Combinatorial design of key distribution mechanisms for wireless sensor networks

Key distribution is one of the most challenging security issues in wireless sensor networks where sensor nodes are randomly scattered over a hostile territory. In such a sensor deployment scenario, there will be no prior knowledge of post deployment configuration. For security solutions requiring pairwise keys, it is impossible to decide how to distribute key pairs to sensor nodes before the deployment. Existing approaches to this problem are to assign more than one key, namely a key-chain, to each node. Key-chains are randomly drawn from a key-pool. Either two neighboring nodes have a key in common in their key-chains, or there is a path, called key-path, among these two nodes where each pair of neighboring nodes on this path has a key in common. Problem in such a solution is to decide on the key-chain size and key-pool size so that every pair of nodes can establish a session key directly or through a path with high probability. The size of the key-path is the key factor for the efficiency of the design. This paper presents novel, deterministic and hybrid approaches based on Combinatorial Design for key distribution. In particular, several block design techniques are considered for generating the key-chains and the key-pools.

Key distribution mechanisms for wireless sensor networks : a survey

Advances in technology introduce new application areas for sensor networks. Foreseeable wide deployment of mission critical sensor networks creates concerns on security issues. Security of large scale densely deployed and infrastructure less wireless networks of resource limited sensor nodes requires efficient key distribution and management mechanisms. We consider distributed and hierarchical wireless sensor networks where unicast, multicast and broadcast type of communications can take place. We evaluate deterministic, probabilistic and hybrid type of key pre-distribution and dynamic key generation algorithms for distributing pair-wise, group-wise and network-wise keys.

Combinatorial design of key distribution mechanisms for wireless sensor networks

Key distribution is one of the most challenging security issues in wireless sensor networks where sensor nodes are randomly scattered over a hostile territory. In such a sensor deployment scenario, there will be no prior knowledge of post deployment configuration. For security solutions requiring pair wise keys, it is impossible to decide how to distribute key pairs to sensor nodes before the deployment. Existing approaches to this problem are to assign more than one key, namely a key-chain, to each node. Key-chains are randomly drawn from a key-pool. Either two neighbouring nodes have a key in common in their key-chains, or there is a path, called key-path, among these two nodes where each pair of neighbouring nodes on this path has a key in common. Problem in such a solution is to decide on the key-chain size and key-pool size so that every pair of nodes can establish a session key directly or through a path with high probability. The size of the key-path is the key factor for the efficiency of the design. This paper presents novel, deterministic and hybrid approaches based on Combinatorial Design for key distribution. In particular, several block design techniques are considered for generating the key-chains and the key-pools. Comparison to probabilistic schemes shows that our combinatorial approach produces better connectivity with smaller key-chain sizes.

Conflicts over protection of marine living resources : the ‘Volga Case’ revisited

Non-traditional maritime security concerns have become more importantthan ever in the post-Cold War era. Naval forces of most developedcountries are more concerned about these threats than conventional war.One of the main maritime security issues for many countries in the world isillegal, unreported and unregulated (IUU) fishing in the marine area. Withthese burgeoning issues comes the potential for a large number of disputesinvolving international law. In early 2002, a long-line fishing vessel under aRussian flag –the Volga, was detained by Australian authorities a few hundred meters outside the Exclusive Economic Zone of Australia’s Heard and McDonald Islands in the Southern Ocean. The vessel was reportedly engaged in illegal fishing. This incident gave birth to litigation in international and Australian courts. Apart from these cases, Russia also announced separate litigation against Australia for violation of Articles 111and 87 of the United Nations Convention on the Law of the Sea (NCLOS).Considering the outcome of these cases, this article critically examines thecharacteristics of litigation as a strategy for pacific settlement of disputesover marine living resources. Using the Volga Case as an example, thisarticle explores some issues related to the judicial settlement of disputes over marine living resources. This article demonstrates that the legal certainty of winning a case may not be the only factor influencing the strategy for settlement of an international dispute.

State responsibility for maritime terrorism

Maritime terrorism is one of the main maritime security issues in the contemporary world. The threat of maritime terrorism is more apparent than ever in the post-September 11 era. Although maritime terrorism is an old issue, the disastrous events of 11 September 2001 brought this issue again onto the global agenda. This incident brought to the forefront the longstanding concerns that terrorists could severely disrupt the global maritime supply chain by using shipping containers or vessels to attack major business centres, port facilities and offshore installations. A number of international criminal law studies have been conducted to identify international legal challenges in maritime security. Some of these works have critically examined the international legal framework for maritime security and identified the lacunas in the existing system. Some of these writings have also identified that emerging maritime terrorism issues are prompting States to introduce some stringent measures. Although the international legal regime related to maritime terrorism is a well-researched area, very little research work has explored the legal issues related to State responsibility for maritime terrorism. This article argues that, although the United Nations Convention on the Law of the Sea (UNCLOS) provisions related to maritime piracy may not be applicable for some dimensions of maritime violence, different provisions of UNCLOS may relevant in identifying State responsibility for maritime terrorism.

Cryptanalysis of the convex hull click human identification protocol

Recently, a convex hull-based human identification protocol was proposed by Sobrado and Birget, whose steps can be performed by humans without additional aid. The main part of the protocol involves the user mentally forming a convex hull of secret icons in a set of graphical icons and then clicking randomly within this convex hull. While some rudimentary security issues of this protocol have been discussed, a comprehensive security analysis has been lacking. In this paper, we analyze the security of this convex hull-based protocol. In particular, we show two probabilistic attacks that reveal the user’s secret after the observation of only a handful of authentication sessions. These attacks can be efficiently implemented as their time and space complexities are considerably less than brute force attack. We show that while the first attack can be mitigated through appropriately chosen values of system parameters, the second attack succeeds with a non-negligible probability even with large system parameter values that cross the threshold of usability.

Nutrition in remote Aboriginal communities: Lessons from Mai Wiru and the Anangu Pitjantjatjara Yankunytjatjara Lands

Objective To examine the impact of efforts to improve nutrition on the Anangu Pitjantjatjara Yankunytjatjara (APY) Lands from 1986, especially in Mai Wiru stores. Methods Literature was searched in a systematic manner. In 2012, the store-turnover method was used to quantify dietary intake of the five APY communities that have a Mai Wiru (good food) store. Results were compared with those available from 1986. Prices of a standard market basket of basic foods, implementation of nutrition policy requirements and healthy food checklists were also assessed in all seven APY community stores from 2008 and compared with available data from 1986. Results Despite concerted efforts and achievements decreasing intake of sugar and increasing the availability and affordability of healthy foods, particularly fruit and vegetables, and consequent improvements in some nutrient indicators, the overall effect has been a decrease in diet quality as indicated primarily by the increased supply and proportion of energy intake from discretionary foods, particularly sugar-sweetened beverages, convenience meals and take-away foods. Conclusions The study findings reinforce the notion that, in the absence of supportive regulation and market intervention, adequate and sustained resources are required to improve nutrition and prevent diet-related chronic disease on the APY Lands. Implications This study also provides insights into food supply/security issues affecting other remote Aboriginal communities and wider Australia.

Security and legal issues in E-tendering

The Queensland Department of Public Works (QDPW) and the Queensland Department of Main Roads (QDMR) have identified a need for industry e-contracting guidelines in the short to medium term. Each of these organisations conducts tenders and contracts for over $600 million annually. This report considers the security and legal issues relating to the shift from a paper-based tendering system to an electronic tendering system. The research objectives derived from the industry partners include: • a review of current standards and e-tendering systems; • a summary of legal requirements impacting upon e-tendering; • an analysis of the threats and requirements for any e-tendering system; • the identification of outstanding issues; • an evaluation of possible e-tendering architectures; • recommendations for e-tendering systems.

Security of employee entitlements : corporate governance issues

Following the collapse across the last decade of a number of large organizations such as Enron in the USA and several domestic organizations including Ansett Airlines, HIH Insurance and One.Tel, much discussion has ensued about the need to secure employee entitlements. However, tangible improvements in this area are elusive. Good corporate governance policies would suggest that deferred obligations as well as current debts should not be neglected and that appropriate arrangements be put in place to adequately fund employee entitlements. In this paper we consider recent Australian attempts to introduce better governance of employee entitlements.

Security in wireless sensor networks : issues and challenges

Wireless Sensor Networks (WSNs) are employed in numerous applications in different areas including military, ecology, and health; for example, to control of important information like the personnel position in a building, as a result, WSNs need security. However, several restrictions such as low capability of computation, small memory, limited resources of energy, and the unreliable channels employ communication in using WSNs can cause difficulty in use of security and protection in WSNs. It is very essential to save WSNs from malevolent attacks in unfriendly situations. Such networks require security plan due to various limitations of resources and the prominent characteristics of a wireless sensor network which is a considerable challenge. This article is an extensive review about problems of WSNs security, which examined recently by researchers and a better understanding of future directions for WSN security.

Can IT Security be improved with better IT Leadership in the 21st Century University?

Organizations generally are not responding effectively to rising IT security threats because people issues receive inadequate attention. The stark example of IT security is just the latest strategic IT priority demonstrating deficient IT leadership attention to the social dimension of IT. Universities in particular, with their devolved people organization, diverse adoption of IT, and split central/local federated approach to governance and leadership of IT, demand higher levels of interpersonal sophistication and strategic engagement from their IT leaders. An idealized model for IT leaders for the 21st century university is proposed to be developed as a framework for further investigation. The testing of this model in an action research study is proposed.

Legal Issues Relating to the Notification of Australian Data Breaches

Advances in information and communications technologies during the last two decades have allowed organisations to capture and utilise data on a vast scale, thus heightening the importance of adequate measures for protecting unauthorised disclosure of personal information. In this respect, data breach notification has emerged as an issue of increasing importance throughout the world. It has been the subject of law reform in the United States and in other international jurisdictions. Following the Australian Law Reform Commission’s review of privacy, data breach notification will soon be addressed in Australia. This article provides a review of US and Australian legal initiatives regarding the notification of data breaches. The authors highlight areas of concern based on the extant US literature that require specific consideration in Australia regarding the development of an Australian legal framework for the notification of data breaches.

A Proposed Framework for Understanding Information Security Culture and Practices in the Saudi Context

An examination of Information Security (IS) and Information Security Management (ISM) research in Saudi Arabia has shown the need for more rigorous studies focusing on the implementation and adoption processes involved with IS culture and practices. Overall, there is a lack of academic and professional literature about ISM and more specifically IS culture in Saudi Arabia. Therefore, the overall aim of this paper is to identify issues and factors that assist the implementation and the adoption of IS culture and practices within the Saudi environment. The goal of this paper is to identify the important conditions for creating an information security culture in Saudi Arabian organizations. We plan to use this framework to investigate whether security culture has emerged into practices in Saudi Arabian organizations.

The Dragon stream cipher: Design, analysis and implementation issues

Dragon is a word-based stream cipher. It was submitted to the eSTREAM project in 2005 and has advanced to Phase 3 of the software profile. This paper discusses the Dragon cipher from three perspectives: design, security analysis and implementation. The design of the cipher incorporates a single word-based non-linear feedback shift register and a non-linear filter function with memory. This state is initialized with 128- or 256-bit key-IV pairs. Each clock of the stream cipher produces 64 bits of keystream, using simple operations on 32-bit words. This provides the cipher with a high degree of efficiency in a wide variety of environments, making it highly competitive relative to other symmetric ciphers. The components of Dragon were designed to resist all known attacks. Although the design has been open to public scrutiny for several years, the only published attacks to date are distinguishing attacks which require keystream lengths greatly exceeding the stated 264 bit maximum permitted keystream length for a single key-IV pair.