Mitigating sandwich attacks against a secure key management scheme in wireless sensor networks for PCS/SCADA

Alzaid et al. proposed a forward & backward secure key management scheme in wireless sensor networks for Process Control Systems (PCSs) or Supervisory Control and Data Acquisition (SCADA) systems. The scheme, however, is still vulnerable to an attack called the sandwich attack that can be launched when the adversary captures two sensor nodes at times t1 and t2, and then reveals all the group keys used between times t1 and t2. In this paper, a fix to the scheme is proposed in order to limit the vulnerable time duration to an arbitrarily chosen time span while keeping the forward and backward secrecy of the scheme untouched. Then, the performance analysis for our proposal, Alzaid et al.’s scheme, and Nilsson et al.’s scheme is given.

On ensuring continuity of mobile communications in a disaster environment

Natural disasters and deliberate, willful damage to telecommunication infrastructure can result in a loss of critical voice and data services. This loss of service hinders the ability for efficient emergency response and can cause delays leading to loss of life. Current mobile devices are generally tied to one network operator. When a disaster is of significant impact, that network operator cannot be relied upon to provide service and coverage levels that would normally exist. While some operators have agreements with other operators to share resources (such as network roaming) these agreements are contractual in nature and cannot be activated quickly in an emergency. This paper introduces Fourth Generation (4G) wireless networks. 4G networks are highly mobile and heterogeneous, which makes 4G networks highly resilient in times of disaster.

Protecting the protectors : legal liabilities from the use of Web 2.0 for Australian disaster response

The traditional model for information dissemination in disaster response is unidirectional from official channels to the public. However recent crises in the US, such as Hurricane Katrina and the Californian Bushfires show that civilians are now turning to Web 2.0 technologies as a means of sharing disaster related information. These technologies present enormous potential benefits to disaster response authorities that cannot be overlooked. In Australia, the Victorian Bushfires Royal Commission has recently recommended that Australian disaster response authorities utilize information technologies to improve the dissemination of disaster related, bushfire information. However, whilst the use of these technologies has many positive attributes, potential legal liabilities for disaster response authorities arise. This paper identifies some potential legal liabilities arising from the use of Web 2.0 technologies in disaster response situations thereby enhancing crisis related information sharing by highlighting legal concerns that need to be addressed.

Widening the gap between measurement and modelling of secondary organic aerosol properties?

The link between measured sub-saturated hygroscopicity and cloud activation potential of secondary organic aerosol particles produced by the chamber photo-oxidation of α-pinene in the presence or absence of ammonium sulphate seed aerosol was investigated using two models of varying complexity. A simple single hygroscopicity parameter model and a more complex model (incorporating surface effects) were used to assess the detail required to predict the cloud condensation nucleus (CCN) activity from the subsaturated water uptake. Sub-saturated water uptake measured by three hygroscopicity tandem differential mobility analyser (HTDMA) instruments was used to determine the water activity for use in the models. The predicted CCN activity was compared to the measured CCN activation potential using a continuous flow CCN counter. Reconciliation using the more complex model formulation with measured cloud activation could be achieved widely different assumed surface tension behavior of the growing droplet; this was entirely determined by the instrument used as the source of water activity data. This unreliable derivation of the water activity as a function of solute concentration from sub-saturated hygroscopicity data indicates a limitation in the use of such data in predicting cloud condensation nucleus behavior of particles with a significant organic fraction. Similarly, the ability of the simpler single parameter model to predict cloud activation behaviour was dependent on the instrument used to measure sub-saturated hygroscopicity and the relative humidity used to provide the model input. However, agreement was observed for inorganic salt solution particles, which were measured by all instruments in agreement with theory. The difference in HTDMA data from validated and extensively used instruments means that it cannot be stated with certainty the detail required to predict the CCN activity from sub-saturated hygroscopicity. In order to narrow the gap between measurements of hygroscopic growth and CCN activity the processes involved must be understood and the instrumentation extensively quality assured. It is impossible to say from the results presented here due to the differences in HTDMA data whether: i) Surface tension suppression occurs ii) Bulk to surface partitioning is important iii) The water activity coefficient changes significantly as a function of the solute concentration.

Smart Grid Test Bed Design and Implementation

Given there is currently a migration trend from traditional electrical supervisory control and data acquisition (SCADA) systems towards a smart grid based approach to critical infrastructure management. This project provides an evaluation of existing and proposed implementations for both traditional electrical SCADA and smart grid based architectures, and proposals a set of reference requirements which test bed implementations should implement. A high-level design for smart grid test beds is proposed and initial implementation performed, based on the proposed design, using open source and freely available software tools. The project examines the move towards smart grid based critical infrastructure management and illustrates the increased security requirements. The implemented test bed provides a basic framework for testing network requirements in a smart grid environment, as well as a platform for further research and development. Particularly to develop, implement and test network security related disturbances such as intrusion detection and network forensics. The project undertaken proposes and develops an architecture of the emulation of some smart grid functionality. The Common Open Research Emulator (CORE) platform was used to emulate the communication network of the smart grid. Specifically CORE was used to virtualise and emulate the TCP/IP networking stack. This is intended to be used for further evaluation and analysis, for example the analysis of application protocol messages, etc. As a proof of concept, software libraries were designed, developed and documented to enable and support the design and development of further smart grid emulated components, such as reclosers, switches, smart meters, etc. As part of the testing and evaluation a Modbus based smart meter emulator was developed to provide basic functionality of a smart meter. Further code was developed to send Modbus request messages to the emulated smart meter and receive Modbus responses from it. Although the functionality of the emulated components were limited, it does provide a starting point for further research and development. The design is extensible to enable the design and implementation of additional SCADA protocols. The project also defines an evaluation criteria for the evaluation of the implemented test bed, and experiments are designed to evaluate the test bed according to the defined criteria. The results of the experiments are collated and presented, and conclusions drawn from the results to facilitate discussion on the test bed implementation. The discussion undertaken also present possible future work.

Analysis of Object-Specific Authorization Protocol (OSAP) using coloured petri nets - Version 1.0

Analyzing security protocols is an ongoing research in the last years. Different types of tools are developed to make the analysis process more precise, fast and easy. These tools consider security protocols as black boxes that can not easily be composed. It is difficult or impossible to do a low-level analysis or combine different tools with each other using these tools. This research uses Coloured Petri Nets (CPN) to analyze OSAP trusted computing protocol. The OSAP protocol is modeled in different levels and it is analyzed using state space method. The produced model can be combined with other trusted computing protocols in future works.

Gap analysis of intrusion detection in smart grids

Given the recent emergence of the smart grid and smart grid related technologies, their security is a prime concern. Intrusion detection provides a second line of defense. However, conventional intrusion detection systems (IDSs) are unable to adequately address the unique requirements of the smart grid. This paper presents a gap analysis of contemporary IDSs from a smart grid perspective. This paper highlights the lack of adequate intrusion detection within the smart grid and discusses the limitations of current IDSs approaches. The gap analysis identifies current IDSs as being unsuited to smart grid application without significant changes to address smart grid specific requirements.

Barriers to information technology governance adoption : a preliminary empirical investigation

The adoption of IT Governance (ITG) continues to be an important topic for research. Many researchers have focused their attention on how these practices are currently being implemented in the many diverse areas and industries. Literature shows that a majority of these studies have only been based on industries and organizations in developed countries. There exist very few researches that look specifically within the context of a developing country. Furthermore, there seems to be a lack of research on identifying the barriers or inhibitors to IT Governance adoption within the context of an emerging yet still developing Asian country. This research sets out to justify, substantiate and improve on a priori model developed to study the barriers to the adoption of ITG practice using qualitative data obtained through a series of semi-structured interviews conducted on organizations in Malaysia.

Inquiry teaching in primary science : a phenomenographic study

In spite of having a long history in education, inquiry teaching (the teaching in ways that foster inquiry based learning in students) in science education is still a highly problematic issue. However, before teacher educators can hope to effectively influence teacher implementation of inquiry teaching in the science classroom, educators need to understand teachers’ current conceptions of inquiry teaching. This study describes the qualitatively different ways in which 20 primary school teachers experienced inquiry teaching in science education. A phenomenographic approach was adopted and data sourced from interviews of these teachers. The three categories of experiences that emerged from this study were; Student Centred Experiences (Category 1), Teacher Generated Problems (Category 2), and Student Generated Questions (Category 3). In Category 1 teachers structure their teaching around students sensory experiences, expecting that students will see, hear, feel and do interesting things that will focus their attention, have them asking science questions, and improve their engagement in learning. In Category 2 teachers structure their teaching around a given problem they have designed and that the students are required to solve. In Category 3 teachers structure their teaching around helping students to ask and answer their own questions about phenomena. These categories describe a hierarchy with the Student Generated Questions Category as the most inclusive. These categories were contrasted with contemporary educational theory, and it was found that when given the chance to voice their own conceptions without such comparison teachers speak of inquiry teaching in only one of the three categories mentioned. These results also help inform our theoretical understanding of teacher conceptions of inquiry teaching. Knowing what teachers actually experience as inquiry teaching, as opposed to understand theoretically, is a valuable contribution to the literature. This knowledge provides a valuable contribution to educational theory, which helps policy, curriculum development, and the practicing primary school teachers to more fully understand and implement the best educative practices in their daily work. Having teachers experience the qualitatively different ways of experiencing inquiry teaching uncovered in this study is expected to help teachers to move towards a more student-centred, authentic inquiry outcome for their students and themselves. Going beyond this to challenge teacher epistemological beliefs regarding the source of knowledge may also assist them in developing more informed notions of the nature of science and of scientific inquiry during professional development opportunities. The development of scientific literacy in students, a high priority for governments worldwide, will only to benefit from these initiatives.

Privacy compliance verification in cryptographic protocols

To provide privacy protection, cryptographic primitives are frequently applied to communication protocols in an open environment (e.g. the Internet). We call these protocols privacy enhancing protocols (PEPs) which constitute a class of cryptographic protocols. Proof of the security properties, in terms of the privacy compliance, of PEPs is desirable before they can be deployed. However, the traditional provable security approach, though well-established for proving the security of cryptographic primitives, is not applicable to PEPs. We apply the formal language of Coloured Petri Nets (CPNs) to construct an executable specification of a representative PEP, namely the Private Information Escrow Bound to Multiple Conditions Protocol (PIEMCP). Formal semantics of the CPN specification allow us to reason about various privacy properties of PIEMCP using state space analysis techniques. This investigation provides insights into the modelling and analysis of PEPs in general, and demonstrates the benefit of applying a CPN-based formal approach to the privacy compliance verification of PEPs.