Combinatorial design of key distribution mechanisms for wireless sensor networks

Key distribution is one of the most challenging security issues in wireless sensor networks where sensor nodes are randomly scattered over a hostile territory. In such a sensor deployment scenario, there will be no prior knowledge of post deployment configuration. For security solutions requiring pair wise keys, it is impossible to decide how to distribute key pairs to sensor nodes before the deployment. Existing approaches to this problem are to assign more than one key, namely a key-chain, to each node. Key-chains are randomly drawn from a key-pool. Either two neighbouring nodes have a key in common in their key-chains, or there is a path, called key-path, among these two nodes where each pair of neighbouring nodes on this path has a key in common. Problem in such a solution is to decide on the key-chain size and key-pool size so that every pair of nodes can establish a session key directly or through a path with high probability. The size of the key-path is the key factor for the efficiency of the design. This paper presents novel, deterministic and hybrid approaches based on Combinatorial Design for key distribution. In particular, several block design techniques are considered for generating the key-chains and the key-pools. Comparison to probabilistic schemes shows that our combinatorial approach produces better connectivity with smaller key-chain sizes.

Kerberos based security system for session initiation protocol

Session Initiation Protocol (SIP) is developed to provide advanced voice services over IP networks. SIP unites telephony and data world, permitting telephone calls to be transmitted over Intranets and Internet. Increase in network performance and new mechanisms for guaranteed quality of service encourage this consolidation to provide toll cost savings. Security comes up as one of the most important issues when voice communication and critical voice applications are considered. Not only the security methods provided by traditional telephony systems, but also additional methods are required to overcome security risks introduced by the public IP networks. SIP considers security problems of such a consolidation and provides a security framework. There are several security methods defined within SIP specifications and extensions. But, suggested methods can not solve all the security problems of SIP systems with various system requirements. In this thesis, a Kerberos based solution is proposed for SIP security problems, including SIP authentication and privacy. The proposed solution tries to establish flexible and scalable SIP system that will provide desired level of security for voice communications and critical telephony applications.

Health informatics domain knowledge analysis : an information technology perspective

Health Informatics is an intersection of information technology, several disciplines of medicine and health care. It sits at the common frontiers of health care services including patient centric, processes driven and procedural centric care. From the information technology perspective it can be viewed as computer application in medical and/or health processes for delivering better health care solutions. In spite of the exaggerated hype, this field is having a major impact in health care solutions, in particular health care deliveries, decision making, medical devices and allied health care industries. It also affords enormous research opportunities for new methodological development. Despite the obvious connections between Medical Informatics, Nursing Informatics and Health Informatics, most of the methodologies and approaches used in Health Informatics have so far originated from health system management, care aspects and medical diagnostic. This paper explores reasoning for domain knowledge analysis that would establish Health Informatics as a domain and recognised as an intellectual discipline in its own right.

Social engineering in social networking sites : phase-based and source-based models

Social networking sites (SNSs), with their large numbers of users and large information base, seem to be perfect breeding grounds for exploiting the vulnerabilities of people, the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” While technology-based security has been addressed by research and may be well understood, social engineering is more challenging to understand and manage, especially in new environments such as SNSs, owing to some factors of SNSs that reduce the ability of users to detect the attack and increase the ability of attackers to launch it. This work will contribute to the knowledge of social engineering by presenting the first two conceptual models of social engineering attacks in SNSs. Phase-based and source-based models are presented, along with an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.

Social engineering in social networking sites : affect-based model

While social engineering represents a real and ominous threat to many organizations, companies, governments, and individuals, social networking sites (SNSs), have been identified as among the most common means of social engineering attacks. Owing to factors that reduce the ability of users to detect social engineering tricks and increase the ability of attackers to launch them, SNSs seem to be perfect breeding ground for exploiting the vulnerabilities of people, and the weakest link in security. This work will contribute to the knowledge of social engineering by identifying different entities and subentities that affect social engineering based attacks in SNSs. Moreover, this paper includes an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.

Toward understanding social engineering

There is no doubt that social engineering plays a vital role in compromising most security defenses, and in attacks on people, organizations, companies, or even governments. It is the art of deceiving and tricking people to reveal critical information or to perform an action that benefits the attacker in some way. Fraudulent and deceptive people have been using social engineering traps and tactics using information technology such as e-mails, social networks, web sites, and applications to trick victims into obeying them, accepting threats, and falling victim to various crimes and attacks such as phishing, sexual abuse, financial abuse, identity theft, impersonation, physical crime, and many other forms of attack. Although organizations, researchers, practitioners, and lawyers recognize the severe risk of social engineering-based threats, there is a severe lack of understanding and controlling of such threats. One side of the problem is perhaps the unclear concept of social engineering as well as the complexity of understand human behaviors in behaving toward, approaching, accepting, and failing to recognize threats or the deception behind them. The aim of this paper is to explain the definition of social engineering based on the related theories of the many related disciplines such as psychology, sociology, information technology, marketing, and behaviourism. We hope, by this work, to help researchers, practitioners, lawyers, and other decision makers to get a fuller picture of social engineering and, therefore, to open new directions of collaboration toward detecting and controlling it.

Estimating benefits of energy storage for aggregate storage applications in electricity distribution networks in Queensland

Electric Energy Storage (EES) is considered as one of the promising options for reducing the need for costly upgrades in distribution networks in Queensland (QLD). However, It is expected, the full potential for storage for distribution upgrade deferral cannot be fully realized due to high cost of EES. On the other hand, EES used for distribution deferral application can support a variety of complementary storage applications such as energy price arbitrage, time of use (TOU) energy cost reduction, wholesale electricity market ancillary services, and transmission upgrade deferral. Aggregation of benefits of these complementary storage applications would have the potential for increasing the amount of EES that may be financially attractive to defer distribution network augmentation in QLD. In this context, this paper analyzes distribution upgrade deferral, energy price arbitrage, TOU energy cost reduction, and integrated solar PV-storage benefits of EES devices in QLD.

Using a public key registry for improved trust and scalability in national E-health systems

An increasing number of countries are faced with an aging population increasingly needing healthcare services. For any e-health information system, the need for increased trust by such clients with potentially little knowledge of any security scheme involved is paramount. In addition notable scalability of any system has become a critical aspect of system design, development and ongoing management. Meanwhile cryptographic systems provide the security provisions needed for confidentiality, authentication, integrity and non-repudiation. Cryptographic key management, however, must be secure, yet efficient and effective in developing an attitude of trust in system users. Digital certificate-based Public Key Infrastructure has long been the technology of choice or availability for information security/assurance; however, there appears to be a notable lack of successful implementations and deployments globally. Moreover, recent issues with associated Certificate Authority security have damaged trust in these schemes. This paper proposes the adoption of a centralised public key registry structure, a non-certificate based scheme, for large scale e-health information systems. The proposed structure removes complex certificate management, revocation and a complex certificate validation structure while maintaining overall system security. Moreover, the registry concept may be easier for both healthcare professionals and patients to understand and trust.

Trust in merged ERP and open data schemes in the “Cloud”

Enterprise resource planning (ERP) systems are rapidly being combined with “big data” analytics processes and publicly available “open data sets”, which are usually outside the arena of the enterprise, to expand activity through better service to current clients as well as identifying new opportunities. Moreover, these activities are now largely based around relevant software systems hosted in a “cloud computing” environment. However, the over 50- year old phrase related to mistrust in computer systems, namely “garbage in, garbage out” or “GIGO”, is used to describe problems of unqualified and unquestioning dependency on information systems. However, a more relevant GIGO interpretation arose sometime later, namely “garbage in, gospel out” signifying that with large scale information systems based around ERP and open datasets as well as “big data” analytics, particularly in a cloud environment, the ability to verify the authenticity and integrity of the data sets used may be almost impossible. In turn, this may easily result in decision making based upon questionable results which are unverifiable. Illicit “impersonation” of and modifications to legitimate data sets may become a reality while at the same time the ability to audit any derived results of analysis may be an important requirement, particularly in the public sector. The pressing need for enhancement of identity, reliability, authenticity and audit services, including naming and addressing services, in this emerging environment is discussed in this paper. Some current and appropriate technologies currently being offered are also examined. However, severe limitations in addressing the problems identified are found and the paper proposes further necessary research work for the area. (Note: This paper is based on an earlier unpublished paper/presentation “Identity, Addressing, Authenticity and Audit Requirements for Trust in ERP, Analytics and Big/Open Data in a ‘Cloud’ Computing Environment: A Review and Proposal” presented to the Department of Accounting and IT, College of Management, National Chung Chen University, 20 November 2013.)

Graph theory based representation of building information models for access control applications

Building information models are increasingly being utilised for facility management of large facilities such as critical infrastructures. In such environments, it is valuable to utilise the vast amount of data contained within the building information models to improve access control administration. The use of building information models in access control scenarios can provide 3D visualisation of buildings as well as many other advantages such as automation of essential tasks including path finding, consistency detection, and accessibility verification. However, there is no mathematical model for building information models that can be used to describe and compute these functions. In this paper, we show how graph theory can be utilised as a representation language of building information models and the proposed security related functions. This graph-theoretic representation allows for mathematically representing building information models and performing computations using these functions.

Pollen image classification using the classifynder system: Algorithm comparison and a case study on New Zealand honey

We describe an investigation into how Massey University’s Pollen Classifynder can accelerate the understanding of pollen and its role in nature. The Classifynder is an imaging microscopy system that can locate, image and classify slide based pollen samples. Given the laboriousness of purely manual image acquisition and identification it is vital to exploit assistive technologies like the Classifynder to enable acquisition and analysis of pollen samples. It is also vital that we understand the strengths and limitations of automated systems so that they can be used (and improved) to compliment the strengths and weaknesses of human analysts to the greatest extent possible. This article reviews some of our experiences with the Classifynder system and our exploration of alternative classifier models to enhance both accuracy and interpretability. Our experiments in the pollen analysis problem domain have been based on samples from the Australian National University’s pollen reference collection (2,890 grains, 15 species) and images bundled with the Classifynder system (400 grains, 4 species). These samples have been represented using the Classifynder image feature set.We additionally work through a real world case study where we assess the ability of the system to determine the pollen make-up of samples of New Zealand honey. In addition to the Classifynder’s native neural network classifier, we have evaluated linear discriminant, support vector machine, decision tree and random forest classifiers on these data with encouraging results. Our hope is that our findings will help enhance the performance of future releases of the Classifynder and other systems for accelerating the acquisition and analysis of pollen samples.

Exploring the Potential to Educate “Good Citizens” through the Australian Civics and Citizenship Curriculum.

This chapter examines the ways in which notions of ‘a good citizen’ and ‘civic virtue’ have been conceptualized in the new Civics and Citizenship Curriculum for students in Years 3 – 10 in Australia. It argues that whilst Civics and Citizenship Education (CCE) has, over time and in various ways, been recognized as a significant aspect of Australian education, only recently has attention been given to the relational and multidimensional conceptions of citizenship. Considerations of ‘morality’, ‘a good citizen’ and ‘civic virtue’ offer possibilities to engage with multidimensional notions of citizenship, which acknowledge that citizenship perspectives can be affected by personal, social, spatial and temporary situations (Cogan & Derricott, 2000). In the current statement on national goals for schooling in Australia, which informed the development of CCE, the Melbourne Declaration (MCEETYA, 2008) called for young Australians to be educated to “act with moral and ethical integrity” and be “committed to national values of democracy, equity and justice, and participate in Australia’s civic life” (MCEETYA, 2008, pp. 8–9). The chapter claims that this maximal emphasis (McLaughlin, 1992), based on active, values based and interpretive approaches to democratic citizenship which encourage debate and participation in civil society, was evident in the new Civics and Citizenship Curriculum. However, it contends that the recommendations of the recent Review of the Australian Curriculum: Final report (Australian Government, 2014a & b), will now limit CCE’s potential to deliver the sort of active and informed citizenship heralded by the Melbourne Declaration. This is because the Review advocates for a content-focused minimal (McLaughlin, 1992) emphasis on civic knowledge, with diminished attention to citizenship participation and processes. In doing so, the Review foregrounds conceptions of the ‘good citizen’ in more limited terms of responsibility, obligations and compliance with the status quo.

Tekstit viraston työssä : Tutkimus etuuspäätösten kielestä ja konteksteista

Texts in the work of a city department: A study of the language and context of benefit decisions This dissertation examines documents granting or denying the access to municipal services. The data consist of decisions on transport services made by the Social Services Department of the City of Helsinki. The circumstances surrounding official texts and their language and production are studied through textual analysis and interviews. The dissertation describes the textual features of the above decisions, and seeks to explain such features. Also explored are the topics and methods of genre studies, especially the relationship between text and context. Although the approach is linguistic, the dissertation also touches on research in social work and administrative decision making, and contributes to more general discussion on the language and duties of public administration. My key premise is that a text is more than a mere psycholinguistic phenomenon. Rather, a text is also a physical object and the result of certain production processes. This dissertation thus not only describes genre-specific features, but also sheds light on the work that generates the texts examined. Textual analysis and analyses of discursive practices are linked through an analysis of intertextuality: written decisions are compared with other application documents, such as expert statements and the applications themselves. The study shows that decisions are texts governed by strict rules and written with modest resources. Textwork is organised as hierarchical mass production. The officials who write decisions rely on standard phrases extracted from a computer system. This allows them to produce texts of uniform quality which have been approved by the department s legal experts. Using a computer system in text production does not, however, serve all the needs of the writers. This leads to many problems in the texts themselves. Intertextual analysis indicates that medical argumentation weighs most heavily in an application process, although a social appraisal should be carried out when deciding on applications for transport services. The texts reflect a hierarchy in which a physician ranks above the applicant, and the department s own expert physician ranks above the applicant s physician. My analysis also highlights good, but less obvious practices. The social workers and secretaries who write decisions must balance conflicting demands. They use delicate linguistic means to adjust the standard phrases to suit individual cases, and employ subtle strategies of politeness. The dissertation suggests that the customer contact staff who write official texts should be allowed to make better use of their professional competence. A more general concern is that legislation and new management strategies require more and more documentation. Yet, textwork is only rarely taken into account in the allocation of resources. Keywords: (Critical) text analysis, genre analysis, administration, social work, administrative language, texts, genres, context, intertextuality, discursive practices

Microbial indicators related to yield and disease and changes in soil microbial community structure with ginger farm management practices

TRFLP (terminal restriction fragment length polymorphism) was used to assess whether management practices that improved disease suppression and/or yield in a 4-year ginger field trial were related to changes in soil microbial community structure. Bacterial and fungal community profiles were defined by presence and abundance of terminal restriction fragments (TRFs), where each TRF represents one or more species. Results indicated inclusion of an organic amendment and minimum tillage increased the relative diversity of dominant fungal populations in a system dependant way. Inclusion of an organic amendment increased bacterial species richness in the pasture treatment. Redundancy analysis showed shifts in microbial community structure associated with different management practices and treatments grouped according to TRF abundance in relation to yield and disease incidence. ANOVA also indicated the abundance of certain TRFs was significantly affected by farming system management practices, and a number of these TRFs were also correlated with yield or disease suppression. Further analyses are required to determine whether identified TRFs can be used as general or soil-type specific bio-indicators of productivity (increased and decreased) and Pythium myriotylum suppressiveness.

Recommendations from analyzing the state-of-the-art of business process management research

Business Process Management (BPM) as a research field integrates different perspectives from the disciplines computer science, management science and information systems research. Its evolution has by been shaped by the corresponding conferences series, the International Conference on Business Process Management (BPM conference). As much as in other academic discipline, there is an ongoing debate that discusses the identity, the quality and maturity of the BPM field. In this paper, we review and summarize the major findings a larger study that will be published in the Business & Information Systems Engineering journal in 2016. In the study, we investigate the identity and progress of the BPM conference research community through an analysis of the BPM conference proceedings. Based on our findings from this analysis, we formulate recommendations to further develop the conference community in terms of methodological advance, quality, impact and progression.