Poster abstract : Energy-efficient rate adaptive MAC Protocol (RA-MAC) for long-lived sensor networks

This paper introduces an energy-efficient Rate Adaptive MAC (RA-MAC) protocol for long-lived Wireless Sensor Networks (WSN). Previous research shows that the dynamic and lossy nature of wireless communication is one of the major challenges to reliable data delivery in a WSN. RA-MAC achieves high link reliability in such situations by dynamically trading off radio bit rate for signal processing gain. This extra gain reduces the packet loss rate which results in lower energy expenditure by reducing the number of retransmissions. RA-MAC selects the optimal data rate based on channel conditions with the aim of minimizing energy consumption. We have implemented RA-MAC in TinyOS on an off-the-shelf sensor platform (TinyNode), and evaluated its performance by comparing RA-MAC with state-ofthe- art WSN MAC protocol (SCP-MAC) by experiments.

Analysis of indirect message injection for MAC generation using stream ciphers

This paper presents a model for generating a MAC tag with a stream cipher using the input message indirectly. Several recent proposals represent instances of this model with slightly different options. We investigate the security of this model for different options, and identify cases which permit forgery attacks. Based on this, we present a new forgery attack on version 1.4 of 128-EIA3. Design recommendations to enhance the security of proposals following this general model are given.

Macrophage inhibitory cytokine-1 (MIC-1/GDF15) slows cancer development but increases metastases in TRAMP prostate cancer prone mice

Macrophage inhibitory cytokine-1 (MIC-1/GDF15), a divergent member of the TGF-β superfamily, is over-expressed by many common cancers including those of the prostate (PCa) and its expression is linked to cancer outcome. We have evaluated the effect of MIC-1/GDF15 overexpression on PCa development and spread in the TRAMP transgenic model of spontaneous prostate cancer. TRAMP mice were crossed with MIC-1/GDF15 overexpressing mice (MIC-1fms) to produce syngeneic TRAMPfmsmic-1 mice. Survival rate, prostate tumor size, histopathological grades and extent of distant organ metastases were compared. Metastasis of TC1-T5, an androgen independent TRAMP cell line that lacks MIC-1/GDF15 expression, was compared by injecting intravenously into MIC-1fms and syngeneic C57BL/6 mice. Whilst TRAMPfmsmic-1 survived on average 7.4 weeks longer, had significantly smaller genitourinary (GU) tumors and lower PCa histopathological grades than TRAMP mice, more of these mice developed distant organ metastases. Additionally, a higher number of TC1-T5 lung tumor colonies were observed in MIC-1fms mice than syngeneic WT C57BL/6 mice. Our studies strongly suggest that MIC-1/GDF15 has complex actions on tumor behavior: it limits local tumor growth but may with advancing disease, promote metastases. As MIC-1/GDF15 is induced by all cancer treatments and metastasis is the major cause of cancer treatment failure and cancer deaths, these results, if applicable to humans, may have a direct impact on patient care.

A general model for MAC generation using direct injection

This paper presents a model for generating a MAC tag by injecting the input message directly into the internal state of a nonlinear filter generator. This model generalises a similar model for unkeyed hash functions proposed by Nakano et al. We develop a matrix representation for the accumulation phase of our model and use it to analyse the security of the model against man-in-the-middle forgery attacks based on collisions in the final register contents. The results of this analysis show that some conclusions of Nakano et al regarding the security of their model are incorrect. We also use our results to comment on several recent MAC proposals which can be considered as instances of our model and specify choices of options within the model which should prevent the type of forgery discussed here. In particular, suitable initialisation of the register and active use of a secure nonlinear filter will prevent an attacker from finding a collision in the final register contents which could result in a forged MAC.

Fundamental understanding on the use of Bluetooth MAC scanner for arterial travel time estimation

This report is the eight deliverable of the Real Time and Predictive Traveller Information project and the third deliverable of the Arterial Travel Time Information sub-project in the Integrated Traveller Information research Domain of the Smart Transport Research Centre. The primary objective of the Arterial Travel Time Information sub-project is to develop algorithms for real-time travel time estimation and prediction models for arterial traffic. Brisbane arterial network is highly equipped with Bluetooth MAC Scanners, which can provide travel time information. Literature is limited with the knowledge on the Bluetooth protocol based data acquisition process and accuracy and reliability of the analysis performed using the data. This report expands the body of knowledge surrounding the use of data from Bluetooth MAC Scanner (BMS) as a complementary traffic data source. A multi layer simulation model named Traffic and Communication Simulation (TCS) is developed. TCS is utilised to model the theoretical properties of the BMS data and analyse the accuracy and reliability of travel time estimation using the BMS data.

On the use of Bluetooth MAC Scanners for live reporting of the transport network

Recently there has been significant interest of researchers and practitioners on the use of Bluetooth as a complementary transport data. However, literature is limited with the understanding of the Bluetooth MAC Scanner (BMS) based data acquisition process and the properties of the data being collected. This paper first provides an insight on the BMS data acquisition process. Thereafter, it discovers the interesting facts from analysis of the real BMS data from both motorway and arterial networks of Brisbane, Australia. The knowledge gained is helpful for researchers and practitioners to understand the BMS data being collected which is vital to the development of management and control algorithms using the data.

Indirect message injection for MAC generation

This paper presents a model for the generation of a MAC tag using a stream cipher. The input message is used indirectly to control segments of the keystream that form the MAC tag. Several recent proposals can be considered as instances of this general model, as they all perform message accumulation in this way. However, they use slightly different processes in the message preparation and finalisation phases. We examine the security of this model for different options and against different types of attack, and conclude that the indirect injection model can be used to generate MAC tags securely for certain combinations of options. Careful consideration is required at the design stage to avoid combinations of options that result in susceptibility to forgery attacks. Additionally, some implementations may be vulnerable to side-channel attacks if used in Authenticated Encryption (AE) algorithms. We give design recommendations to provide resistance to these attacks for proposals following this model.

A phase III trial of docetaxel/carboplatin versus mitomycin C/ifosfamide/ cisplatin (MIC) or mitomycin C/vinblastine/cisplatin (MVP) in patients with advanced non-small-cell lung cancer : a randomised multicentre trial of the British Thoracic Oncology Group (BTOG1)

Background: Phase III studies suggest that non-small-cell lung cancer (NSCLC) patients treated with cisplatin-docetaxel may have higher response rates and better survival compared with other platinum-based regimens. We report the final results of a randomised phase III study of docetaxel and carboplatin versus MIC or MVP in patients with advanced NSCLC. Patients and methods: Patients with biopsy proven stage III-IV NSCLC not suitable for curative surgery or radiotherapy were randomised to receive four cycles of either DCb (docetaxel 75 mg/m 2, carboplatin AUC 6), or MIC/MVP (mitomycin 6 mg/m 2, ifosfamide 3 g/m 2 and cisplatin 50 mg/m 2 or mitomycin 6 mg/ m 2, vinblastine 6 mg/m 2 and cisplatin 50 mg/m 2, respectively), 3 weekly. The primary end point was survival, secondary end points included response rates, toxicity and quality of life. Results: The median follow-up was 17.4 months. Overall response rate was 32% for both arms (partial response = 31%, complete response = 1%); 32% of MIC/MVP and 26% of DCb patients had stable disease. One-year survival was 39% and 35% for DCb and MIC/MVP, respectively. Two-year survival was 13% with both arms. Grade 3/4 neutropenia (74% versus 43%, P < 0.005), infection (18% versus 9%, P = 0.01) and mucositis (5% versus 1%, P = 0.02) were more common with DCb than MIC/MVP. The MIC/MVP arm had significant worsening in overall EORTC score and global health status whereas the DCb arm showed no significant change. Conclusions: The combination of DCb had similar efficacy to MIC/MVP but quality of life was better maintained. © 2006 European Society for Medical Oncology.

Is bus overrepresented in Bluetooth MAC Scanner data? Is MAC-ID really unique?

One of the concerns about the use of Bluetooth MAC Scanner (BMS) data, especially from urban arterial, is the bias in the travel time estimates from multiple Bluetooth devices being transported by a vehicle. For instance, if a bus is transporting 20 passengers with Bluetooth equipped mobile phones, then the discovery of these mobile phones by BMS will be considered as 20 different vehicles, and the average travel time along the corridor estimated from the BMS data will be biased with the travel time from the bus. This paper integrates Bus Vehicle Identification system with BMS network to empirically evaluate such bias, if any. The paper also reports an interesting finding on the uniqueness of MAC IDs.

Bluetooth and Wi-Fi MAC address based crowd data collection and monitoring : benefits, challenges and enhancement

This paper firstly presents the benefits and critical challenges on the use of Bluetooth and Wi-Fi for crowd data collection and monitoring. The major challenges include antenna characteristics, environment’s complexity and scanning features. Wi-Fi and Bluetooth are compared in this paper in terms of architecture, discovery time, popularity of use and signal strength. Type of antennas used and the environment’s complexity such as trees for outdoor and partitions for indoor spaces highly affect the scanning range. The aforementioned challenges are empirically evaluated by “real” experiments using Bluetooth and Wi-Fi Scanners. The issues related to the antenna characteristics are also highlighted by experimenting with different antenna types. Novel scanning approaches including Overlapped Zones and Single Point Multi-Range detection methods will be then presented and verified by real-world tests. These novel techniques will be applied for location identification of the MAC IDs captured that can extract more information about people movement dynamics.

Monitoring spatiotemporal dynamics of human movement based on MAC address data

This thesis was a step forward in extracting valuable features from human's movement behaviour in terms of space utilisation based on Media-Access-Control data. This research offered a low-cost and less computational complexity approach compared to existing human's movement tracking methods. This research was successfully applied in QUT's Gardens Point campus and can be scaled to bigger environments and societies. Extractable information from human's movement by this approach can add a significant value to studying human's movement behaviour, enhancing future urban and interior design, improving crowd safety and evacuation plans.

Practical attack on NLM-MAC scheme

The NLM stream cipher designed by Hoon Jae Lee, Sang Min Sung, Hyeong Rag Kim is a strengthened version of the LM summation generator that combines linear and non-linear feedback shift registers. In recent works, the NLM cipher has been used for message authentication in lightweight communication over wireless sensor networks and for RFID authentication protocols. The work analyses the security of the NLM stream cipher and the NLM-MAC scheme that is built on the top of the NLM cipher. We first show that the NLM cipher suffers from two major weaknesses that lead to key recovery and forgery attacks. We prove the internal state of the NLM cipher can be recovered with time complexity about nlog7×2, where the total length of internal state is 2⋅n+22⋅n+2 bits. The attack needs about n2n2 key-stream bits. We also show adversary is able to forge any MAC tag very efficiently by having only one pair (MAC tag, ciphertext). The proposed attacks are practical and break the scheme with a negligible error probability.

Assessment of antenna characteristic effects on pedestrian and cyclists travel-time estimation based on Bluetooth and WiFi MAC addresses

Monitoring pedestrian and cyclists movement is an important area of research in transport, crowd safety, urban design and human behaviour assessment areas. Media Access Control (MAC) address data has been recently used as potential information for extracting features from people’s movement. MAC addresses are unique identifiers of WiFi and Bluetooth wireless technologies in smart electronics devices such as mobile phones, laptops and tablets. The unique number of each WiFi and Bluetooth MAC address can be captured and stored by MAC address scanners. MAC addresses data in fact allows for unannounced, non-participatory, and tracking of people. The use of MAC data for tracking people has been focused recently for applying in mass events, shopping centres, airports, train stations etc. In terms of travel time estimation, setting up a scanner with a big value of antenna’s gain is usually recommended for highways and main roads to track vehicle’s movements, whereas big gains can have some drawbacks in case of pedestrian and cyclists. Pedestrian and cyclists mainly move in built distinctions and city pathways where there is significant noises from other fixed WiFi and Bluetooth. Big antenna’s gains will cover wide areas that results in scanning more samples from pedestrians and cyclists’ MAC device. However, anomalies (such fixed devices) may be captured that increase the complexity and processing time of data analysis. On the other hand, small gain antennas will have lesser anomalies in the data but at the cost of lower overall sample size of pedestrian and cyclist’s data. This paper studies the effect of antenna characteristics on MAC address data in terms of travel-time estimation for pedestrians and cyclists. The results of the empirical case study compare the effects of small and big antenna gains in order to suggest optimal set up for increasing the accuracy of pedestrians and cyclists’ travel-time estimation.

A deadline-constrained 802.11 MAC Protocol with QoS differentiation for soft real-time control

As one of the most widely used wireless network technologies, IEEE 802.11 wireless local area networks (WLANs) have found a dramatically increasing number of applications in soft real-time networked control systems (NCSs). To fulfill the real-time requirements in such NCSs, most of the bandwidth of the wireless networks need to be allocated to high-priority data for periodic measurements and control with deadline requirements. However, existing QoS-enabled 802.11 medium access control (MAC) protocols do not consider the deadline requirements explicitly, leading to unpredictable deadline performance of NCS networks. Consequentially, the soft real-time requirements of the periodic traffic may not be satisfied, particularly under congested network conditions. This paper makes two main contributions to address this problem in wireless NCSs. Firstly, a deadline-constrained MAC protocol with QoS differentiation is presented for IEEE 802.11 soft real-time NCSs. It handles periodic traffic by developing two specific mechanisms: a contention-sensitive backoff mechanism, and an intra-traffic-class QoS differentiation mechanism. Secondly, a theoretical model is established to describe the deadline-constrained MAC protocol and evaluate its performance of throughput, delay and packet-loss ratio in wireless NCSs. Numerical studies are conducted to validate the accuracy of the theoretical model and to demonstrate the effectiveness of the new MAC protocol.

Experiences in Passively Detecting Session Hijacking Attacks in IEEE 802.11 Networks

Current IEEE 802.11 wireless networks are vulnerable to session hijacking attacks as the existing standards fail to address the lack of authentication of management frames and network card addresses, and rely on loosely coupled state machines. Even the new WLAN security standard - IEEE 802.11i does not address these issues. In our previous work, we proposed two new techniques for improving detection of session hijacking attacks that are passive, computationally inexpensive, reliable, and have minimal impact on network performance. These techniques utilise unspoofable characteristics from the MAC protocol and the physical layer to enhance confidence in the intrusion detection process. This paper extends our earlier work and explores usability, robustness and accuracy of these intrusion detection techniques by applying them to eight distinct test scenarios. A correlation engine has also been introduced to maintain the false positives and false negatives at a manageable level. We also explore the process of selecting optimum thresholds for both detection techniques. For the purposes of our experiments, Snort-Wireless open source wireless intrusion detection system was extended to implement these new techniques and the correlation engine. Absence of any false negatives and low number of false positives in all eight test scenarios successfully demonstrated the effectiveness of the correlation engine and the accuracy of the detection techniques.