Key distribution mechanisms for wireless sensor networks : a survey

Advances in technology introduce new application areas for sensor networks. Foreseeable wide deployment of mission critical sensor networks creates concerns on security issues. Security of large scale densely deployed and infrastructure less wireless networks of resource limited sensor nodes requires efficient key distribution and management mechanisms. We consider distributed and hierarchical wireless sensor networks where unicast, multicast and broadcast type of communications can take place. We evaluate deterministic, probabilistic and hybrid type of key pre-distribution and dynamic key generation algorithms for distributing pair-wise, group-wise and network-wise keys.

Combinatorial design of key distribution mechanisms for wireless sensor networks

Key distribution is one of the most challenging security issues in wireless sensor networks where sensor nodes are randomly scattered over a hostile territory. In such a sensor deployment scenario, there will be no prior knowledge of post deployment configuration. For security solutions requiring pair wise keys, it is impossible to decide how to distribute key pairs to sensor nodes before the deployment. Existing approaches to this problem are to assign more than one key, namely a key-chain, to each node. Key-chains are randomly drawn from a key-pool. Either two neighbouring nodes have a key in common in their key-chains, or there is a path, called key-path, among these two nodes where each pair of neighbouring nodes on this path has a key in common. Problem in such a solution is to decide on the key-chain size and key-pool size so that every pair of nodes can establish a session key directly or through a path with high probability. The size of the key-path is the key factor for the efficiency of the design. This paper presents novel, deterministic and hybrid approaches based on Combinatorial Design for key distribution. In particular, several block design techniques are considered for generating the key-chains and the key-pools. Comparison to probabilistic schemes shows that our combinatorial approach produces better connectivity with smaller key-chain sizes.

Design and analysis of key management schemes for distributed wireless sensor networks

Secure communications in distributed Wireless Sensor Networks (WSN) operating under adversarial conditions necessitate efficient key management schemes. In the absence of a priori knowledge of post-deployment network configuration and due to limited resources at sensor nodes, key management schemes cannot be based on post-deployment computations. Instead, a list of keys, called a key-chain, is distributed to each sensor node before the deployment. For secure communication, either two nodes should have a key in common in their key-chains, or they should establish a key through a secure-path on which every link is secured with a key. We first provide a comparative survey of well known key management solutions for WSN. Probabilistic, deterministic and hybrid key management solutions are presented, and they are compared based on their security properties and re-source usage. We provide a taxonomy of solutions, and identify trade-offs in them to conclude that there is no one size-fits-all solution. Second, we design and analyze deterministic and hybrid techniques to distribute pair-wise keys to sensor nodes before the deployment. We present novel deterministic and hybrid approaches based on combinatorial design theory and graph theory for deciding how many and which keys to assign to each key-chain before the sensor network deployment. Performance and security of the proposed schemes are studied both analytically and computationally. Third, we address the key establishment problem in WSN which requires key agreement algorithms without authentication are executed over a secure-path. The length of the secure-path impacts the power consumption and the initialization delay for a WSN before it becomes operational. We formulate the key establishment problem as a constrained bi-objective optimization problem, break it into two sub-problems, and show that they are both NP-Hard and MAX-SNP-Hard. Having established inapproximability results, we focus on addressing the authentication problem that prevents key agreement algorithms to be used directly over a wireless link. We present a fully distributed algorithm where each pair of nodes can establish a key with authentication by using their neighbors as the witnesses.

Position, privacy and personnel : concerns for the (digital) future

Firms are moving away from decentralized regional offices. Last year the author spoke with a valuer working on the Sunshine Coast for a Brisbane firm. In years past this valuer would have left home in the morning to go to the office, as well as travelling during the day to client sites. Now they get up, have breakfast, change out of their pyjamas (if they have meetings!) and walk into their employer set-up home office to ‘punch-in’. Apart from travel for essential meetings at head office, or for the purpose of on-site inspections, they can attend work, engage with colleagues and clients and never leave home. While this practice may be a cost saving to the firm and a commuter-friendly way of working, it raises a range of issues to be managed.

The role of, and key considerations for, advertising campaigns and educational awareness workshops within the work-related road safety context

Australian and international evidence suggests that, in the work-related driving context, road crashes account for a substantial number of occupational incidents. In the attempt to reduce injury and improve safety, organisations may implement an array of strategies and interventions ranging from policy development and implementation, vehicle selection and incident monitoring through to education and awareness-raising. This conceptual paper discusses aspects relating to the latter collection of interventions and, in particular, the role, and some key considerations with respect to the content and dissemination, of advertising campaigns and educational awareness workshops. In relation to advertising campaigns, this paper discusses how some of the overarching principles associated with advertising in the broader general community road safety strategy also apply within the work-related road safety context. Specifically, advertising campaigns/materials should be viewed as a key component within a dedicated organisational approach to road (driver) safety. This dedicated approach would need to comprise of a number, and varied array, of strategies. In addition, the content of, and medium/s (e.g., posters) by which to deliver such advertising campaigns, cannot be addressed by a one-size-fits all approach but, rather, requires careful consideration of the needs as well as characteristics of specific organisations and their driver fleet. The paper provides a summary of some key considerations when devising an advertising campaign, including the nature of campaign/message content as well as the processes by which to devise and refine such content. In relation to driver education awareness workshops, this paper outlines the key considerations for delivering a series of workshops specifically aimed at occupational driving within the organisational context. A case study approach will be utilised to demonstrate the manner in which educational awareness workshops can compliment successful advertising campaigns promoting safer work related driving through better risk management practice. Research underpinning the development of driver behaviour modification tools incorporated within the workshops will also be discussed along with the mechanisms utilised to encourage improvements in driver monitoring and behaviour. In an effort to assist organisations with their continual search for cost-effective approaches which may, ultimately, contribute to improvements in driver behaviour and safety, the current paper offers some clear and practical suggestions in relation to the development and dissemination of two types of interventions, advertising campaigns and education awareness workshops.

The role of human factors when evaluating information accountability for eHealth systems

The availability of health information is rapidly increasing; its expansion and proliferation is inevitable. At the same time, breeding of health information silos is an unstoppable and relentless exercise. Information security and privacy concerns are therefore major barriers in the eHealth socio-eco system. We proposed Information Accountability as a measurable human factor that should eliminate and mitigate security concerns. Information accountability measures would be practicable and feasible if legislative requirements are also embedded. In this context, information accountability constitutes a key component for the development of effective information technology requirements for health information system. Our conceptual approach to measuring human factors related to information accountability in eHealth is presented in this paper with some limitations.

Complexity of increasing the secure connectivity in wireless ad hoc networks

We consider the problem of maximizing the secure connectivity in wireless ad hoc networks, and analyze complexity of the post-deployment key establishment process constrained by physical layer properties such as connectivity, energy consumption and interference. Two approaches, based on graph augmentation problems with nonlinear edge costs, are formulated. The first one is based on establishing a secret key using only the links that are already secured by shared keys. This problem is in NP-hard and does not accept polynomial time approximation scheme PTAS since minimum cutsets to be augmented do not admit constant costs. The second one extends the first problem by increasing the power level between a pair of nodes that has a secret key to enable them physically connect. This problem can be formulated as the optimal key establishment problem with interference constraints with bi-objectives: (i) maximizing the concurrent key establishment flow, (ii) minimizing the cost. We prove that both problems are NP-hard and MAX-SNP with a reduction to MAX3SAT problem.

The key regulatory roles of the PI3K/Akt signalling pathway in the functionalities of mesenchymal stem cells and applications in tissue regeneration

Mesenchymal stem cells (MSCs) are multi-potent cells that can differentiate into various cell types and have been used widely in tissue engineering application. In tissue engineering, a scaffold, MSCs and growth factors are used as essential components and their interactions have been regarded to be important for regeneration of tissues. A critical problem for MSCs in tissue engineering is their low survival ability and functionality. Most MSCs are going to be apoptotic after transplantation. Therefore, increasing MSC survival ability and functionalities is the key for potential applications of MSCs. Several approaches have been studied to increase MSC tissue forming capacity including application of growth factors, overexpression of stem cell regulatory genes and improvement of biomaterials for scaffolds. The effects of these approaches on MSCs have been associated with the activation of the PI3K/Akt signaling pathway. The pathway plays central regulatory roles in MSC survival, proliferation, migration, angiogenesis, cytokine production and differentiation. In this review, we summarize and discuss the literatures related to the roles of the PI3K/Akt pathway in the functionalities of MSCs and the involvement of the pathway in biomaterials-increased MSC functinalities. Biomaterials have been modified in their properties, surface structure and loaded with growth factors to increase MSC functionalities. Several studies demonstrated that the biomaterials-increased MSC functionalities are mediated by the activation of the PI3K/Akt pathway.

Key attributes underpinning different markup decision between public and private projects : a China study

In the construction industry, contractors have to improve the efficiency of markup decision-making to survive from fierce business competition. The effect of client type on markup decision has been aware in previous studies and contractors are advocated to take account of decision factors properly when they are confronted with different types of projects. Nevertheless, the rationales behind the inclusion of different factors in markup decision-making for different projects sustain unknown. In this study, fifty-three factors were identified after extensive literature review and interviews with professionals. The identified factors were afterwards grouped under the headings of nine attributes and compiled in a questionnaire for survey in China. Using the Hotelling’s T-square test, it is found that three attributes (i.e., project characteristic, client characteristic, and macro condition) can explain the effect of client type on contractors’ markup decision. The research findings provide useful insights into the cognition of bid pricing as well as the improvement of bidding efficiency. While the research works were situated in China, contractors in other countries could benefit from the research findings in a similar vein.

Privacy of RFID - models and protocols

Radio Frequency Identification is a wireless identification method that utilizes the reception of electromagnetic radio waves. This research has proposed a novel model to allow for an in-depth security analysis of current protocols and developed new flexible protocols that can be adapted to offer either stronger security or better efficiency.

Why trust the Head? : key strategies for transformational school leaders for building a purposeful relationship of trust

Trust is widely recognised as one of the key qualities that a successful leader needs to bring about change within their organization. Browning’s study aimed to identify practices which a school leader can effectively use to inspire, build, and maintain trust between themselves, their staff and Chair of governing body. The study was undertaken in two phases. Phase One was the identification of four highly trusted transformational leaders from the Australian independent schooling sector. Phase Two was a multicase study of the four school leaders. The findings provide practical advice for school leaders wishing to have a positive impact on the outcomes of the students in their school.

ASICS : authenticated key exchange security incorporating certification systems

Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.

Security and privacy in eHealth : is it possible? A sociotechnical analysis

Advances in Information and Communication Technologies have the potential to improve many facets of modern healthcare service delivery. The implementation of electronic health records systems is a critical part of an eHealth system. Despite the potential gains, there are several obstacles that limit the wider development of electronic health record systems. Among these are the perceived threats to the security and privacy of patients’ health data, and a widely held belief that these cannot be adequately addressed. We hypothesise that the major concerns regarding eHealth security and privacy cannot be overcome through the implementation of technology alone. Human dimensions must be considered when analysing the provision of the three fundamental information security goals: confidentiality, integrity and availability. A sociotechnical analysis to establish the information security and privacy requirements when designing and developing a given eHealth system is important and timely. A framework that accommodates consideration of the legislative requirements and human perspectives in addition to the technological measures is useful in developing a measurable and accountable eHealth system. Successful implementation of this approach would enable the possibilities, practicalities and sustainabilities of proposed eHealth systems to be realised.

Camera trapping and invasions of privacy : an Australian legal perspective

Camera trapping is a scientific survey technique that involves the placement of heat-and motion-sensing automatic triggered cameras into the ecosystem to record images of animals for the purpose of studying wildlife. As technology continues to advance in sophistication, the use of camera trapping is becoming more widespread and is a crucial tool in the study of, and attempts to preserve, various species of animals, particularly those that are internationally endangered. However, whatever their value as an ecological device, camera traps also create a new risk of incidentally and accidentally capturing images of humans who venture into the area under surveillance. This article examines the current legal position in Australia in relation to such unintended invasions of privacy. It considers the current patchwork of statute and common laws that may provide a remedy in such circumstances. It also discusses the position that may prevail should the recommendations of either the Australian Law Reform Commission and/or New South Wales Law Reform Commission be adopted and a statutory cause of action protecting personal privacy be enacted.

Accountable-eHealth systems : the next step forward for privacy

eHealth systems promise enviable benefits and capabilities for healthcare delivery. However, the technologies that make these capabilities possible introduce undesirable drawbacks such as information security related threats, which need to be appropriately addressed. Lurking in these threats are information privacy concerns. Addressing them has proven to be difficult because they often conflict with information access requirements of healthcare providers. Therefore, it is important to achieve an appropriate balance between these requirements. We contend that information accountability (IA) can achieve this balance. In this paper, we introduce accountable-eHealth (AeH) systems, which are eHealth systems that utilise IA as a measure of information privacy. We discuss how AeH system protocols can successfully achieve the aforementioned balance of requirements. As a means of implementation feasibility, we compare characteristics of AeH systems with Australia’s Personally Controlled Electronic Health Record (PCEHR) sys-tem and identify similarities and highlight the differences and the impact those differences would have to the eHealth domain.