Combinatorial design of key distribution mechanisms for wireless sensor networks

Key distribution is one of the most challenging security issues in wireless sensor networks where sensor nodes are randomly scattered over a hostile territory. In such a sensor deployment scenario, there will be no prior knowledge of post deployment configuration. For security solutions requiring pairwise keys, it is impossible to decide how to distribute key pairs to sensor nodes before the deployment. Existing approaches to this problem are to assign more than one key, namely a key-chain, to each node. Key-chains are randomly drawn from a key-pool. Either two neighboring nodes have a key in common in their key-chains, or there is a path, called key-path, among these two nodes where each pair of neighboring nodes on this path has a key in common. Problem in such a solution is to decide on the key-chain size and key-pool size so that every pair of nodes can establish a session key directly or through a path with high probability. The size of the key-path is the key factor for the efficiency of the design. This paper presents novel, deterministic and hybrid approaches based on Combinatorial Design for key distribution. In particular, several block design techniques are considered for generating the key-chains and the key-pools.

A viable and sustainable key management approach for a national e-health environment

To protect the health information security, cryptography plays an important role to establish confidentiality, authentication, integrity and non-repudiation. Keys used for encryption/decryption and digital signing must be managed in a safe, secure, effective and efficient fashion. The certificate-based Public Key Infrastructure (PKI) scheme may seem to be a common way to support information security; however, so far, there is still a lack of successful large-scale certificate-based PKI deployment in the world. In addressing the limitations of the certificate-based PKI scheme, this paper proposes a non-certificate-based key management scheme for a national e-health implementation. The proposed scheme eliminates certificate management and complex certificate validation procedures while still maintaining security. It is also believed that this study will create a new dimension to the provision of security for the protection of health information in a national e-health environment.

On the reliability of classifying programming tasks using a Neo-Piagetian theory of cognitive development

Recent research has proposed Neo-Piagetian theory as a useful way of describing the cognitive development of novice programmers. Neo-Piagetian theory may also be a useful way to classify materials used in learning and assessment. If Neo-Piagetian coding of learning resources is to be useful then it is important that practitioners can learn it and apply it reliably. We describe the design of an interactive web-based tutorial for Neo-Piagetian categorization of assessment tasks. We also report an evaluation of the tutorial's effectiveness, in which twenty computer science educators participated. The average classification accuracy of the participants on each of the three Neo-Piagetian stages were 85%, 71% and 78%. Participants also rated their agreement with the expert classifications, and indicated high agreement (91%, 83% and 91% across the three Neo-Piagetian stages). Self-rated confidence in applying Neo-Piagetian theory to classifying programming questions before and after the tutorial were 29% and 75% respectively. Our key contribution is the demonstration of the feasibility of the Neo-Piagetian approach to classifying assessment materials, by demonstrating that it is learnable and can be applied reliably by a group of educators. Our tutorial is freely available as a community resource.

Expander graph based key distribution mechanisms in wireless sensor networks

Secure communications between large number of sensor nodes that are randomly scattered over a hostile territory, necessitate efficient key distribution schemes. However, due to limited resources at sensor nodes such schemes cannot be based on post deployment computations. Instead, pairwise (symmetric) keys are required to be pre-distributed by assigning a list of keys, (a.k.a. key-chain), to each sensor node. If a pair of nodes does not have a common key after deployment then they must find a key-path with secured links. The objective is to minimize the keychain size while (i) maximizing pairwise key sharing probability and resilience, and (ii) minimizing average key-path length. This paper presents a deterministic key distribution scheme based on Expander Graphs. It shows how to map the parameters (e.g., degree, expansion, and diameter) of a Ramanujan Expander Graph to the desired properties of a key distribution scheme for a physical network topology.

Towards a secure human-and-computer mutual authentication protocol

We blend research from human-computer interface (HCI) design with computational based crypto- graphic provable security. We explore the notion of practice-oriented provable security (POPS), moving the focus to a higher level of abstraction (POPS+) for use in providing provable security for security ceremonies involving humans. In doing so we high- light some challenges and paradigm shifts required to achieve meaningful provable security for a protocol which includes a human. We move the focus of security ceremonies from being protocols in their context of use, to the protocols being cryptographic building blocks in a higher level protocol (the security cere- mony), which POPS can be applied to. In order to illustrate the need for our approach, we analyse both a protocol proven secure in theory, and a similar proto- col implemented by a �nancial institution, from both HCI and cryptographic perspectives.

Sustainable, safe, smart—three key elements of Singapore’s evolving transport policies

Sustainability, safety and smartness are three key elements of a modern transportation system. This study illustrates various policy directions and initiatives of Singapore to address how its transportation system is progressing in light of these three components. Sustainability targets economical efficiency, environmental justice and social equity by including policies for integrating land use and transport planning, ensuring adequate transport supply measures, managing travel demand efficiently, and incorporating environment-friendly strategies. Safety initiatives of its transportation system aim to minimize injuries and incidents of all users including motorists, public transport commuters, pedestrians, and bicyclists. Smartness incorporates qualities like real time sensing, fast processing and decision making, and automated action-taking into its control, monitoring, information management and revenue collection systems. Various policy implications and technology applications along these three directions reveal that smart technologies facilitate implementation of policies promoting sustainability and safety. The Singapore experience could serve as a good reference for other cities in promoting a transportation system that is sustainable, safe and smart.

Identifying key enablers to improve business performance in Taiwanese electronic manufacturing companies

Purpose – Integrated supplier management (ISM), new product development (NPD) and knowledge sharing (KS) practices are three primary business activities utilised to enhance manufacturers' business performance (BP). The purpose of this paper is to empirically investigate the relationships between these three business activities (i.e. ISM, NPD, KS) and BP in a Taiwanese electronics manufacturing context. Design/methodology/approach – A questionnaire survey is first administered to a sample of electronic manufacturing companies operating in Taiwan to elicit the opinions of technical and managerial professionals regarding business activities and BP within their companies. A total of 170 respondents from 83 companies respond to the survey. Factor, correlation and path analysis are undertaken on this quantitative data set to derive the key factors which leverage business outcomes in these companies. Following empirical analysis, six semi-structured interviews are undertaken with manufacturing executives to provide qualitative insights into the underlying reasons why certain business activity factors are the strongest predictors of BP. Findings – The investigation shows that the ISM, NPD and KS constructs all play an important role in the success of company operations and creating business outcomes. Specifically, the key factors within these constructs which influenced BP are: supplier evaluation and selection; design simplification and modular design; information technology infrastructure and systems and open communication. Accordingly, sufficient financial and human resources should be allocated to these important activities to derive accelerated rates of improved BP. These findings are supported by the qualitative interviews with manufacturing executives. Originality/value – The paper depicts the pathways to improved manufacturing BP, through targeting efforts into the above-mentioned factors within the ISM, NPD and KS constructs. Based on the empirical path model, and the specific insights derived from the explanatory interviews with manufacturing executives, the paper also provides a number of practical implications for manufacturing companies seeking to enhance their BP through improved operational activities.

Interventions for preventing abuse in the elderly (protocol)

This is the protocol for a review and there is no abstract. The objectives are as follows:The primary objective of the review is to assess the effectiveness of primary, secondary and tertiary intervention programmes utilised to reduce or prevent, or both, elderly abuse in organisational, institutional and community settings. We will also identify and report on adverse consequences or effects of the intervention/s in the review.The secondary objective is to investigate whether intervention?s effects are modified by types of abuse, types of participants, setting of intervention or cognitive status of the elderly.

Community interventions for physical activity : the role of a new Cochrane systematic review

Introduction: Systematic reviews are essential in summarising the results of a range of research studies on a specific topic into a single report. They serve as a key source of evidence-based information to support and develop policy and practice for healthy communities. This presentation will examine a new review of community-wide strategies to increase population levels of physical activity and compare it to an earlier Community Guide Review (CGR) of Community-wide campaigns to increase physical activity which recommended community wide interventions. Methods: We registered a Cochrane Systematic Review (CSR) title, published a protocol and recently completed the review of Community-wide interventions to increase physical activity. We compared the definitions, design and findings of the CSR to the CGR. Results: The two reviews differed remarkably in their conclusions with the CGR recommending “strong evidence exists that community-wide campaigns are effective in increasing levels of physical activity”, and the new CSR stating “The body of evidence in this review does not support the hypothesis that multi-component community wide interventions effectively increase population levels of physical activity”. We observed that both reviews examined multi-component interventions as a “combined package”. Possible explanations for the different conclusions may be due to the definition of community (CSR defined community as “comprising those persons residing in a geographically defined community, such as a village, town, or city”, excluding interventions which were whole of state or country, and CGR as “a group of individuals who share one or more characteristics. The CSR utilised a logic model at various stages of the review process and explicitly defined a combination of strategies encompassed within the intervention. The CSR included 25 and CGR 10 studies, respectively. Six of the 10 studies that were included in CGR were excluded from the CSR due to issues relating to study design, intervention definition or duration. The two reviews also differ in function as the CSR seeks to summarise global evidence and included 7 studies in low-income countries, where as the CGR contained only studies deemed relevant to the USA context. Discussion: Differences in the findings between older and newer reviews can be due to a variety of factors. For example, in updating a review the definition of an intervention can be changed. Further, differences may also be due to improvements in the standards and methodologies for systematic reviews as well as the inclusion of newer studies. These factors need to be understood whenever differences between newer and older reviews are considered.

Family-based programmes for preventing smoking by children and adolescents (Protocol)

This is the protocol for a review and there is no abstract. The objectives are as follows: To assess the effectiveness of interventions to help family members strengthen non-smoking attitudes and promote non-smoking by children and other family members by identifying and assessing RCT's that provide training, skills and support to family members to prevent smoking initiation. Hypothesis: This is an exploratory review, and only one hypothesis based on the literature review will be tested: "Interventions to help family members strengthen non-smoking attitudes and promote non-smoking by children and other family members are more effective in preventing children starting smoking than no intervention."

Multi-device key management using visual side channels in pervasive computing environments

In the modern connected world, pervasive computing has become reality. Thanks to the ubiquity of mobile computing devices and emerging cloud-based services, the users permanently stay connected to their data. This introduces a slew of new security challenges, including the problem of multi-device key management and single-sign-on architectures. One solution to this problem is the utilization of secure side-channels for authentication, including the visual channel as vicinity proof. However, existing approaches often assume confidentiality of the visual channel, or provide only insufficient means of mitigating a man-in-the-middle attack. In this work, we introduce QR-Auth, a two-step, 2D barcode based authentication scheme for mobile devices which aims specifically at key management and key sharing across devices in a pervasive environment. It requires minimal user interaction and therefore provides better usability than most existing schemes, without compromising its security. We show how our approach fits in existing authorization delegation and one-time-password generation schemes, and that it is resilient to man-in-the-middle attacks.

Empirical study to identify the key business activities contributing to manufacturing business performance

Purpose: Within the context of high global competitiveness, knowledge management (KM) has proven to be one of the major factors contributing to enhanced business outcomes. Furthermore, knowledge sharing (KS) is one of the most critical of all KM activities. From a manufacturing industry perspective, supply chain management (SCM) and product development process (PDP) activities, require a high proportion of company resources such as budget and manpower. Therefore, manufacturing companies are striving to strengthen SCM, PDP and KS activities in order to accelerate rates of manufacturing process improvement, ultimately resulting in higher levels of business performance (BP). A theoretical framework along with a number of hypotheses are proposed and empirically tested through correlation, factor and path analyses. Design/methodology/approach: A questionnaire survey was administered to a sample of electronic manufacturing companies operating in Taiwan to facilitate testing the proposed relationships. More than 170 respondents from 83 organisations responded to the survey. The study identified top management commitment and employee empowerment, supplier evaluation and selection, and design simplification and modular design as the key business activities that are strongly associated with the business performance. Findings: The empirical study supports that key manufacturing business activities (i.e., SCM, PDP, and KS) are positively associated with BP. The findings also evealed that some specific business activities such as SCMF1,PDPF2, and KSF1 have the strongest influencing power on particular business outcomes (i.e., BPF1 and BPF2) within the context of electronic manufacturing companies operating in Taiwan. Practical implications: The finding regarding the relationship between SCM and BP identified the essential role of supplier evaluation and selection in improving business competitiveness and long term performance. The process of forming knowledge in companies, such as creation, storage/retrieval, and transfer do not necessarily lead to enhanced business performance; only through effectively applying knowledge to the right person at the right time does. Originality/value: Based on this finding it is recommended that companies should involve suppliers in partnerships to continuously improve operations and enhance product design efforts, which would ultimately enhance business performance. Business performance depends more on an employee’s ability to turn knowledge into effective action.

Key distribution mechanisms for wireless sensor networks : a survey

Advances in technology introduce new application areas for sensor networks. Foreseeable wide deployment of mission critical sensor networks creates concerns on security issues. Security of large scale densely deployed and infrastructure less wireless networks of resource limited sensor nodes requires efficient key distribution and management mechanisms. We consider distributed and hierarchical wireless sensor networks where unicast, multicast and broadcast type of communications can take place. We evaluate deterministic, probabilistic and hybrid type of key pre-distribution and dynamic key generation algorithms for distributing pair-wise, group-wise and network-wise keys.

Combinatorial design of key distribution mechanisms for wireless sensor networks

Key distribution is one of the most challenging security issues in wireless sensor networks where sensor nodes are randomly scattered over a hostile territory. In such a sensor deployment scenario, there will be no prior knowledge of post deployment configuration. For security solutions requiring pair wise keys, it is impossible to decide how to distribute key pairs to sensor nodes before the deployment. Existing approaches to this problem are to assign more than one key, namely a key-chain, to each node. Key-chains are randomly drawn from a key-pool. Either two neighbouring nodes have a key in common in their key-chains, or there is a path, called key-path, among these two nodes where each pair of neighbouring nodes on this path has a key in common. Problem in such a solution is to decide on the key-chain size and key-pool size so that every pair of nodes can establish a session key directly or through a path with high probability. The size of the key-path is the key factor for the efficiency of the design. This paper presents novel, deterministic and hybrid approaches based on Combinatorial Design for key distribution. In particular, several block design techniques are considered for generating the key-chains and the key-pools. Comparison to probabilistic schemes shows that our combinatorial approach produces better connectivity with smaller key-chain sizes.

Kerberos based security system for session initiation protocol

Session Initiation Protocol (SIP) is developed to provide advanced voice services over IP networks. SIP unites telephony and data world, permitting telephone calls to be transmitted over Intranets and Internet. Increase in network performance and new mechanisms for guaranteed quality of service encourage this consolidation to provide toll cost savings. Security comes up as one of the most important issues when voice communication and critical voice applications are considered. Not only the security methods provided by traditional telephony systems, but also additional methods are required to overcome security risks introduced by the public IP networks. SIP considers security problems of such a consolidation and provides a security framework. There are several security methods defined within SIP specifications and extensions. But, suggested methods can not solve all the security problems of SIP systems with various system requirements. In this thesis, a Kerberos based solution is proposed for SIP security problems, including SIP authentication and privacy. The proposed solution tries to establish flexible and scalable SIP system that will provide desired level of security for voice communications and critical telephony applications.