A secure authentication and key management scheme for Wireless Sensors Network

In recent years, the adaptation of Wireless Sensor Networks (WSNs) to application areas requiring mobility increased the security threats against confidentiality, integrity and privacy of the information as well as against their connectivity. Since, key management plays an important role in securing both information and connectivity, a proper authentication and key management scheme is required in mobility enabled applications where the authentication of a node with the network is a critical issue. In this paper, we present an authentication and key management scheme supporting node mobility in a heterogeneous WSN that consists of several low capabilities sensor nodes and few high capabilities sensor nodes. We analyze our proposed solution by using MATLAB (analytically) and by simulation (OMNET++ simulator) to show that it has less memory requirement and has good network connectivity and resilience against attacks compared to some existing schemes. We also propose two levels of secure authentication methods for the mobile sensor nodes for secure authentication and key establishment.

Secure Wireless Key Establishment Using Retrodirective Array

In this paper a new method of establishing secret keys for wireless communications is proposed. A retrodirective array (RDA) that is configured to receive and re-transmit at different frequencies is utilized as a relay node. Specifically the analogue RDA is able to respond in ‘real-time’, reducing the required number of time slots for key establishment to two, compared with at least three in previous relay key generation schemes. More importantly, in the proposed architecture equivalent reciprocal wireless channels between legitimate keying nodes can be randomly updated within one channel coherence time period, leading to greatly increased key generation rates (KGRs) in slow fading environment. The secrecy performance of this RDA assisted key generation system is evaluated and it is shown that it outperforms previous relay key generation systems.

Secure Multiple Amplify-and-Forward Relaying with Co-Channel Interference

We investigate the impact of co-channel interference on the security performance of multiple amplify-and-forward (AF) relaying networks, where N intermediate AF relays assist the data transmission from the source to the destination. The relays are corrupted by multiple co-channel interferers, and the information transmitted from the relays to destination can be overheard by the eavesdropper. In order to deal with the interference and wiretap, the best out of N relays is selected for security enhancement. To this end, we derive a novel lower bound on the secrecy outage probability (SOP), which is then utilized to present two best relay selection criteria, based on the instantaneous and statistical channel information of the interfering links. For these criteria and the conventional maxmin criterion, we quantify the impact of co-channel interference and relay selection by deriving the lower bound on the SOP. Furthermore, we derive the asymptotic SOP for each criterion, to explicitly reveal the impact of transmit power allocation among interferers on the secrecy performance, which offers valuable insights into practical design. We demonstrate that all selection criteria achieve full secrecy diversity order N, while the proposed in this paper two criteria outperform the conventional max-min scheme. 

Retrodirective Assisted Secure Wireless Key Establishment

In this paper a new type of architecture for secure wireless key establishment is proposed. A retrodirective array (RDA) that is configured to receive and re-transmit at different frequencies is utilized as a relay node. The RDA is able to respond in ‘real-time’, reducing the required number of time slots to two. More importantly, in this architecture equivalent reciprocal wireless channels between legitimate keying nodes can be randomly updated within one channel coherence time period, leading to greatly increased key generation rates (KGRs) in slow fading environment. The secrecy performance of this RDA assisted key generation system is evaluated under several eavesdropping strategies and it is shown that it outperforms previous relay key generation systems.

Personal Data and Encryption in the European General Data Protection Regulation

Encryption of personal data is widely regarded as a privacy preserving technology which could potentially play a key role for the compliance of innovative IT technology within the European data protection law framework. Therefore, in this paper, we examine the new EU General Data Protection Regulation’s relevant provisions regarding encryption – such as those for anonymisation and pseudonymisation – and assess whether encryption can serve as an anonymisation technique, which can lead to the non-applicability of the GDPR. However, the provisions of the GDPR regarding the material scope of the Regulation still leave space for legal uncertainty when determining whether a data subject is identifiable or not. Therefore, we inter alia assess the Opinion of the Advocate General of the European Court of Justice (ECJ) regarding a preliminary ruling on the interpretation of the dispute concerning whether a dynamic IP address can be considered as personal data, which may put an end to the dispute whether an absolute or a relative approach has to be used for the assessment of the identifiability of data subjects. Furthermore, we outline the issue of whether the anonymisation process itself constitutes a further processing of personal data which needs to have a legal basis in the GDPR. Finally, we give an overview of relevant encryption techniques and examine their impact upon the GDPR’s material scope.

Deterministic Genericity and the Computation of homological Invariants

The main goal of this thesis is to discuss the determination of homological invariants of polynomial ideals. Thereby we consider different coordinate systems and analyze their meaning for the computation of certain invariants. In particular, we provide an algorithm that transforms any ideal into strongly stable position if char k = 0. With a slight modification, this algorithm can also be used to achieve a stable or quasi-stable position. If our field has positive characteristic, the Borel-fixed position is the maximum we can obtain with our method. Further, we present some applications of Pommaret bases, where we focus on how to directly read off invariants from this basis. In the second half of this dissertation we take a closer look at another homological invariant, namely the (absolute) reduction number. It is a known fact that one immediately receives the reduction number from the basis of the generic initial ideal. However, we show that it is not possible to formulate an algorithm – based on analyzing only the leading ideal – that transforms an ideal into a position, which allows us to directly receive this invariant from the leading ideal. So in general we can not read off the reduction number of a Pommaret basis. This result motivates a deeper investigation of which properties a coordinate system must possess so that we can determine the reduction number easily, i.e. by analyzing the leading ideal. This approach leads to the introduction of some generalized versions of the mentioned stable positions, such as the weakly D-stable or weakly D-minimal stable position. The latter represents a coordinate system that allows to determine the reduction number without any further computations. Finally, we introduce the notion of β-maximal position, which provides lots of interesting algebraic properties. In particular, this position is in combination with weakly D-stable sufficient for the weakly D-minimal stable position and so possesses a connection to the reduction number.

Secure and Prepared Newsletter, May 2016, Vol. 12, no. 5

A bi-weekly newsletter for those involved in the fields of homeland security and/or emergency management.

Particle Trajectory Computation for Accelerators and Related Technologies

This work reports an alternative method for single non-relativistic charged particle trajectory computation in 2D electrostatic or magnetostatic fields. This task is approached by analytical computation of particle trajectory, by parts, considering the constant fields within each finite element. This method has some advantages over numerical integration ones: numerical miscomputation of trajectories, and stability problems can be avoided. Among the examples presented in this paper, an interesting alternative approach for positive ion extraction from cyclotrons is shown, using strip-foils. Other particle optics devices can benefit of a method such the one proposed in this paper, as beam bending devices, spectrometers, among others. This method can be extended for particle trajectory computation in 3D domains.

Secure and Prepared Newsletter, June/July 2016, Vol. 12, no. 6

A bi-weekly newsletter for those involved in the fields of homeland security and/or emergency management.

Type-Aware Programming Models for Distributed Applications

Thesis (Ph.D.)--University of Washington, 2016-08

Secure Web Service Clients on Mobile Devices

Enterprise apps on mobile devices typically need to communicate with other system components by consuming web services. Since most of the current mobile device platforms (such as Android) do not provide built-in features for consuming SOAP services, extensions have to be designed. Additionally in order to accommodate the typical enhanced security requirements of enterprise apps, it is important to be able to deal with SOAP web service security extensions on client side. In this article we show that neither the built-in SOAP capabilities for Android web service clients are sufficient for enterprise apps nor are the necessary security features supported by the platform as is. After discussing different existing extensions making Android devices SOAP capable we explain why none of them is really satisfactory in an enterprise context. Then we present our own solution which accommodates not only SOAP but also the WS-Security features on top of SOAP. Our solution heavily relies on code generation in order to keep the flexibility benefits of SOAP on one hand while still keeping the development effort manageable for software development. Our approach provides a good foundation for the implementation of other SOAP extensions apart from security on the Android platform as well. In addition our solution based on the gSOAP framework may be used for other mobile platforms in a similar manner.

Dithen: A Computation-as-a-Service Cloud Platform For Large-Scale Multimedia Processing

We present Dithen, a novel computation-as-a-service (CaaS) cloud platform specifically tailored to the parallel ex-ecution of large-scale multimedia tasks. Dithen handles the upload/download of both multimedia data and executable items, the assignment of compute units to multimedia workloads, and the reactive control of the available compute units to minimize the cloud infrastructure cost under deadline-abiding execution. Dithen combines three key properties: (i) the reactive assignment of individual multimedia tasks to available computing units according to availability and predetermined time-to-completion constraints; (ii) optimal resource estimation based on Kalman-filter estimates; (iii) the use of additive increase multiplicative decrease (AIMD) algorithms (famous for being the resource management in the transport control protocol) for the control of the number of units servicing workloads. The deployment of Dithen over Amazon EC2 spot instances is shown to be capable of processing more than 80,000 video transcoding, face detection and image processing tasks (equivalent to the processing of more than 116 GB of compressed data) for less than $1 in billing cost from EC2. Moreover, the proposed AIMD-based control mechanism, in conjunction with the Kalman estimates, is shown to provide for more than 27% reduction in EC2 spot instance cost against methods based on reactive resource estimation. Finally, Dithen is shown to offer a 38% to 500% reduction of the billing cost against the current state-of-the-art in CaaS platforms on Amazon EC2 (Amazon Lambda and Amazon Autoscale). A baseline version of Dithen is currently available at dithen.com.

Role of assessment components and recent adverse outcomes in risk estimation and prediction: use of the Short Term Assessment of Risk and Treatability (START) in an adult secure inpatient mental health service

The Short Term Assessment of Risk and Treatability is a structured judgement tool used to inform risk estimation for multiple adverse outcomes. In research, risk estimates outperform the tool's strength and vulnerability scales for violence prediction. Little is known about what its’component parts contribute to the assignment of risk estimates and how those estimates fare in prediction of non-violent adverse outcomes compared with the structured components. START assessment and outcomes data from a secure mental health service (N=84) was collected. Binomial and multinomial regression analyses determined the contribution of selected elements of the START structured domain and recent adverse risk events to risk estimates and outcomes prediction for violence, self-harm/suicidality, victimisation, and self-neglect. START vulnerabilities and lifetime history of violence, predicted the violence risk estimate; self-harm and victimisation estimates were predicted only by corresponding recent adverse events. Recent adverse events uniquely predicted all corresponding outcomes, with the exception of self-neglect which was predicted by the strength scale. Only for victimisation did the risk estimate outperform prediction based on the START components and recent adverse events. In the absence of recent corresponding risk behaviour, restrictions imposed on the basis of START-informed risk estimates could be unwarranted and may be unethical.

X-Secure: protecting users from big bad wolves

In 2014 over 70% of people in Great Britain accessed the Internet every day. This resource is an optimal vector for malicious attackers to penetrate home computers and as such compromised pages have been increasing in both number and complexity. This paper presents X-Secure, a novel browser plug-in designed to present and raise the awareness of inexperienced users by analysing web-pages before malicious scripts are executed by the host computer. X-Secure was able to detect over 90% of the tested attacks and provides a danger level based on cumulative analysis of the source code, the URL, and the remote server, by using a set of heuristics, hence increasing the situational awareness of users browsing the internet.

Care planning for aggression management in a specialist secure mental health service: user involvement

This paper describes an audit of prevention and management of violence and aggression care plans and incident reporting forms which aimed to: (i) report the compliance rate of completion of care plans; (ii) identify the extent to which patients contribute to and agree with their care plan; (iii) describe de-escalation methods documented in care plans; and (iv) ascertain the extent to which the de-escalation methods described in the care plan are recorded as having been attempted in the event of an incident. Care plans and incident report forms were examined for all patients in men's and women's mental health care pathways who were involved in aggressive incidents between May and October 2012. In total, 539 incidents were examined, involving 147 patients and 121 care plans. There was no care plan in place at the time of 151 incidents giving a compliance rate of 72%. It was documented that 40% of patients had contributed to their care plans. Thematic analysis of de-escalation methods documented in the care plans revealed five de-escalation themes: staff interventions, interactions, space/quiet, activities and patient strategies/skills. A sixth category, coercive strategies, was also documented. Evidence of adherence to de-escalation elements of the care plan was documented in 58% of incidents. The reasons for the low compliance rate and very low documentation of patient involvement need further investigation. The inclusion of coercive strategies within de-escalation documentation suggests that some staff fundamentally misunderstand de-escalation.