secret keys located on all the involved devices. However, in the event that field devices, equipped with their X.509 secrets, are compromised, traditional TPM-based anti-tampering solutions can be used to ensure the absolute trust of these data sources. Thus, in addition to encrypting and signing each message originated by field devices, the VPN connections created among CEOC and the multiple MEOC units, have to be setup over encrypted channels, e.g. by using IPSec, ensuring mutual authentication among the involved entities, through the use of X.509 certificates. Our proof-of-concept reference testbed, described in the following, implements secure connections by using X.509 certificates and 2048 bits keys. Data on the hybrid cloud is stored in encrypted volumes managed by Cinder and secured via Dm-crypt module. 6. Proof of concept implementation In order to analyze the functional behavior and the effectiveness of the proposed smart city emergency service solution, we used a simple “proof of concept” implementation prototype, realized in a modular way and relying on publicly available open source and COTS technologies. In the following, we detail the testbed implementation of the two fundamental subsystem characterizing the cloud and FR localization services and verify their correct functionality through some simple tests/experiments. 6.1. The cloud system prototype A prototype of the hybrid cloud architecture that we presented in the previous sections, has been realized by using a general-purpose cloud management system integrated with third-party components. Such a simple testbed can be used

Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

JID: CAEE

ARTICLE IN PRESS F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

[m3Gsc;March 3, 2016;14:55] 15

as reference infrastructure for the implementation of MEOC and CEOC services in the proposed emergency management framework for smart cities.

6.1.1. Runtime and storage services Such implementation is mainly based on two sites, a Central Services Provider (CPS), that provides CEOC services, and another one called “remote system” (RS), consisting in a very basic mobile cloud installation, who plays the role of MEOC unit. The whole infrastructure is based on OpenStack (Kilo release), built on top of the KVM hypervisor. The core services are set up over a set of virtual servers running over a traditional virtualization infrastructure on the CPS site, where enough redundant hardware equipment for both run-time and storage services is available. Most of the services are grouped on the controller node, which runs “Glance” for providing the Image Service, “Keystone” for the Identity Service, as well as the “Nova” services suite and the PaaS Orchestrator “Heat”. We also used a dedicated node for Network Services, together with two additional servers, the first one running “Cinder”, the OpenStack block storage service, and the second, operating front-end services, which offers a web interface and an open API for managing the whole infrastructure. Finally, a set of four physical servers with 64 cores, 256GB of ram and 10 Gbps network interface hosts the KVM hypervisor services and the nova-computing component. The whole infrastructure is served by two main storage areas configured with CEPH. The first storage area is dedicated to the images of the core services, while the second and larger one is used to provide block storage and object storage to the cloud applications. The RS hosts a single server with an all-in-one Openstack installation and a couple of computing nodes organized in an autonomous cloud that can be addressed by the heat instance in the CEOC.

6.1.2. Network virtualization details Network virtualization plays a central role for implementing JAN and IAN services during a crisis events. In our proof of concept testbed, the network architecture for the cloud is based on the OpenStack Neutron network service and the OpenvSwitch (OvS) plug-in within the new Neutron ml2 framework, configured as a VLAN. All the network components (VMs NICs, routers, DHCP service TAPs, physical NICs), are attached on a virtual switch managed by OpenvSwitch (OvS), and isolated by using internal VLANs. Each node runs a virtual switch that communicates with the other ones through the physical switched network. In this case, OvS performs a VLAN translation, by changing the internal VLAN ids to the actual ones located on the physical switches. In the current version, Neutron does not allow neither the creation of multiple networks associated with the same VLAN id, nor the creation of more than one flat network per physical interface. Thanks to the virtual node abstraction we can set up multiple networks in Neutron on the same VLAN id and create as many flat networks as we need, by simply adding virtual NICs. This is useful when we need to manage at the CEOC level multiple crisis events that involve different MEOC units.

6.1.3. Virtual private network services in the cloud One of the main issues is the creation of JAN and IAN connections in a secure way and eventually extend the LAN to another public cloud services provider. To reach this goal, we used the Virtual Private Network as a Service (VPNaaS) feature provided by Neutron. VPNaaS creates an IPSec tunnel that encapsulates all the traffic passing through remote LANs and Virtual Machines running on the cloud infrastructure. To guarantee the security and privacy of all the VPN traffic, IPSec uses a strong cipher based on the AES-128 encryption algorithm, after initializing the link with a Pre-shared Key. In our testbed, the CPS site (implementing CEOC services) is connected to the Internet thanks to a 1 Gbit/s link over the Italian NREN infrastructure, while the RS (that simulates a MEOC node) is connected to the Internet through a 4G mobile wireless link, provided by a public cellular communication services provider. Each VPN connection is established thanks to a VM based on CentOS6.5 running on the CPS-site and hosting the IPSec service implemented within Openswan. The IPERF benchmark run on such VPN connection shows a maximum sustained bandwidth rate of about 1.1 Mbps.

6.1.4. The PaaS infrastructure Regarding the PaaS infrastructure, we used the OpenStack Heat component that allows the launch of multiple composite cloud applications based on templates, and works as an orchestrator for auto-scaling and failover purposes. Heat natively uses the OpensStack Ceilometer monitoring system to check the runtime parameters and the status of each instantiated virtual machine. With such installation, the emergency management operator can easily trigger the environment startup through the instantiation of dedicated templates on the different heat instances. As an alternative implementation, we can configure Heat to work across multiple clouds by enabling its multi-cloud configuration option. With this configuration we can easily create PaaS environments for CEOC, and MEOCs, by running the proper templates over the respective OpenStack installations and monitoring all the associated components. Moreover, Heat supports the template instantiation also over public clouds like Amazon/AWS, allowing the extension of the PaaS infrastructure over additional resources when needed. In Fig. 9, we show the complete layout of our prototype implementation.

Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

JID: CAEE 16

ARTICLE IN PRESS

[m3Gsc;March 3, 2016;14:55]

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

Fig. 9. The cloud prototype architectural layout.

Fig. 10. Number of VMs activated.

6.1.5. Cloud prototype performance analysis To test our implementation, we created a set of virtual machines with public access, directly from the Heat dashboard on the CEOC and MEOC resources with the VPN support among them. It can simulate the start-up of a Crisis environment creation. We stressed our testbed with a set of massive VM instantiations. Fig. 10 shows the trend of the VM activation rate during the creation of 50 VMs at the same time. From the statistical point of view, we can observe an average rate of 5 couple of VM-activation per minute. Notice that, after the instantiation of the first 30 VMs, the activation rate decreases strongly, due to the increasing complexity of IP tables chains to be processed by the CEOC system. Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

JID: CAEE

ARTICLE IN PRESS F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

[m3Gsc;March 3, 2016;14:55] 17

Fig. 11. The positioning system prototype.

Fig. 12. Landmark-based position estimation by using fingerprinting.

Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

JID: CAEE 18

ARTICLE IN PRESS

[m3Gsc;March 3, 2016;14:55]

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

Fig. 13. Position estimation in the hybrid model errors by using IMU.

6.2. The location system prototype For implementing the location framework prototype, we used several kind of sensing and signaling devices. In more detail, we adopted the widely used Xsens MTw foot mounted IMU, which was connected to the PC via a wireless link (IEEE 802.15.4). Such IMU sends data with a rate of 120 Hz. The wireless sensors adopted for the experimental evaluation consist of PINGUINO-OTG (PIC32MX440-F256H) 80 Mhz microcontrollers equipped with a ZigBee MRF24J-40MA 2.4 GHz IEEE 802.15.4 radio transceiver module. Specifically, they act either as landmarks, if they were configured in slave-mode, or as readers connected to the PC, if they were configured in master-mode. Fig. 11 shows the hardware prototype of the positioning solution. 6.2.1. Location system performance analysis In order to evaluate the proposed approach, in Fig. 12 is shown an example of trajectory on two floors, which is recorded inside our institute building, which is considered as a typical office building. The trajectory starts on the first floor. The person moves on the stairs up to the second floor, walks around and goes back downstairs to the starting point. The map Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

JID: CAEE

ARTICLE IN PRESS F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

[m3Gsc;March 3, 2016;14:55] 19

Fig. 14. Position error estimation during a more articulate movement.

of each floor has been organized as a grid of 1m × 1m cells. We simulated the movement of a person along the considered trajectory with the IMU mounted on the foot. Moreover, in the considerate scenario, we assume that three landmarks per floor have been placed. In Fig. 12, the positions estimated by using only fingerprinting are represented by red points. The provided results show an accuracy of about 1m with a precision of 69%. By using the IMU, it is possible to estimate the relative movements with respect to the last fingerprinting-based estimation, as well as the trajectory followed by the FR in the grid’s cell. In Fig. 13 is shown that the position estimation exhibits a drift over the distance. The resulting errors of the system falls in the order of a few percent of the traveled distance. In particular, on an absolute scale, the error adds up to 2.4 m for a total traveled distance of about 105 m. Moreover, by denoting the accuracy (δ ) as the degree of closeness (in terms of meters) of the estimated position to the actual user location, and the precision (ρ ) as the percentage of runs where the estimated position differs from the true location by less than a fixed accuracy δ T , in the current experimental scenario, the presented approach achieves an accuracy of δ = 1 m, with a precision ρ = 68%. In Fig. 14 is shown a more articulated movement through the rooms of the first floor. Although, the resulting errors of the system falls in the same order of the previous experiment, (i.e., on an absolute scale, the error adds up to 2.5 m), Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

JID: CAEE 20

ARTICLE IN PRESS

[m3Gsc;March 3, 2016;14:55]

F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

Fig. 15. Height information from barometer.

we achieved an accuracy of 1 m, with a worst precision ρ , which is about 59%. Indeed, movements in narrow spaces are more difficult to trace. Therefore, specific navigation practices should be defined to support the presented approach and to improve the positioning precision. For example, the FR cannot suddenly go from one room to another without crossing a dividing door. Finally, Fig. 15 depicts the position estimation in z-direction drifts over time. It shows the estimated height over time starting with an initial value of about 0.5 m on the first floor. Figure shows that the person walked up to the second floor, resulting in a change of about 4 m, which corresponds to the height of the second floor. 7. Conclusions and future work Currently, most of the population in industrialized countries lives in large urban areas, that are continuously growing, as well as affected by an ever increasing amount of emergencies and crisis events, posing major challenges in our day-to-day life. In case of crisis events, it is the responsibility of public authorities to manage the response operations in order to save lives and restore a sense of order. This is extremely important in highly urbanized areas, so that the presence of coordinated emergency management services becomes a killer application in the smart city context. One of the constant challenges encountered by public authorities when managing emergency situations is the availability of computing and storage sources to manage collective intelligence and big data analytics applications, also by starting from hardware constrained sensor devices, as well as the lack of actionable location-aware information, i.e., the information which is required for making fast and correct decisions under pressure. Therefore, in this paper we presented a novel emergency management service for the smart city environment based on an elastic cloud architecture, specializing first responders localization tasks through a hybrid positioning approach, which combines the landmark-based and landmark-free technologies. In such scenario, indoor localization in danger area involved a very specific setting, which is unique and has not been studied extensively enough in the literature. Specifically, the design of navigation systems implies the wicked problem of having to create ad-hoc technologies to support navigation, and at the same time, to create navigation practices upon the created technology. We demonstrated that with the technology readily available today, it is possible to capture movement and additional forms of environmental data, which can prove to be useful for supporting navigation. We also provided the architectural framework for collecting, aggregating and effectively processing such environmental data in a scalable and extremely reliable way. Finally, we investigated the key research topics in the considered area and the potential impact on the future developments scenario. Therefore, the main issue to be addressed in future work will be: how does the designed system enrich the context of FRs, and how this enrichment supports the construction of navigation practices? References [1] Wu C, Yang Z, Liu Y, Xi W. WILL: Wireless indoor localization without site survey. IEEE Trans Parallel Distrib Syst 2013;24:839–48. [2] Ficco M, Palmieri P, Castiglione A. Hybrid indoor and outdoor location services for new generation mobile terminals. Pers Ubiquitous Comput 2014;18:271–85. [3] Zhou H. The Internet of Things in the Cloud: A Middleware Perspective. CRC Press; 2012. [4] Petrolo R, Loscr V, Mitton N. Towards a smart city based on cloud of things. Proceedings of the 2014 ACM international workshop on Wireless and mobile technologies for smart cities. ACM; 2014. p. 61–6. [5] Altomare A, Cesario E, Comito C, Marozzo F, Talia D. Using Clouds for Smart City Applications. 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), 2. IEEE; 2013. p. 234–7. [6] Suciu G, Vulpe A, Halunga S, Fratu O, Todoran G, Suciu V. Smart cities built on resilient cloud computing and secure internet of things. 2013 19th International Conference on Control Systems and Computer Science (CSCS). IEEE; 2013. p. 513–18. [7] Khan Z, Kiani SL. A cloud-based architecture for citizen services in smart cities. Proceedings of the 2012 IEEE/ACM Fifth International Conference on Utility and Cloud Computing. IEEE Computer Society; 2012. p. 315–20.

Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012

JID: CAEE

ARTICLE IN PRESS F. Palmieri et al. / Computers and Electrical Engineering 000 (2016) 1–21

[m3Gsc;March 3, 2016;14:55] 21

[8] Khan Z, Ludlow D, McClatchey R, Anjum A. An architecture for integrated intelligence in urban management using cloud computing. J Cloud Comput: Adv Syst Appl 2012;1(1). [9] Khan Z, Anjum A, Soomro K, Tahir MA. Towards cloud based big data analytics for smart future cities. J Cloud Comput 2015;4(1):1–11. [10] Mitton N, Papavassiliou S, Puliafito A, Trivedi KS. Combining cloud and sensors in a smart city environment. EURASIP J Wirel Commun Netw 2012;2012(1):1–10. [11] Ferris B, Fox D, Lawrence N. Wifi-SLAM using gaussian process latent variable models. In: Proceedings of the 20th International Joint Conference on Artificial Intelligence; 2007. p. 2480–5. [12] Yairi T. Map building without localization by dimensionality reduction techniques. In: Proceedings of the 24th International Conference on Machine Learning; 2007. p. 1071–8. [13] Haeberlen A, Flannery E, Ladd AM, Rudys A, Wallach DS, Kavraki LE. Practical robust localization over large-scale 802.11 wireless networks. In: Proceedings of the 10th International Conference on Mobile Computing and Networking; 2004. p. 70–84. [14] Ficco M, Esposito C, Napolitano A. Calibrating indoor positioning systems with low efforts. IEEE Trans Mob Comput 2014;13:737–51. [15] Esposito C, Ficco M. Deployment of RSS-based indoor positioning systems. J Wirel Inf Netw 2011;18(4):224–42. [16] Bahl P, Padhye J, Ravindranath L, Singh M, Wolman A, Zill B. DAIR: A framework for managing enterprise wireless networks using desktop infrastructure. In: Proceedings of the Hot Topics in Networks Workshops; 2005. [17] Maligan D, Elnahrawy E, Martin R, Ju W, Krishnan P, Krishnakumar AS. Bayesian indoor positioning systems. In: Proceedings of the 24th IEEE International Conference on Computer Communications Societies; 2005. p. 1217–27. [18] Pan JJ, Pan SJ, Yin J, Ni LM, Fellow QY. Tracking mobile users in wireless networks via semi-supervised co-localization. IEEE Trans Pattern Anal Mach Intell 2012;34(3):587–600. [19] Palmieri F. VPN scalability over high performance backbones evaluating MPLS VPN against traditional approaches. In: Proceedings - IEEE Symposium on Computers and Communications, art. no. 1214243; 2003. p. 975–81. [20] Ficco M, Palmieri P, Castiglione A. Supporting first responders localization during crisis management. In: 2015 9-th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS); 2015. p. 587–600. [21] Hashemi H. The indoor radio propagation channel. Proc IEEE 1993;81:943–68. [22] Int. Organization for Standardization. Guide to the expression of uncertainty in measurement (GUM)-supplement 1: Numerical methods for the propagation of distributions. ISO draft guide DGUIDE99998, 2013; Available at: http://www.bibsonomy.org/bibtex/2eea813f6ec9a5d910a-87439a5b453a19/ eutrimer. [23] Youssef M, Agrawala A. Handling samples correlation in the horus system. In: Proceedings of the IEEE INFOCOM; 2004. p. 1023–31. [24] Ficco M. Calibration-less indoor location systems based on wireless sensors. J Ambient Intell Humaniz Comput 2014;5(2):249–61. [25] Kaemarungsi K, Krishnamurthy P. Modeling of indoor positioning systems based on location fingerprinting. In: Proceedings of the IEEE INFOCOM, vol. 2; 2004. p. 1012–22. [26] Chai W, Chen C, Edwan E, Zhang J. 2d/3d indoor navigation based on multi-sensor assisted pedestrian navigation in wi-fi environments. In: Proceedings of the International Conference on Ubiquitous Positioning, Indoor Navigation, and Location Based Service; 2012. p. 1–7. [27] Godha S, Lachapelle G. Foot mounted inertial system for pedestrian navigation. Meas Sci Technol 2008;19:1–9. [28] Zhao X, Syed Z, Wright B, El-Sheimy N. An economical and effective multi-sensor integration for portable navigation system. In: Proceedings of the 22nd International Technical Meeting of the Satellite Division of the Institute of Navigation; 2009. p. 2088–95. [29] Gadeke T, Schmid J, Zahnlecker M, Stork W. Smartphone pedestrian navigation by foot-IMU sensor fusion. In: Proceedings of the International Conference on Ubiquitous Positioning, Indoor Navigation, and Location Based Service; 2012. p. 1–8. [30] Foxlin E. Pedestrian tracking with shoe-mounted inertial sensors. IEEE Comput Graph Appl 2005;25:38–46. Francesco Palmieri is an associate professor at the Computer Science Department of the Salerno University. He received his M.S. Degree and Ph.D. in Computer Science from the Salerno University. His research interests concern Advanced Networking Protocols and Architectures and Network Security. He serves as the Editor-in-Chief of an international journal and participates to the Editorial Board of other ones. Massimo Ficco received his M.S. degree in computer engineering from the University of Naples Federico II and the Ph.D. degree in information engineering from the Parthenope University. He is an assistant professor at the Second University of Naples. He was a senior researcher at the CINI Consortium. His research interests include software engineering, security of critical infrastructure, mobile computing. Silvio Pardi holds a Ph.D. in Computer Science from the Federico II University, Naples, Italy. He is currently with the Italian National Institute for Nuclear Physics (INFN) in Naples. His research interests are focused on Grids, Clouds, Resource Selection in distributed environments and High Performance Computing, Data Management for Physics experiment, Data Analysis for Gravitational Wave detection. Aniello Castiglione joined the Computer Science Department of the Salerno University in 2006. He received his degree and Ph.D. in Computer Science from the same university. He serves as a reviewer for several international journals and has been a member of international conference committees. His research interests include Communication Networks, Information Forensics, Security and Cryptography.

Please cite this article as: F. Palmieri et al., A cloud-based architecture for emergency management and first responders localization in smart city environments, Computers and Electrical Engineering (2016), http://dx.doi.org/10.1016/j.compeleceng.2016.02.012